testcertificatedata.java

一套JAVA的CA证书签发系统.

     * checks revoked certs
     *
     * @throws Exception error
     */
    public void test04CheckRevoked() throws Exception {
        log.debug(">test04CheckRevoked()");

        ICertificateStoreSessionRemote store = storehome.create();
        String issuerDN=CertTools.getIssuerDN(cert);
        String subjectDN=CertTools.getSubjectDN(cert);
        // List all certificates for user foo, which we have created in TestSignSession
        Collection certfps = store.findCertificatesBySubjectAndIssuer(new Admin(Admin.TYPE_INTERNALUSER), subjectDN, issuerDN);
        assertNotNull("failed to list certs", certfps);
        assertTrue("failed to list certs", certfps.size() != 0);

        // Verify that cert are revoked
        Iterator iter = certfps.iterator();
        while (iter.hasNext()) {
            X509Certificate  cert = (X509Certificate)iter.next();
            String fp = CertTools.getFingerprintAsString(cert);
            CertificateDataPK revpk = new CertificateDataPK(fp);
            CertificateData rev = home.findByPrimaryKey(revpk);
            long date = rev.getRevocationDate();
            String date1 = new Date(date).toString();
            String date2 = new Date(revDate).toString();
            assertEquals("Revocation date is not as expected: ",date2,date1);
            assertTrue(rev.getStatus() == CertificateData.CERT_REVOKED);
        }

        log.debug("<test04CheckRevoked()");
    }

    /**
     * finds certificates again
     *
     * @throws Exception error
     */
    public void test05FindAgain() throws Exception {
        log.debug(">test05FindAgain()");

        CertificateDataPK pk = new CertificateDataPK();
        pk.fingerprint = CertTools.getFingerprintAsString(cert);

        CertificateData data3 = home.findByPrimaryKey(pk);
        assertNotNull("Failed to find cert", data3);
        log.debug("found by key! ="+ data3);
        log.debug("fp="+data3.getFingerprint());
        log.debug("issuer="+data3.getIssuerDN());
        log.debug("subject="+data3.getSubjectDN());
        log.debug("cafp="+data3.getCAFingerprint());
        assertNotNull("wrong CAFingerprint", data3.getCAFingerprint());
        log.debug("status="+data3.getStatus());
        assertTrue("wrong status", data3.getStatus() == CertificateData.CERT_REVOKED);
        log.debug("type="+data3.getType());
        assertTrue("wrong type", (data3.getType() & SecConst.USER_ENDUSER) == SecConst.USER_ENDUSER);
        log.debug("serno="+data3.getSerialNumber());
        log.debug("expiredate="+data3.getExpireDate());
        log.debug("revocationdate="+data3.getRevocationDate());
        log.debug("revocationreason="+data3.getRevocationReason());
        assertTrue("wrong reason", (data3.getRevocationReason() == RevokedCertInfo.REVOKATION_REASON_AFFILIATIONCHANGED));

        log.debug("Looking for cert with DN="+CertTools.getSubjectDN(cert));
        ICertificateStoreSessionRemote store = storehome.create();
        Collection certs = store.findCertificatesBySubjectAndIssuer(new Admin(Admin.TYPE_INTERNALUSER), CertTools.getSubjectDN(cert),"TODO");
        Iterator iter = certs.iterator();
        while (iter.hasNext()) {
            X509Certificate xcert = (X509Certificate)iter.next();
            log.debug(CertTools.getSubjectDN(xcert)+" - "+xcert.getSerialNumber().toString());
            //log.debug(certs[i].toString());
        }
        log.debug("<test05FindAgain()");
    }

    /**
     * finds certs by expire time
     *
     * @throws Exception error
     */
    public void test06FindByExpireTime() throws Exception {
        log.debug(">test06FindByExpireTime()");

        CertificateDataPK pk = new CertificateDataPK();
        pk.fingerprint = CertTools.getFingerprintAsString(cert);

        CertificateData data = home.findByPrimaryKey(pk);
        assertNotNull("Failed to find cert", data);
        log.debug("expiredate="+data.getExpireDate());

        // Seconds in a year
        long yearmillis = 365*24*60*60*1000;
        long findDateSecs = data.getExpireDate() - (yearmillis*100);
        Date findDate = new Date(findDateSecs);

        ICertificateStoreSessionRemote store = storehome.create();
        log.debug("1. Looking for cert with expireDate=" + findDate);

