From bafe96665aa27ee01a09853941fcd7c46573eb5c Mon Sep 17 00:00:00 2001
From: =?utf8?q?Felix=20D=C3=B6rre?= <felix@dogcraft.de>
Date: Tue, 10 Nov 2015 23:36:07 +0100
Subject: [PATCH] upd: create and test revoke API

---
 src/org/cacert/gigi/api/GigiAPI.java     | 33 ++++++++++++++++++++++++
 tests/org/cacert/gigi/api/IssueCert.java | 28 ++++++++++++++++++--
 2 files changed, 59 insertions(+), 2 deletions(-)

diff --git a/src/org/cacert/gigi/api/GigiAPI.java b/src/org/cacert/gigi/api/GigiAPI.java
index d511d315..caeeeffa 100644
--- a/src/org/cacert/gigi/api/GigiAPI.java
+++ b/src/org/cacert/gigi/api/GigiAPI.java
@@ -80,6 +80,7 @@ public class GigiAPI extends HttpServlet {
                     return;
                 }
                 resp.getWriter().println(PEM.encode("CERTIFICATE", result.cert().getEncoded()));
+                return;
             } catch (GeneralSecurityException e) {
                 e.printStackTrace();
             } catch (GigiApiException e) {
@@ -87,6 +88,38 @@ public class GigiAPI extends HttpServlet {
             } catch (InterruptedException e) {
                 e.printStackTrace();
             }
+        } else if (pi.equals("/account/certs/revoke")) {
+
+            if ( !req.getMethod().equals("POST")) {
+                resp.sendError(500, "Error, POST required.");
+                return;
+            }
+            if (req.getQueryString() != null) {
+                resp.sendError(500, "Error, no query String allowed.");
+                return;
+            }
+            String tserial = req.getParameter("serial");
+            if (tserial == null) {
+                resp.sendError(500, "Error, no Serial found");
+                return;
+            }
+            try {
+                Certificate c = Certificate.getBySerial(tserial);
+                if (c == null || c.getOwner() != u) {
+                    resp.sendError(403, "Access Denied");
+                    return;
+                }
+                Job job = c.revoke();
+                job.waitFor(60000);
+                if (c.getStatus() != CertificateStatus.REVOKED) {
+                    resp.sendError(510, "Error, issuing timed out");
+                    return;
+                }
+                resp.getWriter().println("OK");
+                return;
+            } catch (InterruptedException e) {
+                e.printStackTrace();
+            }
         }
     }
 }
diff --git a/tests/org/cacert/gigi/api/IssueCert.java b/tests/org/cacert/gigi/api/IssueCert.java
index 0a66a417..65fd3f82 100644
--- a/tests/org/cacert/gigi/api/IssueCert.java
+++ b/tests/org/cacert/gigi/api/IssueCert.java
@@ -3,18 +3,24 @@ package org.cacert.gigi.api;
 import static org.junit.Assert.*;
 
 import java.io.ByteArrayInputStream;
+import java.io.IOException;
 import java.io.InputStreamReader;
 import java.io.OutputStream;
+import java.io.UnsupportedEncodingException;
 import java.net.HttpURLConnection;
+import java.net.MalformedURLException;
 import java.net.URL;
 import java.net.URLEncoder;
+import java.security.KeyManagementException;
 import java.security.KeyPair;
+import java.security.NoSuchAlgorithmException;
 import java.security.PrivateKey;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 
 import org.cacert.gigi.dbObjects.Certificate;
 import org.cacert.gigi.dbObjects.Certificate.CSRType;
+import org.cacert.gigi.dbObjects.Certificate.CertificateStatus;
 import org.cacert.gigi.dbObjects.CertificateProfile;
 import org.cacert.gigi.dbObjects.Digest;
 import org.cacert.gigi.testUtils.ClientTest;
@@ -42,7 +48,25 @@ public class IssueCert extends ClientTest {
         assertEquals(connection.getResponseCode(), 200);
         String cert = IOUtils.readURL(new InputStreamReader(connection.getInputStream(), "UTF-8"));
         CertificateFactory cf = CertificateFactory.getInstance("X509");
-        java.security.cert.Certificate xcert = cf.generateCertificate(new ByteArrayInputStream(cert.getBytes("UTF-8")));
-        assertEquals("CAcert WoT User", ((X500Name) ((X509Certificate) xcert).getSubjectDN()).getCommonName());
+        java.security.cert.X509Certificate xcert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(cert.getBytes("UTF-8")));
+        assertEquals("CAcert WoT User", ((X500Name) xcert.getSubjectDN()).getCommonName());
+
+        revoke(pk, ce, xcert.getSerialNumber().toString(16).toLowerCase());
+        revoke(pk, ce, c.getSerial().toLowerCase());
+
+        assertEquals(CertificateStatus.REVOKED, c.getStatus());
+
+    }
+
+    private void revoke(final PrivateKey pk, final X509Certificate ce, String serial) throws IOException, MalformedURLException, NoSuchAlgorithmException, KeyManagementException, UnsupportedEncodingException {
+        HttpURLConnection connection;
+        OutputStream os;
+        connection = (HttpURLConnection) new URL("https://" + getServerName().replaceFirst("^www.", "api.") + "/account/certs/revoke").openConnection();
+        authenticateClientCert(pk, ce, connection);
+        connection.setDoOutput(true);
+        os = connection.getOutputStream();
+        os.write(("serial=" + URLEncoder.encode(serial, "UTF-8")).getBytes("UTF-8"));
+        os.flush();
+        assertEquals(connection.getResponseCode(), 200);
     }
 }
-- 
2.39.2