Example 71 with ASN1Sequence
use of com.github.zhenwei.core.asn1.ASN1Sequence in project ldapsdk by pingidentity.
the class UniquenessRequestControlTestCase method testDecodeControlValueSequenceUnrecognizedElementType.
/**
* Tests the behavior when trying to decode a control whose value sequence has
* an element with an unrecognized BER type.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test(expectedExceptions = { LDAPException.class })
public void testDecodeControlValueSequenceUnrecognizedElementType() throws Exception {
final ASN1Sequence valueSequence = new ASN1Sequence(new ASN1OctetString((byte) 0x80, "uniqueness-id"), new ASN1Set((byte) 0xA1, new ASN1OctetString("uid")), new ASN1Enumerated((byte) 0x8F, 12345));
new UniquenessRequestControl(new Control("1.3.6.1.4.1.30221.2.5.52", true, new ASN1OctetString(valueSequence.encode())));
}
Also used :
ASN1OctetString(com.unboundid.asn1.ASN1OctetString)
Control(com.unboundid.ldap.sdk.Control)
ASN1Sequence(com.unboundid.asn1.ASN1Sequence)
ASN1Set(com.unboundid.asn1.ASN1Set)
ASN1Enumerated(com.unboundid.asn1.ASN1Enumerated)
Test(org.testng.annotations.Test)
Example 72 with ASN1Sequence
use of com.github.zhenwei.core.asn1.ASN1Sequence in project ldapsdk by pingidentity.
the class UniquenessResponseControlTestCase method testDecodeControlValueSequenceMissingUniquenessID.
/**
* Tests the behavior when trying to decode a control whose value sequence is
* missing the required uniqueness ID element.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test(expectedExceptions = { LDAPException.class })
public void testDecodeControlValueSequenceMissingUniquenessID() throws Exception {
final ASN1Sequence valueSequence = new ASN1Sequence(new ASN1OctetString((byte) 0x83, "validation message"));
new UniquenessResponseControl().decodeControl("1.3.6.1.4.1.30221.2.5.53", false, new ASN1OctetString(valueSequence.encode()));
}
Also used :
ASN1OctetString(com.unboundid.asn1.ASN1OctetString)
ASN1Sequence(com.unboundid.asn1.ASN1Sequence)
Test(org.testng.annotations.Test)
Example 73 with ASN1Sequence
use of com.github.zhenwei.core.asn1.ASN1Sequence in project ldapsdk by pingidentity.
the class ManageCertificatesTestCase method testDisplayCertificateSigningRequestFile.
/**
* Provides test coverage for the display-certificate-signing-request-file
* subcommand.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testDisplayCertificateSigningRequestFile() throws Exception {
// Test with a valid, PEM-formatted CSR file.
manageCertificates("display-certificate-signing-request-file", "--certificate-signing-request-file", serverCSRPath, "--verbose", "--display-keytool-command");
// Test with a valid, DER-formatted CSR file.
PKCS10CertificateSigningRequest csr = ManageCertificates.readCertificateSigningRequestFromFile(new File(serverCSRPath));
File outputFile = createTempFile();
assertTrue(outputFile.exists());
assertTrue(outputFile.delete());
assertFalse(outputFile.exists());
try (FileOutputStream outputStream = new FileOutputStream(outputFile)) {
outputStream.write(csr.getPKCS10CertificateSigningRequestBytes());
}
manageCertificates("display-certificate-signing-request-file", "--certificate-signing-request-file", outputFile.getAbsolutePath(), "--display-keytool-command");
// Test with a file that has a malformed PEM-formatted certificate signing
// request.
outputFile = createTempFile("-----BEGIN NEW CERTIFICATE REQUEST-----", "This isn't a valid CSR.", "-----END NEW CERTIFICATE REQUEST-----");
manageCertificates(ResultCode.PARAM_ERROR, null, "display-certificate-signing-request-file", "--certificate-signing-request-file", outputFile.getAbsolutePath(), "--display-keytool-command");
// Test with a file that has a malformed DER-formatted certificate signing
// request.
assertTrue(outputFile.exists());
assertTrue(outputFile.delete());
assertFalse(outputFile.exists());
try (FileOutputStream outputStream = new FileOutputStream(outputFile)) {
new ASN1Sequence(new ASN1OctetString("This isn't a valid CSR")).writeTo(outputStream);
}
manageCertificates(ResultCode.PARAM_ERROR, null, "display-certificate-signing-request-file", "--certificate-signing-request-file", outputFile.getAbsolutePath(), "--display-keytool-command");
}
Also used :
ASN1OctetString(com.unboundid.asn1.ASN1OctetString)
ASN1Sequence(com.unboundid.asn1.ASN1Sequence)
FileOutputStream(java.io.FileOutputStream)
File(java.io.File)
Test(org.testng.annotations.Test)
Example 74 with ASN1Sequence
use of com.github.zhenwei.core.asn1.ASN1Sequence in project ldapsdk by pingidentity.
the class ManageCertificatesTestCase method testDisplayCertificateFile.
