1 package se.anatom.ejbca.approval; 2 3 import java.io.File ; 4 import java.security.cert.X509Certificate ; 5 import java.util.ArrayList ; 6 import java.util.Collection ; 7 import java.util.Date ; 8 import java.util.Iterator ; 9 import java.util.List ; 10 import java.util.Random ; 11 12 import javax.naming.Context ; 13 import javax.naming.NamingException ; 14 15 import junit.framework.TestCase; 16 17 import org.apache.log4j.Logger; 18 import org.ejbca.core.ejb.approval.IApprovalSessionHome; 19 import org.ejbca.core.ejb.approval.IApprovalSessionRemote; 20 import org.ejbca.core.ejb.authorization.IAuthorizationSessionHome; 21 import org.ejbca.core.ejb.authorization.IAuthorizationSessionRemote; 22 import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionHome; 23 import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionRemote; 24 import org.ejbca.core.ejb.ra.IUserAdminSessionHome; 25 import org.ejbca.core.ejb.ra.IUserAdminSessionRemote; 26 import org.ejbca.core.model.SecConst; 27 import org.ejbca.core.model.approval.AdminAlreadyApprovedRequestException; 28 import org.ejbca.core.model.approval.Approval; 29 import org.ejbca.core.model.approval.ApprovalDataVO; 30 import org.ejbca.core.model.approval.ApprovalException; 31 import org.ejbca.core.model.approval.ApprovalRequestExpiredException; 32 import org.ejbca.core.model.approval.approvalrequests.DummyApprovalRequest; 33 import org.ejbca.core.model.authorization.AdminEntity; 34 import org.ejbca.core.model.authorization.AdminGroup; 35 import org.ejbca.core.model.log.Admin; 36 import org.ejbca.core.model.ra.UserDataVO; 37 import org.ejbca.ui.cli.batch.BatchMakeP12; 38 import org.ejbca.util.CertTools; 39 import org.ejbca.util.query.ApprovalMatch; 40 import org.ejbca.util.query.BasicMatch; 41 import org.ejbca.util.query.Query; 42 43 public class TestApprovalSession extends TestCase { 44 45 46 private static Logger log = Logger.getLogger(TestApprovalSession.class); 47 private static Context ctx; 48 private static IApprovalSessionRemote pub; 49 private static IAuthorizationSessionRemote auth; 50 private static IUserAdminSessionRemote user; 51 private static ICertificateStoreSessionRemote store; 52 53 private static String reqadminusername = null; 54 private static String adminusername1 = null; 55 private static String adminusername2 = null; 56 57 private static X509Certificate reqadmincert = null; 58 private static X509Certificate admincert1 = null; 59 private static X509Certificate admincert2 = null; 60 61 private static Admin reqadmin = null; 62 private static Admin admin1 = null; 63 private static Admin admin2 = null; 64 65 private static int caid = "CN=TEST".hashCode(); 66 private static ArrayList adminentities; 67 68 69 70 private static final Admin intadmin = new Admin(Admin.TYPE_INTERNALUSER); 71 72 73 74 75 76 protected void setUp() throws Exception { 77 super.setUp(); 78 ctx = getInitialContext(); 79 Object obj = ctx.lookup("ApprovalSession"); 80 IApprovalSessionHome home = (IApprovalSessionHome) javax.rmi.PortableRemoteObject.narrow(obj, 81 IApprovalSessionHome.class); 82 pub = home.create(); 83 84 obj = ctx.lookup("AuthorizationSession"); 85 IAuthorizationSessionHome authhome = (IAuthorizationSessionHome) javax.rmi.PortableRemoteObject.narrow(obj, 86 IAuthorizationSessionHome.class); 87 auth = authhome.create(); 88 89 obj = ctx.lookup("UserAdminSession"); 90 IUserAdminSessionHome userhome = (IUserAdminSessionHome) javax.rmi.PortableRemoteObject.narrow(obj, 91 IUserAdminSessionHome.class); 92 user = userhome.create(); 93 94 obj = ctx.lookup("CertificateStoreSession"); 95 ICertificateStoreSessionHome storehome = (ICertificateStoreSessionHome) javax.rmi.PortableRemoteObject.narrow(obj, ICertificateStoreSessionHome.class); 96 store = storehome.create(); 97 98 CertTools.installBCProvider(); 99 100 adminusername1 = genRandomUserName(); 101 adminusername2 = adminusername1 + "2"; 102 reqadminusername = "req" + adminusername1; 103 104 105 Collection admingroups = auth.getAuthorizedAdminGroupNames(intadmin); 106 Iterator iter = admingroups.iterator(); 107 while(iter.hasNext()){ 108 AdminGroup group = (AdminGroup) iter.next(); 109 if(group.getAdminGroupName().equals("Temporary Super Administrator Group")){ 110 caid = group.getCAId(); 111 112 } 113 } 114 115 UserDataVO userdata = new UserDataVO(adminusername1,"CN="+adminusername1,caid,null,null,1,SecConst.EMPTY_ENDENTITYPROFILE, 116 SecConst.CERTPROFILE_FIXED_ENDUSER,SecConst.TOKEN_SOFT_P12,0,null); 117 userdata.setPassword("foo123"); 118 user.addUser(intadmin, userdata , true); 119 120 121 UserDataVO userdata2 = new UserDataVO(adminusername2,"CN="+adminusername2,caid,null,null,1,SecConst.EMPTY_ENDENTITYPROFILE, 122 SecConst.CERTPROFILE_FIXED_ENDUSER,SecConst.TOKEN_SOFT_P12,0,null); 123 userdata2.setPassword("foo123"); 124 user.addUser(intadmin, userdata2 , true); 125 126 UserDataVO userdata3 = new UserDataVO(reqadminusername,"CN="+reqadminusername,caid,null,null,1,SecConst.EMPTY_ENDENTITYPROFILE, 127 SecConst.CERTPROFILE_FIXED_ENDUSER,SecConst.TOKEN_SOFT_P12,0,null); 128 userdata3.setPassword("foo123"); 129 user.addUser(intadmin, userdata3 , true); 130 131 BatchMakeP12 makep12 = new BatchMakeP12(); 132 File tmpfile = File.createTempFile("ejbca", "p12"); 133 134 makep12.setMainStoreDir(tmpfile.getParent()); 136 makep12.createAllNew(); 137 138 139 140 adminentities = new ArrayList (); 141 adminentities.add(new AdminEntity(AdminEntity.WITH_COMMONNAME,AdminEntity.TYPE_EQUALCASEINS,adminusername1,caid)); 142 adminentities.add(new AdminEntity(AdminEntity.WITH_COMMONNAME,AdminEntity.TYPE_EQUALCASEINS,adminusername2,caid)); 143 adminentities.add(new AdminEntity(AdminEntity.WITH_COMMONNAME,AdminEntity.TYPE_EQUALCASEINS,reqadminusername,caid)); 144 auth.addAdminEntities(intadmin, "Temporary Super Administrator Group", caid, adminentities); 145 146 auth.forceRuleUpdate(intadmin); 147 148 admincert1 = (X509Certificate ) store.findCertificatesByUsername(intadmin, adminusername1).iterator().next(); 149 admincert2 = (X509Certificate ) store.findCertificatesByUsername(intadmin, adminusername2).iterator().next(); 150 reqadmincert = (X509Certificate ) store.findCertificatesByUsername(intadmin, reqadminusername).iterator().next(); 151 152 admin1 = new Admin(admincert1); 153 admin2 = new Admin(admincert2); 154 reqadmin = new Admin(reqadmincert); 155 156 157 } 158 159 private String genRandomUserName() throws Exception { 160 Random rand = new Random (new Date ().getTime() + 4711); 162 String username = ""; 163 for (int i = 0; i < 6; i++) { 164 int randint = rand.nextInt(9); 165 username += (new Integer (randint)).toString(); 166 } 167 log.debug("Generated random username: username =" + username); 168 169 return username; 170 } 172 private Context getInitialContext() throws