use of org.carapaceproxy.server.certificates.ocsp.OcspStaplingManager in project carapaceproxy by diennea.
the class CertificatesTest method testOCSP.
@Test
public void testOCSP() throws Exception {
configureAndStartServer();
int port = server.getLocalPort();
OcspStaplingManager ocspMan = mock(OcspStaplingManager.class);
server.setOcspStaplingManager(ocspMan);
DynamicCertificatesManager dynCertMan = server.getDynamicCertificatesManager();
// Upload certificate and check its OCSP response
Certificate[] uploadedChain;
KeyPair endUserKeyPair = KeyPairUtils.createKeyPair(DEFAULT_KEYPAIRS_SIZE);
uploadedChain = generateSampleChain(endUserKeyPair, false);
OCSPResp ocspResp = generateOCSPResponse(uploadedChain, CertificateStatus.GOOD);
when(ocspMan.getOcspResponseForCertificate(uploadedChain[0])).thenReturn(ocspResp.getEncoded());
byte[] chainData = createKeystore(uploadedChain, endUserKeyPair.getPrivate());
try (RawHttpClient client = new RawHttpClient("localhost", DEFAULT_ADMIN_PORT)) {
RawHttpClient.HttpResponse resp = uploadCertificate("localhost", null, chainData, client, credentials);
assertTrue(resp.getBodyString().contains("SUCCESS"));
CertificateData data = dynCertMan.getCertificateDataForDomain("localhost");
assertNotNull(data);
assertTrue(data.isManual());
assertTrue(data.getState() == DynamicCertificateState.AVAILABLE);
}
// check ocsp response
try (RawHttpClient c = new RawHttpClient("localhost", port, true, "localhost")) {
RawHttpClient.HttpResponse r = c.get("/index.html", credentials);
assertEquals("it <b>works</b> !!", r.getBodyString());
Certificate[] obtainedChain = c.getServerCertificate();
assertNotNull(obtainedChain);
CertificatesUtils.compareChains(uploadedChain, obtainedChain);
ExtendedSSLSession session = (ExtendedSSLSession) c.getSSLSocket().getSession();
List<byte[]> statusResponses = session.getStatusResponses();
assertEquals(1, statusResponses.size());
}
}
Aggregations