@Test // Access https server via connect proxy with a hostname that doesn't resolve // the hostname may resolve at the proxy if that is accessing another DNS // we simulate this by mapping the hostname to localhost:xxx in the test proxy code public void testHttpsProxyUnknownHost() throws Exception { startProxy(null, ProxyType.HTTP); proxy.setForceUri("localhost:4043"); testTLS(Cert.NONE, Trust.SERVER_JKS, Cert.SERVER_JKS, Trust.NONE).useProxy(ProxyType.HTTP) .connectHostname("doesnt-resolve.host-name").clientTrustAll().clientVerifyHost(false).pass(); assertNotNull("connection didn't access the proxy", proxy.getLastUri()); assertEquals("hostname resolved but it shouldn't be", "doesnt-resolve.host-name:4043", proxy.getLastUri()); assertEquals("Host header doesn't contain target host", "doesnt-resolve.host-name:4043", proxy.getLastRequestHeaders().get("Host")); assertEquals("Host header doesn't contain target host", HttpMethod.CONNECT, proxy.getLastMethod()); }
@Test // Specify some matching TLS protocols public void testTLSInvalidProtocolVersion() throws Exception { testTLS(Cert.NONE, Trust.NONE, Cert.SERVER_JKS, Trust.NONE).clientTrustAll().serverEnabledSecureTransportProtocol(new String[]{"HelloWorld"}).fail(); }
@Test // Specify some matching TLS protocols public void testTLSMatchingProtocolVersions() throws Exception { testTLS(Cert.NONE, Trust.NONE, Cert.SERVER_JKS, Trust.NONE).clientTrustAll().serverEnabledSecureTransportProtocol(new String[]{"SSLv2Hello", "TLSv1", "TLSv1.1", "TLSv1.2"}).pass(); }
@Test // Specify some non matching cipher suites public void testTLSNonMatchingCipherSuites() throws Exception { testTLS(Cert.NONE, Trust.NONE, Cert.SERVER_JKS, Trust.NONE).clientTrustAll().serverEnabledCipherSuites(new String[]{"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"}).clientEnabledCipherSuites(new String[]{"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"}).fail(); }
@Test // Access https server via socks proxy with a hostname that doesn't resolve // the hostname may resolve at the proxy if that is accessing another DNS // we simulate this by mapping the hostname to localhost:xxx in the test proxy code public void testSocksProxyUnknownHost() throws Exception { startProxy(null, ProxyType.SOCKS5); proxy.setForceUri("localhost:4043"); testTLS(Cert.NONE, Trust.SERVER_JKS, Cert.SERVER_JKS, Trust.NONE).useProxy(ProxyType.SOCKS5) .connectHostname("doesnt-resolve.host-name").clientTrustAll().clientVerifyHost(false).pass(); assertNotNull("connection didn't access the proxy", proxy.getLastUri()); assertEquals("hostname resolved but it shouldn't be", "doesnt-resolve.host-name:4043", proxy.getLastUri()); } }
@Test // Specify some matching cipher suites public void testTLSMatchingCipherSuites() throws Exception { testTLS(Cert.NONE, Trust.NONE, Cert.SERVER_JKS, Trust.NONE).clientTrustAll().serverEnabledCipherSuites(ENABLED_CIPHER_SUITES).pass(); }
@Test // Client trusts all server certs public void testTLSClientTrustAll() throws Exception { testTLS(Cert.NONE, Trust.NONE, Cert.SERVER_JKS, Trust.NONE).clientTrustAll().pass(); }
@Test // Specify some non matching TLS protocols public void testTLSNonMatchingProtocolVersions() throws Exception { testTLS(Cert.NONE, Trust.NONE, Cert.SERVER_JKS, Trust.NONE).clientTrustAll().serverEnabledSecureTransportProtocol(new String[]{"TLSv1.2"}).clientEnabledSecureTransportProtocol(new String[]{"SSLv2Hello", "TLSv1.1"}).fail(); }