NamingException { 173 log.debug(">getInitialContext"); 174 Context ctx = new javax.naming.InitialContext (); 175 log.debug("<getInitialContext"); 176 177 return ctx; 178 } 179 180 181 public void testAddApprovalRequest() throws Exception { 182 183 DummyApprovalRequest nonExecutableRequest = new DummyApprovalRequest(reqadmin,null,caid,SecConst.EMPTY_ENDENTITYPROFILE,false); 184 185 Collection result = pub.findApprovalDataVO(admin1, nonExecutableRequest.generateApprovalId()); 187 assertTrue(result.size() == 0); 188 189 pub.addApprovalRequest(admin1, nonExecutableRequest); 190 191 192 result = pub.findApprovalDataVO(admin1, nonExecutableRequest.generateApprovalId()); 194 assertTrue(result.size() == 1); 195 196 ApprovalDataVO next = (ApprovalDataVO) result.iterator().next(); 197 assertTrue("Status = " + next.getStatus(), next.getStatus() == ApprovalDataVO.STATUS_WAITINGFORAPPROVAL); 198 assertTrue(next.getCAId() == caid); 199 assertTrue(next.getEndEntityProfileiId() == SecConst.EMPTY_ENDENTITYPROFILE); 200 assertTrue(next.getReqadmincertissuerdn().equals(CertTools.getIssuerDN(reqadmincert))); 201 assertTrue(next.getReqadmincertsn().equals(reqadmincert.getSerialNumber().toString(16))); 202 assertTrue(next.getApprovalId() == nonExecutableRequest.generateApprovalId()); 203 assertTrue(next.getApprovalType() == nonExecutableRequest.getApprovalType()); 204 assertTrue(next.getApprovals().size() == 0); 205 assertTrue(!next.getApprovalRequest().isExecutable()); 206 assertTrue(next.getRemainingApprovals() == 2); 207 208 Thread.sleep(5000); 210 result = pub.findApprovalDataVO(admin1, nonExecutableRequest.generateApprovalId()); 211 assertTrue(result.size() == 1); 212 213 next = (ApprovalDataVO) result.iterator().next(); 214 assertTrue("Status = " + next.getStatus(), next.getStatus() == ApprovalDataVO.STATUS_EXPIRED); 215 216 217 pub.removeApprovalRequest(admin1, next.getId()); 218 219 pub.addApprovalRequest(admin1, nonExecutableRequest); 221 try{ 222 pub.addApprovalRequest(admin1, nonExecutableRequest); 223 fail("It shouldn't be possible to add two identical requests."); 224 }catch(ApprovalException e){} 225 226 Thread.sleep(5000); 228 result = pub.findApprovalDataVO(admin1, nonExecutableRequest.generateApprovalId()); 229 ApprovalDataVO expired = (ApprovalDataVO) result.iterator().next(); 230 231 pub.addApprovalRequest(admin1, nonExecutableRequest); 232 233 pub.removeApprovalRequest(admin1, expired.getId()); 234 235 result = pub.findApprovalDataVO(admin1, nonExecutableRequest.generateApprovalId()); 236 next = (ApprovalDataVO) result.iterator().next(); 237 238 pub.removeApprovalRequest(admin1, next.getId()); 239 } 240 241 public void testApprove() throws Exception { 242 DummyApprovalRequest nonExecutableRequest = new DummyApprovalRequest(reqadmin,null,caid,SecConst.EMPTY_ENDENTITYPROFILE,false); 243 pub.addApprovalRequest(admin1, nonExecutableRequest); 244 245 Approval approval1 = new Approval("ap1test"); 246 pub.approve(admin1, nonExecutableRequest.generateApprovalId(), approval1); 247 248 Collection result = pub.findApprovalDataVO(admin1, nonExecutableRequest.generateApprovalId()); 249 assertTrue(result.size() == 1); 250 251 ApprovalDataVO next = (ApprovalDataVO) result.iterator().next(); 252 assertTrue("Status = " + next.getStatus(), next.getStatus() == ApprovalDataVO.STATUS_WAITINGFORAPPROVAL); 253 assertTrue(next.getRemainingApprovals() == 1); 