tests/club/wpia/gigi/pages/main/KeyCompromiseTestMessage.java

   1 package club.wpia.gigi.pages.main;
   2
   3 import static org.junit.Assert.*;
   4
   5 import java.io.IOException;
   6 import java.io.UnsupportedEncodingException;
   7 import java.net.HttpURLConnection;
   8 import java.net.URLEncoder;
   9 import java.security.GeneralSecurityException;
  10 import java.security.KeyPair;
  11 import java.security.PrivateKey;
  12 import java.security.cert.CertificateEncodingException;
  13
  14 import org.hamcrest.CoreMatchers;
  15 import org.junit.Test;
  16
  17 import club.wpia.gigi.GigiApiException;
  18 import club.wpia.gigi.dbObjects.Certificate;
  19 import club.wpia.gigi.dbObjects.Certificate.CertificateStatus;
  20 import club.wpia.gigi.dbObjects.Digest;
  21 import club.wpia.gigi.dbObjects.Job;
  22 import club.wpia.gigi.pages.account.certs.CertificateRequest;
  23 import club.wpia.gigi.testUtils.ClientTest;
  24 import club.wpia.gigi.testUtils.IOUtils;
  25 import club.wpia.gigi.testUtils.TestEmailReceiver.TestMail;
  26 import club.wpia.gigi.util.AuthorizationContext;
  27 import club.wpia.gigi.util.HTMLEncoder;
  28 import club.wpia.gigi.util.PEM;
  29
  30 public class KeyCompromiseTestMessage extends ClientTest {
  31
  32     private Certificate cert;
  33
  34     private PrivateKey priv;
  35
  36     public KeyCompromiseTestMessage() throws GeneralSecurityException, IOException, GigiApiException, InterruptedException {
  37         KeyPair kp = generateKeypair();
  38         priv = kp.getPrivate();
  39         String csr = generatePEMCSR(kp, "CN=test");
  40         CertificateRequest cr = new CertificateRequest(new AuthorizationContext(u, u), csr);
  41         cr.update(CertificateRequest.DEFAULT_CN, Digest.SHA512.toString(), "client", null, null, "email:" + email + "\n");
  42         cert = cr.draft();
  43         Job j = cert.issue(null, "2y", u);
  44         await(j);
  45     }
  46
  47     @Test
  48     public void testExecution() throws IOException, InterruptedException, GigiApiException, GeneralSecurityException {
  49         reportCompromiseAndCheck("");
  50     }
  51
  52     @Test
  53     public void testNoConfidential() throws IOException, InterruptedException, GigiApiException, GeneralSecurityException {
  54         TestMail rc = reportCompromiseAndCheck("message=test+message");
  55         assertThat(rc.getMessage(), CoreMatchers.containsString("test message"));
  56     }
  57
  58     @Test
  59     public void testNoConfidentialButMarker() throws IOException, InterruptedException, GigiApiException, GeneralSecurityException {
  60         TestMail rc = reportCompromiseAndCheck("message=" + URLEncoder.encode(KeyCompromiseForm.CONFIDENTIAL_MARKER + "\ntest message", "UTF-8"));
  61         assertThat(rc.getMessage(), CoreMatchers.containsString("test message"));
  62         assertThat(rc.getMessage(), CoreMatchers.containsString(" " + KeyCompromiseForm.CONFIDENTIAL_MARKER));
  63     }
  64
  65     @Test
  66     public void testConfidential() throws IOException, InterruptedException, GigiApiException, GeneralSecurityException {
  67         TestMail rc = reportCompromiseAndCheck("message=test+message&confidential=on");
  68         assertThat(rc.getMessage(), CoreMatchers.not(CoreMatchers.containsString("test message")));
  69     }
  70
  71     @Test
  72     public void testIllegalContent() throws IOException, InterruptedException, GigiApiException, GeneralSecurityException {
  73         HttpURLConnection rc = reportCompromise("message=test+message+---&confidential=on");
  74         String data = IOUtils.readURL(rc);
  75         assertThat(data, hasError());
  76         assertThat(data, CoreMatchers.containsString(HTMLEncoder.encodeHTML("message may not contain '---'")));
  77         assertNull(getMailReceiver().poll());
  78         assertEquals(CertificateStatus.ISSUED, cert.getStatus());
  79     }
  80
  81     @Test
  82     public void testIllegalChars() throws IOException, InterruptedException, GigiApiException, GeneralSecurityException {
  83         HttpURLConnection rc = reportCompromise("message=" + URLEncoder.encode("§", "UTF-8"));
  84         String data = IOUtils.readURL(rc);
  85         assertThat(data, hasError());
  86         assertThat(data, CoreMatchers.containsString("may only contain printable ASCII characters"));
  87         assertEquals(CertificateStatus.ISSUED, cert.getStatus());
  88     }
  89
  90     private TestMail reportCompromiseAndCheck(String params) throws IOException, UnsupportedEncodingException, CertificateEncodingException, GeneralSecurityException {
  91         HttpURLConnection huc = reportCompromise(params);
  92         assertThat(IOUtils.readURL(huc), hasNoError());
  93         TestMail rc = getMailReceiver().receive();
  94         assertEquals(u.getEmail(), rc.getTo());
  95         assertThat(rc.getMessage(), CoreMatchers.containsString(cert.getSerial()));
  96         assertEquals(CertificateStatus.REVOKED, cert.getStatus());
  97         return rc;
  98     }
  99
 100     private HttpURLConnection reportCompromise(String params) throws IOException, UnsupportedEncodingException, CertificateEncodingException, GeneralSecurityException {
 101         if ( !params.isEmpty() && !params.startsWith("&")) {
 102             params = "&" + params;
 103         }
 104         HttpURLConnection huc = post(KeyCompromisePage.PATH, "cert=" + URLEncoder.encode(PEM.encode("CERTIFICATE", cert.cert().getEncoded()), "UTF-8")//
 105                 + "&priv=" + URLEncoder.encode(PEM.encode("PRIVATE KEY", priv.getEncoded()), "UTF-8") + params);
 106         return huc;
 107     }
 108 }