X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=tests%2Fclub%2Fwpia%2Fgigi%2Fpages%2Faccount%2FTestCertificateAdd.java;h=0d83f301f0320db78b5717647f29609df5557017;hb=443b1f0954ca6f5bcc16b45017db7f5c1d709afb;hp=9b3a7638cd9125dbf6acea1fe6df0dbd69a01488;hpb=bccd4cc0dba0f89aa045b113bac46eb8cc1dab4e;p=gigi.git
diff --git a/tests/club/wpia/gigi/pages/account/TestCertificateAdd.java b/tests/club/wpia/gigi/pages/account/TestCertificateAdd.java
index 9b3a7638..0d83f301 100644
--- a/tests/club/wpia/gigi/pages/account/TestCertificateAdd.java
+++ b/tests/club/wpia/gigi/pages/account/TestCertificateAdd.java
@@ -1,6 +1,7 @@
package club.wpia.gigi.pages.account;
import static org.hamcrest.CoreMatchers.*;
+import static org.hamcrest.MatcherAssert.assertThat;
import static org.junit.Assert.*;
import java.io.ByteArrayInputStream;
@@ -37,9 +38,11 @@ import club.wpia.gigi.dbObjects.CertificateOwner;
import club.wpia.gigi.dbObjects.Digest;
import club.wpia.gigi.pages.account.certs.CertificateAdd;
import club.wpia.gigi.pages.account.certs.CertificateRequest;
+import club.wpia.gigi.pages.account.certs.Certificates;
import club.wpia.gigi.testUtils.ClientTest;
import club.wpia.gigi.testUtils.IOUtils;
import club.wpia.gigi.util.PEM;
+import club.wpia.gigi.util.RandomToken;
import sun.security.pkcs.PKCS7;
import sun.security.pkcs.PKCS9Attribute;
import sun.security.pkcs10.PKCS10Attribute;
@@ -68,6 +71,12 @@ public class TestCertificateAdd extends ClientTest {
KeyPair kp = generateKeypair();
+ /**
+ * This KeyPair is used for testing the KeyCheck for proper rejection of
+ * invalid keys. The generated keys suffers from small factors.
+ */
+ KeyPair kpBroken = generateBrokenKeypair();
+
String csrf;
public TestCertificateAdd() throws GeneralSecurityException, IOException {
@@ -82,7 +91,6 @@ public class TestCertificateAdd extends ClientTest {
}, new DNSName(uniq + ".tld"));
String pem = generatePEMCSR(kp, "CN=a." + uniq + ".tld", atts);
-
String[] res = fillOutForm("CSR=" + URLEncoder.encode(pem, "UTF-8"));
assertArrayEquals(new String[] {
"server", CertificateRequest.DEFAULT_CN, "dns:a." + uniq + ".tld\ndns:" + uniq + ".tld\n", Digest.SHA512.toString()
@@ -125,24 +133,7 @@ public class TestCertificateAdd extends ClientTest {
@Test
public void testIssue() throws IOException, GeneralSecurityException {
- PKCS10Attributes atts = buildAtts(new ObjectIdentifier[] {
- CertificateRequest.OID_KEY_USAGE_SSL_CLIENT
- }, new RFC822Name(email));
-
- String pem = generatePEMCSR(kp, "CN=a b,email=" + email, atts, "SHA512WithRSA");
-
- String[] res = fillOutForm("CSR=" + URLEncoder.encode(pem, "UTF-8"));
- assertArrayEquals(new String[] {
- "client", "a b", "email:" + email + "\n", Digest.SHA512.toString()
- }, res);
-
- HttpURLConnection huc = (HttpURLConnection) ncert.openConnection();
- huc.setRequestProperty("Cookie", cookie);
- huc.setDoOutput(true);
- OutputStream out = huc.getOutputStream();
- out.write(("csrf=" + URLEncoder.encode(csrf, "UTF-8")).getBytes("UTF-8"));
- out.write(("&CN=" + URLEncoder.encode(CertificateRequest.DEFAULT_CN, "UTF-8") + "&profile=client&SANs=" + URLEncoder.encode("email:" + email + "\n", "UTF-8")).getBytes("UTF-8"));
