tests/org/cacert/gigi/TestCertificate.java

   1 package org.cacert.gigi;
   2
   3 import java.io.IOException;
   4 import java.net.HttpURLConnection;
   5 import java.net.MalformedURLException;
   6 import java.net.Socket;
   7 import java.net.URL;
   8 import java.security.GeneralSecurityException;
   9 import java.security.KeyManagementException;
  10 import java.security.NoSuchAlgorithmException;
  11 import java.security.Principal;
  12 import java.security.PrivateKey;
  13 import java.security.cert.X509Certificate;
  14 import java.sql.SQLException;
  15
  16 import javax.net.ssl.HttpsURLConnection;
  17 import javax.net.ssl.KeyManager;
  18 import javax.net.ssl.SSLContext;
  19 import javax.net.ssl.X509KeyManager;
  20
  21 import org.cacert.gigi.Certificate.CertificateStatus;
  22 import org.cacert.gigi.testUtils.ManagedTest;
  23 import org.cacert.gigi.testUtils.PemKey;
  24 import org.junit.Test;
  25
  26 import static org.junit.Assert.*;
  27
  28 public class TestCertificate extends ManagedTest {
  29         @Test
  30         public void testClientCertLoginStates() throws IOException, GeneralSecurityException, SQLException,
  31                 InterruptedException {
  32                 String[] key1 = generateCSR("/CN=testmail@example.com");
  33                 Certificate c = new Certificate(1, "/CN=testmail@example.com", "sha256", key1[1]);
  34                 final PrivateKey pk = PemKey.parsePEMPrivateKey(key1[0]);
  35                 c.issue();
  36                 c.waitFor(60000);
  37                 final X509Certificate ce = c.cert();
  38                 testLogin(pk, ce, true);
  39         }
  40
  41         private void testLogin(final PrivateKey pk, final X509Certificate ce, boolean success)
  42                 throws NoSuchAlgorithmException, KeyManagementException, IOException, MalformedURLException {
  43                 KeyManager km = new X509KeyManager() {
  44
  45                         @Override
  46                         public String chooseClientAlias(String[] arg0, Principal[] arg1, Socket arg2) {
  47                                 return "client";
  48                         }
  49
  50                         @Override
  51                         public String chooseServerAlias(String arg0, Principal[] arg1, Socket arg2) {
  52                                 return null;
  53                         }
  54
  55                         @Override
  56                         public X509Certificate[] getCertificateChain(String arg0) {
  57                                 return new X509Certificate[] { ce };
  58                         }
  59
  60                         @Override
  61                         public String[] getClientAliases(String arg0, Principal[] arg1) {
  62                                 return new String[] { "client" };
  63                         }
  64
  65                         @Override
  66                         public PrivateKey getPrivateKey(String arg0) {
  67                                 if (arg0.equals("client")) {
  68                                         return pk;
  69                                 }
  70                                 return null;
  71                         }
  72
  73                         @Override
  74                         public String[] getServerAliases(String arg0, Principal[] arg1) {
  75                                 return new String[] { "client" };
  76                         }
  77                 };
  78                 SSLContext sc = SSLContext.getInstance("TLS");
  79                 sc.init(new KeyManager[] { km }, null, null);
  80
  81                 HttpURLConnection connection = (HttpURLConnection) new URL("https://"
  82                         + getServerName().replaceFirst("^www.", "secure.") + "/login").openConnection();
  83                 if (connection instanceof HttpsURLConnection) {
  84                         ((HttpsURLConnection) connection).setSSLSocketFactory(sc.getSocketFactory());
  85                 }
  86                 if (success) {
  87                         assertEquals(302, connection.getResponseCode());
  88                         assertEquals("https://" + getServerName().replaceFirst("^www.", "secure.") + "/",
  89                                 connection.getHeaderField("Location"));
  90                 } else {
  91                         assertNotEquals(302, connection.getResponseCode());
  92                         assertNotEquals("https://" + getServerName().replaceFirst("^www.", "secure.") + "/",
  93                                 connection.getHeaderField("Location"));
  94                 }
  95         }
  96
  97         @Test
  98         public void testCertLifeCycle() throws IOException, GeneralSecurityException, SQLException, InterruptedException {
  99                 String[] key1 = generateCSR("/CN=testmail@example.com");
 100                 Certificate c = new Certificate(1, "/CN=testmail@example.com", "sha256", key1[1]);
 101                 final PrivateKey pk = PemKey.parsePEMPrivateKey(key1[0]);
 102
 103                 testFails(CertificateStatus.DRAFT, c);
 104                 c.issue();
 105
 106                 testFails(CertificateStatus.SIGNING, c);
 107                 c.waitFor(60000);
 108
 109                 testFails(CertificateStatus.ISSUED, c);
 110                 X509Certificate cert = c.cert();
 111                 testLogin(pk, cert, true);
 112                 c.revoke();
 113
 114                 testFails(CertificateStatus.BEING_REVOKED, c);
 115                 c.waitFor(60000);
 116
 117                 testFails(CertificateStatus.REVOKED, c);
 118                 testLogin(pk, cert, false);
 119
 120         }
 121
 122         private void testFails(CertificateStatus status, Certificate c) throws IOException, GeneralSecurityException,
 123                 SQLException {
 124                 if (status != CertificateStatus.ISSUED) {
 125                         try {
 126                                 c.revoke();
 127                                 fail("is in invalid state");
 128                         } catch (IllegalStateException ise) {
 129
 130                         }
 131                 }
 132                 if (status != CertificateStatus.DRAFT) {
 133                         try {
 134                                 c.issue();
 135                                 fail("is in invalid state");
 136                         } catch (IllegalStateException ise) {
 137
 138                         }
 139                 }
 140                 if (status != CertificateStatus.ISSUED) {
 141                         try {
 142                                 c.cert();
 143                                 fail("is in invalid state");
 144                         } catch (IllegalStateException ise) {
 145
 146                         }
 147                 }
 148         }
 149 }