import java.util.regex.Pattern;
import org.cacert.gigi.crypto.SPKAC;
+import org.cacert.gigi.dbObjects.CertificateOwner;
import org.cacert.gigi.dbObjects.Digest;
import org.cacert.gigi.pages.account.certs.CertificateAdd;
import org.cacert.gigi.pages.account.certs.CertificateRequest;
public class TestCertificateAdd extends ClientTest {
+ private static class OnPageError extends Error {
+
+ private static final long serialVersionUID = 1L;
+
+ public OnPageError(String page) {
+ super(page);
+ }
+ }
+
KeyPair kp = generateKeypair();
String csrf;
String[] res = fillOutForm("CSR=" + URLEncoder.encode(pem, "UTF-8"));
assertArrayEquals(new String[] {
- "server", "CAcert WoT User", "dns:a." + uniq + ".tld\ndns:" + uniq + ".tld\n", Digest.SHA256.toString()
+ "server", CertificateRequest.DEFAULT_CN, "dns:a." + uniq + ".tld\ndns:" + uniq + ".tld\n", Digest.SHA512.toString()
}, res);
}
CertificateRequest.OID_KEY_USAGE_SSL_CLIENT
}, new RFC822Name(email));
- String pem = generatePEMCSR(kp, "CN=a b,email=" + email, atts, "SHA512WithRSA");
+ String pem = generatePEMCSR(kp, "CN=a b,email=" + email, atts, "SHA256WithRSA");
String[] res = fillOutForm("CSR=" + URLEncoder.encode(pem, "UTF-8"));
assertArrayEquals(new String[] {
- "client", "a b", "email:" + email + "\n", Digest.SHA512.toString()
+ "client", "a b", "email:" + email + "\n", Digest.SHA256.toString()
}, res);
}
huc.setDoOutput(true);
OutputStream out = huc.getOutputStream();
out.write(("csrf=" + URLEncoder.encode(csrf, "UTF-8")).getBytes("UTF-8"));
- out.write(("&CN=CAcert+WoT+User&profile=client&SANs=" + URLEncoder.encode("email:" + email + "\n", "UTF-8")).getBytes("UTF-8"));
- out.write(("&hash_alg=SHA512&tos_agree=y").getBytes("UTF-8"));
+ out.write(("&CN=" + URLEncoder.encode(CertificateRequest.DEFAULT_CN, "UTF-8") + "&profile=client&SANs=" + URLEncoder.encode("email:" + email + "\n", "UTF-8")).getBytes("UTF-8"));
+ out.write(("&hash_alg=SHA512").getBytes("UTF-8"));
URLConnection uc = authenticate(new URL(huc.getHeaderField("Location") + ".crt"));
String crt = IOUtils.readURL(new InputStreamReader(uc.getInputStream(), "UTF-8"));
Certificate c = CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(cert));
gui = c.toString();
assertThat(gui, containsString("clientAuth"));
- assertThat(gui, containsString("CN=CAcert WoT User"));
+ assertThat(gui, containsString("CN=" + CertificateRequest.DEFAULT_CN));
assertThat(gui, containsString("SHA512withRSA"));
assertThat(gui, containsString("RFC822Name: " + email));
Date start = new Date(now);
Date end = new Date(now + MS_PER_DAY * 10);
String validity = "&validFrom=" + sdf.format(start) + "&validity=" + sdf.format(end);
- X509Certificate res = createCertWithValidity(validity);
+ X509Certificate res = createCertWithValidity(validity, false);
assertNotNull(validity, res);
assertEquals(start, res.getNotBefore());
assertEquals(end, res.getNotAfter());
}
private void testCertificateValidityRelative(int field, int amount, String length, boolean shouldsucceed) throws IOException, GeneralSecurityException, UnsupportedEncodingException, MalformedURLException, CertificateException {
- X509Certificate parsed = createCertWithValidity("&validFrom=now&validity=" + length);
+ X509Certificate parsed = createCertWithValidity("&validFrom=now&validity=" + length, false);
if (parsed == null) {
assertTrue( !shouldsucceed);
return;
assertEquals(c.getTime(), end);
}
- private X509Certificate createCertWithValidity(String validity) throws IOException, GeneralSecurityException, UnsupportedEncodingException, MalformedURLException, CertificateException {
+ private X509Certificate createCertWithValidity(String validity, boolean login) throws IOException, GeneralSecurityException, UnsupportedEncodingException, MalformedURLException, CertificateException {
PKCS10Attributes atts = buildAtts(new ObjectIdentifier[] {
CertificateRequest.OID_KEY_USAGE_SSL_CLIENT
}, new RFC822Name(email));
OutputStream out = huc.getOutputStream();
out.write(("csrf=" + URLEncoder.encode(csrf, "UTF-8")).getBytes("UTF-8"));
out.write(("&profile=client&CN=" + CertificateRequest.DEFAULT_CN + "&SANs=" + URLEncoder.encode("email:" + email + "\n", "UTF-8")).getBytes("UTF-8"));
- out.write(("&hash_alg=SHA512&tos_agree=y&").getBytes("UTF-8"));
+ out.write(("&hash_alg=SHA512&").getBytes("UTF-8"));
+ if (login) {
+ out.write(("login=1&").getBytes("UTF-8"));
+ }
out.write(validity.getBytes("UTF-8"));
String certurl = huc.getHeaderField("Location");
assertArrayEquals(new String[] {
"client", CertificateRequest.DEFAULT_CN, "", Digest.SHA512.toString()
}, res);
- } catch (Error e) {
- assertTrue(e.getMessage().startsWith("<div>Challenge mismatch"));
+ } catch (OnPageError e) {
+ String error = fetchStartErrorMessage(e.getMessage());
+ assertTrue(error, error.startsWith("<p>Challenge mismatch"));
}
return csrf;
}
private String[] extractFormData(HttpURLConnection uc) throws IOException, Error {
String result = IOUtils.readURL(uc);
- if (result.contains("<div class='formError'>")) {
- String s = fetchStartErrorMessage(result);
- throw new Error(s);
+ if (hasError().matches(result)) {
+ throw new OnPageError(result);
}
String profileKey = extractPattern(result, Pattern.compile("<option value=\"([^\"]*)\" selected>"));
String resultingCN = m.group(1);
return resultingCN;
}
+
+ @Test
+ public void testSetLoginEnabled() throws IOException, GeneralSecurityException {
+ X509Certificate parsedLoginNotEnabled = createCertWithValidity("&validFrom=now&validity=1m", false);
+ assertNull(CertificateOwner.getByEnabledSerial(parsedLoginNotEnabled.getSerialNumber().toString(16).toLowerCase()));
+
+ X509Certificate parsedLoginEnabled = createCertWithValidity("&validFrom=now&validity=1m", true);
+ assertEquals(u, CertificateOwner.getByEnabledSerial(parsedLoginEnabled.getSerialNumber().toString(16).toLowerCase()));
+ }
}