Merge "add: ensure that for TTP Agent actions certificate login is used"
authorMarcus Mängel <m.maengel@inopiae.de>
Wed, 11 Sep 2019 03:11:13 +0000 (05:11 +0200)
committerGerrit Code Review <gigi-system@dogcraft.de>
Wed, 11 Sep 2019 03:11:13 +0000 (05:11 +0200)
src/club/wpia/gigi/dbObjects/CACertificate.java
src/club/wpia/gigi/dbObjects/Certificate.java
src/club/wpia/gigi/pages/RootCertPage.java
src/club/wpia/gigi/pages/RootCertPage.templ
tests/club/wpia/gigi/dbObjects/TestCACertificate.java [new file with mode: 0644]

index 1240cd8..6e03fbc 100644 (file)
@@ -4,6 +4,8 @@ import java.io.File;
 import java.io.FileInputStream;
 import java.io.FileNotFoundException;
 import java.security.GeneralSecurityException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateEncodingException;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
@@ -197,8 +199,11 @@ public class CACertificate implements IdCachable {
         return this == getParent();
     }
 
+    public String getFingerprint(String algorithm) throws CertificateEncodingException, NoSuchAlgorithmException {
+        return Certificate.getFingerprint(cert, algorithm);
+    }
+    
     public static synchronized CACertificate[] getAll() {
         return Arrays.copyOf(instances, instances.length);
     }
-
 }
index a97ed15..2027ce9 100644 (file)
@@ -673,7 +673,7 @@ public class Certificate implements IdCachable {
         return getFingerprint(certx, algorithm);
     }
 
-    private static String getFingerprint(X509Certificate cert, String algorithm) throws NoSuchAlgorithmException, CertificateEncodingException {
+    protected static String getFingerprint(X509Certificate cert, String algorithm) throws NoSuchAlgorithmException, CertificateEncodingException {
         MessageDigest md = MessageDigest.getInstance(algorithm);
         byte[] der = cert.getEncoded();
         md.update(der);
index b065463..55e4500 100644 (file)
@@ -143,13 +143,19 @@ public class RootCertPage extends Page {
         Map<String, Object> map = Page.getDefaultVars(req);
         map.put("root", rootP);
         map.put("bundle", appName + "_intermediate_bundle.p7b");
-        getDefaultTemplate().output(resp.getWriter(), getLanguage(req), map);
 
+        try {
+            map.put("fingerprintSHA1", rootP.target.getFingerprint("sha-1"));
+            map.put("fingerprintSHA256", rootP.target.getFingerprint("sha-256"));
+        } catch (GeneralSecurityException e) {
+            e.printStackTrace();
+        }
+
+        getDefaultTemplate().output(resp.getWriter(), getLanguage(req), map);
     }
 
     @Override
     public boolean needsLogin() {
         return false;
     }
-
 }
index 10b20f8..8c2711a 100644 (file)
@@ -1,5 +1,10 @@
 <p><?=_The Root certificate is available for download here. Choose your preferred format:?><br/>
 <a href="?pem">PEM</a> <a href="?cer">DER</a></p>
+<p><?=_Root certificate fingerprints:?><br/>
+<?=_Fingerprint SHA-1?>:
+<?=$fingerprintSHA1?><br/>
+<?=_Fingerprint SHA-256?>:
+<?=$fingerprintSHA256?><br/></p>
 <p><?=_A p7b file with all intermediate certificates is available for download here:?><br/>
 <a href="?bundle"><?=$bundle?></a></p>
 <p><?=_Find information how to add the root and intermediate certificates to the truststore of your browser or operating system in our !(/kb/truststores)FAQ!'</a>'.?></p>
diff --git a/tests/club/wpia/gigi/dbObjects/TestCACertificate.java b/tests/club/wpia/gigi/dbObjects/TestCACertificate.java
new file mode 100644 (file)
index 0000000..af17cf6
--- /dev/null
@@ -0,0 +1,101 @@
+package club.wpia.gigi.dbObjects;
+
+import static org.junit.Assert.*;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+
+import org.junit.Before;
+import org.junit.Test;
+
+import club.wpia.gigi.testUtils.ClientBusinessTest;
+
+public class TestCACertificate extends ClientBusinessTest {
+
+    public CertificateFactory fact;
+
+    public CACertificate root, orga;
+
+    public int rootId, orgaId;
+
+    public X509Certificate configRoot;
+
+    @Before
+    public void getTestCertificates() throws CertificateException, FileNotFoundException {
+        fact = CertificateFactory.getInstance("X.509");
+
+        for (CACertificate cert : CACertificate.getAll()) {
+            if ("root".equals(cert.getKeyname())) {
+                root = cert;
+                rootId = cert.getId();
+            } else if ("orga".equals(cert.getKeyname())) {
+                orga = cert;
+                orgaId = cert.getId();
+            }
+        }
+        FileInputStream fis = new FileInputStream(new File("config/ca/root.crt"));
+        configRoot = (X509Certificate) fact.generateCertificate(fis);
+    }
+
+    @Test
+    public void testGetParent() {
+        assertEquals(root, orga.getParent());
+    }
+
+    @Test
+    public void testGetCertificate() {
+        assertEquals(configRoot, root.getCertificate());
+    }
+
+    @Test
+    public void testToString() {
+        assertEquals("CACertificate: root", root.toString());
+        assertEquals("CACertificate: orga", orga.toString());
+    }
+
+    @Test
+    public void testGetId() {
+        assertEquals(rootId, root.getId());
+        assertEquals(orgaId, orga.getId());
+    }
+
+    @Test
+    public void testGetKeyname() {
+        assertEquals("root", root.getKeyname());
+        assertEquals("orga", orga.getKeyname());
+    }
+
+    // TODO: test getLink
+
+    @Test
+    public void testGetById() {
+        assertEquals(root, CACertificate.getById(rootId));
+        assertEquals(orga, CACertificate.getById(orgaId));
+    }
+
+    @Test
+    public void testIsSelfsigned() {
+        assertTrue(root.isSelfsigned());
+        assertFalse(orga.isSelfsigned());
+    }
+
+    @Test
+    public void testGetFingerprint() throws CertificateEncodingException, NoSuchAlgorithmException {
+        assertEquals(Certificate.getFingerprint(configRoot, "sha-1"), root.getFingerprint("sha-1"));
+        assertEquals(Certificate.getFingerprint(configRoot, "sha-256"), root.getFingerprint("sha-256"));
+    }
+
+    @Test
+    public void testGetAll() throws FileNotFoundException, CertificateException {
+        for (CACertificate cert : CACertificate.getAll()) {
+            FileInputStream fis = new FileInputStream(new File(String.format("config/ca/%s.crt", cert.getKeyname())));
+            assertEquals(cert.getCertificate(), (X509Certificate) fact.generateCertificate(fis));
+        }
+    }
+}