|
1 package org.objectweb.celtix.bus.transports.https;
2
3 import java.net.URL  ;
4 import java.util.Properties ;
5
6 import javax.net.ssl.SSLSocketFactory;
7
8 import junit.extensions.TestSetup;
9 import junit.framework.Test;
10 import junit.framework.TestCase;
11 import junit.framework.TestSuite;
12
13 import org.easymock.classextension.EasyMock;
14 import org.objectweb.celtix.Bus;
15 import org.objectweb.celtix.BusException;
16 import org.objectweb.celtix.bus.configuration.security.SSLClientPolicy;
17 import org.objectweb.celtix.bus.transports.http.JettyHTTPServerEngine;
18 import org.objectweb.celtix.configuration.Configuration;
19
20 public class JettySslClientConfigurerTest extends TestCase {
21
22
23 private static final String DROP_BACK_SRC_DIR =
24 "../../../../../../../../src/test/java/org/objectweb/celtix/bus/transports/https/";
25
26 Bus bus;
27 private Configuration configuration;
28
29
30 public JettySslClientConfigurerTest(String arg0) {
31 super(arg0);
32 }
33
34 public static Test suite() throws Exception {
35 TestSuite suite = new TestSuite(JettySslClientConfigurerTest.class);
36 return new TestSetup(suite) {
37 protected void tearDown() throws Exception {
38 super.tearDown();
39 JettyHTTPServerEngine.destroyForPort(9000);
40 }
41 };
42 }
43
44
45 public static void main(String [] args) {
46 junit.textui.TestRunner.run(JettySslClientConfigurerTest.class);
47 }
48
49 public void setUp() throws BusException {
50 bus = EasyMock.createMock(Bus.class);
51
52 configuration = EasyMock.createMock(Configuration.class);
53 }
54
55 public void tearDown() throws Exception {
56 EasyMock.reset(bus);
57 EasyMock.reset(configuration);
58
59 Properties props = System.getProperties();
60 props.remove("javax.net.ssl.trustStore");
61 props.remove("javax.net.ssl.keyStore");
62 props.remove("javax.net.ssl.keyPassword");
63 props.remove("javax.net.ssl.keyStorePassword");
64 }
65
66 public void testSecurityConfigurer() {
67 try {
68 System.setProperty("celtix.security.configurer.celtix.null.http-client",
69 "org.objectweb.celtix.bus.transports.https.SetAllDataSecurityDataProvider");
70 SSLClientPolicy sslClientPolicy = new SSLClientPolicy();
71 TestHandler handler = new TestHandler();
72 JettySslClientConfigurer jettySslClientConfigurer =
73 createJettySslClientConfigurer(sslClientPolicy,
74 "https://dummyurl",
75 handler);
76
77 jettySslClientConfigurer.configure();
78 assertTrue("Keystore loaded success message not present",
79 handler.checkLogContainsString("Successfully loaded keystore"));
80 assertTrue("Trust store loaded success message not present",
81 handler.checkLogContainsString("Successfully loaded trust store"));
82 assertTrue("Keystore type not being read",
83 handler.checkLogContainsString("The key store type has been set in configuration "
84 + "to JKS"));
85 assertTrue("Keystore password not being read",
86 handler.checkLogContainsString("The key store password was found to be set in "
87 + "configuration and will be used."));
88 assertTrue("Key password not being read",
89 handler.checkLogContainsString("The key password was found to be set in "
90 + "configuration and will be used."));
91 assertTrue("Key manager factory is being being read from somewhere unknown",
92 handler.checkLogContainsString("The keystore key manager factory "
93 + "algorithm has not been set in configuration "
94 + "so the default value SunX509 will be used."));
95
96 assertTrue("Trust manager factory is being being read from somewhere unknown",
97 handler.checkLogContainsString("The truststore key manager factory "
98 + "algorithm has not been set in configuration "
99 + "so the default value PKIX will be used."));
100
101 assertTrue("Ciphersuites is being being read from somewhere unknown",
