upd: create and test revoke API

author Felix Dörre <felix@dogcraft.de>

Tue, 10 Nov 2015 22:36:07 +0000 (23:36 +0100)

committer Felix Dörre <felix@dogcraft.de>

Tue, 10 Nov 2015 22:36:07 +0000 (23:36 +0100)
author Felix Dörre <felix@dogcraft.de>
Tue, 10 Nov 2015 22:36:07 +0000 (23:36 +0100)
committer Felix Dörre <felix@dogcraft.de>
Tue, 10 Nov 2015 22:36:07 +0000 (23:36 +0100)
diff --git a/src/org/cacert/gigi/api/GigiAPI.java b/src/org/cacert/gigi/api/GigiAPI.java

index d511d315801180e2c871c50b259e3ff1c5359d7d..caeeeffab37c5488ef726aa6b4aed6b650b75c18 100644 (file)
--- a/src/org/cacert/gigi/api/GigiAPI.java
+++ b/src/org/cacert/gigi/api/GigiAPI.java
@@ -80,6 +80,7 @@ public class GigiAPI extends HttpServlet {
                      return;
                  }
                  resp.getWriter().println(PEM.encode("CERTIFICATE", result.cert().getEncoded()));
+                return;
              } catch (GeneralSecurityException e) {
                  e.printStackTrace();
              } catch (GigiApiException e) {
@@ -87,6 +88,38 @@ public class GigiAPI extends HttpServlet {
              } catch (InterruptedException e) {
                  e.printStackTrace();
              }
+        } else if (pi.equals("/account/certs/revoke")) {
+
+            if ( !req.getMethod().equals("POST")) {
+                resp.sendError(500, "Error, POST required.");
+                return;
+            }
+            if (req.getQueryString() != null) {
+                resp.sendError(500, "Error, no query String allowed.");
+                return;
+            }
+            String tserial = req.getParameter("serial");
+            if (tserial == null) {
+                resp.sendError(500, "Error, no Serial found");
+                return;
+            }
+            try {
+                Certificate c = Certificate.getBySerial(tserial);
+                if (c == null || c.getOwner() != u) {
+                    resp.sendError(403, "Access Denied");
+                    return;
+                }
+                Job job = c.revoke();
+                job.waitFor(60000);
+                if (c.getStatus() != CertificateStatus.REVOKED) {
+                    resp.sendError(510, "Error, issuing timed out");
+                    return;
+                }
+                resp.getWriter().println("OK");
+                return;
+            } catch (InterruptedException e) {
+                e.printStackTrace();
+            }
          }
      }
  }
diff --git a/tests/org/cacert/gigi/api/IssueCert.java b/tests/org/cacert/gigi/api/IssueCert.java

index 0a66a417755ccc2855a39683716383947d3cd166..65fd3f82112fc4555d43726e6f1df44eb30ca01a 100644 (file)
--- a/tests/org/cacert/gigi/api/IssueCert.java
+++ b/tests/org/cacert/gigi/api/IssueCert.java
@@ -3,18 +3,24 @@ package org.cacert.gigi.api;
  import static org.junit.Assert.*;
  
  import java.io.ByteArrayInputStream;
+import java.io.IOException;
  import java.io.InputStreamReader;
  import java.io.OutputStream;
+import java.io.UnsupportedEncodingException;
  import java.net.HttpURLConnection;
+import java.net.MalformedURLException;
  import java.net.URL;
  import java.net.URLEncoder;
+import java.security.KeyManagementException;
  import java.security.KeyPair;
+import java.security.NoSuchAlgorithmException;
  import java.security.PrivateKey;
  import java.security.cert.CertificateFactory;
  import java.security.cert.X509Certificate;
  
  import org.cacert.gigi.dbObjects.Certificate;
  import org.cacert.gigi.dbObjects.Certificate.CSRType;
+import org.cacert.gigi.dbObjects.Certificate.CertificateStatus;
  import org.cacert.gigi.dbObjects.CertificateProfile;
  import org.cacert.gigi.dbObjects.Digest;
  import org.cacert.gigi.testUtils.ClientTest;
@@ -42,7 +48,25 @@ public class IssueCert extends ClientTest {
          assertEquals(connection.getResponseCode(), 200);
          String cert = IOUtils.readURL(new InputStreamReader(connection.getInputStream(), "UTF-8"));
          CertificateFactory cf = CertificateFactory.getInstance("X509");
-        java.security.cert.Certificate xcert = cf.generateCertificate(new ByteArrayInputStream(cert.getBytes("UTF-8")));
-        assertEquals("CAcert WoT User", ((X500Name) ((X509Certificate) xcert).getSubjectDN()).getCommonName());
+        java.security.cert.X509Certificate xcert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(cert.getBytes("UTF-8")));
+        assertEquals("CAcert WoT User", ((X500Name) xcert.getSubjectDN()).getCommonName());
+
+        revoke(pk, ce, xcert.getSerialNumber().toString(16).toLowerCase());
+        revoke(pk, ce, c.getSerial().toLowerCase());
+
+        assertEquals(CertificateStatus.REVOKED, c.getStatus());
+
+    }
+
+    private void revoke(final PrivateKey pk, final X509Certificate ce, String serial) throws IOException, MalformedURLException, NoSuchAlgorithmException, KeyManagementException, UnsupportedEncodingException {
+        HttpURLConnection connection;
+        OutputStream os;
+        connection = (HttpURLConnection) new URL("https://" + getServerName().replaceFirst("^www.", "api.") + "/account/certs/revoke").openConnection();
+        authenticateClientCert(pk, ce, connection);
+        connection.setDoOutput(true);
+        os = connection.getOutputStream();
+        os.write(("serial=" + URLEncoder.encode(serial, "UTF-8")).getBytes("UTF-8"));
+        os.flush();
+        assertEquals(connection.getResponseCode(), 200);
      }
  }
author	Felix Dörre <felix@dogcraft.de>
	Tue, 10 Nov 2015 22:36:07 +0000 (23:36 +0100)
committer	Felix Dörre <felix@dogcraft.de>
	Tue, 10 Nov 2015 22:36:07 +0000 (23:36 +0100)
src/org/cacert/gigi/api/GigiAPI.java		patch \| blob \| history
tests/org/cacert/gigi/api/IssueCert.java		patch \| blob \| history