1 |
|
|
2 |
|
|
3 |
|
|
4 |
|
|
5 |
|
|
6 |
|
|
7 |
|
|
8 |
|
|
9 |
|
|
10 |
|
|
11 |
|
|
12 |
|
|
13 |
|
|
14 |
|
|
15 |
|
|
16 |
|
|
17 |
|
|
18 |
|
|
19 |
|
|
20 |
|
|
21 |
|
|
22 |
|
package org.xwiki.crypto.store.filesystem.internal; |
23 |
|
|
24 |
|
import java.io.File; |
25 |
|
import java.math.BigInteger; |
26 |
|
|
27 |
|
import org.apache.commons.io.FileUtils; |
28 |
|
import org.junit.After; |
29 |
|
import org.junit.Before; |
30 |
|
import org.junit.Rule; |
31 |
|
import org.junit.Test; |
32 |
|
import org.xwiki.crypto.AsymmetricKeyFactory; |
33 |
|
import org.xwiki.crypto.BinaryStringEncoder; |
34 |
|
import org.xwiki.crypto.params.cipher.asymmetric.PrivateKeyParameters; |
35 |
|
import org.xwiki.crypto.password.PrivateKeyPasswordBasedEncryptor; |
36 |
|
import org.xwiki.crypto.pkix.CertificateFactory; |
37 |
|
import org.xwiki.crypto.pkix.params.CertifiedKeyPair; |
38 |
|
import org.xwiki.crypto.pkix.params.CertifiedPublicKey; |
39 |
|
import org.xwiki.crypto.pkix.params.x509certificate.DistinguishedName; |
40 |
|
import org.xwiki.crypto.pkix.params.x509certificate.X509CertifiedPublicKey; |
41 |
|
import org.xwiki.crypto.pkix.params.x509certificate.extension.X509Extensions; |
42 |
|
import org.xwiki.crypto.store.FileStoreReference; |
43 |
|
import org.xwiki.crypto.store.KeyStore; |
44 |
|
import org.xwiki.crypto.store.StoreReference; |
45 |
|
import org.xwiki.test.mockito.MockitoComponentMockingRule; |
46 |
|
|
47 |
|
import static org.hamcrest.CoreMatchers.equalTo; |
48 |
|
import static org.hamcrest.CoreMatchers.notNullValue; |
49 |
|
import static org.hamcrest.CoreMatchers.nullValue; |
50 |
|
import static org.junit.Assert.assertThat; |
51 |
|
import static org.mockito.Mockito.mock; |
52 |
|
import static org.mockito.Mockito.when; |
53 |
|
|
54 |
|
|
55 |
|
@link |
56 |
|
|
57 |
|
@version |
58 |
|
@since |
59 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (104) |
Complexity: 15 |
Complexity Density: 0.17 |
|
60 |
|
public class X509KeyFileSystemStoreTest |
61 |
|
{ |
62 |
|
private static final byte[] PASSWORD = "password".getBytes(); |
63 |
|
private static final byte[] PRIVATEKEY = "privatekey".getBytes(); |
64 |
|
private static final String ENCODED_PRIVATEKEY = "encoded_privatekey"; |
65 |
|
private static final byte[] ENCRYPTED_PRIVATEKEY = "encrypted_privatekey".getBytes(); |
66 |
|
private static final String ENCODED_ENCRYPTED_PRIVATEKEY = "encoded_encrypted_privatekey"; |
67 |
|
private static final byte[] CERTIFICATE = "certificate".getBytes(); |
68 |
|
private static final String ENCODED_CERTIFICATE = "encoded_certificate"; |
69 |
|
private static final byte[] SUBJECT_KEYID = "subjectKeyId".getBytes(); |
70 |
|
private static final String ENCODED_SUBJECTKEYID = "encoded_subjectKeyId"; |
71 |
|
private static final String HEXENCODED_SUBJECTKEYID = "hex_encoded_subjectKeyId"; |
72 |
|
private static final String SUBJECT = "CN=Subject"; |
73 |
|
private static final String ISSUER = "CN=Issuer"; |
74 |
|
private static final BigInteger SERIAL = new BigInteger("1234567890"); |
75 |
|
|
76 |
|
private static final File TEST_DIR = new File("target/tmp"); |
77 |
|
|
78 |
|
