directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject directory-kerby git commit: Updating test to add certpath validation
Date Thu, 07 Jul 2016 09:30:16 GMT
Repository: directory-kerby
Updated Branches:
  refs/heads/trunk ff14ab72d -> d4683daac


Updating test to add certpath validation


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/d4683daa
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/d4683daa
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/d4683daa

Branch: refs/heads/trunk
Commit: d4683daac25bca5dc676f10a68a83a99d50e2fc9
Parents: ff14ab7
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Thu Jul 7 10:29:38 2016 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Thu Jul 7 10:29:38 2016 +0100

----------------------------------------------------------------------
 .../apache/kerby/kerberos/kerb/CryptoTest.java  | 35 ++++++++++++++++++--
 .../src/test/resources/cacerttest.pem           | 23 +++++++++++++
 2 files changed, 55 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d4683daa/kerby-kerb/kerb-common/src/test/java/org/apache/kerby/kerberos/kerb/CryptoTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/src/test/java/org/apache/kerby/kerberos/kerb/CryptoTest.java
b/kerby-kerb/kerb-common/src/test/java/org/apache/kerby/kerberos/kerb/CryptoTest.java
index 715e67d..9571b42 100644
--- a/kerby-kerb/kerb-common/src/test/java/org/apache/kerby/kerberos/kerb/CryptoTest.java
+++ b/kerby-kerb/kerb-common/src/test/java/org/apache/kerby/kerberos/kerb/CryptoTest.java
@@ -19,9 +19,15 @@
  */
 package org.apache.kerby.kerberos.kerb;
 
-import java.io.IOException;
+import java.security.cert.CertPath;
+import java.security.cert.CertPathValidator;
 import java.security.cert.Certificate;
-import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.PKIXParameters;
+import java.security.cert.TrustAnchor;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Collections;
 import java.util.List;
 
 import org.apache.kerby.kerberos.kerb.preauth.pkinit.CertificateHelper;
@@ -32,7 +38,7 @@ public class CryptoTest {
 
     @Test
     @org.junit.Ignore
-    public void testCertificateLoading() throws IOException, KrbException, CertificateEncodingException
{
+    public void testCertificateLoading() throws Exception {
         // Load cert
         List<Certificate> certs = CertificateHelper.loadCerts("kdccerttest.pem");
         Assert.assertEquals(1, certs.size());
@@ -48,5 +54,28 @@ public class CryptoTest {
         
         // Test for equality
         Assert.assertArrayEquals(certBytes, encodedBytes);
+        
+        // Convert back into an X.509 Certificate
+        List<Certificate> certs2 = CertificateHelper.loadCerts(new java.io.ByteArrayInputStream(certBytes));
+        Assert.assertEquals(1, certs2.size());
+        
+        // Now validate the certificate chain
+        
+        List<X509Certificate> certsPathList = new ArrayList<>(2);
+        certsPathList.add((X509Certificate)certs2.get(0));
+        List<Certificate> cacerts = CertificateHelper.loadCerts("cacerttest.pem");
+        certsPathList.add((X509Certificate)cacerts.get(0));
+        
+        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
+        CertPath certPath = certificateFactory.generateCertPath(certsPathList);
+        
+        CertPathValidator cpv = CertPathValidator.getInstance("PKIX");
+
+        TrustAnchor trustAnchor = new TrustAnchor((X509Certificate)cacerts.get(0), null);
+
+        PKIXParameters parameters = new PKIXParameters(Collections.singleton(trustAnchor));
+        parameters.setRevocationEnabled(false);
+
+        cpv.validate(certPath, parameters);
     }
 }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d4683daa/kerby-kerb/kerb-common/src/test/resources/cacerttest.pem
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/src/test/resources/cacerttest.pem b/kerby-kerb/kerb-common/src/test/resources/cacerttest.pem
new file mode 100644
index 0000000..bc9051e
--- /dev/null
+++ b/kerby-kerb/kerb-common/src/test/resources/cacerttest.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDyzCCArOgAwIBAgIJAJ9WHdl87hv5MA0GCSqGSIb3DQEBBQUAMHwxCzAJBgNV
+BAYTAkNOMQswCQYDVQQIDAJTSDELMAkGA1UEBwwCU0gxDjAMBgNVBAoMBUlOVEVM
+MQ4wDAYDVQQLDAVJTlRFTDEPMA0GA1UEAwwGSklBSklBMSIwIAYJKoZIhvcNAQkB
+FhNKSUFKSUEuTElASU5URUwuQ09NMB4XDTE1MDkxNTAyMTczNloXDTI1MDkxMjAy
+MTczNlowfDELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAlNIMQswCQYDVQQHDAJTSDEO
+MAwGA1UECgwFSU5URUwxDjAMBgNVBAsMBUlOVEVMMQ8wDQYDVQQDDAZKSUFKSUEx
+IjAgBgkqhkiG9w0BCQEWE0pJQUpJQS5MSUBJTlRFTC5DT00wggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQC1OxDz9GMHNrlMYVz+sggRuhhMUy8SfoJfCUMI
+nmiQLybMAjr1DxuKxTsYYtuIJgUdupdKByGb5rbfJ48qqNKa/3jMGsv3w30Q4hll
+eGnDFPTyzXAjLAYDzeNGUiuJ8HViZQ2BBC0wwiBhIZHyPB7zmZ+iLb8tSyGxGDc9
+IWV88WEie42cXy4FMyXqTAAc83SWe/MqUjNy75IZZ20osCj2uMY/TALBdnY43+wV
+98CO89vhlN4nb5yIpgCG7i61NvwnKJIk5O0VNx7/pUWpoaWWHtoFyXmtUgVO9PcV
+6FTmpNHavlcCS3aC2PUGgx0pAYocgMZsJ0u5zr5GOprMzXD7AgMBAAGjUDBOMB0G
+A1UdDgQWBBRCPVYKRg2XoIq60AQ2+KTUJmHXsDAfBgNVHSMEGDAWgBRCPVYKRg2X
+oIq60AQ2+KTUJmHXsDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQCk
+k0x3/3f77r7UltXKjgBNcY8GwChOVRKQPDuidXSkKg1ifGTyhUk7CB7xHmcT0TsO
+tcCk3p8E0antUmLVUfV4lu60KPH0KddqXzKq1kqvULNPLEWirWAbFw9h6gyymHJg
+N2Gx2oUBThDGL4yJGNqhrVg29HpP3gREahFyrrV4DXAhtzpS78fxSSrTA65OpbMI
+/cvim7iMZnBo6bEQHnejWDNeqTC0R+pQvOiB1ahqbL32w70hr1kr1xdSZgMcCZc6
+z97S9POkDxYReuiflA+MezEq0gf/EMvuTC358ckQzE53iVdmdIigyiEodBTqZ4rF
+t2LR/VCE4aO+A3KKE/OT
+-----END CERTIFICATE-----


Mime
View raw message