KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > se > anatom > ejbca > ra > raadmin > TestUserFullfillEndEntityProfile


1 /*************************************************************************
2  * *
3  * EJBCA: The OpenSource Certificate Authority *
4  * *
5  * This software is free software; you can redistribute it and/or *
6  * modify it under the terms of the GNU Lesser General Public *
7  * License as published by the Free Software Foundation; either *
8  * version 2.1 of the License, or any later version. *
9  * *
10  * See terms of license at gnu.org. *
11  * *
12  *************************************************************************/
13
14 package se.anatom.ejbca.ra.raadmin;
15
16 import junit.framework.TestCase;
17
18 import org.apache.log4j.Level;
19 import org.apache.log4j.Logger;
20 import org.ejbca.core.model.SecConst;
21 import org.ejbca.core.model.ra.raadmin.EndEntityProfile;
22 import org.ejbca.core.model.ra.raadmin.UserDoesntFullfillEndEntityProfile;
23 import org.ejbca.util.dn.DnComponents;
24
25
26
27 /**
28  * Tests the end entity profile entity bean profile checks only
29  *
30  * @version $Id $
31  */
32 public class TestUserFullfillEndEntityProfile extends TestCase {
33     private static Logger log = Logger.getLogger(TestUserFullfillEndEntityProfile.class);
34     
35
36     /**
37      * Creates a new TestEndEntityProfile object.
38      *
39      * @param name name
40      */
41     public TestUserFullfillEndEntityProfile(String JavaDoc name) {
42         super(name);
43     }
44
45     protected void setUp() throws Exception JavaDoc {
46         log.debug(">setUp()");
47         log.setLevel(Level.DEBUG);
48         log.debug("<setUp()");
49     }
50
51     protected void tearDown() throws Exception JavaDoc {
52     }
53
54     /**
55      * Test the profile fulfilling rutines
56      *
57      * @throws Exception error
58      */
59     public void test01fulfillEndEntityProfiles() throws Exception JavaDoc {
60         log.debug(">test01fulfillEndEntityProfiles()");
61
62         EndEntityProfile profile = new EndEntityProfile();
63         
64         // Dummy caids
65 int testca1 = 2;
66         int testca2 = 3;
67         
68         // Set so CN=modifyable required, OU0={DEP1_1,DEP1_2} required, OU1={DEP2_1,DEP2_2} required, C=OU1={SE,DK} not required
69 profile.addField(DnComponents.ORGANIZATIONUNIT);
70         profile.addField(DnComponents.ORGANIZATIONUNIT);
71         profile.addField(DnComponents.COUNTRY);
72         
73         profile.setRequired(DnComponents.ORGANIZATIONUNIT,0,true);
74         profile.setRequired(DnComponents.ORGANIZATIONUNIT,1,true);
75         
76         profile.setModifyable(DnComponents.ORGANIZATIONUNIT,0,false);
77         profile.setModifyable(DnComponents.ORGANIZATIONUNIT,1,false);
78         profile.setModifyable(DnComponents.COUNTRY,0,false);
79         
80         profile.setValue(DnComponents.ORGANIZATIONUNIT,0,"DEP1_1;DEP1_2");
81         profile.setValue(DnComponents.ORGANIZATIONUNIT,1,"DEP2_1;DEP2_2");
82         profile.setValue(DnComponents.COUNTRY,0,"SE;DK");
83         
84         profile.setValue(EndEntityProfile.AVAILCAS,0,""+testca1);
85         
86         
87         // Test completly erronious DN
88 try{
89           profile.doesUserFullfillEndEntityProfile("username","password","blabla","","","",SecConst.CERTPROFILE_FIXED_ENDUSER, false,
90                                                    false, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca1);
91           assertTrue("Profile does not check DN at all.", false);
92         }catch(UserDoesntFullfillEndEntityProfile e){
93             log.debug("End Entity Fulfill Profile Test 1 " + " = OK");
94         }
95
96         // Test correct DN
97 try{
98           profile.doesUserFullfillEndEntityProfile("username","password","CN=John Smith,OU=DEP1_1,OU=DEP2_1,C=SE","null","","",SecConst.CERTPROFILE_FIXED_ENDUSER, false,
99                                                    false, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca1);
100           log.debug("End Entity Profile Fulfill Test 2 " + " = OK");
101         }catch(UserDoesntFullfillEndEntityProfile e){
102             assertTrue(e.getMessage(), false);
103         }
104         
105         // Test no username even though is required
106 try{
107           profile.doesUserFullfillEndEntityProfile("","password","CN=John Smith,OU=DEP1_1,OU=DEP2_1,C=SE","null","","",SecConst.CERTPROFILE_FIXED_ENDUSER, false,
108                                                    false, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca1);
109           assertTrue("UserName is not checked even though it's required", false);
110         }catch(UserDoesntFullfillEndEntityProfile e){
111             log.debug("End Entity Profile Fulfill Test 3 " + e.getMessage() + " = OK");
112         }
113         
114         // Test no password even though is required
115 try{
116           profile.doesUserFullfillEndEntityProfile("username","","CN=John Smith,OU=DEP1_1,OU=DEP2_1,C=SE","null","","",SecConst.CERTPROFILE_FIXED_ENDUSER, false,
117                                                    false, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca1);
118           assertTrue("Password is not checked even though it's required", false);
119         }catch(UserDoesntFullfillEndEntityProfile e){
120             log.debug("End Entity Profile Test Fulfill 4 " + e.getMessage() + " = OK");
121         }
122         
