From: Benny Baumann <BenBE1987@gmx.net>
Date: Tue, 7 Nov 2017 19:55:40 +0000 (+0100)
Subject: Merge changes I46ae11f8,I6d71e70e,Ie19e3229
X-Git-Url: https://code.wpia.club/?p=gigi.git;a=commitdiff_plain;h=a507c4de2568faaf53bb8d6e003ffbe1ced5d539;hp=-c

Merge changes I46ae11f8,I6d71e70e,Ie19e3229

* changes:
  chg: remove csr_name and crt_name columns from certs
  chg: use certificate attachment to store CRT and CSR files
  add: text-attachments for certificates
---

a507c4de2568faaf53bb8d6e003ffbe1ced5d539
diff --combined tests/club/wpia/gigi/pages/account/TestCertificateAdd.java
index 8d46cf2d,986442b1..bac62175
--- a/tests/club/wpia/gigi/pages/account/TestCertificateAdd.java
+++ b/tests/club/wpia/gigi/pages/account/TestCertificateAdd.java
@@@ -68,12 -68,6 +68,12 @@@ public class TestCertificateAdd extend
  
      KeyPair kp = generateKeypair();
  
 +    /**
 +     * This KeyPair is used for testing the KeyCheck for proper rejection of
 +     * invalid keys. The generated keys suffers from small factors.
 +     */
 +    KeyPair kpBroken = generateBrokenKeypair();
 +
      String csrf;
  
      public TestCertificateAdd() throws GeneralSecurityException, IOException {
@@@ -88,7 -82,6 +88,6 @@@
          }, new DNSName(uniq + ".tld"));
  
          String pem = generatePEMCSR(kp, "CN=a." + uniq + ".tld", atts);
- 
          String[] res = fillOutForm("CSR=" + URLEncoder.encode(pem, "UTF-8"));
          assertArrayEquals(new String[] {
                  "server", CertificateRequest.DEFAULT_CN, "dns:a." + uniq + ".tld\ndns:" + uniq + ".tld\n", Digest.SHA512.toString()
@@@ -389,17 -382,4 +388,17 @@@
          X509Certificate parsedLoginEnabled = createCertWithValidity("&validFrom=now&validity=1m", true);
          assertEquals(u, CertificateOwner.getByEnabledSerial(parsedLoginEnabled.getSerialNumber().toString(16).toLowerCase()));
      }
 +
 +    @Test
 +    public void testInvalidKeyInCSR() throws IOException, GeneralSecurityException {
 +        PKCS10Attributes atts = buildAtts(new ObjectIdentifier[] {
 +                CertificateRequest.OID_KEY_USAGE_SSL_SERVER
 +        }, new DNSName(uniq + ".tld"));
 +
 +        String pem = generatePEMCSR(kpBroken, "CN=a." + uniq + ".tld", atts);
 +
 +        HttpURLConnection huc = post(CertificateAdd.PATH, "CSR=" + URLEncoder.encode(pem, "UTF-8"));
 +        assertThat(IOUtils.readURL(huc), hasError());
 +    }
 +
  }