1 package org.cacert.gigi;
3 import static org.junit.Assert.*;
5 import java.io.IOException;
6 import java.security.GeneralSecurityException;
7 import java.security.KeyPair;
8 import java.security.PrivateKey;
9 import java.security.cert.X509Certificate;
10 import java.sql.SQLException;
11 import java.util.Collection;
12 import java.util.List;
14 import org.cacert.gigi.dbObjects.Certificate;
15 import org.cacert.gigi.dbObjects.Certificate.CSRType;
16 import org.cacert.gigi.dbObjects.Certificate.CertificateStatus;
17 import org.cacert.gigi.dbObjects.Certificate.SANType;
18 import org.cacert.gigi.dbObjects.Certificate.SubjectAlternateName;
19 import org.cacert.gigi.dbObjects.CertificateProfile;
20 import org.cacert.gigi.dbObjects.User;
21 import org.cacert.gigi.testUtils.ManagedTest;
22 import org.junit.Test;
24 import sun.security.x509.GeneralNameInterface;
26 public class TestCertificate extends ManagedTest {
28 User u = User.getById(createVerifiedUser("fn", "ln", createUniqueName() + "@example.com", TEST_PASSWORD));
31 public void testClientCertLoginStates() throws IOException, GeneralSecurityException, SQLException, InterruptedException, GigiApiException {
32 KeyPair kp = generateKeypair();
33 String key1 = generatePEMCSR(kp, "CN=testmail@example.com");
34 Certificate c = new Certificate(u, Certificate.buildDN("CN", "testmail@example.com"), "sha256", key1, CSRType.CSR, CertificateProfile.getById(1));
35 final PrivateKey pk = kp.getPrivate();
36 c.issue(null, "2y").waitFor(60000);
37 final X509Certificate ce = c.cert();
38 assertNotNull(login(pk, ce));
42 public void testSANs() throws IOException, GeneralSecurityException, SQLException, InterruptedException, GigiApiException {
43 KeyPair kp = generateKeypair();
44 String key = generatePEMCSR(kp, "CN=testmail@example.com");
45 Certificate c = new Certificate(u, Certificate.buildDN("CN", "testmail@example.com"), "sha256", key, CSRType.CSR, CertificateProfile.getById(1),//
46 new SubjectAlternateName(SANType.EMAIL, "testmail@example.com"), new SubjectAlternateName(SANType.DNS, "testmail.example.com"));
48 testFails(CertificateStatus.DRAFT, c);
49 c.issue(null, "2y").waitFor(60000);
50 X509Certificate cert = c.cert();
51 Collection<List<?>> sans = cert.getSubjectAlternativeNames();
52 assertEquals(2, sans.size());
53 boolean hadDNS = false;
54 boolean hadEmail = false;
55 for (List<?> list : sans) {
56 assertEquals(2, list.size());
57 Integer type = (Integer) list.get(0);
59 case GeneralNameInterface.NAME_RFC822:
61 assertEquals("testmail@example.com", list.get(1));
63 case GeneralNameInterface.NAME_DNS:
65 assertEquals("testmail.example.com", list.get(1));
75 testFails(CertificateStatus.ISSUED, c);
77 Certificate c2 = Certificate.getBySerial(c.getSerial());
78 assertEquals(2, c2.getSANs().size());
79 assertEquals(c.getSANs().get(0).getName(), c2.getSANs().get(0).getName());
80 assertEquals(c.getSANs().get(0).getType(), c2.getSANs().get(0).getType());
81 assertEquals(c.getSANs().get(1).getName(), c2.getSANs().get(1).getName());
82 assertEquals(c.getSANs().get(1).getType(), c2.getSANs().get(1).getType());
85 c2.getSANs().remove(0);
86 fail("the list should not be modifiable");
87 } catch (UnsupportedOperationException e) {
93 public void testCertLifeCycle() throws IOException, GeneralSecurityException, SQLException, InterruptedException, GigiApiException {
94 KeyPair kp = generateKeypair();
95 String key = generatePEMCSR(kp, "CN=testmail@example.com");
96 Certificate c = new Certificate(u, Certificate.buildDN("CN", "testmail@example.com"), "sha256", key, CSRType.CSR, CertificateProfile.getById(1));
97 final PrivateKey pk = kp.getPrivate();
99 testFails(CertificateStatus.DRAFT, c);
100 c.issue(null, "2y").waitFor(60000);
102 testFails(CertificateStatus.ISSUED, c);
103 X509Certificate cert = c.cert();
104 assertNotNull(login(pk, cert));
105 c.revoke().waitFor(60000);
107 testFails(CertificateStatus.REVOKED, c);
108 assertNull(login(pk, cert));
112 private void testFails(CertificateStatus status, Certificate c) throws IOException, GeneralSecurityException, SQLException, GigiApiException {
113 assertEquals(status, c.getStatus());
114 if (status != CertificateStatus.ISSUED) {
117 fail(status + " is in invalid state");
118 } catch (IllegalStateException ise) {
122 if (status != CertificateStatus.DRAFT) {
125 fail(status + " is in invalid state");
126 } catch (IllegalStateException ise) {
130 if (status != CertificateStatus.ISSUED) {
133 fail(status + " is in invalid state");
134 } catch (IllegalStateException ise) {