ProtocolOcspHttpStandaloneTest


1   /*************************************************************************
2    *                                                                       *
3    *  EJBCA: The OpenSource Certificate Authority                          *
4    *                                                                       *
5    *  This software is free software; you can redistribute it and/or       *
6    *  modify it under the terms of the GNU Lesser General Public           *
7    *  License as published by the Free Software Foundation; either         *
8    *  version 2.1 of the License, or any later version.                    *
9    *                                                                       *
10   *  See terms of license at gnu.org.                                     *
11   *                                                                       *
12   *************************************************************************/
13  
14  package se.anatom.ejbca.protocol;
15  
16  import java.rmi.RemoteException  ;
17  import java.security.cert.X509Certificate  ;
18  import java.util.Collection  ;
19  import java.util.Iterator  ;
20  
21  import javax.ejb.CreateException  ;
22  
23  import junit.framework.TestSuite;
24  
25  import org.apache.log4j.Logger;
26  import org.bouncycastle.ocsp.CertificateID;
27  import org.bouncycastle.ocsp.OCSPReq;
28  import org.bouncycastle.ocsp.OCSPReqGenerator;
29  import org.bouncycastle.ocsp.RevokedStatus;
30  import org.bouncycastle.ocsp.SingleResp;
31  import org.ejbca.core.ejb.ca.caadmin.ICAAdminSessionRemote;
32  import org.ejbca.core.ejb.ca.store.CertificateDataPK;
33  import org.ejbca.core.ejb.ca.store.ICertificateStoreSessionRemote;
34  import org.ejbca.core.model.ca.crl.RevokedCertInfo;
35  import org.ejbca.util.CertTools;
36  
37  /** Tests http pages of a standalone ocsp
38   * To run this test you must create a user named ocspTest that has at least two certificates and
39   * at least one of them must be revoked.
40   * 
41   * Change the adress 127.0.0.1 to where you standalone OCSP server is running.
42   * Change caid to the CA that ocspTest blongs to
43   **/
44  public class ProtocolOcspHttpStandaloneTest extends ProtocolOcspHttpTest {
45      private static final Logger log = Logger.getLogger(ProtocolOcspHttpStandaloneTest.class);
46  
47      private static final int myCaId = 1584670546;
48      private static final String   myOcspIp = "127.0.0.1";
49      
50      public static void main(String   args[]) {
51          junit.textui.TestRunner.run(suite());
52      }
53  
54  
55      public static TestSuite suite() {
56          return new TestSuite(ProtocolOcspHttpStandaloneTest.class);
57      }
58  
59  
60      public ProtocolOcspHttpStandaloneTest(String   name) throws Exception   {
61          super(name, "http://"+myOcspIp+":8080/ejbca", "publicweb/status/ocsp");
62      }
63  
64      protected void setCAID(ICAAdminSessionRemote casession) {
65          caid = myCaId;
66      }
67      
68      public void test01Access() throws Exception   {
69          super.test01Access();
70      }
71  
72      /** Tests ocsp message
73       * @throws Exception error
74       */
75      public void test02OcspGood() throws Exception   {
76          log.debug(">test02OcspGood()");
77  
78          // And an OCSP request
79          OCSPReqGenerator gen = new OCSPReqGenerator();
80          final X509Certificate   ocspTestCert = getTestCert(false);
81          gen.addRequest(new CertificateID(CertificateID.HASH_SHA1, cacert, ocspTestCert.getSerialNumber()));
82          OCSPReq req = gen.generate();
83  
84          // Send the request and receive a singleResponse
85          SingleResp singleResp = sendOCSPPost(req.getEncoded(), null);
86          
87          CertificateID certId = singleResp.getCertID();
88          assertEquals("Serno in response does not match serno in request.", certId.getSerialNumber(), ocspTestCert.getSerialNumber());
89          Object   status = singleResp.getCertStatus();
90          assertEquals("Status is not null (good)", status, null);
91          log.debug("<test02OcspGood()");
92      }
93      private X509Certificate   getTestCert( boolean isRevoked ) throws RemoteException  , CreateException   {
94          ICertificateStoreSessionRemote store = storehome.create();
95          Collection   certs = store.findCertificatesByUsername(admin, "ocspTest");
96          Iterator   i = certs.iterator();
97          while ( i.hasNext() ) {
98              X509Certificate   cert = (X509Certificate  )i.next();
99              if ( isRevoked==(store.isRevoked(admin, cert.getIssuerDN().toString(), cert.getSerialNumber()).getReason()!=RevokedCertInfo.NOT_REVOKED) )
100                 return cert;
101         }
102         assertNotNull("Misslyckades h�mta cert", null);
103         return null;
104     }
105 
106     /** Tests ocsp message
107      * @throws Exception error
108      */
109     public void test03OcspRevoked() throws Exception   {
110         log.debug(">test03OcspRevoked()");
111         // Now revoke the certificate and try again
112         CertificateDataPK pk = new CertificateDataPK();
113         final X509Certificate   ocspTestCert = getTestCert(true);
114         pk.fingerprint = CertTools.getFingerprintAsString(ocspTestCert);
115         ICertificateStoreSessionRemote store = storehome.create();
116         store.revokeCertificate(admin, ocspTestCert,null,RevokedCertInfo.REVOKATION_REASON_KEYCOMPROMISE);
117         // And an OCSP request
118         OCSPReqGenerator gen = new OCSPReqGenerator();
119         gen.addRequest(new CertificateID(CertificateID.HASH_SHA1, cacert, ocspTestCert.getSerialNumber()));
120         OCSPReq req = gen.generate();
121 
122         // Send the request and receive a singleResponse
123         SingleResp singleResp = sendOCSPPost(req.getEncoded(), null);
124 
125         CertificateID certId = singleResp.getCertID();
126         assertEquals("Serno in response does not match serno in request.", certId.getSerialNumber(), ocspTestCert.getSerialNumber());
127         Object   status = singleResp.getCertStatus();
128         assertTrue("Status is not RevokedStatus", status instanceof RevokedStatus);
129         RevokedStatus rev = (RevokedStatus) status;
130         assertTrue("Status does not have reason", rev.hasRevocationReason());
131         int reason = rev.getRevocationReason();
132         assertEquals("Wrong revocation reason", reason, RevokedCertInfo.REVOKATION_REASON_KEYCOMPROMISE);
133         log.debug("<test03OcspRevoked()");
134     }
135 
136 }
137
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags