001: /*************************************************************************
002: * *
003: * EJBCA: The OpenSource Certificate Authority *
004: * *
005: * This software is free software; you can redistribute it and/or *
006: * modify it under the terms of the GNU Lesser General Public *
007: * License as published by the Free Software Foundation; either *
008: * version 2.1 of the License, or any later version. *
009: * *
010: * See terms of license at gnu.org. *
011: * *
012: *************************************************************************/package se.anatom.ejbca.ca.store;
013:
014: import java.util.ArrayList;
015: import java.util.List;
016:
017: import javax.naming.Context;
018: import javax.naming.NamingException;
019:
020: import junit.framework.TestCase;
021:
022: import org.apache.log4j.Logger;
023: import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
024: import org.bouncycastle.asn1.x509.X509Extensions;
025: import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionHome;
026: import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionRemote;
027: import org.ejbca.core.model.ca.certificateprofiles.CertificatePolicy;
028: import org.ejbca.core.model.ca.certificateprofiles.CertificateProfile;
029: import org.ejbca.core.model.ca.certificateprofiles.CertificateProfileExistsException;
030: import org.ejbca.core.model.ca.certificateprofiles.EndUserCertificateProfile;
031: import org.ejbca.core.model.log.Admin;
032: import org.ejbca.util.CertTools;
033: import org.ejbca.util.dn.DNFieldExtractor;
034:
035: /**
036: * Tests the certificate profile entity bean.
037: *
038: * @version $Id: TestCertificateProfile.java,v 1.10 2008/01/10 14:42:16 anatom Exp $
039: */
040: public class TestCertificateProfile extends TestCase {
041: private static Logger log = Logger
042: .getLogger(TestCertificateProfile.class);
043:
044: private static ICertificateStoreSessionRemote cacheAdmin;
045: private static ICertificateStoreSessionHome cacheHome;
046:
047: private static final Admin admin = new Admin(
048: Admin.TYPE_INTERNALUSER);
049:
050: /**
051: * Creates a new TestCertificateProfile object.
052: *
053: * @param name name
054: */
055: public TestCertificateProfile(String name) {
056: super (name);
057: }
058:
059: protected void setUp() throws Exception {
060: log.debug(">setUp()");
061: if (cacheAdmin == null) {
062: if (cacheHome == null) {
063: Context jndiContext = getInitialContext();
064: Object obj1 = jndiContext
065: .lookup("CertificateStoreSession");
066: cacheHome = (ICertificateStoreSessionHome) javax.rmi.PortableRemoteObject
067: .narrow(obj1,
068: ICertificateStoreSessionHome.class);
069: }
070: cacheAdmin = cacheHome.create();
071: }
072: log.debug("<setUp()");
073: }
074:
075: protected void tearDown() throws Exception {
076: }
077:
078: private Context getInitialContext() throws NamingException {
079: log.debug(">getInitialContext");
080: Context ctx = new javax.naming.InitialContext();
081: log.debug("<getInitialContext");
082: return ctx;
083: }
084:
085: /**
086: * adds a profile to the database
087: *
088: * @throws Exception error
089: */
090: public void test01AddCertificateProfile() throws Exception {
091: log.debug(">test01AddCertificateProfile()");
092: boolean ret = false;
093: try {
094: CertificateProfile profile = new CertificateProfile();