123         // Test with no CN (required)
124 try{
125           profile.doesUserFullfillEndEntityProfile("username","password","OU=DEP1_1,OU=DEP2_1,C=SE","null","","",SecConst.CERTPROFILE_FIXED_ENDUSER, false,
126                                                    false, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca1);
127           assertTrue("Error Required CN field wasn't checked", false);
128         }catch(UserDoesntFullfillEndEntityProfile e){
129             log.debug("End Entity Fulfill Profile Test 5 " + e.getMessage() + " = OK");
130         }
131         
132         // Test with only one OU (2 required)
133 try{
134           profile.doesUserFullfillEndEntityProfile("username","password","CN=John Smith,OU=DEP2_1,C=SE","null","","",SecConst.CERTPROFILE_FIXED_ENDUSER, false,
135                                                    false, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca1);
136           assertTrue("Error Required OU field wasn't checked", false);
137         }catch(UserDoesntFullfillEndEntityProfile e){
138             log.debug("End Entity Fulfill Profile Test 6 " + e.getMessage() + " = OK");
139         }
140         
141         // Test were second OU have the wrong value (Dep2_1 or Dep2_2)
142 try{
143           profile.doesUserFullfillEndEntityProfile("username","password","CN=John Smith,OU=DEP1_1,OU=DEP2_3,C=SE","null","","",SecConst.CERTPROFILE_FIXED_ENDUSER, false,
144                                                    false, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca1);
145           assertTrue("Error value of second OU field wasn't checked", false);
146         }catch(UserDoesntFullfillEndEntityProfile e){
147             log.debug("End Entity Fulfill Profile Test 7 " + e.getMessage()+ " = OK");
148         }
149         
150         // Test without C (not required)
151 try{
152           profile.doesUserFullfillEndEntityProfile("username","password","CN=John Smith,OU=DEP1_1,OU=DEP2_2","null","","",SecConst.CERTPROFILE_FIXED_ENDUSER, false,
153                                                    false, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca1);
154           log.debug("End Entity Fulfill Profile Test 8 " + " = OK");
155         }catch(UserDoesntFullfillEndEntityProfile e){
156             assertTrue(e.getMessage(), false);
157         }
158         
159         // Test illegal value of C (SE or DK)
160 try{
161           profile.doesUserFullfillEndEntityProfile("username","password","CN=John Smith,OU=DEP1_1,OU=DEP2_2, C=NO","null","","",SecConst.CERTPROFILE_FIXED_ENDUSER, false,
162                                                    false, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca1);
163           assertTrue("Inproper check of C value.", false);
164         }catch(UserDoesntFullfillEndEntityProfile e){
165             log.debug("End Entity Fulfill Profile Test 9 " + e.getMessage() + " = OK");
166         }
167         
168         // Add some subject altname fields
169 profile.addField(DnComponents.RFC822NAME);
170         profile.addField(DnComponents.DNSNAME);
171         profile.addField(DnComponents.UPN);
172         profile.addField(DnComponents.IPADDRESS);
173         
174         profile.setRequired(DnComponents.RFC822NAME,0,true);
175         profile.setRequired(DnComponents.DNSNAME,0,true);
176         profile.setRequired(DnComponents.UPN,0,true);
177         profile.setRequired(DnComponents.IPADDRESS,0,true);
178                 
179         profile.setModifyable(DnComponents.RFC822NAME,0,false);
180         profile.setModifyable(DnComponents.DNSNAME,0,false);
181         profile.setModifyable(DnComponents.UPN,0,false);
182         profile.setModifyable(DnComponents.IPADDRESS,0,true);
183         
184         
185         profile.setValue(DnComponents.DNSNAME,0,"test.primekey.se");
186         profile.setValue(DnComponents.UPN,0,"test.com;primekey.se");
187         profile.setValue(DnComponents.IPADDRESS,0,"11.11.1.1");
188
189         profile.setRequired(EndEntityProfile.EMAIL,0,true);
190         profile.setModifyable(EndEntityProfile.EMAIL,0,false);
191         profile.setValue(EndEntityProfile.EMAIL,0,"test.com;primekey.se");
192         
193         // Test completly erronious Alt Name
194 try{
195           profile.doesUserFullfillEndEntityProfile("username","password","CN=John Smith,OU=DEP1_1,OU=DEP2_1,C=SE","blabla","","test@test.com",SecConst.CERTPROFILE_FIXED_ENDUSER, false,
196                                                    false, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca1);
197           assertTrue("Profile does not check altname at all.", false);
198         }catch(UserDoesntFullfillEndEntityProfile e){
199             log.debug("End Entity Fulfill Profile Test 10 " + " = OK");
200         }
201
202         // Test correct Alt Name
203 try{
204           profile.doesUserFullfillEndEntityProfile("username","password","CN=John Smith,OU=DEP1_1,OU=DEP2_1,C=SE","RFC822NAME=test@test.com, dnsname=test.primekey.se, Upn=test@primekey.se, ipaddress=11.11.1.2","","test@test.com",SecConst.CERTPROFILE_FIXED_ENDUSER, false,
205                                                    false, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca1);
206           log.debug("End Entity Profile Fulfill Test 11 " + " = OK");
207         }catch(UserDoesntFullfillEndEntityProfile e){
208             assertTrue(e.getMessage(), false);
209         }
210                 
211         
212         // Test with no RFC822NAME (required)
