X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=tests%2Forg%2Fcacert%2Fgigi%2Fpages%2Faccount%2FTestCertificateAdd.java;h=401d883826b51272c3467b401d1c152fbc3fceaa;hb=5696c41e3591e5b20cdb7a6637e87e3833b23e66;hp=6fcfb1d4392c57776e652187860398f084ad8a13;hpb=0fad27fa1dbd119648945ec77cd8e4a1b7965885;p=gigi.git diff --git a/tests/org/cacert/gigi/pages/account/TestCertificateAdd.java b/tests/org/cacert/gigi/pages/account/TestCertificateAdd.java index 6fcfb1d4..401d8838 100644 --- a/tests/org/cacert/gigi/pages/account/TestCertificateAdd.java +++ b/tests/org/cacert/gigi/pages/account/TestCertificateAdd.java @@ -16,6 +16,7 @@ import java.net.URLEncoder; import java.security.GeneralSecurityException; import java.security.KeyPair; import java.security.Signature; +import java.security.cert.Certificate; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; @@ -38,6 +39,7 @@ import org.cacert.gigi.testUtils.IOUtils; import org.cacert.gigi.util.PEM; import org.junit.Test; +import sun.security.pkcs.PKCS7; import sun.security.pkcs.PKCS9Attribute; import sun.security.pkcs10.PKCS10Attribute; import sun.security.pkcs10.PKCS10Attributes; @@ -130,7 +132,7 @@ public class TestCertificateAdd extends ClientTest { OutputStream out = huc.getOutputStream(); out.write(("csrf=" + URLEncoder.encode(csrf, "UTF-8")).getBytes("UTF-8")); out.write(("&CN=CAcert+WoT+User&profile=client&SANs=" + URLEncoder.encode("email:" + email + "\n", "UTF-8")).getBytes("UTF-8")); - out.write(("&hash_alg=SHA512&CCA=y").getBytes("UTF-8")); + out.write(("&hash_alg=SHA512&tos_agree=y").getBytes("UTF-8")); URLConnection uc = authenticate(new URL(huc.getHeaderField("Location") + ".crt")); String crt = IOUtils.readURL(new InputStreamReader(uc.getInputStream(), "UTF-8")); @@ -138,13 +140,21 @@ public class TestCertificateAdd extends ClientTest { byte[] cer = IOUtils.readURL(uc.getInputStream()); assertArrayEquals(cer, PEM.decode("CERTIFICATE", crt)); - uc = authenticate(new URL(huc.getHeaderField("Location") + ".cer?install")); - byte[] cer2 = IOUtils.readURL(uc.getInputStream()); - assertArrayEquals(cer, cer2); + uc = authenticate(new URL(huc.getHeaderField("Location") + ".cer?install&chain")); + byte[] pkcs7 = IOUtils.readURL(uc.getInputStream()); + PKCS7 p7 = new PKCS7(pkcs7); + byte[] sub = verifyChain(p7.getCertificates()); + assertArrayEquals(cer, sub); assertEquals("application/x-x509-user-cert", uc.getHeaderField("Content-type")); uc = authenticate(new URL(huc.getHeaderField("Location"))); String gui = IOUtils.readURL(uc); + Pattern p = Pattern.compile("-----BEGIN CERTIFICATE-----[^-]+-----END CERTIFICATE-----"); + Matcher m = p.matcher(gui); + assertTrue(m.find()); + byte[] cert = PEM.decode("CERTIFICATE", m.group(0)); + Certificate c = CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(cert)); + gui = c.toString(); assertThat(gui, containsString("clientAuth")); assertThat(gui, containsString("CN=CAcert WoT User")); assertThat(gui, containsString("SHA512withRSA")); @@ -152,6 +162,36 @@ public class TestCertificateAdd extends ClientTest { } + private byte[] verifyChain(X509Certificate[] x509Certificates) throws GeneralSecurityException { + X509Certificate current = null; + nextCert: + while (true) { + for (int i = 0; i < x509Certificates.length; i++) { + X509Certificate cert = x509Certificates[i]; + if (current == null) { + if (cert.getSubjectX500Principal().equals(cert.getIssuerX500Principal())) { + current = cert; + continue nextCert; + } + } else { + if (cert.getSubjectX500Principal().equals(cert.getIssuerX500Principal())) { + continue; + } + if (current.getSubjectX500Principal().equals(cert.getIssuerX500Principal())) { + Signature s = Signature.getInstance(cert.getSigAlgName()); + s.initVerify(current.getPublicKey()); + s.update(cert.getTBSCertificate()); + assertTrue(s.verify(cert.getSignature())); + current = cert; + continue nextCert; + } + } + } + assertNotNull(current); + return current.getEncoded(); + } + } + @Test public void testValidityPeriodCalendar() throws IOException, GeneralSecurityException { testCertificateValidityRelative(Calendar.YEAR, 2, "2y", true); @@ -174,8 +214,9 @@ public class TestCertificateAdd extends ClientTest { Date start = new Date(now); Date end = new Date(now + MS_PER_DAY * 10); - X509Certificate res = createCertWithValidity("&validFrom=" + sdf.format(start) + "&validity=" + sdf.format(end)); - assertNotNull(res); + String validity = "&validFrom=" + sdf.format(start) + "&validity=" + sdf.format(end); + X509Certificate res = createCertWithValidity(validity); + assertNotNull(validity, res); assertEquals(start, res.getNotBefore()); assertEquals(end, res.getNotAfter()); } @@ -214,7 +255,7 @@ public class TestCertificateAdd extends ClientTest { OutputStream out = huc.getOutputStream(); out.write(("csrf=" + URLEncoder.encode(csrf, "UTF-8")).getBytes("UTF-8")); out.write(("&profile=client&CN=" + CertificateRequest.DEFAULT_CN + "&SANs=" + URLEncoder.encode("email:" + email + "\n", "UTF-8")).getBytes("UTF-8")); - out.write(("&hash_alg=SHA512&CCA=y&").getBytes("UTF-8")); + out.write(("&hash_alg=SHA512&tos_agree=y&").getBytes("UTF-8")); out.write(validity.getBytes("UTF-8")); String certurl = huc.getHeaderField("Location");