add: display on cert status check if cert is valid and expired
[gigi.git] / tests / club / wpia / gigi / pages / main / CertStatusTest.java
1 package club.wpia.gigi.pages.main;
2
3 import static org.hamcrest.MatcherAssert.assertThat;
4 import static org.junit.Assert.*;
5
6 import java.io.IOException;
7 import java.io.OutputStream;
8 import java.net.HttpURLConnection;
9 import java.net.URL;
10 import java.net.URLConnection;
11 import java.net.URLEncoder;
12 import java.security.GeneralSecurityException;
13 import java.security.KeyPair;
14 import java.time.LocalDate;
15 import java.time.ZoneId;
16
17 import org.hamcrest.CoreMatchers;
18 import org.junit.Test;
19
20 import club.wpia.gigi.GigiApiException;
21 import club.wpia.gigi.database.GigiPreparedStatement;
22 import club.wpia.gigi.dbObjects.Certificate;
23 import club.wpia.gigi.dbObjects.Certificate.CertificateStatus;
24 import club.wpia.gigi.dbObjects.Certificate.RevocationType;
25 import club.wpia.gigi.dbObjects.Digest;
26 import club.wpia.gigi.dbObjects.Job;
27 import club.wpia.gigi.pages.account.certs.CertificateRequest;
28 import club.wpia.gigi.testUtils.ClientTest;
29 import club.wpia.gigi.testUtils.IOUtils;
30 import club.wpia.gigi.util.AuthorizationContext;
31 import club.wpia.gigi.util.PEM;
32
33 public class CertStatusTest extends ClientTest {
34
35     private Certificate cert;
36
37     private Certificate certExpired;
38
39     private String serial;
40
41     private String serialExpired;
42
43     private String foreignPEM = "-----BEGIN CERTIFICATE-----\n" + "MIIGvjCCBKagAwIBAgIVEQAAAAfLkxaJ4wATnrSBUbEr3UsxMA0GCSqGSIb3DQEB\n" + "DQUAMHExFzAVBgNVBAMMDkFzc3VyZWQgMjAxNy0yMSowKAYDVQQKDCFUZXN0IEVu\n" + "dmlyb25tZW50IENBIEx0ZC4tMTctMDMtMDQxHTAbBgNVBAsMFFRlc3QgRW52aXJv\n" + "bm1lbnQgQ0FzMQswCQYDVQQGEwJBVTAeFw0xNzA4MTUxMDI5NTdaFw0xNzA4MTYw\n" + "MDAwMDBaMDkxETAPBgNVBAMMCE1hcmN1cyBNMSQwIgYJKoZIhvcNAQkBFhVtLm1h\n" + "ZW5nZWxAaW5vcGlhZS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC\n" + "AQCv9hFCn69zHNapLimr4B9xK2PcYYRmINbBiihJ42WSIcf6VfxgQRPXZ9JCGDKn\n" + "haANqAyfOCuvtIuN1jJoYOo1VTQd3tkL9IvAwPVpsPiiHeYKqJRNxCkfU6kPGY2x\n" + "QV4+gDErXp/0AL792oAq6W3RoYIeiHXLKvLoYLBbSqtTCkfCYgEhv/3bflswU1JH\n" + "fr6QsvUJ1epH7QpiE5J8pp9hWKfcEufekYnMWASKITS4ronQcyfMocf9BlEf87ou\n" + "wri0NF8EBBhwq6C2+Ag9QlNHtylyUTj4+3XR//3K+6T/8neNK/9CNZ6sXqz5SnFX\n" + "BZTQONK2vavDvbSDhgQ0CuCbyN+rwjjSHYSgywqjkKb1tzB39N7Hd2fR5LcnBD3/\n" + "alQGIh808iukSm7TNwmdSCl2dRug2nTH5qdFLgk2wH+UcoOZH1lEn3UA2IYScmUH\n" + "sgeF6bIojS8Qj1UQZPwlblDiNvudYx2QQG9aNqWz+4O+6a5IpRugY9jnG5Z5sPum\n" + "IpXl1q+VNz8FLlZavpxccjGlIW0179kctA5FEoTHgogzE/rAt5tmHD+kdVEgpquR\n" + "yjpVVYG/R64oUQDjBeen1aKt2yzv+CP1frvml/bUKcb4qZ3z15K6gD0wrKQVWJoD\n" + "0j6gPAs10N2khPbjX9sYJqFr4Tket1DtCIusPQj7JxQm1wIDAQABo4IBgzCCAX8w\n" + "DAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU5N/6GJVVMyrAd/HgiN7PQQ7mTOUwHwYD\n" + "VR0jBBgwFoAUwygt1+5B0HactieygKVNyE3m9W0wDgYDVR0PAQH/BAQDAgOoMB0G\n" + "A1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDCBjgYIKwYBBQUHAQEEgYEwfzAz\n" + "BggrBgEFBQcwAYYnaHR0cDovL2cyLm9jc3AudGVzdDEuYmFja3VwLmRvZ2NyYWZ0\n" + "LmRlMEgGCCsGAQUFBzAChjxodHRwOi8vZzIuY3J0LnRlc3QxLmJhY2t1cC5kb2dj\n" + "cmFmdC5kZS9nMi8yMDE3L2Fzc3VyZWQtMi5jcnQwTQYDVR0fBEYwRDBCoECgPoY8\n" + "aHR0cDovL2cyLmNybC50ZXN0MS5iYWNrdXAuZG9nY3JhZnQuZGUvZzIvMjAxNy9h\n" + "c3N1cmVkLTIuY3JsMCAGA1UdEQQZMBeBFW0ubWFlbmdlbEBpbm9waWFlLmNvbTAN\n" + "BgkqhkiG9w0BAQ0FAAOCAgEATRC7wwfFNExFk6LGcAbYSJViVs8ZgFuaTEzlBrik\n" + "mf9f8QA7Aj2bH2hqCdjbem1ElXhbADcJopS46P7yfH57zUj3qvD9znK0DdqWpvsO\n" + "nCB7/kdA0KysxTZ+D5gFgk/MpDfNP8ALB1SHGEOv/l4gQs0Zn6ORxt+4zrLzqExO\n" + "dMYdxcVQCl0ft5tQRUSxg1k2y8crgplR02TvhJCrb+RNCS0SQMkEA11bZKEpLBYk\n" + "bJMJYMr+SMN/wtC/vjXm9hrPGqnfqpJC7IqHUfzcBt10dGPqzvO/6xnEZn4YSgjr\n" + "MyoVUnOmcgolFrToYbXr3CNoQFO5Dgz7hbXH59/6ph35g7Q3hllTV+DGV753Baaa\n" + "bMgAsUeJqdMcJSAorLKjibinF/odbJ/kghAg7LBLQUmCvfYWzKhnfETXQ/qXbOk7\n" + "fufEB0z1AnzOB032Cde+FZg1NofjyF8N0UuK4l8fS+hSX6bcJaIuvUSNm5Mj2laZ\n" + "cskPgOu2Gng1JteLbotEKnruKshfKgo64Fq/mPASHfrSdAeQ/shlL6JG3QQeiw9k\n" + "Yu7lu7neRduthxwEdZ8EYrQ0fnHWrmnGsDCpvNIv1coaPc0ghi2pfGjEBAXGQoQ3\n" + "7Bia1anze/wG/9viZyuH1Ms10Ya9E8bPfB1D7B26tB6IZUNLaMnoYbCd+EN7Zjx/\n" + "Yac=\n" + "-----END CERTIFICATE-----";
44
45     public CertStatusTest() throws GeneralSecurityException, IOException, GigiApiException, InterruptedException {
46
47         KeyPair kp = generateKeypair();
48         String csr = generatePEMCSR(kp, "CN=test");
49         CertificateRequest cr = new CertificateRequest(new AuthorizationContext(u, u), csr);
50         cr.update(CertificateRequest.DEFAULT_CN, Digest.SHA512.toString(), "client", null, null, "email:" + email + "\n");
51         cert = cr.draft();
52         Job j = cert.issue(null, "2y", u);
53         await(j);
54         serial = cert.getSerial().toLowerCase();
55
56         certExpired = cr.draft();
57         j = certExpired.issue(null, "2y", u);
58         await(j);
59         serialExpired = certExpired.getSerial().toLowerCase();
60         try (GigiPreparedStatement prep = new GigiPreparedStatement("UPDATE `certs` SET `expire`=?  WHERE `id`=?")) {
61             prep.setDate(1, java.sql.Date.valueOf(LocalDate.now(ZoneId.of("UTC"))));
62             prep.setInt(2, certExpired.getId());
63             prep.execute();
64         }
65
66     }
67
68     @Test
69     public void testCertStatus() throws IOException, InterruptedException, GigiApiException, GeneralSecurityException {
70         testExecution("serial=" + URLEncoder.encode(serial, "UTF-8"), null, false, false);// serial
71         testExecution("serial=0000" + URLEncoder.encode(serial, "UTF-8"), null, false, false);// leading
72         // Zeros
73         testExecution("serial=0000" + URLEncoder.encode(serial.toUpperCase(), "UTF-8"), null, false, false);// upper
