mirrors
/
gitblit
ミラー元 https://github.com/gitblit/gitblit.git
ウォッチ 1
スター 0
フォーク 0
コード 課題 0 リリース 43 Wiki アクティビティ
選択できるのは25トピックまでです。 トピックは、先頭が英数字で、英数字とダッシュ('-')を使用した35文字以内のものにしてください。
1024 コミット
11 ブランチ
ツリー: eec3ef21b9
ブランチ タグ
${ item.name }
ブランチ ${ searchTerm } を作成
'eec3ef21b9' から
${ noResults }
gitblit/tests/com/gitblit/tests/X509UtilsTest.java

X509UtilsTest.java 7.3KB
Raw Blame 履歴

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184 
  1. /*

  2.  * Copyright 2012 gitblit.com.

  3.  *

  4.  * Licensed under the Apache License, Version 2.0 (the "License");

  5.  * you may not use this file except in compliance with the License.

  6.  * You may obtain a copy of the License at

  7.  *

  8.  *     http://www.apache.org/licenses/LICENSE-2.0

  9.  *

  10.  * Unless required by applicable law or agreed to in writing, software

  11.  * distributed under the License is distributed on an "AS IS" BASIS,

  12.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13.  * See the License for the specific language governing permissions and

  14.  * limitations under the License.

  15.  */

  16. package com.gitblit.tests;

  17. 

  18. import java.io.File;

  19. import java.io.FileInputStream;

  20. import java.security.PrivateKey;

  21. import java.security.cert.X509Certificate;

  22. import java.util.Arrays;

  23. import java.util.List;

  24. import java.util.zip.ZipEntry;

  25. import java.util.zip.ZipInputStream;

  26. 

  27. import org.eclipse.jgit.util.FileUtils;

  28. import org.junit.After;

  29. import org.junit.Assert;

  30. import org.junit.Before;

  31. import org.junit.Test;

  32. 

  33. import com.gitblit.models.UserModel;

  34. import com.gitblit.utils.HttpUtils;

  35. import com.gitblit.utils.X509Utils;

  36. import com.gitblit.utils.X509Utils.RevocationReason;

  37. import com.gitblit.utils.X509Utils.X509Log;

  38. import com.gitblit.utils.X509Utils.X509Metadata;

  39. 

  40. /**

  41.  * Unit tests for X509 certificate generation.

  42.  * 

  43.  * @author James Moger

  44.  * 

  45.  */

  46. public class X509UtilsTest extends Assert {

  47. 	

  48. 	// passwords are case-sensitive and may be length-limited

  49. 	// based on the JCE policy files

  50. 	String caPassword = "aBcDeFg";

  51. 	File folder = new File(System.getProperty("user.dir"), "x509test");

  52. 	

  53. 	X509Log log = new X509Log() {

  54. 		public void log(String message) {

  55. 			System.out.println(message);

  56. 		}

  57. 	};

  58. 

  59. 	@Before

  60. 	public void prepare() throws Exception {

  61. 		cleanUp();

  62. 		X509Metadata goMetadata = new X509Metadata("localhost", caPassword);

  63. 		X509Utils.prepareX509Infrastructure(goMetadata, folder, log);

  64. 	}

  65. 	

  66. 	@After

  67. 	public void cleanUp() throws Exception {

  68. 		if (folder.exists()) {

  69. 			FileUtils.delete(folder, FileUtils.RECURSIVE);

  70. 		}

  71. 	}

  72. 	

  73. 	@Test

  74. 	public void testNewCA() throws Exception {		

  75. 		File storeFile = new File(folder, X509Utils.CA_KEY_STORE);

  76. 		X509Utils.getPrivateKey(X509Utils.CA_ALIAS, storeFile, caPassword);

  77. 		X509Certificate cert = X509Utils.getCertificate(X509Utils.CA_ALIAS, storeFile, caPassword);

  78. 		assertEquals("O=Gitblit,OU=Gitblit,CN=Gitblit Certificate Authority", cert.getIssuerDN().getName());

  79. 	}	

  80. 

  81. 	@Test

  82. 	public void testCertificateUserMapping() throws Exception {		

  83. 		File storeFile = new File(folder, X509Utils.CA_KEY_STORE);

  84. 		PrivateKey caPrivateKey = X509Utils.getPrivateKey(X509Utils.CA_ALIAS, storeFile, caPassword);

  85. 		X509Certificate caCert = X509Utils.getCertificate(X509Utils.CA_ALIAS, storeFile, caPassword);

  86. 		

  87. 		X509Metadata userMetadata = new X509Metadata("james", "james");

  88. 		userMetadata.serverHostname = "www.myserver.com";

  89. 		userMetadata.userDisplayname = "James Moger";

  90. 		userMetadata.passwordHint = "your name";

  91. 		userMetadata.oids.put("C",  "US");

  92. 		

  93. 		X509Certificate cert1 = X509Utils.newClientCertificate(userMetadata, caPrivateKey, caCert, storeFile.getParentFile());

  94. 		UserModel userModel1 = HttpUtils.getUserModelFromCertificate(cert1);

  95. 		assertEquals(userMetadata.commonName, userModel1.username);

  96. 		assertEquals(userMetadata.emailAddress, userModel1.emailAddress);

  97. 		assertEquals("C=US,O=Gitblit,OU=Gitblit,CN=james", cert1.getSubjectDN().getName());

  98. 		

  99. 		

  100. 		X509Certificate cert2 = X509Utils.newClientCertificate(userMetadata, caPrivateKey, caCert, storeFile.getParentFile());

  101. 		UserModel userModel2 = HttpUtils.getUserModelFromCertificate(cert2);

  102. 		assertEquals(userMetadata.commonName, userModel2.username);

  103. 		assertEquals(userMetadata.emailAddress, userModel2.emailAddress);

  104. 		assertEquals("C=US,O=Gitblit,OU=Gitblit,CN=james", cert2.getSubjectDN().getName());

  105. 		

  106. 		assertNotSame("Serial numbers are the same!", cert1.getSerialNumber().longValue(), cert2.getSerialNumber().longValue());

  107. 	}

  108. 	

  109. 	@Test

  110. 	public void testUserBundle() throws Exception {

  111. 		File storeFile = new File(folder, X509Utils.CA_KEY_STORE);

  112. 		

  113. 		X509Metadata userMetadata = new X509Metadata("james", "james");

  114. 		userMetadata.serverHostname = "www.myserver.com";		

  115. 		userMetadata.userDisplayname = "James Moger";

  116. 		userMetadata.passwordHint = "your name";

  117. 

  118. 		File zip = X509Utils.newClientBundle(userMetadata, storeFile, caPassword, log);

  119. 		assertTrue(zip.exists());

  120. 		

  121. 		List<String> expected = Arrays.asList(

  122. 				userMetadata.commonName + ".pem",

  123. 				userMetadata.commonName + ".p12",

  124. 				userMetadata.commonName + ".cer",

  125. 				"ca.cer",

  126. 				"README.TXT");

  127. 		

  128. 		ZipInputStream zis = new ZipInputStream(new FileInputStream(zip));

  129. 		ZipEntry entry = null;

  130. 		while ((entry = zis.getNextEntry()) != null) {

  131. 			assertTrue("Unexpected file: " + entry.getName(), expected.contains(entry.getName()));

  132. 		}

  133. 		zis.close();

  134. 	}

  135. 	

  136. 	@Test

  137. 	public void testCertificateRevocation() throws Exception {		

  138. 		File storeFile = new File(folder, X509Utils.CA_KEY_STORE);

  139. 		PrivateKey caPrivateKey = X509Utils.getPrivateKey(X509Utils.CA_ALIAS, storeFile, caPassword);

  140. 		X509Certificate caCert = X509Utils.getCertificate(X509Utils.CA_ALIAS, storeFile, caPassword);

  141. 		

  142. 		X509Metadata userMetadata = new X509Metadata("james", "james");

  143. 		userMetadata.serverHostname = "www.myserver.com";

  144. 		userMetadata.userDisplayname = "James Moger";

  145. 		userMetadata.passwordHint = "your name";

  146. 		

  147. 		// generate a new client certificate

  148. 		X509Certificate cert1 = X509Utils.newClientCertificate(userMetadata, caPrivateKey, caCert, storeFile.getParentFile());

  149. 		

  150. 		// confirm this certificate IS NOT revoked

  151. 		File caRevocationList = new File(folder, X509Utils.CA_REVOCATION_LIST);

  152. 		assertFalse(X509Utils.isRevoked(cert1, caRevocationList));

  153. 		

  154. 		// revoke certificate and then confirm it IS revoked

  155. 		X509Utils.revoke(cert1, RevocationReason.ACompromise, caRevocationList, storeFile, caPassword, log);

  156. 		assertTrue(X509Utils.isRevoked(cert1, caRevocationList));

  157. 		

  158. 		// generate a second certificate

  159. 		X509Certificate cert2 = X509Utils.newClientCertificate(userMetadata, caPrivateKey, caCert, storeFile.getParentFile());

  160. 		

  161. 		// confirm second certificate IS NOT revoked

  162. 		assertTrue(X509Utils.isRevoked(cert1, caRevocationList));

  163. 		assertFalse(X509Utils.isRevoked(cert2, caRevocationList));

  164. 		

  165. 		// revoke second certificate and then confirm it IS revoked

  166. 		X509Utils.revoke(cert2, RevocationReason.ACompromise, caRevocationList, caPrivateKey, log);

  167. 		assertTrue(X509Utils.isRevoked(cert1, caRevocationList));

  168. 		assertTrue(X509Utils.isRevoked(cert2, caRevocationList));

  169. 		

  170. 		// generate a third certificate

  171. 		X509Certificate cert3 = X509Utils.newClientCertificate(userMetadata, caPrivateKey, caCert, storeFile.getParentFile());

  172. 		

  173. 		// confirm third certificate IS NOT revoked

  174. 		assertTrue(X509Utils.isRevoked(cert1, caRevocationList));

  175. 		assertTrue(X509Utils.isRevoked(cert2, caRevocationList));

  176. 		assertFalse(X509Utils.isRevoked(cert3, caRevocationList));

  177. 		

  178. 		// revoke third certificate and then confirm it IS revoked

  179. 		X509Utils.revoke(cert3, RevocationReason.ACompromise, caRevocationList, caPrivateKey, log);

  180. 		assertTrue(X509Utils.isRevoked(cert1, caRevocationList));

  181. 		assertTrue(X509Utils.isRevoked(cert2, caRevocationList));

  182. 		assertTrue(X509Utils.isRevoked(cert3, caRevocationList));

  183. 	}

  184. }