X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=tests%2Forg%2Fcacert%2Fgigi%2FTestSeparateSessionScope.java;h=9d2ff10c411ed21bfd67eb4ea5d692f5566f6fbc;hp=20dd6ae9de11d557633dc7abdbf2f005ad8b0c5a;hb=214daf6a8eca8376b0ff835b6d28abaaa61a0792;hpb=a793cf333e23cba27e2ce4378becc0426f1e186a diff --git a/tests/org/cacert/gigi/TestSeparateSessionScope.java b/tests/org/cacert/gigi/TestSeparateSessionScope.java index 20dd6ae9..9d2ff10c 100644 --- a/tests/org/cacert/gigi/TestSeparateSessionScope.java +++ b/tests/org/cacert/gigi/TestSeparateSessionScope.java @@ -6,7 +6,9 @@ import java.io.IOException; import java.net.HttpURLConnection; import java.net.URL; import java.security.GeneralSecurityException; +import java.security.KeyManagementException; import java.security.KeyPair; +import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; import java.security.cert.X509Certificate; import java.sql.SQLException; @@ -14,6 +16,8 @@ import java.sql.SQLException; import org.cacert.gigi.dbObjects.Certificate; import org.cacert.gigi.dbObjects.Certificate.CSRType; import org.cacert.gigi.dbObjects.CertificateProfile; +import org.cacert.gigi.dbObjects.Digest; +import org.cacert.gigi.dbObjects.Job; import org.cacert.gigi.dbObjects.User; import org.cacert.gigi.testUtils.ManagedTest; import org.junit.Test; @@ -26,26 +30,48 @@ public class TestSeparateSessionScope extends ManagedTest { int user = createAssuranceUser("test", "tugo", mail, TEST_PASSWORD); String cookie = login(mail, TEST_PASSWORD); KeyPair kp = generateKeypair(); - String csr = generatePEMCSR(kp, "CN=felix@dogcraft.de"); - Certificate c = new Certificate(User.getById(user), Certificate.buildDN("CN", "testmail@example.com"), "sha256", csr, CSRType.CSR, CertificateProfile.getById(1)); + String csr = generatePEMCSR(kp, "CN=hans"); + User u = User.getById(user); + Certificate c = new Certificate(u, u, Certificate.buildDN("CN", "hans"), Digest.SHA256, csr, CSRType.CSR, CertificateProfile.getById(1)); final PrivateKey pk = kp.getPrivate(); - c.issue(null, "2y").waitFor(60000); + c.issue(null, "2y", u).waitFor(60000); final X509Certificate ce = c.cert(); String scookie = login(pk, ce); assertTrue(isLoggedin(cookie)); assertFalse(isLoggedin(scookie)); + checkCertLogin(c, pk, scookie, 200); + checkCertLogin(c, pk, cookie, 302); + } + + @Test + public void testSerialSteal() throws IOException, GeneralSecurityException, SQLException, InterruptedException, GigiApiException { + String mail = "thisgo" + createUniqueName() + "@example.com"; + int user = createAssuranceUser("test", "tugo", mail, TEST_PASSWORD); + KeyPair kp = generateKeypair(); + String csr = generatePEMCSR(kp, "CN=hans"); + User u = User.getById(user); + Certificate c = new Certificate(u, u, Certificate.buildDN("CN", "hans"), Digest.SHA256, csr, CSRType.CSR, CertificateProfile.getById(1)); + Certificate c2 = new Certificate(u, u, Certificate.buildDN("CN", "hans"), Digest.SHA256, csr, CSRType.CSR, CertificateProfile.getById(1)); + final PrivateKey pk = kp.getPrivate(); + Job j1 = c.issue(null, "2y", u); + c2.issue(null, "2y", u).waitFor(60000); + j1.waitFor(60000); + final X509Certificate ce = c.cert(); + String scookie = login(pk, ce); + + checkCertLogin(c, pk, scookie, 200); + checkCertLogin(c2, pk, scookie, 403); + checkCertLogin(c, pk, scookie, 302); + + } + + private void checkCertLogin(Certificate c2, final PrivateKey pk, String scookie, int expected) throws IOException, NoSuchAlgorithmException, KeyManagementException, GeneralSecurityException { URL u = new URL("https://" + getServerName().replaceAll("^www", "secure") + SECURE_REFERENCE); HttpURLConnection huc = (HttpURLConnection) u.openConnection(); - authenticateClientCert(pk, ce, huc); + authenticateClientCert(pk, c2.cert(), huc); huc.setRequestProperty("Cookie", scookie); - assertEquals(200, huc.getResponseCode()); - - HttpURLConnection huc2 = (HttpURLConnection) u.openConnection(); - authenticateClientCert(pk, ce, huc2); - huc2.setRequestProperty("Cookie", cookie); - assertEquals(302, huc2.getResponseCode()); - + assertEquals(expected, huc.getResponseCode()); } }