plugins/ca/root-ca/test/org/apache/cloudstack/ca/provider/RootCAProviderTest.java - cloudstack - Git at Google

 //
 // Licensed to the Apache Software Foundation (ASF) under one
 // or more contributor license agreements.  See the NOTICE file
 // distributed with this work for additional information
 // regarding copyright ownership.  The ASF licenses this file
 // to you under the Apache License, Version 2.0 (the
 // "License"); you may not use this file except in compliance
 // with the License.  You may obtain a copy of the License at
 //
 //   http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing,
 // software distributed under the License is distributed on an
 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.
 //

 package org.apache.cloudstack.ca.provider;

 import java.lang.reflect.Field;
 import java.security.InvalidKeyException;
 import java.security.KeyPair;
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
 import java.security.SignatureException;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
 import java.util.Arrays;

 import javax.net.ssl.SSLEngine;

 import org.apache.cloudstack.framework.ca.Certificate;
 import org.apache.cloudstack.framework.config.ConfigKey;
 import org.apache.cloudstack.utils.security.CertUtils;
 import org.apache.cloudstack.utils.security.SSLUtils;
 import org.joda.time.DateTime;
 import org.junit.After;
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.runners.MockitoJUnitRunner;

 @RunWith(MockitoJUnitRunner.class)
 public class RootCAProviderTest {

     private KeyPair caKeyPair;
     private X509Certificate caCertificate;

     private RootCAProvider provider;

     private void addField(final RootCAProvider provider, final String name, final Object o) throws IllegalAccessException, NoSuchFieldException {
         Field f = RootCAProvider.class.getDeclaredField(name);
         f.setAccessible(true);
         f.set(provider, o);
     }

     private void overrideDefaultConfigValue(final ConfigKey configKey, final String name, final Object o) throws IllegalAccessException, NoSuchFieldException {
         Field f = ConfigKey.class.getDeclaredField(name);
         f.setAccessible(true);
         f.set(configKey, o);
     }

     @Before
     public void setUp() throws Exception {
         caKeyPair = CertUtils.generateRandomKeyPair(1024);
         caCertificate = CertUtils.generateV3Certificate(null, caKeyPair, caKeyPair.getPublic(), "CN=ca", "SHA256withRSA", 365, null, null);

         provider = new RootCAProvider();

         addField(provider, "caKeyPair", caKeyPair);
         addField(provider, "caCertificate", caCertificate);
         addField(provider, "caKeyPair", caKeyPair);
     }

     @After
     public void tearDown() throws Exception {
     }

     @Test
     public void testCanProvisionCertificates() {
         Assert.assertTrue(provider.canProvisionCertificates());
     }

     @Test
     public void testGetCaCertificate() {
         Assert.assertTrue(provider.getCaCertificate().size() == 1);
         Assert.assertEquals(provider.getCaCertificate().get(0), caCertificate);
     }

     @Test
     public void testIssueCertificateWithoutCsr() throws NoSuchProviderException, CertificateException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
         final Certificate certificate = provider.issueCertificate(Arrays.asList("domain1.com", "domain2.com"), null, 1);
         Assert.assertTrue(certificate != null);
         Assert.assertTrue(certificate.getPrivateKey() != null);
         Assert.assertEquals(certificate.getCaCertificates().get(0), caCertificate);
         Assert.assertEquals(certificate.getClientCertificate().getIssuerDN(), caCertificate.getIssuerDN());
         Assert.assertTrue(certificate.getClientCertificate().getNotAfter().before(new DateTime().plusDays(1).toDate()));
         certificate.getClientCertificate().verify(caCertificate.getPublicKey());
     }

