sql.password=<password>
-domain.dnsmanage=http://you-installation-of-the/index.php
+domain.manage=http://you-installation-of-the/index.php
+domain.http=you-intstallation-for-the-textfiles
domain.dnstest=the.dns.zone
domain.testns=the.authorativ.ns.for.domain.dnstest
-you need a dynamically managable dns zone.
Write the zone name to "domain.dnstest" in "test.properties"
-and a manage script (see dyn-txt.php). Put the url with password in "domain.dnsmanage"
+and a manage script (see dyn-txt.php).
+- Put the url with password in "domain.manage"
+- Put the host with password in "domain.http"
Setup with bind9:
dnssec-keygen -a HMAC-SHA512 -b 512 -n HOST example.org.
<?php
header("Content-type: text/plain");
-if($_GET['token'] != "<here a secure password>"){
- die ();
+define("ZONENAME", "cacert.dyn.dogcraft.de");
+define("KEYNAME", "keys/Kcacert.dyn.dogcraft.de.+165+54687.key");
+
+if(!isset($_GET['token']) || !isset($_GET['t1']) || !isset($_GET['t2']) || !isset($_GET['action'])){
+ die("Error");
+}
+if($_GET['token'] != "rD1m3A9ew6Hs4DIv7lnTxNbR6dr"){
+ die ();
}
$t1 = $_GET['t1'];
$t2 = $_GET['t2'];
-if(!preg_match("/[a-zA-Z0-9]+/", $t1) || !preg_match("/[a-zA-Z0-9]+/", $t2)){
+if(!preg_match("/^[a-zA-Z0-9]+$/", $t1) || !preg_match("/^[a-zA-Z0-9]+$/", $t2)){
die("Error");
}
+$todelete = array();
-$call = <<<EOF
-server localhost
-update delete cacert-{$t1}.<your fakezone here> TXT
-update add cacert-{$t1}.<your fakezone here> 60 TXT {$t2}
-send
-quit
+if(file_exists("data.php")){
+ include ("data.php");
+}
-EOF;
-echo $call;
+$time = time()/60;
+if(!isset($todelete[$time])){
+ $todelete[$time] = array();
+}
+
+$dnscalls = "";
-$nsupdate = popen("/usr/bin/nsupdate -k <here your dnssec key>.key", 'w');
-fwrite($nsupdate, $call);
-$retval = pclose($nsupdate); // nsupdate doesn't return anything useful when called this way
+if($_GET['action'] == "http"){
+ $todelete[$time][] = array("http", $t1);
+ file_put_contents("cacert-$t1.txt", $t2);
+} else if($_GET['action'] == "dns") {
+ $todelete[$time][] = array("dns", $t1);
+ $dnscalls .= "update delete cacert-{$t1}." . ZONENAME . " TXT\n"
+ ."update add cacert-{$t1}." . ZONENAME . " 60 TXT {$t2}\n";
+}
+$copy = $todelete;
+foreach($copy as $nt => $ar){
+ if($nt < $time - 2){
+ unset($todelete[$nt]);
+ foreach($ar as $act){
+ if($act[0] == "http"){
+ unlink("cacert-{$act[1]}.txt");
+ } else if($act[0] == "dns") {
+ $dnscalls .= "update delete cacert-{$act[1]}." . ZONENAME . " TXT\n";
+ }
+ }
+ }
+}
+file_put_contents("data.php", "<?php \$todelete = ".var_export($todelete,true).";\n?>");
+
+if($dnscalls != ""){
+ dnsAction($dnscalls);
+}
+
+function dnsAction($command) {
+ $call = "server localhost\n$command\nsend\nquit\n";
+
+ $nsupdate = popen("/usr/bin/nsupdate -k " . KEYNAME, 'w');
+ fwrite($nsupdate, $call);
+ $retval = pclose($nsupdate); // nsupdate doesn't return anything useful when called this way
+}
-?>
import static org.junit.Assert.*;
import java.io.IOException;
-import java.net.HttpURLConnection;
-import java.net.MalformedURLException;
import java.net.URL;
-import java.net.URLConnection;
import java.net.URLEncoder;
-import java.sql.PreparedStatement;
-import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.naming.NamingException;
-import org.cacert.gigi.database.DatabaseConnection;
import org.cacert.gigi.pages.account.DomainOverview;
