diff options
| author | Stefan Seelmann <mail@stefan-seelmann.de> | 2021-05-29 19:46:10 +0300 |
|---|---|---|
| committer | Stefan Seelmann <mail@stefan-seelmann.de> | 2021-05-29 19:46:10 +0300 |
| commit | 832c1e90837a30ab60c0504cab5c1470cfdbef7c (patch) | |
| tree | 6f41f42ae8a51a07ab98b8394be57e9b2fd496b3 | |
| parent | c1baa5bef1c0e8e878890f8fcfd119306345d5f8 (diff) | |
DIRSTUDIO-1279: Show connection certificate and StartTLS on connect
11 files changed, 199 insertions, 46 deletions
diff --git a/plugins/connection.core/src/main/java/org/apache/directory/studio/connection/core/io/ConnectionWrapper.java b/plugins/connection.core/src/main/java/org/apache/directory/studio/connection/core/io/ConnectionWrapper.java index 3c6f91983..b92b12293 100644 --- a/plugins/connection.core/src/main/java/org/apache/directory/studio/connection/core/io/ConnectionWrapper.java +++ b/plugins/connection.core/src/main/java/org/apache/directory/studio/connection/core/io/ConnectionWrapper.java @@ -20,6 +20,7 @@ package org.apache.directory.studio.connection.core.io; +import java.security.cert.X509Certificate; import java.util.Collection; import javax.naming.directory.SearchControls; @@ -49,7 +50,7 @@ public interface ConnectionWrapper * * @param monitor the progres monitor */ - void connect( StudioProgressMonitor monitor ); + X509Certificate[] connect( StudioProgressMonitor monitor ); /** diff --git a/plugins/connection.core/src/main/java/org/apache/directory/studio/connection/core/io/StudioTrustManager.java b/plugins/connection.core/src/main/java/org/apache/directory/studio/connection/core/io/StudioTrustManager.java index dada4d003..56fe53089 100644 --- a/plugins/connection.core/src/main/java/org/apache/directory/studio/connection/core/io/StudioTrustManager.java +++ b/plugins/connection.core/src/main/java/org/apache/directory/studio/connection/core/io/StudioTrustManager.java @@ -53,6 +53,7 @@ public class StudioTrustManager implements X509TrustManager { private X509TrustManager jvmTrustManager; private String host; + private X509Certificate[] chain; /** @@ -93,6 +94,8 @@ public class StudioTrustManager implements X509TrustManager */ public void checkServerTrusted( X509Certificate[] chain, String authType ) throws CertificateException { + this.chain = chain; + // check permanent trusted certificates, return on success try { @@ -246,4 +249,8 @@ public class StudioTrustManager implements X509TrustManager return null; } + public X509Certificate[] getChain() + { + return chain; + } } diff --git a/plugins/connection.core/src/main/java/org/apache/directory/studio/connection/core/io/api/DirectoryApiConnectionWrapper.java b/plugins/connection.core/src/main/java/org/apache/directory/studio/connection/core/io/api/DirectoryApiConnectionWrapper.java index 0450fd206..949fe307e 100644 --- a/plugins/connection.core/src/main/java/org/apache/directory/studio/connection/core/io/api/DirectoryApiConnectionWrapper.java +++ b/plugins/connection.core/src/main/java/org/apache/directory/studio/connection/core/io/api/DirectoryApiConnectionWrapper.java @@ -21,10 +21,12 @@ package org.apache.directory.studio.connection.core.io.api; import java.security.KeyStore; +import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Collection; import java.util.HashMap; import java.util.List; +import java.util.concurrent.atomic.AtomicReference; import javax.naming.directory.SearchControls; import javax.net.ssl.TrustManager; @@ -134,7 +136,6 @@ public class DirectoryApiConnectionWrapper implements ConnectionWrapper /** The SASL PLAIN authzid */ private String authzId; - /** * Creates a new instance of DirectoryApiConnectionWrapper. * @@ -149,7 +150,7 @@ public class DirectoryApiConnectionWrapper implements ConnectionWrapper /** * {@inheritDoc} */ - public void connect( StudioProgressMonitor monitor ) + public X509Certificate[] connect( StudioProgressMonitor monitor ) { ldapConnection = null; isConnected = false; @@ -157,17 +158,18 @@ public class DirectoryApiConnectionWrapper implements ConnectionWrapper try { - doConnect( monitor ); + return doConnect( monitor ); } catch ( Exception e ) { disconnect(); monitor.reportError( e ); + return null; } } - private void doConnect( final StudioProgressMonitor monitor ) throws Exception + private