X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=tests%2Fclub%2Fwpia%2Fgigi%2Fpages%2Faccount%2FTestCertificateAdd.java;h=16594e1b2efa834f952a478d898b48a277d51efa;hp=bac62175e7bfee9bf0ddcb9c53dd895c25e929f7;hb=42466c8f42d997ae9abd583ad9eaeef512b62f1f;hpb=a507c4de2568faaf53bb8d6e003ffbe1ced5d539 diff --git a/tests/club/wpia/gigi/pages/account/TestCertificateAdd.java b/tests/club/wpia/gigi/pages/account/TestCertificateAdd.java index bac62175..16594e1b 100644 --- a/tests/club/wpia/gigi/pages/account/TestCertificateAdd.java +++ b/tests/club/wpia/gigi/pages/account/TestCertificateAdd.java @@ -1,6 +1,7 @@ package club.wpia.gigi.pages.account; import static org.hamcrest.CoreMatchers.*; +import static org.hamcrest.MatcherAssert.assertThat; import static org.junit.Assert.*; import java.io.ByteArrayInputStream; @@ -22,7 +23,6 @@ import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.text.SimpleDateFormat; import java.util.Arrays; -import java.util.Base64; import java.util.Calendar; import java.util.Date; import java.util.TimeZone; @@ -32,14 +32,15 @@ import java.util.regex.Pattern; import org.junit.Test; -import club.wpia.gigi.crypto.SPKAC; import club.wpia.gigi.dbObjects.CertificateOwner; import club.wpia.gigi.dbObjects.Digest; import club.wpia.gigi.pages.account.certs.CertificateAdd; import club.wpia.gigi.pages.account.certs.CertificateRequest; +import club.wpia.gigi.pages.account.certs.Certificates; import club.wpia.gigi.testUtils.ClientTest; import club.wpia.gigi.testUtils.IOUtils; import club.wpia.gigi.util.PEM; +import club.wpia.gigi.util.RandomToken; import sun.security.pkcs.PKCS7; import sun.security.pkcs.PKCS9Attribute; import sun.security.pkcs10.PKCS10Attribute; @@ -53,7 +54,6 @@ import sun.security.x509.GeneralNameInterface; import sun.security.x509.GeneralNames; import sun.security.x509.RFC822Name; import sun.security.x509.SubjectAlternativeNameExtension; -import sun.security.x509.X509Key; public class TestCertificateAdd extends ClientTest { @@ -122,32 +122,9 @@ public class TestCertificateAdd extends ClientTest { }, res); } - @Test - public void testSPKAC() throws GeneralSecurityException, IOException { - testSPKAC(false); - testSPKAC(true); - } - @Test public void testIssue() throws IOException, GeneralSecurityException { - PKCS10Attributes atts = buildAtts(new ObjectIdentifier[] { - CertificateRequest.OID_KEY_USAGE_SSL_CLIENT - }, new RFC822Name(email)); - - String pem = generatePEMCSR(kp, "CN=a b,email=" + email, atts, "SHA512WithRSA"); - - String[] res = fillOutForm("CSR=" + URLEncoder.encode(pem, "UTF-8")); - assertArrayEquals(new String[] { - "client", "a b", "email:" + email + "\n", Digest.SHA512.toString() - }, res); - - HttpURLConnection huc = (HttpURLConnection) ncert.openConnection(); - huc.setRequestProperty("Cookie", cookie); - huc.setDoOutput(true); - OutputStream out = huc.getOutputStream(); - out.write(("csrf=" + URLEncoder.encode(csrf, "UTF-8")).getBytes("UTF-8")); - out.write(("&CN=" + URLEncoder.encode(CertificateRequest.DEFAULT_CN, "UTF-8") + "&profile=client&SANs=" + URLEncoder.encode("email:" + email + "\n", "UTF-8")).getBytes("UTF-8")); - out.write(("&hash_alg=SHA512").getBytes("UTF-8")); + HttpURLConnection huc = sendCertificateForm("description"); URLConnection uc = authenticate(new URL(huc.getHeaderField("Location") + ".crt")); String crt = IOUtils.readURL(new InputStreamReader(uc.getInputStream(), "UTF-8")); @@ -174,7 +151,48 @@ public class TestCertificateAdd extends ClientTest { assertThat(gui, containsString("CN=" + CertificateRequest.DEFAULT_CN)); assertThat(gui, containsString("SHA512withRSA")); assertThat(gui, containsString("RFC822Name: " + email)); + } + + @Test + public void testIssueWithDescription() throws IOException, GeneralSecurityException { + String description = "Just a new comment." + RandomToken.generateToken(32); + HttpURLConnection huc = sendCertificateForm(description); + assertEquals(302, huc.getResponseCode()); + URLConnection uc = get(Certificates.PATH); + assertThat(IOUtils.readURL(uc), containsString(description)); + + description = "Just a new comment." + RandomToken.generateToken(100); + huc = sendCertificateForm(description); + assertThat(fetchStartErrorMessage(IOUtils.readURL(huc)), containsString("Submitted description is longer than 100 characters.")); + } + + private HttpURLConnection sendCertificateForm(String description) throws IOException, GeneralSecurityException { + HttpURLConnection huc = openCertificateForm(); + OutputStream