import org.cacert.gigi.testUtils.IOUtils;
-import org.cacert.gigi.testUtils.ManagedTest;
+import org.cacert.gigi.testUtils.PingTest;
import org.cacert.gigi.testUtils.TestEmailReciever.TestMail;
import org.cacert.gigi.util.DNSUtil;
import org.cacert.gigi.util.RandomToken;
-import org.junit.After;
import org.junit.Test;
-public class TestDNS extends ManagedTest {
+public class TestDNS extends PingTest {
@Test
public void dnsSanity() throws IOException, NamingException {
String token = RandomToken.generateToken(16);
String value = RandomToken.generateToken(16);
- String reRead = updateDNS(token, value);
- assertEquals(value, reRead);
+ updateService(token, value, "dns");
+ assertEquals(value, readDNS(token));
}
testEmailAndDNS(0, 0, true, true);
}
- @After
- public void purgeDbAfterTest() throws SQLException, IOException {
- purgeDatabase();
- }
-
@Test
public void dnsFail() throws IOException, InterruptedException, SQLException, NamingException {
testEmailAndDNS(1, 0, false, true);
}
public void testEmailAndDNS(int dnsVariant, int emailVariant, boolean successDNS, boolean successMail) throws IOException, InterruptedException, SQLException, NamingException {
- String email = createUniqueName() + "@example.org";
- createVerifiedUser("a", "b", email, TEST_PASSWORD);
- String cookie = login(email, TEST_PASSWORD);
String test = getTestProps().getProperty("domain.dnstest");
- URL u = new URL("https://" + getServerName() + DomainOverview.PATH);
- URLConnection openConnection = u.openConnection();
- openConnection.setRequestProperty("Cookie", cookie);
- String content1 = IOUtils.readURL(openConnection);
- String csrf = getCSRF(1, content1);
- Pattern p = Pattern.compile("cacert-([A-Za-z0-9]+) IN TXT ([A-Za-z0-9]+)");
- Matcher m = p.matcher(content1);
- m.find();
- updateDNS(m.group(1) + (dnsVariant == 1 ? "a" : ""), m.group(2) + (dnsVariant == 2 ? "a" : ""));
+ URL u = new URL("https://" + getServerName() + DomainOverview.PATH);
+ Matcher m = initailizeDomainForm(u);
+ updateService(m.group(1) + (dnsVariant == 1 ? "a" : ""), m.group(2) + (dnsVariant == 2 ? "a" : ""), "dns");
String content = "newdomain=" + URLEncoder.encode(test, "UTF-8") + //
"&emailType=y&email=2&DNSType=y" + //
"&ssl-type-2=direct&ssl-port-2=" + //
"&ssl-type-3=direct&ssl-port-3=" + //
"&adddomain&csrf=" + csrf;
- openConnection = u.openConnection();
- openConnection.setRequestProperty("Cookie", cookie);
- openConnection.setDoOutput(true);
- openConnection.getOutputStream().write(content.getBytes());
- openConnection.getHeaderField("Location");
-
- String newcontent = IOUtils.readURL(cookie(u.openConnection(), cookie));
- Pattern dlink = Pattern.compile(DomainOverview.PATH + "([0-9]+)'>");
- Matcher m1 = dlink.matcher(newcontent);
- m1.find();
- URL u2 = new URL(u.toString() + m1.group(1));
+ URL u2 = sendDomainForm(u, content);
TestMail mail = getMailReciever().recieve();
if (emailVariant == 0) {
new URL(link).openConnection().getHeaderField("");
}
- PreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT COUNT(*) FROM domainPinglog");
- while (true) {
- ResultSet rs = ps.executeQuery();
- rs.next();
- if (rs.getInt(1) >= 2) {
- break;
- }
- Thread.sleep(200);
- }
+ waitForPings(2);
- newcontent = IOUtils.readURL(cookie(u2.openConnection(), cookie));
+ String newcontent = IOUtils.readURL(cookie(u2.openConnection(), cookie));