X509Certificate[] doConnect( final StudioProgressMonitor monitor ) throws Exception { ldapConnection = null; isConnected = true; @@ -188,6 +190,8 @@ public class DirectoryApiConnectionWrapper implements ConnectionWrapper binaryAttributeDetector = new DefaultConfigurableBinaryAttributeDetector(); ldapConnectionConfig.setBinaryAttributeDetector( binaryAttributeDetector ); + AtomicReference<StudioTrustManager> studioTrustmanager = new AtomicReference<>(); + if ( ( connection.getEncryptionMethod() == EncryptionMethod.LDAPS ) || ( connection.getEncryptionMethod() == EncryptionMethod.START_TLS ) ) { @@ -210,6 +214,7 @@ public class DirectoryApiConnectionWrapper implements ConnectionWrapper trustManagers[i] = new StudioTrustManager( ( X509TrustManager ) defaultTrustManagers[i] ); trustManagers[i].setHost( connection.getHost() ); } + studioTrustmanager.set( trustManagers[0] ); ldapConnectionConfig.setTrustManagers( trustManagers ); } @@ -220,6 +225,8 @@ public class DirectoryApiConnectionWrapper implements ConnectionWrapper } } + AtomicReference<X509Certificate[]> serverCertificates = new AtomicReference<>(); + InnerRunnable runnable = new InnerRunnable() { public void run() @@ -234,6 +241,18 @@ public class DirectoryApiConnectionWrapper implements ConnectionWrapper ldapConnection = new LdapNetworkConnection( ldapConnectionConfig ); boolean connected = ldapConnection.connect(); + // Establish TLS layer if TLS is enabled and SSL is not + if ( ldapConnectionConfig.isUseTls() && !ldapConnectionConfig.isUseSsl() ) + { + ldapConnection.startTls(); + } + + // Capture the server certificates + if ( studioTrustmanager.get() != null ) + { + serverCertificates.set( studioTrustmanager.get().getChain() ); + } + if ( !connected ) { throw new Exception( Messages.DirectoryApiConnectionWrapper_UnableToConnect ); @@ -272,6 +291,8 @@ public class DirectoryApiConnectionWrapper implements ConnectionWrapper { throw runnable.getException(); } + + return serverCertificates.get(); } @@ -1012,6 +1033,7 @@ public class DirectoryApiConnectionWrapper implements ConnectionWrapper } } + @Override public ExtendedResponse extended( ExtendedRequest request, StudioProgressMonitor monitor ) { @@ -1081,7 +1103,6 @@ public class DirectoryApiConnectionWrapper implements ConnectionWrapper protected StudioLdapException exception = null; protected boolean canceled = false; - /** * Gets the exception. * @@ -1134,7 +1155,6 @@ public class DirectoryApiConnectionWrapper implements ConnectionWrapper } - private boolean checkAndHandleReferral( ResultResponse response, StudioProgressMonitor monitor, ReferralsInfo referralsInfo, ReferralHandlingDataConsumer consumer ) throws LdapException { @@ -1180,7 +1200,6 @@ public class DirectoryApiConnectionWrapper implements ConnectionWrapper String referralDn; ReferralsInfo newReferralsInfo; - ReferralHandlingData( ConnectionWrapper connectionWrapper, String referralDn, ReferralsInfo newReferralsInfo ) { this.connectionWrapper = connectionWrapper; @@ -1189,7 +1208,6 @@ public class DirectoryApiConnectionWrapper implements ConnectionWrapper } } - private void checkConnectionAndRunAndMonitor( final InnerRunnable runnable, final StudioProgressMonitor monitor ) throws Exception { @@ -1282,7 +1300,6 @@ public class DirectoryApiConnectionWrapper implements ConnectionWrapper private String krb5LoginModule; private AppConfigurationEntry[] configList = null; - public InnerConfiguration( String krb5LoginModule ) { this.krb5LoginModule = krb5LoginModule; @@ -1321,7 +1338,6 @@ public class DirectoryApiConnectionWrapper implements ConnectionWrapper } } - private List<ILdapLogger> getLdapLoggers() { return ConnectionCorePlugin.getDefault().getLdapLoggers(); diff --git a/plugins/connection.core/src/main/java/org/apache/directory/studio/connection/core/jobs/CheckNetworkParameterRunnable.java b/plugins/connection.core/src/main/java/org/apache/directory/studio/connection/core/jobs/CheckNetworkParameterRunnable.java index e3aa989a2..5b8fce39d 100644 --- a/plugins/connection.core/src/main/java/org/apache/directory/studio/connection/core/jobs/CheckNetworkParameterRunnable.java +++ b/plugins/connection.core/src/main/java/org/apache/directory/studio/connection/core/jobs/CheckNetworkParameterRunnable.java @@ -21,6 +21,8 @@ package