     @Test
     public void testIssueCertificateWithCsr() throws NoSuchProviderException, CertificateException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
         final String csr = "-----BEGIN NEW CERTIFICATE REQUEST-----\n" +
                 "MIICxTCCAa0CAQAwUDETMBEGA1UEBhMKY2xvdWRzdGFjazETMBEGA1UEChMKY2xvdWRzdGFjazET\n" +
                 "MBEGA1UECxMKY2xvdWRzdGFjazEPMA0GA1UEAxMGdi0xLVZNMIIBIjANBgkqhkiG9w0BAQEFAAOC\n" +
                 "AQ8AMIIBCgKCAQEAhi3hOrt/p0hUmoW2A+2gFAMxSINItRrHfQ6VUnHhYKZGcTN9honVFuu30tz7\n" +
                 "oSLUUx1laWEWLlIozpUcPSjOuPa5a0JS8kjplMd8DLfLNeQ6gcuEWznMRJqCaKM72qn/FAK3r11l\n" +
                 "2NofEfWbHU5QVQ5CsYF0JndspLcnmf0tnmreAzz6vlSEPQd4g2hTSsPb72eAqYd0eJnl2oXe7cF3\n" +
                 "iemg6/lWoxlh8njVFDKJ5ibNQA/RSc5syzzaQ8fn/AkZlChR5pml47elfC3GuqetfZPAEP4rebXV\n" +
                 "zEw+UVbMo5bWx4AYm1S2HxhmsWC/1J5oxluZDtC6tjMqnkKQze8HbQIDAQABoDAwLgYJKoZIhvcN\n" +
                 "AQkOMSEwHzAdBgNVHQ4EFgQUdgA1C/7vW3lUcb/dnolGjZB55/AwDQYJKoZIhvcNAQELBQADggEB\n" +
                 "AH6ynWbyW5o4h2yEvmcr+upmu/LZYkpfwIWIo+dfrHX9OHu0rhHDIgMgqEStWzrOfhAkcEocQo21\n" +
                 "E4Q39nECO+cgTCQ1nfH5BVqaMEg++n6tqXBwLmAQJkftEmB+YUPFB9OGn5TQY9Pcnof95Y8xnvtR\n" +
                 "0DvVQa9RM9IsqxgvU4wQCcaNHuEC46Wzo7lyYJ6p//GLw8UQnHxsWktt8U+vyaqXjOvz0+nJobUz\n" +
                 "Jv7r7DFkOwgS6ObBczaZsv1yx2YklcKfbsI7xVsvZAXFey2RsvSJi1QPEJC5XbwDenWnCSrPfjJg\n" +
                 "SLJ0p9tV70D6v07r1OOmBtvU5AH4N+vioAZA0BE=\n" +
                 "-----END NEW CERTIFICATE REQUEST-----\n";
         final Certificate certificate = provider.issueCertificate(csr, Arrays.asList("v-1-VM", "domain1.com", "domain2.com"), null, 1);
         Assert.assertTrue(certificate != null);
         Assert.assertTrue(certificate.getPrivateKey() == null);
         Assert.assertEquals(certificate.getCaCertificates().get(0), caCertificate);
         Assert.assertTrue(certificate.getClientCertificate().getSubjectDN().toString().startsWith("CN=v-1-VM,"));
         certificate.getClientCertificate().verify(caCertificate.getPublicKey());
     }

     @Test
     public void testRevokeCertificate() throws Exception {
         Assert.assertTrue(provider.revokeCertificate(CertUtils.generateRandomBigInt(), "anyString"));
     }

     @Test
     public void testCreateSSLEngineWithoutAuthStrictness() throws Exception {
         overrideDefaultConfigValue(RootCAProvider.rootCAAuthStrictness, "_defaultValue", "false");
         final SSLEngine e = provider.createSSLEngine(SSLUtils.getSSLContext(), "/1.2.3.4:5678", null);
         Assert.assertFalse(e.getUseClientMode());
         Assert.assertFalse(e.getNeedClientAuth());
     }

     @Test
     public void testCreateSSLEngineWithAuthStrictness() throws Exception {
         overrideDefaultConfigValue(RootCAProvider.rootCAAuthStrictness, "_defaultValue", "true");
         final SSLEngine e = provider.createSSLEngine(SSLUtils.getSSLContext(), "/1.2.3.4:5678", null);
         Assert.assertFalse(e.getUseClientMode());
         Assert.assertTrue(e.getNeedClientAuth());
     }

     @Test
     public void testGetProviderName() throws Exception {
         Assert.assertEquals(provider.getProviderName(), "root");
     }