/**
* Provides test coverage for the display-certificate-file subcommand.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testDisplayCertificateFile() throws Exception {
// Test with a valid PEM file that contains a single certificate using
// non-verbose mode.
manageCertificates("display-certificate-file", "--certificate-file", serverCertificatePath, "--display-keytool-command");
// Test with a valid PEM file that contains a single certificate using
// verbose mode.
manageCertificates("display-certificate-file", "--certificate-file", serverCertificatePath, "--verbose", "--display-keytool-command");
// Test with a valid PEM file that contains multiple certificates using
// non-verbose mode.
manageCertificates("display-certificate-file", "--certificate-file", serverCertificateChainPath, "--display-keytool-command");
// Test with a valid PEM file that contains multiple certificates using
// verbose mode.
manageCertificates("display-certificate-file", "--certificate-file", serverCertificateChainPath, "--verbose", "--display-keytool-command");
// Test with a valid DER file that contains a single certificate using
// non-verbose mode.
final List<X509Certificate> certList = ManageCertificates.readCertificatesFromFile(new File(serverCertificateChainPath));
File outputFile = createTempFile();
assertTrue(outputFile.exists());
assertTrue(outputFile.delete());
assertFalse(outputFile.exists());
try (FileOutputStream outputStream = new FileOutputStream(outputFile)) {
outputStream.write(certList.get(0).getX509CertificateBytes());
}
manageCertificates("display-certificate-file", "--certificate-file", outputFile.getAbsolutePath(), "--display-keytool-command");
// Test with a valid DER file that contains a single certificate using
// verbose mode.
manageCertificates("display-certificate-file", "--certificate-file", outputFile.getAbsolutePath(), "--verbose", "--display-keytool-command");
// Test with a valid DER file that contains multiple certificates using
// non-verbose mode.
outputFile = createTempFile();
assertTrue(outputFile.exists());
assertTrue(outputFile.delete());
assertFalse(outputFile.exists());
try (FileOutputStream outputStream = new FileOutputStream(outputFile)) {
for (final X509Certificate c : certList) {
outputStream.write(c.getX509CertificateBytes());
}
}
manageCertificates("display-certificate-file", "--certificate-file", outputFile.getAbsolutePath(), "--display-keytool-command");
// Test with a valid DER file that contains multiple certificates using
// verbose mode.
manageCertificates("display-certificate-file", "--certificate-file", outputFile.getAbsolutePath(), "--verbose", "--display-keytool-command");
// Test with an empty file in non-verbose mode.
manageCertificates("display-certificate-file", "--certificate-file", emptyPasswordFilePath, "--display-keytool-command");
// Test with an empty file in verbose mode.
manageCertificates("display-certificate-file", "--certificate-file", emptyPasswordFilePath, "--verbose", "--display-keytool-command");
// Test with a file that has a malformed PEM-formatted certificate.
outputFile = createTempFile("-----BEGIN CERTIFICATE -----", "This isn't a valid certificate.", "-----END CERTIFICATE-----");
manageCertificates(ResultCode.PARAM_ERROR, null, "display-certificate-file", "--certificate-file", outputFile.getAbsolutePath(), "--display-keytool-command");
// Test with a file that has a malformed DER-formatted certificate signing
// request.
assertTrue(outputFile.exists());
assertTrue(outputFile.delete());
assertFalse(outputFile.exists());
try (FileOutputStream outputStream = new FileOutputStream(outputFile)) {
new ASN1Sequence(new ASN1OctetString("This isn't a valid certificate")).writeTo(outputStream);
}
manageCertificates(ResultCode.PARAM_ERROR, null, "display-certificate-file", "--certificate-file", outputFile.getAbsolutePath(), "--display-keytool-command");
}
Also used :
ASN1OctetString(com.unboundid.asn1.ASN1OctetString)
ASN1Sequence(com.unboundid.asn1.ASN1Sequence)
FileOutputStream(java.io.FileOutputStream)
File(java.io.File)
Test(org.testng.annotations.Test)
Example 75 with ASN1Sequence
use of com.github.zhenwei.core.asn1.ASN1Sequence in project ldapsdk by pingidentity.
the class ManageCertificatesTestCase method testImportCertificate.