254 255 Approval approvalAgain = new Approval("apAgaintest"); 256 try{ 257 pub.approve(admin1, nonExecutableRequest.generateApprovalId(), approvalAgain); 258 fail("The same admin shouln'tt be able to approve a request twice"); 259 }catch(AdminAlreadyApprovedRequestException e){} 260 261 Approval approval2 = new Approval("ap2test"); 262 pub.approve(admin2, nonExecutableRequest.generateApprovalId(), approval2); 263 264 result = pub.findApprovalDataVO(admin1, nonExecutableRequest.generateApprovalId()); 265 assertTrue(result.size() == 1); 266 267 next = (ApprovalDataVO) result.iterator().next(); 268 assertTrue("Status = " + next.getStatus(), next.getStatus() == ApprovalDataVO.STATUS_APPROVED); 269 assertTrue(next.getRemainingApprovals() == 0); 270 271 Thread.sleep(5000); 273 result = pub.findApprovalDataVO(admin1, nonExecutableRequest.generateApprovalId()); 274 assertTrue(result.size() == 1); 275 276 next = (ApprovalDataVO) result.iterator().next(); 277 assertTrue("Status = " + next.getStatus(), next.getStatus() == ApprovalDataVO.STATUS_EXPIRED); 278 279 pub.removeApprovalRequest(admin1, next.getId()); 280 281 282 DummyApprovalRequest executableRequest = new DummyApprovalRequest(reqadmin,null,caid,SecConst.EMPTY_ENDENTITYPROFILE,true); 284 pub.addApprovalRequest(admin1, executableRequest); 285 286 pub.approve(admin1, nonExecutableRequest.generateApprovalId(), approval1); 287 pub.approve(admin2, nonExecutableRequest.generateApprovalId(), approval2); 288 289 result = pub.findApprovalDataVO(admin1, executableRequest.generateApprovalId()); 290 assertTrue(result.size() == 1); 291 next = (ApprovalDataVO) result.iterator().next(); 292 assertTrue("Status = " + next.getStatus(), next.getStatus() == ApprovalDataVO.STATUS_EXECUTED); 293 294 Thread.sleep(5000); 296 result = pub.findApprovalDataVO(admin1, executableRequest.generateApprovalId()); 297 assertTrue(result.size() == 1); 298 299 next = (ApprovalDataVO) result.iterator().next(); 300 assertTrue("Status = " + next.getStatus(), next.getStatus() == ApprovalDataVO.STATUS_EXECUTED); 301 302 303 pub.removeApprovalRequest(admin1, next.getId()); 304 305 nonExecutableRequest = new DummyApprovalRequest(reqadmin,null,caid,SecConst.EMPTY_ENDENTITYPROFILE,false); 307 pub.addApprovalRequest(admin1, nonExecutableRequest); 308 Approval approvalUsingReqAdmin = new Approval("approvalUsingReqAdmin"); 309 try{ 310 pub.approve(reqadmin, nonExecutableRequest.generateApprovalId(), approvalUsingReqAdmin); 311 fail("Request admin shouln't be able to approve their own request"); 312 }catch(AdminAlreadyApprovedRequestException e){} 313 result = pub.findApprovalDataVO(admin1, executableRequest.generateApprovalId()); 314 assertTrue(result.size() == 1); 315 next = (ApprovalDataVO) result.iterator().next(); 316 pub.removeApprovalRequest(admin1, next.getId()); 317 318 319 } 320 321 322 public void testReject() throws Exception { 323 DummyApprovalRequest nonExecutableRequest = new DummyApprovalRequest(reqadmin,null,caid,SecConst.EMPTY_ENDENTITYPROFILE,false); 324 pub.addApprovalRequest(reqadmin, nonExecutableRequest); 325 326 Approval approval1 = new Approval("ap1test"); 327 pub.approve(admin1, nonExecutableRequest.generateApprovalId(), approval1); 328 329 Collection result = pub.findApprovalDataVO(admin1, nonExecutableRequest.generateApprovalId()); 330 ApprovalDataVO next = (ApprovalDataVO) result.iterator().next(); 331 