102 handler.checkLogContainsString("The cipher suite has not been set, default values "
103 + "will be used."));
104 assertTrue("Truststore type not being read",
105 handler.checkLogContainsString("The key store type has been set in "
106 + "configuration to JKS"));
107
108 assertTrue("Secure socket protocol not being read",
109 handler.checkLogContainsString("The secure socket protocol has been set to TLSv1."));
110 assertTrue("Session caching set but no warning about not supported",
111 handler.checkLogContainsString("Unsupported SSLClientPolicy property : "
112 + "SessionCaching"));
113 assertTrue("SessionCacheKey caching set but no warning about not supported",
114 handler.checkLogContainsString("Unsupported SSLClientPolicy property : "
115 + "SessionCacheKey"));
116 assertTrue("MaxChainLength caching set but no warning about not supported",
117 handler.checkLogContainsString("Unsupported SSLClientPolicy property : "
118 + "MaxChainLength"));
119 assertTrue("CertValidator caching set but no warning about not supported",
120 handler.checkLogContainsString("Unsupported SSLClientPolicy property : "
121 + "CertValidator"));
122 } finally {
123 System.setProperty("celtix.security.configurer.celtix.null.http-client", "");
124 }
125 }
126
127 public void testSetAllData() {
128
129 String keyStoreStr = getPath("resources/defaultkeystore");
130 SSLClientPolicy sslClientPolicy = new SSLClientPolicy();
131 sslClientPolicy.setKeystore(keyStoreStr);
132 sslClientPolicy.setKeystoreType("JKS");
133
134 sslClientPolicy.setKeyPassword("defaultkeypass");
135 sslClientPolicy.setKeystorePassword("defaultkeypass");
136 sslClientPolicy.setTrustStoreType("JKS");
137 sslClientPolicy.setTrustStoreAlgorithm("JKS");
138 sslClientPolicy.setSecureSocketProtocol("TLSv1");
139 sslClientPolicy.setSessionCacheKey("Anything");
140 sslClientPolicy.setSessionCaching(true);
141 sslClientPolicy.setMaxChainLength(new Long (2));
142 sslClientPolicy.setCertValidator("Anything");
143 sslClientPolicy.setProxyHost("Anything");
144 sslClientPolicy.setProxyPort(new Long (1234));
145
146 String trustStoreStr = getPath("resources/defaulttruststore");
147 sslClientPolicy.setTrustStore(trustStoreStr);
148 TestHandler handler = new TestHandler();
149 JettySslClientConfigurer jettySslClientConfigurer =
150 createJettySslClientConfigurer(sslClientPolicy,
151 "https://dummyurl",
152 handler);
153
154 jettySslClientConfigurer.configure();
155 SSLSocketFactory sSLSocketFactory =
156 jettySslClientConfigurer.getHttpsConnection().getSSLSocketFactory();
157
158 assertTrue(sSLSocketFactory instanceof SSLSocketFactoryWrapper);
159 assertTrue("Keystore loaded success message not present",
160 handler.checkLogContainsString("Successfully loaded keystore"));
161 assertTrue("Trust store loaded success message not present",
162 handler.checkLogContainsString("Successfully loaded trust store"));
163 assertTrue("Keystore type not being read",
164 handler.checkLogContainsString("The key store type has been set in configuration to JKS"));
165 assertTrue("Keystore password not being read",
166 handler.checkLogContainsString("The key store password was found to be set in "
167 + "configuration and will be used."));
168 assertTrue("Key password not being read",
169 handler.checkLogContainsString("The key password was found to be set in "
170 + "configuration and will be used."));
171 assertTrue("Key manager factory is being being read from somewhere unknown",
172 handler.checkLogContainsString("The keystore key manager factory "
173 + "algorithm has not been set in configuration "
174 + "so the default value SunX509 will be used."));
175
176 assertTrue("Trust manager factory is being being read from somewhere unknown",
