tests/org/cacert/gigi/testUtils/ManagedTest.java

   1 package org.cacert.gigi.testUtils;
   2
   3 import static org.junit.Assert.*;
   4
   5 import java.io.BufferedReader;
   6 import java.io.DataOutputStream;
   7 import java.io.IOException;
   8 import java.io.InputStreamReader;
   9 import java.io.OutputStream;
  10 import java.io.UnsupportedEncodingException;
  11 import java.net.HttpURLConnection;
  12 import java.net.InetSocketAddress;
  13 import java.net.MalformedURLException;
  14 import java.net.Socket;
  15 import java.net.URL;
  16 import java.net.URLConnection;
  17 import java.net.URLEncoder;
  18 import java.nio.file.Files;
  19 import java.nio.file.Paths;
  20 import java.security.KeyManagementException;
  21 import java.security.NoSuchAlgorithmException;
  22 import java.security.Principal;
  23 import java.security.PrivateKey;
  24 import java.security.cert.X509Certificate;
  25 import java.sql.SQLException;
  26 import java.util.Locale;
  27 import java.util.Properties;
  28 import java.util.regex.Matcher;
  29 import java.util.regex.Pattern;
  30
  31 import javax.net.ssl.HttpsURLConnection;
  32 import javax.net.ssl.KeyManager;
  33 import javax.net.ssl.SSLContext;
  34 import javax.net.ssl.X509KeyManager;
  35
  36 import org.cacert.gigi.DevelLauncher;
  37 import org.cacert.gigi.GigiApiException;
  38 import org.cacert.gigi.database.GigiPreparedStatement;
  39 import org.cacert.gigi.database.GigiResultSet;
  40 import org.cacert.gigi.dbObjects.EmailAddress;
  41 import org.cacert.gigi.dbObjects.Group;
  42 import org.cacert.gigi.dbObjects.Job;
  43 import org.cacert.gigi.dbObjects.ObjectCache;
  44 import org.cacert.gigi.dbObjects.User;
  45 import org.cacert.gigi.pages.account.MyDetails;
  46 import org.cacert.gigi.pages.main.RegisterPage;
  47 import org.cacert.gigi.testUtils.TestEmailReceiver.TestMail;
  48 import org.cacert.gigi.util.SimpleSigner;
  49 import org.hamcrest.CoreMatchers;
  50 import org.junit.After;
  51 import org.junit.AfterClass;
  52 import org.junit.BeforeClass;
  53
  54 /**
  55  * Base class for test suites who require a launched Gigi instance. The instance
  56  * is cleared once per test suite.
  57  */
  58 public class ManagedTest extends ConfiguredTest {
  59
  60     static {
  61         System.setProperty("sun.net.http.allowRestrictedHeaders", "true");
  62     }
  63
  64     private static TestEmailReceiver ter;
  65
  66     private static Process gigi;
  67
  68     private static String url = "localhost:4443";
  69
  70     private static String acceptLanguage = null;
  71
  72     public static void setAcceptLanguage(String acceptLanguage) {
  73         ManagedTest.acceptLanguage = acceptLanguage;
  74     }
  75
  76     public static String getServerName() {
  77         return url;
  78     }
  79
  80     static {
  81         InitTruststore.run();
  82         HttpURLConnection.setFollowRedirects(false);
  83     }
  84
  85     @BeforeClass
  86     public static void initEnvironmentHook() {
  87         initEnvironment();
  88     }
  89
  90     private static boolean inited = false;
  91
  92     public static Properties initEnvironment() {
  93         try {
  94             Properties mainProps = ConfiguredTest.initEnvironment();
  95             if (inited) {
  96                 return mainProps;
  97             }
  98             inited = true;
  99             purgeDatabase();
 100             String type = testProps.getProperty("type");
 101             generateMainProps(mainProps);
 102             if (type.equals("local")) {
 103                 url = testProps.getProperty("name.www") + ":" + testProps.getProperty("serverPort.https");
 104                 String[] parts = testProps.getProperty("mail").split(":", 2);
 105                 ter = new TestEmailReceiver(new InetSocketAddress(parts[0], Integer.parseInt(parts[1])));
 106                 ter.start();
 107                 if (testProps.getProperty("withSigner", "false").equals("true")) {
 108                     SimpleSigner.runSigner();
 109                 }
 110                 return mainProps;
