|
1 package se.anatom.ejbca.approval;
2
3 import java.io.File  ;
4 import java.security.cert.X509Certificate ;
5 import java.util.ArrayList ;
6 import java.util.Collection ;
7 import java.util.Date ;
8 import java.util.Iterator ;
9 import java.util.List ;
10 import java.util.Random ;
11
12 import javax.naming.Context ;
13 import javax.naming.NamingException ;
14
15 import junit.framework.TestCase;
16
17 import org.apache.log4j.Logger;
18 import org.ejbca.core.ejb.approval.IApprovalSessionHome;
19 import org.ejbca.core.ejb.approval.IApprovalSessionRemote;
20 import org.ejbca.core.ejb.authorization.IAuthorizationSessionHome;
21 import org.ejbca.core.ejb.authorization.IAuthorizationSessionRemote;
22 import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionHome;
23 import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionRemote;
24 import org.ejbca.core.ejb.ra.IUserAdminSessionHome;
25 import org.ejbca.core.ejb.ra.IUserAdminSessionRemote;
26 import org.ejbca.core.model.SecConst;
27 import org.ejbca.core.model.approval.AdminAlreadyApprovedRequestException;
28 import org.ejbca.core.model.approval.Approval;
29 import org.ejbca.core.model.approval.ApprovalDataVO;
30 import org.ejbca.core.model.approval.ApprovalException;
31 import org.ejbca.core.model.approval.ApprovalRequestExpiredException;
32 import org.ejbca.core.model.approval.approvalrequests.DummyApprovalRequest;
33 import org.ejbca.core.model.authorization.AdminEntity;
34 import org.ejbca.core.model.authorization.AdminGroup;
35 import org.ejbca.core.model.log.Admin;
36 import org.ejbca.core.model.ra.UserDataVO;
37 import org.ejbca.ui.cli.batch.BatchMakeP12;
38 import org.ejbca.util.CertTools;
39 import org.ejbca.util.query.ApprovalMatch;
40 import org.ejbca.util.query.BasicMatch;
41 import org.ejbca.util.query.Query;
42
43 public class TestApprovalSession extends TestCase {
44
45
46 private static Logger log = Logger.getLogger(TestApprovalSession.class);
47 private static Context ctx;
48 private static IApprovalSessionRemote pub;
49 private static IAuthorizationSessionRemote auth;
50 private static IUserAdminSessionRemote user;
51 private static ICertificateStoreSessionRemote store;
52
53 private static String reqadminusername = null;
54 private static String adminusername1 = null;
55 private static String adminusername2 = null;
56
57 private static X509Certificate reqadmincert = null;
58 private static X509Certificate admincert1 = null;
59 private static X509Certificate admincert2 = null;
60
61 private static Admin reqadmin = null;
62 private static Admin admin1 = null;
63 private static Admin admin2 = null;
64
65 private static int caid = "CN=TEST".hashCode();
66 private static ArrayList adminentities;
67
68
69
70 private static final Admin intadmin = new Admin(Admin.TYPE_INTERNALUSER);
71
72
73
74
75
76 protected void setUp() throws Exception {
77 super.setUp();
78 ctx = getInitialContext();
79 Object obj = ctx.lookup("ApprovalSession");
80 IApprovalSessionHome home = (IApprovalSessionHome) javax.rmi.PortableRemoteObject.narrow(obj,
81 IApprovalSessionHome.class);
82 pub = home.create();
83
84 obj = ctx.lookup("AuthorizationSession");
85 IAuthorizationSessionHome authhome = (IAuthorizationSessionHome) javax.rmi.PortableRemoteObject.narrow(obj,
86 IAuthorizationSessionHome.class);
87 auth = authhome.create();
88
89 obj = ctx.lookup("UserAdminSession");