213 try{
214           profile.doesUserFullfillEndEntityProfile("username","password","CN=John Smith,OU=DEP1_1,OU=DEP2_1,C=SE","dnsname=test.primekey.se, Upn=test@primekey.se, ipaddress=11.11.1.2","","test@test.com",SecConst.CERTPROFILE_FIXED_ENDUSER, false,
215                                                    false, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca1);
216           assertTrue("Error Required RFC822NAME field wasn't checked", false);
217         }catch(UserDoesntFullfillEndEntityProfile e){
218             log.debug("End Entity Fulfill Profile Test 12 " + e.getMessage() + " = OK");
219         }
220         
221         // Test with one RFC822NAME to many
222 try{
223           profile.doesUserFullfillEndEntityProfile("username","password","CN=John Smith,OU=DEP1_1,OU=DEP2_1,C=SE", "rfc822name=test@test.com, rfc822name=test@primekey.se, dnsname=test.primekey.se, Upn=test@primekey.se, ipaddress=11.11.1.2","","test@test.com",SecConst.CERTPROFILE_FIXED_ENDUSER, false,
224                                                    false, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca1);
225           assertTrue("To many RFC822 names fields wasn't checked", false);
226         }catch(UserDoesntFullfillEndEntityProfile e){
227             log.debug("End Entity Fulfill Profile Test 13 " + e.getMessage() + " = OK");
228         }
229         
230         // Test that only domain is checked for RFC822name and UPN
231 try{
232           profile.doesUserFullfillEndEntityProfile("username","password","CN=John Smith,OU=DEP1_1,OU=DEP2_1,C=SE", "rfc822name=test@test.com, dnsname=test.primekey.se, Upn=test12@primekey.se, ipaddress=11.11.1.2","","test@test.com",SecConst.CERTPROFILE_FIXED_ENDUSER, false,
233                                                    false, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca1);
234            log.debug("End Entity Fulfill Profile Test 14 = OK");
235         }catch(UserDoesntFullfillEndEntityProfile e){
236             assertTrue("Not only domains of RFC822NAME and UPN where checked: " + e.getMessage() , false);
237         }
238         
239         // Test were DNS have illegal value
240 try{
241           profile.doesUserFullfillEndEntityProfile("username","password","CN=John Smith,OU=DEP1_1,OU=DEP2_1,C=SE","rfc822name=test@test.com, dnsname=test2.primekey.se, Upn=test12@primekey.se, ipaddress=11.11.1.2","","test@test.com",SecConst.CERTPROFILE_FIXED_ENDUSER, false,
242                                                    false, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca1);
243           assertTrue("Error value of DNS not checked.", false);
244         }catch(UserDoesntFullfillEndEntityProfile e){
245             log.debug("End Entity Fulfill Profile Test 15 " + e.getMessage()+ " = OK");
246         }
247         
248         // Test without IPADDRESS (required)
249 try{
250           profile.doesUserFullfillEndEntityProfile("username","password","CN=John Smith,OU=DEP1_1,OU=DEP2_1,C=SE","rfc822name=test@test.com, dnsname=test.primekey.se, Upn=test12@primekey.se","","",SecConst.CERTPROFILE_FIXED_ENDUSER, false,
251                                                    false, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca1);
252           assertTrue("Error not checking number of IPADDRESS properly.", false);
253         }catch(UserDoesntFullfillEndEntityProfile e){
254             log.debug("End Entity Fulfill Profile Test 16 " + " = OK");
255             
256         }
257         
258         
259         // Test without email field (required) 1
260 try{
261           profile.doesUserFullfillEndEntityProfile("username","password","CN=John Smith,OU=DEP1_1,OU=DEP2_1,C=SE","rfc822name=test@test.com, dnsname=test.primekey.se, Upn=test12@primekey.se, ipaddress=11.11.1.1","","",SecConst.CERTPROFILE_FIXED_ENDUSER, false,
262                                                    false, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca1);
263           assertTrue("Inproper check of email field.", false);
264         }catch(UserDoesntFullfillEndEntityProfile e){
265             log.debug("End Entity Fulfill Profile Test 17 " + e.getMessage() + " = OK");
266         }
267         
268         // Test without email field (required) 2
269 try{
270           profile.doesUserFullfillEndEntityProfile("username","password","CN=John Smith,OU=DEP1_1,OU=DEP2_1,C=SE","rfc822name=test@test.com, dnsname=test.primekey.se, Upn=test12@primekey.se, ipaddress=11.11.1.1","","null",SecConst.CERTPROFILE_FIXED_ENDUSER, false,
271                                                    false, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca1);
272           assertTrue("Inproper check of email field.", false);
273         }catch(UserDoesntFullfillEndEntityProfile e){
274             log.debug("End Entity Fulfill Profile Test 18 " + e.getMessage() + " = OK");
275         }
276         
277         // Test without email field (required) 3
278 try{
279           profile.doesUserFullfillEndEntityProfile("username","password","CN=John Smith,OU=DEP1_1,OU=DEP2_1,C=SE","rfc822name=test@test.com, dnsname=test.primekey.se, Upn=test12@primekey.se,ipaddress=11.11.1.1","",null,SecConst.CERTPROFILE_FIXED_ENDUSER, false,
280                                                    false, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca1);
281           assertTrue("Inproper check of email field.", false);
282         }catch(UserDoesntFullfillEndEntityProfile e){
