Beispiel #1
0
        public virtual void TestNoTrustStore()
        {
            Configuration conf = CreateConfiguration(false, false);

            conf.Unset(SSLFactory.SslRequireClientCertKey);
            SSLFactory sslFactory = new SSLFactory(SSLFactory.Mode.Server, conf);

            try
            {
                sslFactory.Init();
            }
            finally
            {
                sslFactory.Destroy();
            }
        }
Beispiel #2
0
        public virtual void TestNoClientCertsInitialization()
        {
            Configuration conf = CreateConfiguration(false, true);

            conf.Unset(SSLFactory.SslRequireClientCertKey);
            SSLFactory sslFactory = new SSLFactory(SSLFactory.Mode.Client, conf);

            try
            {
                sslFactory.Init();
            }
            finally
            {
                sslFactory.Destroy();
            }
        }
Beispiel #3
0
        /// <exception cref="System.Exception"/>
        public virtual void InvalidHostnameVerifier()
        {
            Configuration conf = CreateConfiguration(false, true);

            conf.Set(SSLFactory.SslHostnameVerifierKey, "foo");
            SSLFactory sslFactory = new SSLFactory(SSLFactory.Mode.Client, conf);

            try
            {
                sslFactory.Init();
            }
            finally
            {
                sslFactory.Destroy();
            }
        }
Beispiel #4
0
        /// <exception cref="System.Exception"/>
        public virtual void ClientMode()
        {
            Configuration conf       = CreateConfiguration(false, true);
            SSLFactory    sslFactory = new SSLFactory(SSLFactory.Mode.Client, conf);

            try
            {
                sslFactory.Init();
                NUnit.Framework.Assert.IsNotNull(sslFactory.CreateSSLSocketFactory());
                NUnit.Framework.Assert.IsNotNull(sslFactory.GetHostnameVerifier());
                sslFactory.CreateSSLServerSocketFactory();
            }
            finally
            {
                sslFactory.Destroy();
            }
        }
Beispiel #5
0
        public virtual void TestConnectionConfigurator()
        {
            Configuration conf = CreateConfiguration(false, true);

            conf.Set(SSLFactory.SslHostnameVerifierKey, "STRICT_IE6");
            SSLFactory sslFactory = new SSLFactory(SSLFactory.Mode.Client, conf);

            try
            {
                sslFactory.Init();
                HttpsURLConnection sslConn = (HttpsURLConnection) new Uri("https://foo").OpenConnection
                                                 ();
                NUnit.Framework.Assert.AreNotSame("STRICT_IE6", sslConn.GetHostnameVerifier().ToString
                                                      ());
                sslFactory.Configure(sslConn);
                Assert.Equal("STRICT_IE6", sslConn.GetHostnameVerifier().ToString
                                 ());
            }
            finally
            {
                sslFactory.Destroy();
            }
        }
Beispiel #6
0
        /// <exception cref="System.Exception"/>
        private void ServerMode(bool clientCert, bool socket)
        {
            Configuration conf       = CreateConfiguration(clientCert, true);
            SSLFactory    sslFactory = new SSLFactory(SSLFactory.Mode.Server, conf);

            try
            {
                sslFactory.Init();
                NUnit.Framework.Assert.IsNotNull(sslFactory.CreateSSLServerSocketFactory());
                Assert.Equal(clientCert, sslFactory.IsClientCertRequired());
                if (socket)
                {
                    sslFactory.CreateSSLSocketFactory();
                }
                else
                {
                    sslFactory.GetHostnameVerifier();
                }
            }
            finally
            {
                sslFactory.Destroy();
            }
        }
Beispiel #7
0
        public virtual void ValidHostnameVerifier()
        {
            Configuration conf = CreateConfiguration(false, true);

            conf.Unset(SSLFactory.SslHostnameVerifierKey);
            SSLFactory sslFactory = new SSLFactory(SSLFactory.Mode.Client, conf);

