UserIdentifierUtilTest.java

/*
 * eID Applet Project.
 * Copyright (C) 2008-2009 FedICT.
 *
 * This is free software; you can redistribute it and/or modify it
 * under the terms of the GNU Lesser General Public License version
 * 3.0 as published by the Free Software Foundation.
 *
 * This software is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this software; if not, see 
 * http://www.gnu.org/licenses/.
 */

package test.unit.be.fedict.eid.applet.service;

import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.fail;

import java.security.KeyPair;
import java.security.cert.X509Certificate;

import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

import org.apache.commons.codec.binary.Hex;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.joda.time.DateTime;
import org.junit.Test;

import be.fedict.eid.applet.service.impl.UserIdentifierUtil;

public class UserIdentifierUtilTest {

	private static final Log LOG = LogFactory.getLog(UserIdentifierUtil.class);

	@Test
	public void testUserIdentifier() throws Exception {
		// setup
		KeyPair keyPair = MiscTestUtils.generateKeyPair();
		DateTime notBefore = new DateTime();
		DateTime notAfter = notBefore.plusYears(1);
		String userId = "1234";
		X509Certificate certificate = MiscTestUtils.generateCertificate(keyPair.getPublic(),
				"CN=Test, SERIALNUMBER=" + userId, notBefore, notAfter, null, keyPair.getPrivate(), true, 0, null,
				null);

		// operate
		String result = UserIdentifierUtil.getUserId(certificate);

		// verify
		LOG.debug("user identifier: " + result);
		assertEquals(userId, result);
	}

	@Test
	public void testHMacSha1() throws Exception {
		SecretKey macKey = new SecretKeySpec("1234".getBytes(), "HmacSHA1");
		Mac mac = Mac.getInstance(macKey.getAlgorithm());
		mac.init(macKey);

		byte[] data = "hello world".getBytes();

		mac.update(data);
		byte[] resultHMac = mac.doFinal();

		LOG.debug("size result HMAC-SHA1: " + resultHMac.length);
		String resultHex = new String(Hex.encodeHex(resultHMac)).toUpperCase();
		LOG.debug("result HMAC-SHA1 HEX: " + resultHex);
	}

	@Test
	public void testNonHexSecret() throws Exception {
		// setup
		String userId = "1234";
		String orgId = "fedict";
		String appId = "eid-applet-unit-test";
		String secret = "the-secret-secret";

		// operate & verify
		try {
			UserIdentifierUtil.getNonReversibleCitizenIdentifier(userId, orgId, appId, secret);
			fail();
		} catch (IllegalArgumentException e) {
			// expected
		}
	}

	@Test
	public void testTooShortSecret() throws Exception {
		// setup
		String userId = "1234";
		String orgId = "fedict";
		String appId = "eid-applet-unit-test";
		String secret = "1234";

		// operate & verify
		try {
			UserIdentifierUtil.getNonReversibleCitizenIdentifier(userId, orgId, appId, secret);
			fail();
		} catch (IllegalArgumentException e) {
			// expected
		}
	}

	@Test
	public void testHexadecimalEncoding() throws Exception {
		char[] encodedMessage = Hex.encodeHex("hello world. this is a long message.".getBytes());
		LOG.debug("encoded message: " + new String(encodedMessage));
		byte[] result = Hex.decodeHex(encodedMessage);
		LOG.debug("decoded message: " + new String(result));

		Hex.decodeHex("123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0".trim().toCharArray());
	}

	@Test
	public void testNRCID() throws Exception {
		// setup
		String userId1 = "1234";
		String userId2 = "5678";
		String orgId = "fedict";
		String appId = "eid-applet-unit-test";
		String secret = "123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0";

		// operate
		String result1 = UserIdentifierUtil.getNonReversibleCitizenIdentifier(userId1, orgId, appId, secret);
		String result2 = UserIdentifierUtil.getNonReversibleCitizenIdentifier(userId2, orgId, appId, secret);

		// verify
		assertNotNull(result1);
		assertNotNull(result2);
		LOG.debug("NRCID 1: " + result1);
		LOG.debug("NRCID 2: " + result2);
		assertFalse(result1.equals(result2));
		assertFalse(result1.contains(userId1));
		assertFalse(result1.contains(userId1));

		// verify stability
		String result1b = UserIdentifierUtil.getNonReversibleCitizenIdentifier(userId1, orgId, appId, secret);
		assertEquals(result1, result1b);

		assertFalse(result1
				.equals(UserIdentifierUtil.getNonReversibleCitizenIdentifier(userId1, orgId, appId, secret + "1234")));
		assertFalse(result1.equals(
				UserIdentifierUtil.getNonReversibleCitizenIdentifier(userId1, orgId + "foobar", appId, secret)));
		assertFalse(result1.equals(
				UserIdentifierUtil.getNonReversibleCitizenIdentifier(userId1, orgId, appId + "foobar", secret)));
	}
}