mirror
/
DMDirc-Client
Mirror von https://github.com/DMDirc/DMDirc.git
Beobachten 1
Favorisieren 0
Fork 0
Code Issues 0 Releases 49 Wiki Aktivität
Du kannst nicht mehr als 25 Themen auswählen Themen müssen mit entweder einem Buchstaben oder einer Ziffer beginnen. Sie können Bindestriche („-“) enthalten und bis zu 35 Zeichen lang sein.
10086 Commits
14 Branches
Struktur: cff387b67a
Branches Tags
${ item.name }
Erstelle Branch ${ searchTerm }
von „cff387b67a“
${ noResults }
DMDirc-Client/src/test/java/com/dmdirc/tls/CertificateHostCheckerTest....

CertificateHostCheckerTest.java 4.2KB
Verlauf Originalformat

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586 
  1. package com.dmdirc.tls;

  2. 

  3. import java.io.IOException;

  4. import java.io.InputStream;

  5. import java.security.GeneralSecurityException;

  6. import java.security.KeyStore;

  7. import java.security.cert.X509Certificate;

  8. import org.junit.Before;

  9. import org.junit.Test;

  10. 

  11. import static org.junit.Assert.assertFalse;

  12. import static org.junit.Assert.assertTrue;

  13. 

  14. /**

  15.  * Tests for {@link CertificateHostChecker}.

  16.  *

  17.  * <p>These tests use several certificates stored in a keystore. They were generated using:

  18.  *

  19.  * <pre>

  20.  * keytool -genkey -validity 18250 -keystore "keystore.ks" -storepass "dmdirc" -keypass "dmdirc" -alias "name_cn_only" -dname "CN=test.example.com, O=DMDirc, C=GB"

  21.  * keytool -genkey -validity 18250 -keystore "keystore.ks" -storepass "dmdirc" -keypass "dmdirc" -alias "name_cn_wildcard" -dname "CN=*.example.com, O=DMDirc, C=GB"

  22.  * keytool -genkey -validity 18250 -keystore "keystore.ks" -storepass "dmdirc" -keypass "dmdirc" -alias "name_san_dns" -dname "CN=other.example.com, O=DMDirc, C=GB" -ext SAN=dns:test.example.com

  23.  * keytool -genkey -validity 18250 -keystore "keystore.ks" -storepass "dmdirc" -keypass "dmdirc" -alias "name_san_dns_multiple" -dname "CN=other.example.com, O=DMDirc, C=GB" -ext SAN=dns:foo.example.com,dns:test.example.com

  24.  * </pre>

  25.  */

  26. public class CertificateHostCheckerTest {

  27. 

  28.     private CertificateHostChecker checker;

  29. 

  30.     @Before

  31.     public void setup() {

  32.         checker = new CertificateHostChecker();

  33.     }

  34. 

  35.     @Test

  36.     public void testBasicCn() throws GeneralSecurityException, IOException {

  37.         final X509Certificate certificate = getCertificate("name_cn_only");

  38.         assertTrue(checker.isValidFor(certificate, "test.example.com"));

  39.         assertTrue(checker.isValidFor(certificate, "TEsT.example.com"));

  40.         assertFalse(checker.isValidFor(certificate, "foo.example.com"));

  41.         assertFalse(checker.isValidFor(certificate, "test.example.org"));

  42.         assertFalse(checker.isValidFor(certificate, "foo.test.example.com"));

  43.     }

  44. 

  45.     @Test

  46.     public void testWildcardCn() throws GeneralSecurityException, IOException {

  47.         final X509Certificate certificate = getCertificate("name_cn_wildcard");

  48.         assertTrue(checker.isValidFor(certificate, "test.example.com"));

  49.         assertTrue(checker.isValidFor(certificate, "TEsT.example.com"));

  50.         assertTrue(checker.isValidFor(certificate, "foo.example.com"));

  51.         assertFalse(checker.isValidFor(certificate, "test.example.org"));

  52.         assertFalse(checker.isValidFor(certificate, "foo.test.example.com"));

  53.     }

  54. 

  55.     @Test

  56.     public void testSanDns() throws GeneralSecurityException, IOException {

  57.         final X509Certificate certificate = getCertificate("name_san_dns");

  58.         assertTrue(checker.isValidFor(certificate, "test.example.com"));

  59.         assertTrue(checker.isValidFor(certificate, "TEsT.example.com"));

  60.         assertTrue(checker.isValidFor(certificate, "other.example.com"));

  61.         assertFalse(checker.isValidFor(certificate, "foo.example.com"));

  62.         assertFalse(checker.isValidFor(certificate, "test.example.org"));

  63.         assertFalse(checker.isValidFor(certificate, "foo.test.example.com"));

  64.     }

  65. 

  66.     @Test

  67.     public void testSanDnsMultiple() throws GeneralSecurityException, IOException {

  68.         final X509Certificate certificate = getCertificate("name_san_dns_multiple");

  69.         assertTrue(checker.isValidFor(certificate, "test.example.com"));

  70.         assertTrue(checker.isValidFor(certificate, "TEsT.example.com"));

  71.         assertTrue(checker.isValidFor(certificate, "other.example.com"));

  72.         assertTrue(checker.isValidFor(certificate, "foo.example.com"));

  73.         assertFalse(checker.isValidFor(certificate, "test.foo.example.org"));

  74.         assertFalse(checker.isValidFor(certificate, "test.example.org"));

  75.         assertFalse(checker.isValidFor(certificate, "foo.test.example.com"));

  76.     }

  77. 

  78.     private X509Certificate getCertificate(final String name) throws GeneralSecurityException, IOException {

  79.         try (InputStream is = getClass().getResourceAsStream("keystore.ks")) {

  80.             final KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());

  81.             keyStore.load(is, "dmdirc".toCharArray());

  82.             return (X509Certificate) keyStore.getCertificate(name);

  83.         }

  84.     }

  85. 

  86. }