]> WPIA git - gigi.git/blobdiff - tests/org/cacert/gigi/pages/account/TestCertificateAdd.java
projects / gigi.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add a specific cert-download/install link for chrome
[gigi.git] / tests / org / cacert / gigi / pages / account / TestCertificateAdd.java
diff --git a/tests/org/cacert/gigi/pages/account/TestCertificateAdd.java b/tests/org/cacert/gigi/pages/account/TestCertificateAdd.java
index abaa63c961f4236a6ef0bbbc17272558be37003e..38130bc455656ba54868a0e6d32afcec2fb9d25e 100644 (file)
--- a/tests/org/cacert/gigi/pages/account/TestCertificateAdd.java
+++ b/tests/org/cacert/gigi/pages/account/TestCertificateAdd.java
@@ -1,7 +1,7 @@
 package org.cacert.gigi.pages.account;
 
-import static org.junit.Assert.*;
 import static org.hamcrest.CoreMatchers.*;
+import static org.junit.Assert.*;
 
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
@@ -29,14 +29,16 @@ import java.util.Vector;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
-import org.cacert.gigi.Digest;
-import org.cacert.gigi.User;
 import org.cacert.gigi.crypto.SPKAC;
+import org.cacert.gigi.dbObjects.Digest;
+import org.cacert.gigi.pages.account.certs.CertificateAdd;
+import org.cacert.gigi.pages.account.certs.CertificateRequest;
+import org.cacert.gigi.testUtils.ClientTest;
 import org.cacert.gigi.testUtils.IOUtils;
-import org.cacert.gigi.testUtils.ManagedTest;
 import org.cacert.gigi.util.PEM;
 import org.junit.Test;
 
+import sun.security.pkcs.PKCS7;
 import sun.security.pkcs.PKCS9Attribute;
 import sun.security.pkcs10.PKCS10Attribute;
 import sun.security.pkcs10.PKCS10Attributes;
@@ -51,25 +53,21 @@ import sun.security.x509.RFC822Name;
 import sun.security.x509.SubjectAlternativeNameExtension;
 import sun.security.x509.X509Key;
 
-public class TestCertificateAdd extends ManagedTest {
+public class TestCertificateAdd extends ClientTest {
 
     KeyPair kp = generateKeypair();
 
-    User u = User.getById(createVerifiedUser("testuser", "testname", uniq + "@testdom.com", TEST_PASSWORD));
-
-    String session = login(uniq + "@testdom.com", TEST_PASSWORD);
-
     String csrf;
 
     public TestCertificateAdd() throws GeneralSecurityException, IOException {
-        TestDomain.addDomain(session, uniq + ".tld");
+        TestDomain.addDomain(cookie, uniq + ".tld");
 
     }
 
     @Test
     public void testSimpleServer() throws IOException, GeneralSecurityException {
         PKCS10Attributes atts = buildAtts(new ObjectIdentifier[] {
-            CertificateIssueForm.OID_KEY_USAGE_SSL_SERVER
+            CertificateRequest.OID_KEY_USAGE_SSL_SERVER
         }, new DNSName(uniq + ".tld"));
 
         String pem = generatePEMCSR(kp, "CN=a." + uniq + ".tld", atts);
@@ -83,28 +81,28 @@ public class TestCertificateAdd extends ManagedTest {
     @Test
     public void testSimpleMail() throws IOException, GeneralSecurityException {
         PKCS10Attributes atts = buildAtts(new ObjectIdentifier[] {
-            CertificateIssueForm.OID_KEY_USAGE_EMAIL_PROTECTION
-        }, new DNSName("a." + uniq + ".tld"), new DNSName("b." + uniq + ".tld"), new RFC822Name(uniq + "@testdom.com"));
+            CertificateRequest.OID_KEY_USAGE_EMAIL_PROTECTION
+        }, new DNSName("a." + uniq + ".tld"), new DNSName("b." + uniq + ".tld"), new RFC822Name(email));
 
-        String pem = generatePEMCSR(kp, "CN=testuser testname", atts, "SHA384WithRSA");
+        String pem = generatePEMCSR(kp, "CN=a b", atts, "SHA384WithRSA");
 
