diff options
Diffstat (limited to 'proxy/src/test/java/org/fedoraproject/candlepin/resource/test')
7 files changed, 838 insertions, 0 deletions
diff --git a/proxy/src/test/java/org/fedoraproject/candlepin/resource/test/ApiTest.java b/proxy/src/test/java/org/fedoraproject/candlepin/resource/test/ApiTest.java new file mode 100644 index 0000000..5b5b4e9 --- /dev/null +++ b/proxy/src/test/java/org/fedoraproject/candlepin/resource/test/ApiTest.java @@ -0,0 +1,77 @@ +/** + * Copyright (c) 2009 Red Hat, Inc. + * + * This software is licensed to you under the GNU General Public License, + * version 2 (GPLv2). There is NO WARRANTY for this software, express or + * implied, including the implied warranties of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2 + * along with this software; if not, see + * http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. + * + * Red Hat trademarks are not licensed under GPLv2. No permission is + * granted to use or replicate Red Hat trademarks that are incorporated + * in this software or its documentation. + */ +package org.fedoraproject.candlepin.resource.test; + +import org.fedoraproject.candlepin.model.BaseModel; +import org.fedoraproject.candlepin.model.ObjectFactory; +import org.fedoraproject.candlepin.model.Owner; +import org.fedoraproject.candlepin.model.User; +import org.fedoraproject.candlepin.resource.ApiHandler; +import org.fedoraproject.candlepin.resource.OwnerResource; + +import org.junit.Test; +import static org.junit.Assert.*; + +/** + * @author mmccune + * + */ +public class ApiTest { + + @Test + public void testAuthentication() throws Exception { + User u = new User(); + u.setLogin("admin"); + u.setPassword("password"); + + ObjectFactory.get().store(u); + + ApiHandler handler = ApiHandler.get(); + String token = handler.login(u.getLogin(), "bad-password"); + assertNull(token); + token = handler.login(u.getLogin(), u.getPassword()); + assertNotNull(token); + } + + @Test + public void testLookupOwner() throws Exception { + Owner o = new Owner(BaseModel.generateUUID()); + ObjectFactory.get().store(o); + + User u = new User(); + u.setLogin("admin"); + u.setPassword("password"); + ObjectFactory.get().store(u); + + String token = ApiHandler.get().login(u.getLogin(), u.getPassword()); + + OwnerResource oapi = new OwnerResource(); + Owner lookedup = (Owner) oapi.get("BAD-UUID-NOTFOUND"); + assertNull(lookedup); + lookedup = ApiHandler.get().getOwner(token, o.getUuid()); + assertNotNull(lookedup); + + // Check bad token + boolean failed = false; + try { + lookedup = ApiHandler.get().getOwner("BAD-TOKEN", o.getUuid()); + } + catch (Exception e) { + failed = true; + } + assertTrue(failed); + + } +} diff --git a/proxy/src/test/java/org/fedoraproject/candlepin/resource/test/ConsumerResourceTest.java b/proxy/src/test/java/org/fedoraproject/candlepin/resource/test/ConsumerResourceTest.java new file mode 100644 index 0000000..3c78078 --- /dev/null +++ b/proxy/src/test/java/org/fedoraproject/candlepin/resource/test/ConsumerResourceTest.java @@ -0,0 +1,83 @@ +/** + * Copyright (c) 2009 Red Hat, Inc. + * + * This software is licensed to you under the GNU General Public License, + * version 2 (GPLv2). There is NO WARRANTY for this software, express or + * implied, including the implied warranties of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2 + * along with this software; if not, see + * http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. + * + * Red Hat trademarks are not licensed under GPLv2. No permission is + * granted to use or replicate Red Hat trademarks that are incorporated + * in