From: Felix Dörre <felix@dogcraft.de>
Date: Tue, 29 Jul 2014 14:44:22 +0000 (+0200)
Subject: Use java keygen for test-csr-generation.
X-Git-Url: https://code.wpia.club/?p=gigi.git;a=commitdiff_plain;h=a5c3e98a922e432d1ec2fd0b924045638c6c9376

Use java keygen for test-csr-generation.
---

diff --git a/tests/org/cacert/gigi/TestCertificate.java b/tests/org/cacert/gigi/TestCertificate.java
index 5784e2ca..99dd03e8 100644
--- a/tests/org/cacert/gigi/TestCertificate.java
+++ b/tests/org/cacert/gigi/TestCertificate.java
@@ -2,6 +2,7 @@ package org.cacert.gigi;
 
 import java.io.IOException;
 import java.security.GeneralSecurityException;
+import java.security.KeyPair;
 import java.security.PrivateKey;
 import java.security.cert.X509Certificate;
 import java.sql.SQLException;
@@ -9,7 +10,6 @@ import java.sql.SQLException;
 import org.cacert.gigi.Certificate.CSRType;
 import org.cacert.gigi.Certificate.CertificateStatus;
 import org.cacert.gigi.testUtils.ManagedTest;
-import org.cacert.gigi.testUtils.PemKey;
 import org.junit.Test;
 
 import static org.junit.Assert.*;
@@ -18,9 +18,10 @@ public class TestCertificate extends ManagedTest {
 
     @Test
     public void testClientCertLoginStates() throws IOException, GeneralSecurityException, SQLException, InterruptedException {
-        String[] key1 = generateCSR("/CN=testmail@example.com");
-        Certificate c = new Certificate(1, "/CN=testmail@example.com", "sha256", key1[1], CSRType.CSR);
-        final PrivateKey pk = PemKey.parsePEMPrivateKey(key1[0]);
+        KeyPair kp = generateKeypair();
+        String key1 = generatePEMCSR(kp, "CN=testmail@example.com");
+        Certificate c = new Certificate(1, "/CN=testmail@example.com", "sha256", key1, CSRType.CSR);
+        final PrivateKey pk = kp.getPrivate();
         c.issue().waitFor(60000);
         final X509Certificate ce = c.cert();
         assertNotNull(login(pk, ce));
@@ -28,9 +29,10 @@ public class TestCertificate extends ManagedTest {
 
     @Test
     public void testCertLifeCycle() throws IOException, GeneralSecurityException, SQLException, InterruptedException {
-        String[] key1 = generateCSR("/CN=testmail@example.com");
-        Certificate c = new Certificate(1, "/CN=testmail@example.com", "sha256", key1[1], CSRType.CSR);
-        final PrivateKey pk = PemKey.parsePEMPrivateKey(key1[0]);
+        KeyPair kp = generateKeypair();
+        String key = generatePEMCSR(kp, "CN=testmail@example.com");
+        Certificate c = new Certificate(1, "/CN=testmail@example.com", "sha256", key, CSRType.CSR);
+        final PrivateKey pk = kp.getPrivate();
 
         testFails(CertificateStatus.DRAFT, c);
         c.issue().waitFor(60000);
diff --git a/tests/org/cacert/gigi/TestSeparateSessionScope.java b/tests/org/cacert/gigi/TestSeparateSessionScope.java
index e676e51b..6f78dbac 100644
--- a/tests/org/cacert/gigi/TestSeparateSessionScope.java
+++ b/tests/org/cacert/gigi/TestSeparateSessionScope.java
@@ -6,13 +6,13 @@ import java.io.IOException;
 import java.net.HttpURLConnection;
 import java.net.URL;
 import java.security.GeneralSecurityException;
+import java.security.KeyPair;
 import java.security.PrivateKey;
 import java.security.cert.X509Certificate;
 import java.sql.SQLException;
 
 import org.cacert.gigi.Certificate.CSRType;
 import org.cacert.gigi.testUtils.ManagedTest;
-import org.cacert.gigi.testUtils.PemKey;
 import org.junit.Test;
 
