From af9478800e5e9884e690c5a48dce2b68d7d348a2 Mon Sep 17 00:00:00 2001 From: Christof Rabensteiner Date: Wed, 21 Aug 2019 15:17:49 +0200 Subject: Remove SSL Depending Testcases from Integration Test Suite - Reason: Now we can run integration tests without the need to set up SSL reverse proxy with client certificates. --- .../java/at/gv/egiz/moazs/ITMsgClientTest.java | 181 --------------------- .../java/at/gv/egiz/moazs/ITSSLMsgClientTest.java | 181 +++++++++++++++++++++ .../moazs/ITMsgClientTest/validDeliveryRequest.xml | 56 ------- .../ITSSLMsgClientTest/validDeliveryRequest.xml | 56 +++++++ 4 files changed, 237 insertions(+), 237 deletions(-) delete mode 100644 src/test/java/at/gv/egiz/moazs/ITMsgClientTest.java create mode 100644 src/test/java/at/gv/egiz/moazs/ITSSLMsgClientTest.java delete mode 100644 src/test/resources/at/gv/egiz/moazs/ITMsgClientTest/validDeliveryRequest.xml create mode 100644 src/test/resources/at/gv/egiz/moazs/ITSSLMsgClientTest/validDeliveryRequest.xml (limited to 'src') diff --git a/src/test/java/at/gv/egiz/moazs/ITMsgClientTest.java b/src/test/java/at/gv/egiz/moazs/ITMsgClientTest.java deleted file mode 100644 index 0f87dd6..0000000 --- a/src/test/java/at/gv/egiz/moazs/ITMsgClientTest.java +++ /dev/null @@ -1,181 +0,0 @@ -package at.gv.egiz.moazs; - -import at.gv.egiz.moazs.client.ClientFactory; -import at.gv.egiz.moazs.scheme.Marshaller; -import at.gv.zustellung.app2mzs.xsd.ClientType; -import at.gv.zustellung.app2mzs.xsd.KeyStoreType; -import at.gv.zustellung.msg.xsd.App2ZusePort; -import at.gv.zustellung.msg.xsd.DeliveryRequestType; -import at.gv.zustellung.msg.xsd.ObjectFactory; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.boot.test.context.SpringBootTest; -import org.springframework.test.context.junit4.SpringRunner; - -import javax.xml.bind.JAXBElement; -import javax.xml.ws.soap.SOAPFaultException; -import java.io.BufferedInputStream; -import java.io.FileInputStream; -import java.io.IOException; -import java.math.BigInteger; - -import static at.gv.zustellung.app2mzs.xsd.ClientType.clientTypeBuilder; -import static at.gv.zustellung.app2mzs.xsd.KeyStoreType.keyStoreTypeBuilder; -import static at.gv.zustellung.app2mzs.xsd.SSLType.SSLTypeBuilder; -import static org.assertj.core.api.Assertions.assertThat; - -@RunWith(SpringRunner.class) -@SpringBootTest -public class ITMsgClientTest { - - private static final Object VALID_MZS_REQUEST_ID = "valid-delivery-request-id" ; - private final String basePath = "src/test/resources/at/gv/egiz/moazs/ITMsgClientTest/"; - - @Autowired - private Marshaller msgMarshaller; - - @Autowired - private ClientFactory factory; - - private static final ObjectFactory OF = new ObjectFactory(); - - - // Requirements: - // - run zusemsg service under httpServiceURL - @Test - public void sendValidMessage() throws IOException { - - var request = loadFromFile("validDeliveryRequest.xml"); - var httpServiceURL = "http://localhost:8081/services/DeliveryRequest"; - var clientParams = clientTypeBuilder() - .withURL(httpServiceURL) - .withConnectionTimeout(BigInteger.ZERO) - .withReceiveTimeout(BigInteger.ZERO) - .build(); - - App2ZusePort port = createPort(clientParams); - var status = port.delivery(request); - assertThat(status.getPartialSuccess().getAppDeliveryID()).isEqualTo(VALID_MZS_REQUEST_ID); - - } - - private App2ZusePort createPort(ClientType params) { - return factory.create(params, App2ZusePort.class); - } - - // Requirements: - // - run zusemsg service under httpsServiceURL - // - server trusts client cert (by trusting CA bundle in ssl/trusted-cas-bundle.pem) - // - server uses the server certificate in ssl/server/server.localhost.