1 package org.cacert.gigi;
3 import static org.junit.Assert.*;
5 import java.io.IOException;
6 import java.net.HttpURLConnection;
8 import java.security.GeneralSecurityException;
9 import java.security.KeyManagementException;
10 import java.security.KeyPair;
11 import java.security.NoSuchAlgorithmException;
12 import java.security.PrivateKey;
13 import java.security.cert.X509Certificate;
14 import java.sql.SQLException;
16 import org.cacert.gigi.dbObjects.Certificate;
17 import org.cacert.gigi.dbObjects.Certificate.CSRType;
18 import org.cacert.gigi.dbObjects.CertificateProfile;
19 import org.cacert.gigi.dbObjects.Digest;
20 import org.cacert.gigi.dbObjects.Job;
21 import org.cacert.gigi.dbObjects.User;
22 import org.cacert.gigi.testUtils.ManagedTest;
23 import org.junit.Test;
25 public class TestSeparateSessionScope extends ManagedTest {
28 public void testSeparateScope() throws IOException, GeneralSecurityException, SQLException, InterruptedException, GigiApiException {
29 String mail = "thisgo" + createUniqueName() + "@example.com";
30 int user = createAssuranceUser("test", "tugo", mail, TEST_PASSWORD);
31 String cookie = login(mail, TEST_PASSWORD);
32 KeyPair kp = generateKeypair();
33 String csr = generatePEMCSR(kp, "CN=hans");
34 User u = User.getById(user);
35 Certificate c = new Certificate(u, u, Certificate.buildDN("CN", "hans"), Digest.SHA256, csr, CSRType.CSR, CertificateProfile.getById(1));
36 final PrivateKey pk = kp.getPrivate();
37 await(c.issue(null, "2y", u));
38 final X509Certificate ce = c.cert();
39 c.setLoginEnabled(true);
40 String scookie = login(pk, ce);
42 assertTrue(isLoggedin(cookie));
43 assertFalse(isLoggedin(scookie));
45 checkCertLogin(c, pk, scookie, 200);
46 checkCertLogin(c, pk, cookie, 302);
50 public void testSerialSteal() throws IOException, GeneralSecurityException, SQLException, InterruptedException, GigiApiException {
51 String mail = "thisgo" + createUniqueName() + "@example.com";
52 int user = createAssuranceUser("test", "tugo", mail, TEST_PASSWORD);
53 KeyPair kp = generateKeypair();
54 String csr = generatePEMCSR(kp, "CN=hans");
55 User u = User.getById(user);
56 Certificate c = new Certificate(u, u, Certificate.buildDN("CN", "hans"), Digest.SHA256, csr, CSRType.CSR, CertificateProfile.getById(1));
57 Certificate c2 = new Certificate(u, u, Certificate.buildDN("CN", "hans"), Digest.SHA256, csr, CSRType.CSR, CertificateProfile.getById(1));
58 final PrivateKey pk = kp.getPrivate();
59 Job j1 = c.issue(null, "2y", u);
60 await(c2.issue(null, "2y", u));
62 final X509Certificate ce = c.cert();
63 c.setLoginEnabled(true);
64 String scookie = login(pk, ce);
66 checkCertLogin(c, pk, scookie, 200);
67 checkCertLogin(c2, pk, scookie, 403);
68 checkCertLogin(c, pk, scookie, 302);
72 private void checkCertLogin(Certificate c2, final PrivateKey pk, String scookie, int expected) throws IOException, NoSuchAlgorithmException, KeyManagementException, GeneralSecurityException {
73 URL u = new URL("https://" + getServerName().replaceAll("^www", "secure") + SECURE_REFERENCE);
74 HttpURLConnection huc = (HttpURLConnection) u.openConnection();
75 authenticateClientCert(pk, c2.cert(), huc);
76 huc.setRequestProperty("Cookie", scookie);
77 assertEquals(expected, huc.getResponseCode());