001: /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
002: *
003: * Licensed under the Apache License, Version 2.0 (the "License");
004: * you may not use this file except in compliance with the License.
005: * You may obtain a copy of the License at
006: *
007: * http://www.apache.org/licenses/LICENSE-2.0
008: *
009: * Unless required by applicable law or agreed to in writing, software
010: * distributed under the License is distributed on an "AS IS" BASIS,
011: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
012: * See the License for the specific language governing permissions and
013: * limitations under the License.
014: */
015:
016: package org.acegisecurity.providers.x509;
017:
018: import java.io.ByteArrayInputStream;
019:
020: import java.security.cert.CertificateFactory;
021: import java.security.cert.X509Certificate;
022:
023: /**
024: * Certificate creation utility for use in X.509 tests.
025: *
026: * @author Luke Taylor
027: * @version $Id: X509TestUtils.java 1771 2006-11-29 01:40:14Z luke_t $
028: */
029: public class X509TestUtils {
030: //~ Methods ========================================================================================================
031:
032: /**
033: * Builds an X.509 certificate. In human-readable form it is:
034: * <pre>
035: * Certificate:
036: * Data:
037: * Version: 3 (0x2)
038: * Serial Number: 1 (0x1)
039: * Signature Algorithm: sha1WithRSAEncryption
040: * Issuer: CN=Monkey Machine CA, C=UK, ST=Scotland, L=Glasgow,
041: * O=monkeymachine.co.uk/emailAddress=ca@monkeymachine
042: * Validity
043: * Not Before: Mar 6 23:28:22 2005 GMT
044: * Not After : Mar 6 23:28:22 2006 GMT
045: * Subject: C=UK, ST=Scotland, L=Glasgow, O=Monkey Machine Ltd,
046: * OU=Open Source Development Lab., CN=Luke Taylor/emailAddress=luke@monkeymachine
047: * Subject Public Key Info:
048: * Public Key Algorithm: rsaEncryption
049: * RSA Public Key: (512 bit)
050: * [omitted]
051: * X509v3 extensions:
052: * X509v3 Basic Constraints:
053: * CA:FALSE
054: * Netscape Cert Type:
055: * SSL Client
056: * X509v3 Key Usage:
057: * Digital Signature, Non Repudiation, Key Encipherment
058: * X509v3 Subject Key Identifier:
059: * 6E:E6:5B:57:33:CF:0E:2F:15:C2:F4:DF:EC:14:BE:FB:CF:54:56:3C
060: * X509v3 Authority Key Identifier:
061: * keyid:AB:78:EC:AF:10:1B:8A:9B:1F:C7:B1:25:8F:16:28:F2:17:9A:AD:36
062: * DirName:/CN=Monkey Machine CA/C=UK/ST=Scotland/L=Glasgow/O=monkeymachine.co.uk/emailAddress=ca@monkeymachine
063: * serial:00
064: * Netscape CA Revocation Url:
065: * https://monkeymachine.co.uk/ca-crl.pem
066: * Signature Algorithm: sha1WithRSAEncryption
067: * [signature omitted]
068: * </pre>
069: */
070: public static X509Certificate buildTestCertificate()
071: throws Exception {
072: String cert = "-----BEGIN CERTIFICATE-----\n"
073: + "MIIEQTCCAymgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBkzEaMBgGA1UEAxMRTW9u\n"
074: + "a2V5IE1hY2hpbmUgQ0ExCzAJBgNVBAYTAlVLMREwDwYDVQQIEwhTY290bGFuZDEQ\n"
075: + "MA4GA1UEBxMHR2xhc2dvdzEcMBoGA1UEChMTbW9ua2V5bWFjaGluZS5jby51azEl\n"
076: + "MCMGCSqGSIb3DQEJARYWY2FAbW9ua2V5bWFjaGluZS5jby51azAeFw0wNTAzMDYy\n"
077: + "MzI4MjJaFw0wNjAzMDYyMzI4MjJaMIGvMQswCQYDVQQGEwJVSzERMA8GA1UECBMI\n"
078: + "U2NvdGxhbmQxEDAOBgNVBAcTB0dsYXNnb3cxGzAZBgNVBAoTEk1vbmtleSBNYWNo\n"
079: + "aW5lIEx0ZDElMCMGA1UECxMcT3BlbiBTb3VyY2UgRGV2ZWxvcG1lbnQgTGFiLjEU\n"
080: + "MBIGA1UEAxMLTHVrZSBUYXlsb3IxITAfBgkqhkiG9w0BCQEWEmx1a2VAbW9ua2V5\n"
081: + "bWFjaGluZTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDItxZr07mm65ttYH7RMaVo\n"
082: + "VeMCq4ptfn+GFFEk4+54OkDuh1CHlk87gEc1jx3ZpQPJRTJx31z3YkiAcP+RDzxr\n"
083: + "AgMBAAGjggFIMIIBRDAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIHgDALBgNV\n"
084: + "HQ8EBAMCBeAwHQYDVR0OBBYEFG7mW1czzw4vFcL03+wUvvvPVFY8MIHABgNVHSME\n"
085: + "gbgwgbWAFKt47K8QG4qbH8exJY8WKPIXmq02oYGZpIGWMIGTMRowGAYDVQQDExFN\n"
086: + "b25rZXkgTWFjaGluZSBDQTELMAkGA1UEBhMCVUsxETAPBgNVBAgTCFNjb3RsYW5k\n"
087: + "MRAwDgYDVQQHEwdHbGFzZ293MRwwGgYDVQQKExNtb25rZXltYWNoaW5lLmNvLnVr\n"
088: + "MSUwIwYJKoZIhvcNAQkBFhZjYUBtb25rZXltYWNoaW5lLmNvLnVrggEAMDUGCWCG\n"
089: + "SAGG+EIBBAQoFiZodHRwczovL21vbmtleW1hY2hpbmUuY28udWsvY2EtY3JsLnBl\n"
090: + "bTANBgkqhkiG9w0BAQUFAAOCAQEAZ961bEgm2rOq6QajRLeoljwXDnt0S9BGEWL4\n"
091: + "PMU2FXDog9aaPwfmZ5fwKaSebwH4HckTp11xwe/D9uBZJQ74Uf80UL9z2eo0GaSR\n"
092: + "nRB3QPZfRvop0I4oPvwViKt3puLsi9XSSJ1w9yswnIf89iONT7ZyssPg48Bojo8q\n"
093: + "lcKwXuDRBWciODK/xWhvQbaegGJ1BtXcEHtvNjrUJLwSMDSr+U5oUYdMohG0h1iJ\n"
094: + "R+JQc49I33o2cTc77wfEWLtVdXAyYY4GSJR6VfgvV40x85ItaNS3HHfT/aXU1x4m\n"
095: + "W9YQkWlA6t0blGlC+ghTOY1JbgWnEfXMmVgg9a9cWaYQ+NQwqA==\n"
096: + "-----END CERTIFICATE-----";
097:
098: ByteArrayInputStream in = new ByteArrayInputStream(cert
099: .getBytes());
100: CertificateFactory cf = CertificateFactory.getInstance("X.509");
101:
102: return (X509Certificate) cf.generateCertificate(in);
103: }
104:
105: public static X509AuthenticationToken createToken()
106: throws Exception {
107: return new X509AuthenticationToken(buildTestCertificate());
108: }
109: }
|