TrustManagerTest.java example

Explorer
coprhd-controller-master
/*
 * Copyright (c) 2014 EMC Corporation
 * All Rights Reserved
 */
package com.emc.storageos.security.keystore;

import java.io.FileInputStream;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;

import com.emc.storageos.security.ApplicationContextUtil;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

import com.emc.storageos.coordinator.client.service.impl.CoordinatorClientImpl;
import com.emc.storageos.coordinator.client.service.impl.CoordinatorClientInetAddressMap;
import com.emc.storageos.coordinator.client.service.impl.DualInetAddress;
import com.emc.storageos.coordinator.common.impl.ZkConnection;
import com.emc.storageos.security.keystore.impl.CoordinatorConfigStoringHelper;
import com.emc.storageos.security.keystore.impl.DistributedKeyStoreImpl;
import com.emc.storageos.security.keystore.impl.DistributedLoadKeyStoreParam;
import com.emc.storageos.security.keystore.impl.KeyCertificateAlgorithmValuesHolder;
import com.emc.storageos.security.keystore.impl.KeyCertificateEntry;
import com.emc.storageos.security.keystore.impl.KeyCertificatePairGenerator;
import com.emc.storageos.security.keystore.impl.KeyStoreUtil;
import com.emc.storageos.security.keystore.impl.TrustedCertificateEntry;
import com.emc.storageos.security.ssl.ViPRX509TrustManager;

/**
 * 
 */
public class TrustManagerTest {

    private final String server = "localhost";
    private final String coordinatorServer = "coordinator://" + server + ":2181";
    private final String defaultOvfPropsLocation = "/etc/config.defaults";
    private final String ovfPropsLocation = "/etc/ovfenv.properties";
    private final CoordinatorClientImpl coordinatorClient = new CoordinatorClientImpl();
    private final CoordinatorConfigStoringHelper zkhHelper = new CoordinatorConfigStoringHelper(coordinatorClient);
    private DistributedLoadKeyStoreParam loadStoreParam;

    @Before
    public void setup() throws IOException, URISyntaxException {
        ApplicationContextUtil.initContext(System.getProperty("buildType"), ApplicationContextUtil.SECURITY_CONTEXTS);

        List<URI> uri = new ArrayList<URI>();
        uri.add(URI.create(coordinatorServer));
        ZkConnection connection = new ZkConnection();
        connection.setServer(uri);
        connection.build();

        coordinatorClient.setZkConnection(connection);

        CoordinatorClientInetAddressMap map = new CoordinatorClientInetAddressMap();
        map.setNodeId("standalone");
        DualInetAddress localAddress = DualInetAddress.fromAddresses("127.0.0.1", "::1");
        map.setDualInetAddress(localAddress);
        Map<String, DualInetAddress> controllerNodeIPLookupMap =
                new HashMap<String, DualInetAddress>();
        controllerNodeIPLookupMap.put("localhost", localAddress);
        map.setControllerNodeIPLookupMap(controllerNodeIPLookupMap);
        coordinatorClient.setInetAddessLookupMap(map);

        coordinatorClient.start();

        FileInputStream is = new FileInputStream(defaultOvfPropsLocation);
        Properties defaultProp = new Properties();
        defaultProp.load(is);
        is.close();
        is = new FileInputStream(ovfPropsLocation);
        Properties ovfProps = new Properties();
        ovfProps.load(is);
        is.close();

        CoordinatorClientImpl.setDefaultProperties(defaultProp);
        CoordinatorClientImpl.setOvfProperties(ovfProps);

        loadStoreParam = new DistributedLoadKeyStoreParam();
        loadStoreParam.setCoordinator(coordinatorClient);
    }

    @Test
    public void testCheckServerTrusted() throws Exception {

        DistributedKeyStore zookeeperKeystore = new DistributedKeyStoreImpl();
        zookeeperKeystore.init(loadStoreParam);
        zookeeperKeystore.setTrustedCertificates(null);
        KeyStoreUtil.setAcceptAllCertificates(zkhHelper, Boolean.FALSE);

        ViPRX509TrustManager tm = new ViPRX509TrustManager(coordinatorClient);
        KeyCertificatePairGenerator gen = new KeyCertificatePairGenerator();
        gen.setKeyCertificateAlgorithmValuesHolder(new KeyCertificateAlgorithmValuesHolder(
                coordinatorClient));

        KeyCertificateEntry entry = gen.generateKeyCertificatePair();

        X509Certificate[] chainToVerify =
                new X509Certificate[] { (X509Certificate) entry.getCertificateChain()[0] };
        boolean exceptionThrown = false;
        try {
            tm.checkServerTrusted(chainToVerify, "RSA_EXPORT");
        } catch (CertificateException e) {
            exceptionThrown = true;
        }

        Assert.assertTrue(exceptionThrown);

        TrustedCertificateEntry trustedCert =
                new TrustedCertificateEntry(entry.getCertificateChain()[0], new Date());
        zookeeperKeystore.addTrustedCertificate("someAlias", trustedCert);
        // creating a new instance since trust manager caches all the certs
        tm = new ViPRX509TrustManager(coordinatorClient);

        try {
            tm.checkServerTrusted(chainToVerify, "RSA_EXPORT");
        } catch (CertificateException e) {
            Assert.fail();
        }

        KeyStoreUtil.setAcceptAllCertificates(zkhHelper, Boolean.TRUE);
        entry = gen.generateKeyCertificatePair();
        chainToVerify =
                new X509Certificate[] { (X509Certificate) entry.getCertificateChain()[0] };
        try {
            tm.checkServerTrusted(chainToVerify, "RSA_EXPORT");
        } catch (CertificateException e) {
            Assert.fail();
        }
    }
}