007d570b435b6ff32e15420f209610cb47d94c5b
[gigi.git] / tests / org / cacert / gigi / ping / TestSSL.java
1 package org.cacert.gigi.ping;
2
3 import static org.junit.Assert.*;
4 import static org.junit.Assume.*;
5
6 import java.io.IOException;
7 import java.net.Socket;
8 import java.net.URL;
9 import java.net.URLEncoder;
10 import java.security.GeneralSecurityException;
11 import java.security.KeyManagementException;
12 import java.security.KeyPair;
13 import java.security.NoSuchAlgorithmException;
14 import java.security.Principal;
15 import java.security.PrivateKey;
16 import java.security.SecureRandom;
17 import java.security.cert.CertificateException;
18 import java.security.cert.X509Certificate;
19 import java.sql.SQLException;
20 import java.util.regex.Matcher;
21 import java.util.regex.Pattern;
22
23 import javax.net.ssl.KeyManager;
24 import javax.net.ssl.SSLContext;
25 import javax.net.ssl.SSLServerSocket;
26 import javax.net.ssl.SSLServerSocketFactory;
27 import javax.net.ssl.TrustManager;
28 import javax.net.ssl.X509KeyManager;
29 import javax.net.ssl.X509TrustManager;
30
31 import org.cacert.gigi.GigiApiException;
32 import org.cacert.gigi.dbObjects.Certificate;
33 import org.cacert.gigi.dbObjects.Certificate.CSRType;
34 import org.cacert.gigi.dbObjects.CertificateProfile;
35 import org.cacert.gigi.dbObjects.User;
36 import org.cacert.gigi.pages.account.domain.DomainOverview;
37 import org.cacert.gigi.testUtils.IOUtils;
38 import org.cacert.gigi.testUtils.PingTest;
39 import org.cacert.gigi.testUtils.TestEmailReciever.TestMail;
40 import org.junit.Test;
41
42 public class TestSSL extends PingTest {
43
44     private KeyPair kp;
45
46     private Certificate c;
47
48     @Test(timeout = 70000)
49     public void sslAndMailSuccess() throws IOException, InterruptedException, SQLException, GeneralSecurityException, GigiApiException {
50         testEmailAndSSL(0, 0, true);
51     }
52
53     @Test(timeout = 70000)
54     public void sslWongTypeAndMailSuccess() throws IOException, InterruptedException, SQLException, GeneralSecurityException, GigiApiException {
55         testEmailAndSSL(1, 0, true);
56     }
57
58     @Test(timeout = 70000)
59     public void sslOneMissingAndMailSuccess() throws IOException, InterruptedException, SQLException, GeneralSecurityException, GigiApiException {
60         testEmailAndSSL(2, 0, true);
61     }
62
63     @Test(timeout = 70000)
64     public void sslBothMissingAndMailSuccess() throws IOException, InterruptedException, SQLException, GeneralSecurityException, GigiApiException {
65         testEmailAndSSL(3, 0, true);
66     }
67
68     @Test(timeout = 70000)
69     public void sslWrongTypeAndMailFail() throws IOException, InterruptedException, SQLException, GeneralSecurityException, GigiApiException {
70         testEmailAndSSL(1, 1, false);
71     }
72
73     /**
74      * @param sslVariant
75      *            <ul>
76      *            <li>0= all valid</li>
77      *            <li>1= wrong type</li>
78      *            <li>2= one server missing</li>
79      *            <li>3= both servers missing</li>
80      *            </ul>
81      * @param emailVariant
82      * @param successSSL
83      * @param successMail
84      * @throws IOException
85      * @throws InterruptedException
86      * @throws SQLException
87      * @throws GeneralSecurityException
88      * @throws GigiApiException
89      */
90
91     private void testEmailAndSSL(int sslVariant, int emailVariant, boolean successMail) throws IOException, InterruptedException, SQLException, GeneralSecurityException, GigiApiException {
92         String test = getTestProps().getProperty("domain.local");
93         assumeNotNull(test);
94         URL u = new URL("https://" + getServerName() + DomainOverview.PATH);
95
96         initailizeDomainForm(u);
97
98         createCertificate(test, CertificateProfile.getByName(sslVariant == 1 ? "client" : "server"));
99         SSLServerSocket sss = createSSLServer(kp.getPrivate(), c.cert());
100         int port = sss.getLocalPort();
101         SSLServerSocket sss2 = createSSLServer(kp.getPrivate(), c.cert());
102         int port2 = sss2.getLocalPort();
103         if (sslVariant == 3 || sslVariant == 2) {
104             sss2.close();
105             if (sslVariant == 3) {
106                 sss.close();
107             }
108         }
109         String content = "newdomain=" + URLEncoder.encode(test, "UTF-8") + //
110                 "&emailType=y&email=2&SSLType=y" + //
111                 "&ssl-type-0=direct&ssl-port-0=" + port + //
112                 "&ssl-type-1=direct&ssl-port-1=" + port2 + //
113                 "&ssl-type-2=direct&ssl-port-2=" + //
