import java.io.IOException;
import java.security.GeneralSecurityException;
+import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.sql.SQLException;
import org.cacert.gigi.Certificate.CSRType;
import org.cacert.gigi.Certificate.CertificateStatus;
import org.cacert.gigi.testUtils.ManagedTest;
-import org.cacert.gigi.testUtils.PemKey;
import org.junit.Test;
import static org.junit.Assert.*;
@Test
public void testClientCertLoginStates() throws IOException, GeneralSecurityException, SQLException, InterruptedException {
- String[] key1 = generateCSR("/CN=testmail@example.com");
- Certificate c = new Certificate(1, "/CN=testmail@example.com", "sha256", key1[1], CSRType.CSR);
- final PrivateKey pk = PemKey.parsePEMPrivateKey(key1[0]);
+ KeyPair kp = generateKeypair();
+ String key1 = generatePEMCSR(kp, "CN=testmail@example.com");
+ Certificate c = new Certificate(1, "/CN=testmail@example.com", "sha256", key1, CSRType.CSR);
+ final PrivateKey pk = kp.getPrivate();
c.issue().waitFor(60000);
final X509Certificate ce = c.cert();
assertNotNull(login(pk, ce));
@Test
public void testCertLifeCycle() throws IOException, GeneralSecurityException, SQLException, InterruptedException {
- String[] key1 = generateCSR("/CN=testmail@example.com");
- Certificate c = new Certificate(1, "/CN=testmail@example.com", "sha256", key1[1], CSRType.CSR);
- final PrivateKey pk = PemKey.parsePEMPrivateKey(key1[0]);
+ KeyPair kp = generateKeypair();
+ String key = generatePEMCSR(kp, "CN=testmail@example.com");
+ Certificate c = new Certificate(1, "/CN=testmail@example.com", "sha256", key, CSRType.CSR);
+ final PrivateKey pk = kp.getPrivate();
testFails(CertificateStatus.DRAFT, c);
c.issue().waitFor(60000);
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.GeneralSecurityException;
+import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.sql.SQLException;
import org.cacert.gigi.Certificate.CSRType;
import org.cacert.gigi.testUtils.ManagedTest;
-import org.cacert.gigi.testUtils.PemKey;
import org.junit.Test;
public class TestSeparateSessionScope extends ManagedTest {
String mail = "thisgo" + createUniqueName() + "@example.com";
int user = createAssuranceUser("test", "tugo", mail, TEST_PASSWORD);
String cookie = login(mail, TEST_PASSWORD);
- String[] csr = generateCSR("/CN=felix@dogcraft.de");
- Certificate c = new Certificate(user, "/CN=testmail@example.com", "sha256", csr[1], CSRType.CSR);
- final PrivateKey pk = PemKey.parsePEMPrivateKey(csr[0]);
+ KeyPair kp = generateKeypair();
+ String csr = generatePEMCSR(kp, "CN=felix@dogcraft.de");
+ Certificate c = new Certificate(user, "/CN=testmail@example.com", "sha256", csr, CSRType.CSR);
+ final PrivateKey pk = kp.getPrivate();
c.issue().waitFor(60000);
final X509Certificate ce = c.cert();
String scookie = login(pk, ce);
import java.net.URLEncoder;
import java.nio.file.Files;
import java.nio.file.Paths;
+import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
+import java.security.Signature;
import java.security.cert.X509Certificate;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import org.cacert.gigi.database.DatabaseConnection;
import org.cacert.gigi.testUtils.TestEmailReciever.TestMail;
import org.cacert.gigi.util.DatabaseManager;
+import org.cacert.gigi.util.PEM;
import org.cacert.gigi.util.ServerConstants;
import org.cacert.gigi.util.SimpleSigner;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.BeforeClass;
+import sun.security.pkcs10.PKCS10;
+import sun.security.pkcs10.PKCS10Attributes;
+import sun.security.x509.X500Name;
+
public class ManagedTest {
/**
return m.group(1);
}
- public static String[] generateCSR(String dn) throws IOException {
- Process p = Runtime.getRuntime().exec(new String[] {
- "openssl", "req", "-newkey", "rsa:1024", "-nodes", "-subj", dn, "-config", "keys/selfsign.config"
- });
- String csr = IOUtils.readURL(new InputStreamReader(p.getInputStream()));
+ public static KeyPair generateKeypair() throws GeneralSecurityException {
+ KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
+ kpg.initialize(4096);
+ return kpg.generateKeyPair();
+ }
- String[] parts = csr.split("(?<=-----)\n(?=-----)");
- if (parts.length != 2) {
- System.err.println(IOUtils.readURL(new InputStreamReader(p.getErrorStream())));
- throw new Error();
- }
- return parts;
+ public static String generatePEMCSR(KeyPair kp, String dn) throws GeneralSecurityException, IOException {
+ PKCS10 p10 = new PKCS10(kp.getPublic(), new PKCS10Attributes());
+ Signature s = Signature.getInstance("SHA256WithRSA");
+ s.initSign(kp.getPrivate());
+ p10.encodeAndSign(new X500Name(dn), s);
+ return PEM.encode("CERTIFICATE REQUEST", p10.getEncoded());
}
public String executeBasicWebInteraction(String cookie, String path, String query) throws MalformedURLException, UnsupportedEncodingException, IOException {
+++ /dev/null
-package org.cacert.gigi.testUtils;
-
-import java.io.IOException;
-import java.io.InputStreamReader;
-import java.security.KeyFactory;
-import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
-import java.security.spec.InvalidKeySpecException;
-import java.security.spec.PKCS8EncodedKeySpec;
-import java.util.Base64;
-
-public class PemKey {
-
- public static PrivateKey parsePEMPrivateKey(String privKeyPEM) throws NoSuchAlgorithmException, InvalidKeySpecException {
- if (privKeyPEM.startsWith("-----BEGIN RSA PRIVATE KEY-----")) {
- // key is pkcs1 convert to p8
- try {
- Process p = Runtime.getRuntime().exec(new String[] {
- "openssl", "pkcs8", "-topk8", "-nocrypt"
- });
- p.getOutputStream().write(privKeyPEM.getBytes());
- p.getOutputStream().close();
- privKeyPEM = IOUtils.readURL(new InputStreamReader(p.getInputStream()));
- } catch (IOException e) {
- e.printStackTrace();
- }
- }
- privKeyPEM = privKeyPEM.replaceAll("-----BEGIN PRIVATE KEY-----", "").replace("\n", "");
- // Remove the first and last lines
- privKeyPEM = privKeyPEM.replaceAll("-----END PRIVATE KEY-----", "");
- // Base64 decode the data
- byte[] encoded = Base64.getDecoder().decode(privKeyPEM);
-
- // PKCS8 decode the encoded RSA private key
- PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encoded);
- KeyFactory kf = KeyFactory.getInstance("RSA");
- PrivateKey privKey = kf.generatePrivate(keySpec);
- return privKey;
- }
-}