X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;ds=inline;f=tests%2Forg%2Fcacert%2Fgigi%2Fping%2FTestSSL.java;h=e0c78bd0a0edae15ddc628cd5e471515422184d9;hb=66dcfd37b5a9debd8e33e71c699a0fdd2f2f595c;hp=9b0e928d424eaf88e15adf262f0a35af62cd76df;hpb=99ef9ee7f8d4a2332e4f08c7a0b23cc84966f555;p=gigi.git

diff --git a/tests/org/cacert/gigi/ping/TestSSL.java b/tests/org/cacert/gigi/ping/TestSSL.java
index 9b0e928d..e0c78bd0 100644
--- a/tests/org/cacert/gigi/ping/TestSSL.java
+++ b/tests/org/cacert/gigi/ping/TestSSL.java
@@ -1,10 +1,11 @@
 package org.cacert.gigi.ping;
 
 import static org.junit.Assert.*;
+import static org.junit.Assume.*;
 
+import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.net.Socket;
-import java.net.URL;
 import java.net.URLEncoder;
 import java.security.GeneralSecurityException;
 import java.security.KeyManagementException;
@@ -14,8 +15,14 @@ import java.security.Principal;
 import java.security.PrivateKey;
 import java.security.SecureRandom;
 import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 import java.sql.SQLException;
+import java.util.Arrays;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.LinkedList;
+import java.util.List;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
@@ -26,48 +33,113 @@ import javax.net.ssl.SSLServerSocketFactory;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.X509KeyManager;
 import javax.net.ssl.X509TrustManager;
+import javax.security.auth.x500.X500Principal;
 
-import org.cacert.gigi.Certificate;
-import org.cacert.gigi.CertificateProfile;
-import org.cacert.gigi.Certificate.CSRType;
 import org.cacert.gigi.GigiApiException;
-import org.cacert.gigi.pages.account.DomainOverview;
+import org.cacert.gigi.database.DatabaseConnection;
+import org.cacert.gigi.database.DatabaseConnection.Link;
+import org.cacert.gigi.dbObjects.Certificate;
+import org.cacert.gigi.dbObjects.Certificate.CSRType;
+import org.cacert.gigi.dbObjects.CertificateProfile;
+import org.cacert.gigi.dbObjects.Digest;
+import org.cacert.gigi.dbObjects.Job;
+import org.cacert.gigi.dbObjects.User;
 import org.cacert.gigi.testUtils.IOUtils;
 import org.cacert.gigi.testUtils.PingTest;
-import org.cacert.gigi.testUtils.TestEmailReciever.TestMail;
+import org.cacert.gigi.testUtils.TestEmailReceiver.TestMail;
+import org.cacert.gigi.util.SimpleSigner;
 import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+import org.junit.runners.Parameterized.Parameter;
+import org.junit.runners.Parameterized.Parameters;
 
+@RunWith(Parameterized.class)
 public class TestSSL extends PingTest {
 
+    @Parameters(name = "self-signed = {0}")
+    public static Iterable<Object[]> genParams() throws IOException {
+        return Arrays.asList(new Object[] {
+                true
+        }, new Object[] {
+                false
+        });
+
+    }
+
+    @Parameter
+    public Boolean self = false;
+
+    public abstract static class AsyncTask<T> {
+
+        T res;
+
+        Thread runner;
+
+        Exception ex;
+
+        public T join() throws InterruptedException {
+            runner.join();
+            if (ex != null) {
+                throw new Error(ex);
+            }
+            return res;
+        }
+
+        public void start() {
+            runner = new Thread() {
+
+                @Override
+                public void run() {
+                    try {
+                        res = AsyncTask.this.run();
+                    } catch (Exception e) {
+                        ex = e;
+                    }
+                }
+            };
+            runner.start();
+        }
+
+        public abstract T run() throws Exception;
+
+    }
+
     private KeyPair kp;
 
-    private Certificate c;
+    private X509Certificate c;
 
-    @Test
+    @Test(timeout = 70000)
     public void sslAndMailSuccess() throws IOException, InterruptedException, SQLException, GeneralSecurityException, GigiApiException {
         testEmailAndSSL(0, 0, true);
     }
 
-    @Test
+    @Test(timeout = 70000)
     public void sslWongTypeAndMailSuccess() throws IOException, InterruptedException, SQLException, GeneralSecurityException, GigiApiException {
         testEmailAndSSL(1, 0, true);
     }
 
-    @Test
+    @Test(timeout = 70000)
     public void sslOneMissingAndMailSuccess() throws IOException, InterruptedException, SQLException, GeneralSecurityException, GigiApiException {
         testEmailAndSSL(2, 0, true);
     }
 
