From 4de35d0ba81eadeceb437dace9e06ef59caa2b39 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Felix=20D=C3=B6rre?= <felix@dogcraft.de>
Date: Tue, 5 Jul 2016 09:07:48 +0200
Subject: [PATCH] fix: do not follow redirects when doing http-pings
 (+testCase)

fixes #61

Change-Id: Iae3589b50614d097f0705003836125aa955ca7d6
---
 config/test.properties.template               |  2 +
 src/org/cacert/gigi/Launcher.java             |  2 +
 tests/org/cacert/gigi/ping/TestHTTP.java      | 84 +++++++++++++++++++
 tests/org/cacert/gigi/testUtils/PingTest.java |  5 +-
 4 files changed, 91 insertions(+), 2 deletions(-)

diff --git a/config/test.properties.template b/config/test.properties.template
index b39f07b7..232f46e0 100644
--- a/config/test.properties.template
+++ b/config/test.properties.template
@@ -32,6 +32,8 @@ domain.http=you-intstallation-for-the-textfiles
 domain.dnstest=the.dns.zone
 domain.testns=the.authorativ.ns.for.domain.dnstest
 domain.local=a.domain.that.resolves.to.localhost
+#port that is 80 is redirected to
+domain.localHTTP=80
 
 
 email.address=somemail@yourdomain.org
diff --git a/src/org/cacert/gigi/Launcher.java b/src/org/cacert/gigi/Launcher.java
index 7bf5bd11..a7730adc 100644
--- a/src/org/cacert/gigi/Launcher.java
+++ b/src/org/cacert/gigi/Launcher.java
@@ -2,6 +2,7 @@ package org.cacert.gigi;
 
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
+import java.net.HttpURLConnection;
 import java.net.InetSocketAddress;
 import java.security.GeneralSecurityException;
 import java.security.Key;
@@ -105,6 +106,7 @@ public class Launcher {
     public synchronized void boot() throws Exception {
         Locale.setDefault(Locale.ENGLISH);
         TimeZone.setDefault(TimeZone.getTimeZone("UTC"));
+        HttpURLConnection.setFollowRedirects(false);
 
         conf = GigiConfig.parse(System.in);
         ServerConstants.init(conf.getMainProps());
diff --git a/tests/org/cacert/gigi/ping/TestHTTP.java b/tests/org/cacert/gigi/ping/TestHTTP.java
index 31fecd94..a1c5c7ae 100644
--- a/tests/org/cacert/gigi/ping/TestHTTP.java
+++ b/tests/org/cacert/gigi/ping/TestHTTP.java
@@ -4,8 +4,13 @@ import static org.hamcrest.CoreMatchers.*;
 import static org.junit.Assert.*;
 import static org.junit.Assume.*;
 
+import java.io.BufferedReader;
 import java.io.IOException;
 import java.io.InputStreamReader;
+import java.io.OutputStreamWriter;
+import java.io.PrintWriter;
+import java.net.ServerSocket;
+import java.net.Socket;
 import java.net.URL;
 import java.net.URLEncoder;
 import java.sql.SQLException;
@@ -106,4 +111,83 @@ public class TestHTTP extends PingTest {
         return IOUtils.readURL(new InputStreamReader(u.openStream(), "UTF-8")).trim();
 
     }
+
+    @Test
+    public void testHttpRedirect() throws IOException, SQLException, InterruptedException {
+        try (ServerSocket s = openServer()) {
+            testHttpRedirect(s, true);
+        }
+    }
+
+    @Test
+    public void testHttpNoRedirect() throws IOException, SQLException, InterruptedException {
+        try (ServerSocket s = openServer()) {
+            testHttpRedirect(s, false);
+        }
+    }
+
+    private ServerSocket openServer() {
+        String localHTTP = getTestProps().getProperty("domain.localHTTP");
+        assumeNotNull(localHTTP);
+        try {
+            return new ServerSocket(Integer.parseInt(localHTTP));
+        } catch (IOException e) {
+            throw new Error("Requires a free port " + localHTTP);
+        }
+    }
+
+    public void testHttpRedirect(ServerSocket s, boolean doRedirect) throws IOException, SQLException, InterruptedException {
+        String test = getTestProps().getProperty("domain.local");
+        assumeNotNull(test);
+
+        Matcher m = initailizeDomainForm();
+
+        String content = "newdomain=" + URLEncoder.encode(test, "UTF-8") + //
+                "&emailType=y&email=2&HTTPType=y" + //
+                "&ssl-type-0=direct&ssl-port-0=" + //
+                "&ssl-type-1=direct&ssl-port-1=" + //
+                "&ssl-type-2=direct&ssl-port-2=" + //
+                "&ssl-type-3=direct&ssl-port-3=" + //
+                "&adddomain&csrf=" + csrf;
+        String p2 = sendDomainForm(content);
+        try (Socket s0 = s.accept()) {
+            BufferedReader br = new BufferedReader(new InputStreamReader(s0.getInputStream(), "UTF-8"));
+            String fst = br.readLine();
+            assertEquals("GET /cacert-" + m.group(1) + ".txt HTTP/1.1", fst);
+            while ( !br.readLine().equals("")) {
+            }
+            String res = m.group(2);
+            PrintWriter out = new PrintWriter(new OutputStreamWriter(s0.getOutputStream(), "UTF-8"));
+            if ( !doRedirect) {
+                out.println("HTTP/1.1 200 OK");
+                out.println("Content-length: " + res.length());
+                out.println();
+                out.print(res);
+            } else {
+                out.println("HTTP/1.1 302 Moved");
+                out.println("Location: /token");
+                out.println();
+            }
+            out.flush();
+        }
+        waitForPings(2);
+
+        TestMail mail = getMailReciever().receive();
+        mail.verify();
+
+        String newcontent = IOUtils.readURL(get(p2));
+        Pattern pat = Pattern.compile("<td>http</td>\\s*<td>success</td>");
+        pat = Pattern.compile("<td>http</td>\\s*<td>([^<]*)</td>\\s*<td>([^<]*)</td>\\s*<td>([^<]*)</td>");
+        Matcher m0 = pat.matcher(newcontent);
+        assertTrue(newcontent, m0.find());
+        if (doRedirect) {
+            assertEquals("failed", m0.group(1));
+            assertThat(m0.group(3), containsString("code 302"));
+        } else {
+            assertEquals("success", m0.group(1));
+        }
+        pat = Pattern.compile("<td>email</td>\\s*<td>success</td>");
+        assertTrue(newcontent, pat.matcher(newcontent).find());
+
+    }
 }
diff --git a/tests/org/cacert/gigi/testUtils/PingTest.java b/tests/org/cacert/gigi/testUtils/PingTest.java
index 0d15f2e8..967fdb2d 100644
--- a/tests/org/cacert/gigi/testUtils/PingTest.java
+++ b/tests/org/cacert/gigi/testUtils/PingTest.java
@@ -51,8 +51,9 @@ public abstract class PingTest extends ClientTest {
         openConnection.setDoOutput(true);
         openConnection.getOutputStream().write(content.getBytes("UTF-8"));
         openConnection.getHeaderField("Location");
-        if (((HttpURLConnection) openConnection).getResponseCode() != 302) {
-            throw new Error(IOUtils.readURL(openConnection));
+        int code = ((HttpURLConnection) openConnection).getResponseCode();
+        if (code != 302) {
+            throw new Error("Code was: " + code + "\ncontent was: " + IOUtils.readURL(openConnection));
         }
 
         String newcontent = IOUtils.readURL(get(DomainOverview.PATH));
-- 
2.39.2