List of usage examples for org.apache.commons.lang.time FastDateFormat format
public String format(Calendar calendar)
Formats a Calendar object.
From source file:org.apache.james.imap.encode.EncoderUtils.java
/** * Encodes a date in IMAP <code>date-time</code> format. * /*from w ww . j ava2 s. c om*/ * @param date * <code>Date</code>, not null * @return encoded IMAP <code>date-time</code>, not null */ public static String encodeDateTime(Date date) { final FastDateFormat format = FastDateFormat.getInstance("dd-MMM-yyyy HH:mm:ss Z", TimeZone.getTimeZone("GMT"), Locale.US); return format.format(date); }
From source file:org.apache.james.protocols.imap.utils.DecoderUtilsTest.java
private String formatAsImap(Date date, TimeZone zone) { assertNotNull(date);//from w ww . j a va 2s .c o m FastDateFormat format = FastDateFormat.getInstance("dd-MMM-yyyy hh:mm:ss Z", zone, Locale.US); String out = format.format(date); if (out.charAt(0) == '0') { out = ' ' + out.substring(1, out.length()); } return out; }
From source file:org.cesecore.certificates.endentity.ExtendedInformation.java
/** Implementation of UpgradableDataHashMap function upgrade. */ public void upgrade() { if (Float.compare(LATEST_VERSION, getVersion()) != 0) { // New version of the class, upgrade String msg = intres.getLocalizedMessage("endentity.extendedinfoupgrade", new Float(getVersion())); log.info(msg);// ww w .j av a 2 s. c o m if (data.get(SUBJECTDIRATTRIBUTES) == null) { data.put(SUBJECTDIRATTRIBUTES, ""); } if (data.get(MAXFAILEDLOGINATTEMPTS) == null) { setMaxLoginAttempts(DEFAULT_MAXLOGINATTEMPTS); } if (data.get(REMAININGLOGINATTEMPTS) == null) { setRemainingLoginAttempts(DEFAULT_REMAININGLOGINATTEMPTS); } // In EJBCA 4.0.0 we changed the date format if (getVersion() < 3) { final DateFormat oldDateFormat = DateFormat.getDateTimeInstance(DateFormat.MEDIUM, DateFormat.SHORT, Locale.US); final FastDateFormat newDateFormat = FastDateFormat.getInstance("yyyy-MM-dd HH:mm"); try { final String oldCustomStartTime = getCustomData(ExtendedInformation.CUSTOM_STARTTIME); if (!isEmptyOrRelative(oldCustomStartTime)) { // We use an absolute time format, so we need to upgrade final String newCustomStartTime = newDateFormat .format(oldDateFormat.parse(oldCustomStartTime)); setCustomData(ExtendedInformation.CUSTOM_STARTTIME, newCustomStartTime); if (log.isDebugEnabled()) { log.debug("Upgraded " + ExtendedInformation.CUSTOM_STARTTIME + " from \"" + oldCustomStartTime + "\" to \"" + newCustomStartTime + "\" in ExtendedInformation."); } } } catch (ParseException e) { log.error("Unable to upgrade " + ExtendedInformation.CUSTOM_STARTTIME + " in extended user information.", e); } try { final String oldCustomEndTime = getCustomData(ExtendedInformation.CUSTOM_ENDTIME); if (!isEmptyOrRelative(oldCustomEndTime)) { // We use an absolute time format, so we need to upgrade final String newCustomEndTime = newDateFormat.format(oldDateFormat.parse(oldCustomEndTime)); setCustomData(ExtendedInformation.CUSTOM_ENDTIME, newCustomEndTime); if (log.isDebugEnabled()) { log.debug( "Upgraded " + ExtendedInformation.CUSTOM_ENDTIME + " from \"" + oldCustomEndTime + "\" to \"" + newCustomEndTime + "\" in ExtendedInformation."); } } } catch (ParseException e) { log.error("Unable to upgrade " + ExtendedInformation.CUSTOM_ENDTIME + " in extended user information.", e); } } // In 4.0.2 we further specify the storage format by saying that UTC TimeZone is implied instead of local server time if (getVersion() < 4) { final String[] timePatterns = { "yyyy-MM-dd HH:mm" }; final String oldStartTime = getCustomData(ExtendedInformation.CUSTOM_STARTTIME); if (!isEmptyOrRelative(oldStartTime)) { try { final String newStartTime = ValidityDate .formatAsUTC(DateUtils.parseDateStrictly(oldStartTime, timePatterns)); setCustomData(ExtendedInformation.CUSTOM_STARTTIME, newStartTime); if (log.isDebugEnabled()) { log.debug("Upgraded " + ExtendedInformation.CUSTOM_STARTTIME + " from \"" + oldStartTime + "\" to \"" + newStartTime + "\" in EndEntityProfile."); } } catch (ParseException e) { log.error("Unable to upgrade " + ExtendedInformation.CUSTOM_STARTTIME + " to UTC in EndEntityProfile! Manual interaction is required (edit and verify).", e); } } final String oldEndTime = getCustomData(ExtendedInformation.CUSTOM_ENDTIME); if (!isEmptyOrRelative(oldEndTime)) { // We use an absolute time format, so we need to upgrade try { final String newEndTime = ValidityDate .formatAsUTC(DateUtils.parseDateStrictly(oldEndTime, timePatterns)); setCustomData(ExtendedInformation.CUSTOM_ENDTIME, newEndTime); if (log.isDebugEnabled()) { log.debug("Upgraded " + ExtendedInformation.CUSTOM_ENDTIME + " from \"" + oldEndTime + "\" to \"" + newEndTime + "\" in EndEntityProfile."); } } catch (ParseException e) { log.error("Unable to upgrade " + ExtendedInformation.CUSTOM_ENDTIME + " to UTC in EndEntityProfile! Manual interaction is required (edit and verify).", e); } } } data.put(VERSION, Float.valueOf(LATEST_VERSION)); } }
From source file:org.cesecore.certificates.ocsp.logging.PatternLogger.java
/** * @param doLogging/*from w w w .j a v a 2s . c om*/ * True if you want this pattern logger to do anything upon flush. * @param logger * The Class to create Log4j logger for, to log to if doLogging is true * @param matchPattern * A string to create a matcher that is used together with matchString to determine how output is formatted * @param matchString * A string that matches the pattern in m and specifies the order in which values are logged by the logger * @param logger * A log4j Logger that is used for output * @param logDateFormat * A string that specifies how the log-time is formatted * @param timeZone */ protected PatternLogger(boolean doLogging, Class<?> loggerClass, String matchPattern, String matchString, String logDateFormat, String timeZone) { this.doLogging = doLogging; this.matchString = matchString; this.matchPattern = matchPattern; this.orderString = matchString; this.loggerClass = loggerClass; this.startTime = new Date(); final FastDateFormat dateformat; if (timeZone == null) { dateformat = FastDateFormat.getInstance(logDateFormat); } else { dateformat = FastDateFormat.getInstance(logDateFormat, TimeZone.getTimeZone(timeZone)); } paramPut(LOG_TIME, dateformat.format(new Date())); this.paramPut(REPLY_TIME, REPLY_TIME); this.paramPut(LOG_ID, "0"); }
From source file:org.ejbca.core.model.ra.ExtendedInformation.java
/** Implementation of UpgradableDataHashMap function upgrade. */ public void upgrade() { if (Float.compare(LATEST_VERSION, getVersion()) != 0) { // New version of the class, upgrade String msg = intres.getLocalizedMessage("endentity.extendedinfoupgrade", new Float(getVersion())); log.info(msg);/*from ww w. ja va 2s . c o m*/ if (data.get(SUBJECTDIRATTRIBUTES) == null) { data.put(SUBJECTDIRATTRIBUTES, ""); } if (data.get(MAXFAILEDLOGINATTEMPTS) == null) { setMaxLoginAttempts(DEFAULT_MAXLOGINATTEMPTS); } if (data.get(REMAININGLOGINATTEMPTS) == null) { setRemainingLoginAttempts(DEFAULT_REMAININGLOGINATTEMPTS); } // In EJBCA 4.0.0 we changed the date format if (getVersion() < 3) { final DateFormat oldDateFormat = DateFormat.getDateTimeInstance(DateFormat.MEDIUM, DateFormat.SHORT, Locale.US); final FastDateFormat newDateFormat = FastDateFormat.getInstance("yyyy-MM-dd HH:mm"); try { final String oldCustomStartTime = getCustomData(ExtendedInformation.CUSTOM_STARTTIME); if (!isEmptyOrRelative(oldCustomStartTime)) { // We use an absolute time format, so we need to upgrade final String newCustomStartTime = newDateFormat .format(oldDateFormat.parse(oldCustomStartTime)); setCustomData(ExtendedInformation.CUSTOM_STARTTIME, newCustomStartTime); if (log.isDebugEnabled()) { log.debug("Upgraded " + ExtendedInformation.CUSTOM_STARTTIME + " from \"" + oldCustomStartTime + "\" to \"" + newCustomStartTime + "\" in ExtendedInformation."); } } } catch (ParseException e) { log.error("Unable to upgrade " + ExtendedInformation.CUSTOM_STARTTIME + " in extended user information.", e); } try { final String oldCustomEndTime = getCustomData(ExtendedInformation.CUSTOM_ENDTIME); if (!isEmptyOrRelative(oldCustomEndTime)) { // We use an absolute time format, so we need to upgrade final String newCustomEndTime = newDateFormat.format(oldDateFormat.parse(oldCustomEndTime)); setCustomData(ExtendedInformation.CUSTOM_ENDTIME, newCustomEndTime); if (log.isDebugEnabled()) { log.debug( "Upgraded " + ExtendedInformation.CUSTOM_ENDTIME + " from \"" + oldCustomEndTime + "\" to \"" + newCustomEndTime + "\" in ExtendedInformation."); } } } catch (ParseException e) { log.error("Unable to upgrade " + ExtendedInformation.CUSTOM_ENDTIME + " in extended user information.", e); } } // In 4.0.2 we further specify the storage format by saying that UTC TimeZone is implied instead of local server time if (getVersion() < 4) { final String[] timePatterns = { "yyyy-MM-dd HH:mm" }; final String oldStartTime = getCustomData(ExtendedInformation.CUSTOM_STARTTIME); if (!isEmptyOrRelative(oldStartTime)) { try { final String newStartTime = ValidityDate .formatAsUTC(DateUtils.parseDateStrictly(oldStartTime, timePatterns)); setCustomData(ExtendedInformation.CUSTOM_STARTTIME, newStartTime); if (log.isDebugEnabled()) { log.debug("Upgraded " + ExtendedInformation.CUSTOM_STARTTIME + " from \"" + oldStartTime + "\" to \"" + newStartTime + "\" in EndEntityProfile."); } } catch (ParseException e) { log.error("Unable to upgrade " + ExtendedInformation.CUSTOM_STARTTIME + " to UTC in EndEntityProfile! Manual interaction is required (edit and verify).", e); } } final String oldEndTime = getCustomData(ExtendedInformation.CUSTOM_ENDTIME); if (!isEmptyOrRelative(oldEndTime)) { // We use an absolute time format, so we need to upgrade try { final String newEndTime = ValidityDate .formatAsUTC(DateUtils.parseDateStrictly(oldEndTime, timePatterns)); setCustomData(ExtendedInformation.CUSTOM_ENDTIME, newEndTime); if (log.isDebugEnabled()) { log.debug("Upgraded " + ExtendedInformation.CUSTOM_ENDTIME + " from \"" + oldEndTime + "\" to \"" + newEndTime + "\" in EndEntityProfile."); } } catch (ParseException e) { log.error("Unable to upgrade " + ExtendedInformation.CUSTOM_ENDTIME + " to UTC in EndEntityProfile! Manual interaction is required (edit and verify).", e); } } } data.put(VERSION, new Float(LATEST_VERSION)); } }
From source file:org.ejbca.core.model.ra.raadmin.EndEntityProfile.java
/** Implementation of UpgradableDataHashMap function upgrade. */ public void upgrade() { log.trace(">upgrade"); if (Float.compare(LATEST_VERSION, getVersion()) != 0) { String msg = intres.getLocalizedMessage("ra.eeprofileupgrade", new Float(getVersion())); log.info(msg);// w ww . j a va 2 s . c o m // New version of the class, upgrade if (getVersion() < 1) { @SuppressWarnings("unchecked") ArrayList<Integer> numberarray = (ArrayList<Integer>) data.get(NUMBERARRAY); while (numberarray.size() < 37) { numberarray.add(Integer.valueOf(0)); } data.put(NUMBERARRAY, numberarray); } if (getVersion() < 2) { @SuppressWarnings("unchecked") ArrayList<Integer> numberarray = (ArrayList<Integer>) data.get(NUMBERARRAY); while (numberarray.size() < 39) { numberarray.add(Integer.valueOf(0)); } data.put(NUMBERARRAY, numberarray); addField(AVAILCAS); addField(DEFAULTCA); setRequired(AVAILCAS, 0, true); setRequired(DEFAULTCA, 0, true); } if (getVersion() < 3) { // These fields have been removed in version 8, no need for this upgrade //setNotificationSubject(""); //setNotificationSender(""); //setNotificationMessage(""); } if (getVersion() < 4) { @SuppressWarnings("unchecked") ArrayList<Integer> numberoffields = (ArrayList<Integer>) data.get(NUMBERARRAY); for (int i = numberoffields.size(); i < dataConstants.size(); i++) { numberoffields.add(Integer.valueOf(0)); } data.put(NUMBERARRAY, numberoffields); } // Support for DirectoryName altname field in profile version 5 if (getVersion() < 5) { addField(DnComponents.DIRECTORYNAME); setValue(DnComponents.DIRECTORYNAME, 0, ""); setRequired(DnComponents.DIRECTORYNAME, 0, false); setUse(DnComponents.DIRECTORYNAME, 0, true); setModifyable(DnComponents.DIRECTORYNAME, 0, true); } // Support for Subject Directory Attributes field in profile version 6 if (getVersion() < 6) { @SuppressWarnings("unchecked") ArrayList<Integer> numberoffields = (ArrayList<Integer>) data.get(NUMBERARRAY); for (int i = numberoffields.size(); i < dataConstants.size(); i++) { numberoffields.add(Integer.valueOf(0)); } data.put(NUMBERARRAY, numberoffields); data.put(SUBJECTDIRATTRFIELDORDER, new ArrayList<Integer>()); for (int i = getParameterNumber(DnComponents.DATEOFBIRTH); i <= getParameterNumber( DnComponents.COUNTRYOFRESIDENCE); i++) { addField(getParameter(i)); setValue(getParameter(i), 0, ""); setRequired(getParameter(i), 0, false); setUse(getParameter(i), 0, false); setModifyable(getParameter(i), 0, true); } } // Support for Start Time and End Time field in profile version 7 if (getVersion() < 7) { @SuppressWarnings("unchecked") ArrayList<Integer> numberoffields = (ArrayList<Integer>) data.get(NUMBERARRAY); for (int i = numberoffields.size(); i < dataConstants.size(); i++) { numberoffields.add(Integer.valueOf(0)); } data.put(NUMBERARRAY, numberoffields); addField(STARTTIME); setValue(STARTTIME, 0, ""); setRequired(STARTTIME, 0, false); setUse(STARTTIME, 0, false); setModifyable(STARTTIME, 0, true); addField(ENDTIME); setValue(ENDTIME, 0, ""); setRequired(ENDTIME, 0, false); setUse(ENDTIME, 0, false); setModifyable(ENDTIME, 0, true); } // Notifications is now a more general mechanism in version 8 if (getVersion() < 8) { log.debug("Upgrading User Notifications"); if (data.get(UserNotification.NOTIFICATIONSENDER) != null) { UserNotification not = new UserNotification(); not.setNotificationSender((String) data.get(UserNotification.NOTIFICATIONSENDER)); if (data.get(UserNotification.NOTIFICATIONSUBJECT) != null) { not.setNotificationSubject((String) data.get(UserNotification.NOTIFICATIONSUBJECT)); } if (data.get(UserNotification.NOTIFICATIONMESSAGE) != null) { not.setNotificationMessage((String) data.get(UserNotification.NOTIFICATIONMESSAGE)); } // Add the statuschanges we used to send notifications about String events = UserNotification.EVENTS_EDITUSER; not.setNotificationEvents(events); // The old recipients where always the user not.setNotificationRecipient(UserNotification.RCPT_USER); addUserNotification(not); } } // Support for allowed requests in profile version 9 if (getVersion() < 9) { @SuppressWarnings("unchecked") ArrayList<Integer> numberoffields = (ArrayList<Integer>) data.get(NUMBERARRAY); for (int i = numberoffields.size(); i < dataConstants.size(); i++) { numberoffields.add(Integer.valueOf(0)); } data.put(NUMBERARRAY, numberoffields); addField(ALLOWEDREQUESTS); setValue(ALLOWEDREQUESTS, 0, ""); setRequired(ALLOWEDREQUESTS, 0, false); setUse(ALLOWEDREQUESTS, 0, false); setModifyable(ALLOWEDREQUESTS, 0, true); } // Support for merging DN from WS-API with default values in profile, in profile version 10 if (getVersion() < 10) { setAllowMergeDnWebServices(false); } // Support for issuance revocation status in profile version 11 if (getVersion() < 11) { setRequired(ISSUANCEREVOCATIONREASON, 0, false); setUse(ISSUANCEREVOCATIONREASON, 0, false); setModifyable(ISSUANCEREVOCATIONREASON, 0, true); setValue(ISSUANCEREVOCATIONREASON, 0, "" + RevokedCertInfo.NOT_REVOKED); setRequired(CARDNUMBER, 0, false); setUse(CARDNUMBER, 0, false); setModifyable(CARDNUMBER, 0, true); } // Support for maximum number of failed login attempts in profile version 12 if (getVersion() < 12) { setRequired(MAXFAILEDLOGINS, 0, false); setUse(MAXFAILEDLOGINS, 