/**
* Provides test coverage for the import-certificate subcommand.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testImportCertificate() throws Exception {
// Import a single certificate with no private key into a JKS keystore
// that doesn't already exist. Do not prompt about whether to trust the
// certificate.
File ksFile = createTempFile();
assertTrue(ksFile.exists());
assertTrue(ksFile.delete());
assertFalse(ksFile.exists());
manageCertificates("import-certificate", "--keystore", ksFile.getAbsolutePath(), "--keystore-password", "password", "--keystore-type", "JKS", "--alias", serverCertificateAlias, "--certificate-file", serverCertificatePath, "--no-prompt", "--display-keytool-command");
assertTrue(ksFile.exists());
KeyStore keystore = getKeystore(ksFile.getAbsolutePath(), "JKS");
assertEquals(getAliases(keystore, true, true), setOf(serverCertificateAlias));
assertEquals(getAliases(keystore, true, false), Collections.<String>emptySet());
assertEquals(getAliases(keystore, false, true), setOf(serverCertificateAlias));
// Import a certificate with no private key into a JKS keystore that
// already exists. Do not prompt about whether to trust the certificate.
manageCertificates("import-certificate", "--keystore", ksFile.getAbsolutePath(), "--keystore-password", "password", "--keystore-type", "JKS", "--alias", rootCACertificateAlias, "--certificate-file", rootCACertificatePath, "--no-prompt", "--display-keytool-command");
keystore = getKeystore(ksFile.getAbsolutePath(), "JKS");
assertEquals(getAliases(keystore, true, true), setOf(serverCertificateAlias, rootCACertificateAlias));
assertEquals(getAliases(keystore, true, false), Collections.<String>emptySet());
assertEquals(getAliases(keystore, false, true), setOf(serverCertificateAlias, rootCACertificateAlias));
// Import a certificate chain obtained from a single file into a JKS
// keystore that doesn't already exist. Do not prompt about whether to
// trust the certificate.
assertTrue(ksFile.exists());
assertTrue(ksFile.delete());
assertFalse(ksFile.exists());
manageCertificates("import-certificate", "--keystore", ksFile.getAbsolutePath(), "--keystore-password", "password", "--keystore-type", "JKS", "--alias", serverCertificateAlias, "--certificate-file", serverCertificateChainPath, "--no-prompt", "--display-keytool-command");
assertTrue(ksFile.exists());
keystore = getKeystore(ksFile.getAbsolutePath(), "JKS");
assertEquals(getAliases(keystore, true, true), setOf(serverCertificateAlias, serverCertificateAlias + "-issuer-1", serverCertificateAlias + "-issuer-2"));
assertEquals(getAliases(keystore, true, false), Collections.<String>emptySet());
assertEquals(getAliases(keystore, false, true), setOf(serverCertificateAlias, serverCertificateAlias + "-issuer-1", serverCertificateAlias + "-issuer-2"));
// Import a certificate chain obtained from multiple files into a JKS
// keystore that doesn't already exist. Do not prompt about whether to
// trust the certificate.
assertTrue(ksFile.exists());
assertTrue(ksFile.delete());
assertFalse(ksFile.exists());
manageCertificates("import-certificate", "--keystore", ksFile.getAbsolutePath(), "--keystore-password", "password", "--keystore-type", "JKS", "--alias", intermediateCACertificateAlias, "--certificate-file", intermediateCACertificatePath, "--certificate-file", rootCACertificatePath, "--no-prompt", "--display-keytool-command");
assertTrue(ksFile.exists());
keystore = getKeystore(ksFile.getAbsolutePath(), "JKS");
assertEquals(getAliases(keystore, true, true), setOf(intermediateCACertificateAlias, intermediateCACertificateAlias + "-issuer"));
assertEquals(getAliases(keystore, true, false), Collections.<String>emptySet());
assertEquals(getAliases(keystore, false, true), setOf(intermediateCACertificateAlias, intermediateCACertificateAlias + "-issuer"));
// Import a single certificate and its private key into a JKS keystore
// that doesn't already exist. Do not prompt about whether to trust the
// certificate.
assertTrue(ksFile.exists());
assertTrue(ksFile.delete());
assertFalse(ksFile.exists());
manageCertificates("import-certificate", "--keystore", ksFile.getAbsolutePath(), "--keystore-password", "password", "--keystore-type", "JKS", "--alias", rootCACertificateAlias, "--certificate-file", rootCACertificatePath, "--private-key-file", rootCAKeyPath, "--no-prompt", "--display-keytool-command");
assertTrue(ksFile.exists());
keystore = getKeystore(ksFile.getAbsolutePath(), "JKS");
assertEquals(getAliases(keystore, true, true), setOf(rootCACertificateAlias));
assertEquals(getAliases(keystore, true, false), setOf(rootCACertificateAlias));
assertEquals(getAliases(keystore, false, true), Collections.<String>emptySet());
// Import a single certificate and its private key into a JKS keystore
// that doesn't already exist. Do not prompt about whether to trust the
// certificate.