 111             }
 112             url = testProps.getProperty("name.www") + ":" + testProps.getProperty("serverPort.https");
 113             gigi = Runtime.getRuntime().exec(testProps.getProperty("java"));
 114             DataOutputStream toGigi = new DataOutputStream(gigi.getOutputStream());
 115             System.out.println("... starting server");
 116
 117             byte[] cacerts = Files.readAllBytes(Paths.get("config/cacerts.jks"));
 118             byte[] keystore = Files.readAllBytes(Paths.get("config/keystore.pkcs12"));
 119
 120             DevelLauncher.writeGigiConfig(toGigi, "changeit".getBytes("UTF-8"), "changeit".getBytes("UTF-8"), mainProps, cacerts, keystore);
 121             toGigi.flush();
 122
 123             final BufferedReader br = new BufferedReader(new InputStreamReader(gigi.getErrorStream(), "UTF-8"));
 124             String line;
 125             while ((line = br.readLine()) != null && !line.contains("System successfully started.")) {
 126                 System.err.println(line);
 127             }
 128             new Thread() {
 129
 130                 @Override
 131                 public void run() {
 132                     String line;
 133                     try {
 134                         while ((line = br.readLine()) != null) {
 135                             System.err.println(line);
 136                         }
 137                     } catch (IOException e) {
 138                         e.printStackTrace();
 139                     }
 140                 }
 141             }.start();
 142             if (line == null) {
 143                 throw new Error("Server startup failed");
 144             }
 145             ter = new TestEmailReceiver(new InetSocketAddress("localhost", 8473));
 146             ter.start();
 147             SimpleSigner.runSigner();
 148             return mainProps;
 149         } catch (IOException e) {
 150             throw new Error(e);
 151         } catch (SQLException e1) {
 152             throw new Error(e1);
 153         } catch (InterruptedException e) {
 154             throw new Error(e);
 155         }
 156
 157     }
 158
 159     protected static void await(Job j) throws InterruptedException {
 160         SimpleSigner.ping();
 161         j.waitFor(5000);
 162     }
 163
 164     public static void purgeDatabase() throws SQLException, IOException {
 165         purgeOnlyDB();
 166         clearCaches();
 167     }
 168
 169     public static void clearCaches() throws IOException {
 170         ObjectCache.clearAllCaches();
 171         // String type = testProps.getProperty("type");
 172         URL u = new URL("https://" + getServerName() + "/manage");
 173         u.openConnection().getHeaderField("Location");
 174     }
 175
 176     private static void generateMainProps(Properties mainProps) {
 177         mainProps.setProperty("testrunner", "true");
 178         mainProps.setProperty("host", "127.0.0.1");
 179
 180         mainProps.setProperty("emailProvider", "org.cacert.gigi.email.TestEmailProvider");
 181         mainProps.setProperty("emailProvider.port", "8473");
 182         mainProps.setProperty("sql.driver", testProps.getProperty("sql.driver"));
 183         mainProps.setProperty("sql.url", testProps.getProperty("sql.url"));
 184         mainProps.setProperty("sql.user", testProps.getProperty("sql.user"));
 185         mainProps.setProperty("sql.password", testProps.getProperty("sql.password"));
 186         mainProps.setProperty("testing", "true");
 187     }
 188
 189     @AfterClass
 190     public static void tearDownServer() {
 191         String type = testProps.getProperty("type");
 192         ter.destroy();
 193         if (type.equals("local")) {
 194             return;
 195         }
 196         gigi.destroy();
 197         try {
 198             SimpleSigner.stopSigner();
 199         } catch (InterruptedException e) {
 200             e.printStackTrace();
 201         }
 202     }
 203
 204     public final String uniq = createUniqueName();
 205
 206     @After
 207     public void removeMails() {
 208         ter.reset();
