testcerttools.java

JAVA做的J2EE下CA认证系统 基于EJB开发

     *
     * @throws Exception DOCUMENT ME!
     */
    public void test03AltNames() throws Exception {
        log.debug(">test03AltNames()");

        // We try to examine the general case and som special cases, which we want to be able to handle
        String alt1 = "rfc822Name=ejbca@primekey.se, dNSName=www.primekey.se, uri=http://www.primekey.se/ejbca";
        assertEquals(CertTools.getPartFromDN(alt1, CertTools.EMAIL), "ejbca@primekey.se");
        assertNull(CertTools.getPartFromDN(alt1, CertTools.EMAIL1));
        assertNull(CertTools.getPartFromDN(alt1, CertTools.EMAIL2));
        assertEquals(CertTools.getPartFromDN(alt1, CertTools.DNS), "www.primekey.se");
        assertNull(CertTools.getPartFromDN(alt1, CertTools.URI));
        assertEquals(CertTools.getPartFromDN(alt1, CertTools.URI1), "http://www.primekey.se/ejbca");

        String alt2 = "email=ejbca@primekey.se, dNSName=www.primekey.se, uniformResourceIdentifier=http://www.primekey.se/ejbca";
        assertEquals(CertTools.getPartFromDN(alt2, CertTools.EMAIL1), "ejbca@primekey.se");
        assertEquals(CertTools.getPartFromDN(alt2, CertTools.URI), "http://www.primekey.se/ejbca");

        String alt3 = "EmailAddress=ejbca@primekey.se, dNSName=www.primekey.se, uniformResourceIdentifier=http://www.primekey.se/ejbca";
        assertEquals(CertTools.getPartFromDN(alt3, CertTools.EMAIL2), "ejbca@primekey.se");

        X509Certificate cert = CertTools.getCertfromByteArray(guidcert);
        String upn = CertTools.getUPNAltName(cert);
        assertEquals(upn, "guid@foo.com");
        String guid = CertTools.getGuidAltName(cert);
        assertEquals(guid, "1234567890abcdef");
        log.debug("<test03AltNames()");
    }

    /**
     * DOCUMENT ME!
     *
     * @throws Exception DOCUMENT ME!
     */
    public void test04DNComponents() throws Exception {
        log.debug(">test04DNComponents()");

        // We try to examine the general case and som special cases, which we want to be able to handle
        String dn1 = "CN=CommonName, O=Org, OU=OrgUnit, SerialNumber=SerialNumber, SurName=SurName, GivenName=GivenName, Initials=Initials, C=SE";
        String bcdn1 = CertTools.stringToBCDNString(dn1);
        log.debug("dn1: " + dn1);
        log.debug("bcdn1: " + bcdn1);
        assertEquals(bcdn1,
                "CN=CommonName,SN=SerialNumber,GIVENNAME=GivenName,INITIALS=Initials,SURNAME=SurName,OU=OrgUnit,O=Org,C=SE");
        log.debug("<test04DNComponents()");
    }

    /** Tests string coding/decoding international (swedish characters)
     *
     * @throws Exception if error...
     */
    public void test05IntlChars() throws Exception {
        log.debug(">test05IntlChars()");
        // We try to examine the general case and som special cases, which we want to be able to handle
        String dn1 = "CN=Tomas?????????, O=?????????-Org, OU=??????-Unit, C=SE";
        String bcdn1 = CertTools.stringToBCDNString(dn1);
        log.debug("dn1: " + dn1);
        log.debug("bcdn1: " + bcdn1);
        assertEquals("CN=Tomas?????????,OU=??????-Unit,O=?????????-Org,C=SE", bcdn1);
        log.debug("<test05IntlChars()");
    }

