X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=tests%2Forg%2Fcacert%2Fgigi%2Fping%2FTestSSL.java;fp=tests%2Forg%2Fcacert%2Fgigi%2Fping%2FTestSSL.java;h=0000000000000000000000000000000000000000;hp=e0c78bd0a0edae15ddc628cd5e471515422184d9;hb=bccd4cc0dba0f89aa045b113bac46eb8cc1dab4e;hpb=c9ed09f0007fc2c813815be927a5a24b23dab83c diff --git a/tests/org/cacert/gigi/ping/TestSSL.java b/tests/org/cacert/gigi/ping/TestSSL.java deleted file mode 100644 index e0c78bd0..00000000 --- a/tests/org/cacert/gigi/ping/TestSSL.java +++ /dev/null @@ -1,334 +0,0 @@ -package org.cacert.gigi.ping; - -import static org.junit.Assert.*; -import static org.junit.Assume.*; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.net.Socket; -import java.net.URLEncoder; -import java.security.GeneralSecurityException; -import java.security.KeyManagementException; -import java.security.KeyPair; -import java.security.NoSuchAlgorithmException; -import java.security.Principal; -import java.security.PrivateKey; -import java.security.SecureRandom; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; -import java.security.cert.X509Certificate; -import java.sql.SQLException; -import java.util.Arrays; -import java.util.Date; -import java.util.HashMap; -import java.util.LinkedList; -import java.util.List; -import java.util.regex.Matcher; -import java.util.regex.Pattern; - -import javax.net.ssl.KeyManager; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLServerSocket; -import javax.net.ssl.SSLServerSocketFactory; -import javax.net.ssl.TrustManager; -import javax.net.ssl.X509KeyManager; -import javax.net.ssl.X509TrustManager; -import javax.security.auth.x500.X500Principal; - -import org.cacert.gigi.GigiApiException; -import org.cacert.gigi.database.DatabaseConnection; -import org.cacert.gigi.database.DatabaseConnection.Link; -import org.cacert.gigi.dbObjects.Certificate; -import org.cacert.gigi.dbObjects.Certificate.CSRType; -import org.cacert.gigi.dbObjects.CertificateProfile; -import org.cacert.gigi.dbObjects.Digest; -import org.cacert.gigi.dbObjects.Job; -import org.cacert.gigi.dbObjects.User; -import org.cacert.gigi.testUtils.IOUtils; -import org.cacert.gigi.testUtils.PingTest; -import org.cacert.gigi.testUtils.TestEmailReceiver.TestMail; -import org.cacert.gigi.util.SimpleSigner; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.junit.runners.Parameterized; -import org.junit.runners.Parameterized.Parameter; -import org.junit.runners.Parameterized.Parameters; - -@RunWith(Parameterized.class) -public class TestSSL extends PingTest { - - @Parameters(name = "self-signed = {0}") - public static Iterable genParams() throws IOException { - return Arrays.asList(new Object[] { - true - }, new Object[] { - false - }); - - } - - @Parameter - public Boolean self = false; - - public abstract static class AsyncTask { - - T res; - - Thread runner; - - Exception ex; - - public T join() throws InterruptedException { - runner.join(); - if (ex != null) { - throw new Error(ex); - } - return res; - } - - public void start() { - runner = new Thread() { - - @Override - public void run() { - try { - res = AsyncTask.this.run(); - } catch (Exception e) { - ex = e; - } - } - }; - runner.start(); - } - - public abstract T run() throws Exception; - - } - - private KeyPair kp; - - private X509Certificate c; - - @Test(timeout = 70000) - public void sslAndMailSuccess() throws IOException, InterruptedException, SQLException, GeneralSecurityException, GigiApiException { - testEmailAndSSL(0, 0, true); - } - - @Test(timeout = 70000) - public void sslWongTypeAndMailSuccess() throws IOException, InterruptedException, SQLException, GeneralSecurityException, GigiApiException { - testEmailAndSSL(1, 0, true); - } - - @Test(timeout = 70000) - public void sslOneMissingAndMailSuccess() throws IOException, InterruptedException, SQLException, GeneralSecurityException, GigiApiException { - testEmailAndSSL(2, 0, true); - } - - @Test(timeout = 70000) - public void sslBothMissingAndMailSuccess() throws IOException, InterruptedException, SQLException, GeneralSecurityException, GigiApiException { - testEmailAndSSL(3, 0, true); - } - - @Test(timeout = 70000) - public void sslWrongTypeAndMailFail() throws IOException, InterruptedException, SQLException, GeneralSecurityException, GigiApiException { - testEmailAndSSL(1, 1, false); - } - - private void testEmailAndSSL(int sslVariant, int emailVariant, boolean successMail) throws IOException, InterruptedException, SQLException, GeneralSecurityException, GigiApiException { - try (Link link = DatabaseConnection.newLink(false)) { - testEmailAndSSLWithLink(sslVariant, emailVariant, successMail); - } - } - - /** - * @param sslVariant - * - * @param emailVariant - * @param successSSL - * @param successMail - * @throws IOException - * @throws InterruptedException - * @throws SQLException - * @throws GeneralSecurityException - * @throws GigiApiException - */ - - private void testEmailAndSSLWithLink(int sslVariant, int emailVariant, boolean successMail) throws IOException, InterruptedException, SQLException, GeneralSecurityException, GigiApiException { - String test = getTestProps().getProperty("domain.local"); - assumeNotNull(test); - Matcher m = initailizeDomainForm(); - String value = m.group(2); - - if (self) { - createCertificateSelf(test, sslVariant == 1 ? "clientAuth" : "serverAuth", value); - } else { - createCertificate(test, CertificateProfile.getByName(sslVariant == 1 ? "client" : "server")); - } - - final SSLServerSocket sss = createSSLServer(kp.getPrivate(), c); - int port = sss.getLocalPort(); - final SSLServerSocket sss2 = createSSLServer(kp.getPrivate(), c); - int port2 = sss2.getLocalPort(); - if (sslVariant == 3 || sslVariant == 2) { - sss2.close(); - if (sslVariant == 3) { - sss.close(); - } - } - String content = "adddomain&newdomain=" + URLEncoder.encode(test, "UTF-8") + // - "&emailType=y&email=2&SSLType=y" + // - "&ssl-type-0=direct&ssl-port-0=" + port + // - "&ssl-type-1=direct&ssl-port-1=" + port2 + // - "&ssl-type-2=direct&ssl-port-2=" + // - "&ssl-type-3=direct&ssl-port-3=" + // - "&adddomain&csrf=" + csrf; - String p2 = sendDomainForm(content); - boolean firstSucceeds = sslVariant != 0 && sslVariant != 2; - AsyncTask ass = new AsyncTask() { - - @Override - public Boolean run() throws Exception { - return acceptSSLServer(sss); - } - }; - ass.start(); - System.out.println(port + " and " + port2 + " ready"); - System.err.println(port + " and " + port2 + " ready"); - boolean accept2 = acceptSSLServer(sss2); - boolean accept1 = ass.join(); - // assertTrue(firstSucceeds ^ accept1); - boolean secondsSucceeds = sslVariant != 0; - // assertTrue(secondsSucceeds ^ accept2); - - TestMail mail = getMailReceiver().receive(); - if (emailVariant == 0) { - mail.verify(); - } - waitForPings(3); - - String newcontent = IOUtils.readURL(get(p2)); - Pattern pat = Pattern.compile("ssl\\s*success"); - Matcher matcher = pat.matcher(newcontent); - assertTrue(newcontent, firstSucceeds ^ matcher.find()); - assertTrue(newcontent, secondsSucceeds ^ matcher.find()); - assertFalse(newcontent, matcher.find()); - pat = Pattern.compile("email\\s*success"); - assertTrue(newcontent, !successMail ^ pat.matcher(newcontent).find()); - } - - private void createCertificate(String test, CertificateProfile profile) throws GeneralSecurityException, IOException, SQLException, InterruptedException, GigiApiException { - kp = generateKeypair(); - String csr = generatePEMCSR(kp, "CN=" + test); - User u = User.getById(id); - Certificate c = new Certificate(u, u, Certificate.buildDN("CN", test), Digest.SHA256, csr, CSRType.CSR, profile); - Job j = c.issue(null, "2y", u); - await(j); - this.c = c.cert(); - } - - private void createCertificateSelf(String test, String eku, String tok) throws GeneralSecurityException, IOException, SQLException, InterruptedException, GigiApiException { - kp = generateKeypair(); - HashMap name = new HashMap<>(); - name.put("CN", ""); - name.put("OU", tok); - - Date from = new Date(); - Date to = new Date(from.getTime() + 1000 * 60 * 60 * 2); - List l = new LinkedList<>(); - - byte[] cert = SimpleSigner.generateCert(kp.getPublic(), kp.getPrivate(), name, new X500Principal(SimpleSigner.genX500Name(name).getEncoded()), l, from, to, Digest.SHA256, eku); - c = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(cert)); - } - - private boolean acceptSSLServer(SSLServerSocket sss) throws IOException { - try (Socket s = sss.accept()) { - s.getOutputStream().write('b'); - s.getOutputStream().close(); - return true; - } catch (IOException e) { - return false; - } - } - - private SSLServerSocket createSSLServer(final PrivateKey priv, final X509Certificate cert) throws Error, IOException { - SSLContext sc; - try { - sc = SSLContext.getInstance("SSL"); - sc.init(new KeyManager[] { - new X509KeyManager() { - - @Override - public String[] getServerAliases(String keyType, Principal[] issuers) { - return new String[] { - "server" - }; - } - - @Override - public PrivateKey getPrivateKey(String alias) { - return priv; - } - - @Override - public String[] getClientAliases(String keyType, Principal[] issuers) { - throw new Error(); - } - - @Override - public X509Certificate[] getCertificateChain(String alias) { - return new X509Certificate[] { - cert - }; - } - - @Override - public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) { - throw new Error(); - } - - @Override - public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) { - return "server"; - } - - } - }, new TrustManager[] { - new X509TrustManager() { - - @Override - public X509Certificate[] getAcceptedIssuers() { - return null; - } - - @Override - public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {} - - @Override - public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {} - } - }, new SecureRandom()); - } catch (NoSuchAlgorithmException e) { - e.printStackTrace(); - throw new Error(e); - } catch (KeyManagementException e) { - e.printStackTrace(); - throw new Error(e); - } - - SSLServerSocketFactory sssf = sc.getServerSocketFactory(); - return (SSLServerSocket) sssf.createServerSocket(0); - } - - public static void main(String[] args) throws Exception { - initEnvironment(); - TestSSL t1 = new TestSSL(); - t1.sslAndMailSuccess(); - tearDownServer(); - } - -}