283             log.debug("End Entity Fulfill Profile Test 19 " + e.getMessage() + " = OK");
284         }
285         
286         // Test illegal value of email field (test.com or primekey.se) 1
287 try{
288           profile.doesUserFullfillEndEntityProfile("username","password","CN=John Smith,OU=DEP1_1,OU=DEP2_1,C=SE","rfc822name=test11@test1.com, dnsname=test.primekey.se, Upn=test12@primekey.se,ipaddress=11.11.1.1","","test11@test1.com",SecConst.CERTPROFILE_FIXED_ENDUSER, false,
289                                                    false, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca1);
290           assertTrue("Inproper check of email field values.", false);
291         }catch(UserDoesntFullfillEndEntityProfile e){
292             log.debug("End Entity Fulfill Profile Test 20 " + e.getMessage() + " = OK");
293         }
294         
295         profile.setValue(EndEntityProfile.AVAILCERTPROFILES,0, SecConst.CERTPROFILE_FIXED_ENDUSER + ";" + SecConst.CERTPROFILE_FIXED_SUBCA);
296         
297         // Test illegal value of Certificate Profile
298 try{
299           profile.doesUserFullfillEndEntityProfile("username","password","CN=John Smith,OU=DEP1_1,OU=DEP2_1,C=SE","rfc822name=test11@test.com, dnsname=test.primekey.se, Upn=test12@primekey.se,ipaddress=11.11.1.1","","test11@test.com",SecConst.CERTPROFILE_FIXED_ROOTCA, false,
300                                                    false, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca1);
301           assertTrue("Inproper check of certificate profile values.", false);
302         }catch(UserDoesntFullfillEndEntityProfile e){
303             log.debug("End Entity Fulfill Profile Test 21 " + e.getMessage() + " = OK");
304         }
305         
306         profile.setUse(EndEntityProfile.ADMINISTRATOR,0, true);
307         profile.setValue(EndEntityProfile.ADMINISTRATOR,0, EndEntityProfile.TRUE);
308         profile.setRequired(EndEntityProfile.ADMINISTRATOR,0, true);
309         profile.setModifyable(EndEntityProfile.ADMINISTRATOR,0, true);
310         
311         // Test administrator required
312 try{
313           profile.doesUserFullfillEndEntityProfile("username","password","CN=John Smith,OU=DEP1_1,OU=DEP2_1,C=SE","rfc822name=test11@test.com, dnsname=test.primekey.se, Upn=test12@primekey.se,ipaddress=11.11.1.1","","test11@test.com",SecConst.CERTPROFILE_FIXED_SUBCA, false,
314                                                    false, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca1);
315           assertTrue("Inproper check of administrator flag.", false);
316         }catch(UserDoesntFullfillEndEntityProfile e){
317             log.debug("End Entity Fulfill Profile Test 22 " + e.getMessage() + " = OK");
318         }
319         
320         // Test administrator required
321 try{
322           profile.doesUserFullfillEndEntityProfile("username","password","CN=John Smith,OU=DEP1_1,OU=DEP2_1,C=SE","rfc822name=test11@test.com, dnsname=test.primekey.se, Upn=test12@primekey.se,ipaddress=11.11.1.1","","test11@test.com",SecConst.CERTPROFILE_FIXED_SUBCA, false,
323                                                    true, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca1);
324           log.debug("End Entity Fulfill Profile Test 23 = OK");
325         }catch(UserDoesntFullfillEndEntityProfile e){
326             assertTrue("Inproper check of administrator flag. " + e.getMessage(), false);
327         }
328         
329         // Test Wrong CA
330 try{
331           profile.doesUserFullfillEndEntityProfile("username","password","CN=John Smith,OU=DEP1_1,OU=DEP2_1,C=SE","rfc822name=test11@test.com, dnsname=test.primekey.se, Upn=test12@primekey.se,ipaddress=11.11.1.1","","test11@test.com",SecConst.CERTPROFILE_FIXED_SUBCA, false,
332                                                    true, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca2);
333           assertTrue("Inproper check of available ca's.", false);
334         }catch(UserDoesntFullfillEndEntityProfile e){
335             log.debug("End Entity Fulfill Profile Test 24 " + e.getMessage() + " = OK");
336         }
337         
338         
339         // New profile
340 profile = new EndEntityProfile();
341         
342         
343         // Set so CN=modifyable required, OU0={DEP1_1,DEP1_2} required, OU1={DEP2_1,DEP2_2} required, OU3=Optional, C=O{SE,DK} not required
344 profile.addField(DnComponents.ORGANIZATIONUNIT);
345         profile.addField(DnComponents.ORGANIZATIONUNIT);
346         profile.addField(DnComponents.ORGANIZATIONUNIT);
347         profile.addField(DnComponents.COUNTRY);
348         
349         profile.setRequired(DnComponents.ORGANIZATIONUNIT,0,true);
350         profile.setRequired(DnComponents.ORGANIZATIONUNIT,1,true);
351         profile.setRequired(DnComponents.ORGANIZATIONUNIT,2,false);
352         
353         profile.setModifyable(DnComponents.ORGANIZATIONUNIT,0,false);
354         profile.setModifyable(DnComponents.ORGANIZATIONUNIT,1,false);
355         profile.setModifyable(DnComponents.ORGANIZATIONUNIT,2,true);
356         profile.setModifyable(DnComponents.COUNTRY,0,false);
357         
358         profile.setValue(DnComponents.ORGANIZATIONUNIT,0,"DEP1_1;DEP1_2");
359         profile.setValue(DnComponents.ORGANIZATIONUNIT,1,"DEP2_1;DEP2_2");
360         profile.setValue(DnComponents.ORGANIZATIONUNIT,2,"DEP3_1;DEP3_2");
361         profile.setValue(DnComponents.COUNTRY,0,"SE;DK");
362         
363         profile.setValue(EndEntityProfile.AVAILCAS,0,""+testca1);
364                 
365         // Test with two OU (2 required)
366 try{
367           profile.doesUserFullfillEndEntityProfile("username","password","CN=John Smith,OU=DEP1_1,OU=DEP2_2,C=SE","null","","",SecConst.CERTPROFILE_FIXED_ENDUSER, false,
368                                                    false, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca1);
369           log.debug("End Entity Fulfill Profile Test 25 = OK");
370         }catch(UserDoesntFullfillEndEntityProfile e){
371             assertTrue("Error Required OU fields wasn't checked propertly: " + e.getMessage(), false);
372             
373         }
374         
375         // Test with tree OU (2 required)
376 try{
377           profile.doesUserFullfillEndEntityProfile("username","password","CN=John Smith,OU=DEP1_1,OU=DEP2_2,OU=DEP3_1,C=SE","null","","",SecConst.CERTPROFILE_FIXED_ENDUSER, false,
378                                                    false, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca1);
379           log.debug("End Entity Fulfill Profile Test 26 = OK");
380         }catch(UserDoesntFullfillEndEntityProfile e){
381             assertTrue("Error Required OU fields wasn't checked propertly: " + e.getMessage(), false);
382         }
383         
384         profile.setModifyable(DnComponents.ORGANIZATIONUNIT,2,false);
385         // Test with tree OU (2 required)
386 try{
387           profile.doesUserFullfillEndEntityProfile("username","password","CN=John Smith,OU=DEP1_1,OU=DEP2_2,OU=DEP3_1,C=SE","null","","",SecConst.CERTPROFILE_FIXED_ENDUSER, false,
388                                                    false, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca1);
389           log.debug("End Entity Fulfill Profile Test 27 = OK");
390         }catch(UserDoesntFullfillEndEntityProfile e){
391             assertTrue("Error Required OU fields wasn't checked propertly: " + e.getMessage(), false);
392         }
393         
394         // Test with tree OU (2 required)
395 try{
396           profile.doesUserFullfillEndEntityProfile("username","password","CN=John Smith,OU=DEP1_1,OU=DEP2_2,OU=DEP3_3,C=SE","null","","",SecConst.CERTPROFILE_FIXED_ENDUSER, false,
397                                                    false, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca1);
398             assertTrue("Error Required OU fields wasn't checked propertly " , false);
399         }catch(UserDoesntFullfillEndEntityProfile e){
400             log.debug("End Entity Fulfill Profile Test 28 = OK");
401         }
402
403         // Test Reverse Checks
404 // New profile
405 profile = new EndEntityProfile();
406         profile.setReverseFieldChecks(true);
407         
408         // Set so CN=modifyable required, OU0=Modifyable not required, OU1=Modifyable not required, OU3=required {hard,soft}, C=O{SE,DK} not required
409 profile.addField(DnComponents.ORGANIZATIONUNIT);
410         profile.addField(DnComponents.ORGANIZATIONUNIT);
411         profile.addField(DnComponents.ORGANIZATIONUNIT);
412         profile.addField(DnComponents.COUNTRY);
413         
414         profile.setRequired(DnComponents.ORGANIZATIONUNIT,0,false);
415         profile.setRequired(DnComponents.ORGANIZATIONUNIT,1,false);
416         profile.setRequired(DnComponents.ORGANIZATIONUNIT,2,true);
417         
418         profile.setModifyable(DnComponents.ORGANIZATIONUNIT,0,true);
419         profile.setModifyable(DnComponents.ORGANIZATIONUNIT,1,true);
420         profile.setModifyable(DnComponents.ORGANIZATIONUNIT,2,false);
421         profile.setModifyable(DnComponents.COUNTRY,0,false);
422         
423         profile.setValue(DnComponents.ORGANIZATIONUNIT,0,"");
424         profile.setValue(DnComponents.ORGANIZATIONUNIT,1,"");
425         profile.setValue(DnComponents.ORGANIZATIONUNIT,2,"HARD;SOFT");
426         profile.setValue(DnComponents.COUNTRY,0,"SE;DK");
427         
428         profile.setValue(EndEntityProfile.AVAILCAS,0,""+testca1);
429         
430         // Test with one OU (1 required)
431 try{
432           profile.doesUserFullfillEndEntityProfile("username","password","CN=John Smith,OU=HARD,C=SE","null","","",SecConst.CERTPROFILE_FIXED_ENDUSER, false,
433                                                    false, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca1);
434           log.debug("End Entity Fulfill Profile Test 29 = OK");
435         }catch(UserDoesntFullfillEndEntityProfile e){
436             assertTrue("Error Reverse OU fields wasn't checked propertly: " + e.getMessage(), false);
437             
438         }
439         
440         // Test with two OU (1 required)
441 try{
442           profile.doesUserFullfillEndEntityProfile("username","password","CN=John Smith,OU=DEP2_1,OU=HARD,C=SE","null","","",SecConst.CERTPROFILE_FIXED_ENDUSER, false,
443                                                    false, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca1);
444           log.debug("End Entity Fulfill Profile Test 30 = OK");
445         }catch(UserDoesntFullfillEndEntityProfile e){
446             assertTrue("Error Reverse OU fields wasn't checked propertly: " + e.getMessage(), false);
447             
448         }
449         
450         // Test with three OU (1 required)
451 try{
452           profile.doesUserFullfillEndEntityProfile("username","password","CN=John Smith,OU=DEP1_1,OU=DEP2_1,OU=HARD,C=SE","null","","",SecConst.CERTPROFILE_FIXED_ENDUSER, false,
453                                                    false, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca1);
