From 98cb3975beacda6e65dc6acec6145ecc3d76bd51 Mon Sep 17 00:00:00 2001 From: thibaudav Date: Thu, 26 Oct 2023 10:44:07 +0200 Subject: [PATCH] feat: remove use of `sun.security.x509.*` to support Java 17 - Remove use of "sun.security.x509.*" and replace it with "org.bouncycastle.asn1". - Update policy with apim 3.20.22 dependencies - Fix Unit test on CRL validation - Adds integration tests (@GatewayTest) --- pom.xml | 86 ++-- .../io/gravitee/policy/jws/JWSPolicy.java | 50 ++- .../configuration/JWSPolicyConfiguration.java | 1 - .../gravitee/policy/jws/utils/JsonUtils.java | 1 - src/test/README.md | 1 + .../jws/ConfigurableStreamHandlerFactory.java | 38 ++ .../policy/jws/JWSPolicyIntegrationTest.java | 394 ++++++++++++++++++ .../io/gravitee/policy/jws/JWSPolicyTest.java | 55 ++- .../gravitee/policy/jws/URLStreamHandler.java | 36 ++ .../v3/jws-checkCertificateRevocation.json | 37 ++ src/test/resources/apis/v3/jws.json | 37 ++ .../policy/jws/cert-with-crl/README.md | 115 +++++ .../policy/jws/cert-with-crl/certs/01.pem | 36 ++ .../policy/jws/cert-with-crl/certs/02.pem | 37 ++ .../policy/jws/cert-with-crl/certs/03.pem | 37 ++ .../policy/jws/cert-with-crl/certs/cacert.pem | 35 ++ .../cert-with-crl/certs/server-expired.crt | 37 ++ .../cert-with-crl/certs/server-expired.csr | 27 ++ .../cert-with-crl/certs/server-revoked.crt | 37 ++ .../cert-with-crl/certs/server-revoked.csr | 27 ++ .../jws/cert-with-crl/certs/server-valid.crt | 36 ++ .../jws/cert-with-crl/certs/server-valid.csr | 27 ++ .../certs/server.SSH-pub-key.pub | 1 + .../policy/jws/cert-with-crl/certs/server.crt | 36 ++ .../policy/jws/cert-with-crl/certs/server.csr | 27 ++ .../jws/cert-with-crl/certs/server.key.pem | 52 +++ .../cert-with-crl/certs/server.x509-key.pub | 14 + .../policy/jws/cert-with-crl/crl/rootca.crl | 19 + .../policy/jws/cert-with-crl/crlnumber | 1 + .../policy/jws/cert-with-crl/crlnumber.old | 1 + .../policy/jws/cert-with-crl/ext_template.cnf | 8 + .../policy/jws/cert-with-crl/index.txt | 3 + .../policy/jws/cert-with-crl/index.txt.attr | 1 + .../jws/cert-with-crl/index.txt.attr.old | 1 + .../policy/jws/cert-with-crl/index.txt.old | 2 + .../policy/jws/cert-with-crl/openssl.cnf | 87 ++++ .../jws/cert-with-crl/private/cakey.pem | 52 +++ .../gravitee/policy/jws/cert-with-crl/serial | 1 + .../policy/jws/cert-with-crl/serial.old | 1 + .../gravitee/policy/jws/other-server.key.pem | 52 +++ .../io/gravitee/policy/jws/server-bad.crt | 22 + .../io/gravitee/policy/jws/wikipedia.pem | 52 --- src/test/resources/logback-test.xml | 39 ++ 43 files changed, 1525 insertions(+), 134 deletions(-) create mode 100644 src/test/README.md create mode 100644 src/test/java/io/gravitee/policy/jws/ConfigurableStreamHandlerFactory.java create mode 100644 src/test/java/io/gravitee/policy/jws/JWSPolicyIntegrationTest.java create mode 100644 src/test/java/io/gravitee/policy/jws/URLStreamHandler.java create mode 100644 src/test/resources/apis/v3/jws-checkCertificateRevocation.json create mode 100644 src/test/resources/apis/v3/jws.json create mode 100644 src/test/resources/io/gravitee/policy/jws/cert-with-crl/README.md create mode 100644 src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/01.pem create mode 100644 src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/02.pem create mode 100644 src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/03.pem create mode 100644 src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/cacert.pem create mode 100644 src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/server-expired.crt create mode 100644 src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/server-expired.csr create mode 100644 src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/server-revoked.crt create mode 100644 src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/server-revoked.csr create mode 100644 src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/server-valid.crt create mode 100644 src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/server-valid.csr create mode 100644 src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/server.SSH-pub-key.pub create mode 100644 src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/server.crt create mode 100644 src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/server.csr create mode 100644 src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/server.key.pem create mode 100644 src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/server.x509-key.pub create mode 100644 src/test/resources/io/gravitee/policy/jws/cert-with-crl/crl/rootca.crl create mode 100644 src/test/resources/io/gravitee/policy/jws/cert-with-crl/crlnumber create mode 100644 src/test/resources/io/gravitee/policy/jws/cert-with-crl/crlnumber.old create mode 100644 src/test/resources/io/gravitee/policy/jws/cert-with-crl/ext_template.cnf create mode 100644 src/test/resources/io/gravitee/policy/jws/cert-with-crl/index.txt create mode 100644 src/test/resources/io/gravitee/policy/jws/cert-with-crl/index.txt.attr create mode 100644 src/test/resources/io/gravitee/policy/jws/cert-with-crl/index.txt.attr.old create mode 100644 src/test/resources/io/gravitee/policy/jws/cert-with-crl/index.txt.old create mode 100644 src/test/resources/io/gravitee/policy/jws/cert-with-crl/openssl.cnf create mode 100644 src/test/resources/io/gravitee/policy/jws/cert-with-crl/private/cakey.pem create mode 100644 src/test/resources/io/gravitee/policy/jws/cert-with-crl/serial create mode 100644 src/test/resources/io/gravitee/policy/jws/cert-with-crl/serial.old create mode 100644 src/test/resources/io/gravitee/policy/jws/other-server.key.pem create mode 100644 src/test/resources/io/gravitee/policy/jws/server-bad.crt delete mode 100644 src/test/resources/io/gravitee/policy/jws/wikipedia.pem create mode 100644 src/test/resources/logback-test.xml diff --git a/pom.xml b/pom.xml index 5daacb5..0abb303 100644 --- a/pom.xml +++ b/pom.xml @@ -30,14 +30,15 @@ io.gravitee gravitee-parent - 17.2 + 20.4 - 3.5.0 - 1.23.0 - 1.10.0 - 1.19.0 + 2.9 + 3.20.21 + 2.0.1 + 1.11.0 + 2.3.0 0.9.1 1.1.0 @@ -47,6 +48,19 @@ graviteeio-apim/plugins/policies + + + + io.gravitee + gravitee-bom + ${gravitee-bom.version} + import + pom + + + + + @@ -71,9 +85,9 @@ - io.gravitee.gateway - gravitee-gateway-buffer - ${gravitee-gateway.version} + io.gravitee.apim.gateway + gravitee-apim-gateway-buffer + ${gravitee-apim.version} provided @@ -88,7 +102,6 @@ com.fasterxml.jackson.core jackson-databind - ${jackson.version} provided @@ -96,14 +109,12 @@ org.slf4j slf4j-api - ${slf4j.version} provided org.springframework spring-core - ${spring.version} provided @@ -117,14 +128,12 @@ junit junit - ${junit.version} test org.mockito mockito-core - ${mockito.version} test @@ -141,6 +150,32 @@ 1.4.0 test + + + io.gravitee.apim.gateway + gravitee-apim-gateway-tests-sdk + ${gravitee-apim.version} + test + + + + commons-collections + commons-collections + 3.2.2 + test + + + org.bouncycastle + bcprov-jdk15on + 1.70 + compile + + + org.apache.xmlbeans + xmlbeans + 3.1.0 + test + @@ -173,7 +208,6 @@ maven-assembly-plugin - ${maven-assembly-plugin.version} false @@ -193,33 +227,19 @@ org.apache.maven.plugins maven-surefire-plugin - - --add-opens java.base/sun.security.x509=ALL-UNNAMED - org.apache.maven.plugins maven-javadoc-plugin - - --add-exports=java.base/sun.security.x509=ALL-UNNAMED - + + + org.apache.maven.plugins + maven-compiler-plugin + 3.11.0 com.hubspot.maven.plugins prettier-maven-plugin - 0.17 - - 12.13.0 - 1.6.1 - - - - validate - - check - - - diff --git a/src/main/java/io/gravitee/policy/jws/JWSPolicy.java b/src/main/java/io/gravitee/policy/jws/JWSPolicy.java index 07b15e8..00da065 100644 --- a/src/main/java/io/gravitee/policy/jws/JWSPolicy.java +++ b/src/main/java/io/gravitee/policy/jws/JWSPolicy.java @@ -32,7 +32,6 @@ import io.jsonwebtoken.impl.DefaultClaims; import java.io.*; import java.math.BigInteger; -import java.net.URI; import java.net.URL; import java.net.URLConnection; import java.nio.charset.Charset; @@ -50,17 +49,20 @@ import java.util.regex.Matcher; import java.util.regex.Pattern; import javax.xml.bind.DatatypeConverter; +import org.bouncycastle.asn1.ASN1InputStream; +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.DERIA5String; +import org.bouncycastle.asn1.DEROctetString; +import org.bouncycastle.asn1.x509.*; +import org.bouncycastle.asn1.x509.Extension; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.core.env.Environment; -import sun.security.x509.*; /** - * @author Titouan COMPIEGNE (titouan.compiegne at graviteesource.com) * @author GraviteeSource Team */ public class JWSPolicy { - private static final Logger LOGGER = LoggerFactory.getLogger(JWSPolicy.class); private static final String DEFAULT_KID = "default"; private static final String PUBLIC_KEY_PROPERTY = "policy.jws.kid.%s"; @@ -123,7 +125,7 @@ Function map(ExecutionContext executionContext, PolicyChain poli | IllegalArgumentException | CertificateException ex ) { - LOGGER.error("Failed to decoding JWS token", ex); + LOGGER.error("Unable to decode JWS token. {}", ex.getMessage(), ex); policyChain.streamFailWith(PolicyResult.failure(HttpStatusCode.UNAUTHORIZED_401, "Unauthorized")); return null; } catch (Exception ex) { @@ -206,6 +208,7 @@ private DefaultClaims validateJsonWebToken(String jwt, ExecutionContext executio */ private SigningKeyResolver getSigningKeyResolverByGatewaySettings(ExecutionContext executionContext) { return new SigningKeyResolverAdapter() { + @Override public Key resolveSigningKey(JwsHeader header, Claims claims) { String keyId = header.getKeyId(); //or any other field that you need to inspect @@ -239,29 +242,44 @@ public Key resolveSigningKey(JwsHeader header, Claims claims) { public void validateCRLSFromCertificate(X509Certificate certificate, BigInteger serialNumber) throws CertificateException { X509CRLEntry revokedCertificate = null; X509CRL crl; - X509CertImpl x509Cert = (X509CertImpl) certificate; - CRLDistributionPointsExtension crlDistroExtension = x509Cert.getCRLDistributionPointsExtension(); - if (crlDistroExtension != null) { + byte[] crlDistributionPointDerEncodedArray = certificate.getExtensionValue(Extension.cRLDistributionPoints.getId()); + + if (crlDistributionPointDerEncodedArray != null) { try { - ArrayList distributionPoints = (ArrayList) crlDistroExtension.get( - CRLDistributionPointsExtension.POINTS - ); - Iterator iterator = distributionPoints.iterator(); + ASN1InputStream oAsnInStream = new ASN1InputStream(new ByteArrayInputStream(crlDistributionPointDerEncodedArray)); + ASN1Primitive derObjCrlDP = oAsnInStream.readObject(); + DEROctetString dosCrlDP = (DEROctetString) derObjCrlDP; + + oAsnInStream.close(); + + byte[] crldpExtOctets = dosCrlDP.getOctets(); + ASN1InputStream oAsnInStream2 = new ASN1InputStream(new ByteArrayInputStream(crldpExtOctets)); + ASN1Primitive derObj2 = oAsnInStream2.readObject(); + CRLDistPoint distPoint = CRLDistPoint.getInstance(derObj2); + + oAsnInStream2.close(); + + Iterator iterator = Arrays.stream(distPoint.getDistributionPoints()).iterator(); boolean hasError = false; while (iterator.hasNext()) { if (revokedCertificate != null) { break; } - GeneralNames distroName = iterator.next().getFullName(); - for (int i = 0; i < distroName.size(); ++i) { + DistributionPointName dpn = iterator.next().getDistributionPoint(); + if (dpn.getType() != DistributionPointName.FULL_NAME) { + // Look for only URIs in fullName + continue; + } + + for (GeneralName genName : GeneralNames.getInstance(dpn.getName()).getNames()) { hasError = false; if (revokedCertificate != null) { break; } DataInputStream inStream = null; try { - URI uri = ((URIName) distroName.get(i).getName()).getURI(); - URL url = new URL(uri.toString()); + String urlString = DERIA5String.getInstance(genName.getName()).getString(); + URL url = new URL(urlString); URLConnection connection = url.openConnection(); inStream = new DataInputStream(connection.getInputStream()); crl = (X509CRL) certificateFactory().generateCRL(inStream); diff --git a/src/main/java/io/gravitee/policy/jws/configuration/JWSPolicyConfiguration.java b/src/main/java/io/gravitee/policy/jws/configuration/JWSPolicyConfiguration.java index 5932ad7..38be2d6 100644 --- a/src/main/java/io/gravitee/policy/jws/configuration/JWSPolicyConfiguration.java +++ b/src/main/java/io/gravitee/policy/jws/configuration/JWSPolicyConfiguration.java @@ -22,7 +22,6 @@ * @author GraviteeSource Team */ public class JWSPolicyConfiguration implements PolicyConfiguration { - private boolean checkCertificateValidity = false; private boolean checkCertificateRevocation = false; diff --git a/src/main/java/io/gravitee/policy/jws/utils/JsonUtils.java b/src/main/java/io/gravitee/policy/jws/utils/JsonUtils.java index eab4051..f4522ab 100644 --- a/src/main/java/io/gravitee/policy/jws/utils/JsonUtils.java +++ b/src/main/java/io/gravitee/policy/jws/utils/JsonUtils.java @@ -23,7 +23,6 @@ * @author GraviteeSource Team */ public class JsonUtils { - private static final ObjectMapper mapper = new ObjectMapper(); public static String writeValueAsString(Object value) { diff --git a/src/test/README.md b/src/test/README.md new file mode 100644 index 0000000..cdfede5 --- /dev/null +++ b/src/test/README.md @@ -0,0 +1 @@ +Tests rely on generated keys and certificates, to regenerate them, please refer to the [dedicated documentation](./resources/io/gravitee/policy/jws/cert-with-crl/README.md). \ No newline at end of file diff --git a/src/test/java/io/gravitee/policy/jws/ConfigurableStreamHandlerFactory.java b/src/test/java/io/gravitee/policy/jws/ConfigurableStreamHandlerFactory.java new file mode 100644 index 0000000..3e53a39 --- /dev/null +++ b/src/test/java/io/gravitee/policy/jws/ConfigurableStreamHandlerFactory.java @@ -0,0 +1,38 @@ +/** + * Copyright (C) 2015 The Gravitee team (http://gravitee.io) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.gravitee.policy.jws; + +import java.net.URLStreamHandler; +import java.net.URLStreamHandlerFactory; +import java.util.HashMap; +import java.util.Map; + +class ConfigurableStreamHandlerFactory implements URLStreamHandlerFactory { + private final Map protocolHandlers; + + public ConfigurableStreamHandlerFactory(String protocol, URLStreamHandler urlHandler) { + protocolHandlers = new HashMap(); + addHandler(protocol, urlHandler); + } + + public void addHandler(String protocol, URLStreamHandler urlHandler) { + protocolHandlers.put(protocol, urlHandler); + } + + public URLStreamHandler createURLStreamHandler(String protocol) { + return protocolHandlers.get(protocol); + } +} diff --git a/src/test/java/io/gravitee/policy/jws/JWSPolicyIntegrationTest.java b/src/test/java/io/gravitee/policy/jws/JWSPolicyIntegrationTest.java new file mode 100644 index 0000000..9c8b294 --- /dev/null +++ b/src/test/java/io/gravitee/policy/jws/JWSPolicyIntegrationTest.java @@ -0,0 +1,394 @@ +/** + * Copyright (C) 2015 The Gravitee team (http://gravitee.io) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.gravitee.policy.jws; + +import static com.github.tomakehurst.wiremock.client.WireMock.*; +import static io.vertx.core.http.HttpMethod.POST; +import static org.assertj.core.api.Assertions.assertThat; + +import ch.qos.logback.classic.Level; +import ch.qos.logback.classic.Logger; +import ch.qos.logback.classic.spi.ILoggingEvent; +import ch.qos.logback.core.read.ListAppender; +import io.gravitee.apim.gateway.tests.sdk.AbstractPolicyTest; +import io.gravitee.apim.gateway.tests.sdk.annotations.DeployApi; +import io.gravitee.apim.gateway.tests.sdk.annotations.GatewayTest; +import io.gravitee.apim.gateway.tests.sdk.configuration.GatewayConfigurationBuilder; +import io.gravitee.definition.model.Api; +import io.gravitee.definition.model.ExecutionMode; +import io.gravitee.policy.jws.configuration.JWSPolicyConfiguration; +import io.jsonwebtoken.JwtBuilder; +import io.jsonwebtoken.Jwts; +import io.jsonwebtoken.SignatureAlgorithm; +import io.vertx.rxjava3.core.buffer.Buffer; +import io.vertx.rxjava3.core.http.HttpClient; +import java.io.*; +import java.net.URL; +import java.nio.charset.StandardCharsets; +import java.security.KeyFactory; +import java.security.PrivateKey; +import java.security.cert.Certificate; +import java.security.cert.CertificateFactory; +import java.security.spec.PKCS8EncodedKeySpec; +import java.util.*; +import java.util.concurrent.TimeUnit; +import org.bouncycastle.util.io.pem.PemReader; +import org.junit.jupiter.api.BeforeAll; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.slf4j.LoggerFactory; + +@GatewayTest +@DeployApi({ "/apis/v3/jws.json", "/apis/v3/jws-checkCertificateRevocation.json" }) +public class JWSPolicyIntegrationTest extends AbstractPolicyTest { + private static final String KID = "MAIN"; + + private ListAppender listAppender; + + @Override + protected void configureGateway(GatewayConfigurationBuilder gatewayConfigurationBuilder) { + super.configureGateway(gatewayConfigurationBuilder); + gatewayConfigurationBuilder.set("api.jupiterMode.enabled", "true"); + gatewayConfigurationBuilder.set( + "policy.jws.kid." + KID, + loadResource("/io/gravitee/policy/jws/cert-with-crl/certs/server.SSH-pub-key.pub").replaceAll("\n", "") + " test@test.com" + ); + } + + @Override + public void configureApi(Api api) { + api.setExecutionMode(ExecutionMode.JUPITER); + } + + @BeforeAll + static void setup() { + // enable classpath URL + ConfigurableStreamHandlerFactory configurableStreamHandlerFactory = new ConfigurableStreamHandlerFactory( + "classpath", + new URLStreamHandler() + ); + URL.setURLStreamHandlerFactory(configurableStreamHandlerFactory); + } + + @BeforeEach + public void beforeEach() { + // get Logback Logger + Logger logger = (Logger) LoggerFactory.getLogger(JWSPolicy.class); + + // create and start a ListAppender + listAppender = new ListAppender<>(); + listAppender.start(); + + // add the appender to the logger + // addAppender is outdated now + logger.addAppender(listAppender); + } + + @Test + void should_unauthorized_malformed_JWS(HttpClient client) throws Exception { + client + .rxRequest(POST, "/test") + .flatMap(request -> request.rxSend(Buffer.buffer("malformedJWS"))) + .flatMapPublisher( + response -> { + assertThat(response.statusCode()).isEqualTo(401); + return response.body().toFlowable(); + } + ) + .test() + .awaitDone(30, TimeUnit.SECONDS) + .assertComplete() + .assertValue( + body -> { + assertThat(body).hasToString("Unauthorized"); + + final List logList = listAppender.list; + assertThat(logList) + .hasSize(1) + .element(0) + .extracting(ILoggingEvent::getFormattedMessage, ILoggingEvent::getLevel) + .containsExactly( + "Unable to decode JWS token. JWT strings must contain exactly 2 period characters. Found: 0", + Level.ERROR + ); + + return true; + } + ) + .assertNoErrors(); + } + + @Test + void should_unauthorized_invalid_JWT_with_different_public_key(HttpClient client) throws Exception { + wiremock.stubFor(post("/endpoint").willReturn(ok("Response from backend"))); + + String input = getJsonWebToken( + "/io/gravitee/policy/jws/server-bad.crt", + "/io/gravitee/policy/jws/cert-with-crl/certs/server.key.pem" + ); + client + .rxRequest(POST, "/test") + .flatMap(request -> request.rxSend(Buffer.buffer(input))) + .flatMapPublisher( + response -> { + assertThat(response.statusCode()).isEqualTo(401); + return response.body().toFlowable(); + } + ) + .test() + .awaitDone(30, TimeUnit.SECONDS) + .assertComplete() + .assertValue( + body -> { + assertThat(body).hasToString("Unauthorized"); + + final List logList = listAppender.list; + assertThat(logList) + .hasSize(1) + .element(0) + .extracting(ILoggingEvent::getFormattedMessage, ILoggingEvent::getLevel) + .containsExactly( + "Unable to decode JWS token. Certificate public key modulus is different compare to the given public key modulus", + Level.ERROR + ); + + return true; + } + ) + .assertNoErrors(); + } + + @Test + void should_unauthorized_invalid_JWT_with_different_signature(HttpClient client) throws Exception { + wiremock.stubFor(post("/endpoint").willReturn(ok("Response from backend"))); + + String input = getJsonWebToken( + "/io/gravitee/policy/jws/cert-with-crl/certs/server-valid.crt", + "/io/gravitee/policy/jws/other-server.key.pem" + ); + client + .rxRequest(POST, "/test") + .flatMap(request -> request.rxSend(Buffer.buffer(input))) + .flatMapPublisher( + response -> { + assertThat(response.statusCode()).isEqualTo(401); + return response.body().toFlowable(); + } + ) + .test() + .awaitDone(30, TimeUnit.SECONDS) + .assertComplete() + .assertValue( + body -> { + assertThat(body).hasToString("Unauthorized"); + + final List logList = listAppender.list; + assertThat(logList) + .hasSize(1) + .element(0) + .extracting(ILoggingEvent::getFormattedMessage, ILoggingEvent::getLevel) + .containsExactly( + "Unable to decode JWS token. JWT signature does not match locally computed signature. JWT validity cannot be asserted and should not be trusted.", + Level.ERROR + ); + + return true; + } + ) + .assertNoErrors(); + } + + @Test + void should_validate_JWS(HttpClient client) throws Exception { + wiremock.stubFor(post("/endpoint").willReturn(ok("Response from backend"))); + + String input = getJsonWebToken( + // revoked or valid works because we don't check certificate revocation with policy checkCertificateRevocation option + "/io/gravitee/policy/jws/cert-with-crl/certs/server-revoked.crt", + "/io/gravitee/policy/jws/cert-with-crl/certs/server.key.pem" + ); + + client + .rxRequest(POST, "/test") + .flatMap(request -> request.rxSend(Buffer.buffer(input))) + .flatMapPublisher( + response -> { + assertThat(response.statusCode()).isEqualTo(200); + return response.body().toFlowable(); + } + ) + .test() + .awaitDone(30, TimeUnit.SECONDS) + .assertComplete() + .assertValue( + body -> { + assertThat(body).hasToString("Response from backend"); + return true; + } + ) + .assertNoErrors(); + } + + @Test + void should_unauthorized_expired_certificate(HttpClient client) throws Exception { + String input = getJsonWebToken( + "/io/gravitee/policy/jws/cert-with-crl/certs/server-expired.crt", + "/io/gravitee/policy/jws/cert-with-crl/certs/server.key.pem" + ); + + client + .rxRequest(POST, "/test") + .flatMap(request -> request.rxSend(Buffer.buffer(input))) + .flatMapPublisher( + response -> { + assertThat(response.statusCode()).isEqualTo(401); + return response.body().toFlowable(); + } + ) + .test() + .awaitDone(30, TimeUnit.SECONDS) + .assertComplete() + .assertValue( + body -> { + assertThat(body).hasToString("Unauthorized"); + + final List logList = listAppender.list; + assertThat(logList) + .hasSize(1) + .element(0) + .extracting(ILoggingEvent::getFormattedMessage, ILoggingEvent::getLevel) + // Note: Depending on the timezone, the date can be different + .anyMatch(l -> ((String) l).matches("Unable to decode JWS token. NotAfter: Fri Jan 01 .