1 package org.cacert.gigi;
3 import java.io.IOException;
4 import java.security.GeneralSecurityException;
5 import java.security.KeyPair;
6 import java.security.PrivateKey;
7 import java.security.cert.X509Certificate;
8 import java.sql.SQLException;
9 import java.util.Collection;
10 import java.util.List;
12 import org.cacert.gigi.Certificate.CSRType;
13 import org.cacert.gigi.Certificate.CertificateStatus;
14 import org.cacert.gigi.Certificate.SANType;
15 import org.cacert.gigi.Certificate.SubjectAlternateName;
16 import org.cacert.gigi.testUtils.ManagedTest;
17 import org.junit.Test;
19 import static org.junit.Assert.*;
21 public class TestCertificate extends ManagedTest {
24 public void testClientCertLoginStates() throws IOException, GeneralSecurityException, SQLException, InterruptedException {
25 KeyPair kp = generateKeypair();
26 String key1 = generatePEMCSR(kp, "CN=testmail@example.com");
27 Certificate c = new Certificate(1, "/CN=testmail@example.com", "sha256", key1, CSRType.CSR, CertificateProfile.getById(1));
28 final PrivateKey pk = kp.getPrivate();
29 c.issue().waitFor(60000);
30 final X509Certificate ce = c.cert();
31 assertNotNull(login(pk, ce));
35 public void testSans() throws IOException, GeneralSecurityException, SQLException, InterruptedException {
36 KeyPair kp = generateKeypair();
37 String key = generatePEMCSR(kp, "CN=testmail@example.com");
38 Certificate c = new Certificate(1, "/CN=testmail@example.com", "sha256", key, CSRType.CSR, CertificateProfile.getById(1),//
39 new SubjectAlternateName(SANType.EMAIL, "testmail@example.com"), new SubjectAlternateName(SANType.DNS, "testmail.example.com"));
41 testFails(CertificateStatus.DRAFT, c);
42 c.issue().waitFor(60000);
43 X509Certificate cert = c.cert();
44 Collection<List<?>> sans = cert.getSubjectAlternativeNames();
45 assertEquals(2, sans.size());
46 boolean hadDNS = false;
47 boolean hadEmail = false;
48 for (List<?> list : sans) {
49 assertEquals(2, list.size());
50 Integer type = (Integer) list.get(0);
53 assertEquals("testmail@example.com", list.get(1));
54 } else if (type == 2) {
56 assertEquals("testmail.example.com", list.get(1));
64 testFails(CertificateStatus.ISSUED, c);
66 Certificate c2 = Certificate.getBySerial(c.getSerial());
67 assertEquals(2, c2.getSans().size());
68 assertEquals(c.getSans().get(0).getName(), c2.getSans().get(0).getName());
69 assertEquals(c.getSans().get(0).getType(), c2.getSans().get(0).getType());
70 assertEquals(c.getSans().get(1).getName(), c2.getSans().get(1).getName());
71 assertEquals(c.getSans().get(1).getType(), c2.getSans().get(1).getType());
74 c2.getSans().remove(0);
75 fail("the list should no be modifiable");
76 } catch (UnsupportedOperationException e) {
82 public void testCertLifeCycle() throws IOException, GeneralSecurityException, SQLException, InterruptedException {
83 KeyPair kp = generateKeypair();
84 String key = generatePEMCSR(kp, "CN=testmail@example.com");
85 Certificate c = new Certificate(1, "/CN=testmail@example.com", "sha256", key, CSRType.CSR, CertificateProfile.getById(1));
86 final PrivateKey pk = kp.getPrivate();
88 testFails(CertificateStatus.DRAFT, c);
89 c.issue().waitFor(60000);
91 testFails(CertificateStatus.ISSUED, c);
92 X509Certificate cert = c.cert();
93 assertNotNull(login(pk, cert));
94 c.revoke().waitFor(60000);
96 testFails(CertificateStatus.REVOKED, c);
97 assertNull(login(pk, cert));
101 private void testFails(CertificateStatus status, Certificate c) throws IOException, GeneralSecurityException, SQLException {
102 assertEquals(status, c.getStatus());
103 if (status != CertificateStatus.ISSUED) {
106 fail(status + " is in invalid state");
107 } catch (IllegalStateException ise) {
111 if (status != CertificateStatus.DRAFT) {
114 fail(status + " is in invalid state");
115 } catch (IllegalStateException ise) {
119 if (status != CertificateStatus.ISSUED) {
122 fail(status + " is in invalid state");
123 } catch (IllegalStateException ise) {