HostnameCheckerTest.java example

Explorer

canl-java-master
- src
  - main
    - java
      - eu
        emi
        security
        authn
        x509
        CommonX509TrustManager.java
        CrlCheckingMode.java
        NamespaceCheckingMode.java
        OCSPCheckingMode.java
        OCSPParametes.java
        OCSPResponder.java
        ProxySupport.java
        RevocationParameters.java
        StoreUpdateListener.java
        ValidationError.java
        ValidationErrorCategory.java
        ValidationErrorCode.java
        ValidationErrorListener.java
        ValidationResult.java
        X509CertChainValidator.java
        X509CertChainValidatorExt.java
        X509Credential.java
        helpers
        AbstractDelegatingX509Credential.java
        AbstractX509Credential.java
        BinaryCertChainValidator.java
        CachedElement.java
        CachedPEMReader.java
        CertificateHelpers.java
        CharArrayPasswordFinder.java
        DNComparator.java
        FlexiblePEMReader.java
        JavaAndBCStyle.java
        KeyStoreHelper.java
        ObserversHandler.java
        PKCS8DERReader.java
        PasswordSupplier.java
        ReaderInputStream.java
        WeakTimerTask.java
        crl
        AbstractCRLStoreSPI.java
        LazyOpensslCRLStoreSpi.java
        OpensslCRLStoreSpi.java
        PlainCRLStoreSpi.java
        SimpleCRLStore.java
        package-info.java
        ns
        AbstractEuGridPmaNamespacesStore.java
        AbstractGlobusNamespacesStore.java
        AbstractNamespacesStore.java
        EuGridPmaNamespacesParser.java
        EuGridPmaNamespacesStore.java
        GlobusNamespacesParser.java
        GlobusNamespacesStore.java
        LazyEuGridPmaNamespacesStore.java
        LazyGlobusNamespacesStore.java
        NamespaceChecker.java
        NamespacePolicy.java
        NamespacesParser.java
        NamespacesStore.java
        OpensslNamespacePolicyImpl.java
        ParserUtils.java
        package-info.java
        ocsp
        BoundedSizeLruMap.java
        OCSPCacheBase.java
        OCSPCachingClient.java
        OCSPClientImpl.java
        OCSPRespondersCache.java
        OCSPResponseStructure.java
        OCSPResponsesCache.java
        OCSPResult.java
        OCSPRevocationChecker.java
        OCSPVerifier.java
        package-info.java
        package-info.java
        pkipath
        AbstractValidator.java
        BCCertPathValidator.java
        BCErrorMapper.java
        ExtPKIXParameters2.java
        NonValidatingCertPathBuilder.java
        PKIXProxyCertificateChecker.java
        PlainCRLValidator.java
        PlainStoreUtils.java
        SimpleValidationErrorException.java
        ValidationErrorException.java
        bc
        CertPathValidatorUtilities.java
        CertPathValidatorUtilitiesCanl.java
        CertStatus.java
        FixedBCPKIXCertPathReviewer.java
        PKIXCRLUtil.java
        PKIXPolicyNode.java
        PrincipalUtils.java
        RFC3280CertPathUtilities.java
        RFC3280CertPathUtilitiesCanl.java
        ReasonsMask.java
        package-info.java
        package-info.java
        proxy
        DraftRFCProxyCertInfoExtension.java
        ExtendedProxyType.java
        IPAddressHelper.java
        ProxyACExtension.java
        ProxyAddressRestrictionData.java
        ProxyCSRImpl.java
        ProxyCertInfoExtension.java
        ProxyCertificateImpl.java