@Test // Access https server via socks proxy with a hostname that doesn't resolve // the hostname may resolve at the proxy if that is accessing another DNS // we simulate this by mapping the hostname to localhost:xxx in the test proxy code public void testSocksProxyUnknownHost() throws Exception { startProxy(null, ProxyType.SOCKS5); proxy.setForceUri("localhost:4043"); testTLS(Cert.NONE, Trust.SERVER_JKS, Cert.SERVER_JKS, Trust.NONE).useProxy(ProxyType.SOCKS5) .connectHostname("doesnt-resolve.host-name").clientTrustAll().clientVerifyHost(false).pass(); assertNotNull("connection didn't access the proxy", proxy.getLastUri()); assertEquals("hostname resolved but it shouldn't be", "doesnt-resolve.host-name:4043", proxy.getLastUri()); } }
@Test // Access https server via connect proxy with a hostname that doesn't resolve // the hostname may resolve at the proxy if that is accessing another DNS // we simulate this by mapping the hostname to localhost:xxx in the test proxy code public void testHttpsProxyUnknownHost() throws Exception { startProxy(null, ProxyType.HTTP); proxy.setForceUri("localhost:4043"); testTLS(Cert.NONE, Trust.SERVER_JKS, Cert.SERVER_JKS, Trust.NONE).useProxy(ProxyType.HTTP) .connectHostname("doesnt-resolve.host-name").clientTrustAll().clientVerifyHost(false).pass(); assertNotNull("connection didn't access the proxy", proxy.getLastUri()); assertEquals("hostname resolved but it shouldn't be", "doesnt-resolve.host-name:4043", proxy.getLastUri()); assertEquals("Host header doesn't contain target host", "doesnt-resolve.host-name:4043", proxy.getLastRequestHeaders().get("Host")); assertEquals("Host header doesn't contain target host", HttpMethod.CONNECT, proxy.getLastMethod()); }
@Test // Specify some matching TLS protocols public void testTLSMatchingProtocolVersions() throws Exception { testTLS(Cert.NONE, Trust.NONE, Cert.SERVER_JKS, Trust.NONE).clientTrustAll().serverEnabledSecureTransportProtocol(new String[]{"SSLv2Hello", "TLSv1", "TLSv1.1", "TLSv1.2"}).pass(); }
@Test // Specify some non matching cipher suites public void testTLSNonMatchingCipherSuites() throws Exception { testTLS(Cert.NONE, Trust.NONE, Cert.SERVER_JKS, Trust.NONE).clientTrustAll().serverEnabledCipherSuites(new String[]{"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"}).clientEnabledCipherSuites(new String[]{"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"}).fail(); }
@Test // Specify some matching TLS protocols public void testTLSInvalidProtocolVersion() throws Exception { testTLS(Cert.NONE, Trust.NONE, Cert.SERVER_JKS, Trust.NONE).clientTrustAll().serverEnabledSecureTransportProtocol(new String[]{"HelloWorld"}).fail(); }
@Test // Client trusts all server certs public void testTLSClientTrustAll() throws Exception { testTLS(Cert.NONE, Trust.NONE, Cert.SERVER_JKS, Trust.NONE).clientTrustAll().pass(); }
@Test // Specify some matching cipher suites public void testTLSMatchingCipherSuites() throws Exception { testTLS(Cert.NONE, Trust.NONE, Cert.SERVER_JKS, Trust.NONE).clientTrustAll().serverEnabledCipherSuites(ENABLED_CIPHER_SUITES).pass(); }
@Test // Specify some non matching TLS protocols public void testTLSNonMatchingProtocolVersions() throws Exception { testTLS(Cert.NONE, Trust.NONE, Cert.SERVER_JKS, Trust.NONE).clientTrustAll().serverEnabledSecureTransportProtocol(new String[]{"TLSv1.2"}).clientEnabledSecureTransportProtocol(new String[]{"SSLv2Hello", "TLSv1.1"}).fail(); }