095: profile.setCRLDistributionPointURI("TEST");
096: cacheAdmin.addCertificateProfile(admin, "TEST", profile);
097: ret = true;
098: } catch (CertificateProfileExistsException pee) {
099: }
100:
101: assertTrue("Creating Certificate Profile failed", ret);
102: log.debug("<test01AddCertificateProfile()");
103: }
104:
105: /**
106: * renames profile
107: *
108: * @throws Exception error
109: */
110: public void test02RenameCertificateProfile() throws Exception {
111: log.debug(">test02RenameCertificateProfile()");
112:
113: boolean ret = false;
114: try {
115: cacheAdmin.renameCertificateProfile(admin, "TEST", "TEST2");
116: ret = true;
117: } catch (CertificateProfileExistsException pee) {
118: }
119: assertTrue("Renaming Certificate Profile failed", ret);
120:
121: log.debug("<test02RenameCertificateProfile()");
122: }
123:
124: /**
125: * clones profile
126: *
127: * @throws Exception error
128: */
129: public void test03CloneCertificateProfile() throws Exception {
130: log.debug(">test03CloneCertificateProfile()");
131: boolean ret = false;
132: try {
133: cacheAdmin.cloneCertificateProfile(admin, "TEST2", "TEST");
134: ret = true;
135: } catch (CertificateProfileExistsException pee) {
136: }
137: assertTrue("Cloning Certificate Profile failed", ret);
138: log.debug("<test03CloneCertificateProfile()");
139: }
140:
141: /**
142: * edits profile
143: *
144: * @throws Exception error
145: */
146: public void test04EditCertificateProfile() throws Exception {
147: log.debug(">test04EditCertificateProfile()");
148:
149: boolean ret = false;
150:
151: CertificateProfile profile = cacheAdmin.getCertificateProfile(
152: admin, "TEST");
153: assertTrue("Retrieving CertificateProfile failed", profile
154: .getCRLDistributionPointURI().equals("TEST"));
155:
156: profile.setCRLDistributionPointURI("TEST2");
157:
158: cacheAdmin.changeCertificateProfile(admin, "TEST", profile);
159: ret = true;
160:
161: assertTrue("Editing CertificateProfile failed", ret);
162:
163: log.debug("<test04EditCertificateProfile()");
164: }
165:
166: /**
167: * removes all profiles
168: *
169: * @throws Exception error
170: */
171: public void test05removeCertificateProfiles() throws Exception {
172: log.debug(">test05removeCertificateProfiles()");
173: boolean ret = false;
174: try {
175: cacheAdmin.removeCertificateProfile(admin, "TEST");
176: cacheAdmin.removeCertificateProfile(admin, "TEST2");
177: ret = true;
178: } catch (Exception pee) {
179: }
180: assertTrue("Removing Certificate Profile failed", ret);
181:
182: log.debug("<test05removeCertificateProfiles()");
183: }
184:
185: public void test06createSubjectDNSubSet() throws Exception {
186: log.debug(">test06createSubjectDNSubSet()");
187: CertificateProfile profile = new CertificateProfile();
188:
189: ArrayList dnsubset = new ArrayList();
190: dnsubset.add(new Integer(DNFieldExtractor.CN));
191: dnsubset.add(new Integer(DNFieldExtractor.UID));
192: dnsubset.add(new Integer(DNFieldExtractor.GIVENNAME));
193: dnsubset.add(new Integer(DNFieldExtractor.SURNAME));
194: profile.setSubjectDNSubSet(dnsubset);
195:
196: String indn1 = "UID=PVE,CN=Philip Vendil,SN=123435,GIVENNAME=Philip,SURNAME=Vendil";
197: String outdn1 = profile.createSubjectDNSubSet(indn1);
198: String expecteddn1 = "UID=PVE,CN=Philip Vendil,GIVENNAME=Philip,SURNAME=Vendil";