this software or its documentation. + */ +package org.fedoraproject.candlepin.resource.test; + +import org.fedoraproject.candlepin.model.Consumer; +import org.fedoraproject.candlepin.model.ConsumerInfo; +import org.fedoraproject.candlepin.model.ConsumerType; +import org.fedoraproject.candlepin.model.ObjectFactory; +import org.fedoraproject.candlepin.model.test.TestUtil; +import org.fedoraproject.candlepin.resource.ConsumerResource; + +import com.sun.jersey.api.client.Client; +import com.sun.jersey.api.client.WebResource; +import com.sun.jersey.api.client.config.ClientConfig; +import com.sun.jersey.api.client.config.DefaultClientConfig; + +import org.junit.Test; +import static org.junit.Assert.*; + +/** + * ConsumerResourceTest + * @version $Rev$ + */ +public class ConsumerResourceTest { + + @Test + public void testCreateConsumer() throws Exception { + String newname = "test-consumer-" + System.currentTimeMillis(); + + ConsumerResource capi = new ConsumerResource(); + ConsumerInfo ci = new ConsumerInfo(); + ci.setMetadataField("name", newname); + ci.setType(new ConsumerType("standard-system")); + capi.create(ci); + assertNotNull(ObjectFactory.get().lookupByFieldName(Consumer.class, + "name", newname)); + } + + @Test + public void testDelete() { + Consumer c = TestUtil.createConsumer(); + String uuid = c.getUuid(); + ConsumerResource capi = new ConsumerResource(); + assertNotNull(ObjectFactory.get().lookupByUUID(c.getClass(), uuid)); + capi.delete(uuid); + assertNull(ObjectFactory.get().lookupByUUID(c.getClass(), uuid)); + } + + @Test + public void testJSON() { + ClientConfig cc = new DefaultClientConfig(); + Client c = Client.create(cc); + + ConsumerInfo ci = new ConsumerInfo(); + ci.setMetadataField("name", "jsontestname"); + ci.setType(new ConsumerType("standard-system")); + + WebResource res = + c.resource("http://localhost:8080/candlepin/consumer/"); + Consumer rc = res.type("application/json").post(Consumer.class, ci); + assertNotNull(rc); + assertNotNull(rc.getUuid()); + System.out.println(rc.getUuid()); + +// WebResource delres = +// c.resource("http://localhost:8080/candlepin/consumer/"); +// delres.accept("application/json").delete(rc.getUuid()); +// +// assertNull(ObjectFactory.get().lookupByUUID(c.getClass(), rc.getUuid())); + } +} diff --git a/proxy/src/test/java/org/fedoraproject/candlepin/resource/test/EntitlementMatcherTest.java b/proxy/src/test/java/org/fedoraproject/candlepin/resource/test/EntitlementMatcherTest.java new file mode 100644 index 0000000..910eee0 --- /dev/null +++ b/proxy/src/test/java/org/fedoraproject/candlepin/resource/test/EntitlementMatcherTest.java @@ -0,0 +1,59 @@ +/** + * Copyright (c) 2009 Red Hat, Inc. + * + * This software is licensed to you under the GNU General Public License, + * version 2 (GPLv2). There is NO WARRANTY for this software, express or + * implied, including the implied warranties of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2 + * along with this software; if not, see + * http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. + * + * Red Hat trademarks are not licensed under GPLv2. No permission is + * granted to use or replicate Red Hat trademarks that are incorporated + * in this software or its documentation. + */ +package org.fedoraproject.candlepin.resource.test; + +import org.fedoraproject.candlepin.model.Consumer; +import org.fedoraproject.candlepin.model.ConsumerType; +import org.fedoraproject.candlepin.model.ObjectFactory; +import org.fedoraproject.candlepin.model.Product; +import org.fedoraproject.candlepin.model.ProductFactory; +import org.fedoraproject.candlepin.model.test.TestUtil; +import org.fedoraproject.candlepin.resource.EntitlementMatcher; + +import java.util.List; + +import org.junit.Test; +import static org.junit.Assert.