tests/org/cacert/gigi/pages/wot/TestAssurance.java

   1 package org.cacert.gigi.pages.wot;
   2
   3 import java.io.IOException;
   4 import java.io.UnsupportedEncodingException;
   5 import java.net.HttpURLConnection;
   6 import java.net.MalformedURLException;
   7 import java.net.URL;
   8 import java.net.URLConnection;
   9 import java.net.URLEncoder;
  10 import java.sql.PreparedStatement;
  11 import java.sql.SQLException;
  12 import java.text.SimpleDateFormat;
  13 import java.util.Date;
  14
  15 import org.cacert.gigi.database.DatabaseConnection;
  16 import org.cacert.gigi.testUtils.IOUtils;
  17 import org.cacert.gigi.testUtils.ManagedTest;
  18 import org.junit.Before;
  19 import org.junit.Test;
  20
  21 import static org.junit.Assert.*;
  22
  23 public class TestAssurance extends ManagedTest {
  24         private String assurerM;
  25         private String assureeM;
  26         private int assurer;
  27         private int assuree;
  28         private String cookie;
  29         @Before
  30         public void setup() throws IOException {
  31                 assurerM = createUniqueName() + "@cacert-test.org";
  32                 assureeM = createUniqueName() + "@cacert-test.org";
  33                 assurer = createAssuranceUser("a", "b", assurerM, "xvXV.1");
  34                 assuree = createAssuranceUser("a", "c", assureeM, "xvXV.1");
  35                 cookie = login(assurerM, "xvXV.1");
  36
  37         }
  38         @Test
  39         public void testAssureSearch() throws IOException {
  40                 String loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8")
  41                                 + "&day=1&month=1&year=1910");
  42                 assertTrue(loc, loc.endsWith(AssurePage.PATH + "/" + assuree));
  43         }
  44
  45         @Test
  46         public void testAssureSearchEmail() throws IOException {
  47                 String loc = search("email=1" + URLEncoder.encode(assureeM, "UTF-8")
  48                                 + "&day=1&month=1&year=1910");
  49                 assertNull(loc);
  50         }
  51         @Test
  52         public void testAssureSearchDob() throws IOException {
  53                 String loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8")
  54                                 + "&day=2&month=1&year=1910");
  55                 assertNull(loc);
  56                 loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8")
  57                                 + "&day=1&month=2&year=1910");
  58                 assertNull(loc);
  59                 loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8")
  60                                 + "&day=1&month=1&year=1911");
  61                 assertNull(loc);
  62         }
  63         private String search(String query) throws MalformedURLException,
  64                         IOException, UnsupportedEncodingException {
  65                 URL u = new URL("https://" + getServerName() + AssurePage.PATH);
  66                 URLConnection uc = u.openConnection();
  67                 uc.setDoOutput(true);
  68                 uc.addRequestProperty("Cookie", cookie);
  69                 uc.getOutputStream().write((query).getBytes());
  70                 uc.getOutputStream().flush();
  71
  72                 String loc = uc.getHeaderField("Location");
  73                 return loc;
  74         }
  75         @Test
  76         public void testAssureForm() throws IOException {
  77                 String error = getError("date=2000-01-01&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10");
  78                 assertTrue(error, error.startsWith("</div>"));
  79         }
  80
  81         @Test
  82         public void testAssureFormNoCSRF() throws IOException {
  83                 // override csrf
  84                 HttpURLConnection uc = (HttpURLConnection) buildupAssureFormConnection(false);
  85                 uc.getOutputStream()
  86                                 .write(("date=2000-01-01&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10")
  87                                                 .getBytes());
  88                 uc.getOutputStream().flush();
  89                 assertEquals(500, uc.getResponseCode());
  90         }
  91         @Test
  92         public void testAssureFormWrongCSRF() throws IOException {
  93                 // override csrf
  94                 HttpURLConnection uc = (HttpURLConnection) buildupAssureFormConnection(false);
  95                 uc.getOutputStream()
  96                                 .write(("date=2000-01-01&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10&csrf=aragc")
  97                                                 .getBytes());
