githubFork/gitblit.git - Solinfo Gitblit

			@@ -39,18 +39,19 @@

			/**
			* Unit tests for X509 certificate generation.
			*
			*
			* @author James Moger
			*
			*
			*/
			public class X509UtilsTest extends Assert {


			// passwords are case-sensitive and may be length-limited
			// based on the JCE policy files
			String caPassword = "aBcDeFg";
			File folder = new File(System.getProperty("user.dir"), "x509test");


			X509Log log = new X509Log() {
			@Override
			public void log(String message) {
			System.out.println(message);
			}
			@@ -62,69 +63,69 @@
			X509Metadata goMetadata = new X509Metadata("localhost", caPassword);
			X509Utils.prepareX509Infrastructure(goMetadata, folder, log);
			}


			@After
			public void cleanUp() throws Exception {
			if (folder.exists()) {
			FileUtils.delete(folder, FileUtils.RECURSIVE);
			}
			}


			@Test
			public void testNewCA() throws Exception {
			public void testNewCA() throws Exception {
			File storeFile = new File(folder, X509Utils.CA_KEY_STORE);
			X509Utils.getPrivateKey(X509Utils.CA_ALIAS, storeFile, caPassword);
			X509Certificate cert = X509Utils.getCertificate(X509Utils.CA_ALIAS, storeFile, caPassword);
			assertEquals("O=Gitblit,OU=Gitblit,CN=Gitblit Certificate Authority", cert.getIssuerDN().getName());
			}
			}

			@Test
			public void testCertificateUserMapping() throws Exception {
			public void testCertificateUserMapping() throws Exception {
			File storeFile = new File(folder, X509Utils.CA_KEY_STORE);
			PrivateKey caPrivateKey = X509Utils.getPrivateKey(X509Utils.CA_ALIAS, storeFile, caPassword);
			X509Certificate caCert = X509Utils.getCertificate(X509Utils.CA_ALIAS, storeFile, caPassword);


			X509Metadata userMetadata = new X509Metadata("james", "james");
			userMetadata.serverHostname = "www.myserver.com";
			userMetadata.userDisplayname = "James Moger";
			userMetadata.passwordHint = "your name";
			userMetadata.oids.put("C", "US");


			X509Certificate cert1 = X509Utils.newClientCertificate(userMetadata, caPrivateKey, caCert, storeFile.getParentFile());
			UserModel userModel1 = HttpUtils.getUserModelFromCertificate(cert1);
			assertEquals(userMetadata.commonName, userModel1.username);
			assertEquals(userMetadata.emailAddress, userModel1.emailAddress);
			assertEquals("C=US,O=Gitblit,OU=Gitblit,CN=james", cert1.getSubjectDN().getName());




			X509Certificate cert2 = X509Utils.newClientCertificate(userMetadata, caPrivateKey, caCert, storeFile.getParentFile());
			UserModel userModel2 = HttpUtils.getUserModelFromCertificate(cert2);
			assertEquals(userMetadata.commonName, userModel2.username);
			assertEquals(userMetadata.emailAddress, userModel2.emailAddress);
			assertEquals("C=US,O=Gitblit,OU=Gitblit,CN=james", cert2.getSubjectDN().getName());


			assertNotSame("Serial numbers are the same!", cert1.getSerialNumber().longValue(), cert2.getSerialNumber().longValue());
			}


			@Test
			public void testUserBundle() throws Exception {
			File storeFile = new File(folder, X509Utils.CA_KEY_STORE);


			X509Metadata userMetadata = new X509Metadata("james", "james");
			userMetadata.serverHostname = "www.myserver.com";
			userMetadata.serverHostname = "www.myserver.com";
			userMetadata.userDisplayname = "James Moger";
			userMetadata.passwordHint = "your name";

			File zip = X509Utils.newClientBundle(userMetadata, storeFile, caPassword, log);
			assertTrue(zip.exists());


			List<String> expected = Arrays.asList(
			userMetadata.commonName + ".pem",
			userMetadata.commonName + ".p12",
			userMetadata.commonName + ".cer",
			"ca.cer",
			"README.TXT");


			ZipInputStream zis = new ZipInputStream(new FileInputStream(zip));
			ZipEntry entry = null;
			while ((entry = zis.getNextEntry()) != null) {
			@@ -132,49 +133,49 @@
			}
			zis.close();
			}


			@Test
			public void testCertificateRevocation() throws Exception {
			public void testCertificateRevocation() throws Exception {
			File storeFile = new File(folder, X509Utils.CA_KEY_STORE);
			PrivateKey caPrivateKey = X509Utils.getPrivateKey(X509Utils.CA_ALIAS, storeFile, caPassword);
			X509Certificate caCert = X509Utils.getCertificate(X509Utils.CA_ALIAS, storeFile, caPassword);


			X509Metadata userMetadata = new X509Metadata("james", "james");
			userMetadata.serverHostname = "www.myserver.com";
			userMetadata.userDisplayname = "James Moger";
			userMetadata.passwordHint = "your name";


			// generate a new client certificate
			X509Certificate cert1 = X509Utils.newClientCertificate(userMetadata, caPrivateKey, caCert, storeFile.getParentFile());


			// confirm this certificate IS NOT revoked
			File caRevocationList = new File(folder, X509Utils.CA_REVOCATION_LIST);
			assertFalse(X509Utils.isRevoked(cert1, caRevocationList));


			// revoke certificate and then confirm it IS revoked
			X509Utils.revoke(cert1, RevocationReason.ACompromise, caRevocationList, storeFile, caPassword, log);
			assertTrue(X509Utils.isRevoked(cert1, caRevocationList));


			// generate a second certificate
			X509Certificate cert2 = X509Utils.newClientCertificate(userMetadata, caPrivateKey, caCert, storeFile.getParentFile());


			// confirm second certificate IS NOT revoked
			assertTrue(X509Utils.isRevoked(cert1, caRevocationList));
			assertFalse(X509Utils.isRevoked(cert2, caRevocationList));


			// revoke second certificate and then confirm it IS revoked
			X509Utils.revoke(cert2, RevocationReason.ACompromise, caRevocationList, caPrivateKey, log);
			assertTrue(X509Utils.isRevoked(cert1, caRevocationList));
			assertTrue(X509Utils.isRevoked(cert2, caRevocationList));


			// generate a third certificate
			X509Certificate cert3 = X509Utils.newClientCertificate(userMetadata, caPrivateKey, caCert, storeFile.getParentFile());


			// confirm third certificate IS NOT revoked
			assertTrue(X509Utils.isRevoked(cert1, caRevocationList));
			assertTrue(X509Utils.isRevoked(cert2, caRevocationList));
			assertFalse(X509Utils.isRevoked(cert3, caRevocationList));


			// revoke third certificate and then confirm it IS revoked
			X509Utils.revoke(cert3, RevocationReason.ACompromise, caRevocationList, caPrivateKey, log);
			assertTrue(X509Utils.isRevoked(cert1, caRevocationList));