        Collection certs = store.findCertificatesByExpireTime(new Admin(Admin.TYPE_INTERNALUSER), findDate);
        log.debug("findCertificatesByExpireTime returned " + certs.size() + " certs.");
        assertTrue("No certs should have expired before this date", certs.size() == 0);
        findDateSecs = data.getExpireDate() + 10000;
        findDate = new Date(findDateSecs);
        log.debug("2. Looking for cert with expireDate="+findDate);
        certs = store.findCertificatesByExpireTime(new Admin(Admin.TYPE_INTERNALUSER), findDate);
        log.debug("findCertificatesByExpireTime returned "+ certs.size()+" certs.");
        assertTrue("Some certs should have expired before this date", certs.size() != 0);

        Iterator iter = certs.iterator();

        while (iter.hasNext()) {
            X509Certificate cert = (X509Certificate)iter.next();
            Date retDate = cert.getNotAfter();
            log.debug(retDate);
            assertTrue("This cert is not expired by the specified Date.",
                retDate.getTime() < findDate.getTime());
        }

        log.debug("<test06FindByExpireTime()");
    }

    /**
     * finds certs by issuer and serialno
     *
     * @throws Exception error
     */
    public void test07FindByIssuerAndSerno() throws Exception {
        log.debug(">test07FindByIssuerAndSerno()");

        String issuerDN = CertTools.getIssuerDN(cert);
        CertificateDataPK pk = new CertificateDataPK();
        pk.fingerprint = CertTools.getFingerprintAsString(cert);

        CertificateData data3 = home.findByPrimaryKey(pk);
        assertNotNull("Failed to find cert", data3);

        log.debug("Looking for cert with DN:" + CertTools.getIssuerDN(cert) + " and serno " +
            cert.getSerialNumber());

        ICertificateStoreSessionRemote store = storehome.create();
        Certificate fcert = store.findCertificateByIssuerAndSerno(new Admin(Admin.TYPE_INTERNALUSER), issuerDN, cert.getSerialNumber());
        assertNotNull("Cant find by issuer and serno", fcert);

        //log.debug(fcert.toString());
        log.debug("<test07FindByIssuerAndSerno()");
    }

    /**
     * checks if a certificate is revoked
     *
     * @throws Exception error
     */
    public void test08IsRevoked() throws Exception {
        log.debug(">test08IsRevoked()");
        CertificateDataPK pk = new CertificateDataPK();
        pk.fingerprint = CertTools.getFingerprintAsString(cert);
        CertificateData data3 = home.findByPrimaryKey(pk);
        assertNotNull("Failed to find cert", data3);
        log.debug("found by key! ="+ data3);
        log.debug("fp="+data3.getFingerprint());
        log.debug("issuer="+data3.getIssuerDN());
        log.debug("subject="+data3.getSubjectDN());
        log.debug("cafp="+data3.getCAFingerprint());
        assertNotNull("wrong CAFingerprint", data3.getCAFingerprint());
        log.debug("status="+data3.getStatus());
        assertTrue("wrong status", data3.getStatus() == CertificateData.CERT_REVOKED);
        log.debug("type="+data3.getType());
        assertTrue("wrong type", (data3.getType() & SecConst.USER_ENDUSER) == SecConst.USER_ENDUSER);
        log.debug("serno="+data3.getSerialNumber());
        log.debug("expiredate="+data3.getExpireDate());
        log.debug("revocationdate="+data3.getRevocationDate());
        log.debug("revocationreason="+data3.getRevocationReason());
        assertTrue("wrong reason", (data3.getRevocationReason() == RevokedCertInfo.REVOKATION_REASON_AFFILIATIONCHANGED));

        log.debug("Checking if cert is revoked DN:'"+CertTools.getIssuerDN(cert)+"', serno:'"+cert.getSerialNumber().toString()+"'.");
        ICertificateStoreSessionRemote store = storehome.create();
        RevokedCertInfo revinfo = store.isRevoked(new Admin(Admin.TYPE_INTERNALUSER), CertTools.getIssuerDN(cert), cert.getSerialNumber());
        assertNotNull("Certificate not found, it should be!", revinfo);
        int reason = revinfo.getReason();
        assertEquals("Certificate not revoked, it should be!", RevokedCertInfo.REVOKATION_REASON_AFFILIATIONCHANGED, reason);
        assertTrue("Wrong revocationDate!", revinfo.getRevocationDate().getTime() == data3.getRevocationDate());
        assertTrue("Wrong reason!", revinfo.getReason() == data3.getRevocationReason());
        home.remove(pk);
        log.debug("Removed it!");
        log.debug("<test08IsRevoked()");
    }

}