@Test
public void testTrustStore()
throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
File caPem = getTempFile("ca/cert.pem");
KeyStore keystore = createKeyStore();
KeyStoreUtil.updateWithCaPem(keystore, caPem);
Enumeration<String> aliases = keystore.aliases();
String alias = aliases.nextElement();
assertFalse(aliases.hasMoreElements());
assertTrue(alias.contains("ca.test.jolokia.org"));
X509Certificate cert = (X509Certificate) keystore.getCertificate(alias);
cert.checkValidity();
assertTrue(cert.getSubjectDN().getName().contains(CA_CERT_SUBJECT_DN_CN));
RSAPublicKey key = (RSAPublicKey) cert.getPublicKey();
assertEquals(key.getAlgorithm(), "RSA");
}
@Test
public void testBoth()
throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException,
InvalidKeySpecException, InvalidKeyException, NoSuchProviderException,
SignatureException {
File caPem = getTempFile("ca/cert.pem");
File serverPem = getTempFile("server/cert.pem");
File keyPem = getTempFile("server/key.pem");
KeyStore keystore = createKeyStore();
KeyStoreUtil.updateWithCaPem(keystore, caPem);
KeyStoreUtil.updateWithServerPems(keystore, serverPem, keyPem, "RSA", new char[0]);
X509Certificate caCert = (X509Certificate) keystore.getCertificate(CA_ALIAS);
X509Certificate serverCert = (X509Certificate) keystore.getCertificate(SERVER_ALIAS);
// Check that server cert is signed by ca
serverCert.verify(caCert.getPublicKey());
}
@Test
public void testInvalid()
throws IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException,
InvalidKeySpecException {
for (String file :
new String[] {"invalid/base64.pem", "invalid/begin.pem", "invalid/end.pem"}) {
File invalidPem = getTempFile(file);
KeyStore keystore = createKeyStore();
try {
KeyStoreUtil.updateWithCaPem(keystore, invalidPem);
fail();
} catch (Exception exp) {
}
try {
KeyStoreUtil.updateWithServerPems(
keystore, getTempFile("server/cert.pem"), invalidPem, "RSA", new char[0]);
fail();
} catch (Exception exp) {
}
}
}
