Search in sources :

Example 6 with KeyCertificateEntry

use of com.emc.storageos.security.keystore.impl.KeyCertificateEntry in project coprhd-controller by CoprHD.

the class KeyCertificatePairGeneratorTest method testLoadKey.

@Test
public void testLoadKey() throws SecurityException, NoSuchAlgorithmException {
    // test the defaults
    KeyCertificatePairGenerator rsaGen = new KeyCertificatePairGenerator();
    rsaGen.setKeyCertificateAlgorithmValuesHolder(defaultValues);
    KeyCertificateEntry pair = rsaGen.generateKeyCertificatePair();
    byte[] RSAKeyBytes = pair.getKey();
    PrivateKey loadedRSAKey = KeyCertificatePairGenerator.loadPrivateKeyFromBytes(RSAKeyBytes);
    byte[] loadedRSAKeyBytes = loadedRSAKey.getEncoded();
    Assert.assertEquals(RSAKeyBytes.length, loadedRSAKeyBytes.length);
    Assert.assertArrayEquals(RSAKeyBytes, loadedRSAKeyBytes);
}
Also used : PrivateKey(java.security.PrivateKey) KeyCertificatePairGenerator(com.emc.storageos.security.keystore.impl.KeyCertificatePairGenerator) KeyCertificateEntry(com.emc.storageos.security.keystore.impl.KeyCertificateEntry) Test(org.junit.Test)

Example 7 with KeyCertificateEntry

use of com.emc.storageos.security.keystore.impl.KeyCertificateEntry in project coprhd-controller by CoprHD.

the class KeystoreTest method testZookeeperKeystore.

@Test
public void testZookeeperKeystore() throws IOException {
    DistributedKeyStore zookeeperKeystore = new DistributedKeyStoreImpl();
    boolean exceptionThrown = false;
    try {
        zookeeperKeystore.init(invalidLoadStoreParam);
    } catch (SecurityException e) {
        exceptionThrown = true;
    }
    Assert.assertTrue(exceptionThrown);
    zookeeperKeystore.init(loadStoreParam);
    // this is in case this test was run previously
    zookeeperKeystore.setTrustedCertificates(null);
    KeyCertificateEntry origEntry = gen.generateKeyCertificatePair();
    origEntry.setCreationDate(new Date());
    zookeeperKeystore.setKeyCertificatePair(origEntry);
    KeyCertificateEntry storedEntry = zookeeperKeystore.getKeyCertificatePair();
    assertKeyCertificateEntriesEquals(origEntry, storedEntry);
    origEntry = gen.generateKeyCertificatePair();
    TrustedCertificateEntry origCertEntry = new TrustedCertificateEntry(origEntry.getCertificateChain()[0], new Date());
    Map<String, TrustedCertificateEntry> origCertEntries = new HashMap<String, TrustedCertificateEntry>();
    origCertEntries.put("trustedCert1", origCertEntry);
    zookeeperKeystore.addTrustedCertificate("trustedCert1", origCertEntry);
    origEntry = gen.generateKeyCertificatePair();
    origCertEntry = new TrustedCertificateEntry(origEntry.getCertificateChain()[0], new Date());
    origCertEntries.put("trustedCert2", origCertEntry);
    zookeeperKeystore.addTrustedCertificate("trustedCert2", origCertEntry);
    assertTrustedCertsEquals(origCertEntries, zookeeperKeystore.getTrustedCertificates());
    origEntry = gen.generateKeyCertificatePair();
    origCertEntry = new TrustedCertificateEntry(origEntry.getCertificateChain()[0], new Date());
    origCertEntries.put("trustedCert3", origCertEntry);
    zookeeperKeystore.setTrustedCertificates(origCertEntries);
    assertTrustedCertsEquals(origCertEntries, zookeeperKeystore.getTrustedCertificates());
    origCertEntries.remove("trustedCert3");
    zookeeperKeystore.setTrustedCertificates(origCertEntries);
    assertTrustedCertsEquals(origCertEntries, zookeeperKeystore.getTrustedCertificates());
    origCertEntries.remove("trustedCert2");
    zookeeperKeystore.removeTrustedCertificate("trustedCert2");
    assertTrustedCertsEquals(origCertEntries, zookeeperKeystore.getTrustedCertificates());
    zookeeperKeystore.removeTrustedCertificate("trustedCert10");
}
Also used : DistributedKeyStoreImpl(com.emc.storageos.security.keystore.impl.DistributedKeyStoreImpl) HashMap(java.util.HashMap) SecurityException(com.emc.storageos.security.exceptions.SecurityException) KeyCertificateEntry(com.emc.storageos.security.keystore.impl.KeyCertificateEntry) Date(java.util.Date) TrustedCertificateEntry(com.emc.storageos.security.keystore.impl.TrustedCertificateEntry) Test(org.junit.Test)

Example 8 with KeyCertificateEntry

use of com.emc.storageos.security.keystore.impl.KeyCertificateEntry in project coprhd-controller by CoprHD.

the class TrustManagerTest method testCheckServerTrusted.

