Examples with SecurityProvider com.emc.storageos.security.keystore.impl.SecurityProvider used on opensource projects

Search in sources :

Example 1 with SecurityProvider

use of com.emc.storageos.security.keystore.impl.SecurityProvider in project coprhd-controller by CoprHD.

the class KeystoreTest method testKeystoreEngine.

@Test
public void testKeystoreEngine() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, InterruptedException, UnrecoverableEntryException {
    DistributedKeyStore zookeeperKeystore = new DistributedKeyStoreImpl();
    zookeeperKeystore.init(loadStoreParam);
    // this is in case this test was run previously
    zookeeperKeystore.setTrustedCertificates(null);
    zookeeperKeystore.setKeyCertificatePair(null);
    // test keystore loading
    KeyStore ks = KeyStore.getInstance(SecurityProvider.KEYSTORE_TYPE, new SecurityProvider());
    boolean exceptionThrown = false;
    try {
        ks.load(null, null);
    } catch (SecurityException e) {
        Assert.assertEquals(ServiceCode.SECURITY_ERROR, e.getServiceCode());
        Assert.assertEquals("Could not initialize the keystore. The ViPR keystore can only be initialized with a LoadKeyStoreParam.", e.getMessage());
        exceptionThrown = true;
    }
    Assert.assertTrue(exceptionThrown);
    exceptionThrown = false;
    try {
        ks.load(invalidLoadStoreParam);
    } catch (SecurityException e) {
        Assert.assertEquals(ServiceCode.SECURITY_ERROR, e.getServiceCode());
        Assert.assertEquals("Could not initialize the keystore. The ViPR keystore can only be initialized with a LoadKeyStoreParam.", e.getMessage());
        exceptionThrown = true;
    }
    Assert.assertTrue(exceptionThrown);
    // now it shouldn't throw
    ks.load(loadStoreParam);
    // ////////////////////////////////////////////////////////////////////////
    // /
    // / key tests
    // /
    // ////////////////////////////////////////////////////////////////////////
    // should have by default the ViPR key
    List<String> expectedAliases = new ArrayList<String>();
    expectedAliases.add(KeystoreEngine.ViPR_KEY_AND_CERTIFICATE_ALIAS);
    assertAliasesIn(ks, expectedAliases);
    // update the vipr key using ks.setEntry
    Date beforeDate = new Date();
    KeyCertificateEntry entry = gen.generateKeyCertificatePair();
    KeyStore.PrivateKeyEntry privateKeyEntry = new PrivateKeyEntry(KeyCertificatePairGenerator.loadPrivateKeyFromBytes(entry.getKey()), entry.getCertificateChain());
    KeyStore.PasswordProtection empryProtectionParam = new KeyStore.PasswordProtection("".toCharArray());
    ks.setEntry(KeystoreEngine.ViPR_KEY_AND_CERTIFICATE_ALIAS, privateKeyEntry, new KeyStore.PasswordProtection("123".toCharArray()));
    Date afterDate = new Date();
    assertKeyCertificateEntryEquals(ks, entry);
    assertCreationDateInTImeRange(ks, KeystoreEngine.ViPR_KEY_AND_CERTIFICATE_ALIAS, beforeDate, afterDate);
    // set the key entry using setKeyEntry (there are 2 versions, one with the Key
    // object, and another with byte[] )
    beforeDate = new Date();
    entry = gen.generateKeyCertificatePair();
    ks.setKeyEntry(KeystoreEngine.ViPR_KEY_AND_CERTIFICATE_ALIAS, entry.getKey(), entry.getCertificateChain());
    afterDate = new Date();
    assertKeyCertificateEntryEquals(ks, entry);
    assertCreationDateInTImeRange(ks, KeystoreEngine.ViPR_KEY_AND_CERTIFICATE_ALIAS, beforeDate, afterDate);
    beforeDate = new Date();
    entry = gen.generateKeyCertificatePair();
