001: package org.objectweb.celtix.bus.transports.https;
002:
003: import java.net.URL;
004: import java.util.Properties;
005:
006: import javax.net.ssl.SSLSocketFactory;
007:
008: import junit.extensions.TestSetup;
009: import junit.framework.Test;
010: import junit.framework.TestCase;
011: import junit.framework.TestSuite;
012:
013: import org.easymock.classextension.EasyMock;
014: import org.objectweb.celtix.Bus;
015: import org.objectweb.celtix.BusException;
016: import org.objectweb.celtix.bus.configuration.security.SSLClientPolicy;
017: import org.objectweb.celtix.bus.transports.http.JettyHTTPServerEngine;
018: import org.objectweb.celtix.configuration.Configuration;
019:
020: public class JettySslClientConfigurerTest extends TestCase {
021:
022: private static final String DROP_BACK_SRC_DIR = "../../../../../../../../src/test/java/org/objectweb/celtix/bus/transports/https/";
023:
024: Bus bus;
025: private Configuration configuration;
026:
027: public JettySslClientConfigurerTest(String arg0) {
028: super (arg0);
029: }
030:
031: public static Test suite() throws Exception {
032: TestSuite suite = new TestSuite(
033: JettySslClientConfigurerTest.class);
034: return new TestSetup(suite) {
035: protected void tearDown() throws Exception {
036: super .tearDown();
037: JettyHTTPServerEngine.destroyForPort(9000);
038: }
039: };
040: }
041:
042: public static void main(String[] args) {
043: junit.textui.TestRunner.run(JettySslClientConfigurerTest.class);
044: }
045:
046: public void setUp() throws BusException {
047: bus = EasyMock.createMock(Bus.class);
048:
049: configuration = EasyMock.createMock(Configuration.class);
050: }
051:
052: public void tearDown() throws Exception {
053: EasyMock.reset(bus);
054: EasyMock.reset(configuration);
055:
056: Properties props = System.getProperties();
057: props.remove("javax.net.ssl.trustStore");
058: props.remove("javax.net.ssl.keyStore");
059: props.remove("javax.net.ssl.keyPassword");
060: props.remove("javax.net.ssl.keyStorePassword");
061: }
062:
063: public void testSecurityConfigurer() {
064: try {
065: System
066: .setProperty(
067: "celtix.security.configurer.celtix.null.http-client",
068: "org.objectweb.celtix.bus.transports.https.SetAllDataSecurityDataProvider");
069: SSLClientPolicy sslClientPolicy = new SSLClientPolicy();
070: TestHandler handler = new TestHandler();
071: JettySslClientConfigurer jettySslClientConfigurer = createJettySslClientConfigurer(
072: sslClientPolicy, "https://dummyurl", handler);
073:
074: jettySslClientConfigurer.configure();
075: assertTrue(
076: "Keystore loaded success message not present",
077: handler
078: .checkLogContainsString("Successfully loaded keystore"));
079: assertTrue(
080: "Trust store loaded success message not present",
081: handler
082: .checkLogContainsString("Successfully loaded trust store"));
083: assertTrue(
084: "Keystore type not being read",
085: handler
086: .checkLogContainsString("The key store type has been set in configuration "
087: + "to JKS"));
088: assertTrue(
089: "Keystore password not being read",
090: handler
091: .checkLogContainsString("The key store password was found to be set in "
092: + "configuration and will be used."));
093: assertTrue(
094: "Key password not being read",
095: handler
096: .checkLogContainsString("The key password was found to be set in "
097: + "configuration and will be used."));
098: assertTrue(
099: "Key manager factory is being being read from somewhere unknown",
100: handler
101: .checkLogContainsString("The keystore key manager factory "
102: + "algorithm has not been set in configuration "
103: + "so the default value SunX509 will be used."));
104:
105: assertTrue(
106: "Trust manager factory is being being read from somewhere unknown",
107: handler
108: .checkLogContainsString("The truststore key manager factory "
109: + "algorithm has not been set in configuration "
