vars.put("ra-agent", u.canVerify());
vars.put("vp", u.getVerificationPoints());
vars.put("xp", u.getExperiencePoints());
- if (u.isInGroup(Group.SUPPORTER) || u.isInGroup(Group.ORG_AGENT) || u.isInGroup(Group.TTP_AGENT) || u.canVerify()) {
- vars.put("certlogin", LoginPage.getAuthorizationContext(req).isStronglyAuthenticated());
- vars.put("certlogininfo", true);
- } else {
- vars.put("certlogininfo", false);
- }
+
Certificate[] c = u.getCertificates(false);
vars.put("c-no", c.length);
}
});
vars.put("hasorgs", !o.isEmpty());
+
+ if (u.isInGroup(Group.SUPPORTER) || u.isInGroup(Group.ORG_AGENT) || u.isInGroup(Group.TTP_AGENT) || u.canVerify() || !o.isEmpty()) {
+ vars.put("certlogin", LoginPage.getAuthorizationContext(req).isStronglyAuthenticated());
+ vars.put("certlogininfo", true);
+ } else {
+ vars.put("certlogininfo", false);
+ }
+
getDefaultTemplate().output(resp.getWriter(), getLanguage(req), vars);
} else {
import java.net.URL;
import java.net.URLConnection;
import java.security.GeneralSecurityException;
-import java.security.KeyPair;
-import java.security.PrivateKey;
-import java.security.cert.X509Certificate;
import org.junit.Test;
import club.wpia.gigi.GigiApiException;
-import club.wpia.gigi.dbObjects.Certificate;
-import club.wpia.gigi.dbObjects.Certificate.CSRType;
-import club.wpia.gigi.dbObjects.Digest;
+import club.wpia.gigi.dbObjects.Country;
+import club.wpia.gigi.dbObjects.Country.CountryCodeType;
+import club.wpia.gigi.dbObjects.Group;
+import club.wpia.gigi.dbObjects.Organisation;
+import club.wpia.gigi.dbObjects.User;
import club.wpia.gigi.testUtils.ClientTest;
import club.wpia.gigi.testUtils.IOUtils;
public class TestMain extends ClientTest {
+ private User orgAdmin;
+
@Test
- public void testPasswordLogin() throws MalformedURLException, IOException {
+ public void testPasswordLogin() throws MalformedURLException, IOException, GigiApiException {
URLConnection uc = new URL("https://" + getServerName()).openConnection();
uc.addRequestProperty("Cookie", cookie);
String content = IOUtils.readURL(uc);
@Test
public void testCertLogin() throws GeneralSecurityException, IOException, GigiApiException, InterruptedException {
- KeyPair kp = generateKeypair();
- String csr = generatePEMCSR(kp, "CN=" + u.getPreferredName().toString());
- Certificate c = new Certificate(u, u, Certificate.buildDN("CN", u.getPreferredName().toString()), Digest.SHA256, csr, CSRType.CSR, getClientProfile());
- final PrivateKey pk = kp.getPrivate();
- await(c.issue(null, "2y", u));
- final X509Certificate ce = c.cert();
- c.setLoginEnabled(true);
- cookie = login(pk, ce);
- loginCertificate = c;
- loginPrivateKey = pk;
+ cookie = cookieWithCertificateLogin(u);
URLConnection uc = new URL("https://" + getSecureServerName()).openConnection();
authenticate((HttpURLConnection) uc);
authenticate((HttpURLConnection) uc);
content = IOUtils.readURL(uc);
assertThat(content, containsString("You are authenticated via certificate, so you will be able to perform all actions."));
+ }
+
+ @Test
+ public void testPasswordLoginOrgAdmin() throws MalformedURLException, IOException, GigiApiException {
+ URLConnection uc = new URL("https://" + getServerName()).openConnection();
+ addOrgAdmin();
+ cookie = login(orgAdmin.getEmail(), TEST_PASSWORD);
+ loginCertificate = null;
+ uc.addRequestProperty("Cookie", cookie);
+ String content = IOUtils.readURL(uc);
+ assertThat(content, containsString("You need to be logged in via certificate to get access to the organisations."));
+ assertThat(content, containsString("For some actions, e.g. add verification, support, you need to be authenticated via certificate."));
+
+ }
+
+ @Test
+ public void testCertLoginOrgAdmin() throws GeneralSecurityException, IOException, GigiApiException, InterruptedException {
+ cookie = cookieWithCertificateLogin(u);
+ addOrgAdmin();
+ cookie = cookieWithCertificateLogin(orgAdmin);
+
+ URLConnection uc = new URL("https://" + getSecureServerName()).openConnection();
+ authenticate((HttpURLConnection) uc);
+ String content = IOUtils.readURL(uc);
+
+ assertThat(content, containsString("change to organisation administrator context"));
+ assertThat(content, containsString("You are authenticated via certificate, so you will be able to perform all actions."));
+ }
+ private void addOrgAdmin() throws GigiApiException, IOException {
+ makeAgent(u.getId());
+ u.grantGroup(getSupporter(), Group.ORG_AGENT);
+ clearCaches();
+ Organisation o = new Organisation(createUniqueName(), Country.getCountryByCode("DE", CountryCodeType.CODE_2_CHARS), "pr", "city", "test@example.com", "", "", u);
+ orgAdmin = User.getById(createVerificationUser("testworker", "testname", createUniqueName() + "@testdom.com", TEST_PASSWORD));
+ makeAgent(orgAdmin.getId());
+ o.addAdmin(orgAdmin, u, true);
}
}