*")) + .contains(Level.ERROR); + return true; + } + ) + .assertNoErrors(); + } + + @Test + void should_validate_JWS_with_check_certificate_revocation(HttpClient client) throws Exception { + wiremock.stubFor(post("/endpoint").willReturn(ok("Response from backend"))); + + String input = getJsonWebToken( + "/io/gravitee/policy/jws/cert-with-crl/certs/server-valid.crt", + "/io/gravitee/policy/jws/cert-with-crl/certs/server.key.pem" + ); + + client + .rxRequest(POST, "/test-checkCertificateRevocation") + .flatMap(request -> request.rxSend(Buffer.buffer(input))) + .flatMapPublisher( + response -> { + assertThat(response.statusCode()).isEqualTo(200); + return response.body().toFlowable(); + } + ) + .test() + .awaitDone(30, TimeUnit.SECONDS) + .assertComplete() + .assertValue( + body -> { + assertThat(body).hasToString("Response from backend"); + return true; + } + ) + .assertNoErrors(); + } + + @Test + void should_unauthorized_JWS_with_revoked_certificate(HttpClient client) throws Exception { + String input = getJsonWebToken( + "/io/gravitee/policy/jws/cert-with-crl/certs/server-revoked.crt", + "/io/gravitee/policy/jws/cert-with-crl/certs/server.key.pem" + ); + + client + .rxRequest(POST, "/test-checkCertificateRevocation") + .flatMap(request -> request.rxSend(Buffer.buffer(input))) + .flatMapPublisher( + response -> { + assertThat(response.statusCode()).isEqualTo(401); + return response.body().toFlowable(); + } + ) + .test() + .awaitDone(30, TimeUnit.SECONDS) + .assertComplete() + .assertValue( + body -> { + assertThat(body).hasToString("Unauthorized"); + + final List logList = listAppender.list; + assertThat(logList) + .hasSize(1) + .element(0) + .extracting(ILoggingEvent::getFormattedMessage, ILoggingEvent::getLevel) + .containsExactly("Unable to decode JWS token. Certificate has been revoked", Level.ERROR); + + return true; + } + ) + .assertNoErrors(); + } + + private String loadResource(String resource) { + try (InputStream is = this.getClass().getResourceAsStream(resource)) { + return new String(Objects.requireNonNull(is).readAllBytes(), StandardCharsets.UTF_8); + } catch (Exception e) { + return ""; + } + } + + /** + * Return Json Web Token string value. + * @return String + * @throws Exception + */ + private String getJsonWebToken(String publicKeyCrtFile, String privateKeyPemFile) throws Exception { + Map header = new HashMap(); + header.put("alg", "RS256"); + header.put("kid", KID); + header.put("x5c", getPublicKeyCertificateX5CCRTFormat(publicKeyCrtFile)); + + JwtBuilder jwtBuilder = Jwts.builder(); + jwtBuilder.setHeader(header); + String payload = loadResource("/io/gravitee/policy/jws/expected-jws-payload.json"); + jwtBuilder.setPayload(payload); + + jwtBuilder.signWith(SignatureAlgorithm.RS256, getPrivateKeyFromPEMFile(privateKeyPemFile)); + return jwtBuilder.compact(); + } + + private String[] getPublicKeyCertificateX5CCRTFormat(String publicKeyCrtFile) throws Exception { + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + Certificate cert = cf.generateCertificate(this.getClass().getResourceAsStream(publicKeyCrtFile)); + + String x5c = Base64.getEncoder().encodeToString(cert.getEncoded()); + return new String[] { x5c }; + } + + private PrivateKey getPrivateKeyFromPEMFile(String privateKeyPemFile) throws Exception { + File file = new File(this.getClass().getResource(privateKeyPemFile).toURI()); + FileReader keyReader = new FileReader(file); + PemReader pemReader = new PemReader(keyReader); + + PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(pemReader.readPemObject().getContent()); + KeyFactory kf = KeyFactory.getInstance("RSA"); + + return kf.generatePrivate(spec); + } +} diff --git a/src/test/java/io/gravitee/policy/jws/JWSPolicyTest.java b/src/test/java/io/gravitee/policy/jws/JWSPolicyTest.java index 6600481..0ef8956 100644 --- a/src/test/java/io/gravitee/policy/jws/JWSPolicyTest.java +++ b/src/test/java/io/gravitee/policy/jws/JWSPolicyTest.java @@ -28,13 +28,13 @@ import io.jsonwebtoken.SignatureAlgorithm; import java.io.*; import java.math.BigInteger; +import java.net.URL; import java.nio.charset.Charset; import java.nio.charset.StandardCharsets; import java.nio.file.Files; import java.nio.file.Paths; import java.security.*; import java.security.cert.CertificateException; -import java.security.cert.CertificateExpiredException; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.security.interfaces.RSAPrivateCrtKey; @@ -44,11 +44,9 @@ import java.util.Base64; import java.util.HashMap; import java.util.Map; +import java.util.Objects; import org.apache.commons.io.IOUtils; -import org.junit.Assert; -import org.junit.Before; -import org.junit.Ignore; -import org.junit.Test; +import org.junit.*; import org.junit.runner.RunWith; import org.mockito.Mock; import org.mockito.MockitoAnnotations; @@ -91,7 +89,6 @@ */ @RunWith(MockitoJUnitRunner.class) public class JWSPolicyTest { - private static final String KID = "MAIN"; private static final String PUBLIC_KEY_PROPERTY = "policy.jws.kid.%s"; @@ -109,6 +106,15 @@ public class JWSPolicyTest { @Mock private JWSPolicyConfiguration configuration; + @BeforeClass + public static void setup() { + ConfigurableStreamHandlerFactory configurableStreamHandlerFactory = new ConfigurableStreamHandlerFactory( + "classpath", + new URLStreamHandler() + ); + URL.setURLStreamHandlerFactory(configurableStreamHandlerFactory); + } + @Before public void init() { MockitoAnnotations.initMocks(this); @@ -147,7 +153,7 @@ public void shouldTransformInput_validX5CHeader_wrongSignature() throws Exceptio String input = getJsonWebToken("public_key.der", false, null); when(executionContext.getComponent(Environment.class)).thenReturn(environment); - when(environment.getProperty(String.format(PUBLIC_KEY_PROPERTY, KID))).thenReturn(getPemFilePath("full-server.pem")); + when(environment.getProperty(String.format(PUBLIC_KEY_PROPERTY, KID))).thenReturn(getAbsoluteFilePath("full-server.pem")); // Prepare context Buffer ret = jwsPolicy.map(executionContext, policyChain).apply(Buffer.buffer(input)); @@ -231,8 +237,7 @@ public void shouldTransformInput__correctJOSEHeaders() throws Exception { @Test public void shouldValidateCRL() throws Exception { CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); - String pemPath = getPemFilePath("wikipedia.pem"); - String fileContent = new String(Files.readAllBytes(Paths.get(pemPath)), Charset.forName(StandardCharsets.UTF_8.name())); + String fileContent = getFileContent("cert-with-crl/certs/server-valid.crt"); X509Certificate cert = (X509Certificate) certificateFactory.generateCertificate( new ByteArrayInputStream(fileContent.getBytes(StandardCharsets.UTF_8)) ); @@ -240,30 +245,13 @@ public void shouldValidateCRL() throws Exception { } @Test - @Ignore public void shouldValidateCRL_certificateException() throws Exception { CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); - String pemPath = getPemFilePath("revoked.pem"); - String fileContent = new String(Files.readAllBytes(Paths.get(pemPath)), Charset.forName(StandardCharsets.UTF_8.name())); + + String fileContent = getFileContent("cert-with-crl/certs/server-revoked.crt"); X509Certificate cert = (X509Certificate) certificateFactory.generateCertificate( new ByteArrayInputStream(fileContent.getBytes(StandardCharsets.UTF_8)) ); - /* - * WARNING: - * this test is based on a fake certificate from https://badssl.com/. (See also https://github.com/chromium/badssl.com) - * As this certificate will expire, it will need to be regenerated. Here is how to do it: - * - go to src/test/resources/io/gravitee/policy/jws - * - run the following command: - * echo | openssl s_client -connect revoked.badssl.com:443 | openssl x509 > revoked.pem - */ - try { - cert.checkValidity(); - } catch (CertificateExpiredException e) { - Assert.assertFalse( - "Certificate has expired. Consider generating a new one with the command:\n\techo | openssl s_client -connect revoked.badssl.com:443 | openssl x509 > revoked.pem", - true - ); - } try { jwsPolicy.validateCRLSFromCertificate(cert, null); @@ -280,7 +268,7 @@ private void shouldTransformInput_validX5CHeader_withPemFile(String pemFile) thr when(executionContext.getComponent(Environment.class)).thenReturn(environment); when(configuration.isCheckCertificateValidity()).thenReturn(true); when(configuration.isCheckCertificateRevocation()).thenReturn(false); - when(environment.getProperty(String.format(PUBLIC_KEY_PROPERTY, KID))).thenReturn(getPemFilePath(pemFile)); + when(environment.getProperty(String.format(PUBLIC_KEY_PROPERTY, KID))).thenReturn(getAbsoluteFilePath(pemFile)); // Prepare context Buffer ret = jwsPolicy.map(executionContext, policyChain).apply(Buffer.buffer(input)); @@ -370,11 +358,16 @@ private String[] getPublicKeyCertificateX5CDERFormat(String publicKeyDerFile) th return new String[] { x5c }; } - private String getPemFilePath(String pemFile) throws Exception { - File file = new File(this.getClass().getResource(pemFile).toURI()); + private String getAbsoluteFilePath(String filePath) throws Exception { + File file = new File(Objects.requireNonNull(this.getClass().getResource(filePath)).toURI()); return file.getAbsolutePath(); } + private String getFileContent(String filePath) throws Exception { + File file = new File(Objects.requireNonNull(this.getClass().getResource(filePath)).toURI()); + return Files.readString(Paths.get(file.getAbsolutePath()), StandardCharsets.UTF_8); + } + /** * Get KeyPair from jks file * diff --git a/src/test/java/io/gravitee/policy/jws/URLStreamHandler.java b/src/test/java/io/gravitee/policy/jws/URLStreamHandler.java new file mode 100644 index 0000000..5611cf6 --- /dev/null +++ b/src/test/java/io/gravitee/policy/jws/URLStreamHandler.java @@ -0,0 +1,36 @@ +/** + * Copyright (C) 2015 The Gravitee team (http://gravitee.io) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.gravitee.policy.jws; + +import java.io.IOException; +import java.net.URL; +import java.net.URLConnection; + +/** A {@link java.net.URLStreamHandler} that handles resources on the classpath. */ +public class URLStreamHandler extends java.net.URLStreamHandler { + /** The classloader to find resources from. */ + private final ClassLoader classLoader; + + public URLStreamHandler() { + this.classLoader = getClass().getClassLoader(); + } + + @Override + protected URLConnection openConnection(URL u) throws IOException { + final URL resourceUrl = classLoader.getResource(u.getPath()); + return resourceUrl.openConnection(); + } +} diff --git a/src/test/resources/apis/v3/jws-checkCertificateRevocation.json b/src/test/resources/apis/v3/jws-checkCertificateRevocation.json new file mode 100644 index 0000000..088fce2 --- /dev/null +++ b/src/test/resources/apis/v3/jws-checkCertificateRevocation.json @@ -0,0 +1,37 @@ +{ + "id": "my-api-checkCertificateRevocation", + "name": "my-api-checkCertificateRevocation", + "gravitee": "2.0.0", + "proxy": { + "context_path": "/test-checkCertificateRevocation", + "endpoints": [ + { + "name": "default", + "target": "http://localhost:8080/endpoint", + "http": { + "connectTimeout": 3000, + "readTimeout": 60000 + } + } + ] + }, + "flows": [ + { + "name": "flow-1", + "methods": [], + "enabled": true, + "path-operator": { + "path": "/", + "operator": "STARTS_WITH" + }, + "pre" : [ { + "name" : "JSON Web Signature", + "description" : "", + "enabled" : true, + "policy" : "jws", + "configuration" : {"checkCertificateValidity":true,"checkCertificateRevocation":true} + } ], + "post": [] + } + ] +} \ No newline at end of file diff --git a/src/test/resources/apis/v3/jws.json b/src/test/resources/apis/v3/jws.json new file mode 100644 index 0000000..3525ea2 --- /dev/null +++ b/src/test/resources/apis/v3/jws.json @@ -0,0 +1,37 @@ +{ + "id": "my-api", + "name": "my-api", + "gravitee": "2.0.0", + "proxy": { + "context_path": "/test", + "endpoints": [ + { + "name": "default", + "target": "http://localhost:8080/endpoint", + "http": { + "connectTimeout": 3000, + "readTimeout": 60000 + } + } + ] + }, + "flows": [ + { + "name": "flow-1", + "methods": [], + "enabled": true, + "path-operator": { + "path": "/", + "operator": "STARTS_WITH" + }, + "pre" : [ { + "name" : "JSON Web Signature", + "description" : "", + "enabled" : true, + "policy" : "jws", + "configuration" : {"checkCertificateValidity":true,"checkCertificateRevocation":false} + } ], + "post": [] + } + ] +} \ No newline at end of file diff --git a/src/test/resources/io/gravitee/policy/jws/cert-with-crl/README.md b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/README.md new file mode 100644 index 0000000..dfd6abc --- /dev/null +++ b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/README.md @@ -0,0 +1,115 @@ +This folder contains certificate-related files needed only for testing purposes. +Certificates are valid for 20 years. + +The following blog post was used this to generate the certificates and CRL: +https://www.golinuxcloud.com/revoke-certificate-generate-crl-openssl/#Step-1_Revoke_certificate_using_OpenSSL + +Step-by-step guide to generate the certificates and CRL: + +### Prepare the folder structure and files +```bash +# Init test-crl +mkdir cert-with-crl && cd cert-with-crl +mkdir certs private crl +touch index.txt serial +touch crlnumber +echo 01 > serial +echo 1000 > crlnumber +``` +- Add committed oppenssl.cnf in test-crl folder. +- Add committed ext_template.cnf in test-crl folder. +- Check the `crlDistributionPoints` config in `ext_template.cnf` & `openssl.cnf`. +And adapt it to target the right URL (classpath for testing) that will be used by the policy to download the CRL. +In our example, the CRL will be available at `classpath:io/gravitee/policy/jws/cert-with-crl/crl/rootca.crl`. + + +### Generate root CA private key and certificate +```bash +# Generates a new private RSA key with a length of 4096 bits. +openssl genrsa -out private/cakey.pem 4096 + +# Creates a new self-signed X.509 certificate that will be valid for the next 7300 days (or roughly 20 years). +openssl req -new -x509 -days 7300 -config openssl.cnf -key private/cakey.pem -out certs/cacert.pem +# Only fill the Common Name (e.g. server FQDN or YOUR name) []:RootCA + +# Print the details of the previously created certificate +openssl x509 -noout -text -in certs/cacert.pem +``` + +### Generate server private key and Certificate Signing Request (CSR) +```bash +# Generates a new private RSA key with a length of 4096 bits. +openssl genrsa -out certs/server.key.pem 4096 + +# Generates a CSR (Certificate Signing Request) using the private generated previously. This CSR can then be sent to a Certificate Authority (CA), who will issue an SSL certificate for your server. The CA uses the information in the CSR (including the public key) to create the SSL certificate. +openssl req -new -key certs/server.key.pem -out certs/server.csr +# Only fill the Common Name (e.g. server FQDN or YOUR name) []:server + +# Takes the CSR and signs it using the CA setup specified in the main configuration file (openssl.cnf), while overriding or adding configuration with an extension file (ext_template.cnf), creating a certificate (certs/server.crt) +openssl ca -config openssl.cnf -notext -batch -in certs/server.csr -out certs/server.crt -extfile ext_template.cnf + +# Extracts the public key contained in the certs/server.crt and outputs it to a file +openssl x509 -pubkey -in certs/server.crt -noout > certs/server.x509-key.pub + +# Convert the public key to an OpenSSH public key +ssh-keygen -i -m pkcs8 -f certs/server.x509-key.pub > certs/server.SSH-pub-key.pub +# Used to configure the policy (policy.jws.kid.*) into gravitee.yml file + +# Generates CSRs as on line L46 +openssl req -new -key certs/server.key.pem -out certs/server-valid.csr +# Only fill the Common Name (e.g. server FQDN or YOUR name) []:server-valid +openssl req -new -key certs/server.key.pem -out certs/server-revoked.csr +# Only fill the Common Name (e.g. server FQDN or YOUR name) []:server-revoked +openssl req -new -key certs/server.key.pem -out certs/server-expired.csr +# Only fill the Common Name (e.g. server FQDN or YOUR name) []:server-expired + + +# Generate and sign the server certificate using rootca certificate +openssl ca -config openssl.cnf -notext -batch -in certs/server-valid.csr -out certs/server-valid.crt -extfile ext_template.cnf +openssl ca -config openssl.cnf -notext -batch -in certs/server-revoked.csr -out certs/server-revoked.crt -extfile ext_template.cnf +openssl ca -config openssl.cnf -notext -batch -in certs/server-expired.csr -out certs/server-expired.crt -extfile ext_template.cnf -startdate 20200101010000Z -enddate 20210101010000Z +``` + +### Revoke server certificate + +```bash +# Revokes the certificate found in 'certs/server-revoked.crt' using the Certificate Authority function of OpenSSL as configured in 'openssl.cnf'. +openssl ca -config openssl.cnf -revoke certs/server-revoked.crt + +# Verify the server certificate status +# server-revoked line should start with R +cat index.txt +``` + +### Generate CRL +```bash +# Generates a CRL using the OpenSSL's CA utility and its configurations mentioned in 'openssl.cnf'. This CRL can be distributed to parties that need to check whether an issued certificate has been revoked. +openssl ca -config openssl.cnf -gencrl -out crl/rootca.crl +``` + +### Create JWT to test the policy + +Go to https://jwt.io/ and create a JWT with the following information: +- Add public key (`certs/server-valid.crt`) and private key (`certs/server.pem`) +- Add payload: +```json +{ + "sub": "1234567890", + "name": "John Doe", + "admin": true +} +``` +- Add Header: +```json +{ + "kid": "MAIN", + "x5c": [""], + "alg": "RS256" +} +``` + +### Useful links +- Tool to check cert https://www.sslchecker.com/certdecoder + + + diff --git a/src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/01.pem b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/01.pem new file mode 100644 index 0000000..eb3bda6 --- /dev/null +++ b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/01.pem @@ -0,0 +1,36 @@ +-----BEGIN CERTIFICATE----- +MIIGXDCCBESgAwIBAgIBATANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQGEwJJTjES +MBAGA1UECAwJS2FybmF0YWthMRIwEAYDVQQHDAlCZW5nYWx1cnUxFTATBgNVBAoM +DEdvTGludXhDbG91ZDEOMAwGA1UECwwFQWRtaW4xDzANBgNVBAMMBlJvb3RDQTAe +Fw0yMzEwMjYwNzAzMjlaFw00MzEwMjEwNzAzMjlaMFwxCzAJBgNVBAYTAkFVMRMw +EQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0 +eSBMdGQxFTATBgNVBAMMDHNlcnZlci12YWxpZDCCAiIwDQYJKoZIhvcNAQEBBQAD +ggIPADCCAgoCggIBANgh438MUSigKSwvecZ0UND05L4G1ehAlmIoK1xWPDyi6w3N +sXDOu9AzyWR89RaNL9e2fvPz/QRqWWxCJXftBdEeHY6FPkLQOWmIrE50vyA80AQs +j2twFxE0+KyzFSNBOvOGxisI7KdjqLdJLKSSKDIC8whQxJ75GmJJiJKHWBOtLGnq +th8lMVxYun2c3cxJHrdqW8RoQqbOitKUW9d8h7FnokZGhF/cNm9YnHHIdog9sLfv +twvqzbEHq/Bw6am+OJoipzI2SC9TJYGFZf+imeCediZarniI/FcHxNSL1f7iOiJ+ +mTR7x6twCnAIoQ/OKYNVo1+6cQ+5y5O8NhrUIz/qYEvN9mOOhaiYI8NU8IJR1tkb +jScjOJr8nJuNUoBHExFu3m3QwQ2hzufyNI43HP1aaGqrIOi3NqaNq2F+r5fzD++R +tGCM3Eblw6vrRQvDCyDkORYJC6Aw+SkZgeVCKhm4viOabEJ9+5bAsTXEb7J+Ux2y +e4pkO5VoFvJZ2w4p4E0K7feguBjInuO+jwIZkGm0uybYfc2EgPuJtw+I1gCSzuZi +uLgpV/24lZRkUHKlaGIF56R+NJsMUBjZnjGoFbju43tIHtOOFmz4dtAZw4QB0lia +Uhn4ByTkNQX3BNcjIKeQ2exePxIfINkGJhq/bLbWWNeVMookEGts1K/ZgaLTAgMB +AAGjggEWMIIBEjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAzBglghkgB +hvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgQ2xpZW50IENlcnRpZmljYXRlMB0G +A1UdDgQWBBSqbF4PmYnGmkfOm6gj82ltv4xSKzAfBgNVHSMEGDAWgBSFoLvx4/e6 +jzeM6X527SPfYYhWXTAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUH +AwIGCCsGAQUFBwMBME4GA1UdHwRHMEUwQ6BBoD+GPWNsYXNzcGF0aDppby9ncmF2 +aXRlZS9wb2xpY3kvandzL2NlcnQtd2l0aC1jcmwvY3JsL3Jvb3RjYS5jcmwwDQYJ +KoZIhvcNAQELBQADggIBAMVxE7zDcgxwKZ/aXtG9FwV+ytf4ZMezLWg+bUnsY8Al +1aRroGiUg9wRM9+WWMyY25rrZlGlddy8vJQBkelplTtHAq0U1Yvq/PoUcwd4S5lE +LymnLQ0zt9IyDI+r1JSGv+wMb1Hl5GLquh3oKSbGGdcgudh4Vj9LHOJsT1D3aB1O +sNq1SBgLaE0lYHlTFa11ZrmouvI5Vh1oA6SZToVPmYD9QVCzTtcDQUzYRnNLthiz +ly0im4FaFxbyMXaitzy5uHGZApTLqQextsxlWp8lhjfg+PVxHNXS9RF9Lx0MLYqg +SkUZ8pjNYUZ77syWhC2ihKoEjYYIAQ1OxHtW0tPx5bN0xWiDkkh2Nyu8fo4+Jeym +3+OpKXJRbFW7X6Sg36UJWg0tinyH6e9FWnxmK1YRYg5sOvfZrJ+kBLgRSYkwKotl +IT8LsF+QEfy8Mq75YDs0uY8sXJILdemihjfknPnr0kfOAe9p6fGooQ9tV6Y44u3O +18eKg/kzPRhobnG2Bqf9WMTym6vFe+HU0Ulj82xouRVVE/FACOSKUl8I7XltgnWi +bRup1RM+BKBp4byXORXHeAwIgumIf0E2qvA1IQY1IAdcdCq2L67IeY103FcPSzUk +skbedQffkLbvrTx+QeT4SH7gClVeK0XYb2+b0A1mMPJSVkKg7DMUegugV6kURDYL +-----END CERTIFICATE----- diff --git a/src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/02.pem b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/02.pem new file mode 100644 index 0000000..7372e1c --- /dev/null +++ b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/02.pem @@ -0,0 +1,37 @@ +-----BEGIN CERTIFICATE----- +MIIGXjCCBEagAwIBAgIBAjANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQGEwJJTjES +MBAGA1UECAwJS2FybmF0YWthMRIwEAYDVQQHDAlCZW5nYWx1cnUxFTATBgNVBAoM +DEdvTGludXhDbG91ZDEOMAwGA1UECwwFQWRtaW4xDzANBgNVBAMMBlJvb3RDQTAe +Fw0yMzEwMjYwNzAzMzJaFw00MzEwMjEwNzAzMzJaMF4xCzAJBgNVBAYTAkFVMRMw +EQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0 +eSBMdGQxFzAVBgNVBAMMDnNlcnZlci1yZXZva2VkMIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEA2CHjfwxRKKApLC95xnRQ0PTkvgbV6ECWYigrXFY8PKLr +Dc2xcM670DPJZHz1Fo0v17Z+8/P9BGpZbEIld+0F0R4djoU+QtA5aYisTnS/IDzQ +BCyPa3AXETT4rLMVI0E684bGKwjsp2Oot0kspJIoMgLzCFDEnvkaYkmIkodYE60s +aeq2HyUxXFi6fZzdzEket2pbxGhCps6K0pRb13yHsWeiRkaEX9w2b1iccch2iD2w +t++3C+rNsQer8HDpqb44miKnMjZIL1MlgYVl/6KZ4J52JlqueIj8VwfE1IvV/uI6 +In6ZNHvHq3AKcAihD84pg1WjX7pxD7nLk7w2GtQjP+pgS832Y46FqJgjw1TwglHW +2RuNJyM4mvycm41SgEcTEW7ebdDBDaHO5/I0jjcc/Vpoaqsg6Lc2po2rYX6vl/MP +75G0YIzcRuXDq+tFC8MLIOQ5FgkLoDD5KRmB5UIqGbi+I5psQn37lsCxNcRvsn5T +HbJ7imQ7lWgW8lnbDingTQrt96C4GMie476PAhmQabS7Jth9zYSA+4m3D4jWAJLO +5mK4uClX/biVlGRQcqVoYgXnpH40mwxQGNmeMagVuO7je0ge044WbPh20BnDhAHS +WJpSGfgHJOQ1BfcE1yMgp5DZ7F4/Eh8g2QYmGr9sttZY15UyiiQQa2zUr9mBotMC +AwEAAaOCARYwggESMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgWgMDMGCWCG +SAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBDbGllbnQgQ2VydGlmaWNhdGUw +HQYDVR0OBBYEFKpsXg+ZicaaR86bqCPzaW2/jFIrMB8GA1UdIwQYMBaAFIWgu/Hj +97qPN4zpfnbtI99hiFZdMA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEF +BQcDAgYIKwYBBQUHAwEwTgYDVR0fBEcwRTBDoEGgP4Y9Y2xhc3NwYXRoOmlvL2dy +YXZpdGVlL3BvbGljeS9qd3MvY2VydC13aXRoLWNybC9jcmwvcm9vdGNhLmNybDAN +BgkqhkiG9w0BAQsFAAOCAgEAN18t0M//vNUP6VePHqU6N0J4S0/s7e+h2JGQStv2 +dZGSzBJtaeHvJfuHdFaSsm9oS7XBhygxprgWUZ9WiiHDT+g/Kk+QTdNFODFvkVqK +ZkOqEgm94rfdnumlhr4qzCUBuvrCqRoMECyz1KNa0pec8d3vO51apJPShOIvuUSm +fYtswGBkZW0O94rXRzSfhiFQeEQrQ5unkyTSYO12UvTi+KflG9f4gPBThO3upgwK +hnS6l1OqmpxG6tmwRAVaNFpGQA+m/4i4spOsrj/1jHK4V7sn6vZk9E9xOwl1mnN7 +UGidRqNjRt6kV+zg1KAWK+I6yFWSASXvKOM4ion4e3mvcE5cPwaRWo/T4TCtoMNO +aRTwfkUSU9aVwk9Mb7/+FdMoryrN3yoHsO2ykmkWDDPt2MALwIPX2CfD18TjzIEi +ngIw2UBIB8XT+uP9xHOH6RnhqfdhrW2CTBK7Fv0YkViMuruZovkvhbBZ439n8EN5 +WYTYP7jKQncThxlaIrAQBiOrA32GC5yigGm70hlUPaYUwxrR1DIf3z0ms6JenN5z +pSoCYVHsPE5r32vFqzQQsGKZqbJGmnmqIhA+BsAfUcJWErOrG7z/XyC6od9wHCRu +byYzSkjitKBNU8HEu70BVS3g6tZOeFZS7KguX5K2zwo0NuY8FCNNlA3N2lUh+ymc +kPw= +-----END CERTIFICATE----- diff --git a/src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/03.pem b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/03.pem new file mode 100644 index 0000000..faeca24 --- /dev/null +++ b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/03.pem @@ -0,0 +1,37 @@ +-----BEGIN CERTIFICATE----- +MIIGXjCCBEagAwIBAgIBAzANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQGEwJJTjES +MBAGA1UECAwJS2FybmF0YWthMRIwEAYDVQQHDAlCZW5nYWx1cnUxFTATBgNVBAoM +DEdvTGludXhDbG91ZDEOMAwGA1UECwwFQWRtaW4xDzANBgNVBAMMBlJvb3RDQTAe +Fw0yMDAxMDEwMTAwMDBaFw0yMTAxMDEwMTAwMDBaMF4xCzAJBgNVBAYTAkFVMRMw +EQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0 +eSBMdGQxFzAVBgNVBAMMDnNlcnZlci1leHBpcmVkMIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEA2CHjfwxRKKApLC95xnRQ0PTkvgbV6ECWYigrXFY8PKLr +Dc2xcM670DPJZHz1Fo0v17Z+8/P9BGpZbEIld+0F0R4djoU+QtA5aYisTnS/IDzQ +BCyPa3AXETT4rLMVI0E684bGKwjsp2Oot0kspJIoMgLzCFDEnvkaYkmIkodYE60s +aeq2HyUxXFi6fZzdzEket2pbxGhCps6K0pRb13yHsWeiRkaEX9w2b1iccch2iD2w +t++3C+rNsQer8HDpqb44miKnMjZIL1MlgYVl/6KZ4J52JlqueIj8VwfE1IvV/uI6 +In6ZNHvHq3AKcAihD84pg1WjX7pxD7nLk7w2GtQjP+pgS832Y46FqJgjw1TwglHW +2RuNJyM4mvycm41SgEcTEW7ebdDBDaHO5/I0jjcc/Vpoaqsg6Lc2po2rYX6vl/MP +75G0YIzcRuXDq+tFC8MLIOQ5FgkLoDD5KRmB5UIqGbi+I5psQn37lsCxNcRvsn5T +HbJ7imQ7lWgW8lnbDingTQrt96C4GMie476PAhmQabS7Jth9zYSA+4m3D4jWAJLO +5mK4uClX/biVlGRQcqVoYgXnpH40mwxQGNmeMagVuO7je0ge044WbPh20BnDhAHS +WJpSGfgHJOQ1BfcE1yMgp5DZ7F4/Eh8g2QYmGr9sttZY15UyiiQQa2zUr9mBotMC +AwEAAaOCARYwggESMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgWgMDMGCWCG +SAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBDbGllbnQgQ2VydGlmaWNhdGUw +HQYDVR0OBBYEFKpsXg+ZicaaR86bqCPzaW2/jFIrMB8GA1UdIwQYMBaAFIWgu/Hj +97qPN4zpfnbtI99hiFZdMA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEF +BQcDAgYIKwYBBQUHAwEwTgYDVR0fBEcwRTBDoEGgP4Y9Y2xhc3NwYXRoOmlvL2dy +YXZpdGVlL3BvbGljeS9qd3MvY2VydC13aXRoLWNybC9jcmwvcm9vdGNhLmNybDAN +BgkqhkiG9w0BAQsFAAOCAgEAJrkm8KY0D4d8CyWLF+p4HvEb8K12LX8/+YJNZu4N +88JAe4spXPtIzHTBxFPi4HCnPtxIqQylWiFc6ArU7rpwLptp91c/aQUDG60xBJZr +n0nOJ5aK1bMeWOrNp5caWxw/J66qbEdEmt/5TIy40zO7UA/CimHg6xTWgmNsCf/r +PUU+JS1SLX4hY3Qp4Qo+vjKHkYc5U3vIGLxMUMRG+vUsy1ffmdisnUnmjo8iMBdT +WilBhhZkeX1+XWnpoCNFgwlLUAbXdlPkHypI3BHNmT5dXadWK8j678PQ+jgBfQnp +i+CWuf7XdHAOHkD1jehKaVzsbwpq/hBx7x7u6Pa+oGWca6JLKuLG9j4m6DZ7svi2 +77dxLiooF8pL0HX9RxwUv6gq6rBcwq57nnWdtDkAaYmL4U7/NMt/5x/fuOkEpMfn +en5F2er9m1/ZhfG/eJ76nxoi9VgxxVg7CViGIkD+MzKwe6oWJUB27QLK79CqN3qa +s93i2ZwaAQWJGTS27NiBj88hp6D3O1eWZTSwG5Oxd4E+Yz2I1S3T4w1HkV3IpDSa +eB+BhNBv5ejBwnZ/a90G/UXZbXDcAAdPvAgXo/EAqrkuVorLcuknL2l14Pe8oPig +4OBhVgyf4oomGoGI3KN8hbIx1YP9voJkPKgcfOxqHdCJsWkTWxk/O3opnTi5vVNN +ghc= +-----END CERTIFICATE----- diff --git a/src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/cacert.pem b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/cacert.pem new file mode 100644 index 0000000..c9828a7 --- /dev/null +++ b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/cacert.pem @@ -0,0 +1,35 @@ +-----BEGIN CERTIFICATE----- +MIIGAzCCA+ugAwIBAgIUZri64edhaHETDWQfpr2rgn4ClKgwDQYJKoZIhvcNAQEL +BQAwbTELMAkGA1UEBhMCSU4xEjAQBgNVBAgMCUthcm5hdGFrYTESMBAGA1UEBwwJ +QmVuZ2FsdXJ1MRUwEwYDVQQKDAxHb0xpbnV4Q2xvdWQxDjAMBgNVBAsMBUFkbWlu +MQ8wDQYDVQQDDAZSb290Q0EwHhcNMjMxMDI1MjAzNDUzWhcNNDMxMDIwMjAzNDU0 +WjBtMQswCQYDVQQGEwJJTjESMBAGA1UECAwJS2FybmF0YWthMRIwEAYDVQQHDAlC +ZW5nYWx1cnUxFTATBgNVBAoMDEdvTGludXhDbG91ZDEOMAwGA1UECwwFQWRtaW4x +DzANBgNVBAMMBlJvb3RDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB +AMtCdkxQn1O8cvBwETpoB4nI4zKQW99Q2Zb71pv1+ik0SfSRaf6Jx/FPJ91HE6+1 +c/OztgE2tQ0xgfnL7NrDCT515YJXWDOoZqpJ/jYA/LAvwBVUuG3NfIfPk1iIjNct +WJYX0JyfV7INhpBeXd6yYzPd9ZyrFsoOsUO+xHeBtKbl//OJBeyQlGSDkDKHDRbN +59fZlv138KHbbhrGMp+n3891H2/l+BkMKnFcmtCGCgU1qpn3O9umqrSxiNA1A2s/ +6jfsHwIfdFLzv/oci9cMlAP2QOzw/Oz5Ncu8lUDMhfBnA/AVNgh8OriNZ3CGKTcC +5o299jXdC4tPLMU16+AElR+GR7WpeYEureDbOBGaeoGLbTPLMn7lPaN8EpxtNhna +TO11ArNur6HbibRNgKYlUA0/gS0mxxaL068q65wKEemKbOtgizcsjo2xHRxZWswr +3hHKtHzJ3szibAacxKyhTkyfMgbqEDBjZ/qjFYfAmdqqm64jNxbg4YeavPgcHj5F +Xr/cDRUSk2uq76SUrZbCn+IB2KSBSLLDPEWOScDFaIe6t4kMGcjob3S9HbHTFMy7 +DMeX+XsQ7rtCRKlQ+muLVIBj224MKvE+dOCFUZJDCj+YGxroGzBzibzd1uRfVJVm +TjJ5cwraMNaOMm8zg9UyXuqUKDEMqjLytrCNE5adBtR3AgMBAAGjgZowgZcwHQYD +VR0OBBYEFIWgu/Hj97qPN4zpfnbtI99hiFZdMB8GA1UdIwQYMBaAFIWgu/Hj97qP +N4zpfnbtI99hiFZdMA8GA1UdEwEB/wQFMAMBAf8wRAYDVR0fBD0wOzA5oDegNYYz +Y2xhc3NwYXRoOmlvL2dyYXZpdGVlL3BvbGljeS9qd3MvdGxzL2NybC9yb290Y2Eu +Y3JsMA0GCSqGSIb3DQEBCwUAA4ICAQAgumT2pqwgwLTXVSaoE6yIjkVl6ISDRdgA +X8UJf46Q8lE7ORWbLzrAuKg8Bb6H7cceSillvqufwaPTWnq0l+7JIfhz0w7u94yw +wyhcU3xBs8ZIhKFhVd/u7MlWMrWyGFy6+XbxzV0dEEJsYrf6pvMGIcfZSWYdtBDd +Yapxk+vHXcCKWuyKleY1PMMFCCvLR5Kpjs9dR7XAAaagc8DbBjr88MytvhbzjrEA +PS1IIIZEw7s8KnMhTvf+tQX2R50cw8eyGNNYU0GVAbXAtED6QvBnokeCkOUBf0Ql +5yFq3Op0bLDG030haOVIm3Vw9iVkFCy7zS0G6kxdouF6BGrR33O1CXZitOnZ+l96 +4eQT7fJSM60MawjpIsYtH1sltB6uVsAOUw7OP5eY9u8O9Q2nkCPDKgSMQH7Zrk3D +YodLvFPBPCXHydMREmHwRlwjudQOZsP9P0zKfdBiifE3wLV3/E35lkklvSrOqAHs +adolRRDB8y5F/3M95Oz5N/1xR1KRM7cWMPfZLT6JmsMPDBf1femroZ+JPZZs2gRF +YuVHmNbx2YiWRGeN1nmDb2SLr/OgCFXyfKCc18Bo60rJ9kSgnxK3Yf2zF4sPjE/p +z6QXLuM7jrLTusZw3xguOp+fnUmS0KjVdqTbEsM4g6+YxvCu9gahEBpEXrH24shy +R+4UIJCGIQ== +-----END CERTIFICATE----- diff --git a/src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/server-expired.crt b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/server-expired.crt new file mode 100644 index 0000000..faeca24 --- /dev/null +++ b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/server-expired.crt @@ -0,0 +1,37 @@ +-----BEGIN CERTIFICATE----- +MIIGXjCCBEagAwIBAgIBAzANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQGEwJJTjES +MBAGA1UECAwJS2FybmF0YWthMRIwEAYDVQQHDAlCZW5nYWx1cnUxFTATBgNVBAoM +DEdvTGludXhDbG91ZDEOMAwGA1UECwwFQWRtaW4xDzANBgNVBAMMBlJvb3RDQTAe +Fw0yMDAxMDEwMTAwMDBaFw0yMTAxMDEwMTAwMDBaMF4xCzAJBgNVBAYTAkFVMRMw +EQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0 +eSBMdGQxFzAVBgNVBAMMDnNlcnZlci1leHBpcmVkMIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEA2CHjfwxRKKApLC95xnRQ0PTkvgbV6ECWYigrXFY8PKLr +Dc2xcM670DPJZHz1Fo0v17Z+8/P9BGpZbEIld+0F0R4djoU+QtA5aYisTnS/IDzQ +BCyPa3AXETT4rLMVI0E684bGKwjsp2Oot0kspJIoMgLzCFDEnvkaYkmIkodYE60s +aeq2HyUxXFi6fZzdzEket2pbxGhCps6K0pRb13yHsWeiRkaEX9w2b1iccch2iD2w +t++3C+rNsQer8HDpqb44miKnMjZIL1MlgYVl/6KZ4J52JlqueIj8VwfE1IvV/uI6 +In6ZNHvHq3AKcAihD84pg1WjX7pxD7nLk7w2GtQjP+pgS832Y46FqJgjw1TwglHW +2RuNJyM4mvycm41SgEcTEW7ebdDBDaHO5/I0jjcc/Vpoaqsg6Lc2po2rYX6vl/MP +75G0YIzcRuXDq+tFC8MLIOQ5FgkLoDD5KRmB5UIqGbi+I5psQn37lsCxNcRvsn5T +HbJ7imQ7lWgW8lnbDingTQrt96C4GMie476PAhmQabS7Jth9zYSA+4m3D4jWAJLO +5mK4uClX/biVlGRQcqVoYgXnpH40mwxQGNmeMagVuO7je0ge044WbPh20BnDhAHS +WJpSGfgHJOQ1BfcE1yMgp5DZ7F4/Eh8g2QYmGr9sttZY15UyiiQQa2zUr9mBotMC +AwEAAaOCARYwggESMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgWgMDMGCWCG +SAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBDbGllbnQgQ2VydGlmaWNhdGUw +HQYDVR0OBBYEFKpsXg+ZicaaR86bqCPzaW2/jFIrMB8GA1UdIwQYMBaAFIWgu/Hj +97qPN4zpfnbtI99hiFZdMA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEF +BQcDAgYIKwYBBQUHAwEwTgYDVR0fBEcwRTBDoEGgP4Y9Y2xhc3NwYXRoOmlvL2dy +YXZpdGVlL3BvbGljeS9qd3MvY2VydC13aXRoLWNybC9jcmwvcm9vdGNhLmNybDAN +BgkqhkiG9w0BAQsFAAOCAgEAJrkm8KY0D4d8CyWLF+p4HvEb8K12LX8/+YJNZu4N +88JAe4spXPtIzHTBxFPi4HCnPtxIqQylWiFc6ArU7rpwLptp91c/aQUDG60xBJZr +n0nOJ5aK1bMeWOrNp5caWxw/J66qbEdEmt/5TIy40zO7UA/CimHg6xTWgmNsCf/r +PUU+JS1SLX4hY3Qp4Qo+vjKHkYc5U3vIGLxMUMRG+vUsy1ffmdisnUnmjo8iMBdT +WilBhhZkeX1+XWnpoCNFgwlLUAbXdlPkHypI3BHNmT5dXadWK8j678PQ+jgBfQnp +i+CWuf7XdHAOHkD1jehKaVzsbwpq/hBx7x7u6Pa+oGWca6JLKuLG9j4m6DZ7svi2 +77dxLiooF8pL0HX9RxwUv6gq6rBcwq57nnWdtDkAaYmL4U7/NMt/5x/fuOkEpMfn +en5F2er9m1/ZhfG/eJ76nxoi9VgxxVg7CViGIkD+MzKwe6oWJUB27QLK79CqN3qa +s93i2ZwaAQWJGTS27NiBj88hp6D3O1eWZTSwG5Oxd4E+Yz2I1S3T4w1HkV3IpDSa +eB+BhNBv5ejBwnZ/a90G/UXZbXDcAAdPvAgXo/EAqrkuVorLcuknL2l14Pe8oPig +4OBhVgyf4oomGoGI3KN8hbIx1YP9voJkPKgcfOxqHdCJsWkTWxk/O3opnTi5vVNN +ghc= +-----END CERTIFICATE----- diff --git a/src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/server-expired.csr b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/server-expired.csr new file mode 100644 index 0000000..8b59d9e --- /dev/null +++ b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/server-expired.csr @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEozCCAosCAQAwXjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx +ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEXMBUGA1UEAwwOc2Vy +dmVyLWV4cGlyZWQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDYIeN/ +DFEooCksL3nGdFDQ9OS+BtXoQJZiKCtcVjw8ousNzbFwzrvQM8lkfPUWjS/Xtn7z +8/0EallsQiV37QXRHh2OhT5C0DlpiKxOdL8gPNAELI9rcBcRNPissxUjQTrzhsYr +COynY6i3SSykkigyAvMIUMSe+RpiSYiSh1gTrSxp6rYfJTFcWLp9nN3MSR63alvE +aEKmzorSlFvXfIexZ6JGRoRf3DZvWJxxyHaIPbC377cL6s2xB6vwcOmpvjiaIqcy +NkgvUyWBhWX/opngnnYmWq54iPxXB8TUi9X+4joifpk0e8ercApwCKEPzimDVaNf +unEPucuTvDYa1CM/6mBLzfZjjoWomCPDVPCCUdbZG40nIzia/JybjVKARxMRbt5t +0MENoc7n8jSONxz9WmhqqyDotzamjathfq+X8w/vkbRgjNxG5cOr60ULwwsg5DkW +CQugMPkpGYHlQioZuL4jmmxCffuWwLE1xG+yflMdsnuKZDuVaBbyWdsOKeBNCu33 +oLgYyJ7jvo8CGZBptLsm2H3NhID7ibcPiNYAks7mYri4KVf9uJWUZFBypWhiBeek +fjSbDFAY2Z4xqBW47uN7SB7TjhZs+HbQGcOEAdJYmlIZ+Ack5DUF9wTXIyCnkNns +Xj8SHyDZBiYav2y21ljXlTKKJBBrbNSv2YGi0wIDAQABoAAwDQYJKoZIhvcNAQEL +BQADggIBADiKoQWQ9jFqY/OVP8XEM7FlytKH0ZlYDAQMRyv4RUvD4f/C5yzsFf/U +Sv5DJHZYbN1eV5gpNqHabb2xawb0a27sKsz+jtosi2e6wycq6L32fb6FHu/4oLf3 +xHPP6nYTw/R7rwuDqRef/XTyNNYXVPDW9P/cZLa4L8PC+mrZy9oCqfXDH9zaBJg2 +HGBxl1hlA6zsGirvrQgBFV2bFkVpmDJv8yWS+tM1ZD9S+yieFIax2ESUVdJgXAZi +LA66k2QgWWZA0JoQd6mLVNdQLAkOc1bsxbNdPI/8t1nR1ZIPxLGUFsWj4QPDnO6o +qv1SHLNmmt3I7PvQ4db/2v/mv9T2UhU9ZChkyLvtBbHgzEakOmdG7KSXwB7Qqk6f +VT4DrUY1+UsoifnBmGJpj/BFowYWnt4kspGXD66lXIzLadunF0/moxtCM/8FFFRi +7gWi33aefRoGg2cOKkOus00/b4t+eOzY5Cv82hzGj2YTipjCDzVvG1BLWfxLRcTz +jqZ8s+6+2EGx2/poWTut68cAJ6uekRP/9X+87YVLw9ieujroWOrU4m035+8+LpqA +uPBJ547aogHDPOB+k0a3GE61/ocu7ZmdF87V35NmMOXVkxZFgk8IehPIIcCJ27My +WUZv6CdbmWNCo7lQuLHKtW9lPOZkIaAhMsJn2sHEiYKUQN/mJp95 +-----END CERTIFICATE REQUEST----- diff --git a/src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/server-revoked.crt b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/server-revoked.crt new file mode 100644 index 0000000..7372e1c --- /dev/null +++ b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/server-revoked.crt @@ -0,0 +1,37 @@ +-----BEGIN CERTIFICATE----- +MIIGXjCCBEagAwIBAgIBAjANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQGEwJJTjES +MBAGA1UECAwJS2FybmF0YWthMRIwEAYDVQQHDAlCZW5nYWx1cnUxFTATBgNVBAoM +DEdvTGludXhDbG91ZDEOMAwGA1UECwwFQWRtaW4xDzANBgNVBAMMBlJvb3RDQTAe +Fw0yMzEwMjYwNzAzMzJaFw00MzEwMjEwNzAzMzJaMF4xCzAJBgNVBAYTAkFVMRMw +EQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0 +eSBMdGQxFzAVBgNVBAMMDnNlcnZlci1yZXZva2VkMIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEA2CHjfwxRKKApLC95xnRQ0PTkvgbV6ECWYigrXFY8PKLr +Dc2xcM670DPJZHz1Fo0v17Z+8/P9BGpZbEIld+0F0R4djoU+QtA5aYisTnS/IDzQ +BCyPa3AXETT4rLMVI0E684bGKwjsp2Oot0kspJIoMgLzCFDEnvkaYkmIkodYE60s +aeq2HyUxXFi6fZzdzEket2pbxGhCps6K0pRb13yHsWeiRkaEX9w2b1iccch2iD2w +t++3C+rNsQer8HDpqb44miKnMjZIL1MlgYVl/6KZ4J52JlqueIj8VwfE1IvV/uI6 +In6ZNHvHq3AKcAihD84pg1WjX7pxD7nLk7w2GtQjP+pgS832Y46FqJgjw1TwglHW +2RuNJyM4mvycm41SgEcTEW7ebdDBDaHO5/I0jjcc/Vpoaqsg6Lc2po2rYX6vl/MP +75G0YIzcRuXDq+tFC8MLIOQ5FgkLoDD5KRmB5UIqGbi+I5psQn37lsCxNcRvsn5T +HbJ7imQ7lWgW8lnbDingTQrt96C4GMie476PAhmQabS7Jth9zYSA+4m3D4jWAJLO +5mK4uClX/biVlGRQcqVoYgXnpH40mwxQGNmeMagVuO7je0ge044WbPh20BnDhAHS +WJpSGfgHJOQ1BfcE1yMgp5DZ7F4/Eh8g2QYmGr9sttZY15UyiiQQa2zUr9mBotMC +AwEAAaOCARYwggESMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgWgMDMGCWCG +SAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBDbGllbnQgQ2VydGlmaWNhdGUw +HQYDVR0OBBYEFKpsXg+ZicaaR86bqCPzaW2/jFIrMB8GA1UdIwQYMBaAFIWgu/Hj +97qPN4zpfnbtI99hiFZdMA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEF +BQcDAgYIKwYBBQUHAwEwTgYDVR0fBEcwRTBDoEGgP4Y9Y2xhc3NwYXRoOmlvL2dy +YXZpdGVlL3BvbGljeS9qd3MvY2VydC13aXRoLWNybC9jcmwvcm9vdGNhLmNybDAN +BgkqhkiG9w0BAQsFAAOCAgEAN18t0M//vNUP6VePHqU6N0J4S0/s7e+h2JGQStv2 +dZGSzBJtaeHvJfuHdFaSsm9oS7XBhygxprgWUZ9WiiHDT+g/Kk+QTdNFODFvkVqK +ZkOqEgm94rfdnumlhr4qzCUBuvrCqRoMECyz1KNa0pec8d3vO51apJPShOIvuUSm +fYtswGBkZW0O94rXRzSfhiFQeEQrQ5unkyTSYO12UvTi+KflG9f4gPBThO3upgwK +hnS6l1OqmpxG6tmwRAVaNFpGQA+m/4i4spOsrj/1jHK4V7sn6vZk9E9xOwl1mnN7 +UGidRqNjRt6kV+zg1KAWK+I6yFWSASXvKOM4ion4e3mvcE5cPwaRWo/T4TCtoMNO +aRTwfkUSU9aVwk9Mb7/+FdMoryrN3yoHsO2ykmkWDDPt2MALwIPX2CfD18TjzIEi +ngIw2UBIB8XT+uP9xHOH6RnhqfdhrW2CTBK7Fv0YkViMuruZovkvhbBZ439n8EN5 +WYTYP7jKQncThxlaIrAQBiOrA32GC5yigGm70hlUPaYUwxrR1DIf3z0ms6JenN5z +pSoCYVHsPE5r32vFqzQQsGKZqbJGmnmqIhA+BsAfUcJWErOrG7z/XyC6od9wHCRu +byYzSkjitKBNU8HEu70BVS3g6tZOeFZS7KguX5K2zwo0NuY8FCNNlA3N2lUh+ymc +kPw= +-----END CERTIFICATE----- diff --git a/src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/server-revoked.csr b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/server-revoked.csr new file mode 100644 index 0000000..6fd55df --- /dev/null +++ b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/server-revoked.csr @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEozCCAosCAQAwXjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx +ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEXMBUGA1UEAwwOc2Vy +dmVyLXJldm9rZWQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDYIeN/ +DFEooCksL3nGdFDQ9OS+BtXoQJZiKCtcVjw8ousNzbFwzrvQM8lkfPUWjS/Xtn7z +8/0EallsQiV37QXRHh2OhT5C0DlpiKxOdL8gPNAELI9rcBcRNPissxUjQTrzhsYr +COynY6i3SSykkigyAvMIUMSe+RpiSYiSh1gTrSxp6rYfJTFcWLp9nN3MSR63alvE +aEKmzorSlFvXfIexZ6JGRoRf3DZvWJxxyHaIPbC377cL6s2xB6vwcOmpvjiaIqcy +NkgvUyWBhWX/opngnnYmWq54iPxXB8TUi9X+4joifpk0e8ercApwCKEPzimDVaNf +unEPucuTvDYa1CM/6mBLzfZjjoWomCPDVPCCUdbZG40nIzia/JybjVKARxMRbt5t +0MENoc7n8jSONxz9WmhqqyDotzamjathfq+X8w/vkbRgjNxG5cOr60ULwwsg5DkW +CQugMPkpGYHlQioZuL4jmmxCffuWwLE1xG+yflMdsnuKZDuVaBbyWdsOKeBNCu33 +oLgYyJ7jvo8CGZBptLsm2H3NhID7ibcPiNYAks7mYri4KVf9uJWUZFBypWhiBeek +fjSbDFAY2Z4xqBW47uN7SB7TjhZs+HbQGcOEAdJYmlIZ+Ack5DUF9wTXIyCnkNns +Xj8SHyDZBiYav2y21ljXlTKKJBBrbNSv2YGi0wIDAQABoAAwDQYJKoZIhvcNAQEL +BQADggIBAKd4Wa0jAUxAdJ8RxbkYS+lX60RsP17rzQ+JGXUDsZW/5ImJBA+hi46f +ZkpL6N6ftte7p4wOpcRDAzC2b01hVzZT7h32rNYBofaLMcXuN6c08tuvw1JRd1zI +YVchWr/spo2mn2Kz92mMhlLmn3Ly0K/bIkMHqLVor17jTV7BG4bRoUCatp00VRYI +HLV8ph+j6Y/laAQ4PCtj1Vy0+hFHprjoZ92QXuTg9kmGtGFI13JIr5RS2Giago1Z +bAiLO+qSs/iQ3WIFoCkCFa1fOf1L8cLdcNiVLuKhM7GPT9xmxu//5Ek19mbfc3il +jhjpBXxoYFQK9ma5dwarhN0gEHf6UW3ljZaCYsmHikcjiMeY/0xDk5wT/TXheWLC +UxGPMa4ru26D1hLqF0rOcsnoSL+aqGWgOLZAxnVwJQIWqJX6MLMegNHDC5sjJmDb +XL5QiDGA6xyZCjNJrp/2FpNFRoeuvvTLoY+sVJ1DWIdlDkzWI3bXgKRwFfpnKFpQ +/M2DbceylS7dus5qxsWmmVQ59weZTvvDOZ0vMycevCln+tVcb6l3zxi3L4uBSyAE +6pgh8d4Pokaq1RZaj9aOBl9dfa76OsfX4vE3w+KfnWoRo+govXyodBmJNa9Nvara +zbCFy0EUPLR4sGJk4TmefXWtDtZwuJhS/i10iBEDFA0cfjIXbDCz +-----END CERTIFICATE REQUEST----- diff --git a/src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/server-valid.crt b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/server-valid.crt new file mode 100644 index 0000000..eb3bda6 --- /dev/null +++ b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/server-valid.crt @@ -0,0 +1,36 @@ +-----BEGIN CERTIFICATE----- +MIIGXDCCBESgAwIBAgIBATANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQGEwJJTjES +MBAGA1UECAwJS2FybmF0YWthMRIwEAYDVQQHDAlCZW5nYWx1cnUxFTATBgNVBAoM +DEdvTGludXhDbG91ZDEOMAwGA1UECwwFQWRtaW4xDzANBgNVBAMMBlJvb3RDQTAe +Fw0yMzEwMjYwNzAzMjlaFw00MzEwMjEwNzAzMjlaMFwxCzAJBgNVBAYTAkFVMRMw +EQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0 +eSBMdGQxFTATBgNVBAMMDHNlcnZlci12YWxpZDCCAiIwDQYJKoZIhvcNAQEBBQAD +ggIPADCCAgoCggIBANgh438MUSigKSwvecZ0UND05L4G1ehAlmIoK1xWPDyi6w3N +sXDOu9AzyWR89RaNL9e2fvPz/QRqWWxCJXftBdEeHY6FPkLQOWmIrE50vyA80AQs +j2twFxE0+KyzFSNBOvOGxisI7KdjqLdJLKSSKDIC8whQxJ75GmJJiJKHWBOtLGnq +th8lMVxYun2c3cxJHrdqW8RoQqbOitKUW9d8h7FnokZGhF/cNm9YnHHIdog9sLfv +twvqzbEHq/Bw6am+OJoipzI2SC9TJYGFZf+imeCediZarniI/FcHxNSL1f7iOiJ+ +mTR7x6twCnAIoQ/OKYNVo1+6cQ+5y5O8NhrUIz/qYEvN9mOOhaiYI8NU8IJR1tkb +jScjOJr8nJuNUoBHExFu3m3QwQ2hzufyNI43HP1aaGqrIOi3NqaNq2F+r5fzD++R +tGCM3Eblw6vrRQvDCyDkORYJC6Aw+SkZgeVCKhm4viOabEJ9+5bAsTXEb7J+Ux2y +e4pkO5VoFvJZ2w4p4E0K7feguBjInuO+jwIZkGm0uybYfc2EgPuJtw+I1gCSzuZi +uLgpV/24lZRkUHKlaGIF56R+NJsMUBjZnjGoFbju43tIHtOOFmz4dtAZw4QB0lia +Uhn4ByTkNQX3BNcjIKeQ2exePxIfINkGJhq/bLbWWNeVMookEGts1K/ZgaLTAgMB +AAGjggEWMIIBEjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAzBglghkgB +hvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgQ2xpZW50IENlcnRpZmljYXRlMB0G +A1UdDgQWBBSqbF4PmYnGmkfOm6gj82ltv4xSKzAfBgNVHSMEGDAWgBSFoLvx4/e6 +jzeM6X527SPfYYhWXTAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUH +AwIGCCsGAQUFBwMBME4GA1UdHwRHMEUwQ6BBoD+GPWNsYXNzcGF0aDppby9ncmF2 +aXRlZS9wb2xpY3kvandzL2NlcnQtd2l0aC1jcmwvY3JsL3Jvb3RjYS5jcmwwDQYJ +KoZIhvcNAQELBQADggIBAMVxE7zDcgxwKZ/aXtG9FwV+ytf4ZMezLWg+bUnsY8Al +1aRroGiUg9wRM9+WWMyY25rrZlGlddy8vJQBkelplTtHAq0U1Yvq/PoUcwd4S5lE +LymnLQ0zt9IyDI+r1JSGv+wMb1Hl5GLquh3oKSbGGdcgudh4Vj9LHOJsT1D3aB1O +sNq1SBgLaE0lYHlTFa11ZrmouvI5Vh1oA6SZToVPmYD9QVCzTtcDQUzYRnNLthiz +ly0im4FaFxbyMXaitzy5uHGZApTLqQextsxlWp8lhjfg+PVxHNXS9RF9Lx0MLYqg +SkUZ8pjNYUZ77syWhC2ihKoEjYYIAQ1OxHtW0tPx5bN0xWiDkkh2Nyu8fo4+Jeym +3+OpKXJRbFW7X6Sg36UJWg0tinyH6e9FWnxmK1YRYg5sOvfZrJ+kBLgRSYkwKotl +IT8LsF+QEfy8Mq75YDs0uY8sXJILdemihjfknPnr0kfOAe9p6fGooQ9tV6Y44u3O +18eKg/kzPRhobnG2Bqf9WMTym6vFe+HU0Ulj82xouRVVE/FACOSKUl8I7XltgnWi +bRup1RM+BKBp4byXORXHeAwIgumIf0E2qvA1IQY1IAdcdCq2L67IeY103FcPSzUk +skbedQffkLbvrTx+QeT4SH7gClVeK0XYb2+b0A1mMPJSVkKg7DMUegugV6kURDYL +-----END CERTIFICATE----- diff --git a/src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/server-valid.csr b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/server-valid.csr new file mode 100644 index 0000000..2a9faea --- /dev/null +++ b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/server-valid.csr @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEoTCCAokCAQAwXDELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx +ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEVMBMGA1UEAwwMc2Vy +dmVyLXZhbGlkMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2CHjfwxR +KKApLC95xnRQ0PTkvgbV6ECWYigrXFY8PKLrDc2xcM670DPJZHz1Fo0v17Z+8/P9 +BGpZbEIld+0F0R4djoU+QtA5aYisTnS/IDzQBCyPa3AXETT4rLMVI0E684bGKwjs +p2Oot0kspJIoMgLzCFDEnvkaYkmIkodYE60saeq2HyUxXFi6fZzdzEket2pbxGhC +ps6K0pRb13yHsWeiRkaEX9w2b1iccch2iD2wt++3C+rNsQer8HDpqb44miKnMjZI +L1MlgYVl/6KZ4J52JlqueIj8VwfE1IvV/uI6In6ZNHvHq3AKcAihD84pg1WjX7px +D7nLk7w2GtQjP+pgS832Y46FqJgjw1TwglHW2RuNJyM4mvycm41SgEcTEW7ebdDB +DaHO5/I0jjcc/Vpoaqsg6Lc2po2rYX6vl/MP75G0YIzcRuXDq+tFC8MLIOQ5FgkL +oDD5KRmB5UIqGbi+I5psQn37lsCxNcRvsn5THbJ7imQ7lWgW8lnbDingTQrt96C4 +GMie476PAhmQabS7Jth9zYSA+4m3D4jWAJLO5mK4uClX/biVlGRQcqVoYgXnpH40 +mwxQGNmeMagVuO7je0ge044WbPh20BnDhAHSWJpSGfgHJOQ1BfcE1yMgp5DZ7F4/ +Eh8g2QYmGr9sttZY15UyiiQQa2zUr9mBotMCAwEAAaAAMA0GCSqGSIb3DQEBCwUA +A4ICAQBv3gS+imQBt0NaYLpmpPLOjPTgXnd2/S/Qt17ZHQasLW5iMr+Cqq0dM9Fc +8E4gHu/ZU04yI/0rONCK1oUonBzq2MBmbWpCjGy1uG6Sx/1X1sdq2km0cKHRlyim +64elDs5wp44YAsqOPqNhIfkwtVqWTwNj8VAMGVG3UOLtKvjvJVit9GgqHdF9EBwR +KCqNHXtgDujDTYcDWt8BM8tsdbdY9GhGaVaJVcJV4IRAh7d/vOjTBzITgF7KZr8w +FpqAe3/XXSADpxW+2pcpalFR8rn3PBYRLSWBp+P11/QEC+f9JLeQxj3KRbFWORVN +BKlW/BN9v9jeKZwdq5AqLIYah3tTAxlutnWz5uInGeBDW2P+ppvczZVKRBzxfJkv +9SZ/ThxftH7MvmnVGbWFDTy59W7sGrgylmV/VE3kSH1mDYZR6XCXOzISh2k3sdv/ +Iv1JDPOetJjdrFxALjjJV8LK6FJiCik2fTIgH5WMi7EVFMHQ0HirkCMCx3ZttTLP +xX8us1/j2PkT4spGVAd8jRI8FJ4EWr6MQsfwBiBW3UqMaggAqbtB07drnzYt42Av +/4JWA+5o6yjroQmMY1r0O6ElzWmGVOIN+QGfbDb+/lQCLKqCtA4VytX3Ua3cx/Ec +kn8/P16BoH7xihtRavHJAYEz1SNhAtzQCp/yEH0TGGvGGMlg8w== +-----END CERTIFICATE REQUEST----- diff --git a/src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/server.SSH-pub-key.pub b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/server.SSH-pub-key.pub new file mode 100644 index 0000000..173acc7 --- /dev/null +++ b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/server.SSH-pub-key.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDYIeN/DFEooCksL3nGdFDQ9OS+BtXoQJZiKCtcVjw8ousNzbFwzrvQM8lkfPUWjS/Xtn7z8/0EallsQiV37QXRHh2OhT5C0DlpiKxOdL8gPNAELI9rcBcRNPissxUjQTrzhsYrCOynY6i3SSykkigyAvMIUMSe+RpiSYiSh1gTrSxp6rYfJTFcWLp9nN3MSR63alvEaEKmzorSlFvXfIexZ6JGRoRf3DZvWJxxyHaIPbC377cL6s2xB6vwcOmpvjiaIqcyNkgvUyWBhWX/opngnnYmWq54iPxXB8TUi9X+4joifpk0e8ercApwCKEPzimDVaNfunEPucuTvDYa1CM/6mBLzfZjjoWomCPDVPCCUdbZG40nIzia/JybjVKARxMRbt5t0MENoc7n8jSONxz9WmhqqyDotzamjathfq+X8w/vkbRgjNxG5cOr60ULwwsg5DkWCQugMPkpGYHlQioZuL4jmmxCffuWwLE1xG+yflMdsnuKZDuVaBbyWdsOKeBNCu33oLgYyJ7jvo8CGZBptLsm2H3NhID7ibcPiNYAks7mYri4KVf9uJWUZFBypWhiBeekfjSbDFAY2Z4xqBW47uN7SB7TjhZs+HbQGcOEAdJYmlIZ+Ack5DUF9wTXIyCnkNnsXj8SHyDZBiYav2y21ljXlTKKJBBrbNSv2YGi0w== diff --git a/src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/server.crt b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/server.crt new file mode 100644 index 0000000..4a8e7e4 --- /dev/null +++ b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/server.crt @@ -0,0 +1,36 @@ +-----BEGIN CERTIFICATE----- +MIIGTDCCBDSgAwIBAgIBCjANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQGEwJJTjES +MBAGA1UECAwJS2FybmF0YWthMRIwEAYDVQQHDAlCZW5nYWx1cnUxFTATBgNVBAoM +DEdvTGludXhDbG91ZDEOMAwGA1UECwwFQWRtaW4xDzANBgNVBAMMBnJvb3RDYTAe +Fw0yMzEwMjUyMDM1NTFaFw00MzEwMjAyMDM1NTFaMFYxCzAJBgNVBAYTAkFVMRMw +EQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0 +eSBMdGQxDzANBgNVBAMMBnNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC +AgoCggIBANgh438MUSigKSwvecZ0UND05L4G1ehAlmIoK1xWPDyi6w3NsXDOu9Az +yWR89RaNL9e2fvPz/QRqWWxCJXftBdEeHY6FPkLQOWmIrE50vyA80AQsj2twFxE0 ++KyzFSNBOvOGxisI7KdjqLdJLKSSKDIC8whQxJ75GmJJiJKHWBOtLGnqth8lMVxY +un2c3cxJHrdqW8RoQqbOitKUW9d8h7FnokZGhF/cNm9YnHHIdog9sLfvtwvqzbEH +q/Bw6am+OJoipzI2SC9TJYGFZf+imeCediZarniI/FcHxNSL1f7iOiJ+mTR7x6tw +CnAIoQ/OKYNVo1+6cQ+5y5O8NhrUIz/qYEvN9mOOhaiYI8NU8IJR1tkbjScjOJr8 +nJuNUoBHExFu3m3QwQ2hzufyNI43HP1aaGqrIOi3NqaNq2F+r5fzD++RtGCM3Ebl +w6vrRQvDCyDkORYJC6Aw+SkZgeVCKhm4viOabEJ9+5bAsTXEb7J+Ux2ye4pkO5Vo +FvJZ2w4p4E0K7feguBjInuO+jwIZkGm0uybYfc2EgPuJtw+I1gCSzuZiuLgpV/24 +lZRkUHKlaGIF56R+NJsMUBjZnjGoFbju43tIHtOOFmz4dtAZw4QB0liaUhn4ByTk +NQX3BNcjIKeQ2exePxIfINkGJhq/bLbWWNeVMookEGts1K/ZgaLTAgMBAAGjggEM +MIIBCDAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAzBglghkgBhvhCAQ0E +JhYkT3BlblNTTCBHZW5lcmF0ZWQgQ2xpZW50IENlcnRpZmljYXRlMB0GA1UdDgQW +BBSqbF4PmYnGmkfOm6gj82ltv4xSKzAfBgNVHSMEGDAWgBTDnCUKe0f1grlRCc4o +dfYAQj4lhzAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsG +AQUFBwMBMEQGA1UdHwQ9MDswOaA3oDWGM2NsYXNzcGF0aDppby9ncmF2aXRlZS9w +b2xpY3kvandzL3Rscy9jcmwvcm9vdGNhLmNybDANBgkqhkiG9w0BAQsFAAOCAgEA +evjQXUc8EhYng0idg0XVYivT9R3Yuijaa+Puy1OYSd2N9T6VYTF1nznFfcAGU39e +Z02xb2tLmKzidOEubrg8f8adwEaqI7mEYNkPO3S1R8W7bSt70AOixKE79dfPrNNt +34gw/yFWfZvJhk+zVGhs70MsPJJCyGoIjTkc5WDlRwCoO2f+VUgiPuSj3Xm3TICj +VUZLyBIW088+5R6zH46F7Kn8nVi+6qjrmDpZZan+utlRqvZryYXUxo7xtYC9JvkA +iDoilhPQWo77A7kJMc//kzsn2Mmx/3b7uLqLP7mrh1tOADrAVOmvPL9HszmlpJGS +RRHFpNVX3NFnTUsALcuwAfEEtSrAmd2mX0+7y3AmLHuahpLHwdXog+tPKAJmjPND +sQWeY1Qm/8jiH9yDJ6W7uqtU2mgf4UBDcXBrqm/0KpmjcEN8bm4XESOWKCDucueW +QnCAZ1TFBg43PkYoOC/hmTc5Ur3pwn3rX98G79U4NvzlqxCedA84VXNAjx54j1GG +NmlcCbacvVayo7XvRn/W2nSys78x5+Uk+gRwStBKkCOelUe+DmmSgC7qLRYl3TRs +NrW+iVaaEAcvr65kdFT7hue2AS0gWJYo8RCgfm8GJdCvzS59g2XX4sq/W5mqZ6cB +QCb6Ql6lrykE5wipy0BJ/YUG/IGFsvruUwWPMQ8RvTc= +-----END CERTIFICATE----- diff --git a/src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/server.csr b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/server.csr new file mode 100644 index 0000000..f9d0d63 --- /dev/null +++ b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/server.csr @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEmzCCAoMCAQAwVjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx +ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UEAwwGc2Vy +dmVyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2CHjfwxRKKApLC95 +xnRQ0PTkvgbV6ECWYigrXFY8PKLrDc2xcM670DPJZHz1Fo0v17Z+8/P9BGpZbEIl +d+0F0R4djoU+QtA5aYisTnS/IDzQBCyPa3AXETT4rLMVI0E684bGKwjsp2Oot0ks +pJIoMgLzCFDEnvkaYkmIkodYE60saeq2HyUxXFi6fZzdzEket2pbxGhCps6K0pRb +13yHsWeiRkaEX9w2b1iccch2iD2wt++3C+rNsQer8HDpqb44miKnMjZIL1MlgYVl +/6KZ4J52JlqueIj8VwfE1IvV/uI6In6ZNHvHq3AKcAihD84pg1WjX7pxD7nLk7w2 +GtQjP+pgS832Y46FqJgjw1TwglHW2RuNJyM4mvycm41SgEcTEW7ebdDBDaHO5/I0 +jjcc/Vpoaqsg6Lc2po2rYX6vl/MP75G0YIzcRuXDq+tFC8MLIOQ5FgkLoDD5KRmB +5UIqGbi+I5psQn37lsCxNcRvsn5THbJ7imQ7lWgW8lnbDingTQrt96C4GMie476P +AhmQabS7Jth9zYSA+4m3D4jWAJLO5mK4uClX/biVlGRQcqVoYgXnpH40mwxQGNme +MagVuO7je0ge044WbPh20BnDhAHSWJpSGfgHJOQ1BfcE1yMgp5DZ7F4/Eh8g2QYm +Gr9sttZY15UyiiQQa2zUr9mBotMCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4ICAQC1 +FOUjppJa24N5cm6oJWs1XVcC6UWHpNacWUZcxknO6wxIjtzvwd2OUx2/VLLP5Xb2 +ZUXY2hsvj8yQBNxhAyje81TO8pxGPxfvYsO8mbGU+/hVzm8YJHhnYILjVWiQ0Gug +anC9fs09l4U87sXoX4lRRrbt1KDwlYRdCUVrUuSm8+GHh68YDvOHtdAdIkm6Zkel +H7eHU56I+/3de6lnOsZJNCWr0kSSseBu1efJY9NL0Kq8rfkE9L9Jr+feoCriAsQ2 +5NoWg8W71TLSq5rVoWO4JvAlWG7iKakZdCGamOAw7HRiuwCMgFTBWAnrxFw63XdX +Ramx5SX154YSh90wn85IICX9Fz5eaKBKOHKS1ym0BFmQZd3cqEgWWAYTIt6fJ+2N +VBM4az+at26QLXTexlEo8ASI4SKd+k4umyu4P/XwaNLsHvM3cJZg31wsQxiHSjj0 +bLDnNk5I+3VkD9LtMeCKIouZDctYXj82c+VDlDmhxp8lRNXaNFMGoYWmaEgZ06T9 +1Ft2M5oTcOGZCql97SomhPd7lpubg5PnG/yv4Q/GBf048dDcsKokJft2uB+N0VEZ +bsb214lowIbymhPbqD3o39hXDQVLMHW2ETi3wVHRa2vHbBj5a+h/S3E6n8KnrnD4 +A2IgNzXJrSwfd/UFKUfQpcjUirNVrR0atB8jHjZDTg== +-----END CERTIFICATE REQUEST----- diff --git a/src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/server.key.pem b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/server.key.pem new file mode 100644 index 0000000..2f5a801 --- /dev/null +++ b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/server.key.