server/protocols/jmap-draft/src/test/java/org/apache/james/jmap/draft/crypto/SecurityKeyLoaderTest.java

/****************************************************************
 * Licensed to the Apache Software Foundation (ASF) under one   *
 * or more contributor license agreements.  See the NOTICE file *
 * distributed with this work for additional information        *
 * regarding copyright ownership.  The ASF licenses this file   *
 * to you under the Apache License, Version 2.0 (the            *
 * "License"); you may not use this file except in compliance   *
 * with the License.  You may obtain a copy of the License at   *
 *                                                              *
 *   http://www.apache.org/licenses/LICENSE-2.0                 *
 *                                                              *
 * Unless required by applicable law or agreed to in writing,   *
 * software distributed under the License is distributed on an  *
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY       *
 * KIND, either express or implied.  See the License for the    *
 * specific language governing permissions and limitations      *
 * under the License.                                           *
 ****************************************************************/

package org.apache.james.jmap.draft.crypto;

import static org.apache.james.jmap.draft.crypto.JamesSignatureHandlerFixture.JWT_PUBLIC_KEY;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;

import java.security.KeyStoreException;

import org.apache.james.filesystem.api.FileSystemFixture;
import org.apache.james.jmap.draft.JMAPDraftConfiguration;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.ValueSource;

import com.google.common.collect.ImmutableList;

import nl.altindag.ssl.exception.GenericKeyStoreException;

class SecurityKeyLoaderTest {
    @Test
    void loadShouldThrowWhenJMAPIsNotEnabled() {
        JMAPDraftConfiguration jmapConfiguration = JMAPDraftConfiguration.builder()
            .disable()
            .jwtPublicKeyPem(ImmutableList.of(JWT_PUBLIC_KEY))
            .keystore("keystore")
            .secret("james72laBalle")
            .build();

        SecurityKeyLoader loader = new SecurityKeyLoader(
            FileSystemFixture.CLASSPATH_FILE_SYSTEM,
            jmapConfiguration);

        assertThatThrownBy(loader::load)
            .isInstanceOf(RuntimeException.class)
            .hasMessage("JMAP is not enabled");
    }

    @Test
    void loadShouldThrowWhenWrongKeystore() {
        JMAPDraftConfiguration jmapDraftConfiguration = JMAPDraftConfiguration.builder()
            .enable()
            .jwtPublicKeyPem(ImmutableList.of(JWT_PUBLIC_KEY))
            .keystore("badAliasKeystore")
            .secret("password")
            .build();

        SecurityKeyLoader loader = new SecurityKeyLoader(
            FileSystemFixture.CLASSPATH_FILE_SYSTEM,
            jmapDraftConfiguration);

        assertThatThrownBy(loader::load)
            .isInstanceOf(KeyStoreException.class)
            .hasMessage("Alias 'james' keystore can't be found");
    }

    @Test
    void loadShouldThrowWhenWrongPassword() {
        JMAPDraftConfiguration jmapDraftConfiguration = JMAPDraftConfiguration.builder()
            .enable()
            .jwtPublicKeyPem(ImmutableList.of(JWT_PUBLIC_KEY))
            .keystore("keystore")
            .secret("WrongPassword")
            .build();

        SecurityKeyLoader loader = new SecurityKeyLoader(
            FileSystemFixture.CLASSPATH_FILE_SYSTEM,
            jmapDraftConfiguration);

        assertThatThrownBy(loader::load)
            .isInstanceOf(GenericKeyStoreException.class)
            .hasMessageContaining("Keystore was tampered with, or password was incorrect");
    }

    @Test
    void loadShouldReturnAsymmetricKeysWhenCorrectPassword() throws Exception {
        JMAPDraftConfiguration jmapDraftConfiguration = JMAPDraftConfiguration.builder()
            .enable()
            .jwtPublicKeyPem(ImmutableList.of(JWT_PUBLIC_KEY))
            .keystore("keystore")
            .secret("james72laBalle")
            .build();

        SecurityKeyLoader loader = new SecurityKeyLoader(
            FileSystemFixture.CLASSPATH_FILE_SYSTEM,
            jmapDraftConfiguration);

        assertThat(loader.load())
            .isNotNull();
    }

    @Test
    void loadShouldReturnAsymmetricKeysWhenRawPublicKey() throws Exception {
        JMAPDraftConfiguration jmapDraftConfiguration = JMAPDraftConfiguration.builder()
            .enable()
            .jwtPublicKeyPem(ImmutableList.of(JWT_PUBLIC_KEY))
            .certificates("key.pub")
            .privateKey("private.nopass.key")
            .build();

        SecurityKeyLoader loader = new SecurityKeyLoader(
            FileSystemFixture.CLASSPATH_FILE_SYSTEM,
            jmapDraftConfiguration);

        assertThat(loader.load())
            .isNotNull();
    }

    @ParameterizedTest
    @ValueSource(strings = {
        "keystoreJava7",
        "keystoreJava11",
    })
    void loadShouldReturnAsymmetricKeysWhenUsingKeyStoreGeneratedByDifferentJavaVersions(
        String keyStoreInDifferentVersion) throws Exception {

        JMAPDraftConfiguration jmapDraftConfiguration = JMAPDraftConfiguration.builder()
            .enable()
            .jwtPublicKeyPem(ImmutableList.of(JWT_PUBLIC_KEY))
            .keystore(keyStoreInDifferentVersion)
            .secret("james72laBalle")
            .build();

        SecurityKeyLoader loader = new SecurityKeyLoader(
            FileSystemFixture.CLASSPATH_FILE_SYSTEM,
            jmapDraftConfiguration);

        assertThat(loader.load())
            .isNotNull();
    }
}