package application;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import gui.CertificateTab;
import helpers.CertificateHelper;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.spec.InvalidKeySpecException;
import java.text.ParseException;
import java.util.Date;
import model.BurpCertificate;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.TemporaryFolder;
public class CloneCertificateTest {
CertificateTabController certificateTabController;
BurpCertificate originalCertificate;
BurpCertificate clonedCertificate;
@Rule
public TemporaryFolder tempFolder = new TemporaryFolder();
@Before
public void setup() {
Security.addProvider(new BouncyCastleProvider());
certificateTabController = new CertificateTabController(new CertificateTab());
String file = "src/test/resources/hsr.pem";
originalCertificate = certificateTabController.importCertificate(file);
clonedCertificate = certificateTabController.cloneCertificate(originalCertificate, new FakeBurpCertificateBuilder(originalCertificate.getSubject()));
assertTrue(originalCertificate.getSubject().equals(clonedCertificate.getSubject()));
}
/*
* X.509v1 Fields
*/
@Test
public void versionNumberIsCorrect() throws IOException, ParseException, CertificateException {
assertEquals(3, clonedCertificate.getVersionNumber());
}
@Test
public void SerialNumberHexIsCorrect() throws IOException, ParseException, CertificateException {
String serialHex = "4d:6b:01:80:e1:82:b9:10:37:3d:e2:31:7c:92:75:94:70:2e:89:35";
assertEquals(serialHex, clonedCertificate.getSerialNumber());
}
@Test
public void serialNumberIsCorrect() throws IOException, ParseException, CertificateException {
BigInteger serial = CertificateHelper.hexStringToBigInteger("4d:6b:01:80:e1:82:b9:10:37:3d:e2:31:7c:92:75:94:70:2e:89:35");
assertEquals(serial, clonedCertificate.getSerialNumberBigInteger());
}
@Test
public void issuerIsCorrect() throws IOException, ParseException, CertificateException {
String issuer = "CN=QuoVadis Global SSL ICA, OU=www.quovadisglobal.com, O=QuoVadis Limited, C=BM";
assertEquals(issuer, clonedCertificate.getIssuer());
}
@Test
public void notBeforeDateIsCorrect() throws IOException, ParseException, CertificateException {
Date notBefore = CertificateHelper.stringToDate("Aug 15 10:56:49 2012 GMT");
assertEquals(notBefore, clonedCertificate.getNotBefore());
}
@Test
public void notAfterDateIsCorrect() throws IOException, ParseException, CertificateException {
Date notAfter = CertificateHelper.stringToDate(("Aug 15 10:56:49 2015 GMT"));
assertEquals(notAfter, clonedCertificate.getNotAfter());
}
@Test
public void validOnDateIsCorrect() throws IOException, ParseException, CertificateException {
Date testDate = CertificateHelper.stringToDate("May 23 23:23:05 2015 GMT");
assertTrue(clonedCertificate.isValidOn(testDate));
}
@Test
public void subjectIsCorrect() throws IOException, ParseException, CertificateException {
String subject = "CN=www.hsr.ch, OU=IT-Systems, O=Hochschule Rapperswil, L=Rapperswil, ST=St. Gallen, C=CH";
assertEquals(subject, clonedCertificate.getSubject());
}
@Test
public void publicKeyAlgorithmIsCorrect() throws IOException, ParseException, CertificateException {