90 IUserAdminSessionHome userhome = (IUserAdminSessionHome) javax.rmi.PortableRemoteObject.narrow(obj,
91 IUserAdminSessionHome.class);
92 user = userhome.create();
93
94 obj = ctx.lookup("CertificateStoreSession");
95 ICertificateStoreSessionHome storehome = (ICertificateStoreSessionHome) javax.rmi.PortableRemoteObject.narrow(obj, ICertificateStoreSessionHome.class);
96 store = storehome.create();
97
98 CertTools.installBCProvider();
99
100 adminusername1 = genRandomUserName();
101 adminusername2 = adminusername1 + "2";
102 reqadminusername = "req" + adminusername1;
103
104
105 Collection admingroups = auth.getAuthorizedAdminGroupNames(intadmin);
106 Iterator iter = admingroups.iterator();
107 while(iter.hasNext()){
108 AdminGroup group = (AdminGroup) iter.next();
109 if(group.getAdminGroupName().equals("Temporary Super Administrator Group")){
110 caid = group.getCAId();
111
112 }
113 }
114
115 UserDataVO userdata = new UserDataVO(adminusername1,"CN="+adminusername1,caid,null,null,1,SecConst.EMPTY_ENDENTITYPROFILE,
116 SecConst.CERTPROFILE_FIXED_ENDUSER,SecConst.TOKEN_SOFT_P12,0,null);
117 userdata.setPassword("foo123");
118 user.addUser(intadmin, userdata , true);
119
120
121 UserDataVO userdata2 = new UserDataVO(adminusername2,"CN="+adminusername2,caid,null,null,1,SecConst.EMPTY_ENDENTITYPROFILE,
122 SecConst.CERTPROFILE_FIXED_ENDUSER,SecConst.TOKEN_SOFT_P12,0,null);
123 userdata2.setPassword("foo123");
124 user.addUser(intadmin, userdata2 , true);
125
126 UserDataVO userdata3 = new UserDataVO(reqadminusername,"CN="+reqadminusername,caid,null,null,1,SecConst.EMPTY_ENDENTITYPROFILE,
127 SecConst.CERTPROFILE_FIXED_ENDUSER,SecConst.TOKEN_SOFT_P12,0,null);
128 userdata3.setPassword("foo123");
129 user.addUser(intadmin, userdata3 , true);
130
131 BatchMakeP12 makep12 = new BatchMakeP12();
132 File tmpfile = File.createTempFile("ejbca", "p12");
133
134 makep12.setMainStoreDir(tmpfile.getParent());
136 makep12.createAllNew();
137
138
139
140 adminentities = new ArrayList ();
141 adminentities.add(new AdminEntity(AdminEntity.WITH_COMMONNAME,AdminEntity.TYPE_EQUALCASEINS,adminusername1,caid));
142 adminentities.add(new AdminEntity(AdminEntity.WITH_COMMONNAME,AdminEntity.TYPE_EQUALCASEINS,adminusername2,caid));
143 adminentities.add(new AdminEntity(AdminEntity.WITH_COMMONNAME,AdminEntity.TYPE_EQUALCASEINS,reqadminusername,caid));
144 auth.addAdminEntities(intadmin, "Temporary Super Administrator Group", caid, adminentities);
145
146 auth.forceRuleUpdate(intadmin);
147
148 admincert1 = (X509Certificate ) store.findCertificatesByUsername(intadmin, adminusername1).iterator().next();
149 admincert2 = (X509Certificate ) store.findCertificatesByUsername(intadmin, adminusername2).iterator().next();
150 reqadmincert = (X509Certificate ) store.findCertificatesByUsername(intadmin, reqadminusername).iterator().next();
151
152 admin1 = new Admin(admincert1);
153 admin2 = new Admin(admincert2);
154 reqadmin = new Admin(reqadmincert);
155
156
157 }
158
159 private String genRandomUserName() throws Exception {
160 Random rand = new Random (new Date ().getTime() + 4711);
162 String username = "";
163 for (int i = 0; i < 6; i++) {
164 int randint = rand.nextInt(9);
165 username += (new Integer (randint)).toString();
166 }
167 log.debug("Generated random username: username =" + username);
168
169 return username;
170 }
172 private Context getInitialContext() throws NamingException {
