]> WPIA git - gigi.git/commitdiff
projects / gigi.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw (from parent 2: 0176ca7)
Merge commit '0176ca7cda25ad88e9faa116ffa139ca926de273' into HEAD
authorFelix Dörre <felix@dogcraft.de>
Thu, 7 Apr 2016 11:59:33 +0000 (13:59 +0200)
committerFelix Dörre <felix@dogcraft.de>
Thu, 7 Apr 2016 11:59:33 +0000 (13:59 +0200)
src/org/cacert/gigi/api/CreateCertificate.java patch | blob | history
src/org/cacert/gigi/pages/account/certs/Certificates.java patch | blob | history
src/org/cacert/gigi/util/CertExporter.java [new file with mode: 0644] patch | blob
tests/org/cacert/gigi/api/IssueCert.java patch | blob | history
util-testing/org/cacert/gigi/pages/Manager.java patch | blob | history
util-testing/org/cacert/gigi/pages/Manager.templ patch | blob | history

diff --git a/src/org/cacert/gigi/api/CreateCertificate.java b/src/org/cacert/gigi/api/CreateCertificate.java
index d21b9c47cabd95500bd5011cb84c797bb7283d9d..0d5a27e05c76da1673f5da7d193347c0a177c14e 100644 (file)
--- a/src/org/cacert/gigi/api/CreateCertificate.java
+++ b/src/org/cacert/gigi/api/CreateCertificate.java
@@ -12,10 +12,11 @@ import org.cacert.gigi.dbObjects.Certificate;
 import org.cacert.gigi.dbObjects.Certificate.CertificateStatus;
 import org.cacert.gigi.dbObjects.CertificateProfile;
 import org.cacert.gigi.dbObjects.Job;
+import org.cacert.gigi.dbObjects.Organisation;
 import org.cacert.gigi.dbObjects.User;
 import org.cacert.gigi.pages.account.certs.CertificateRequest;
 import org.cacert.gigi.util.AuthorizationContext;
-import org.cacert.gigi.util.PEM;
+import org.cacert.gigi.util.CertExporter;
 
 public class CreateCertificate extends APIPoint {
 
@@ -33,12 +34,35 @@ public class CreateCertificate extends APIPoint {
         if (cpS != null) {
             cp = CertificateProfile.getByName(cpS);
             if (cp == null) {
-                resp.sendError(500, "Error, profile " + cpS + "not found");
+                resp.sendError(500, "Error, profile not found");
+                return;
+            }
+        }
+        AuthorizationContext ctx = new AuthorizationContext(u, u);
+        String asOrg = req.getParameter("asOrg");
+        if (asOrg != null) {
+            try {
+                int i = Integer.parseInt(asOrg);
+                Organisation o0 = null;
+                for (Organisation o : u.getOrganisations()) {
+                    if (o.getId() == i) {
+                        o0 = o;
+                        break;
+                    }
+                }
+                if (o0 == null) {
+                    resp.sendError(500, "Error, Organisation with id " + i + " not found.");
+                    return;
+                } else {
+                    ctx = new AuthorizationContext(o0, u);
+                }
+            } catch (NumberFormatException e) {
+                resp.sendError(500, "Error, as Org is not an integer");
                 return;
             }
         }
         try {
-            CertificateRequest cr = new CertificateRequest(new AuthorizationContext(u, u), csr, cp);
+            CertificateRequest cr = new CertificateRequest(ctx, csr, cp);
             Certificate result = cr.draft();
             Job job = result.issue(null, "2y", u);
             job.waitFor(60000);
@@ -46,7 +70,8 @@ public class CreateCertificate extends APIPoint {
                 resp.sendError(510, "Error, issuing timed out");
                 return;
             }
-            resp.getWriter().println(PEM.encode("CERTIFICATE", result.cert().getEncoded()));
+
+            CertExporter.writeCertCrt(result, resp.getOutputStream(), req.getParameter("chain") != null, req.getParameter("noAnchor") == null);
             return;
         } catch (GeneralSecurityException e) {
             resp.sendError(500, "Crypto failed");
diff --git a/src/org/cacert/gigi/pages/account/certs/Certificates.java b/src/org/cacert/gigi/pages/account/certs/Certificates.java
index a0afe7a9091de272b06d85537b09ee296ee9001f..d40bbaccb9981853eaefdf76a00c1e4caf8d551f 100644 (file)
--- a/src/org/cacert/gigi/pages/account/certs/Certificates.java
+++ b/src/org/cacert/gigi/pages/account/certs/Certificates.java
@@ -2,19 +2,10 @@ package org.cacert.gigi.pages.account.certs;
 