assertTrue(ksFile.exists());
assertTrue(ksFile.delete());
assertFalse(ksFile.exists());
manageCertificates("import-certificate", "--keystore", ksFile.getAbsolutePath(), "--keystore-password", "password", "--keystore-type", "JKS", "--alias", rootCACertificateAlias, "--certificate-file", rootCACertificatePath, "--private-key-file", rootCAKeyPath, "--no-prompt", "--display-keytool-command");
assertTrue(ksFile.exists());
keystore = getKeystore(ksFile.getAbsolutePath(), "JKS");
assertEquals(getAliases(keystore, true, true), setOf(rootCACertificateAlias));
assertEquals(getAliases(keystore, true, false), setOf(rootCACertificateAlias));
assertEquals(getAliases(keystore, false, true), Collections.<String>emptySet());
// Import a single certificate and a raw RSA private key (not in a PKCS #8
// envelope) into a JKS keystore that doesn't already exist. Do not prompt
// about whether to trust the certificate.
assertTrue(ksFile.exists());
assertTrue(ksFile.delete());
assertFalse(ksFile.exists());
final StringBuilder pkcs8Base64Buffer = new StringBuilder();
try (BufferedReader reader = new BufferedReader(new FileReader(rootCAKeyPath))) {
while (true) {
final String line = reader.readLine();
if (line == null) {
fail("Found the end of the file before the end footer");
} else if (line.startsWith("-----BEGIN")) {
assertEquals(pkcs8Base64Buffer.length(), 0);
continue;
} else if (line.startsWith("-----END")) {
assertTrue(pkcs8Base64Buffer.length() > 0);
break;
} else {
pkcs8Base64Buffer.append(line);
}
}
}
final byte[] pkcs8PrivateKeyBytes = Base64.decode(pkcs8Base64Buffer.toString());
final ASN1Sequence pkcs8PrivateKeySequence = ASN1Sequence.decodeAsSequence(pkcs8PrivateKeyBytes);
final byte[] rsaPrivateKey = pkcs8PrivateKeySequence.elements()[2].getValue();
final File rsaPrivateKeyFile = createTempFile();
assertTrue(rsaPrivateKeyFile.delete());
try (PrintWriter writer = new PrintWriter(rsaPrivateKeyFile)) {
writer.println("-----BEGIN RSA PRIVATE KEY-----");
writer.println(Base64.encode(rsaPrivateKey));
writer.println("-----END RSA PRIVATE KEY-----");
}
manageCertificates("import-certificate", "--keystore", ksFile.getAbsolutePath(), "--keystore-password", "password", "--keystore-type", "JKS", "--alias", rootCACertificateAlias, "--certificate-file", rootCACertificatePath, "--private-key-file", rsaPrivateKeyFile.getAbsolutePath(), "--no-prompt", "--display-keytool-command");
assertTrue(ksFile.exists());
keystore = getKeystore(ksFile.getAbsolutePath(), "JKS");
assertEquals(getAliases(keystore, true, true), setOf(rootCACertificateAlias));
assertEquals(getAliases(keystore, true, false), setOf(rootCACertificateAlias));
assertEquals(getAliases(keystore, false, true), Collections.<String>emptySet());
// Import a certificate chain and the corresponding private key into a JKS
// keystore that doesn't already exist. Do not prompt about whether to
// trust the certificate.
assertTrue(ksFile.exists());
assertTrue(ksFile.delete());
assertFalse(ksFile.exists());
manageCertificates("import-certificate", "--keystore", ksFile.getAbsolutePath(), "--keystore-password", "password", "--keystore-type", "JKS", "--alias", serverCertificateAlias, "--certificate-file", serverCertificateChainPath, "--private-key-file", serverKeyPath, "--no-prompt", "--display-keytool-command");
assertTrue(ksFile.exists());
keystore = getKeystore(ksFile.getAbsolutePath(), "JKS");
assertEquals(getAliases(keystore, true, true), setOf(serverCertificateAlias));
assertEquals(getAliases(keystore, true, false), setOf(serverCertificateAlias));
assertEquals(getAliases(keystore, false, true), Collections.<String>emptySet());
// Import a single certificate and its private key into a PKCS #12 keystore
// that doesn't already exist. Do not prompt about whether to trust the
// certificate.
assertTrue(ksFile.exists());
assertTrue(ksFile.delete());
assertFalse(ksFile.exists());
manageCertificates("import-certificate", "--keystore", ksFile.getAbsolutePath(), "--keystore-password", "password", "--keystore-type", "PKCS12", "--alias", rootCACertificateAlias, "--certificate-file", rootCACertificatePath, "--private-key-file", rootCAKeyPath, "--no-prompt", "--display-keytool-command");
assertTrue(ksFile.exists());
keystore = getKeystore(ksFile.getAbsolutePath(), "PKCS12");
assertEquals(getAliases(keystore, true, true), setOf(rootCACertificateAlias));
assertEquals(getAliases(keystore, true, false), setOf(rootCACertificateAlias));
assertEquals(getAliases(keystore, false, true), Collections.<String>emptySet());
// Import a certificate chain and the corresponding private key into a
// PKCS #12 keystore that doesn't already exist. Do not prompt about
// whether to trust the certificate.
assertTrue(ksFile.exists());
assertTrue(ksFile.delete());
assertFalse(ksFile.exists());
manageCertificates("import-certificate", "--keystore", ksFile.getAbsolutePath(), "--keystore-password", "password", "--keystore-type", "PKCS12", "--alias", serverCertificateAlias, "--certificate-file", serverCertificateChainPath, "--private-key-file", serverKeyPath, "--no-prompt", "--display-keytool-command");
assertTrue(ksFile.exists());
keystore = getKeystore(ksFile.getAbsolutePath(), "PKCS12");
assertEquals(getAliases(keystore, true, true), setOf(serverCertificateAlias));
assertEquals(getAliases(keystore, true, false), setOf(serverCertificateAlias));
assertEquals(getAliases(keystore, false, true), Collections.<String>emptySet());
// Import a certificate without a private key into a JKS keystore file
// that doesn't already exist. Allow the tool to prompt for the password,
// and accept the prompt after two invalid inputs.
assertTrue(ksFile.exists());
assertTrue(ksFile.delete());
assertFalse(ksFile.exists());
manageCertificates(ResultCode.SUCCESS, "wrong1\nwrong2\r\nyes\n", "import-certificate", "--keystore", ksFile.getAbsolutePath(), "--keystore-password", "password", "--keystore-type", "JKS", "--alias", serverCertificateAlias, "--certificate-file", serverCertificatePath, "--display-keytool-command");
assertTrue(ksFile.exists());
keystore = getKeystore(ksFile.getAbsolutePath(), "JKS");
assertEquals(getAliases(keystore, true, true), setOf(serverCertificateAlias));
assertEquals(getAliases(keystore, true, false), Collections.<String>emptySet());
assertEquals(getAliases(keystore, false, true), setOf(serverCertificateAlias));
// Try to import a certificate without a private key into a JKS keystore
// file that doesn't already exist. Allow the tool to prompt for the
// password, but do not accept that prompt.
assertTrue(ksFile.exists());
assertTrue(ksFile.delete());
assertFalse(ksFile.exists());
manageCertificates(ResultCode.USER_CANCELED, "no", "import-certificate", "--keystore", ksFile.getAbsolutePath(), "--keystore-password", "password", "--keystore-type", "JKS", "--alias", serverCertificateAlias, "--certificate-file", serverCertificatePath, "--display-keytool-command");
assertFalse(ksFile.exists());
// Try to import a certificate without a private key into a JKS keystore
// file that doesn't already exist. Allow the tool to prompt for the
// password, but do not supply the input necessary to answer that prompt.
manageCertificates(ResultCode.LOCAL_ERROR, null, "import-certificate", "--keystore", ksFile.getAbsolutePath(), "--keystore-password", "password", "--keystore-type", "JKS", "--alias", serverCertificateAlias, "--certificate-file", serverCertificatePath, "--display-keytool-command");
assertFalse(ksFile.exists());
// Import a certificate with a private key into a JKS keystore file
// that doesn't already exist. Allow the tool to prompt for the password,
// and accept the prompt.
manageCertificates(ResultCode.SUCCESS, "y\r\n", "import-certificate", "--keystore", ksFile.getAbsolutePath(), "--keystore-password", "password", "--keystore-type", "JKS", "--alias", serverCertificateAlias, "--certificate-file", serverCertificateChainPath, "--private-key-file", serverKeyPath, "--display-keytool-command");
assertTrue(ksFile.exists());
keystore = getKeystore(ksFile.getAbsolutePath(), "JKS");
assertEquals(getAliases(keystore, true, true), setOf(serverCertificateAlias));
assertEquals(getAliases(keystore, true, false), setOf(serverCertificateAlias));
assertEquals(getAliases(keystore, false, true), Collections.<String>emptySet());
// Try to import a certificate with a private key into a JKS keystore
// file that doesn't already exist. Allow the tool to prompt for the
// password, but do not accept that prompt.