         String[] res = fillOutForm("CSR=" + URLEncoder.encode(pem, "UTF-8"));
         assertArrayEquals(new String[] {
-                "mail", "testuser testname", "dns:a." + uniq + ".tld\ndns:b." + uniq + ".tld\nemail:" + uniq + "@testdom.com\n", Digest.SHA384.toString()
+                "mail", "a b", "email:" + email + "\ndns:a." + uniq + ".tld\ndns:b." + uniq + ".tld\n", Digest.SHA384.toString()
         }, res);
     }
 
     @Test
     public void testSimpleClient() throws IOException, GeneralSecurityException {
         PKCS10Attributes atts = buildAtts(new ObjectIdentifier[] {
-            CertificateIssueForm.OID_KEY_USAGE_SSL_CLIENT
-        }, new RFC822Name(uniq + "@testdom.com"));
+            CertificateRequest.OID_KEY_USAGE_SSL_CLIENT
+        }, new RFC822Name(email));
 
-        String pem = generatePEMCSR(kp, "CN=testuser testname,email=" + uniq + "@testdom.com", atts, "SHA512WithRSA");
+        String pem = generatePEMCSR(kp, "CN=a b,email=" + email, atts, "SHA512WithRSA");
 
         String[] res = fillOutForm("CSR=" + URLEncoder.encode(pem, "UTF-8"));
         assertArrayEquals(new String[] {
-                "client", "testuser testname", "email:" + uniq + "@testdom.com\n", Digest.SHA512.toString()
+                "client", "a b", "email:" + email + "\n", Digest.SHA512.toString()
         }, res);
     }
 
@@ -117,23 +115,23 @@ public class TestCertificateAdd extends ManagedTest {
     @Test
     public void testIssue() throws IOException, GeneralSecurityException {
         PKCS10Attributes atts = buildAtts(new ObjectIdentifier[] {
-            CertificateIssueForm.OID_KEY_USAGE_SSL_CLIENT
-        }, new RFC822Name(uniq + "@testdom.com"));
+            CertificateRequest.OID_KEY_USAGE_SSL_CLIENT
+        }, new RFC822Name(email));
 
-        String pem = generatePEMCSR(kp, "CN=testuser testname,email=" + uniq + "@testdom.com", atts, "SHA512WithRSA");
+        String pem = generatePEMCSR(kp, "CN=a b,email=" + email, atts, "SHA512WithRSA");
 
         String[] res = fillOutForm("CSR=" + URLEncoder.encode(pem, "UTF-8"));
         assertArrayEquals(new String[] {
-                "client", "testuser testname", "email:" + uniq + "@testdom.com\n", Digest.SHA512.toString()
+                "client", "a b", "email:" + email + "\n", Digest.SHA512.toString()
         }, res);
 
         HttpURLConnection huc = (HttpURLConnection) ncert.openConnection();
-        huc.setRequestProperty("Cookie", session);
+        huc.setRequestProperty("Cookie", cookie);
         huc.setDoOutput(true);
         OutputStream out = huc.getOutputStream();
-        out.write(("csrf=" + URLEncoder.encode(csrf, "UTF-8")).getBytes());
-        out.write(("&profile=client&CN=testuser+testname&SANs=" + URLEncoder.encode("email:" + uniq + "@testdom.com\n", "UTF-8")).getBytes());
-        out.write(("&hash_alg=SHA512&CCA=y").getBytes());
+        out.write(("csrf=" + URLEncoder.encode(csrf, "UTF-8")).getBytes("UTF-8"));
+        out.write(("&CN=CAcert+WoT+User&profile=client&SANs=" + URLEncoder.encode("email:" + email + "\n", "UTF-8")).getBytes("UTF-8"));
+        out.write(("&hash_alg=SHA512&CCA=y").getBytes("UTF-8"));
         URLConnection uc = authenticate(new URL(huc.getHeaderField("Location") + ".crt"));
         String crt = IOUtils.readURL(new InputStreamReader(uc.getInputStream(), "UTF-8"));
 
@@ -141,20 +139,51 @@ public class TestCertificateAdd extends ManagedTest {
         byte[] cer = IOUtils.readURL(uc.getInputStream());
         assertArrayEquals(cer, PEM.decode("CERTIFICATE", crt));
 