private static final File FILE = new File(TEST_DIR, "my.key"); |
79 |
|
private static final File DIRECTORY = new File(TEST_DIR, "keystore"); |
80 |
|
|
81 |
|
private static final File CERT_FILE = new File(DIRECTORY, HEXENCODED_SUBJECTKEYID + ".cert"); |
82 |
|
|
83 |
|
private static final File KEY_FILE = new File(DIRECTORY, HEXENCODED_SUBJECTKEYID + ".key"); |
84 |
|
|
85 |
|
private static final StoreReference SINGLE_STORE_REF = new FileStoreReference(FILE); |
86 |
|
private static final StoreReference MULTI_STORE_REF = new FileStoreReference(DIRECTORY, true); |
87 |
|
|
88 |
|
private static final String BEGIN_PRIVATE_KEY = "-----BEGIN PRIVATE KEY-----\n"; |
89 |
|
private static final String BEGIN_ENCRYPTED_PRIVATE_KEY = "-----BEGIN ENCRYPTED PRIVATE KEY-----\n"; |
90 |
|
private static final String BEGIN_CERTIFICATE = "-----BEGIN CERTIFICATE-----\n"; |
91 |
|
private static final String END_PRIVATE_KEY = "-----END PRIVATE KEY-----\n"; |
92 |
|
private static final String END_ENCRYPTED_PRIVATE_KEY = "-----END ENCRYPTED PRIVATE KEY-----\n"; |
93 |
|
private static final String END_CERTIFICATE = "-----END CERTIFICATE-----\n"; |
94 |
|
private static final String NEWLINE = "\n"; |
95 |
|
|
96 |
|
private static final String KEY_FILE_CONTENT = BEGIN_PRIVATE_KEY + ENCODED_PRIVATEKEY + NEWLINE + END_PRIVATE_KEY; |
97 |
|
private static final String ENCRYTEDKEY_FILE_CONTENT = BEGIN_ENCRYPTED_PRIVATE_KEY + ENCODED_ENCRYPTED_PRIVATEKEY |
98 |
|
+ NEWLINE + END_ENCRYPTED_PRIVATE_KEY; |
99 |
|
private static final String CERTIFICATE_FILE_CONTENT = BEGIN_CERTIFICATE + ENCODED_CERTIFICATE + NEWLINE |
100 |
|
+ END_CERTIFICATE; |
101 |
|
private static final String FILE_CONTENT = KEY_FILE_CONTENT + CERTIFICATE_FILE_CONTENT; |
102 |
|
private static final String ENCRYPTED_FILE_CONTENT = ENCRYTEDKEY_FILE_CONTENT + CERTIFICATE_FILE_CONTENT; |
103 |
|
|
104 |
|
@Rule |
105 |
|
public MockitoComponentMockingRule<KeyStore> mocker = |
106 |
|
new MockitoComponentMockingRule<KeyStore>(X509KeyFileSystemStore.class); |
107 |
|
|
108 |
|
private KeyStore store; |
109 |
|
|
110 |
|
PrivateKeyParameters privateKey; |
111 |
|
X509CertifiedPublicKey certificate; |
112 |
|
CertifiedKeyPair keyPair; |
113 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (33) |
Complexity: 1 |
Complexity Density: 0.03 |
|
114 |
13 |
@Before... |
115 |
|
public void setUp() throws Exception |
116 |
|
{ |
117 |
13 |
BinaryStringEncoder base64Encoder = mocker.getInstance(BinaryStringEncoder.class, "Base64"); |
118 |
13 |
when(base64Encoder.encode(PRIVATEKEY, 64)).thenReturn(ENCODED_PRIVATEKEY); |
119 |
13 |
when(base64Encoder.decode(ENCODED_PRIVATEKEY)).thenReturn(PRIVATEKEY); |
120 |
13 |
when(base64Encoder.encode(ENCRYPTED_PRIVATEKEY, 64)).thenReturn(ENCODED_ENCRYPTED_PRIVATEKEY); |
121 |
13 |
when(base64Encoder.decode(ENCODED_ENCRYPTED_PRIVATEKEY)).thenReturn(ENCRYPTED_PRIVATEKEY); |
122 |
13 |
when(base64Encoder.encode(CERTIFICATE, 64)).thenReturn(ENCODED_CERTIFICATE); |
123 |
13 |
when(base64Encoder.decode(ENCODED_CERTIFICATE)).thenReturn(CERTIFICATE); |
124 |
13 |
when(base64Encoder.encode(SUBJECT_KEYID)).thenReturn(ENCODED_SUBJECTKEYID); |
125 |
13 |
when(base64Encoder.decode(ENCODED_SUBJECTKEYID)).thenReturn(SUBJECT_KEYID); |
