private static Key getPublicKey(String certificatePath, FilterConfig filterConfig)
     throws ServletException {
   Certificate certificate = null;
   InputStream is = null;
   try {
     if (certificatePath != null) certificatePath = certificatePath.replace('\\', '/');
     certificatePath = getCertificatePath(certificatePath);
     File certFile = new File(certificatePath);
     if (certFile.isAbsolute()) is = new FileInputStream(certificatePath);
     else is = filterConfig.getServletContext().getResourceAsStream(EMBEDDED_CERT_LOC);
     BufferedInputStream bufferedInputStream = new BufferedInputStream(is);
     CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
     while (bufferedInputStream.available() > 0) {
       certificate = certificateFactory.generateCertificate(bufferedInputStream);
     }
   } catch (FileNotFoundException fnfe) {
     throw new ServletException("File not found " + certificatePath);
   } catch (Throwable t) {
     throw new ServletException("Error while retrieving public key from certificate");
   } finally {
     if (is != null) {
       try {
         is.close();
       } catch (Exception e) {
         // Ignore exception silently here
       }
     }
   }
   return certificate.getPublicKey();
 }
Example #2
0
  private void checkPolicyProcessingAtDomainMatch() throws Exception {
    CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC");

    X509Certificate root =
        (X509Certificate)
            cf.generateCertificate(this.getClass().getResourceAsStream("qvRooCa3.crt"));
    X509Certificate ca1 =
        (X509Certificate)
            cf.generateCertificate(this.getClass().getResourceAsStream("suvaRoot1.crt"));
    X509Certificate ca2 =
        (X509Certificate)
            cf.generateCertificate(this.getClass().getResourceAsStream("suvaEmail1.crt"));
    X509Certificate ee =
        (X509Certificate) cf.generateCertificate(this.getClass().getResourceAsStream("suvaEE.crt"));

    List certchain = new ArrayList();
    certchain.add(ee);
    certchain.add(ca2);
    certchain.add(ca1);

    Set trust = new HashSet();
    trust.add(new TrustAnchor(root, null));

    CertPathValidator cpv = CertPathValidator.getInstance("PKIX", "BC");
    PKIXParameters param = new PKIXParameters(trust);
    param.setRevocationEnabled(false);
    param.setDate(new Date(0x156445410b4L)); // around 1st August 2016

    CertPath cp = cf.generateCertPath(certchain);

    MyChecker checker = new MyChecker();
    param.addCertPathChecker(checker);

    PKIXCertPathValidatorResult result = (PKIXCertPathValidatorResult) cpv.validate(cp, param);
  }
  /** java.security.KeyStore#getCertificate(java.lang.String) */
  public void test_getCertificateLjava_lang_String() throws Exception {
    // Test for method java.security.cert.Certificate
    // java.security.KeyStore.getCertificate(java.lang.String)
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    X509Certificate cert[] = new X509Certificate[2];
    cert[0] = (X509Certificate) cf.generateCertificate(certArray);
    cert[1] = (X509Certificate) cf.generateCertificate(certArray2);
    KeyStore keyTest = KeyStore.getInstance(KeyStore.getDefaultType());

    try {
      keyTest.getCertificate("anAlias");
      fail();
    } catch (KeyStoreException expected) {
    }

    keyTest.load(null, null);

    // alias 1
    PublicKey pub = cert[0].getPublicKey();
    keyTest.setCertificateEntry("alias1", cert[0]);

    Certificate certRes = keyTest.getCertificate("alias1");
    assertEquals(
        "the public key of the certificate from getCertificate() "
            + "did not equal the original certificate",
        pub,
        certRes.getPublicKey());

    // alias 2
    keyTest.setCertificateEntry("alias2", cert[0]);

    // testing for a certificate chain
    Certificate cert2 = keyTest.getCertificate("alias2");
    assertEquals("the certificate for alias2 is supposed to exist", cert2, cert[0]);
  }
  /** java.security.KeyStore#getKey(java.lang.String, char[]) */
  public void test_getKeyLjava_lang_String$C() throws Exception {

    // Test for method java.security.Key
    // java.security.KeyStore.getKey(java.lang.String, char[])
    // creatCertificate();
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    X509Certificate cert[] = new X509Certificate[2];
    cert[0] = (X509Certificate) cf.generateCertificate(certArray);
    cert[1] = (X509Certificate) cf.generateCertificate(certArray2);
    KeyStore keyTest = KeyStore.getInstance(KeyStore.getDefaultType());
    keyTest.load(null, null);

    keyTest.setKeyEntry("alias2", getPrivateKey(), pssWord, cert);
    PrivateKey returnedKey = (PrivateKey) keyTest.getKey("alias2", pssWord);
    byte[] retB = returnedKey.getEncoded();
    byte[] priB = getPrivateKey().getEncoded();
    assertTrue(Arrays.equals(retB, priB));
    assertEquals(getPrivateKey().getAlgorithm(), returnedKey.getAlgorithm());
    assertEquals(getPrivateKey().getFormat(), returnedKey.getFormat());

    try {
      keyTest.getKey("alias2", "wrong".toCharArray());
      fail();
    } catch (UnrecoverableKeyException expected) {
    }

    keyTest.setCertificateEntry("alias1", cert[1]);
    assertNull(
        "the private key returned from getKey for a certificate entry is not null",
        keyTest.getKey("alias1", pssWord));
  }
  /** java.security.KeyStore#getCertificateAlias(java.security.cert.Certificate) */
  public void test_getCertificateAliasLjava_security_cert_Certificate() throws Exception {
    // Test for method java.lang.String
    // java.security.KeyStore.getCertificateAlias(java.security.cert.Certificate)
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    X509Certificate cert[] = new X509Certificate[2];
    cert[0] = (X509Certificate) cf.generateCertificate(certArray);
    cert[1] = (X509Certificate) cf.generateCertificate(certArray2);
    KeyStore keyTest = KeyStore.getInstance(KeyStore.getDefaultType());
    keyTest.load(null, null);

    // certificate entry
    keyTest.setCertificateEntry("alias1", cert[1]);
    String alias = keyTest.getCertificateAlias(cert[1]);
    assertEquals(
        "certificate entry - the alias returned for this certificate was wrong", "alias1", alias);

    // key entry

    keyTest.setKeyEntry("alias2", getPrivateKey(), pssWord, cert);
    alias = keyTest.getCertificateAlias(cert[0]);
    assertEquals("key entry - the alias returned for this certificate was wrong", "alias2", alias);

    // testing case with a nonexistent certificate
    X509Certificate cert2 = (X509Certificate) cf.generateCertificate(certArray3);
    String aliasNull = keyTest.getCertificateAlias(cert2);
    assertNull("the alias returned for the nonexist certificate was NOT null", aliasNull);
  }
Example #6
0
  private void validateWithExtendedKeyUsage() throws Exception {
    CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC");

    X509Certificate rootCert =
        (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(extTrust));
    X509Certificate interCert =
        (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(extCA));
    X509Certificate finalCert =
        (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(extEE));

    List list = new ArrayList();
    list.add(rootCert);
    list.add(interCert);
    list.add(finalCert);

    CollectionCertStoreParameters ccsp = new CollectionCertStoreParameters(list);
    CertStore store = CertStore.getInstance("Collection", ccsp, "BC");
    Date validDate = new Date(rootCert.getNotBefore().getTime() + 60 * 60 * 1000);
    // validating path
    List certchain = new ArrayList();
    certchain.add(finalCert);
    certchain.add(interCert);
    CertPath cp = CertificateFactory.getInstance("X.509", "BC").generateCertPath(certchain);
    Set trust = new HashSet();
    trust.add(new TrustAnchor(rootCert, null));