-        uc = authenticate(new URL(huc.getHeaderField("Location") + ".cer?install"));
-        byte[] cer2 = IOUtils.readURL(uc.getInputStream());
-        assertArrayEquals(cer, cer2);
+        uc = authenticate(new URL(huc.getHeaderField("Location") + ".cer?install&chain"));
+        byte[] pkcs7 = IOUtils.readURL(uc.getInputStream());
+        PKCS7 p7 = new PKCS7(pkcs7);
+        byte[] sub = verifyChain(p7.getCertificates());
+        assertArrayEquals(cer, sub);
         assertEquals("application/x-x509-user-cert", uc.getHeaderField("Content-type"));
 
         uc = authenticate(new URL(huc.getHeaderField("Location")));
         String gui = IOUtils.readURL(uc);
         assertThat(gui, containsString("clientAuth"));
-        assertThat(gui, containsString("CN=testuser testname"));
+        assertThat(gui, containsString("CN=CAcert WoT User"));
         assertThat(gui, containsString("SHA512withRSA"));
-        assertThat(gui, containsString("RFC822Name: " + uniq + "@testdom.com"));
+        assertThat(gui, containsString("RFC822Name: " + email));
 
     }
 
+    private byte[] verifyChain(X509Certificate[] x509Certificates) throws GeneralSecurityException {
+        X509Certificate current = null;
+        nextCert:
+        while (true) {
+            for (int i = 0; i < x509Certificates.length; i++) {
+                X509Certificate cert = x509Certificates[i];
+                if (current == null) {
+                    if (cert.getSubjectX500Principal().equals(cert.getIssuerX500Principal())) {
+                        current = cert;
+                        continue nextCert;
+                    }
+                } else {
+                    if (cert.getSubjectX500Principal().equals(cert.getIssuerX500Principal())) {
+                        continue;
+                    }
+                    if (current.getSubjectX500Principal().equals(cert.getIssuerX500Principal())) {
+                        Signature s = Signature.getInstance(cert.getSigAlgName());
+                        s.initVerify(current.getPublicKey());
+                        s.update(cert.getTBSCertificate());
+                        assertTrue(s.verify(cert.getSignature()));
+                        current = cert;
+                        continue nextCert;
+                    }
+                }
+            }
+            return current.getEncoded();
+        }
+    }
+
     @Test
     public void testValidityPeriodCalendar() throws IOException, GeneralSecurityException {
         testCertificateValidityRelative(Calendar.YEAR, 2, "2y", true);
@@ -172,12 +201,13 @@ public class TestCertificateAdd extends ManagedTest {
         final long MS_PER_DAY = 24 * 60 * 60 * 1000;
         now -= now % MS_PER_DAY;
         now += MS_PER_DAY;
-        SimpleDateFormat sdf = new SimpleDateFormat("YYYY-MM-dd");
+        SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd");
         sdf.setTimeZone(TimeZone.getTimeZone("UTC"));
 
         Date start = new Date(now);
         Date end = new Date(now + MS_PER_DAY * 10);
         X509Certificate res = createCertWithValidity("&validFrom=" + sdf.format(start) + "&validity=" + sdf.format(end));
+        assertNotNull(res);
         assertEquals(start, res.getNotBefore());
         assertEquals(end, res.getNotAfter());
     }
@@ -204,20 +234,20 @@ public class TestCertificateAdd extends ManagedTest {
 
     private X509Certificate createCertWithValidity(String validity) throws IOException, GeneralSecurityException, UnsupportedEncodingException, MalformedURLException, CertificateException {
         PKCS10Attributes atts = buildAtts(new ObjectIdentifier[] {
-            CertificateIssueForm.OID_KEY_USAGE_SSL_CLIENT
-        }, new RFC822Name(uniq + "@testdom.com"));
+            CertificateRequest.OID_KEY_USAGE_SSL_CLIENT
+        }, new RFC822Name(email));
 
-        String pem = generatePEMCSR(kp, "CN=testuser testname", atts, "SHA512WithRSA");
+        String pem = generatePEMCSR(kp, "CN=a b", atts, "SHA512WithRSA");
         fillOutForm("CSR=" + URLEncoder.encode(pem, "UTF-8"));
 