199: assertTrue("createSubjectDNSubSet doesn't work" + outdn1
200: + " != " + expecteddn1, expecteddn1
201: .equalsIgnoreCase(outdn1));
202:
203: String indn2 = "UID=PVE,CN=Philip Vendil,CN=SecondUsername,SN=123435,SN=54321,GIVENNAME=Philip,SURNAME=Vendil";
204: String outdn2 = profile.createSubjectDNSubSet(indn2);
205: String expecteddn2 = "UID=PVE,CN=Philip Vendil,CN=SecondUsername,GIVENNAME=Philip,SURNAME=Vendil";
206: assertTrue("createSubjectDNSubSet doesn't work" + outdn2
207: + " != " + expecteddn2, expecteddn2
208: .equalsIgnoreCase(outdn2));
209:
210: log.debug(">test06createSubjectDNSubSet()");
211: }
212:
213: public void test07createSubjectAltNameSubSet() throws Exception {
214: log.debug(">test07createSubjectAltNameSubSet()");
215:
216: CertificateProfile profile = new CertificateProfile();
217:
218: ArrayList altnamesubset = new ArrayList();
219: altnamesubset.add(new Integer(DNFieldExtractor.RFC822NAME));
220: altnamesubset.add(new Integer(DNFieldExtractor.UPN));
221: profile.setSubjectAltNameSubSet(altnamesubset);
222:
223: String inaltname1 = "RFC822NAME=test@test.se,UPN=testacc@test.se,IPADDRESS=10.1.1.0";
224: String outaltname1 = profile
225: .createSubjectAltNameSubSet(inaltname1);
226: String expectedaltname1 = "RFC822NAME=test@test.se,UPN=testacc@test.se";
227: assertTrue("createSubjectAltNameSubSet doesn't work"
228: + outaltname1 + " != " + expectedaltname1,
229: expectedaltname1.equalsIgnoreCase(outaltname1));
230:
231: String inaltname2 = "RFC822NAME=test@test.se,RFC822NAME=test2@test2.se,UPN=testacc@test.se,IPADDRESS=10.1.1.0,IPADDRESS=10.1.1.2";
232: String outaltname2 = profile
233: .createSubjectAltNameSubSet(inaltname2);
234: String expectedaltname2 = "RFC822NAME=test@test.se,RFC822NAME=test2@test2.se,UPN=testacc@test.se";
235: assertTrue("createSubjectAltNameSubSet doesn't work"
236: + outaltname2 + " != " + expectedaltname2,
237: expectedaltname2.equalsIgnoreCase(outaltname2));
238:
239: log.debug(">test07createSubjectAltNameSubSet()");
240: }
241:
242: public void test08CertificateProfileValues() throws Exception {
243: CertificateProfile ep = new EndUserCertificateProfile();
244: List l = ep.getCertificatePolicies();
245: assertEquals(0, l.size());
246: ep.addCertificatePolicy(new CertificatePolicy(
247: CertificatePolicy.ANY_POLICY_OID, null, null));
248: l = ep.getCertificatePolicies();
249: assertEquals(1, l.size());
250: CertificatePolicy pol = (CertificatePolicy) l.get(0);
251: assertEquals("2.5.29.32.0", pol.getPolicyID());
252: assertEquals(CertificateProfile.LATEST_VERSION, ep
253: .getLatestVersion(), 0);
254: String qcId = ep.getQCSemanticsId();
255: assertEquals("", qcId);
256: CertificateProfile cp = new CertificateProfile();
257: l = cp.getCertificatePolicies();
258: assertEquals(0, l.size());
259: cp.addCertificatePolicy(new CertificatePolicy(
260: CertificatePolicy.ANY_POLICY_OID, null, null));
261: l = cp.getCertificatePolicies();
262: assertEquals(1, l.size());
263: pol = (CertificatePolicy) l.get(0);
264: assertEquals("2.5.29.32.0", pol.getPolicyID());
265: cp.addCertificatePolicy(new CertificatePolicy("1.1.1.1.1",
266: null, null));
267: l = cp.getCertificatePolicies();
268: assertEquals(2, l.size());
269: pol = (CertificatePolicy) l.get(0);
270: assertEquals("2.5.29.32.0", pol.getPolicyID());
271: pol = (CertificatePolicy) l.get(1);