126 |
|
|
127 |
13 |
BinaryStringEncoder hexEncoder = mocker.getInstance(BinaryStringEncoder.class, "Hex"); |
128 |
13 |
when(hexEncoder.encode(SUBJECT_KEYID)).thenReturn(HEXENCODED_SUBJECTKEYID); |
129 |
|
|
130 |
13 |
privateKey = mock(PrivateKeyParameters.class); |
131 |
13 |
when(privateKey.getEncoded()).thenReturn(PRIVATEKEY); |
132 |
|
|
133 |
13 |
AsymmetricKeyFactory keyFactory = mocker.getInstance(AsymmetricKeyFactory.class); |
134 |
13 |
when(keyFactory.fromPKCS8(PRIVATEKEY)).thenReturn(privateKey); |
135 |
|
|
136 |
13 |
PrivateKeyPasswordBasedEncryptor encryptor = mocker.getInstance(PrivateKeyPasswordBasedEncryptor.class); |
137 |
13 |
when(encryptor.encrypt(PASSWORD, privateKey)).thenReturn(ENCRYPTED_PRIVATEKEY); |
138 |
13 |
when(encryptor.decrypt(PASSWORD, ENCRYPTED_PRIVATEKEY)).thenReturn(privateKey); |
139 |
|
|
140 |
13 |
certificate = mock(X509CertifiedPublicKey.class); |
141 |
13 |
when(certificate.getSerialNumber()).thenReturn(SERIAL); |
142 |
13 |
when(certificate.getIssuer()).thenReturn(new DistinguishedName(ISSUER)); |
143 |
13 |
when(certificate.getSubject()).thenReturn(new DistinguishedName(SUBJECT)); |
144 |
13 |
when(certificate.getEncoded()).thenReturn(CERTIFICATE); |
145 |
|
|
146 |
13 |
CertificateFactory certificateFactory = mocker.getInstance(CertificateFactory.class, "X509"); |
147 |
13 |
when(certificateFactory.decode(CERTIFICATE)).thenReturn(certificate); |
148 |
|
|
149 |
13 |
X509Extensions extensions = mock(X509Extensions.class); |
150 |
13 |
when(certificate.getExtensions()).thenReturn(extensions); |
151 |
13 |
when(extensions.getSubjectKeyIdentifier()).thenReturn(SUBJECT_KEYID); |
152 |
13 |
when(certificate.getSubjectKeyIdentifier()).thenReturn(SUBJECT_KEYID); |
153 |
|
|
154 |
13 |
keyPair = new CertifiedKeyPair(privateKey, certificate); |
155 |
|
|
156 |
13 |
store = mocker.getComponentUnderTest(); |
157 |
|
|
158 |
13 |
FileUtils.deleteDirectory(TEST_DIR); |
159 |
13 |
TEST_DIR.mkdirs(); |
160 |
|
} |
161 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (1) |
Complexity: 1 |
Complexity Density: 1 |
|
162 |
13 |
@After... |
163 |
|
public void deleteTestFiles() throws Exception { |
164 |
13 |
FileUtils.deleteDirectory(TEST_DIR); |
165 |
|
} |
166 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (2) |
Complexity: 1 |
Complexity Density: 0.5 |
1PASS
|
|
167 |
1 |
@Test... |
168 |
|
public void testStoringPrivateKeyToFile() throws Exception |
169 |
|
{ |
170 |
1 |
store.store(SINGLE_STORE_REF, keyPair); |
171 |
|
|
172 |
1 |
assertThat(FileUtils.readFileToString(FILE), equalTo(FILE_CONTENT)); |
173 |
|
} |
174 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (3) |
Complexity: 1 |
Complexity Density: 0.33 |
1PASS
|
|
175 |
1 |
@Test... |
176 |
|
public void testStoringPrivateKeyToDirectory() throws Exception |
177 |
|
{ |
178 |
1 |
store.store(MULTI_STORE_REF, keyPair); |
179 |
|
|
180 |
1 |
assertThat(FileUtils.readFileToString(KEY_FILE), |
181 |
|
equalTo(KEY_FILE_CONTENT)); |
182 |
1 |
assertThat(FileUtils.readFileToString(CERT_FILE), |
183 |
|
equalTo(CERTIFICATE_FILE_CONTENT)); |
184 |
|
} |
185 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (2) |