454           log.debug("End Entity Fulfill Profile Test 31 = OK");
455         }catch(UserDoesntFullfillEndEntityProfile e){
456             assertTrue("Error Reverse OU fields wasn't checked propertly: " + e.getMessage(), false);
457             
458         }
459         
460         // Test with four OU (3 allowed)
461 try{
462           profile.doesUserFullfillEndEntityProfile("username","password","CN=John Smith,OU=DEP0_1,OU=DEP1_1,OU=DEP2_1,OU=HARD,C=SE","null","","",SecConst.CERTPROFILE_FIXED_ENDUSER, false,
463                                                    false, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca1);
464             assertTrue("Error Reverse OU fields wasn't checked propertly" ,false);
465         }catch(UserDoesntFullfillEndEntityProfile e){
466             log.debug("End Entity Fulfill Profile Test 32 = OK");
467             
468         }
469         
470         // Test with wrong data in nonmodifiable field
471
472         try{
473           profile.doesUserFullfillEndEntityProfile("username","password","CN=John Smith,OU=DEP1_1,OU=DEP2_1,OU=HARD2,C=SE","null","","",SecConst.CERTPROFILE_FIXED_ENDUSER, false,
474                                                    false, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca1);
475             assertTrue("Error Reverse OU fields wasn't checked propertly", false);
476         }catch(UserDoesntFullfillEndEntityProfile e){
477             log.debug("End Entity Fulfill Profile Test 33 = OK");
478             
479         }
480         
481         
482         // Test that the right data is checked when a lesser number of field is used
483
484         try{
485           profile.doesUserFullfillEndEntityProfile("username","password","CN=John Smith,OU=HARD,C=SE","null","","",SecConst.CERTPROFILE_FIXED_ENDUSER, false,
486                                                    false, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca1);
487            log.debug("End Entity Fulfill Profile Test 34 = OK");
488         }catch(UserDoesntFullfillEndEntityProfile e){
489             assertTrue("Error Reverse OU fields wasn't checked propertly: " + e.getMessage(), false);
490         }
491         
492         // Test with wrong data in nonmodifiable field when having only one ou
493
494         try{
495           profile.doesUserFullfillEndEntityProfile("username","password","CN=John Smith,OU=HARD2,C=SE","null","","",SecConst.CERTPROFILE_FIXED_ENDUSER, false,
496                                                    false, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca1);
497             assertTrue("Error Reverse OU fields wasn't checked propertly", false);
498         }catch(UserDoesntFullfillEndEntityProfile e){
499             log.debug("End Entity Fulfill Profile Test 35 = OK");
500             
501         }
502         
503         // Test with no ou
504
505         try{
506           profile.doesUserFullfillEndEntityProfile("username","password","CN=John Smith,C=SE","null","","",SecConst.CERTPROFILE_FIXED_ENDUSER, false,
507                                                    false, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca1);
508             assertTrue("Error Reverse OU fields wasn't checked propertly", false);
509         }catch(UserDoesntFullfillEndEntityProfile e){
510             log.debug("End Entity Fulfill Profile Test 36 = OK");
511             
512         }
513         
514         // Test Reverse checks of subject alt names
515
516         
517         // Set so CN=modifyable required, OU=Modifyable not required, OU1=Modifyable not required, OU3=required {hard,soft}, C=O{SE,DK} not required
518 profile.addField(DnComponents.IPADDRESS);
519         profile.addField(DnComponents.IPADDRESS);
520         profile.addField(DnComponents.IPADDRESS);
521         profile.addField(DnComponents.DNSNAME);
522         
523         profile.setRequired(DnComponents.IPADDRESS,0,false);
524         profile.setRequired(DnComponents.IPADDRESS,1,false);
525         profile.setRequired(DnComponents.IPADDRESS,2,true);
526         
527         profile.setModifyable(DnComponents.IPADDRESS,0,true);
528         profile.setModifyable(DnComponents.IPADDRESS,1,true);
529         profile.setModifyable(DnComponents.IPADDRESS,2,false);
530         profile.setModifyable(DnComponents.DNSNAME,0,false);
531         
532         profile.setValue(DnComponents.IPADDRESS,0,"");
533         profile.setValue(DnComponents.IPADDRESS,1,"");
534         profile.setValue(DnComponents.IPADDRESS,2,"10.1.1.1;10.2.2.2");
535         profile.setValue(DnComponents.DNSNAME,0,"test1.se;test2.se");
536         
537
538         
539         // Test with one IPAddress (1 required)
540 try{
541           profile.doesUserFullfillEndEntityProfile("username","password","CN=John Smith,OU=HARD,C=SE","dnsname=test1.se,ipaddress=10.1.1.1","","",SecConst.CERTPROFILE_FIXED_ENDUSER, false,
542                                                    false, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca1);
543           log.debug("End Entity Fulfill Profile Test 37 = OK");
544         }catch(UserDoesntFullfillEndEntityProfile e){
545             assertTrue("Error Reverse IPADDRESS fields wasn't checked propertly: " + e.getMessage(), false);
546             
547         }
548         
549         // Test with two IPAddress (1 required)
550 try{