177 handler.checkLogContainsString("The truststore key manager factory "
178 + "algorithm has not been set in configuration "
179 + "so the default value PKIX will be used."));
180
181 assertTrue("Ciphersuites is being being read from somewhere unknown",
182 handler.checkLogContainsString("The cipher suite has not been set, default values "
183 + "will be used."));
184 assertTrue("Truststore type not being read",
185 handler.checkLogContainsString("The key store type has been set in "
186 + "configuration to JKS"));
187
188 assertTrue("Secure socket protocol not being read",
189 handler.checkLogContainsString("The secure socket protocol has been set to TLSv1."));
190 assertTrue("Session caching set but no warning about not supported",
191 handler.checkLogContainsString("Unsupported SSLClientPolicy property : SessionCaching"));
192 assertTrue("SessionCacheKey caching set but no warning about not supported",
193 handler.checkLogContainsString("Unsupported SSLClientPolicy property : SessionCacheKey"));
194 assertTrue("MaxChainLength caching set but no warning about not supported",
195 handler.checkLogContainsString("Unsupported SSLClientPolicy property : MaxChainLength"));
196 assertTrue("CertValidator caching set but no warning about not supported",
197 handler.checkLogContainsString("Unsupported SSLClientPolicy property : CertValidator"));
198 }
199
200 public void testAllValidDataJKS() {
201
202 String keyStoreStr = getPath("resources/defaultkeystore");
203 SSLClientPolicy sslClientPolicy = new SSLClientPolicy();
204 sslClientPolicy.setKeystore(keyStoreStr);
205 sslClientPolicy.setKeyPassword("defaultkeypass");
206 sslClientPolicy.setKeystorePassword("defaultkeypass");
207
208 sslClientPolicy.setKeystoreType("JKS");
209 String trustStoreStr = getPath("resources/defaulttruststore");
210 sslClientPolicy.setTrustStore(trustStoreStr);
211 TestHandler handler = new TestHandler();
212 JettySslClientConfigurer jettySslClientConfigurer =
213 createJettySslClientConfigurer(sslClientPolicy,
214 "https://dummyurl",
215 handler);
216
217 jettySslClientConfigurer.configure();
218 SSLSocketFactory sSLSocketFactory =
219 jettySslClientConfigurer.getHttpsConnection().getSSLSocketFactory();
220
221 assertTrue(sSLSocketFactory instanceof SSLSocketFactoryWrapper);
222 assertTrue("Keystore loaded success message not present",
223 handler.checkLogContainsString("Successfully loaded keystore"));
224 assertTrue("Trust store loaded success message not present",
225 handler.checkLogContainsString("Successfully loaded trust store"));
226
227 }
228
229 public void testAllValidDataPKCS12() {
230
231 String keyStoreStr = getPath("resources/celtix.p12");
232 SSLClientPolicy sslClientPolicy = new SSLClientPolicy();
233 sslClientPolicy.setKeystore(keyStoreStr);
234 sslClientPolicy.setKeyPassword("celtixpass");
235 sslClientPolicy.setKeystorePassword("celtixpass");
236
237 sslClientPolicy.setKeystoreType("PKCS12");
238 String trustStoreStr = getPath("resources/abigcompany_ca.pem");
239 sslClientPolicy.setTrustStore(trustStoreStr);
240 TestHandler handler = new TestHandler();
241 JettySslClientConfigurer jettySslClientConfigurer =
242 createJettySslClientConfigurer(sslClientPolicy,
243 "https://dummyurl",
244 handler);
245
246 jettySslClientConfigurer.configure();
247 SSLSocketFactory sSLSocketFactory =
248 jettySslClientConfigurer.getHttpsConnection().getSSLSocketFactory();
249
250 assertTrue(sSLSocketFactory instanceof SSLSocketFactoryWrapper);
251 assertTrue("Keystore loaded success message not present",
252 handler.checkLogContainsString("Successfully loaded keystore"));
253 assertTrue("Trust store loaded success message not present",
254 handler.checkLogContainsString("Successfully loaded trust store"));
