mirror
/
KtIrc
mirror of https://github.com/csmith/KtIrc
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 20 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
147 Commits
2 Branches
Tree: 96449f98a1
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '96449f98a1'
${ noResults }
KtIrc/src/test/kotlin/com/dmdirc/ktirc/io/TlsTest.kt

TlsTest.kt 5.6KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152 
  1. package com.dmdirc.ktirc.io

  2. 

  3. import io.mockk.every

  4. import io.mockk.mockk

  5. import org.junit.jupiter.api.Assertions.assertFalse

  6. import org.junit.jupiter.api.Assertions.assertTrue

  7. import org.junit.jupiter.api.Test

  8. import java.security.cert.CertificateException

  9. import java.security.cert.X509Certificate

  10. 

  11. internal class CertificateValidationTest {

  12. 

  13.     private val cert = mockk<X509Certificate>()

  14. 

  15.     @Test

  16.     fun `checks common name`() {

  17.         every { cert.subjectX500Principal } returns mockk {

  18.             every { name } returns "CN=subdomain.test.ktirc,O=testing,L=London,C=GB"

  19.         }

  20. 

  21.         assertTrue(cert.validFor("subdomain.test.ktirc"))

  22.         assertFalse(cert.validFor("subdomain2.test.ktirc"))

  23.         assertFalse(cert.validFor("testing"))

  24.     }

  25. 

  26.     @Test

  27.     fun `checks common name with suffixed wildcard`() {

  28.         every { cert.subjectX500Principal } returns mockk {

  29.             every { name } returns "CN=subdomain*.test.ktirc,O=testing,L=London,C=GB"

  30.         }

  31. 

  32.         assertTrue(cert.validFor("subdomain.test.ktirc"))

  33.         assertTrue(cert.validFor("subdomain2.test.ktirc"))

  34.         assertFalse(cert.validFor("foo.subdomain.test.ktirc"))

  35.         assertFalse(cert.validFor("1subdomain.test.ktirc"))

  36.     }

  37. 

  38.     @Test

  39.     fun `checks common name with preixed wildcard`() {

  40.         every { cert.subjectX500Principal } returns mockk {

  41.             every { name } returns "CN=*subdomain.test.ktirc,O=testing,L=London,C=GB"

  42.         }

  43. 

  44.         assertTrue(cert.validFor("subdomain.test.ktirc"))

  45.         assertTrue(cert.validFor("1subdomain.test.ktirc"))

  46.         assertFalse(cert.validFor("foo.subdomain.test.ktirc"))

  47.         assertFalse(cert.validFor("subdomain1.test.ktirc"))

  48.     }

  49. 

  50.     @Test

  51.     fun `checks common name with infixed wildcard`() {

  52.         every { cert.subjectX500Principal } returns mockk {

  53.             every { name } returns "CN=sub*domain.test.ktirc,O=testing,L=London,C=GB"

  54.         }

  55. 

  56.         assertTrue(cert.validFor("subdomain.test.ktirc"))

  57.         assertTrue(cert.validFor("SUB-domain.test.ktirc"))

  58.         assertFalse(cert.validFor("foo.subdomain.test.ktirc"))

  59.         assertFalse(cert.validFor("subdomain1.test.ktirc"))

  60.     }

  61. 

  62.     @Test

  63.     fun `ignores wildcards in CN if they're not left-most`() {

  64.         every { cert.subjectX500Principal } returns mockk {

  65.             every { name } returns "CN=foo.*domain.test.ktirc,O=testing,L=London,C=GB"

  66.         }

  67. 

  68.         assertFalse(cert.validFor("foo.domain.test.ktirc"))

  69.         assertFalse(cert.validFor("foo-test.domain.test.ktirc"))

  70.         assertFalse(cert.validFor("foo.test-domain.test.ktirc"))

  71.     }

  72. 

