kerby-pkix/src/test/java/org/apache/commons/ssl/CertificatesTest.java

package org.apache.commons.ssl;

import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.mockito.runners.MockitoJUnitRunner;

import javax.security.auth.x500.X500Principal;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.cert.X509Certificate;

import static org.apache.commons.ssl.JUnitConfig.TEST_HOME;
import static org.mockito.Mockito.when;

/**
 * Created by julius on 06/09/14.
 */
@RunWith(MockitoJUnitRunner.class)
public class CertificatesTest {

    @Mock
    private X509Certificate x509;

    @Test
    public void testGetCNsMocked() {
        X500Principal normal = new X500Principal("CN=abc,OU=ou,O=o,C=canada,EMAILADDRESS=bob@bob.com");
        X500Principal bad1 = new X500Principal("CN=\"abc,CN=foo.com,\",OU=ou,O=o,C=canada,EMAILADDRESS=bob@bob.com");
        X500Principal bad2 = new X500Principal("ou=\",CN=evil.ca,\",  CN=good.net");

        when(x509.getSubjectX500Principal()).thenReturn(normal);
        String[] cns = Certificates.getCNs(x509);
        Assert.assertEquals(1, cns.length);
        Assert.assertEquals("abc", cns[0]);

        when(x509.getSubjectX500Principal()).thenReturn(bad2);
        cns = Certificates.getCNs(x509);
        Assert.assertEquals(1, cns.length);
        Assert.assertEquals("good.net", cns[0]);

        when(x509.getSubjectX500Principal()).thenReturn(bad1);
        cns = Certificates.getCNs(x509);
        Assert.assertEquals(1, cns.length);
        Assert.assertEquals("abc,CN=foo.com,", cns[0]);
    }

    @Test
    public void testGetCNsReal() throws IOException, GeneralSecurityException {
        String samplesDir = TEST_HOME + "x509";

        TrustMaterial tm = new TrustMaterial(samplesDir + "/x509_three_cns_foo_bar_hanako.pem");
        X509Certificate c = (X509Certificate) tm.getCertificates().first();
        String[] cns = Certificates.getCNs(c);
        Assert.assertEquals(3, cns.length);
        Assert.assertEquals("foo.com", cns[0]);
        Assert.assertEquals("bar.com", cns[1]);
        //Assert.assertEquals("花子.co.jp", cns[2]);

        tm = new TrustMaterial(samplesDir + "/x509_foo_bar_hanako.pem");
        c = (X509Certificate) tm.getCertificates().first();
        cns = Certificates.getCNs(c);
        Assert.assertEquals(1, cns.length);
        Assert.assertEquals("foo.com", cns[0]);

        tm = new TrustMaterial(samplesDir + "/x509_wild_co_jp.pem");
        c = (X509Certificate) tm.getCertificates().first();
        cns = Certificates.getCNs(c);
        Assert.assertEquals(1, cns.length);
        Assert.assertEquals("*.co.jp", cns[0]);

        tm = new TrustMaterial(samplesDir + "/x509_wild_foo_bar_hanako.pem");
        c = (X509Certificate) tm.getCertificates().first();
        cns = Certificates.getCNs(c);
        Assert.assertEquals(1, cns.length);
        Assert.assertEquals("*.foo.com", cns[0]);

        tm = new TrustMaterial(samplesDir + "/x509_wild_foo.pem");
        c = (X509Certificate) tm.getCertificates().first();
        cns = Certificates.getCNs(c);
        Assert.assertEquals(1, cns.length);
        Assert.assertEquals("*.foo.com", cns[0]);
    }
}