Use java keygen for test-csr-generation.

author Felix Dörre <felix@dogcraft.de>

Tue, 29 Jul 2014 14:44:22 +0000 (16:44 +0200)

committer Felix Dörre <felix@dogcraft.de>

Tue, 29 Jul 2014 14:44:22 +0000 (16:44 +0200)
author Felix Dörre <felix@dogcraft.de>
Tue, 29 Jul 2014 14:44:22 +0000 (16:44 +0200)
committer Felix Dörre <felix@dogcraft.de>
Tue, 29 Jul 2014 14:44:22 +0000 (16:44 +0200)
diff --git a/tests/org/cacert/gigi/TestCertificate.java b/tests/org/cacert/gigi/TestCertificate.java

index 5784e2ca57ccec4b4fc0fb62bfa73c5fb87e7b9a..99dd03e8127f60d8f28891dcba84b8ba55a2cd6c 100644 (file)
--- a/tests/org/cacert/gigi/TestCertificate.java
+++ b/tests/org/cacert/gigi/TestCertificate.java
@@ -2,6 +2,7 @@ package org.cacert.gigi;
  
  import java.io.IOException;
  import java.security.GeneralSecurityException;
+import java.security.KeyPair;
  import java.security.PrivateKey;
  import java.security.cert.X509Certificate;
  import java.sql.SQLException;
@@ -9,7 +10,6 @@ import java.sql.SQLException;
  import org.cacert.gigi.Certificate.CSRType;
  import org.cacert.gigi.Certificate.CertificateStatus;
  import org.cacert.gigi.testUtils.ManagedTest;
-import org.cacert.gigi.testUtils.PemKey;
  import org.junit.Test;
  
  import static org.junit.Assert.*;
@@ -18,9 +18,10 @@ public class TestCertificate extends ManagedTest {
  
      @Test
      public void testClientCertLoginStates() throws IOException, GeneralSecurityException, SQLException, InterruptedException {
-        String[] key1 = generateCSR("/CN=testmail@example.com");
-        Certificate c = new Certificate(1, "/CN=testmail@example.com", "sha256", key1[1], CSRType.CSR);
-        final PrivateKey pk = PemKey.parsePEMPrivateKey(key1[0]);
+        KeyPair kp = generateKeypair();
+        String key1 = generatePEMCSR(kp, "CN=testmail@example.com");
+        Certificate c = new Certificate(1, "/CN=testmail@example.com", "sha256", key1, CSRType.CSR);
+        final PrivateKey pk = kp.getPrivate();
          c.issue().waitFor(60000);
          final X509Certificate ce = c.cert();
          assertNotNull(login(pk, ce));
@@ -28,9 +29,10 @@ public class TestCertificate extends ManagedTest {
  
      @Test
      public void testCertLifeCycle() throws IOException, GeneralSecurityException, SQLException, InterruptedException {
-        String[] key1 = generateCSR("/CN=testmail@example.com");
-        Certificate c = new Certificate(1, "/CN=testmail@example.com", "sha256", key1[1], CSRType.CSR);
-        final PrivateKey pk = PemKey.parsePEMPrivateKey(key1[0]);
+        KeyPair kp = generateKeypair();
+        String key = generatePEMCSR(kp, "CN=testmail@example.com");
+        Certificate c = new Certificate(1, "/CN=testmail@example.com", "sha256", key, CSRType.CSR);
+        final PrivateKey pk = kp.getPrivate();
  
          testFails(CertificateStatus.DRAFT, c);
          c.issue().waitFor(60000);
diff --git a/tests/org/cacert/gigi/TestSeparateSessionScope.java b/tests/org/cacert/gigi/TestSeparateSessionScope.java

index e676e51bde2501c77e9b74b0c68e093190d768cc..6f78dbac150142af354af80eb2f1e51dc1fca20f 100644 (file)
--- a/tests/org/cacert/gigi/TestSeparateSessionScope.java
+++ b/tests/org/cacert/gigi/TestSeparateSessionScope.java
@@ -6,13 +6,13 @@ import java.io.IOException;
  import java.net.HttpURLConnection;
  import java.net.URL;
  import java.security.GeneralSecurityException;
+import java.security.KeyPair;
  import java.security.PrivateKey;
  import java.security.cert.X509Certificate;
  import java.sql.SQLException;
  
  import org.cacert.gigi.Certificate.CSRType;
  import org.cacert.gigi.testUtils.ManagedTest;
-import org.cacert.gigi.testUtils.PemKey;
  import org.junit.Test;
  
  public class TestSeparateSessionScope extends ManagedTest {
@@ -22,9 +22,10 @@ public class TestSeparateSessionScope extends ManagedTest {
          String mail = "thisgo" + createUniqueName() + "@example.com";
          int user = createAssuranceUser("test", "tugo", mail, TEST_PASSWORD);
          String cookie = login(mail, TEST_PASSWORD);
-        String[] csr = generateCSR("/CN=felix@dogcraft.de");
-        Certificate c = new Certificate(user, "/CN=testmail@example.com", "sha256", csr[1], CSRType.CSR);
-        final PrivateKey pk = PemKey.parsePEMPrivateKey(csr[0]);
+        KeyPair kp = generateKeypair();
+        String csr = generatePEMCSR(kp, "CN=felix@dogcraft.de");
+        Certificate c = new Certificate(user, "/CN=testmail@example.com", "sha256", csr, CSRType.CSR);
+        final PrivateKey pk = kp.getPrivate();
          c.issue().waitFor(60000);
          final X509Certificate ce = c.cert();
          String scookie = login(pk, ce);
diff --git a/tests/org/cacert/gigi/testUtils/ManagedTest.java b/tests/org/cacert/gigi/testUtils/ManagedTest.java

