testcertificateretrival.java

一套JAVA的CA证书签发系统.

    public void test02FindCACertificates() throws Exception {
        m_log.debug(">test02FindCACertificates()");    
        X509Certificate cert;
        X509Certificate storecert;
        cert = CertTools.getCertfromByteArray(testrootcert);
        ICertificateStoreSessionRemote store = m_storehome.create();

        // List all certificates to see
        Collection certfps = store.findCertificatesByType(admin
                                                          , SecConst.CERTTYPE_SUBCA
                                                          , null);
        assertNotNull("failed to list certs", certfps);
        assertTrue("failed to list certs", certfps.size() != 0);

        Iterator iter = certfps.iterator();
        while (iter.hasNext()) {
            Object obj = iter.next(); 
            if (!(obj instanceof X509Certificate)) {
                assertTrue("method 'findCertificatesByType' does not return X509Certificate objects.\n"
                           + "Class of returned object '" + obj.getClass().getName() + "'"
                           , false);            
            }
        }
        m_log.debug("<test02FindCACertificates()");    
    }

    /**
     *
     * @throws Exception error
     */
    public void test03FindEndEntityCertificates() throws Exception {
        m_log.debug(">test03FindEndEntityCertificates()");    

        ICertificateStoreSessionRemote store = m_storehome.create();

        // List all certificates to see
        Collection certfps = store.findCertificatesByType(admin
                                                          , SecConst.CERTTYPE_ENDENTITY
                                                          , null);
        assertNotNull("failed to list certs", certfps);
        assertTrue("failed to list certs", certfps.size() != 0);
        
        m_log.debug("<test03FindEndEntityCertificates()");    
    }

    /**
     *
     * @throws Exception error
     */
    public void test04FindRootCertificates() throws Exception {
        m_log.debug(">test04FindRootCertificates()");    

        ICertificateStoreSessionRemote store = m_storehome.create();

        // List all certificates to see
        Collection certfps = store.findCertificatesByType(admin
                                                          , SecConst.CERTTYPE_ROOTCA
                                                          , null);
        assertNotNull("failed to list certs", certfps);
        assertTrue("failed to list certs", certfps.size() != 0);

        m_log.debug("<test04FindRootCertificates()");    
    }

    /**
     *
     * @throws Exception error
     */
    public void test05CertificatesByIssuerAndSernos() throws Exception {
        m_log.debug(">test05CertificatesByIssuerAndSernos()");    
        ICertificateStoreSessionRemote store = m_storehome.create();
        X509Certificate rootcacert;
        X509Certificate subcacert;
        X509Certificate cert;
        Vector sernos;
        Collection certfps;
        
        rootcacert = CertTools.getCertfromByteArray(testrootcert);
        subcacert = CertTools.getCertfromByteArray(testcacert);
        cert = CertTools.getCertfromByteArray(testcert);

        sernos = new Vector();
        sernos.add(subcacert.getSerialNumber());
        sernos.add(rootcacert.getSerialNumber());
        certfps = store.findCertificatesByIssuerAndSernos(admin
                                                         , rootcacert.getSubjectDN().getName()
                                                         , sernos);
        assertNotNull("failed to list certs", certfps);
        // we expect two certificates cause the rootca certificate is
        // self signed and so the issuer is identical with the subject
        // to which the certificate belongs
        dumpCertificates(certfps);
        assertTrue("failed to list certs", certfps.size() == 2);

        sernos = new Vector();
        sernos.add(cert.getSerialNumber());
        certfps = store.findCertificatesByIssuerAndSernos(admin
                                                         , subcacert.getSubjectDN().getName()
                                                         , sernos);
        assertNotNull("failed to list certs", certfps);
        dumpCertificates(certfps);
        assertTrue("failed to list certs", certfps.size() == 1);
        assertTrue("Unable to find test certificate."
                   , m_certs.contains(certfps.iterator().next()));
        m_log.debug("<test05CertificatesByIssuerAndSernos()");    
    }

    /**
     *
     * @throws Exception error
     */
    public void test06RetriveAllCertificates() throws Exception {
        m_log.debug(">test06CertificatesByIssuer()");    
        ICertificateStoreSessionRemote store = m_storehome.create();

        // List all certificates to see
        Collection certfps = store.findCertificatesByType(admin
                                                          , SecConst.CERTTYPE_ROOTCA + SecConst.CERTTYPE_SUBCA + SecConst.CERTTYPE_ENDENTITY
                                                          , null);
        assertNotNull("failed to list certs", certfps);
        assertTrue("failed to list certs", certfps.size() >= 2);
        // Iterate over m_certs to see that we found all our certs (we probably found alot more...)
        Iterator iter = m_certs.iterator();
        while (iter.hasNext()) {
            assertTrue("Unable to find all test certificates.", certfps.contains(iter.next()));
        }
        m_log.debug("<test06CertificatesByIssuer()");    
    }

    /**
     *
     * @throws Exception error
     */
    public void test07FindCACertificatesWithIssuer() throws Exception {
        m_log.debug(">test07FindCACertificatesWithIssuer()");    

        ICertificateStoreSessionRemote store = m_storehome.create();
        X509Certificate rootcacert = CertTools.getCertfromByteArray(testrootcert);

        // List all certificates to see
        Collection certfps = store.findCertificatesByType(admin
                                                          , SecConst.CERTTYPE_SUBCA
                                                          , rootcacert.getSubjectDN().getName());
        assertNotNull("failed to list certs", certfps);
        assertTrue("failed to list certs", certfps.size() >= 1);
        Iterator iter = certfps.iterator();
        boolean found = false;
        while (iter.hasNext()) {
            X509Certificate cert = (X509Certificate)iter.next();
            if (subCaFp.equals(CertTools.getFingerprintAsString(cert))) {
                found = true;
            }
        }        
        assertTrue("Unable to find all test certificates.", found);
        m_log.debug("<test07FindCACertificatesWithIssuer()");    
    }

    /**
     *
     * @throws Exception error
     */
    public void test08LoadRevocationInfo() throws Exception {
        m_log.debug(">test08LoadRevocationInfo()");    

        Collection revstats;
        X509Certificate rootcacert;
        X509Certificate subcacert;
        ICertificateStoreSessionRemote store = m_storehome.create();

        ArrayList sernos = new ArrayList();
        rootcacert = CertTools.getCertfromByteArray(testrootcert);
        subcacert = CertTools.getCertfromByteArray(testcacert);
        sernos.add(rootcacert.getSerialNumber());
        sernos.add(subcacert.getSerialNumber());
        
        revstats = store.isRevoked(admin
                                   , rootcacert.getSubjectDN().getName()
                                   , sernos);

        assertNotNull("Unable to retrive certificate revocation status.", revstats);
        assertTrue("Method 'isRevoked' does not return status for ALL certificates.", revstats.size() >= 2);

        Iterator iter = revstats.iterator();
        while (iter.hasNext()) {
            RevokedCertInfo rci = (RevokedCertInfo)iter.next();
            m_log.debug("Certificate revocation information:\n"
                        + "   Serialnumber      : " + rci.getUserCertificate().toString() + "\n"
                        + "   Revocation date   : " + rci.getRevocationDate().toString()  + "\n"
                        + "   Revocation reason : " + rci.getReason() + "\n");
        }
        m_log.debug("<test08LoadRevocationInfo()");    
    }
}