255
256 }
257
258
259 public void testNonExistentKeystoreJKS() {
260
261 String keyStoreStr = getPath("resources/defaultkeystoredontexist");
262 SSLClientPolicy sslClientPolicy = new SSLClientPolicy();
263 sslClientPolicy.setKeystore(keyStoreStr);
264 sslClientPolicy.setKeyPassword("defaultkeypass");
265 sslClientPolicy.setKeystorePassword("defaultkeypass");
266
267 sslClientPolicy.setKeystoreType("JKS");
268 String trustStoreStr = getPath("resources/defaulttruststore");
269 sslClientPolicy.setTrustStore(trustStoreStr);
270 TestHandler handler = new TestHandler();
271 JettySslClientConfigurer jettySslClientConfigurer =
272 createJettySslClientConfigurer(sslClientPolicy,
273 "https://dummyurl",
274 handler);
275 jettySslClientConfigurer.configure();
276 SSLSocketFactory sSLSocketFactory =
277 jettySslClientConfigurer.getHttpsConnection().getSSLSocketFactory();
278 boolean isNewSocketFactory = sSLSocketFactory instanceof SSLSocketFactoryWrapper;
279 assertTrue("sSLSocketFactory should be null", !isNewSocketFactory);
280 assertTrue("SSLContext should have failed, invalid keystore location",
281 handler.checkLogContainsString("Problem initializing ssl for the outbound request"));
282
283
284 }
285
286 public void testNonExistentKeystorePKCS12() {
287
288 String keyStoreStr = getPath("resources/defaultkeystoredontexist");
289 SSLClientPolicy sslClientPolicy = new SSLClientPolicy();
290 sslClientPolicy.setKeystore(keyStoreStr);
291 sslClientPolicy.setKeyPassword("celtixpass");
292 sslClientPolicy.setKeystorePassword("celtixpass");
293
294 String trustStoreStr = getPath("resources/abigcompany_ca.pem");
295 sslClientPolicy.setTrustStore(trustStoreStr);
296 TestHandler handler = new TestHandler();
297 JettySslClientConfigurer jettySslClientConfigurer =
298 createJettySslClientConfigurer(sslClientPolicy,
299 "https://dummyurl",
300 handler);
301 jettySslClientConfigurer.configure();
302 SSLSocketFactory sSLSocketFactory =
303 jettySslClientConfigurer.getHttpsConnection().getSSLSocketFactory();
304 boolean isNewSocketFactory = sSLSocketFactory instanceof SSLSocketFactoryWrapper;
305 assertTrue("sSLSocketFactory should be null", !isNewSocketFactory);
306 assertTrue("SSLContext should have failed, invalid keystore location",
307 handler.checkLogContainsString("Problem initializing ssl for the outbound request"));
308
309 }
310
311 public void testWrongKeystorePasswordJKS() {
312
313 String keyStoreStr = getPath("resources/defaultkeystore");
314 SSLClientPolicy sslClientPolicy = new SSLClientPolicy();
315 sslClientPolicy.setKeystore(keyStoreStr);
316 sslClientPolicy.setKeyPassword("defaultkeypass");
317 sslClientPolicy.setKeystorePassword("defaultkeypasswrong");
318
319 sslClientPolicy.setKeystoreType("JKS");
320 String trustStoreStr = getPath("resources/defaulttruststore");
321 sslClientPolicy.setTrustStore(trustStoreStr);
322 TestHandler handler = new TestHandler();
323 JettySslClientConfigurer jettySslClientConfigurer =
324 createJettySslClientConfigurer(sslClientPolicy,
325 "https://dummyurl",
326 handler);
327 jettySslClientConfigurer.configure();
328 SSLSocketFactory sSLSocketFactory =
329 jettySslClientConfigurer.getHttpsConnection().getSSLSocketFactory();
330 boolean isNewSocketFactory = sSLSocketFactory instanceof SSLSocketFactoryWrapper;
331 assertTrue("sSLSocketFactory should be non and a new one", isNewSocketFactory);
332 assertTrue("SSLContext init should have passed, but keystore initialization failed, invalid "
333 + "keystore password",
334 handler.checkLogContainsString("Loading the keystore ")
335 && handler.checkLogContainsString("failed with the following problem"));
336 assertTrue("SSLContext init should have passed, but keystore initialization failed, invalid "
