From c252e6d9cd5b6f76cfa5bd85eb5df37b15b811ba Mon Sep 17 00:00:00 2001 From: =?utf8?q?Felix=20D=C3=B6rre?= Date: Sat, 19 Jul 2014 00:24:10 +0200 Subject: [PATCH] Implement a testcase that tests this session context separation. --- .../cacert/gigi/TestSeparateSessionScope.java | 48 +++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 tests/org/cacert/gigi/TestSeparateSessionScope.java diff --git a/tests/org/cacert/gigi/TestSeparateSessionScope.java b/tests/org/cacert/gigi/TestSeparateSessionScope.java new file mode 100644 index 00000000..29632bed --- /dev/null +++ b/tests/org/cacert/gigi/TestSeparateSessionScope.java @@ -0,0 +1,48 @@ +package org.cacert.gigi; + +import static org.junit.Assert.*; + +import java.io.IOException; +import java.net.HttpURLConnection; +import java.net.URL; +import java.security.GeneralSecurityException; +import java.security.PrivateKey; +import java.security.cert.X509Certificate; +import java.sql.SQLException; + +import org.cacert.gigi.testUtils.ManagedTest; +import org.cacert.gigi.testUtils.PemKey; +import org.junit.Test; + +public class TestSeparateSessionScope extends ManagedTest { + + private static final String TEST_PASSWORD = "xvXV12°§"; + + @Test + public void testSeparateScope() throws IOException, GeneralSecurityException, SQLException, InterruptedException { + String mail = "thisgo" + createUniqueName() + "@example.com"; + int user = createAssuranceUser("test", "tugo", mail, TEST_PASSWORD); + String cookie = login(mail, TEST_PASSWORD); + String[] csr = generateCSR("/CN=felix@dogcraft.de"); + Certificate c = new Certificate(user, "/CN=testmail@example.com", "sha256", csr[1]); + final PrivateKey pk = PemKey.parsePEMPrivateKey(csr[0]); + c.issue().waitFor(60000); + final X509Certificate ce = c.cert(); + String scookie = login(pk, ce); + + assertTrue(isLoggedin(cookie)); + assertFalse(isLoggedin(scookie)); + + URL u = new URL("https://" + getServerName().replaceAll("^www", "secure") + SECURE_REFERENCE); + HttpURLConnection huc = (HttpURLConnection) u.openConnection(); + authenticateClientCert(pk, ce, huc); + huc.setRequestProperty("Cookie", scookie); + assertEquals(200, huc.getResponseCode()); + + HttpURLConnection huc2 = (HttpURLConnection) u.openConnection(); + authenticateClientCert(pk, ce, huc2); + huc2.setRequestProperty("Cookie", cookie); + assertEquals(302, huc2.getResponseCode()); + + } +} -- 2.39.2