Built by Maven

Test PKI Library

This Java library provides an implementation of a PKI that can be used in for example unit tests.

Maven

The library is available within the e-contract.be Maven repository. Configure this Maven repository within your pom.xml as follows:

<repositories>
        <repository>
                <id>e-contract.be</id>
                <url>https://www.e-contract.be/maven2/</url>
        </repository>
</repositories>

Add the library within your pom.xml dependencies element as follows:

<dependency>
        <groupId>be.fedict.jtrust</groupId>
        <artifactId>jtrust-testpki</artifactId>
        <version>2.1.0</version>
</dependency>

World Usage

Via the World you can setup a unit testable PKI infrastructure. You can define a PKI topology, with each CA having its CRL/OCSP service. Example usage:

try (World world = new World()) {
    CertificationAuthority rootCertificationAuthority = new CertificationAuthority(world, "CN=Root CA");
    rootCertificationAuthority.addRevocationService(new CRLRevocationService());
    CertificationAuthority certificationAuthority = new CertificationAuthority(world, "CN=CA",
                    rootCertificationAuthority);
    world.start();

    X509Certificate rootCert = rootCertificationAuthority.getCertificate();
    X509Certificate cert = certificationAuthority.getCertificate();
    List<X509Certificate> certChain = new LinkedList<>();
    certChain.add(cert);
    certChain.add(rootCert);

    MemoryCertificateRepository memoryCertificateRepository = new MemoryCertificateRepository();
    memoryCertificateRepository.addTrustPoint(rootCert);
    TrustValidator trustValidator = new TrustValidator(memoryCertificateRepository);

    TrustValidatorDecorator trustValidatorDecorator = new TrustValidatorDecorator();
    trustValidatorDecorator.addDefaultTrustLinkerConfig(trustValidator);

    trustValidator.isTrusted(certChain);
}

PKIBuilder Usage

Via the PKIBuilder you can easily create different PKI artifacts like keys, certificate, CRLs using a fluent API.

Example usage:

KeyPair keyPair = new PKIBuilder.KeyPairBuilder().build();
X509Certificate certificate = new PKIBuilder.CertificateBuilder(keyPair).build();

Example certification generation with tons of options:

X509Certificate certificate = new PKIBuilder.CertificateBuilder(keyPair)
    .withSubjectName("CN=hehe")
    .withBasicConstraints(5)
    .withCertificatePolicy("1.2.3.4")
    .withValidityYears(2)
    .withCrlUri("https://crl")
    .withOcspUri("https://ocsp")
    .withOcspResponder()
    .withQCCompliance()
    .withQCRetentionPeriod()
    .withQCSSCD()
    .withTimeStamping()
    .build();

Documentation

Javadoc API documentation