    CertPathValidator cpv = CertPathValidator.getInstance("PKIX", "BC");
    PKIXParameters param = new PKIXParameters(trust);
    param.addCertStore(store);
    param.setDate(validDate);
    param.setRevocationEnabled(false);

    PKIXCertPathValidatorResult result = (PKIXCertPathValidatorResult) cpv.validate(cp, param);
  }
  /** java.security.KeyStore#isKeyEntry(java.lang.String) */
  public void test_isKeyEntryLjava_lang_String() throws Exception {
    // Test for method boolean
    // java.security.KeyStore.isKeyEntry(java.lang.String)
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    X509Certificate cert[] = new X509Certificate[2];
    cert[0] = (X509Certificate) cf.generateCertificate(certArray);
    cert[1] = (X509Certificate) cf.generateCertificate(certArray2);
    KeyStore keyTest = KeyStore.getInstance(KeyStore.getDefaultType());

    try {
      keyTest.isKeyEntry("alias");
      fail();
    } catch (KeyStoreException expected) {
    }

    keyTest.load(null, null);
    // alias 1
    keyTest.setCertificateEntry("alias1", cert[0]);

    // alias 2
    keyTest.setKeyEntry("alias2", getPrivateKey(), pssWord, cert);

    assertTrue("isKeyEntry method returns false for a certificate", keyTest.isKeyEntry("alias2"));
    assertFalse("isKeyEntry method returns true for noncertificate", keyTest.isKeyEntry("alias1"));
  }
  /**
   * java.security.KeyStore#setKeyEntry(java.lang.String, java.security.Key, char[],
   * java.security.cert.Certificate[])
   */
  public void
      test_setKeyEntryLjava_lang_StringLjava_security_Key$C$Ljava_security_cert_Certificate()
          throws Exception {

    // Test for method void
    // java.security.KeyStore.setKeyEntry(java.lang.String,
    // java.security.Key, char[], java.security.cert.Certificate[])

    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    X509Certificate cert[] = new X509Certificate[2];
    cert[0] = (X509Certificate) cf.generateCertificate(certArray);
    cert[1] = (X509Certificate) cf.generateCertificate(certArray2);
    KeyStore keyTest = KeyStore.getInstance(KeyStore.getDefaultType());

    try {
      keyTest.setKeyEntry("alias3", getPrivateKey(), pssWord, cert);
      fail();
    } catch (KeyStoreException expected) {
    }

    keyTest.load(null, null);

    keyTest.setKeyEntry("alias3", getPrivateKey(), pssWord, cert);
    assertTrue(
        "the entry specified by the alias alias3 is not a keyEntry", keyTest.isKeyEntry("alias3"));

    try {
      keyTest.setKeyEntry("alias4", getPrivateKey(), pssWord, new Certificate[] {});
      fail();
    } catch (IllegalArgumentException expected) {
    }
  }
  /** java.security.KeyStore#size() */
  public void test_size() throws Exception {
    // Test for method int java.security.KeyStore.size()

    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    X509Certificate cert[] = new X509Certificate[2];
    cert[0] = (X509Certificate) cf.generateCertificate(certArray);
    cert[1] = (X509Certificate) cf.generateCertificate(certArray2);
    KeyStore keyTest = KeyStore.getInstance(KeyStore.getDefaultType());

    try {
      keyTest.size();
      fail();
    } catch (KeyStoreException expected) {
    }

    keyTest.load(null, null);
    // alias 1
    keyTest.setCertificateEntry("alias1", cert[0]);

    // alias 2
    keyTest.setKeyEntry("alias2", getPrivateKey(), pssWord, cert);

    // alias 3
    keyTest.setCertificateEntry("alias3", cert[1]);

    assertEquals("the size of the keyStore is not 3", 3, keyTest.size());
  }
Example #10
0
  public static void main(String args[]) throws Exception {
    // 参数
    String cacert = args[0];
    String lfcert = args[1];
    // CA "Xu Yingxiao"的证书
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    FileInputStream in1 = new FileInputStream(cacert);
    java.security.cert.Certificate cac = cf.generateCertificate(in1);
    in1.close();
    // 用户"Liu Fang"的签名证书
    FileInputStream in2 = new FileInputStream(lfcert);
    java.security.cert.Certificate lfc = cf.generateCertificate(in2);
    in2.close();

    PublicKey pbk = cac.getPublicKey();
    boolean pass = false;
    try {
      lfc.verify(pbk);
      pass = true;
    } catch (Exception e) {
      pass = false;
      System.out.println(e);
    }
    if (pass) {
      System.out.println("The Certificate is signed by the CA Xu Yingxiao");
    } else {
      System.out.println("!!!The Certificate is not signed by the CA Xu Yingxiao");
    }
  }
  /** java.security.KeyStore#containsAlias(java.lang.String) */
  public void test_containsAliasLjava_lang_String() throws Exception {
    // Test for method boolean
    // java.security.KeyStore.containsAlias(java.lang.String)
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    X509Certificate cert[] = new X509Certificate[2];
    cert[0] = (X509Certificate) cf.generateCertificate(certArray);
    cert[1] = (X509Certificate) cf.generateCertificate(certArray2);
    KeyStore keyTest = KeyStore.getInstance(KeyStore.getDefaultType());

    try {
      keyTest.containsAlias("alias1");
      fail();
    } catch (KeyStoreException expected) {
    }

    keyTest.load(null, null);

    // alias 1
    keyTest.setCertificateEntry("alias1", cert[0]);

    // alias 2
    keyTest.setCertificateEntry("alias2", cert[0]);

    assertTrue("alias1 does not exist", keyTest.containsAlias("alias1"));
    assertTrue("alias2 does not exist", keyTest.containsAlias("alias2"));
    assertFalse("alias3 exists", keyTest.containsAlias("alias3"));

    try {
      keyTest.containsAlias(null);
      fail();
    } catch (NullPointerException expected) {
    }
  }
  public static SSLSocketFactory getSocketFactory(
      String caCrtFile, String crtFile, String keyFile, String password) throws Exception {

    char[] passwordCharArray = password == null ? new char[0] : password.toCharArray();

    Security.addProvider(new BouncyCastleProvider());
    CertificateFactory cf = CertificateFactory.getInstance("X.509");

    X509Certificate caCert =
        (X509Certificate)
            cf.generateCertificate(
                new ByteArrayInputStream(Files.readAllBytes(Paths.get(caCrtFile))));

    X509Certificate cert =
        (X509Certificate)
            cf.generateCertificate(
                new ByteArrayInputStream(Files.readAllBytes(Paths.get(crtFile))));

    File privateKeyFile = new File(keyFile);
    PEMParser pemParser = new PEMParser(new FileReader(privateKeyFile));
    PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(passwordCharArray);
    JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");

    Object object = pemParser.readObject();
    KeyPair kp;

    if (object instanceof PEMEncryptedKeyPair) {
      kp = converter.getKeyPair(((PEMEncryptedKeyPair) object).decryptKeyPair(decProv));
    } else {
      kp = converter.getKeyPair((PEMKeyPair) object);
    }

    pemParser.close();