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDYIeN/DFEooCks +L3nGdFDQ9OS+BtXoQJZiKCtcVjw8ousNzbFwzrvQM8lkfPUWjS/Xtn7z8/0Ealls +QiV37QXRHh2OhT5C0DlpiKxOdL8gPNAELI9rcBcRNPissxUjQTrzhsYrCOynY6i3 +SSykkigyAvMIUMSe+RpiSYiSh1gTrSxp6rYfJTFcWLp9nN3MSR63alvEaEKmzorS +lFvXfIexZ6JGRoRf3DZvWJxxyHaIPbC377cL6s2xB6vwcOmpvjiaIqcyNkgvUyWB +hWX/opngnnYmWq54iPxXB8TUi9X+4joifpk0e8ercApwCKEPzimDVaNfunEPucuT +vDYa1CM/6mBLzfZjjoWomCPDVPCCUdbZG40nIzia/JybjVKARxMRbt5t0MENoc7n +8jSONxz9WmhqqyDotzamjathfq+X8w/vkbRgjNxG5cOr60ULwwsg5DkWCQugMPkp +GYHlQioZuL4jmmxCffuWwLE1xG+yflMdsnuKZDuVaBbyWdsOKeBNCu33oLgYyJ7j +vo8CGZBptLsm2H3NhID7ibcPiNYAks7mYri4KVf9uJWUZFBypWhiBeekfjSbDFAY +2Z4xqBW47uN7SB7TjhZs+HbQGcOEAdJYmlIZ+Ack5DUF9wTXIyCnkNnsXj8SHyDZ +BiYav2y21ljXlTKKJBBrbNSv2YGi0wIDAQABAoICACJGnZF/Ho/Wy9tvXAdBAwq1 +tmD8gd08q5y9dMLxWh7eUhtKTPhFkOYf5bHDWgr4MRIrUE7X7tRNxAi1z24Jb4Fj +yUQvlVl7NDUBsRxwH1oOyt5z7VAYjU/z7/aoypK2EZH1Wbq8G5Z1k5gdnrAquFKA +wpIbB6jpJb9YnLQVir5JbwsNEfzhJRwuu29C+q8fGXlKVhX72DYj+JgUtyFMD9OZ +Sn7inV5RH2uLyKOy1Y7IWceR2JxR4cpQG9Bx17H3siT07JcQog9UnFTCFxRHcSfS +JDfzlvUT+btuRqTT2F18+xiQAzPzkrgkI0OehWHATDfBKRD8Ea9ww6brk5kFnjaF +8ZEwLPiTgYoBXs05UWUxilkGM0zF+vzp/5AZFwSFF169IRscIzUrCIMHrhuA3nyM +mu3tihtMJHn3G02s650EBgOzdCyEmu14ruGdA1SHCHIkEpzZNVYZqoFuynfcQKiw +Mh5fnatMs3aLubltss3llpH8kAvdEw4SnDkAZpaAiqVNI/Lgp0ZPSNFP2lVAFwnQ +qj6ovdF/J+CxvH7mqsrCxZQIyuxP/HFpydCnt8ZkCFjJTzPyhselR5i2Myf4FpB0 +QhNNprDt9dGJNg8yD5CC20tgISJF7cWpldTMzI6ms3Zwyqt5BFiPpYeWrUAbDdu6 +8KktprPVmbbUSeFWaeKBAoIBAQD6DfcEEBwctbQTDXh/r7kQlFsymvPtX3Dz/68r +XSRLLPDZsos9eaahyjvGScsTjiy1pu+/N0EZp6K0xC9LyAcRqN1efPePh0vKHRvB +aczVB8j9626PxU65IbXGa/XHRdmu/+yG+m9q2d3UtyjSxPSGzxQPP0OmLt+d7R6N +YRJKBEsWguQEmfH3tI56IVtX/PGAGq4e7G1ON5Q4b4k0iDwgDGrjB66b+6AS7Xwn +zAU7S6AQkHRVOtiEZg9wr4G7LTuhGoY1/Z+19dnReTGF1TVvsl1HH1XybnTAReqG +VoQaC6zzINXHxl82spihw+DKwsZRbpYQ9GAo4uwc/vHwiZBRAoIBAQDdRXIjkcrE +KOK/IY8KwM5v8FuLTor/RYC+ceo7W8kMUoqdpfvuY9gEtMBED3dmC74DDoeeorqs +gdOUmCCOsqSxYRnIfARPnR2RgqTB/PgQq3aX/ZBTKFFtUT/MCynvy3blL9lvTSrN +Rn2Y2R1pbzXUMxf6WM4e3EHI/YAzm++tx9SSrw7mDotplZ63pTEweZOJfOu6aPVa +vWdX6rtKYHOvaOMfCBsdz+8Du97sRlZ2hlK3TZmrlcT+GMl0ucqtVIZdQbn+3kYF +vf8xLnpI84fzeNyZd3oNiwDQqQe8ciOp0nrB8+allUPWg2ubRi1FeKyds2hYEuhs +BBs6JFt6BDvjAoIBAQCDt7t4vmuwi95xctUYnZ3kp+FqRMldLrs3LGY/d27Y0rGE +W1KRbXVjID5gcxqwEGJoxajgluCJ/Q3uHrGzP4jJuqPxU+6sAl7f9nlaZrrpNJKh +ftTcktinGKTCAriS4a6LSnBzoZPzOxRpKposfGc6Y/ZzGaYu8d4FOJSxcILLznsn +PoeSDO2yx7+Ngei17p3gFy3FSFFDtG81Uzt5GpJhZ2kecjt+Gwv1LHgMFqJi27FT +SGSfSMIo7AISH8E8sdUJRgmQgysQFJNKjoaRsv/U+KW+Azmo3JpPdgTWAtjPR3sx +DwjNlScujuFrxNyyser5lkEiaTgGEZLCq2ESjcQhAoIBAQC3+899LfOYiZqIbEIB +IfJE92lW+vbubP8w2410z8vq+BMUJHjHbrOmrhiUPvv7mNXkuscfq5VmbQjdrGSd +4oK4jtGedygqfqygWi3esxYc3kVc+dRwoLycFgvjAIFdRyPUS6YTOunVB8DVP+qJ +yZPLnrRYUFELLf9xPP/Faeqv59GkKfVMa1mWcHcpoiy1btGzZ3CmbjFcwtJUMvSK +Uoq+losLOXU6o7PMugERGyc3pFbQ3bBiEMVctoWEDhwtZXPXxRf/iRhWG/Y+EbRS +RlSLqLpczRBqhGMoHPQ2x/1Jbp7t+HyWv/dJPbtSv9ZSxpVZB11Cpm4lqoBtJt/9 +I9obAoIBADaWWuoUUYXxk1nltwqGZIgpUfK5mktcWTi4+i68tIRIIjX5hsTyvzyy +0R0XpTa/y9JS17YGvrGzsDLH99lJx66lixyMjMo/NIPubxO+R1f5TsQk5d+07zLO +V2LBGHhlsmNvBPbVoyFeRYJ7mHnBiI32o3BT8h4mADxOcGwMfSFaDuVKcWETHsI2 +8ruZIk/x0lS2zvMdREwlpqeUXB9WF4eg7ZAb+eOwo9/6Bp40uTItTcpdYhalONVd +GtqoX52QX6IwmQDEHLZ8WZyylNZwvjrb00bzjjMLQnoJeTdT+kthO3VggYfWA9ab +AaQ9KadaRGaTb62U9WNINj9y8YYe3wI= +-----END PRIVATE KEY----- diff --git a/src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/server.x509-key.pub b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/server.x509-key.pub new file mode 100644 index 0000000..3faf591 --- /dev/null +++ b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/certs/server.x509-key.pub @@ -0,0 +1,14 @@ +-----BEGIN PUBLIC KEY----- +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2CHjfwxRKKApLC95xnRQ +0PTkvgbV6ECWYigrXFY8PKLrDc2xcM670DPJZHz1Fo0v17Z+8/P9BGpZbEIld+0F +0R4djoU+QtA5aYisTnS/IDzQBCyPa3AXETT4rLMVI0E684bGKwjsp2Oot0kspJIo +MgLzCFDEnvkaYkmIkodYE60saeq2HyUxXFi6fZzdzEket2pbxGhCps6K0pRb13yH +sWeiRkaEX9w2b1iccch2iD2wt++3C+rNsQer8HDpqb44miKnMjZIL1MlgYVl/6KZ +4J52JlqueIj8VwfE1IvV/uI6In6ZNHvHq3AKcAihD84pg1WjX7pxD7nLk7w2GtQj +P+pgS832Y46FqJgjw1TwglHW2RuNJyM4mvycm41SgEcTEW7ebdDBDaHO5/I0jjcc +/Vpoaqsg6Lc2po2rYX6vl/MP75G0YIzcRuXDq+tFC8MLIOQ5FgkLoDD5KRmB5UIq +Gbi+I5psQn37lsCxNcRvsn5THbJ7imQ7lWgW8lnbDingTQrt96C4GMie476PAhmQ +abS7Jth9zYSA+4m3D4jWAJLO5mK4uClX/biVlGRQcqVoYgXnpH40mwxQGNmeMagV +uO7je0ge044WbPh20BnDhAHSWJpSGfgHJOQ1BfcE1yMgp5DZ7F4/Eh8g2QYmGr9s +ttZY15UyiiQQa2zUr9mBotMCAwEAAQ== +-----END PUBLIC KEY----- diff --git a/src/test/resources/io/gravitee/policy/jws/cert-with-crl/crl/rootca.crl b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/crl/rootca.crl new file mode 100644 index 0000000..750f615 --- /dev/null +++ b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/crl/rootca.crl @@ -0,0 +1,19 @@ +-----BEGIN X509 CRL----- +MIIC/jCB5wIBATANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQGEwJJTjESMBAGA1UE +CAwJS2FybmF0YWthMRIwEAYDVQQHDAlCZW5nYWx1cnUxFTATBgNVBAoMDEdvTGlu +dXhDbG91ZDEOMAwGA1UECwwFQWRtaW4xDzANBgNVBAMMBlJvb3RDQRcNMjMxMDI2 +MTAxNjE4WhcNNDMxMDIxMTAxNjE4WjAUMBICAQIXDTIzMTAyNjA3MDM0MVqgMDAu +MB8GA1UdIwQYMBaAFIWgu/Hj97qPN4zpfnbtI99hiFZdMAsGA1UdFAQEAgIQADAN +BgkqhkiG9w0BAQsFAAOCAgEAEw50kXSHEPXtIhHc5Lphgd8PG6wuJifHyMGDEwL9 +5uskmvXCi1+M5rDsHN3Zcu4MnLUz2Mvz5xsukMZnknN4Q0VO+fj6qB5BZ7RD1FUV +qoctQ2JGHzZFmvgVzFiHgnX617H5N0Kg6lFknvTXoq7RDfoSHrPt70zhQ7xhL9fu +RpthLEb4OVX3QBDNjUWutq3uWoGQfAjhy5kF6YRwqpuTKIGw/wqED09vTKqeT007 +KP5fU1TR5gR/CzRgT5muODXa8U5cGSVLn4RK4Qnp4OAjJg0R43BVj2VS1G9TQrRa +bcfSL5A5oVQnJqKSCk9Zvl/XEn7CRFFah7vqIYmuwGW+stDdiF+UP1EC+zN7lyqm +4HmqSqNidOccmIQ/CaLqdPuf1nFEzfNB5Zkqr4WVNq7u9OfRmrFXSOtOHBxWVpNW +Zkt5tVZGx0QvOlEPJzDM6DmEUED11bVF8LDGT2RtCafu/6RNPgxFNwNLUukniSFg +lRhlhjHTvTSKVBBJbBYsO1RjW5t2oOilAADod6oio2tDYhos5ZOHhiJ30XJwe0na +uPmURo+bbsP6jJlI5zjgHwNViSFqLEumadfwjTIkG9RYjzVVMDCO62RNMxxG3gMY +te7sgJu3422csFFkEw5dae4SUjBPCd+Nnive5NtgiakcHDBboE0A2lIAHna9aWBH +umo= +-----END X509 CRL----- diff --git a/src/test/resources/io/gravitee/policy/jws/cert-with-crl/crlnumber b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/crlnumber new file mode 100644 index 0000000..dd11724 --- /dev/null +++ b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/crlnumber @@ -0,0 +1 @@ +1001 diff --git a/src/test/resources/io/gravitee/policy/jws/cert-with-crl/crlnumber.old b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/crlnumber.old new file mode 100644 index 0000000..83b33d2 --- /dev/null +++ b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/crlnumber.old @@ -0,0 +1 @@ +1000 diff --git a/src/test/resources/io/gravitee/policy/jws/cert-with-crl/ext_template.cnf b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/ext_template.cnf new file mode 100644 index 0000000..10262a3 --- /dev/null +++ b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/ext_template.cnf @@ -0,0 +1,8 @@ +basicConstraints = CA:FALSE +nsCertType = client, email +nsComment = "OpenSSL Generated Client Certificate" +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment +extendedKeyUsage = clientAuth, serverAuth +crlDistributionPoints = URI:classpath:io/gravitee/policy/jws/cert-with-crl/crl/rootca.crl \ No newline at end of file diff --git a/src/test/resources/io/gravitee/policy/jws/cert-with-crl/index.txt b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/index.txt new file mode 100644 index 0000000..54749c3 --- /dev/null +++ b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/index.txt @@ -0,0 +1,3 @@ +V 431021070329Z 01 unknown /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=server-valid +R 431021070332Z 231026070341Z 02 unknown /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=server-revoked +V 210101010000Z 03 unknown /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=server-expired diff --git a/src/test/resources/io/gravitee/policy/jws/cert-with-crl/index.txt.attr b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/index.txt.attr new file mode 100644 index 0000000..8f7e63a --- /dev/null +++ b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/index.txt.attr @@ -0,0 +1 @@ +unique_subject = yes diff --git a/src/test/resources/io/gravitee/policy/jws/cert-with-crl/index.txt.attr.old b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/index.txt.attr.old new file mode 100644 index 0000000..8f7e63a --- /dev/null +++ b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/index.txt.attr.old @@ -0,0 +1 @@ +unique_subject = yes diff --git a/src/test/resources/io/gravitee/policy/jws/cert-with-crl/index.txt.old b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/index.txt.old new file mode 100644 index 0000000..874a111 --- /dev/null +++ b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/index.txt.old @@ -0,0 +1,2 @@ +V 431021070329Z 01 unknown /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=server-valid +R 431021070332Z 231026070341Z 02 unknown /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=server-revoked diff --git a/src/test/resources/io/gravitee/policy/jws/cert-with-crl/openssl.cnf b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/openssl.cnf new file mode 100644 index 0000000..0e8ca86 --- /dev/null +++ b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/openssl.cnf @@ -0,0 +1,87 @@ +[ ca ] +default_ca = CA_default # The default ca section + +[ CA_default ] +dir = . # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +new_certs_dir = $dir/certs # default place for new certs. +certificate = $dir/certs/cacert.pem # The CA certificate +serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cakey.pem # The private key +x509_extensions = v3_ca # The extensions to add to the cert +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# crlnumber must also be commented out to leave a V1 CRL. + crl_extensions = crl_ext + +default_days = 7300 # how long to certify for +default_crl_days= 7300 # how long before next CRL +default_md = sha256 # use SHA-256 by default +preserve = no # keep passed DN ordering + +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = optional +stateOrProvinceName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 2048 +default_md = sha256 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extensions to add to the self signed cert + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = IN +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Karnataka +localityName = Locality Name (eg, city) +localityName_default = Bengaluru +0.organizationName = Organization Name (eg, company) +0.organizationName_default = GoLinuxCloud +organizationalUnitName = Organizational Unit Name (eg, section) +organizationalUnitName_default = Admin + +commonName = Common Name (eg, your name or your server\'s hostname) +commonName_max = 64 + +emailAddress = Email Address +emailAddress_max = 64 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 +unstructuredName = An optional company name + +[ v3_req ] +# Extensions to add to a certificate request +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] +# Extensions for a typical CA +# PKIX recommendation. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer +basicConstraints = critical,CA:true +crlDistributionPoints = URI:classpath:io/gravitee/policy/jws/cert-with-crl/crl/rootca.crl + +[ crl_ext ] +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. +authorityKeyIdentifier=keyid:always \ No newline at end of file diff --git a/src/test/resources/io/gravitee/policy/jws/cert-with-crl/private/cakey.pem b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/private/cakey.pem new file mode 100644 index 0000000..29d80ef --- /dev/null +++ b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/private/cakey.