import org.cacert.gigi.util.PEM;
import org.junit.Test;
+import sun.security.pkcs.PKCS7;
import sun.security.pkcs.PKCS9Attribute;
import sun.security.pkcs10.PKCS10Attribute;
import sun.security.pkcs10.PKCS10Attributes;
String[] res = fillOutForm("CSR=" + URLEncoder.encode(pem, "UTF-8"));
assertArrayEquals(new String[] {
- "mail", "a b", "dns:a." + uniq + ".tld\ndns:b." + uniq + ".tld\nemail:" + email + "\n", Digest.SHA384.toString()
+ "mail", "a b", "email:" + email + "\ndns:a." + uniq + ".tld\ndns:b." + uniq + ".tld\n", Digest.SHA384.toString()
}, res);
}
huc.setRequestProperty("Cookie", cookie);
huc.setDoOutput(true);
OutputStream out = huc.getOutputStream();
- out.write(("csrf=" + URLEncoder.encode(csrf, "UTF-8")).getBytes());
- out.write(("&profile=client&CN=a+b&SANs=" + URLEncoder.encode("email:" + email + "\n", "UTF-8")).getBytes());
- out.write(("&hash_alg=SHA512&CCA=y").getBytes());
+ out.write(("csrf=" + URLEncoder.encode(csrf, "UTF-8")).getBytes("UTF-8"));
+ out.write(("&CN=CAcert+WoT+User&profile=client&SANs=" + URLEncoder.encode("email:" + email + "\n", "UTF-8")).getBytes("UTF-8"));
+ out.write(("&hash_alg=SHA512&CCA=y").getBytes("UTF-8"));
URLConnection uc = authenticate(new URL(huc.getHeaderField("Location") + ".crt"));
String crt = IOUtils.readURL(new InputStreamReader(uc.getInputStream(), "UTF-8"));
byte[] cer = IOUtils.readURL(uc.getInputStream());
assertArrayEquals(cer, PEM.decode("CERTIFICATE", crt));
- uc = authenticate(new URL(huc.getHeaderField("Location") + ".cer?install"));
- byte[] cer2 = IOUtils.readURL(uc.getInputStream());
- assertArrayEquals(cer, cer2);
+ uc = authenticate(new URL(huc.getHeaderField("Location") + ".cer?install&chain"));
+ byte[] pkcs7 = IOUtils.readURL(uc.getInputStream());
+ PKCS7 p7 = new PKCS7(pkcs7);
+ byte[] sub = verifyChain(p7.getCertificates());
+ assertArrayEquals(cer, sub);
assertEquals("application/x-x509-user-cert", uc.getHeaderField("Content-type"));
uc = authenticate(new URL(huc.getHeaderField("Location")));
String gui = IOUtils.readURL(uc);
assertThat(gui, containsString("clientAuth"));
- assertThat(gui, containsString("CN=a b"));
+ assertThat(gui, containsString("CN=CAcert WoT User"));
assertThat(gui, containsString("SHA512withRSA"));
assertThat(gui, containsString("RFC822Name: " + email));
}
+ private byte[] verifyChain(X509Certificate[] x509Certificates) throws GeneralSecurityException {
+ X509Certificate current = null;
+ nextCert:
+ while (true) {
+ for (int i = 0; i < x509Certificates.length; i++) {
+ X509Certificate cert = x509Certificates[i];
+ if (current == null) {
+ if (cert.getSubjectX500Principal().equals(cert.getIssuerX500Principal())) {
+ current = cert;
+ continue nextCert;
+ }
+ } else {
+ if (cert.getSubjectX500Principal().equals(cert.getIssuerX500Principal())) {
+ continue;
+ }
+ if (current.getSubjectX500Principal().equals(cert.getIssuerX500Principal())) {
+ Signature s = Signature.getInstance(cert.getSigAlgName());
+ s.initVerify(current.getPublicKey());
+ s.update(cert.getTBSCertificate());
+ assertTrue(s.verify(cert.getSignature()));
+ current = cert;
+ continue nextCert;
+ }
+ }
+ }
+ return current.getEncoded();
+ }
+ }
+
@Test
public void testValidityPeriodCalendar() throws IOException, GeneralSecurityException {
testCertificateValidityRelative(Calendar.YEAR, 2, "2y", true);
Date start = new Date(now);
Date end = new Date(now + MS_PER_DAY * 10);
X509Certificate res = createCertWithValidity("&validFrom=" + sdf.format(start) + "&validity=" + sdf.format(end));
+ assertNotNull(res);
assertEquals(start, res.getNotBefore());
assertEquals(end, res.getNotAfter());
}
huc.setRequestProperty("Cookie", cookie);
huc.setDoOutput(true);
OutputStream out = huc.getOutputStream();
- out.write(("csrf=" + URLEncoder.encode(csrf, "UTF-8")).getBytes());
- out.write(("&profile=client&CN=a+b&SANs=" + URLEncoder.encode("email:" + email + "\n", "UTF-8")).getBytes());
- out.write(("&hash_alg=SHA512&CCA=y&").getBytes());
- out.write(validity.getBytes());
+ out.write(("csrf=" + URLEncoder.encode(csrf, "UTF-8")).getBytes("UTF-8"));
+ out.write(("&profile=client&CN=" + CertificateRequest.DEFAULT_CN + "&SANs=" + URLEncoder.encode("email:" + email + "\n", "UTF-8")).getBytes("UTF-8"));
+ out.write(("&hash_alg=SHA512&CCA=y&").getBytes("UTF-8"));
+ out.write(validity.getBytes("UTF-8"));
String certurl = huc.getHeaderField("Location");
if (certurl == null) {
String crt = IOUtils.readURL(new InputStreamReader(uc.getInputStream(), "UTF-8"));
CertificateFactory cf = CertificateFactory.getInstance("X.509");
- X509Certificate parsed = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(crt.getBytes()));
+ X509Certificate parsed = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(crt.getBytes("UTF-8")));
return parsed;
}
HttpURLConnection uc = (HttpURLConnection) ncert.openConnection();
uc.setRequestProperty("Cookie", cookie);
uc.setDoOutput(true);
- uc.getOutputStream().write(("csrf=" + URLEncoder.encode(csrf, "UTF-8") + "&" + pem).getBytes());
+ uc.getOutputStream().write(("csrf=" + URLEncoder.encode(csrf, "UTF-8") + "&" + pem).getBytes("UTF-8"));
uc.getOutputStream().flush();
return extractFormData(uc);