@Test public void testLoadCertificateFromKeyStore() throws IOException, GeneralSecurityException { List<X509Certificate> certs = PemReader.readCertificateChain( x509TestContext.getKeyStoreFile(KeyStoreFileType.PEM)); Assert.assertEquals(1, certs.size()); Assert.assertEquals(x509TestContext.getKeyStoreCertificate(), certs.get(0)); }
/** * Returns the path to the key store file in the given format (JKS or PEM). Note that the file is created lazily, * the first time this method is called. The key store file is temporary and will be deleted on exit. * @param storeFileType the store file type (JKS or PEM). * @return the path to the key store file. * @throws IOException if there is an error creating the key store file. */ public File getKeyStoreFile(KeyStoreFileType storeFileType) throws IOException { switch (storeFileType) { case JKS: return getKeyStoreJksFile(); case PEM: return getKeyStorePemFile(); default: throw new IllegalArgumentException("Invalid key store type: " + storeFileType + ", must be one of: " + Arrays.toString(KeyStoreFileType.values())); } }
@Test public void testLoadPrivateKeyFromKeyStore() throws IOException, GeneralSecurityException { Optional<String> optPassword = x509TestContext.getKeyStorePassword().length() > 0 ? Optional.of(x509TestContext.getKeyStorePassword()) : Optional.empty(); PrivateKey privateKey = PemReader.loadPrivateKey( x509TestContext.getKeyStoreFile(KeyStoreFileType.PEM), optPassword); Assert.assertEquals(x509TestContext.getKeyStoreKeyPair().getPrivate(), privateKey); }
@Test public void testLoadJKSTrustStoreAutodetectStoreFileType() throws Exception { // Make sure we can instantiate a trust manager from the JKS file on disk X509TrustManager tm = X509Util.createTrustManager( x509TestContext.getTrustStoreFile(KeyStoreFileType.JKS).getAbsolutePath(), x509TestContext.getTrustStorePassword(), null, // null StoreFileType means 'autodetect from file extension' true, true, true, true); }
@Test public void testLoadJKSKeyStoreAutodetectStoreFileType() throws Exception { // Make sure we can instantiate a key manager from the JKS file on disk X509KeyManager km = X509Util.createKeyManager( x509TestContext.getKeyStoreFile(KeyStoreFileType.JKS).getAbsolutePath(), x509TestContext.getKeyStorePassword(), null /* null StoreFileType means 'autodetect from file extension' */); }
System.setProperty( x509Util.getSslKeystoreLocationProperty(), this.getKeyStoreFile(keyStoreFileType).getAbsolutePath()); System.setProperty(x509Util.getSslKeystorePasswdProperty(), this.getKeyStorePassword()); System.setProperty(x509Util.getSslKeystoreTypeProperty(), keyStoreFileType.getPropertyValue()); System.setProperty( x509Util.getSslTruststoreLocationProperty(), this.getTrustStoreFile(trustStoreFileType).getAbsolutePath()); System.setProperty(x509Util.getSslTruststorePasswdProperty(), this.getTrustStorePassword()); System.setProperty(x509Util.getSslTruststoreTypeProperty(), trustStoreFileType.getPropertyValue()); if (hostnameVerification != null) {
@Test(expected = GeneralSecurityException.class) public void testLoadEncryptedPrivateKeyFromKeyStoreWithWrongPassword() throws GeneralSecurityException, IOException { if (!x509TestContext.isKeyStoreEncrypted()) { throw new GeneralSecurityException(); // this case is not tested so throw the expected exception } PemReader.loadPrivateKey( x509TestContext.getKeyStoreFile(KeyStoreFileType.PEM), Optional.of("wrong password")); }
@Test public void testLoadCertificateFromTrustStore() throws IOException, GeneralSecurityException { List<X509Certificate> certs = PemReader.readCertificateChain( x509TestContext.getTrustStoreFile(KeyStoreFileType.PEM)); Assert.assertEquals(1, certs.size()); Assert.assertEquals(x509TestContext.getTrustStoreCertificate(), certs.get(0)); } }
@Test(expected = KeyStoreException.class) public void testLoadPrivateKeyFromTrustStore() throws IOException, GeneralSecurityException { PemReader.loadPrivateKey( x509TestContext.getTrustStoreFile(KeyStoreFileType.PEM), Optional.empty()); }