         HttpURLConnection huc = (HttpURLConnection) ncert.openConnection();
-        huc.setRequestProperty("Cookie", session);
+        huc.setRequestProperty("Cookie", cookie);
         huc.setDoOutput(true);
         OutputStream out = huc.getOutputStream();
-        out.write(("csrf=" + URLEncoder.encode(csrf, "UTF-8")).getBytes());
-        out.write(("&profile=client&CN=testuser+testname&SANs=" + URLEncoder.encode("email:" + uniq + "@testdom.com\n", "UTF-8")).getBytes());
-        out.write(("&hash_alg=SHA512&CCA=y&").getBytes());
-        out.write(validity.getBytes());
+        out.write(("csrf=" + URLEncoder.encode(csrf, "UTF-8")).getBytes("UTF-8"));
+        out.write(("&profile=client&CN=" + CertificateRequest.DEFAULT_CN + "&SANs=" + URLEncoder.encode("email:" + email + "\n", "UTF-8")).getBytes("UTF-8"));
+        out.write(("&hash_alg=SHA512&CCA=y&").getBytes("UTF-8"));
+        out.write(validity.getBytes("UTF-8"));
 
         String certurl = huc.getHeaderField("Location");
         if (certurl == null) {
@@ -227,19 +257,19 @@ public class TestCertificateAdd extends ManagedTest {
         String crt = IOUtils.readURL(new InputStreamReader(uc.getInputStream(), "UTF-8"));
 
         CertificateFactory cf = CertificateFactory.getInstance("X.509");
-        X509Certificate parsed = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(crt.getBytes()));
+        X509Certificate parsed = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(crt.getBytes("UTF-8")));
         return parsed;
     }
 
     private URLConnection authenticate(URL url) throws IOException {
         URLConnection uc = url.openConnection();
-        uc.setRequestProperty("Cookie", session);
+        uc.setRequestProperty("Cookie", cookie);
         return uc;
     }
 
     protected String testSPKAC(boolean correctChallange) throws GeneralSecurityException, IOException {
         HttpURLConnection uc = (HttpURLConnection) ncert.openConnection();
-        uc.setRequestProperty("Cookie", session);
+        uc.setRequestProperty("Cookie", cookie);
         String s = IOUtils.readURL(uc);
 
         csrf = extractPattern(s, Pattern.compile("<input [^>]*name='csrf' [^>]*value='([^']*)'>"));
@@ -254,7 +284,7 @@ public class TestCertificateAdd extends ManagedTest {
                 fail("Should not succeed with wrong challange.");
             }
             assertArrayEquals(new String[] {
-                    "client", CertificateIssueForm.DEFAULT_CN, "", Digest.SHA512.toString()
+                    "client", CertificateRequest.DEFAULT_CN, "", Digest.SHA512.toString()
             }, res);
         } catch (Error e) {
             assertTrue(e.getMessage().startsWith("<div>Challenge mismatch"));
@@ -283,7 +313,7 @@ public class TestCertificateAdd extends ManagedTest {
 
     private String[] fillOutForm(String pem) throws IOException {
         HttpURLConnection uc = (HttpURLConnection) ncert.openConnection();
-        uc.setRequestProperty("Cookie", session);
+        uc.setRequestProperty("Cookie", cookie);
         csrf = getCSRF(uc);
         return fillOutFormDirect(pem);
 
@@ -292,9 +322,9 @@ public class TestCertificateAdd extends ManagedTest {
     private String[] fillOutFormDirect(String pem) throws IOException {
 
         HttpURLConnection uc = (HttpURLConnection) ncert.openConnection();
-        uc.setRequestProperty("Cookie", session);
+        uc.setRequestProperty("Cookie", cookie);
         uc.setDoOutput(true);
-        uc.getOutputStream().write(("csrf=" + URLEncoder.encode(csrf, "UTF-8") + "&" + pem).getBytes());
+        uc.getOutputStream().write(("csrf=" + URLEncoder.encode(csrf, "UTF-8") + "&" + pem).getBytes("UTF-8"));
         uc.getOutputStream().flush();
 
         return extractFormData(uc);
@@ -308,7 +338,7 @@ public class TestCertificateAdd extends ManagedTest {
         }
 
         String profileKey = extractPattern(result, Pattern.compile("<option value=\"([^\"]*)\" selected>"));
-        String resultingCN = extractPattern(result, Pattern.compile("<input [^>]*name='CN' [^>]*value='([^']*)'>"));
+        String resultingCN = extractPattern(result, Pattern.compile("<input [^>]*name='CN' [^>]*value='([^']*)'/>"));
         String txt = extractPattern(result, Pattern.compile("<textarea [^>]*name='SANs' [^>]*>([^<]*)</textarea>"));
         String md = extractPattern(result, Pattern.compile("<input type=\"radio\" [^>]*name=\"hash_alg\" value=\"([^\"]*)\" checked='checked'/>"));
         return new String[] {
WPIA Certificate Web Issuance Platform