*; + +/** + * EntitlementMatcherTest + * @version $Rev$ + */ +public class EntitlementMatcherTest { + + @Test + public void testIsCompatable() throws Exception { + Consumer consumer = TestUtil.createConsumer(); + ConsumerType typeSystem = ProductFactory.get().lookupConsumerTypeByLabel("system"); + consumer.setType(typeSystem); + + List f = ObjectFactory.get().listObjectsByClass(Product.class); + Product rhel = (Product) ObjectFactory.get().lookupByFieldName( + Product.class, "label", "rhel"); + Product rhelvirt = (Product) ObjectFactory.get().lookupByFieldName( + Product.class, "label", "rhel-virt"); + + EntitlementMatcher m = new EntitlementMatcher(); + + assertTrue(m.isCompatible(consumer, rhel)); + + ConsumerType vmwarehost = + ProductFactory.get().lookupConsumerTypeByLabel("vmwarehost"); + consumer.setType(vmwarehost); + + // Check that you can't use rhelvirt on a vmware host + assertFalse(m.isCompatible(consumer, rhelvirt)); + } +} diff --git a/proxy/src/test/java/org/fedoraproject/candlepin/resource/test/EntitlementResourceTest.java b/proxy/src/test/java/org/fedoraproject/candlepin/resource/test/EntitlementResourceTest.java new file mode 100644 index 0000000..7d75d05 --- /dev/null +++ b/proxy/src/test/java/org/fedoraproject/candlepin/resource/test/EntitlementResourceTest.java @@ -0,0 +1,163 @@ +/** + * Copyright (c) 2009 Red Hat, Inc. + * + * This software is licensed to you under the GNU General Public License, + * version 2 (GPLv2). There is NO WARRANTY for this software, express or + * implied, including the implied warranties of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2 + * along with this software; if not, see + * http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. + * + * Red Hat trademarks are not licensed under GPLv2. No permission is + * granted to use or replicate Red Hat trademarks that are incorporated + * in this software or its documentation. + */ +package org.fedoraproject.candlepin.resource.test; + +import org.fedoraproject.candlepin.model.Consumer; +import org.fedoraproject.candlepin.model.ConsumerType; +import org.fedoraproject.candlepin.model.EntitlementPool; +import org.fedoraproject.candlepin.model.ObjectFactory; +import org.fedoraproject.candlepin.model.Product; +import org.fedoraproject.candlepin.model.test.TestUtil; +import org.fedoraproject.candlepin.resource.EntitlementResource; + +import com.sun.jersey.api.client.Client; +import com.sun.jersey.api.client.WebResource; +import com.sun.jersey.api.client.config.ClientConfig; +import com.sun.jersey.api.client.config.DefaultClientConfig; +import com.sun.jersey.api.representation.Form; + +import java.sql.Date; +import java.util.ArrayList; +import java.util.List; + +import org.junit.Before; +import org.junit.Test; +import static org.junit.Assert.*; + + +/** + * ConsumerResourceTest + * @version $Rev$ + */ +public class EntitlementResourceTest { + + private Consumer consumer; + private Product product; + private EntitlementPool ep; + + /** + * {@inheritDoc} + */ + @Before + public void setUp() throws Exception { + consumer = TestUtil.createConsumer(); + product = TestUtil.createProduct(); + ep = new EntitlementPool(); + ep.setProduct(product); + ep.setOwner(consumer.getOwner()); + ep.setMaxMembers(10); + ep.setCurrentMembers(0); + + Date futuredate = new Date(System.currentTimeMillis() + 1000000000); + ep.setEndDate(futuredate); + ObjectFactory.get().store(ep); + + } + + @Test + public void testEntitle() throws Exception { + + + EntitlementResource eapi = new EntitlementResource(); + Form f = new Form(); + f.add("consumer_uuid", consumer.getUuid()); + f.add("product_uuid", product.getUuid()); + String cert = (String) eapi.entitle(consumer, product); + + assertNotNull(cert); + assertNotNull(consumer.getConsumedProducts()); + assertNotNull(consumer.getEntitlements()); + + // Test max membership + boolean failed = false; + for (int i = 0; i < ep.getMaxMembers() + 10; i++) { + Consumer ci = TestUtil.createConsumer(consumer.getOwner()); + f.add("consumer_uuid", ci.getUuid()); + try { + eapi.entitle(consumer, product); + } + catch (Exception e) { + System.out.println("Failed: " + e); + failed = true; + } + } + assertTrue("we didnt hit max members", failed); + + // Test expiration + Date pastdate = new Date(System.currentTimeMillis() - 1000000000); + ep.setEndDate(pastdate); + failed = false; + try { + eapi.entitle(consumer, product); + } + catch (Exception e) { + System.out.println("expired: ? " + e); + failed = true; + } + assertTrue("we didnt expire", failed); + + + + } + + @Test + public void testHasEntitlement() { + EntitlementResource eapi = new EntitlementResource(); + eapi.entitle(consumer, product); + + // TODO: Disabling this test, boils into ObjectFactory things that need + // to be fixed before we can do this check! Sorry! :) - dgoodwin +// assertTrue(eapi.hasEntitlement(consumer.getUuid(), product.getUuid())); + } + + @Test + public void testListAvailableEntitlements() { + EntitlementResource eapi = new EntitlementResource(); + consumer.setType(new ConsumerType("standard-system")); + Form f = new Form(); + f.add("consumer_uuid", consumer.getUuid()); + + List<EntitlementPool> avail = eapi.listAvailableEntitlements(consumer.getUuid()); + assertNotNull(avail); + assertTrue(avail.size() > 0); + } + + @Test + public void testJson() { + ClientConfig cc = new DefaultClientConfig(); + Client c = Client.create(cc); + + // WebResource getresource = c.resource("http://localhost:8080/candlepin/entitle/"); + + + Object[] params = new Object[2]; + params[0] = consumer; + params[1] = product; + List aparams = new ArrayList(); + aparams.add(consumer); + aparams.add(product); + + WebResource postresource = + c.resource("http://localhost:8080/candlepin/entitlement/foo/"); + postresource.accept("application/json").type("application/json").post(consumer); + + // System.out.println(jto.getName()); + // jto = getresource.accept("application/json").get(JsonTestObject.class); + // assertEquals("testname", jto.getName()); + // assertEquals("AEF", jto.getUuid()); + } + + +} diff --git a/proxy/src/test/java/org/fedoraproject/candlepin/resource/test/TestResourceTest.java b/proxy/src/test/java/org/fedoraproject/candlepin/resource/test/TestResourceTest.java new file mode 100644 index 0000000..7fc3648 --- /dev/null +++ b/proxy/src/test/java/org/fedoraproject/candlepin/resource/test/TestResourceTest.java @@ -0,0 +1,93 @@ +/** + * Copyright (c) 2009 Red Hat, Inc. + * + * This software is licensed to you under the GNU General Public License, + * version 2 (GPLv2). There is NO WARRANTY for this software, express or + * implied, including the implied warranties of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2 + * along with this software; if not, see + * http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. + * + * Red Hat trademarks are not licensed under GPLv2. No permission is + * granted to use or replicate Red Hat trademarks that are incorporated + * in this software or its documentation. + */ +package org.fedoraproject.candlepin.resource.test; + +import org.fedoraproject.candlepin.model.ConsumerType; +import org.fedoraproject.candlepin.model.JsonTestObject; +import org.fedoraproject.candlepin.resource.TestResource; + +import com.sun.jersey.api.client.Client; +import com.sun.jersey.api.client.WebResource; +import com.sun.jersey.api.client.config.ClientConfig; +import com.sun.jersey.api.client.config.DefaultClientConfig; + +import java.util.ArrayList; +import java.util.List; + +import org.junit.Test; +import static org.junit.Assert.