 import java.io.IOException;
 import java.io.PrintWriter;
-import java.math.BigInteger;
 import java.net.URLEncoder;
 import java.security.GeneralSecurityException;
-import java.security.cert.CRLException;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateException;
-import java.security.cert.X509CRL;
-import java.security.cert.X509Certificate;
 import java.util.HashMap;
-import java.util.HashSet;
-import java.util.LinkedList;
 import java.util.Map;
-import java.util.Set;
 
 import javax.servlet.ServletOutputStream;
 import javax.servlet.http.HttpServletRequest;
@@ -29,17 +20,9 @@ import org.cacert.gigi.output.template.Template;
 import org.cacert.gigi.pages.HandlesMixedRequest;
 import org.cacert.gigi.pages.LoginPage;
 import org.cacert.gigi.pages.Page;
+import org.cacert.gigi.util.CertExporter;
 import org.cacert.gigi.util.PEM;
 
-import sun.security.pkcs.ContentInfo;
-import sun.security.pkcs.PKCS7;
-import sun.security.pkcs.SignerInfo;
-import sun.security.util.DerOutputStream;
-import sun.security.util.DerValue;
-import sun.security.x509.AlgorithmId;
-import sun.security.x509.X509CRLImpl;
-import sun.security.x509.X509CertImpl;
-
 public class Certificates extends Page implements HandlesMixedRequest {
 
     private Template certDisplay = new Template(Certificates.class.getResource("CertificateDisplay.templ"));
@@ -95,9 +78,6 @@ public class Certificates extends Page implements HandlesMixedRequest {
         } else if (pi.endsWith(".cer")) {
             cer = true;
             pi = pi.substring(0, pi.length() - 4);
-        } else if (pi.endsWith(".cer")) {
-            cer = true;
-            pi = pi.substring(0, pi.length() - 4);
         }
         String serial = pi;
         try {
@@ -106,35 +86,16 @@ public class Certificates extends Page implements HandlesMixedRequest {
                 resp.sendError(404);
                 return true;
             }
-            X509Certificate cert = c.cert();
             if ( !crt && !cer) {
                 return false;
             }
             ServletOutputStream out = resp.getOutputStream();
+            boolean doChain = req.getParameter("chain") != null;
+            boolean includeAnchor = req.getParameter("noAnchor") == null;
             if (crt) {
-                out.println(PEM.encode("CERTIFICATE", cert.getEncoded()));
-                if (req.getParameter("chain") != null) {
-                    CACertificate ca = c.getParent();
-                    while ( !ca.isSelfsigned()) {
-                        out.println(PEM.encode("CERTIFICATE", ca.getCertificate().getEncoded()));
-                        ca = ca.getParent();
-                    }
-                    if (req.getParameter("noAnchor") == null) {
-                        out.println(PEM.encode("CERTIFICATE", ca.getCertificate().getEncoded()));
-                    }
-                }
+                CertExporter.writeCertCrt(c, out, doChain, includeAnchor);
             } else if (cer) {
-                if (req.getParameter("chain") != null) {
-                    PKCS7 p7 = toP7Chain(c);
-                    p7.encodeSignedData(out);
-                    /*
-                     * ContentInfo ci = toCIChain(c); try (DerOutputStream dos =
-                     * new DerOutputStream()) { ci.encode(dos);
-                     * out.write(dos.toByteArray()); }
-                     */
-                } else {
-                    out.write(cert.getEncoded());
-                }
+                CertExporter.writeCertCer(c, out, doChain, includeAnchor);
             }
         } catch (IllegalArgumentException e) {
             resp.sendError(404);
@@ -147,113 +108,6 @@ public class Certificates extends Page implements HandlesMixedRequest {
         return true;
     }
 