assertTrue(ksFile.exists());
assertTrue(ksFile.delete());
assertFalse(ksFile.exists());
manageCertificates(ResultCode.USER_CANCELED, "n\n", "import-certificate", "--keystore", ksFile.getAbsolutePath(), "--keystore-password", "password", "--keystore-type", "JKS", "--alias", serverCertificateAlias, "--certificate-file", serverCertificateChainPath, "--private-key-file", serverKeyPath, "--display-keytool-command");
assertFalse(ksFile.exists());
// Import a certificate without a private key into a JKS keystore file
// that doesn't already exist. Allow the tool to prompt for the password,
// but don't provide any input so that an error will occur when trying to
// read the data.
manageCertificates(ResultCode.LOCAL_ERROR, null, "import-certificate", "--keystore", ksFile.getAbsolutePath(), "--keystore-password", "password", "--keystore-type", "JKS", "--alias", serverCertificateAlias, "--certificate-file", serverCertificatePath, "--display-keytool-command");
// Test importing into a keystore file that exists but is malformed.
final File malformedKS = createTempFile("not a valid keystore");
manageCertificates(ResultCode.PARAM_ERROR, null, "import-certificate", "--keystore", malformedKS.getAbsolutePath(), "--keystore-password", "password", "--keystore-type", "JKS", "--alias", serverCertificateAlias, "--certificate-file", serverCertificatePath, "--no-prompt", "--display-keytool-command");
// Test importing into an existing JKS keystore file but with the wrong
// password.
ksFile = copyFile(emptyKeyStorePath);
manageCertificates(ResultCode.PARAM_ERROR, null, "import-certificate", "--keystore", ksFile.getAbsolutePath(), "--keystore-password", "wrong", "--keystore-type", "JKS", "--alias", serverCertificateAlias, "--certificate-file", serverCertificatePath, "--no-prompt", "--display-keytool-command");
// Test importing into an existing JKS keystore file but with a password
// read from a file with multiple lines.
ksFile = copyFile(emptyKeyStorePath);
manageCertificates(ResultCode.PARAM_ERROR, null, "import-certificate", "--keystore", ksFile.getAbsolutePath(), "--keystore-password-file", multiLinePasswordFilePath, "--keystore-type", "JKS", "--alias", serverCertificateAlias, "--certificate-file", serverCertificatePath, "--no-prompt", "--display-keytool-command");
// Test importing a certificate into a JKS keystore using an alias that
// already has a certificate.
ksFile = copyFile(serverTrustStorePath);
manageCertificates(ResultCode.PARAM_ERROR, null, "import-certificate", "--keystore", ksFile.getAbsolutePath(), "--keystore-password", "password", "--keystore-type", "JKS", "--alias", serverCertificateAlias, "--certificate-file", serverCertificatePath, "--no-prompt", "--display-keytool-command");
// Test importing a certificate chain and private key into a JKS keystore
// using an alias that already has a certificate.
ksFile = copyFile(serverTrustStorePath);
manageCertificates(ResultCode.PARAM_ERROR, null, "import-certificate", "--keystore", ksFile.getAbsolutePath(), "--keystore-password", "password", "--keystore-type", "JKS", "--alias", serverCertificateAlias, "--certificate-file", serverCertificateChainPath, "--private-key-file", serverKeyPath, "--no-prompt", "--display-keytool-command");
// Test importing a certificate into a JKS keystore using an alias that
// already has a key entry, but that key entry uses a different key than the
// certificate we're importing.
ksFile = copyFile(rootCAKeyStorePath);
manageCertificates(ResultCode.PARAM_ERROR, null, "import-certificate", "--keystore", ksFile.getAbsolutePath(), "--keystore-password", "password", "--keystore-type", "JKS", "--alias", rootCACertificateAlias, "--certificate-file", serverCertificateChainPath, "--no-prompt", "--display-keytool-command");
// Test importing a certificate into a JKS keystore using an alias that
// already has a key entry, and that key entry matches the key used to
// generate the certificate.
manageCertificates("import-certificate", "--keystore", ksFile.getAbsolutePath(), "--keystore-password", "password", "--keystore-type", "JKS", "--alias", rootCACertificateAlias, "--certificate-file", rootCACertificatePath, "--no-prompt", "--display-keytool-command");
// Test importing a certificate into a JKS keystore using an alias that
// already has a key entry, and that key entry matches the key used to
// generate the certificate. Prompt the user to confirm the import, and
// accept the import after a failed attempt.