173 log.debug(">getInitialContext");
174 Context ctx = new javax.naming.InitialContext ();
175 log.debug("<getInitialContext");
176
177 return ctx;
178 }
179
180
181 public void testAddApprovalRequest() throws Exception {
182
183 DummyApprovalRequest nonExecutableRequest = new DummyApprovalRequest(reqadmin,null,caid,SecConst.EMPTY_ENDENTITYPROFILE,false);
184
185 Collection result = pub.findApprovalDataVO(admin1, nonExecutableRequest.generateApprovalId());
187 assertTrue(result.size() == 0);
188
189 pub.addApprovalRequest(admin1, nonExecutableRequest);
190
191
192 result = pub.findApprovalDataVO(admin1, nonExecutableRequest.generateApprovalId());
194 assertTrue(result.size() == 1);
195
196 ApprovalDataVO next = (ApprovalDataVO) result.iterator().next();
197 assertTrue("Status = " + next.getStatus(), next.getStatus() == ApprovalDataVO.STATUS_WAITINGFORAPPROVAL);
198 assertTrue(next.getCAId() == caid);
199 assertTrue(next.getEndEntityProfileiId() == SecConst.EMPTY_ENDENTITYPROFILE);
200 assertTrue(next.getReqadmincertissuerdn().equals(CertTools.getIssuerDN(reqadmincert)));
201 assertTrue(next.getReqadmincertsn().equals(reqadmincert.getSerialNumber().toString(16)));
202 assertTrue(next.getApprovalId() == nonExecutableRequest.generateApprovalId());
203 assertTrue(next.getApprovalType() == nonExecutableRequest.getApprovalType());
204 assertTrue(next.getApprovals().size() == 0);
205 assertTrue(!next.getApprovalRequest().isExecutable());
206 assertTrue(next.getRemainingApprovals() == 2);
207
208 Thread.sleep(5000);
210 result = pub.findApprovalDataVO(admin1, nonExecutableRequest.generateApprovalId());
211 assertTrue(result.size() == 1);
212
213 next = (ApprovalDataVO) result.iterator().next();
214 assertTrue("Status = " + next.getStatus(), next.getStatus() == ApprovalDataVO.STATUS_EXPIRED);
215
216
217 pub.removeApprovalRequest(admin1, next.getId());
218
219 pub.addApprovalRequest(admin1, nonExecutableRequest);
221 try{
222 pub.addApprovalRequest(admin1, nonExecutableRequest);
223 fail("It shouldn't be possible to add two identical requests.");
224 }catch(ApprovalException e){}
225
226 Thread.sleep(5000);
228 result = pub.findApprovalDataVO(admin1, nonExecutableRequest.generateApprovalId());
229 ApprovalDataVO expired = (ApprovalDataVO) result.iterator().next();
230
231 pub.addApprovalRequest(admin1, nonExecutableRequest);
232
233 pub.removeApprovalRequest(admin1, expired.getId());
234
235 result = pub.findApprovalDataVO(admin1, nonExecutableRequest.generateApprovalId());
236 next = (ApprovalDataVO) result.iterator().next();
237
238 pub.removeApprovalRequest(admin1, next.getId());
239 }
240
241 public void testApprove() throws Exception {
242 DummyApprovalRequest nonExecutableRequest = new DummyApprovalRequest(reqadmin,null,caid,SecConst.EMPTY_ENDENTITYPROFILE,false);
243 pub.addApprovalRequest(admin1, nonExecutableRequest);
244
245 Approval approval1 = new Approval("ap1test");
246 pub.approve(admin1, nonExecutableRequest.generateApprovalId(), approval1);
247
248 Collection result = pub.findApprovalDataVO(admin1, nonExecutableRequest.generateApprovalId());
249 assertTrue(result.size() == 1);
250
251 ApprovalDataVO next = (ApprovalDataVO) result.iterator().next();
252 assertTrue("Status = " + next.getStatus(), next.getStatus() == ApprovalDataVO.STATUS_WAITINGFORAPPROVAL);
253 assertTrue(next.getRemainingApprovals() == 1);
254