337 + "keystore password",
338 handler.checkLogContainsString("Keystore was tampered with, or password was incorrect"));
339 assertTrue("SSLContext init should have passed, but looks like trustore not loaded",
340 handler.checkLogContainsString("Successfully loaded trust store"));
341 assertTrue("Check to ensure keystore password and keypassword same failed",
342 handler.checkLogContainsString("The value specified for the keystore password"
343 + " is different to the key password. Currently "
344 + "limitations in JSSE requires that they should be the "
345 + "same. The keystore password value will be used only."));
346
347 }
348
349 public void testWrongKeystorePasswordPKCS12() {
350
351 String keyStoreStr = getPath("resources/celtix.p12");
352 SSLClientPolicy sslClientPolicy = new SSLClientPolicy();
353 sslClientPolicy.setKeystore(keyStoreStr);
354 sslClientPolicy.setKeyPassword("celtixpass");
355 sslClientPolicy.setKeystorePassword("celtixpasswrong");
356
357 String trustStoreStr = getPath("resources/abigcompany_ca.pem");
358 sslClientPolicy.setTrustStore(trustStoreStr);
359 TestHandler handler = new TestHandler();
360 JettySslClientConfigurer jettySslClientConfigurer =
361 createJettySslClientConfigurer(sslClientPolicy,
362 "https://dummyurl",
363 handler);
364 jettySslClientConfigurer.configure();
365 SSLSocketFactory sSLSocketFactory =
366 jettySslClientConfigurer.getHttpsConnection().getSSLSocketFactory();
367 boolean isNewSocketFactory = sSLSocketFactory instanceof SSLSocketFactoryWrapper;
368 assertTrue("sSLSocketFactory should be non and a new one", isNewSocketFactory);
369 assertTrue("SSLContext init should have passed, but keystore initialization failed, invalid "
370 + "keystore password",
371 handler.checkLogContainsString("Loading the keystore ")
372 && handler.checkLogContainsString("failed with the following problem"));
373 assertTrue("SSLContext init should have passed, but keystore initialization failed, invalid "
374 + "keystore password",
375 handler.checkLogContainsString("Loading the keystore ")
376 && handler.checkLogContainsString("failed with the following problem"));
377 assertTrue("SSLContext init should have passed, but looks like trustore not loaded",
378 handler.checkLogContainsString("Successfully loaded trust store"));
379 assertTrue("Check to ensure keystore password and keypassword same failed",
380 handler.checkLogContainsString("The value specified for the keystore password"
381 + " is different to the key password. Currently "
382 + "limitations in JSSE requires that they should be the "
383 + "same. The keystore password value will be used only."));
384
385 }
386
387 public void testWrongKeyPasswordJKS() {
388
389 String keyStoreStr = getPath("resources/defaultkeystore");
390 SSLClientPolicy sslClientPolicy = new SSLClientPolicy();
391 sslClientPolicy.setKeystore(keyStoreStr);
392 sslClientPolicy.setKeyPassword("defaultkeypasswrong");
393 sslClientPolicy.setKeystorePassword("defaultkeypass");
394
395 sslClientPolicy.setKeystoreType("JKS");
396 String trustStoreStr = getPath("resources/defaulttruststore");
397 sslClientPolicy.setTrustStore(trustStoreStr);
398 TestHandler handler = new TestHandler();
399 JettySslClientConfigurer jettySslClientConfigurer =
400 createJettySslClientConfigurer(sslClientPolicy,
401 "https://dummyurl",
402 handler);
403 jettySslClientConfigurer.configure();
404 SSLSocketFactory sSLSocketFactory =
405 jettySslClientConfigurer.getHttpsConnection().getSSLSocketFactory();
406 boolean isNewSocketFactory = sSLSocketFactory instanceof SSLSocketFactoryWrapper;
407 assertTrue("sSLSocketFactory should be non and a new one", isNewSocketFactory);
408 assertTrue("SSLContext init should have passed, and keystore initialization succeedeed, "
