1 package club.wpia.gigi.util;
3 import static org.hamcrest.CoreMatchers.*;
4 import static org.junit.Assert.*;
5 import static org.junit.Assume.*;
7 import java.io.IOException;
8 import java.security.GeneralSecurityException;
9 import java.util.Arrays;
11 import org.junit.Test;
12 import org.junit.runner.RunWith;
13 import org.junit.runners.Parameterized;
14 import org.junit.runners.Parameterized.Parameter;
15 import org.junit.runners.Parameterized.Parameters;
17 import club.wpia.gigi.GigiApiException;
18 import club.wpia.gigi.dbObjects.Certificate;
19 import club.wpia.gigi.dbObjects.CertificateProfile;
20 import club.wpia.gigi.dbObjects.Digest;
21 import club.wpia.gigi.dbObjects.Domain;
22 import club.wpia.gigi.dbObjects.Job;
23 import club.wpia.gigi.dbObjects.Certificate.CertificateStatus;
24 import club.wpia.gigi.pages.account.certs.CertificateRequest;
25 import club.wpia.gigi.testUtils.ClientTest;
26 import club.wpia.gigi.util.AuthorizationContext;
27 import club.wpia.gigi.util.CAA;
29 @RunWith(Parameterized.class)
30 public class TestCAAValidation extends ClientTest {
32 @Parameters(name = "CAATest({0}) = {1}")
33 public static Iterable<Object[]> genParams() throws IOException {
36 String caa = (String) getTestProps().get("domain.CAAtest");
38 String[] parts = caa.split(" ");
39 Object[][] res = new Object[parts.length][];
40 for (int i = 0; i < res.length; i++) {
41 char firstChar = parts[i].charAt(0);
42 if (firstChar != '-' && firstChar != '+') {
43 throw new Error("malformed CAA test vector");
45 res[i] = new Object[] {
46 parts[i].substring(1), firstChar == '+'
49 return Arrays.<Object[]>asList(res);
56 public Boolean success;
59 public void testCAA() throws GigiApiException {
60 assertEquals(success, CAA.verifyDomainAccess(u, CertificateProfile.getByName("server"), domain));
64 public void testCAACert() throws GeneralSecurityException, IOException, GigiApiException, InterruptedException {
65 Domain d = new Domain(u, u, domain);
67 String csr = generatePEMCSR(generateKeypair(), "CN=test");
68 CertificateRequest cr = new CertificateRequest(new AuthorizationContext(u, u), csr);
70 cr.update("", Digest.SHA512.toString(), "server", null, null, "dns:" + domain + "\n");
71 } catch (GigiApiException e) {
72 assertThat(e.getMessage(), containsString("has been removed"));
77 Certificate draft = cr.draft();
78 Job j = draft.issue(null, "2y", u);
81 assertEquals(CertificateStatus.ISSUED, draft.getStatus());