255 Approval approvalAgain = new Approval("apAgaintest");
256 try{
257 pub.approve(admin1, nonExecutableRequest.generateApprovalId(), approvalAgain);
258 fail("The same admin shouln'tt be able to approve a request twice");
259 }catch(AdminAlreadyApprovedRequestException e){}
260
261 Approval approval2 = new Approval("ap2test");
262 pub.approve(admin2, nonExecutableRequest.generateApprovalId(), approval2);
263
264 result = pub.findApprovalDataVO(admin1, nonExecutableRequest.generateApprovalId());
265 assertTrue(result.size() == 1);
266
267 next = (ApprovalDataVO) result.iterator().next();
268 assertTrue("Status = " + next.getStatus(), next.getStatus() == ApprovalDataVO.STATUS_APPROVED);
269 assertTrue(next.getRemainingApprovals() == 0);
270
271 Thread.sleep(5000);
273 result = pub.findApprovalDataVO(admin1, nonExecutableRequest.generateApprovalId());
274 assertTrue(result.size() == 1);
275
276 next = (ApprovalDataVO) result.iterator().next();
277 assertTrue("Status = " + next.getStatus(), next.getStatus() == ApprovalDataVO.STATUS_EXPIRED);
278
279 pub.removeApprovalRequest(admin1, next.getId());
280
281
282 DummyApprovalRequest executableRequest = new DummyApprovalRequest(reqadmin,null,caid,SecConst.EMPTY_ENDENTITYPROFILE,true);
284 pub.addApprovalRequest(admin1, executableRequest);
285
286 pub.approve(admin1, nonExecutableRequest.generateApprovalId(), approval1);
287 pub.approve(admin2, nonExecutableRequest.generateApprovalId(), approval2);
288
289 result = pub.findApprovalDataVO(admin1, executableRequest.generateApprovalId());
290 assertTrue(result.size() == 1);
291 next = (ApprovalDataVO) result.iterator().next();
292 assertTrue("Status = " + next.getStatus(), next.getStatus() == ApprovalDataVO.STATUS_EXECUTED);
293
294 Thread.sleep(5000);
296 result = pub.findApprovalDataVO(admin1, executableRequest.generateApprovalId());
297 assertTrue(result.size() == 1);
298
299 next = (ApprovalDataVO) result.iterator().next();
300 assertTrue("Status = " + next.getStatus(), next.getStatus() == ApprovalDataVO.STATUS_EXECUTED);
301
302
303 pub.removeApprovalRequest(admin1, next.getId());
304
305 nonExecutableRequest = new DummyApprovalRequest(reqadmin,null,caid,SecConst.EMPTY_ENDENTITYPROFILE,false);
307 pub.addApprovalRequest(admin1, nonExecutableRequest);
308 Approval approvalUsingReqAdmin = new Approval("approvalUsingReqAdmin");
309 try{
310 pub.approve(reqadmin, nonExecutableRequest.generateApprovalId(), approvalUsingReqAdmin);
311 fail("Request admin shouln't be able to approve their own request");
312 }catch(AdminAlreadyApprovedRequestException e){}
313 result = pub.findApprovalDataVO(admin1, executableRequest.generateApprovalId());
314 assertTrue(result.size() == 1);
315 next = (ApprovalDataVO) result.iterator().next();
316 pub.removeApprovalRequest(admin1, next.getId());
317
318
319 }
320
321
322 public void testReject() throws Exception {
323 DummyApprovalRequest nonExecutableRequest = new DummyApprovalRequest(reqadmin,null,caid,SecConst.EMPTY_ENDENTITYPROFILE,false);
324 pub.addApprovalRequest(reqadmin, nonExecutableRequest);
325
326 Approval approval1 = new Approval("ap1test");
327 pub.approve(admin1, nonExecutableRequest.generateApprovalId(), approval1);
328
329 Collection result = pub.findApprovalDataVO(admin1, nonExecutableRequest.generateApprovalId());
330 ApprovalDataVO next = (ApprovalDataVO) result.iterator().next();