    ks.setKeyEntry(KeystoreEngine.ViPR_KEY_AND_CERTIFICATE_ALIAS, KeyCertificatePairGenerator.loadPrivateKeyFromBytes(entry.getKey()), "".toCharArray(), entry.getCertificateChain());
    afterDate = new Date();
    assertKeyCertificateEntryEquals(ks, entry);
    assertCreationDateInTImeRange(ks, KeystoreEngine.ViPR_KEY_AND_CERTIFICATE_ALIAS, beforeDate, afterDate);
    // ////////////////////////////////////////////////////////////////////////
    // /
    // / certificates tests
    // /
    // ////////////////////////////////////////////////////////////////////////
    String certAlias = "someCert";
    // add a new trusted certificate using ks.setEntry
    beforeDate = new Date();
    entry = gen.generateKeyCertificatePair();
    KeyStore.TrustedCertificateEntry trustedCertEntry = new KeyStore.TrustedCertificateEntry(entry.getCertificateChain()[0]);
    ks.setEntry(certAlias, trustedCertEntry, null);
    afterDate = new Date();
    expectedAliases.add(certAlias);
    assertAliasesIn(ks, expectedAliases);
    assertTrustedCertEquals(ks, entry, certAlias);
    assertCreationDateInTImeRange(ks, certAlias, beforeDate, afterDate);
    // add a new trusted certificate using ks.setCertificateEntry
    beforeDate = new Date();
    entry = gen.generateKeyCertificatePair();
    certAlias = "someCert1";
    ks.setCertificateEntry(certAlias, entry.getCertificateChain()[0]);
    afterDate = new Date();
    expectedAliases.add(certAlias);
    assertAliasesIn(ks, expectedAliases);
    assertTrustedCertEquals(ks, entry, certAlias);
    assertCreationDateInTImeRange(ks, certAlias, beforeDate, afterDate);
    // remove the trusted certificate entry
    ks.deleteEntry(certAlias);
    expectedAliases.remove(certAlias);
    assertAliasesIn(ks, expectedAliases);
    // ////////////////////////////////////////////////////////////////////////
    // /
    // / Negative testing
    // /
    // ////////////////////////////////////////////////////////////////////////
    String invalidEntryName = "invalidEntry";
    // cannot delete the ViPR key
    exceptionThrown = false;
    try {
        ks.deleteEntry(KeystoreEngine.ViPR_KEY_AND_CERTIFICATE_ALIAS);
    } catch (SecurityException e) {
        Assert.assertEquals(ServiceCode.SECURITY_ERROR, e.getServiceCode());
        Assert.assertEquals("The ViPR key and certificate cannot be deleted, it can only be updated.", e.getMessage());
        exceptionThrown = true;
    } catch (KeyStoreException e) {
        Assert.fail();
    }
    Assert.assertTrue(exceptionThrown);
    assertAliasesIn(ks, expectedAliases);
    entry = gen.generateKeyCertificatePair();
    // try to set a key that is not the vipr key
    // using ks.setEntry
    privateKeyEntry = new PrivateKeyEntry(KeyCertificatePairGenerator.loadPrivateKeyFromBytes(entry.getKey()), entry.getCertificateChain());
    exceptionThrown = false;
    try {
        ks.setEntry(invalidEntryName, privateKeyEntry, empryProtectionParam);
    } catch (SecurityException e) {
        Assert.assertEquals(ServiceCode.SECURITY_ERROR, e.getServiceCode());
        Assert.assertEquals("Cannot update any key and certificate entry except for the ViPR key and certificate.", e.getMessage());
        exceptionThrown = true;
    }
    Assert.assertTrue(exceptionThrown);
    assertAliasesIn(ks, expectedAliases);
    // using ks.setKey which accepts byte[]
    try {
        ks.setKeyEntry(invalidEntryName, entry.getKey(), entry.getCertificateChain());
    } catch (SecurityException e) {
        Assert.assertEquals(ServiceCode.SECURITY_ERROR, e.getServiceCode());