    /** Tests some of the other methods of CertTools
     *
     * @throws Exception if error...
     */
    public void test06CertOps() throws Exception {
        log.debug(">test06CertOps()");
        X509Certificate cert = CertTools.getCertfromByteArray(testcert);
        X509Certificate gcert = CertTools.getCertfromByteArray(guidcert);
        assertEquals("Wrong issuerDN", CertTools.getIssuerDN(cert), CertTools.stringToBCDNString("CN=TestCA,O=AnaTom,C=SE"));
        assertEquals("Wrong subjectDN", CertTools.getSubjectDN(cert), CertTools.stringToBCDNString("CN=p12test,O=PrimeTest,C=SE"));
        assertEquals("Wrong subject key id", new String(Hex.encode(CertTools.getSubjectKeyId(cert))), "E74F5690F48D147783847CD26448E8094ABB08A0".toLowerCase());
        assertEquals("Wrong authority key id", new String(Hex.encode(CertTools.getAuthorityKeyId(cert))), "637BF476A854248EA574A57744A6F45E0F579251".toLowerCase());
        assertEquals("Wrong upn alt name", "foo@foo", CertTools.getUPNAltName(cert));
        assertEquals("Wrong guid alt name", "1234567890abcdef", CertTools.getGuidAltName(gcert));
        assertEquals("Wrong certificate policy", "1.1.1.1.1.1", CertTools.getCertificatePolicyId(cert, 0));
        assertNull("Not null policy", CertTools.getCertificatePolicyId(cert, 1));
//        System.out.println(cert);
//        FileOutputStream fos = new FileOutputStream("foo.cert");
//        fos.write(cert.getEncoded());
//        fos.close();
        log.debug("<test06CertOps()");
    }

    /** Tests the handling of DC components
     *
     * @throws Exception if error...
     */
    public void test07TestDC() throws Exception {
        log.debug(">test07TestDC()");
        // We try to examine the that we handle modern dc components for ldap correctly
        String dn1 = "dc=bigcorp,dc=com,dc=se,ou=users,cn=Mike Jackson";
        String bcdn1 = CertTools.stringToBCDNString(dn1);
        log.debug("dn1: " + dn1);
        log.debug("bcdn1: " + bcdn1);
        //assertEquals("CN=Mike Jackson,OU=users,DC=se,DC=bigcorp,DC=com", bcdn1);
        String dn2 = "cn=Mike Jackson,ou=users,dc=se,dc=bigcorp,dc=com";
        String bcdn2 = CertTools.stringToBCDNString(dn2);
        log.debug("dn2: " + dn2);
        log.debug("bcdn2: " + bcdn2);
        assertEquals("CN=Mike Jackson,OU=users,DC=se,DC=bigcorp,DC=com", bcdn2);
        log.debug("<test07TestDC()");
    }

    /** Tests the handling of unstructuredName/Address
     *
     * @throws Exception if error...
     */
    public void test08TestUnstructured() throws Exception {
        log.debug(">test08TestUnstructured()");
        // We try to examine the that we handle modern dc components for ldap correctly
        String dn1 = "C=SE,O=PrimeKey,unstructuredName=10.1.1.2,unstructuredAddress=foo.bar.se,cn=test";
        String bcdn1 = CertTools.stringToBCDNString(dn1);
        log.debug("dn1: " + dn1);
        log.debug("bcdn1: " + bcdn1);
        assertEquals("unstructuredAddress=foo.bar.se,unstructuredName=10.1.1.2,CN=test,O=PrimeKey,C=SE", bcdn1);
        log.debug("<test08TestUnstructured()");
    }

    /** Tests the reversing of a DN
    *
    * @throws Exception if error...
    */
   public void test09TestReverse() throws Exception {
       log.debug(">test09TestReverse()");
       // We try to examine the that we handle modern dc components for ldap correctly
       String dn1 = "dc=com,dc=bigcorp,dc=se,ou=orgunit,ou=users,cn=Tomas G";
       String dn2 = "cn=Tomas G,ou=users,ou=orgunit,dc=se,dc=bigcorp,dc=com";
       assertTrue(CertTools.isDNReversed(dn1));
       assertTrue(!CertTools.isDNReversed(dn2));
       assertTrue(CertTools.isDNReversed("C=SE,CN=Foo"));
       assertTrue(!CertTools.isDNReversed("CN=Foo,O=FooO"));
       String revdn1 = CertTools.reverseDN(dn1);
       log.debug("dn1: " + dn1);
       log.debug("revdn1: " + revdn1);
       assertEquals(dn2, revdn1);
       