- out.write(("&hash_alg=SHA512").getBytes("UTF-8"));
+ HttpURLConnection huc = sendCertificateForm("description");
URLConnection uc = authenticate(new URL(huc.getHeaderField("Location") + ".crt"));
String crt = IOUtils.readURL(new InputStreamReader(uc.getInputStream(), "UTF-8"));
@@ -169,7 +160,48 @@ public class TestCertificateAdd extends ClientTest {
assertThat(gui, containsString("CN=" + CertificateRequest.DEFAULT_CN));
assertThat(gui, containsString("SHA512withRSA"));
assertThat(gui, containsString("RFC822Name: " + email));
+ }
+
+ @Test
+ public void testIssueWithDescription() throws IOException, GeneralSecurityException {
+ String description = "Just a new comment." + RandomToken.generateToken(32);
+ HttpURLConnection huc = sendCertificateForm(description);
+ assertEquals(302, huc.getResponseCode());
+
+ URLConnection uc = get(Certificates.PATH);
+ assertThat(IOUtils.readURL(uc), containsString(description));
+ description = "Just a new comment." + RandomToken.generateToken(100);
+ huc = sendCertificateForm(description);
+ assertThat(fetchStartErrorMessage(IOUtils.readURL(huc)), containsString("Submitted description is longer than 100 characters."));
+ }
+
+ private HttpURLConnection sendCertificateForm(String description) throws IOException, GeneralSecurityException {
+ HttpURLConnection huc = openCertificateForm();
+ OutputStream out = huc.getOutputStream();
+ out.write(("csrf=" + URLEncoder.encode(csrf, "UTF-8")).getBytes("UTF-8"));
+ out.write(("&CN=" + URLEncoder.encode(CertificateRequest.DEFAULT_CN, "UTF-8") + "&profile=client&SANs=" + URLEncoder.encode("email:" + email + "\n", "UTF-8")).getBytes("UTF-8"));
+ out.write(("&hash_alg=SHA512").getBytes("UTF-8"));
+ out.write(("&description=" + URLEncoder.encode(description, "UTF-8")).getBytes("UTF-8"));
+ return huc;
+ }
+
+ private HttpURLConnection openCertificateForm() throws IOException, GeneralSecurityException, UnsupportedEncodingException {
+ PKCS10Attributes atts = buildAtts(new ObjectIdentifier[] {
+ CertificateRequest.OID_KEY_USAGE_SSL_CLIENT
+ }, new RFC822Name(email));
+
+ String pem = generatePEMCSR(kp, "CN=a b,email=" + email, atts, "SHA512WithRSA");
+
+ String[] res = fillOutForm("CSR=" + URLEncoder.encode(pem, "UTF-8"));
+ assertArrayEquals(new String[] {
+ "client", "a b", "email:" + email + "\n", Digest.SHA512.toString()
+ }, res);
+
+ HttpURLConnection huc = (HttpURLConnection) ncert.openConnection();
+ huc.setRequestProperty("Cookie", cookie);
+ huc.setDoOutput(true);
+ return huc;
}
private byte[] verifyChain(X509Certificate[] x509Certificates) throws GeneralSecurityException {
@@ -252,16 +284,7 @@ public class TestCertificateAdd extends ClientTest {
}
private X509Certificate createCertWithValidity(String validity, boolean login) throws IOException, GeneralSecurityException, UnsupportedEncodingException, MalformedURLException, CertificateException {
- PKCS10Attributes atts = buildAtts(new ObjectIdentifier[] {
- CertificateRequest.OID_KEY_USAGE_SSL_CLIENT
- }, new RFC822Name(email));
-
- String pem = generatePEMCSR(kp, "CN=a b", atts, "SHA512WithRSA");