0, false); setModifyable(MAXFAILEDLOGINS, 0, true); setValue(MAXFAILEDLOGINS, 0, Integer.toString(ExtendedInformation.DEFAULT_MAXLOGINATTEMPTS)); } /* In EJBCA 4.0.0 we changed the date format to ISO 8601. * In the Admin GUI the example was: * DateFormat.getDateTimeInstance(DateFormat.SHORT, DateFormat.SHORT, ejbcawebbean.getLocale()) * but the only absolute format that could have worked is the same enforced by the * doesUserFullfillEndEntityProfile check and this is what need to upgrade from: * DateFormat.getDateTimeInstance(DateFormat.MEDIUM, DateFormat.SHORT, Locale.US) */ if (getVersion() < 13) { final DateFormat oldDateFormat = DateFormat.getDateTimeInstance(DateFormat.MEDIUM, DateFormat.SHORT, Locale.US); final FastDateFormat newDateFormat = FastDateFormat.getInstance("yyyy-MM-dd HH:mm"); try { final String oldStartTime = getValue(STARTTIME, 0); if (!isEmptyOrRelative(oldStartTime)) { // We use an absolute time format, so we need to upgrade final String newStartTime = newDateFormat.format(oldDateFormat.parse(oldStartTime)); setValue(STARTTIME, 0, newStartTime); if (log.isDebugEnabled()) { log.debug("Upgraded " + STARTTIME + " from \"" + oldStartTime + "\" to \"" + newStartTime + "\" in EndEntityProfile."); } } } catch (ParseException e) { log.error("Unable to upgrade " + STARTTIME + " in EndEntityProfile! Manual interaction is required (edit and verify).", e); } try { final String oldEndTime = getValue(ENDTIME, 0); if (!isEmptyOrRelative(oldEndTime)) { // We use an absolute time format, so we need to upgrade final String newEndTime = newDateFormat.format(oldDateFormat.parse(oldEndTime)); setValue(ENDTIME, 0, newEndTime); if (log.isDebugEnabled()) { log.debug("Upgraded " + ENDTIME + " from \"" + oldEndTime + "\" to \"" + newEndTime + "\" in EndEntityProfile."); } } } catch (ParseException e) { log.error("Unable to upgrade " + ENDTIME + " in EndEntityProfile! Manual interaction is required (edit and verify).", e); } } /* * In version 13 we converted some dates to the "yyyy-MM-dd HH:mm" format using default Locale. * These needs to be converted to the same format but should be stored in UTC, so we always know what the times are. */ if (getVersion() < 14) { final String[] timePatterns = { "yyyy-MM-dd HH:mm" }; final String oldStartTime = getValue(STARTTIME, 0); if (!isEmptyOrRelative(oldStartTime)) { try { final String newStartTime = ValidityDate .formatAsUTC(DateUtils.parseDateStrictly(oldStartTime, timePatterns)); setValue(STARTTIME, 0, newStartTime); if (log.isDebugEnabled()) { log.debug("Upgraded " + STARTTIME + " from \"" + oldStartTime + "\" to \"" + newStartTime + "\" in EndEntityProfile."); } } catch (ParseException e) { log.error("Unable to upgrade " + STARTTIME + " to UTC in EndEntityProfile! Manual interaction is required (edit and verify).", e); } } final String oldEndTime = getValue(ENDTIME, 0); if (!isEmptyOrRelative(oldEndTime)) { // We use an absolute time format, so we need to upgrade try { final String newEndTime = ValidityDate .formatAsUTC(DateUtils.parseDateStrictly(oldEndTime, timePatterns)); setValue(ENDTIME, 0, newEndTime); if (log.isDebugEnabled()) { log.debug("Upgraded " + ENDTIME + " from \"" + oldEndTime + "\" to \"" + newEndTime + "\" in EndEntityProfile."); } } catch (ParseException e) { log.error("Unable to upgrade " + ENDTIME + " to UTC in EndEntityProfile! Manual interaction is required (edit and verify).", e); } } } // Finally, update the version stored in the map to the current version data.put(VERSION, new Float(LATEST_VERSION)); } log.trace("<upgrade"); }
From source file:org.ejbca.core.model.ra.raadmin.UserFullfillEndEntityProfileTest.java
/** * Test the profile fulfilling rutines//from w ww . j a v a 2s .com * * @throws Exception error */ @Test public void testfulfillEndEntityProfiles() throws Exception { log.trace(">test01fulfillEndEntityProfiles()"); // Dummy caids final int testca2 = 3; int currentSubTest = 1; { final EndEntityProfile profile = new EndEntityProfile(); // Set so CN=modifyable required, OU0={DEP1_1,DEP1_2} required, OU1={DEP2_1,DEP2_2} required, C=OU1={SE,DK} not required profile.addField(DnComponents.ORGANIZATIONALUNIT); profile.addField(DnComponents.ORGANIZATIONALUNIT); profile.addField(DnComponents.COUNTRY); profile.setRequired(DnComponents.ORGANIZATIONALUNIT, 0, true); profile.setRequired(DnComponents.ORGANIZATIONALUNIT, 1, true); profile.setModifyable(DnComponents.ORGANIZATIONALUNIT, 0, false); profile.setModifyable(DnComponents.ORGANIZATIONALUNIT, 1, false); profile.setModifyable(DnComponents.COUNTRY, 0, false); profile.setValue(DnComponents.ORGANIZATIONALUNIT, 0, "DEP1_1;DEP1_2"); profile.setValue(DnComponents.ORGANIZATIONALUNIT, 1, "DEP2_1;DEP2_2"); profile.setValue(DnComponents.COUNTRY, 0, "SE;DK"); profile.setValue(EndEntityProfile.AVAILCAS, 0, "" + TEST_CA_1); // Test completly erronious DN try { profile.doesUserFullfillEndEntityProfile("username", "password", "blabla", "", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Profile does not check DN at all."); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " " + " = OK"); } // Test correct DN try { profile.doesUserFullfillEndEntityProfile("username", "password", STANDARD_DN, "null", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); log.debug("End Entity Profile Fulfill Test " + (currentSubTest++) + " " + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail(e.getMessage()); } // Test no username even though is required try { profile.doesUserFullfillEndEntityProfile("", "password", STANDARD_DN, "null", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("UserName is not checked even though it's required"); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Profile Fulfill Test " + (currentSubTest++) + " " + e.getMessage() + " = OK"); } // Test no password even though is required try { profile.doesUserFullfillEndEntityProfile("username", "", STANDARD_DN, "null", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Password is not checked even though it's required"); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Profile Test Fulfill " + (currentSubTest++) + " " + e.getMessage() + " = OK"); } // Test with no CN (required) try { profile.doesUserFullfillEndEntityProfile("username", "password", "OU=DEP1_1,OU=DEP2_1,C=SE", "null", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Error Required CN field wasn't checked"); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " " + e.getMessage() + " = OK"); } // Test with only one OU (2 required) try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=DEP2_1,C=SE", "null", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Error Required OU field wasn't checked"); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " " + e.getMessage() + " = OK"); } // Test were second OU have the wrong value (Dep2_1 or Dep2_2) try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=DEP1_1,OU=DEP2_3,C=SE", "null", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Error value of second OU field wasn't checked"); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " " + e.getMessage() + " = OK"); } // Test without C (not required) try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=DEP1_1,OU=DEP2_2", "null", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " " + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail(e.getMessage()); } // Test illegal value of C (SE or DK) try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=DEP1_1,OU=DEP2_2, C=NO", "null", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Inproper check of C value."); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " " + e.getMessage() + " = OK"); } // Add some subject altname fields profile.addField(DnComponents.RFC822NAME); profile.addField(DnComponents.DNSNAME); profile.addField(DnComponents.UPN); profile.addField(DnComponents.IPADDRESS); profile.setRequired(DnComponents.RFC822NAME, 