X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=tests%2Fclub%2Fwpia%2Fgigi%2Fpages%2Faccount%2FTestCertificateAdd.java;h=8d46cf2de8c841232e9e55096256e13f36ce37ef;hp=854cca7a54ba16daabdf64b5c730c4e63da50471;hb=e3bfb7deae2d49bc1adefec1d3857a6496dcfd39;hpb=8822b2ffdda7eb4109415a7867388a321ea6b56f

diff --git a/tests/club/wpia/gigi/pages/account/TestCertificateAdd.java b/tests/club/wpia/gigi/pages/account/TestCertificateAdd.java
index 854cca7a..8d46cf2d 100644
--- a/tests/club/wpia/gigi/pages/account/TestCertificateAdd.java
+++ b/tests/club/wpia/gigi/pages/account/TestCertificateAdd.java
@@ -68,6 +68,12 @@ public class TestCertificateAdd extends ClientTest {
 
     KeyPair kp = generateKeypair();
 
+    /**
+     * This KeyPair is used for testing the KeyCheck for proper rejection of
+     * invalid keys. The generated keys suffers from small factors.
+     */
+    KeyPair kpBroken = generateBrokenKeypair();
+
     String csrf;
 
     public TestCertificateAdd() throws GeneralSecurityException, IOException {
@@ -383,4 +389,17 @@ public class TestCertificateAdd extends ClientTest {
         X509Certificate parsedLoginEnabled = createCertWithValidity("&validFrom=now&validity=1m", true);
         assertEquals(u, CertificateOwner.getByEnabledSerial(parsedLoginEnabled.getSerialNumber().toString(16).toLowerCase()));
     }
+
+    @Test
+    public void testInvalidKeyInCSR() throws IOException, GeneralSecurityException {
+        PKCS10Attributes atts = buildAtts(new ObjectIdentifier[] {
+                CertificateRequest.OID_KEY_USAGE_SSL_SERVER
+        }, new DNSName(uniq + ".tld"));
+
+        String pem = generatePEMCSR(kpBroken, "CN=a." + uniq + ".tld", atts);
+
+        HttpURLConnection huc = post(CertificateAdd.PATH, "CSR=" + URLEncoder.encode(pem, "UTF-8"));
+        assertThat(IOUtils.readURL(huc), hasError());
+    }
+
 }