Pattern pat = Pattern.compile("<td>dns</td>\\s*<td>success</td>");
assertTrue(newcontent, !successDNS ^ pat.matcher(newcontent).find());
pat = Pattern.compile("<td>email</td>\\s*<td>success</td>");
assertTrue(newcontent, !successMail ^ pat.matcher(newcontent).find());
}
- private String updateDNS(String token, String value) throws IOException, MalformedURLException, NamingException {
+ private String readDNS(String token) throws NamingException {
String test = getTestProps().getProperty("domain.dnstest");
String targetDomain = "cacert-" + token + "." + test;
- String manage = getTestProps().getProperty("domain.dnsmanage");
- String url = manage + "t1=" + token + "&t2=" + value;
- assertEquals(200, ((HttpURLConnection) new URL(url).openConnection()).getResponseCode());
String[] data = DNSUtil.getTXTEntries(targetDomain, getTestProps().getProperty("domain.testns"));
assertEquals(1, data.length);
return data[0];
+
}
}
--- /dev/null
+package org.cacert.gigi.ping;
+
+import static org.junit.Assert.*;
+
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.net.URL;
+import java.net.URLEncoder;
+import java.sql.SQLException;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import javax.naming.NamingException;
+
+import org.cacert.gigi.pages.account.DomainOverview;
+import org.cacert.gigi.testUtils.IOUtils;
+import org.cacert.gigi.testUtils.PingTest;
+import org.cacert.gigi.testUtils.TestEmailReciever.TestMail;
+import org.cacert.gigi.util.RandomToken;
+import org.junit.Test;
+
+public class TestHTTP extends PingTest {
+
+ @Test
+ public void httpSanity() throws IOException, NamingException {
+
+ String token = RandomToken.generateToken(16);
+ String value = RandomToken.generateToken(16);
+
+ TestDNS.updateService(token, value, "http");
+ assertEquals(value, readHTTP(token));
+
+ }
+
+ @Test
+ public void httpAndMailSuccess() throws IOException, InterruptedException, SQLException {
+ testEmailAndHTTP(0, 0, true, true);
+ }
+
+ @Test
+ public void httpFailKeyAndMailSuccess() throws IOException, InterruptedException, SQLException {
+ testEmailAndHTTP(1, 0, false, true);
+ }
+
+ @Test
+ public void httpFailValAndMailFail() throws IOException, InterruptedException, SQLException {
+ testEmailAndHTTP(2, 1, false, false);
+ }
+
+ public void testEmailAndHTTP(int httpVariant, int emailVariant, boolean successHTTP, boolean successMail) throws IOException, InterruptedException, SQLException {
+
+ String test = getTestProps().getProperty("domain.http");
+
+ URL u = new URL("https://" + getServerName() + DomainOverview.PATH);
+ Matcher m = initailizeDomainForm(u);
+ updateService(m.group(1) + (httpVariant == 1 ? "a" : ""), m.group(2) + (httpVariant == 2 ? "a" : ""), "http");
+
+ String content = "newdomain=" + URLEncoder.encode(test, "UTF-8") + //
+ "&emailType=y&email=2&HTTPType=y" + //
+ "&ssl-type-0=direct&ssl-port-0=" + //
+ "&ssl-type-1=direct&ssl-port-1=" + //
+ "&ssl-type-2=direct&ssl-port-2=" + //
+ "&ssl-type-3=direct&ssl-port-3=" + //
+ "&adddomain&csrf=" + csrf;
+ URL u2 = sendDomainForm(u, content);
+
+ TestMail mail = getMailReciever().recieve();
+ if (emailVariant == 0) {
+ String link = mail.extractLink();
+ new URL(link).openConnection().getHeaderField("");
+ }
+ waitForPings(2);
+
+ String newcontent = IOUtils.readURL(cookie(u2.openConnection(), cookie));