110: + "so the default value PKIX will be used."));
111:
112: assertTrue(
113: "Ciphersuites is being being read from somewhere unknown",
114: handler
115: .checkLogContainsString("The cipher suite has not been set, default values "
116: + "will be used."));
117: assertTrue(
118: "Truststore type not being read",
119: handler
120: .checkLogContainsString("The key store type has been set in "
121: + "configuration to JKS"));
122:
123: assertTrue(
124: "Secure socket protocol not being read",
125: handler
126: .checkLogContainsString("The secure socket protocol has been set to TLSv1."));
127: assertTrue(
128: "Session caching set but no warning about not supported",
129: handler
130: .checkLogContainsString("Unsupported SSLClientPolicy property : "
131: + "SessionCaching"));
132: assertTrue(
133: "SessionCacheKey caching set but no warning about not supported",
134: handler
135: .checkLogContainsString("Unsupported SSLClientPolicy property : "
136: + "SessionCacheKey"));
137: assertTrue(
138: "MaxChainLength caching set but no warning about not supported",
139: handler
140: .checkLogContainsString("Unsupported SSLClientPolicy property : "
141: + "MaxChainLength"));
142: assertTrue(
143: "CertValidator caching set but no warning about not supported",
144: handler
145: .checkLogContainsString("Unsupported SSLClientPolicy property : "
146: + "CertValidator"));
147: } finally {
148: System
149: .setProperty(
150: "celtix.security.configurer.celtix.null.http-client",
151: "");
152: }
153: }
154:
155: public void testSetAllData() {
156:
157: String keyStoreStr = getPath("resources/defaultkeystore");
158: SSLClientPolicy sslClientPolicy = new SSLClientPolicy();
159: sslClientPolicy.setKeystore(keyStoreStr);
160: sslClientPolicy.setKeystoreType("JKS");
161:
162: sslClientPolicy.setKeyPassword("defaultkeypass");
163: sslClientPolicy.setKeystorePassword("defaultkeypass");
164: sslClientPolicy.setTrustStoreType("JKS");
165: sslClientPolicy.setTrustStoreAlgorithm("JKS");
166: sslClientPolicy.setSecureSocketProtocol("TLSv1");
167: sslClientPolicy.setSessionCacheKey("Anything");
168: sslClientPolicy.setSessionCaching(true);
169: sslClientPolicy.setMaxChainLength(new Long(2));
170: sslClientPolicy.setCertValidator("Anything");
171: sslClientPolicy.setProxyHost("Anything");
172: sslClientPolicy.setProxyPort(new Long(1234));
173:
174: String trustStoreStr = getPath("resources/defaulttruststore");
175: sslClientPolicy.setTrustStore(trustStoreStr);
176: TestHandler handler = new TestHandler();
177: JettySslClientConfigurer jettySslClientConfigurer = createJettySslClientConfigurer(
178: sslClientPolicy, "https://dummyurl", handler);
179:
180: jettySslClientConfigurer.configure();
181: SSLSocketFactory sSLSocketFactory = jettySslClientConfigurer
182: .getHttpsConnection().getSSLSocketFactory();
183:
184: assertTrue(sSLSocketFactory instanceof SSLSocketFactoryWrapper);
185: assertTrue(
186: "Keystore loaded success message not present",
187: handler
188: .checkLogContainsString("Successfully loaded keystore"));
189: assertTrue(
190: "Trust store loaded success message not present",
191: handler
192: .checkLogContainsString("Successfully loaded trust store"));
193: assertTrue(
194: "Keystore type not being read",
195: handler
196: .checkLogContainsString("The key store type has been set in configuration to JKS"));
197: assertTrue(
198: "Keystore password not being read",
199: handler
200: .checkLogContainsString("The key store password was found to be set in "
201: + "configuration and will be used."));
202: assertTrue(
203: "Key password not being read",
204: handler
205: .checkLogContainsString("The key password was found to be set in "
206: + "configuration and will be used."));
207: assertTrue(
208: "Key manager factory is being being read from somewhere unknown",
209: handler
210: .checkLogContainsString("The keystore key manager factory "
211: + "algorithm has not been set in configuration "
