testcertificatedata.java

JAVA做的J2EE下CA认证系统 基于EJB开发

/*************************************************************************
 *                                                                       *
 *  EJBCA: The OpenSource Certificate Authority                          *
 *                                                                       *
 *  This software is free software; you can redistribute it and/or       *
 *  modify it under the terms of the GNU Lesser General Public           *
 *  License as published by the Free Software Foundation; either         *
 *  version 2.1 of the License, or any later version.                    *
 *                                                                       *
 *  See terms of license at gnu.org.                                     *
 *                                                                       *
 *************************************************************************/

package se.anatom.ejbca.ca.store;

import java.rmi.RemoteException;
import java.security.KeyPair;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import java.util.Random;

import javax.naming.Context;
import javax.naming.NamingException;

import junit.framework.TestCase;

import org.apache.log4j.Logger;

import se.anatom.ejbca.SecConst;
import se.anatom.ejbca.ca.crl.RevokedCertInfo;
import se.anatom.ejbca.common.UserDataVO;
import se.anatom.ejbca.log.Admin;
import se.anatom.ejbca.util.CertTools;
import se.anatom.ejbca.util.KeyTools;

/**
 * Tests certificate store.
 *
 * @version $Id: TestCertificateData.java,v 1.6 2005/05/02 15:31:27 anatom Exp $
 */
public class TestCertificateData extends TestCase {

    private static Logger log = Logger.getLogger(TestCertificateData.class);
    private static Context ctx;
    private static ICertificateStoreSessionHome storehome;
    private static X509Certificate cert;
    private static X509Certificate cert1;
    private static X509Certificate cert2;
    private static String username = "";
    private static Admin admin = null;
    private static KeyPair keyPair;

    /**
     * Creates a new TestCertificateData object.
     *
     * @param name name
     */
    public TestCertificateData(String name) {
        super(name);
    }

    protected void setUp() throws Exception {
        log.debug(">setUp()");
        CertTools.installBCProvider();

        admin = new Admin(Admin.TYPE_INTERNALUSER);
        ctx = getInitialContext();
        Object obj2 = ctx.lookup("CertificateStoreSession");
        storehome = (ICertificateStoreSessionHome) javax.rmi.PortableRemoteObject.narrow(obj2, ICertificateStoreSessionHome.class);        
        
        log.debug("<setUp()");
    }

    protected void tearDown() throws Exception {
    }

    private Context getInitialContext() throws NamingException {
        log.debug(">getInitialContext");
        Context ctx = new javax.naming.InitialContext();
        log.debug("<getInitialContext");
        return ctx;
    }

    /**
     * creates new certs
     *
     * @throws Exception error
     */
    public void test01CreateNewCert() throws Exception {
        log.debug(">test01CreateNewCert()");
        // create a key pair and a new self signed certificate
        log.info("Generating a small key pair, might take a few seconds...");
        keyPair = KeyTools.genKeys(512);
        cert = CertTools.genSelfCert("C=SE,O=PrimeCA,OU=TestCertificateData,CN=MyNameIsFoo", 24, null, keyPair.getPrivate(), keyPair.getPublic(), false);
        String fp = CertTools.getFingerprintAsString(cert);

        ICertificateStoreSessionRemote store = storehome.create();
        try {
            Certificate ce = store.findCertificateByFingerprint(admin,fp);
            if (ce != null) {
                assertTrue("Certificate with fp="+fp+" already exists in db, very strange since I just generated it.", false);
            }
        	boolean ret = store.storeCertificate(admin, cert, "foo", "1234", CertificateDataBean.CERT_INACTIVE, CertificateDataBean.CERT_TYPE_ENCRYPTION);
            //log.info("Stored new cert with fp="+fp);
            assertTrue("Failed to store", ret);
            log.debug("stored it!");
        } catch (RemoteException e) {
            log.error("Error storing certificate: ",e);
            assertTrue("Error storing certificate.", false);
            return;
        }
        log.debug("<test01CreateNewCert()");
    }