331 assertTrue("Status = " + next.getStatus(), next.getStatus() == ApprovalDataVO.STATUS_WAITINGFORAPPROVAL);
332 assertTrue(next.getRemainingApprovals() == 1);
333
334 Approval rejection = new Approval("rejectiontest");
335 pub.reject(admin2, nonExecutableRequest.generateApprovalId(), rejection);
336 result = pub.findApprovalDataVO(admin1, nonExecutableRequest.generateApprovalId());
337 next = (ApprovalDataVO) result.iterator().next();
338 assertTrue("Status = " + next.getStatus(), next.getStatus() == ApprovalDataVO.STATUS_REJECTED);
339 assertTrue(next.getRemainingApprovals() == 0);
340
341 pub.removeApprovalRequest(admin1, next.getId());
342
343 nonExecutableRequest = new DummyApprovalRequest(reqadmin,null,caid,SecConst.EMPTY_ENDENTITYPROFILE,false);
344 pub.addApprovalRequest(reqadmin, nonExecutableRequest);
345
346
347 rejection = new Approval("rejectiontest2");
348 pub.reject(admin1, nonExecutableRequest.generateApprovalId(), rejection);
349 result = pub.findApprovalDataVO(admin1, nonExecutableRequest.generateApprovalId());
350 next = (ApprovalDataVO) result.iterator().next();
351 assertTrue("Status = " + next.getStatus(), next.getStatus() == ApprovalDataVO.STATUS_REJECTED);
352 assertTrue(next.getRemainingApprovals() == 0);
353
354 try{
356 pub.approve(admin2, nonExecutableRequest.generateApprovalId(), approval1);
357 fail("It shouldn't be possible to approve a rejected request");
358 }catch(ApprovalException e){}
359
360 Thread.sleep(5000);
362 result = pub.findApprovalDataVO(admin1, nonExecutableRequest.generateApprovalId());
363 assertTrue(result.size() == 1);
364
365 next = (ApprovalDataVO) result.iterator().next();
366 assertTrue("Status = " + next.getStatus(), next.getStatus() == ApprovalDataVO.STATUS_EXPIRED);
367
368 try{
370 pub.reject(admin2, nonExecutableRequest.generateApprovalId(), rejection);
371 fail("It shouln't be possible to reject and expired request");
372 }catch(ApprovalException e){}
373
374
375 pub.removeApprovalRequest(admin1, next.getId());
376
377 }
378
379 public void testIsApproved() throws Exception {
380 DummyApprovalRequest nonExecutableRequest = new DummyApprovalRequest(reqadmin,null,caid,SecConst.EMPTY_ENDENTITYPROFILE,false);
381 pub.addApprovalRequest(reqadmin, nonExecutableRequest);
382
383 int status = pub.isApproved(reqadmin, nonExecutableRequest.generateApprovalId());
384 assertTrue(status == 2);
385
386 Approval approval1 = new Approval("ap1test");
387 pub.approve(admin1, nonExecutableRequest.generateApprovalId(), approval1);
388
389
390 status = pub.isApproved(reqadmin, nonExecutableRequest.generateApprovalId());
391 assertTrue(status == 1);
392
393 Approval approval2 = new Approval("ap2test");
394 pub.approve(admin2, nonExecutableRequest.generateApprovalId(), approval2);
395
396
397 status = pub.isApproved(reqadmin, nonExecutableRequest.generateApprovalId());
398 assertTrue(status == ApprovalDataVO.STATUS_APPROVED);
399
400 Thread.sleep(5000);
402
403 try{
404 status = pub.isApproved(reqadmin, nonExecutableRequest.generateApprovalId());
405 fail("A ApprovalRequestExpiredException should be thrown here");
406 }catch(ApprovalRequestExpiredException e){}
407
408 status = pub.isApproved(reqadmin, nonExecutableRequest.generateApprovalId());
409 assertTrue(status == ApprovalDataVO.STATUS_EXPIREDANDNOTIFIED);
410
411 Collection result = pub.findApprovalDataVO(admin1, nonExecutableRequest.generateApprovalId());
