aboutsummaryrefslogtreecommitdiff
path: root/src/test/java
diff options
context:
space:
mode:
authorChristof Rabensteiner <christof.rabensteiner@iaik.tugraz.at>2019-06-27 17:39:24 +0200
committerChristof Rabensteiner <christof.rabensteiner@iaik.tugraz.at>2019-06-27 17:39:24 +0200
commita9a9e1cb62123475edd733a53ecc00611c2aa764 (patch)
tree05ac9f2f2a6c199badb802c1390f1a9fc887aba8 /src/test/java
parent8b80ea299ef6fadfbc0ec59308e0937612eb8c35 (diff)
downloadmoa-zs-a9a9e1cb62123475edd733a53ecc00611c2aa764.tar.gz
moa-zs-a9a9e1cb62123475edd733a53ecc00611c2aa764.tar.bz2
moa-zs-a9a9e1cb62123475edd733a53ecc00611c2aa764.zip
Honor & Test TrustAll and LaxHostNameVerification
- Print a big scary warning message for everyone who enables "trustAll" - Test TrustAll and LaxHostNameVerification - Describe test case requirements and add key material needed to run these test cases.
Diffstat (limited to 'src/test/java')
-rw-r--r--src/test/java/at/gv/egiz/moazs/MsgClientTest.java103
1 files changed, 84 insertions, 19 deletions
diff --git a/src/test/java/at/gv/egiz/moazs/MsgClientTest.java b/src/test/java/at/gv/egiz/moazs/MsgClientTest.java
index 7c9bf7d..bd68d9d 100644
--- a/src/test/java/at/gv/egiz/moazs/MsgClientTest.java
+++ b/src/test/java/at/gv/egiz/moazs/MsgClientTest.java
@@ -4,9 +4,9 @@ import at.gv.egiz.moazs.msg.MsgClientFactory;
import at.gv.egiz.moazs.msg.StoreSOAPBodyBinaryInRepositoryInterceptor;
import at.gv.egiz.moazs.scheme.Marshaller;
import at.gv.zustellung.app2mzs.xsd.ClientType;
+import at.gv.zustellung.app2mzs.xsd.KeyStoreType;
import at.gv.zustellung.msg.xsd.DeliveryRequestType;
import at.gv.zustellung.msg.xsd.ObjectFactory;
-import org.junit.Test;
import org.junit.runner.RunWith;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -20,6 +20,7 @@ import java.io.FileInputStream;
import java.io.IOException;
import java.math.BigInteger;
+import static at.gv.zustellung.app2mzs.xsd.ClientType.clientTypeBuilder;
import static at.gv.zustellung.app2mzs.xsd.KeyStoreType.keyStoreTypeBuilder;
import static at.gv.zustellung.app2mzs.xsd.SSLType.SSLTypeBuilder;
@@ -43,14 +44,19 @@ public class MsgClientTest {
private static final ObjectFactory OF = new ObjectFactory();
- // this test requires that a zusemsg service runs under httpServiceUri!
// tmp disabled. todo: set up integration tests
+
+ // Requirements:
+ // - run zusemsg service under httpServiceURL
// @Test
public void sendValidMessage() throws IOException {
var request = loadFromFile("validDeliveryRequest.xml");
- var httpServiceUri = "http://localhost:8081/services/DeliveryRequest";
- var clientParams = generateClientParams(httpServiceUri);
+ var httpServiceURL = "http://localhost:8081/services/DeliveryRequest";
+ var clientParams = clientTypeBuilder()
+ .withURL(httpServiceURL)
+ .build();
+
var client = factory.create(clientParams);
try{
@@ -61,20 +67,79 @@ public class MsgClientTest {
}
}
+ // Requirements:
+ // - run zusemsg service under httpsServiceURL
+ // - server trusts client cert (by trusting CA bundle in ssl/trusted-cas-bundle.pem)
+ // - server uses the server certificate in ssl/server/server.localhost.*.pem
+ // - server sends certificate chain ssl/server/ca-chain.cert.pem
+ //@Test
+ public void sendOverSSLWithClientAuthentication() throws IOException {
+
+ var request = loadFromFile("validDeliveryRequest.xml");
+ var httpsServiceURL = "https://localhost/zusemsg/services/DeliveryRequest";
+
+ var clientParams = generateSSLClientParams(httpsServiceURL, false, false);
+ var client = factory.create(clientParams);
+
+ var status = client.delivery(request);
+ log.info("status: " + msgMarshaller.marshallXml(OF.createDeliveryRequestStatus(status)));
+ }
+
+ // Requirements:
+ // - run zusemsg service under httpsServiceURL
+ // - server trusts client cert (by trusting CA bundle in ssl/trusted-cas-bundle.pem)
+ // - server uses the server certificate in ssl/server/server.localhost.*.pem
