1 13 14 package se.anatom.ejbca.protocol; 15 16 import java.rmi.RemoteException ; 17 import java.security.cert.X509Certificate ; 18 import java.util.Collection ; 19 import java.util.Iterator ; 20 21 import javax.ejb.CreateException ; 22 23 import junit.framework.TestSuite; 24 25 import org.apache.log4j.Logger; 26 import org.bouncycastle.ocsp.CertificateID; 27 import org.bouncycastle.ocsp.OCSPReq; 28 import org.bouncycastle.ocsp.OCSPReqGenerator; 29 import org.bouncycastle.ocsp.RevokedStatus; 30 import org.bouncycastle.ocsp.SingleResp; 31 import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionRemote; 32 import org.ejbca.core.ejb.ca.store.CertificateDataPK; 33 import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionRemote; 34 import org.ejbca.core.model.ca.crl.RevokedCertInfo; 35 import org.ejbca.util.CertTools; 36 37 44 public class ProtocolOcspHttpStandaloneTest extends ProtocolOcspHttpTest { 45 private static final Logger log = Logger.getLogger(ProtocolOcspHttpStandaloneTest.class); 46 47 private static final int myCaId = 1584670546; 48 private static final String myOcspIp = "127.0.0.1"; 49 50 public static void main(String args[]) { 51 junit.textui.TestRunner.run(suite()); 52 } 53 54 55 public static TestSuite suite() { 56 return new TestSuite(ProtocolOcspHttpStandaloneTest.class); 57 } 58 59 60 public ProtocolOcspHttpStandaloneTest(String name) throws Exception { 61 super(name, "http://"+myOcspIp+":8080/ejbca", "publicweb/status/ocsp"); 62 } 63 64 protected void setCAID(ICAAdminSessionRemote casession) { 65 caid = myCaId; 66 } 67 68 public void test01Access() throws Exception { 69 super.test01Access(); 70 } 71 72 75 public void test02OcspGood() throws Exception { 76 log.debug(">test02OcspGood()"); 77 78 OCSPReqGenerator gen = new OCSPReqGenerator(); 80 final X509Certificate ocspTestCert = getTestCert(false); 81 gen.addRequest(new CertificateID(CertificateID.HASH_SHA1, cacert, ocspTestCert.getSerialNumber())); 82 OCSPReq req = gen.generate(); 83 84 SingleResp singleResp = sendOCSPPost(req.getEncoded(), null); 86 87 CertificateID certId = singleResp.getCertID(); 88 assertEquals("Serno in response does not match serno in request.", certId.getSerialNumber(), ocspTestCert.getSerialNumber()); 89 Object status = singleResp.getCertStatus(); 90 assertEquals("Status is not null (good)", status, null); 91 log.debug("<test02OcspGood()"); 92 } 93 private X509Certificate getTestCert( boolean isRevoked ) throws RemoteException , CreateException { 94 ICertificateStoreSessionRemote store = storehome.create(); 95 Collection certs = store.findCertificatesByUsername(admin, "ocspTest"); 96 Iterator i = certs.iterator(); 97 while ( i.hasNext() ) { 98 X509Certificate cert = (X509Certificate )i.next(); 99 if ( isRevoked==(store.isRevoked(admin, cert.getIssuerDN().toString(), cert.getSerialNumber()).getReason()!=RevokedCertInfo.NOT_REVOKED) ) 100 return cert; 101 } 102 assertNotNull("Misslyckades hämta cert", null); 103 return null; 104 } 105 106 109 public void test03OcspRevoked() throws Exception { 110 log.debug(">test03OcspRevoked()"); 111 CertificateDataPK pk = new CertificateDataPK(); 113 final X509Certificate ocspTestCert = getTestCert(true); 114 pk.fingerprint = CertTools.getFingerprintAsString(ocspTestCert); 115 ICertificateStoreSessionRemote store = storehome.create(); 116 store.revokeCertificate(admin, ocspTestCert,null,RevokedCertInfo.REVOKATION_REASON_KEYCOMPROMISE); 117 OCSPReqGenerator gen = new OCSPReqGenerator(); 119 gen.addRequest(new CertificateID(CertificateID.HASH_SHA1, cacert, ocspTestCert.getSerialNumber())); 120 OCSPReq req = gen.generate(); 121 122 SingleResp singleResp = sendOCSPPost(req.getEncoded(), null); 124 125 CertificateID certId = singleResp.getCertID(); 126 assertEquals("Serno in response does not match serno in request.", certId.getSerialNumber(), ocspTestCert.getSerialNumber()); 127 Object status = singleResp.getCertStatus(); 128 assertTrue("Status is not RevokedStatus", status instanceof RevokedStatus); 129 RevokedStatus rev = (RevokedStatus) status; 130 assertTrue("Status does not have reason", rev.hasRevocationReason()); 131 int reason = rev.getRevocationReason(); 132 assertEquals("Wrong revocation reason", reason, RevokedCertInfo.REVOKATION_REASON_KEYCOMPROMISE); 133 log.debug("<test03OcspRevoked()"); 134 } 135 136 } 137 | Popular Tags |