protocolhttptest.java

一套JAVA的CA证书签发系统.

        request.setParameter("message", new String(Base64.encode(openscep)));
        WebResponse response = wc.getResponse( request );
        // TODO: since we our request most certainly uses the wrong CA cert to encrypt the 
        // request, it will fail. If we get something back, we came a little bit at least :)
        assertEquals( "Response code", 400, response.getResponseCode() );
        // TODO: send crap message and get good error
        
        log.debug("<test02OpenScep()");
    }
    /** Tests ocsp message
     * @throws Exception error
     */
    public void test03OcspGood() throws Exception {
        log.debug(">test03OcspGood()");

        // find a CA (TestCA?) create a user and generate his cert
        // send OCSP req to server and get good response
        // change status of cert to bad status
        // send OCSP req and get bad status
        // (send crap message and get good error)

        // Make user that we know...
        boolean userExists = false;
        try {
            UserDataRemote createdata = userhome.create("ocsptest", "foo123", "C=SE, O=AnaTom, CN=OCSPTest", caid);
            assertNotNull("Failed to create user foo", createdata);
            createdata.setType(SecConst.USER_ENDUSER);
            createdata.setSubjectEmail("ocsptest@anatom.se");
            createdata.setEndEntityProfileId(SecConst.EMPTY_ENDENTITYPROFILE);
            createdata.setCertificateProfileId(SecConst.CERTPROFILE_FIXED_ENDUSER);
            log.debug("created user: ocsptest, foo123, C=SE, O=AnaTom, CN=OCSPTest");
        } catch (RemoteException re) {
            if (re.detail instanceof DuplicateKeyException) {
                userExists = true;
            }
        } catch (DuplicateKeyException dke) {
            userExists = true;
        }

        if (userExists) {
            log.debug("User ocsptest already exists.");

            UserDataPK pk = new UserDataPK("ocsptest");
            UserDataRemote data = userhome.findByPrimaryKey(pk);
            data.setStatus(UserDataRemote.STATUS_NEW);
            log.debug("Reset status to NEW");
        }
        // Generate certificate for the new user
        KeyPair keys = genKeys();

        // user that we know exists...
        ocspTestCert = (X509Certificate) remote.createCertificate(admin, "ocsptest", "foo123", keys.getPublic());
        assertNotNull("Misslyckades skapa cert", ocspTestCert);

        // And an OCSP request
        OCSPReqGenerator    gen = new OCSPReqGenerator();
        gen.addRequest(new CertificateID(CertificateID.HASH_SHA1, cacert, ocspTestCert.getSerialNumber()));
        OCSPReq req = gen.generate();
        // POST the OCSP request
        WebConversation wc   = new WebConversation();
        ByteArrayInputStream bais = new ByteArrayInputStream(req.getEncoded());
        PostMethodWebRequest request   = new PostMethodWebRequest( httpReqPath + '/' + resourceOcsp , bais, "application/ocsp-request");
        WebResponse webresponse = wc.getResponse( request );
        assertEquals( "Response code", 200, webresponse.getResponseCode() );
        assertEquals("Content-Type", "application/ocsp-response", webresponse.getContentType());
        // Extract the response
        // BUG in httpunit 1.5.4,webresponse.getInputStream converts binary to ascii on windows-platform.
        InputStreamReader in = new InputStreamReader(webresponse.getInputStream());
        ByteArrayOutputStream baos = new ByteArrayOutputStream();
        // This works for small requests, and OCSP requests are small
        int b = in.read(); 
        while (b != -1) {
            baos.write(b);
            b = in.read();
        }
        baos.flush();
        in.close();
        byte[] respBytes = baos.toByteArray();
        OCSPResp response = new OCSPResp(new ByteArrayInputStream(respBytes));
        assertEquals("Response status not zero.", response.getStatus(), 0);
        BasicOCSPResp brep = (BasicOCSPResp)response.getResponseObject();
        X509Certificate[] chain = brep.getCerts("BC");
        boolean verify = brep.verify(chain[0].getPublicKey(), "BC");
        assertTrue("Response failed to verify.", verify);
        RespData respData = brep.getResponseData();
        SingleResp[] singleResps = respData.getResponses();
        assertEquals("No of SingResps shoudl be 1.", singleResps.length, 1);
        SingleResp singleResp = singleResps[0];
        CertificateID certId = singleResp.getCertID();
        assertEquals("Serno in response does not match serno in request.", certId.getSerialNumber(), ocspTestCert.getSerialNumber());
        Object status = singleResp.getCertStatus();
        assertEquals("Status is not null (good)", status, null);
        log.debug("<test03OcspGood()");
    }

