client/src/test/java/org/apache/qpid/client/message/Encrypted010MessageFactoryTest.java - qpid-jms-amqp-0-x - Git at Google

 /*
  *
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *   http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  *
  */
 package org.apache.qpid.client.message;

 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;

 import java.nio.ByteBuffer;
 import java.nio.charset.StandardCharsets;
 import java.security.KeyStore;
 import java.security.NoSuchAlgorithmException;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;

 import javax.crypto.Cipher;
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.SecretKeySpec;
 import javax.security.auth.x500.X500Principal;

 import org.apache.qpid.client.AMQConnection;
 import org.apache.qpid.client.AMQSession;
 import org.apache.qpid.test.utils.QpidTestCase;
 import org.apache.qpid.test.utils.TestSSLConstants;
 import org.apache.qpid.transport.ConnectionSettings;
 import org.apache.qpid.transport.DeliveryProperties;
 import org.apache.qpid.transport.MessageProperties;
 import org.apache.qpid.transport.codec.BBEncoder;

 public class Encrypted010MessageFactoryTest extends QpidTestCase
 {
     public static final String TEXT_MESSAGE_CONTENT = "Test message";
     private Encrypted010MessageFactory _messageFactory;
     private byte[] _data = TEXT_MESSAGE_CONTENT.getBytes(StandardCharsets.UTF_8);;
     private MessageProperties _messageProps;
     private DeliveryProperties _deliveryProps;

     byte[] _secretKeyEncoded = "secretkeyencoded0123456890abcdef".getBytes(StandardCharsets.US_ASCII);
     byte[] _initializeVector = "initializevector".getBytes(StandardCharsets.US_ASCII);
     private byte[] _unencrypted;
     private byte[] _encryptedMessage;
     private MessageEncryptionHelper _encryptionHelper;
     private SecretKeySpec _secretKeySpec;
     private KeyStore _keyStore;
     private MessageFactoryRegistry _messageFactoryRegistry;

     @Override
     public void setUp() throws Exception
     {
         super.setUp();
         if(isStrongEncryptionEnabled())
         {
             final AMQSession session = mock(AMQSession.class);
             _messageFactoryRegistry = MessageFactoryRegistry.newDefaultRegistry(session);
             _messageFactory = new Encrypted010MessageFactory(_messageFactoryRegistry);


             _messageProps = new MessageProperties();
             final HashMap<String, Object> headers = new HashMap<>();
             _messageProps.setApplicationHeaders(headers);
             _deliveryProps = new DeliveryProperties();
             _messageProps.setContentType("text/plain");
             BBEncoder encoder = new BBEncoder(1024);
             encoder.writeStruct32(_deliveryProps);
             encoder.writeStruct32(_messageProps);
             ByteBuffer buffer = encoder.buffer();

             final int payloadOffset = buffer.remaining();
             _unencrypted = new byte[payloadOffset + _data.length];
             buffer.get(_unencrypted, 0, payloadOffset);
             System.arraycopy(_data, 0, _unencrypted, payloadOffset, _data.length);

             _secretKeySpec = new SecretKeySpec(_secretKeyEncoded, "AES");
             Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
             cipher.init(Cipher.ENCRYPT_MODE, _secretKeySpec, new IvParameterSpec(_initializeVector));
             _encryptedMessage = cipher.doFinal(_unencrypted);
             _keyStore = KeyStore.getInstance("pkcs12");
             _keyStore.load(getClass().getClassLoader().getResourceAsStream(TestSSLConstants.KEYSTORE),
                            TestSSLConstants.KEYSTORE_PASSWORD.toCharArray());

             final AMQConnection connection = mock(AMQConnection.class);
             final ConnectionSettings settings = mock(ConnectionSettings.class);

             when(session.getAMQConnection()).thenReturn(connection);
             when(connection.getConnectionSettings()).thenReturn(settings);
             when(settings.getEncryptionTrustStore(any(ConnectionSettings.RemoteStoreFinder.class))).thenReturn(_keyStore);
             when(settings.getEncryptionKeyStore()).thenReturn(_keyStore);
             when(settings.getEncryptionKeyStorePassword()).thenReturn(TestSSLConstants.KEYSTORE_PASSWORD);

             _encryptionHelper = new MessageEncryptionHelper(session);
             when(session.getMessageEncryptionHelper()).thenReturn(_encryptionHelper);
         }

