]> WPIA git - gigi.git/blob - tests/org/cacert/gigi/TestCertificate.java
projects / gigi.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
[EMPTY] Organize all imports
[gigi.git] / tests / org / cacert / gigi / TestCertificate.java
1 package org.cacert.gigi;
2
3 import static org.junit.Assert.*;
4
5 import java.io.IOException;
6 import java.security.GeneralSecurityException;
7 import java.security.KeyPair;
8 import java.security.PrivateKey;
9 import java.security.cert.X509Certificate;
10 import java.sql.SQLException;
11 import java.util.Collection;
12 import java.util.List;
13
14 import org.cacert.gigi.dbObjects.Certificate;
15 import org.cacert.gigi.dbObjects.Certificate.CSRType;
16 import org.cacert.gigi.dbObjects.Certificate.CertificateStatus;
17 import org.cacert.gigi.dbObjects.Certificate.SANType;
18 import org.cacert.gigi.dbObjects.Certificate.SubjectAlternateName;
19 import org.cacert.gigi.dbObjects.CertificateProfile;
20 import org.cacert.gigi.testUtils.ManagedTest;
21 import org.junit.Test;
22
23 import sun.security.x509.GeneralNameInterface;
24
25 public class TestCertificate extends ManagedTest {
26
27     @Test
28     public void testClientCertLoginStates() throws IOException, GeneralSecurityException, SQLException, InterruptedException, GigiApiException {
29         KeyPair kp = generateKeypair();
30         String key1 = generatePEMCSR(kp, "CN=testmail@example.com");
31         Certificate c = new Certificate(1, "/CN=testmail@example.com", "sha256", key1, CSRType.CSR, CertificateProfile.getById(1));
32         final PrivateKey pk = kp.getPrivate();
33         c.issue(null, "2y").waitFor(60000);
34         final X509Certificate ce = c.cert();
35         assertNotNull(login(pk, ce));
36     }
37
38     @Test
39     public void testSANs() throws IOException, GeneralSecurityException, SQLException, InterruptedException, GigiApiException {
40         KeyPair kp = generateKeypair();
41         String key = generatePEMCSR(kp, "CN=testmail@example.com");
42         Certificate c = new Certificate(1, "/CN=testmail@example.com", "sha256", key, CSRType.CSR, CertificateProfile.getById(1),//
43                 new SubjectAlternateName(SANType.EMAIL, "testmail@example.com"), new SubjectAlternateName(SANType.DNS, "testmail.example.com"));
44
45         testFails(CertificateStatus.DRAFT, c);
46         c.issue(null, "2y").waitFor(60000);
47         X509Certificate cert = c.cert();
48         Collection<List<?>> sans = cert.getSubjectAlternativeNames();
49         assertEquals(2, sans.size());
50         boolean hadDNS = false;
51         boolean hadEmail = false;
52         for (List<?> list : sans) {
53             assertEquals(2, list.size());
54             Integer type = (Integer) list.get(0);
55             switch (type) {
56             case GeneralNameInterface.NAME_RFC822:
57                 hadEmail = true;
58                 assertEquals("testmail@example.com", list.get(1));
59                 break;
60             case GeneralNameInterface.NAME_DNS:
61                 hadDNS = true;
62                 assertEquals("testmail.example.com", list.get(1));
63                 break;
64             default:
65                 fail("Unknown type");
66
67             }
68         }
69         assertTrue(hadDNS);
70         assertTrue(hadEmail);
71
72         testFails(CertificateStatus.ISSUED, c);
73
74         Certificate c2 = Certificate.getBySerial(c.getSerial());
75         assertEquals(2, c2.getSANs().size());
76         assertEquals(c.getSANs().get(0).getName(), c2.getSANs().get(0).getName());
77         assertEquals(c.getSANs().get(0).getType(), c2.getSANs().get(0).getType());
78         assertEquals(c.getSANs().get(1).getName(), c2.getSANs().get(1).getName());
79         assertEquals(c.getSANs().get(1).getType(), c2.getSANs().get(1).getType());
80
81         try {
82             c2.getSANs().remove(0);
83             fail("the list should not be modifiable");
84         } catch (UnsupportedOperationException e) {
85             // expected
86         }
87     }
88
89     @Test
90     public void testCertLifeCycle() throws IOException, GeneralSecurityException, SQLException, InterruptedException, GigiApiException {
91         KeyPair kp = generateKeypair();
92         String key = generatePEMCSR(kp, "CN=testmail@example.com");
93         Certificate c = new Certificate(1, "/CN=testmail@example.com", "sha256", key, CSRType.CSR, CertificateProfile.getById(1));
94         final PrivateKey pk = kp.getPrivate();
95
96         testFails(CertificateStatus.DRAFT, c);
97         c.issue(null, "2y").waitFor(60000);
98
99         testFails(CertificateStatus.ISSUED, c);
100         X509Certificate cert = c.cert();
101         assertNotNull(login(pk, cert));
102         c.revoke().waitFor(60000);
103
104         testFails(CertificateStatus.REVOKED, c);
105         assertNull(login(pk, cert));
106
107     }
108
109     private void testFails(CertificateStatus status, Certificate c) throws IOException, GeneralSecurityException, SQLException, GigiApiException {
110         assertEquals(status, c.getStatus());
111         if (status != CertificateStatus.ISSUED) {
112             try {
113                 c.revoke();
114                 fail(status + " is in invalid state");
115             } catch (IllegalStateException ise) {
116
117             }
118         }
119         if (status != CertificateStatus.DRAFT) {
120             try {
121                 c.issue(null, "2y");
122                 fail(status + " is in invalid state");
123             } catch (IllegalStateException ise) {
124
125             }
126         }
127         if (status != CertificateStatus.ISSUED) {
128             try {
129                 c.cert();
130                 fail(status + " is in invalid state");
131             } catch (IllegalStateException ise) {
132
133             }
134         }
135     }
136 }
WPIA Certificate Web Issuance Platform