272: assertEquals("1.1.1.1.1", pol.getPolicyID());
273: assertEquals(CertificateProfile.LATEST_VERSION, cp
274: .getLatestVersion(), 0);
275: assertEquals("", cp.getQCSemanticsId());
276: cp.setQCSemanticsId("1.1.1.2");
277: assertEquals("1.1.1.2", cp.getQCSemanticsId());
278: } // test08CertificateProfileValues
279:
280: public void test09CertificateExtensions() throws Exception {
281: log.debug(">test09CertificateExtensions()");
282:
283: CertificateProfile profile = new CertificateProfile();
284:
285: // Check standard values for the certificate profile
286: List l = profile.getUsedStandardCertificateExtensions();
287: assertEquals(l.size(), 5);
288: assertTrue(l.contains(X509Extensions.KeyUsage.getId()));
289: assertTrue(l.contains(X509Extensions.BasicConstraints.getId()));
290: assertTrue(l.contains(X509Extensions.SubjectKeyIdentifier
291: .getId()));
292: assertTrue(l.contains(X509Extensions.AuthorityKeyIdentifier
293: .getId()));
294: assertTrue(l.contains(X509Extensions.SubjectAlternativeName
295: .getId()));
296:
297: CertificateProfile eprofile = new EndUserCertificateProfile();
298:
299: // Check standard values for the certificate profile
300: l = eprofile.getUsedStandardCertificateExtensions();
301: assertEquals(l.size(), 6);
302: assertTrue(l.contains(X509Extensions.KeyUsage.getId()));
303: assertTrue(l.contains(X509Extensions.BasicConstraints.getId()));
304: assertTrue(l.contains(X509Extensions.SubjectKeyIdentifier
305: .getId()));
306: assertTrue(l.contains(X509Extensions.AuthorityKeyIdentifier
307: .getId()));
308: assertTrue(l.contains(X509Extensions.SubjectAlternativeName
309: .getId()));
310: assertTrue(l.contains(X509Extensions.ExtendedKeyUsage.getId()));
311:
312: profile = new CertificateProfile();
313: profile.setUseAuthorityInformationAccess(true);
314: profile.setUseCertificatePolicies(true);
315: profile.setUseCRLDistributionPoint(true);
316: profile.setUseFreshestCRL(true);
317: profile.setUseMicrosoftTemplate(true);
318: profile.setUseOcspNoCheck(true);
319: profile.setUseQCStatement(true);
320: profile.setUseExtendedKeyUsage(true);
321: profile.setUseSubjectDirAttributes(true);
322: l = profile.getUsedStandardCertificateExtensions();
323: assertEquals(l.size(), 14);
324: assertTrue(l.contains(X509Extensions.KeyUsage.getId()));
325: assertTrue(l.contains(X509Extensions.BasicConstraints.getId()));
326: assertTrue(l.contains(X509Extensions.SubjectKeyIdentifier
327: .getId()));
328: assertTrue(l.contains(X509Extensions.AuthorityKeyIdentifier
329: .getId()));
330: assertTrue(l.contains(X509Extensions.SubjectAlternativeName
331: .getId()));
332: assertTrue(l.contains(X509Extensions.ExtendedKeyUsage.getId()));
333: assertTrue(l.contains(X509Extensions.AuthorityInfoAccess
334: .getId()));
335: assertTrue(l.contains(X509Extensions.CertificatePolicies
336: .getId()));
337: assertTrue(l.contains(X509Extensions.CRLDistributionPoints
338: .getId()));
339: assertTrue(l.contains(X509Extensions.FreshestCRL.getId()));
340: assertTrue(l
341: .contains(OCSPObjectIdentifiers.id_pkix_ocsp_nocheck
342: .getId()));
343: assertTrue(l.contains(X509Extensions.QCStatements.getId()));
344: assertTrue(l.contains(X509Extensions.SubjectDirectoryAttributes
345: .getId()));
346: assertTrue(l.contains(CertTools.OID_MSTEMPLATE));
347:
348: } // test09CertificateExtensions
349:
350: }
|