412 ApprovalDataVO next = (ApprovalDataVO) result.iterator().next();
413
414 pub.removeApprovalRequest(admin1, next.getId());
415 }
416
417 public void testFindNonExpiredApprovalRequest() throws Exception {
418 DummyApprovalRequest nonExecutableRequest = new DummyApprovalRequest(reqadmin,null,caid,SecConst.EMPTY_ENDENTITYPROFILE,false);
419
420 pub.addApprovalRequest(admin1, nonExecutableRequest);
421
422 Thread.sleep(5000);
424
425 pub.addApprovalRequest(admin1, nonExecutableRequest);
426
427 ApprovalDataVO result = pub.findNonExpiredApprovalRequest(admin1, nonExecutableRequest.generateApprovalId());
428 assertTrue(result.getStatus() == ApprovalDataVO.STATUS_WAITINGFORAPPROVAL);
429
430
431 Collection all = pub.findApprovalDataVO(admin1, nonExecutableRequest.generateApprovalId());
432 Iterator iter = all.iterator();
433 while(iter.hasNext()){
434 ApprovalDataVO next = (ApprovalDataVO) iter.next();
435 pub.removeApprovalRequest(admin1, next.getId());
436 }
437
438 }
439
440
441 public void testQuery() throws Exception {
442
443 DummyApprovalRequest req1 = new DummyApprovalRequest(reqadmin,null,caid,SecConst.EMPTY_ENDENTITYPROFILE,false);
445 DummyApprovalRequest req2 = new DummyApprovalRequest(admin1,null,caid,SecConst.EMPTY_ENDENTITYPROFILE,false);
446 DummyApprovalRequest req3 = new DummyApprovalRequest(admin2,null,3,2,false);
447
448 pub.addApprovalRequest(admin1, req1);
449 pub.addApprovalRequest(admin1, req2);
450 pub.addApprovalRequest(admin1, req3);
451
452 Query q1 = new Query(Query.TYPE_APPROVALQUERY);
454 q1.add(ApprovalMatch.MATCH_WITH_APPROVALTYPE,BasicMatch.MATCH_TYPE_EQUALS,""+req1.getApprovalType());
455
456 List result = pub.query(admin1, q1, 0, 3);
457 assertTrue("Result size " + result.size(), result.size() >= 2 && result.size() <= 3);
458
459 result = pub.query(admin1, q1, 1, 3);
460 assertTrue("Result size " + result.size(), result.size() >= 1 && result.size() <= 3);
461
462 result = pub.query(admin1, q1, 0, 1);
463 assertTrue("Result size " + result.size(), result.size() == 1);
464
465 Query q2 = new Query(Query.TYPE_APPROVALQUERY);
466 q2.add(ApprovalMatch.MATCH_WITH_STATUS,BasicMatch.MATCH_TYPE_EQUALS,""+ApprovalDataVO.STATUS_WAITINGFORAPPROVAL,Query.CONNECTOR_AND);
467 q2.add(ApprovalMatch.MATCH_WITH_REQUESTADMINCERTSERIALNUMBER,BasicMatch.MATCH_TYPE_EQUALS,reqadmincert.getSerialNumber().toString(16));
468
469 result = pub.query(admin1, q1, 1, 3);
470 assertTrue("Result size " + result.size(), result.size() >= 1 && result.size() <= 3);
471
472
473 int id1 = ((ApprovalDataVO) pub.findApprovalDataVO(admin1, req1.generateApprovalId()).iterator().next()).getId();
475 int id2 = ((ApprovalDataVO) pub.findApprovalDataVO(admin1, req2.generateApprovalId()).iterator().next()).getId();
476 int id3 = ((ApprovalDataVO) pub.findApprovalDataVO(admin1, req3.generateApprovalId()).iterator().next()).getId();
477 pub.removeApprovalRequest(admin1, id1);
478 pub.removeApprovalRequest(admin1, id2);
479 pub.removeApprovalRequest(admin1, id3);
480
481 }
482
483 protected void tearDown() throws Exception {
484 super.tearDown();
485
486 user.deleteUser(intadmin, adminusername1);
487 user.deleteUser(intadmin, adminusername2);
488 user.deleteUser(intadmin, reqadminusername);
489 auth.removeAdminEntities(intadmin, "Temporary Super Administrator Group", caid, adminentities);
490
491 }
492
493 }
494 |
Popular Tags |
Java API By Example, From Geeks To Geeks.