org.apache.directory.studio.connection.core.jobs; +import java.security.cert.X509Certificate; + import org.apache.directory.studio.common.core.jobs.StudioProgressMonitor; import org.apache.directory.studio.connection.core.Connection; import org.apache.directory.studio.connection.core.Messages; @@ -36,7 +38,7 @@ public class CheckNetworkParameterRunnable implements StudioConnectionRunnableWi { private Connection connection; - + private X509Certificate[] serverCertificates; /** * Creates a new instance of CheckNetworkParameterJob. @@ -77,7 +79,7 @@ public class CheckNetworkParameterRunnable implements StudioConnectionRunnableWi monitor.reportProgress( " " ); //$NON-NLS-1$ monitor.worked( 1 ); - connection.getConnectionWrapper().connect( monitor ); + this.serverCertificates = connection.getConnectionWrapper().connect( monitor ); connection.getConnectionWrapper().disconnect(); } @@ -98,4 +100,11 @@ public class CheckNetworkParameterRunnable implements StudioConnectionRunnableWi { return null; } + + + public X509Certificate[] getServerCertificates() + { + return serverCertificates; + + } } diff --git a/plugins/connection.ui/src/main/java/org/apache/directory/studio/connection/ui/widgets/NetworkParameterPage.java b/plugins/connection.ui/src/main/java/org/apache/directory/studio/connection/ui/widgets/NetworkParameterPage.java index 5bcd3d7af..fa17ef514 100644 --- a/plugins/connection.ui/src/main/java/org/apache/directory/studio/connection/ui/widgets/NetworkParameterPage.java +++ b/plugins/connection.ui/src/main/java/org/apache/directory/studio/connection/ui/widgets/NetworkParameterPage.java @@ -21,6 +21,7 @@ package org.apache.directory.studio.connection.ui.widgets; +import java.security.cert.X509Certificate; import java.text.SimpleDateFormat; import java.util.Date; @@ -41,6 +42,7 @@ import org.apache.directory.studio.connection.ui.AbstractConnectionParameterPage import org.apache.directory.studio.connection.ui.ConnectionUIConstants; import org.apache.directory.studio.connection.ui.ConnectionUIPlugin; import org.apache.directory.studio.connection.ui.RunnableContextRunner; +import org.apache.directory.studio.connection.ui.dialogs.CertificateInfoDialog; import org.eclipse.core.runtime.IStatus; import org.eclipse.jface.dialogs.IDialogSettings; import org.eclipse.jface.dialogs.MessageDialog; @@ -116,6 +118,9 @@ public class NetworkParameterPage extends AbstractConnectionParameterPage /** The combo to select the encryption method */ private Combo encryptionMethodCombo; + /** The button to fetch and show the server's certificate */ + private Button viewServerCertificateButton; + /** The button to check the connection parameters */ private Button checkConnectionButton; @@ -316,11 +321,14 @@ public class NetworkParameterPage extends AbstractConnectionParameterPage .getString( "NetworkParameterPage.WarningCertificateValidation" ), 2 ); //$NON-NLS-1$ } - BaseWidgetUtils.createSpacer( groupComposite, 2 ); - checkConnectionButton = new Button( groupComposite, SWT.PUSH ); + BaseWidgetUtils.createSpacer( groupComposite, 1 ); GridData gridData = new GridData(); gridData.horizontalAlignment = SWT.RIGHT; gridData.verticalAlignment = SWT.BOTTOM; + viewServerCertificateButton = new Button( groupComposite, SWT.PUSH ); + viewServerCertificateButton.setLayoutData( gridData ); + viewServerCertificateButton.setText( Messages.getString( "NetworkParameterPage.ViewCertificate" ) ); //$NON-NLS-1$ + checkConnectionButton = new Button( groupComposite, SWT.PUSH ); checkConnectionButton.setLayoutData( gridData ); checkConnectionButton.setText( Messages.getString( "NetworkParameterPage.CheckNetworkParameter" ) ); //$NON-NLS-1$ @@ -340,7 +348,11 @@ public class NetworkParameterPage extends AbstractConnectionParameterPage { // set enabled/disabled state of check connection button checkConnectionButton.setEnabled( !hostCombo.getText().equals( StringUtils.EMPTY ) && - !portCombo.getText().equals( StringUtils.EMPTY ) ); //$NON-NLS-1$ //$NON-NLS-2$ + !portCombo.getText().equals( StringUtils.EMPTY ) ); + + // set enabled/disabled state of show server certificate button + viewServerCertificateButton.setEnabled( checkConnectionButton.isEnabled() + && getEncyrptionMethod() != EncryptionMethod.NONE ); // validate input fields