       log.debug("<test09TestReverse()");
   }
    /** Tests the handling of DC components
    *
    * @throws Exception if error...
    */
   public void test10TestMultipleReversed() throws Exception {
       log.debug(">test10TestMultipleReversed()");
       // We try to examine the that we handle modern dc components for ldap correctly
       String dn1 = "dc=com,dc=bigcorp,dc=se,ou=orgunit,ou=users,cn=Tomas G";
       String bcdn1 = CertTools.stringToBCDNString(dn1);
       log.debug("dn1: " + dn1);
       log.debug("bcdn1: " + bcdn1);
       assertEquals("CN=Tomas G,OU=users,OU=orgunit,DC=se,DC=bigcorp,DC=com", bcdn1);

       String dn19 = "C=SE, dc=dc1,DC=DC2,O=EJBCA, O=oo, cn=foo, cn=bar";
       assertEquals("CN=bar,CN=foo,O=oo,O=EJBCA,DC=DC2,DC=dc1,C=SE", CertTools.stringToBCDNString(dn19));
       String dn20 = " C=SE,CN=\"foo, OU=bar\",  O=baz\\\\\\, quux  ";
       // BC always escapes with backslash, it doesn't use quotes.
       assertEquals("CN=foo\\, OU=bar,O=baz\\\\\\, quux,C=SE", CertTools.stringToBCDNString(dn20));

       String dn21 = "C=SE,O=Foo\\, Inc, OU=Foo\\, Dep, CN=Foo\\'";
       String bcdn21 = CertTools.stringToBCDNString(dn21);
       assertEquals("CN=Foo\',OU=Foo\\, Dep,O=Foo\\, Inc,C=SE", bcdn21);        
       assertEquals("CN=Foo',OU=Foo\\, Dep,O=Foo\\, Inc,C=SE", StringTools.strip(bcdn21));        
       log.debug("<test10TestMultipleReversed()");
   }
   
   /** Tests the insertCNPostfix function
   *
   * @throws Exception if error...
   */
  public void test11TestInsertCNPostfix() throws Exception {
      log.debug(">test11TestInsertCNPostfix()");
      
      // Test the regular case with one CN beging replaced with " (VPN)" postfix
      String dn1 = "CN=Tomas G,OU=users,OU=orgunit,DC=se,DC=bigcorp,DC=com";
      String cnpostfix1 = " (VPN)";      
      String newdn1 = CertTools.insertCNPostfix(dn1,cnpostfix1);
      assertEquals("CN=Tomas G (VPN),OU=users,OU=orgunit,DC=se,DC=bigcorp,DC=com", newdn1);
      
      // Test case when CN doesn't exist
      String dn2 = "OU=users,OU=orgunit,DC=se,DC=bigcorp,DC=com";
      String newdn2 = CertTools.insertCNPostfix(dn2,cnpostfix1); 
      assertEquals("OU=users,OU=orgunit,DC=se,DC=bigcorp,DC=com", newdn2);
      
      // Test case with two CNs in DN only first one should be replaced.
      String dn3 = "CN=Tomas G,CN=Bagare,OU=users,OU=orgunit,DC=se,DC=bigcorp,DC=com";  
      String newdn3 = CertTools.insertCNPostfix(dn3,cnpostfix1); 
      assertEquals("CN=Tomas G (VPN),CN=Bagare,OU=users,OU=orgunit,DC=se,DC=bigcorp,DC=com", newdn3);
 
      // Test case with two CNs in reversed DN 
      String dn4 = "dc=com,dc=bigcorp,dc=se,ou=orgunit,ou=users,cn=Tomas G,CN=Bagare";
      String newdn4 = CertTools.insertCNPostfix(dn4,cnpostfix1); 
      assertEquals("dc=com,dc=bigcorp,dc=se,ou=orgunit,ou=users,cn=Tomas G (VPN),CN=Bagare", newdn4);

      // Test case with two CNs in reversed DN 
      String dn5 = "UID=tomas,CN=tomas,OU=users,OU=orgunit,DC=se,DC=bigcorp,DC=com";
      String cnpostfix5 = " (VPN)";      
      String newdn5 = CertTools.insertCNPostfix(dn5,cnpostfix5);
      assertEquals("UID=tomas,CN=tomas (VPN),OU=users,OU=orgunit,DC=se,DC=bigcorp,DC=com", newdn5);
      
      log.debug("<test11TestInsertCNPostfix()");
  }
  
  /**
   */
  public void test12GetPartsFromDN() throws Exception {
      log.debug(">test01GetPartFromDN()");