+ // - server sends certificate chain ssl/server/ca-chain.cert.pem
//@Test
- public void sendValidMessageSSL() throws IOException {
+ public void sendOverSSLWithTrustAll() throws IOException {
var request = loadFromFile("validDeliveryRequest.xml");
var sslServiceUri = "https://localhost/zusemsg/services/DeliveryRequest";
- var clientParams = generateSSLClientParams(sslServiceUri);
+
+ var clientParams = generateSSLClientParams(sslServiceUri, true, false);
+ var client = factory.create(clientParams);
+
+ var status = client.delivery(request);
+ log.info("status: " + msgMarshaller.marshallXml(OF.createDeliveryRequestStatus(status)));
+ }
+
+ // Requirements:
+ // - run zusemsg service under httpsServiceURL (e.g. by adding notlocalhost to /etc/hosts)
+ // - server trusts client cert (by trusting CA bundle in ssl/trusted-cas-bundle.pem)
+ // - server uses the server certificate in ssl/server/server.localhost.*.pem
+ // - server sends certificate chain ssl/server/ca-chain.cert.pem
+ //@Test
+ public void sendOverSSLWithLaxHostnameVerification() throws IOException {
+
+ var request = loadFromFile("validDeliveryRequest.xml");
+ var sslServiceUri = "https://notlocalhost/zusemsg/services/DeliveryRequest";
+
+ var clientParams = generateSSLClientParams(sslServiceUri, false, true);
var client = factory.create(clientParams);
var status = client.delivery(request);
log.info("status: " + msgMarshaller.marshallXml(OF.createDeliveryRequestStatus(status)));
+ }
+
+ //Requirements:
+ // - run zusemsg service under httpsServiceURL (e.g. by adding notlocalhost to /etc/hosts)
+ // - server trusts client cert (by trusting CA bundle in ssl/trusted-cas-bundle.pem)
+ // - server uses the server certificate in ssl/server/server.localhost.*.pem
+ // - server sends certificate chain ssl/server/ca-chain.cert.pem
+ //@Test(expected=SOAPFaultException.class)
+ public void rejectBecauseHostNameVerificationFails() throws IOException {
+
+ var request = loadFromFile("validDeliveryRequest.xml");
+ var sslServiceUri = "https://notlocalhost/zusemsg/services/DeliveryRequest";
+ var clientParams = generateSSLClientParams(sslServiceUri, false, false);
+ var client = factory.create(clientParams);
+
+ var status = client.delivery(request);
+ log.info("status: " + msgMarshaller.marshallXml(OF.createDeliveryRequestStatus(status)));
}
- private ClientType generateSSLClientParams(String sslServiceUri) {
+ private ClientType generateSSLClientParams(String sslServiceUri, boolean trustAll, boolean laxHostNameVerification) {
var keystore = keyStoreTypeBuilder()
.withFileName("ssl/client.cert.key.p12")
@@ -82,20 +147,16 @@ public class MsgClientTest {
.withPassword("123456")
.build();
- var truststore = keyStoreTypeBuilder()
- .withFileName("ssl/truststore.jks")
- .withPassword("123456")
- .withFileType("JKS")
- .build();
+ var truststore = trustAll ? null : generateTrustLocalhostStore();
var sslParams = SSLTypeBuilder()
- .withLaxHostNameVerification(false)
- .withTrustAll(false)
+ .withLaxHostNameVerification(laxHostNameVerification)
+ .withTrustAll(trustAll)
.withKeyStore(keystore)
.withTrustStore(truststore)
.build();
- return ClientType.clientTypeBuilder()
+ return clientTypeBuilder()
.withURL(sslServiceUri)
.withSSL(sslParams)
.withReceiveTimeout(BigInteger.ZERO)
@@ -104,6 +165,14 @@ public class MsgClientTest {
}
+ private KeyStoreType generateTrustLocalhostStore() {
+ return keyStoreTypeBuilder()
+ .withFileName("ssl/truststore.jks")
+ .withPassword("123456")
+ .withFileType("JKS")
+ .build();
+ }
+
private DeliveryRequestType loadFromFile(String fileName) throws IOException {
try (var inputStream = new BufferedInputStream(new FileInputStream(basePath + fileName))) {
var request = (JAXBElement<DeliveryRequestType>) msgMarshaller.unmarshallXml(inputStream);
@@ -111,8 +180,4 @@ public class MsgClientTest {
}
}
- private ClientType generateClientParams(String url) {
- return ClientType.clientTypeBuilder().withURL(url).build();
- }
-
}