    KeyStore caKeyStore = KeyStore.getInstance(KeyStore.getDefaultType());
    caKeyStore.load(null, null);
    caKeyStore.setCertificateEntry("ca-certificate", caCert);
    TrustManagerFactory trustManagerFactory =
        TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    trustManagerFactory.init(caKeyStore);

    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
    keyStore.load(null, null);
    keyStore.setCertificateEntry("certificate", cert);
    keyStore.setKeyEntry(
        "private-key",
        kp.getPrivate(),
        passwordCharArray,
        new java.security.cert.Certificate[] {cert});
    KeyManagerFactory keyManagerFactory =
        KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    keyManagerFactory.init(keyStore, passwordCharArray);

    SSLContext context = SSLContext.getInstance("TLSv1");
    context.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);

    return context.getSocketFactory();
  }
Example #13
0
  private void testExceptions() throws Exception {
    byte[] enc = {(byte) 0, (byte) 2, (byte) 3, (byte) 4, (byte) 5};
    MyCertPath mc = new MyCertPath(enc);
    ByteArrayOutputStream os = new ByteArrayOutputStream();
    ByteArrayInputStream is;
    byte[] arr;

    ObjectOutputStream oOut = new ObjectOutputStream(os);
    oOut.writeObject(mc);
    oOut.flush();
    oOut.close();

    try {
      CertificateFactory cFac = CertificateFactory.getInstance("X.509", "BC");
      arr = os.toByteArray();
      is = new ByteArrayInputStream(arr);
      cFac.generateCertPath(is);
    } catch (CertificateException e) {
      // ignore okay
    }

    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    List certCol = new ArrayList();

    certCol.add(cf.generateCertificate(new ByteArrayInputStream(certA)));
    certCol.add(cf.generateCertificate(new ByteArrayInputStream(certB)));
    certCol.add(cf.generateCertificate(new ByteArrayInputStream(certC)));
    certCol.add(cf.generateCertificate(new ByteArrayInputStream(certD)));

    CertPathBuilder pathBuilder = CertPathBuilder.getInstance("PKIX", "BC");
    X509CertSelector select = new X509CertSelector();
    select.setSubject(((X509Certificate) certCol.get(0)).getSubjectX500Principal().getEncoded());

    Set trustanchors = new HashSet();
    trustanchors.add(
        new TrustAnchor(
            (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(rootCertBin)), null));

    CertStore certStore =
        CertStore.getInstance("Collection", new CollectionCertStoreParameters(certCol));

    PKIXBuilderParameters params = new PKIXBuilderParameters(trustanchors, select);
    params.addCertStore(certStore);

    try {
      CertPathBuilderResult result = pathBuilder.build(params);
      CertPath path = result.getCertPath();
      fail("found cert path in circular set");
    } catch (CertPathBuilderException e) {
      // expected
    }
  }
  private DockerCertificates(final Builder builder) throws DockerCertificateException {
    if ((builder.caCertPath == null)
        || (builder.clientCertPath == null)
        || (builder.clientKeyPath == null)) {
      throw new DockerCertificateException(
          "caCertPath, clientCertPath, and clientKeyPath must all be specified");
    }

    try {
      final CertificateFactory cf = CertificateFactory.getInstance("X.509");
      final Certificate caCert = cf.generateCertificate(Files.newInputStream(builder.caCertPath));
      final Certificate clientCert =
          cf.generateCertificate(Files.newInputStream(builder.clientCertPath));

      final PEMKeyPair clientKeyPair =
          (PEMKeyPair)
              new PEMParser(
                      Files.newBufferedReader(builder.clientKeyPath, Charset.defaultCharset()))
                  .readObject();

      final PKCS8EncodedKeySpec spec =
          new PKCS8EncodedKeySpec(clientKeyPair.getPrivateKeyInfo().getEncoded());
      final KeyFactory kf = KeyFactory.getInstance("RSA");
      final PrivateKey clientKey = kf.generatePrivate(spec);

      final KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
      trustStore.load(null, null);
      trustStore.setEntry("ca", new KeyStore.TrustedCertificateEntry(caCert), null);

      final KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
      keyStore.load(null, null);
      keyStore.setCertificateEntry("client", clientCert);
      keyStore.setKeyEntry("key", clientKey, KEY_STORE_PASSWORD, new Certificate[] {clientCert});

      this.sslContext =
          SSLContexts.custom()
              .loadTrustMaterial(trustStore)
              .loadKeyMaterial(keyStore, KEY_STORE_PASSWORD)
              .useTLS()
              .build();
    } catch (CertificateException
        | IOException
        | NoSuchAlgorithmException
        | InvalidKeySpecException
        | KeyStoreException
        | UnrecoverableKeyException
        | KeyManagementException e) {
      throw new DockerCertificateException(e);
    }
  }
Example #15
0
  @Test
  public void testDisplayName() throws Exception {
    CertificateFactory cf = CertificateFactory.getInstance("X.509");

    X509Certificate clientCert =
        (X509Certificate)
            cf.generateCertificate(getClass().getResourceAsStream("startssl-client.crt"));
    assertEquals("Andreas Schildbach", X509Utils.getDisplayNameFromCertificate(clientCert, false));

    X509Certificate comodoCert =
        (X509Certificate)
            cf.generateCertificate(getClass().getResourceAsStream("comodo-smime.crt"));
    assertEquals(
        "*****@*****.**", X509Utils.getDisplayNameFromCertificate(comodoCert, true));
  }
Example #16
0
 /**
  * 获取CA证书信息
  *
  * @param cafile CA证书文件
  * @return Certificate
  * @throws CertificateException
  * @throws IOException
  */
 public static Certificate getCertificate(File cafile) throws CertificateException, IOException {
   CertificateFactory cf = CertificateFactory.getInstance("X.509");
   FileInputStream in = new FileInputStream(cafile);
   Certificate cert = cf.generateCertificate(in);
   in.close();
   return cert;
 }
Example #17
0
  public static boolean verifySign(String certName, String base64Sign, String src) {
    boolean b = false;
    try {
      InputStream is = new FileInputStream(certName);
      CertificateFactory cf = CertificateFactory.getInstance("x509");
      Certificate cerCert = cf.generateCertificate(is);
      PublicKey publicKey = cerCert.getPublicKey();

      BASE64Decoder de = new BASE64Decoder();
      String tmp = base64Sign.replaceAll(" ", "+");
      byte[] byteSign = de.decodeBuffer(tmp);
      byte[] oldMD5 = rsaDecrypt(publicKey, byteSign);
      byte[] newMD5 = UnionPayMd5.MD5(src);
      if (oldMD5.length == newMD5.length) {
        int i = 0;
        for (i = 0; i < oldMD5.length; i++) {
          if (oldMD5[i] == newMD5[i]) {
            System.out.println("123");
            continue;
          } else {
            break;
          }
        }
        if (i == oldMD5.length) {
          b = true;
        }
      }
      return b;
    } catch (Exception e) {
      e.printStackTrace();
      return b;
    }
  }
  /**
   * HttpUrlConnection 方式,支持指定load-der.crt证书验证,此种方式Android官方建议
   *
   * @throws CertificateException
   * @throws IOException
   * @throws KeyStoreException
   * @throws NoSuchAlgorithmException
   * @throws KeyManagementException
   */
  public void initSSL()
      throws CertificateException, IOException, KeyStoreException, NoSuchAlgorithmException,
          KeyManagementException {
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    InputStream in = getAssets().open("load-der.crt");
    Certificate ca = cf.generateCertificate(in);

    KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
    keystore.load(null, null);
    keystore.setCertificateEntry("ca", ca);

    String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
    TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
    tmf.init(keystore);

    // Create an SSLContext that uses our TrustManager
    SSLContext context = SSLContext.getInstance("TLS");
    context.init(null, tmf.getTrustManagers(), null);
    URL url = new URL("https://trade3.guosen.com.cn/mtrade/check_version");
    HttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection();
    urlConnection.setSSLSocketFactory(context.getSocketFactory());
    InputStream input = urlConnection.getInputStream();

    BufferedReader reader = new BufferedReader(new InputStreamReader(input, "UTF-8"));
    StringBuffer result = new StringBuffer();
    String line = "";
    while ((line = reader.readLine()) != null) {
      result.append(line);
    }
    Log.e("TTTT", result.toString());
  }
  /**
   * Adds a new entry to the Java key store, using the GFIPM entity id as the key store alias and
   * using the filename for source of the trusted certificate. Writes out an error messages on an
   * exception.
   *
   * @param entityid The GFIPM entity to be added
   * @param filename The file from where the trusted certificate should be read.
   * @return true on success, false otherwise.
   */
  public boolean addNewEntryFromFile(String entityid, String filename) {
    String alias = makeEntityAliasName(entityid);
    if (alias == null) {
      System.err.println("ERROR: GFIPMKeystore.addNewEntryFromFile: No alias name. Aborted.");
      System.err.flush();
      return false;
    }

    try {

      // Source:
      // http://download.oracle.com/javase/1.5.0/docs/api/java/security/cert/X509Certificate.html
      InputStream inStream = new FileInputStream(filename);
      CertificateFactory cf = CertificateFactory.getInstance("X.509");
      X509Certificate cert = (X509Certificate) cf.generateCertificate(inStream);
      inStream.close();

      if (verboseOut) {
        System.out.println("Key Store: add new entry " + alias);
        System.out.flush();
      }
      keyStore.setCertificateEntry(alias, cert);
      modifiedFlag = true;

    } catch (Exception e) {
      System.err.println("ERROR: GFIPMKeystore.addNewEntryFromFile failed: ");
      System.err.println(e.toString());
      System.err.flush();
      return false;
    }

    return true;
  } // end addNewEntryFromFile
Example #20
0
  /**
   * @param certBuf
   * @return certificate chain
   * @throws CertificateException
   * @throws IOException
   */
  public static X509Certificate[] readCertificateChain(byte[] certBuf)
      throws CertificateException, IOException {
    BufferedInputStream istream = new BufferedInputStream(new ByteArrayInputStream(certBuf));
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    ArrayList<Certificate> certs = new ArrayList<Certificate>();
    while (istream.available() > 0) {
      Certificate cert = cf.generateCertificate(istream);
      // log.debug("found: " + cert);
      certs.add(cert);
    }
    istream.close();

    X509Certificate[] chain = new X509Certificate[certs.size()];
    Iterator<Certificate> i = certs.iterator();
    int c = 0;
    while (i.hasNext()) {
      X509Certificate x509 = (X509Certificate) i.next();
      chain[c++] = x509;
      try {
        x509.checkValidity();
        log.debug("X509 certificate is valid");
      } catch (CertificateExpiredException exp) {
        log.debug("X509 certificate is expired");
        // nothing to be done here
      } catch (CertificateException ex) {
        throw new RuntimeException("certificate byte array is not valid", ex);
      }
    }
    return chain;
  }
  /**
   * java.security.KeyStore#setCertificateEntry(java.lang.String, java.security.cert.Certificate)
   */
  public void test_setCertificateEntryLjava_lang_StringLjava_security_cert_Certificate()
      throws Exception {
    // Test for method void
    // java.security.KeyStore.setCertificateEntry(java.lang.String,
    // java.security.cert.Certificate)
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    X509Certificate cert = (X509Certificate) cf.generateCertificate(certArray);
    KeyStore keyTest = KeyStore.getInstance(KeyStore.getDefaultType());

    try {
      keyTest.setCertificateEntry("alias", cert);
      fail();
    } catch (KeyStoreException expected) {
    }

    keyTest.load(null, null);

    PublicKey pub = cert.getPublicKey();
    keyTest.setCertificateEntry("alias1", cert);
    assertTrue(
        "the entry specified by the alias alias1 is not a certificate",
        keyTest.isCertificateEntry("alias1"));
    Certificate resultCert = keyTest.getCertificate("alias1");
    assertEquals(
        "the public key of the certificate from getCertificate() "
            + "did not equal the original certificate",
        pub,
        resultCert.getPublicKey());
  }
Example #22
0
 MyX509TrustManager() throws java.security.GeneralSecurityException {
   TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX");
   KeyStore ks = KeyStore.getInstance("JKS");
   CertificateFactory cf = CertificateFactory.getInstance("X.509");
   try {
     ks.load(null, null);
     File cacert = new File(cafile);
     if (!cacert.exists() || !cacert.canRead()) return;
     InputStream caStream = new FileInputStream(cafile);
     X509Certificate ca = (X509Certificate) cf.generateCertificate(caStream);
     ks.setCertificateEntry("CA", ca);
     PKIXBuilderParameters params = new PKIXBuilderParameters(ks, new X509CertSelector());
     File crlcert = new File(crlfile);
     if (!crlcert.exists() || !crlcert.canRead()) {
       params.setRevocationEnabled(false);
     } else {
       InputStream crlStream = new FileInputStream(crlfile);
       Collection<? extends CRL> crls = cf.generateCRLs(crlStream);
       CertStoreParameters csp = new CollectionCertStoreParameters(crls);
       CertStore store = CertStore.getInstance("Collection", csp);
       params.addCertStore(store);
       params.setRevocationEnabled(true);
     }
     tmf.init(new CertPathTrustManagerParameters(params));
   } catch (java.io.FileNotFoundException e) {
     vlog.error(e.toString());
   } catch (java.io.IOException e) {
     vlog.error(e.toString());
   }
   tm = (X509TrustManager) tmf.getTrustManagers()[0];
 }
Example #23
0
  /**
   * Parse a PKIPATH format CertPath from an InputStream. Return an unmodifiable List of the
   * certificates.
   *
   * @param is the <code>InputStream</code> to read the data from
   * @return an unmodifiable List of the certificates
   * @exception CertificateException if an exception occurs
   */
  private static List<X509Certificate> parsePKIPATH(InputStream is) throws CertificateException {
    List<X509Certificate> certList = null;
    CertificateFactory certFac = null;

    if (is == null) {
      throw new CertificateException("input stream is null");
    }

    try {
      DerInputStream dis = new DerInputStream(readAllBytes(is));
      DerValue[] seq = dis.getSequence(3);
      if (seq.length == 0) {
        return Collections.<X509Certificate>emptyList();
      }

      certFac = CertificateFactory.getInstance("X.509");
      certList = new ArrayList<X509Certificate>(seq.length);

      // append certs in reverse order (target to trust anchor)
      for (int i = seq.length - 1; i >= 0; i--) {
        certList.add(
            (X509Certificate)
                certFac.generateCertificate(new ByteArrayInputStream(seq[i].toByteArray())));
      }

      return Collections.unmodifiableList(certList);

