Mercurial > hg > thermostat
view common/core/src/test/java/com/redhat/thermostat/common/internal/CustomX509TrustManagerTest.java @ 2603:02f866dff054
Test fixes for in-container build.
- Some container builds might have THERMOSTAT_HOME/USER_THERMOSTAT_HOME
set, which causes some tests to fail.
- Other tests assume the environment USER is always defined. It's
not the case for a container build.
- Don't assume the system is UTF-8 for tests.
- Don't assume any specific order of issuers returned from keystore
files.
Reviewed-by: neugens
Review-thread: http://icedtea.classpath.org/pipermail/thermostat/2017-March/022307.html
author | Severin Gehwolf <sgehwolf@redhat.com> |
---|---|
date | Mon, 27 Feb 2017 14:52:50 +0100 |
parents | 3e1ccd4a2d51 |
children |
line wrap: on
line source
/* * Copyright 2012-2017 Red Hat, Inc. * * This file is part of Thermostat. * * Thermostat is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published * by the Free Software Foundation; either version 2, or (at your * option) any later version. * * Thermostat is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * * You should have received a copy of the GNU General Public License * along with Thermostat; see the file COPYING. If not see * <http://www.gnu.org/licenses/>. * * Linking this code with other modules is making a combined work * based on this code. Thus, the terms and conditions of the GNU * General Public License cover the whole combination. * * As a special exception, the copyright holders of this code give * you permission to link this code with independent modules to * produce an executable, regardless of the license terms of these * independent modules, and to copy and distribute the resulting * executable under terms of your choice, provided that you also * meet, for each linked independent module, the terms and conditions * of the license of that module. An independent module is a module * which is not derived from or based on this code. If you modify * this code, you may extend this exception to your version of the * library, but you are not obligated to do so. If you do not wish * to do so, delete this exception statement from your version. */ package com.redhat.thermostat.common.internal; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; import static org.mockito.Mockito.mock; import java.io.File; import java.io.UnsupportedEncodingException; import java.net.URL; import java.net.URLDecoder; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.util.HashSet; import java.util.Set; import javax.net.ssl.X509TrustManager; import org.junit.Test; import com.redhat.thermostat.common.ssl.SslInitException; /** * This trust manager test uses files in src/test/resources. Files are as * follows: * * empty.keystore => emtpy file (not a real keystore file) * * ca.crt => a openssl generated X509 certificate (representing a custom CA) * * test_ca.keystore => a Java keystore file with ca.crt imported. Uses keystore * password "testpassword". Used command sequence to generate this file: * * $ keytool -genkey -alias com.redhat -keyalg RSA -keystore test_ca.keystore -keysize 2048 * $ keytool -import -trustcacerts -alias root -file ca.crt -keystore test_ca.keystore * * */ public class CustomX509TrustManagerTest { @Test public void testEmptyDefaultOur() { X509TrustManager tm = new CustomX509TrustManager( (X509TrustManager) null, (X509TrustManager) null); assertEquals(0, tm.getAcceptedIssuers().length); try { tm.checkClientTrusted(null, null); } catch (Exception e) { fail("Should not have thrown exception"); } try { tm.checkServerTrusted(null, null); fail("Expected exception since there aren't any trust managers available"); } catch (CertificateException e) { // pass } } @Test public void testLoadEmptyTrustStoreForOur() throws SslInitException { File emptyKeyStore = new File(decodeFilePath(this.getClass() .getResource("/empty.keystore"))); X509TrustManager tm = new CustomX509TrustManager(null, emptyKeyStore, null); assertEquals(0, tm.getAcceptedIssuers().length); try { tm.checkClientTrusted(null, null); } catch (Exception e) { fail("Should not have thrown exception"); } try { X509Certificate dummyCert = mock(X509Certificate.class); tm.checkServerTrusted(new X509Certificate[] { dummyCert }, "RSA"); fail("Expected exception since there aren't any trust managers available"); } catch (CertificateException e) { // pass } } @Test public void testLoadEmptyTrustStoreForOurDefaultAsUsual() throws Exception { File emptyKeyStore = new File(decodeFilePath(this.getClass() .getResource("/empty.keystore"))); X509TrustManager tm = new CustomX509TrustManager(emptyKeyStore, null); // Default list should not be null assertNotNull(tm.getAcceptedIssuers()); try { tm.checkClientTrusted(null, null); } catch (Exception e) { fail("Should not have thrown exception"); } } @Test public void canGetCustomCaCertFromOurTrustManager() throws SslInitException { File ourKeyStore = new File(decodeFilePath(this.getClass() .getResource("/test_ca.keystore"))); X509TrustManager tm = new CustomX509TrustManager((X509TrustManager)null, ourKeyStore, "testpassword"); // keystore contains private key of itself + imported CA cert assertEquals(2, tm.getAcceptedIssuers().length); Set<String> trustedIssuers = new HashSet<>(); trustedIssuers.add("1.2.840.113549.1.9.1=#16126a6572626f6161407265646861742e636f6d,CN=test.example.com,O=Red Hat Inc.,L=Saalfelden,ST=Salzburg,C=AT"); trustedIssuers.add("CN=Unknown,OU=Unknown,O=Unknown,L=Unknown,ST=Unknown,C=Unknown"); // Don't assume a specific order in which issuers are returned for (X509Certificate issuer: tm.getAcceptedIssuers()) { assertTrue(trustedIssuers.contains(issuer.getIssuerX500Principal().getName())); } } private static String decodeFilePath(URL url) { try { // Spaces are encoded as %20 in URLs. Use URLDecoder.decode() so // as to handle cases like that. return URLDecoder.decode(url.getFile(), "UTF-8"); } catch (UnsupportedEncodingException e) { throw new AssertionError("UTF-8 not supported, huh?"); } } }