diff options
| author | James Moger <james.moger@gitblit.com> | 2012-11-23 10:31:58 -0500 |
|---|---|---|
| committer | James Moger <james.moger@gitblit.com> | 2012-11-23 10:31:58 -0500 |
| commit | b423580c552ff2c2d47829b0e1632a77958fec68 (patch) | |
| tree | 6afc595dfc4a47641609cd185441f2dfaa001950 /tests | |
| parent | 1729d4e8878dbdfe2724776bb551655fecdbd8db (diff) | |
| download | gitblit-b423580c552ff2c2d47829b0e1632a77958fec68.tar.gz gitblit-b423580c552ff2c2d47829b0e1632a77958fec68.zip | |
X509 certificate generation utilities for CA, web, and client certificates
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/com/gitblit/tests/X509UtilsTest.java | 172 |
1 files changed, 172 insertions, 0 deletions
diff --git a/tests/com/gitblit/tests/X509UtilsTest.java b/tests/com/gitblit/tests/X509UtilsTest.java new file mode 100644 index 00000000..85afce0c --- /dev/null +++ b/tests/com/gitblit/tests/X509UtilsTest.java @@ -0,0 +1,172 @@ +/*
+ * Copyright 2012 gitblit.com.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gitblit.tests;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.List;
+import java.util.zip.ZipEntry;
+import java.util.zip.ZipInputStream;
+
+import org.eclipse.jgit.util.FileUtils;
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+
+import com.gitblit.models.UserModel;
+import com.gitblit.utils.HttpUtils;
+import com.gitblit.utils.X509Utils;
+import com.gitblit.utils.X509Utils.RevocationReason;
+import com.gitblit.utils.X509Utils.X509Metadata;
+
+/**
+ * Unit tests for X509 certificate generation.
+ *
+ * @author James Moger
+ *
+ */
+public class X509UtilsTest extends Assert {
+
+ // passwords are case-sensitive and may be length-limited
+ // based on the JCE policy files
+ String caPassword = "aBcDeFg";
+ File folder = new File(System.getProperty("user.dir"), "x509test");
+
+ @Before
+ public void prepare() throws Exception {
+ cleanUp();
+ X509Metadata goMetadata = new X509Metadata("localhost", caPassword);
+ X509Utils.prepareX509Infrastructure(goMetadata, folder);
+ }
+
+ @After
+ public void cleanUp() throws Exception {
+ if (folder.exists()) {
+ FileUtils.delete(folder, FileUtils.RECURSIVE);
+ }
+ }
+
+ @Test
+ public void testNewCA() throws Exception {
+ File storeFile = new File(folder, X509Utils.CA_KEY_STORE);
+ X509Utils.getPrivateKey(X509Utils.CA_FN, storeFile, caPassword);
+ X509Certificate cert = X509Utils.getCertificate(X509Utils.CA_FN, storeFile, caPassword);
+ assertEquals("O=Gitblit,OU=Gitblit,CN=Gitblit Certificate Authority", cert.getIssuerDN().getName());
+ }
+
+ @Test
+ public void testCertificateUserMapping() throws Exception {
+ File storeFile = new File(folder, X509Utils.CA_KEY_STORE);
+ PrivateKey caPrivateKey = X509Utils.getPrivateKey(X509Utils.CA_FN, storeFile, caPassword);
+ X509Certificate caCert = X509Utils.getCertificate(X509Utils.CA_FN, storeFile, caPassword);
+
+ X509Metadata userMetadata = new X509Metadata("james", "james");
+ userMetadata.serverHostname = "www.myserver.com";
+ userMetadata.userDisplayname = "James Moger";
+ userMetadata.passwordHint = "your name";
+ userMetadata.oids.put("C", "US");
+
+ X509Certificate cert1 = X509Utils.newClientCertificate(userMetadata, caPrivateKey, caCert, storeFile.getParentFile());
+ UserModel userModel1 = HttpUtils.getUserModelFromCertificate(cert1);
+ assertEquals(userMetadata.commonName, userModel1.username);
+ assertEquals(userMetadata.emailAddress, userModel1.emailAddress);
+ assertEquals("C=US,O=Gitblit,OU=Gitblit,CN=james", cert1.getSubjectDN().getName());
+
+
+ X509Certificate cert2 = X509Utils.newClientCertificate(userMetadata, caPrivateKey, caCert, storeFile.getParentFile());