*; + + +/** + * TestResourceTest + * @version $Rev$ + */ +public class TestResourceTest { + + private JsonTestObject createTestObject() { + JsonTestObject jto = new JsonTestObject(); + jto.setName("testname"); + jto.setUuid("AEF"); + List<String> l = new ArrayList<String>(); + l.add("hey there"); + l.add("how are you?"); + jto.setStringList(l); + return jto; + } + + @Test + public void testJson() { + ClientConfig cc = new DefaultClientConfig(); + Client c = Client.create(cc); + + + JsonTestObject jto = createTestObject(); + + WebResource postresource = c.resource("http://localhost:8080/candlepin/test/"); + postresource.accept("application/json").type("application/json").post(jto); + + WebResource getresource = c.resource("http://localhost:8080/candlepin/test/"); + System.out.println(jto.getName()); + jto = getresource.accept("application/json").get(JsonTestObject.class); + assertEquals("testname", jto.getName()); + assertEquals("AEF", jto.getUuid()); + assertNotNull(jto.getStringList()); + assertEquals(2, jto.getStringList().size()); + assertNull(jto.getParent()); + System.out.println(jto.getStringList()); + } + + @Test + public void testGet() { + TestResource tr = new TestResource(); + assertNull(tr.get()); + + JsonTestObject jto = createTestObject(); + tr.create(jto); + assertEquals(jto, tr.get()); + } + + @Test + public void testConsumerType() { + ClientConfig cc = new DefaultClientConfig(); + Client c = Client.create(cc); + + WebResource getresource = + c.resource("http://localhost:8080/candlepin/test/consumertype"); + ConsumerType ct = getresource.accept("application/json").get(ConsumerType.class); + assertNotNull(ct); + assertEquals("testtype", ct.getLabel()); + } +} diff --git a/proxy/src/test/java/org/fedoraproject/candlepin/resource/test/UserResourceTest.java b/proxy/src/test/java/org/fedoraproject/candlepin/resource/test/UserResourceTest.java new file mode 100644 index 0000000..7ada16c --- /dev/null +++ b/proxy/src/test/java/org/fedoraproject/candlepin/resource/test/UserResourceTest.java @@ -0,0 +1,77 @@ +/** + * Copyright (c) 2009 Red Hat, Inc. + * + * This software is licensed to you under the GNU General Public License, + * version 2 (GPLv2). There is NO WARRANTY for this software, express or + * implied, including the implied warranties of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2 + * along with this software; if not, see + * http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. + * + * Red Hat trademarks are not licensed under GPLv2. No permission is + * granted to use or replicate Red Hat trademarks that are incorporated + * in this software or its documentation. + */ +package org.fedoraproject.candlepin.resource.test; + +import org.fedoraproject.candlepin.model.User; +import org.fedoraproject.candlepin.resource.UserResource; + +import java.util.List; + +import org.junit.Test; +import static org.junit.Assert.