212: + "so the default value SunX509 will be used."));
213:
214: assertTrue(
215: "Trust manager factory is being being read from somewhere unknown",
216: handler
217: .checkLogContainsString("The truststore key manager factory "
218: + "algorithm has not been set in configuration "
219: + "so the default value PKIX will be used."));
220:
221: assertTrue(
222: "Ciphersuites is being being read from somewhere unknown",
223: handler
224: .checkLogContainsString("The cipher suite has not been set, default values "
225: + "will be used."));
226: assertTrue(
227: "Truststore type not being read",
228: handler
229: .checkLogContainsString("The key store type has been set in "
230: + "configuration to JKS"));
231:
232: assertTrue(
233: "Secure socket protocol not being read",
234: handler
235: .checkLogContainsString("The secure socket protocol has been set to TLSv1."));
236: assertTrue(
237: "Session caching set but no warning about not supported",
238: handler
239: .checkLogContainsString("Unsupported SSLClientPolicy property : SessionCaching"));
240: assertTrue(
241: "SessionCacheKey caching set but no warning about not supported",
242: handler
243: .checkLogContainsString("Unsupported SSLClientPolicy property : SessionCacheKey"));
244: assertTrue(
245: "MaxChainLength caching set but no warning about not supported",
246: handler
247: .checkLogContainsString("Unsupported SSLClientPolicy property : MaxChainLength"));
248: assertTrue(
249: "CertValidator caching set but no warning about not supported",
250: handler
251: .checkLogContainsString("Unsupported SSLClientPolicy property : CertValidator"));
252: }
253:
254: public void testAllValidDataJKS() {
255:
256: String keyStoreStr = getPath("resources/defaultkeystore");
257: SSLClientPolicy sslClientPolicy = new SSLClientPolicy();
258: sslClientPolicy.setKeystore(keyStoreStr);
259: sslClientPolicy.setKeyPassword("defaultkeypass");
260: sslClientPolicy.setKeystorePassword("defaultkeypass");
261:
262: sslClientPolicy.setKeystoreType("JKS");
263: String trustStoreStr = getPath("resources/defaulttruststore");
264: sslClientPolicy.setTrustStore(trustStoreStr);
265: TestHandler handler = new TestHandler();
266: JettySslClientConfigurer jettySslClientConfigurer = createJettySslClientConfigurer(
267: sslClientPolicy, "https://dummyurl", handler);
268:
269: jettySslClientConfigurer.configure();
270: SSLSocketFactory sSLSocketFactory = jettySslClientConfigurer
271: .getHttpsConnection().getSSLSocketFactory();
272:
273: assertTrue(sSLSocketFactory instanceof SSLSocketFactoryWrapper);
274: assertTrue(
275: "Keystore loaded success message not present",
276: handler
277: .checkLogContainsString("Successfully loaded keystore"));
278: assertTrue(
279: "Trust store loaded success message not present",
280: handler
281: .checkLogContainsString("Successfully loaded trust store"));
282:
283: }
284:
285: public void testAllValidDataPKCS12() {
286:
287: String keyStoreStr = getPath("resources/celtix.p12");
288: SSLClientPolicy sslClientPolicy = new SSLClientPolicy();
289: sslClientPolicy.setKeystore(keyStoreStr);
290: sslClientPolicy.setKeyPassword("celtixpass");
291: sslClientPolicy.setKeystorePassword("celtixpass");
292:
293: sslClientPolicy.setKeystoreType("PKCS12");
294: String trustStoreStr = getPath("resources/abigcompany_ca.pem");
295: sslClientPolicy.setTrustStore(trustStoreStr);
296: TestHandler handler = new TestHandler();
297: JettySslClientConfigurer jettySslClientConfigurer = createJettySslClientConfigurer(
298: sslClientPolicy, "https://dummyurl", handler);
299:
300: jettySslClientConfigurer.configure();
301: SSLSocketFactory sSLSocketFactory = jettySslClientConfigurer
302: .getHttpsConnection().getSSLSocketFactory();
303:
304: assertTrue(sSLSocketFactory instanceof SSLSocketFactoryWrapper);
305: assertTrue(
306: "Keystore loaded success message not present",
307: handler