-    @Test
+    @Test(timeout = 70000)
     public void sslBothMissingAndMailSuccess() throws IOException, InterruptedException, SQLException, GeneralSecurityException, GigiApiException {
         testEmailAndSSL(3, 0, true);
     }
 
-    @Test
+    @Test(timeout = 70000)
     public void sslWrongTypeAndMailFail() throws IOException, InterruptedException, SQLException, GeneralSecurityException, GigiApiException {
         testEmailAndSSL(1, 1, false);
     }
 
+    private void testEmailAndSSL(int sslVariant, int emailVariant, boolean successMail) throws IOException, InterruptedException, SQLException, GeneralSecurityException, GigiApiException {
+        try (Link link = DatabaseConnection.newLink(false)) {
+            testEmailAndSSLWithLink(sslVariant, emailVariant, successMail);
+        }
+    }
+
     /**
      * @param sslVariant
      *            <ul>
@@ -86,17 +158,21 @@ public class TestSSL extends PingTest {
      * @throws GigiApiException
      */
 
-    private void testEmailAndSSL(int sslVariant, int emailVariant, boolean successMail) throws IOException, InterruptedException, SQLException, GeneralSecurityException, GigiApiException {
+    private void testEmailAndSSLWithLink(int sslVariant, int emailVariant, boolean successMail) throws IOException, InterruptedException, SQLException, GeneralSecurityException, GigiApiException {
         String test = getTestProps().getProperty("domain.local");
+        assumeNotNull(test);
+        Matcher m = initailizeDomainForm();
+        String value = m.group(2);
+
+        if (self) {
+            createCertificateSelf(test, sslVariant == 1 ? "clientAuth" : "serverAuth", value);
+        } else {
+            createCertificate(test, CertificateProfile.getByName(sslVariant == 1 ? "client" : "server"));
+        }
 
-        URL u = new URL("https://" + getServerName() + DomainOverview.PATH);
-
-        initailizeDomainForm(u);
-
-        createCertificate(test, CertificateProfile.getByName(sslVariant == 1 ? "client" : "server"));
-        SSLServerSocket sss = createSSLServer(kp.getPrivate(), c.cert());
+        final SSLServerSocket sss = createSSLServer(kp.getPrivate(), c);
         int port = sss.getLocalPort();
-        SSLServerSocket sss2 = createSSLServer(kp.getPrivate(), c.cert());
+        final SSLServerSocket sss2 = createSSLServer(kp.getPrivate(), c);
         int port2 = sss2.getLocalPort();
         if (sslVariant == 3 || sslVariant == 2) {
             sss2.close();
@@ -104,27 +180,38 @@ public class TestSSL extends PingTest {
                 sss.close();
             }
         }
-        String content = "newdomain=" + URLEncoder.encode(test, "UTF-8") + //
+        String content = "adddomain&newdomain=" + URLEncoder.encode(test, "UTF-8") + //
                 "&emailType=y&email=2&SSLType=y" + //
                 "&ssl-type-0=direct&ssl-port-0=" + port + //
                 "&ssl-type-1=direct&ssl-port-1=" + port2 + //
                 "&ssl-type-2=direct&ssl-port-2=" + //
                 "&ssl-type-3=direct&ssl-port-3=" + //
                 "&adddomain&csrf=" + csrf;
-        URL u2 = sendDomainForm(u, content);
+        String p2 = sendDomainForm(content);
         boolean firstSucceeds = sslVariant != 0 && sslVariant != 2;
-        assertTrue(firstSucceeds ^ acceptSSLServer(sss));
+        AsyncTask<Boolean> ass = new AsyncTask<Boolean>() {
+
+            @Override
+            public Boolean run() throws Exception {
+                return acceptSSLServer(sss);
+            }
+        };
+        ass.start();
+        System.out.println(port + " and " + port2 + " ready");
+        System.err.println(port + " and " + port2 + " ready");
+        boolean accept2 = acceptSSLServer(sss2);
+        boolean accept1 = ass.join();
+        // assertTrue(firstSucceeds ^ accept1);
         boolean secondsSucceeds = sslVariant != 0;
-        assertTrue(secondsSucceeds ^ acceptSSLServer(sss2));
+        // assertTrue(secondsSucceeds ^ accept2);
 
-        TestMail mail = getMailReciever().recieve();
+        TestMail mail = getMailReceiver().receive();
         if (emailVariant == 0) {
-            String link = mail.extractLink();
-            new URL(link).openConnection().getHeaderField("");
+            mail.verify();
         }
         waitForPings(3);
 