    /** Tests ocsp message
     * @throws Exception error
     */
    public void test04OcspRevoked() throws Exception {
        log.debug(">test04OcspRevoked()");                        
        // Now revoke the certificate and try again
        CertificateDataPK pk = new CertificateDataPK();
        pk.fingerprint = CertTools.getFingerprintAsString(ocspTestCert);
        CertificateData data2 = certhome.findByPrimaryKey(pk);
        assertNotNull("Failed to find cert", data2);
        data2.setStatus(CertificateData.CERT_REVOKED);
        data2.setRevocationDate(new Date());
        data2.setRevocationReason(RevokedCertInfo.REVOKATION_REASON_KEYCOMPROMISE);        
        // And an OCSP request
        OCSPReqGenerator    gen = new OCSPReqGenerator();
        gen.addRequest(new CertificateID(CertificateID.HASH_SHA1, cacert, ocspTestCert.getSerialNumber()));
        OCSPReq req = gen.generate();
        // POST the OCSP request
        WebConversation wc1   = new WebConversation();
        ByteArrayInputStream bais = new ByteArrayInputStream(req.getEncoded());
        PostMethodWebRequest request   = new PostMethodWebRequest( httpReqPath + '/' + resourceOcsp , bais, "application/ocsp-request");
        WebResponse webresponse = wc1.getResponse( request );
        assertEquals( "Response code", 200, webresponse.getResponseCode() );
        assertEquals("Content-Type", "application/ocsp-response", webresponse.getContentType());
        // Extract the response
        InputStreamReader in = new InputStreamReader(webresponse.getInputStream());
        ByteArrayOutputStream baos = new ByteArrayOutputStream();
        // This works for small requests, and OCSP requests are small
        int b = in.read(); 
        while (b != -1) {
            baos.write(b);
            b = in.read();
        }
        baos.flush();
        in.close();
        byte[] respBytes = baos.toByteArray();
        OCSPResp response = new OCSPResp(new ByteArrayInputStream(respBytes));
        assertEquals("Response status not zero.", response.getStatus(), 0);
        BasicOCSPResp brep = (BasicOCSPResp)response.getResponseObject();
        X509Certificate[] chain = brep.getCerts("BC");
        boolean verify = brep.verify(chain[0].getPublicKey(), "BC");
        assertTrue("Response failed to verify.", verify);
        RespData respData = brep.getResponseData();
        SingleResp[] singleResps = respData.getResponses();
        assertEquals("No of SingResps should be 1.", singleResps.length, 1);
        SingleResp singleResp = singleResps[0];
        CertificateID certId = singleResp.getCertID();
        assertEquals("Serno in response does not match serno in request.", certId.getSerialNumber(), ocspTestCert.getSerialNumber());
        Object status = singleResp.getCertStatus();
        assertTrue("Status is not RevokedStatus", status instanceof RevokedStatus);
        RevokedStatus rev = (RevokedStatus)status;
        assertTrue("Status does not have reason", rev.hasRevocationReason());
        int reason = rev.getRevocationReason();
        assertEquals("Wrong revocation reason", reason, RevokedCertInfo.REVOKATION_REASON_KEYCOMPROMISE);
        log.debug("<test04OcspRevoked()");
    }
    /** Tests ocsp message
     * @throws Exception error
     */
    public void test05OcspUnknown() throws Exception {
        log.debug(">test05OcspUnknown()");                        
        // An OCSP request for an unknown certificate (not exist in db)
        OCSPReqGenerator    gen = new OCSPReqGenerator();
        gen.addRequest(new CertificateID(CertificateID.HASH_SHA1, cacert, new BigInteger("1")));
        OCSPReq req = gen.generate();
        // POST the OCSP request
        WebConversation wc1   = new WebConversation();
        ByteArrayInputStream bais = new ByteArrayInputStream(req.getEncoded());
        PostMethodWebRequest request   = new PostMethodWebRequest( httpReqPath + '/' + resourceOcsp , bais, "application/ocsp-request");
        WebResponse webresponse = wc1.getResponse( request );
        assertEquals( "Response code", 200, webresponse.getResponseCode() );
        assertEquals("Content-Type", "application/ocsp-response", webresponse.getContentType());
        // Extract the response
        InputStreamReader in = new InputStreamReader(webresponse.getInputStream());
        ByteArrayOutputStream baos = new ByteArrayOutputStream();
        // This works for small requests, and OCSP requests are small
        int b = in.read(); 
        while (b != -1) {
            baos.write(b);
            b = in.read();
        }
        baos.flush();
        in.close();
        byte[] respBytes = baos.toByteArray();
        OCSPResp response = new OCSPResp(new ByteArrayInputStream(respBytes));
        assertEquals("Response status not zero.", response.getStatus(), 0);
        BasicOCSPResp brep = (BasicOCSPResp)response.getResponseObject();
        X509Certificate[] chain = brep.getCerts("BC");
        boolean verify = brep.verify(chain[0].getPublicKey(), "BC");
        assertTrue("Response failed to verify.", verify);
        RespData respData = brep.getResponseData();
        SingleResp[] singleResps = respData.getResponses();
        assertEquals("No of SingResps should be 1.", singleResps.length, 1);
        SingleResp singleResp = singleResps[0];
        CertificateID certId = singleResp.getCertID();
        assertEquals("Serno in response does not match serno in request.", certId.getSerialNumber(), new BigInteger("1"));
        Object status = singleResp.getCertStatus();
        assertTrue("Status is not Unknown", status instanceof UnknownStatus);

