Java 类java.security.cert.CertificateRevokedException 实例源码

项目:nomulus    文件:X509Utils.java   
/**
 * Check that {@code cert} is signed by the {@code ca} and not revoked.
 *
 * <p>Support for certificate chains has not been implemented.
 *
 * @throws GeneralSecurityException for unsupported protocols, certs not signed by the TMCH,
 *         parsing errors, encoding errors, if the CRL is expired, or if the CRL is older than the
 *         one currently in memory.
 */
public static void verifyCertificate(
    X509Certificate rootCert, X509CRL crl, @Tainted X509Certificate cert, Date now)
        throws GeneralSecurityException {
  cert.checkValidity(checkNotNull(now, "now"));
  cert.verify(rootCert.getPublicKey());
  if (crl.isRevoked(cert)) {
    X509CRLEntry entry = crl.getRevokedCertificate(cert);
    throw new CertificateRevokedException(
        checkNotNull(entry.getRevocationDate(), "revocationDate"),
        checkNotNull(entry.getRevocationReason(), "revocationReason"),
        firstNonNull(entry.getCertificateIssuer(), crl.getIssuerX500Principal()),
        ImmutableMap.of());
  }
}
项目:nomulus    文件:TmchCertificateAuthorityTest.java   
@Test
public void testFailure_verifyRevoked() throws Exception {
  TmchCertificateAuthority tmchCertificateAuthority = new TmchCertificateAuthority(PILOT);
  CertificateRevokedException thrown =
      expectThrows(
          CertificateRevokedException.class,
          () -> tmchCertificateAuthority.verify(loadCertificate(REVOKED_TEST_CERTIFICATE)));
  assertThat(thrown).hasMessageThat().contains("revoked, reason: KEY_COMPROMISE");
}
项目:nomulus    文件:TmchXmlSignatureTest.java   
@Test
public void testRevokedTmvTmvrevokedCourtAgentFrenchActive() throws Exception {
  smdData = loadSmd("revoked/tmv/TMVRevoked-Court-Agent-French-Active.smd");
  CertificateRevokedException e =
      expectThrows(CertificateRevokedException.class, () -> tmchXmlSignature.verify(smdData));
  assertThat(e).hasMessageThat().contains("KEY_COMPROMISE");
}
项目:nomulus    文件:TmchXmlSignatureTest.java   
@Test
public void testRevokedTmvTmvrevokedTrademarkAgentEnglishActive() throws Exception {
  smdData = loadSmd("revoked/tmv/TMVRevoked-Trademark-Agent-English-Active.smd");
  CertificateRevokedException e =
      expectThrows(CertificateRevokedException.class, () -> tmchXmlSignature.verify(smdData));
  assertThat(e).hasMessageThat().contains("KEY_COMPROMISE");
}
项目:nomulus    文件:TmchXmlSignatureTest.java   
@Test
public void testRevokedTmvTmvrevokedTrademarkAgentRussianActive() throws Exception {
  smdData = loadSmd("revoked/tmv/TMVRevoked-Trademark-Agent-Russian-Active.smd");
  CertificateRevokedException e =
      expectThrows(CertificateRevokedException.class, () -> tmchXmlSignature.verify(smdData));
  assertThat(e).hasMessageThat().contains("KEY_COMPROMISE");
}
项目:nomulus    文件:TmchXmlSignatureTest.java   
@Test
public void testRevokedTmvTmvrevokedTreatystatuteAgentChineseActive() throws Exception {
  smdData = loadSmd("revoked/tmv/TMVRevoked-TreatyStatute-Agent-Chinese-Active.smd");
  CertificateRevokedException e =
      expectThrows(CertificateRevokedException.class, () -> tmchXmlSignature.verify(smdData));
  assertThat(e).hasMessageThat().contains("KEY_COMPROMISE");
}
项目:nomulus    文件:TmchXmlSignatureTest.java   
@Test
public void testRevokedTmvTmvrevokedTreatystatuteAgentEnglishActive() throws Throwable {
  smdData = loadSmd("revoked/tmv/TMVRevoked-TreatyStatute-Agent-English-Active.smd");
  CertificateRevokedException e =
      expectThrows(CertificateRevokedException.class, () -> tmchXmlSignature.verify(smdData));
  assertThat(e).hasMessageThat().contains("KEY_COMPROMISE");
}
项目:search-guard-ssl    文件:CertificateValidatorTest.java   
@Test
public void testStaticCRL() throws Exception {