-        String newcontent = IOUtils.readURL(cookie(u2.openConnection(), cookie));
+        String newcontent = IOUtils.readURL(get(p2));
         Pattern pat = Pattern.compile("<td>ssl</td>\\s*<td>success</td>");
         Matcher matcher = pat.matcher(newcontent);
         assertTrue(newcontent, firstSucceeds ^ matcher.find());
@@ -137,13 +224,29 @@ public class TestSSL extends PingTest {
     private void createCertificate(String test, CertificateProfile profile) throws GeneralSecurityException, IOException, SQLException, InterruptedException, GigiApiException {
         kp = generateKeypair();
         String csr = generatePEMCSR(kp, "CN=" + test);
-        c = new Certificate(userid, "/CN=" + test, "sha256", csr, CSRType.CSR, profile);
-        c.issue(null, "2y").waitFor(60000);
+        User u = User.getById(id);
+        Certificate c = new Certificate(u, u, Certificate.buildDN("CN", test), Digest.SHA256, csr, CSRType.CSR, profile);
+        Job j = c.issue(null, "2y", u);
+        await(j);
+        this.c = c.cert();
+    }
+
+    private void createCertificateSelf(String test, String eku, String tok) throws GeneralSecurityException, IOException, SQLException, InterruptedException, GigiApiException {
+        kp = generateKeypair();
+        HashMap<String, String> name = new HashMap<>();
+        name.put("CN", "");
+        name.put("OU", tok);
+
+        Date from = new Date();
+        Date to = new Date(from.getTime() + 1000 * 60 * 60 * 2);
+        List<Certificate.SubjectAlternateName> l = new LinkedList<>();
+
+        byte[] cert = SimpleSigner.generateCert(kp.getPublic(), kp.getPrivate(), name, new X500Principal(SimpleSigner.genX500Name(name).getEncoded()), l, from, to, Digest.SHA256, eku);
+        c = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(cert));
     }
 
     private boolean acceptSSLServer(SSLServerSocket sss) throws IOException {
-        try {
-            Socket s = sss.accept();
+        try (Socket s = sss.accept()) {
             s.getOutputStream().write('b');
             s.getOutputStream().close();
             return true;
@@ -157,57 +260,57 @@ public class TestSSL extends PingTest {
         try {
             sc = SSLContext.getInstance("SSL");
             sc.init(new KeyManager[] {
-                new X509KeyManager() {
-
-                    @Override
-                    public String[] getServerAliases(String keyType, Principal[] issuers) {
-                        return new String[] {
-                            "server"
-                        };
-                    }
-
-                    @Override
-                    public PrivateKey getPrivateKey(String alias) {
-                        return priv;
-                    }
+                    new X509KeyManager() {
+
+                        @Override
+                        public String[] getServerAliases(String keyType, Principal[] issuers) {
+                            return new String[] {
+                                    "server"
+                            };
+                        }
+
+                        @Override
+                        public PrivateKey getPrivateKey(String alias) {
+                            return priv;
+                        }
+
+                        @Override
+                        public String[] getClientAliases(String keyType, Principal[] issuers) {
+                            throw new Error();
+                        }
+
+                        @Override
+                        public X509Certificate[] getCertificateChain(String alias) {
+                            return new X509Certificate[] {
+                                    cert
+                            };
+                        }
+
+                        @Override
+                        public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) {
+                            throw new Error();
+                        }
+
+                        @Override
+                        public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) {
+                            return "server";
+                        }
 
-                    @Override
-                    public String[] getClientAliases(String keyType, Principal[] issuers) {
-                        throw new Error();
                     }
-
-                    @Override
-                    public X509Certificate[] getCertificateChain(String alias) {
-                        return new X509Certificate[] {
-                            cert
-                        };
-                    }
-
-                    @Override
-                    public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) {
-                        throw new Error();
-                    }
-
-                    @Override
-                    public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) {
-                        return "server";
-                    }
-
-                }
             }, new TrustManager[] {
-                new X509TrustManager() {
+                    new X509TrustManager() {
 
-                    @Override
-                    public X509Certificate[] getAcceptedIssuers() {
-                        return null;
-                    }
+                        @Override
+                        public X509Certificate[] getAcceptedIssuers() {
+                            return null;
+                        }
 
-                    @Override
-                    public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {}
+                        @Override
+                        public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {}
 
-                    @Override
-                    public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {}
-                }
+                        @Override
+                        public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {}
+                    }
             }, new SecureRandom());
         } catch (NoSuchAlgorithmException e) {
             e.printStackTrace();
@@ -221,4 +324,11 @@ public class TestSSL extends PingTest {
         return (SSLServerSocket) sssf.createServerSocket(0);
     }
 
+    public static void main(String[] args) throws Exception {
+        initEnvironment();
+        TestSSL t1 = new TestSSL();
+        t1.sslAndMailSuccess();
+        tearDownServer();
+    }
+
 }