74         // case
75
76         testExecution("serial=0000", "Malformed serial", false, false);
77         testExecution("serial=0lkd", "Malformed serial", false, false);
78
79         testExecution("cert=" + URLEncoder.encode(PEM.encode("CERTIFICATE", cert.cert().getEncoded()), "UTF-8"), null, false, false);
80         testExecution("cert=" + URLEncoder.encode(foreignPEM, "UTF-8"), "Certificate to check not found.", false, false);
81         testExecution("cert=sometext", "Certificate could not be parsed", false, false);
82
83         await(cert.revoke(RevocationType.USER));
84
85         testExecution("serial=" + URLEncoder.encode(serial, "UTF-8"), "Certificate has been revoked on ", true, false);// serial
86         testExecution("cert=" + URLEncoder.encode(PEM.encode("CERTIFICATE", cert.cert().getEncoded()), "UTF-8"), "Certificate has been revoked on ", true, false);
87
88         testExecution("serial=" + URLEncoder.encode(serialExpired, "UTF-8"), null, false, true);// serial
89         testExecution("cert=" + URLEncoder.encode(PEM.encode("CERTIFICATE", certExpired.cert().getEncoded()), "UTF-8"), null, false, true);
90
91     }
92
93     public void testExecution(String query, String error, boolean revoked, boolean expired) throws IOException, InterruptedException, GigiApiException, GeneralSecurityException {
94         URLConnection uc = new URL("https://" + getServerName() + CertStatusRequestPage.PATH).openConnection();
95         uc.addRequestProperty("Cookie", cookie);
96         String content = IOUtils.readURL(uc);
97         String csrf = getCSRF(0, content);
98
99         uc = new URL("https://" + getServerName() + CertStatusRequestPage.PATH).openConnection();
100         uc.addRequestProperty("Cookie", cookie);
101         uc.setDoOutput(true);
102         OutputStream os = uc.getOutputStream();
103         os.write(("csrf=" + URLEncoder.encode(csrf, "UTF-8") + "&" + query).getBytes("UTF-8"));
104         os.flush();
105         HttpURLConnection huc = (HttpURLConnection) uc;
106
107         String result = IOUtils.readURL(huc);
108
109         if (error == null) {
110             assertThat(result, hasNoError());
111             if (expired) {
112                 assertThat(result, CoreMatchers.containsString("Certificate is valid but has expired on"));
113             } else {
114                 assertThat(result, CoreMatchers.containsString("Certificate is valid."));
115             }
116         } else {
117             assertThat(fetchStartErrorMessage(result), CoreMatchers.containsString(error));
118             if (revoked == false) {
119                 assertNotEquals(CertificateStatus.REVOKED, cert.getStatus());
120             } else {
121                 assertEquals(CertificateStatus.REVOKED, cert.getStatus());
122             }
123         }
124     }
125 }