      // We try to examine the general case and som special cases, which we want to be able to handle
      String dn0 = "C=SE, O=AnaTom, CN=foo";
      assertEquals(CertTools.getPartsFromDN(dn0, "CN").size(), 1);
      assertTrue(CertTools.getPartsFromDN(dn0, "CN").contains("foo"));
      assertEquals(CertTools.getPartsFromDN(dn0, "O").size(), 1);
      assertTrue(CertTools.getPartsFromDN(dn0, "O").contains("AnaTom"));
      assertEquals(CertTools.getPartsFromDN(dn0, "C").size(), 1);
      assertTrue(CertTools.getPartsFromDN(dn0, "C").contains("SE"));
      assertEquals(CertTools.getPartsFromDN(dn0, "cn").size(), 1);
      assertTrue(CertTools.getPartsFromDN(dn0, "cn").contains("foo"));
      assertEquals(CertTools.getPartsFromDN(dn0, "o").size(), 1);
      assertTrue(CertTools.getPartsFromDN(dn0, "o").contains("AnaTom"));
      assertEquals(CertTools.getPartsFromDN(dn0, "c").size(), 1);
      assertTrue(CertTools.getPartsFromDN(dn0, "c").contains("SE"));

      String dn1 = "uri=http://www.a.se, C=SE, O=AnaTom, CN=foo";
      assertEquals(CertTools.getPartsFromDN(dn1, "CN").size(), 1);
      assertTrue(CertTools.getPartsFromDN(dn1, "CN").contains("foo"));
      assertEquals(CertTools.getPartsFromDN(dn1, CertTools.URI).size(), 0);
      assertEquals(CertTools.getPartsFromDN(dn1, CertTools.URI1).size(), 1);
      assertTrue(CertTools.getPartsFromDN(dn1, CertTools.URI1).contains("http://www.a.se"));

      String dn2 = "uri=http://www.a.se, uri=http://www.b.se, C=SE, O=AnaTom, CN=foo";
      assertEquals(CertTools.getPartsFromDN(dn2, "CN").size(), 1);
      assertTrue(CertTools.getPartsFromDN(dn2, "CN").contains("foo"));
      assertEquals(CertTools.getPartsFromDN(dn2, CertTools.URI1).size(), 2);
      assertTrue(CertTools.getPartsFromDN(dn2, CertTools.URI1).contains("http://www.a.se"));
      assertTrue(CertTools.getPartsFromDN(dn2, CertTools.URI1).contains("http://www.b.se"));

      log.debug("<test12GetPartsFromDN()");
  }
  
  public void test13GetSubjectAltNameString() throws Exception {
      log.debug(">test13GetSubjectAltNameString()");
      
      String altNames = CertTools.getSubjectAlternativeName(CertTools.getCertfromByteArray(altNameCert));
      log.debug(altNames);
      String name = CertTools.getPartFromDN(altNames,CertTools.UPN);
      assertEquals("foo@a.se", name);
      assertEquals("foo@a.se", CertTools.getUPNAltName(CertTools.getCertfromByteArray(altNameCert)));
      name = CertTools.getPartFromDN(altNames,CertTools.URI);
      assertEquals("http://www.a.se/", name);
      name = CertTools.getPartFromDN(altNames,CertTools.EMAIL);
      assertEquals("tomas@a.se", name);
      name = CertTools.getEMailAddress(CertTools.getCertfromByteArray(altNameCert));
      assertEquals("tomas@a.se", name);
      name = CertTools.getEMailAddress(CertTools.getCertfromByteArray(testcert));
      assertNull(name);
      name = CertTools.getPartFromDN(altNames,CertTools.DNS);
      assertEquals("www.a.se", name);
      name = CertTools.getPartFromDN(altNames,CertTools.IPADDR);
      assertEquals("10.1.1.1", name);
      log.debug("<test13GetSubjectAltNameString()");
  }

}