-
Notifications
You must be signed in to change notification settings - Fork 0
/
TestOCSP.java
68 lines (51 loc) · 2.31 KB
/
TestOCSP.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
import java.io.*;
import java.net.SocketException;
import java.util.*;
import java.security.Security;
import java.security.cert.*;
public class TestOCSP {
// generate certificate from cert strings
private static CertificateFactory cf;
private static Certificate makeCert(InputStream is) throws IOException, CertificateException {
return cf.generateCertificate(is);
}
private static Certificate makeCert(String path) throws IOException, CertificateException {
try(InputStream is = new FileInputStream(path)) {
return makeCert(is);
}
}
private static CertPath generateCertificatePath(Certificate trusted, Certificate issuer, Certificate target) throws CertificateException {
return cf.generateCertPath(Arrays.asList(target, trusted));
}
private static Set<TrustAnchor> generateTrustAnchors(Certificate trusted) {
// generate a trust anchor
TrustAnchor anchor =
new TrustAnchor((X509Certificate)trusted, null);
return Collections.singleton(anchor);
}
public static void main(String args[]) throws Exception {
cf = CertificateFactory.getInstance("X.509");
// if you work behind proxy, configure the proxy.
System.setProperty("http.proxyHost", "proxyhost");
System.setProperty("http.proxyPort", "proxyport");
Certificate trusted = makeCert(args[0]);
Certificate issuer = makeCert(args[1]);
Certificate target = makeCert(args[2]);
CertPath path = generateCertificatePath(trusted, issuer, target);
Set<TrustAnchor> anchors = generateTrustAnchors(trusted);
PKIXParameters params = new PKIXParameters(anchors);
// Activate certificate revocation checking
//params.setRevocationEnabled(true);
// Activate OCSP
//Security.setProperty("ocsp.enable", "true");
// Activate CRLDP
//System.setProperty("com.sun.security.enableCRLDP", "true");
// Ensure that the ocsp.responderURL property is not set.
if (Security.getProperty("ocsp.responderURL") != null) {
throw new
Exception("The ocsp.responderURL property must not be set");
}
CertPathValidator validator = CertPathValidator.getInstance("PKIX");
validator.validate(path, params);
}
}