PkiToolsTest.java

/**
 * Copyright (c) Codice Foundation
 * <p>
 * This is free software: you can redistribute it and/or modify it under the terms of the GNU Lesser
 * General Public License as published by the Free Software Foundation, either version 3 of the
 * License, or any later version.
 * <p>
 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
 * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * Lesser General Public License for more details. A copy of the GNU Lesser General Public License
 * is distributed along with this program and can be found at
 * <http://www.gnu.org/licenses/lgpl.html>.
 */
package org.codice.ddf.security.certificate.generator;

import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.core.IsEqual.equalTo;
import static org.hamcrest.core.IsInstanceOf.instanceOf;
import static org.hamcrest.core.IsNot.not;
import static org.mockito.Mockito.when;

import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.mockito.runners.MockitoJUnitRunner;

@RunWith(MockitoJUnitRunner.class)
public class PkiToolsTest {

    private PkiTools tools;

    @Mock
    X509Certificate mockCert;

    @Mock
    PrivateKey mockKey;

    @Test(expected = CertificateGeneratorException.class)
    public void testDerToPrivateKey() {
        PkiTools.derToPrivateKey(new byte[] {0});
    }

    @Test(expected = IllegalArgumentException.class)
    public void nameIsNull() throws IllegalArgumentException {
        PkiTools.makeDistinguishedName(null);
    }

    @Test
    public void nameIsEmptyString() throws CertificateEncodingException {

        X500Name name = PkiTools.makeDistinguishedName("");
        assertThat(name.toString(), equalTo("cn="));
    }

    @Test
    public void nameIsNotEmpty() throws CertificateEncodingException {
        String host = "host.domain.tld";
        X500Name name = PkiTools.makeDistinguishedName(host);
        assertThat(name.toString(), equalTo("cn=" + host));
    }

    @Test(expected = IllegalArgumentException.class)
    public void dnIsNull() throws CertificateEncodingException {
        PkiTools.convertDistinguishedName((String[]) null);
    }

    @Test(expected = IllegalArgumentException.class)
    public void dnIsEmpty() throws CertificateEncodingException {
        PkiTools.convertDistinguishedName("");
    }

    @Test(expected = IllegalArgumentException.class)
    public void dnIsNotValidFormat() throws CertificateEncodingException {
        PkiTools.convertDistinguishedName("cnIsSomething", "l=london");
    }

    @Test(expected = IllegalArgumentException.class)
    public void dnHasInvalidRDN() throws CertificateEncodingException {
        PkiTools.convertDistinguishedName("cnxxx=IsSomething", "l=london");
    }

    @Test
    public void dnIsValidFormat() throws CertificateEncodingException {
        X500Name name = PkiTools.convertDistinguishedName("cn=john.smith", "o=police box",
                "o = Tardis", "l= London", "c=UK");
        assertThat(name.getRDNs(BCStyle.CN)[0].getFirst()
                .getValue()
                .toString(), equalTo("john.smith"));
        assertThat(name.getRDNs(BCStyle.O).length, equalTo(2));
        assertThat(name.getRDNs(BCStyle.C)[0].getFirst()
                .getValue()
                .toString(), equalTo("UK"));
    }

    @Test
    public void convertCertificate() throws CertificateException {
        String originalCert = DemoCertificateAuthority.pemDemoCaCertificate;
        assertThat(originalCert, not(equalTo("")));
        assertThat(PkiTools.certificateToPem(PkiTools.pemToCertificate(originalCert)),
                equalTo(originalCert));
    }

    @Test
    public void hostName() {
        assertThat(PkiTools.getHostName(), not(equalTo("")));
    }

    @Test(expected = CertificateGeneratorException.class)
    public void exception() {
        throw new CertificateGeneratorException("", new Exception());
    }

    private String getPathTo(String path) {
        return getClass().getClassLoader()
                .getResource(path)
                .getPath();
    }

    @Test
    public void testFormatPassword() throws Exception {
        Assert.assertThat("formatPassword() failed to return empty character array",
                PkiTools.formatPassword(null), instanceOf(char[].class));

        char[] pw = "password".toCharArray();
        Assert.assertThat("formatPassword() should not modify the password",
                new String(PkiTools.formatPassword(pw)), equalTo("password"));
    }

    //Null path to keyStore file.
    @Test(expected = IllegalArgumentException.class)
    public void nullPath() throws Exception {
        PkiTools.createFileObject(null);
    }

    //Test constructor. Invalid path to keyStore file.
    @Test(expected = FileNotFoundException.class)
    public void invalidPath() throws Exception {
        PkiTools.createFileObject("");
    }

    //Test Constructor. Path is a directory, not a file.
    @Test(expected = FileNotFoundException.class)
    public void pathIsDirectory() throws Exception {
        String anyDirectory = getPathTo("");
        PkiTools.createFileObject("");
    }

    @Test
    public void realFile() throws IOException {
        assertThat(
                "Should have returned a new File object. Is the file in the test resources directory?",
                PkiTools.createFileObject(getPathTo("not_keystore.jks")), instanceOf(File.class));
    }

    @Test(expected = CertificateGeneratorException.class)
    public void badKey() {
        PkiTools.pemToPrivateKey("YmFkc3RyaW5n");
    }

    @Test(expected = CertificateGeneratorException.class)
    public void badCert() {
        PkiTools.pemToCertificate("YmFkc3RyaW5n");
    }

    @Test(expected = IllegalArgumentException.class)
    public void testDerToCertificate() {

        PkiTools.derToCertificate(null);
    }

    @Test(expected = IllegalArgumentException.class)
    public void testDerToPem() {
        PkiTools.derToPem(null);

    }

    @Test(expected = IllegalArgumentException.class)
    public void testNullToPrivateKey() {
        PkiTools.derToPrivateKey(null);

    }

    @Test(expected = IllegalArgumentException.class)
    public void testCertificateToPem() {
        PkiTools.certificateToPem(null);
    }

    @Test(expected = IllegalArgumentException.class)
    public void testKeyToDer() {
        PkiTools.keyToDer(null);
    }

    @Test(expected = IllegalArgumentException.class)
    public void testPemToDer() {
        PkiTools.pemToDer(null);
    }

    @Test(expected = IllegalArgumentException.class)
    public void testKeyToPem() {
        PkiTools.keyToPem(null);
    }

    @Test(expected = CertificateGeneratorException.class)
    public void test() {
        PkiTools.certificateToPem(mockCert);
    }

    @Test
    public void testKeyConversion() {
        when(mockKey.getEncoded()).thenReturn(new byte[] {0});
        tools.keyToDer(mockKey);
    }

    @Test(expected = CertificateGeneratorException.class)
    public void testDerToCert() {
        PkiTools.derToCertificate(new byte[] {0});
    }
}