 }
	//
	// Licensed to the Apache Software Foundation (ASF) under one
	// or more contributor license agreements. See the NOTICE file
	// distributed with this work for additional information
	// regarding copyright ownership. The ASF licenses this file
	// to you under the Apache License, Version 2.0 (the
	// "License"); you may not use this file except in compliance
	// with the License. You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing,
	// software distributed under the License is distributed on an
	// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	// KIND, either express or implied. See the License for the
	// specific language governing permissions and limitations
	// under the License.
	//

	package org.apache.cloudstack.ca.provider;

	import java.lang.reflect.Field;
	import java.security.InvalidKeyException;
	import java.security.KeyPair;
	import java.security.NoSuchAlgorithmException;
	import java.security.NoSuchProviderException;
	import java.security.SignatureException;
	import java.security.cert.CertificateException;
	import java.security.cert.X509Certificate;
	import java.util.Arrays;

	import javax.net.ssl.SSLEngine;

	import org.apache.cloudstack.framework.ca.Certificate;
	import org.apache.cloudstack.framework.config.ConfigKey;
	import org.apache.cloudstack.utils.security.CertUtils;
	import org.apache.cloudstack.utils.security.SSLUtils;
	import org.joda.time.DateTime;
	import org.junit.After;
	import org.junit.Assert;
	import org.junit.Before;
	import org.junit.Test;
	import org.junit.runner.RunWith;
	import org.mockito.runners.MockitoJUnitRunner;

	@RunWith(MockitoJUnitRunner.class)
	public class RootCAProviderTest {

	private KeyPair caKeyPair;
	private X509Certificate caCertificate;

	private RootCAProvider provider;

	private void addField(final RootCAProvider provider, final String name, final Object o) throws IllegalAccessException, NoSuchFieldException {
	Field f = RootCAProvider.class.getDeclaredField(name);
	f.setAccessible(true);
	f.set(provider, o);
	}

	private void overrideDefaultConfigValue(final ConfigKey configKey, final String name, final Object o) throws IllegalAccessException, NoSuchFieldException {
	Field f = ConfigKey.class.getDeclaredField(name);
	f.setAccessible(true);
	f.set(configKey, o);
	}

	@Before
	public void setUp() throws Exception {
	caKeyPair = CertUtils.generateRandomKeyPair(1024);
	caCertificate = CertUtils.generateV3Certificate(null, caKeyPair, caKeyPair.getPublic(), "CN=ca", "SHA256withRSA", 365, null, null);

	provider = new RootCAProvider();

	addField(provider, "caKeyPair", caKeyPair);
	addField(provider, "caCertificate", caCertificate);
	addField(provider, "caKeyPair", caKeyPair);
	}

	@After
	public void tearDown() throws Exception {
	}

	@Test
	public void testCanProvisionCertificates() {
	Assert.assertTrue(provider.canProvisionCertificates());
	}

	@Test
	public void testGetCaCertificate() {
	Assert.assertTrue(provider.getCaCertificate().size() == 1);
	Assert.assertEquals(provider.getCaCertificate().get(0), caCertificate);
	}

	@Test
	public void testIssueCertificateWithoutCsr() throws NoSuchProviderException, CertificateException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
	final Certificate certificate = provider.issueCertificate(Arrays.asList("domain1.com", "domain2.com"), null, 1);
	Assert.assertTrue(certificate != null);
	Assert.assertTrue(certificate.getPrivateKey() != null);
	Assert.assertEquals(certificate.getCaCertificates().get(0), caCertificate);
	Assert.assertEquals(certificate.getClientCertificate().getIssuerDN(), caCertificate.getIssuerDN());
	Assert.assertTrue(certificate.getClientCertificate().getNotAfter().before(new DateTime().plusDays(1).toDate()));
	certificate.getClientCertificate().verify(caCertificate.getPublicKey());
	}

