tests/org/cacert/gigi/api/IssueCert.java

   1 package org.cacert.gigi.api;
   2
   3 import static org.junit.Assert.*;
   4
   5 import java.io.ByteArrayInputStream;
   6 import java.io.IOException;
   7 import java.io.InputStreamReader;
   8 import java.io.OutputStream;
   9 import java.net.HttpURLConnection;
  10 import java.net.URL;
  11 import java.net.URLEncoder;
  12 import java.security.GeneralSecurityException;
  13 import java.security.KeyPair;
  14 import java.security.PrivateKey;
  15 import java.security.cert.CertificateFactory;
  16 import java.security.cert.X509Certificate;
  17
  18 import org.cacert.gigi.dbObjects.Certificate;
  19 import org.cacert.gigi.dbObjects.Certificate.CSRType;
  20 import org.cacert.gigi.dbObjects.Certificate.CertificateStatus;
  21 import org.cacert.gigi.dbObjects.CertificateProfile;
  22 import org.cacert.gigi.dbObjects.Country;
  23 import org.cacert.gigi.dbObjects.Country.CountryCodeType;
  24 import org.cacert.gigi.dbObjects.Digest;
  25 import org.cacert.gigi.dbObjects.Domain;
  26 import org.cacert.gigi.dbObjects.Group;
  27 import org.cacert.gigi.dbObjects.Organisation;
  28 import org.cacert.gigi.testUtils.ClientTest;
  29 import org.cacert.gigi.testUtils.IOUtils;
  30 import org.junit.Test;
  31
  32 import sun.security.x509.X500Name;
  33
  34 public class IssueCert extends ClientTest {
  35
  36     private final PrivateKey pk;
  37
  38     private final X509Certificate ce;
  39
  40     private final Certificate c;
  41
  42     private final KeyPair kp;
  43
  44     public IssueCert() {
  45         try {
  46             kp = generateKeypair();
  47             String key1 = generatePEMCSR(kp, "EMAIL=testmail@example.com");
  48             c = new Certificate(u, u, Certificate.buildDN("EMAIL", "testmail@example.com"), Digest.SHA256, key1, CSRType.CSR, CertificateProfile.getById(1));
  49             c.setLoginEnabled(true);
  50             pk = kp.getPrivate();
  51             await(c.issue(null, "2y", u));
  52             ce = c.cert();
  53         } catch (Exception e) {
  54             throw new Error(e);
  55         }
  56     }
  57
  58     @Test
  59     public void testIssueCert() throws Exception {
  60         String cert = issueCert(generatePEMCSR(kp, "EMAIL=" + email + ",CN=CAcert WoT User"), "profile=client");
  61
  62         CertificateFactory cf = CertificateFactory.getInstance("X509");
  63         java.security.cert.X509Certificate xcert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(cert.getBytes("UTF-8")));
  64         assertEquals("CAcert WoT User", ((X500Name) xcert.getSubjectDN()).getCommonName());
  65
  66     }
  67
  68     @Test
  69     public void testRevoke() throws Exception {
  70         revoke(c.getSerial().toLowerCase());
  71         assertEquals(CertificateStatus.REVOKED, c.getStatus());
  72     }
  73
  74     @Test
  75     public void testIssueCertAssured() throws Exception {
  76         makeAssurer(id);
  77
  78         String intendedName = "a b";
  79         String cert = issueCert(generatePEMCSR(kp, "EMAIL=" + email + ",CN=" + intendedName), "profile=client-a");
  80
  81         CertificateFactory cf = CertificateFactory.getInstance("X509");
  82         java.security.cert.X509Certificate xcert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(cert.getBytes("UTF-8")));
  83         assertEquals(intendedName, ((X500Name) xcert.getSubjectDN()).getCommonName());
  84
  85     }
  86
  87     @Test
  88     public void testIssueOrgCert() throws Exception {
  89         makeAssurer(id);
  90         u.grantGroup(getSupporter(), Group.ORGASSURER);
  91
  92         Organisation o1 = new Organisation("name", Country.getCountryByCode("DE", CountryCodeType.CODE_2_CHARS), "pr", "st", "test@mail", "", "", u);
  93         o1.addAdmin(u, u, false);
  94         String testdom = createUniqueName() + "-example.com";
  95         Domain d2 = new Domain(u, o1, testdom);
  96         verify(d2);
  97
  98         String whishName = createUniqueName();
  99         String cert = issueCert(generatePEMCSR(kp, "EMAIL=test@" + testdom + ",CN=" + whishName), "profile=client-orga&asOrg=" + o1.getId());
 100
 101         CertificateFactory cf = CertificateFactory.getInstance("X509");
 102         java.security.cert.X509Certificate xcert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(cert.getBytes("UTF-8")));
 103         assertEquals(whishName, ((X500Name) xcert.getSubjectDN()).getCommonName());
 104
 105     }
 106
 107     private String issueCert(String csr, String options) throws IOException, GeneralSecurityException {
 108         HttpURLConnection connection = (HttpURLConnection) new URL("https://" + getServerName().replaceFirst("^www.", "api.") + CreateCertificate.PATH).openConnection();
 109         authenticateClientCert(pk, ce, connection);
 110         connection.setDoOutput(true);
 111         OutputStream os = connection.getOutputStream();
 112         os.write((options + "&csr=" + URLEncoder.encode(csr, "UTF-8")).getBytes("UTF-8"));
 113         os.flush();
 114         assertEquals(connection.getResponseMessage(), 200, connection.getResponseCode());
 115         String cert = IOUtils.readURL(new InputStreamReader(connection.getInputStream(), "UTF-8"));
 116         return cert;
 117     }
 118
 119     private void revoke(String serial) throws IOException, GeneralSecurityException {
 120         HttpURLConnection connection;
 121         OutputStream os;
 122         connection = (HttpURLConnection) new URL("https://" + getServerName().replaceFirst("^www.", "api.") + "/account/certs/revoke").openConnection();
 123         authenticateClientCert(pk, ce, connection);
 124         connection.setDoOutput(true);
 125         os = connection.getOutputStream();
 126         os.write(("serial=" + URLEncoder.encode(serial, "UTF-8")).getBytes("UTF-8"));
 127         os.flush();
 128         assertEquals(connection.getResponseCode(), 200);
 129     }
 130 }