1 package org.cacert.gigi;
3 import static org.junit.Assert.*;
5 import java.io.IOException;
6 import java.net.HttpURLConnection;
7 import java.net.MalformedURLException;
9 import java.net.URLConnection;
10 import java.security.GeneralSecurityException;
11 import java.sql.SQLException;
13 import org.cacert.gigi.testUtils.IOUtils;
14 import org.cacert.gigi.testUtils.ManagedTest;
15 import org.cacert.gigi.util.ServerConstants;
16 import org.junit.Test;
18 public class TestCrossDomainAccess extends ManagedTest {
21 public void testNoOriginHeader() throws MalformedURLException, IOException {
22 URLConnection con = new URL("https://" + ServerConstants.getWwwHostNamePortSecure() + "/login").openConnection();
23 assertTrue( !IOUtils.readURL(con).contains("No cross domain access allowed."));
27 public void testCorrectOriginHeaderFromHttpsToHttps() throws MalformedURLException, IOException {
28 URLConnection con = new URL("https://" + ServerConstants.getWwwHostNamePortSecure() + "/login").openConnection();
29 con.setRequestProperty("Origin", "https://" + ServerConstants.getWwwHostNamePortSecure());
30 assertTrue( !IOUtils.readURL(con).contains("No cross domain access allowed."));
34 public void testCorrectOriginHeaderFromHttpToHttps() throws MalformedURLException, IOException {
35 URLConnection con = new URL("https://" + ServerConstants.getWwwHostNamePortSecure() + "/login").openConnection();
36 con.setRequestProperty("Origin", "http://" + ServerConstants.getWwwHostNamePort());
37 assertTrue( !IOUtils.readURL(con).contains("No cross domain access allowed."));
41 public void testCorrectOriginHeaderFromHttpsToSecure() throws MalformedURLException, IOException, GeneralSecurityException, SQLException, InterruptedException, GigiApiException {
42 URLConnection con = new URL("https://" + ServerConstants.getSecureHostNamePort()).openConnection();
43 con.setRequestProperty("Origin", "https://" + ServerConstants.getWwwHostNamePortSecure());
44 String contains = IOUtils.readURL(con);
45 assertTrue( !contains.contains("No cross domain access allowed."));
49 public void testCorrectOriginHeaderFromHttpsToHttp() throws MalformedURLException, IOException {
50 URLConnection con = new URL("http://" + ServerConstants.getWwwHostNamePort()).openConnection();
51 con.setRequestProperty("Origin", "https://" + ServerConstants.getWwwHostNamePortSecure());
52 assertTrue( !IOUtils.readURL(con).contains("No cross domain access allowed."));
56 public void testIncorrectOriginHeader() throws MalformedURLException, IOException {
57 HttpURLConnection con = (HttpURLConnection) new URL("https://" + ServerConstants.getWwwHostNamePortSecure() + "/login").openConnection();
58 con.setRequestProperty("Origin", "https://evilpageandatleastnotcacert.com");
59 assertTrue(IOUtils.readURL(con).contains("No cross domain access allowed."));