public void add(List<? extends X509Certificate> key) { synchronized(map) { long maxAge = timeSource.currentTimeMillis() + VALIDATION_CACHE_AGE_SECONDS * 1000L; map.put(key, new EntryWithAge(maxAge)); } }
@Override public synchronized void storeSignerInfo(ProtocolSignerInfo signerInfo) throws SignatureException { verifier.verifySignerInfo(new SignerInfo(signerInfo)); certPathStore.putSignerInfo(signerInfo); }
@Override public void validate(List<? extends X509Certificate> certs) throws SignatureException { if (!certPathCache.contains(certs)) { validateNoCache(certs); // we don't get here if certs didn't validate certPathCache.add(certs); } }
@Override protected void setUp() throws Exception { super.setUp(); // Jan 31, 2009 FakeTimeSource timeSource = new FakeTimeSource(1233465103000L); DefaultCacheImpl cache = new DefaultCacheImpl(timeSource); CachedCertPathValidator validator = new CachedCertPathValidator(cache, timeSource, new FakeTrustRootsProvider(CertConstantUtil.CA_PUB_CERT)); store = new DefaultCertPathStore(); verifier = new WaveSignatureVerifier(validator, store); }
private byte[] storeSignerInfo(ImmutableList<X509Certificate> certs) throws Exception { SignerInfo info = new SignerInfo(HashAlgorithm.SHA256, certs, DOMAIN); store.putSignerInfo(info.toProtoBuf()); return info.getSignerId(); }
private WaveSignatureVerifier getVerifier(CertPathStore store, boolean disableSignerVerification) { VerifiedCertChainCache cache = new DefaultCacheImpl(getFakeTimeSource()); WaveCertPathValidator validator; if (disableSignerVerification) { validator = new DisabledCertPathValidator(); } else { validator = new CachedCertPathValidator( cache, getFakeTimeSource(), getTrustRootsProvider()); } return new WaveSignatureVerifier(validator, store); }
public void testGetSignerId() throws Exception { signerInfo = new SignerInfo(HashAlgorithm.SHA256, certChain, DOMAIN); assertEquals("zBYbw+lLkXGao+LfNWbv/faS+yAlsAmUfCNqXBxeFtI=", base64(signerInfo.getSignerId())); signerInfo = new SignerInfo(HashAlgorithm.SHA512, certChain, DOMAIN); assertEquals("wtbyS7wiCbIoLXJQjuyER6zTxJe9+pRYi3jxtCBl41eE6inQZBC" + "2Eu8V5AoirzWH271i8JXNdn+6x/eV/nog2g==", base64(signerInfo.getSignerId())); }
@Override public void setUp() throws Exception { timeSource = new FakeTimeSource(1233465103000L); // Jan 31, 2009 cache = new DefaultCacheImpl(timeSource); validator = new CachedCertPathValidator(cache, timeSource, new FakeTrustRootsProvider(CertConstantUtil.CA_PUB_CERT)); }
private WaveSignatureVerifier getRealVerifier(CertPathStore store) throws Exception { TrustRootsProvider trustRoots = new DefaultTrustRootsProvider(); VerifiedCertChainCache cache = new DefaultCacheImpl(getFakeTimeSource()); WaveCertPathValidator validator = new CachedCertPathValidator( cache, getFakeTimeSource(), trustRoots); return new WaveSignatureVerifier(validator, store); }
public void testGetCertificates() throws Exception { signerInfo = new SignerInfo(HashAlgorithm.SHA256, certChain, DOMAIN); assertEquals(certChain, signerInfo.getCertificates()); }
public void testExpired() throws Exception { timeSource.advanceSeconds(1800L * 24 * 60 * 60); // 1800 days validator.validate(serverChain); timeSource.advanceSeconds(2000L * 24 * 60 * 60); // 2000 days try { validator.validate(serverChain); fail("Should have thrown, cert expired"); } catch (SignatureException e) { // good } }
/** * Verifies that the {@link SignerInfo} (i.e., the cerificate chain) checks * out, i.e., chains up to a trusted CA, and has certificates that aren't * expired. * * @throws SignatureException if the certificate chain in the * {@link SignerInfo} does't verify. */ public void verifySignerInfo(SignerInfo signer) throws SignatureException { pathValidator.validate(signer.getCertificates()); }
public boolean contains(List<? extends X509Certificate> key) { synchronized(map) { EntryWithAge entry = map.get(key); if ((entry != null) && (timeSource.currentTimeMillis() < entry.expireMillis)) { return true; } return false; } }
@Override protected void setUp() throws Exception { super.setUp(); // Jan 31, 2009 FakeTimeSource timeSource = new FakeTimeSource(1233465103000L); DefaultCacheImpl cache = new DefaultCacheImpl(timeSource); CachedCertPathValidator validator = new CachedCertPathValidator(cache, timeSource, new FakeTrustRootsProvider(CertConstantUtil.CA_PUB_CERT)); store = new DefaultCertPathStore(); verifier = new WaveSignatureVerifier(validator, store); }
private byte[] storeSignerInfo(ImmutableList<X509Certificate> certs) throws Exception { SignerInfo info = new SignerInfo(HashAlgorithm.SHA256, certs, DOMAIN); store.putSignerInfo(info.toProtoBuf()); return info.getSignerId(); }
private WaveSignatureVerifier getVerifier(CertPathStore store, boolean disableSignerVerification) { VerifiedCertChainCache cache = new DefaultCacheImpl(getFakeTimeSource()); WaveCertPathValidator validator; if (disableSignerVerification) { validator = new DisabledCertPathValidator(); } else { validator = new CachedCertPathValidator( cache, getFakeTimeSource(), getTrustRootsProvider()); } return new WaveSignatureVerifier(validator, store); }
public void testGetSignerId() throws Exception { signerInfo = new SignerInfo(HashAlgorithm.SHA256, certChain, DOMAIN); assertEquals("zBYbw+lLkXGao+LfNWbv/faS+yAlsAmUfCNqXBxeFtI=", base64(signerInfo.getSignerId())); signerInfo = new SignerInfo(HashAlgorithm.SHA512, certChain, DOMAIN); assertEquals("wtbyS7wiCbIoLXJQjuyER6zTxJe9+pRYi3jxtCBl41eE6inQZBC" + "2Eu8V5AoirzWH271i8JXNdn+6x/eV/nog2g==", base64(signerInfo.getSignerId())); }
@Override public void setUp() throws Exception { timeSource = new FakeTimeSource(1233465103000L); // Jan 31, 2009 cache = new DefaultCacheImpl(timeSource); validator = new CachedCertPathValidator(cache, timeSource, new FakeTrustRootsProvider(CertConstantUtil.CA_PUB_CERT)); }
private WaveSignatureVerifier getRealVerifier(CertPathStore store) throws Exception { TrustRootsProvider trustRoots = new DefaultTrustRootsProvider(); VerifiedCertChainCache cache = new DefaultCacheImpl(getFakeTimeSource()); WaveCertPathValidator validator = new CachedCertPathValidator( cache, getFakeTimeSource(), trustRoots); return new WaveSignatureVerifier(validator, store); }
public void testExpired() throws Exception { timeSource.advanceSeconds(1800L * 24 * 60 * 60); // 1800 days validator.validate(serverChain); timeSource.advanceSeconds(2000L * 24 * 60 * 60); // 2000 days try { validator.validate(serverChain); fail("Should have thrown, cert expired"); } catch (SignatureException e) { // good } }