Swift
summaryrefslogtreecommitdiffstats
path: root/test/com/isode/stroke/tls/ServerIdentityVerifierTest.java
diff options
context:
space:
mode:
Diffstat (limited to 'test/com/isode/stroke/tls/ServerIdentityVerifierTest.java')
-rw-r--r--test/com/isode/stroke/tls/ServerIdentityVerifierTest.java185
1 files changed, 185 insertions, 0 deletions
diff --git a/test/com/isode/stroke/tls/ServerIdentityVerifierTest.java b/test/com/isode/stroke/tls/ServerIdentityVerifierTest.java
new file mode 100644
index 0000000..17a8c5a
--- /dev/null
+++ b/test/com/isode/stroke/tls/ServerIdentityVerifierTest.java
@@ -0,0 +1,185 @@
+/*
+ * Copyright (c) 2010 Isode Limited.
+ * All rights reserved.
+ * See the COPYING file for more information.
+ */
+/*
+ * Copyright (c) 2015 Tarun Gupta.
+ * Licensed under the simplified BSD license.
+ * See Documentation/Licenses/BSD-simplified.txt for more information.
+ */
+
+package com.isode.stroke.tls;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+import org.junit.Test;
+import org.junit.Before;
+import com.isode.stroke.crypto.CryptoProvider;
+import com.isode.stroke.crypto.JavaCryptoProvider;
+import com.isode.stroke.tls.SimpleCertificate;
+import com.isode.stroke.tls.Certificate;
+import com.isode.stroke.tls.ServerIdentityVerifier;
+import com.isode.stroke.base.ByteArray;
+import com.isode.stroke.idn.IDNConverter;
+import com.isode.stroke.idn.ICUConverter;
+import com.isode.stroke.jid.JID;
+
+public class ServerIdentityVerifierTest {
+
+ private IDNConverter idnConverter;
+
+ @Before
+ public void setUp() {
+ idnConverter = new ICUConverter();
+ }
+
+ @Test
+ public void testCertificateVerifies_WithoutMatchingDNSName() {
+ ServerIdentityVerifier testling = new ServerIdentityVerifier(new JID("foo@bar.com/baz"), idnConverter);
+ SimpleCertificate certificate = new SimpleCertificate();
+ certificate.addDNSName("foo.com");
+
+ assertFalse(testling.certificateVerifies(certificate));
+ }
+
+ @Test
+ public void testCertificateVerifies_WithMatchingDNSName() {
+ ServerIdentityVerifier testling = new ServerIdentityVerifier(new JID("foo@bar.com/baz"), idnConverter);
+ SimpleCertificate certificate = new SimpleCertificate();
+ certificate.addDNSName("bar.com");
+
+ assertTrue(testling.certificateVerifies(certificate));
+ }
+
+ @Test
+ public void testCertificateVerifies_WithSecondMatchingDNSName() {
+ ServerIdentityVerifier testling = new ServerIdentityVerifier(new JID("foo@bar.com/baz"), idnConverter);
+ SimpleCertificate certificate = new SimpleCertificate();
+ certificate.addDNSName("foo.com");
+ certificate.addDNSName("bar.com");
+
+ assertTrue(testling.certificateVerifies(certificate));
+ }
+
+ @Test
+ public void testCertificateVerifies_WithMatchingInternationalDNSName() {
+ ServerIdentityVerifier testling = new ServerIdentityVerifier(new JID("foo@tronçon.com/baz"), idnConverter);
+ SimpleCertificate certificate = new SimpleCertificate();
+ certificate.addDNSName("xn--tronon-zua.com");
+
+ assertTrue(testling.certificateVerifies(certificate));
+ }
+
+ @Test
+ public void testCertificateVerifies_WithMatchingDNSNameWithWildcard() {
+ ServerIdentityVerifier testling = new ServerIdentityVerifier(new JID("foo@im.bar.com/baz"), idnConverter);
+ SimpleCertificate certificate = new SimpleCertificate();
+ certificate.addDNSName("*.bar.com");
+
+ assertTrue(testling.certificateVerifies(certificate));
+ }
+
+ @Test
+ public void testCertificateVerifies_WithMatchingDNSNameWithWildcardMatchingNoComponents() {
+ ServerIdentityVerifier testling = new ServerIdentityVerifier(new JID("foo@bar.com/baz"), idnConverter);
+ SimpleCertificate certificate = new SimpleCertificate();
+ certificate.addDNSName("*.bar.com");
+
