/*
* The contents of this file are subject to the terms of the Common Development and
* Distribution License (the License). You may not use this file except in compliance with the
* License.
*
* You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
* specific language governing permission and limitations under the License.
*
* When distributing Covered Software, include this CDDL Header Notice in each file and include
* the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
* Header, with the fields enclosed by brackets [] replaced by your own identifying
* information: "Portions copyright [year] [name of copyright owner]".
*
* Copyright 2014 ForgeRock AS.
*/
package com.iplanet.security.x509;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.security.auth.x500.X500Principal;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;
import static org.fest.assertions.Assertions.*;
public class CertUtilsTest {
private static final String CERT_PATH = "/cert/svn.forgerock.org.der";
private static final String COMPLEX_CERT_PATH = "/cert/complex-cert.der";
private static final String ISSUER_CN = "StartCom Class 1 Primary Intermediate Server CA";
private static final String ISSUER_OU = "Secure Digital Certificate Signing";
private static final String ISSUER_O = "StartCom Ltd.";
private static final String ISSUER_C = "IL";
private static final String ISSUER_NAME = "CN=" + ISSUER_CN + ",OU=" + ISSUER_OU + ",O=" + ISSUER_O
+ ",C=" + ISSUER_C;
private static final String SUBJECT_EMAIL = "postmaster@forgerock.org";
private static final String SUBJECT_CN = "svn.forgerock.org";
private static final String SUBJECT_C = "GB";
private static final String SUBJECT_NAME = "E=" + SUBJECT_EMAIL + ",CN=" + SUBJECT_CN + ",C=" + SUBJECT_C
+ ",2.5.4.13=#131042723878424475366132364930453265";
private static final String DUMMY_CN = "hello";
private static final String DUMMY_UID = "world";
private static final String DUMMY_DC = "com";
private static final X500Principal MULTI_VALUED_PRINCIPAL
= new X500Principal("cn=" + DUMMY_CN + "+uid=" + DUMMY_UID + ",dc=internal,dc=forgerock,dc=" + DUMMY_DC);
private static X509Certificate cert;
@BeforeClass
public void setup() throws Exception {
cert = getCertificate(CERT_PATH);
}
private X509Certificate getCertificate(String path) throws Exception {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
return (X509Certificate) cf.generateCertificate(getClass().getResourceAsStream(path));
}
@Test
public void issuerNameIsCorrectlyRetrieved() {
assertThat(CertUtils.getIssuerName(cert)).isEqualTo(ISSUER_NAME);
}
@Test
public void subjectNameIsCorrectlyRetrieved() {
assertThat(CertUtils.getSubjectName(cert)).isEqualTo(SUBJECT_NAME);
}
@Test
public void attributesAreCorrectlyRetrievedFromX500Principals() {
assertThat(CertUtils.getAttributeValue(cert.getIssuerX500Principal(), "cn")).isEqualTo(ISSUER_CN);
assertThat(CertUtils.getAttributeValue(cert.getIssuerX500Principal(), "ou")).isEqualTo(ISSUER_OU);
assertThat(CertUtils.getAttributeValue(cert.getIssuerX500Principal(), "o")).isEqualTo(ISSUER_O);
assertThat(CertUtils.getAttributeValue(cert.getIssuerX500Principal(), "c")).isEqualTo(ISSUER_C);
assertThat(CertUtils.getAttributeValue(cert.getSubjectX500Principal(), "e"))
.isEqualTo(SUBJECT_EMAIL);
assertThat(CertUtils.getAttributeValue(cert.getSubjectX500Principal(), "cn")).isEqualTo(SUBJECT_CN);
assertThat(CertUtils.getAttributeValue(cert.getSubjectX500Principal(), "c")).isEqualTo(SUBJECT_C);
}
@Test
public void multiValuedRDNsAreCorrectlyHandled() {
assertThat(CertUtils.getAttributeValue(MULTI_VALUED_PRINCIPAL, "cn")).isEqualTo(DUMMY_CN);
assertThat(CertUtils.getAttributeValue(MULTI_VALUED_PRINCIPAL, "uid")).isEqualTo(DUMMY_UID);
}
@Test
public void topLevelValueReturnedWhenAttributeIsDefinedMultipleTimes() {
assertThat(CertUtils.getAttributeValue(MULTI_VALUED_PRINCIPAL, "dc")).isEqualTo(DUMMY_DC);
}
@Test
public void testComplexSubjectDN() throws Exception {
X509Certificate complexCert = getCertificate(COMPLEX_CERT_PATH);
X500Principal principal = complexCert.getSubjectX500Principal();
assertThat(CertUtils.getAttributeValue(principal, "givenName")).isEqualTo("Barbara");
assertThat(CertUtils.getAttributeValue(principal, "sn")).isEqualTo("Jensen");
assertThat(CertUtils.getAttributeValue(principal, "serialNumber")).isEqualTo("123");
assertThat(CertUtils.getAttributeValue(principal, "street")).isEqualTo("Anystreet");
assertThat(CertUtils.getAttributeValue(principal, "title")).isEqualTo("CEO");
assertThat(CertUtils.getAttributeValue(principal, "uid")).isEqualTo("bjensen");
assertThat(CertUtils.getAttributeValue(principal, "dc")).isEqualTo("Foo");
assertThat(CertUtils.getAttributeValue(principal, "initials")).isEqualTo("BJ");
assertThat(CertUtils.getAttributeValue(principal, "generationQualifier")).isEqualTo("I");
assertThat(CertUtils.getAttributeValue(principal, "dnQualifier")).isEqualTo("123456A");
assertThat(CertUtils.getAttributeValue(principal, "unstructuredName")).isEqualTo("Jensen Barbara");
assertThat(CertUtils.getAttributeValue(principal, "unstructuredAddress")).isEqualTo("streetAny");
assertThat(CertUtils.getAttributeValue(principal, "c")).isEqualTo("US");
assertThat(CertUtils.getAttributeValue(principal, "st")).isEqualTo("California");
assertThat(CertUtils.getAttributeValue(principal, "l")).isEqualTo("San Francisco");
assertThat(CertUtils.getAttributeValue(principal, "o")).isEqualTo("Demo");
assertThat(CertUtils.getAttributeValue(principal, "ou")).isEqualTo("Product Development");
assertThat(CertUtils.getAttributeValue(principal, "cn")).isEqualTo("Babs Jensen");
assertThat(CertUtils.getAttributeValue(principal, "e")).isEqualTo("bjensen@example.com");
}
}