From b329b436b99d78dde21ab7a338331faaa2da6f6e Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Thu, 15 Sep 2022 09:16:13 +0200 Subject: test(pkix): add certStore tests --- .../server/config/ConfigurationPartsBuilder.java | 4 +- .../moa/spss/server/iaik/pki/PKIProfileImpl.java | 3 + .../moa/spss/util/CertificateReader.java | 157 +++++++++++++++++++++ 3 files changed, 163 insertions(+), 1 deletion(-) create mode 100644 moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateReader.java (limited to 'moaSig/moa-sig-lib/src/main/java/at') diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java index 533931d..5daf1a6 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java @@ -1562,10 +1562,12 @@ public class ConfigurationPartsBuilder { public boolean getAutoEEAddCertificates() { final String autoAdd = getElementValue(getConfigElem(), AUTO_ADD_EE_CERTIFICATES_XPATH_, null); - if (autoAdd != null) { + if (autoAdd != null) { return Boolean.valueOf(autoAdd).booleanValue(); + } else { return false; + } } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java index 0032dc6..a53bce8 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java @@ -211,12 +211,15 @@ public class PKIProfileImpl implements PKIProfile { if (config.getAutoAddCertificates()) { if (config.getAutoAddEECertificates()) { return PKIProfile.AUTO_ADD_ENABLE; + } else { return PKIProfile.AUTO_ADD_EE_DISABLE; + } } else { return PKIProfile.AUTO_ADD_DISABLE; + } } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateReader.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateReader.java new file mode 100644 index 0000000..79a0401 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateReader.java @@ -0,0 +1,157 @@ +package at.gv.egovernment.moa.spss.util; +import java.io.BufferedInputStream; +import java.io.File; +import java.io.FileFilter; +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.IOException; +import java.security.Security; +import java.security.cert.CertificateException; +import java.util.Arrays; +import java.util.Iterator; +import java.util.List; + +import iaik.pkcs.PKCS7CertList; +import iaik.pkcs.PKCSParsingException; +import iaik.security.provider.IAIK; +import iaik.utils.Util; +import iaik.x509.X509Certificate; +import iaik.xml.crypto.EccProviderAdapter; + +// Copyright (C) 2011 IAIK +// http://jce.iaik.at +// +// Copyright (C) 2011 Stiftung Secure Information and +// Communication Technologies SIC +// http://www.sic.st +// +// All rights reserved. +// +// This source is provided for inspection purposes and recompilation only, +// unless specified differently in a contract with IAIK. This source has to +// be kept in strict confidence and must not be disclosed to any third party +// under any circumstances. Redistribution in source and binary forms, with +// or without modification, are permitted in any case! +// +// THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +// ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +// OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +// LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +// OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +// SUCH DAMAGE. +// +// + +public class CertificateReader { + + /** + * Filter for reading certificate files from a directory. + * The filter accepts a file if its name ends with + * ".cer", ".der", ".crt" + * or ".pem". + * + * @author Harald Bratko + * @author Konrad Lanz + */ + static class CertificateFileFilter implements FileFilter { + + /** + * Accepts a file if it is not a directory and its name ends with + * ".cer", ".der", ".crt" or ".pem". + * + * @see java.io.FileFilter#accept(java.io.File) + */ + public boolean accept(File file) { + String name = file.getName(); + if (name.endsWith(".der") || + name.endsWith(".cer") || + name.endsWith(".crt") || + name.endsWith(".pem")) + { + return true; + } else { + return false; + } + } + } + + + + /** + * Reads the certificates from the given directory and + * returns the certificates as sorted list (end user certificate first). + * @param directory + * @return + * @throws IOException + * @throws FileNotFoundException + * @throws CertificateException + * @throws Exception + */ + public static X509Certificate[] readCertificatesIntoArray(String directory) throws CertificateException, FileNotFoundException, IOException{ + + File file = new File(directory); + File[] certificateFiles = file.listFiles(new CertificateFileFilter()); + int l = certificateFiles.length; + X509Certificate[] certs = new X509Certificate[l]; + for (int i=0; i readCertificates(String directory) throws CertificateException, FileNotFoundException, IOException{ + + return Arrays.asList(readCertificatesIntoArray(directory)); + } + + public static void main(String[] args) { + try { + + IAIK.addAsJDK14Provider(); + //IAIK.addAsProvider(); + //Security.addProvider(new IAIK()); + + // install ECC provider + Security.addProvider(EccProviderAdapter.getEccProvider()); + + String dir = "target/classes/spec/examples/EU/AT/certs/on-tsl/chain/"; + List l = readCertificates(dir); + Iterator it = l.iterator(); + while (it.hasNext()) { + System.out.println(((X509Certificate)it.next()).getSubjectDN().getName()); + } + } catch (Exception e) { + e.printStackTrace(); + System.exit(1); + } + + } + + public static X509Certificate[] p7read(File path) throws PKCSParsingException, FileNotFoundException, IOException { + PKCS7CertList p7certList = new PKCS7CertList( + new BufferedInputStream( + new FileInputStream( + path + ) + ) + ); + return p7certList.getCertificateList(); + } + } \ No newline at end of file -- cgit v1.2.3