+ Pattern pat = Pattern.compile("<td>http</td>\\s*<td>success</td>");
+ assertTrue(newcontent, !successHTTP ^ pat.matcher(newcontent).find());
+ pat = Pattern.compile("<td>email</td>\\s*<td>success</td>");
+ assertTrue(newcontent, !successMail ^ pat.matcher(newcontent).find());
+ }
+
+ private String readHTTP(String token) throws IOException {
+ URL u = new URL("http://" + getTestProps().getProperty("domain.http") + "/cacert-" + token + ".txt");
+ return IOUtils.readURL(new InputStreamReader(u.openStream())).trim();
+
+ }
+}
--- /dev/null
+package org.cacert.gigi.testUtils;
+
+import java.io.IOException;
+
+public abstract class ClientTest extends ManagedTest {
+
+ protected String email = createUniqueName() + "@example.org";
+
+ protected int userid = createVerifiedUser("a", "b", email, TEST_PASSWORD);
+
+ protected String cookie;
+
+ protected String csrf;
+
+ public ClientTest() {
+ try {
+ cookie = login(email, TEST_PASSWORD);
+ } catch (IOException e) {
+ throw new Error(e);
+ }
+ }
+}
--- /dev/null
+package org.cacert.gigi.testUtils;
+
+import static org.junit.Assert.*;
+
+import java.io.IOException;
+import java.net.HttpURLConnection;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.net.URLConnection;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import org.cacert.gigi.database.DatabaseConnection;
+import org.cacert.gigi.pages.account.DomainOverview;
+import org.junit.Before;
+
+public abstract class PingTest extends ClientTest {
+
+ protected static void updateService(String token, String value, String action) throws IOException, MalformedURLException {
+ String manage = getTestProps().getProperty("domain.manage");
+ String url = manage + "t1=" + token + "&t2=" + value + "&action=" + action;
+ assertEquals(200, ((HttpURLConnection) new URL(url).openConnection()).getResponseCode());
+ }
+
+ protected void waitForPings(int count) throws SQLException, InterruptedException {
+ PreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT COUNT(*) FROM domainPinglog");
+ while (true) {
+ ResultSet rs = ps.executeQuery();
+ rs.next();
+ if (rs.getInt(1) >= count) {
+ break;
+ }
+ Thread.sleep(200);
+ }
+ }
+
+ protected URL sendDomainForm(URL u, String content) throws IOException, MalformedURLException {
+ URLConnection openConnection = u.openConnection();
+ openConnection.setRequestProperty("Cookie", cookie);
+ openConnection.setDoOutput(true);
+ openConnection.getOutputStream().write(content.getBytes());
+ openConnection.getHeaderField("Location");
+
+ String newcontent = IOUtils.readURL(cookie(u.openConnection(), cookie));
+ Pattern dlink = Pattern.compile(DomainOverview.PATH + "([0-9]+)'>");
+ Matcher m1 = dlink.matcher(newcontent);
+ m1.find();
+ URL u2 = new URL(u.toString() + m1.group(1));
+ return u2;
+ }
+
+ protected Matcher initailizeDomainForm(URL u) throws IOException, Error {
+ URLConnection openConnection = u.openConnection();
+ openConnection.setRequestProperty("Cookie", cookie);
+ String content1 = IOUtils.readURL(openConnection);
+ csrf = getCSRF(1, content1);
+
+ Pattern p = Pattern.compile("cacert-([A-Za-z0-9]+) IN TXT ([A-Za-z0-9]+)");
+ Matcher m = p.matcher(content1);
+ m.find();
+ return m;
+ }
+
+ private static boolean first = true;
+
+ @Before
+ public void purgeDbAfterTest() throws SQLException, IOException {
+ if (first) {
+ first = false;
+ return;
+ }
+ purgeDatabase();
+ }
+
+}