0, true); profile.setRequired(DnComponents.DNSNAME, 0, true); profile.setRequired(DnComponents.UPN, 0, true); profile.setRequired(DnComponents.IPADDRESS, 0, true); profile.setModifyable(DnComponents.RFC822NAME, 0, false); profile.setModifyable(DnComponents.DNSNAME, 0, false); profile.setModifyable(DnComponents.UPN, 0, false); profile.setModifyable(DnComponents.IPADDRESS, 0, true); profile.setValue(DnComponents.RFC822NAME, 0, "test.com"); profile.setValue(DnComponents.DNSNAME, 0, "test.primekey.se"); profile.setValue(DnComponents.UPN, 0, "test.com;primekey.se"); profile.setValue(DnComponents.IPADDRESS, 0, "11.11.1.1"); profile.setRequired(EndEntityProfile.EMAIL, 0, true); profile.setModifyable(EndEntityProfile.EMAIL, 0, false); profile.setValue(EndEntityProfile.EMAIL, 0, "test.com;primekey.se"); // Test completly erronious Alt Name try { profile.doesUserFullfillEndEntityProfile("username", "password", STANDARD_DN, "blabla", "", "test@test.com", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Profile does not check altname at all."); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " " + " = OK"); } // Test correct Alt Name try { profile.doesUserFullfillEndEntityProfile("username", "password", STANDARD_DN, "RFC822NAME=test@test.com, dnsname=test.primekey.se, Upn=test@primekey.se, ipaddress=11.11.1.2", "", "test@test.com", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); log.debug("End Entity Profile Fulfill Test " + (currentSubTest++) + " " + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail(e.getMessage()); } // Test with no RFC822NAME (required) try { profile.doesUserFullfillEndEntityProfile("username", "password", STANDARD_DN, "dnsname=test.primekey.se, Upn=test@primekey.se, ipaddress=11.11.1.2", "", "test@test.com", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Error Required RFC822NAME field wasn't checked"); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " " + e.getMessage() + " = OK"); } // Test with one RFC822NAME to many try { profile.doesUserFullfillEndEntityProfile("username", "password", STANDARD_DN, "rfc822name=test@test.com, rfc822name=test@primekey.se, dnsname=test.primekey.se, Upn=test@primekey.se, ipaddress=11.11.1.2", "", "test@test.com", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("To many RFC822 names fields wasn't checked"); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " " + e.getMessage() + " = OK"); } // Test that only domain is checked for RFC822name and UPN try { profile.doesUserFullfillEndEntityProfile("username", "password", STANDARD_DN, "rfc822name=test@test.com, dnsname=test.primekey.se, Upn=test12@primekey.se, ipaddress=11.11.1.2", "", "test@test.com", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail("Not only domains of RFC822NAME and UPN where checked: " + e.getMessage()); } // Test were DNS have illegal value try { profile.doesUserFullfillEndEntityProfile("username", "password", STANDARD_DN, "rfc822name=test@test.com, dnsname=test2.primekey.se, Upn=test12@primekey.se, ipaddress=11.11.1.2", "", "test@test.com", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Error value of DNS not checked."); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " " + e.getMessage() + " = OK"); } // Test without IPADDRESS (required) try { profile.doesUserFullfillEndEntityProfile("username", "password", STANDARD_DN, "rfc822name=test@test.com, dnsname=test.primekey.se, Upn=test12@primekey.se", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Error not checking number of IPADDRESS properly."); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " " + " = OK"); } // Test without email field (required) 1 try { profile.doesUserFullfillEndEntityProfile("username", "password", STANDARD_DN, "rfc822name=test@test.com, dnsname=test.primekey.se, Upn=test12@primekey.se, ipaddress=11.11.1.1", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Inproper check of email field."); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " " + e.getMessage() + " = OK"); } // Test without email field (required) 2 try { profile.doesUserFullfillEndEntityProfile("username", "password", STANDARD_DN, "rfc822name=test@test.com, dnsname=test.primekey.se, Upn=test12@primekey.se, ipaddress=11.11.1.1", "", "null", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Inproper check of email field."); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " " + e.getMessage() + " = OK"); } // Test without email field (required) 3 try { profile.doesUserFullfillEndEntityProfile("username", "password", STANDARD_DN, "rfc822name=test@test.com, dnsname=test.primekey.se, Upn=test12@primekey.se,ipaddress=11.11.1.1", "", null, CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Inproper check of email field."); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " " + e.getMessage() + " = OK"); } // Test illegal value of email field (test.com or primekey.se) 1 try { profile.doesUserFullfillEndEntityProfile("username", "password", STANDARD_DN, "rfc822name=test11@test1.com, dnsname=test.primekey.se, Upn=test12@primekey.se,ipaddress=11.11.1.1", "", "test11@test1.com", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Inproper check of email field values."); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " " + e.getMessage() + " = OK"); } profile.setValue(EndEntityProfile.AVAILCERTPROFILES, 0, CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER + ";" + CertificateProfileConstants.CERTPROFILE_FIXED_SUBCA); // Test illegal value of Certificate Profile try { profile.doesUserFullfillEndEntityProfile("username", "password", STANDARD_DN, "rfc822name=test11@test.com, dnsname=test.primekey.se, Upn=test12@primekey.se,ipaddress=11.11.1.1", "", "test11@test.com", CertificateProfileConstants.CERTPROFILE_FIXED_ROOTCA, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Inproper check of certificate profile values."); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " " + e.getMessage() + " = OK"); } // Test Wrong CA try { profile.doesUserFullfillEndEntityProfile("username", "password", STANDARD_DN, "rfc822name=test11@test.com, dnsname=test.primekey.se, Upn=test12@primekey.se,ipaddress=11.11.1.1", "", "test11@test.com", CertificateProfileConstants.CERTPROFILE_FIXED_SUBCA, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca2, null); fail("Inproper check of available ca's."); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " " + e.getMessage() + " = OK"); } // Test with a mix of several rfc822name fields //profile.addField(DnComponents.RFC822NAME); already set profile.addField(DnComponents.RFC822NAME); profile.addField(DnComponents.RFC822NAME); profile.addField(DnComponents.RFC822NAME); //profile.setRequired(DnComponents.RFC822NAME,0,true); already set profile.setRequired(DnComponents.RFC822NAME, 1, false); profile.setRequired(DnComponents.RFC822NAME, 2, true); profile.setRequired(DnComponents.RFC822NAME, 3, true); //profile.setUse(DnComponents.RFC822NAME, 0, true); already set profile.setUse(DnComponents.RFC822NAME, 1, false); profile.setUse(DnComponents.RFC822NAME, 2, false); profile.setUse(DnComponents.RFC822NAME, 3, false); //profile.setModifyable(DnComponents.RFC822NAME,0,false); already set profile.setModifyable(DnComponents.RFC822NAME, 1, true); profile.setModifyable(DnComponents.RFC822NAME, 2, false); profile.setModifyable(DnComponents.RFC822NAME, 3, true); //profile.setValue(DnComponents.RFC822NAME,0,"test.com"); not used profile.setValue(DnComponents.RFC822NAME, 1, "foobar.com"); profile.setValue(DnComponents.RFC822NAME, 2, "test@somefoo.com"); profile.setValue(DnComponents.RFC822NAME, 3, "somebar.com"); // Make sure normal usage works /* * Normal usage test moved down to testProfileWithRfc822Name() */ // Test missing