[jsslutils commit] r62 - in trunk/jsslutils/src: main/java/org/jsslutils/sslcontext test/java/org/jsslutils/sslconte...
codesite...@google.com
Date: Wed Nov 26 06:47:18 2008
New Revision: 62
Added:
trunk/jsslutils/src/test/java/org/jsslutils/sslcontext/test/PKIXTestNoCrl.java
Modified:
trunk/jsslutils/src/main/java/org/jsslutils/sslcontext/PKIXSSLContextFactory.java
Log:
Disable CRL checks if CRL list is empty.
Modified:
trunk/jsslutils/src/main/java/org/jsslutils/sslcontext/PKIXSSLContextFactory.java
==============================================================================
---
trunk/jsslutils/src/main/java/org/jsslutils/sslcontext/PKIXSSLContextFactory.java
(original)
+++
trunk/jsslutils/src/main/java/org/jsslutils/sslcontext/PKIXSSLContextFactory.java
Wed Nov 26 06:47:18 2008
@@ -212,12 +212,17 @@
throws SSLContextFactoryException {
KeyStore trustStore = getTrustStore();
try {
- if ((trustStore != null) && (trustStore.size() > 0)) {
- PKIXParameters pkixParams = new PKIXBuilderParameters(
- getTrustStore(), new X509CertSelector());
+ if (trustStore != null) {
+ PKIXParameters pkixParams = new PKIXBuilderParameters(
+ getTrustStore(), null);
+ CertStore certStore = getCertStore();
+ if (certStore != null) {
pkixParams.setRevocationEnabled(this.enableRevocation);
pkixParams.addCertStore(getCertStore());
- return pkixParams;
+ } else {
+ pkixParams.setRevocationEnabled(false);
+ }
+ return pkixParams;
} else {
return null;
}
@@ -239,9 +244,15 @@
*/
protected CertStore getCertStore() throws SSLContextFactoryException {
try {
- CollectionCertStoreParameters collecCertStoreParams = new
CollectionCertStoreParameters(
- getCrlCollection());
- return CertStore.getInstance("Collection", collecCertStoreParams);
+ Collection<? extends CRL> crlCollection = getCrlCollection();
+ if ((crlCollection != null) && (crlCollection.size() > 0)) {
+ CollectionCertStoreParameters collecCertStoreParams = new
CollectionCertStoreParameters(
+ crlCollection);
+ return CertStore.getInstance("Collection",
+ collecCertStoreParams);
+ } else {
+ return null;
+ }
} catch (InvalidAlgorithmParameterException e) {
throw new SSLContextFactoryException(e);
} catch (NoSuchAlgorithmException e) {
Added:
trunk/jsslutils/src/test/java/org/jsslutils/sslcontext/test/PKIXTestNoCrl.java
==============================================================================
--- (empty file)
+++
trunk/jsslutils/src/test/java/org/jsslutils/sslcontext/test/PKIXTestNoCrl.java
Wed Nov 26 06:47:18 2008
@@ -0,0 +1,80 @@
+/*-----------------------------------------------------------------------
+
+ This file is part of the jSSLutils library.
+
+Copyright (c) 2008, The University of Manchester, United Kingdom.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+ * Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+ * Neither the name of the The University of Manchester nor the names of
+ its contributors may be used to endorse or promote products derived
+ from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+
+ Author........: Bruno Harbulot
+
+-----------------------------------------------------------------------*/
+
+package org.jsslutils.sslcontext.test;
+
+import static org.junit.Assert.assertTrue;
+
+import org.jsslutils.sslcontext.PKIXSSLContextFactory;
+import org.jsslutils.sslcontext.test.MiniSslClientServer;
+import org.junit.Test;
+
+/**
+ * Tests the SSLContext configured for PKIX with CRLs. It should accept the
+ * "good" certificate but reject the "bad" certificate because it has been
+ * revoked.
+ *
+ * @author Bruno Harbulot.
+ *
+ */
+public class PKIXTestNoCrl extends SimpleX509Test {
+ @Override
+ public boolean prepareSSLContextFactories() throws Exception {
+ PKIXSSLContextFactory clientSSLContextFactory = new
PKIXSSLContextFactory(
+ this.clientStore, MiniSslClientServer.KEYSTORE_PASSWORD,
+ getCaKeyStore());
+ this.clientSSLContextFactory = clientSSLContextFactory;
+ PKIXSSLContextFactory serverSSLContextFactory = new
PKIXSSLContextFactory(
+ getServerCertKeyStore(), MiniSslClientServer.KEYSTORE_PASSWORD,
+ getCaKeyStore());
+
+ this.serverSSLContextFactory = serverSSLContextFactory;
+ return true;
+ }
+
+ @Test
+ public void testGoodClient() throws Exception {
+ this.clientStore = getGoodClientCertKeyStore();
+ assertTrue("Loaded keystore", true);
+ assertTrue(runTest());
+ }
+
+ @Test
+ public void testBadClient() throws Exception {
+ this.clientStore = getBadClientCertKeyStore();
+ assertTrue("Loaded keystore", true);
+ assertTrue(runTest());
+ }
+}