551           profile.doesUserFullfillEndEntityProfile("username","password","CN=John Smith,OU=DEP2_1,OU=HARD,C=SE","dnsname=test1.se,ipaddress=11.1.1.1,ipaddress=10.1.1.1","","",SecConst.CERTPROFILE_FIXED_ENDUSER, false,
552                                                    false, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca1);
553           log.debug("End Entity Fulfill Profile Test 38 = OK");
554         }catch(UserDoesntFullfillEndEntityProfile e){
555             assertTrue("Error Reverse IPADDRESS fields wasn't checked propertly: " + e.getMessage(), false);
556             
557         }
558         
559         // Test with three IPAddress (1 required)
560 try{
561           profile.doesUserFullfillEndEntityProfile("username","password","CN=John Smith,OU=DEP1_1,OU=DEP2_1,OU=HARD,C=SE","dnsname=test1.se,ipaddress=12.1.1.1,ipaddress=11.1.1.1,ipaddress=10.1.1.1","","",SecConst.CERTPROFILE_FIXED_ENDUSER, false,
562                                                    false, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca1);
563           log.debug("End Entity Fulfill Profile Test 39 = OK");
564         }catch(UserDoesntFullfillEndEntityProfile e){
565             assertTrue("Error Reverse IPADDRESS fields wasn't checked propertly: " + e.getMessage(), false);
566             
567         }
568         
569         // Test with four IPAddress (3 allowed)
570 try{
571           profile.doesUserFullfillEndEntityProfile("username","password","CN=John Smith,OU=DEP0_1,OU=DEP1_1,OU=DEP2_1,OU=HARD,C=SE","dnsname=test1.se,ipaddress=12.1.1.1,ipaddress=12.1.1.1,ipaddress=11.1.1.1,ipaddress=10.1.1.1","","",SecConst.CERTPROFILE_FIXED_ENDUSER, false,
572                                                    false, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca1);
573             assertTrue("Error Reverse IPADDRESS fields wasn't checked propertly" ,false);
574         }catch(UserDoesntFullfillEndEntityProfile e){
575             log.debug("End Entity Fulfill Profile Test 40 = OK");
576             
577         }
578         
579         // Test with wrong data in nonmodifiable field
580
581         try{
582           profile.doesUserFullfillEndEntityProfile("username","password","CN=John Smith,OU=DEP1_1,OU=DEP2_1,OU=HARD2,C=SE","dnsname=test1.se,ipaddress=12.1.1.1,ipaddress=11.1.1.1,ipaddress=10.1.1.2","","",SecConst.CERTPROFILE_FIXED_ENDUSER, false,
583                                                    false, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca1);
584             assertTrue("Error Reverse IPADDRESS fields wasn't checked propertly", false);
585         }catch(UserDoesntFullfillEndEntityProfile e){
586             log.debug("End Entity Fulfill Profile Test 41 = OK");
587             
588         }
589         
590         
591         // Test that the right data is checked when a lesser number of field is used
592
593         try{
594           profile.doesUserFullfillEndEntityProfile("username","password","CN=John Smith,OU=HARD,C=SE","dnsname=test1.se,ipaddress=10.1.1.1","","",SecConst.CERTPROFILE_FIXED_ENDUSER, false,
595                                                    false, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca1);
596            log.debug("End Entity Fulfill Profile Test 42 = OK");
597         }catch(UserDoesntFullfillEndEntityProfile e){
598             assertTrue("Error Reverse IPADDRESS fields wasn't checked propertly: " + e.getMessage(), false);
599         }
600         
601         // Test with wrong data in nonmodifiable field when having only one ou
602
603         try{
604           profile.doesUserFullfillEndEntityProfile("username","password","CN=John Smith,OU=HARD2,C=SE","dnsname=test1.se,ipaddress=11.1.1.1","","",SecConst.CERTPROFILE_FIXED_ENDUSER, false,
605                                                    false, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca1);
606             assertTrue("Error Reverse IPADDRESS fields wasn't checked propertly", false);
607         }catch(UserDoesntFullfillEndEntityProfile e){
608             log.debug("End Entity Fulfill Profile Test 43 = OK");
609             
610         }
611         
612         // Test with no ou
613
614         try{
615           profile.doesUserFullfillEndEntityProfile("username","password","CN=John Smith,C=SE","dnsname=test1.se","","",SecConst.CERTPROFILE_FIXED_ENDUSER, false,
616                                                    false, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca1);
617             assertTrue("Error Reverse IPADDRESS fields wasn't checked propertly", false);
618         }catch(UserDoesntFullfillEndEntityProfile e){
619             log.debug("End Entity Fulfill Profile Test 44 = OK");
620             
621         }
622
623
624         // Test adding required fields for Subject Directory Attributes
625 // Set so CN=modifyable required, OU=Modifyable not required, OU1=Modifyable not required, OU3=required {hard,soft}, C=O{SE,DK} not required
626 profile.addField(DnComponents.DATEOFBIRTH);
627         profile.addField(DnComponents.PLACEOFBIRTH);
628         profile.addField(DnComponents.GENDER);
629         profile.addField(DnComponents.COUNTRYOFCITIZENSHIP);
630         profile.addField(DnComponents.COUNTRYOFRESIDENCE);
631         
632         profile.setRequired(DnComponents.DATEOFBIRTH,0,false);
633         profile.setRequired(DnComponents.PLACEOFBIRTH,0,false);
634         profile.setRequired(DnComponents.GENDER,0,false);
635         profile.setRequired(DnComponents.COUNTRYOFCITIZENSHIP,0,false);