 public class TestSeparateSessionScope extends ManagedTest {
@@ -22,9 +22,10 @@ public class TestSeparateSessionScope extends ManagedTest {
         String mail = "thisgo" + createUniqueName() + "@example.com";
         int user = createAssuranceUser("test", "tugo", mail, TEST_PASSWORD);
         String cookie = login(mail, TEST_PASSWORD);
-        String[] csr = generateCSR("/CN=felix@dogcraft.de");
-        Certificate c = new Certificate(user, "/CN=testmail@example.com", "sha256", csr[1], CSRType.CSR);
-        final PrivateKey pk = PemKey.parsePEMPrivateKey(csr[0]);
+        KeyPair kp = generateKeypair();
+        String csr = generatePEMCSR(kp, "CN=felix@dogcraft.de");
+        Certificate c = new Certificate(user, "/CN=testmail@example.com", "sha256", csr, CSRType.CSR);
+        final PrivateKey pk = kp.getPrivate();
         c.issue().waitFor(60000);
         final X509Certificate ce = c.cert();
         String scookie = login(pk, ce);
diff --git a/tests/org/cacert/gigi/testUtils/ManagedTest.java b/tests/org/cacert/gigi/testUtils/ManagedTest.java
index a021427e..2518849f 100644
--- a/tests/org/cacert/gigi/testUtils/ManagedTest.java
+++ b/tests/org/cacert/gigi/testUtils/ManagedTest.java
@@ -18,10 +18,14 @@ import java.net.URLConnection;
 import java.net.URLEncoder;
 import java.nio.file.Files;
 import java.nio.file.Paths;
+import java.security.GeneralSecurityException;
 import java.security.KeyManagementException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
 import java.security.NoSuchAlgorithmException;
 import java.security.Principal;
 import java.security.PrivateKey;
+import java.security.Signature;
 import java.security.cert.X509Certificate;
 import java.sql.PreparedStatement;
 import java.sql.ResultSet;
@@ -43,12 +47,17 @@ import org.cacert.gigi.User;
 import org.cacert.gigi.database.DatabaseConnection;
 import org.cacert.gigi.testUtils.TestEmailReciever.TestMail;
 import org.cacert.gigi.util.DatabaseManager;
+import org.cacert.gigi.util.PEM;
 import org.cacert.gigi.util.ServerConstants;
 import org.cacert.gigi.util.SimpleSigner;
 import org.junit.After;
 import org.junit.AfterClass;
 import org.junit.BeforeClass;
 
+import sun.security.pkcs10.PKCS10;
+import sun.security.pkcs10.PKCS10Attributes;
+import sun.security.x509.X500Name;
+
 public class ManagedTest {
 
     /**
@@ -394,18 +403,18 @@ public class ManagedTest {
         return m.group(1);
     }
 
-    public static String[] generateCSR(String dn) throws IOException {
-        Process p = Runtime.getRuntime().exec(new String[] {
-                "openssl", "req", "-newkey", "rsa:1024", "-nodes", "-subj", dn, "-config", "keys/selfsign.config"
-        });
-        String csr = IOUtils.readURL(new InputStreamReader(p.getInputStream()));
+    public static KeyPair generateKeypair() throws GeneralSecurityException {
+        KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
+        kpg.initialize(4096);
+        return kpg.generateKeyPair();
+    }
 
-        String[] parts = csr.split("(?<=-----)\n(?=-----)");
-        if (parts.length != 2) {
-            System.err.println(IOUtils.readURL(new InputStreamReader(p.getErrorStream())));
-            throw new Error();
-        }
-        return parts;
+    public static String generatePEMCSR(KeyPair kp, String dn) throws GeneralSecurityException, IOException {
+        PKCS10 p10 = new PKCS10(kp.getPublic(), new PKCS10Attributes());
+        Signature s = Signature.getInstance("SHA256WithRSA");
+        s.initSign(kp.getPrivate());
+        p10.encodeAndSign(new X500Name(dn), s);
+        return PEM.encode("CERTIFICATE REQUEST", p10.getEncoded());
     }
 
     public String executeBasicWebInteraction(String cookie, String path, String query) throws MalformedURLException, UnsupportedEncodingException, IOException {
diff --git a/tests/org/cacert/gigi/testUtils/PemKey.java b/tests/org/cacert/gigi/testUtils/PemKey.java
deleted file mode 100644
index c790dd72..00000000
--- a/tests/org/cacert/gigi/testUtils/PemKey.java
+++ /dev/null
@@ -1,40 +0,0 @@
-package org.cacert.gigi.testUtils;
-
-import java.io.IOException;
-import java.io.InputStreamReader;
-import java.security.KeyFactory;
-import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
-import java.security.spec.InvalidKeySpecException;
-import java.security.spec.PKCS8EncodedKeySpec;
-import java.util.Base64;
-
-public class PemKey {
-
-    public static PrivateKey parsePEMPrivateKey(String privKeyPEM) throws NoSuchAlgorithmException, InvalidKeySpecException {
-        if (privKeyPEM.startsWith("-----BEGIN RSA PRIVATE KEY-----")) {
-            // key is pkcs1 convert to p8
-            try {
-                Process p = Runtime.getRuntime().exec(new String[] {
-                        "openssl", "pkcs8", "-topk8", "-nocrypt"
-                });
-                p.getOutputStream().write(privKeyPEM.getBytes());
-                p.getOutputStream().close();
-                privKeyPEM = IOUtils.readURL(new InputStreamReader(p.getInputStream()));
-            } catch (IOException e) {
-                e.printStackTrace();
-            }
-        }
-        privKeyPEM = privKeyPEM.replaceAll("-----BEGIN PRIVATE KEY-----", "").replace("\n", "");
-        // Remove the first and last lines
-        privKeyPEM = privKeyPEM.replaceAll("-----END PRIVATE KEY-----", "");
-        // Base64 decode the data
-        byte[] encoded = Base64.getDecoder().decode(privKeyPEM);
-
-        // PKCS8 decode the encoded RSA private key
-        PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encoded);
-        KeyFactory kf = KeyFactory.getInstance("RSA");
-        PrivateKey privKey = kf.generatePrivate(keySpec);
-        return privKey;
-    }
-}