package test.at.gv.egovernment.moa.util; import java.io.FileInputStream; import java.io.IOException; import java.net.URL; import java.security.KeyStore; import java.security.Security; import javax.net.ssl.SSLException; import javax.net.ssl.SSLSocketFactory; import com.sun.net.ssl.HostnameVerifier; import com.sun.net.ssl.HttpsURLConnection; import at.gv.egovernment.moa.util.KeyStoreUtils; import at.gv.egovernment.moa.util.SSLUtils; import junit.framework.TestCase; /** * @author Paul Ivancsics * @version $Id$ */ public class SSLUtilsTest extends TestCase { public SSLUtilsTest(String arg0) { super(arg0); } protected void setUp() throws Exception { //System.setProperty("javax.net.debug", "all"); Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); System.setProperty("https.cipherSuites", "SSL_DHE_DSS_WITH_DES_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,SSL_RSA_WITH_DES_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_EXPORT_WITH_RC4_40_MD5"); } public void testGetSSLSocketFactoryBaltimoreOK() throws Exception { doTestGetSSLSocketFactory( "GET", "https://www.baltimore.com/", false, "file:data/test/security/cacerts+gt_cybertrust_root", "changeit", true); } public void testGetSSLSocketFactoryBaltimoreNOK() throws Exception { doTestGetSSLSocketFactory( "GET", "https://www.baltimore.com/", false, "file:data/test/security/cacerts", "changeit", false); } public void testGetSSLSocketFactoryVerisignOK() throws Exception { doTestGetSSLSocketFactory( "GET", "https://www.verisign.com/", false, "file:data/test/security/cacerts", "changeit", true); } public void testGetSSLSocketFactoryVerisignNoTruststoreOK() throws Exception { doTestGetSSLSocketFactory( "GET", "https://www.verisign.com/", false, null, null, true); } public void testGetSSLSocketFactoryLocalhostOK() throws Exception { String urlString = "https://localhost:8443/moa-id-auth/index.jsp"; doTestGetSSLSocketFactory( "GET", urlString, true, "file:data/test/security/server.keystore.tomcat", "changeit", true); } public void testGetSSLSocketFactoryLocalhostNOK() throws Exception { String urlString = "https://localhost:8443/moa-id-auth/index.jsp"; doTestGetSSLSocketFactory( "GET", urlString, true, null, null, false); } public void doTestGetSSLSocketFactory( String requestMethod, String urlString, boolean useHostnameVerifierHack, String truststoreurl, String trustpassword, boolean shouldOk ) throws Exception { doTestGetSSLSocketFactory( requestMethod, urlString, useHostnameVerifierHack, truststoreurl, trustpassword, null, null, null, shouldOk); } public void doTestGetSSLSocketFactory( String requestMethod, String urlString, boolean useHostnameVerifierHack, String truststoreurl, String trustpassword, String keystoretype, String keystoreurl, String keypassword, boolean shouldOk ) throws Exception { KeyStore truststore = null; if (truststoreurl != null) truststore = KeyStoreUtils.loadKeyStore("jks", truststoreurl, trustpassword); SSLSocketFactory sf = SSLUtils.getSSLSocketFactory( truststore, keystoretype, keystoreurl, keypassword); System.out.println(requestMethod + " " + urlString); URL url = new URL(urlString); HttpsURLConnection conn = (HttpsURLConnection)url.openConnection(); conn.setRequestMethod(requestMethod); conn.setDoInput(true); conn.setDoOutput(true); conn.setUseCaches(false); conn.setAllowUserInteraction(false); conn.setSSLSocketFactory(sf); if (useHostnameVerifierHack) conn.setHostnameVerifier(new HostnameVerifierHack()); try { conn.connect(); assertTrue(shouldOk); assertEquals(200, conn.getResponseCode()); conn.disconnect(); } catch (SSLException ex) { assertFalse(shouldOk); } } private byte[] readTruststore(String filename) throws IOException { if (filename == null) return null; FileInputStream in = new FileInputStream(filename); byte[] buffer = new byte[in.available()]; in.read(buffer); in.close(); return buffer; } private class HostnameVerifierHack implements HostnameVerifier { public boolean verify(String arg0, String arg1) { return true; } } }