636         profile.setRequired(DnComponents.COUNTRYOFRESIDENCE,0,false);
637         
638         profile.setModifyable(DnComponents.DATEOFBIRTH,0,true);
639         profile.setModifyable(DnComponents.PLACEOFBIRTH,0,true);
640         profile.setModifyable(DnComponents.GENDER,0,true);
641         profile.setModifyable(DnComponents.COUNTRYOFCITIZENSHIP,0,true);
642         profile.setModifyable(DnComponents.COUNTRYOFRESIDENCE,0,false);
643         
644         profile.setValue(DnComponents.DATEOFBIRTH,0,"");
645         profile.setValue(DnComponents.PLACEOFBIRTH,0,"");
646         profile.setValue(DnComponents.GENDER,0,"");
647         profile.setValue(DnComponents.COUNTRYOFCITIZENSHIP,0,"");
648         profile.setValue(DnComponents.COUNTRYOFRESIDENCE,0,"SE");
649
650         try{
651             profile.doesUserFullfillEndEntityProfile("username","password","CN=John Smith,OU=HARD,C=SE","dnsname=test1.se,ipaddress=10.1.1.1","CountryOfCitizenship=FOO","",SecConst.CERTPROFILE_FIXED_ENDUSER, false,
652                     false, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca1);
653             assertTrue("Error CountryOfCitizenship wasn't checked propertly", false);
654         }catch(UserDoesntFullfillEndEntityProfile e){
655             assertEquals("Invalid COUNTRYOFCITIZENSHIP. Must be of length two.", e.getMessage());
656             log.debug("End Entity Fulfill Profile Test 45 = OK");
657         }
658         try{
659             profile.doesUserFullfillEndEntityProfile("username","password","CN=John Smith,OU=HARD,C=SE","dnsname=test1.se,ipaddress=10.1.1.1","CountryOfCitizenship=SE, CountryOfResidence=Foo","",SecConst.CERTPROFILE_FIXED_ENDUSER, false,
660                     false, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca1);
661             assertTrue("Error CountryOfCitizenship wasn't checked propertly", false);
662         }catch(UserDoesntFullfillEndEntityProfile e){
663             assertEquals("Invalid COUNTRYOFRESIDENCE. Must be of length two.", e.getMessage());
664             log.debug("End Entity Fulfill Profile Test 46 = OK");
665         }
666         try{
667             profile.doesUserFullfillEndEntityProfile("username","password","CN=John Smith,OU=HARD,C=SE","dnsname=test1.se,ipaddress=10.1.1.1","CountryOfCitizenship=SE, CountryOfResidence=TR","",SecConst.CERTPROFILE_FIXED_ENDUSER, false,
668                     false, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca1);
669             assertTrue("Error CountryOfCitizenship wasn't checked propertly", false);
670         }catch(UserDoesntFullfillEndEntityProfile e){
671             assertEquals("Field COUNTRYOFRESIDENCE data didn't match requirement of end entity profile.", e.getMessage());
672             log.debug("End Entity Fulfill Profile Test 47 = OK");
673         }
674         try{
675             profile.doesUserFullfillEndEntityProfile("username","password","CN=John Smith,OU=HARD,C=SE","dnsname=test1.se,ipaddress=10.1.1.1","CountryOfCitizenship=SE, CountryOfResidence=SE, Gender=M, PlaceOfBirth=Stockholm","",SecConst.CERTPROFILE_FIXED_ENDUSER, false,
676                     false, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca1);
677             log.debug("End Entity Fulfill Profile Test 48 = OK");
678         }catch(UserDoesntFullfillEndEntityProfile e){
679             assertTrue("Error Subject Dir Attributes wasn't checked propertly", false);
680         }
681         try{
682             profile.doesUserFullfillEndEntityProfile("username","password","CN=John Smith,OU=HARD,C=SE","dnsname=test1.se,ipaddress=10.1.1.1","DateOfBirth=189901, CountryOfCitizenship=SE, CountryOfResidence=SE","",SecConst.CERTPROFILE_FIXED_ENDUSER, false,
683                     false, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca1);
684             assertTrue("Error DateOfBirth wasn't checked propertly", false);
685         }catch(UserDoesntFullfillEndEntityProfile e){
686             assertEquals("Invalid DATEOFBIRTH. Must be of length eight.", e.getMessage());
687             log.debug("End Entity Fulfill Profile Test 49 = OK");
688         }
689         try{
690             profile.doesUserFullfillEndEntityProfile("username","password","CN=John Smith,OU=HARD,C=SE","dnsname=test1.se,ipaddress=10.1.1.1","DateOfBirth=189901AA, CountryOfCitizenship=SE, CountryOfResidence=SE","",SecConst.CERTPROFILE_FIXED_ENDUSER, false,
691                     false, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca1);
692             assertTrue("Error DateOfBirth wasn't checked propertly", false);
693         }catch(UserDoesntFullfillEndEntityProfile e){
694             assertEquals("Invalid DATEOFBIRTH. Must be only numbers.", e.getMessage());
695             log.debug("End Entity Fulfill Profile Test 50 = OK");
696         }
697         try{
698             profile.doesUserFullfillEndEntityProfile("username","password","CN=John Smith,OU=HARD,C=SE","dnsname=test1.se,ipaddress=10.1.1.1","DateOfBirth=18990101, CountryOfCitizenship=SE, CountryOfResidence=SE","",SecConst.CERTPROFILE_FIXED_ENDUSER, false,
699                     false, false,false,SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca1);
700             log.debug("End Entity Fulfill Profile Test 51 = OK");
701         }catch(UserDoesntFullfillEndEntityProfile e){
702             assertTrue("Error DateOfBirth wasn't checked propertly", false);
703         }
704         
705           log.debug("<test01fulfillEndEntityProfiles()");
706     }
707     
708     
709     
710
711
712 }
713
Popular Tags