assertEquals("RSA", clonedCertificate.getPublicKeyAlgorithm());
}
@Test
public void keySizeIsCorrect() throws IOException, ParseException, CertificateException {
assertEquals(512, clonedCertificate.getKeySize()); // b/c static key in
// fake class
}
@Test
public void modulusIsCorrect() {
String modulus = "b4:a7:e4:61:70:57:4f:16:a9:70:82:b2:2b:e5:8b:6a:2a:62:97:98:41:9b:e1:28:72:a4:bd:ba:62:6c:fa:e9:90:0f:76:ab:fb:12:13:9d:ce:5d:e5:65:64:fa:b2:b6:54:31:65:a0:40:c6:06:88:74:20:e3:3d:91:ed:7e:d7";
assertEquals(modulus, clonedCertificate.getPublicKeyModulus());
}
@Test
public void exponentIsCorrect() {
String exponent = "11"; // Static, not cloned from certificate
assertEquals(exponent, clonedCertificate.getPublicKeyExponent());
}
/*
* Extensions
*/
@Test
public void hasExtensionsIsCorrect() throws IOException, ParseException, CertificateException {
assertTrue(clonedCertificate.hasExtensions());
}
@Test
public void extensionsCountIsCorrect() throws IOException, ParseException, CertificateException {
assertEquals(8, clonedCertificate.getExtensionsCount());
}
@Test
public void AuthorityKeyIdentifierIsCorrect() throws IOException, CertificateEncodingException, NoSuchAlgorithmException {
String autoirityKeyIdentifier = "32:4D:A1:4F:EA:F0:AE:99:B6:EE:9B:07:2C:84:08:11:50:8B:E2:7E";
assertEquals(autoirityKeyIdentifier, clonedCertificate.getAuthorityKeyIdentifier());
}
@Test
public void subjectKeyIdentifierIsCorrect() throws IOException {
String subjectkeyIdentifier = "78:D1:C7:2B:90:09:82:0F:C7:58:26:02:93:A8:77:D1:12:38:C0:AB";
assertEquals(subjectkeyIdentifier, clonedCertificate.getSubjectKeyIdentifier());
}
@Test
public void subjectAlternativeNamesAreCorrect() throws IOException, ParseException, CertificateException {
String subjectAlternativeNames = "[www.hsr.ch (DNS), log.hsr.ch (DNS), [email protected] (E-Mail)]";
assertEquals(subjectAlternativeNames, clonedCertificate.getSubjectAlternativeNames().toString());
}
@Test
public void keyUsageIsCorrect() throws IOException, ParseException, CertificateException {
assertEquals("[Digital Signature, Key Encipherment]", clonedCertificate.getKeyUsage().toString());
}
@Test
public void extendedKeyUsagesAreCorrect() throws IOException, ParseException, CertificateException {
assertEquals("[Server Authentication, Client Authentication]", clonedCertificate.getExtendedKeyUsage().toString());
}
@Test
public void basicConstraintsIsCorrect() {
assertEquals("CA: False", clonedCertificate.getBasicConstraints());
}
/*
* Signature
*/
@Test
public void signatureAlgorithmIsCorrect() throws IOException, ParseException, CertificateException {
assertEquals("SHA1WITHRSA", clonedCertificate.getSignatureAlgorithm());
}
@Test
public void signatureValueIsCorrect() throws IOException, ParseException, CertificateException {
String signatureValue = "0E:7F:C7:CB:5F:DB:82:5F:26:86:07:39:87:C7:62:D6:62:F6:FD:FC:EE:4D:AA:DD:4C:8D:8C:15:F5:2E:42:E8:D2:20:C2:32:E0:94:CB:AF:26:5C:71:7F:76:51:58:64:0D:56:13:B9:5D:62:54:1B:68:13:7B:BE:0E:A8:F6:3B";
assertEquals(signatureValue, clonedCertificate.getSignature());
}
/*
* Private Key
*/
@Test
public void hasPrivateKeyIsCorrect() {
assertEquals(true, clonedCertificate.hasPrivateKey());
}
// @Test
