+
+ public String login(final PrivateKey pk, final X509Certificate ce) throws NoSuchAlgorithmException,
+ KeyManagementException, IOException, MalformedURLException {
+
+ HttpURLConnection connection = (HttpURLConnection) new URL("https://"
+ + getServerName().replaceFirst("^www.", "secure.") + "/login").openConnection();
+ authenticateClientCert(pk, ce, connection);
+ if (connection.getResponseCode() == 302) {
+ assertEquals("https://" + getServerName().replaceFirst("^www.", "secure.").replaceFirst(":443$", "") + "/",
+ connection.getHeaderField("Location").replaceFirst(":443$", ""));
+ return stripCookie(connection.getHeaderField("Set-Cookie"));
+ } else {
+ return null;
+ }
+ }
+
+ public void authenticateClientCert(final PrivateKey pk, final X509Certificate ce, HttpURLConnection connection)
+ throws NoSuchAlgorithmException, KeyManagementException {
+ KeyManager km = new X509KeyManager() {
+
+ @Override
+ public String chooseClientAlias(String[] arg0, Principal[] arg1, Socket arg2) {
+ return "client";
+ }
+
+ @Override
+ public String chooseServerAlias(String arg0, Principal[] arg1, Socket arg2) {
+ return null;
+ }
+
+ @Override
+ public X509Certificate[] getCertificateChain(String arg0) {
+ return new X509Certificate[] { ce };
+ }
+
+ @Override
+ public String[] getClientAliases(String arg0, Principal[] arg1) {
+ return new String[] { "client" };
+ }
+
+ @Override
+ public PrivateKey getPrivateKey(String arg0) {
+ if (arg0.equals("client")) {
+ return pk;
+ }
+ return null;
+ }
+
+ @Override
+ public String[] getServerAliases(String arg0, Principal[] arg1) {
+ return new String[] { "client" };
+ }
+ };
+ SSLContext sc = SSLContext.getInstance("TLS");
+ sc.init(new KeyManager[] { km }, null, null);
+ if (connection instanceof HttpsURLConnection) {
+ ((HttpsURLConnection) connection).setSSLSocketFactory(sc.getSocketFactory());
+ }
+ }
+
+ public String getCSRF(URLConnection u) throws IOException {
+ String content = IOUtils.readURL(u);
+ Pattern p = Pattern.compile("<input type='hidden' name='csrf' value='([^']+)'>");
+ Matcher m = p.matcher(content);
+ if (!m.find()) {
+ throw new Error("No CSRF Token");
+ }
+ return m.group(1);
+ }
+
+ public static String[] generateCSR(String dn) throws IOException {
+ Process p = Runtime.getRuntime().exec(
+ new String[] { "openssl", "req", "-newkey", "rsa:1024", "-nodes", "-subj", dn, "-config",
+ "keys/selfsign.config" });
+ String csr = IOUtils.readURL(new InputStreamReader(p.getInputStream()));
+
+ String[] parts = csr.split("(?<=-----)\n(?=-----)");
+ if (parts.length != 2) {
+ System.err.println(IOUtils.readURL(new InputStreamReader(p.getErrorStream())));
+ throw new Error();
+ }
+ return parts;
+ }
+
+ public String executeBasicWebInteraction(String cookie, String path, String query) throws IOException,
+ MalformedURLException, UnsupportedEncodingException {
+ URLConnection uc = new URL("https://" + getServerName() + path).openConnection();
+ uc.addRequestProperty("Cookie", cookie);
+ String csrf = getCSRF(uc);
+
+ uc = new URL("https://" + getServerName() + path).openConnection();
+ uc.addRequestProperty("Cookie", cookie);
+ uc.setDoOutput(true);
+ OutputStream os = uc.getOutputStream();
+ os.write(("csrf=" + URLEncoder.encode(csrf, "UTF-8") + "&" //
+ + query//
+ ).getBytes());
+ os.flush();
+ String error = fetchStartErrorMessage(IOUtils.readURL(uc));
+ return error;
+ }
+