/*
* Copyright (C) 2014 Intel Corporation
* All rights reserved.
*/
package com.intel.mtwilson.tls.policy.formats;
import com.fasterxml.jackson.annotation.JsonIgnore;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.MappingIterator;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.PropertyNamingStrategy;
import com.fasterxml.jackson.dataformat.csv.CsvMapper;
import com.fasterxml.jackson.dataformat.csv.CsvParser;
import com.fasterxml.jackson.dataformat.csv.CsvSchema;
import com.fasterxml.jackson.dataformat.xml.XmlMapper;
import com.intel.dcsg.cpg.crypto.CryptographyException;
import com.intel.dcsg.cpg.crypto.RsaUtil;
import com.intel.dcsg.cpg.crypto.Sha256Digest;
import com.intel.dcsg.cpg.x509.X509Util;
import com.intel.mtwilson.tls.policy.TlsPolicyDescriptor;
import com.intel.mtwilson.jackson.LowercaseWithHyphensStrategy;
import java.io.IOException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import org.apache.commons.codec.binary.Base64;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;
/**
*
* @author jbuhacoff
*/
public class TlsPolicyDescriptorTest {
private static final org.slf4j.Logger log = org.slf4j.LoggerFactory.getLogger(TlsPolicyDescriptorTest.class);
private static List<X509Certificate> certificates = new ArrayList<>();
private static ObjectMapper json;
private static XmlMapper xml;
@BeforeClass
public static void createX509Certificates() throws NoSuchAlgorithmException, CryptographyException, IOException {
for(int i=0; i<3; i++) {
KeyPair keypair = RsaUtil.generateRsaKeyPair(1028);
X509Certificate certificate = RsaUtil.generateX509Certificate(String.format("CN=%d",i), keypair, 10); // valid for 10 days
certificates.add(certificate);
}
}
@BeforeClass
public static void createMapper() {
json = new ObjectMapper();
json.setSerializationInclusion(JsonInclude.Include.NON_NULL);
json.setPropertyNamingStrategy(new PropertyNamingStrategy.LowerCaseWithUnderscoresStrategy());
json.configure(DeserializationFeature.ACCEPT_SINGLE_VALUE_AS_ARRAY, true);
json.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
xml = new XmlMapper(/*jsonFactory*/);
// xml.setPropertyNamingStrategy(new LowercaseWithHyphensStrategy());
xml.setSerializationInclusion(JsonInclude.Include.NON_NULL);
xml.configure(DeserializationFeature.ACCEPT_SINGLE_VALUE_AS_ARRAY, true);
xml.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
}
public static class TypeA { public String color = "red"; public String fruit = "apple"; }
public static class TypeB { public String fruit; }
@Test
public void testIgnoreUnknownProperties() throws JsonProcessingException, IOException {
String text = json.writeValueAsString(new TypeA());
TypeB decoded = json.readValue(text, TypeB.class);
log.debug("decoded: {}", json.writeValueAsString(decoded));
}
@Test
public void testX509CertificateDescriptor() throws CryptographyException, CertificateEncodingException, CertificateException, JsonProcessingException, IOException {
TlsPolicyDescriptor descriptor = new TlsPolicyDescriptor();
descriptor.setData(new HashSet<String>());
for(X509Certificate certificate : certificates) {
descriptor.getData().add(Base64.encodeBase64String(certificate.getEncoded()));
}
String text = json.writeValueAsString(descriptor);
log.debug("JSON:\n{}", text);
log.debug("XML:\n{}", xml.writeValueAsString(descriptor));
TlsPolicyDescriptor decoded = json.readValue(text, TlsPolicyDescriptor.class);
int max = certificates.size();
for(int i=0; i<max; i++) {
assertTrue(String.format("record %d", i),decoded.getData().contains(Base64.encodeBase64String(certificates.get(i).getEncoded())));
}
}
@Test
public void testPublicKeyDescriptor() throws CryptographyException, CertificateEncodingException, CertificateException, JsonProcessingException, IOException {
TlsPolicyDescriptor descriptor = new TlsPolicyDescriptor();
descriptor.setData(new HashSet<String>());
for(X509Certificate certificate : certificates) {
descriptor.getData().add(Base64.encodeBase64String(certificate.getPublicKey().getEncoded()));
}
String text = json.writeValueAsString(descriptor);
log.debug("JSON:\n{}", text);
log.debug("XML:\n{}", xml.writeValueAsString(descriptor));
TlsPolicyDescriptor decoded = json.readValue(text, TlsPolicyDescriptor.class);
int max = certificates.size();
for(int i=0; i<max; i++) {
assertTrue(String.format("record %d", i),decoded.getData().contains(Base64.encodeBase64String(certificates.get(i).getPublicKey().getEncoded())));
}
}
@Test
public void testX509CertificateDigestDescriptor() throws CryptographyException, CertificateEncodingException, CertificateException, JsonProcessingException, IOException {
TlsPolicyDescriptor descriptor = new TlsPolicyDescriptor();
descriptor.setMeta(new HashMap<String,String>());
descriptor.getMeta().put("digestAlgorithm","SHA256");
descriptor.setData(new HashSet<String>());
for(X509Certificate certificate : certificates) {
descriptor.getData().add(Base64.encodeBase64String(Sha256Digest.digestOf(certificate.getEncoded()).toByteArray()));
}
String text = json.writeValueAsString(descriptor);
log.debug("JSON:\n{}", text);
log.debug("XML:\n{}", xml.writeValueAsString(descriptor));
TlsPolicyDescriptor decoded = json.readValue(text, TlsPolicyDescriptor.class);
int max = certificates.size();
for(int i=0; i<max; i++) {
assertTrue(String.format("record %d", i),decoded.getData().contains(Base64.encodeBase64String(Sha256Digest.digestOf(certificates.get(i).getEncoded()).toByteArray())));
}
}
@Test
public void testPublicKeyDigestDescriptor() throws CryptographyException, CertificateEncodingException, CertificateException, JsonProcessingException, IOException {
TlsPolicyDescriptor descriptor = new TlsPolicyDescriptor();
descriptor.setMeta(new HashMap<String,String>());
descriptor.getMeta().put("digestAlgorithm","SHA256");
descriptor.setData(new HashSet<String>());
for(X509Certificate certificate : certificates) {
descriptor.getData().add(Base64.encodeBase64String(Sha256Digest.digestOf(certificate.getPublicKey().getEncoded()).toByteArray()));
}
String text = json.writeValueAsString(descriptor);
log.debug("JSON:\n{}", text);
log.debug("XML:\n{}", xml.writeValueAsString(descriptor));
TlsPolicyDescriptor decoded = json.readValue(text, TlsPolicyDescriptor.class);
int max = certificates.size();
for(int i=0; i<max; i++) {
assertTrue(String.format("record %d", i),decoded.getData().contains(Base64.encodeBase64String(Sha256Digest.digestOf(certificates.get(i).getPublicKey().getEncoded()).toByteArray())));
}
}
}