-    private static PKCS7 toP7Chain(Certificate c) throws IOException, GeneralSecurityException {
-        LinkedList<X509Certificate> ll = getChain(c);
-        PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo(ContentInfo.DATA_OID, null), ll.toArray(new X509Certificate[ll.size()]), new SignerInfo[0]) {
-
-            @Override
-            public void encodeSignedData(DerOutputStream out) throws IOException {
-                DerOutputStream signedData = new DerOutputStream();
-                BigInteger version = getVersion();
-                AlgorithmId[] digestAlgorithmIds = getDigestAlgorithmIds();
-                ContentInfo contentInfo = getContentInfo();
-                X509Certificate[] certificates = getCertificates();
-                X509CRL[] crls = getCRLs();
-                SignerInfo[] signerInfos = getSignerInfos();
-
-                // version
-                signedData.putInteger(version);
-
-                // digestAlgorithmIds
-                signedData.putOrderedSetOf(DerValue.tag_Set, digestAlgorithmIds);
-
-                // contentInfo
-                contentInfo.encode(signedData);
-
-                // certificates (optional)
-                if (certificates != null && certificates.length != 0) {
-                    DerOutputStream sub = new DerOutputStream();
-                    // cast to X509CertImpl[] since X509CertImpl implements
-                    // DerEncoder
-                    X509CertImpl implCerts[] = new X509CertImpl[certificates.length];
-                    for (int i = 0; i < certificates.length; i++) {
-                        try {
-                            sub.write(certificates[i].getEncoded());
-                        } catch (CertificateEncodingException e) {
-                            sub.close();
-                            throw new IOException(e);
-                        }
-                        if (certificates[i] instanceof X509CertImpl) {
-                            implCerts[i] = (X509CertImpl) certificates[i];
-                        } else {
-                            try {
-                                byte[] encoded = certificates[i].getEncoded();
-                                implCerts[i] = new X509CertImpl(encoded);
-                            } catch (CertificateException ce) {
-                                sub.close();
-                                throw new IOException(ce);
-                            }
-                        }
-                    }
-
-                    // Add the certificate set (tagged with [0] IMPLICIT)
-                    // to the signed data
-                    signedData.write((byte) 0xA0, sub);
-                    sub.close();
-                }
-
-                // CRLs (optional)
-                if (crls != null && crls.length != 0) {
-                    // cast to X509CRLImpl[] since X509CRLImpl implements
-                    // DerEncoder
-                    Set<X509CRLImpl> implCRLs = new HashSet<X509CRLImpl>(crls.length);
-                    for (X509CRL crl : crls) {
-                        if (crl instanceof X509CRLImpl) {
-                            implCRLs.add((X509CRLImpl) crl);
-                        } else {
-                            try {
-                                byte[] encoded = crl.getEncoded();
-                                implCRLs.add(new X509CRLImpl(encoded));
-                            } catch (CRLException ce) {
-                                throw new IOException(ce);
-                            }
-                        }
-                    }
-
-                    // Add the CRL set (tagged with [1] IMPLICIT)
-                    // to the signed data
-                    signedData.putOrderedSetOf((byte) 0xA1, implCRLs.toArray(new X509CRLImpl[implCRLs.size()]));
-                }
-
-                // signerInfos
-                signedData.putOrderedSetOf(DerValue.tag_Set, signerInfos);
-
-                // making it a signed data block
-                DerValue signedDataSeq = new DerValue(DerValue.tag_Sequence, signedData.toByteArray());
-
-                // making it a content info sequence
-                ContentInfo block = new ContentInfo(ContentInfo.SIGNED_DATA_OID, signedDataSeq);
-
-                // writing out the contentInfo sequence
-                block.encode(out);
-            }
-
-        };
-        return p7;
-    }
-
-    private static LinkedList<X509Certificate> getChain(Certificate c) throws IOException, GeneralSecurityException {