manageCertificates(ResultCode.SUCCESS, "wrong\nyes\n", "import-certificate", "--keystore", ksFile.getAbsolutePath(), "--keystore-password", "password", "--keystore-type", "JKS", "--alias", rootCACertificateAlias, "--certificate-file", rootCACertificatePath, "--display-keytool-command");
// Test importing a certificate into a JKS keystore using an alias that
// already has a key entry, and that key entry matches the key used to
// generate the certificate. Prompt the user to confirm the import, but
// reject the confirmation.
manageCertificates(ResultCode.USER_CANCELED, "no\n", "import-certificate", "--keystore", ksFile.getAbsolutePath(), "--keystore-password", "password", "--keystore-type", "JKS", "--alias", rootCACertificateAlias, "--certificate-file", rootCACertificatePath, "--display-keytool-command");
// Test importing a certificate into a JKS keystore using an alias that
// already has a key entry, and that key entry matches the key used to
// generate the certificate. Prompt the user to confirm the import, don't
// supply the input needed to accept the confirmation
manageCertificates(ResultCode.LOCAL_ERROR, null, "import-certificate", "--keystore", ksFile.getAbsolutePath(), "--keystore-password", "password", "--keystore-type", "JKS", "--alias", rootCACertificateAlias, "--certificate-file", rootCACertificatePath, "--display-keytool-command");
// Test importing a certificate into a JKS keystore that has an existing key
// entry, but provide the wrong private key password for that entry.
manageCertificates(ResultCode.LOCAL_ERROR, null, "import-certificate", "--keystore", ksFile.getAbsolutePath(), "--keystore-password", "password", "--private-key-password", "wrong", "--keystore-type", "JKS", "--alias", rootCACertificateAlias, "--certificate-file", rootCACertificatePath, "--no-prompt", "--display-keytool-command");
// Test importing a certificate chain and private key into a JKS keystore
// that already has a key in that alias.
ksFile = copyFile(rootCAKeyStorePath);
manageCertificates(ResultCode.PARAM_ERROR, null, "import-certificate", "--keystore", ksFile.getAbsolutePath(), "--keystore-password", "password", "--keystore-type", "JKS", "--alias", rootCACertificateAlias, "--certificate-file", serverCertificateChainPath, "--private-key-file", serverKeyPath, "--no-prompt", "--display-keytool-command");
// Test importing a certificate into a JKS keystore that has an existing key
// entry, but with a private key password supplied in an empty file.
manageCertificates(ResultCode.PARAM_ERROR, null, "import-certificate", "--keystore", ksFile.getAbsolutePath(), "--keystore-password", "password", "--private-key-password-file", emptyPasswordFilePath, "--keystore-type", "JKS", "--alias", rootCACertificateAlias, "--certificate-file", rootCACertificatePath, "--no-prompt", "--display-keytool-command");
// Test importing a certificate into a JKS keystore that has an existing key
// entry, but with a private key password supplied in a file with multiple
// lines.
manageCertificates(ResultCode.PARAM_ERROR, null, "import-certificate", "--keystore", ksFile.getAbsolutePath(), "--keystore-password", "password", "--private-key-password-file", multiLinePasswordFilePath, "--keystore-type", "JKS", "--alias", rootCACertificateAlias, "--certificate-file", rootCACertificatePath, "--no-prompt", "--display-keytool-command");
// Test importing a certificate contained in a malformed PEM file.
ksFile = copyFile(emptyKeyStorePath);
File malformedPEMFile = createTempFile("-----BEGIN CERTIFICATE-----", "This file has invalid characters, and is missing the end footer.");
manageCertificates(ResultCode.PARAM_ERROR, null, "import-certificate", "--keystore", ksFile.getAbsolutePath(), "--keystore-password", "password", "--keystore-type", "JKS", "--alias", serverCertificateAlias, "--certificate-file", malformedPEMFile.getAbsolutePath(), "--no-prompt", "--display-keytool-command");
// Test importing a certificate contained in a malformed DER file.
final File malformedDERFile = createTempFile();
assertTrue(malformedDERFile.delete());
try (FileOutputStream outputStream = new FileOutputStream(malformedDERFile)) {
new ASN1Sequence(new ASN1OctetString("Not a valid certificate")).writeTo(outputStream);
}
manageCertificates(ResultCode.PARAM_ERROR, null, "import-certificate", "--keystore", ksFile.getAbsolutePath(), "--keystore-password", "password", "--keystore-type", "JKS", "--alias", serverCertificateAlias, "--certificate-file", malformedDERFile.getAbsolutePath(), "--no-prompt", "--display-keytool-command");
// Test importing a valid certificate chain but a malformed private key file
// contained in a malformed PEM file.