required rfc822name field try { profile.doesUserFullfillEndEntityProfile("username", "password", STANDARD_DN, "rfc822name=test@test.com, rfc822name=test@somefoo.com, " + "dnsname=test.primekey.se, Upn=test12@primekey.se, ipaddress=11.11.1.2", "", "test@test.com", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Did not notice missing RFC822Name."); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK (" + e.getMessage() + ")"); } // Try non-existing required "use end entity e-mail" try { profile.doesUserFullfillEndEntityProfile("username", "password", STANDARD_DN, "rfc822name=test@nodomain.com, rfc822name=test@anything.com, rfc822name=test@somefoo.com, " + "dnsname=test.primekey.se, Upn=test12@primekey.se, ipaddress=11.11.1.2", "", "test@test.com", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Did not check RFC822Name against e-mail field."); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK (" + e.getMessage() + ")"); } // Try to ignore a required non-modifyable domain try { profile.doesUserFullfillEndEntityProfile("username", "password", STANDARD_DN, "rfc822name=test@test.com, rfc822name=test@anything.com, rfc822name=test@somebar.com, " + "dnsname=test.primekey.se, Upn=test12@primekey.se, ipaddress=11.11.1.2", "", "test@test.com", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Did not check RFC822Name against profile."); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK (" + e.getMessage() + ")"); } // Use same as required non-mod field in non-req field try { profile.doesUserFullfillEndEntityProfile("username", "password", STANDARD_DN, "rfc822name=test@test.com, rfc822name=test@anything.com, rfc822name=test@somefoo.com, rfc822name=test@somefoo.com, " + "dnsname=test.primekey.se, Upn=test12@primekey.se, ipaddress=11.11.1.2", "", "test@test.com", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail("Did not check RFC822Name against profile." + e.getMessage()); } } {// New profile final EndEntityProfile profile = new EndEntityProfile(); // Set so CN=modifyable required, OU0={DEP1_1,DEP1_2} required, OU1={DEP2_1,DEP2_2} required, OU3=Optional, C=O{SE,DK} not required profile.addField(DnComponents.ORGANIZATIONALUNIT); profile.addField(DnComponents.ORGANIZATIONALUNIT); profile.addField(DnComponents.ORGANIZATIONALUNIT); profile.addField(DnComponents.ORGANIZATIONALUNIT); profile.addField(DnComponents.ORGANIZATIONALUNIT); profile.addField(DnComponents.COUNTRY); profile.setRequired(DnComponents.ORGANIZATIONALUNIT, 0, false); profile.setRequired(DnComponents.ORGANIZATIONALUNIT, 1, true); profile.setRequired(DnComponents.ORGANIZATIONALUNIT, 2, false); profile.setRequired(DnComponents.ORGANIZATIONALUNIT, 3, true); profile.setRequired(DnComponents.ORGANIZATIONALUNIT, 4, false); profile.setModifyable(DnComponents.ORGANIZATIONALUNIT, 1, false); profile.setModifyable(DnComponents.ORGANIZATIONALUNIT, 3, false); profile.setModifyable(DnComponents.ORGANIZATIONALUNIT, 4, true); profile.setModifyable(DnComponents.COUNTRY, 0, false); profile.setValue(DnComponents.ORGANIZATIONALUNIT, 1, "DEP1_1;DEP1_2"); profile.setValue(DnComponents.ORGANIZATIONALUNIT, 3, "DEP2_1;DEP2_2"); profile.setValue(DnComponents.ORGANIZATIONALUNIT, 4, "DEP3_1;DEP3_2"); profile.setValue(DnComponents.COUNTRY, 0, "SE;DK"); profile.setValue(EndEntityProfile.AVAILCAS, 0, "" + TEST_CA_1); // Test with two OU (2 required) try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=,OU=DEP1_1,OU=,OU=DEP2_2,C=SE", "null", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail("Error Required OU fields wasn't checked propertly: " + e.getMessage()); } // Test with tree OU (2 required) try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=,OU=DEP1_1,OU=,OU=DEP2_2,OU=DEP3_3,C=SE", "null", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail("Error Required OU fields wasn't checked propertly: " + e.getMessage()); } profile.setModifyable(DnComponents.ORGANIZATIONALUNIT, 4, false); // Test with tree OU (2 required) try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=,OU=DEP1_1,OU=,OU=DEP2_2,OU=DEP3_1,C=SE", "null", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail("Error Required OU fields wasn't checked propertly: " + e.getMessage()); } // Test with tree OU (2 required) try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=,OU=DEP1_1,OU=,OU=DEP2_2,OU=DEP3_3,C=SE", "null", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Error Required OU fields wasn't checked propertly"); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } } { // Test Reverse Checks // New profile final EndEntityProfile profile = new EndEntityProfile(); profile.setReverseFieldChecks(true); // Set so CN=modifyable required, OU0=Modifyable not required, OU1=Modifyable not required, OU3=required {hard,soft}, C=O{SE,DK} not required profile.addField(DnComponents.ORGANIZATIONALUNIT); profile.addField(DnComponents.ORGANIZATIONALUNIT); profile.addField(DnComponents.ORGANIZATIONALUNIT); profile.addField(DnComponents.COUNTRY); profile.setRequired(DnComponents.ORGANIZATIONALUNIT, 0, false); profile.setRequired(DnComponents.ORGANIZATIONALUNIT, 1, false); profile.setRequired(DnComponents.ORGANIZATIONALUNIT, 2, true); profile.setModifyable(DnComponents.ORGANIZATIONALUNIT, 0, true); profile.setModifyable(DnComponents.ORGANIZATIONALUNIT, 1, true); profile.setModifyable(DnComponents.ORGANIZATIONALUNIT, 2, false); profile.setModifyable(DnComponents.COUNTRY, 0, false); profile.setValue(DnComponents.ORGANIZATIONALUNIT, 0, ""); profile.setValue(DnComponents.ORGANIZATIONALUNIT, 1, ""); profile.setValue(DnComponents.ORGANIZATIONALUNIT, 2, "HARD;SOFT"); profile.setValue(DnComponents.COUNTRY, 0, "SE;DK"); profile.setValue(EndEntityProfile.AVAILCAS, 0, "" + TEST_CA_1); // Test with one OU (1 required) try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=HARD,C=SE", "null", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail("Error Reverse OU fields wasn't checked propertly: " + e.getMessage()); } // Test with two OU (1 required) try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=DEP2_1,OU=HARD,C=SE", "null", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail("Error Reverse OU fields wasn't checked propertly: " + e.getMessage()); } // Test with three OU (1 required) try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=DEP1_1,OU=DEP2_1,OU=HARD,C=SE", "null", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail("Error Reverse OU fields wasn't checked propertly: " + e.getMessage()); } // Test with four OU (3 allowed) try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=DEP0_1,OU=DEP1_1,OU=DEP2_1,OU=HARD,C=SE", "null", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Error Reverse OU fields wasn't checked propertly"); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } // Test with wrong data in nonmodifiable field try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=DEP1_1,OU=DEP2_1,OU=HARD2,C=SE", "null", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Error Reverse OU fields wasn't checked propertly"); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } // Test that the right data is checked when a lesser number of field is used try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=HARD,C=SE", "null", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail("Error Reverse OU fields wasn't checked propertly: " + e.getMessage()); } // Test with wrong data in nonmodifiable field when having only one ou try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=HARD2,C=SE", "null", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Error Reverse OU fields wasn't checked propertly"); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } // Test with no ou try { profile.doesUserFullfillEndEntityProfile("username", "passworCerd", "CN=John Smith,C=SE", "null", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Error