1 package org.cacert.gigi;
3 import static org.junit.Assert.*;
5 import java.io.IOException;
6 import java.net.HttpURLConnection;
8 import java.security.GeneralSecurityException;
9 import java.security.KeyPair;
10 import java.security.PrivateKey;
11 import java.security.cert.X509Certificate;
12 import java.sql.SQLException;
14 import org.cacert.gigi.dbObjects.Certificate;
15 import org.cacert.gigi.dbObjects.Certificate.CSRType;
16 import org.cacert.gigi.dbObjects.CertificateProfile;
17 import org.cacert.gigi.dbObjects.User;
18 import org.cacert.gigi.testUtils.ManagedTest;
19 import org.junit.Test;
21 public class TestSeparateSessionScope extends ManagedTest {
24 public void testSeparateScope() throws IOException, GeneralSecurityException, SQLException, InterruptedException, GigiApiException {
25 String mail = "thisgo" + createUniqueName() + "@example.com";
26 int user = createAssuranceUser("test", "tugo", mail, TEST_PASSWORD);
27 String cookie = login(mail, TEST_PASSWORD);
28 KeyPair kp = generateKeypair();
29 String csr = generatePEMCSR(kp, "CN=felix@dogcraft.de");
30 Certificate c = new Certificate(User.getById(user), Certificate.buildDN("CN", "testmail@example.com"), "sha256", csr, CSRType.CSR, CertificateProfile.getById(1));
31 final PrivateKey pk = kp.getPrivate();
32 c.issue(null, "2y").waitFor(60000);
33 final X509Certificate ce = c.cert();
34 String scookie = login(pk, ce);
36 assertTrue(isLoggedin(cookie));
37 assertFalse(isLoggedin(scookie));
39 URL u = new URL("https://" + getServerName().replaceAll("^www", "secure") + SECURE_REFERENCE);
40 HttpURLConnection huc = (HttpURLConnection) u.openConnection();
41 authenticateClientCert(pk, ce, huc);
42 huc.setRequestProperty("Cookie", scookie);
43 assertEquals(200, huc.getResponseCode());
45 HttpURLConnection huc2 = (HttpURLConnection) u.openConnection();
46 authenticateClientCert(pk, ce, huc2);
47 huc2.setRequestProperty("Cookie", cookie);
48 assertEquals(302, huc2.getResponseCode());