/*
* Copyright (C) 2014 Intel Corporation
* All rights reserved.
*/
package test.api;
import com.intel.dcsg.cpg.crypto.RsaCredentialX509;
import com.intel.dcsg.cpg.crypto.SimpleKeystore;
import com.intel.mtwilson.ApiClient;
import com.intel.mtwilson.KeystoreUtil;
import com.intel.mtwilson.My;
import com.intel.mtwilson.test.RemoteIntegrationTest;
import com.intel.mtwilson.datatypes.ApiClientCreateRequest;
import java.io.File;
import java.net.URL;
import java.security.KeyStore;
import java.security.cert.Certificate;
import org.junit.Test;
/**
*
* @author jbuhacoff
*/
public class ClientRegistrationTest extends RemoteIntegrationTest {
/**
* NOTE: the configuration example below may be outdated with respect
* to TLS Policy configuration; please refer to current product documentation
*
* Register using V1 APIs. Before running this junit test, create the
* file C:\mtwilson\configuration\mtwilson.properties with content like
* this:
*
mtwilson.api.username=jonathan
mtwilson.api.password=password
mtwilson.api.url=http\://10.1.71.134\:8080/mtwilson/v1
mtwilson.api.baseurl=http\://10.1.71.134\:8080/mtwilson/v1
mtwilson.default.tls.policy.id=TRUST_FIRST_CERTIFICATE
mtwilson.api.keystore=c\:/mtwilson/configuration/jonathan.jks
mtwilson.api.keystore.password=beXyfVzb5D8oSHucNErVyw\=\=
mtwilson.api.key.alias=CN\=jonathan
mtwilson.api.key.password=beXyfVzb5D8oSHucNErVyw\=\=
*
* The resulting client keystore can then be used with the junit tests
* in the ApiTest class.
*
* Note that the mtwilson.api.keystore is the complete file path with .jks extension,
* and that the property used for the password is mtwilson.api.keystore.password.
*
* That's important because if you use mtwilson.api.username and mtwilson.api.password
* only in the test.properties file, the client will use HTTP BASIC authentication.
* But if you put BOTH then it will use X509 because it has higher priority.
*
* So using code below, you would set mtwilson.api.keystore to something like (configuration path)/(value of mtwilson.api.username).jks
*
* @throws Exception
*/
@Test
public void registerWithConfiguration() throws Exception {
File directory = new File(My.filesystem().getConfigurationPath());
String username = testProperties.getProperty("mtwilson.api.username");
String password = testProperties.getProperty("mtwilson.api.keystore.password");
URL server = new URL(testProperties.getProperty("mtwilson.api.url")); // My.configuration().getMtWilsonURL();
String[] roles = new String[] { "Attestation", "Whitelist" };
KeystoreUtil.createUserInDirectory(directory, username, password, server, roles);
}
/**
* Note the path you need in mtwilson.api.url ends in /mtwilson/v1 when running this test:
* <pre>
* mtwilson.api.url=https\://10.1.71.56\:8443/mtwilson/v1
* </pre>
*
* Example request:
* <pre>
2014-06-26 01:27:49,680 DEBUG [main] o.a.h.i.c.DefaultClientConnection [DefaultClientConnection.java:268] Sending request: POST /mtwilson/v1/ManagementService/resources/apiclient/register HTTP/1.1
2014-06-26 01:27:49,681 DEBUG [main] o.a.h.wire [Wire.java:72] >> "POST /mtwilson/v1/ManagementService/resources/apiclient/register HTTP/1.1[\r][\n]"
2014-06-26 01:27:49,682 DEBUG [main] o.a.h.wire [Wire.java:72] >> "Accept-Language: en-US;q=1, en;q=0.9[\r][\n]"
2014-06-26 01:27:49,683 DEBUG [main] o.a.h.wire [Wire.java:72] >> "Date: Thu, 26 Jun 2014 01:27:42 PDT[\r][\n]"
2014-06-26 01:27:49,683 DEBUG [main] o.a.h.wire [Wire.java:72] >> "Authorization: X509 fingerprint="AMK+09fsEr66j/EoT1IN6k9ppCMtVpzb+lwE3PNn7bA=", headers="X-Nonce,Date", algorithm="SHA256withRSA", signature="gVEvcPK+3eDHNMZrAvq8veBS3WdhABPG3BROj5aF/PoeajbdJL0HPQcIEZJC+bXVTnw5WNBzrbZTqOxgwb1DUjD4nFwbelx7W2GpAmMY0EaI025TLIH8ANxGPT7ACEy++3B7txyi8LD2PfVs3UPpUTz0mCMY3J40ICgATBIrQH3ZN/Z7dayrM+mecjUqmNMh6m8w+Jt0omsCb2/m3GfnfwaPQ5V3CDJPRViLkYpvPVvJHNbypnEdnYBwhcPuom5tPl4GJBCMYsIrtXayR0TzSDaNHw8yNI6b5vtAW0ODZA/xwmETMW2XAg/p4BKgtgL0dFbFSEEFHux5AxxxXU2LjA=="[\r][\n]"