Reverse OU fields wasn't checked propertly"); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } // Test Reverse checks of subject alt names // Set so CN=modifyable required, OU=Modifyable not required, OU1=Modifyable not required, OU3=required {hard,soft}, C=O{SE,DK} not required profile.addField(DnComponents.IPADDRESS); profile.addField(DnComponents.IPADDRESS); profile.addField(DnComponents.IPADDRESS); profile.addField(DnComponents.DNSNAME); profile.setRequired(DnComponents.IPADDRESS, 0, false); profile.setRequired(DnComponents.IPADDRESS, 1, false); profile.setRequired(DnComponents.IPADDRESS, 2, true); profile.setModifyable(DnComponents.IPADDRESS, 0, true); profile.setModifyable(DnComponents.IPADDRESS, 1, true); profile.setModifyable(DnComponents.IPADDRESS, 2, false); profile.setModifyable(DnComponents.DNSNAME, 0, false); profile.setValue(DnComponents.IPADDRESS, 0, ""); profile.setValue(DnComponents.IPADDRESS, 1, ""); profile.setValue(DnComponents.IPADDRESS, 2, "10.1.1.1;10.2.2.2"); profile.setValue(DnComponents.DNSNAME, 0, "test1.se;test2.se"); // Test with one IPAddress (1 required) try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=HARD,C=SE", "dnsname=test1.se,ipaddress=10.1.1.1", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail("Error Reverse IPADDRESS fields wasn't checked propertly: " + e.getMessage()); } // Test with two IPAddress (1 required) try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=DEP2_1,OU=HARD,C=SE", "dnsname=test1.se,ipaddress=11.1.1.1,ipaddress=10.1.1.1", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail("Error Reverse IPADDRESS fields wasn't checked propertly: " + e.getMessage()); } // Test with three IPAddress (1 required) try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=DEP1_1,OU=DEP2_1,OU=HARD,C=SE", "dnsname=test1.se,ipaddress=12.1.1.1,ipaddress=11.1.1.1,ipaddress=10.1.1.1", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail("Error Reverse IPADDRESS fields wasn't checked propertly: " + e.getMessage()); } // Test with four IPAddress (3 allowed) try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=DEP0_1,OU=DEP1_1,OU=DEP2_1,OU=HARD,C=SE", "dnsname=test1.se,ipaddress=12.1.1.1,ipaddress=12.1.1.1,ipaddress=11.1.1.1,ipaddress=10.1.1.1", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Error Reverse IPADDRESS fields wasn't checked propertly"); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } // Test with wrong data in nonmodifiable field try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=DEP1_1,OU=DEP2_1,OU=HARD2,C=SE", "dnsname=test1.se,ipaddress=12.1.1.1,ipaddress=11.1.1.1,ipaddress=10.1.1.2", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Error Reverse IPADDRESS fields wasn't checked propertly"); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } // Test that the right data is checked when a lesser number of field is used try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=HARD,C=SE", "dnsname=test1.se,ipaddress=10.1.1.1", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail("Error Reverse IPADDRESS fields wasn't checked propertly: " + e.getMessage()); } // Test with wrong data in nonmodifiable field when having only one ou try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=HARD2,C=SE", "dnsname=test1.se,ipaddress=11.1.1.1", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Error Reverse IPADDRESS fields wasn't checked propertly"); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } // Test with no ou try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,C=SE", "dnsname=test1.se", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Error Reverse IPADDRESS fields wasn't checked propertly"); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } // Test adding required fields for Subject Directory Attributes // Set so CN=modifyable required, OU=Modifyable not required, OU1=Modifyable not required, OU3=required {hard,soft}, C=O{SE,DK} not required profile.addField(DnComponents.DATEOFBIRTH); profile.addField(DnComponents.PLACEOFBIRTH); profile.addField(DnComponents.GENDER); profile.addField(DnComponents.COUNTRYOFCITIZENSHIP); profile.addField(DnComponents.COUNTRYOFRESIDENCE); profile.setRequired(DnComponents.DATEOFBIRTH, 0, false); profile.setRequired(DnComponents.PLACEOFBIRTH, 0, false); profile.setRequired(DnComponents.GENDER, 0, false); profile.setRequired(DnComponents.COUNTRYOFCITIZENSHIP, 0, false); profile.setRequired(DnComponents.COUNTRYOFRESIDENCE, 0, false); profile.setModifyable(DnComponents.DATEOFBIRTH, 0, true); profile.setModifyable(DnComponents.PLACEOFBIRTH, 0, true); profile.setModifyable(DnComponents.GENDER, 0, true); profile.setModifyable(DnComponents.COUNTRYOFCITIZENSHIP, 0, true); profile.setModifyable(DnComponents.COUNTRYOFRESIDENCE, 0, false); profile.setValue(DnComponents.DATEOFBIRTH, 0, ""); profile.setValue(DnComponents.PLACEOFBIRTH, 0, ""); profile.setValue(DnComponents.GENDER, 0, ""); profile.setValue(DnComponents.COUNTRYOFCITIZENSHIP, 0, ""); profile.setValue(DnComponents.COUNTRYOFRESIDENCE, 0, "SE"); try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=HARD,C=SE", "dnsname=test1.se,ipaddress=10.1.1.1", "CountryOfCitizenship=FOO", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Error CountryOfCitizenship wasn't checked propertly"); } catch (UserDoesntFullfillEndEntityProfile e) { assertEquals("Invalid COUNTRYOFCITIZENSHIP. Must be of length two.", e.getMessage()); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=HARD,C=SE", "dnsname=test1.se,ipaddress=10.1.1.1", "CountryOfCitizenship=SE, CountryOfResidence=Foo", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Error CountryOfCitizenship wasn't checked propertly"); } catch (UserDoesntFullfillEndEntityProfile e) { assertEquals("Invalid COUNTRYOFRESIDENCE. Must be of length two.", e.getMessage()); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=HARD,C=SE", "dnsname=test1.se,ipaddress=10.1.1.1", "CountryOfCitizenship=SE, CountryOfResidence=TR", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Error CountryOfCitizenship wasn't checked propertly"); } catch (UserDoesntFullfillEndEntityProfile e) { assertEquals("Field COUNTRYOFRESIDENCE data didn't match requirement of end entity profile.", e.getMessage()); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=HARD,C=SE", "dnsname=test1.se,ipaddress=10.1.1.1", "CountryOfCitizenship=SE, CountryOfResidence=SE, Gender=M, PlaceOfBirth=Stockholm", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail("Error Subject Dir Attributes wasn't checked propertly"); } try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=HARD,C=SE", "dnsname=test1.se,ipaddress=10.1.1.1", "DateOfBirth=189901, CountryOfCitizenship=SE, CountryOfResidence=SE", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Error DateOfBirth wasn't checked propertly"); } catch (UserDoesntFullfillEndEntityProfile e) { assertEquals("Invalid DATEOFBIRTH. Must be of length eight.", e.getMessage()); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=HARD,C=SE", "dnsname=test1.se,ipaddress=10.1.1.1", "DateOfBirth=189901AA, CountryOfCitizenship=SE, CountryOfResidence=SE", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Error DateOfBirth wasn't checked propertly"); } catch (UserDoesntFullfillEndEntityProfile e) { assertEquals("Invalid DATEOFBIRTH. Must be only numbers.", e.getMessage()); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=HARD,C=SE", "dnsname=test1.se,ipaddress=10.1.1.1", "DateOfBirth=18990101, CountryOfCitizenship=SE, CountryOfResidence=SE", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail("Error DateOfBirth wasn't checked propertly"); } } { // Test time constraints final EndEntityProfile profile = new EndEntityProfile(); Date now = new Date(); Date endOfTime = new Date(Long.MAX_VALUE); FastDateFormat