@Provides @SuppressWarnings("unused") private WaveCertPathValidator provideWaveCertPathValidator(Config config, TimeSource timeSource, VerifiedCertChainCache certCache, TrustRootsProvider trustRootsProvider) { if (config.getBoolean("federation.waveserver_disable_signer_verification")) { return new DisabledCertPathValidator(); } else { return new CachedCertPathValidator(certCache, timeSource, trustRootsProvider); } }
public void testVerify() throws Exception { validator.validate(serverChain); }
public CachedCertPathValidator(VerifiedCertChainCache certPathCache, TimeSource timeSource, TrustRootsProvider trustRootsProvider) { this.certPathCache = certPathCache; this.timeSource = timeSource; this.trustRoots = getTrustRoots(trustRootsProvider); }
@Override public void validate(List<? extends X509Certificate> certs) throws SignatureException { if (!certPathCache.contains(certs)) { validateNoCache(certs); // we don't get here if certs didn't validate certPathCache.add(certs); } }
@Override protected void setUp() throws Exception { TimeSource time = new DefaultTimeSource(); VerifiedCertChainCache cache = new DefaultCacheImpl(time); validator = new CachedCertPathValidator(cache, time, new DefaultTrustRootsProvider()); CertificateFactory fac = CertificateFactory.getInstance("X509"); X509Certificate ourCert = (X509Certificate) fac.generateCertificate( new ByteArrayInputStream(GOOGLE_CERT.getBytes())); X509Certificate intermediateCert = (X509Certificate) fac.generateCertificate( new ByteArrayInputStream(INTERMEDIATE_CERT.getBytes())); certs = ImmutableList.of(ourCert, intermediateCert); }
public void testVerify() throws Exception { validator.validate(serverChain); }
@Override protected void setUp() throws Exception { TimeSource time = new DefaultTimeSource(); VerifiedCertChainCache cache = new DefaultCacheImpl(time); validator = new CachedCertPathValidator(cache, time, new DefaultTrustRootsProvider()); CertificateFactory fac = CertificateFactory.getInstance("X509"); X509Certificate ourCert = (X509Certificate) fac.generateCertificate( new ByteArrayInputStream(GOOGLE_CERT.getBytes())); X509Certificate intermediateCert = (X509Certificate) fac.generateCertificate( new ByteArrayInputStream(INTERMEDIATE_CERT.getBytes())); certs = ImmutableList.of(ourCert, intermediateCert); }
public void testSpeed() throws Exception { long start = System.currentTimeMillis(); long ops = 0; while (System.currentTimeMillis() < start + 1000L) { validator.validate(serverChain); ++ops; } long stop = System.currentTimeMillis(); System.out.println(ops/(stop-start) + " ops per ms"); } }
@Override public void setUp() throws Exception { timeSource = new FakeTimeSource(1233465103000L); // Jan 31, 2009 cache = new DefaultCacheImpl(timeSource); validator = new CachedCertPathValidator(cache, timeSource, new FakeTrustRootsProvider(CertConstantUtil.CA_PUB_CERT)); }
public void testSpeed() throws Exception { long start = System.currentTimeMillis(); long ops = 0; while (System.currentTimeMillis() < start + 1000L) { validator.validate(serverChain); ++ops; } long stop = System.currentTimeMillis(); System.out.println(ops/(stop-start) + " ops per ms"); } }
@Override public void setUp() throws Exception { timeSource = new FakeTimeSource(1233465103000L); // Jan 31, 2009 cache = new DefaultCacheImpl(timeSource); validator = new CachedCertPathValidator(cache, timeSource, new FakeTrustRootsProvider(CertConstantUtil.CA_PUB_CERT)); }
public void testOutOfOrder() throws Exception { try { validator.validate(Lists.newArrayList( CertConstantUtil.INTERMEDIATE_PUB_CERT, CertConstantUtil.SERVER_PUB_CERT)); fail("Should have thrown, certs out of order"); } catch (SignatureException e) { // good } }
@Override protected void setUp() throws Exception { super.setUp(); // Jan 31, 2009 FakeTimeSource timeSource = new FakeTimeSource(1233465103000L); DefaultCacheImpl cache = new DefaultCacheImpl(timeSource); CachedCertPathValidator validator = new CachedCertPathValidator(cache, timeSource, new FakeTrustRootsProvider(CertConstantUtil.CA_PUB_CERT)); store = new DefaultCertPathStore(); verifier = new WaveSignatureVerifier(validator, store); }
public void testOutOfOrder() throws Exception { try { validator.validate(Lists.newArrayList( CertConstantUtil.INTERMEDIATE_PUB_CERT, CertConstantUtil.SERVER_PUB_CERT)); fail("Should have thrown, certs out of order"); } catch (SignatureException e) { // good } }
@Override protected void setUp() throws Exception { super.setUp(); // Jan 31, 2009 FakeTimeSource timeSource = new FakeTimeSource(1233465103000L); DefaultCacheImpl cache = new DefaultCacheImpl(timeSource); CachedCertPathValidator validator = new CachedCertPathValidator(cache, timeSource, new FakeTrustRootsProvider(CertConstantUtil.CA_PUB_CERT)); store = new DefaultCertPathStore(); verifier = new WaveSignatureVerifier(validator, store); }
public void testIncomplete() throws Exception { try { validator.validate(Lists.newArrayList(CertConstantUtil.SERVER_PUB_CERT)); fail("Should have thrown, cert chain incomplete."); } catch (SignatureException e) { // good } }
private WaveSignatureVerifier getRealVerifier(CertPathStore store) throws Exception { TrustRootsProvider trustRoots = new DefaultTrustRootsProvider(); VerifiedCertChainCache cache = new DefaultCacheImpl(getFakeTimeSource()); WaveCertPathValidator validator = new CachedCertPathValidator( cache, getFakeTimeSource(), trustRoots); return new WaveSignatureVerifier(validator, store); }
public void testIncomplete() throws Exception { try { validator.validate(Lists.newArrayList(CertConstantUtil.SERVER_PUB_CERT)); fail("Should have thrown, cert chain incomplete."); } catch (SignatureException e) { // good } }
private WaveSignatureVerifier getRealVerifier(CertPathStore store) throws Exception { TrustRootsProvider trustRoots = new DefaultTrustRootsProvider(); VerifiedCertChainCache cache = new DefaultCacheImpl(getFakeTimeSource()); WaveCertPathValidator validator = new CachedCertPathValidator( cache, getFakeTimeSource(), trustRoots); return new WaveSignatureVerifier(validator, store); }
public void testExpired() throws Exception { timeSource.advanceSeconds(1800L * 24 * 60 * 60); // 1800 days validator.validate(serverChain); timeSource.advanceSeconds(2000L * 24 * 60 * 60); // 2000 days try { validator.validate(serverChain); fail("Should have thrown, cert expired"); } catch (SignatureException e) { // good } }