@Test
public void testBoth()
throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException,
InvalidKeySpecException, InvalidKeyException, NoSuchProviderException,
SignatureException {
File caPem = getTempFile("ca/cert.pem");
File serverPem = getTempFile("server/cert.pem");
File keyPem = getTempFile("server/key.pem");
KeyStore keystore = createKeyStore();
KeyStoreUtil.updateWithCaPem(keystore, caPem);
KeyStoreUtil.updateWithServerPems(keystore, serverPem, keyPem, "RSA", new char[0]);
X509Certificate caCert = (X509Certificate) keystore.getCertificate(CA_ALIAS);
X509Certificate serverCert = (X509Certificate) keystore.getCertificate(SERVER_ALIAS);
// Check that server cert is signed by ca
serverCert.verify(caCert.getPublicKey());
}
@Test
public void testSelfSignedCertificate() throws Exception {
KeyStore keystore = createKeyStore();
KeyStoreUtil.updateWithSelfSignedServerCertificate(keystore);
X509Certificate cert = (X509Certificate) keystore.getCertificate("jolokia-agent");
assertNotNull(cert);
assertEquals(
cert.getSubjectDN().getName(),
"CN=Jolokia Agent "
+ Version.getAgentVersion()
+ ", OU=JVM, O=jolokia.org, L=Pegnitz, ST=Franconia, C=DE");
assertEquals(cert.getSubjectDN(), cert.getIssuerDN());
}
@Test
public void testInvalid()
throws IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException,
InvalidKeySpecException {
for (String file :
new String[] {"invalid/base64.pem", "invalid/begin.pem", "invalid/end.pem"}) {
File invalidPem = getTempFile(file);
KeyStore keystore = createKeyStore();
try {
KeyStoreUtil.updateWithCaPem(keystore, invalidPem);
fail();
} catch (Exception exp) {
}
try {
KeyStoreUtil.updateWithServerPems(
keystore, getTempFile("server/cert.pem"), invalidPem, "RSA", new char[0]);
fail();
} catch (Exception exp) {
}
}
}
@Test
public void testTrustStore()
throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
File caPem = getTempFile("ca/cert.pem");
KeyStore keystore = createKeyStore();
KeyStoreUtil.updateWithCaPem(keystore, caPem);
Enumeration<String> aliases = keystore.aliases();
String alias = aliases.nextElement();
assertFalse(aliases.hasMoreElements());
assertTrue(alias.contains("ca.test.jolokia.org"));
X509Certificate cert = (X509Certificate) keystore.getCertificate(alias);
cert.checkValidity();
assertTrue(cert.getSubjectDN().getName().contains(CA_CERT_SUBJECT_DN_CN));
RSAPublicKey key = (RSAPublicKey) cert.getPublicKey();
assertEquals(key.getAlgorithm(), "RSA");
}
@Test
public void testKeyStore()
throws IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException,
InvalidKeySpecException, UnrecoverableKeyException {
File serverPem = getTempFile("server/cert.pem");
File keyPem = getTempFile("server/key.pem");
KeyStore keystore = createKeyStore();
KeyStoreUtil.updateWithServerPems(keystore, serverPem, keyPem, "RSA", new char[0]);
Enumeration<String> aliases = keystore.aliases();
String alias = aliases.nextElement();
assertFalse(aliases.hasMoreElements());
assertTrue(alias.contains("server"));
X509Certificate cert = (X509Certificate) keystore.getCertificate(alias);
cert.checkValidity();
assertEquals(cert.getSubjectDN().getName(), SERVER_CERT_SUBJECT_DN);
RSAPrivateCrtKey key = (RSAPrivateCrtKey) keystore.getKey(alias, new char[0]);
assertEquals("RSA", key.getAlgorithm());
RSAPublicKey pubKey = (RSAPublicKey) cert.getPublicKey();
assertEquals("RSA", pubKey.getAlgorithm());
}