diff options
author | Ricki Hirner <hirner@bitfire.at> | 2019-02-20 20:15:20 +0300 |
---|---|---|
committer | Ricki Hirner <hirner@bitfire.at> | 2019-02-20 20:19:08 +0300 |
commit | aaeb4de094b613e1be68d170522c42a3d974edf4 (patch) | |
tree | 4e2571d84586312d5b1d15b7caa26f695df79afa /src | |
parent | fa58cc80d7e8262b67223178b81b5a08680e34a0 (diff) |
Add test
Diffstat (limited to 'src')
-rw-r--r-- | src/androidTest/java/at/bitfire/cert4android/CertTlsSocketFactoryTest.kt | 127 | ||||
-rw-r--r-- | src/androidTest/resources/sample.crt | 24 | ||||
-rw-r--r-- | src/androidTest/resources/sample.key | bin | 0 -> 1220 bytes |
3 files changed, 151 insertions, 0 deletions
diff --git a/src/androidTest/java/at/bitfire/cert4android/CertTlsSocketFactoryTest.kt b/src/androidTest/java/at/bitfire/cert4android/CertTlsSocketFactoryTest.kt new file mode 100644 index 0000000..521bfb5 --- /dev/null +++ b/src/androidTest/java/at/bitfire/cert4android/CertTlsSocketFactoryTest.kt @@ -0,0 +1,127 @@ +/* + * Copyright © Ricki Hirner (bitfire web engineering). + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the GNU Public License v3.0 + * which accompanies this distribution, and is available at + * http://www.gnu.org/licenses/gpl.html + */ + +package at.bitfire.cert4android + +import androidx.test.platform.app.InstrumentationRegistry.getInstrumentation +import okhttp3.OkHttpClient +import okhttp3.Request +import okhttp3.mockwebserver.MockWebServer +import org.apache.commons.io.IOUtils +import org.apache.commons.lang3.ArrayUtils.contains +import org.junit.After +import org.junit.Assert.* +import org.junit.Before +import org.junit.Test +import java.net.Socket +import java.security.KeyFactory +import java.security.KeyStore +import java.security.Principal +import java.security.cert.CertificateFactory +import java.security.cert.X509Certificate +import java.security.spec.PKCS8EncodedKeySpec +import javax.net.ssl.SSLSocket +import javax.net.ssl.TrustManagerFactory +import javax.net.ssl.X509ExtendedKeyManager +import javax.net.ssl.X509TrustManager + +class CertTlsSocketFactoryTest { + + private lateinit var certMgr: CustomCertManager + private lateinit var factory: CertTlsSocketFactory + private val server = MockWebServer() + + @Before + fun startServer() { + certMgr = CustomCertManager(getInstrumentation().context, false, true) + factory = CertTlsSocketFactory(null, certMgr) + server.start() + } + + @After + fun stopServer() { + server.shutdown() + certMgr.close() + } + + + @Test + fun testSendClientCertificate() { + var public: X509Certificate? = null + javaClass.classLoader!!.getResourceAsStream("sample.crt").use { + public = CertificateFactory.getInstance("X509").generateCertificate(it) as? X509Certificate + } + assertNotNull(public) + + val keyFactory = KeyFactory.getInstance("RSA") + val private = keyFactory.generatePrivate(PKCS8EncodedKeySpec(readResource("sample.key"))) + assertNotNull(private) + + val keyStore = KeyStore.getInstance("AndroidKeyStore") + keyStore.load(null) + val alias = "sample" + keyStore.setKeyEntry(alias, private, null, arrayOf(public)) + assertTrue(keyStore.containsAlias(alias)) + + val trustManagerFactory = TrustManagerFactory.getInstance("X509") + trustManagerFactory.init(null as KeyStore?) + val trustManager = trustManagerFactory.trustManagers.first() as X509TrustManager + + val factory = CertTlsSocketFactory(object: X509ExtendedKeyManager() { + override fun getServerAliases(p0: String?, p1: Array<out Principal>?): Array<String>? = null + override fun chooseServerAlias(p0: String?, p1: Array<out Principal>?, p2: Socket?) = null + + override fun getClientAliases(p0: String?, p1: Array<out Principal>?) = + arrayOf(alias) + + override fun chooseClientAlias(p0: Array<out String>?, p1: Array<out Principal>?, p2: Socket?) = + alias + + override fun getCertificateChain(forAlias: String?) = + arrayOf(public).takeIf { forAlias == alias } + + override fun getPrivateKey(forAlias: String?) = + private.takeIf { forAlias == alias } + }, trustManager) + + /* known client cert test URLs (thanks!): + * - https://prod.idrix.eu/secure/ + * - https://server.cryptomix.com/secure/ + */ + val client = OkHttpClient.Builder() + .sslSocketFactory(factory, trustManager) + .build() + client.newCall(Request.Builder() + .get() + .url("https://prod.idrix.eu/secure/") + .build()).execute().use { response -> + assertTrue(response.isSuccessful) + assertTrue(response.body()!!.string().contains("CN=User Cert,O=Internet Widgits Pty Ltd,ST=Some-State,C=CA")) + } + } + + @Test + fun testUpgradeTLS() { + val s = factory.createSocket(server.hostName, server.port) + assertTrue(s is SSLSocket) + val ssl = s as SSLSocket + + assertFalse(contains(ssl.enabledProtocols, "SSLv3")) + assertTrue(contains(ssl.enabledProtocols, "TLSv1")) + assertTrue(contains(ssl.enabledProtocols, "TLSv1.1")) + assertTrue(contains(ssl.enabledProtocols, "TLSv1.2")) + } + + + private fun readResource(name: String): ByteArray { + javaClass.classLoader!!.getResourceAsStream(name).use { + return IOUtils.toByteArray(it) + } + } + +} diff --git a/src/androidTest/resources/sample.crt b/src/androidTest/resources/sample.crt new file mode 100644 index 0000000..c813980 --- /dev/null +++ b/src/androidTest/resources/sample.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEEzCCAfsCAQEwDQYJKoZIhvcNAQEFBQAwRjELMAkGA1UEBhMCQ0ExEzARBgNV +BAgMClNvbWUtU3RhdGUxEDAOBgNVBAoMB0NBIENlcnQxEDAOBgNVBAMMB0NBIENl +cnQwHhcNMTgwMTEzMjAyOTI5WhcNMTkwMTEzMjAyOTI5WjBZMQswCQYDVQQGEwJD +QTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0 +cyBQdHkgTHRkMRIwEAYDVQQDDAlVc2VyIENlcnQwggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQDqOyHAeG4psE/f6i/eTfwbhn6j7WaFXxZiSOWwpQZmzRrx +MrfkABJCk0X7KNgCaJcmBkG9G1Ri4HfKrxvJFswMXknlq+0ulGBk7oDnZM+pihuX +3D9VCWMMkCqYhLCGADj2zB2mkX4LpcMRi6XoOetKURE/vcIy7rSLAtJM6ZRdftfh +2ZxnautS1Tyujh9Au3NI/+Of80tT/nA+oBJQeT1fB/ga1OQlZP5kjSaA7IPiIbTz +QBO+r898MvqK/lwsvOYnWAp7TY03z+vPfCs0zjijZEl9Wrl0hW6o5db5kU1v5bcr +p87hxFJsGD2HIr2y6kvYfL2hn+h9iANyYdRnUgapAgMBAAEwDQYJKoZIhvcNAQEF +BQADggIBAHANsiJITedXPyp89lVMEmGY3zKtOqgQ3tqjvjlNt2sdPnj7wmZbmrNd +sa90S/UwOn8PzEFOVxYy1BPlljlEjtjmc4OHMcm4P4Zv36uawHilmK8V+zT59gCK +ftB5FP2TLFUFi2X9o8J06d0xJRE77uewN155NV4RmPuP4b/tMmeixoQppHqLqEr5 +lgEUnt3Mh1ctmeFQFJR6lJ01hlB0gdpVHIhzrVLTO3uo8ePLJTmxP6tyKl/HXj9F +mpVsKb1kriKwbkGczfw99OUZeUVbTwQOR07r0SrG71B7IuDvxIORnhQc1OUjt7ob +wjdaZauAHxpGBRu+hw9Yqaxchk9Gldy1nEjGyyVCD0FU5taXbl8PhBWEDc4U9tI+ +xVNmPpsSuCsbz3Mjd1YIVRGL99vLrKsQcj+TNM+jJKKRKes3ihl+l/0FwG6UuO7L +EvjlUg5hOtYi1D7xuYyMjroGBGh7swYMt6w4eCDbcjzcCkaCi0H2pScM/rLBpDjS +LIoGCvZ1LBdi933/iOj1/8dxGZwY6fEgcyiD2n0xAgYIniLWjEZXOMdIK5FNTNga +Tswanvp+6Noa4oIu/hl/LXvPMsouaWfSEbRe0Dshi3GpLj3YtEHoN9DHB8bn7jy5 +34By81GT41m5kq3hWP//x9kSHYSADpbovCbKbElU1qSt6vTVR4nq +-----END CERTIFICATE----- diff --git a/src/androidTest/resources/sample.key b/src/androidTest/resources/sample.key Binary files differnew file mode 100644 index 0000000..af8f903 --- /dev/null +++ b/src/androidTest/resources/sample.key |