org.apache.ws.security.message
Class SignatureCRLTest

java.lang.Object
  org.junit.Assert
      org.apache.ws.security.message.SignatureCRLTest

public class SignatureCRLTest
extends org.junit.Assert

This is a test for Certificate Revocation List checking. A message is signed and sent to the receiver. If Certificate Revocation is enabled, then signature trust verification should fail as the message has been signed by the private key corresponding to a revoked signature. Generate the client keypair, make a csr, sign it with the CA key keytool -genkey -validity 3650 -alias wss40rev -keyalg RSA -keystore wss40rev.jks -dname "CN=Colm,OU=WSS4J,O=Apache,L=Dublin,ST=Leinster,C=IE" keytool -certreq -alias wss40rev -keystore wss40rev.jks -file wss40rev.cer openssl ca -config ca.config -policy policy_anything -days 3650 -out wss40rev.pem -infiles wss40rev.cer openssl x509 -outform DER -in wss40rev.pem -out wss40rev.crt Import the CA cert into wss40.jks and import the new signed certificate keytool -import -file wss40CA.crt -alias wss40CA -keystore wss40rev.jks keytool -import -file wss40rev.crt -alias wss40rev -keystore wss40rev.jks Generate a Revocation list openssl ca -gencrl -keyfile wss40CAKey.pem -cert wss40CA.pem -out wss40CACRL.pem -config ca.config -crldays 3650 openssl ca -revoke wss40rev.pem -keyfile wss40CAKey.pem -cert wss40CA.pem -config ca.config openssl ca -gencrl -keyfile wss40CAKey.pem -cert wss40CA.pem -out wss40CACRL.pem -config ca.config -crldays 3650

Constructor Summary

SignatureCRLTest()

Method Summary

void	testSignatureDirectReference() Test signing a SOAP message using a BST.
void	testSignatureDirectReferenceRevocation() Test signing a SOAP message using a BST.
void	testSignatureDirectReferenceRevocationKeyStore() Test signing a SOAP message using a BST.

Methods inherited from class org.junit.Assert

assertArrayEquals, assertArrayEquals, assertArrayEquals, assertArrayEquals, assertArrayEquals, assertArrayEquals, assertArrayEquals, assertArrayEquals, assertArrayEquals, assertArrayEquals, assertArrayEquals, assertArrayEquals, assertArrayEquals, assertArrayEquals, assertArrayEquals, assertArrayEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertEquals, assertFalse, assertFalse, assertNotNull, assertNotNull, assertNotSame, assertNotSame, assertNull, assertNull, assertSame, assertSame, assertThat, assertThat, assertTrue, assertTrue, fail, fail

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SignatureCRLTest

public SignatureCRLTest()
                 throws java.lang.Exception

Throws:

java.lang.Exception

Method Detail

testSignatureDirectReference

public void testSignatureDirectReference()
                                  throws java.lang.Exception

Test signing a SOAP message using a BST. Revocation is not enabled and so the test should pass.

Throws:

java.lang.Exception

testSignatureDirectReferenceRevocation

public void testSignatureDirectReferenceRevocation()
                                            throws java.lang.Exception

Test signing a SOAP message using a BST. Revocation is enabled and so the test should fail.

Throws:

java.lang.Exception

testSignatureDirectReferenceRevocationKeyStore

public void testSignatureDirectReferenceRevocationKeyStore()
                                                    throws java.lang.Exception

Test signing a SOAP message using a BST. Revocation is enabled and so the test should fail. The trust store that is used is the keystore that contains the revoked certificate. See WSS-341: https://issues.apache.org/jira/browse/WSS-341

Throws:

java.lang.Exception