d5302f9263f429d0e4e064d7687fbf9adae4771c
[gigi.git] / tests / club / wpia / gigi / api / IssueCert.java
1 package club.wpia.gigi.api;
2
3 import static org.junit.Assert.*;
4
5 import java.io.ByteArrayInputStream;
6 import java.io.IOException;
7 import java.io.InputStreamReader;
8 import java.io.OutputStream;
9 import java.net.HttpURLConnection;
10 import java.net.URL;
11 import java.net.URLEncoder;
12 import java.security.GeneralSecurityException;
13 import java.security.KeyPair;
14 import java.security.PrivateKey;
15 import java.security.cert.CertificateFactory;
16 import java.security.cert.X509Certificate;
17
18 import org.junit.Test;
19
20 import club.wpia.gigi.api.CreateCertificate;
21 import club.wpia.gigi.dbObjects.Certificate;
22 import club.wpia.gigi.dbObjects.Country;
23 import club.wpia.gigi.dbObjects.Digest;
24 import club.wpia.gigi.dbObjects.Domain;
25 import club.wpia.gigi.dbObjects.Group;
26 import club.wpia.gigi.dbObjects.Organisation;
27 import club.wpia.gigi.dbObjects.Certificate.CSRType;
28 import club.wpia.gigi.dbObjects.Certificate.CertificateStatus;
29 import club.wpia.gigi.dbObjects.Country.CountryCodeType;
30 import club.wpia.gigi.pages.account.certs.CertificateRequest;
31 import club.wpia.gigi.testUtils.ClientTest;
32 import club.wpia.gigi.testUtils.IOUtils;
33 import sun.security.x509.X500Name;
34
35 public class IssueCert extends ClientTest {
36
37     private final PrivateKey pk;
38
39     private final X509Certificate ce;
40
41     private final Certificate c;
42
43     private final KeyPair kp;
44
45     public IssueCert() {
46         try {
47             kp = generateKeypair();
48             String key1 = generatePEMCSR(kp, "EMAIL=testmail@example.com");
49             c = new Certificate(u, u, Certificate.buildDN("EMAIL", "testmail@example.com"), Digest.SHA256, key1, CSRType.CSR, getClientProfile());
50             c.setLoginEnabled(true);
51             pk = kp.getPrivate();
52             await(c.issue(null, "2y", u));
53             ce = c.cert();
54         } catch (Exception e) {
55             throw new Error(e);
56         }
57     }
58
59     @Test
60     public void testIssueCert() throws Exception {
61         String cert = issueCert(generatePEMCSR(kp, "EMAIL=" + email + ",CN=" + CertificateRequest.DEFAULT_CN), "profile=client");
62
63         CertificateFactory cf = CertificateFactory.getInstance("X509");
64         java.security.cert.X509Certificate xcert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(cert.getBytes("UTF-8")));
65         assertEquals(CertificateRequest.DEFAULT_CN, ((X500Name) xcert.getSubjectDN()).getCommonName());
66
67     }
68
69     @Test
70     public void testRevoke() throws Exception {
71         revoke(c.getSerial().toLowerCase());
72         assertEquals(CertificateStatus.REVOKED, c.getStatus());
73     }
74
75     @Test
76     public void testIssueCertAssured() throws Exception {
77         makeAssurer(id);
78
79         String intendedName = "a b";
80         String cert = issueCert(generatePEMCSR(kp, "EMAIL=" + email + ",CN=" + intendedName), "profile=client-a");
81
82         CertificateFactory cf = CertificateFactory.getInstance("X509");
83         java.security.cert.X509Certificate xcert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(cert.getBytes("UTF-8")));
84         assertEquals(intendedName, ((X500Name) xcert.getSubjectDN()).getCommonName());
85
86     }
87
88     @Test
89     public void testIssueOrgCert() throws Exception {
90         makeAssurer(id);
91         u.grantGroup(getSupporter(), Group.ORGASSURER);
92
93         Organisation o1 = new Organisation("name", Country.getCountryByCode("DE", CountryCodeType.CODE_2_CHARS), "pr", "st", "test@mail", "", "", u);
94         o1.addAdmin(u, u, false);
95         String testdom = createUniqueName() + "-example.com";
96         Domain d2 = new Domain(u, o1, testdom);
97         verify(d2);
98
99         String whishName = createUniqueName();
100         String cert = issueCert(generatePEMCSR(kp, "EMAIL=test@" + testdom + ",CN=" + whishName), "profile=client-orga&asOrg=" + o1.getId());
101
102         CertificateFactory cf = CertificateFactory.getInstance("X509");
103         java.security.cert.X509Certificate xcert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(cert.getBytes("UTF-8")));
104         assertEquals(whishName, ((X500Name) xcert.getSubjectDN()).getCommonName());
105
106     }
107
108     private String issueCert(String csr, String options) throws IOException, GeneralSecurityException {
109         HttpURLConnection connection = (HttpURLConnection) new URL("https://" + getServerName().replaceFirst("^www.", "api.") + CreateCertificate.PATH).openConnection();
110         authenticateClientCert(pk, ce, connection);
111         connection.setDoOutput(true);
112         OutputStream os = connection.getOutputStream();
113         os.write((options + "&csr=" + URLEncoder.encode(csr, "UTF-8")).getBytes("UTF-8"));
114         os.flush();
115         assertEquals(connection.getResponseMessage(), 200, connection.getResponseCode());
116         String cert = IOUtils.readURL(new InputStreamReader(connection.getInputStream(), "UTF-8"));
117         return cert;
118     }
119
120     private void revoke(String serial) throws IOException, GeneralSecurityException {
121         HttpURLConnection connection;
122         OutputStream os;
123         connection = (HttpURLConnection) new URL("https://" + getServerName().replaceFirst("^www.", "api.") + "/account/certs/revoke").openConnection();
124         authenticateClientCert(pk, ce, connection);
125         connection.setDoOutput(true);
126         os = connection.getOutputStream();
127         os.write(("serial=" + URLEncoder.encode(serial, "UTF-8")).getBytes("UTF-8"));
128         os.flush();
129         assertEquals(connection.getResponseCode(), 200);
130     }
131 }