+
+ @Test
+ public void testInvalidKeyInCSR() throws IOException, GeneralSecurityException {
+ PKCS10Attributes atts = buildAtts(new ObjectIdentifier[] {
+ CertificateRequest.OID_KEY_USAGE_SSL_SERVER
+ }, new DNSName(uniq + ".tld"));
+
+ String pem = generatePEMCSR(kpBroken, "CN=a." + uniq + ".tld", atts);
+
+ HttpURLConnection huc = post(CertificateAdd.PATH, "CSR=" + URLEncoder.encode(pem, "UTF-8"));
+ assertThat(IOUtils.readURL(huc), hasError());
+ }
+