message = null; @@ -459,6 +471,23 @@ public class NetworkParameterPage extends AbstractConnectionParameterPage } } ); + viewServerCertificateButton.addSelectionListener( new SelectionAdapter() + { + @Override + public void widgetSelected( SelectionEvent event ) + { + Connection connection = getTestConnection(); + CheckNetworkParameterRunnable runnable = new CheckNetworkParameterRunnable( connection ); + IStatus status = RunnableContextRunner.execute( runnable, runnableContext, true ); + + if ( status.isOK() ) + { + X509Certificate[] serverCertificates = runnable.getServerCertificates(); + new CertificateInfoDialog( Display.getDefault().getActiveShell(), serverCertificates ).open(); + } + } + } ); + readOnlyConnectionCheckbox.addSelectionListener( new SelectionAdapter() { /** diff --git a/plugins/connection.ui/src/main/java/org/apache/directory/studio/connection/ui/widgets/messages.properties b/plugins/connection.ui/src/main/java/org/apache/directory/studio/connection/ui/widgets/messages.properties index beb69191b..685715ca9 100644 --- a/plugins/connection.ui/src/main/java/org/apache/directory/studio/connection/ui/widgets/messages.properties +++ b/plugins/connection.ui/src/main/java/org/apache/directory/studio/connection/ui/widgets/messages.properties @@ -129,3 +129,4 @@ NetworkParameterPage.UseStartTLS = Use StartTLS extension NetworkParameterPage.WarningCertificateValidation = Warning: Certificate validation is disabled, \nbe aware of invalid certificates or man-in-the-middle attacks! NetworkParameterPage.CertificateValidationLink = Server certificates for LDAP connections can be managed in the '<a>Certificate Validation</a>' preference page. NetworkParameterPage.Timeout = Connection timeout (s): +NetworkParameterPage.ViewCertificate = View Certificate... diff --git a/plugins/connection.ui/src/main/java/org/apache/directory/studio/connection/ui/widgets/messages_de.properties b/plugins/connection.ui/src/main/java/org/apache/directory/studio/connection/ui/widgets/messages_de.properties index 4757d5005..56bd69a01 100644 --- a/plugins/connection.ui/src/main/java/org/apache/directory/studio/connection/ui/widgets/messages_de.properties +++ b/plugins/connection.ui/src/main/java/org/apache/directory/studio/connection/ui/widgets/messages_de.properties @@ -125,3 +125,4 @@ NetworkParameterPage.UseStartTLS = StartTLS Erweiterung NetworkParameterPage.WarningCertificateValidation = Warnung: Zertifikat Validierung ist deaktiviert,\nsind Sie sich der Gefahr von ung\u00FCltigen Zertifikaten\noder 'man-in-the-middle' Angriffen bewusst! NetworkParameterPage.CertificateValidationLink = Server-Zertifikate f\u00FCr LDAP-Verbindungen k\u00F6nnen in der '<a>Zertifikatsvalidierung</a>' Pr\u00E4ferenz Seite verwaltet werden. NetworkParameterPage.Timeout = Abfallzeit (s) : +NetworkParameterPage.ViewCertificate = Zertificat anzeigen... diff --git a/plugins/connection.ui/src/main/java/org/apache/directory/studio/connection/ui/widgets/messages_fr.properties b/plugins/connection.ui/src/main/java/org/apache/directory/studio/connection/ui/widgets/messages_fr.properties index 39c8df999..1342c3da2 100644 --- a/plugins/connection.ui/src/main/java/org/apache/directory/studio/connection/ui/widgets/messages_fr.properties +++ b/plugins/connection.ui/src/main/java/org/apache/directory/studio/connection/ui/widgets/messages_fr.properties @@ -126,3 +126,4 @@ NetworkParameterPage.UseStartTLS = Utilise l''extension StartTL NetworkParameterPage.WarningCertificateValidation = Attention : La validation des certificats est d\u00E9sactiv\u00E9e, \nm\u00E9fiez-vous des certificats invalides ou des attaques par interposition (man-in-the-middle)\! NetworkParameterPage.CertificateValidationLink = Les certificats serveur pour les connexions LDAP sont administrables dans la page de pr\u00E9f\u00E9rence '<a>Validation de certificat</a>'. NetworkParameterPage.Timeout = Expiration de la connection (s): +NetworkParameterPage.ViewCertificate = Afficher le certificat... diff --git a/tests/test.integration.ui/src/main/java/org/apache/directory/studio/test/integration/ui/CertificateValidationTest.java b/tests/test.integration.ui/src/main/java/org/apache/directory/studio/test/integration/ui/CertificateValidationTest.java index 0c8714fe3..a78b757e0 