     }

     public void testDecryptsMessage() throws Exception
     {
         if(isStrongEncryptionEnabled())
         {
             final MessageProperties messageProps = new MessageProperties();
             final DeliveryProperties deliveryProps = new DeliveryProperties();
             final HashMap<String, Object> headers = new HashMap<>();

             final List<MessageEncryptionHelper.KeyTransportRecipientInfo> recipientInfo =
                     _encryptionHelper.getKeyTransportRecipientInfo(Collections.singletonList(((X509Certificate) _keyStore
                             .getCertificate(
                                     TestSSLConstants.CERT_ALIAS_APP1)).getSubjectX500Principal().getName(
                             X500Principal.CANONICAL)), _secretKeySpec);

             List<List<Object>> recipientHeader = new ArrayList<>();
             for (MessageEncryptionHelper.KeyTransportRecipientInfo info : recipientInfo)
             {
                 recipientHeader.add(info.asList());
             }


             headers.put(MessageEncryptionHelper.ENCRYPTION_ALGORITHM_PROPERTY,
                         MessageEncryptionHelper.DEFAULT_MESSAGE_ENCRYPTION_CIPHER_NAME);
             headers.put(MessageEncryptionHelper.ENCRYPTED_KEYS_PROPERTY, recipientHeader);
             headers.put(MessageEncryptionHelper.KEY_INIT_VECTOR_PROPERTY, _initializeVector);
             messageProps.setApplicationHeaders(headers);

             final AbstractJMSMessage message =
                     _messageFactory.createMessage(new AMQMessageDelegate_0_10(messageProps, deliveryProps, 1l),
                                                   ByteBuffer.wrap(_encryptedMessage));


             assertTrue("message is not a text message", message instanceof JMSTextMessage);
             assertEquals("Message content not as expected", TEXT_MESSAGE_CONTENT, ((JMSTextMessage) message).getText());
         }
     }

     private boolean isStrongEncryptionEnabled() throws NoSuchAlgorithmException
     {
         return Cipher.getMaxAllowedKeyLength("AES")>=256;
     }
 }
	/*
	*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*
	*/
	package org.apache.qpid.client.message;

	import static org.mockito.ArgumentMatchers.any;
	import static org.mockito.Mockito.mock;
	import static org.mockito.Mockito.when;

	import java.nio.ByteBuffer;
	import java.nio.charset.StandardCharsets;
	import java.security.KeyStore;
	import java.security.NoSuchAlgorithmException;
	import java.security.cert.X509Certificate;
	import java.util.ArrayList;
	import java.util.Collections;
	import java.util.HashMap;
	import java.util.List;

	import javax.crypto.Cipher;
	import javax.crypto.spec.IvParameterSpec;
	import javax.crypto.spec.SecretKeySpec;
	import javax.security.auth.x500.X500Principal;

	import org.apache.qpid.client.AMQConnection;
	import org.apache.qpid.client.AMQSession;
	import org.apache.qpid.test.utils.QpidTestCase;
	import org.apache.qpid.test.utils.TestSSLConstants;
	import org.apache.qpid.transport.ConnectionSettings;
	import org.apache.qpid.transport.DeliveryProperties;
	import org.apache.qpid.transport.MessageProperties;
	import org.apache.qpid.transport.codec.BBEncoder;

	public class Encrypted010MessageFactoryTest extends QpidTestCase
	{
	public static final String TEXT_MESSAGE_CONTENT = "Test message";
	private Encrypted010MessageFactory _messageFactory;
	private byte[] _data = TEXT_MESSAGE_CONTENT.getBytes(StandardCharsets.UTF_8);;
	private MessageProperties _messageProps;
	private DeliveryProperties _deliveryProps;

	byte[] _secretKeyEncoded = "secretkeyencoded0123456890abcdef".getBytes(StandardCharsets.US_ASCII);
	byte[] _initializeVector = "initializevector".getBytes(StandardCharsets.US_ASCII);
	private byte[] _unencrypted;
	private byte[] _encryptedMessage;
	private MessageEncryptionHelper _encryptionHelper;
	private SecretKeySpec _secretKeySpec;
	private KeyStore _keyStore;
	private MessageFactoryRegistry _messageFactoryRegistry;

