From 31bd86b7903b06266a84b3350914858c8a207b35 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Felix=20D=C3=B6rre?= Date: Wed, 1 Jun 2016 10:20:39 +0200 Subject: [PATCH] add: api for Test-memberid-lookup (addresses #4) Change-Id: Icdf6a2e4872e7d63cba8aab0238e9b4ce5a9f5f2 --- src/org/cacert/gigi/api/CATSImport.java | 14 +++-- src/org/cacert/gigi/api/CATSResolve.java | 37 +++++++++++++ src/org/cacert/gigi/api/GigiAPI.java | 1 + .../org/cacert/gigi/api/ImportCATSResult.java | 55 ++++++++++++++----- tests/org/cacert/gigi/testUtils/IOUtils.java | 2 +- 5 files changed, 89 insertions(+), 20 deletions(-) create mode 100644 src/org/cacert/gigi/api/CATSResolve.java diff --git a/src/org/cacert/gigi/api/CATSImport.java b/src/org/cacert/gigi/api/CATSImport.java index b30658d6..69feb299 100644 --- a/src/org/cacert/gigi/api/CATSImport.java +++ b/src/org/cacert/gigi/api/CATSImport.java @@ -13,7 +13,7 @@ import org.cacert.gigi.dbObjects.User; public class CATSImport extends APIPoint { - public static final String PATH = "/cats_import"; + public static final String PATH = "/cats/import"; @Override public void process(HttpServletRequest req, HttpServletResponse resp, CertificateOwner u) throws IOException { @@ -26,15 +26,21 @@ public class CATSImport extends APIPoint { return; } - String target = req.getParameter("serial"); + String target = req.getParameter("mid"); String testType = req.getParameter("variant"); String date = req.getParameter("date"); if (target == null || testType == null || date == null) { resp.sendError(500, "Error, requires serial, variant and date"); return; } - // TODO is "byEnabledSerial" desired? - CertificateOwner o = CertificateOwner.getByEnabledSerial(target); + int id; + try { + id = Integer.parseInt(target); + } catch (NumberFormatException e) { + resp.sendError(500, "Error, requires mid to be integer."); + return; + } + CertificateOwner o = CertificateOwner.getById(id); if ( !(o instanceof User)) { resp.sendError(500, "Error, requires valid serial"); return; diff --git a/src/org/cacert/gigi/api/CATSResolve.java b/src/org/cacert/gigi/api/CATSResolve.java new file mode 100644 index 00000000..5da53940 --- /dev/null +++ b/src/org/cacert/gigi/api/CATSResolve.java @@ -0,0 +1,37 @@ +package org.cacert.gigi.api; + +import java.io.IOException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.cacert.gigi.dbObjects.CertificateOwner; +import org.cacert.gigi.dbObjects.Organisation; +import org.cacert.gigi.dbObjects.User; + +public class CATSResolve extends APIPoint { + + public static final String PATH = "/cats/resolve"; + + @Override + public void process(HttpServletRequest req, HttpServletResponse resp, CertificateOwner u) throws IOException { + if ( !(u instanceof Organisation)) { + resp.sendError(500, "Error, invalid cert"); + return; + } + if ( !((Organisation) u).isSelfOrganisation()) { + resp.sendError(500, "Error, invalid cert"); + return; + + } + String target = req.getParameter("serial"); + + CertificateOwner o = CertificateOwner.getByEnabledSerial(target); + if ( !(o instanceof User)) { + resp.sendError(500, "Error, requires valid serial"); + return; + } + resp.setContentType("text/plain; charset=UTF-8"); + resp.getWriter().print(o.getId()); + } +} diff --git a/src/org/cacert/gigi/api/GigiAPI.java b/src/org/cacert/gigi/api/GigiAPI.java index c0d063db..ce2704de 100644 --- a/src/org/cacert/gigi/api/GigiAPI.java +++ b/src/org/cacert/gigi/api/GigiAPI.java @@ -20,6 +20,7 @@ public class GigiAPI extends HttpServlet { api.put(CreateCertificate.PATH, new CreateCertificate()); api.put(RevokeCertificate.PATH, new RevokeCertificate()); api.put(CATSImport.PATH, new CATSImport()); + api.put(CATSResolve.PATH, new CATSResolve()); } @Override diff --git a/tests/org/cacert/gigi/api/ImportCATSResult.java b/tests/org/cacert/gigi/api/ImportCATSResult.java index be02a7b6..41c49c56 100644 --- a/tests/org/cacert/gigi/api/ImportCATSResult.java +++ b/tests/org/cacert/gigi/api/ImportCATSResult.java @@ -27,15 +27,17 @@ import org.cacert.gigi.dbObjects.Group; import org.cacert.gigi.dbObjects.Organisation; import org.cacert.gigi.dbObjects.User; import org.cacert.gigi.testUtils.ClientTest; +import org.cacert.gigi.testUtils.IOUtils; import org.junit.Test; public class ImportCATSResult extends ClientTest { - @Test - public void testImportCATS() throws GigiApiException, IOException, GeneralSecurityException, InterruptedException { + private PrivateKey pk; + + private X509Certificate ce; + + public ImportCATSResult() throws IOException, GeneralSecurityException, InterruptedException, GigiApiException { makeAssurer(id); - Certificate target = new Certificate(u, u, Certificate.buildDN("EMAIL", email), Digest.SHA256, generatePEMCSR(generateKeypair(), "EMAIL=" + email), CSRType.CSR, CertificateProfile.getByName("client"), new Certificate.SubjectAlternateName(SANType.EMAIL, "cats@cacert.org")); - target.issue(null, "2y", u).waitFor(60000); grant(u.getEmail(), Group.ORGASSURER); clearCaches(); @@ -45,35 +47,58 @@ public class ImportCATSResult