From af9478800e5e9884e690c5a48dce2b68d7d348a2 Mon Sep 17 00:00:00 2001
From: Christof Rabensteiner <christof.rabensteiner@iaik.tugraz.at>
Date: Wed, 21 Aug 2019 15:17:49 +0200
Subject: Remove SSL Depending Testcases from Integration Test Suite

- Reason: Now we can run integration tests without the need to set up
  SSL reverse proxy with client certificates.
---
 .../java/at/gv/egiz/moazs/ITSSLMsgClientTest.java  | 181 +++++++++++++++++++++
 1 file changed, 181 insertions(+)
 create mode 100644 src/test/java/at/gv/egiz/moazs/ITSSLMsgClientTest.java

(limited to 'src/test/java/at/gv/egiz/moazs/ITSSLMsgClientTest.java')

diff --git a/src/test/java/at/gv/egiz/moazs/ITSSLMsgClientTest.java b/src/test/java/at/gv/egiz/moazs/ITSSLMsgClientTest.java
new file mode 100644
index 0000000..477375a
--- /dev/null
+++ b/src/test/java/at/gv/egiz/moazs/ITSSLMsgClientTest.java
@@ -0,0 +1,181 @@
+package at.gv.egiz.moazs;
+
+import at.gv.egiz.moazs.client.ClientFactory;
+import at.gv.egiz.moazs.scheme.Marshaller;
+import at.gv.zustellung.app2mzs.xsd.ClientType;
+import at.gv.zustellung.app2mzs.xsd.KeyStoreType;
+import at.gv.zustellung.msg.xsd.App2ZusePort;
+import at.gv.zustellung.msg.xsd.DeliveryRequestType;
+import at.gv.zustellung.msg.xsd.ObjectFactory;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.junit4.SpringRunner;
+
+import javax.xml.bind.JAXBElement;
+import javax.xml.ws.soap.SOAPFaultException;
+import java.io.BufferedInputStream;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+
+import static at.gv.zustellung.app2mzs.xsd.ClientType.clientTypeBuilder;
+import static at.gv.zustellung.app2mzs.xsd.KeyStoreType.keyStoreTypeBuilder;
+import static at.gv.zustellung.app2mzs.xsd.SSLType.SSLTypeBuilder;
+import static org.assertj.core.api.Assertions.assertThat;
+
+@RunWith(SpringRunner.class)
+@SpringBootTest
+public class ITSSLMsgClientTest {
+
+    private static final Object VALID_MZS_REQUEST_ID = "valid-delivery-request-id" ;
+    private final String basePath = "src/test/resources/at/gv/egiz/moazs/ITSSLMsgClientTest/";
+
+    @Autowired
+    private Marshaller msgMarshaller;
+
+    @Autowired
+    private ClientFactory factory;
+
+    private static final ObjectFactory OF = new ObjectFactory();
+
+
+    // Requirements:
+    // - run zusemsg service under httpServiceURL
+    @Test
+    public void sendValidMessage() throws IOException {
+
+        var request = loadFromFile("validDeliveryRequest.xml");
+        var httpServiceURL =  "http://localhost:8081/services/DeliveryRequest";
+        var clientParams = clientTypeBuilder()
+                .withURL(httpServiceURL)
+                .withConnectionTimeout(BigInteger.ZERO)
+                .withReceiveTimeout(BigInteger.ZERO)
+                .build();
+
+        App2ZusePort port = createPort(clientParams);
+        var status = port.delivery(request);
+        assertThat(status.getPartialSuccess().getAppDeliveryID()).isEqualTo(VALID_MZS_REQUEST_ID);
+
+    }
+
+    private App2ZusePort createPort(ClientType params) {
+        return factory.create(params, App2ZusePort.class);
+    }
+
+    // Requirements:
+    // - run zusemsg service under httpsServiceURL
+    // - server trusts client cert (by trusting CA bundle in ssl/trusted-cas-bundle.pem)
+    // - server uses the server certificate in ssl/server/server.localhost.*.pem
+    // - server sends certificate chain ssl/server/ca-chain.cert.pem
+    @Test
+    public void sendOverSSLWithClientAuthentication() throws IOException {
+
+        var request = loadFromFile("validDeliveryRequest.xml");
+        var httpsServiceURL = "https://localhost/zusemsg/services/DeliveryRequest";
+
+        var clientParams = generateSSLClientParams(httpsServiceURL, false, false);
+        App2ZusePort port = createPort(clientParams);
+
+        var status = port.delivery(request);
+        assertThat(status.getPartialSuccess().getAppDeliveryID()).isEqualTo(VALID_MZS_REQUEST_ID);
+    }
+
+    // Requirements:
+    // - run zusemsg service under httpsServiceURL
+    // - server trusts client cert (by trusting CA bundle in ssl/trusted-cas-bundle.pem)
+    // - server uses the server certificate in ssl/server/server.localhost.*.pem