	@Override
	public void setUp() throws Exception
	{
	super.setUp();
	if(isStrongEncryptionEnabled())
	{
	final AMQSession session = mock(AMQSession.class);
	_messageFactoryRegistry = MessageFactoryRegistry.newDefaultRegistry(session);
	_messageFactory = new Encrypted010MessageFactory(_messageFactoryRegistry);


	_messageProps = new MessageProperties();
	final HashMap<String, Object> headers = new HashMap<>();
	_messageProps.setApplicationHeaders(headers);
	_deliveryProps = new DeliveryProperties();
	_messageProps.setContentType("text/plain");
	BBEncoder encoder = new BBEncoder(1024);
	encoder.writeStruct32(_deliveryProps);
	encoder.writeStruct32(_messageProps);
	ByteBuffer buffer = encoder.buffer();

	final int payloadOffset = buffer.remaining();
	_unencrypted = new byte[payloadOffset + _data.length];
	buffer.get(_unencrypted, 0, payloadOffset);
	System.arraycopy(_data, 0, _unencrypted, payloadOffset, _data.length);

	_secretKeySpec = new SecretKeySpec(_secretKeyEncoded, "AES");
	Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
	cipher.init(Cipher.ENCRYPT_MODE, _secretKeySpec, new IvParameterSpec(_initializeVector));
	_encryptedMessage = cipher.doFinal(_unencrypted);
	_keyStore = KeyStore.getInstance("pkcs12");
	_keyStore.load(getClass().getClassLoader().getResourceAsStream(TestSSLConstants.KEYSTORE),
	TestSSLConstants.KEYSTORE_PASSWORD.toCharArray());

	final AMQConnection connection = mock(AMQConnection.class);
	final ConnectionSettings settings = mock(ConnectionSettings.class);

	when(session.getAMQConnection()).thenReturn(connection);
	when(connection.getConnectionSettings()).thenReturn(settings);
	when(settings.getEncryptionTrustStore(any(ConnectionSettings.RemoteStoreFinder.class))).thenReturn(_keyStore);
	when(settings.getEncryptionKeyStore()).thenReturn(_keyStore);
	when(settings.getEncryptionKeyStorePassword()).thenReturn(TestSSLConstants.KEYSTORE_PASSWORD);

	_encryptionHelper = new MessageEncryptionHelper(session);
	when(session.getMessageEncryptionHelper()).thenReturn(_encryptionHelper);
	}

	}

	public void testDecryptsMessage() throws Exception
	{
	if(isStrongEncryptionEnabled())
	{
	final MessageProperties messageProps = new MessageProperties();
	final DeliveryProperties deliveryProps = new DeliveryProperties();
	final HashMap<String, Object> headers = new HashMap<>();

	final List<MessageEncryptionHelper.KeyTransportRecipientInfo> recipientInfo =
	_encryptionHelper.getKeyTransportRecipientInfo(Collections.singletonList(((X509Certificate) _keyStore
	.getCertificate(
	TestSSLConstants.CERT_ALIAS_APP1)).getSubjectX500Principal().getName(
	X500Principal.CANONICAL)), _secretKeySpec);

	List<List<Object>> recipientHeader = new ArrayList<>();
	for (MessageEncryptionHelper.KeyTransportRecipientInfo info : recipientInfo)
	{
	recipientHeader.add(info.asList());
	}


	headers.put(MessageEncryptionHelper.ENCRYPTION_ALGORITHM_PROPERTY,
	MessageEncryptionHelper.DEFAULT_MESSAGE_ENCRYPTION_CIPHER_NAME);
	headers.put(MessageEncryptionHelper.ENCRYPTED_KEYS_PROPERTY, recipientHeader);
	headers.put(MessageEncryptionHelper.KEY_INIT_VECTOR_PROPERTY, _initializeVector);
	messageProps.setApplicationHeaders(headers);

	final AbstractJMSMessage message =
	_messageFactory.createMessage(new AMQMessageDelegate_0_10(messageProps, deliveryProps, 1l),
	ByteBuffer.wrap(_encryptedMessage));


	assertTrue("message is not a text message", message instanceof JMSTextMessage);
	assertEquals("Message content not as expected", TEXT_MESSAGE_CONTENT, ((JMSTextMessage) message).getText());
	}
	}

	private boolean isStrongEncryptionEnabled() throws NoSuchAlgorithmException
	{
	return Cipher.getMaxAllowedKeyLength("AES")>=256;
	}
	}