- fillOutForm("CSR=" + URLEncoder.encode(pem, "UTF-8"));
-
- HttpURLConnection huc = (HttpURLConnection) ncert.openConnection();
- huc.setRequestProperty("Cookie", cookie);
- huc.setDoOutput(true);
+ HttpURLConnection huc = openCertificateForm();
OutputStream out = huc.getOutputStream();
out.write(("csrf=" + URLEncoder.encode(csrf, "UTF-8")).getBytes("UTF-8"));
out.write(("&profile=client&CN=" + CertificateRequest.DEFAULT_CN + "&SANs=" + URLEncoder.encode("email:" + email + "\n", "UTF-8")).getBytes("UTF-8"));
@@ -289,7 +312,7 @@ public class TestCertificateAdd extends ClientTest {
return uc;
}
- protected String testSPKAC(boolean correctChallange) throws GeneralSecurityException, IOException {
+ protected String testSPKAC(boolean correctChallenge) throws GeneralSecurityException, IOException {
HttpURLConnection uc = (HttpURLConnection) ncert.openConnection();
uc.setRequestProperty("Cookie", cookie);
String s = IOUtils.readURL(uc);
@@ -297,13 +320,13 @@ public class TestCertificateAdd extends ClientTest {
csrf = extractPattern(s, Pattern.compile("]*name='csrf' [^>]*value='([^']*)'>"));
String challenge = extractPattern(s, Pattern.compile("]*name=\"SPKAC\" [^>]*challenge=\"([^\"]*)\"/>"));
- SPKAC spk = new SPKAC((X509Key) kp.getPublic(), challenge + (correctChallange ? "" : "b"));
+ SPKAC spk = new SPKAC((X509Key) kp.getPublic(), challenge + (correctChallenge ? "" : "b"));
Signature sign = Signature.getInstance("SHA512WithRSA");
sign.initSign(kp.getPrivate());
try {
String[] res = fillOutFormDirect("SPKAC=" + URLEncoder.encode(Base64.getEncoder().encodeToString(spk.getEncoded(sign)), "UTF-8"));
- if ( !correctChallange) {
- fail("Should not succeed with wrong challange.");
+ if ( !correctChallenge) {
+ fail("Should not succeed with wrong challenge.");
}
assertArrayEquals(new String[] {
"client", CertificateRequest.DEFAULT_CN, "", Digest.SHA512.toString()
@@ -378,9 +401,22 @@ public class TestCertificateAdd extends ClientTest {
@Test
public void testSetLoginEnabled() throws IOException, GeneralSecurityException {
X509Certificate parsedLoginNotEnabled = createCertWithValidity("&validFrom=now&validity=1m", false);
- assertNull(CertificateOwner.getByEnabledSerial(parsedLoginNotEnabled.getSerialNumber().toString(16).toLowerCase()));
+ assertNull(CertificateOwner.getByEnabledSerial(parsedLoginNotEnabled.getSerialNumber()));
X509Certificate parsedLoginEnabled = createCertWithValidity("&validFrom=now&validity=1m", true);
- assertEquals(u, CertificateOwner.getByEnabledSerial(parsedLoginEnabled.getSerialNumber().toString(16).toLowerCase()));
+ assertEquals(u, CertificateOwner.getByEnabledSerial(parsedLoginEnabled.getSerialNumber()));
}
+
+ @Test
+ public void testInvalidKeyInCSR() throws IOException, GeneralSecurityException {
+ PKCS10Attributes atts = buildAtts(new ObjectIdentifier[] {
+ CertificateRequest.OID_KEY_USAGE_SSL_SERVER
+ }, new DNSName(uniq + ".tld"));
+
+ String pem = generatePEMCSR(kpBroken, "CN=a." + uniq + ".tld", atts);
+
+ HttpURLConnection huc = post(CertificateAdd.PATH, "CSR=" + URLEncoder.encode(pem, "UTF-8"));
+ assertThat(IOUtils.readURL(huc), hasError());
+ }
+
}