X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=tests%2Fclub%2Fwpia%2Fgigi%2FTestSeparateSessionScope.java;fp=tests%2Fclub%2Fwpia%2Fgigi%2FTestSeparateSessionScope.java;h=c5bb9dceabd40fd8aaa590f42829e44ad30be9cc;hb=bccd4cc0dba0f89aa045b113bac46eb8cc1dab4e;hp=0000000000000000000000000000000000000000;hpb=c9ed09f0007fc2c813815be927a5a24b23dab83c;p=gigi.git diff --git a/tests/club/wpia/gigi/TestSeparateSessionScope.java b/tests/club/wpia/gigi/TestSeparateSessionScope.java new file mode 100644 index 00000000..c5bb9dce --- /dev/null +++ b/tests/club/wpia/gigi/TestSeparateSessionScope.java @@ -0,0 +1,79 @@ +package club.wpia.gigi; + +import static org.junit.Assert.*; + +import java.io.IOException; +import java.net.HttpURLConnection; +import java.net.URL; +import java.security.GeneralSecurityException; +import java.security.KeyManagementException; +import java.security.KeyPair; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.cert.X509Certificate; +import java.sql.SQLException; + +import org.junit.Test; + +import club.wpia.gigi.dbObjects.Certificate; +import club.wpia.gigi.dbObjects.Certificate.CSRType; +import club.wpia.gigi.dbObjects.Digest; +import club.wpia.gigi.dbObjects.Job; +import club.wpia.gigi.dbObjects.User; +import club.wpia.gigi.testUtils.ManagedTest; + +public class TestSeparateSessionScope extends ManagedTest { + + @Test + public void testSeparateScope() throws IOException, GeneralSecurityException, SQLException, InterruptedException, GigiApiException { + String mail = "thisgo" + createUniqueName() + "@example.com"; + int user = createAssuranceUser("test", "tugo", mail, TEST_PASSWORD); + String cookie = login(mail, TEST_PASSWORD); + KeyPair kp = generateKeypair(); + String csr = generatePEMCSR(kp, "CN=hans"); + User u = User.getById(user); + Certificate c = new Certificate(u, u, Certificate.buildDN("CN", "hans"), Digest.SHA256, csr, CSRType.CSR, getClientProfile()); + final PrivateKey pk = kp.getPrivate(); + await(c.issue(null, "2y", u)); + final X509Certificate ce = c.cert(); + c.setLoginEnabled(true); + String scookie = login(pk, ce); + + assertTrue(isLoggedin(cookie)); + assertFalse(isLoggedin(scookie)); + + checkCertLogin(c, pk, scookie, 200); + checkCertLogin(c, pk, cookie, 302); + } + + @Test + public void testSerialSteal() throws IOException, GeneralSecurityException, SQLException, InterruptedException, GigiApiException { + String mail = "thisgo" + createUniqueName() + "@example.com"; + int user = createAssuranceUser("test", "tugo", mail, TEST_PASSWORD); + KeyPair kp = generateKeypair(); + String csr = generatePEMCSR(kp, "CN=hans"); + User u = User.getById(user); + Certificate c = new Certificate(u, u, Certificate.buildDN("CN", "hans"), Digest.SHA256, csr, CSRType.CSR, getClientProfile()); + Certificate c2 = new Certificate(u, u, Certificate.buildDN("CN", "hans"), Digest.SHA256, csr, CSRType.CSR, getClientProfile()); + final PrivateKey pk = kp.getPrivate(); + Job j1 = c.issue(null, "2y", u); + await(c2.issue(null, "2y", u)); + await(j1); + final X509Certificate ce = c.cert(); + c.setLoginEnabled(true); + String scookie = login(pk, ce); + + checkCertLogin(c, pk, scookie, 200); + checkCertLogin(c2, pk, scookie, 403); + checkCertLogin(c, pk, scookie, 302); + + } + + private void checkCertLogin(Certificate c2, final PrivateKey pk, String scookie, int expected) throws IOException, NoSuchAlgorithmException, KeyManagementException, GeneralSecurityException { + URL u = new URL("https://" + getSecureServerName() + SECURE_REFERENCE); + HttpURLConnection huc = (HttpURLConnection) u.openConnection(); + authenticateClientCert(pk, c2.cert(), huc); + huc.setRequestProperty("Cookie", scookie); + assertEquals(expected, huc.getResponseCode()); + } +}