X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=tests%2Forg%2Fcacert%2Fgigi%2FTestSeparateSessionScope.java;h=9d2ff10c411ed21bfd67eb4ea5d692f5566f6fbc;hp=d59c6c975d2f667bde1f75239a57a3f51c8c7819;hb=214daf6a8eca8376b0ff835b6d28abaaa61a0792;hpb=590ed6b59f95c729f7f9f797a20fb11e18d77d61

diff --git a/tests/org/cacert/gigi/TestSeparateSessionScope.java b/tests/org/cacert/gigi/TestSeparateSessionScope.java
index d59c6c97..9d2ff10c 100644
--- a/tests/org/cacert/gigi/TestSeparateSessionScope.java
+++ b/tests/org/cacert/gigi/TestSeparateSessionScope.java
@@ -6,44 +6,72 @@ import java.io.IOException;
 import java.net.HttpURLConnection;
 import java.net.URL;
 import java.security.GeneralSecurityException;
+import java.security.KeyManagementException;
+import java.security.KeyPair;
+import java.security.NoSuchAlgorithmException;
 import java.security.PrivateKey;
 import java.security.cert.X509Certificate;
 import java.sql.SQLException;
 
-import org.cacert.gigi.Certificate.CSRType;
+import org.cacert.gigi.dbObjects.Certificate;
+import org.cacert.gigi.dbObjects.Certificate.CSRType;
+import org.cacert.gigi.dbObjects.CertificateProfile;
+import org.cacert.gigi.dbObjects.Digest;
+import org.cacert.gigi.dbObjects.Job;
+import org.cacert.gigi.dbObjects.User;
 import org.cacert.gigi.testUtils.ManagedTest;
-import org.cacert.gigi.testUtils.PemKey;
 import org.junit.Test;
 
 public class TestSeparateSessionScope extends ManagedTest {
 
-	private static final String TEST_PASSWORD = "xvXV12Â°Â§";
-
-	@Test
-	public void testSeparateScope() throws IOException, GeneralSecurityException, SQLException, InterruptedException {
-		String mail = "thisgo" + createUniqueName() + "@example.com";
-		int user = createAssuranceUser("test", "tugo", mail, TEST_PASSWORD);
-		String cookie = login(mail, TEST_PASSWORD);
-		String[] csr = generateCSR("/CN=felix@dogcraft.de");
-		Certificate c = new Certificate(user, "/CN=testmail@example.com", "sha256", csr[1], CSRType.CSR);
-		final PrivateKey pk = PemKey.parsePEMPrivateKey(csr[0]);
-		c.issue().waitFor(60000);
-		final X509Certificate ce = c.cert();
-		String scookie = login(pk, ce);
-
-		assertTrue(isLoggedin(cookie));
-		assertFalse(isLoggedin(scookie));
-
-		URL u = new URL("https://" + getServerName().replaceAll("^www", "secure") + SECURE_REFERENCE);
-		HttpURLConnection huc = (HttpURLConnection) u.openConnection();
-		authenticateClientCert(pk, ce, huc);
-		huc.setRequestProperty("Cookie", scookie);
-		assertEquals(200, huc.getResponseCode());
-
-		HttpURLConnection huc2 = (HttpURLConnection) u.openConnection();
-		authenticateClientCert(pk, ce, huc2);
-		huc2.setRequestProperty("Cookie", cookie);
-		assertEquals(302, huc2.getResponseCode());
-
-	}
+    @Test
+    public void testSeparateScope() throws IOException, GeneralSecurityException, SQLException, InterruptedException, GigiApiException {
+        String mail = "thisgo" + createUniqueName() + "@example.com";
+        int user = createAssuranceUser("test", "tugo", mail, TEST_PASSWORD);
+        String cookie = login(mail, TEST_PASSWORD);
+        KeyPair kp = generateKeypair();
+        String csr = generatePEMCSR(kp, "CN=hans");
+        User u = User.getById(user);
+        Certificate c = new Certificate(u, u, Certificate.buildDN("CN", "hans"), Digest.SHA256, csr, CSRType.CSR, CertificateProfile.getById(1));
+        final PrivateKey pk = kp.getPrivate();
+        c.issue(null, "2y", u).waitFor(60000);
+        final X509Certificate ce = c.cert();
+        String scookie = login(pk, ce);
+
+        assertTrue(isLoggedin(cookie));
+        assertFalse(isLoggedin(scookie));
+
+        checkCertLogin(c, pk, scookie, 200);
+        checkCertLogin(c, pk, cookie, 302);
+    }
+
+    @Test
+    public void testSerialSteal() throws IOException, GeneralSecurityException, SQLException, InterruptedException, GigiApiException {
+        String mail = "thisgo" + createUniqueName() + "@example.com";
+        int user = createAssuranceUser("test", "tugo", mail, TEST_PASSWORD);
+        KeyPair kp = generateKeypair();
+        String csr = generatePEMCSR(kp, "CN=hans");
+        User u = User.getById(user);
+        Certificate c = new Certificate(u, u, Certificate.buildDN("CN", "hans"), Digest.SHA256, csr, CSRType.CSR, CertificateProfile.getById(1));
+        Certificate c2 = new Certificate(u, u, Certificate.buildDN("CN", "hans"), Digest.SHA256, csr, CSRType.CSR, CertificateProfile.getById(1));
+        final PrivateKey pk = kp.getPrivate();
+        Job j1 = c.issue(null, "2y", u);
+        c2.issue(null, "2y", u).waitFor(60000);
+        j1.waitFor(60000);
+        final X509Certificate ce = c.cert();
+        String scookie = login(pk, ce);
+
+        checkCertLogin(c, pk, scookie, 200);
+        checkCertLogin(c2, pk, scookie, 403);
+        checkCertLogin(c, pk, scookie, 302);
+
+    }
+
+    private void checkCertLogin(Certificate c2, final PrivateKey pk, String scookie, int expected) throws IOException, NoSuchAlgorithmException, KeyManagementException, GeneralSecurityException {
+        URL u = new URL("https://" + getServerName().replaceAll("^www", "secure") + SECURE_REFERENCE);
+        HttpURLConnection huc = (HttpURLConnection) u.openConnection();
+        authenticateClientCert(pk, c2.cert(), huc);
+        huc.setRequestProperty("Cookie", scookie);
+        assertEquals(expected, huc.getResponseCode());
+    }
 }