1 package club.wpia.gigi.api;
3 import static org.junit.Assert.*;
5 import java.io.ByteArrayInputStream;
6 import java.io.IOException;
7 import java.io.InputStreamReader;
8 import java.io.OutputStream;
9 import java.net.HttpURLConnection;
11 import java.net.URLEncoder;
12 import java.security.GeneralSecurityException;
13 import java.security.KeyPair;
14 import java.security.PrivateKey;
15 import java.security.cert.CertificateFactory;
16 import java.security.cert.X509Certificate;
18 import org.junit.Test;
20 import club.wpia.gigi.dbObjects.Certificate;
21 import club.wpia.gigi.dbObjects.Certificate.CSRType;
22 import club.wpia.gigi.dbObjects.Certificate.CertificateStatus;
23 import club.wpia.gigi.dbObjects.Country;
24 import club.wpia.gigi.dbObjects.Country.CountryCodeType;
25 import club.wpia.gigi.dbObjects.Digest;
26 import club.wpia.gigi.dbObjects.Domain;
27 import club.wpia.gigi.dbObjects.Group;
28 import club.wpia.gigi.dbObjects.Organisation;
29 import club.wpia.gigi.dbObjects.User;
30 import club.wpia.gigi.pages.account.certs.CertificateRequest;
31 import club.wpia.gigi.testUtils.ClientTest;
32 import club.wpia.gigi.testUtils.IOUtils;
33 import sun.security.x509.X500Name;
35 public class IssueCert extends ClientTest {
37 private final PrivateKey pk;
39 private final X509Certificate ce;
41 private final Certificate c;
43 private final KeyPair kp;
47 kp = generateKeypair();
48 String key1 = generatePEMCSR(kp, "EMAIL=testmail@example.com");
49 c = new Certificate(u, u, Certificate.buildDN("EMAIL", "testmail@example.com"), Digest.SHA256, key1, CSRType.CSR, getClientProfile());
50 c.setLoginEnabled(true);
52 await(c.issue(null, "2y", u));
54 } catch (Exception e) {
60 public void testIssueCert() throws Exception {
61 String cert = issueCert(generatePEMCSR(kp, "EMAIL=" + email + ",CN=" + CertificateRequest.DEFAULT_CN), "profile=client");
63 CertificateFactory cf = CertificateFactory.getInstance("X509");
64 java.security.cert.X509Certificate xcert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(cert.getBytes("UTF-8")));
65 assertEquals(CertificateRequest.DEFAULT_CN, ((X500Name) xcert.getSubjectDN()).getCommonName());
70 public void testRevoke() throws Exception {
71 revoke(c.getSerial().toLowerCase());
72 assertEquals(CertificateStatus.REVOKED, c.getStatus());
76 public void testIssueCertVerified() throws Exception {
79 String intendedName = "a b";
80 String cert = issueCert(generatePEMCSR(kp, "EMAIL=" + email + ",CN=" + intendedName), "profile=client-a");
82 CertificateFactory cf = CertificateFactory.getInstance("X509");
83 java.security.cert.X509Certificate xcert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(cert.getBytes("UTF-8")));
84 assertEquals(intendedName, ((X500Name) xcert.getSubjectDN()).getCommonName());
89 public void testIssueOrgCert() throws Exception {
91 User u2 = User.getById(createVerificationUser("testworker", "testname", createUniqueName() + "@testdom.com", TEST_PASSWORD));
92 u2.grantGroup(getSupporter(), Group.ORG_AGENT);
94 Organisation o1 = new Organisation("name", Country.getCountryByCode("DE", CountryCodeType.CODE_2_CHARS), "pr", "st", "test@mail", "", "", u2);
95 o1.addAdmin(u, u2, false);
96 String testdom = createUniqueName() + "-example.com";
97 Domain d2 = new Domain(u, o1, testdom);
100 String whishName = createUniqueName();
101 String cert = issueCert(generatePEMCSR(kp, "EMAIL=test@" + testdom + ",CN=" + whishName), "profile=client-orga&asOrg=" + o1.getId());
103 CertificateFactory cf = CertificateFactory.getInstance("X509");
104 java.security.cert.X509Certificate xcert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(cert.getBytes("UTF-8")));
105 assertEquals(whishName, ((X500Name) xcert.getSubjectDN()).getCommonName());
109 private String issueCert(String csr, String options) throws IOException, GeneralSecurityException {
110 HttpURLConnection connection = (HttpURLConnection) new URL("https://" + getServerName().replaceFirst("^www.", "api.") + CreateCertificate.PATH).openConnection();
111 authenticateClientCert(pk, ce, connection);
112 connection.setDoOutput(true);
113 OutputStream os = connection.getOutputStream();
114 os.write((options + "&csr=" + URLEncoder.encode(csr, "UTF-8")).getBytes("UTF-8"));
116 assertEquals(connection.getResponseMessage(), 200, connection.getResponseCode());
117 String cert = IOUtils.readURL(new InputStreamReader(connection.getInputStream(), "UTF-8"));
121 private void revoke(String serial) throws IOException, GeneralSecurityException {
122 HttpURLConnection connection;
124 connection = (HttpURLConnection) new URL("https://" + getServerName().replaceFirst("^www.", "api.") + "/account/certs/revoke").openConnection();
125 authenticateClientCert(pk, ce, connection);
126 connection.setDoOutput(true);
127 os = connection.getOutputStream();
128 os.write(("serial=" + URLEncoder.encode(serial, "UTF-8")).getBytes("UTF-8"));
130 assertEquals(connection.getResponseCode(), 200);