 209     }
 210
 211     @After
 212     public void clearAcceptLanguage() {
 213         ManagedTest.setAcceptLanguage(null);
 214     }
 215
 216     @Override
 217     public MailReceiver getMailReceiver() {
 218         return ter;
 219     }
 220
 221     public static String runRegister(String param) throws IOException {
 222         URL regist = new URL("https://" + getServerName() + RegisterPage.PATH);
 223         HttpURLConnection uc = (HttpURLConnection) regist.openConnection();
 224         HttpURLConnection csrfConn = (HttpURLConnection) regist.openConnection();
 225         if (acceptLanguage != null) {
 226             csrfConn.setRequestProperty("Accept-Language", acceptLanguage);
 227             uc.setRequestProperty("Accept-Language", acceptLanguage);
 228         }
 229
 230         String headerField = csrfConn.getHeaderField("Set-Cookie");
 231         headerField = stripCookie(headerField);
 232
 233         String csrf = getCSRF(csrfConn);
 234         uc.addRequestProperty("Cookie", headerField);
 235         uc.setDoOutput(true);
 236         uc.getOutputStream().write((param + "&csrf=" + csrf).getBytes("UTF-8"));
 237         String d = IOUtils.readURL(uc);
 238         return d;
 239     }
 240
 241     public static org.hamcrest.Matcher<String> hasError() {
 242         return CoreMatchers.containsString("<div class='alert alert-danger error-msgs'>");
 243     }
 244
 245     public static org.hamcrest.Matcher<String> hasNoError() {
 246         return CoreMatchers.not(hasError());
 247     }
 248
 249     public static String fetchStartErrorMessage(String d) throws IOException {
 250         String formFail = "<div class='alert alert-danger error-msgs'>";
 251         int idx = d.indexOf(formFail);
 252         if (idx == -1) {
 253             return null;
 254         }
 255         String startError = d.substring(idx + formFail.length(), idx + formFail.length() + 150).trim();
 256         return startError;
 257     }
 258
 259     public static void registerUser(String firstName, String lastName, String email, String password) {
 260         try {
 261             String query = "name-type=western&fname=" + URLEncoder.encode(firstName, "UTF-8") + "&lname=" + URLEncoder.encode(lastName, "UTF-8") + "&email=" + URLEncoder.encode(email, "UTF-8") + "&pword1=" + URLEncoder.encode(password, "UTF-8") + "&pword2=" + URLEncoder.encode(password, "UTF-8") + "&day=1&month=1&year=1910&tos_agree=1";
 262             String data = fetchStartErrorMessage(runRegister(query));
 263             assertNull(data);
 264         } catch (UnsupportedEncodingException e) {
 265             throw new Error(e);
 266         } catch (IOException e) {
 267             throw new Error(e);
 268         }
 269     }
 270
 271     public static int createVerifiedUser(String firstName, String lastName, String email, String password) {
 272         registerUser(firstName, lastName, email, password);
 273         try {
 274             ter.receive().verify();
 275
 276             try (GigiPreparedStatement ps = new GigiPreparedStatement("SELECT `id` FROM `users` WHERE `email`=?")) {
 277                 ps.setString(1, email);
 278
 279                 GigiResultSet rs = ps.executeQuery();
 280                 if (rs.next()) {
 281                     return rs.getInt(1);
 282                 }
 283             }
 284
 285             throw new Error();
 286         } catch (IOException e) {
 287             throw new Error(e);
 288         }
 289     }
 290
 291     public static void grant(User u, Group g) throws IOException, GigiApiException {
 292         u.grantGroup(getSupporter(), g);
 293         clearCaches();
 294     }
 295
 296     /**
 297      * Creates a new user with 100 Verification Points given by an (invalid)
 298      * verification.
 299      *
 300      * @param firstName
 301      *            the first name
 302      * @param lastName
 303      *            the last name
 304      * @param email
 305      *            the email
 306      * @param password
 307      *            the password
 308      * @return a new userid.
