index : gitblit.git	1026-Lucene-Index-PDF fixup-1.9 gh-pages master ticket/104 ticket/114 ticket/138 ticket/235 ticket/7 ticket/75 wicket-7
	Pure java git solution: https://github.com/gitblit-org/gitblit	www-data

summaryrefslogtreecommitdiffstats

log msg author committer range

path: root/src/test/java/com/gitblit/tests/GitDaemonStopTest.java

	Commit message (Collapse)	Author	Age	Files	Lines
*	Revised Git Daemon to improve thread stopping and to eliminate repository ↵	James Moger	2013-05-03	1	-0/+33
	name hack

generated by cgit v1.2.3 (git 2.39.1) at 2025-08-15 21:36:29 +0000

/*
 * Copyright 2012 gitblit.com.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.gitblit.tests;

import java.io.File;
import java.io.FileInputStream;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import java.util.zip.ZipEntry;
import java.util.zip.ZipInputStream;

import org.eclipse.jgit.util.FileUtils;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;

import com.gitblit.models.UserModel;
import com.gitblit.utils.HttpUtils;
import com.gitblit.utils.X509Utils;
import com.gitblit.utils.X509Utils.RevocationReason;
import com.gitblit.utils.X509Utils.X509Log;
import com.gitblit.utils.X509Utils.X509Metadata;

/**
 * Unit tests for X509 certificate generation.
 *
 * @author James Moger
 *
 */
public class X509UtilsTest extends GitblitUnitTest {

	// passwords are case-sensitive and may be length-limited
	// based on the JCE policy files
	String caPassword = "aBcDeFg";
	File folder = new File(System.getProperty("user.dir"), "x509test");

	X509Log log = new X509Log() {
		@Override
		public void log(String message) {
			System.out.println(message);
		}
	};

	@Before
	public void prepare() throws Exception {
		cleanUp();
		X509Metadata goMetadata = new X509Metadata("localhost", caPassword);
		X509Utils.prepareX509Infrastructure(goMetadata, folder, log);
	}

	@After
	public void cleanUp() throws Exception {
		if (folder.exists()) {
			FileUtils.delete(folder, FileUtils.RECURSIVE);
		}
	}

	@Test
	public void testNewCA() throws Exception {
		File storeFile = new File(folder, X509Utils.CA_KEY_STORE);
		X509Utils.getPrivateKey(X509Utils.CA_ALIAS, storeFile, caPassword);
		X509Certificate cert = X509Utils.getCertificate(X509Utils.CA_ALIAS, storeFile, caPassword);
		assertEquals("O=Gitblit,OU=Gitblit,CN=Gitblit Certificate Authority", cert.getIssuerDN().getName());
	}

	@Test
	public void testCertificateUserMapping() throws Exception {
		File storeFile = new File(folder, X509Utils.CA_KEY_STORE);
		PrivateKey caPrivateKey = X509Utils.getPrivateKey(X509Utils.CA_ALIAS, storeFile, caPassword);
		X509Certificate caCert = X509Utils.getCertificate(X509Utils.CA_ALIAS, storeFile, caPassword);

		X509Metadata userMetadata = new X509Metadata("james", "james");
		userMetadata.serverHostname = "www.myserver.com";
		userMetadata.userDisplayname = "James Moger";
		userMetadata.passwordHint = "your name";
		userMetadata.oids.put("C",  "US");

		X509Certificate cert1 = X509Utils.newClientCertificate(userMetadata, caPrivateKey, caCert, storeFile.getParentFile());
		UserModel userModel1 = HttpUtils.getUserModelFromCertificate(cert1);
		assertEquals(userMetadata.commonName, userModel1.username);
		assertEquals(userMetadata.emailAddress, userModel1.emailAddress);
		assertEquals("C=US,O=Gitblit,OU=Gitblit,CN=james", cert1.getSubjectDN().getName());