*; + + +/** + * UserResourceTest + * @version $Rev$ + */ +public class UserResourceTest { + + private UserResource api = new UserResource(); + + @Test + public void testNewUser() { + User user = api.create("candlepin", "cp_p@$sw0rd"); + assertNotNull(user); + assertEquals("candlepin", user.getLogin()); + assertEquals("cp_p@$sw0rd", user.getPassword()); + + user = api.create(null, null); + assertNotNull(user); + assertEquals(null, user.getLogin()); + assertEquals(null, user.getPassword()); + + user = api.create("", ""); + assertNotNull(user); + assertEquals("", user.getLogin()); + assertEquals("", user.getPassword()); + } + + @Test + public void testList() { + List<User> users = api.list(); + int origSize = users.size(); + // create 1 + api.create("candlepin", "cp_p@$sw0rd"); + + // create 2 + api.create("jesusr", "n0P@$sw0rD"); + + // get the list back + users = api.list(); + System.out.println("Users: " + users.toString()); + assertNotNull(users); + assertEquals(origSize + 2, users.size()); + assertEquals(User.class, users.get(0).getClass()); + } + + @Test + public void testGet() { + User user = api.get("test-login"); + assertNotNull(user); + assertEquals("test-login", user.getLogin()); + } + +} diff --git a/proxy/src/test/java/org/fedoraproject/candlepin/resource/test/cert/test/CertTest.java b/proxy/src/test/java/org/fedoraproject/candlepin/resource/test/cert/test/CertTest.java new file mode 100644 index 0000000..ff94fa9 --- /dev/null +++ b/proxy/src/test/java/org/fedoraproject/candlepin/resource/test/cert/test/CertTest.java @@ -0,0 +1,286 @@ +/** + * Copyright (c) 2009 Red Hat, Inc. + * + * This software is licensed to you under the GNU General Public License, + * version 2 (GPLv2). There is NO WARRANTY for this software, express or + * implied, including the implied warranties of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2 + * along with this software; if not, see + * http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. + * + * Red Hat trademarks are not licensed under GPLv2. No permission is + * granted to use or replicate Red Hat trademarks that are incorporated + * in this software or its documentation. + */ +package org.fedoraproject.candlepin.resource.test.cert.test; + +import org.fedoraproject.candlepin.resource.cert.CertGenerator; + +import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.DERSequence; +import org.bouncycastle.asn1.x509.GeneralName; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.bouncycastle.x509.AttributeCertificateHolder; +import org.bouncycastle.x509.AttributeCertificateIssuer; +import org.bouncycastle.x509.X509Attribute; +import org.bouncycastle.x509.X509V2AttributeCertificate; +import org.bouncycastle.x509.X509V2AttributeCertificateGenerator; +import org.bouncycastle.x509.examples.AttrCertExample; + +import java.math.BigInteger; +import java.security.KeyFactory; +import java.security.KeyStore; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.Security; +import java.security.cert.X509Certificate; +import java.security.spec.RSAPrivateCrtKeySpec; +import java.security.spec.RSAPublicKeySpec; +import java.util.Date; + +import org.junit.Test; + +/** + * CertTest + * @version $Rev$ + */ +public class CertTest { + + @Test + public void testCertGenerator() { + String cert = CertGenerator.getCertString(); + System.out.println("Cert: " + cert); + } + + @Test + public void testCertExample() throws Exception { + + Security.addProvider(new BouncyCastleProvider()); + + // + // personal keys + // + RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec( + new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419" + + "be12872a4bdba626cfae9900f76abfb12139dce5de5" + + "6564fab2b6543165a040c606887420e33d91ed7ed7", 16), + new BigInteger("11", 16)); + + RSAPrivateCrtKeySpec