private String errorMessageForCertificateException(CertificateValidationException e) { switch (e.getReason()) { case Expired: return getString(R.string.client_certificate_expired, e.getAlias(), e.getMessage()); case MissingCapability: return getString(R.string.auth_external_error); case RetrievalFailure: return getString(R.string.client_certificate_retrieval_failure, e.getAlias()); case UseMessage: return e.getMessage(); case Unknown: default: return ""; } }
exMessage = ex.getMessage();
@Test public void open_withStartTlsButWithoutStartTlsCapability_shouldThrow() throws Exception { settings.setConnectionSecurity(ConnectionSecurity.STARTTLS_REQUIRED); MockImapServer server = new MockImapServer(); preAuthenticationDialog(server); ImapConnection imapConnection = startServerAndCreateImapConnection(server); try { imapConnection.open(); fail("Expected exception"); } catch (CertificateValidationException e) { //FIXME: CertificateValidationException seems wrong assertEquals("STARTTLS connection security not available", e.getMessage()); } server.verifyConnectionClosed(); server.verifyInteractionCompleted(); }
@Test public void open_authExternalWithAuthenticationFailure_shouldThrow() throws Exception { settings.setAuthType(AuthType.EXTERNAL); MockImapServer server = new MockImapServer(); preAuthenticationDialog(server, "AUTH=EXTERNAL"); server.expect("2 AUTHENTICATE EXTERNAL " + ByteString.encodeUtf8(USERNAME).base64()); server.output("2 NO Bad certificate"); ImapConnection imapConnection = startServerAndCreateImapConnection(server); try { imapConnection.open(); fail("Expected exception"); } catch (CertificateValidationException e) { //FIXME: improve exception message assertThat(e.getMessage(), containsString("Bad certificate")); } server.verifyConnectionClosed(); server.verifyInteractionCompleted(); }
@Test public void open_withAuthTypeExternalAndCapability_withRejection_throwsCVE() throws IOException, MessagingException { settings.setAuthType(AuthType.EXTERNAL); MockPop3Server server = new MockPop3Server(); server.output("+OK POP3 server greeting"); server.expect("AUTH"); server.output("+OK Listing of supported mechanisms follows"); server.output("PLAIN"); server.output("CRAM-MD5"); server.output("EXTERNAL"); server.output("."); server.expect("CAPA"); server.output("+OK Listing of supported mechanisms follows"); server.output("PLAIN"); server.output("CRAM-MD5"); server.output("EXTERNAL"); server.output("."); server.expect("AUTH EXTERNAL dXNlcg=="); server.output("-ERR Invalid certificate"); try { startServerAndCreateOpenConnection(server); fail("CVE expected"); } catch (CertificateValidationException e) { assertEquals("POP3 client certificate authentication failed: -ERR Invalid certificate", e.getMessage()); } server.verifyInteractionCompleted(); }