    } catch (IOException ioe) {
      throw new CertificateException("IOException parsing PkiPath data: " + ioe, ioe);
    }
  }
Example #24
0
  /**
   * Callback method from _scanKeychain. If a trusted certificate is found, this method will be
   * called.
   */
  private void createTrustedCertEntry(
      String alias, long keychainItemRef, long creationDate, byte[] derStream) {
    TrustedCertEntry tce = new TrustedCertEntry();

    try {
      CertificateFactory cf = CertificateFactory.getInstance("X.509");
      InputStream input = new ByteArrayInputStream(derStream);
      X509Certificate cert = (X509Certificate) cf.generateCertificate(input);
      input.close();
      tce.cert = cert;
      tce.certRef = keychainItemRef;

      // Make a creation date.
      if (creationDate != 0) tce.date = new Date(creationDate);
      else tce.date = new Date();

      int uniqueVal = 1;
      String originalAlias = alias;

      while (entries.containsKey(alias.toLowerCase())) {
        alias = originalAlias + " " + uniqueVal;
        uniqueVal++;
      }

      entries.put(alias.toLowerCase(), tce);
    } catch (Exception e) {
      // The certificate will be skipped.
      System.err.println("KeychainStore Ignored Exception: " + e);
    }
  }
Example #25
0
  public void testEmptyPath() throws Exception {
    CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC");
    X509Certificate rootCert =
        (X509Certificate)
            cf.generateCertificate(new ByteArrayInputStream(CertPathTest.rootCertBin));

    List list = new ArrayList();
    list.add(rootCert);
    CollectionCertStoreParameters ccsp = new CollectionCertStoreParameters(list);
    CertStore store = CertStore.getInstance("Collection", ccsp, "BC");

    List certchain = new ArrayList();
    CertPath cp = CertificateFactory.getInstance("X.509", "BC").generateCertPath(certchain);
    Set trust = new HashSet();
    trust.add(new TrustAnchor(rootCert, null));

    CertPathValidator cpv = CertPathValidator.getInstance("PKIX", "BC");
    PKIXParameters param = new PKIXParameters(trust);
    param.addCertStore(store);
    MyChecker checker = new MyChecker();
    param.addCertPathChecker(checker);

    try {
      cpv.validate(cp, param);
    } catch (CertPathValidatorException e) {
      if (!"Certification path is empty.".equals(e.getMessage())) {
        fail("message mismatch");
      }
    }
  }
  /**
   * Gets a KeyStore containing the Certificate
   *
   * @param cert InputStream of the Certificate
   * @return KeyStore
   */
  public static KeyStore getKeystoreOfCA(InputStream cert) {

    // Load CAs from an InputStream
    InputStream caInput = null;
    Certificate ca = null;
    try {
      CertificateFactory cf = CertificateFactory.getInstance("X.509");
      caInput = new BufferedInputStream(cert);
      ca = cf.generateCertificate(caInput);
    } catch (CertificateException e1) {
      e1.printStackTrace();
    } finally {
      try {
        if (caInput != null) {
          caInput.close();
        }
      } catch (IOException e) {
        e.printStackTrace();
      }
    }

    // Create a KeyStore containing our trusted CAs
    String keyStoreType = KeyStore.getDefaultType();
    KeyStore keyStore = null;
    try {
      keyStore = KeyStore.getInstance(keyStoreType);
      keyStore.load(null, null);
      keyStore.setCertificateEntry("ca", ca);
    } catch (Exception e) {
      e.printStackTrace();
    }
    return keyStore;
  }
  public static void main(String[] args) throws Exception {
    // create the keys
    KeyPair pair = Utils.generateRSAKeyPair();

    // create the input stream
    ByteArrayOutputStream bOut = new ByteArrayOutputStream();

    if (outputFormat.equals(DER)) {
      bOut.write(X509V1CreateExample.generateV1Certificate(pair).getEncoded());
    } else if (outputFormat.equals(PEM)) {
      PEMWriter pemWriter = new PEMWriter(new OutputStreamWriter(bOut));
      pemWriter.writeObject(X509V1CreateExample.generateV1Certificate(pair));
      pemWriter.close();
    }

    bOut.close();

    // Print the contents of bOut

    System.out.println(outputFormat.equals(DER) ? "DER-format:" : "PEM-format:");

    System.out.println(Utils.toString(bOut.toByteArray()));

    InputStream in = new ByteArrayInputStream(bOut.toByteArray());

    // create the certificate factory
    CertificateFactory fact = CertificateFactory.getInstance("X.509", "BC");

    // read the certificate
    X509Certificate x509Cert = (X509Certificate) fact.generateCertificate(in);

    System.out.println("issuer: " + x509Cert.getIssuerX500Principal());
  }
Example #28
0
  private void parseCert() {
    try {
      FileInputStream fis = new FileInputStream("e:\\rongyifu.der");
      CertificateFactory cf = CertificateFactory.getInstance("X509");
      X509Certificate c = (X509Certificate) cf.generateCertificate(fis);

      System.out.println("Certficate for " + c.getSubjectDN().getName());
      System.out.println("Generated with " + c.getSigAlgName());
      System.out.println("== " + c.getSubjectDN().toString());
      String publicKey = Base64.encode(c.getPublicKey().getEncoded());
      System.out.println("publicKey=" + publicKey);

      //		      Map<String, String> map = parseSubjectDN(c.getSubjectDN().toString());
      //		      System.out.println("map: "+map);

      //		      String notBefore =c.getNotBefore().toString();//得到开始有效日期
      //		      String notAfter = c.getNotAfter().toString();//得到截止日期
      String serialNumber = c.getSerialNumber().toString(16); // 得到序列号
      String dn = c.getIssuerDN().getName(); // 得到发行者名
      String sigAlgName = c.getSigAlgName(); // 得到签名算法
      String algorithm = c.getPublicKey().getAlgorithm(); // 得到公钥算法

      SimpleDateFormat intSDF = new SimpleDateFormat("yyyyMMdd");
      System.out.println("notBefore=" + intSDF.format(c.getNotBefore()));
      System.out.println("notAfter=" + intSDF.format(c.getNotAfter()));
      System.out.println("serialNumber=" + serialNumber);
      System.out.println("dn=" + dn);
      System.out.println("sigAlgName=" + sigAlgName);
      System.out.println("algorithm=" + algorithm);

