/*
 * Copyright 2003 Federal Chancellery Austria
 * MOA-ID has been developed in a cooperation between BRZ, the Federal
 * Chancellery Austria - ICT staff unit, and Graz University of Technology.
 *
 * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
 * the European Commission - subsequent versions of the EUPL (the "Licence");
 * You may not use this work except in compliance with the Licence.
 * You may obtain a copy of the Licence at:
 * http://www.osor.eu/eupl/
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the Licence is distributed on an "AS IS" basis,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the Licence for the specific language governing permissions and
 * limitations under the Licence.
 *
 * This product combines work with different licenses. See the "NOTICE" text
 * file for details on the various modules and licenses.
 * The "NOTICE" text file is part of the distribution. Any derivative works
 * that you distribute must include a readable copy of the "NOTICE" text file.
 */


package test.at.gv.egovernment.moa.util;

import java.net.URL;
import java.security.KeyStore;
import java.security.Security;

import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSocketFactory;

import junit.framework.TestCase;

//import com.sun.net.ssl.HostnameVerifier;
//import com.sun.net.ssl.HttpsURLConnection;

import at.gv.egovernment.moaspss.util.KeyStoreUtils;
import at.gv.egovernment.moaspss.util.SSLUtils;

/**
 * @author Paul Ivancsics
 * @version $Id$
 */
public class SSLUtilsTest extends TestCase {

  public SSLUtilsTest(String arg0) {
    super(arg0);
  }

	
  protected void setUp() throws Exception {
    //System.setProperty("javax.net.debug", "all");
    //Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
    System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
    System.setProperty("https.cipherSuites", "SSL_DHE_DSS_WITH_DES_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,SSL_RSA_WITH_DES_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_EXPORT_WITH_RC4_40_MD5");
  }

	public void testGetSSLSocketFactoryBaltimoreOK() throws Exception {
		doTestGetSSLSocketFactory(
			"GET",
			"https://www.baltimore.com/",
			false,
			"file:data/test/security/cacerts+gt_cybertrust_root",
			"changeit",
			true);
	}
	public void testGetSSLSocketFactoryBaltimoreNOK() throws Exception {
		doTestGetSSLSocketFactory(
			"GET",
			"https://www.baltimore.com/",
			false,
			"file:data/test/security/cacerts",
			"changeit", 
			false);
	}
	public void testGetSSLSocketFactoryVerisignOK() throws Exception {
		doTestGetSSLSocketFactory(
			"GET",
			"https://www.verisign.com/",
			false,
			"file:data/test/security/cacerts",
			"changeit",
			true);
	}
	public void testGetSSLSocketFactoryVerisignNoTruststoreOK() throws Exception {
		doTestGetSSLSocketFactory(
			"GET",
			"https://www.verisign.com/",
			false,
			null,
			null,
			true);
	}
	public void testGetSSLSocketFactoryLocalhostOK() throws Exception {
		String urlString = "https://localhost:8443/moa-id-auth/index.jsp";
		doTestGetSSLSocketFactory(
			"GET",
			urlString,
			true,
			"file:data/test/security/server.keystore.tomcat",
			"changeit",
			true);
	}
	public void testGetSSLSocketFactoryLocalhostNOK() throws Exception {
		String urlString = "https://localhost:8443/moa-id-auth/index.jsp";
		doTestGetSSLSocketFactory(
			"GET",
			urlString,
			true,
			null,
			null,
			false);
	}
		
	public void doTestGetSSLSocketFactory(
		String requestMethod,
		String urlString, 
		boolean useHostnameVerifierHack,
		String truststoreurl,
		String trustpassword,
		boolean shouldOk
		) throws Exception {

		doTestGetSSLSocketFactory(
			requestMethod, urlString, useHostnameVerifierHack, truststoreurl, trustpassword, null, null, null, shouldOk);
		}
	public void doTestGetSSLSocketFactory(
		String requestMethod,
		String urlString, 
		boolean useHostnameVerifierHack,
		String truststoreurl,
		String trustpassword,
		String keystoretype,
		String keystoreurl,
		String keypassword,
		boolean shouldOk
		) throws Exception {

		KeyStore truststore = null;
		if (truststoreurl != null)
			truststore = KeyStoreUtils.loadKeyStore("jks", truststoreurl, trustpassword);
		SSLSocketFactory sf = SSLUtils.getSSLSocketFactory(
			truststore, keystoretype, keystoreurl, keypassword);
		System.out.println(requestMethod + " " + urlString);

		URL url = new URL(urlString);
		/*HttpsURLConnection conn = (HttpsURLConnection)url.openConnection();
		conn.setRequestMethod(requestMethod);
		conn.setDoInput(true);
		conn.setDoOutput(true);
		conn.setUseCaches(false);
		conn.setAllowUserInteraction(false);		
  	conn.setSSLSocketFactory(sf);
  	if (useHostnameVerifierHack)
  		conn.setHostnameVerifier(new HostnameVerifierHack());
  	try {
			conn.connect();
			assertTrue(shouldOk);
			assertEquals(200, conn.getResponseCode());
			conn.disconnect();
  	}
  	catch (SSLException ex) {
  		assertFalse(shouldOk);
  	}
	}*/
//	private byte[] readTruststore(String filename) throws IOException {
//		if (filename == null)
//			return null;
//		FileInputStream in = new FileInputStream(filename);
//		byte[] buffer = new byte[in.available()];
//		in.read(buffer);
//		in.close();
//		return buffer;
//	}
  //private class HostnameVerifierHack implements HostnameVerifier {
    //public boolean verify(String arg0, String arg1) {
    //  return true;
    //}
	}
}