Add a specific cert-download/install link for chrome

[gigi.git] / tests / org / cacert / gigi / pages / account / TestCertificateAdd.java

diff --git a/tests/org/cacert/gigi/pages/account/TestCertificateAdd.java b/tests/org/cacert/gigi/pages/account/TestCertificateAdd.java
index b22141eadc585d0f90261ecdf8a74cdf7c4ffa72..38130bc455656ba54868a0e6d32afcec2fb9d25e 100644 (file)
--- a/tests/org/cacert/gigi/pages/account/TestCertificateAdd.java
+++ b/tests/org/cacert/gigi/pages/account/TestCertificateAdd.java
@@ -38,6 +38,7 @@ import org.cacert.gigi.testUtils.IOUtils;
 import org.cacert.gigi.util.PEM;
 import org.junit.Test;
 
+import sun.security.pkcs.PKCS7;
 import sun.security.pkcs.PKCS9Attribute;
 import sun.security.pkcs10.PKCS10Attribute;
 import sun.security.pkcs10.PKCS10Attributes;
@@ -128,9 +129,9 @@ public class TestCertificateAdd extends ClientTest {
         huc.setRequestProperty("Cookie", cookie);
         huc.setDoOutput(true);
         OutputStream out = huc.getOutputStream();
-        out.write(("csrf=" + URLEncoder.encode(csrf, "UTF-8")).getBytes());
-        out.write(("&profile=client&CN=a+b&SANs=" + URLEncoder.encode("email:" + email + "\n", "UTF-8")).getBytes());
-        out.write(("&hash_alg=SHA512&CCA=y").getBytes());
+        out.write(("csrf=" + URLEncoder.encode(csrf, "UTF-8")).getBytes("UTF-8"));
+        out.write(("&CN=CAcert+WoT+User&profile=client&SANs=" + URLEncoder.encode("email:" + email + "\n", "UTF-8")).getBytes("UTF-8"));
+        out.write(("&hash_alg=SHA512&CCA=y").getBytes("UTF-8"));
         URLConnection uc = authenticate(new URL(huc.getHeaderField("Location") + ".crt"));
         String crt = IOUtils.readURL(new InputStreamReader(uc.getInputStream(), "UTF-8"));
 
@@ -138,20 +139,51 @@ public class TestCertificateAdd extends ClientTest {
         byte[] cer = IOUtils.readURL(uc.getInputStream());
         assertArrayEquals(cer, PEM.decode("CERTIFICATE", crt));
 
-        uc = authenticate(new URL(huc.getHeaderField("Location") + ".cer?install"));
-        byte[] cer2 = IOUtils.readURL(uc.getInputStream());
-        assertArrayEquals(cer, cer2);
+        uc = authenticate(new URL(huc.getHeaderField("Location") + ".cer?install&chain"));
+        byte[] pkcs7 = IOUtils.readURL(uc.getInputStream());
+        PKCS7 p7 = new PKCS7(pkcs7);
+        byte[] sub = verifyChain(p7.getCertificates());
+        assertArrayEquals(cer, sub);
         assertEquals("application/x-x509-user-cert", uc.getHeaderField("Content-type"));
 
         uc = authenticate(new URL(huc.getHeaderField("Location")));
         String gui = IOUtils.readURL(uc);
         assertThat(gui, containsString("clientAuth"));
-        assertThat(gui, containsString("CN=a b"));
+        assertThat(gui, containsString("CN=CAcert WoT User"));
         assertThat(gui, containsString("SHA512withRSA"));
         assertThat(gui, containsString("RFC822Name: " + email));
 
     }
 
+    private byte[] verifyChain(X509Certificate[] x509Certificates) throws GeneralSecurityException {
+        X509Certificate current = null;
+        nextCert:
+        while (true) {
+            for (int i = 0; i < x509Certificates.length; i++) {
+                X509Certificate cert = x509Certificates[i];
+                if (current == null) {
+                    if (cert.getSubjectX500Principal().equals(cert.getIssuerX500Principal())) {
+                        current = cert;
+                        continue nextCert;
+                    }
+                } else {
+                    if (cert.getSubjectX500Principal().equals(cert.getIssuerX500Principal())) {
+                        continue;
+                    }
+                    if (current.getSubjectX500Principal().equals(cert.getIssuerX500Principal())) {
+                        Signature s = Signature.getInstance(cert.getSigAlgName());
+                        s.initVerify(current.getPublicKey());
+                        s.update(cert.getTBSCertificate());
+                        assertTrue(s.verify(cert.getSignature()));
+                        current = cert;
+                        continue nextCert;
+                    }
+                }
+            }
+            return current.getEncoded();
+        }
+    }
+
     @Test
     public void testValidityPeriodCalendar() throws IOException, GeneralSecurityException {
         testCertificateValidityRelative(Calendar.YEAR, 2, "2y", true);
@@ -175,6 +207,7 @@ public class TestCertificateAdd extends ClientTest {
         Date start = new Date(now);
         Date end = new Date(now + MS_PER_DAY * 10);
         X509Certificate res = createCertWithValidity("&validFrom=" + sdf.format(start) + "&validity=" + sdf.format(end));
+        assertNotNull(res);
         assertEquals(start, res.getNotBefore());
         assertEquals(end, res.getNotAfter());
     }
@@ -211,10 +244,10 @@ public class TestCertificateAdd extends ClientTest {
         huc.setRequestProperty("Cookie", cookie);
         huc.setDoOutput(true);
         OutputStream out = huc.getOutputStream();
-        out.write(("csrf=" + URLEncoder.encode(csrf, "UTF-8")).getBytes());
-        out.write(("&profile=client&CN=a+b&SANs=" + URLEncoder.encode("email:" + email + "\n", "UTF-8")).getBytes());
-        out.write(("&hash_alg=SHA512&CCA=y&").getBytes());
-        out.write(validity.getBytes());
+        out.write(("csrf=" + URLEncoder.encode(csrf, "UTF-8")).getBytes("UTF-8"));
+        out.write(("&profile=client&CN=" + CertificateRequest.DEFAULT_CN + "&SANs=" + URLEncoder.encode("email:" + email + "\n", "UTF-8")).getBytes("UTF-8"));
+        out.write(("&hash_alg=SHA512&CCA=y&").getBytes("UTF-8"));
+        out.write(validity.getBytes("UTF-8"));
 
         String certurl = huc.getHeaderField("Location");
         if (certurl == null) {
@@ -224,7 +257,7 @@ public class TestCertificateAdd extends ClientTest {
         String crt = IOUtils.readURL(new InputStreamReader(uc.getInputStream(), "UTF-8"));
 
         CertificateFactory cf = CertificateFactory.getInstance("X.509");
-        X509Certificate parsed = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(crt.getBytes()));
+        X509Certificate parsed = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(crt.getBytes("UTF-8")));
         return parsed;
     }
 
@@ -291,7 +324,7 @@ public class TestCertificateAdd extends ClientTest {
         HttpURLConnection uc = (HttpURLConnection) ncert.openConnection();
         uc.setRequestProperty("Cookie", cookie);
         uc.setDoOutput(true);
-        uc.getOutputStream().write(("csrf=" + URLEncoder.encode(csrf, "UTF-8") + "&" + pem).getBytes());
+        uc.getOutputStream().write(("csrf=" + URLEncoder.encode(csrf, "UTF-8") + "&" + pem).getBytes("UTF-8"));
         uc.getOutputStream().flush();
 
         return extractFormData(uc);