Complexity: 1 |
Complexity Density: 0.5 |
1PASS
|
|
186 |
1 |
@Test... |
187 |
|
public void testStoringEncryptedPrivateKeyToFile() throws Exception |
188 |
|
{ |
189 |
1 |
store.store(SINGLE_STORE_REF, keyPair, PASSWORD); |
190 |
|
|
191 |
1 |
assertThat(FileUtils.readFileToString(FILE), equalTo(ENCRYPTED_FILE_CONTENT)); |
192 |
|
} |
193 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (3) |
Complexity: 1 |
Complexity Density: 0.33 |
1PASS
|
|
194 |
1 |
@Test... |
195 |
|
public void testStoringEncryptedPrivateKeyToDirectory() throws Exception |
196 |
|
{ |
197 |
1 |
store.store(MULTI_STORE_REF, keyPair, PASSWORD); |
198 |
|
|
199 |
1 |
assertThat(FileUtils.readFileToString(KEY_FILE), |
200 |
|
equalTo(ENCRYTEDKEY_FILE_CONTENT)); |
201 |
1 |
assertThat(FileUtils.readFileToString(CERT_FILE), |
202 |
|
equalTo(CERTIFICATE_FILE_CONTENT)); |
203 |
|
} |
204 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (5) |
Complexity: 1 |
Complexity Density: 0.2 |
1PASS
|
|
205 |
1 |
@Test... |
206 |
|
public void testRetrievePrivateKeyFromFile() throws Exception |
207 |
|
{ |
208 |
1 |
FileUtils.writeStringToFile(FILE, FILE_CONTENT); |
209 |
|
|
210 |
1 |
CertifiedKeyPair keyPair = store.retrieve(SINGLE_STORE_REF); |
211 |
1 |
assertThat(keyPair, notNullValue()); |
212 |
1 |
assertThat(keyPair.getPrivateKey(), equalTo(privateKey)); |
213 |
1 |
assertThat(keyPair.getCertificate(), equalTo((CertifiedPublicKey) certificate)); |
214 |
|
} |
215 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (5) |
Complexity: 1 |
Complexity Density: 0.2 |
1PASS
|
|
216 |
1 |
@Test... |
217 |
|
public void testRetrieveEncryptedPrivateKeyFromFile() throws Exception |
218 |
|
{ |
219 |
1 |
FileUtils.writeStringToFile(FILE, ENCRYPTED_FILE_CONTENT); |
220 |
|
|
221 |
1 |
CertifiedKeyPair keyPair = store.retrieve(SINGLE_STORE_REF, PASSWORD); |
222 |
1 |
assertThat(keyPair, notNullValue()); |
223 |
1 |
assertThat(keyPair.getPrivateKey(), equalTo(privateKey)); |
224 |
1 |
assertThat(keyPair.getCertificate(), equalTo((CertifiedPublicKey) certificate)); |
225 |
|
} |
226 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (7) |
Complexity: 1 |
Complexity Density: 0.14 |
1PASS
|
|
227 |
1 |
@Test... |
228 |
|
public void testRetrievePrivateKeyFromDirectory() throws Exception |
229 |
|
{ |
230 |
1 |
DIRECTORY.mkdirs(); |
231 |
1 |
FileUtils.writeStringToFile(KEY_FILE, KEY_FILE_CONTENT); |
232 |
1 |
FileUtils.writeStringToFile(CERT_FILE, CERTIFICATE_FILE_CONTENT); |
233 |
|
|
234 |
1 |
CertifiedKeyPair keyPair = store.retrieve(MULTI_STORE_REF, certificate); |
235 |
1 |
assertThat(keyPair, notNullValue()); |
236 |
1 |
assertThat(keyPair.getPrivateKey(), equalTo(privateKey)); |
237 |
1 |
assertThat(keyPair.getCertificate(), equalTo((CertifiedPublicKey) certificate)); |
238 |
|
} |
239 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (7) |
Complexity: 1 |
Complexity Density: 0.14 |
1PASS
|
|
240 |
1 |
@Test... |
241 |
|
public void testRetrieveEncryptedPrivateKeyFromDirectory() throws Exception |
242 |
|
{ |
243 |
1 |
DIRECTORY.mkdirs(); |
244 |
1 |
FileUtils.writeStringToFile(KEY_FILE, ENCRYTEDKEY_FILE_CONTENT); |
245 |
1 |