    /**
     * finds and alters certificates
     *
     * @throws Exception error
     */
    public void test02FindAndChange() throws Exception {
        log.debug(">test02FindAndChange()");
        String fp = CertTools.getFingerprintAsString(cert);
        ICertificateStoreSessionRemote store = storehome.create();
        try {
            X509Certificate ce = (X509Certificate)store.findCertificateByFingerprint(admin,fp);
            assertNotNull("Cannot find certificate with fp="+fp,ce);
            CertificateInfo info = store.getCertificateInfo(admin, fp);
            //log.info("Got certificate info for cert with fp="+fp);
            assertEquals("fingerprint does not match.",fp,info.getFingerprint());
            assertEquals("CAfingerprint does not match.","1234",info.getCAFingerprint());
            assertEquals("serialnumber does not match.",ce.getSerialNumber(),info.getSerialNumber());
            assertEquals("issuerdn does not match.",CertTools.getIssuerDN(ce),info.getIssuerDN());
            assertEquals("subjectdn does not match.",CertTools.getSubjectDN(ce),info.getSubjectDN());
            // The cert was just stored above with status INACTIVE
            assertEquals("status does not match.",CertificateDataBean.CERT_INACTIVE,info.getStatus());                
            assertEquals("type does not match.",CertificateDataBean.CERT_TYPE_ENCRYPTION,info.getType());
            assertEquals("exiredate does not match.",ce.getNotAfter(),info.getExpireDate());
            // We just stored it above, not revoked
            assertEquals("revocation reason does not match.",RevokedCertInfo.NOT_REVOKED,info.getRevocationReason());
            log.info("revocationdate (before rev)=" + info.getRevocationDate());
            store.revokeCertificate(admin,ce,null,RevokedCertInfo.REVOKATION_REASON_KEYCOMPROMISE);
            CertificateInfo info1 = store.getCertificateInfo(admin, fp);
            assertEquals("revocation reason does not match.",RevokedCertInfo.REVOKATION_REASON_KEYCOMPROMISE,info1.getRevocationReason());
            log.info("revocationdate (after rev)=" + info1.getRevocationDate());
            assertTrue("Revocation date in future.", new Date().compareTo(info1.getRevocationDate())>=0);
        } catch (RemoteException e) {
            log.error("Error getting or revoking certificate: ",e);
            assertTrue("Error getting or revoking certificate.", false);
            return;
        }
        log.debug("<test02FindAndChange()");
    }

    /**
     * listst and revokes certs
     *
     * @throws Exception error
     */
    public void test03listAndRevoke() throws Exception {
        log.debug(">test03listAndRevoke()");
        ICertificateStoreSessionRemote store = storehome.create();
        String issuerDN = CertTools.getIssuerDN(cert);
        String subjectDN = CertTools.getSubjectDN(cert);
        // List all certificates to see
        Collection certfps = store.listAllCertificates(admin, issuerDN);
        assertNotNull("failed to list certs", certfps);
        assertTrue("failed to list certs", certfps.size() != 0);

        int size = certfps.size();
        log.debug("List certs: " + size);

        // List all certificates for user foo, which we have created in TestSignSession
        certfps = store.findCertificatesBySubjectAndIssuer(new Admin(Admin.TYPE_INTERNALUSER), subjectDN, issuerDN);
        assertTrue("something weird with size, all < foos", size >= certfps.size());
        log.debug("List certs for foo: " + certfps.size());
        Iterator iter = certfps.iterator();
        while (iter.hasNext()) {
            X509Certificate cert = (X509Certificate) iter.next();
            String fp = CertTools.getFingerprintAsString(cert);
            log.debug("revoking cert with fp="+fp);
            // Revoke all foos certificates, note that revokeCertificate will not change status of certificates that are already revoked
            store.revokeCertificate(admin, cert, null, RevokedCertInfo.REVOKATION_REASON_AFFILIATIONCHANGED);
            log.debug("Revoked cert " + fp);
        }
        log.debug("<test03listAndRevoke()");
    }

    /**
     * checks revoked certs
     *
     * @throws Exception error
     */
    public void test04CheckRevoked() throws Exception {
        log.debug(">test04CheckRevoked()");

        ICertificateStoreSessionRemote store = storehome.create();
        String issuerDN = CertTools.getIssuerDN(cert);
        String subjectDN = CertTools.getSubjectDN(cert);
        // List all certificates for user foo, which we have created in TestSignSession
        Collection certfps = store.findCertificatesBySubjectAndIssuer(new Admin(Admin.TYPE_INTERNALUSER), subjectDN, issuerDN);
        assertNotNull("failed to list certs", certfps);
        assertTrue("failed to list certs", certfps.size() != 0);

        // Verify that cert are revoked
        Iterator iter = certfps.iterator();
        while (iter.hasNext()) {
            X509Certificate cert = (X509Certificate) iter.next();
            String fp = CertTools.getFingerprintAsString(cert);
            CertificateInfo rev = store.getCertificateInfo(admin, fp);
            log.info("revocationdate (after rev)=" + rev.getRevocationDate());
            assertTrue("Revocation date in future.", new Date().compareTo(rev.getRevocationDate())>=0);
            assertTrue(rev.getStatus() == CertificateDataBean.CERT_REVOKED);
        }

        log.debug("<test04CheckRevoked()");
    }

    /**
     * finds certificates again
     *
     * @throws Exception error
     */
    public void test05FindAgain() throws Exception {
        log.debug(">test05FindAgain()");

        String fp = CertTools.getFingerprintAsString(cert);