/*
* Copyright 2003 Federal Chancellery Austria
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
*     http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package test.at.gv.egovernment.moa.util;

import java.io.FileInputStream;
import java.io.IOException;
import java.net.URL;
import java.security.KeyStore;
import java.security.Security;

import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSocketFactory;

import com.sun.net.ssl.HostnameVerifier;
import com.sun.net.ssl.HttpsURLConnection;

import at.gv.egovernment.moa.util.KeyStoreUtils;
import at.gv.egovernment.moa.util.SSLUtils;

import junit.framework.TestCase;

/**
 * @author Paul Ivancsics
 * @version $Id$
 */
public class SSLUtilsTest extends TestCase {

  public SSLUtilsTest(String arg0) {
    super(arg0);
  }

	
  protected void setUp() throws Exception {
    //System.setProperty("javax.net.debug", "all");
    Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
    System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
    System.setProperty("https.cipherSuites", "SSL_DHE_DSS_WITH_DES_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,SSL_RSA_WITH_DES_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_EXPORT_WITH_RC4_40_MD5");
  }

	public void testGetSSLSocketFactoryBaltimoreOK() throws Exception {
		doTestGetSSLSocketFactory(
			"GET",
			"https://www.baltimore.com/",
			false,
			"file:data/test/security/cacerts+gt_cybertrust_root",
			"changeit",
			true);
	}
	public void testGetSSLSocketFactoryBaltimoreNOK() throws Exception {
		doTestGetSSLSocketFactory(
			"GET",
			"https://www.baltimore.com/",
			false,
			"file:data/test/security/cacerts",
			"changeit", 
			false);
	}
	public void testGetSSLSocketFactoryVerisignOK() throws Exception {
		doTestGetSSLSocketFactory(
			"GET",
			"https://www.verisign.com/",
			false,
			"file:data/test/security/cacerts",
			"changeit",
			true);
	}
	public void testGetSSLSocketFactoryVerisignNoTruststoreOK() throws Exception {
		doTestGetSSLSocketFactory(
			"GET",
			"https://www.verisign.com/",
			false,
			null,
			null,
			true);
	}
	public void testGetSSLSocketFactoryLocalhostOK() throws Exception {
		String urlString = "https://localhost:8443/moa-id-auth/index.jsp";
		doTestGetSSLSocketFactory(
			"GET",
			urlString,
			true,
			"file:data/test/security/server.keystore.tomcat",
			"changeit",
			true);
	}
	public void testGetSSLSocketFactoryLocalhostNOK() throws Exception {
		String urlString = "https://localhost:8443/moa-id-auth/index.jsp";
		doTestGetSSLSocketFactory(
			"GET",
			urlString,
			true,
			null,
			null,
			false);
	}
		
	public void doTestGetSSLSocketFactory(
		String requestMethod,
		String urlString, 
		boolean useHostnameVerifierHack,
		String truststoreurl,
		String trustpassword,
		boolean shouldOk
		) throws Exception {

		doTestGetSSLSocketFactory(
			requestMethod, urlString, useHostnameVerifierHack, truststoreurl, trustpassword, null, null, null, shouldOk);
		}
	public void doTestGetSSLSocketFactory(
		String requestMethod,
		String urlString, 
		boolean useHostnameVerifierHack,
		String truststoreurl,
		String trustpassword,
		String keystoretype,
		String keystoreurl,
		String keypassword,
		boolean shouldOk
		) throws Exception {

		KeyStore truststore = null;
		if (truststoreurl != null)
			truststore = KeyStoreUtils.loadKeyStore("jks", truststoreurl, trustpassword);
		SSLSocketFactory sf = SSLUtils.getSSLSocketFactory(
			truststore, keystoretype, keystoreurl, keypassword);
		System.out.println(requestMethod + " " + urlString);

		URL url = new URL(urlString);
		HttpsURLConnection conn = (HttpsURLConnection)url.openConnection();
		conn.setRequestMethod(requestMethod);
		conn.setDoInput(true);
		conn.setDoOutput(true);
		conn.setUseCaches(false);
		conn.setAllowUserInteraction(false);		
  	conn.setSSLSocketFactory(sf);
  	if (useHostnameVerifierHack)
  		conn.setHostnameVerifier(new HostnameVerifierHack());
  	try {
			conn.connect();
			assertTrue(shouldOk);
			assertEquals(200, conn.getResponseCode());
			conn.disconnect();
  	}
  	catch (SSLException ex) {
  		assertFalse(shouldOk);
  	}
	}
	private byte[] readTruststore(String filename) throws IOException {
		if (filename == null)
			return null;
		FileInputStream in = new FileInputStream(filename);
		byte[] buffer = new byte[in.available()];
		in.read(buffer);
		in.close();
		return buffer;
	}
  private class HostnameVerifierHack implements HostnameVerifier {
    public boolean verify(String arg0, String arg1) {
      return true;
    }
	}
}