// public void exportedPrivateKeyIsCorrect() throws IOException, NoSuchAlgorithmException {
// String outputFile = tempFolder.newFile("export_key.pem").toString();
//
// certificateTabController.exportPrivateKey(clonedCertificate, outputFile);
// certificateTabController.exportPrivateKey(clonedCertificate, "/tmp/gugus.pem");
//
// String outputExpected = "-----BEGIN RSA PRIVATE KEY-----MIIBOwIBAAJBALSn5GFwV08WqXCCsivli2oqYpeYQZvhKHKkvbpibPrpkA92q/sSE53OXeVlZPqytlQxZaBAxgaIdCDjPZHtftcCARECQQCfZvawVBDNUDsnCeiBFdVdrO2U0aNNTjK/gk0N3mAornnF8HtYD13OJA1xEffdsTCnlFzX2VfRkgmU2jifSQyJAiEAwKB1jN8UJW941HCMhr7N6tG1CtStbFxwPiFo+/N4hMsCIQDwFzTXlg6mAHDxsG8ruBv6xI/xkq4YRR1eVsc0paq4pQIhALVLue3/IgUdnuYPk1GkhZG2UAoxlCnAaaPjNaHWFxORAiEA09g9ryoM7NM2eub4rhrrgumsL4Fsb8SDUz2Cl914hM0CIQC49S/G84WT2rtmHT9Q+Il/gQbu5osbznipWxMrTltdGQ==-----END RSA PRIVATE KEY-----";
//
// byte[] outputData = Files.readAllBytes(Paths.get(outputFile));
// String outputString = CertificateHelper.byteArrayToString(outputData).replaceAll("\r", "").replace("\n", "");
//
// assertEquals(outputExpected, outputString);
// }
/*
* Export
*/
@Test
public void exportClonedCertificate() throws CertificateException, IOException, InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, OperatorCreationException,
IllegalStateException, SignatureException, InvalidKeySpecException {
String outputFile = tempFolder.newFile("export_cloned.pem").toString();
BurpCertificate clonedCertificate = certificateTabController.cloneCertificate(originalCertificate, new FakeBurpCertificateBuilder(originalCertificate.getSubject()));
certificateTabController.exportCertificate(clonedCertificate, outputFile);
String outputExpedted = "-----BEGIN CERTIFICATE-----MIIDmjCCA0SgAwIBAgIUTWsBgOGCuRA3PeIxfJJ1lHAuiTUwDQYJKoZIhvcNAQEFBQAwazELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHzAdBgNVBAsTFnd3dy5xdW92YWRpc2dsb2JhbC5jb20xIDAeBgNVBAMTF1F1b1ZhZGlzIEdsb2JhbCBTU0wgSUNBMB4XDTEyMDgxNTEwNTY0OVoXDTE1MDgxNTEwNTY0OVowgYExCzAJBgNVBAYTAkNIMRMwEQYDVQQIEwpTdC4gR2FsbGVuMRMwEQYDVQQHEwpSYXBwZXJzd2lsMR4wHAYDVQQKExVIb2Noc2NodWxlIFJhcHBlcnN3aWwxEzARBgNVBAsTCklULVN5c3RlbXMxEzARBgNVBAMTCnd3dy5oc3IuY2gwWjANBgkqhkiG9w0BAQEFAANJADBGAkEAtKfkYXBXTxapcIKyK+WLaipil5hBm+EocqS9umJs+umQD3ar+xITnc5d5WVk+rK2VDFloEDGBoh0IOM9ke1+1wIBEaOCAakwggGlMA4GA1UdDwEB/wQEAwIFoDB0BggrBgEFBQcBAQRoMGYwKgYIKwYBBQUHMAGGHmh0dHA6Ly9vY3NwLnF1b3ZhZGlzZ2xvYmFsLmNvbTA4BggrBgEFBQcwAoYsaHR0cDovL3RydXN0LnF1b3ZhZGlzZ2xvYmFsLmNvbS9xdnNzbGljYS5jcnQwHQYDVR0OBBYEFHjRxyuQCYIPx1gmApOod9ESOMCrMC4GA1UdEQQnMCWCCnd3dy5oc3IuY2iCCmxvZy5oc3IuY2iBC3Jvb3RAaHNyLmNoMDsGA1UdHwQ0MDIwMKAuoCyGKmh0dHA6Ly9jcmwucXVvdmFkaXNnbG9iYWwuY29tL3F2c3NsaWNhLmNybDBRBgNVHSAESjBIMEYGDCsGAQQBvlgAAmQBATA2MDQGCCsGAQUFBwIBFihodHRwOi8vd3d3LnF1b3ZhZGlzZ2xvYmFsLmNvbS9yZXBvc2l0b3J5MB8GA1UdIwQYMBaAFDJNoU/q8K6Ztu6bByyECBFQi+J+MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQUFAANBAA5/x8tf24JfJoYHOYfHYtZi9v387k2q3UyNjBX1LkLo0iDCMuCUy68mXHF/dlFYZA1WE7ldYlQbaBN7vg6o9js=-----END CERTIFICATE-----";
byte[] outputData = Files.readAllBytes(Paths.get(outputFile));
String outputString = CertificateHelper.byteArrayToString(outputData).replaceAll("\r", "").replace("\n", "");
assertEquals(outputExpedted, outputString);
}
}
