Package org.apache.wss4j.dom.message
Class SignatureCertTest
- java.lang.Object
-
- org.apache.wss4j.dom.message.SignatureCertTest
-
public class SignatureCertTest extends Object
This is a test for WSS-40. Essentially it just tests that a message is signed using a keyEntry from one keystore, and verified at the other end with a keystore with just the CA cert in it. http://issues.apache.org/jira/browse/WSS-40 Generate the CA keys/certs + export the CA cert to a keystore openssl req -x509 -newkey rsa:2048 -keyout wss40CAKey.pem -out wss40CA.pem -config ca.config -days 3650 openssl x509 -outform DER -in wss40CA.pem -out wss40CA.crt keytool -import -file wss40CA.crt -alias wss40CA -keystore wss40CA.jks Generate the client keypair, make a csr, sign it with the CA key keytool -genkey -validity 3650 -alias wss40 -keyalg RSA -keystore wss40.jks -dname "CN=Colm,OU=WSS4J,O=Apache,L=Dublin,ST=Leinster,C=IE" keytool -certreq -alias wss40 -keystore wss40.jks -file wss40.cer openssl ca -config ca.config -policy policy_anything -days 3650 -out wss40.pem -infiles wss40.cer openssl x509 -outform DER -in wss40.pem -out wss40.crt Import the CA cert into wss40.jks and import the new signed certificate keytool -import -file wss40CA.crt -alias wss40CA -keystore wss40.jks keytool -import -file wss40.crt -alias wss40 -keystore wss40.jks
-
-
Constructor Summary
Constructors Constructor Description SignatureCertTest()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
testExpiredCert()
void
testExpiredCertInKeystore()
void
testMultipleCertsWSHandler()
A test for "SignatureAction does not set DigestAlgorithm on WSSecSignature instance"void
testSignatureBadCACert()
Test signing a SOAP message using a BST.void
testSignatureDirectReference()
Test signing a SOAP message using a BST.void
testSignatureDirectReferenceCACert()
Test signing a SOAP message using a BST, sending the CA cert as well in the message.void
testSignatureIssuerSerial()
Test signing a SOAP message using Issuer Serial.
-
-
-
Method Detail
-
testSignatureDirectReference
@Test public void testSignatureDirectReference() throws Exception
Test signing a SOAP message using a BST.- Throws:
Exception
-
testSignatureDirectReferenceCACert
@Test public void testSignatureDirectReferenceCACert() throws Exception
Test signing a SOAP message using a BST, sending the CA cert as well in the message.- Throws:
Exception
-
testSignatureIssuerSerial
@Test public void testSignatureIssuerSerial() throws Exception
Test signing a SOAP message using Issuer Serial. Note that this should fail, as the trust-store does not contain the cert corresponding to wss40, only the CA cert wss40CA.- Throws:
Exception
-
testSignatureBadCACert
@Test public void testSignatureBadCACert() throws Exception
Test signing a SOAP message using a BST. The signature verification passes, but the trust verification will fail as the CA cert is out of date.- Throws:
Exception
-
testMultipleCertsWSHandler
@Test public void testMultipleCertsWSHandler() throws Exception
A test for "SignatureAction does not set DigestAlgorithm on WSSecSignature instance"- Throws:
Exception
-
-