+ Certificate c = new Certificate(u, u, Certificate.buildDN("CN", "testmail@example.com"), Digest.SHA256, key, CSRType.CSR, getClientProfile(),//
+ new SubjectAlternateName(SANType.EMAIL, "testmail@example.com"), new SubjectAlternateName(SANType.DNS, "testmail.example.com"));
+
+ testFails(CertificateStatus.DRAFT, c);
+ await(c.issue(null, "2y", u));
+ X509Certificate cert = c.cert();
+ Collection<List<?>> sans = cert.getSubjectAlternativeNames();
+ assertEquals(2, sans.size());
+ boolean hadDNS = false;
+ boolean hadEmail = false;
+ for (List<?> list : sans) {
+ assertEquals(2, list.size());
+ Integer type = (Integer) list.get(0);
+ switch (type) {
+ case GeneralNameInterface.NAME_RFC822:
+ hadEmail = true;
+ assertEquals("testmail@example.com", list.get(1));
+ break;
+ case GeneralNameInterface.NAME_DNS:
+ hadDNS = true;
+ assertEquals("testmail.example.com", list.get(1));
+ break;
+ default:
+ fail("Unknown type");
+
+ }
+ }
+ assertTrue(hadDNS);
+ assertTrue(hadEmail);
+
+ testFails(CertificateStatus.ISSUED, c);
+
+ Certificate c2 = Certificate.getBySerial(c.getSerial());
+ assertNotNull(c2);
+ assertEquals(2, c2.getSANs().size());
+ assertEquals(c.getSANs().get(0).getName(), c2.getSANs().get(0).getName());
+ assertEquals(c.getSANs().get(0).getType(), c2.getSANs().get(0).getType());
+ assertEquals(c.getSANs().get(1).getName(), c2.getSANs().get(1).getName());
+ assertEquals(c.getSANs().get(1).getType(), c2.getSANs().get(1).getType());
+
+ try {
+ c2.getSANs().remove(0);
+ fail("the list should not be modifiable");
+ } catch (UnsupportedOperationException e) {
+ // expected
+ }
+ }
+
+ @Test
+ public void testCertLifeCycle() throws IOException, GeneralSecurityException, SQLException, InterruptedException, GigiApiException {
+ KeyPair kp = generateKeypair();
+ String key = generatePEMCSR(kp, "CN=testmail@example.com");
+ Certificate c = new Certificate(u, u, Certificate.buildDN("CN", "testmail@example.com"), Digest.SHA256, key, CSRType.CSR, getClientProfile());