+    // - server sends certificate chain ssl/server/ca-chain.cert.pem
+    @Test
+    public void sendOverSSLWithClientAuthTrustAll() throws IOException {
+
+        var request = loadFromFile("validDeliveryRequest.xml");
+        var httpsServiceURL = "https://localhost/zusemsg/services/DeliveryRequest";
+
+        var clientParams = generateSSLClientParams(httpsServiceURL, true, false);
+        App2ZusePort port = createPort(clientParams);
+
+        var status = port.delivery(request);
+        assertThat(status.getPartialSuccess().getAppDeliveryID()).isEqualTo(VALID_MZS_REQUEST_ID);
+    }
+
+    // Requirements:
+    // - run zusemsg service under httpsServiceURL (e.g. by adding notlocalhost to /etc/hosts)
+    // - server trusts client cert (by trusting CA bundle in ssl/trusted-cas-bundle.pem)
+    // - server uses the server certificate in ssl/server/server.localhost.*.pem
+    // - server sends certificate chain ssl/server/ca-chain.cert.pem
+    @Test
+    public void sendOverSSLWithClientAuthLaxHostnameVerification() throws IOException {
+
+        var request = loadFromFile("validDeliveryRequest.xml");
+        var httpsServiceURL = "https://notlocalhost/zusemsg/services/DeliveryRequest";
+
+        var clientParams = generateSSLClientParams(httpsServiceURL, false, true);
+        App2ZusePort port = createPort(clientParams);
+
+        var status = port.delivery(request);
+        assertThat(status.getPartialSuccess().getAppDeliveryID()).isEqualTo(VALID_MZS_REQUEST_ID);
+    }
+
+    //Requirements:
+    // - run zusemsg service under httpsServiceURL (e.g. by adding notlocalhost to /etc/hosts)
+    // - server trusts client cert (by trusting CA bundle in ssl/trusted-cas-bundle.pem)
+    // - server uses the server certificate in ssl/server/server.localhost.*.pem
+    // - server sends certificate chain ssl/server/ca-chain.cert.pem
+    @Test(expected=SOAPFaultException.class)
+    public void rejectBecauseHostNameVerificationFails() throws IOException {
+
+        var request = loadFromFile("validDeliveryRequest.xml");
+        var httpsServiceURL = "https://notlocalhost/zusemsg/services/DeliveryRequest";
+
+        var clientParams = generateSSLClientParams(httpsServiceURL, false, false);
+        App2ZusePort port = createPort(clientParams);
+
+        port.delivery(request);
+    }
+
+    private ClientType generateSSLClientParams(String httpsServiceURL, boolean trustAll, boolean laxHostNameVerification) {
+        return generateSSLClientParams(httpsServiceURL, trustAll, laxHostNameVerification, generateTrustLocalhostStore());
+    }
+
+    private ClientType generateSSLClientParams(String httpsServiceURL, boolean trustAll, boolean laxHostNameVerification, KeyStoreType truststore) {
+
+        var keystore = keyStoreTypeBuilder()
+                .withFileName("config/ssl/client.cert.key.p12")
+                .withFileType("PKCS12")
+                .withPassword("123456")
+                .build();
+
+        var sslParams = SSLTypeBuilder()
+                .withLaxHostNameVerification(laxHostNameVerification)
+                .withTrustAll(trustAll)
+                .withKeyStore(keystore)
+                .withTrustStore(trustAll ? null : truststore)
+                .build();
+
+        return clientTypeBuilder()
+                .withURL(httpsServiceURL)
+                .withSSL(sslParams)
+                .withReceiveTimeout(BigInteger.ZERO)
+                .withConnectionTimeout(BigInteger.ZERO)
+                .build();
+
+    }
+
+    private KeyStoreType generateTrustLocalhostStore() {
+        return keyStoreTypeBuilder()
+                .withFileName("config/ssl/truststore.jks")
+                .withPassword("123456")
+                .withFileType("JKS")
+                .build();
+    }
+
+    private DeliveryRequestType loadFromFile(String fileName) throws IOException {
+        try (var inputStream = new BufferedInputStream(new FileInputStream(basePath + fileName))) {
+            var request = (JAXBElement<DeliveryRequestType>) msgMarshaller.unmarshallXml(inputStream);
+            return request.getValue();
+        }
+    }
+
+}
-- 
cgit v1.2.3