      fis.close();
    } catch (Exception ex) {
      ex.printStackTrace();
    }
  }
Example #29
0
 private List<X509Certificate> findCerts(File folder, String username) {
   List<X509Certificate> list = new ArrayList<X509Certificate>();
   File userFolder = new File(folder, X509Utils.CERTS + File.separator + username);
   if (!userFolder.exists()) {
     return list;
   }
   File[] certs =
       userFolder.listFiles(
           new FilenameFilter() {
             @Override
             public boolean accept(File dir, String name) {
               return name.toLowerCase().endsWith(".cer") || name.toLowerCase().endsWith(".crt");
             }
           });
   try {
     CertificateFactory factory = CertificateFactory.getInstance("X.509");
     for (File cert : certs) {
       BufferedInputStream is = new BufferedInputStream(new FileInputStream(cert));
       X509Certificate x509 = (X509Certificate) factory.generateCertificate(is);
       is.close();
       list.add(x509);
     }
   } catch (Exception e) {
     Utils.showException(GitblitAuthority.this, e);
   }
   return list;
 }
Example #30
0
  @Test
  public void testHandleInternal() throws CertificateException {
    final CertificateFactory cf = CertificateFactory.getInstance("X.509");
    U2FReceiverInterface receiver = mock(U2FReceiverInterface.class);
    Module actor = mock(Module.class);
    String version = "U2F_V2";
    byte[] clientParam =
        BaseEncoding.base64Url().decode("MUmwdr0pxe9YsU-P78JNG7s0CNpL8Q41kM7vLWxh6_I=");
    byte[] appParam =
        BaseEncoding.base64Url().decode("shPs6qCuWEVuIMbYe7LP6YJTAsuNm52zDg8ivpfq3P8=");
    byte[] encodedRandom =
        BaseEncoding.base64()
            .decode(
                "2KmIHW8wLzt/eW0Awry1NvfYV9pJVYhERjKwCzkSPG7KYFZScRV8h1z02DELcVhkEDAYFemMKLe+lPQFF2iyqaEsbCBYqLVx82FU8uuktcE+ZFAXyMjprN1jOoARJNRHvd1+nBYkn/plZFUW1X236U1izs0c7xf/4VWPuwI/m5BSyBmY/YKaIQdpGwToCYdcD/5NjaI76mTlHDWNt4f9Ug==");
    byte[] encodedKey =
        BaseEncoding.base64()
            .decode(
                "MIIQ3gIBATEPMA0GCWCGSAFlAwQCAQUAMIILggYJKoZIhvcNAQcBoIILcwSCC28wggtrBgsqhkiG9w0BCRABF6CCC1owggtWAgEAMYIBZzCCAWMCAQAwSzBAMSIwIAYDVQQDExlJQUlLIFRlc3QgSW50ZXJtZWRpYXRlIENBMQ0wCwYDVQQKEwRJQUlLMQswCQYDVQQGEwJBVAIHARTz1EoFiDANBgkqhkiG9w0BAQEFAASCAQAJhWfH6gMHOJFUBKA5FZ9HaVFq4CRkriSH0VyQh2KBA2p/UyKOcMDfeQBcjPAWoipFGDptaR8trt+Lb3m/IVRGnZmfPXEQG6amq3LLV95Yf5BTm07wvo5WiTk2E37PcOpDVMuDfxHjrkg51HszvgKmdOcY4RZRqMvkvwFg60oF5tkE9g0Ye8jUU1Gw3I3xg7mJFJVMGmGgSPGD/HcJWD02BnDg7cLx51720WEXQJoXvCRKMoLhiZmQMBj0ZS0hv2vrgRKtP2T46GV9IkG7CGnxI/XZEYMC9dcImfExc+8uLIH2VkReGEirOeIAjnkWDCMPpNT0SiHzbetN3cYymUAtMIIJ1gYJKoZIhvcNAQcBMB4GCWCGSAFlAwQBLjARBAz5c22QMgAC6l3t8LMCAQyAggmndke4BF6HQ9gq1QFgpcrQSDjHzn5AXnjZ9cz91ELCypw83gytkTATgKEVRJ6WLIEVFPfVV3H6rnXcHFYkIYX4OnicuxblmIJt8SdGvS+TZdn5BaVJEedLcqgyQ5cXIOpUgmqTd5Bm2GVqDIxBOXb1lxKAXJY89SPENR84cPW+f64Cdb/Ogpbj0QkXjuEdLHJpEISj+Y9M97ofg/1qpKmeRQrxrYbdMedpyvwXIscszFDU1zl97DY2WhXX1mb8nD+lCxbQGjkTdSIi1WgLCsLRL4xV6nkQ5Kfid0+9p0K4nf8aIO1PsgoVZKwoR9UE/xyVMEr54QMRlsAUxZ/WF3cU0fFYQWBDb51hlzCGdGcsc2PNx9CA1JmtqSC2ROTmuYvSxbJ0/hrF8n23ptCHEg32lBn+MgzY1J8qv6Aoy1MG8n0ep6cO+q1L3RqGBM9prB/NeC5GLZVK2nn2frqcKtbY6GRrasNTc/q14w5zIZCm3970yRU9tYytFgKM7R6hEKUji6ChCNow7K08U78UpXDiG2F72agHQtovwOtJ2prwU4n4x66Uzaq3LTnqTpZWc27L3Re2GG1VUY3ihBkJ8xYp8F7l3TqezDye/psB9PdW9+9UItJPtqa0SSE7Ciz06bUNrlctHkPaMIRADTlIGcbnrTKAN2NVFBNoAunkVvKpy2R+P9mXjJAKGoygfJkhWfVxUVcftWjKZBkw8oJJ3apOyV5jtU5S3BLe39Q3Kf1zQ45KroXTweDkH2tYc2SHfQGmkUcZQVx8qqg5+vCbRBwHhg8ETtGD+kVANv9SFF/NvOwmAsaCzO/ivCJr4iAkf7/zTMZv9KNA1I2GnUb2yCOvkH+0jAZOSwCSYa/0nc3UMEdsS42KiaeUneLqqDvRFowXDZp0/vYEI4wiVsIF08JBtRInYLmE7SgZ8ItC7lk9DsE91ZlsubwYaq7OH/M7Ejpe0G8Udp0Tc94UaWvuSmnsqWWEDTuHH4/+3QzJSD1LJih1KlKKEHcZrHFoncOIdAZs/TcIqB4NwkxcWaHG6Hs1YN4w4E9iT79uYIjPXXQkvffWweKci/IAUD0sM5Z6N3/2qgzfR+fK6Q74P1Yu1rgP+i0tXIJqoU+GM0BM29PBREORFVW333BwuVqr1hJXuybj0OEPC0IkJYAmI1QQV9ID2DD9MCtYGIZ0y3HXYYFgbAYffnexu3lMjNXCzCMggvj3qR5S8JHDJ/FfHk5Vlrp/0+Y+8nBXbFfgjLQFSFOaRr6FCZFe2e24RHrjJOeSQRPaT/76GbiS0g6CHk/tyqSWQJP3Tatf8mCSQ09jyOEUdIOeuokCQYC9eV2dJaf9KLvi0a+F+P8KlWDov0UZ9