From 150cc0ac00db36ed7610683319a3177b0cb62da2 Mon Sep 17 00:00:00 2001
From: CyB3RC0nN0R <kske@outlook.de>
Date: Sat, 31 Aug 2019 21:35:26 +0200
Subject: [PATCH] add: display fingerprint on RootCertPage, TestCACertificate
 class

Change-Id: Icdca73da47e87366b686f0fc83558736728357ef
---
 .../wpia/gigi/dbObjects/CACertificate.java    |   7 +-
 src/club/wpia/gigi/dbObjects/Certificate.java |   2 +-
 src/club/wpia/gigi/pages/RootCertPage.java    |  10 +-
 src/club/wpia/gigi/pages/RootCertPage.templ   |   5 +
 .../gigi/dbObjects/TestCACertificate.java     | 101 ++++++++++++++++++
 5 files changed, 121 insertions(+), 4 deletions(-)
 create mode 100644 tests/club/wpia/gigi/dbObjects/TestCACertificate.java

diff --git a/src/club/wpia/gigi/dbObjects/CACertificate.java b/src/club/wpia/gigi/dbObjects/CACertificate.java
index 1240cd89..6e03fbc4 100644
--- a/src/club/wpia/gigi/dbObjects/CACertificate.java
+++ b/src/club/wpia/gigi/dbObjects/CACertificate.java
@@ -4,6 +4,8 @@ import java.io.File;
 import java.io.FileInputStream;
 import java.io.FileNotFoundException;
 import java.security.GeneralSecurityException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateEncodingException;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
@@ -197,8 +199,11 @@ public class CACertificate implements IdCachable {
         return this == getParent();
     }
 
+    public String getFingerprint(String algorithm) throws CertificateEncodingException, NoSuchAlgorithmException {
+        return Certificate.getFingerprint(cert, algorithm);
+    }
+    
     public static synchronized CACertificate[] getAll() {
         return Arrays.copyOf(instances, instances.length);
     }
-
 }
diff --git a/src/club/wpia/gigi/dbObjects/Certificate.java b/src/club/wpia/gigi/dbObjects/Certificate.java
index a97ed158..2027ce9d 100644
--- a/src/club/wpia/gigi/dbObjects/Certificate.java
+++ b/src/club/wpia/gigi/dbObjects/Certificate.java
@@ -673,7 +673,7 @@ public class Certificate implements IdCachable {
         return getFingerprint(certx, algorithm);
     }
 
-    private static String getFingerprint(X509Certificate cert, String algorithm) throws NoSuchAlgorithmException, CertificateEncodingException {
+    protected static String getFingerprint(X509Certificate cert, String algorithm) throws NoSuchAlgorithmException, CertificateEncodingException {
         MessageDigest md = MessageDigest.getInstance(algorithm);
         byte[] der = cert.getEncoded();
         md.update(der);
diff --git a/src/club/wpia/gigi/pages/RootCertPage.java b/src/club/wpia/gigi/pages/RootCertPage.java
index b065463d..55e45003 100644
--- a/src/club/wpia/gigi/pages/RootCertPage.java
+++ b/src/club/wpia/gigi/pages/RootCertPage.java
@@ -143,13 +143,19 @@ public class RootCertPage extends Page {
         Map<String, Object> map = Page.getDefaultVars(req);
         map.put("root", rootP);
         map.put("bundle", appName + "_intermediate_bundle.p7b");
-        getDefaultTemplate().output(resp.getWriter(), getLanguage(req), map);
 
+        try {
+            map.put("fingerprintSHA1", rootP.target.getFingerprint("sha-1"));
+            map.put("fingerprintSHA256", rootP.target.getFingerprint("sha-256"));
+        } catch (GeneralSecurityException e) {
+            e.printStackTrace();
+        }
+
+        getDefaultTemplate().output(resp.getWriter(), getLanguage(req), map);
     }
 