index a021427e861e08d659c2f5c3249af43cbd5b5288..2518849f92b37ff298b98554d312325ab59715f7 100644 (file)
--- a/tests/org/cacert/gigi/testUtils/ManagedTest.java
+++ b/tests/org/cacert/gigi/testUtils/ManagedTest.java
@@ -18,10 +18,14 @@ import java.net.URLConnection;
  import java.net.URLEncoder;
  import java.nio.file.Files;
  import java.nio.file.Paths;
+import java.security.GeneralSecurityException;
  import java.security.KeyManagementException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
  import java.security.NoSuchAlgorithmException;
  import java.security.Principal;
  import java.security.PrivateKey;
+import java.security.Signature;
  import java.security.cert.X509Certificate;
  import java.sql.PreparedStatement;
  import java.sql.ResultSet;
@@ -43,12 +47,17 @@ import org.cacert.gigi.User;
  import org.cacert.gigi.database.DatabaseConnection;
  import org.cacert.gigi.testUtils.TestEmailReciever.TestMail;
  import org.cacert.gigi.util.DatabaseManager;
+import org.cacert.gigi.util.PEM;
  import org.cacert.gigi.util.ServerConstants;
  import org.cacert.gigi.util.SimpleSigner;
  import org.junit.After;
  import org.junit.AfterClass;
  import org.junit.BeforeClass;
  
+import sun.security.pkcs10.PKCS10;
+import sun.security.pkcs10.PKCS10Attributes;
+import sun.security.x509.X500Name;
+
  public class ManagedTest {
  
      /**
@@ -394,18 +403,18 @@ public class ManagedTest {
          return m.group(1);
      }
  
-    public static String[] generateCSR(String dn) throws IOException {
-        Process p = Runtime.getRuntime().exec(new String[] {
-                "openssl", "req", "-newkey", "rsa:1024", "-nodes", "-subj", dn, "-config", "keys/selfsign.config"
-        });
-        String csr = IOUtils.readURL(new InputStreamReader(p.getInputStream()));
+    public static KeyPair generateKeypair() throws GeneralSecurityException {
+        KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
+        kpg.initialize(4096);
+        return kpg.generateKeyPair();
+    }
  
-        String[] parts = csr.split("(?<=-----)\n(?=-----)");
-        if (parts.length != 2) {
-            System.err.println(IOUtils.readURL(new InputStreamReader(p.getErrorStream())));
-            throw new Error();
-        }
-        return parts;
+    public static String generatePEMCSR(KeyPair kp, String dn) throws GeneralSecurityException, IOException {
+        PKCS10 p10 = new PKCS10(kp.getPublic(), new PKCS10Attributes());
+        Signature s = Signature.getInstance("SHA256WithRSA");
+        s.initSign(kp.getPrivate());
+        p10.encodeAndSign(new X500Name(dn), s);
+        return PEM.encode("CERTIFICATE REQUEST", p10.getEncoded());
      }
  
      public String executeBasicWebInteraction(String cookie, String path, String query) throws MalformedURLException, UnsupportedEncodingException, IOException {
diff --git a/tests/org/cacert/gigi/testUtils/PemKey.java b/tests/org/cacert/gigi/testUtils/PemKey.java

deleted file mode 100644 (file)

index c790dd7..0000000
--- a/tests/org/cacert/gigi/testUtils/PemKey.java
+++ /dev/null
@@ -1,40 +0,0 @@
-package org.cacert.gigi.testUtils;
-
-import java.io.IOException;
-import java.io.InputStreamReader;
-import java.security.KeyFactory;
-import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
-import java.security.spec.InvalidKeySpecException;
-import java.security.spec.PKCS8EncodedKeySpec;
-import java.util.Base64;
-
-public class PemKey {
-
-    public static PrivateKey parsePEMPrivateKey(String privKeyPEM) throws NoSuchAlgorithmException, InvalidKeySpecException {
-        if (privKeyPEM.startsWith("-----BEGIN RSA PRIVATE KEY-----")) {
-            // key is pkcs1 convert to p8
-            try {
-                Process p = Runtime.getRuntime().exec(new String[] {
-                        "openssl", "pkcs8", "-topk8", "-nocrypt"
-                });
-                p.getOutputStream().write(privKeyPEM.getBytes());
-                p.getOutputStream().close();
-                privKeyPEM = IOUtils.readURL(new InputStreamReader(p.getInputStream()));
-            } catch (IOException e) {
-                e.printStackTrace();
-            }
-        }
-        privKeyPEM = privKeyPEM.replaceAll("-----BEGIN PRIVATE KEY-----", "").replace("\n", "");
-        // Remove the first and last lines
-        privKeyPEM = privKeyPEM.replaceAll("-----END PRIVATE KEY-----", "");
-        // Base64 decode the data
-        byte[] encoded = Base64.getDecoder().decode(privKeyPEM);
-
-        // PKCS8 decode the encoded RSA private key
-        PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encoded);
-        KeyFactory kf = KeyFactory.getInstance("RSA");
-        PrivateKey privKey = kf.generatePrivate(keySpec);
-        return privKey;
-    }
-}
author	Felix Dörre <felix@dogcraft.de>
	Tue, 29 Jul 2014 14:44:22 +0000 (16:44 +0200)
committer	Felix Dörre <felix@dogcraft.de>
	Tue, 29 Jul 2014 14:44:22 +0000 (16:44 +0200)
tests/org/cacert/gigi/TestCertificate.java		patch \| blob \| history
tests/org/cacert/gigi/TestSeparateSessionScope.java		patch \| blob \| history
tests/org/cacert/gigi/testUtils/ManagedTest.java		patch \| blob \| history
tests/org/cacert/gigi/testUtils/PemKey.java	[deleted file]	patch \| blob \| history