*.pem - // - server sends certificate chain ssl/server/ca-chain.cert.pem - @Test - public void sendOverSSLWithClientAuthentication() throws IOException { - - var request = loadFromFile("validDeliveryRequest.xml"); - var httpsServiceURL = "https://localhost/zusemsg/services/DeliveryRequest"; - - var clientParams = generateSSLClientParams(httpsServiceURL, false, false); - App2ZusePort port = createPort(clientParams); - - var status = port.delivery(request); - assertThat(status.getPartialSuccess().getAppDeliveryID()).isEqualTo(VALID_MZS_REQUEST_ID); - } - - // Requirements: - // - run zusemsg service under httpsServiceURL - // - server trusts client cert (by trusting CA bundle in ssl/trusted-cas-bundle.pem) - // - server uses the server certificate in ssl/server/server.localhost.*.pem - // - server sends certificate chain ssl/server/ca-chain.cert.pem - @Test - public void sendOverSSLWithClientAuthTrustAll() throws IOException { - - var request = loadFromFile("validDeliveryRequest.xml"); - var httpsServiceURL = "https://localhost/zusemsg/services/DeliveryRequest"; - - var clientParams = generateSSLClientParams(httpsServiceURL, true, false); - App2ZusePort port = createPort(clientParams); - - var status = port.delivery(request); - assertThat(status.getPartialSuccess().getAppDeliveryID()).isEqualTo(VALID_MZS_REQUEST_ID); - } - - // Requirements: - // - run zusemsg service under httpsServiceURL (e.g. by adding notlocalhost to /etc/hosts) - // - server trusts client cert (by trusting CA bundle in ssl/trusted-cas-bundle.pem) - // - server uses the server certificate in ssl/server/server.localhost.*.pem - // - server sends certificate chain ssl/server/ca-chain.cert.pem - @Test - public void sendOverSSLWithClientAuthLaxHostnameVerification() throws IOException { - - var request = loadFromFile("validDeliveryRequest.xml"); - var httpsServiceURL = "https://notlocalhost/zusemsg/services/DeliveryRequest"; - - var clientParams = generateSSLClientParams(httpsServiceURL, false, true); - App2ZusePort port = createPort(clientParams); - - var status = port.delivery(request); - assertThat(status.getPartialSuccess().getAppDeliveryID()).isEqualTo(VALID_MZS_REQUEST_ID); - } - - //Requirements: - // - run zusemsg service under httpsServiceURL (e.g. by adding notlocalhost to /etc/hosts) - // - server trusts client cert (by trusting CA bundle in ssl/trusted-cas-bundle.pem) - // - server uses the server certificate in ssl/server/server.localhost.*.pem - // - server sends certificate chain ssl/server/ca-chain.cert.pem - @Test(expected=SOAPFaultException.class) - public void rejectBecauseHostNameVerificationFails() throws IOException { - - var request = loadFromFile("validDeliveryRequest.xml"); - var httpsServiceURL = "https://notlocalhost/zusemsg/services/DeliveryRequest"; - - var clientParams = generateSSLClientParams(httpsServiceURL, false, false); - App2ZusePort port = createPort(clientParams); - - port.delivery(request); - } - - private ClientType generateSSLClientParams(String httpsServiceURL, boolean trustAll, boolean laxHostNameVerification) { - return generateSSLClientParams(httpsServiceURL, trustAll, laxHostNameVerification, generateTrustLocalhostStore()); - } - - private ClientType generateSSLClientParams(String httpsServiceURL, boolean trustAll, boolean laxHostNameVerification, KeyStoreType truststore) { - - var keystore = keyStoreTypeBuilder() - .withFileName("ssl/client.cert.key.p12") - .withFileType("PKCS12") - .withPassword("123456") - .build(); - - var sslParams = SSLTypeBuilder() - .withLaxHostNameVerification(laxHostNameVerification) - .withTrustAll(trustAll) - .withKeyStore(keystore) - .withTrustStore(trustAll ? null : truststore) - .build(); - - return clientTypeBuilder() - .withURL(httpsServiceURL) - .withSSL(sslParams) - .withReceiveTimeout(BigInteger.ZERO) - .withConnectionTimeout(BigInteger.ZERO) - .build(); - - } - - private KeyStoreType generateTrustLocalhostStore() { - return keyStoreTypeBuilder() - .withFileName("ssl/truststore.jks") - .withPassword("123456") - .withFileType("JKS") - .build(); - } - - private DeliveryRequestType loadFromFile(String fileName) throws IOException { - try (var inputStream = new BufferedInputStream(new FileInputStream(basePath + fileName))) { - var request = (JAXBElement) msgMarshaller.unmarshallXml(inputStream); - return request.getValue(); - } - } - -} diff --git a/src/test/java/at/gv/egiz/moazs/ITSSLMsgClientTest.java b/src/test/java/at/gv/egiz/moazs/ITSSLMsgClientTest.java new file mode 100644 index 0000000..477375a --- /dev/null +++ b/src/test/java/at/gv/egiz/moazs/ITSSLMsgClientTest.java @@ -0,0 +1,181 @@ +package at.gv.egiz.moazs; + +import at.gv.egiz.moazs.client.ClientFactory; +import at.gv.egiz.moazs.scheme.Marshaller; +import at.gv.zustellung.app2mzs.xsd.ClientType; +import at.gv.zustellung.app2mzs.xsd.KeyStoreType; +import at.gv.zustellung.msg.xsd.App2ZusePort; +import at.gv.zustellung.msg.xsd.DeliveryRequestType; +import at.gv.zustellung.msg.xsd.ObjectFactory; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.test.context.junit4.SpringRunner; + +import javax.xml.bind.JAXBElement; +import javax.xml.ws.soap.SOAPFaultException; +import java.io.BufferedInputStream; +import java.io.FileInputStream; +import java.io.IOException; +import java.math.BigInteger; + +import static at.gv.zustellung.app2mzs.xsd.ClientType.clientTypeBuilder; +import static at.gv.zustellung.app2mzs.xsd.KeyStoreType.keyStoreTypeBuilder; +import static at.gv.zustellung.app2mzs.xsd.SSLType.SSLTypeBuilder; +import static org.assertj.core.api.Assertions.assertThat; + +@RunWith(SpringRunner.class) +@SpringBootTest +public class ITSSLMsgClientTest { + + private static final Object VALID_MZS_REQUEST_ID = "valid-delivery-request-id" ; + private final String basePath = "src/test/resources/at/gv/egiz/moazs/ITSSLMsgClientTest/"; + + @Autowired + private Marshaller msgMarshaller; + + @Autowired + private ClientFactory factory; + + private static final ObjectFactory OF = new ObjectFactory(); + + + // Requirements: + // - run zusemsg service under httpServiceURL + @Test + public void sendValidMessage() throws IOException { + + var request = loadFromFile("validDeliveryRequest.xml"); + var httpServiceURL = "http://localhost:8081/services/DeliveryRequest"; + var clientParams = clientTypeBuilder() + .withURL(httpServiceURL) + .withConnectionTimeout(BigInteger.ZERO) + .withReceiveTimeout(BigInteger.ZERO) + .build(); + + App2ZusePort port = createPort(clientParams); + var status = port.delivery(request); + assertThat(status.getPartialSuccess().getAppDeliveryID()).isEqualTo(VALID_MZS_REQUEST_ID); + + } + + private App2ZusePort createPort(ClientType params) { + return factory.create(params, App2ZusePort.class); + } + + // Requirements: + // - run zusemsg service under httpsServiceURL + // - server trusts client cert (by trusting CA bundle in ssl/trusted-cas-bundle.pem) + // - server uses the server certificate in ssl/server/server.localhost.*.pem + // - server sends certificate chain ssl/server/ca-chain.cert.pem + @Test + public void sendOverSSLWithClientAuthentication() throws IOException { + + var request = loadFromFile("validDeliveryRequest.xml"); + var httpsServiceURL = "https://localhost/zusemsg/services/DeliveryRequest"; + + var clientParams = generateSSLClientParams(httpsServiceURL, false, false); + App2ZusePort port = createPort(clientParams); + + var status = port.delivery(request); + assertThat(status.getPartialSuccess().getAppDeliveryID()).isEqualTo(VALID_MZS_REQUEST_ID); + } + + // Requirements: + // - run zusemsg service under httpsServiceURL + // - server trusts client cert (by trusting CA bundle in ssl/trusted-cas-bundle.pem) + // - server uses the server certificate in ssl/server/server.localhost.*.pem + // - server sends certificate chain ssl/server/ca-chain.cert.pem + @Test + public void sendOverSSLWithClientAuthTrustAll() throws IOException { + + var request = loadFromFile("validDeliveryRequest.xml"); + var httpsServiceURL = "https://localhost/zusemsg/services/DeliveryRequest"; + + var clientParams = generateSSLClientParams(httpsServiceURL, true, false); + App2ZusePort port = createPort(clientParams); + + var status = port.delivery(request); + assertThat(status.getPartialSuccess().getAppDeliveryID()).isEqualTo(VALID_MZS_REQUEST_ID); + } + + // Requirements: + // - run zusemsg service under httpsServiceURL (e.g. by adding notlocalhost to /etc/hosts) + // - server trusts client cert (by trusting CA bundle in ssl/trusted-cas-bundle.pem) + // - server uses the server certificate in ssl/server/server.localhost.*.pem + // - server sends certificate chain ssl/server/ca-chain.cert.pem + @Test + public void sendOverSSLWithClientAuthLaxHostnameVerification() throws IOException { + + var request = loadFromFile("validDeliveryRequest.xml"); + var httpsServiceURL = "https://notlocalhost/zusemsg/services/DeliveryRequest"; + + var clientParams = generateSSLClientParams(httpsServiceURL, false, true); + App2ZusePort port = createPort(clientParams); + + var status = port.delivery(request); + assertThat(status.getPartialSuccess().getAppDeliveryID()).isEqualTo(VALID_MZS_REQUEST_ID); + } + + //Requirements: + // - run zusemsg service under httpsServiceURL (e.g. by adding notlocalhost to /etc/hosts) + // - server trusts client cert (by trusting CA bundle in ssl/trusted-cas-bundle.pem) + // - server uses the server certificate in ssl/server/server.localhost.*.pem + // - server sends certificate chain ssl/server/ca-chain.cert.pem + @Test(expected=SOAPFaultException.class) + public void rejectBecauseHostNameVerificationFails() throws IOException { + + var request = loadFromFile("validDeliveryRequest.xml"); + var httpsServiceURL = "https://notlocalhost/zusemsg/services/DeliveryRequest"; + + var clientParams = generateSSLClientParams(httpsServiceURL, false, false); + App2ZusePort port = createPort(clientParams); + + port.delivery(request); + } + + private ClientType