@Test
public void testCheckServerTrusted() throws Exception {
    DistributedKeyStore zookeeperKeystore = new DistributedKeyStoreImpl();
    zookeeperKeystore.init(loadStoreParam);
    zookeeperKeystore.setTrustedCertificates(null);
    KeyStoreUtil.setAcceptAllCertificates(zkhHelper, Boolean.FALSE);
    ViPRX509TrustManager tm = new ViPRX509TrustManager(coordinatorClient);
    KeyCertificatePairGenerator gen = new KeyCertificatePairGenerator();
    gen.setKeyCertificateAlgorithmValuesHolder(new KeyCertificateAlgorithmValuesHolder(coordinatorClient));
    KeyCertificateEntry entry = gen.generateKeyCertificatePair();
    X509Certificate[] chainToVerify = new X509Certificate[] { (X509Certificate) entry.getCertificateChain()[0] };
    boolean exceptionThrown = false;
    try {
        tm.checkServerTrusted(chainToVerify, "RSA_EXPORT");
    } catch (CertificateException e) {
        exceptionThrown = true;
    }
    Assert.assertTrue(exceptionThrown);
    TrustedCertificateEntry trustedCert = new TrustedCertificateEntry(entry.getCertificateChain()[0], new Date());
    zookeeperKeystore.addTrustedCertificate("someAlias", trustedCert);
    // creating a new instance since trust manager caches all the certs
    tm = new ViPRX509TrustManager(coordinatorClient);
    try {
        tm.checkServerTrusted(chainToVerify, "RSA_EXPORT");
    } catch (CertificateException e) {
        Assert.fail();
    }
    KeyStoreUtil.setAcceptAllCertificates(zkhHelper, Boolean.TRUE);
    entry = gen.generateKeyCertificatePair();
    chainToVerify = new X509Certificate[] { (X509Certificate) entry.getCertificateChain()[0] };
    try {
        tm.checkServerTrusted(chainToVerify, "RSA_EXPORT");
    } catch (CertificateException e) {
        Assert.fail();
    }
}
Also used : KeyCertificateAlgorithmValuesHolder(com.emc.storageos.security.keystore.impl.KeyCertificateAlgorithmValuesHolder) DistributedKeyStoreImpl(com.emc.storageos.security.keystore.impl.DistributedKeyStoreImpl) KeyCertificatePairGenerator(com.emc.storageos.security.keystore.impl.KeyCertificatePairGenerator) CertificateException(java.security.cert.CertificateException) ViPRX509TrustManager(com.emc.storageos.security.ssl.ViPRX509TrustManager) KeyCertificateEntry(com.emc.storageos.security.keystore.impl.KeyCertificateEntry) X509Certificate(java.security.cert.X509Certificate) Date(java.util.Date) TrustedCertificateEntry(com.emc.storageos.security.keystore.impl.TrustedCertificateEntry) Test(org.junit.Test)

Aggregations

KeyCertificateEntry (com.emc.storageos.security.keystore.impl.KeyCertificateEntry)8 Test (org.junit.Test)6 SecurityException (com.emc.storageos.security.exceptions.SecurityException)4 KeyCertificatePairGenerator (com.emc.storageos.security.keystore.impl.KeyCertificatePairGenerator)4 DistributedKeyStoreImpl (com.emc.storageos.security.keystore.impl.DistributedKeyStoreImpl)3 TrustedCertificateEntry (com.emc.storageos.security.keystore.impl.TrustedCertificateEntry)3 KeyStoreException (java.security.KeyStoreException)3 Date (java.util.Date)3 SiteState (com.emc.storageos.coordinator.client.model.SiteState)1 DatabaseException (com.emc.storageos.db.exceptions.DatabaseException)1 CheckPermission (com.emc.storageos.security.authorization.CheckPermission)1 KeyCertificateAlgorithmValuesHolder (com.emc.storageos.security.keystore.impl.KeyCertificateAlgorithmValuesHolder)1 SecurityProvider (com.emc.storageos.security.keystore.impl.SecurityProvider)1 ViPRX509TrustManager (com.emc.storageos.security.ssl.ViPRX509TrustManager)1 APIException (com.emc.storageos.svcs.errorhandling.resources.APIException)1 BadRequestException (com.emc.storageos.svcs.errorhandling.resources.BadRequestException)1 InternalServerErrorException (com.emc.storageos.svcs.errorhandling.resources.InternalServerErrorException)1 KeyAndCertificateChain (com.emc.vipr.model.keystore.KeyAndCertificateChain)1 UnknownHostException (java.net.UnknownHostException)1 GeneralSecurityException (java.security.GeneralSecurityException)1