-        LinkedList<X509Certificate> ll = new LinkedList<>();
-        ll.add(c.cert());
-        CACertificate ca = c.getParent();
-        while ( !ca.isSelfsigned()) {
-            ll.add(ca.getCertificate());
-            ca = ca.getParent();
-        }
-        ll.add(ca.getCertificate());
-        return ll;
-    }
-
     @Override
     public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
         if (req.getQueryString() != null && !req.getQueryString().equals("") && !req.getQueryString().equals("withRevoked")) {
diff --git a/src/org/cacert/gigi/util/CertExporter.java b/src/org/cacert/gigi/util/CertExporter.java
new file mode 100644 (file)
index 0000000..6c18097
--- /dev/null
+++ b/src/org/cacert/gigi/util/CertExporter.java
@@ -0,0 +1,165 @@
+package org.cacert.gigi.util;
+
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.GeneralSecurityException;
+import java.security.cert.CRLException;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509CRL;
+import java.security.cert.X509Certificate;
+import java.util.HashSet;
+import java.util.LinkedList;
+import java.util.Set;
+
+import javax.servlet.ServletOutputStream;
+
+import org.cacert.gigi.dbObjects.CACertificate;
+import org.cacert.gigi.dbObjects.Certificate;
+
+import sun.security.pkcs.ContentInfo;
+import sun.security.pkcs.PKCS7;
+import sun.security.pkcs.SignerInfo;
+import sun.security.util.DerOutputStream;
+import sun.security.util.DerValue;
+import sun.security.x509.AlgorithmId;
+import sun.security.x509.X509CRLImpl;
+import sun.security.x509.X509CertImpl;
+
+public class CertExporter {
+
+    private CertExporter() {}
+
+    public static void writeCertCrt(Certificate c, ServletOutputStream out, boolean doChain, boolean includeAnchor) throws IOException, GeneralSecurityException {
+        X509Certificate cert = c.cert();
+        out.println(PEM.encode("CERTIFICATE", cert.getEncoded()));
+        if (doChain) {
+            CACertificate ca = c.getParent();
+            while ( !ca.isSelfsigned()) {
+                out.println(PEM.encode("CERTIFICATE", ca.getCertificate().getEncoded()));
+                ca = ca.getParent();
+            }
+            if (includeAnchor) {
+                out.println(PEM.encode("CERTIFICATE", ca.getCertificate().getEncoded()));
+            }
+        }
+    }
+
+    public static void writeCertCer(Certificate c, ServletOutputStream out, boolean doChain, boolean includeAnchor) throws IOException, GeneralSecurityException {
+        X509Certificate cert = c.cert();
+        if (doChain) {
+            PKCS7 p7 = toP7Chain(c);
+            p7.encodeSignedData(out);
+        } else {
+            out.write(cert.getEncoded());
+        }
+    }
+
+    private static PKCS7 toP7Chain(Certificate c) throws IOException, GeneralSecurityException {
+        LinkedList<X509Certificate> ll = getChain(c);
+        PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo(ContentInfo.DATA_OID, null), ll.toArray(new X509Certificate[ll.size()]), new SignerInfo[0]) {
+
+            @Override
+            public void encodeSignedData(DerOutputStream out) throws IOException {
+                DerOutputStream signedData = new DerOutputStream();
+                BigInteger version = getVersion();
+                AlgorithmId[] digestAlgorithmIds = getDigestAlgorithmIds();
+                ContentInfo contentInfo = getContentInfo();
+                X509Certificate[] certificates = getCertificates();
+                X509CRL[] crls = getCRLs();
+                SignerInfo[] signerInfos = getSignerInfos();
+
+                // version
+                signedData.putInteger(version);
+
+                // digestAlgorithmIds
+                signedData.putOrderedSetOf(DerValue.tag_Set, digestAlgorithmIds);
+
+                // contentInfo
+                contentInfo.encode(signedData);
+
+                // certificates (optional)
+                if (certificates != null && certificates.length != 0) {
+                    DerOutputStream sub = new DerOutputStream();
+                    // cast to X509CertImpl[] since X509CertImpl implements
+                    // DerEncoder
+                    X509CertImpl implCerts[] = new X509CertImpl[certificates.length];
+                    for (int i = 0; i < certificates.length; i++) {
+                        try {
+                            sub.write(certificates[i].getEncoded());
+                        } catch (CertificateEncodingException e) {