generateSSLClientParams(String httpsServiceURL, boolean trustAll, boolean laxHostNameVerification) { + return generateSSLClientParams(httpsServiceURL, trustAll, laxHostNameVerification, generateTrustLocalhostStore()); + } + + private ClientType generateSSLClientParams(String httpsServiceURL, boolean trustAll, boolean laxHostNameVerification, KeyStoreType truststore) { + + var keystore = keyStoreTypeBuilder() + .withFileName("config/ssl/client.cert.key.p12") + .withFileType("PKCS12") + .withPassword("123456") + .build(); + + var sslParams = SSLTypeBuilder() + .withLaxHostNameVerification(laxHostNameVerification) + .withTrustAll(trustAll) + .withKeyStore(keystore) + .withTrustStore(trustAll ? null : truststore) + .build(); + + return clientTypeBuilder() + .withURL(httpsServiceURL) + .withSSL(sslParams) + .withReceiveTimeout(BigInteger.ZERO) + .withConnectionTimeout(BigInteger.ZERO) + .build(); + + } + + private KeyStoreType generateTrustLocalhostStore() { + return keyStoreTypeBuilder() + .withFileName("config/ssl/truststore.jks") + .withPassword("123456") + .withFileType("JKS") + .build(); + } + + private DeliveryRequestType loadFromFile(String fileName) throws IOException { + try (var inputStream = new BufferedInputStream(new FileInputStream(basePath + fileName))) { + var request = (JAXBElement) msgMarshaller.unmarshallXml(inputStream); + return request.getValue(); + } + } + +} diff --git a/src/test/resources/at/gv/egiz/moazs/ITMsgClientTest/validDeliveryRequest.xml b/src/test/resources/at/gv/egiz/moazs/ITMsgClientTest/validDeliveryRequest.xml deleted file mode 100644 index f1879eb..0000000 --- a/src/test/resources/at/gv/egiz/moazs/ITMsgClientTest/validDeliveryRequest.xml +++ /dev/null @@ -1,56 +0,0 @@ - - - - - - kkvj693+tw99uW8UPuEK9en1LzZItkylPajkUUyJJDWQB78VGPkAuhCEk+TD12yQDD/WRglsf+JfQpjubIs/4l/ptluJ9teF3nwkNlu5Dm7mIjzgW1qxrDyomCmPvVxTWOCBuMUbOWRZBhOq+KvDQAu9Vv9KnqSfjYeDZrpHYu4= - urn:publicid:gv:at:cemtoken - - - Bundesministerium für Testzwecke - - - - - https://authority.gv.at/delivery_notification - - - - - - - Maxi - Mustermann1 - - 1984-01-24 - - - AT - 1010 - Wien - - Muststrasse - 10 - - - - - valid-delivery-request-id - WichtigeMitteilung - RSa - - - - brief.xml - text/xml - 123401 - - SHA1 - 9b972c70fdaf5e1b26b3387c87b0ffb72e5940b6 - - https://authority.gv.at/files/73bdf969781ba41fa07df1ff8439cf685c0db1c3 - - - \ No newline at end of file diff --git a/src/test/resources/at/gv/egiz/moazs/ITSSLMsgClientTest/validDeliveryRequest.xml b/src/test/resources/at/gv/egiz/moazs/ITSSLMsgClientTest/validDeliveryRequest.xml new file mode 100644 index 0000000..f1879eb --- /dev/null +++ b/src/test/resources/at/gv/egiz/moazs/ITSSLMsgClientTest/validDeliveryRequest.xml @@ -0,0 +1,56 @@ + + + + + + kkvj693+tw99uW8UPuEK9en1LzZItkylPajkUUyJJDWQB78VGPkAuhCEk+TD12yQDD/WRglsf+JfQpjubIs/4l/ptluJ9teF3nwkNlu5Dm7mIjzgW1qxrDyomCmPvVxTWOCBuMUbOWRZBhOq+KvDQAu9Vv9KnqSfjYeDZrpHYu4= + urn:publicid:gv:at:cemtoken + + + Bundesministerium für Testzwecke + + + + + https://authority.gv.at/delivery_notification + + + + + + + Maxi + Mustermann1 + + 1984-01-24 + + + AT + 1010 + Wien + + Muststrasse + 10 + + + + + valid-delivery-request-id + WichtigeMitteilung + RSa + + + + brief.xml + text/xml + 123401 + + SHA1 + 9b972c70fdaf5e1b26b3387c87b0ffb72e5940b6 + + https://authority.gv.at/files/73bdf969781ba41fa07df1ff8439cf685c0db1c3 + + + \ No newline at end of file -- cgit v1.2.3