privKeySpec = new RSAPrivateCrtKeySpec( + new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419" + + "be12872a4bdba626cfae9900f76abfb12139dce5de5" + + "6564fab2b6543165a040c606887420e33d91ed7ed7", 16), + new BigInteger("11", 16), + new BigInteger("9f66f6b05410cd503b2709e88115d55daced94d1a34" + + "d4e32bf824d0dde6028ae79c5f07b580f5dce240d71" + + "11f7ddb130a7945cd7d957d1920994da389f490c89", 16), + new BigInteger("c0a0758cdf14256f78d4708c86becdead1b50ad4ad6" + + "c5c703e2168fbf37884cb", 16), + new BigInteger("f01734d7960ea60070f1b06f2bb81bfac48ff192ae1" + + "8451d5e56c734a5aab8a5", 16), + new BigInteger("b54bb9edff22051d9ee60f9351a48591b6500a31942" + + "9c069a3e335a1d6171391", 16), + new BigInteger("d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6" + + "fc483533d8297dd7884cd", 16), + new BigInteger("b8f52fc6f38593dabb661d3f50f8897f8106eee68b1" + + "bce78a95b132b4e5b5d19", 16)); + + // + // ca keys + // + RSAPublicKeySpec caPubKeySpec = new RSAPublicKeySpec( + new BigInteger("b259d2d6e627a768c94be36164c2d9fc79d97aab925" + + "3140e5bf17751197731d6f7540d2509e7b9ffee0a70" + + "a6e26d56e92d2edd7f85aba85600b69089f35f6bdbf" + + "3c298e05842535d9f064e6b0391cb7d306e0a2d20c4" + + "dfb4e7b49a9640bdea26c10ad69c3f05007ce2513ce" + + "e44cfe01998e62b6c3637d3fc0391079b26ee36d5", 16), + new BigInteger("11", 16)); + + RSAPrivateCrtKeySpec caPrivKeySpec = new RSAPrivateCrtKeySpec( + new BigInteger("b259d2d6e627a768c94be36164c2d9fc79d97aab925" + + "3140e5bf17751197731d6f7540d2509e7b9ffee0a70" + + "a6e26d56e92d2edd7f85aba85600b69089f35f6bdbf" + + "3c298e05842535d9f064e6b0391cb7d306e0a2d20c4" + + "dfb4e7b49a9640bdea26c10ad69c3f05007ce2513ce" + + "e44cfe01998e62b6c3637d3fc0391079b26ee36d5", 16), + new BigInteger("11", 16), + new BigInteger("92e08f83cc9920746989ca5034dcb384a094fb9c5a6" + + "288fcc4304424ab8f56388f72652d8fafc65a4b9020" + + "896f2cde297080f2a540e7b7ce5af0b3446e1258d1d" + + "d7f245cf54124b4c6e17da21b90a0ebd22605e6f45c" + + "9f136d7a13eaac1c0f7487de8bd6d924972408ebb58" + + "af71e76fd7b012a8d0e165f3ae2e5077a8648e619", 16), + new BigInteger("f75e80839b9b9379f1cf1128f321639757dba514642" + + "c206bbbd99f9a4846208b3e93fbbe5e0527cc59b1d4" + + "b929d9555853004c7c8b30ee6a213c3d1bb7415d03", 16), + new BigInteger("b892d9ebdbfc37e397256dd8a5d3123534d1f037262" + + "84743ddc6be3a709edb696fc40c7d902ed804c6eee7" + + "30eee3d5b20bf6bd8d87a296813c87d3b3cc9d7947", 16), + new BigInteger("1d1a2d3ca8e52068b3094d501c9a842fec37f54db16" + + "e9a67070a8b3f53cc03d4257ad252a1a640eadd6037" + + "24d7bf3737914b544ae332eedf4f34436cac25ceb5", 16), + new BigInteger("6c929e4e81672fef49d9c825163fec97c4b7ba7acb2" + + "6c0824638ac22605d7201c94625770984f78a56e6e2" + + "5904fe7db407099cad9b14588841b94f5ab498dded", 16), + new BigInteger("dae7651ee69ad1d081ec5e7188ae126f6004ff39556" + + "bde90e0b870962fa7b926d070686d8244fe5a9aa709" + + "a95686a104614834b0ada4b10f53197a5cb4c97339", 16)); + + // + // set up the keys + // + KeyFactory fact = KeyFactory.getInstance("RSA", "BC"); + PrivateKey caPrivKey = fact.generatePrivate(caPrivKeySpec); + PublicKey caPubKey = fact.generatePublic(caPubKeySpec); + PrivateKey privKey = fact.generatePrivate(privKeySpec); + PublicKey pubKey = fact.generatePublic(pubKeySpec); + + // + // note in this case we are using the CA certificate for both the client + // cetificate + // and the attribute certificate. This is to make the vcode simpler to + // read, in practice + // the CA for the attribute certificate should be different to that of + // the client certificate + // + X509Certificate caCert = AttrCertExample.createAcIssuerCert(caPubKey, + caPrivKey); + X509Certificate