malformedPEMFile = createTempFile("-----BEGIN PRIVATE KEY-----", "This file has invalid characters, and is missing the end footer.");
manageCertificates(ResultCode.PARAM_ERROR, null, "import-certificate", "--keystore", ksFile.getAbsolutePath(), "--keystore-password", "password", "--keystore-type", "JKS", "--alias", serverCertificateAlias, "--certificate-file", serverCertificateChainPath, "--private-key-file", malformedPEMFile.getAbsolutePath(), "--no-prompt", "--display-keytool-command");
// Test importing a valid certificate chain but a malformed private key file
// contained in a malformed DER file.
manageCertificates(ResultCode.PARAM_ERROR, null, "import-certificate", "--keystore", ksFile.getAbsolutePath(), "--keystore-password", "password", "--keystore-type", "JKS", "--alias", serverCertificateAlias, "--certificate-file", serverCertificateChainPath, "--private-key-file", malformedDERFile.getAbsolutePath(), "--no-prompt", "--display-keytool-command");
// Test importing an incomplete certificate chain that does not include the
// root certificate.
manageCertificates(ResultCode.PARAM_ERROR, null, "import-certificate", "--keystore", ksFile.getAbsolutePath(), "--keystore-password", "password", "--keystore-type", "JKS", "--alias", serverCertificateAlias, "--certificate-file", serverCertificatePath, "--certificate-file", intermediateCACertificatePath, "--private-key-file", serverKeyPath, "--no-prompt", "--display-keytool-command");
// Test importing an incomplete certificate chain that does not include an
// intermediate certificate.
manageCertificates(ResultCode.PARAM_ERROR, null, "import-certificate", "--keystore", ksFile.getAbsolutePath(), "--keystore-password", "password", "--keystore-type", "JKS", "--alias", serverCertificateAlias, "--certificate-file", serverCertificatePath, "--certificate-file", rootCACertificatePath, "--private-key-file", serverKeyPath, "--no-prompt", "--display-keytool-command");
// Test importing a certificate chain that has a self-signed certificate at
// the head of the chain, and then has other certificates after that.
manageCertificates(ResultCode.PARAM_ERROR, null, "import-certificate", "--keystore", ksFile.getAbsolutePath(), "--keystore-password", "password", "--keystore-type", "JKS", "--alias", serverCertificateAlias, "--certificate-file", rootCACertificatePath, "--certificate-file", intermediateCACertificatePath, "--certificate-file", serverCertificatePath, "--private-key-file", rootCAKeyPath, "--no-prompt", "--display-keytool-command");
// Test importing an empty certificate file.
manageCertificates(ResultCode.PARAM_ERROR, null, "import-certificate", "--keystore", ksFile.getAbsolutePath(), "--keystore-password", "password", "--keystore-type", "JKS", "--alias", serverCertificateAlias, "--certificate-file", emptyPasswordFilePath, "--no-prompt", "--display-keytool-command");
}
Also used :
ASN1OctetString(com.unboundid.asn1.ASN1OctetString)
ASN1Sequence(com.unboundid.asn1.ASN1Sequence)
FileOutputStream(java.io.FileOutputStream)
BufferedReader(java.io.BufferedReader)
FileReader(java.io.FileReader)
ASN1OctetString(com.unboundid.asn1.ASN1OctetString)
ASN1BitString(com.unboundid.asn1.ASN1BitString)
File(java.io.File)
KeyStore(java.security.KeyStore)
PrintWriter(java.io.PrintWriter)
Test(org.testng.annotations.Test)
Aggregations
ASN1Sequence (com.unboundid.asn1.ASN1Sequence)455
ASN1OctetString (com.unboundid.asn1.ASN1OctetString)397
Test (org.testng.annotations.Test)311
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)297
ASN1Element (com.unboundid.asn1.ASN1Element)231
ArrayList (java.util.ArrayList)184
IOException (java.io.IOException)141
NotNull (com.unboundid.util.NotNull)116
ASN1Enumerated (com.unboundid.asn1.ASN1Enumerated)95
ASN1Integer (com.unboundid.asn1.ASN1Integer)94
ASN1Sequence (com.github.zhenwei.core.asn1.ASN1Sequence)85
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)76
ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)73
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)69
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)64
ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)57
Enumeration (java.util.Enumeration)54
ASN1Boolean (com.unboundid.asn1.ASN1Boolean)53
X509Certificate (java.security.cert.X509Certificate)53
BigInteger (java.math.BigInteger)50