 309      */
 310     public static int createAssuranceUser(String firstName, String lastName, String email, String password) {
 311         int uid = createVerifiedUser(firstName, lastName, email, password);
 312
 313         makeAssurer(uid);
 314
 315         return uid;
 316     }
 317
 318     protected static String stripCookie(String headerField) {
 319         return headerField.substring(0, headerField.indexOf(';'));
 320     }
 321
 322     public static final String SECURE_REFERENCE = MyDetails.PATH;
 323
 324     public static boolean isLoggedin(String cookie) throws IOException {
 325         URL u = new URL("https://" + getServerName() + SECURE_REFERENCE);
 326         HttpURLConnection huc = (HttpURLConnection) u.openConnection();
 327         huc.addRequestProperty("Cookie", cookie);
 328         return huc.getResponseCode() == 200;
 329     }
 330
 331     public static String login(String email, String pw) throws IOException {
 332         URL u = new URL("https://" + getServerName() + "/login");
 333         HttpURLConnection huc = (HttpURLConnection) u.openConnection();
 334
 335         String csrf = getCSRF(huc);
 336         String headerField = stripCookie(huc.getHeaderField("Set-Cookie"));
 337
 338         huc = (HttpURLConnection) u.openConnection();
 339         cookie(huc, headerField);
 340         huc.setDoOutput(true);
 341         OutputStream os = huc.getOutputStream();
 342         String data = "username=" + URLEncoder.encode(email, "UTF-8") + "&password=" + URLEncoder.encode(pw, "UTF-8") + "&csrf=" + URLEncoder.encode(csrf, "UTF-8");
 343         os.write(data.getBytes("UTF-8"));
 344         os.flush();
 345         headerField = huc.getHeaderField("Set-Cookie");
 346         if (headerField == null) {
 347             return "";
 348         }
 349         return stripCookie(headerField);
 350     }
 351
 352     public static String login(final PrivateKey pk, final X509Certificate ce) throws NoSuchAlgorithmException, KeyManagementException, IOException, MalformedURLException {
 353
 354         HttpURLConnection connection = (HttpURLConnection) new URL("https://" + getServerName().replaceFirst("^www.", "secure.") + "/login").openConnection();
 355         authenticateClientCert(pk, ce, connection);
 356         if (connection.getResponseCode() == 302) {
 357             assertEquals("https://" + getServerName().replaceFirst("^www.", "secure.").replaceFirst(":443$", "") + "/", connection.getHeaderField("Location").replaceFirst(":443$", ""));
 358             return stripCookie(connection.getHeaderField("Set-Cookie"));
 359         } else {
 360             return null;
 361         }
 362     }
 363
 364     public static void authenticateClientCert(final PrivateKey pk, final X509Certificate ce, HttpURLConnection connection) throws NoSuchAlgorithmException, KeyManagementException {
 365         KeyManager km = new X509KeyManager() {
 366
 367             @Override
 368             public String chooseClientAlias(String[] arg0, Principal[] arg1, Socket arg2) {
 369                 return "client";
 370             }
 371
 372             @Override
 373             public String chooseServerAlias(String arg0, Principal[] arg1, Socket arg2) {
 374                 return null;
 375             }
 376
 377             @Override
 378             public X509Certificate[] getCertificateChain(String arg0) {
 379                 return new X509Certificate[] {
 380                         ce
 381                 };
 382             }
 383
 384             @Override
 385             public String[] getClientAliases(String arg0, Principal[] arg1) {
 386                 return new String[] {
 387                         "client"
 388                 };
 389             }
 390
 391             @Override
 392             public PrivateKey getPrivateKey(String arg0) {
 393                 if (arg0.equals("client")) {
 394                     return pk;
 395                 }
 396                 return null;
 397             }
 398
 399             @Override
 400             public String[] getServerAliases(String arg0, Principal[] arg1) {
 401                 return new String[] {
 402                         "client"
 403                 };
 404             }
 405         };
 406         SSLContext sc = SSLContext.getInstance("TLS");
 407         sc.init(new KeyManager[] {
 408                 km
 409         }, null, null);