+                            sub.close();
+                            throw new IOException(e);
+                        }
+                        if (certificates[i] instanceof X509CertImpl) {
+                            implCerts[i] = (X509CertImpl) certificates[i];
+                        } else {
+                            try {
+                                byte[] encoded = certificates[i].getEncoded();
+                                implCerts[i] = new X509CertImpl(encoded);
+                            } catch (CertificateException ce) {
+                                sub.close();
+                                throw new IOException(ce);
+                            }
+                        }
+                    }
+
+                    // Add the certificate set (tagged with [0] IMPLICIT)
+                    // to the signed data
+                    signedData.write((byte) 0xA0, sub);
+                    sub.close();
+                }
+
+                // CRLs (optional)
+                if (crls != null && crls.length != 0) {
+                    // cast to X509CRLImpl[] since X509CRLImpl implements
+                    // DerEncoder
+                    Set<X509CRLImpl> implCRLs = new HashSet<X509CRLImpl>(crls.length);
+                    for (X509CRL crl : crls) {
+                        if (crl instanceof X509CRLImpl) {
+                            implCRLs.add((X509CRLImpl) crl);
+                        } else {
+                            try {
+                                byte[] encoded = crl.getEncoded();
+                                implCRLs.add(new X509CRLImpl(encoded));
+                            } catch (CRLException ce) {
+                                throw new IOException(ce);
+                            }
+                        }
+                    }
+
+                    // Add the CRL set (tagged with [1] IMPLICIT)
+                    // to the signed data
+                    signedData.putOrderedSetOf((byte) 0xA1, implCRLs.toArray(new X509CRLImpl[implCRLs.size()]));
+                }
+
+                // signerInfos
+                signedData.putOrderedSetOf(DerValue.tag_Set, signerInfos);
+
+                // making it a signed data block
+                DerValue signedDataSeq = new DerValue(DerValue.tag_Sequence, signedData.toByteArray());
+
+                // making it a content info sequence
+                ContentInfo block = new ContentInfo(ContentInfo.SIGNED_DATA_OID, signedDataSeq);
+
+                // writing out the contentInfo sequence
+                block.encode(out);
+            }
+
+        };
+        return p7;
+    }
+
+    private static LinkedList<X509Certificate> getChain(Certificate c) throws IOException, GeneralSecurityException {
+        LinkedList<X509Certificate> ll = new LinkedList<>();
+        ll.add(c.cert());
+        CACertificate ca = c.getParent();
+        while ( !ca.isSelfsigned()) {
+            ll.add(ca.getCertificate());
+            ca = ca.getParent();
+        }
+        ll.add(ca.getCertificate());
+        return ll;
+    }
+
+}
diff --git a/tests/org/cacert/gigi/api/IssueCert.java b/tests/org/cacert/gigi/api/IssueCert.java
index faa8618e246e27ccc282d95b56f2d62f065a6170..b37626ce24a30d1285d06e83fe1ae630d3046d7a 100644 (file)
--- a/tests/org/cacert/gigi/api/IssueCert.java
+++ b/tests/org/cacert/gigi/api/IssueCert.java
@@ -6,14 +6,11 @@ import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStreamReader;
 import java.io.OutputStream;
-import java.io.UnsupportedEncodingException;
 import java.net.HttpURLConnection;
-import java.net.MalformedURLException;
 import java.net.URL;
 import java.net.URLEncoder;
-import java.security.KeyManagementException;
+import java.security.GeneralSecurityException;
 import java.security.KeyPair;
-import java.security.NoSuchAlgorithmException;
 import java.security.PrivateKey;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
@@ -23,6 +20,10 @@ import org.cacert.gigi.dbObjects.Certificate.CSRType;
 import org.cacert.gigi.dbObjects.Certificate.CertificateStatus;
 import org.cacert.gigi.dbObjects.CertificateProfile;
 import org.cacert.gigi.dbObjects.Digest;
+import org.cacert.gigi.dbObjects.Domain;
+import org.cacert.gigi.dbObjects.Group;
+import org.cacert.gigi.dbObjects.Name;
+import org.cacert.gigi.dbObjects.Organisation;
 import org.cacert.gigi.testUtils.ClientTest;
 import org.cacert.gigi.testUtils.IOUtils;
 import org.junit.Test;
@@ -31,34 +32,90 @@ import sun.security.x509.X500Name;
 
 public class IssueCert extends ClientTest {
 
+    private final PrivateKey pk;
+
+    private final X509Certificate ce;
+
+    private final Certificate c;
+
+    private final KeyPair kp;
+
+    public IssueCert() {
+        try {
+            kp = generateKeypair();
+            String key1 = generatePEMCSR(kp, "EMAIL=testmail@example.com");
+            c = new Certificate(u, u, Certificate.buildDN("EMAIL", "testmail@example.com"), Digest.SHA256, key1, CSRType.CSR, CertificateProfile.getById(1));
+            pk = kp.getPrivate();
+            c.issue(null, "2y", u).waitFor(60000);
+            ce = c.cert();
+        } catch (Exception e) {
+            throw new Error(e);
+        }
+    }
+
     @Test
     public void testIssueCert() throws Exception {
-        KeyPair kp = generateKeypair();
-        String key1 = generatePEMCSR(kp, "EMAIL=testmail@example.com");
-        Certificate c = new Certificate(u, u, Certificate.buildDN("EMAIL", "testmail@example.com"), Digest.SHA256, key1, CSRType.CSR, CertificateProfile.getById(1));
-        final PrivateKey pk = kp.getPrivate();
-        c.issue(null, "2y", u).waitFor(60000);
-        final X509Certificate ce = c.cert();
-        HttpURLConnection connection = (HttpURLConnection) new URL("https://" + getServerName().replaceFirst("^www.", "api.") + CreateCertificate.PATH).openConnection();
-        authenticateClientCert(pk, ce, connection);
-        connection.setDoOutput(true);
-        OutputStream os = connection.getOutputStream();
-        os.write(("profile=client&csr=" + URLEncoder.encode(generatePEMCSR(kp, "EMAIL=" + email + ",CN=CAcert WoT User"), "UTF-8")).getBytes("UTF-8"));
-        os.flush();
-        assertEquals(connection.getResponseCode(), 200);
-        String cert = IOUtils.readURL(new InputStreamReader(connection.getInputStream(), "UTF-8"));
+        String cert = issueCert(generatePEMCSR(kp, "EMAIL=" + email + ",CN=CAcert WoT User"), "profile=client");
+
         CertificateFactory cf = CertificateFactory.getInstance("X509");
         java.security.cert.X509Certificate xcert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(cert.getBytes("UTF-8")));
         assertEquals("CAcert WoT User", ((X500Name) xcert.getSubjectDN()).getCommonName());
 
-        revoke(pk, ce, xcert.getSerialNumber().toString(16).toLowerCase());
-        revoke(pk, ce, c.getSerial().toLowerCase());
+    }
 
+    @Test
+    public void testRevoke() throws Exception {
+        revoke(c.getSerial().toLowerCase());
         assertEquals(CertificateStatus.REVOKED, c.getStatus());
+    }
+
+    @Test
+    public void testIssueCertAssured() throws Exception {
+        makeAssurer(id);
+
+        Name n = u.getName();
+        String whishName = n.getFname() + " " + n.getLname();
+        String cert = issueCert(generatePEMCSR(kp, "EMAIL=" + email + ",CN=" + whishName), "profile=client-a");
 