+ assertFalse(testling.certificateVerifies(certificate));
+ }
+
+ @Test
+ public void testCertificateVerifies_WithDNSNameWithWildcardMatchingTwoComponents() {
+ ServerIdentityVerifier testling = new ServerIdentityVerifier(new JID("foo@xmpp.im.bar.com/baz"), idnConverter);
+ SimpleCertificate certificate = new SimpleCertificate();
+ certificate.addDNSName("*.bar.com");
+
+ assertFalse(testling.certificateVerifies(certificate));
+ }
+
+ @Test
+ public void testCertificateVerifies_WithMatchingSRVNameWithoutService() {
+ ServerIdentityVerifier testling = new ServerIdentityVerifier(new JID("foo@bar.com/baz"), idnConverter);
+ SimpleCertificate certificate = new SimpleCertificate();
+ certificate.addSRVName("bar.com");
+
+ assertFalse(testling.certificateVerifies(certificate));
+ }
+
+ @Test
+ public void testCertificateVerifies_WithMatchingSRVNameWithService() {
+ ServerIdentityVerifier testling = new ServerIdentityVerifier(new JID("foo@bar.com/baz"), idnConverter);
+ SimpleCertificate certificate = new SimpleCertificate();
+ certificate.addSRVName("_xmpp-client.bar.com");
+
+ assertTrue(testling.certificateVerifies(certificate));
+ }
+
+ @Test
+ public void testCertificateVerifies_WithMatchingSRVNameWithServiceAndWildcard() {
+ ServerIdentityVerifier testling = new ServerIdentityVerifier(new JID("foo@im.bar.com/baz"), idnConverter);
+ SimpleCertificate certificate = new SimpleCertificate();
+ certificate.addSRVName("_xmpp-client.*.bar.com");
+
+ assertTrue(testling.certificateVerifies(certificate));
+ }
+
+ @Test
+ public void testCertificateVerifies_WithMatchingSRVNameWithDifferentService() {
+ ServerIdentityVerifier testling = new ServerIdentityVerifier(new JID("foo@bar.com/baz"), idnConverter);
+ SimpleCertificate certificate = new SimpleCertificate();
+ certificate.addSRVName("_xmpp-server.bar.com");
+
+ assertFalse(testling.certificateVerifies(certificate));
+ }
+
+ @Test
+ public void testCertificateVerifies_WithMatchingXmppAddr() {
+ ServerIdentityVerifier testling = new ServerIdentityVerifier(new JID("foo@bar.com/baz"), idnConverter);
+ SimpleCertificate certificate = new SimpleCertificate();
+ certificate.addXMPPAddress("bar.com");
+
+ assertTrue(testling.certificateVerifies(certificate));
+ }
+
+ @Test
+ public void testCertificateVerifies_WithMatchingXmppAddrWithWildcard() {
+ ServerIdentityVerifier testling = new ServerIdentityVerifier(new JID("foo@im.bar.com/baz"), idnConverter);
+ SimpleCertificate certificate = new SimpleCertificate();
+ certificate.addXMPPAddress("*.bar.com");
+
+ assertFalse(testling.certificateVerifies(certificate));
+ }
+
+ @Test
+ public void testCertificateVerifies_WithMatchingInternationalXmppAddr() {
+ ServerIdentityVerifier testling = new ServerIdentityVerifier(new JID("foo@tronçon.com/baz"), idnConverter);
+ SimpleCertificate certificate = new SimpleCertificate();
+ certificate.addXMPPAddress("tronçon.com");
+
+ assertTrue(testling.certificateVerifies(certificate));
+ }
+
+ @Test
+ public void testCertificateVerifies_WithMatchingCNWithoutSAN() {
+ ServerIdentityVerifier testling = new ServerIdentityVerifier(new JID("foo@bar.com/baz"), idnConverter);
+ SimpleCertificate certificate = new SimpleCertificate();
+ certificate.addCommonName("bar.com");
+
+ assertTrue(testling.certificateVerifies(certificate));
+ }
+
+ @Test
+ public void testCertificateVerifies_WithMatchingCNWithSAN() {
+ ServerIdentityVerifier testling = new ServerIdentityVerifier(new JID("foo@bar.com/baz"), idnConverter);
+ SimpleCertificate certificate = new SimpleCertificate();
+ certificate.addSRVName("foo.com");
+ certificate.addCommonName("bar.com");
+
+ assertFalse(testling.certificateVerifies(certificate));
+ }
+} \ No newline at end of file