assertTrue("Status = " + next.getStatus(), next.getStatus() == ApprovalDataVO.STATUS_WAITINGFORAPPROVAL); 332 assertTrue(next.getRemainingApprovals() == 1); 333 334 Approval rejection = new Approval("rejectiontest"); 335 pub.reject(admin2, nonExecutableRequest.generateApprovalId(), rejection); 336 result = pub.findApprovalDataVO(admin1, nonExecutableRequest.generateApprovalId()); 337 next = (ApprovalDataVO) result.iterator().next(); 338 assertTrue("Status = " + next.getStatus(), next.getStatus() == ApprovalDataVO.STATUS_REJECTED); 339 assertTrue(next.getRemainingApprovals() == 0); 340 341 pub.removeApprovalRequest(admin1, next.getId()); 342 343 nonExecutableRequest = new DummyApprovalRequest(reqadmin,null,caid,SecConst.EMPTY_ENDENTITYPROFILE,false); 344 pub.addApprovalRequest(reqadmin, nonExecutableRequest); 345 346 347 rejection = new Approval("rejectiontest2"); 348 pub.reject(admin1, nonExecutableRequest.generateApprovalId(), rejection); 349 result = pub.findApprovalDataVO(admin1, nonExecutableRequest.generateApprovalId()); 350 next = (ApprovalDataVO) result.iterator().next(); 351 assertTrue("Status = " + next.getStatus(), next.getStatus() == ApprovalDataVO.STATUS_REJECTED); 352 assertTrue(next.getRemainingApprovals() == 0); 353 354 try{ 356 pub.approve(admin2, nonExecutableRequest.generateApprovalId(), approval1); 357 fail("It shouldn't be possible to approve a rejected request"); 358 }catch(ApprovalException e){} 359 360 Thread.sleep(5000); 362 result = pub.findApprovalDataVO(admin1, nonExecutableRequest.generateApprovalId()); 363 assertTrue(result.size() == 1); 364 365 next = (ApprovalDataVO) result.iterator().next(); 366 assertTrue("Status = " + next.getStatus(), next.getStatus() == ApprovalDataVO.STATUS_EXPIRED); 367 368 try{ 370 pub.reject(admin2, nonExecutableRequest.generateApprovalId(), rejection); 371 fail("It shouln't be possible to reject and expired request"); 372 }catch(ApprovalException e){} 373 374 375 pub.removeApprovalRequest(admin1, next.getId()); 376 377 } 378 379 public void testIsApproved() throws Exception { 380 DummyApprovalRequest nonExecutableRequest = new DummyApprovalRequest(reqadmin,null,caid,SecConst.EMPTY_ENDENTITYPROFILE,false); 381 pub.addApprovalRequest(reqadmin, nonExecutableRequest); 382 383 int status = pub.isApproved(reqadmin, nonExecutableRequest.generateApprovalId()); 384 assertTrue(status == 2); 385 386 Approval approval1 = new Approval("ap1test"); 387 pub.approve(admin1, nonExecutableRequest.generateApprovalId(), approval1); 388 389 390 status = pub.isApproved(reqadmin, nonExecutableRequest.generateApprovalId()); 391 assertTrue(status == 1); 392 393 Approval approval2 = new Approval("ap2test"); 394 pub.approve(admin2, nonExecutableRequest.generateApprovalId(), approval2); 395 396 397 status = pub.isApproved(reqadmin, nonExecutableRequest.generateApprovalId()); 398 assertTrue(status == ApprovalDataVO.STATUS_APPROVED); 399 400 Thread.sleep(5000); 402 403 try{ 404 status = pub.isApproved(reqadmin, nonExecutableRequest.generateApprovalId()); 405 fail("A ApprovalRequestExpiredException should be thrown here"); 406 }catch(ApprovalRequestExpiredException e){} 407 408 status = pub.isApproved(reqadmin, nonExecutableRequest.generateApprovalId()); 409 assertTrue(status == ApprovalDataVO.STATUS_EXPIREDANDNOTIFIED); 410 411 Collection result = pub.findApprovalDataVO(admin1, nonExecutableRequest.generateApprovalId()); 