TexaiSSLContextFactoryTest.java

/*
 * TexaiSSLContextFactoryTest.java
 *
 * Created on Jun 30, 2008, 12:03:07 PM
 *
 * Description: .
 *
 * Copyright (C) Feb 5, 2010 reed.
 *
 * This program is free software; you can redistribute it and/or modify it under the terms
 * of the GNU General Public License as published by the Free Software Foundation; either
 * version 3 of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
 * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 * See the GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along with this program;
 * if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 */
package org.texai.ssl;

import java.security.InvalidKeyException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.log4j.Logger;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.texai.x509.KeyStoreTestUtils;
import org.texai.x509.X509SecurityInfo;
import org.texai.x509.X509Utils;
import static org.junit.Assert.*;

/**
 *
 * @author reed
 */
public class TexaiSSLContextFactoryTest {

  /** the logger */
  private static final Logger LOGGER = Logger.getLogger(TexaiSSLContextFactoryTest.class);

  public TexaiSSLContextFactoryTest() {
  }

  @BeforeClass
  public static void setUpClass() throws Exception {
  }

  @AfterClass
  public static void tearDownClass() throws Exception {
  }

  @Before
  public void setUp() {
  }

  @After
  public void tearDown() {
  }

  /**
   * Test of a TrustManagerFactory.
   */
  @Test
  public void testTrustManagerFactory() {
    LOGGER.info("testTrustManagerFactory");
    try {
      final TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
      trustManagerFactory.init(X509Utils.getTruststore());
      final TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
      assertTrue(trustManagers.length > 0);
      X509TrustManager x509TrustManager = null;
      for (final TrustManager trustManager : trustManagers) {
        LOGGER.info("trustManager class: " + trustManager.getClass().getName());
        if (trustManager instanceof X509TrustManager) {
          x509TrustManager = (X509TrustManager) trustManager;
        }
      }
      assertNotNull(x509TrustManager);
      X509Certificate[] acceptedIssuers = x509TrustManager.getAcceptedIssuers();
      assertNotNull(acceptedIssuers);
      assertEquals(1, acceptedIssuers.length);
      assertEquals("CN=texai.org, O=Texai Certification Authority, UID=ed6d6718-80de-4848-af43-fed7bdba3c36", acceptedIssuers[0].getSubjectX500Principal().toString());
      Certificate[] chain = KeyStoreTestUtils.getClientKeyStore().getCertificateChain(X509Utils.ENTRY_ALIAS);
      assertNotNull(chain);
      assertEquals(2, chain.length);
      X509Certificate[] x509Chain = {(X509Certificate) chain[0], (X509Certificate) chain[1]};
      final X509Certificate clientX509Certificate = x509Chain[0];
      final X509Certificate rootX509Certificate = x509Chain[1];
      LOGGER.info("client certificate: " + clientX509Certificate);
      assertTrue(clientX509Certificate.getSubjectX500Principal().toString().contains("CN=texai.org"));
      LOGGER.info("root certificate: " + rootX509Certificate);
      assertEquals("CN=texai.org, O=Texai Certification Authority, UID=ed6d6718-80de-4848-af43-fed7bdba3c36", rootX509Certificate.getSubjectX500Principal().toString());
      final PublicKey rootPublicKey = rootX509Certificate.getPublicKey();
      LOGGER.info("rootPublicKey: " + rootPublicKey);
      clientX509Certificate.verify(rootPublicKey);
      x509TrustManager.checkClientTrusted(x509Chain, "RSA");
    } catch (InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | CertificateException ex) {
      ex.printStackTrace();
      fail(ex.getMessage());
    }

  }

  /**
   * Test of getSSLContext method, of class TexaiSSLContextFactory.
   */
  @Test
  public void testConfigureSSLEngine() {
    LOGGER.info("configureSSLEngine");
    final X509SecurityInfo x509SecurityInfo = KeyStoreTestUtils.getServerX509SecurityInfo();
    try {
      final SSLContext sslContext = TexaiSSLContextFactory.getSSLContext(x509SecurityInfo);
      SSLEngine sslEngine = sslContext.createSSLEngine();
      assertFalse(sslEngine.getNeedClientAuth());
      assertFalse(sslEngine.getUseClientMode());
      final List<String> enabledCipherSuites = new ArrayList<>();
      LOGGER.info("default ciphers ...");
      for (final String enabledCipherSuite : sslEngine.getEnabledCipherSuites()) {
        enabledCipherSuites.add(enabledCipherSuite);
        LOGGER.info("  " + enabledCipherSuite);
      }

      // client SSL engine
      boolean useClientMode = true;
      TexaiSSLContextFactory.configureSSLEngine(sslEngine, useClientMode, true);
      assertFalse(sslEngine.getNeedClientAuth());
      assertTrue(sslEngine.getUseClientMode());
      enabledCipherSuites.clear();
      LOGGER.info("configured client ciphers ...");
      for (final String enabledCipherSuite : sslEngine.getEnabledCipherSuites()) {
        enabledCipherSuites.add(enabledCipherSuite);
        LOGGER.info("  " + enabledCipherSuite);
      }

      // server SSL engine
      sslEngine = sslContext.createSSLEngine();
      assertFalse(sslEngine.getNeedClientAuth());
      assertFalse(sslEngine.getUseClientMode());
      useClientMode = false;
      TexaiSSLContextFactory.configureSSLEngine(sslEngine, useClientMode, true);
      assertTrue(sslEngine.getNeedClientAuth());
      assertFalse(sslEngine.getUseClientMode());
      enabledCipherSuites.clear();
      LOGGER.info("configured server ciphers ...");
      for (final String enabledCipherSuite : sslEngine.getEnabledCipherSuites()) {
        enabledCipherSuites.add(enabledCipherSuite);
        LOGGER.info("  " + enabledCipherSuite);
      }
    } catch (Exception ex) {
      fail(ex.getMessage());
    }
  }

  /**
   * Test of getSSLContext method, of class TexaiSSLContextFactory.
   */
  @Test
  public void testGetSSLContext() {
    LOGGER.info("getSSLContext");
    final X509SecurityInfo x509SecurityInfo = KeyStoreTestUtils.getServerX509SecurityInfo();
    try {
      final SSLContext sslContext = TexaiSSLContextFactory.getSSLContext(x509SecurityInfo);
      assertEquals("TLS", sslContext.getProtocol());
      assertEquals("SunJSSE version 1.8", sslContext.getProvider().toString());
      final SSLEngine sslEngine = sslContext.createSSLEngine();
      assertFalse(sslEngine.getNeedClientAuth());
      sslEngine.setNeedClientAuth(true);
      assertTrue(sslEngine.getNeedClientAuth());
    } catch (Exception ex) {
      fail(ex.getMessage());
    }

  }
}