sm = FastDateFormat.getInstance("yyyy-MM-dd HH:mm"); String staticNow = sm.format(now); String relativeNow = "0:00:00"; String staticEndOfTime = sm.format(endOfTime); String relativeEndOfTime = "33000:00:00"; // ~100 years String staticInvalid = "XXXX-XX-XX XX:XX PM"; String relativeInvalid = "XXXXX:XXX:XXX"; String relativeNegative = "-10:00:00"; ExtendedInformation ei = new ExtendedInformation(); // Use empty, should fail profile.setValue(EndEntityProfile.AVAILCAS, 0, "" + TEST_CA_1); profile.setUse(EndEntityProfile.STARTTIME, 0, true); profile.setUse(EndEntityProfile.ENDTIME, 0, false); profile.setValue(EndEntityProfile.STARTTIME, 0, ""); profile.setValue(EndEntityProfile.ENDTIME, 0, ""); ei.setCustomData(ExtendedInformation.CUSTOM_STARTTIME, ""); try { // Custom starttime can be empty or null profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith", "", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, ei); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail("Error: Empty start time was not checked correctly."); } profile.setUse(EndEntityProfile.STARTTIME, 0, false); profile.setUse(EndEntityProfile.ENDTIME, 0, true); ei.setCustomData(ExtendedInformation.CUSTOM_ENDTIME, ""); try { // Custom endtime can be empty or null profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith", "", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, ei); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail("Error: Empty end time was not checked correctly."); } // Static times work? profile.setUse(EndEntityProfile.STARTTIME, 0, true); profile.setUse(EndEntityProfile.ENDTIME, 0, true); ei.setCustomData(ExtendedInformation.CUSTOM_STARTTIME, staticNow); ei.setCustomData(ExtendedInformation.CUSTOM_ENDTIME, staticEndOfTime); try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith", "", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, ei); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail("Error: Static times does not work. (" + e.getMessage() + ")"); } // Relative times work? ei.setCustomData(ExtendedInformation.CUSTOM_STARTTIME, relativeNow); ei.setCustomData(ExtendedInformation.CUSTOM_ENDTIME, relativeEndOfTime); try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith", "", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, ei); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail("Error: Relative times does not work."); } // Static start, rel end work? ei.setCustomData(ExtendedInformation.CUSTOM_STARTTIME, staticNow); ei.setCustomData(ExtendedInformation.CUSTOM_ENDTIME, relativeEndOfTime); try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith", "", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, ei); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail("Error: Static start time w relative end time does not work."); } // Rel start, static end work? ei.setCustomData(ExtendedInformation.CUSTOM_STARTTIME, relativeNow); ei.setCustomData(ExtendedInformation.CUSTOM_ENDTIME, staticEndOfTime); try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith", "", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, ei); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail("Error: Relative start time w static end time does not work."); } // Negative relative start times work? ei.setCustomData(ExtendedInformation.CUSTOM_STARTTIME, relativeNegative); ei.setCustomData(ExtendedInformation.CUSTOM_ENDTIME, staticEndOfTime); try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith", "", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, ei); fail("Error: Possible to use negative start time."); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } // Negative relative end times work? ei.setCustomData(ExtendedInformation.CUSTOM_STARTTIME, staticNow); ei.setCustomData(ExtendedInformation.CUSTOM_ENDTIME, relativeNegative); try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith", "", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, ei); fail("Error: Possible to use negative end time."); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } // Static end before start ok? ei.setCustomData(ExtendedInformation.CUSTOM_STARTTIME, staticEndOfTime); ei.setCustomData(ExtendedInformation.CUSTOM_ENDTIME, staticNow); try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith", "", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, ei); fail("Error: Static end time before static start time allowed."); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } // Relative end before start ok? ei.setCustomData(ExtendedInformation.CUSTOM_STARTTIME, relativeEndOfTime); ei.setCustomData(ExtendedInformation.CUSTOM_ENDTIME, relativeNow); try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith", "", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, ei); fail("Error: Relative end time before relative start time allowed."); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } // Invalid static start ok? ei.setCustomData(ExtendedInformation.CUSTOM_STARTTIME, staticInvalid); ei.setCustomData(ExtendedInformation.CUSTOM_ENDTIME, staticEndOfTime); try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith", "", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, ei); fail("Error: Invalid static start time allowed."); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } // Invalid static end ok? ei.setCustomData(ExtendedInformation.CUSTOM_STARTTIME, staticNow); ei.setCustomData(ExtendedInformation.CUSTOM_ENDTIME, staticInvalid); try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith", "", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, ei); fail("Error: Invalid static start time allowed."); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } // Invalid relative start ok? ei.setCustomData(ExtendedInformation.CUSTOM_STARTTIME, relativeInvalid); ei.setCustomData(ExtendedInformation.CUSTOM_ENDTIME, staticEndOfTime); try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith", "", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, ei); fail("Error: Invalid relative start time allowed."); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } // Invalid relative end ok? ei.setCustomData(ExtendedInformation.CUSTOM_STARTTIME, relativeNow); ei.setCustomData(ExtendedInformation.CUSTOM_ENDTIME, staticInvalid); try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith", "", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, ei); fail("Error: Invalid relative start time allowed."); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } // Is this Java-version parsing dates correctly? long magicDateTime = 1181040300000L; // "12:45 PM" in US Locale String value1 = DateFormat.getDateTimeInstance(DateFormat.SHORT, DateFormat.SHORT, Locale.US) .format(new Date(magicDateTime)); String value2 = DateFormat.getDateTimeInstance(DateFormat.MEDIUM, DateFormat.SHORT, Locale.US).format( DateFormat.getDateTimeInstance(DateFormat.SHORT, DateFormat.SHORT, Locale.US).parse(value1)); long magicDateTime2 = DateFormat.getDateTimeInstance(DateFormat.MEDIUM, DateFormat.SHORT, Locale.US) .parse(value2).getTime(); if (magicDateTime != magicDateTime2) { fail("Error: Java does not parse dates correctly. " + magicDateTime + " " + magicDateTime2 + " " + value1 + " " + value2); } } { // Test allow multiple requests final EndEntityProfile profile = new EndEntityProfile(); final ExtendedInformation ei = new ExtendedInformation(); // Use empty, should fail profile.setValue(EndEntityProfile.AVAILCAS, 0, "" + TEST_CA_1); profile.setUse(EndEntityProfile.ALLOWEDREQUESTS, 0, false); try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith", "", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, ei); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail("Error: Allowedrequests not checked correctly, should be