412 ApprovalDataVO next = (ApprovalDataVO) result.iterator().next(); 413 414 pub.removeApprovalRequest(admin1, next.getId()); 415 } 416 417 public void testFindNonExpiredApprovalRequest() throws Exception { 418 DummyApprovalRequest nonExecutableRequest = new DummyApprovalRequest(reqadmin,null,caid,SecConst.EMPTY_ENDENTITYPROFILE,false); 419 420 pub.addApprovalRequest(admin1, nonExecutableRequest); 421 422 Thread.sleep(5000); 424 425 pub.addApprovalRequest(admin1, nonExecutableRequest); 426 427 ApprovalDataVO result = pub.findNonExpiredApprovalRequest(admin1, nonExecutableRequest.generateApprovalId()); 428 assertTrue(result.getStatus() == ApprovalDataVO.STATUS_WAITINGFORAPPROVAL); 429 430 431 Collection all = pub.findApprovalDataVO(admin1, nonExecutableRequest.generateApprovalId()); 432 Iterator iter = all.iterator(); 433 while(iter.hasNext()){ 434 ApprovalDataVO next = (ApprovalDataVO) iter.next(); 435 pub.removeApprovalRequest(admin1, next.getId()); 436 } 437 438 } 439 440 441 public void testQuery() throws Exception { 442 443 DummyApprovalRequest req1 = new DummyApprovalRequest(reqadmin,null,caid,SecConst.EMPTY_ENDENTITYPROFILE,false); 445 DummyApprovalRequest req2 = new DummyApprovalRequest(admin1,null,caid,SecConst.EMPTY_ENDENTITYPROFILE,false); 446 DummyApprovalRequest req3 = new DummyApprovalRequest(admin2,null,3,2,false); 447 448 pub.addApprovalRequest(admin1, req1); 449 pub.addApprovalRequest(admin1, req2); 450 pub.addApprovalRequest(admin1, req3); 451 452 Query q1 = new Query(Query.TYPE_APPROVALQUERY); 454 q1.add(ApprovalMatch.MATCH_WITH_APPROVALTYPE,BasicMatch.MATCH_TYPE_EQUALS,""+req1.getApprovalType()); 455 456 List result = pub.query(admin1, q1, 0, 3); 457 assertTrue("Result size " + result.size(), result.size() >= 2 && result.size() <= 3); 458 459 result = pub.query(admin1, q1, 1, 3); 460 assertTrue("Result size " + result.size(), result.size() >= 1 && result.size() <= 3); 461 462 result = pub.query(admin1, q1, 0, 1); 463 assertTrue("Result size " + result.size(), result.size() == 1); 464 465 Query q2 = new Query(Query.TYPE_APPROVALQUERY); 466 q2.add(ApprovalMatch.MATCH_WITH_STATUS,BasicMatch.MATCH_TYPE_EQUALS,""+ApprovalDataVO.STATUS_WAITINGFORAPPROVAL,Query.CONNECTOR_AND); 467 q2.add(ApprovalMatch.MATCH_WITH_REQUESTADMINCERTSERIALNUMBER,BasicMatch.MATCH_TYPE_EQUALS,reqadmincert.getSerialNumber().toString(16)); 468 469 result = pub.query(admin1, q1, 1, 3); 470 assertTrue("Result size " + result.size(), result.size() >= 1 && result.size() <= 3); 471 472 473 int id1 = ((ApprovalDataVO) pub.findApprovalDataVO(admin1, req1.generateApprovalId()).iterator().next()).getId(); 475 int id2 = ((ApprovalDataVO) pub.findApprovalDataVO(admin1, req2.generateApprovalId()).iterator().next()).getId(); 476 int id3 = ((ApprovalDataVO) pub.findApprovalDataVO(admin1, req3.generateApprovalId()).iterator().next()).getId(); 477 pub.removeApprovalRequest(admin1, id1); 478 pub.removeApprovalRequest(admin1, id2); 479 pub.removeApprovalRequest(admin1, id3); 480 481 } 482 483 protected void tearDown() throws Exception { 484 super.tearDown(); 485 486 user.deleteUser(intadmin, adminusername1); 487 user.deleteUser(intadmin, adminusername2); 488 user.deleteUser(intadmin, reqadminusername); 489 auth.removeAdminEntities(intadmin, "Temporary Super Administrator Group", caid, adminentities); 490 491 } 492 493 } 494 | Popular Tags |