114                 "&ssl-type-3=direct&ssl-port-3=" + //
115                 "&adddomain&csrf=" + csrf;
116         URL u2 = sendDomainForm(u, content);
117         boolean firstSucceeds = sslVariant != 0 && sslVariant != 2;
118         assertTrue(firstSucceeds ^ acceptSSLServer(sss));
119         boolean secondsSucceeds = sslVariant != 0;
120         assertTrue(secondsSucceeds ^ acceptSSLServer(sss2));
121
122         TestMail mail = getMailReciever().recieve();
123         if (emailVariant == 0) {
124             String link = mail.extractLink();
125             new URL(link).openConnection().getHeaderField("");
126         }
127         waitForPings(3);
128
129         String newcontent = IOUtils.readURL(cookie(u2.openConnection(), cookie));
130         Pattern pat = Pattern.compile("<td>ssl</td>\\s*<td>success</td>");
131         Matcher matcher = pat.matcher(newcontent);
132         assertTrue(newcontent, firstSucceeds ^ matcher.find());
133         assertTrue(newcontent, secondsSucceeds ^ matcher.find());
134         assertFalse(newcontent, matcher.find());
135         pat = Pattern.compile("<td>email</td>\\s*<td>success</td>");
136         assertTrue(newcontent, !successMail ^ pat.matcher(newcontent).find());
137     }
138
139     private void createCertificate(String test, CertificateProfile profile) throws GeneralSecurityException, IOException, SQLException, InterruptedException, GigiApiException {
140         kp = generateKeypair();
141         String csr = generatePEMCSR(kp, "CN=" + test);
142         c = new Certificate(User.getById(userid), Certificate.buildDN("CN", test), "sha256", csr, CSRType.CSR, profile);
143         c.issue(null, "2y").waitFor(60000);
144     }
145
146     private boolean acceptSSLServer(SSLServerSocket sss) throws IOException {
147         try {
148             Socket s = sss.accept();
149             s.getOutputStream().write('b');
150             s.getOutputStream().close();
151             return true;
152         } catch (IOException e) {
153             return false;
154         }
155     }
156
157     private SSLServerSocket createSSLServer(final PrivateKey priv, final X509Certificate cert) throws Error, IOException {
158         SSLContext sc;
159         try {
160             sc = SSLContext.getInstance("SSL");
161             sc.init(new KeyManager[] {
162                 new X509KeyManager() {
163
164                     @Override
165                     public String[] getServerAliases(String keyType, Principal[] issuers) {
166                         return new String[] {
167                             "server"
168                         };
169                     }
170
171                     @Override
172                     public PrivateKey getPrivateKey(String alias) {
173                         return priv;
174                     }
175
176                     @Override
177                     public String[] getClientAliases(String keyType, Principal[] issuers) {
178                         throw new Error();
179                     }
180
181                     @Override
182                     public X509Certificate[] getCertificateChain(String alias) {
183                         return new X509Certificate[] {
184                             cert
185                         };
186                     }
187
188                     @Override
189                     public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) {
190                         throw new Error();
191                     }
192
193                     @Override
194                     public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) {
195                         return "server";
196                     }
197
198                 }
199             }, new TrustManager[] {
200                 new X509TrustManager() {
201
202                     @Override
203                     public X509Certificate[] getAcceptedIssuers() {
204                         return null;
205                     }
206
207                     @Override
208                     public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {}
209
210                     @Override
211                     public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {}
212                 }
213             }, new SecureRandom());
214         } catch (NoSuchAlgorithmException e) {
215             e.printStackTrace();
216             throw new Error(e);
217         } catch (KeyManagementException e) {
218             e.printStackTrace();
219             throw new Error(e);
220         }
221
222         SSLServerSocketFactory sssf = sc.getServerSocketFactory();
223         return (SSLServerSocket) sssf.createServerSocket(0);
224     }
225
226 }