308: .checkLogContainsString("Successfully loaded keystore"));
309: assertTrue(
310: "Trust store loaded success message not present",
311: handler
312: .checkLogContainsString("Successfully loaded trust store"));
313:
314: }
315:
316: public void testNonExistentKeystoreJKS() {
317:
318: String keyStoreStr = getPath("resources/defaultkeystoredontexist");
319: SSLClientPolicy sslClientPolicy = new SSLClientPolicy();
320: sslClientPolicy.setKeystore(keyStoreStr);
321: sslClientPolicy.setKeyPassword("defaultkeypass");
322: sslClientPolicy.setKeystorePassword("defaultkeypass");
323:
324: sslClientPolicy.setKeystoreType("JKS");
325: String trustStoreStr = getPath("resources/defaulttruststore");
326: sslClientPolicy.setTrustStore(trustStoreStr);
327: TestHandler handler = new TestHandler();
328: JettySslClientConfigurer jettySslClientConfigurer = createJettySslClientConfigurer(
329: sslClientPolicy, "https://dummyurl", handler);
330: jettySslClientConfigurer.configure();
331: SSLSocketFactory sSLSocketFactory = jettySslClientConfigurer
332: .getHttpsConnection().getSSLSocketFactory();
333: boolean isNewSocketFactory = sSLSocketFactory instanceof SSLSocketFactoryWrapper;
334: assertTrue("sSLSocketFactory should be null",
335: !isNewSocketFactory);
336: assertTrue(
337: "SSLContext should have failed, invalid keystore location",
338: handler
339: .checkLogContainsString("Problem initializing ssl for the outbound request"));
340:
341: }
342:
343: public void testNonExistentKeystorePKCS12() {
344:
345: String keyStoreStr = getPath("resources/defaultkeystoredontexist");
346: SSLClientPolicy sslClientPolicy = new SSLClientPolicy();
347: sslClientPolicy.setKeystore(keyStoreStr);
348: sslClientPolicy.setKeyPassword("celtixpass");
349: sslClientPolicy.setKeystorePassword("celtixpass");
350:
351: String trustStoreStr = getPath("resources/abigcompany_ca.pem");
352: sslClientPolicy.setTrustStore(trustStoreStr);
353: TestHandler handler = new TestHandler();
354: JettySslClientConfigurer jettySslClientConfigurer = createJettySslClientConfigurer(
355: sslClientPolicy, "https://dummyurl", handler);
356: jettySslClientConfigurer.configure();
357: SSLSocketFactory sSLSocketFactory = jettySslClientConfigurer
358: .getHttpsConnection().getSSLSocketFactory();
359: boolean isNewSocketFactory = sSLSocketFactory instanceof SSLSocketFactoryWrapper;
360: assertTrue("sSLSocketFactory should be null",
361: !isNewSocketFactory);
362: assertTrue(
363: "SSLContext should have failed, invalid keystore location",
364: handler
365: .checkLogContainsString("Problem initializing ssl for the outbound request"));
366:
367: }
368:
369: public void testWrongKeystorePasswordJKS() {
370:
371: String keyStoreStr = getPath("resources/defaultkeystore");
372: SSLClientPolicy sslClientPolicy = new SSLClientPolicy();
373: sslClientPolicy.setKeystore(keyStoreStr);
374: sslClientPolicy.setKeyPassword("defaultkeypass");
375: sslClientPolicy.setKeystorePassword("defaultkeypasswrong");
376:
377: sslClientPolicy.setKeystoreType("JKS");
378: String trustStoreStr = getPath("resources/defaulttruststore");
379: sslClientPolicy.setTrustStore(trustStoreStr);
380: TestHandler handler = new TestHandler();
381: JettySslClientConfigurer jettySslClientConfigurer = createJettySslClientConfigurer(
382: sslClientPolicy, "https://dummyurl", handler);
383: jettySslClientConfigurer.configure();
384: SSLSocketFactory sSLSocketFactory = jettySslClientConfigurer
385: .getHttpsConnection().getSSLSocketFactory();
386: boolean isNewSocketFactory = sSLSocketFactory instanceof SSLSocketFactoryWrapper;
387: assertTrue("sSLSocketFactory should be non and a new one",
388: isNewSocketFactory);
389: assertTrue(
390: "SSLContext init should have passed, but keystore initialization failed, invalid "
391: + "keystore password",
392: handler.checkLogContainsString("Loading the keystore ")
393: && handler