		X509Certificate cert2 = X509Utils.newClientCertificate(userMetadata, caPrivateKey, caCert, storeFile.getParentFile());
		UserModel userModel2 = HttpUtils.getUserModelFromCertificate(cert2);
		assertEquals(userMetadata.commonName, userModel2.username);
		assertEquals(userMetadata.emailAddress, userModel2.emailAddress);
		assertEquals("C=US,O=Gitblit,OU=Gitblit,CN=james", cert2.getSubjectDN().getName());

		assertNotSame("Serial numbers are the same!", cert1.getSerialNumber().longValue(), cert2.getSerialNumber().longValue());
	}

	@Test
	public void testUserBundle() throws Exception {
		File storeFile = new File(folder, X509Utils.CA_KEY_STORE);

		X509Metadata userMetadata = new X509Metadata("james", "james");
		userMetadata.serverHostname = "www.myserver.com";
		userMetadata.userDisplayname = "James Moger";
		userMetadata.passwordHint = "your name";

		File zip = X509Utils.newClientBundle(userMetadata, storeFile, caPassword, log);
		assertTrue(zip.exists());

		List<String> expected = Arrays.asList(
				userMetadata.commonName + ".pem",
				userMetadata.commonName + ".p12",
				userMetadata.commonName + ".cer",
				"ca.cer",
				"README.TXT");

		ZipInputStream zis = new ZipInputStream(new FileInputStream(zip));
		ZipEntry entry = null;
		while ((entry = zis.getNextEntry()) != null) {
			assertTrue("Unexpected file: " + entry.getName(), expected.contains(entry.getName()));
		}
		zis.close();
	}

	@Test
	public void testCertificateRevocation() throws Exception {
		File storeFile = new File(folder, X509Utils.CA_KEY_STORE);
		PrivateKey caPrivateKey = X509Utils.getPrivateKey(X509Utils.CA_ALIAS, storeFile, caPassword);
		X509Certificate caCert = X509Utils.getCertificate(X509Utils.CA_ALIAS, storeFile, caPassword);

		X509Metadata userMetadata = new X509Metadata("james", "james");
		userMetadata.serverHostname = "www.myserver.com";
		userMetadata.userDisplayname = "James Moger";
		userMetadata.passwordHint = "your name";

		// generate a new client certificate
		X509Certificate cert1 = X509Utils.newClientCertificate(userMetadata, caPrivateKey, caCert, storeFile.getParentFile());

		// confirm this certificate IS NOT revoked
		File caRevocationList = new File(folder, X509Utils.CA_REVOCATION_LIST);
		assertFalse(X509Utils.isRevoked(cert1, caRevocationList));

		// revoke certificate and then confirm it IS revoked
		X509Utils.revoke(cert1, RevocationReason.ACompromise, caRevocationList, storeFile, caPassword, log);
		assertTrue(X509Utils.isRevoked(cert1, caRevocationList));

		// generate a second certificate
		X509Certificate cert2 = X509Utils.newClientCertificate(userMetadata, caPrivateKey, caCert, storeFile.getParentFile());

		// confirm second certificate IS NOT revoked
		assertTrue(X509Utils.isRevoked(cert1, caRevocationList));
		assertFalse(X509Utils.isRevoked(cert2, caRevocationList));

		// revoke second certificate and then confirm it IS revoked
		X509Utils.revoke(cert2, RevocationReason.ACompromise, caRevocationList, caPrivateKey, log);
		assertTrue(X509Utils.isRevoked(cert1, caRevocationList));
		assertTrue(X509Utils.isRevoked(cert2, caRevocationList));

		// generate a third certificate
		X509Certificate cert3 = X509Utils.newClientCertificate(userMetadata, caPrivateKey, caCert, storeFile.getParentFile());

		// confirm third certificate IS NOT revoked
		assertTrue(X509Utils.isRevoked(cert1, caRevocationList));
		assertTrue(X509Utils.isRevoked(cert2, caRevocationList));
		assertFalse(X509Utils.isRevoked(cert3, caRevocationList));

		// revoke third certificate and then confirm it IS revoked
		X509Utils.revoke(cert3, RevocationReason.ACompromise, caRevocationList, caPrivateKey, log);
		assertTrue(X509Utils.isRevoked(cert1, caRevocationList));
		assertTrue(X509Utils.isRevoked(cert2, caRevocationList));
		assertTrue(X509Utils.isRevoked(cert3, caRevocationList));
	}
}