2014-06-26 01:27:49,683 DEBUG [main] o.a.h.wire [Wire.java:72] >> "X-Nonce: AAABRtdJlH8A83F/Un6A+kUymT35ZZ18[\r][\n]"
2014-06-26 01:27:49,683 DEBUG [main] o.a.h.wire [Wire.java:72] >> "Content-Length: 1134[\r][\n]"
2014-06-26 01:27:49,683 DEBUG [main] o.a.h.wire [Wire.java:72] >> "Content-Type: application/json; charset=UTF-8[\r][\n]"
2014-06-26 01:27:49,684 DEBUG [main] o.a.h.wire [Wire.java:72] >> "Host: 10.1.71.56:8443[\r][\n]"
2014-06-26 01:27:49,684 DEBUG [main] o.a.h.wire [Wire.java:72] >> "Connection: Keep-Alive[\r][\n]"
2014-06-26 01:27:49,684 DEBUG [main] o.a.h.wire [Wire.java:72] >> "[\r][\n]"
2014-06-26 01:27:49,687 DEBUG [main] o.a.h.wire [Wire.java:86] >> "{"X509Certificate":"MIIDIjCCAgqgAwIBAgIIBDGoBkc2YjowDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE1RydXN0ZWQgRGF0YSBDZW50ZXIxEjAQBgNVBAsTCU10IFdpbHNvbjEQMA4GA1UEAxMHYWRtaW4yNTAeFw0xNDA2MjYwNjI4NDJaFw0yNDA2MjMwNjI4NDJaMFExCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNUcnVzdGVkIERhdGEgQ2VudGVyMRIwEAYDVQQLEwlNdCBXaWxzb24xEDAOBgNVBAMTB2FkbWluMjUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCKdC0pMoLYu4d7TSUyA9j8KReV8Ryud34MTSBM8TE4Y6CwTyXP5r09tF5xEjQchZcB9gR44A/dTgqmF2aER5aYLwHLp9lq0T2ez/OXFUYqvM2SzAa2v6U7q/S2VN57RxOo8DZ7MqJrYa45zHToYxZa/JxYxOrVV43DDoljkWsULzq6Jh1wKrvwuXENV+YO6P0RlFnhdiWL7ywcnx0Y9lagRrmspHHeZeiF1tVgMxS5WIt3lQW79vwa7RzTNeJ3r8E/ZreYmMbGKcVwZvdIlEieRp7M2srPQt8FPniIZWc2c8pdDbyg31ZMheyrahE4If0gP/r1Wltjoru6B0uQP3flAgMBAAEwDQYJKoZIhvcNAQELBQADggEBADX7itFgUVTvm14tQwNWjbILetXthZxl4C2YIPweOZcTaBPKg2c6VZJBfWOOmyv8ix6ADLhHSW8wYyBGuxLeimrmZMDXjqRQ+Rn5eCGnwIli2Mj7pgOYzC7UV9PXAKmm5118XmlBDgRGT7GtF4F2UgGoIl9aqOy2CkzEQJQ47dFTCiECti7wPmrLJyeLDOHVitQmKTM7k8MsuymQA8TrWpuOYykQ8utJAITU0qX7R6cLh/bCSCfs44K5KoDyOgKnnNYrP+y0+rqa7xNlWUz5zuHhl0R721biIiOfisqoxF40hKdqgb30lLhoNhUr/dAhOGYYEazfm+Cvr+2/RjHqBiU=","Roles":["Attestation","Whitelist"]}"
* </pre>
*
* Example response:
* <pre>
2014-06-26 01:27:49,924 DEBUG [main] o.a.h.wire [Wire.java:72] << "HTTP/1.1 200 OK[\r][\n]"
2014-06-26 01:27:49,933 DEBUG [main] o.a.h.wire [Wire.java:72] << "Server: Apache-Coyote/1.1[\r][\n]"
2014-06-26 01:27:49,934 DEBUG [main] o.a.h.wire [Wire.java:72] << "Content-Type: text/plain[\r][\n]"
2014-06-26 01:27:49,934 DEBUG [main] o.a.h.wire [Wire.java:72] << "Content-Length: 2[\r][\n]"
2014-06-26 01:27:49,935 DEBUG [main] o.a.h.wire [Wire.java:72] << "Date: Thu, 26 Jun 2014 08:30:20 GMT[\r][\n]"
2014-06-26 01:27:49,936 DEBUG [main] o.a.h.wire [Wire.java:72] << "[\r][\n]"
* </pre>
*
* @throws Exception
*/
@Test
public void registerWithExistingKey() throws Exception {
// configuration
File directory = new File(My.filesystem().getConfigurationPath());
String username = My.configuration().getClientProperties().getProperty("mtwilson.api.key.alias");
String password = My.configuration().getClientProperties().getProperty("mtwilson.api.keystore.password");
URL server = My.configuration().getMtWilsonURL();
// certificate to register
KeyStore keystore = KeystoreUtil.fromFilename(directory.getAbsolutePath()+File.separator+username+".jks" , password);
Certificate certificate = keystore.getCertificate(username);
// client (using same certificate or different certificate)
ApiClient client = KeystoreUtil.clientForUserInDirectory(directory, username, password, server);
ApiClientCreateRequest user = new ApiClientCreateRequest();
user.setCertificate(certificate.getEncoded()); //CertificateEncodingException
user.setRoles(new String[] {"Attestation","Whitelist"}); // roles to request - administrator can approve these or different roles
client.register(user); //IOException
}
}