1 | // License: GPL. For details, see LICENSE file.
|
---|
2 | package org.openstreetmap.josm.io.remotecontrol;
|
---|
3 |
|
---|
4 | import static org.junit.Assert.assertEquals;
|
---|
5 | import static org.junit.Assert.fail;
|
---|
6 |
|
---|
7 | import java.io.BufferedReader;
|
---|
8 | import java.io.IOException;
|
---|
9 | import java.io.InputStream;
|
---|
10 | import java.io.InputStreamReader;
|
---|
11 | import java.net.HttpURLConnection;
|
---|
12 | import java.net.MalformedURLException;
|
---|
13 | import java.net.URL;
|
---|
14 | import java.nio.charset.StandardCharsets;
|
---|
15 | import java.security.GeneralSecurityException;
|
---|
16 | import java.security.SecureRandom;
|
---|
17 | import java.security.cert.X509Certificate;
|
---|
18 |
|
---|
19 | import javax.net.ssl.HostnameVerifier;
|
---|
20 | import javax.net.ssl.HttpsURLConnection;
|
---|
21 | import javax.net.ssl.SSLContext;
|
---|
22 | import javax.net.ssl.SSLSession;
|
---|
23 | import javax.net.ssl.TrustManager;
|
---|
24 | import javax.net.ssl.X509TrustManager;
|
---|
25 |
|
---|
26 | import org.junit.After;
|
---|
27 | import org.junit.Before;
|
---|
28 | import org.junit.Test;
|
---|
29 | import org.openstreetmap.josm.JOSMFixture;
|
---|
30 | import org.openstreetmap.josm.Main;
|
---|
31 |
|
---|
32 | /**
|
---|
33 | * Unit tests for Remote Control
|
---|
34 | */
|
---|
35 | public class RemoteControlTest {
|
---|
36 |
|
---|
37 | private String httpBase;
|
---|
38 | private String httpsBase;
|
---|
39 |
|
---|
40 | /**
|
---|
41 | * Starts Remote control before testing requests.
|
---|
42 | */
|
---|
43 | @Before
|
---|
44 | public void setUp() {
|
---|
45 | JOSMFixture.createUnitTestFixture().init();
|
---|
46 | RemoteControl.start();
|
---|
47 | disableCertificateValidation();
|
---|
48 | httpBase = "http://127.0.0.1:"+Main.pref.getInteger("remote.control.port", 8111);
|
---|
49 | httpsBase = "https://127.0.0.1:"+Main.pref.getInteger("remote.control.https.port", 8112);
|
---|
50 | }
|
---|
51 |
|
---|
52 | /**
|
---|
53 | * Disable all HTTPS validation mechanisms as described
|
---|
54 | * <a href="http://stackoverflow.com/a/2893932/2257172">here</a> and
|
---|
55 | * <a href="http://stackoverflow.com/a/19542614/2257172">here</a>
|
---|
56 | */
|
---|
57 | public void disableCertificateValidation() {
|
---|
58 | // Create a trust manager that does not validate certificate chains
|
---|
59 | TrustManager[] trustAllCerts = new TrustManager[] {
|
---|
60 | new X509TrustManager() {
|
---|
61 | public X509Certificate[] getAcceptedIssuers() {
|
---|
62 | return null;
|
---|
63 | }
|
---|
64 | public void checkClientTrusted(X509Certificate[] certs, String authType) {
|
---|
65 | }
|
---|
66 | public void checkServerTrusted(X509Certificate[] certs, String authType) {
|
---|
67 | }
|
---|
68 | }
|
---|
69 | };
|
---|
70 |
|
---|
71 | // Install the all-trusting trust manager
|
---|
72 | try {
|
---|
73 | SSLContext sc = SSLContext.getInstance("TLS");
|
---|
74 | sc.init(null, trustAllCerts, new SecureRandom());
|
---|
75 | HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
|
---|
76 | } catch (GeneralSecurityException e) {
|
---|
77 | fail(e.getMessage());
|
---|
78 | }
|
---|
79 |
|
---|
80 | // Create all-trusting host name verifier
|
---|
81 | HostnameVerifier allHostsValid = new HostnameVerifier() {
|
---|
82 | @Override
|
---|
83 | public boolean verify(String hostname, SSLSession session) {
|
---|
84 | return true;
|
---|
85 | }
|
---|
86 | };
|
---|
87 |
|
---|
88 | // Install the all-trusting host verifier
|
---|
89 | HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
|
---|
90 | }
|
---|
91 |
|
---|
92 | /**
|
---|
93 | * Stops Remote control after testing requests.
|
---|
94 | */
|
---|
95 | @After
|
---|
96 | public void tearDown() {
|
---|
97 | RemoteControl.stop();
|
---|
98 | }
|
---|
99 |
|
---|
100 | /**
|
---|
101 | * Tests that sending an HTTP request without command results in HTTP 400, with all available commands in error message.
|
---|
102 | * @throws IOException if an I/O error occurs
|
---|
103 | * @throws MalformedURLException if HTTP URL is invalid
|
---|
104 | */
|
---|
105 | @Test
|
---|
106 | public void testHttpListOfCommands() throws MalformedURLException, IOException {
|
---|
107 | testListOfCommands(httpBase);
|
---|
108 | }
|
---|
109 |
|
---|
110 | /**
|
---|
111 | * Tests that sending an HTTPS request without command results in HTTP 400, with all available commands in error message.
|
---|
112 | * @throws IOException if an I/O error occurs
|
---|
113 | * @throws MalformedURLException if HTTPS URL is invalid
|
---|
114 | */
|
---|
115 | @Test
|
---|
116 | public void testHttpsListOfCommands() throws MalformedURLException, IOException {
|
---|
117 | testListOfCommands(httpsBase);
|
---|
118 | }
|
---|
119 |
|
---|
120 | private void testListOfCommands(String url) throws MalformedURLException, IOException {
|
---|
121 | HttpURLConnection connection = (HttpURLConnection) new URL(url).openConnection();
|
---|
122 | connection.connect();
|
---|
123 | assertEquals(connection.getResponseCode(), HttpURLConnection.HTTP_BAD_REQUEST);
|
---|
124 | try (InputStream is = connection.getErrorStream()) {
|
---|
125 | // TODO this code should be refactored somewhere in Utils as it is used in several JOSM classes
|
---|
126 | StringBuilder responseBody = new StringBuilder();
|
---|
127 | try (BufferedReader in = new BufferedReader(new InputStreamReader(is, StandardCharsets.UTF_8))) {
|
---|
128 | String s;
|
---|
129 | while((s = in.readLine()) != null) {
|
---|
130 | responseBody.append(s);
|
---|
131 | responseBody.append("\n");
|
---|
132 | }
|
---|
133 | }
|
---|
134 | assert responseBody.toString().contains(RequestProcessor.getUsageAsHtml());
|
---|
135 | } catch (IllegalAccessException e) {
|
---|
136 | fail(e.getMessage());
|
---|
137 | } catch (InstantiationException e) {
|
---|
138 | fail(e.getMessage());
|
---|
139 | }
|
---|
140 | }
|
---|
141 | }
|
---|