X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=tests%2Forg%2Fcacert%2Fgigi%2Fapi%2FIssueCert.java;h=f6040008fd718b9e0f423c5e45b5a2a90dd7a1ab;hp=6a6f320c4908c19c5ac94988163dec3f1fdb0297;hb=9def69bd08ea69eb27786d5b34f00e154e09e9f3;hpb=9136e3e03b6881b32aada896be3241e46cbd33d9 diff --git a/tests/org/cacert/gigi/api/IssueCert.java b/tests/org/cacert/gigi/api/IssueCert.java index 6a6f320c..f6040008 100644 --- a/tests/org/cacert/gigi/api/IssueCert.java +++ b/tests/org/cacert/gigi/api/IssueCert.java @@ -3,20 +3,26 @@ package org.cacert.gigi.api; import static org.junit.Assert.*; import java.io.ByteArrayInputStream; +import java.io.IOException; import java.io.InputStreamReader; import java.io.OutputStream; import java.net.HttpURLConnection; import java.net.URL; import java.net.URLEncoder; +import java.security.GeneralSecurityException; import java.security.KeyPair; import java.security.PrivateKey; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; -import java.util.Collection; import org.cacert.gigi.dbObjects.Certificate; import org.cacert.gigi.dbObjects.Certificate.CSRType; +import org.cacert.gigi.dbObjects.Certificate.CertificateStatus; import org.cacert.gigi.dbObjects.CertificateProfile; +import org.cacert.gigi.dbObjects.Digest; +import org.cacert.gigi.dbObjects.Domain; +import org.cacert.gigi.dbObjects.Group; +import org.cacert.gigi.dbObjects.Organisation; import org.cacert.gigi.testUtils.ClientTest; import org.cacert.gigi.testUtils.IOUtils; import org.junit.Test; @@ -25,24 +31,97 @@ import sun.security.x509.X500Name; public class IssueCert extends ClientTest { + private final PrivateKey pk; + + private final X509Certificate ce; + + private final Certificate c; + + private final KeyPair kp; + + public IssueCert() { + try { + kp = generateKeypair(); + String key1 = generatePEMCSR(kp, "EMAIL=testmail@example.com"); + c = new Certificate(u, u, Certificate.buildDN("EMAIL", "testmail@example.com"), Digest.SHA256, key1, CSRType.CSR, CertificateProfile.getById(1)); + pk = kp.getPrivate(); + await(c.issue(null, "2y", u)); + ce = c.cert(); + } catch (Exception e) { + throw new Error(e); + } + } + @Test public void testIssueCert() throws Exception { - KeyPair kp = generateKeypair(); - String key1 = generatePEMCSR(kp, "CN=testmail@example.com"); - Certificate c = new Certificate(u, Certificate.buildDN("CN", "testmail@example.com"), "sha256", key1, CSRType.CSR, CertificateProfile.getById(1)); - final PrivateKey pk = kp.getPrivate(); - c.issue(null, "2y").waitFor(60000); - final X509Certificate ce = c.cert(); - HttpURLConnection connection = (HttpURLConnection) new URL("https://" + getServerName().replaceFirst("^www.", "api.") + "/account/certs/new").openConnection(); + String cert = issueCert(generatePEMCSR(kp, "EMAIL=" + email + ",CN=CAcert WoT User"), "profile=client"); + + CertificateFactory cf = CertificateFactory.getInstance("X509"); + java.security.cert.X509Certificate xcert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(cert.getBytes("UTF-8"))); + assertEquals("CAcert WoT User", ((X500Name) xcert.getSubjectDN()).getCommonName()); + + } + + @Test + public void testRevoke() throws Exception { + revoke(c.getSerial().toLowerCase()); + assertEquals(CertificateStatus.REVOKED, c.getStatus()); + } + + @Test + public void testIssueCertAssured() throws Exception { + makeAssurer(id); + + String intendedName = "a b"; + String cert = issueCert(generatePEMCSR(kp, "EMAIL=" + email + ",CN=" + intendedName), "profile=client-a"); + + CertificateFactory cf = CertificateFactory.getInstance("X509"); + java.security.cert.X509Certificate xcert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(cert.getBytes("UTF-8"))); + assertEquals(intendedName, ((X500Name) xcert.getSubjectDN()).getCommonName()); + + } + + @Test + public void testIssueOrgCert() throws Exception { + makeAssurer(id); + u.grantGroup(u, Group.ORGASSURER); + + Organisation o1 = new Organisation("name", "st", "pr", "st", "test@mail", "", "", u); + o1.addAdmin(u, u, false); + String testdom = createUniqueName() + "-example.com"; + Domain d2 = new Domain(u, o1, testdom); + verify(d2); + + String whishName = createUniqueName(); + String cert = issueCert(generatePEMCSR(kp, "EMAIL=test@" + testdom + ",CN=" + whishName), "profile=client-orga&asOrg=" + o1.getId()); + + CertificateFactory cf = CertificateFactory.getInstance("X509"); + java.security.cert.X509Certificate xcert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(cert.getBytes("UTF-8"))); + assertEquals(whishName, ((X500Name) xcert.getSubjectDN()).getCommonName()); + + } + + private String issueCert(String csr, String options) throws IOException, GeneralSecurityException { + HttpURLConnection connection = (HttpURLConnection) new URL("https://" + getServerName().replaceFirst("^www.", "api.") + CreateCertificate.PATH).openConnection(); authenticateClientCert(pk, ce, connection); connection.setDoOutput(true); OutputStream os = connection.getOutputStream(); - os.write(("csr=" + URLEncoder.encode(generatePEMCSR(kp, "CN=a b"), "UTF-8")).getBytes()); + os.write((options + "&csr=" + URLEncoder.encode(csr, "UTF-8")).getBytes("UTF-8")); os.flush(); - assertEquals(connection.getResponseCode(), 200); + assertEquals(connection.getResponseMessage(), 200, connection.getResponseCode()); String cert = IOUtils.readURL(new InputStreamReader(connection.getInputStream(), "UTF-8")); - CertificateFactory cf = CertificateFactory.getInstance("X509"); - Collection certs = cf.generateCertificates(new ByteArrayInputStream(cert.getBytes())); - assertEquals("a b", ((X500Name) ((X509Certificate) certs.iterator().next()).getSubjectDN()).getCommonName()); + return cert; + } + + private void revoke(String serial) throws IOException, GeneralSecurityException { + HttpURLConnection connection; + OutputStream os; + connection = (HttpURLConnection) new URL("https://" + getServerName().replaceFirst("^www.", "api.") + "/account/certs/revoke").openConnection(); + authenticateClientCert(pk, ce, connection); + connection.setDoOutput(true); + os = connection.getOutputStream(); + os.write(("serial=" + URLEncoder.encode(serial, "UTF-8")).getBytes("UTF-8")); + os.flush(); + assertEquals(connection.getResponseCode(), 200); } }