        ProxyGeneratorHelper.java
        ProxyHelper.java
        ProxySAMLExtension.java
        ProxyTracingExtension.java
        RFCProxyCertInfoExtension.java
        X509v3CertificateBuilder.java
        package-info.java
        revocation
        CRLRevocationChecker.java
        RevocationChecker.java
        RevocationStatus.java
        package-info.java
        ssl
        CredentialX509KeyManager.java
        HostnameToCertificateChecker.java
        SSLTrustManager.java
        package-info.java
        trust
        AbstractTrustAnchorStore.java
        DirectoryTrustAnchorStore.java
        JDKFSTrustAnchorStore.java
        JDKInMemoryTrustAnchorStore.java
        LazyOpensslTrustAnchorStoreImpl.java
        OpensslTrustAnchorStore.java
        OpensslTrustAnchorStoreImpl.java
        OpensslTruststoreHelper.java
        TimedTrustAnchorStoreBase.java
        TrustAnchorExt.java
        TrustAnchorStore.java
        package-info.java
        impl
        AbstractHostnameToCertificateChecker.java
        CRLParameters.java
        CertificateUtils.java
        DERCredential.java
        DirectoryCertChainValidator.java
        FormatMode.java
        HostnameMismatchCallback.java
        InMemoryKeystoreCertChainValidator.java
        KeyAndCertCredential.java
        KeystoreCertChainValidator.java
        KeystoreCredential.java
        OpensslCertChainValidator.java
        OpensslNameUtils.java
        PEMCredential.java
        RevocationParametersExt.java
        SocketFactoryCreator.java
        ValidatorParams.java
        ValidatorParamsExt.java
        X500NameUtils.java
        X509Formatter.java
        package-info.java
        package-info.java
        proxy
        BaseProxyCertificateOptions.java
        CertificateExtension.java
        OidAndValue.java
        ProxyCSR.java
        ProxyCSRGenerator.java
        ProxyCSRInfo.java
        ProxyCertificate.java
        ProxyCertificateOptions.java
        ProxyChainInfo.java
        ProxyChainType.java
        ProxyGenerator.java
        ProxyPolicy.java
        ProxyRequestOptions.java
        ProxyType.java
        ProxyUtils.java
        package-info.java
  - test
    - java
      - eu
        emi
        security
        authn
        x509
        ErrorTest.java
        Examples.java
        RiskyIntegrationTests.java
        impl
        CRLIfValidTest.java
        CRLTest.java
        CertificateUtilsTest.java
        CredentialsTest.java
        GLiteValidatorTest.java
        HostnameCheckerTest.java
        NISTValidator01_5Test.java
        NISTValidator06_12Test.java
        NISTValidator13_16Test.java
        NISTValidatorTestBase.java
        OpensslNamesTest.java
        OpensslNewHashTest.java
        OpensslStrangeDNProducer.java
        OpensslValidatorStressTest.java
        OpensslValidatorTest.java
        RolloverTest.java
        TestDirectoryValidator.java
        TestKSValidators.java
        TestSSLHelpers.java
        V1CertValidationTest.java
        ValidatorTestBase.java
        X500NameUtilsTest.java
        ns
        Case.java
        GlobusParserTest.java
        NamespacesParserTest.java
        OpensslDirTest.java
        ocsp
        CacheTest.java
        OCSPClientTest.java
        OCSPIntegrationTest.java
        proxy
        ExtensionsTest.java
        PathRetrievalTest.java
        ProxyGenerationTest.java
        TestDraftRFCProxy.java