  98                 uc.getOutputStream().flush();
  99                 assertEquals(500, uc.getResponseCode());
 100         }
 101         @Test
 102         public void testAssureFormRace() throws IOException, SQLException {
 103                 URLConnection uc = buildupAssureFormConnection(true);
 104                 PreparedStatement ps = DatabaseConnection.getInstance().prepare(
 105                                 "UPDATE `users` SET email='changed' WHERE id=?");
 106                 ps.setInt(1, assuree);
 107                 ps.execute();
 108                 uc.getOutputStream()
 109                                 .write(("date=2000-01-01&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10")
 110                                                 .getBytes());
 111                 uc.getOutputStream().flush();
 112                 String error = fetchStartErrorMessage(IOUtils.readURL(uc));
 113                 assertTrue(error, !error.startsWith("</div>"));
 114         }
 115         @Test
 116         public void testAssureFormFuture() throws IOException {
 117                 SimpleDateFormat sdf = new SimpleDateFormat("YYYY");
 118                 int year = Integer.parseInt(sdf.format(new Date(System
 119                                 .currentTimeMillis()))) + 2;
 120                 String error = getError("date="
 121                                 + year
 122                                 + "-01-01&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10");
 123                 assertTrue(error, !error.startsWith("</div>"));
 124         }
 125         @Test
 126         public void testAssureFormNoLoc() throws IOException {
 127                 String error = getError("date=2000-01-01&location=a&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10");
 128                 assertTrue(error, !error.startsWith("</div>"));
 129                 error = getError("date=2000-01-01&location=&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10");
 130                 assertTrue(error, !error.startsWith("</div>"));
 131         }
 132
 133         @Test
 134         public void testAssureFormInvalDate() throws IOException {
 135                 String error = getError("date=20000101&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10");
 136                 assertTrue(error, !error.startsWith("</div>"));
 137                 error = getError("date=&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10");
 138                 assertTrue(error, !error.startsWith("</div>"));
 139         }
 140         @Test
 141         public void testAssureFormBoxes() throws IOException {
 142                 String error = getError("date=2000-01-01&location=testcase&certify=0&rules=1&CCAAgreed=1&assertion=1&points=10");
 143                 assertTrue(error, !error.startsWith("</div>"));
 144                 error = getError("date=2000-01-01&location=testcase&certify=1&rules=&CCAAgreed=1&assertion=1&points=10");
 145                 assertTrue(error, !error.startsWith("</div>"));
 146                 error = getError("date=2000-01-01&location=testcase&certify=1&rules=1&CCAAgreed=a&assertion=1&points=10");
 147                 assertTrue(error, !error.startsWith("</div>"));
 148                 error = getError("date=2000-01-01&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=z&points=10");
 149                 assertTrue(error, !error.startsWith("</div>"));
 150         }
 151         private String getError(String query) throws MalformedURLException,
 152                         IOException {
 153                 URLConnection uc = buildupAssureFormConnection(true);
 154                 uc.getOutputStream().write((query).getBytes());
 155                 uc.getOutputStream().flush();
 156                 String error = fetchStartErrorMessage(IOUtils.readURL(uc));
 157                 return error;
 158         }
 159         private URLConnection buildupAssureFormConnection(boolean doCSRF)
 160                         throws MalformedURLException, IOException {
 161                 URL u = new URL("https://" + getServerName() + AssurePage.PATH + "/"
 162                                 + assuree);
 163                 URLConnection uc = u.openConnection();
 164                 uc.addRequestProperty("Cookie", cookie);
 165                 String csrf = getCSRF(uc);
 166                 uc = u.openConnection();
 167                 uc.addRequestProperty("Cookie", cookie);
 168                 uc.setDoOutput(true);
 169                 if (doCSRF) {
 170                         uc.getOutputStream().write(("csrf=" + csrf + "&").getBytes());
 171                 }
 172                 return uc;
 173         }
 174
 175 }