Examples of org.apache.cxf.xkms.model.xkms.StatusType

• org.apache.cxf.xkms.model.xkms.StatusType

    @Test
    public void testWss40DirectTrustNegative() throws JAXBException, CertificateException {
        X509Certificate wss40Certificate = readCertificate("wss40.cer");
        ValidateRequestType request = prepareValidateXKMSRequest(wss40Certificate);
        request.getQueryKeyBinding().getKeyUsage().add(KeyUsageEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_SIGNATURE);
        StatusType result = doValidate(request);

        Assert.assertEquals(KeyBindingEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_INVALID, result.getStatusValue());
        Assert.assertFalse(result.getInvalidReason().isEmpty());
        Assert.assertEquals(XKMSConstants.DIRECT_TRUST_VALIDATION, result
                            .getInvalidReason().get(0));
    }

        return findCert != null;
    }

    @Override
    public StatusType validate(ValidateRequestType request) {
        StatusType status = new StatusType();

        if (request.getQueryKeyBinding() != null) {
            List<KeyUsageEnum> keyUsages = request.getQueryKeyBinding().getKeyUsage();
            if (keyUsages.contains(KeyUsageEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_SIGNATURE)) {
                List<X509Certificate> certificates = ValidateRequestParser.parse(request);
                if (certificates == null || certificates.isEmpty()) {
                    status.setStatusValue(KeyBindingEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_INDETERMINATE);
                    status.getIndeterminateReason().add("http://www.cxf.apache.org/2002/03/xkms#RequestNotSupported");
                    return status;
                }
                for (X509Certificate certificate : certificates) {
                    if (!isCertificateInRepo(certificate)) {
                        LOG.warning("Certificate is not found in XKMS repo and is not directly trusted: "
                                    + certificate.getSubjectDN().getName());
                        status.getInvalidReason().add(XKMSConstants.DIRECT_TRUST_VALIDATION);
                        status.setStatusValue(KeyBindingEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_INVALID);
                        return status;
                    }
                }
                status.getValidReason().add(XKMSConstants.DIRECT_TRUST_VALIDATION);
            }
        }

        status.setStatusValue(KeyBindingEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_VALID);

        return status;
    }

        return trustAnchors;
    }

    @Override
    public StatusType validate(ValidateRequestType request) {
        StatusType status = new StatusType();
        List<X509Certificate> certificates = ValidateRequestParser.parse(request);
        if (certificates == null || certificates.isEmpty()) {
            status.setStatusValue(KeyBindingEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_INDETERMINATE);
            status.getIndeterminateReason().add("http://www.cxf.apache.org/2002/03/xkms#RequestNotSupported");
        }
        if (isCertificateChainValid(certificates)) {
            status.getValidReason().add(ReasonEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_ISSUER_TRUST.value());
            status.setStatusValue(KeyBindingEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_VALID);
        } else {
            status.getInvalidReason().add(ReasonEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_ISSUER_TRUST.value());
            status.setStatusValue(KeyBindingEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_INVALID);
        }
        return status;
    }

    }

    private KeyBindingType prepareResponseBinding(PrototypeKeyBindingType binding) {
        KeyBindingType responseBinding = new KeyBindingType();
        responseBinding.setKeyInfo(binding.getKeyInfo());
        StatusType status = new StatusType();
        status.setStatusValue(KeyBindingEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_VALID);
        responseBinding.setStatus(status);
        return responseBinding;
    }

        XKMSException exception = ExceptionMapper.fromResponse(validateResultType);
        if (exception != null) {
            throw exception;
        }

        StatusType status = validateResultType.getKeyBinding().iterator()
            .next().getStatus();
        if (KeyBindingEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_VALID != status.getStatusValue()) {
            return new CertificateValidationResult(false, XKMS_VALIDATE_ERROR);
        }
        return new CertificateValidationResult(true, null);
    }

            .getValidReason().get(0));
    }

    @Test
    public void testAliceSignedByRootIsValid() throws JAXBException, CertificateException {
        StatusType result = processRequest("validateRequestOKAlice.xml");
        Assert.assertEquals(KeyBindingEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_VALID, result.getStatusValue());
        Assert.assertFalse(result.getValidReason().isEmpty());
        Assert.assertEquals(ReasonEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_ISSUER_TRUST.value(), result
            .getValidReason().get(0));
    }

            .getValidReason().get(0));
    }

    @Test
    public void testDaveSignedByAliceSginedByRootIsValid() throws JAXBException, CertificateException {
        StatusType result = processRequest("validateRequestOKDave.xml");
        Assert.assertEquals(KeyBindingEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_VALID, result.getStatusValue());
        Assert.assertFalse(result.getValidReason().isEmpty());
        Assert.assertEquals(ReasonEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_ISSUER_TRUST.value(), result
            .getValidReason().get(0));
    }

        XKMSException exception = ExceptionMapper.fromResponse(validateResultType);
        if (exception != null) {
            throw exception;
        }

        StatusType status = validateResultType.getKeyBinding().iterator()
            .next().getStatus();
        if (KeyBindingEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_VALID != status.getStatusValue()) {
            return new CertificateValidationResult(false, XKMS_VALIDATE_ERROR);
        }
        return new CertificateValidationResult(true, null);
    }

            .getValidReason().get(0));
    }

    @Test
    public void testSelfSignedCertOscarIsNotValid() throws JAXBException, CertificateException {
        StatusType result = processRequest("validateRequestInvalidOscar.xml");
        Assert.assertEquals(result.getStatusValue(), KeyBindingEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_INVALID);
        Assert.assertFalse(result.getInvalidReason().isEmpty());
        Assert.assertEquals(ReasonEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_ISSUER_TRUST.value(), result
            .getInvalidReason().get(0));
    }

    @Test
    public void testValidCertWithCRL() throws CertificateException {
        X509Certificate wss40Certificate = readCertificate("wss40.cer");
        ValidateRequestType request = prepareValidateXKMSRequest(wss40Certificate);
        StatusType result = doValidate(request);

        Assert.assertEquals(KeyBindingEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_VALID, result.getStatusValue());
        Assert.assertFalse(result.getValidReason().isEmpty());
        Assert.assertEquals(ReasonEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_VALIDITY_INTERVAL.value(), result
            .getValidReason().get(0));
        Assert.assertEquals(ReasonEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_ISSUER_TRUST.value(), result
            .getValidReason().get(1));
    }