/*
 * Copyright (c) 2011-2012 ICM Uniwersytet Warszawski All rights reserved.
 * See LICENCE file for licensing information.
 *
 * Derived from the code copyrighted and licensed as follows:
 * 
 * Copyright (c) Members of the EGEE Collaboration. 2004.
 * See http://www.eu-egee.org/partners/ for details on the copyright
 * holders.
 * 
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * 
 *    http://www.apache.org/licenses/LICENSE-2.0
 *    
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package eu.emi.security.authn.x509.impl;

import java.io.FileInputStream;
import java.security.cert.X509Certificate;

import static org.junit.Assert.*;
import org.junit.Test;

import eu.emi.security.authn.x509.helpers.ssl.HostnameToCertificateChecker;
import eu.emi.security.authn.x509.impl.CertificateUtils.Encoding;

public class HostnameCheckerTest
{
	public final String PFX = "src/test/resources/glite-utiljava/trusted-certs/";
	
	@Test
	public void testPattern()
	{
		System.out.println(HostnameToCertificateChecker.makeRegexpHostWildcard(
				"*.aaa.*dd.ss*.*.dd*dd*dd*.[a-zA-Z]+.*"));
		
		System.out.println(HostnameToCertificateChecker.matchesDNS(
				"a.aaa.dd.sss.a.ddaaddaaddaaa.aaa.d",
				"*.aaa.*dd.ss*.*.dd*dd*dd*.[a-zA-Z]+.*"));
	}

	@Test
	public void testMatching() throws Exception
	{
		HostnameToCertificateChecker checker = new HostnameToCertificateChecker();
		
		X509Certificate altnameCert = CertificateUtils.loadCertificate(
				new FileInputStream(PFX + "trusted_altname.cert"),
				Encoding.PEM);
		assertTrue(checker.checkMatching("ja.hoo.org", altnameCert));
		assertTrue(checker.checkMatching("joo.haa.org", altnameCert));
		assertTrue(checker.checkMatching("123.124.220.1", altnameCert));
		assertTrue(checker.checkMatching("ga.easda.com", altnameCert));
		assertFalse(checker.checkMatching("da.easda.com", altnameCert));
		assertFalse(checker.checkMatching("123.124.220.12", altnameCert));
		assertFalse(checker.checkMatching("xxx.foo.bar", altnameCert));
		assertFalse(checker.checkMatching("ja.ja.hoo.org", altnameCert));

		
		X509Certificate altname2Cert = CertificateUtils.loadCertificate(
				new FileInputStream(PFX + "trusted_altname_2.cert"),
				Encoding.PEM);
		assertTrue(checker.checkMatching("ja.hoo.org", altname2Cert));
		assertTrue(checker.checkMatching("joo.haa.org", altname2Cert));
		assertTrue(checker.checkMatching("123.124.220.1", altname2Cert));
		assertTrue(checker.checkMatching("ga.easda.com", altname2Cert));
		assertFalse(checker.checkMatching("da.easda.com", altname2Cert));
		assertFalse(checker.checkMatching("123.124.220.12", altname2Cert));
		assertFalse(checker.checkMatching("xxx.foo.bar", altname2Cert));
		assertFalse(checker.checkMatching("ja.ja.hoo.org", altname2Cert));

		
		X509Certificate dnsDNCert = CertificateUtils.loadCertificate(
				new FileInputStream(PFX + "trusted_server2.cert"),
				Encoding.PEM);
		assertFalse(checker.checkMatching("ja.hoo.org", dnsDNCert));
		assertFalse(checker.checkMatching("joo.haa.org", dnsDNCert));
		assertFalse(checker.checkMatching("123.124.220.1", dnsDNCert));
		assertFalse(checker.checkMatching("ga.easda.com", dnsDNCert));
		assertFalse(checker.checkMatching("da.easda.com", dnsDNCert));
		assertFalse(checker.checkMatching("123.124.220.12", dnsDNCert));
		assertTrue(checker.checkMatching("xxx2.foo.bar", dnsDNCert));
		assertFalse(checker.checkMatching("ja.ja.hoo.org", dnsDNCert));

		
		X509Certificate cert = CertificateUtils.loadCertificate(
				new FileInputStream("src/test/resources/glite-utiljava/input/hostcert-email.pem"),
				Encoding.PEM);
		assertTrue(checker.checkMatching("wilco.cnaf.infn.it", cert));
		assertFalse(checker.checkMatching("xxx.cnaf.infn.it", cert));

			
		X509Certificate cert2 = CertificateUtils.loadCertificate(
					new FileInputStream(PFX + "trusted_host_email.cert"),
					Encoding.PEM);
		assertTrue(checker.checkMatching("pchip10.cern.ch", cert2));
		assertTrue(checker.checkMatching("pchip10.cern.ch", cert2));
		assertFalse(checker.checkMatching("xxx.cnaf.infn.it", cert2));

		
		X509Certificate cert3 = CertificateUtils.loadCertificate(
					new FileInputStream(PFX + "trusted_altname3_2.cert"),
					Encoding.PEM);
		assertTrue(checker.checkMatching("pchip10.cern.ch", cert3));
		assertTrue(checker.checkMatching("pchip10.cern.ch", cert3));
		assertFalse(checker.checkMatching("xxx.cnaf.infn.it", cert3));
	}
}