FileUtils.writeStringToFile(CERT_FILE, CERTIFICATE_FILE_CONTENT); |
246 |
|
|
247 |
1 |
CertifiedKeyPair keyPair = store.retrieve(MULTI_STORE_REF, certificate, PASSWORD); |
248 |
1 |
assertThat(keyPair, notNullValue()); |
249 |
1 |
assertThat(keyPair.getPrivateKey(), equalTo(privateKey)); |
250 |
1 |
assertThat(keyPair.getCertificate(), equalTo((CertifiedPublicKey) certificate)); |
251 |
|
} |
252 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (3) |
Complexity: 1 |
Complexity Density: 0.33 |
1PASS
|
|
253 |
1 |
@Test... |
254 |
|
public void testRetrieveMissingPrivateKeyFromFile() throws Exception |
255 |
|
{ |
256 |
1 |
FileUtils.writeStringToFile(FILE, CERTIFICATE_FILE_CONTENT); |
257 |
|
|
258 |
1 |
CertifiedKeyPair keyPair = store.retrieve(SINGLE_STORE_REF); |
259 |
1 |
assertThat(keyPair, nullValue()); |
260 |
|
} |
261 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (3) |
Complexity: 1 |
Complexity Density: 0.33 |
1PASS
|
|
262 |
1 |
@Test... |
263 |
|
public void testRetrieveMissingCertificateFromFile() throws Exception |
264 |
|
{ |
265 |
1 |
FileUtils.writeStringToFile(FILE, KEY_FILE_CONTENT); |
266 |
|
|
267 |
1 |
CertifiedKeyPair keyPair = store.retrieve(SINGLE_STORE_REF); |
268 |
1 |
assertThat(keyPair, nullValue()); |
269 |
|
} |
270 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (4) |
Complexity: 1 |
Complexity Density: 0.25 |
1PASS
|
|
271 |
1 |
@Test... |
272 |
|
public void testRetrieveMissingPrivateKeyFromDirectory() throws Exception |
273 |
|
{ |
274 |
1 |
DIRECTORY.mkdirs(); |
275 |
1 |
FileUtils.writeStringToFile(CERT_FILE, CERTIFICATE_FILE_CONTENT); |
276 |
|
|
277 |
1 |
CertifiedKeyPair keyPair = store.retrieve(MULTI_STORE_REF, certificate); |
278 |
1 |
assertThat(keyPair, nullValue()); |
279 |
|
} |
280 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (6) |
Complexity: 1 |
Complexity Density: 0.17 |
1PASS
|
|
281 |
1 |
@Test... |
282 |
|
public void testRetrieveMissingCertificateFromDirectory() throws Exception |
283 |
|
{ |
284 |
1 |
DIRECTORY.mkdirs(); |
285 |
1 |
FileUtils.writeStringToFile(KEY_FILE, KEY_FILE_CONTENT); |
286 |
|
|
287 |
1 |
CertifiedKeyPair keyPair = store.retrieve(MULTI_STORE_REF, certificate); |
288 |
1 |
assertThat(keyPair, notNullValue()); |
289 |
1 |
assertThat(keyPair.getPrivateKey(), equalTo(privateKey)); |
290 |
1 |
assertThat(keyPair.getCertificate(), equalTo((CertifiedPublicKey) certificate)); |
291 |
|
} |
292 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (5) |
Complexity: 1 |
Complexity Density: 0.2 |
1PASS
|
|
293 |
1 |
@Test... |
294 |
|
public void testStoringPrivateKeyToDirectoryWithoutSubjectID() throws Exception |
295 |
|
{ |
296 |
1 |
when(certificate.getExtensions()).thenReturn(null); |
297 |
1 |
when(certificate.getSubjectKeyIdentifier()).thenReturn(null); |
298 |
|
|
299 |
1 |
store.store(MULTI_STORE_REF, keyPair); |
300 |
|
|
301 |
1 |
assertThat(FileUtils.readFileToString(new File(DIRECTORY, SERIAL + ", " + ISSUER + ".key")), |
302 |
|
equalTo(KEY_FILE_CONTENT)); |
303 |
1 |
assertThat(FileUtils.readFileToString(new File(DIRECTORY, SERIAL + ", " + ISSUER + ".cert")), |
304 |
|
equalTo(CERTIFICATE_FILE_CONTENT)); |
305 |
|
} |
306 |
|
|
307 |
|
} |