+        CertificateFactory cf = CertificateFactory.getInstance("X509");
+        java.security.cert.X509Certificate xcert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(cert.getBytes("UTF-8")));
+        assertEquals(whishName, ((X500Name) xcert.getSubjectDN()).getCommonName());
+
+    }
+
+    @Test
+    public void testIssueOrgCert() throws Exception {
+        makeAssurer(id);
+        u.grantGroup(u, Group.ORGASSURER);
+
+        Organisation o1 = new Organisation("name", "st", "pr", "st", "test@mail", u);
+        o1.addAdmin(u, u, false);
+        String testdom = createUniqueName() + "-example.com";
+        Domain d2 = new Domain(u, o1, testdom);
+        verify(d2);
+
+        String whishName = createUniqueName();
+        String cert = issueCert(generatePEMCSR(kp, "EMAIL=test@" + testdom + ",CN=" + whishName), "profile=client-orga&asOrg=" + o1.getId());
+
+        CertificateFactory cf = CertificateFactory.getInstance("X509");
+        java.security.cert.X509Certificate xcert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(cert.getBytes("UTF-8")));
+        assertEquals(whishName, ((X500Name) xcert.getSubjectDN()).getCommonName());
+
+    }
+
+    private String issueCert(String csr, String options) throws IOException, GeneralSecurityException {
+        HttpURLConnection connection = (HttpURLConnection) new URL("https://" + getServerName().replaceFirst("^www.", "api.") + CreateCertificate.PATH).openConnection();
+        authenticateClientCert(pk, ce, connection);
+        connection.setDoOutput(true);
+        OutputStream os = connection.getOutputStream();
+        os.write((options + "&csr=" + URLEncoder.encode(csr, "UTF-8")).getBytes("UTF-8"));
+        os.flush();
+        assertEquals(connection.getResponseMessage(), 200, connection.getResponseCode());
+        String cert = IOUtils.readURL(new InputStreamReader(connection.getInputStream(), "UTF-8"));
+        return cert;
     }
 
-    private void revoke(final PrivateKey pk, final X509Certificate ce, String serial) throws IOException, MalformedURLException, NoSuchAlgorithmException, KeyManagementException, UnsupportedEncodingException {
+    private void revoke(String serial) throws IOException, GeneralSecurityException {
         HttpURLConnection connection;
         OutputStream os;
         connection = (HttpURLConnection) new URL("https://" + getServerName().replaceFirst("^www.", "api.") + "/account/certs/revoke").openConnection();
diff --git a/util-testing/org/cacert/gigi/pages/Manager.java b/util-testing/org/cacert/gigi/pages/Manager.java
index ebfd73b9d605a15d1d72402d2840a8b52c440a54..3ac191ac030bf4d4fc886cb685237d08e4c5977f 100644 (file)
--- a/util-testing/org/cacert/gigi/pages/Manager.java
+++ b/util-testing/org/cacert/gigi/pages/Manager.java
@@ -90,36 +90,38 @@ public class Manager extends Page {
         }
     }
 
-    public User[] getAssurers() {
-        if (assurers != null) {
-            return assurers;
+    public User getAssurer(int i) {
+        if (assurers[i] != null) {
+            return assurers[i];
         }
-        assurers = new User[10];
         try {
-            try (GigiPreparedStatement ps = new GigiPreparedStatement("INSERT INTO `notary` SET `from`=?, `to`=?, `points`=?, `location`=?, `date`=?")) {
-                for (int i = 0; i < assurers.length; i++) {
-                    String mail = "test-assurer" + i + "@example.com";
-                    User u = User.getByEmail(mail);
-                    if (u == null) {
-                        System.out.println("Creating assurer");
-                        createUser(mail);
-                        u = User.getByEmail(mail);
-                        passCATS(u);
-                        ps.setInt(1, u.getId());
-                        ps.setInt(2, u.getId());
-                        ps.setInt(3, 100);
-                        ps.setString(4, "Manager init code");
-                        ps.setString(5, "1990-01-01");
-                        ps.execute();
-                    }
-                    assurers[i] = u;
+            User u = createAssurer(i);
+            assurers[i] = u;
 
