Package org.apache.wss4j.dom.message
Class SignatureCRLTest
- java.lang.Object
-
- org.apache.wss4j.dom.message.SignatureCRLTest
-
public class SignatureCRLTest extends Object
This is a test for Certificate Revocation List checking. A message is signed and sent to the receiver. If Certificate Revocation is enabled, then signature trust verification should fail as the message has been signed by the private key corresponding to a revoked signature. Generate the client keypair, make a csr, sign it with the CA key keytool -genkey -validity 3650 -alias wss40rev -keyalg RSA -keystore wss40rev.jks -dname "CN=Colm,OU=WSS4J,O=Apache,L=Dublin,ST=Leinster,C=IE" keytool -certreq -alias wss40rev -keystore wss40rev.jks -file wss40rev.cer openssl ca -config ca.config -policy policy_anything -days 3650 -out wss40rev.pem -infiles wss40rev.cer openssl x509 -outform DER -in wss40rev.pem -out wss40rev.crt Import the CA cert into wss40.jks and import the new signed certificate keytool -import -file wss40CA.crt -alias wss40CA -keystore wss40rev.jks keytool -import -file wss40rev.crt -alias wss40rev -keystore wss40rev.jks Generate a Revocation list openssl ca -gencrl -keyfile wss40CAKey.pem -cert wss40CA.pem -out wss40CACRL.pem -config ca.config -crldays 3650 openssl ca -revoke wss40rev.pem -keyfile wss40CAKey.pem -cert wss40CA.pem -config ca.config openssl ca -gencrl -keyfile wss40CAKey.pem -cert wss40CA.pem -out wss40CACRL.pem -config ca.config -crldays 3650
-
-
Constructor Summary
Constructors Constructor Description SignatureCRLTest()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
testSignatureDirectReference()
Test signing a SOAP message using a BST.void
testSignatureDirectReferenceRevocation()
Test signing a SOAP message using a BST.void
testSignatureDirectReferenceRevocationKeyStore()
Test signing a SOAP message using a BST.
-
-
-
Method Detail
-
testSignatureDirectReference
@Test @Disabled public void testSignatureDirectReference() throws Exception
Test signing a SOAP message using a BST. Revocation is not enabled and so the test should pass. TODO Re-enable once CRL issue fixed- Throws:
Exception
-
testSignatureDirectReferenceRevocation
@Test @Disabled public void testSignatureDirectReferenceRevocation() throws Exception
Test signing a SOAP message using a BST. Revocation is enabled and so the test should fail. TODO Re-enable once CRL issue fixed- Throws:
Exception
-
testSignatureDirectReferenceRevocationKeyStore
@Test @Disabled public void testSignatureDirectReferenceRevocationKeyStore() throws Exception
Test signing a SOAP message using a BST. Revocation is enabled and so the test should fail. The trust store that is used is the keystore that contains the revoked certificate. See WSS-341: https://issues.apache.org/jira/browse/WSS-341 TODO Re-enable once CRL issue fixed- Throws:
Exception
-
-