409 + "EVEN THOUGH invalid key password",
410 handler.checkLogContainsString("Successfully loaded keystore"));
411 assertTrue("SSLContext init should have passed, but looks like trustore not loaded",
412 handler.checkLogContainsString("Successfully loaded trust store"));
413 assertTrue("Check to ensure keystore password and keypassword same failed",
414 handler.checkLogContainsString("The value specified for the keystore password"
415 + " is different to the key password. Currently "
416 + "limitations in JSSE requires that they should be the "
417 + "same. The keystore password value will be used only."));
418
419 }
420
421 public void testWrongKeyPasswordPKCS12() {
422
423 String keyStoreStr = getPath("resources/celtix.p12");
424 SSLClientPolicy sslClientPolicy = new SSLClientPolicy();
425 sslClientPolicy.setKeystore(keyStoreStr);
426 sslClientPolicy.setKeyPassword("celtixpasswrong");
427 sslClientPolicy.setKeystorePassword("celtixpass");
428
429 String trustStoreStr = getPath("resources/abigcompany_ca.pem");
430 sslClientPolicy.setTrustStore(trustStoreStr);
431 TestHandler handler = new TestHandler();
432 JettySslClientConfigurer jettySslClientConfigurer =
433 createJettySslClientConfigurer(sslClientPolicy,
434 "https://dummyurl",
435 handler);
436 jettySslClientConfigurer.configure();
437 SSLSocketFactory sSLSocketFactory =
438 jettySslClientConfigurer.getHttpsConnection().getSSLSocketFactory();
439 boolean isNewSocketFactory = sSLSocketFactory instanceof SSLSocketFactoryWrapper;
440 assertTrue("sSLSocketFactory should be non and a new one", isNewSocketFactory);
441 assertTrue("SSLContext init should have passed, and keystore initialization succeedeed, "
442 + "EVEN THOUGH invalid key password",
443 handler.checkLogContainsString("Successfully loaded keystore"));
444 assertTrue("SSLContext init should have passed, but looks like trustore not loaded",
445 handler.checkLogContainsString("Successfully loaded trust store"));
446 assertTrue("Check to ensure keystore password and keypassword same failed",
447 handler.checkLogContainsString("The value specified for the keystore password"
448 + " is different to the key password. Currently "
449 + "limitations in JSSE requires that they should be the "
450 + "same. The keystore password value will be used only."));
451
452 }
453
454
455 public void testAllElementsHaveSetupMethod() {
456 SSLClientPolicy sslClientPolicy = new SSLClientPolicy();
457 TestHandler handler = new TestHandler();
458 JettySslClientConfigurer jettySslClientConfigurer =
459 createJettySslClientConfigurer(sslClientPolicy,
460 "https://dummyurl",
461 handler);
462 assertTrue("A new element has been "
463 + "added to SSLClientPolicy without a corresponding "
464 + "setup method in the configurer.",
465 jettySslClientConfigurer.testAllDataHasSetupMethod());
466 }
467
468
469 private JettySslClientConfigurer createJettySslClientConfigurer(
470 SSLClientPolicy sslClientPolicy,
471 String urlStr,
472 TestHandler handler) {
473 try {
474 DummyHttpsConnection connection = new DummyHttpsConnection(null);
475 JettySslClientConfigurer jettySslClientConfigurer =
476 new JettySslClientConfigurer(sslClientPolicy,
477 connection,
478 configuration);
479
480 jettySslClientConfigurer.addLogHandler(handler);
481 return jettySslClientConfigurer;
482
483 } catch (Exception e) {
484 e.printStackTrace();
485 }
486 return null;
487 }
488
489 protected static String getPath(String fileName) {
490 URL keystoreURL = JettySslClientConfigurerTest.class.getResource(".");
491 String str = keystoreURL.getFile();
492 str += DROP_BACK_SRC_DIR + fileName;
493 return str;
494 }
495 }
496
497
498 |
Popular Tags |
Java API By Example, From Geeks To Geeks.