1 package club.wpia.gigi;
3 import static org.junit.Assert.*;
5 import java.io.IOException;
6 import java.net.HttpURLConnection;
8 import java.security.GeneralSecurityException;
9 import java.security.KeyPair;
10 import java.security.PrivateKey;
11 import java.security.cert.X509Certificate;
12 import java.sql.SQLException;
14 import org.junit.Test;
16 import club.wpia.gigi.dbObjects.Certificate;
17 import club.wpia.gigi.dbObjects.Certificate.CSRType;
18 import club.wpia.gigi.dbObjects.Digest;
19 import club.wpia.gigi.dbObjects.Job;
20 import club.wpia.gigi.dbObjects.User;
21 import club.wpia.gigi.testUtils.ManagedTest;
23 public class TestSeparateSessionScope extends ManagedTest {
26 public void testSeparateScope() throws IOException, GeneralSecurityException, SQLException, InterruptedException, GigiApiException {
27 String mail = "thisgo" + createUniqueName() + "@example.com";
28 int user = createVerificationUser("test", "tugo", mail, TEST_PASSWORD);
29 String cookie = login(mail, TEST_PASSWORD);
30 KeyPair kp = generateKeypair();
31 String csr = generatePEMCSR(kp, "CN=hans");
32 User u = User.getById(user);
33 Certificate c = new Certificate(u, u, Certificate.buildDN("CN", "hans"), Digest.SHA256, csr, CSRType.CSR, getClientProfile());
34 final PrivateKey pk = kp.getPrivate();
35 await(c.issue(null, "2y", u));
36 final X509Certificate ce = c.cert();
37 c.setLoginEnabled(true);
38 String scookie = login(pk, ce);
40 assertTrue(isLoggedin(cookie));
41 assertFalse(isLoggedin(scookie));
43 checkCertLogin(c, pk, scookie, 200);
44 checkCertLogin(c, pk, cookie, 302);
48 public void testSerialSteal() throws IOException, GeneralSecurityException, SQLException, InterruptedException, GigiApiException {
49 String mail = "thisgo" + createUniqueName() + "@example.com";
50 int user = createVerificationUser("test", "tugo", mail, TEST_PASSWORD);
51 KeyPair kp = generateKeypair();
52 String csr = generatePEMCSR(kp, "CN=hans");
53 User u = User.getById(user);
54 Certificate c = new Certificate(u, u, Certificate.buildDN("CN", "hans"), Digest.SHA256, csr, CSRType.CSR, getClientProfile());
55 Certificate c2 = new Certificate(u, u, Certificate.buildDN("CN", "hans"), Digest.SHA256, csr, CSRType.CSR, getClientProfile());
56 final PrivateKey pk = kp.getPrivate();
57 Job j1 = c.issue(null, "2y", u);
58 await(c2.issue(null, "2y", u));
60 final X509Certificate ce = c.cert();
61 c.setLoginEnabled(true);
62 String scookie = login(pk, ce);
64 checkCertLogin(c, pk, scookie, 200);
65 checkCertLogin(c2, pk, scookie, 403);
66 checkCertLogin(c, pk, scookie, 302);
70 private void checkCertLogin(Certificate c2, final PrivateKey pk, String scookie, int expected) throws IOException, GeneralSecurityException, GigiApiException {
71 URL u = new URL("https://" + getSecureServerName() + SECURE_REFERENCE);
72 HttpURLConnection huc = (HttpURLConnection) u.openConnection();
73 authenticateClientCert(pk, c2.cert(), huc);
74 huc.setRequestProperty("Cookie", scookie);
75 assertEquals(expected, huc.getResponseCode());