  73.     @Test

  74.     fun `ignores wildcards in CN if there are too many`() {

  75.         every { cert.subjectX500Principal } returns mockk {

  76.             every { name } returns "CN=*domain*.test.ktirc,O=testing,L=London,C=GB"

  77.         }

  78. 

  79.         assertFalse(cert.validFor("domain.test.ktirc"))

  80.         assertFalse(cert.validFor("subdomain.test.ktirc"))

  81.         assertFalse(cert.validFor("domain1.test.ktirc"))

  82.     }

  83. 

  84.     @Test

  85.     fun `checks all sans`() {

  86.         every { cert.subjectAlternativeNames } returns listOf(

  87.                 listOf(4, "directory.test.ktirc"),

  88.                 listOf(2, "subdomain1.test.ktirc"),

  89.                 listOf(2, "subdomain2.test.ktirc"),

  90.                 listOf(2, "subdomain3.test.ktirc")

  91.         )

  92. 

  93.         assertTrue(cert.validFor("subdomain1.test.ktirc"))

  94.         assertTrue(cert.validFor("subdomain2.test.KTIRC"))

  95.         assertTrue(cert.validFor("subdomain3.test.ktirc"))

  96.         assertFalse(cert.validFor("directory.test.ktirc"))

  97.     }

  98. 

  99.     @Test

  100.     fun `checks wildcard sans`() {

  101.         every { cert.subjectAlternativeNames } returns listOf(

  102.                 listOf(4, "directory.test.ktirc"),

  103.                 listOf(2, "*domain1.test.ktirc"),

  104.                 listOf(2, "subdomain*.test.ktirc"),

  105.                 listOf(2, "*foo*.test.ktirc"),

  106.                 listOf(2, "foo.*.ktirc")

  107.         )

  108. 

  109.         assertTrue(cert.validFor("subdomain1.test.ktirc"))

  110.         assertTrue(cert.validFor("subdomain2.test.ktirc"))

  111.         assertTrue(cert.validFor("gooddomain1.TEST.ktirc"))

  112.         assertFalse(cert.validFor("foo.test.ktirc"))

  113.     }

  114. 

  115.     @Test

  116.     fun `still uses CN if sans throws`() {

  117.         every { cert.subjectX500Principal } returns mockk {

  118.             every { name } returns "CN=subdomain.test.ktirc,O=testing,L=London,C=GB"

  119.         }

  120.         every { cert.subjectAlternativeNames } throws CertificateException("Oops")

  121. 

  122.         assertTrue(cert.validFor("subdomain.test.ktirc"))

  123.         assertFalse(cert.validFor("subdomain2.test.ktirc"))

  124.         assertFalse(cert.validFor("testing"))

  125.     }

  126. 

  127.     @Test

  128.     fun `still uses sans if CN throws`() {

  129.         every { cert.subjectX500Principal } throws CertificateException("Oops")

  130.         every { cert.subjectAlternativeNames } returns listOf(

  131.                 listOf(4, "directory.test.ktirc"),

  132.                 listOf(2, "subdomain1.test.ktirc"),

  133.                 listOf(2, "subdomain2.test.ktirc"),

  134.                 listOf(2, "subdomain3.test.ktirc")

  135.         )

  136. 

  137.         assertTrue(cert.validFor("subdomain1.test.ktirc"))

  138.         assertTrue(cert.validFor("subdomain2.test.KTIRC"))

  139.         assertTrue(cert.validFor("subdomain3.test.ktirc"))

  140.         assertFalse(cert.validFor("directory.test.ktirc"))

  141.     }

  142. 

  143. 

  144.     @Test

  145.     fun `fails if CN and sans missing`() {

  146.         assertFalse(cert.validFor("subdomain1.test.ktirc"))

  147.         assertFalse(cert.validFor("subdomain2.test.KTIRC"))

  148.         assertFalse(cert.validFor("subdomain3.test.ktirc"))

  149.         assertFalse(cert.validFor("directory.test.ktirc"))

  150.     }

  151. 

  152. }