TrustServiceFileSystemCAManagerOnlyTest.java

package org.cagrid.trust.service.core;

import org.apache.commons.io.FileUtils;
import org.cagrid.gaards.pki.CRLEntry;
import org.cagrid.gaards.pki.CertUtil;
import org.cagrid.trust.service.test.utils.CA;
import org.cagrid.trust.service.test.utils.Credential;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

import javax.net.ssl.X509TrustManager;
import java.io.File;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;


/**
 * Created by langella on 2/14/14.
 */


public class TrustServiceFileSystemCAManagerOnlyTest {

    private File trustedCADirectory = new File("trusted-certificate-authorities");
    private TrustService trustService;

    @Before
    public void setup() {
        try {
            FileUtils.deleteDirectory(trustedCADirectory);
            trustedCADirectory.mkdirs();
            this.trustService = new TrustService();
            this.trustService.setTrustedCAManager(new FileSystemTrustedCAManager(trustedCADirectory.getAbsolutePath()));

        } catch (Exception e) {
            e.printStackTrace();
            Assert.fail(e.getMessage());
        }
    }

    @After
    public void cleanup() {
        trustedCADirectory.mkdirs();
    }

    @Test
    public void testWithAndWithoutCRL() {
        try {


            String caDN1 = "O=Organization ABC,OU=Unit XYZ,CN=Certificate Authority";
            String caDN2 = "O=Organization 123,OU=Unit 456,CN=Certificate Authority";

            CA ca1 = new CA(caDN1);
            CA ca2 = new CA(caDN2);


            Credential ca1User1 = ca1.createIdentityCertificate("CA ABC User 1");

            Assert.assertFalse(isServerTrusted(ca1User1));
            Assert.assertFalse(isClientTrusted(ca1User1));

            writeTrustedCertificateAuthority("ABC", ca1);
            this.trustService.reloadTrustManagers();
            Assert.assertTrue(isServerTrusted(ca1User1));
            Assert.assertTrue(isClientTrusted(ca1User1));

            Credential ca2User1 = ca2.createIdentityCertificate("CA 123 User 1");
            Assert.assertFalse(isServerTrusted(ca2User1));
            Assert.assertFalse(isClientTrusted(ca2User1));

            writeTrustedCertificateAuthority("123", ca2);
            this.trustService.reloadTrustManagers();
            Assert.assertTrue(isServerTrusted(ca1User1));
            Assert.assertTrue(isServerTrusted(ca2User1));
            Assert.assertTrue(isClientTrusted(ca1User1));
            Assert.assertTrue(isClientTrusted(ca2User1));

            Credential ca2User2 = ca2.createIdentityCertificate("CA 123 User 2");
            Assert.assertTrue(isServerTrusted(ca1User1));
            Assert.assertTrue(isServerTrusted(ca2User1));
            Assert.assertTrue(isServerTrusted(ca2User2));
            Assert.assertTrue(isClientTrusted(ca1User1));
            Assert.assertTrue(isClientTrusted(ca2User1));
            Assert.assertTrue(isClientTrusted(ca2User2));

            ca2.updateCRL(new CRLEntry(ca2User2.getCertificate().getSerialNumber(), 9));
            writeTrustedCertificateAuthority("123", ca2);
            this.trustService.reloadTrustManagers();
            Assert.assertTrue(isServerTrusted(ca1User1));
            Assert.assertTrue(isServerTrusted(ca2User1));
            Assert.assertFalse(isServerTrusted(ca2User2));
            Assert.assertTrue(isClientTrusted(ca1User1));
            Assert.assertTrue(isClientTrusted(ca2User1));
            Assert.assertFalse(isClientTrusted(ca2User2));


            System.out.println(caDN1);
        } catch (Exception e) {
            e.printStackTrace();
            Assert.fail(e.getMessage());
        }

    }

    private boolean isClientTrusted(Credential c) {
        return isClientTrusted(getChain(c));
    }

    private boolean isClientTrusted(X509Certificate[] chain) {
        X509TrustManager tm = this.trustService.getTrustManager();

        try {
            tm.checkClientTrusted(chain, "RSA");
            return true;
        } catch (CertificateException e) {

        }


        return false;
    }

    private boolean isServerTrusted(Credential c) {
        return isServerTrusted(getChain(c));
    }

    private boolean isServerTrusted(X509Certificate[] chain) {
        X509TrustManager tm = this.trustService.getTrustManager();

        try {
            tm.checkServerTrusted(chain, "RSA");
            return true;
        } catch (CertificateException e) {

        }


        return false;
    }

    private X509Certificate[] getChain(Credential c) {
        X509Certificate[] chain = new X509Certificate[1];
        chain[0] = c.getCertificate();
        return chain;
    }


    private void writeTrustedCertificateAuthority(String name, CA ca) throws Exception {
        File certFile = new File(this.trustedCADirectory.getAbsolutePath() + File.separator + name + ".cert");
        CertUtil.writeCertificate(ca.getCertificate(), certFile);
        if (ca.getCRL() != null) {
            File crlFile = new File(this.trustedCADirectory.getAbsolutePath() + File.separator + name + ".crl");
            CertUtil.writeCRL(ca.getCRL(), crlFile);
        }
    }

}