-                }
-            }
         } catch (ReflectiveOperationException | GigiApiException e) {
             e.printStackTrace();
         }
-        return assurers;
+        return assurers[i];
+    }
+
+    private User createAssurer(int i) throws GigiApiException, IllegalAccessException {
+        try (GigiPreparedStatement ps = new GigiPreparedStatement("INSERT INTO `notary` SET `from`=?, `to`=?, `points`=?, `location`=?, `date`=?")) {
+            String mail = "test-assurer" + i + "@example.com";
+            User u = User.getByEmail(mail);
+            if (u == null) {
+                System.out.println("Creating assurer");
+                createUser(mail);
+                u = User.getByEmail(mail);
+                passCATS(u);
+                ps.setInt(1, u.getId());
+                ps.setInt(2, u.getId());
+                ps.setInt(3, 100);
+                ps.setString(4, "Manager init code");
+                ps.setString(5, "1990-01-01");
+                ps.execute();
+            }
+            return u;
+        }
     }
 
     private void passCATS(User u) {
@@ -219,7 +221,7 @@ public class Manager extends Page {
         ea.verify(hash);
     }
 
-    User[] assurers;
+    User[] assurers = new User[25];
 
     @Override
     public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
@@ -259,13 +261,24 @@ public class Manager extends Page {
                 return;
             }
             try {
-                for (int i = 0; i < getAssurers().length; i++) {
-                    Notary.assure(getAssurers()[i], byEmail, byEmail.getName(), byEmail.getDoB(), 10, "Testmanager Assure up code", "2014-11-06", AssuranceType.FACE_TO_FACE);
+                for (int i = 0; i < 10; i++) {
+                    Notary.assure(getAssurer(i), byEmail, byEmail.getName(), byEmail.getDoB(), 10, "Testmanager Assure up code", "2014-11-06", AssuranceType.FACE_TO_FACE);
                 }
             } catch (GigiApiException e) {
                 throw new Error(e);
             }
             resp.getWriter().println("User has been assured.");
+        } else if (req.getParameter("letassure") != null) {
+            String mail = req.getParameter("letassureEmail");
+            User byEmail = User.getByEmail(mail);
+            try {
+                for (int i = 0; i < 25; i++) {
+                    User a = getAssurer(i);
+                    Notary.assure(byEmail, a, a.getName(), a.getDoB(), 10, "Testmanager exp up code", "2014-11-06", AssuranceType.FACE_TO_FACE);
+                }
+            } catch (GigiApiException e) {
+                throw new Error(e);
+            }
         } else if (req.getParameter("addEmail") != null) {
             User u = User.getByEmail(req.getParameter("addEmailEmail"));
             try {
@@ -365,7 +378,6 @@ public class Manager extends Page {
 
     @Override
     public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
-        getAssurers();
         String pi = req.getPathInfo().substring(PATH.length());
         if (pi.length() > 1 && pi.startsWith("/fetch-")) {
             String mail = pi.substring(pi.indexOf('-', 2) + 1);
diff --git a/util-testing/org/cacert/gigi/pages/Manager.templ b/util-testing/org/cacert/gigi/pages/Manager.templ
index 9735e9a53ea4eaebe5b4f172b9076bdf21152ee4..2efd14add8bf9d2dabab15635f8ed56a8cfba5a6 100644 (file)
--- a/util-testing/org/cacert/gigi/pages/Manager.templ
+++ b/util-testing/org/cacert/gigi/pages/Manager.templ
@@ -55,6 +55,14 @@ Email: <input type="text" name="assureEmail"/>
 <input type="submit" value="Assure 100 Points" name="assure"/>
 </td></tr>
 
+<tr><td>
+Assure 25 others (get 25 experience points)    :
+</td><td>
+Email: <input type="text" name="letassureEmail"/>
+</td><td>
+<input type="submit" value="Add 25 experience Points" name="letassure"/>
+</td></tr>
+
 <tr><td>
 Add verified Email:
 </td><td>
WPIA Certificate Web Issuance Platform