Search in sources :

Example 1 with OcspStaplingManager

use of org.carapaceproxy.server.certificates.ocsp.OcspStaplingManager in project carapaceproxy by diennea.

the class CertificatesTest method testOCSP.

@Test
public void testOCSP() throws Exception {
    configureAndStartServer();
    int port = server.getLocalPort();
    OcspStaplingManager ocspMan = mock(OcspStaplingManager.class);
    server.setOcspStaplingManager(ocspMan);
    DynamicCertificatesManager dynCertMan = server.getDynamicCertificatesManager();
    // Upload certificate and check its OCSP response
    Certificate[] uploadedChain;
    KeyPair endUserKeyPair = KeyPairUtils.createKeyPair(DEFAULT_KEYPAIRS_SIZE);
    uploadedChain = generateSampleChain(endUserKeyPair, false);
    OCSPResp ocspResp = generateOCSPResponse(uploadedChain, CertificateStatus.GOOD);
    when(ocspMan.getOcspResponseForCertificate(uploadedChain[0])).thenReturn(ocspResp.getEncoded());
    byte[] chainData = createKeystore(uploadedChain, endUserKeyPair.getPrivate());
    try (RawHttpClient client = new RawHttpClient("localhost", DEFAULT_ADMIN_PORT)) {
        RawHttpClient.HttpResponse resp = uploadCertificate("localhost", null, chainData, client, credentials);
        assertTrue(resp.getBodyString().contains("SUCCESS"));
        CertificateData data = dynCertMan.getCertificateDataForDomain("localhost");
        assertNotNull(data);
        assertTrue(data.isManual());
        assertTrue(data.getState() == DynamicCertificateState.AVAILABLE);
    }
    // check ocsp response
    try (RawHttpClient c = new RawHttpClient("localhost", port, true, "localhost")) {
        RawHttpClient.HttpResponse r = c.get("/index.html", credentials);
        assertEquals("it <b>works</b> !!", r.getBodyString());
        Certificate[] obtainedChain = c.getServerCertificate();
        assertNotNull(obtainedChain);
        CertificatesUtils.compareChains(uploadedChain, obtainedChain);
        ExtendedSSLSession session = (ExtendedSSLSession) c.getSSLSocket().getSession();
        List<byte[]> statusResponses = session.getStatusResponses();
        assertEquals(1, statusResponses.size());
    }
}
Also used : RawHttpClient(org.carapaceproxy.utils.RawHttpClient) KeyPair(java.security.KeyPair) HttpResponse(org.carapaceproxy.utils.RawHttpClient.HttpResponse) ExtendedSSLSession(javax.net.ssl.ExtendedSSLSession) OcspStaplingManager(org.carapaceproxy.server.certificates.ocsp.OcspStaplingManager) OCSPResp(org.bouncycastle.cert.ocsp.OCSPResp) BasicOCSPResp(org.bouncycastle.cert.ocsp.BasicOCSPResp) CertificateData(org.carapaceproxy.configstore.CertificateData) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate) CertificatesTestUtils.uploadCertificate(org.carapaceproxy.utils.CertificatesTestUtils.uploadCertificate) Test(org.junit.Test)

Aggregations

KeyPair (java.security.KeyPair)1 Certificate (java.security.cert.Certificate)1 X509Certificate (java.security.cert.X509Certificate)1 ExtendedSSLSession (javax.net.ssl.ExtendedSSLSession)1 BasicOCSPResp (org.bouncycastle.cert.ocsp.BasicOCSPResp)1 OCSPResp (org.bouncycastle.cert.ocsp.OCSPResp)1 CertificateData (org.carapaceproxy.configstore.CertificateData)1 OcspStaplingManager (org.carapaceproxy.server.certificates.ocsp.OcspStaplingManager)1 CertificatesTestUtils.uploadCertificate (org.carapaceproxy.utils.CertificatesTestUtils.uploadCertificate)1 RawHttpClient (org.carapaceproxy.utils.RawHttpClient)1 HttpResponse (org.carapaceproxy.utils.RawHttpClient.HttpResponse)1 Test (org.junit.Test)1