X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=tests%2Forg%2Fcacert%2Fgigi%2Fpages%2Faccount%2FTestCertificateAdd.java;h=b85818c39926270bf83e090a72d343742982387c;hb=17e2568dcad211fb32fdb44e5326637055606ed3;hp=38130bc455656ba54868a0e6d32afcec2fb9d25e;hpb=72328c64659f06441c35dbd4f8cdcfd41376e7a3;p=gigi.git diff --git a/tests/org/cacert/gigi/pages/account/TestCertificateAdd.java b/tests/org/cacert/gigi/pages/account/TestCertificateAdd.java index 38130bc4..b85818c3 100644 --- a/tests/org/cacert/gigi/pages/account/TestCertificateAdd.java +++ b/tests/org/cacert/gigi/pages/account/TestCertificateAdd.java @@ -16,6 +16,7 @@ import java.net.URLEncoder; import java.security.GeneralSecurityException; import java.security.KeyPair; import java.security.Signature; +import java.security.cert.Certificate; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; @@ -30,6 +31,7 @@ import java.util.regex.Matcher; import java.util.regex.Pattern; import org.cacert.gigi.crypto.SPKAC; +import org.cacert.gigi.dbObjects.CertificateOwner; import org.cacert.gigi.dbObjects.Digest; import org.cacert.gigi.pages.account.certs.CertificateAdd; import org.cacert.gigi.pages.account.certs.CertificateRequest; @@ -55,6 +57,15 @@ import sun.security.x509.X509Key; public class TestCertificateAdd extends ClientTest { + private static class OnPageError extends Error { + + private static final long serialVersionUID = 1L; + + public OnPageError(String page) { + super(page); + } + } + KeyPair kp = generateKeypair(); String csrf; @@ -67,7 +78,7 @@ public class TestCertificateAdd extends ClientTest { @Test public void testSimpleServer() throws IOException, GeneralSecurityException { PKCS10Attributes atts = buildAtts(new ObjectIdentifier[] { - CertificateRequest.OID_KEY_USAGE_SSL_SERVER + CertificateRequest.OID_KEY_USAGE_SSL_SERVER }, new DNSName(uniq + ".tld")); String pem = generatePEMCSR(kp, "CN=a." + uniq + ".tld", atts); @@ -81,7 +92,7 @@ public class TestCertificateAdd extends ClientTest { @Test public void testSimpleMail() throws IOException, GeneralSecurityException { PKCS10Attributes atts = buildAtts(new ObjectIdentifier[] { - CertificateRequest.OID_KEY_USAGE_EMAIL_PROTECTION + CertificateRequest.OID_KEY_USAGE_EMAIL_PROTECTION }, new DNSName("a." + uniq + ".tld"), new DNSName("b." + uniq + ".tld"), new RFC822Name(email)); String pem = generatePEMCSR(kp, "CN=a b", atts, "SHA384WithRSA"); @@ -95,7 +106,7 @@ public class TestCertificateAdd extends ClientTest { @Test public void testSimpleClient() throws IOException, GeneralSecurityException { PKCS10Attributes atts = buildAtts(new ObjectIdentifier[] { - CertificateRequest.OID_KEY_USAGE_SSL_CLIENT + CertificateRequest.OID_KEY_USAGE_SSL_CLIENT }, new RFC822Name(email)); String pem = generatePEMCSR(kp, "CN=a b,email=" + email, atts, "SHA512WithRSA"); @@ -115,7 +126,7 @@ public class TestCertificateAdd extends ClientTest { @Test public void testIssue() throws IOException, GeneralSecurityException { PKCS10Attributes atts = buildAtts(new ObjectIdentifier[] { - CertificateRequest.OID_KEY_USAGE_SSL_CLIENT + CertificateRequest.OID_KEY_USAGE_SSL_CLIENT }, new RFC822Name(email)); String pem = generatePEMCSR(kp, "CN=a b,email=" + email, atts, "SHA512WithRSA"); @@ -131,7 +142,7 @@ public class TestCertificateAdd extends ClientTest { OutputStream out = huc.getOutputStream(); out.write(("csrf=" + URLEncoder.encode(csrf, "UTF-8")).getBytes("UTF-8")); out.write(("&CN=CAcert+WoT+User&profile=client&SANs=" + URLEncoder.encode("email:" + email + "\n", "UTF-8")).getBytes("UTF-8")); - out.write(("&hash_alg=SHA512&CCA=y").getBytes("UTF-8")); + out.write(("&hash_alg=SHA512").getBytes("UTF-8")); URLConnection uc = authenticate(new URL(huc.getHeaderField("Location") + ".crt")); String crt = IOUtils.readURL(new InputStreamReader(uc.getInputStream(), "UTF-8")); @@ -148,6 +159,12 @@ public class TestCertificateAdd extends ClientTest { uc = authenticate(new URL(huc.getHeaderField("Location"))); String gui = IOUtils.readURL(uc); + Pattern p = Pattern.compile("-----BEGIN CERTIFICATE-----[^-]+-----END CERTIFICATE-----"); + Matcher m = p.matcher(gui); + assertTrue(m.find()); + byte[] cert = PEM.decode("CERTIFICATE", m.group(0)); + Certificate c = CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(cert)); + gui = c.toString(); assertThat(gui, containsString("clientAuth")); assertThat(gui, containsString("CN=CAcert WoT User")); assertThat(gui, containsString("SHA512withRSA")); @@ -180,6 +197,7 @@ public class TestCertificateAdd extends ClientTest { } } } + assertNotNull(current); return current.getEncoded(); } } @@ -206,14 +224,15 @@ public class TestCertificateAdd extends ClientTest { Date start = new Date(now); Date end = new Date(now + MS_PER_DAY * 10); - X509Certificate res = createCertWithValidity("&validFrom=" + sdf.format(start) + "&validity=" + sdf.format(end)); - assertNotNull(res); + String validity = "&validFrom=" + sdf.format(start) + "&validity=" + sdf.format(end); + X509Certificate res = createCertWithValidity(validity, false); + assertNotNull(validity, res); assertEquals(start, res.getNotBefore()); assertEquals(end, res.getNotAfter()); } private void testCertificateValidityRelative(int field, int amount, String length, boolean shouldsucceed) throws IOException, GeneralSecurityException, UnsupportedEncodingException, MalformedURLException, CertificateException { - X509Certificate parsed = createCertWithValidity("&validFrom=now&validity=" + length); + X509Certificate parsed = createCertWithValidity("&validFrom=now&validity=" + length, false); if (parsed == null) { assertTrue( !shouldsucceed); return; @@ -232,9 +251,9 @@ public class TestCertificateAdd extends ClientTest { assertEquals(c.getTime(), end); } - private X509Certificate createCertWithValidity(String validity) throws IOException, GeneralSecurityException, UnsupportedEncodingException, MalformedURLException, CertificateException { + private X509Certificate createCertWithValidity(String validity, boolean login) throws IOException, GeneralSecurityException, UnsupportedEncodingException, MalformedURLException, CertificateException { PKCS10Attributes atts = buildAtts(new ObjectIdentifier[] { - CertificateRequest.OID_KEY_USAGE_SSL_CLIENT + CertificateRequest.OID_KEY_USAGE_SSL_CLIENT }, new RFC822Name(email)); String pem = generatePEMCSR(kp, "CN=a b", atts, "SHA512WithRSA"); @@ -246,7 +265,10 @@ public class TestCertificateAdd extends ClientTest { OutputStream out = huc.getOutputStream(); out.write(("csrf=" + URLEncoder.encode(csrf, "UTF-8")).getBytes("UTF-8")); out.write(("&profile=client&CN=" + CertificateRequest.DEFAULT_CN + "&SANs=" + URLEncoder.encode("email:" + email + "\n", "UTF-8")).getBytes("UTF-8")); - out.write(("&hash_alg=SHA512&CCA=y&").getBytes("UTF-8")); + out.write(("&hash_alg=SHA512&").getBytes("UTF-8")); + if (login) { + out.write(("login=1&").getBytes("UTF-8")); + } out.write(validity.getBytes("UTF-8")); String certurl = huc.getHeaderField("Location"); @@ -286,8 +308,9 @@ public class TestCertificateAdd extends ClientTest { assertArrayEquals(new String[] { "client", CertificateRequest.DEFAULT_CN, "", Digest.SHA512.toString() }, res); - } catch (Error e) { - assertTrue(e.getMessage().startsWith("
Challenge mismatch")); + } catch (OnPageError e) { + String error = fetchStartErrorMessage(e.getMessage()); + assertTrue(error, error.startsWith("

Challenge mismatch")); } return csrf; } @@ -301,7 +324,7 @@ public class TestCertificateAdd extends ClientTest { } attributeValue.set("SANs", new SubjectAlternativeNameExtension(names)); PKCS10Attributes atts = new PKCS10Attributes(new PKCS10Attribute[] { - new PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, attributeValue) + new PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, attributeValue) }); ExtendedKeyUsageExtension eku = new ExtendedKeyUsageExtension(// new Vector<>(Arrays.asList(ekuOIDs))); @@ -332,9 +355,8 @@ public class TestCertificateAdd extends ClientTest { private String[] extractFormData(HttpURLConnection uc) throws IOException, Error { String result = IOUtils.readURL(uc); - if (result.contains("

")) { - String s = fetchStartErrorMessage(result); - throw new Error(s); + if (hasError().matches(result)) { + throw new OnPageError(result); } String profileKey = extractPattern(result, Pattern.compile("