100644 --- a/tests/test.integration.ui/src/main/java/org/apache/directory/studio/test/integration/ui/CertificateValidationTest.java +++ b/tests/test.integration.ui/src/main/java/org/apache/directory/studio/test/integration/ui/CertificateValidationTest.java @@ -59,6 +59,7 @@ import org.apache.directory.studio.test.integration.junit5.LdapServersSource; import org.apache.directory.studio.test.integration.junit5.TestLdapServer; import org.apache.directory.studio.test.integration.ui.bots.CertificateTrustDialogBot; import org.apache.directory.studio.test.integration.ui.bots.CertificateValidationPreferencePageBot; +import org.apache.directory.studio.test.integration.ui.bots.CertificateViewerDialogBot; import org.apache.directory.studio.test.integration.ui.bots.CheckAuthenticationDialogBot; import org.apache.directory.studio.test.integration.ui.bots.ErrorDialogBot; import org.apache.directory.studio.test.integration.ui.bots.NewConnectionWizardBot; @@ -333,12 +334,25 @@ public class CertificateValidationTest extends AbstractTestBase public void testLdapsCertificateValidationOK( ApacheDirectoryServer server ) throws Exception { server.setKeystore( VALID_KEYSTORE_PATH ); - wizardBotWithLdaps( server ); + wizardBotWithLdaps( server, false ); // check the certificate, should be OK - String result = wizardBot.clickCheckAuthenticationButton(); + String result = wizardBot.clickCheckNetworkParameterButton(); assertNull( result, "Expected OK, valid and trusted certificate" ); + // view the certificate + CertificateViewerDialogBot certificateViewerBot = wizardBot.clickViewCertificateButton(); + certificateViewerBot.clickCloseButton(); + + // enter correct authentication parameter + wizardBot.clickNextButton(); + wizardBot.typeUser( "uid=admin,ou=system" ); + wizardBot.typePassword( "secret" ); + + // check the certificate again, should be OK + String result2 = wizardBot.clickCheckAuthenticationButton(); + assertNull( result2, "Expected OK, valid and trusted certificate" ); + wizardBot.clickCancelButton(); } @@ -351,11 +365,11 @@ public class CertificateValidationTest extends AbstractTestBase public void testLdapsCertificateValidationExpired( ApacheDirectoryServer server ) throws Exception { server.setKeystore( EXPIRED_KEYSTORE_PATH ); - wizardBotWithLdaps( server ); + wizardBotWithLdaps( server, false ); // check the certificate, expecting the trust dialog CertificateTrustDialogBot trustDialogBot = wizardBot - .clickCheckAuthenticationButtonExpectingCertificateTrustDialog(); + .clickCheckNetworkParameterButtonExpectingCertificateTrustDialog(); assertTrue( trustDialogBot.isExpired() ); assertFalse( trustDialogBot.isSelfSigned() ); assertFalse( trustDialogBot.isNotYetValid() ); @@ -378,7 +392,7 @@ public class CertificateValidationTest extends AbstractTestBase @LdapServersSource public void testLdapsCertificateDoNotTrust( TestLdapServer server ) throws Exception { - wizardBotWithLdaps( server ); + wizardBotWithLdaps( server, true ); // check trust, expect trust dialog, select don't trust CertificateTrustDialogBot trustDialogBot = wizardBot @@ -423,7 +437,7 @@ public class CertificateValidationTest extends AbstractTestBase @LdapServersSource public void testLdapsCertificateTrustTemporary( TestLdapServer server ) throws Exception { - wizardBotWithLdaps( server ); + wizardBotWithLdaps( server, true ); // check trust, expect trust dialog, select trust temporary CertificateTrustDialogBot trustDialogBot = wizardBot @@ -456,7 +470,7 @@ public class CertificateValidationTest extends AbstractTestBase @LdapServersSource public void testLdapsCertificateTrustPermanent( TestLdapServer server ) throws Exception { - wizardBotWithLdaps( server ); + wizardBotWithLdaps( server, true ); // check trust, expect trust dialog, select trust temporary CertificateTrustDialogBot trustDialogBot = wizardBot @@ -502,6 +516,10 @@ public class CertificateValidationTest extends AbstractTestBase String result = wizardBot.clickCheckNetworkParameterButton(); assertNull( result, "Expected OK, valid and trusted certificate" ); + // view the certificate + CertificateViewerDialogBot certificateViewerBot = wizardBot.clickViewCertificateButton(); + certificateViewerBot.clickCloseButton(); + // enter correct authentication parameter