	@Test
	public void testIssueCertificateWithCsr() throws NoSuchProviderException, CertificateException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
	final String csr = "-----BEGIN NEW CERTIFICATE REQUEST-----\n" +
	"MIICxTCCAa0CAQAwUDETMBEGA1UEBhMKY2xvdWRzdGFjazETMBEGA1UEChMKY2xvdWRzdGFjazET\n" +
	"MBEGA1UECxMKY2xvdWRzdGFjazEPMA0GA1UEAxMGdi0xLVZNMIIBIjANBgkqhkiG9w0BAQEFAAOC\n" +
	"AQ8AMIIBCgKCAQEAhi3hOrt/p0hUmoW2A+2gFAMxSINItRrHfQ6VUnHhYKZGcTN9honVFuu30tz7\n" +
	"oSLUUx1laWEWLlIozpUcPSjOuPa5a0JS8kjplMd8DLfLNeQ6gcuEWznMRJqCaKM72qn/FAK3r11l\n" +
	"2NofEfWbHU5QVQ5CsYF0JndspLcnmf0tnmreAzz6vlSEPQd4g2hTSsPb72eAqYd0eJnl2oXe7cF3\n" +
	"iemg6/lWoxlh8njVFDKJ5ibNQA/RSc5syzzaQ8fn/AkZlChR5pml47elfC3GuqetfZPAEP4rebXV\n" +
	"zEw+UVbMo5bWx4AYm1S2HxhmsWC/1J5oxluZDtC6tjMqnkKQze8HbQIDAQABoDAwLgYJKoZIhvcN\n" +
	"AQkOMSEwHzAdBgNVHQ4EFgQUdgA1C/7vW3lUcb/dnolGjZB55/AwDQYJKoZIhvcNAQELBQADggEB\n" +
	"AH6ynWbyW5o4h2yEvmcr+upmu/LZYkpfwIWIo+dfrHX9OHu0rhHDIgMgqEStWzrOfhAkcEocQo21\n" +
	"E4Q39nECO+cgTCQ1nfH5BVqaMEg++n6tqXBwLmAQJkftEmB+YUPFB9OGn5TQY9Pcnof95Y8xnvtR\n" +
	"0DvVQa9RM9IsqxgvU4wQCcaNHuEC46Wzo7lyYJ6p//GLw8UQnHxsWktt8U+vyaqXjOvz0+nJobUz\n" +
	"Jv7r7DFkOwgS6ObBczaZsv1yx2YklcKfbsI7xVsvZAXFey2RsvSJi1QPEJC5XbwDenWnCSrPfjJg\n" +
	"SLJ0p9tV70D6v07r1OOmBtvU5AH4N+vioAZA0BE=\n" +
	"-----END NEW CERTIFICATE REQUEST-----\n";
	final Certificate certificate = provider.issueCertificate(csr, Arrays.asList("v-1-VM", "domain1.com", "domain2.com"), null, 1);
	Assert.assertTrue(certificate != null);
	Assert.assertTrue(certificate.getPrivateKey() == null);
	Assert.assertEquals(certificate.getCaCertificates().get(0), caCertificate);
	Assert.assertTrue(certificate.getClientCertificate().getSubjectDN().toString().startsWith("CN=v-1-VM,"));
	certificate.getClientCertificate().verify(caCertificate.getPublicKey());
	}

	@Test
	public void testRevokeCertificate() throws Exception {
	Assert.assertTrue(provider.revokeCertificate(CertUtils.generateRandomBigInt(), "anyString"));
	}

	@Test
	public void testCreateSSLEngineWithoutAuthStrictness() throws Exception {
	overrideDefaultConfigValue(RootCAProvider.rootCAAuthStrictness, "_defaultValue", "false");
	final SSLEngine e = provider.createSSLEngine(SSLUtils.getSSLContext(), "/1.2.3.4:5678", null);
	Assert.assertFalse(e.getUseClientMode());
	Assert.assertFalse(e.getNeedClientAuth());
	}

	@Test
	public void testCreateSSLEngineWithAuthStrictness() throws Exception {
	overrideDefaultConfigValue(RootCAProvider.rootCAAuthStrictness, "_defaultValue", "true");
	final SSLEngine e = provider.createSSLEngine(SSLUtils.getSSLContext(), "/1.2.3.4:5678", null);
	Assert.assertFalse(e.getUseClientMode());
	Assert.assertTrue(e.getNeedClientAuth());
	}

	@Test
	public void testGetProviderName() throws Exception {
	Assert.assertEquals(provider.getProviderName(), "root");
	}

	}