394: .checkLogContainsString("failed with the following problem"));
395: assertTrue(
396: "SSLContext init should have passed, but keystore initialization failed, invalid "
397: + "keystore password",
398: handler
399: .checkLogContainsString("Keystore was tampered with, or password was incorrect"));
400: assertTrue(
401: "SSLContext init should have passed, but looks like trustore not loaded",
402: handler
403: .checkLogContainsString("Successfully loaded trust store"));
404: assertTrue(
405: "Check to ensure keystore password and keypassword same failed",
406: handler
407: .checkLogContainsString("The value specified for the keystore password"
408: + " is different to the key password. Currently "
409: + "limitations in JSSE requires that they should be the "
410: + "same. The keystore password value will be used only."));
411:
412: }
413:
414: public void testWrongKeystorePasswordPKCS12() {
415:
416: String keyStoreStr = getPath("resources/celtix.p12");
417: SSLClientPolicy sslClientPolicy = new SSLClientPolicy();
418: sslClientPolicy.setKeystore(keyStoreStr);
419: sslClientPolicy.setKeyPassword("celtixpass");
420: sslClientPolicy.setKeystorePassword("celtixpasswrong");
421:
422: String trustStoreStr = getPath("resources/abigcompany_ca.pem");
423: sslClientPolicy.setTrustStore(trustStoreStr);
424: TestHandler handler = new TestHandler();
425: JettySslClientConfigurer jettySslClientConfigurer = createJettySslClientConfigurer(
426: sslClientPolicy, "https://dummyurl", handler);
427: jettySslClientConfigurer.configure();
428: SSLSocketFactory sSLSocketFactory = jettySslClientConfigurer
429: .getHttpsConnection().getSSLSocketFactory();
430: boolean isNewSocketFactory = sSLSocketFactory instanceof SSLSocketFactoryWrapper;
431: assertTrue("sSLSocketFactory should be non and a new one",
432: isNewSocketFactory);
433: assertTrue(
434: "SSLContext init should have passed, but keystore initialization failed, invalid "
435: + "keystore password",
436: handler.checkLogContainsString("Loading the keystore ")
437: && handler
438: .checkLogContainsString("failed with the following problem"));
439: assertTrue(
440: "SSLContext init should have passed, but keystore initialization failed, invalid "
441: + "keystore password",
442: handler.checkLogContainsString("Loading the keystore ")
443: && handler
444: .checkLogContainsString("failed with the following problem"));
445: assertTrue(
446: "SSLContext init should have passed, but looks like trustore not loaded",
447: handler
448: .checkLogContainsString("Successfully loaded trust store"));
449: assertTrue(
450: "Check to ensure keystore password and keypassword same failed",
451: handler
452: .checkLogContainsString("The value specified for the keystore password"
453: + " is different to the key password. Currently "
454: + "limitations in JSSE requires that they should be the "
455: + "same. The keystore password value will be used only."));
456:
457: }
458:
459: public void testWrongKeyPasswordJKS() {
460:
461: String keyStoreStr = getPath("resources/defaultkeystore");
462: SSLClientPolicy sslClientPolicy = new SSLClientPolicy();
463: sslClientPolicy.setKeystore(keyStoreStr);
464: sslClientPolicy.setKeyPassword("defaultkeypasswrong");
465: sslClientPolicy.setKeystorePassword("defaultkeypass");
466:
467: sslClientPolicy.setKeystoreType("JKS");
468: String trustStoreStr = getPath("resources/defaulttruststore");
469: sslClientPolicy.setTrustStore(trustStoreStr);
470: TestHandler handler = new TestHandler();
471: JettySslClientConfigurer jettySslClientConfigurer = createJettySslClientConfigurer(
472: sslClientPolicy, "https://dummyurl", handler);
473: jettySslClientConfigurer.configure();
474: SSLSocketFactory sSLSocketFactory = jettySslClientConfigurer
475: .getHttpsConnection().getSSLSocketFactory();
476: boolean isNewSocketFactory = sSLSocketFactory instanceof SSLSocketFactoryWrapper;
477: assertTrue("sSLSocketFactory should be non and a new one",