wizardBot.clickNextButton(); wizardBot.typeUser( "uid=admin,ou=system" ); @@ -523,11 +541,11 @@ public class CertificateValidationTest extends AbstractTestBase public void testStartTlsCertificateValidationSmallKeysizeError( ApacheDirectoryServer server ) throws Exception { server.setKeystore( SMALL_KEYSIZE_KEYSTORE_PATH ); - wizardBotWithStartTls( server ); + wizardBotWithStartTls( server, false ); // check the certificate, expecting the trust dialog CertificateTrustDialogBot trustDialogBot = wizardBot - .clickCheckAuthenticationButtonExpectingCertificateTrustDialog(); + .clickCheckNetworkParameterButtonExpectingCertificateTrustDialog(); assertFalse( trustDialogBot.isExpired() ); assertFalse( trustDialogBot.isSelfSigned() ); assertFalse( trustDialogBot.isNotYetValid() ); @@ -550,11 +568,11 @@ public class CertificateValidationTest extends AbstractTestBase public void testStartTlsCertificateValidationExpired( ApacheDirectoryServer server ) throws Exception { server.setKeystore( EXPIRED_KEYSTORE_PATH ); - wizardBotWithStartTls( server ); + wizardBotWithStartTls( server, false ); // check the certificate, expecting the trust dialog CertificateTrustDialogBot trustDialogBot = wizardBot - .clickCheckAuthenticationButtonExpectingCertificateTrustDialog(); + .clickCheckNetworkParameterButtonExpectingCertificateTrustDialog(); assertTrue( trustDialogBot.isExpired() ); assertFalse( trustDialogBot.isSelfSigned() ); assertFalse( trustDialogBot.isNotYetValid() ); @@ -575,7 +593,7 @@ public class CertificateValidationTest extends AbstractTestBase public void testStartTlsCertificateValidationNotYetValid( ApacheDirectoryServer server ) throws Exception { server.setKeystore( NOT_YET_VALID_KEYSTORE_PATH ); - wizardBotWithStartTls( server ); + wizardBotWithStartTls( server, true ); // check the certificate, expecting the trust dialog CertificateTrustDialogBot trustDialogBot = wizardBot @@ -601,7 +619,7 @@ public class CertificateValidationTest extends AbstractTestBase public void testStartTlsCertificateValidationHostnameMismatch( ApacheDirectoryServer server ) throws Exception { server.setKeystore( WRONG_HOSTNAME_KEYSTORE_PATH ); - wizardBotWithStartTls( server ); + wizardBotWithStartTls( server, true ); // check the certificate, expecting the trust dialog CertificateTrustDialogBot trustDialogBot = wizardBot @@ -627,7 +645,7 @@ public class CertificateValidationTest extends AbstractTestBase throws Exception { server.setKeystore( UNTRUSTED_KEYSTORE_PATH ); - wizardBotWithStartTls( server ); + wizardBotWithStartTls( server, true ); // check the certificate, expecting the trust dialog CertificateTrustDialogBot trustDialogBot = wizardBot @@ -653,7 +671,7 @@ public class CertificateValidationTest extends AbstractTestBase public void testStartTlsCertificateValidationSelfSigned( ApacheDirectoryServer server ) throws Exception { server.setKeystore( SELF_SIGNED_KEYSTORE_PATH ); - wizardBotWithStartTls( server ); + wizardBotWithStartTls( server, true ); // check the certificate, expecting the trust dialog CertificateTrustDialogBot trustDialogBot = wizardBot @@ -680,7 +698,7 @@ public class CertificateValidationTest extends AbstractTestBase throws Exception { server.setKeystore( MULTIPLE_ISSUES_KEYSTORE_PATH ); - wizardBotWithStartTls( server ); + wizardBotWithStartTls( server, true ); // check the certificate, expecting the trust dialog CertificateTrustDialogBot trustDialogBot = wizardBot @@ -705,7 +723,7 @@ public class CertificateValidationTest extends AbstractTestBase @LdapServersSource public void testStartTlsCertificateDoNotTrust( TestLdapServer server ) throws Exception { - wizardBotWithStartTls( server ); + wizardBotWithStartTls( server, true ); // check trust, expect trust dialog, select don't trust CertificateTrustDialogBot trustDialogBot = wizardBot @@ -760,7 +778,7 @@ public class CertificateValidationTest extends AbstractTestBase @LdapServersSource public void testStartTlsCertificateTrustTemporary( TestLdapServer server ) throws Exception { - wizardBotWithStartTls( server ); + wizardBotWithStartTls( server, true ); // check trust, expect trust dialog, select trust temporary CertificateTrustDialogBot trustDialogBot = wizardBot @@ -802,7 +820,7 @@ public class CertificateValidationTest extends AbstractTestBase @LdapServersSource public void testStartTlsCertificateTrustPermanent( TestLdapServer server ) throws Exception { - wizardBotWithStartTls( server ); + wizardBotWithStartTls( server, true ); // check trust, expect trust dialog, select trust temporary CertificateTrustDialogBot trustDialogBot = wizardBot @@ -836,7 +854,7 @@ public class CertificateValidationTest extends AbstractTestBase } - private void wizardBotWithLdaps( TestLdapServer server ) + private void wizardBotWithLdaps( TestLdapServer server, boolean continueToAuthenticationPage ) { // enter connection parameter and authentication parameter wizardBot = connectionsViewBot.openNewConnectionWizard(); @@ -844,13 +862,16 @@ public class CertificateValidationTest extends AbstractTestBase wizardBot.typeHost( server.getHost() ); wizardBot.typePort( server.getPortSSL() ); wizardBot.selectLdapsEncryption(); - wizardBot.clickNextButton(); - wizardBot.typeUser( server.getAdminDn() ); - wizardBot.typePassword( server.getAdminPassword() ); + if ( continueToAuthenticationPage ) + { + wizardBot.clickNextButton(); + wizardBot.typeUser( server.getAdminDn() ); + wizardBot.typePassword( server.getAdminPassword() ); + } } - private void wizardBotWithStartTls( TestLdapServer server ) + private void wizardBotWithStartTls( TestLdapServer server, boolean continueToAuthenticationPage ) { // enter connection parameter and authentication parameter wizardBot = connectionsViewBot.openNewConnectionWizard(); @@ -858,9 +879,12 @@ public class CertificateValidationTest extends AbstractTestBase wizardBot.typeHost( server.getHost() ); wizardBot.typePort( server.getPort() ); wizardBot.selectStartTlsEncryption(); - wizardBot.clickNextButton(); - wizardBot.typeUser( server.getAdminDn() ); - wizardBot.typePassword( server.getAdminPassword() ); + if ( continueToAuthenticationPage ) + { + wizardBot.clickNextButton(); + wizardBot.typeUser( server.getAdminDn() ); + wizardBot.typePassword( server.getAdminPassword() ); + } } diff --git a/tests/test.integration.ui/src/main/java/org/apache/directory/studio/test/integration/ui/NewConnectionWizardTest.java b/tests/test.integration.ui/src/main/java/org/apache/directory/studio/test/integration/ui/NewConnectionWizardTest.java index de7aeee64..279399d57 100644 --- a/tests/test.integration.ui/src/main/java/org/apache/directory/studio/test/integration/ui/NewConnectionWizardTest.java +++ b/tests/test.integration.ui/src/main/java/org/apache/directory/studio/test/integration/ui/NewConnectionWizardTest.java @@ -83,6 +83,9 @@ public class NewConnectionWizardTest extends AbstractTestBase { assertTrue( wizardBot.isVisible() ); + // check network parameter buttons + assertFalse( wizardBot.isViewCertificateButtonEnabled() ); + assertFalse( wizardBot.isCheckNetworkParameterButtonEnabled() ); // ensure "Next >" and "Finish" buttons are disabled assertFalse( wizardBot.isBackButtonEnabled() ); assertFalse( wizardBot.isNextButtonEnabled() ); @@ -93,6 +96,9 @@ public class NewConnectionWizardTest extends AbstractTestBase wizardBot.typeConnectionName( getConnectionName() ); wizardBot.typeHost( "test.example.com" ); wizardBot.typePort( 389 ); + // check network parameter buttons + assertFalse( wizardBot.isViewCertificateButtonEnabled() ); + assertTrue( wizardBot.isCheckNetworkParameterButtonEnabled() ); // ensure "Next >" button is enabled assertFalse( wizardBot.isBackButtonEnabled() ); assertTrue( wizardBot.isNextButtonEnabled() ); @@ -101,6 +107,9 @@ public class NewConnectionWizardTest extends AbstractTestBase // clear host wizardBot.typeHost( "" ); + // check network parameter buttons + assertFalse( wizardBot.isViewCertificateButtonEnabled() ); + assertFalse( wizardBot.isCheckNetworkParameterButtonEnabled() ); // ensure "Next >" is disabled assertFalse( wizardBot.isBackButtonEnabled() ); assertFalse( wizardBot.isNextButtonEnabled() ); @@ -109,12 +118,48 @@ public class NewConnectionWizardTest extends AbstractTestBase // enter host again wizardBot.typeHost( "test.example.com" ); + // check network parameter buttons + assertFalse( wizardBot.isViewCertificateButtonEnabled() ); + assertTrue( wizardBot.isCheckNetworkParameterButtonEnabled() ); // ensure "Next >" button is enabled