Class SignatureCRLTest


  • public class SignatureCRLTest
    extends Object
    This is a test for Certificate Revocation List checking. A message is signed and sent to the receiver. If Certificate Revocation is enabled, then signature trust verification should fail as the message has been signed by the private key corresponding to a revoked signature. Generate the client keypair, make a csr, sign it with the CA key keytool -genkey -validity 3650 -alias wss40rev -keyalg RSA -keystore wss40rev.jks -dname "CN=Colm,OU=WSS4J,O=Apache,L=Dublin,ST=Leinster,C=IE" keytool -certreq -alias wss40rev -keystore wss40rev.jks -file wss40rev.cer openssl ca -config ca.config -policy policy_anything -days 3650 -out wss40rev.pem -infiles wss40rev.cer openssl x509 -outform DER -in wss40rev.pem -out wss40rev.crt Import the CA cert into wss40.jks and import the new signed certificate keytool -import -file wss40CA.crt -alias wss40CA -keystore wss40rev.jks keytool -import -file wss40rev.crt -alias wss40rev -keystore wss40rev.jks Generate a Revocation list openssl ca -gencrl -keyfile wss40CAKey.pem -cert wss40CA.pem -out wss40CACRL.pem -config ca.config -crldays 3650 openssl ca -revoke wss40rev.pem -keyfile wss40CAKey.pem -cert wss40CA.pem -config ca.config openssl ca -gencrl -keyfile wss40CAKey.pem -cert wss40CA.pem -out wss40CACRL.pem -config ca.config -crldays 3650
    • Method Detail

      • testSignatureDirectReference

        @Test
        @Disabled
        public void testSignatureDirectReference()
                                          throws Exception
        Test signing a SOAP message using a BST. Revocation is not enabled and so the test should pass. TODO Re-enable once CRL issue fixed
        Throws:
        Exception
      • testSignatureDirectReferenceRevocation

        @Test
        @Disabled
        public void testSignatureDirectReferenceRevocation()
                                                    throws Exception
        Test signing a SOAP message using a BST. Revocation is enabled and so the test should fail. TODO Re-enable once CRL issue fixed
        Throws:
        Exception
      • testSignatureDirectReferenceRevocationKeyStore

        @Test
        @Disabled
        public void testSignatureDirectReferenceRevocationKeyStore()
                                                            throws Exception
        Test signing a SOAP message using a BST. Revocation is enabled and so the test should fail. The trust store that is used is the keystore that contains the revoked certificate. See WSS-341: https://issues.apache.org/jira/browse/WSS-341 TODO Re-enable once CRL issue fixed
        Throws:
        Exception