478: isNewSocketFactory);
479: assertTrue(
480: "SSLContext init should have passed, and keystore initialization succeedeed, "
481: + "EVEN THOUGH invalid key password",
482: handler
483: .checkLogContainsString("Successfully loaded keystore"));
484: assertTrue(
485: "SSLContext init should have passed, but looks like trustore not loaded",
486: handler
487: .checkLogContainsString("Successfully loaded trust store"));
488: assertTrue(
489: "Check to ensure keystore password and keypassword same failed",
490: handler
491: .checkLogContainsString("The value specified for the keystore password"
492: + " is different to the key password. Currently "
493: + "limitations in JSSE requires that they should be the "
494: + "same. The keystore password value will be used only."));
495:
496: }
497:
498: public void testWrongKeyPasswordPKCS12() {
499:
500: String keyStoreStr = getPath("resources/celtix.p12");
501: SSLClientPolicy sslClientPolicy = new SSLClientPolicy();
502: sslClientPolicy.setKeystore(keyStoreStr);
503: sslClientPolicy.setKeyPassword("celtixpasswrong");
504: sslClientPolicy.setKeystorePassword("celtixpass");
505:
506: String trustStoreStr = getPath("resources/abigcompany_ca.pem");
507: sslClientPolicy.setTrustStore(trustStoreStr);
508: TestHandler handler = new TestHandler();
509: JettySslClientConfigurer jettySslClientConfigurer = createJettySslClientConfigurer(
510: sslClientPolicy, "https://dummyurl", handler);
511: jettySslClientConfigurer.configure();
512: SSLSocketFactory sSLSocketFactory = jettySslClientConfigurer
513: .getHttpsConnection().getSSLSocketFactory();
514: boolean isNewSocketFactory = sSLSocketFactory instanceof SSLSocketFactoryWrapper;
515: assertTrue("sSLSocketFactory should be non and a new one",
516: isNewSocketFactory);
517: assertTrue(
518: "SSLContext init should have passed, and keystore initialization succeedeed, "
519: + "EVEN THOUGH invalid key password",
520: handler
521: .checkLogContainsString("Successfully loaded keystore"));
522: assertTrue(
523: "SSLContext init should have passed, but looks like trustore not loaded",
524: handler
525: .checkLogContainsString("Successfully loaded trust store"));
526: assertTrue(
527: "Check to ensure keystore password and keypassword same failed",
528: handler
529: .checkLogContainsString("The value specified for the keystore password"
530: + " is different to the key password. Currently "
531: + "limitations in JSSE requires that they should be the "
532: + "same. The keystore password value will be used only."));
533:
534: }
535:
536: public void testAllElementsHaveSetupMethod() {
537: SSLClientPolicy sslClientPolicy = new SSLClientPolicy();
538: TestHandler handler = new TestHandler();
539: JettySslClientConfigurer jettySslClientConfigurer = createJettySslClientConfigurer(
540: sslClientPolicy, "https://dummyurl", handler);
541: assertTrue("A new element has been "
542: + "added to SSLClientPolicy without a corresponding "
543: + "setup method in the configurer.",
544: jettySslClientConfigurer.testAllDataHasSetupMethod());
545: }
546:
547: private JettySslClientConfigurer createJettySslClientConfigurer(
548: SSLClientPolicy sslClientPolicy, String urlStr,
549: TestHandler handler) {
550: try {
551: DummyHttpsConnection connection = new DummyHttpsConnection(
552: null);
553: JettySslClientConfigurer jettySslClientConfigurer = new JettySslClientConfigurer(
554: sslClientPolicy, connection, configuration);
555:
556: jettySslClientConfigurer.addLogHandler(handler);
557: return jettySslClientConfigurer;
558:
559: } catch (Exception e) {
560: e.printStackTrace();
561: }
562: return null;
563: }
564:
565: protected static String getPath(String fileName) {
566: URL keystoreURL = JettySslClientConfigurerTest.class
567: .getResource(".");
568: String str = keystoreURL.getFile();
569: str += DROP_BACK_SRC_DIR + fileName;
570: return str;
571: }
572: }
|