allowed."); } ei.setCustomData(ExtendedInformationFields.CUSTOM_REQUESTCOUNTER, "2"); try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith", "", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, ei); fail("Error: Allowed requests was not checked correctly, should not be allowed."); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } profile.setUse(EndEntityProfile.ALLOWEDREQUESTS, 0, true); try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith", "", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, ei); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail("Error: Allowedrequests not checked correctly, should be allowed."); } } { // New profile final EndEntityProfile profile = new EndEntityProfile(); // Set so maxFailedLogins=non-modifyable required profile.addField(EndEntityProfile.MAXFAILEDLOGINS); profile.setUse(EndEntityProfile.MAXFAILEDLOGINS, 0, true); profile.setRequired(EndEntityProfile.MAXFAILEDLOGINS, 0, true); profile.setModifyable(EndEntityProfile.MAXFAILEDLOGINS, 0, false); profile.setValue(EndEntityProfile.MAXFAILEDLOGINS, 0, "7"); profile.setValue(EndEntityProfile.AVAILCAS, 0, "" + TEST_CA_1); try { final ExtendedInformation ei = new ExtendedInformation(); ei.setMaxLoginAttempts(1234); profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith", "", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, ei); fail("Error: maxFailedLogins was not checked correctly, should not be allowed."); } catch (UserDoesntFullfillEndEntityProfile e) { // OK } try { final ExtendedInformation ei = new ExtendedInformation(); ei.setMaxLoginAttempts(7); profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith", "", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, ei); } catch (UserDoesntFullfillEndEntityProfile e) { log.error(e.getMessage(), e); fail("Error: maxFailedLogins was not checked correctly, should be allowed."); } log.trace("<test01fulfillEndEntityProfiles()"); } }
From source file:org.ejbca.util.cert.SubjectDirAttrExtension.java
/** * SubjectDirectoryAttributes ::= SEQUENCE SIZE (1..MAX) OF Attribute * * Attribute ::= SEQUENCE {//from ww w .j av a 2 s.c o m * type AttributeType, * values SET OF AttributeValue } * -- at least one value is required * * AttributeType ::= OBJECT IDENTIFIER * AttributeValue ::= ANY * * SubjectDirectoryAttributes is of form * dateOfBirth=<19590927>, placeOfBirth=<string>, gender=<M/F>, countryOfCitizenship=<two letter ISO3166>, countryOfResidence=<two letter ISO3166> * * Supported subjectDirectoryAttributes are the ones above * * @param certificate containing subject directory attributes * @return String containing directoryAttributes of form the form specified above or null if no directoryAttributes exist. * Values in returned String is from CertTools constants. * DirectoryAttributes not supported are simply not shown in the resulting string. * @throws java.lang.Exception */ public static String getSubjectDirectoryAttributes(Certificate certificate) throws Exception { log.debug("Search for SubjectAltName"); String result = ""; if (certificate instanceof X509Certificate) { X509Certificate x509cert = (X509Certificate) certificate; DERObject obj = CertTools.getExtensionValue(x509cert, X509Extensions.SubjectDirectoryAttributes.getId()); if (obj == null) { return null; } ASN1Sequence seq = (ASN1Sequence) obj; String prefix = ""; FastDateFormat dateF = FastDateFormat.getInstance("yyyyMMdd"); for (int i = 0; i < seq.size(); i++) { Attribute attr = Attribute.getInstance(seq.getObjectAt(i)); if (!StringUtils.isEmpty(result)) { prefix = ", "; } if (attr.getAttrType().getId().equals(id_pda_dateOfBirth)) { ASN1Set set = attr.getAttrValues(); // Come on, we'll only allow one dateOfBirth, we're not allowing such frauds with multiple birth dates DERGeneralizedTime time = DERGeneralizedTime.getInstance(set.getObjectAt(0)); Date date = time.getDate(); String dateStr = dateF.format(date); result += prefix + "dateOfBirth=" + dateStr; } if (attr.getAttrType().getId().equals(id_pda_placeOfBirth)) { ASN1Set set = attr.getAttrValues(); // same here only one placeOfBirth String pb = ((DERString) set.getObjectAt(0)).getString(); result += prefix + "placeOfBirth=" + pb; } if (attr.getAttrType().getId().equals(id_pda_gender)) { ASN1Set set = attr.getAttrValues(); // same here only one gender String g = ((DERString) set.getObjectAt(0)).getString(); result += prefix + "gender=" + g; } if (attr.getAttrType().getId().equals(id_pda_countryOfCitizenship)) { ASN1Set set = attr.getAttrValues(); // same here only one citizenship String g = ((DERString) set.getObjectAt(0)).getString(); result += prefix + "countryOfCitizenship=" + g; } if (attr.getAttrType().getId().equals(id_pda_countryOfResidence)) { ASN1Set set = attr.getAttrValues(); // same here only one residence String g = ((DERString) set.getObjectAt(0)).getString(); result += prefix + "countryOfResidence=" + g; } } } if (StringUtils.isEmpty(result)) { return null; } return result; }
From source file:org.ejbca.util.PatternLogger.java
/** * @param m A matcher that is used together with orderstring to determine how output is formatted * @param orderString A string that matches the pattern in m and specifies the order in which values are logged by the logger * @param logger A log4j Logger that is used for output * @param logDateFormat A string that specifies how the log-time is formatted * @param timeZone/* ww w. j a va2 s . com*/ */ public PatternLogger(Matcher m, String orderString, Logger logger, String logDateFormat, String timeZone) { this.m = m; this.orderString = orderString; this.logger = logger; this.startTime = new Date(); final FastDateFormat dateformat; if (timeZone == null) { dateformat = FastDateFormat.getInstance(logDateFormat); } else { dateformat = FastDateFormat.getInstance(logDateFormat, TimeZone.getTimeZone(timeZone)); } paramPut(LOG_TIME, dateformat.format(new Date())); this.paramPut(REPLY_TIME, REPLY_TIME); this.paramPut(LOG_ID, "0"); }
From source file:org.jasig.portlet.calendar.util.AllDayUtil.java
/** * Determine if a given event is an "all-day" event in the specified * time zone.// www .j a va 2 s .c o m * * @param event * @param timezone * @return <code>true</code> for all-day events, <code>false</code> otherwise */ public static boolean isAllDayEvent(Date startDate, Date endDate, TimeZone timezone) { /** * Get a DateFormat instance for the current user's time zone from the * cache. If none exists, create a new one and add it to the cache */ FastDateFormat df; if (dateFormatCache.contains(timezone)) { df = dateFormatCache.get(timezone); } else { df = FastDateFormat.getInstance(TIME_FORMAT, timezone); dateFormatCache.put(timezone, df); } /** * Check if this event starts at 12:00:00 AM in the user's time zone. * We currently convert the event start date to a short string that encodes * the hour, minute, and second in the indicated timezone, then compare * that to the expected string. */ String start = df.format(startDate); if (!EXPECTED_TIME.equals(start)) { return false; } /** * Check if the event ends at 12:00:00 AM the next day and if the duration * of the event suggests the end date is midnight one day after the start * date. * * Note: We've elected to use this approach rather than simply checking * the length of the event against exactly 24 hours to handle potential * complications like daylight savings time changes and leap seconds. */ if (endDate == null) { return true; } // check the end time of the event String end = df.format(endDate); if (!EXPECTED_TIME.equals(end)) { return true; } // get the duration of this event in milliseconds long duration = endDate.getTime() - startDate.getTime(); // check the duration against our max and min fields if (duration < MIN_DAY || duration > MAX_DAY) { return false; } // if the tests above passed, return true return true; }