clientCert = AttrCertExample.createClientCert(pubKey, + caPrivKey, caPubKey); + System.out.println("CaCert: " + caCert); + System.out.println("clientCert: " + clientCert); + // Instantiate a new AC generator + X509V2AttributeCertificateGenerator acGen = + new X509V2AttributeCertificateGenerator(); + + acGen.reset(); + + // + // Holder: here we use the IssuerSerial form + // + acGen.setHolder(new AttributeCertificateHolder(clientCert)); + + // set the Issuer + acGen.setIssuer(new AttributeCertificateIssuer(caCert + .getSubjectX500Principal())); + + // + // serial number (as it's an example we don't have to keep track of the + // serials anyway + // + acGen.setSerialNumber(new BigInteger("1")); + + // not Before + acGen.setNotBefore(new Date(System.currentTimeMillis() - 50000)); + + // not After + acGen.setNotAfter(new Date(System.currentTimeMillis() + 50000)); + + // signature Algorithmus + acGen.setSignatureAlgorithm("SHA1WithRSAEncryption"); + + // the actual attributes + GeneralName roleName = new GeneralName(GeneralName.rfc822Name, + "DAU123456789"); + ASN1EncodableVector roleSyntax = new ASN1EncodableVector(); + roleSyntax.add(roleName); + + // roleSyntax OID: 2.5.24.72 + X509Attribute attributes = new X509Attribute("2.5.24.72", + new DERSequence(roleSyntax)); + + acGen.addAttribute(attributes); + + // finally create the AC + X509V2AttributeCertificate att = (X509V2AttributeCertificate) acGen + .generate(caPrivKey, "BC"); + + + + String encoded = new String(att.getEncoded()); + //System.out.println("CERT CERT: " + encoded); + KeyStore store = KeyStore.getInstance("PKCS12"); + String pass = "redhat"; + + + /*FileOutputStream fout = new FileOutputStream("/tmp/foo.file"); + store.load(null, null); + store.store(fout, pass.toCharArray()); + X509CertificateObject ccert = new + X509CertificateObject(new X509CertificateStructure(new DERSequence(att)));*/ + // + // starting here, we parse the newly generated AC + // + + // Holder + + AttributeCertificateHolder h = att.getHolder(); + if (h.match(clientCert)) { + if (h.getEntityNames() != null) { + System.out.println(h.getEntityNames().length + + " entity names found"); + } + if (h.getIssuer() != null) { + System.out.println(h.getIssuer().length + + " issuer names found, serial number " + + h.getSerialNumber()); + } + System.out.println("Matches original client x509 cert"); + } + + // Issuer + + AttributeCertificateIssuer issuer = att.getIssuer(); + if (issuer.match(caCert)) { + if (issuer.getPrincipals() != null) { + System.out.println(issuer.getPrincipals().length + + " entity names found"); + } + System.out.println("Matches original ca x509 cert"); + } + + // Dates + System.out.println("valid not before: " + att.getNotBefore()); + System.out.println("valid not before: " + att.getNotAfter()); + + // check the dates, an exception is thrown in checkValidity()... + + try { + att.checkValidity(); + att.checkValidity(new Date()); + } + catch (Exception e) { + System.out.println(e); + } + + // verify + + try { + att.verify(caPubKey, "BC"); + } + catch (Exception e) { + System.out.println(e); + } + + // Attribute + X509Attribute[] attribs = att.getAttributes(); + System.out.println("cert has " + attribs.length + " attributes:"); + for (int i = 0; i < attribs.length; i++) { + X509Attribute a = attribs[i]; + System.out.println("OID: " + a.getOID()); + + // currently we only check for the presence of a 'RoleSyntax' + // attribute + + if (a.getOID().equals("2.5.24.72")) { + System.out.println("rolesyntax read from cert!"); + } + } + + + + + // CertificateFactory.getInstance + } +} |