/*
* Copyright (C) 2014 Intel Corporation
* All rights reserved.
*/
package test.shiro;
import com.intel.dcsg.cpg.crypto.RsaCredentialX509;
import com.intel.dcsg.cpg.crypto.RsaUtil;
import com.intel.dcsg.cpg.crypto.Sha1Digest;
import com.intel.dcsg.cpg.crypto.Sha256Digest;
import com.intel.dcsg.cpg.io.UUID;
import com.intel.dcsg.cpg.x509.X509Builder;
import com.intel.mtwilson.security.http.RsaAuthorization;
import com.intel.mtwilson.user.management.rest.v2.model.Status;
import com.intel.mtwilson.user.management.rest.v2.model.User;
import com.intel.mtwilson.user.management.rest.v2.model.UserLoginCertificate;
import java.security.KeyPair;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.HashMap;
import java.util.concurrent.TimeUnit;
import org.junit.BeforeClass;
import org.junit.Test;
/**
*
* @author jbuhacoff
*/
public class CertificateLoginTest {
private static final org.slf4j.Logger log = org.slf4j.LoggerFactory.getLogger(CertificateLoginTest.class);
private static KeyPair keyPair;
private static X509Certificate certificate;
private static String username = "admin";
private static User user;
private static UserLoginCertificate userLoginCertificate;
@BeforeClass
public static void createUserLoginCertificate() throws Exception {
user = new User();
user.setId(new UUID());
user.setComment("automatically created by setup");
user.setUsername(username);
keyPair = RsaUtil.generateRsaKeyPair(RsaUtil.MINIMUM_RSA_KEY_SIZE);
certificate = X509Builder.factory().selfSigned(String.format("CN=%s", username), keyPair).expires(365, TimeUnit.DAYS).build();
userLoginCertificate = new UserLoginCertificate();
userLoginCertificate.setId(new UUID());
userLoginCertificate.setCertificate(certificate.getEncoded());
userLoginCertificate.setComment("automatically created by setup");
userLoginCertificate.setEnabled(true);
userLoginCertificate.setExpires(certificate.getNotAfter());
userLoginCertificate.setSha1Hash(Sha1Digest.digestOf(certificate.getEncoded()).toByteArray());
userLoginCertificate.setSha256Hash(Sha256Digest.digestOf(certificate.getEncoded()).toByteArray());
userLoginCertificate.setStatus(Status.APPROVED);
userLoginCertificate.setUserId(user.getId());
}
private byte[] signature;
private byte[] digest; // of the docment being signed
/**
* example output:
* Authorization: X509 fingerprint="byQSuPelf/1+eiQid7QE1YJwPu9hnpdvh5d/gy1Exts=", headers="X-Nonce,Date", algorithm="SHA256withRSA", signature="iW5NhHULEblcJ1sdhaNtc1y1mBLyXp0Euogj/zQevoTGIgw+bEorWVosxBKODwpByuRWJ62J4NCwzR6iZ5Ncwh8sn8PVwvFfkl6dlR9EcmKd11T7sUFD3ojcI7E1xXKe1Myiir/ASeQj/vAN05VTEKCli2s6KP2+E2axPrZn6pyY1nOQwKbdqAJ0qd3zUH6GMoqix2T8O8tZtznSYaEN1LP59yjZhKVjIoRDpwcccpUPg5zp2PWiRDtc5q/qAUNtK8RMjJ3Vl/Bi8nAzF+z6cYWFi27XzNpWdKI0HwAKlM8OwhqG94lwzbojbMqOYA+8q8IRgSSNGLEyP/xMjEH3ZA=="
*/
@Test
public void createAuthorizationHeader() throws Exception {
RsaCredentialX509 credential = new RsaCredentialX509(keyPair.getPrivate(), certificate);
RsaAuthorization authorization = new RsaAuthorization(credential);
HashMap<String, String> map = new HashMap<>();
map.put("Date", new Date().toString());
String text = authorization.getAuthorization("GET", "https://localhost", map);
log.debug("Authorization: {}", text);
}
@Test
public void verifyAuthorizationHeader() {
// X509AuthenticationToken token = new X509AuthenticationToken(new Fingerprint(userLoginCertificate.getSha256Hash()), new Credential(signature, digest));
}
}