extends ClientTest { KeyPair kp = generateKeypair(); String key1 = generatePEMCSR(kp, "EMAIL=cats@cacert.org"); Certificate c = new Certificate(o, u, Certificate.buildDN("EMAIL", "cats@cacert.org"), Digest.SHA256, key1, CSRType.CSR, CertificateProfile.getByName("client-orga"), new Certificate.SubjectAlternateName(SANType.EMAIL, "cats@cacert.org")); - final PrivateKey pk = kp.getPrivate(); + pk = kp.getPrivate(); c.issue(null, "2y", u).waitFor(60000); - final X509Certificate ce = c.cert(); + ce = c.cert(); + } + + @Test + public void testLookupSerial() throws GigiApiException, IOException, GeneralSecurityException, InterruptedException { + Certificate target2 = new Certificate(u, u, Certificate.buildDN("EMAIL", u.getEmail()), Digest.SHA256, generatePEMCSR(generateKeypair(), "EMAIL=" + u.getEmail()), CSRType.CSR, CertificateProfile.getByName("client"), new Certificate.SubjectAlternateName(SANType.EMAIL, "cats@cacert.org")); + target2.issue(null, "2y", u).waitFor(60000); + + assertEquals(u.getId(), Integer.parseInt(apiLookup(target2))); + } + + @Test + public void testImportCATS() throws GigiApiException, IOException, GeneralSecurityException, InterruptedException { assertEquals(1, u.getTrainings().length); - apiRequest(target.cert().getSerialNumber().toString(16), "Test Training", pk, ce); + apiImport(u, "Test Training"); assertEquals(2, u.getTrainings().length); User u2 = User.getById(createVerifiedUser("fn", "ln", createUniqueName() + "@example.com", TEST_PASSWORD)); - Certificate target2 = new Certificate(u2, u2, Certificate.buildDN("EMAIL", u2.getEmail()), Digest.SHA256, generatePEMCSR(generateKeypair(), "EMAIL=" + u2.getEmail()), CSRType.CSR, CertificateProfile.getByName("client"), new Certificate.SubjectAlternateName(SANType.EMAIL, "cats@cacert.org")); - target2.issue(null, "2y", u).waitFor(60000); assertEquals(0, u2.getTrainings().length); assertFalse(u2.hasPassedCATS()); - apiRequest(target2.cert().getSerialNumber().toString(16), "Test Training", pk, ce); + apiImport(u2, "Test Training"); assertEquals(1, u2.getTrainings().length); assertFalse(u2.hasPassedCATS()); - apiRequest(target2.cert().getSerialNumber().toString(16), CATS.ASSURER_CHALLANGE_NAME, pk, ce); + apiImport(u2, CATS.ASSURER_CHALLANGE_NAME); assertEquals(2, u2.getTrainings().length); assertTrue(u2.hasPassedCATS()); } - private void apiRequest(String target, String test, final PrivateKey pk, final X509Certificate ce) throws IOException, MalformedURLException, NoSuchAlgorithmException, KeyManagementException, UnsupportedEncodingException, GeneralSecurityException { + private void apiImport(User target, String test) throws IOException, MalformedURLException, NoSuchAlgorithmException, KeyManagementException, UnsupportedEncodingException, GeneralSecurityException { HttpURLConnection connection = (HttpURLConnection) new URL("https://" + getServerName().replaceFirst("^www.", "api.") + CATSImport.PATH).openConnection(); authenticateClientCert(pk, ce, connection); connection.setDoOutput(true); OutputStream os = connection.getOutputStream(); - os.write(("serial=" + target + "&variant=" + URLEncoder.encode(test, "UTF-8") + "&date=" + System.currentTimeMillis()).getBytes("UTF-8")); - System.out.println(connection.getResponseCode()); - System.out.println(connection.getResponseMessage()); + os.write(("mid=" + target.getId() + "&variant=" + URLEncoder.encode(test, "UTF-8") + "&date=" + System.currentTimeMillis()).getBytes("UTF-8")); + if (connection.getResponseCode() != 200) { + throw new Error(connection.getResponseMessage()); + } + } + + private String apiLookup(Certificate target) throws IOException, MalformedURLException, NoSuchAlgorithmException, KeyManagementException, UnsupportedEncodingException, GeneralSecurityException { + HttpURLConnection connection = (HttpURLConnection) new URL("https://" + getServerName().replaceFirst("^www.", "api.") + CATSResolve.PATH).openConnection(); + authenticateClientCert(pk, ce, connection); + connection.setDoOutput(true); + OutputStream os = connection.getOutputStream(); + os.write(("serial=" + target.cert().getSerialNumber().toString(16).toLowerCase()).getBytes()); + if (connection.getResponseCode() != 200) { + throw new Error(connection.getResponseMessage()); + } + return IOUtils.readURL(connection); } } diff --git a/tests/org/cacert/gigi/testUtils/IOUtils.java b/tests/org/cacert/gigi/testUtils/IOUtils.java index 3e91d7ed..23db401f 100644 --- a/tests/org/cacert/gigi/testUtils/IOUtils.java +++ b/tests/org/cacert/gigi/testUtils/IOUtils.java @@ -17,7 +17,7 @@ public class IOUtils { public static String readURL(URLConnection in) { try { - if ( !in.getContentType().equals("text/html; charset=UTF-8")) { + if ( !in.getContentType().equals("text/html; charset=UTF-8") && !in.getContentType().equals("text/plain; charset=UTF-8")) { if (in instanceof HttpURLConnection && ((HttpURLConnection) in).getResponseCode() != 200) { System.err.println(readURL(new InputStreamReader(((HttpURLConnection) in).getErrorStream(), "UTF-8"))); } -- 2.39.2