001: /*
002: * JBoss, Home of Professional Open Source.
003: * Copyright 2006, Red Hat Middleware LLC, and individual contributors
004: * as indicated by the @author tags. See the copyright.txt file in the
005: * distribution for a full listing of individual contributors.
006: *
007: * This is free software; you can redistribute it and/or modify it
008: * under the terms of the GNU Lesser General Public License as
009: * published by the Free Software Foundation; either version 2.1 of
010: * the License, or (at your option) any later version.
011: *
012: * This software is distributed in the hope that it will be useful,
013: * but WITHOUT ANY WARRANTY; without even the implied warranty of
014: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
015: * Lesser General Public License for more details.
016: *
017: * You should have received a copy of the GNU Lesser General Public
018: * License along with this software; if not, write to the Free
019: * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
020: * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
021: */
022: package org.jboss.test.web.test.ssl;
023:
024: import java.net.HttpURLConnection;
025:
026: import junit.framework.Test;
027: import org.apache.commons.httpclient.Header;
028: import org.apache.commons.httpclient.HttpClient;
029: import org.apache.commons.httpclient.methods.GetMethod;
030: import org.jboss.test.JBossTestCase;
031:
032: /** Tests of ssl and CLIENT-CERT auth
033: *
034: * @author Scott.Stark@jboss.org
035: * @author Anil.Saldhana@jboss.org
036: * @version $Revision: 60356 $
037: */
038: public class SSLUnitTestCase extends JBossTestCase {
039: private String baseHttpNoAuth = "http://" + getServerHost() + ":"
040: + Integer.getInteger("web.port", 8080) + "/";
041: private String baseHttpsNoAuth = "https://" + getServerHost() + ":"
042: + Integer.getInteger("secureweb.port", 8443) + "/";
043:
044: public SSLUnitTestCase(String name) {
045: super (name);
046: }
047:
048: /** Test that access of the transport constrained redirects to the ssl connector
049: *
050: * @throws Exception
051: */
052: public void testHttpRedirect() throws Exception {
053: log.info("+++ testHttpRedirect");
054: doHttpRedirect(baseHttpNoAuth);
055: }
056:
057: /** Test that access of the transport constrained redirects to the ssl connector
058: * when using the SecurityDomain based connector config.
059: *
060: * @throws Exception
061: */
062: public void testHttpRedirectSecurityDomain() throws Exception {
063: log.info("+++ testHttpRedirectSecurityDomain");
064: int port = Integer.getInteger("web.port", 8080).intValue();
065: port += 1000;
066: String httpNoAuth = "http://" + getServerHost() + ":" + port
067: + "/";
068: doHttpRedirect(httpNoAuth);
069: }
070:
071: /** Test that access of the transport constrained
072: *
073: * @throws Exception
074: */
075: public void testHttps() throws Exception {
076: log.info("+++ testHttps");
077: doHttps(baseHttpsNoAuth);
078: }
079:
080: public void testHttpsSecurityDomain() throws Exception {
081: log.info("+++ testHttps");
082: int port = Integer.getInteger("secureweb.port", 8443)
083: .intValue();
084: port += 1000;
085: String httpsNoAuth = "https://" + getServerHost() + ":" + port
086: + "/";
087: doHttps(httpsNoAuth);
088: }
089:
090: /**
091: * Test masking of Keystore password via encryption
092: * @throws Exception
093: */
094: public void testEncryptPassword() throws Exception {
095: log.info("+++ testHttps");
096: int port = Integer.getInteger("secureweb.port", 8443)
097: .intValue();
098: port += 1500;
099: String httpsNoAuth = "https://" + getServerHost() + ":" + port
100: + "/";
101: doHttps(httpsNoAuth);
102: }
103:
104: private void doHttpRedirect(String httpNoAuth) throws Exception {
105: log.info("+++ testHttpRedirect, httpNoAuth=" + httpNoAuth);
106: // Start by accessing the secured index.html of war1
107: HttpClient httpConn = new HttpClient();
108: String url = httpNoAuth
109: + "clientcert-auth/unrestricted/SecureServlet";
110: log.info("Accessing: " + url);
111: GetMethod get = new GetMethod(url);
112: get.setFollowRedirects(false);
113: int responseCode = httpConn.executeMethod(get);
114: String status = get.getStatusText();
115: log.debug(status);
116: assertTrue("Get HTTP_MOVED_TEMP(" + responseCode + ")",
117: responseCode == HttpURLConnection.HTTP_MOVED_TEMP);
118:
119: Header hdr = get.getResponseHeader("Location");
120: url = hdr.getValue();
121: get = new GetMethod(url);
122: responseCode = httpConn.executeMethod(get);
123: status = get.getStatusText();
124: log.debug(status);
125: assertTrue("Get OK(" + responseCode + ")",
126: responseCode == HttpURLConnection.HTTP_OK);
127: }
128:
129: public void doHttps(String httpsNoAuth) throws Exception {
130: log.info("+++ doHttps, httpsNoAuth=" + httpsNoAuth);
131: // Start by accessing the secured index.html of war1
132: HttpClient httpConn = new HttpClient();
133: String url = httpsNoAuth
134: + "clientcert-auth/unrestricted/SecureServlet";
135: log.info("Accessing: " + url);
136: GetMethod get = new GetMethod(url);
137: int responseCode = httpConn.executeMethod(get);
138: String status = get.getStatusText();
139: log.debug(status);
140: assertTrue("Get OK(" + responseCode + ")",
141: responseCode == HttpURLConnection.HTTP_OK);
142: }
143:
144: /** One time setup for all SingleSignOnUnitTestCase unit tests
145: */
146: public static Test suite() throws Exception {
147: Test suite = getDeploySetup(SSLUnitTestCase.class,
148: "clientcert-auth.war");
149: return suite;
150: }
151: }
|