gwnM9h0oABZKOqGJBPmWO87rE0SRpnCtYbOV1UCbpiCh4rwXVpwgYdJW2JVSlevFerSEsw0LrCLzupKP1v2enNQXrAUNpsitEygYym8wJIuhdb6t19iOHiloplbCjqYW4AjSmZsC68EAwtzAGgm59e1CccbDoLUAmAUu6C433o00alBrBpoAsew3+002gOjPb/oYoTvPkNVmluC6iz/zqtwdfOgA60NLE1cPA+n57dqNORhczdN6LpWKOa105PLH2s7I1R8Rf/jgVdX3IdOWXCbj+HrngyTo47R7MIRUjcOG9GNi5SzgHgAkTYCFv6IyeGIeZbXKI13g5IkIjOQvEceaIHmCAAuTKXitsAVB+KcC+SFhvwdGGUzy3KQx1VAkHYdzUzuTFMAIkaVwha0HyY1sXiMSY9ismZRPPyUIL6eAnuaIijQ43/j60PcoN00JH2yrhPm2C+nPWPXCx/RjpDvzi44DboNktokwx7onAYVDX950h4vUXBmw8BNziVjzK1fdQ+OIXi+SI4IqEf9fyIhfKJnI8HvXW+Fj4NS0o1g6oDjPH0FG8oSf3lBqiMHCOg19AN5zdSdZJgB8kWrUeurLbNM9821Bt4higI1/Nd+NAVVFcFzd8Z8K0mCBUavzQWHjgf9cLwEbubdVzaDEwXpvl+6n4Xld5j6sPj1NPwahHAgGaxvK/ZH98Tz7TatLx9DOqCQrohAdNjgtZ4JDmFSSXEp0qx5D6kyy36l6bVUgD1e83amA6ZhdDdw5mNHeSvh73DH6jKI2r3aDES2yXOvGvkhnzCNgdMtptLKkcOUL6T0iTkhQEatCpKYz33JoDo1xwq+nQ+Em0BsSxd8xGhSXOUehkbav7OeHevdgtaMqPIiGWmWW4l+ldf9NdD4u3T/twgq9qlztNCsiJaf0cQs16mrLMnawBAy94Cm31WGYlBM0u8LMzuw4OyRx1+RjVyVZn06u3QRSRd9qY/NV3kRGemtCY4emnuOi8PpyjGOZD7fvOTNTSrQO6Oha0bqa/v/4PjH8Ttfy6Pek3sD9g4kEo+9hWfFxb1i0IFL16orPxyVNAJC/eJtLg4/YnPOHXN0iHbJgLE20kAWeO/+XaaAiRRHTLcWgrTeaBEQ+bYg7FjEVPc2Ahy+zJWaHzzk5u1PXU0vdtk3wcCfFdeVxov5hXjuMf1NMMmQZ7PtOCoJzMsakc9+fbcHiKhwLLa/ioeIMqRKWaAYFNYLFb8XRRGa9UwBrq3cEIulcdEAYbjLJQvaoyIcIbKyQnQfpkdIr9NTkzI32bQ6yiBYjhUGAanPwug1iHiYCtXJL8SaKP0NWK843mpTyLcqZvrG8Tdby29RCCwqWifY6L2WlnzUtWhI6vcWUZoQgRbQkBit/WMn5t4seqcBkBqc1qJGoCEltLrVGXVaTNLg1Jf5uY1Lt9fwaRn80soGhrBiBK5NR/TSDyA5PVaw2D/iutc8wGB4e+//aknR5myKbgmqdFygkpLfZlDg1l4jvXdf5NLnavXzzoWHQf99SERcwMdXzPR3pNx9axBvngq1ZaBvyy0Ey8kXkXTxzG+kpgPORBsKv4z/josue5VkF/XXDYb9fG7KCvIC+8fnwMMBSKwFecXuBl7RPLYnJITwzg+iVb+oW2E+8DsfjymD2zpgCyax7rkXfY/XZfOWA+yvQrO3/66F5vjWFR7fvvpRp1yef0kaeK0jUfTnOMw517K0e9WnqXfTNvc7AE3kwvaOnPyTzNxUtfKYMgBjK3Y3D+uGA/RdxMECDYM6KAsydY6ChxE6oA0wUM/a1ThqA9r5rEuT5Ru2Cz/zgQ+amo74a/ZGtBJqF+DbhSAP58L7Qr20GoW3WtlNeXuQpBlXPGbMw5svzKvrrFzkFAh/QF9MpHuflNABclIDXwahJWhUEpSek+qGDd/r/EaJeMuazIO4TrEEDC5ZGjJAGcFVmm6FtKCCA1swggNXMIICwKADAgECAgcBFPPUSgWIMA0GCSqGSIb3DQEBBQUAMEAxIjAgBgNVBAMTGUlBSUsgVGVzdCBJbnRlcm1lZGlhdGUgQ0ExDTALBgNVBAoTBElBSUsxCzAJBgNVBAYTAkFUMB4XDTEzMDkwOTEwMzcxMloXDTIzMDkwOTEwMzcxMlowgcwxCzAJBgNVBAYTAkFUMQ0wCwYDVQQHEwRHcmF6MSYwJAYDVQQKEx1HcmF6IFVuaXZlcnNpdHkgb2YgVGVjaG5vbG9neTFIMEYGA1UECxM/SW5zdGl0dXRlIGZvciBBcHBsaWVkIEluZm9ybWF0aW9uIFByb2Nlc3NpbmcgYW5kIENvbW11bmljYXRpb25zMRIwEAYDVQQEEwlUZXVmbCBFbmMxDjAMBgNVBCoTBVBldGVyMRgwFgYDVQQDEw9QZXRlciBUZXVmbCBFbmMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHJc3t2vLEov8EPXCH770Hue07PCKJnHylKFzDxZtjHihPyoF8C7P7EPXc30luoeDaLtiD0visDFLxvOEdxFlcKkmyJVzVLQeUlzPwZufZIXoFCHjvAsQFb+AoVEO5ZD8QOTa1Pf6J5nfWv/S8GaXyrpu8wrjZYsGh18mk2LSAN5miLUg4twMXH/7DpmNz/Lt9c1w3XCqFJVSM07tYiD8bsHt1D5RbM54E2NV7jfHJLIZCR0CFZfkWUruwJpeSPeKR/UyRYZil4aI01KWj5XaipvNFlqDdQhYk/gYIHGk6YqulCs5OgSmj5O4sqUo/2Yp5HiGTDF9MX1KjnxyH1d9hAgMBAAGjSjBIMCUGA1UdEQQeMByBGnBldGVyLnRldWZsQGlhaWsudHVncmF6LmF0MB8GA1UdIwQYMBaAFGiiXhHa3i+Aa0REv436ZTaBJKdvMA0GCSqGSIb3DQEBBQUAA4GBADoJjvmqooO69eM9yGE1xUMsEJ2N8onq1BUHKPwfQd8Au4TcKSk6bGLcsSTrGuOSXaPmPmo0aQBjfkjeZRyC5x8ipQcySYVB8FdMgZwEEVlxlz9qqvndJnDOtid84ZgopV2AjcO0WG5nGOvXncADbACK/v8CMQujdX4thq+XETBpMYIB4TCCAd0CAQEwSzBAMSIwIAYDVQQDExlJQUlLIFRlc3QgSW50ZXJtZWRpYXRlIENBMQ0wCwYDVQQKEwRJQUlLMQswCQYDVQQGEwJBVAIHARTz1EoFiDANBglghkgBZQMEAgEFAKBpMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTE1MTIwMzEyMjMzOFowLwYJKoZIhvcNAQkEMSIEIP4e/ZL5mxGSoXVk2ctkTtAgdxyGKSIB5eNiscVgPNHiMA0GCSqGSIb3DQEBAQUABIIBAJxFPi7OZ4FUK673XueLow4TB/Ji+7wtq6lfcJFregY96adYxHOMWlpvyNLzyIWJxV1SczHVatti4BGMWiGM1OJU4IXRzuojGVRzmL9CcDsUU1amokYqS//98SnzDMW4obNLqq0xKtawrSo/Hl1/eVbBYilLmtPaMszQ+cl0xQ5ReTybeKC08O6pTfwLx47YiretEoVwgpagVC2tdGN/UqM/KX+saox5NJIzhx+8UP5BdG35mMCa71fs5dxKQKYTxaKHK3w+Sq7mwKaxopgioJ4x4w9fq8+qdEYQWUaBTJiIVfBbJXdVkPD4xOnUFIbfxHqXn9DQHhAqQb0Ex3zt4Fo=");
    X509Certificate encodedCert =
        (X509Certificate)
            cf.generateCertificate(
                new ByteArrayInputStream(
                    BaseEncoding.base64()
                        .decode(
