1 package org.cacert.gigi.api;
3 import static org.junit.Assert.*;
5 import java.io.ByteArrayInputStream;
6 import java.io.IOException;
7 import java.io.InputStreamReader;
8 import java.io.OutputStream;
9 import java.io.UnsupportedEncodingException;
10 import java.net.HttpURLConnection;
11 import java.net.MalformedURLException;
13 import java.net.URLEncoder;
14 import java.security.KeyManagementException;
15 import java.security.KeyPair;
16 import java.security.NoSuchAlgorithmException;
17 import java.security.PrivateKey;
18 import java.security.cert.CertificateFactory;
19 import java.security.cert.X509Certificate;
21 import org.cacert.gigi.dbObjects.Certificate;
22 import org.cacert.gigi.dbObjects.Certificate.CSRType;
23 import org.cacert.gigi.dbObjects.Certificate.CertificateStatus;
24 import org.cacert.gigi.dbObjects.CertificateProfile;
25 import org.cacert.gigi.dbObjects.Digest;
26 import org.cacert.gigi.testUtils.ClientTest;
27 import org.cacert.gigi.testUtils.IOUtils;
28 import org.junit.Test;
30 import sun.security.x509.X500Name;
32 public class IssueCert extends ClientTest {
35 public void testIssueCert() throws Exception {
36 KeyPair kp = generateKeypair();
37 String key1 = generatePEMCSR(kp, "EMAIL=testmail@example.com");
38 Certificate c = new Certificate(u, u, Certificate.buildDN("EMAIL", "testmail@example.com"), Digest.SHA256, key1, CSRType.CSR, CertificateProfile.getById(1));
39 final PrivateKey pk = kp.getPrivate();
40 c.issue(null, "2y", u).waitFor(60000);
41 final X509Certificate ce = c.cert();
42 HttpURLConnection connection = (HttpURLConnection) new URL("https://" + getServerName().replaceFirst("^www.", "api.") + "/account/certs/new").openConnection();
43 authenticateClientCert(pk, ce, connection);
44 connection.setDoOutput(true);
45 OutputStream os = connection.getOutputStream();
46 os.write(("profile=client&csr=" + URLEncoder.encode(generatePEMCSR(kp, "EMAIL=" + email + ",CN=CAcert WoT User"), "UTF-8")).getBytes("UTF-8"));
48 assertEquals(connection.getResponseCode(), 200);
49 String cert = IOUtils.readURL(new InputStreamReader(connection.getInputStream(), "UTF-8"));
50 CertificateFactory cf = CertificateFactory.getInstance("X509");
51 java.security.cert.X509Certificate xcert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(cert.getBytes("UTF-8")));
52 assertEquals("CAcert WoT User", ((X500Name) xcert.getSubjectDN()).getCommonName());
54 revoke(pk, ce, xcert.getSerialNumber().toString(16).toLowerCase());
55 revoke(pk, ce, c.getSerial().toLowerCase());
57 assertEquals(CertificateStatus.REVOKED, c.getStatus());
61 private void revoke(final PrivateKey pk, final X509Certificate ce, String serial) throws IOException, MalformedURLException, NoSuchAlgorithmException, KeyManagementException, UnsupportedEncodingException {
62 HttpURLConnection connection;
64 connection = (HttpURLConnection) new URL("https://" + getServerName().replaceFirst("^www.", "api.") + "/account/certs/revoke").openConnection();
65 authenticateClientCert(pk, ce, connection);
66 connection.setDoOutput(true);
67 os = connection.getOutputStream();
68 os.write(("serial=" + URLEncoder.encode(serial, "UTF-8")).getBytes("UTF-8"));
70 assertEquals(connection.getResponseCode(), 200);