        log.debug("<test05OcspUnknown()");
    }
    /** Tests ocsp message
     * @throws Exception error
     */
    public void test06OcspUnknownCA() throws Exception {
        log.debug(">test06OcspUnknownCA()");                        
        // An OCSP request for a certificate from an unknwon CA
        OCSPReqGenerator    gen = new OCSPReqGenerator();
        gen.addRequest(new CertificateID(CertificateID.HASH_SHA1, unknowncacert, new BigInteger("1")));
        OCSPReq req = gen.generate();
        // POST the OCSP request
        WebConversation wc1   = new WebConversation();
        ByteArrayInputStream bais = new ByteArrayInputStream(req.getEncoded());
        PostMethodWebRequest request   = new PostMethodWebRequest( httpReqPath + '/' + resourceOcsp , bais, "application/ocsp-request");
        WebResponse webresponse = wc1.getResponse( request );
        assertEquals( "Response code", 200, webresponse.getResponseCode() );
        assertEquals("Content-Type", "application/ocsp-response", webresponse.getContentType());
        // Extract the response
        InputStreamReader in = new InputStreamReader(webresponse.getInputStream());
        ByteArrayOutputStream baos = new ByteArrayOutputStream();
        // This works for small requests, and OCSP requests are small
        int b = in.read(); 
        while (b != -1) {
            baos.write(b);
            b = in.read();
        }
        baos.flush();
        in.close();
        byte[] respBytes = baos.toByteArray();
        OCSPResp response = new OCSPResp(new ByteArrayInputStream(respBytes));
        assertEquals("Response status not zero.", response.getStatus(), 0);
        BasicOCSPResp brep = (BasicOCSPResp)response.getResponseObject();
        X509Certificate[] chain = brep.getCerts("BC");
        boolean verify = brep.verify(chain[0].getPublicKey(), "BC");
        assertTrue("Response failed to verify.", verify);
        RespData respData = brep.getResponseData();
        SingleResp[] singleResps = respData.getResponses();
        assertEquals("No of SingResps should be 1.", singleResps.length, 1);
        SingleResp singleResp = singleResps[0];
        CertificateID certId = singleResp.getCertID();
        assertEquals("Serno in response does not match serno in request.", certId.getSerialNumber(), new BigInteger("1"));
        Object status = singleResp.getCertStatus();
        assertTrue("Status is not Unknown", status instanceof UnknownStatus);

        log.debug("<test06OcspUnknownCA()");
    }
    
}