 410         if (connection instanceof HttpsURLConnection) {
 411             ((HttpsURLConnection) connection).setSSLSocketFactory(sc.getSocketFactory());
 412         }
 413     }
 414
 415     public static String getCSRF(URLConnection u) throws IOException {
 416         return getCSRF(u, 0);
 417     }
 418
 419     public static String getCSRF(URLConnection u, int formIndex) throws IOException {
 420         String content = IOUtils.readURL(u);
 421         return getCSRF(formIndex, content);
 422     }
 423
 424     public static String getCSRF(int formIndex, String content) throws Error {
 425         Pattern p = Pattern.compile("<input type='hidden' name='csrf' value='([^']+)'>");
 426         Matcher m = p.matcher(content);
 427         for (int i = 0; i < formIndex + 1; i++) {
 428             if ( !m.find()) {
 429                 throw new Error("No CSRF Token");
 430             }
 431         }
 432         return m.group(1);
 433     }
 434
 435     public static String executeBasicWebInteraction(String cookie, String path, String query) throws MalformedURLException, UnsupportedEncodingException, IOException {
 436         return executeBasicWebInteraction(cookie, path, query, 0);
 437     }
 438
 439     public static String executeBasicWebInteraction(String cookie, String path, String query, int formIndex) throws IOException, MalformedURLException, UnsupportedEncodingException {
 440         URLConnection uc = post(cookie, path, query, formIndex);
 441         String error = fetchStartErrorMessage(IOUtils.readURL(uc));
 442         return error;
 443     }
 444
 445     public static HttpURLConnection post(String cookie, String path, String query, int formIndex) throws IOException, MalformedURLException, UnsupportedEncodingException {
 446         URLConnection uc = new URL("https://" + getServerName() + path).openConnection();
 447         uc.addRequestProperty("Cookie", cookie);
 448         String csrf = getCSRF(uc, formIndex);
 449
 450         uc = new URL("https://" + getServerName() + path).openConnection();
 451         uc.addRequestProperty("Cookie", cookie);
 452         uc.setDoOutput(true);
 453         OutputStream os = uc.getOutputStream();
 454         os.write(("csrf=" + URLEncoder.encode(csrf, "UTF-8") + "&" //
 455                 + query//
 456         ).getBytes("UTF-8"));
 457         os.flush();
 458         return (HttpURLConnection) uc;
 459     }
 460
 461     public static HttpURLConnection get(String cookie, String path) throws IOException {
 462         URLConnection uc = new URL("https://" + getServerName() + path).openConnection();
 463         uc.addRequestProperty("Cookie", cookie);
 464         return (HttpURLConnection) uc;
 465     }
 466
 467     public EmailAddress createVerifiedEmail(User u) throws InterruptedException, GigiApiException {
 468         return createVerifiedEmail(u, createUniqueName() + "test@test.tld");
 469     }
 470
 471     public EmailAddress createVerifiedEmail(User u, String email) throws InterruptedException, GigiApiException {
 472         EmailAddress addr = new EmailAddress(u, email, Locale.ENGLISH);
 473         TestMail testMail = getMailReceiver().receive();
 474         assertEquals(addr.getAddress(), testMail.getTo());
 475         String hash = testMail.extractLink().substring(testMail.extractLink().lastIndexOf('=') + 1);
 476         addr.verify(hash);
 477         getMailReceiver().clearMails();
 478         return addr;
 479     }
 480
 481     public static URLConnection cookie(URLConnection openConnection, String cookie) {
 482         openConnection.setRequestProperty("Cookie", cookie);
 483         return openConnection;
 484     }
 485
 486     private static User supporter;
 487
 488     public static User getSupporter() throws GigiApiException, IOException {
 489         if (supporter != null) {
 490             return supporter;
 491         }
 492         int i = createVerifiedUser("fn", "ln", createUniqueName() + "@email.com", TEST_PASSWORD);
 493         try (GigiPreparedStatement ps = new GigiPreparedStatement("INSERT INTO `user_groups` SET `user`=?, `permission`=?::`userGroup`, `grantedby`=?")) {
 494             ps.setInt(1, i);
 495             ps.setString(2, Group.SUPPORTER.getDatabaseName());
 496             ps.setInt(3, i);
 497             ps.execute();
 498         }
 499         clearCaches();
 500         supporter = User.getById(i);
 501         return supporter;
 502     }
 503 }