                            "MIICqDCCAZACIHCy6N/T8VQ8XOlp3EBkT9D1uw3uXMpuaIuwyYVtYdPRMA0GCSqGSIb3DQEBCwUAMIHMMQswCQYDVQQGEwJBVDENMAsGA1UEBxMER3JhejEmMCQGA1UEChMdR3JheiBVbml2ZXJzaXR5IG9mIFRlY2hub2xvZ3kxSDBGBgNVBAsTP0luc3RpdHV0ZSBmb3IgQXBwbGllZCBJbmZvcm1hdGlvbiBQcm9jZXNzaW5nIGFuZCBDb21tdW5pY2F0aW9uczESMBAGA1UEBBMJVGV1ZmwgRW5jMQ4wDAYDVQQqEwVQZXRlcjEYMBYGA1UEAxMPUGV0ZXIgVGV1ZmwgRW5jMB4XDTEzMDkwOTEwMzcxMloXDTIzMDkwOTEwMzcxMlowEzERMA8GA1UEAxMIU2t5VHJ1c3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR+XOmSfxB8SU3A4PUmFB89awcIGnXLxBpnqHxltHLQg6evGeVhSmLqUDXYXKljHRpkITruRMVxlPZGREoTKFK8MA0GCSqGSIb3DQEBCwUAA4IBAQDC/ICTEa4sNE9paFCU8FJJ2o1eZ6Zzarx5jWtk6rd1KtB/jzQVvR/V4wq+3ItbEufdKh3HhHA2K9uEZm+Mu7t8FUaXFKAyksU2/PzI3kFUVsSoE7XiSuhyivUbT9xdWNTc4ZLJecrq5weJwkhoqLpW1ec1jGaFEpGMPlVGMJC8ANRGkc3ddeckAck8cdItR8wQ5ltEpiTklyoleIeTzu2kThl7mKc8CkqIiXcudNnKqY1USJ+Ns5jjLDStyy7+mLw45Y5p8U71Wmx2DEIkH/ExDWedMXIXdKvHD8BgTsbKNf70zZspwqMnDqThgi3Oio4VRWvKuszhmP++UZHoQobo")));
    byte[] hashToBeSigned =
        BaseEncoding.base64()
            .decode(
                "ALIT7OqgrlhFbiDG2Huyz+mCUwLLjZudsw4PIr6X6tz/MUmwdr0pxe9YsU+P78JNG7s0CNpL8Q41kM7vLWxh6/LYqYgdbzAvO395bQDCvLU299hX2klViERGMrALORI8bspgVlJxFXyHXPTYMQtxWGQQMBgV6Ywot76U9AUXaLKpoSxsIFiotXHzYVTy66S1wT5kUBfIyOms3WM6gBEk1Ee93X6cFiSf+mVkVRbVfbfpTWLOzRzvF//hVY+7Aj+bkFLIGZj9gpohB2kbBOgJh1wP/k2NojvqZOUcNY23h/1SBH5c6ZJ/EHxJTcDg9SYUHz1rBwgadcvEGmeofGW0ctCDp68Z5WFKYupQNdhcqWMdGmQhOu5ExXGU9kZEShMoUrw=");
    byte[] signedHash =
        BaseEncoding.base64()
            .decode(
                "MEUCICF+1fY8V/y5/kUw35/mnlSbZzs236wH3wsZQSfSiKnvAiEAyF/md0WTjq53G+t1h8HPaJlYmhoSP8Wej8R6bTUoFxw=");
    byte[] registrationData =
        BaseEncoding.base64Url()
            .decode(
                "BQR-XOmSfxB8SU3A4PUmFB89awcIGnXLxBpnqHxltHLQg6evGeVhSmLqUDXYXKljHRpkITruRMVxlPZGREoTKFK8oNipiB1vMC87f3ltAMK8tTb32FfaSVWIREYysAs5EjxuymBWUnEVfIdc9NgxC3FYZBAwGBXpjCi3vpT0BRdosqmhLGwgWKi1cfNhVPLrpLXBPmRQF8jI6azdYzqAESTUR73dfpwWJJ_6ZWRVFtV9t-lNYs7NHO8X_-FVj7sCP5uQUsgZmP2CmiEHaRsE6AmHXA_-TY2iO-pk5Rw1jbeH_VIwggKoMIIBkAIgcLLo39PxVDxc6WncQGRP0PW7De5cym5oi7DJhW1h09EwDQYJKoZIhvcNAQELBQAwgcwxCzAJBgNVBAYTAkFUMQ0wCwYDVQQHEwRHcmF6MSYwJAYDVQQKEx1HcmF6IFVuaXZlcnNpdHkgb2YgVGVjaG5vbG9neTFIMEYGA1UECxM_SW5zdGl0dXRlIGZvciBBcHBsaWVkIEluZm9ybWF0aW9uIFByb2Nlc3NpbmcgYW5kIENvbW11bmljYXRpb25zMRIwEAYDVQQEEwlUZXVmbCBFbmMxDjAMBgNVBCoTBVBldGVyMRgwFgYDVQQDEw9QZXRlciBUZXVmbCBFbmMwHhcNMTMwOTA5MTAzNzEyWhcNMjMwOTA5MTAzNzEyWjATMREwDwYDVQQDEwhTa3lUcnVzdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABH5c6ZJ_EHxJTcDg9SYUHz1rBwgadcvEGmeofGW0ctCDp68Z5WFKYupQNdhcqWMdGmQhOu5ExXGU9kZEShMoUrwwDQYJKoZIhvcNAQELBQADggEBAML8gJMRriw0T2loUJTwUknajV5npnNqvHmNa2Tqt3Uq0H-PNBW9H9XjCr7ci1sS590qHceEcDYr24Rmb4y7u3wVRpcUoDKSxTb8_MjeQVRWxKgTteJK6HKK9RtP3F1Y1Nzhksl5yurnB4nCSGioulbV5zWMZoUSkYw-VUYwkLwA1EaRzd115yQByTxx0i1HzBDmW0SmJOSXKiV4h5PO7aROGXuYpzwKSoiJdy502cqpjVRIn42zmOMsNK3LLv6YvDjljmnxTvVabHYMQiQf8TENZ50xchd0q8cPwGBOxso1_vTNmynCoycOpOGCLc6KjhVFa8q6zOGY_75RkehChugwRQIgIX7V9jxX_Ln-RTDfn-aeVJtnOzbfrAffCxlBJ9KIqe8CIQDIX-Z3RZOOrncb63WHwc9omViaGhI_xZ6PxHptNSgXHA==");
    String u2fRawRequest =
        JsonUtils.toJson(new RegisterInternalRequest(appParam, clientParam, version));

    when(receiver.forwardRequest(
            argThat(new PayloadMatcher(PayloadGenerateU2FKeyRequest.class)), eq(actor)))
        .thenReturn(createGenerateKeyResponse(encodedRandom, encodedKey, encodedCert));
    when(receiver.forwardRequest(argThat(new PayloadMatcher(PayloadSignRequest.class)), eq(actor)))
        .thenReturn(createSignResponse(signedHash));

    RegisterInternalResponse response =
        JsonUtils.fromJson(
            new RegisterInternalHandler(crysilForwarder).handle(u2fRawRequest, actor, receiver),
            RegisterInternalResponse.class);

    verify(crysilForwarder)
        .executeGenerateWrappedKey(
            eq(clientParam), eq(appParam), isNull(byte[].class), eq(actor), eq(receiver));
    verify(crysilForwarder)
        .executeSignatureRequest(eq(encodedKey), eq(hashToBeSigned), eq(actor), eq(receiver));

    assertThat(response.getRegistrationData(), is(registrationData));
  }