out = huc.getOutputStream(); + out.write(("csrf=" + URLEncoder.encode(csrf, "UTF-8")).getBytes("UTF-8")); + out.write(("&CN=" + URLEncoder.encode(CertificateRequest.DEFAULT_CN, "UTF-8") + "&profile=client&SANs=" + URLEncoder.encode("email:" + email + "\n", "UTF-8")).getBytes("UTF-8")); + out.write(("&hash_alg=SHA512").getBytes("UTF-8")); + out.write(("&description=" + URLEncoder.encode(description, "UTF-8")).getBytes("UTF-8")); + return huc; + } + + private HttpURLConnection openCertificateForm() throws IOException, GeneralSecurityException, UnsupportedEncodingException { + PKCS10Attributes atts = buildAtts(new ObjectIdentifier[] { + CertificateRequest.OID_KEY_USAGE_SSL_CLIENT + }, new RFC822Name(email)); + + String pem = generatePEMCSR(kp, "CN=a b,email=" + email, atts, "SHA512WithRSA"); + + String[] res = fillOutForm("CSR=" + URLEncoder.encode(pem, "UTF-8")); + assertArrayEquals(new String[] { + "client", "a b", "email:" + email + "\n", Digest.SHA512.toString() + }, res); + + HttpURLConnection huc = (HttpURLConnection) ncert.openConnection(); + huc.setRequestProperty("Cookie", cookie); + huc.setDoOutput(true); + return huc; } private byte[] verifyChain(X509Certificate[] x509Certificates) throws GeneralSecurityException { @@ -257,16 +275,7 @@ public class TestCertificateAdd extends ClientTest { } private X509Certificate createCertWithValidity(String validity, boolean login) throws IOException, GeneralSecurityException, UnsupportedEncodingException, MalformedURLException, CertificateException { - PKCS10Attributes atts = buildAtts(new ObjectIdentifier[] { - CertificateRequest.OID_KEY_USAGE_SSL_CLIENT - }, new RFC822Name(email)); - - String pem = generatePEMCSR(kp, "CN=a b", atts, "SHA512WithRSA"); - fillOutForm("CSR=" + URLEncoder.encode(pem, "UTF-8")); - - HttpURLConnection huc = (HttpURLConnection) ncert.openConnection(); - huc.setRequestProperty("Cookie", cookie); - huc.setDoOutput(true); + HttpURLConnection huc = openCertificateForm(); OutputStream out = huc.getOutputStream(); out.write(("csrf=" + URLEncoder.encode(csrf, "UTF-8")).getBytes("UTF-8")); out.write(("&profile=client&CN=" + CertificateRequest.DEFAULT_CN + "&SANs=" + URLEncoder.encode("email:" + email + "\n", "UTF-8")).getBytes("UTF-8")); @@ -294,32 +303,6 @@ public class TestCertificateAdd extends ClientTest { return uc; } - protected String testSPKAC(boolean correctChallenge) throws GeneralSecurityException, IOException { - HttpURLConnection uc = (HttpURLConnection) ncert.openConnection(); - uc.setRequestProperty("Cookie", cookie); - String s = IOUtils.readURL(uc); - - csrf = extractPattern(s, Pattern.compile("]*name='csrf' [^>]*value='([^']*)'>")); - String challenge = extractPattern(s, Pattern.compile("]*name=\"SPKAC\" [^>]*challenge=\"([^\"]*)\"/>")); - - SPKAC spk = new SPKAC((X509Key) kp.getPublic(), challenge + (correctChallenge ? "" : "b")); - Signature sign = Signature.getInstance("SHA512WithRSA"); - sign.initSign(kp.getPrivate()); - try { - String[] res = fillOutFormDirect("SPKAC=" + URLEncoder.encode(Base64.getEncoder().encodeToString(spk.getEncoded(sign)), "UTF-8")); - if ( !correctChallenge) { - fail("Should not succeed with wrong challenge."); - } - assertArrayEquals(new String[] { - "client", CertificateRequest.DEFAULT_CN, "", Digest.SHA512.toString() - }, res); - } catch (OnPageError e) { - String error = fetchStartErrorMessage(e.getMessage()); - assertTrue(error, error.startsWith("

Challenge mismatch")); - } - return csrf; - } - private PKCS10Attributes buildAtts(ObjectIdentifier[] ekuOIDs, GeneralNameInterface... SANs) throws IOException { CertificateExtensions attributeValue = new CertificateExtensions(); GeneralNames names = new GeneralNames(); @@ -383,10 +366,10 @@ public class TestCertificateAdd extends ClientTest { @Test public void testSetLoginEnabled() throws IOException, GeneralSecurityException { X509Certificate parsedLoginNotEnabled = createCertWithValidity("&validFrom=now&validity=1m", false); - assertNull(CertificateOwner.getByEnabledSerial(parsedLoginNotEnabled.getSerialNumber().toString(16).toLowerCase())); + assertNull(CertificateOwner.getByEnabledSerial(parsedLoginNotEnabled.getSerialNumber())); X509Certificate parsedLoginEnabled = createCertWithValidity("&validFrom=now&validity=1m", true); - assertEquals(u, CertificateOwner.getByEnabledSerial(parsedLoginEnabled.getSerialNumber().toString(16).toLowerCase())); + assertEquals(u, CertificateOwner.getByEnabledSerial(parsedLoginEnabled.getSerialNumber())); } @Test