     @Override
     public boolean needsLogin() {
         return false;
     }
-
 }
diff --git a/src/club/wpia/gigi/pages/RootCertPage.templ b/src/club/wpia/gigi/pages/RootCertPage.templ
index 10b20f8c..8c2711af 100644
--- a/src/club/wpia/gigi/pages/RootCertPage.templ
+++ b/src/club/wpia/gigi/pages/RootCertPage.templ
@@ -1,5 +1,10 @@
 <p><?=_The Root certificate is available for download here. Choose your preferred format:?><br/>
 <a href="?pem">PEM</a> <a href="?cer">DER</a></p>
+<p><?=_Root certificate fingerprints:?><br/>
+<?=_Fingerprint SHA-1?>:
+<?=$fingerprintSHA1?><br/>
+<?=_Fingerprint SHA-256?>:
+<?=$fingerprintSHA256?><br/></p>
 <p><?=_A p7b file with all intermediate certificates is available for download here:?><br/>
 <a href="?bundle"><?=$bundle?></a></p>
 <p><?=_Find information how to add the root and intermediate certificates to the truststore of your browser or operating system in our !(/kb/truststores)FAQ!'</a>'.?></p>
diff --git a/tests/club/wpia/gigi/dbObjects/TestCACertificate.java b/tests/club/wpia/gigi/dbObjects/TestCACertificate.java
new file mode 100644
index 00000000..af17cf6d
--- /dev/null
+++ b/tests/club/wpia/gigi/dbObjects/TestCACertificate.java
@@ -0,0 +1,101 @@
+package club.wpia.gigi.dbObjects;
+
+import static org.junit.Assert.*;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+
+import org.junit.Before;
+import org.junit.Test;
+
+import club.wpia.gigi.testUtils.ClientBusinessTest;
+
+public class TestCACertificate extends ClientBusinessTest {
+
+    public CertificateFactory fact;
+
+    public CACertificate root, orga;
+
+    public int rootId, orgaId;
+
+    public X509Certificate configRoot;
+
+    @Before
+    public void getTestCertificates() throws CertificateException, FileNotFoundException {
+        fact = CertificateFactory.getInstance("X.509");
+
+        for (CACertificate cert : CACertificate.getAll()) {
+            if ("root".equals(cert.getKeyname())) {
+                root = cert;
+                rootId = cert.getId();
+            } else if ("orga".equals(cert.getKeyname())) {
+                orga = cert;
+                orgaId = cert.getId();
+            }
+        }
+        FileInputStream fis = new FileInputStream(new File("config/ca/root.crt"));
+        configRoot = (X509Certificate) fact.generateCertificate(fis);
+    }
+
+    @Test
+    public void testGetParent() {
+        assertEquals(root, orga.getParent());
+    }
+
+    @Test
+    public void testGetCertificate() {
+        assertEquals(configRoot, root.getCertificate());
+    }
+
+    @Test
+    public void testToString() {
+        assertEquals("CACertificate: root", root.toString());
+        assertEquals("CACertificate: orga", orga.toString());
+    }
+
+    @Test
+    public void testGetId() {
+        assertEquals(rootId, root.getId());
+        assertEquals(orgaId, orga.getId());
+    }
+
+    @Test
+    public void testGetKeyname() {
+        assertEquals("root", root.getKeyname());
+        assertEquals("orga", orga.getKeyname());
+    }
+
+    // TODO: test getLink
+
+    @Test
+    public void testGetById() {
+        assertEquals(root, CACertificate.getById(rootId));
+        assertEquals(orga, CACertificate.getById(orgaId));
+    }
+
+    @Test
+    public void testIsSelfsigned() {
+        assertTrue(root.isSelfsigned());
+        assertFalse(orga.isSelfsigned());
+    }
+
+    @Test
+    public void testGetFingerprint() throws CertificateEncodingException, NoSuchAlgorithmException {
+        assertEquals(Certificate.getFingerprint(configRoot, "sha-1"), root.getFingerprint("sha-1"));
+        assertEquals(Certificate.getFingerprint(configRoot, "sha-256"), root.getFingerprint("sha-256"));
+    }
+
+    @Test
+    public void testGetAll() throws FileNotFoundException, CertificateException {
+        for (CACertificate cert : CACertificate.getAll()) {
+            FileInputStream fis = new FileInputStream(new File(String.format("config/ca/%s.crt", cert.getKeyname())));
+            assertEquals(cert.getCertificate(), (X509Certificate) fact.generateCertificate(fis));
+        }
+    }
+}
-- 
2.39.2