        Assert.assertEquals("Cannot update any key and certificate entry except for the ViPR key and certificate.", e.getMessage());
        exceptionThrown = true;
    }
    Assert.assertTrue(exceptionThrown);
    assertAliasesIn(ks, expectedAliases);
    // using ks.setKey which accepts Key object
    try {
        ks.setKeyEntry(invalidEntryName, KeyCertificatePairGenerator.loadPrivateKeyFromBytes(entry.getKey()), "".toCharArray(), entry.getCertificateChain());
    } catch (SecurityException e) {
        Assert.assertEquals(ServiceCode.SECURITY_ERROR, e.getServiceCode());
        Assert.assertEquals("Cannot update any key and certificate entry except for the ViPR key and certificate.", e.getMessage());
        exceptionThrown = true;
    }
    Assert.assertTrue(exceptionThrown);
    assertAliasesIn(ks, expectedAliases);
    // try getting an invalid entry
    Assert.assertFalse(ks.containsAlias(invalidEntryName));
    Assert.assertFalse(ks.entryInstanceOf(invalidEntryName, KeyStore.TrustedCertificateEntry.class));
    Assert.assertFalse(ks.entryInstanceOf(invalidEntryName, KeyStore.PrivateKeyEntry.class));
    Assert.assertFalse(ks.entryInstanceOf(invalidEntryName, KeyStore.SecretKeyEntry.class));
    Assert.assertFalse(ks.isCertificateEntry(invalidEntryName));
    Assert.assertFalse(ks.isKeyEntry(invalidEntryName));
    Assert.assertNull(ks.getCertificate(invalidEntryName));
    Assert.assertNull(ks.getCertificateAlias(entry.getCertificateChain()[0]));
    Assert.assertNull(ks.getCertificateChain(invalidEntryName));
    Assert.assertNull(ks.getCreationDate(invalidEntryName));
    Assert.assertNull(ks.getEntry(invalidEntryName, empryProtectionParam));
    Assert.assertNull(ks.getKey(invalidEntryName, "".toCharArray()));
    // try to delete an entry that does not exist
    exceptionThrown = false;
    try {
        ks.deleteEntry(invalidEntryName);
    } catch (SecurityException e) {
        Assert.fail();
    } catch (KeyStoreException e) {
        exceptionThrown = true;
        Assert.assertEquals("The specified alias " + invalidEntryName + " does not exist", e.getMessage());
    }
    Assert.assertTrue(exceptionThrown);
}
Also used : ArrayList(java.util.ArrayList) SecurityException(com.emc.storageos.security.exceptions.SecurityException) KeyStoreException(java.security.KeyStoreException) KeyStore(java.security.KeyStore) Date(java.util.Date) KeyCertificateEntry(com.emc.storageos.security.keystore.impl.KeyCertificateEntry) PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry) TrustedCertificateEntry(com.emc.storageos.security.keystore.impl.TrustedCertificateEntry) DistributedKeyStoreImpl(com.emc.storageos.security.keystore.impl.DistributedKeyStoreImpl) SecurityProvider(com.emc.storageos.security.keystore.impl.SecurityProvider) PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry) Test(org.junit.Test)

Aggregations

SecurityException (com.emc.storageos.security.exceptions.SecurityException)1 DistributedKeyStoreImpl (com.emc.storageos.security.keystore.impl.DistributedKeyStoreImpl)1 KeyCertificateEntry (com.emc.storageos.security.keystore.impl.KeyCertificateEntry)1 SecurityProvider (com.emc.storageos.security.keystore.impl.SecurityProvider)1 TrustedCertificateEntry (com.emc.storageos.security.keystore.impl.TrustedCertificateEntry)1 KeyStore (java.security.KeyStore)1 PrivateKeyEntry (java.security.KeyStore.PrivateKeyEntry)1 KeyStoreException (java.security.KeyStoreException)1 ArrayList (java.util.ArrayList)1 Date (java.util.Date)1 Test (org.junit.Test)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial