tests/club/wpia/gigi/api/IssueCert.java

   1 package club.wpia.gigi.api;
   2
   3 import static org.junit.Assert.*;
   4
   5 import java.io.ByteArrayInputStream;
   6 import java.io.IOException;
   7 import java.io.InputStreamReader;
   8 import java.io.OutputStream;
   9 import java.net.HttpURLConnection;
  10 import java.net.URL;
  11 import java.net.URLEncoder;
  12 import java.security.GeneralSecurityException;
  13 import java.security.KeyPair;
  14 import java.security.PrivateKey;
  15 import java.security.cert.CertificateFactory;
  16 import java.security.cert.X509Certificate;
  17
  18 import org.junit.Test;
  19
  20 import club.wpia.gigi.dbObjects.Certificate;
  21 import club.wpia.gigi.dbObjects.Certificate.CSRType;
  22 import club.wpia.gigi.dbObjects.Certificate.CertificateStatus;
  23 import club.wpia.gigi.dbObjects.Country;
  24 import club.wpia.gigi.dbObjects.Country.CountryCodeType;
  25 import club.wpia.gigi.dbObjects.Digest;
  26 import club.wpia.gigi.dbObjects.Domain;
  27 import club.wpia.gigi.dbObjects.Group;
  28 import club.wpia.gigi.dbObjects.Organisation;
  29 import club.wpia.gigi.dbObjects.User;
  30 import club.wpia.gigi.pages.account.certs.CertificateRequest;
  31 import club.wpia.gigi.testUtils.ClientTest;
  32 import club.wpia.gigi.testUtils.IOUtils;
  33 import sun.security.x509.X500Name;
  34
  35 public class IssueCert extends ClientTest {
  36
  37     private final PrivateKey pk;
  38
  39     private final X509Certificate ce;
  40
  41     private final Certificate c;
  42
  43     private final KeyPair kp;
  44
  45     public IssueCert() {
  46         try {
  47             kp = generateKeypair();
  48             String key1 = generatePEMCSR(kp, "EMAIL=testmail@example.com");
  49             c = new Certificate(u, u, Certificate.buildDN("EMAIL", "testmail@example.com"), Digest.SHA256, key1, CSRType.CSR, getClientProfile());
  50             c.setLoginEnabled(true);
  51             pk = kp.getPrivate();
  52             await(c.issue(null, "2y", u));
  53             ce = c.cert();
  54         } catch (Exception e) {
  55             throw new Error(e);
  56         }
  57     }
  58
  59     @Test
  60     public void testIssueCert() throws Exception {
  61         String cert = issueCert(generatePEMCSR(kp, "EMAIL=" + email + ",CN=" + CertificateRequest.DEFAULT_CN), "profile=client");
  62
  63         CertificateFactory cf = CertificateFactory.getInstance("X509");
  64         java.security.cert.X509Certificate xcert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(cert.getBytes("UTF-8")));
  65         assertEquals(CertificateRequest.DEFAULT_CN, ((X500Name) xcert.getSubjectDN()).getCommonName());
  66
  67     }
  68
  69     @Test
  70     public void testRevoke() throws Exception {
  71         revoke(c.getSerial().toLowerCase());
  72         assertEquals(CertificateStatus.REVOKED, c.getStatus());
  73     }
  74
  75     @Test
  76     public void testIssueCertVerified() throws Exception {
  77         makeAgent(id);
  78
  79         String intendedName = "a b";
  80         String cert = issueCert(generatePEMCSR(kp, "EMAIL=" + email + ",CN=" + intendedName), "profile=client-a");
  81
  82         CertificateFactory cf = CertificateFactory.getInstance("X509");
  83         java.security.cert.X509Certificate xcert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(cert.getBytes("UTF-8")));
  84         assertEquals(intendedName, ((X500Name) xcert.getSubjectDN()).getCommonName());
  85
  86     }
  87
  88     @Test
  89     public void testIssueOrgCert() throws Exception {
  90         makeAgent(id);
  91         User u2 = User.getById(createVerificationUser("testworker", "testname", createUniqueName() + "@testdom.com", TEST_PASSWORD));
  92         u2.grantGroup(getSupporter(), Group.ORG_AGENT);
  93
  94         Organisation o1 = new Organisation("name", Country.getCountryByCode("DE", CountryCodeType.CODE_2_CHARS), "pr", "st", "test@mail", "", "", u2);
  95         o1.addAdmin(u, u2, false);
  96         String testdom = createUniqueName() + "-example.com";
  97         Domain d2 = new Domain(u, o1, testdom);
  98         verify(d2);
  99
 100         String whishName = createUniqueName();
 101         String cert = issueCert(generatePEMCSR(kp, "EMAIL=test@" + testdom + ",CN=" + whishName), "profile=client-orga&asOrg=" + o1.getId());
 102
 103         CertificateFactory cf = CertificateFactory.getInstance("X509");
 104         java.security.cert.X509Certificate xcert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(cert.getBytes("UTF-8")));
 105         assertEquals(whishName, ((X500Name) xcert.getSubjectDN()).getCommonName());
 106
 107     }
 108
 109     private String issueCert(String csr, String options) throws IOException, GeneralSecurityException {
 110         HttpURLConnection connection = (HttpURLConnection) new URL("https://" + getServerName().replaceFirst("^www.", "api.") + CreateCertificate.PATH).openConnection();
 111         authenticateClientCert(pk, ce, connection);
 112         connection.setDoOutput(true);
 113         OutputStream os = connection.getOutputStream();
 114         os.write((options + "&csr=" + URLEncoder.encode(csr, "UTF-8")).getBytes("UTF-8"));
 115         os.flush();
 116         assertEquals(connection.getResponseMessage(), 200, connection.getResponseCode());
 117         String cert = IOUtils.readURL(new InputStreamReader(connection.getInputStream(), "UTF-8"));
 118         return cert;
 119     }
 120
 121     private void revoke(String serial) throws IOException, GeneralSecurityException {
 122         HttpURLConnection connection;
 123         OutputStream os;
 124         connection = (HttpURLConnection) new URL("https://" + getServerName().replaceFirst("^www.", "api.") + "/account/certs/revoke").openConnection();
 125         authenticateClientCert(pk, ce, connection);
 126         connection.setDoOutput(true);
 127         os = connection.getOutputStream();
 128         os.write(("serial=" + URLEncoder.encode(serial, "UTF-8")).getBytes("UTF-8"));
 129         os.flush();
 130         assertEquals(connection.getResponseCode(), 200);
 131     }
 132 }