@Test(expected = X509Exception.KeyManagerException.class) public void testLoadPEMKeyStoreWithWrongPassword() throws Exception { // Attempting to load with the wrong key password should fail X509KeyManager km = X509Util.createKeyManager( x509TestContext.getKeyStoreFile(KeyStoreFileType.PEM).getAbsolutePath(), "wrong password", // intentionally use the wrong password KeyStoreFileType.PEM.getPropertyValue()); }
@After public void tearDown() throws Exception { x509TestContext.clearSystemProperties(x509Util); x509Util.close(); }
@Test(expected = NullPointerException.class) public void testLoadKeyStoreWithNullFilePath() throws Exception { new PEMFileLoader.Builder() .setKeyStorePassword(x509TestContext.getKeyStorePassword()) .build() .loadKeyStore(); }
/** * Builds a new X509TestContext from this builder. * @return a new X509TestContext * @throws IOException * @throws GeneralSecurityException * @throws OperatorCreationException */ public X509TestContext build() throws IOException, GeneralSecurityException, OperatorCreationException { KeyPair trustStoreKeyPair = X509TestHelpers.generateKeyPair(trustStoreKeyType); KeyPair keyStoreKeyPair = X509TestHelpers.generateKeyPair(keyStoreKeyType); return new X509TestContext( tempDir, trustStoreKeyPair, trustStoreCertExpirationMillis, trustStorePassword, keyStoreKeyPair, keyStoreCertExpirationMillis, keyStorePassword, hostnameVerification); }
@Test public void testLoadPEMKeyStoreAutodetectStoreFileType() throws Exception { // Make sure we can instantiate a key manager from the PEM file on disk X509KeyManager km = X509Util.createKeyManager( x509TestContext.getKeyStoreFile(KeyStoreFileType.PEM).getAbsolutePath(), x509TestContext.getKeyStorePassword(), null /* null StoreFileType means 'autodetect from file extension' */); }
@Test public void testLoadPEMTrustStoreAutodetectStoreFileType() throws Exception { // Make sure we can instantiate a trust manager from the PEM file on disk X509TrustManager tm = X509Util.createTrustManager( x509TestContext.getTrustStoreFile(KeyStoreFileType.PEM).getAbsolutePath(), x509TestContext.getTrustStorePassword(), null, // null StoreFileType means 'autodetect from file extension' false, false, true, true); }
@Test(expected = GeneralSecurityException.class) public void testLoadEncryptedPrivateKeyFromKeyStoreWithoutPassword() throws GeneralSecurityException, IOException { if (!x509TestContext.isKeyStoreEncrypted()) { throw new GeneralSecurityException(); // this case is not tested so throw the expected exception } PemReader.loadPrivateKey(x509TestContext.getKeyStoreFile(KeyStoreFileType.PEM), Optional.empty()); }
@Test(expected = KeyStoreException.class) public void testLoadPrivateKeyFromTrustStoreWithPassword() throws IOException, GeneralSecurityException { PemReader.loadPrivateKey( x509TestContext.getTrustStoreFile(KeyStoreFileType.PEM), Optional.of("foobar")); }
@Test(expected = X509Exception.KeyManagerException.class) public void testLoadJKSKeyStoreWithWrongPassword() throws Exception { // Attempting to load with the wrong key password should fail X509KeyManager km = X509Util.createKeyManager( x509TestContext.getKeyStoreFile(KeyStoreFileType.JKS).getAbsolutePath(), "wrong password", KeyStoreFileType.JKS.getPropertyValue()); }
@After public void cleanUp() { x509TestContext.clearSystemProperties(x509Util); System.clearProperty(x509Util.getSslOcspEnabledProperty()); System.clearProperty(x509Util.getSslCrlEnabledProperty()); System.clearProperty(x509Util.getCipherSuitesProperty()); System.clearProperty(x509Util.getSslProtocolProperty()); System.clearProperty(x509Util.getSslHandshakeDetectionTimeoutMillisProperty()); System.clearProperty("com.sun.net.ssl.checkRevocation"); System.clearProperty("com.sun.security.enableCRLDP"); Security.setProperty("ocsp.enable", Boolean.FALSE.toString()); Security.setProperty("com.sun.security.enableCRLDP", Boolean.FALSE.toString()); System.clearProperty(ServerCnxnFactory.ZOOKEEPER_SERVER_CNXN_FACTORY); System.clearProperty(ZKClientConfig.ZOOKEEPER_CLIENT_CNXN_SOCKET); x509Util.close(); }
@Test(expected = NullPointerException.class) public void testLoadKeyStoreWithNullFilePath() throws Exception { new JKSFileLoader.Builder() .setKeyStorePassword(x509TestContext.getKeyStorePassword()) .build() .loadKeyStore(); }