]> WPIA git - gigi.git/blobdiff - tests/org/cacert/gigi/testUtils/ManagedTest.java
projects / gigi.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Implement CSRF check on "Assure someone"
[gigi.git] / tests / org / cacert / gigi / testUtils / ManagedTest.java
diff --git a/tests/org/cacert/gigi/testUtils/ManagedTest.java b/tests/org/cacert/gigi/testUtils/ManagedTest.java
index a9e1001569763b24bb0885011e9510e3521ed509..2d164f580b11ea6beab2f0e7a01cf6c72d4d7600 100644 (file)
--- a/tests/org/cacert/gigi/testUtils/ManagedTest.java
+++ b/tests/org/cacert/gigi/testUtils/ManagedTest.java
@@ -13,6 +13,7 @@ import java.io.UnsupportedEncodingException;
 import java.net.HttpURLConnection;
 import java.net.InetSocketAddress;
 import java.net.URL;
+import java.net.URLConnection;
 import java.net.URLEncoder;
 import java.nio.file.Files;
 import java.nio.file.Paths;
@@ -20,6 +21,8 @@ import java.sql.PreparedStatement;
 import java.sql.ResultSet;
 import java.sql.SQLException;
 import java.util.Properties;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 
 import org.cacert.gigi.DevelLauncher;
 import org.cacert.gigi.database.DatabaseConnection;
@@ -273,4 +276,14 @@ public class ManagedTest {
                headerField = headerField.substring(0, headerField.indexOf(';'));
                return headerField;
        }
+
+       public String getCSRF(URLConnection u) throws IOException {
+               String content = IOUtils.readURL(u);
+               Pattern p = Pattern.compile("<input type='csrf' value='([^']+)'>");
+               Matcher m = p.matcher(content);
+               if (!m.find()) {
+                       throw new Error("New CSRF Token");
+               }
+               return m.group(1);
+       }
 }
WPIA Certificate Web Issuance Platform