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDLQnZMUJ9TvHLw +cBE6aAeJyOMykFvfUNmW+9ab9fopNEn0kWn+icfxTyfdRxOvtXPzs7YBNrUNMYH5 +y+zawwk+deWCV1gzqGaqSf42APywL8AVVLhtzXyHz5NYiIzXLViWF9Ccn1eyDYaQ +Xl3esmMz3fWcqxbKDrFDvsR3gbSm5f/ziQXskJRkg5Ayhw0WzefX2Zb9d/Ch224a +xjKfp9/PdR9v5fgZDCpxXJrQhgoFNaqZ9zvbpqq0sYjQNQNrP+o37B8CH3RS87/6 +HIvXDJQD9kDs8Pzs+TXLvJVAzIXwZwPwFTYIfDq4jWdwhik3AuaNvfY13QuLTyzF +NevgBJUfhke1qXmBLq3g2zgRmnqBi20zyzJ+5T2jfBKcbTYZ2kztdQKzbq+h24m0 +TYCmJVANP4EtJscWi9OvKuucChHpimzrYIs3LI6NsR0cWVrMK94RyrR8yd7M4mwG +nMSsoU5MnzIG6hAwY2f6oxWHwJnaqpuuIzcW4OGHmrz4HB4+RV6/3A0VEpNrqu+k +lK2Wwp/iAdikgUiywzxFjknAxWiHureJDBnI6G90vR2x0xTMuwzHl/l7EO67QkSp +UPpri1SAY9tuDCrxPnTghVGSQwo/mBsa6Bswc4m83dbkX1SVZk4yeXMK2jDWjjJv +M4PVMl7qlCgxDKoy8rawjROWnQbUdwIDAQABAoICAGN3b7qizYVFuB2PSe8CD4ZO +x1fsKvlacFChhwElWzkkvHgxXORR+oVNDh4L9UdMDaUZsZxgcDM3ofpi39KiFPj6 +6shhA+mrpCn7MaqtyvpRM7d8kRAyuZkgbGOr1vhJ2YsBtnWeyGR6l/o4I8miFEfC +e7oiQ3G3xOl5Bl3RHF18OkesKzj7+5JAi6UeT7p0ItuPQINjWV9rqTLzALz+gtjb +4Pl6WXGwcWiuP5iBr4+jFoxn32P66JiqNGBnQPgP/AdHxljcmakqXS0BITGolxpl +PJp2x98TiU7dR1DBhV4Cm3u2dY2rdXTwxcjb7nlcMwT0C/OJ62dN5IPRgk9LDsnS +PDCQswcPCWk7S3vJK772RsYplzcFuOoZs6s0jxrFPla8X8Lf4xoGILtIpVrV87N1 +DMRfr0rlnkGrm3t5Z7c6RYoRQYM/g9jdnn2Xt5viuofk/yfuSgJibWok8KKlitDp +sxqFPOjiRnxMu226jR6WEciReyy6bYFHuvbPcHdaOGG+S7u/7bqVzy3hn1mXvxEk +Xak9RWJNGfEss6lqV9a1T/jBai2GN3DSulqTz/2rrYiytD+pAKb7EAuAcsfnixfL +6F84ey+ARXZB3/gRzIiA45GJoGp+Cit2avuDWoSopFjLveGItEUk1I1pcAwwsTPc +MZhXycU59QPaCxTuxYJRAoIBAQDnuS5i/UTi+XSSEC0tSn+xQ+8H/ZuM5Hm/xIXE +Hw7lVeJhGb9PDAa2vBGCxUfVkICrBlka/IvzCyQeicX8oOa9S473WXdUOHgc/9vo +nkCoNxEap8pROm4Ct6naq9nFxQU+P2SdgWzVHFtTDGl2ok9ln9d0OR8bE3oXkhAv +SAhkpitDcR54+9Psr1lX39ZtBmR1goszznh9zNTIxB3zDvhROrFMgwIwq3Mjw0eX +9Vz15RFj6aooMLUyeialCSFNMSugDMvxdLpXLV33Ys2OvKIuIe3iUt5UFYjnkhq/ +FO7cwmov7/q3dpVxDwawhjltcRfhe7vL7s/S3RUWUk56wI3pAoIBAQDgjeIpndnT +YEFuYzM251nz2a6CTLHAbACtf+5AmXBYXA8u1pekwonBqkl7qYg5XJLO5HRd4jpq +WWMxomFaMpelqvDmKxyx4HhfJBU28XBU9espyX6tuYrQF8DUTmuIjHXKpi2ICcs/ +0Y10W3Gn97Xmv/diiCGy5qYHMVXaoH/R/OKcD89UbgZdjC8Z/bkgJyMU2duPZ/vI +MPX/ssBAmWTnuN55cO7FEokjD+4Gc3x7B6r2YATpaQlQEHJeLUQgLjVQjK65u1C2 +6jmHneyX+ipm2giXATGTT8KDVAKoIHzSEKj40EgQGTRz/vuuZQm4KYSm5WpUfLvt +936Xa0fhLvNfAoIBAQChudDyLanicBA30Sp2rcQpSCyP+ySRVPTULqjdlH+k+Cgj +dQDcfpxA9UmTZ3UXTN9AfhG6kABtBJ2U4rtX8kSYYR/K6poqIa9TLg+hbrHZtXUu +kWTXBFy7cMwPXlmDelqKc1wZwbbflgb3E3aX4fhgCQsqhqN7FkDkKoE5PqD8/iy7 +yTtnXPsv+cH1XrgdJ5T9nrrg0X2u70KjTJ1Kgmw05S3RJK5moYKetzBEkm7q/5D/ +lpm3qycLr81A6fpgEa1M6yF7x+g15+fpPQASWv0mDXAlwYiCTvVaCdK5AjcjxFyw +UGE/onfyjHYyxbtW8tOj/+O2FVre5IZPKeq0KafhAoIBAFS/d6G5P2J1K3yb19Ja +0ioj96aZh2RV3pOcerDKuAnBBMHqn2TBPvhmakFPpGfxtj57Hifon59PiQ5MeG1w +NqeBslVL5BKF4ygVGCSaTojiHxSwRS0Pn4IV1OLLje4FBNesi/aRq7G0RqypbmW0 +KWSjApyfQAii3/pK9loCxPrddDDuDpOQyro3k/c9OMcXvje6WRDwb6gIQm90aPZ4 +bgq+TMiMhLC/5B3lfzHUGCDerfk6F+B3kdozutYsQ0/Z4Kk7zx2twjKmh3vVcFuT +QLl8hE1pV+p+6axi4nXNfQ5S11LAWNIqkQ9OJnKVE2v7z2KlptGoGc0f4RkIliI4 +dAUCggEBAKSjn9GTxQi0gx483OCd7FakAItTiU0vWPDP8mAGO10E7JNcCv/l3ZrU +m4NTuXzDqW0D9OF/POtcO7IdWv/NmZ2LJmuupuMWb/lq8E84IGX3HxBB5eRvEcf0 +lJXudx1K8HmX0AdthDj++4vmzAlsurTbmSnwJ+s3K333HQHqBAINmL/47NWeTZkX +Ri/9aPPWDcaCiKNYxd60OkFXDQYt1WoMb/LcIVpKin3z+XhvibpbguBCvGrHoByZ +HHXEz8BNQ+stkGJJ49AJE4eyLTDMMGcR+XQDZQAvpYAkd/8zBLMPrT38OQR6f1cG +WYZONSez8zQZ6maYUGqLthSyld3zpo0= +-----END PRIVATE KEY----- diff --git a/src/test/resources/io/gravitee/policy/jws/cert-with-crl/serial b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/serial new file mode 100644 index 0000000..6496923 --- /dev/null +++ b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/serial @@ -0,0 +1 @@ +04 diff --git a/src/test/resources/io/gravitee/policy/jws/cert-with-crl/serial.old b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/serial.old new file mode 100644 index 0000000..75016ea --- /dev/null +++ b/src/test/resources/io/gravitee/policy/jws/cert-with-crl/serial.old @@ -0,0 +1 @@ +03 diff --git a/src/test/resources/io/gravitee/policy/jws/other-server.key.pem b/src/test/resources/io/gravitee/policy/jws/other-server.key.pem new file mode 100644 index 0000000..7535fae --- /dev/null +++ b/src/test/resources/io/gravitee/policy/jws/other-server.key.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDdbIrpgkRPgP36 +3UAMeMIcWAWpzU/Bm5sMbMxdixeqjrDSIz5VAqwsRtBMeMX4iasLKkwlO1rEJlRP +y/ThZL0WmxprJ5SN7TT8O2pBtD2e8Qm7FdDNWmlQEjfgzHH3uWXzB/s7jJYSBGa+ +DgwUAPI4UuWdu8YxJro1NVuHpyRy1dcPv0l4lvGakMbrl79oKbrOkxeq4LBKfMgn +RclUFB/UrSP2iqFsOLP6l1baOvxRgXbQMCecs+tdgUClktArWLkItHZPHgX0k4KP +4Caoa0A299gB+WWI27n6misla60HzExDD1mkdegcSfdZMeGsGGFH5VNAN/z5+3Tc +UriyyYNx2jNc2SXZ9qZ9xQ8D6dGL6pnJN9R59PPiy0TVSXpAjMunLis2EbdtYfCg +mWn5jzfXI4rGe2CPQ9bZGXKGJc5riXswEhjUe48FqGr7O59Dl97UhZvxcgvM4A+G +zLkypOq8LPfV1ReREq2Ec8ZRlNkoFuEeJZpg2T1vL11mwJgHE2G2QDtO4/IiGgP2 +TqawzB4TqCCuEQ7lT3DOnZChvlD8ARGOihqEkFW3hZ4CxAhFlsk5CSJl5uEbXliw +grOTHeUyvrdJngbqpOKLDjSVJ2l5V7GGAB0SdZroUF/wPWyu22iJ95GgLdSvuV0i +dd1Daz14sfEW4i5fD6njGZv7BwrcGwIDAQABAoICAAF0yEkW2ToooAL5V4V9edFT +5t2iAwdD7bYcNQ/cbVBq1dDb+Hn4pYc5A/+sv6iNxzkwkwWfqU4m7mED911QG0o9 +xOO1g+2XBMUv4tgBxnH4Jdc8In5nPNAQ/psU3R8C8h+yCr3ug8Ikk0RmtT+gbfde +3DG4XWpPVeQpsKtotv2mWF67JFGNtJMOprA/9DtMIvVe1EYEakRjI7HWbKeH5lmw +tc7WRI+Ao/Ze7mxK/QPQNSbTWj9Wk5Ku2ez81S+jyru67BhDG0jre21UzQxIgEic +QqhoqnlG8KcsQmJhneayOkIqpK1HNTqSZfUJNfG6y1D8uhpvA9PlCnS0epB6cMnY +wiBbkdlXUp+b+SUHJ33fJvX9SHppY6aEoHNPBkYEu2+sW2LBv0jWq6QW6CEo59v2 +8YZ0bX2pF56P2ICDVtLg78XotTX6ERB4GhA8B0CAQNqu5pDulr2M/6DfL3dXmRYV +SLdWy8BZ1MBx3uI4f1J+a3KgwY1qvb7Mmk8aoSFUzPn6ZwCqXrnp8MYq48Airviz +IuCDn3BJB0LmrwAuQMc+KKUUl/6ZTyQgBaKgaATLC4waYW+emp13G2pogsbzqNSi +SpbOX00Zxnn0L08Gv9NB5Q+ump+EyXwlBEZD3GnbcO9X9hcNIIRXVfttF6bO7P0Y +MYIvvmnsjK9D1G2Xalm5AoIBAQD4Uu3dtTnLiBjioVAs9GXm5cLgQQ5B9VULnI24 +Ise6RsBIXgUuW5RRriFsMUMNUHRo6pR75XordfbHufpBQZAymjJ9nA6Fmkzhzdvd +g7QACZ3SGAS+wV/MDo+UXlOkbQZY4kGKgoU7n1oeUqskYWDja0wHVRCFDLVTpi9e +3ina1ZaAsVOaQE3BJLGRAhyAP65No5VLeYscXzLhYJa9i8UHneQDf56fz9O5yYbK +auKMHbg96kCFI9B8YeEXna1FLcrOBQzHiuZ83s/QENB5duGxFyQi/SIQn2iIboSh +7i+5ugeyvVkDpYxdBJz1EhCQZ1f2aryltFINMRjITNzC8OdNAoIBAQDkRL7BG73D +yhdQdWxIu0bk6pXv8qMEVLvp2QXzACIZhnFqOKGpuCiukHL40oLPs8maQrSy5CmJ +qPWk1qAumJtVTcc+Snksk5Y6HwBtQwrWlRpWHUSD98gcNn/xeNmeO2ATwg3AIlLF +LONIMHpCaO8mbXoXCThlUarNZWxIC9ri1VA6gHAUAUClreewB8HGKZonEJu948+H +FmbnmwmqE1Lto6KpmsinnpQbkGMA8/zXYvN47n50A1btUfmiNuKeCvsr9eRcEDop +dCbzvOLv91cTHB5ZrTr9oUG14AclfEnCxTUdXqo6eks+dJRO2rNnIiTIO+GCzWdQ +g5eGWr9S/C0HAoIBAD50hRTk9qNFGJUvYz3bPiHjma7TTeWy8W/ZMR+lx7wG/Wd2 +FjGBoP0mIYvXm/imSpD0puG+Zoq1wZqcIN/2wHCprZc//7sEgt+r6ed9r3Du+j2U +AuWDNzfYVa5IRxssvJLwXPGcQCwtuPm1awvcXgT0wIt7josYFibyvilLERXT8GVv +tAowsB2qv+orsMVkvs8SHIN+D0nUe7SJmYAUvjpbMLTcjSW+nI62q+sPFOmOs/8G +grG5vz75UyagZqrmiIJmbL9nJO81DulSwUw7ZSooGtOd/MpXfXAK89rSUDiTHEqN +Ku0q3vGqLlvI7leTVmFImSfIAXcF6Si/hCqXcmUCggEBAI65kQ/LGabeqB8tnEwJ +lLUzHBbQfi8KEAiSIo8iqS+OiUFiMWqd9AnZ1ZlQfmwBvO8QAE3OLU6ebyDm9XbN +Amqe3BJNnGBL02V51tl6Tr+GsNXhLOLavasuRGcmKeMuus7/yXs1us0AWQfdD8SQ +Od+sGednY3SuUH5miQKvLugfei9p+Sn48oPlLXU6FGWjw3fjgY2EcFDFqAfuP2ew +92wQoXcsiYOMuoxVhiGlbJT7kMIvVK+TGvn+BHjxmlY5BX0iHOuXVdZvgp9pnfdu +jmorbaqijrzg4+YlMjK0+KWoiqJXe1Ze+scNO2Hmir/UcG0mS8VuSsfjz405FmF7 +vWcCggEActxykZi5y4GAKWn+OkdgZXarohot7MuVP/RyYdvNcz7Ap0I+bs9CRzcZ +A7ceAwhuvdwKoteCKJp0kluXSWC4IYkf1mizzBLBCUy1Of7wJhYLctkPZblGvJ5i +Th0/73fnYbGI88aKb0Hf5Q+6gpgLV3GOnFbBtVJfOeQMOGXlWIBBoWh5YSj+s6mY +agl4diawlQVMABXl17WPici6Ouei2cNwTZEnp9n7VdHaFxURBpNtIikzVI/bENYV +MD2djF6nSKRVqjwaqBiMpu3MmXT17ZTvwKrLe6J/RYpsMSDcntcAolaV75NiztU9 +l7SHB1GZ19N1Cxq/OZ9EeWiJgpK7EA== +-----END PRIVATE KEY----- diff --git a/src/test/resources/io/gravitee/policy/jws/server-bad.crt b/src/test/resources/io/gravitee/policy/jws/server-bad.crt new file mode 100644 index 0000000..f150e8e --- /dev/null +++ b/src/test/resources/io/gravitee/policy/jws/server-bad.crt @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDjzCCAnegAwIBAgIUR6TX3hUrPvPEaq/b/ITuEQiGm4swDQYJKoZIhvcNAQEL +BQAwVzELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM +GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEQMA4GA1UEAwwHYmFkLWNydDAeFw0y +MzEwMjYwODI4MTlaFw0yNDEwMjUwODI4MTlaMFcxCzAJBgNVBAYTAkFVMRMwEQYD +VQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBM +dGQxEDAOBgNVBAMMB2JhZC1jcnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQC5y0eHDoeSMy+JuAq+CZkC3eyZIHDJvi/FEUDIqhyt7K22E7kXZhY3aNSD +bHAoJhh5WP3ZweeC+1j/DUEmHBmmCBeZK2cnlbAwDBzJ8YnsjR8A2J43s6m8EPxq +2AP88LMocWf4QQKXe3KFZ+znMSIy+ci+BzuqMmqJ3xT5rbhYcNUSQWC+0qHccKs2 +lqazM5ZoNLPoVO132ucvJInJ4U3R51E6EF1kpR6iT5W8BnMxLSpTGZfGVl1BMFr8 +92I4O49Wl0V94Azh2NqwLlHIJ46Yyir+iOBCR5C7XZ7PhzLqjEVqt+rthyxjGySw +esjxPzpsap/BXkRwIDsUm0vUqd7tAgMBAAGjUzBRMB0GA1UdDgQWBBSVvfDKqGfV +3O0Xah19SNH9zZyyEjAfBgNVHSMEGDAWgBSVvfDKqGfV3O0Xah19SNH9zZyyEjAP +BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCnVCv5Sc5+e8j2mxd9 +mkR/PZxgozgaN6Z4XXqNXs1b/sa7U5U8e8CnhHfsMjOkQkKUXQaZzqnuzII2LFxQ +M9lSIw+LOQWy+u3QKP2C9Z+/8LYoYMAcazGHEoZ3O/IJpO7rGIi3dMgbPeM4lioQ +U6JAKo1l3vAo8Jey99V13kT2v3wOCZNOKByMi1FpAYSWJmxYEnaY8xfGPRLqMFsS +cE3x/Kn+f7pzjuE5LQFNAzkbHSPNsAhj2SZn/qERxRMIs0Ip4Ftb56FMFbY9qCzR +VuqNcy56QbUseQJI4XuWyNXD+5VRmg5rR0nBkfj8f660g9oYsK/amLPbbEYQNK2c +LWVM +-----END CERTIFICATE----- diff --git a/src/test/resources/io/gravitee/policy/jws/wikipedia.pem b/src/test/resources/io/gravitee/policy/jws/wikipedia.pem deleted file mode 100644 index faa4410..0000000 --- a/src/test/resources/io/gravitee/policy/jws/wikipedia.pem +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIJRDCCCCygAwIBAgIQDTNuZ+xjImqxHkYeTt+jUzANBgkqhkiG9w0BAQsFADBw -MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 -d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz -dXJhbmNlIFNlcnZlciBDQTAeFw0xNzEyMjEwMDAwMDBaFw0xOTAxMjQxMjAwMDBa -MHkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T -YW4gRnJhbmNpc2NvMSMwIQYDVQQKExpXaWtpbWVkaWEgRm91bmRhdGlvbiwgSW5j -LjEYMBYGA1UEAwwPKi53aWtpcGVkaWEub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEA8MJW05zWP0GaSfYJQyvW9jVjLeakTcI4FwwznMNcwAxREhLQ -oSITnSlsPckcVdHokHKPx6cZpGP1qx/ZrosaKBxmzLKRQ1rHXr8opsgJf6M3GZtN -7ZMNNVOA7FqfBvu4IAycivdetmSyCLST9ewVRENM/XBRvPaWFiOF6tTshbXyALUF -hExkG+aFsgMQIqwlDecIBuicMK3Na8QF+YgxyhvnBL3r2ZO0PtUjJ14KMBYOXs2J -qTEJrVd4cFI7oYzqBdSbIpY+cOwDE8NzhBswoWtl9HSfhDZWHNqy3dO/jaRx1KAx -vLX6h2iz88oYGIHm9feAqeZviAPbwjzQV4BryQIDAQABo4IFzzCCBcswHwYDVR0j -BBgwFoAUUWj/kK8CB3U8zNllZGKiErhZcjswHQYDVR0OBBYEFNXu93ceilxvtK2K -HDM0cJFZdnPKMIIC+AYDVR0RBIIC7zCCAuuCDyoud2lraXBlZGlhLm9yZ4INd2lr -aXBlZGlhLm9yZ4IRKi5tLndpa2lwZWRpYS5vcmeCFCouemVyby53aWtpcGVkaWEu -b3Jngg13aWtpbWVkaWEub3Jngg8qLndpa2ltZWRpYS5vcmeCESoubS53aWtpbWVk -aWEub3JnghYqLnBsYW5ldC53aWtpbWVkaWEub3Jngg1tZWRpYXdpa2kub3Jngg8q -Lm1lZGlhd2lraS5vcmeCESoubS5tZWRpYXdpa2kub3Jngg13aWtpYm9va3Mub3Jn -gg8qLndpa2lib29rcy5vcmeCESoubS53aWtpYm9va3Mub3Jnggx3aWtpZGF0YS5v -cmeCDioud2lraWRhdGEub3JnghAqLm0ud2lraWRhdGEub3Jnggx3aWtpbmV3cy5v -cmeCDioud2lraW5ld3Mub3JnghAqLm0ud2lraW5ld3Mub3Jngg13aWtpcXVvdGUu -b3Jngg8qLndpa2lxdW90ZS5vcmeCESoubS53aWtpcXVvdGUub3Jngg53aWtpc291 -cmNlLm9yZ4IQKi53aWtpc291cmNlLm9yZ4ISKi5tLndpa2lzb3VyY2Uub3Jngg93 -aWtpdmVyc2l0eS5vcmeCESoud2lraXZlcnNpdHkub3JnghMqLm0ud2lraXZlcnNp -dHkub3Jngg53aWtpdm95YWdlLm9yZ4IQKi53aWtpdm95YWdlLm9yZ4ISKi5tLndp -a2l2b3lhZ2Uub3Jngg53aWt0aW9uYXJ5Lm9yZ4IQKi53aWt0aW9uYXJ5Lm9yZ4IS -Ki5tLndpa3Rpb25hcnkub3Jnghd3aWtpbWVkaWFmb3VuZGF0aW9uLm9yZ4IZKi53 -aWtpbWVkaWFmb3VuZGF0aW9uLm9yZ4IbKi5tLndpa2ltZWRpYWZvdW5kYXRpb24u -b3JnghJ3bWZ1c2VyY29udGVudC5vcmeCFCoud21mdXNlcmNvbnRlbnQub3JnggZ3 -Lndpa2kwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF -BQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5odHRwOi8vY3JsMy5kaWdpY2VydC5jb20v -c2hhMi1oYS1zZXJ2ZXItZzYuY3JsMDSgMqAwhi5odHRwOi8vY3JsNC5kaWdpY2Vy -dC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9 -bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMw -CAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3MHUwJAYIKwYBBQUHMAGGGGh0dHA6Ly9v -Y3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEFBQcwAoZBaHR0cDovL2NhY2VydHMuZGln -aWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhpZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5jcnQw -DAYDVR0TAQH/BAIwADCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB1AKS5CZC0GFgU -h7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABYHmYcVYAAAQDAEYwRAIgC7X6sP5d -+NKIeaGCcn+gev6rzCQRPn9rbVo+VDd7gTECIBA0unijh7Hja3GsszUGYp0GJaM9 -mqOjbtkYfZf0aDi0AHYAh3W/51l8+IxDmV+9827/Vo1HVjb/SrVgwbTq/16ggw8A -AAFgeZhyrQAABAMARzBFAiAjOKyvodLXHQcJRbBplRZCcodIU5FJI2BU+OacqZ49 -5gIhAKnYnI7ON6+kEa318L/6uSUlJKiH4woaVitFciZ1NceEMA0GCSqGSIb3DQEB -CwUAA4IBAQCOe9Vh5yHgkOBsxgqckUDWdTphLB/U1380sFrZkfT41HzA+bFO8jmp -uL7CK4R1yJyQw2ks+zZtNlmKt4iCI9Kx1lsaQSLt6o5qEt8W/8zYSKKfaQRIIkb3 -GZIV78antWZWls7xgLgX+oXZRXcTS4qTy0RO9jUL7UvFPZp3h35GOr7UvwgcH9l8 -19qDnUvwtT5GzACwd+emtQf5f+BgZ/cNeEtBw2lSkd13YBsKCO3khkybvQF0Jgda -ony9XSKdrh8JNCHM3e0BkVpHs1jb9w2/2cYCjRRo67T2avAIts69LPWk58qWizdQ -viwuvZQxDl9UM8oi5wuB3F7Sv65F64x4 ------END CERTIFICATE----- diff --git a/src/test/resources/logback-test.xml b/src/test/resources/logback-test.xml new file mode 100644 index 0000000..842e3d3 --- /dev/null +++ b/src/test/resources/logback-test.xml @@ -0,0 +1,39 @@ + + + + + + + + + + %d{HH:mm:ss.SSS} [%thread] %-5level %logger{5} - %msg%n + + + + + + + + + + + + + +