Skip to content

Commit

Permalink
Fixes to ELY-2756 Add tests to the elytron test suite to test to test…
Browse files Browse the repository at this point in the history
… OCSP with revoked and unknown certificates
  • Loading branch information
Prarthona Paul committed Aug 19, 2024
1 parent 11a9b4f commit c7b4764
Showing 1 changed file with 10 additions and 6 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -719,12 +719,14 @@ public void testOcspGood() throws Throwable {

@Test
public void testOcspRevoked() throws Throwable {
DefinedCAIdentity ca = caGenerationTool.getDefinedCAIdentity(Identity.CA);
DefinedIdentity scarab = caGenerationTool.getDefinedIdentity(Identity.SCARAB);
SSLContext serverContext = new SSLContextBuilder()
.setSecurityDomain(getKeyStoreBackedSecurityDomain("/jks/beetles.keystore"))
.setKeyManager(getKeyManager("/jks/scarab.keystore"))
.setSecurityDomain(getKeyStoreBackedSecurityDomain(caGenerationTool.getBeetlesKeyStore()))
.setKeyManager(scarab.createKeyManager())
.setTrustManager(X509RevocationTrustManager.builder()
.setTrustManagerFactory(getTrustManagerFactory())
.setTrustStore(createKeyStore("/jks/ca.truststore"))
.setTrustStore(ca.loadKeyStore())
.setOcspResponderCert(ocspResponderCertificate)
.build())
.setNeedClientAuth(true)
Expand All @@ -736,12 +738,14 @@ public void testOcspRevoked() throws Throwable {

@Test
public void testOcspUnknown() throws Throwable {
DefinedCAIdentity ca = caGenerationTool.getDefinedCAIdentity(Identity.CA);
DefinedIdentity scarab = caGenerationTool.getDefinedIdentity(Identity.SCARAB);
SSLContext serverContext = new SSLContextBuilder()
.setSecurityDomain(getKeyStoreBackedSecurityDomain("/jks/beetles.keystore"))
.setKeyManager(getKeyManager("/jks/scarab.keystore"))
.setSecurityDomain(getKeyStoreBackedSecurityDomain(caGenerationTool.getBeetlesKeyStore()))
.setKeyManager(scarab.createKeyManager())
.setTrustManager(X509RevocationTrustManager.builder()
.setTrustManagerFactory(getTrustManagerFactory())
.setTrustStore(createKeyStore("/jks/ca.truststore"))
.setTrustStore(ca.loadKeyStore())
.setOcspResponderCert(ocspResponderCertificate)
.build())
.setNeedClientAuth(true)
Expand Down

0 comments on commit c7b4764

Please sign in to comment.