            sslFactory.Init();
            Assert.Equal("DEFAULT", sslFactory.GetHostnameVerifier().ToString
                             ());
            sslFactory.Destroy();
            conf.Set(SSLFactory.SslHostnameVerifierKey, "ALLOW_ALL");
            sslFactory = new SSLFactory(SSLFactory.Mode.Client, conf);
            sslFactory.Init();
            Assert.Equal("ALLOW_ALL", sslFactory.GetHostnameVerifier().ToString
                             ());
            sslFactory.Destroy();
            conf.Set(SSLFactory.SslHostnameVerifierKey, "DEFAULT_AND_LOCALHOST");
            sslFactory = new SSLFactory(SSLFactory.Mode.Client, conf);
            sslFactory.Init();
            Assert.Equal("DEFAULT_AND_LOCALHOST", sslFactory.GetHostnameVerifier
                             ().ToString());
            sslFactory.Destroy();
            conf.Set(SSLFactory.SslHostnameVerifierKey, "STRICT");
            sslFactory = new SSLFactory(SSLFactory.Mode.Client, conf);
            sslFactory.Init();
            Assert.Equal("STRICT", sslFactory.GetHostnameVerifier().ToString
                             ());
            sslFactory.Destroy();
            conf.Set(SSLFactory.SslHostnameVerifierKey, "STRICT_IE6");
            sslFactory = new SSLFactory(SSLFactory.Mode.Client, conf);
            sslFactory.Init();
            Assert.Equal("STRICT_IE6", sslFactory.GetHostnameVerifier().ToString
                             ());
            sslFactory.Destroy();
        }
Beispiel #8
0
        /// <summary>
        /// Checks that SSLFactory initialization is successful with the given
        /// arguments.
        /// </summary>
        /// <remarks>
        /// Checks that SSLFactory initialization is successful with the given
        /// arguments.  This is a helper method for writing test cases that cover
        /// different combinations of settings for the store password and key password.
        /// It takes care of bootstrapping a keystore, a truststore, and SSL client or
        /// server configuration.  Then, it initializes an SSLFactory.  If no exception
        /// is thrown, then initialization was successful.
        /// </remarks>
        /// <param name="mode">SSLFactory.Mode mode to test</param>
        /// <param name="password">String store password to set on keystore</param>
        /// <param name="keyPassword">String key password to set on keystore</param>
        /// <param name="confPassword">
        /// String store password to set in SSL config file, or null
        /// to avoid setting in SSL config file
        /// </param>
        /// <param name="confKeyPassword">
        /// String key password to set in SSL config file, or
        /// null to avoid setting in SSL config file
        /// </param>
        /// <param name="useCredProvider">
        /// boolean to indicate whether passwords should be set
        /// into the config or not. When set to true nulls are set and aliases are
        /// expected to be resolved through credential provider API through the
        /// Configuration.getPassword method
        /// </param>
        /// <exception cref="System.Exception">for any error</exception>
        private void CheckSSLFactoryInitWithPasswords(SSLFactory.Mode mode, string password
                                                      , string keyPassword, string confPassword, string confKeyPassword, bool useCredProvider
                                                      )
        {
            string keystore   = new FilePath(KeystoresDir, "keystore.jks").GetAbsolutePath();
            string truststore = new FilePath(KeystoresDir, "truststore.jks").GetAbsolutePath(
                );
            string trustPassword = "******";
            // Create keys, certs, keystore, and truststore.
            KeyPair         keyPair = KeyStoreTestUtil.GenerateKeyPair("RSA");
            X509Certificate cert    = KeyStoreTestUtil.GenerateCertificate("CN=Test", keyPair, 30
                                                                           , "SHA1withRSA");

            KeyStoreTestUtil.CreateKeyStore(keystore, password, keyPassword, "Test", keyPair.
                                            GetPrivate(), cert);
            IDictionary <string, X509Certificate> certs = Collections.SingletonMap("server", cert
                                                                                   );

            KeyStoreTestUtil.CreateTrustStore(truststore, trustPassword, certs);
            // Create SSL configuration file, for either server or client.
            string        sslConfFileName;
            Configuration sslConf;

            // if the passwords are provisioned in a cred provider then don't set them
            // in the configuration properly - expect them to be resolved through the
            // provider
            if (useCredProvider)
            {
                confPassword    = null;
                confKeyPassword = null;
            }
            if (mode == SSLFactory.Mode.Server)
            {
                sslConfFileName = "ssl-server.xml";
                sslConf         = KeyStoreTestUtil.CreateServerSSLConfig(keystore, confPassword, confKeyPassword
                                                                         , truststore);
                if (useCredProvider)
                {
                    FilePath testDir = new FilePath(Runtime.GetProperty("test.build.data", "target/test-dir"
                                                                        ));
                    Path   jksPath = new Path(testDir.ToString(), "test.jks");
                    string ourUrl  = JavaKeyStoreProvider.SchemeName + "://file" + jksPath.ToUri();
                    sslConf.Set(CredentialProviderFactory.CredentialProviderPath, ourUrl);
                }
            }
            else
            {
                sslConfFileName = "ssl-client.xml";
                sslConf         = KeyStoreTestUtil.CreateClientSSLConfig(keystore, confPassword, confKeyPassword
                                                                         , truststore);
            }
            KeyStoreTestUtil.SaveConfig(new FilePath(sslConfsDir, sslConfFileName), sslConf);
            // Create the master configuration for use by the SSLFactory, which by
            // default refers to the ssl-server.xml or ssl-client.xml created above.
            Configuration conf = new Configuration();

            conf.SetBoolean(SSLFactory.SslRequireClientCertKey, true);
            // Try initializing an SSLFactory.
            SSLFactory sslFactory = new SSLFactory(mode, conf);

            try
            {
                sslFactory.Init();
            }
            finally
            {
                sslFactory.Destroy();
            }
        }