    File staticCrl = getAbsoluteFilePathFromClassPath("crl/revoked.crl");
    Collection<? extends CRL> crls = null;
    try(FileInputStream crlin = new FileInputStream(staticCrl)) {
        crls = CertificateFactory.getInstance("X.509").generateCRLs(crlin);
    }

    Assert.assertEquals(crls.size(), 1);

    //trust chain incl intermediate certificates (root + intermediates)
    Collection<? extends Certificate> rootCas;
    final File trustedCas = getAbsoluteFilePathFromClassPath("chain-ca.pem");
    try(FileInputStream trin = new FileInputStream(trustedCas)) {
        rootCas =  (Collection<? extends Certificate>) CertificateFactory.getInstance("X.509").generateCertificates(trin);
    }

    Assert.assertEquals(rootCas.size(), 2);

    //certificate chain to validate (client cert + intermediates but without root)
    Collection<? extends Certificate> certsToValidate;
    final File certs = getAbsoluteFilePathFromClassPath("crl/revoked.crt.pem");
    try(FileInputStream trin = new FileInputStream(certs)) {
        certsToValidate =  (Collection<? extends Certificate>) CertificateFactory.getInstance("X.509").generateCertificates(trin);
    }

    Assert.assertEquals(certsToValidate.size(), 2);

    CertificateValidator validator = new CertificateValidator(rootCas.toArray(new X509Certificate[0]), crls);
    validator.setDate(CRL_DATE);
    try {
        validator.validate(certsToValidate.toArray(new X509Certificate[0]));
        Assert.fail();
    } catch (CertificateException e) {
        Assert.assertTrue(ExceptionUtils.getRootCause(e) instanceof CertificateRevokedException);
    }
}
项目:search-guard-ssl    文件:CertificateValidatorTest.java   
@Test
public void testCRLDP() throws Exception {

    //trust chain incl intermediate certificates (root + intermediates)
    Collection<? extends Certificate> rootCas;
    final File trustedCas = getAbsoluteFilePathFromClassPath("root-ca.pem");
    try(FileInputStream trin = new FileInputStream(trustedCas)) {
        rootCas =  (Collection<? extends Certificate>) CertificateFactory.getInstance("X.509").generateCertificates(trin);
    }

    Assert.assertEquals(rootCas.size(), 1);

    //certificate chain to validate (client cert + intermediates but without root)
    Collection<? extends Certificate> certsToValidate;
    final File certs = getAbsoluteFilePathFromClassPath("crl/revoked.crt.pem");
    //final File certs = getAbsoluteFilePathFromClassPath("node-0.crt.pem");
    try(FileInputStream trin = new FileInputStream(certs)) {
        certsToValidate =  (Collection<? extends Certificate>) CertificateFactory.getInstance("X.509").generateCertificates(trin);
    }

    Assert.assertEquals(certsToValidate.size(), 2);

    CertificateValidator validator = new CertificateValidator(rootCas.toArray(new X509Certificate[0]), Collections.emptyList());
    validator.setEnableCRLDP(true);
    validator.setEnableOCSP(true);
    validator.setDate(CRL_DATE);
    try {
        validator.validate(certsToValidate.toArray(new X509Certificate[0]));
        Assert.fail();
    } catch (CertificateException e) {
        Assert.assertTrue(ExceptionUtils.getRootCause(e) instanceof CertificateRevokedException);
    }
}
项目:kork    文件:BlacklistingX509TrustManager.java   
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String authType) throws CertificateException {
  if (x509Certificates != null) {
    for (X509Certificate cert : x509Certificates) {
      if (blacklist.isBlacklisted(cert)) {
        throw new CertificateRevokedException(new Date(), CRLReason.UNSPECIFIED, cert.getIssuerX500Principal(), Collections.emptyMap());
      }
    }
  }

  delegate.checkClientTrusted(x509Certificates, authType);
}