assertFalse( wizardBot.isBackButtonEnabled() ); assertTrue( wizardBot.isNextButtonEnabled() ); assertFalse( wizardBot.isFinishButtonEnabled() ); assertTrue( wizardBot.isCancelButtonEnabled() ); + // set StartTLS encryption + wizardBot.selectStartTlsEncryption(); + // check network parameter buttons + assertTrue( wizardBot.isViewCertificateButtonEnabled() ); + assertTrue( wizardBot.isCheckNetworkParameterButtonEnabled() ); + // check wizard buttons + assertFalse( wizardBot.isBackButtonEnabled() ); + assertTrue( wizardBot.isNextButtonEnabled() ); + assertFalse( wizardBot.isFinishButtonEnabled() ); + assertTrue( wizardBot.isCancelButtonEnabled() ); + + // set SSL encryption + wizardBot.selectLdapsEncryption(); + // check network parameter buttons + assertTrue( wizardBot.isViewCertificateButtonEnabled() ); + assertTrue( wizardBot.isCheckNetworkParameterButtonEnabled() ); + // check wizard buttons + assertFalse( wizardBot.isBackButtonEnabled() ); + assertTrue( wizardBot.isNextButtonEnabled() ); + assertFalse( wizardBot.isFinishButtonEnabled() ); + assertTrue( wizardBot.isCancelButtonEnabled() ); + + // set no encryption + wizardBot.selectNoEncryption(); + // check network parameter buttons + assertFalse( wizardBot.isViewCertificateButtonEnabled() ); + assertTrue( wizardBot.isCheckNetworkParameterButtonEnabled() ); + // check wizard buttons + assertFalse( wizardBot.isBackButtonEnabled() ); + assertTrue( wizardBot.isNextButtonEnabled() ); + assertFalse( wizardBot.isFinishButtonEnabled() ); + assertTrue( wizardBot.isCancelButtonEnabled() ); + wizardBot.clickNextButton(); // check default settings @@ -428,7 +473,7 @@ public class NewConnectionWizardTest extends AbstractTestBase /** - * Tests the "Check Network Parameter" button. + * Tests the "Check Authentication" button. */ @ParameterizedTest @LdapServersSource diff --git a/tests/test.integration.ui/src/main/java/org/apache/directory/studio/test/integration/ui/bots/NewConnectionWizardBot.java b/tests/test.integration.ui/src/main/java/org/apache/directory/studio/test/integration/ui/bots/NewConnectionWizardBot.java index 309ccbd20..e39f4f879 100644 --- a/tests/test.integration.ui/src/main/java/org/apache/directory/studio/test/integration/ui/bots/NewConnectionWizardBot.java +++ b/tests/test.integration.ui/src/main/java/org/apache/directory/studio/test/integration/ui/bots/NewConnectionWizardBot.java @@ -36,6 +36,7 @@ public class NewConnectionWizardBot extends WizardBot private static final String PORT = "Port:"; private static final String CHECK_AUTHENTICATION = "Check Authentication"; private static final String CHECK_NETWORK_PARAMETER = "Check Network Parameter"; + private static final String VIEW_CERTIFICATE = "View Certificate..."; private static final String BASE_DN = "Base DN:"; private static final String GET_BASE_DNS_FROM_ROOT_DSE = "Get base DNs from Root DSE"; private static final String SAVE_PASSWORD = "Save password"; @@ -49,7 +50,7 @@ public class NewConnectionWizardBot extends WizardBot private static final String SIMPLE_AUTHENTICATION = "Simple Authentication"; private static final String AUTHENTICATION_METHOD = "Authentication Method"; private static final String ENCRYPTION_METHOD = "Encryption method:"; - private static final String NO_ENCRYPTION = "No Encryption"; + private static final String NO_ENCRYPTION = "No encryption"; private static final String START_TLS_ENCRYPTION = "Use StartTLS extension"; private static final String LDAPS_ENCRYPTION = "Use SSL encryption (ldaps://)"; private static final String USE_NATIVE_TGT = "Use native TGT"; @@ -61,7 +62,6 @@ public class NewConnectionWizardBot extends WizardBot private static final String KDC_HOST = "KDC Host:"; private static final String KDC_PORT = "KDC Port:"; - public NewConnectionWizardBot() { super( TITLE ); @@ -370,6 +370,25 @@ public class NewConnectionWizardBot extends WizardBot } + public boolean isViewCertificateButtonEnabled() + { + return bot.button( VIEW_CERTIFICATE ).isEnabled(); + } + + + public CertificateViewerDialogBot clickViewCertificateButton() + { + bot.button( VIEW_CERTIFICATE ).click(); + return new CertificateViewerDialogBot(); + } + + + public boolean isCheckNetworkParameterButtonEnabled() + { + return bot.button( CHECK_NETWORK_PARAMETER ).isEnabled(); + } + + /** * Clicks the "check network parameter" button. * |