import org.cacert.gigi.crypto.SPKAC;
import org.cacert.gigi.dbObjects.Digest;
import org.cacert.gigi.pages.account.certs.CertificateAdd;
-import org.cacert.gigi.pages.account.certs.CertificateIssueForm;
+import org.cacert.gigi.pages.account.certs.CertificateRequest;
import org.cacert.gigi.testUtils.ClientTest;
import org.cacert.gigi.testUtils.IOUtils;
import org.cacert.gigi.util.PEM;
@Test
public void testSimpleServer() throws IOException, GeneralSecurityException {
PKCS10Attributes atts = buildAtts(new ObjectIdentifier[] {
- CertificateIssueForm.OID_KEY_USAGE_SSL_SERVER
+ CertificateRequest.OID_KEY_USAGE_SSL_SERVER
}, new DNSName(uniq + ".tld"));
String pem = generatePEMCSR(kp, "CN=a." + uniq + ".tld", atts);
@Test
public void testSimpleMail() throws IOException, GeneralSecurityException {
PKCS10Attributes atts = buildAtts(new ObjectIdentifier[] {
- CertificateIssueForm.OID_KEY_USAGE_EMAIL_PROTECTION
+ CertificateRequest.OID_KEY_USAGE_EMAIL_PROTECTION
}, new DNSName("a." + uniq + ".tld"), new DNSName("b." + uniq + ".tld"), new RFC822Name(email));
String pem = generatePEMCSR(kp, "CN=a b", atts, "SHA384WithRSA");
String[] res = fillOutForm("CSR=" + URLEncoder.encode(pem, "UTF-8"));
assertArrayEquals(new String[] {
- "mail", "a b", "dns:a." + uniq + ".tld\ndns:b." + uniq + ".tld\nemail:" + email + "\n", Digest.SHA384.toString()
+ "mail", "a b", "email:" + email + "\ndns:a." + uniq + ".tld\ndns:b." + uniq + ".tld\n", Digest.SHA384.toString()
}, res);
}
@Test
public void testSimpleClient() throws IOException, GeneralSecurityException {
PKCS10Attributes atts = buildAtts(new ObjectIdentifier[] {
- CertificateIssueForm.OID_KEY_USAGE_SSL_CLIENT
+ CertificateRequest.OID_KEY_USAGE_SSL_CLIENT
}, new RFC822Name(email));
String pem = generatePEMCSR(kp, "CN=a b,email=" + email, atts, "SHA512WithRSA");
@Test
public void testIssue() throws IOException, GeneralSecurityException {
PKCS10Attributes atts = buildAtts(new ObjectIdentifier[] {
- CertificateIssueForm.OID_KEY_USAGE_SSL_CLIENT
+ CertificateRequest.OID_KEY_USAGE_SSL_CLIENT
}, new RFC822Name(email));
String pem = generatePEMCSR(kp, "CN=a b,email=" + email, atts, "SHA512WithRSA");
huc.setRequestProperty("Cookie", cookie);
huc.setDoOutput(true);
OutputStream out = huc.getOutputStream();
- out.write(("csrf=" + URLEncoder.encode(csrf, "UTF-8")).getBytes());
- out.write(("&profile=client&CN=a+b&SANs=" + URLEncoder.encode("email:" + email + "\n", "UTF-8")).getBytes());
- out.write(("&hash_alg=SHA512&CCA=y").getBytes());
+ out.write(("csrf=" + URLEncoder.encode(csrf, "UTF-8")).getBytes("UTF-8"));
+ out.write(("&profile=client&CN=a+b&SANs=" + URLEncoder.encode("email:" + email + "\n", "UTF-8")).getBytes("UTF-8"));
+ out.write(("&hash_alg=SHA512&CCA=y").getBytes("UTF-8"));
URLConnection uc = authenticate(new URL(huc.getHeaderField("Location") + ".crt"));
String crt = IOUtils.readURL(new InputStreamReader(uc.getInputStream(), "UTF-8"));
Date start = new Date(now);
Date end = new Date(now + MS_PER_DAY * 10);
X509Certificate res = createCertWithValidity("&validFrom=" + sdf.format(start) + "&validity=" + sdf.format(end));
+ assertNotNull(res);
assertEquals(start, res.getNotBefore());
assertEquals(end, res.getNotAfter());
}
private X509Certificate createCertWithValidity(String validity) throws IOException, GeneralSecurityException, UnsupportedEncodingException, MalformedURLException, CertificateException {
PKCS10Attributes atts = buildAtts(new ObjectIdentifier[] {
- CertificateIssueForm.OID_KEY_USAGE_SSL_CLIENT
+ CertificateRequest.OID_KEY_USAGE_SSL_CLIENT
}, new RFC822Name(email));
String pem = generatePEMCSR(kp, "CN=a b", atts, "SHA512WithRSA");
huc.setRequestProperty("Cookie", cookie);
huc.setDoOutput(true);
OutputStream out = huc.getOutputStream();
- out.write(("csrf=" + URLEncoder.encode(csrf, "UTF-8")).getBytes());
- out.write(("&profile=client&CN=a+b&SANs=" + URLEncoder.encode("email:" + email + "\n", "UTF-8")).getBytes());
- out.write(("&hash_alg=SHA512&CCA=y&").getBytes());
- out.write(validity.getBytes());
+ out.write(("csrf=" + URLEncoder.encode(csrf, "UTF-8")).getBytes("UTF-8"));
+ out.write(("&profile=client&CN=a+b&SANs=" + URLEncoder.encode("email:" + email + "\n", "UTF-8")).getBytes("UTF-8"));
+ out.write(("&hash_alg=SHA512&CCA=y&").getBytes("UTF-8"));
+ out.write(validity.getBytes("UTF-8"));
String certurl = huc.getHeaderField("Location");
if (certurl == null) {
String crt = IOUtils.readURL(new InputStreamReader(uc.getInputStream(), "UTF-8"));
CertificateFactory cf = CertificateFactory.getInstance("X.509");
- X509Certificate parsed = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(crt.getBytes()));
+ X509Certificate parsed = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(crt.getBytes("UTF-8")));
return parsed;
}
fail("Should not succeed with wrong challange.");
}
assertArrayEquals(new String[] {
- "client", CertificateIssueForm.DEFAULT_CN, "", Digest.SHA512.toString()
+ "client", CertificateRequest.DEFAULT_CN, "", Digest.SHA512.toString()
}, res);
} catch (Error e) {
assertTrue(e.getMessage().startsWith("<div>Challenge mismatch"));
HttpURLConnection uc = (HttpURLConnection) ncert.openConnection();
uc.setRequestProperty("Cookie", cookie);
uc.setDoOutput(true);
- uc.getOutputStream().write(("csrf=" + URLEncoder.encode(csrf, "UTF-8") + "&" + pem).getBytes());
+ uc.getOutputStream().write(("csrf=" + URLEncoder.encode(csrf, "UTF-8") + "&" + pem).getBytes("UTF-8"));
uc.getOutputStream().flush();
return extractFormData(uc);