+ UserModel userModel2 = HttpUtils.getUserModelFromCertificate(cert2);
+ assertEquals(userMetadata.commonName, userModel2.username);
+ assertEquals(userMetadata.emailAddress, userModel2.emailAddress);
+ assertEquals("C=US,O=Gitblit,OU=Gitblit,CN=james", cert2.getSubjectDN().getName());
+
+ assertNotSame("Serial numbers are the same!", cert1.getSerialNumber().longValue(), cert2.getSerialNumber().longValue());
+ }
+
+ @Test
+ public void testUserBundle() throws Exception {
+ File storeFile = new File(folder, X509Utils.CA_KEY_STORE);
+
+ X509Metadata userMetadata = new X509Metadata("james", "james");
+ userMetadata.serverHostname = "www.myserver.com";
+ userMetadata.userDisplayname = "James Moger";
+ userMetadata.passwordHint = "your name";
+
+ File zip = X509Utils.newClientBundle(userMetadata, storeFile, caPassword);
+ assertTrue(zip.exists());
+
+ List<String> expected = Arrays.asList(userMetadata.commonName + ".pem", userMetadata.commonName + ".p12", "README.TXT");
+
+ ZipInputStream zis = new ZipInputStream(new FileInputStream(zip));
+ ZipEntry entry = null;
+ while ((entry = zis.getNextEntry()) != null) {
+ assertTrue("Unexpected file: " + entry.getName(), expected.contains(entry.getName()));
+ }
+ zis.close();
+ }
+
+ @Test
+ public void testCertificateRevocation() throws Exception {
+ File storeFile = new File(folder, X509Utils.CA_KEY_STORE);
+ PrivateKey caPrivateKey = X509Utils.getPrivateKey(X509Utils.CA_FN, storeFile, caPassword);
+ X509Certificate caCert = X509Utils.getCertificate(X509Utils.CA_FN, storeFile, caPassword);
+
+ X509Metadata userMetadata = new X509Metadata("james", "james");
+ userMetadata.serverHostname = "www.myserver.com";
+ userMetadata.userDisplayname = "James Moger";
+ userMetadata.passwordHint = "your name";
+
+ // generate a new client certificate
+ X509Certificate cert1 = X509Utils.newClientCertificate(userMetadata, caPrivateKey, caCert, storeFile.getParentFile());
+
+ // confirm this certificate IS NOT revoked
+ File caRevocationList = new File(folder, X509Utils.CA_REVOCATION_LIST);
+ assertFalse(X509Utils.isRevoked(cert1, caRevocationList));
+
+ // revoke certificate and then confirm it IS revoked
+ X509Utils.revoke(cert1, RevocationReason.ACompromise, caRevocationList, storeFile, caPassword);
+ assertTrue(X509Utils.isRevoked(cert1, caRevocationList));
+
+ // generate a second certificate
+ X509Certificate cert2 = X509Utils.newClientCertificate(userMetadata, caPrivateKey, caCert, storeFile.getParentFile());
+
+ // confirm second certificate IS NOT revoked
+ assertTrue(X509Utils.isRevoked(cert1, caRevocationList));
+ assertFalse(X509Utils.isRevoked(cert2, caRevocationList));
+
+ // revoke second certificate and then confirm it IS revoked
+ X509Utils.revoke(cert2, RevocationReason.ACompromise, caRevocationList, caPrivateKey);
+ assertTrue(X509Utils.isRevoked(cert1, caRevocationList));
+ assertTrue(X509Utils.isRevoked(cert2, caRevocationList));
+
+ // generate a third certificate
+ X509Certificate cert3 = X509Utils.newClientCertificate(userMetadata, caPrivateKey, caCert, storeFile.getParentFile());
+
+ // confirm third certificate IS NOT revoked
+ assertTrue(X509Utils.isRevoked(cert1, caRevocationList));
+ assertTrue(X509Utils.isRevoked(cert2, caRevocationList));
+ assertFalse(X509Utils.isRevoked(cert3, caRevocationList));
+
+ // revoke third certificate and then confirm it IS revoked
+ X509Utils.revoke(cert3, RevocationReason.ACompromise, caRevocationList, caPrivateKey);
+ assertTrue(X509Utils.isRevoked(cert1, caRevocationList));
+ assertTrue(X509Utils.isRevoked(cert2, caRevocationList));
+ assertTrue(X509Utils.isRevoked(cert3, caRevocationList));
+ }
+}
|