import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.Signature;
+import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
public class TestCertificateAdd extends ClientTest {
+ private static class OnPageError extends Error {
+
+ public OnPageError(String page) {
+ super(page);
+ }
+ }
+
KeyPair kp = generateKeypair();
String csrf;
@Test
public void testSimpleServer() throws IOException, GeneralSecurityException {
PKCS10Attributes atts = buildAtts(new ObjectIdentifier[] {
- CertificateRequest.OID_KEY_USAGE_SSL_SERVER
+ CertificateRequest.OID_KEY_USAGE_SSL_SERVER
}, new DNSName(uniq + ".tld"));
String pem = generatePEMCSR(kp, "CN=a." + uniq + ".tld", atts);
@Test
public void testSimpleMail() throws IOException, GeneralSecurityException {
PKCS10Attributes atts = buildAtts(new ObjectIdentifier[] {
- CertificateRequest.OID_KEY_USAGE_EMAIL_PROTECTION
+ CertificateRequest.OID_KEY_USAGE_EMAIL_PROTECTION
}, new DNSName("a." + uniq + ".tld"), new DNSName("b." + uniq + ".tld"), new RFC822Name(email));
String pem = generatePEMCSR(kp, "CN=a b", atts, "SHA384WithRSA");
@Test
public void testSimpleClient() throws IOException, GeneralSecurityException {
PKCS10Attributes atts = buildAtts(new ObjectIdentifier[] {
- CertificateRequest.OID_KEY_USAGE_SSL_CLIENT
+ CertificateRequest.OID_KEY_USAGE_SSL_CLIENT
}, new RFC822Name(email));
String pem = generatePEMCSR(kp, "CN=a b,email=" + email, atts, "SHA512WithRSA");
@Test
public void testIssue() throws IOException, GeneralSecurityException {
PKCS10Attributes atts = buildAtts(new ObjectIdentifier[] {
- CertificateRequest.OID_KEY_USAGE_SSL_CLIENT
+ CertificateRequest.OID_KEY_USAGE_SSL_CLIENT
}, new RFC822Name(email));
String pem = generatePEMCSR(kp, "CN=a b,email=" + email, atts, "SHA512WithRSA");
OutputStream out = huc.getOutputStream();
out.write(("csrf=" + URLEncoder.encode(csrf, "UTF-8")).getBytes("UTF-8"));
out.write(("&CN=CAcert+WoT+User&profile=client&SANs=" + URLEncoder.encode("email:" + email + "\n", "UTF-8")).getBytes("UTF-8"));
- out.write(("&hash_alg=SHA512&CCA=y").getBytes("UTF-8"));
+ out.write(("&hash_alg=SHA512").getBytes("UTF-8"));
URLConnection uc = authenticate(new URL(huc.getHeaderField("Location") + ".crt"));
String crt = IOUtils.readURL(new InputStreamReader(uc.getInputStream(), "UTF-8"));
byte[] cer = IOUtils.readURL(uc.getInputStream());
assertArrayEquals(cer, PEM.decode("CERTIFICATE", crt));
- uc = authenticate(new URL(huc.getHeaderField("Location") + ".cer?install"));
+ uc = authenticate(new URL(huc.getHeaderField("Location") + ".cer?install&chain"));
byte[] pkcs7 = IOUtils.readURL(uc.getInputStream());
PKCS7 p7 = new PKCS7(pkcs7);
byte[] sub = verifyChain(p7.getCertificates());
uc = authenticate(new URL(huc.getHeaderField("Location")));
String gui = IOUtils.readURL(uc);
+ Pattern p = Pattern.compile("-----BEGIN CERTIFICATE-----[^-]+-----END CERTIFICATE-----");
+ Matcher m = p.matcher(gui);
+ assertTrue(m.find());
+ byte[] cert = PEM.decode("CERTIFICATE", m.group(0));
+ Certificate c = CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(cert));
+ gui = c.toString();
assertThat(gui, containsString("clientAuth"));
assertThat(gui, containsString("CN=CAcert WoT User"));
assertThat(gui, containsString("SHA512withRSA"));
}
}
}
+ assertNotNull(current);
return current.getEncoded();
}
}
Date start = new Date(now);
Date end = new Date(now + MS_PER_DAY * 10);
- X509Certificate res = createCertWithValidity("&validFrom=" + sdf.format(start) + "&validity=" + sdf.format(end));
- assertNotNull(res);
+ String validity = "&validFrom=" + sdf.format(start) + "&validity=" + sdf.format(end);
+ X509Certificate res = createCertWithValidity(validity);
+ assertNotNull(validity, res);
assertEquals(start, res.getNotBefore());
assertEquals(end, res.getNotAfter());
}
private X509Certificate createCertWithValidity(String validity) throws IOException, GeneralSecurityException, UnsupportedEncodingException, MalformedURLException, CertificateException {
PKCS10Attributes atts = buildAtts(new ObjectIdentifier[] {
- CertificateRequest.OID_KEY_USAGE_SSL_CLIENT
+ CertificateRequest.OID_KEY_USAGE_SSL_CLIENT
}, new RFC822Name(email));
String pem = generatePEMCSR(kp, "CN=a b", atts, "SHA512WithRSA");
OutputStream out = huc.getOutputStream();
out.write(("csrf=" + URLEncoder.encode(csrf, "UTF-8")).getBytes("UTF-8"));
out.write(("&profile=client&CN=" + CertificateRequest.DEFAULT_CN + "&SANs=" + URLEncoder.encode("email:" + email + "\n", "UTF-8")).getBytes("UTF-8"));
- out.write(("&hash_alg=SHA512&CCA=y&").getBytes("UTF-8"));
+ out.write(("&hash_alg=SHA512&").getBytes("UTF-8"));
out.write(validity.getBytes("UTF-8"));
String certurl = huc.getHeaderField("Location");
assertArrayEquals(new String[] {
"client", CertificateRequest.DEFAULT_CN, "", Digest.SHA512.toString()
}, res);
- } catch (Error e) {
- assertTrue(e.getMessage().startsWith("<div>Challenge mismatch"));
+ } catch (OnPageError e) {
+ String error = fetchStartErrorMessage(e.getMessage());
+ assertTrue(error, error.startsWith("<p>Challenge mismatch"));
}
return csrf;
}
}
attributeValue.set("SANs", new SubjectAlternativeNameExtension(names));
PKCS10Attributes atts = new PKCS10Attributes(new PKCS10Attribute[] {
- new PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, attributeValue)
+ new PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, attributeValue)
});
ExtendedKeyUsageExtension eku = new ExtendedKeyUsageExtension(//
new Vector<>(Arrays.<ObjectIdentifier>asList(ekuOIDs)));
private String[] extractFormData(HttpURLConnection uc) throws IOException, Error {
String result = IOUtils.readURL(uc);
- if (result.contains("<div class='formError'>")) {
- String s = fetchStartErrorMessage(result);
- throw new Error(s);
+ if (hasError().matches(result)) {
+ throw new OnPageError(result);
}
String profileKey = extractPattern(result, Pattern.compile("<option value=\"([^\"]*)\" selected>"));
projects / gigi.git / blobdiff