/*
* Copyright (C) 2014 Intel Corporation
* All rights reserved.
*/
package com.intel.mtwilson.tls.policy;
import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.PropertyNamingStrategy;
import com.fasterxml.jackson.dataformat.xml.XmlMapper;
import com.intel.dcsg.cpg.crypto.RandomUtil;
import com.intel.dcsg.cpg.crypto.Sha256Digest;
import com.intel.dcsg.cpg.validation.ValidationUtil;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import org.junit.BeforeClass;
import org.junit.Test;
/**
*
* @author jbuhacoff
*/
public class TlsPolicyDescriptorTest {
private static final org.slf4j.Logger log = org.slf4j.LoggerFactory.getLogger(TlsPolicyDescriptorTest.class);
private static ObjectMapper json;
private static XmlMapper xml;
@BeforeClass
public static void createMapper() {
json = new ObjectMapper();
json.setSerializationInclusion(JsonInclude.Include.NON_NULL);
json.setPropertyNamingStrategy(new PropertyNamingStrategy.LowerCaseWithUnderscoresStrategy());
json.configure(DeserializationFeature.ACCEPT_SINGLE_VALUE_AS_ARRAY, true);
json.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
xml = new XmlMapper(/*jsonFactory*/);
// xml.setPropertyNamingStrategy(new LowercaseWithHyphensStrategy());
xml.setSerializationInclusion(JsonInclude.Include.NON_NULL);
xml.configure(DeserializationFeature.ACCEPT_SINGLE_VALUE_AS_ARRAY, true);
xml.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
}
@Test
public void testEmptyTlsPolicyDescriptor() throws JsonProcessingException, IOException {
TlsPolicyDescriptor descriptor = new TlsPolicyDescriptor();
log.debug("empty descriptor json: {}", json.writeValueAsString(descriptor));
log.debug("empty descriptor xml: {}", xml.writeValueAsString(descriptor));
TlsPolicyDescriptor copy = json.readValue(json.writeValueAsString(descriptor), TlsPolicyDescriptor.class);
log.debug("copy empty: {}", json.writeValueAsString(copy));
}
@Test
public void testInsecureTlsPolicyDescriptor() throws JsonProcessingException, IOException {
TlsPolicyDescriptor descriptor = new TlsPolicyDescriptor();
descriptor.setPolicyType("INSECURE");
log.debug("insecure descriptor json: {}", json.writeValueAsString(descriptor));
log.debug("insecure descriptor xml: {}", xml.writeValueAsString(descriptor));
TlsPolicyDescriptor copy = json.readValue(json.writeValueAsString(descriptor), TlsPolicyDescriptor.class);
log.debug("copy public-key-digest: {}", json.writeValueAsString(copy));
}
@Test
public void testPublicKeyDigestTlsPolicyDescriptor() throws JsonProcessingException, IOException {
TlsPolicyDescriptor descriptor = new TlsPolicyDescriptor();
descriptor.setPolicyType( "public-key-digest");
descriptor.setMeta(new HashMap<String,String>());
descriptor.getMeta().put("digestAlgorithm", "SHA-256"); // MD5, SHA-1, SHA-256, SHA-384, SHA-512
descriptor.getMeta().put("digestEncoding", "base64"); // base64 or hex
descriptor.setData(new ArrayList<String>());
descriptor.getData().add(Sha256Digest.digestOf(RandomUtil.randomByteArray(50)).toBase64());
log.debug("public-key-digest descriptor json: {}", json.writeValueAsString(descriptor));
log.debug("public-key-digest descriptor xml: {}", xml.writeValueAsString(descriptor));
TlsPolicyDescriptor copy = json.readValue(json.writeValueAsString(descriptor), TlsPolicyDescriptor.class);
log.debug("copy public-key-digest: {}", json.writeValueAsString(copy));
}
@Test
public void testTrustFirstCertificateTlsPolicyDescriptor() throws JsonProcessingException {
TlsPolicyDescriptor descriptor = new TlsPolicyDescriptor();
descriptor.setPolicyType("TRUST_FIRST_CERTIFICATE");
descriptor.setProtection(new TlsProtection());
descriptor.getProtection().authentication = true;
descriptor.getProtection().encryption = true;
descriptor.setCiphers("RSA,AES,SHA,!EC,!MD5"); // means any rsa, aes, or sha algorithm, but no elliptic curve algorithms and no md5
descriptor.setProtocols("!SSL,-TLS,+TLS1.2"); // means no ssl version at all, and only tls 1.2 or greater
log.debug("trust-first-certificate descriptor json: {}", json.writeValueAsString(descriptor));
log.debug("trust-first-certificate descriptor xml: {}", xml.writeValueAsString(descriptor));
}
@Test(expected=IllegalArgumentException.class)
public void testInvalidTrustFirstCertificateTlsPolicyDescriptor() throws JsonProcessingException {
TlsPolicyDescriptor descriptor = new TlsPolicyDescriptor();
descriptor.setPolicyType("TRUST_FIRST_CERTIFICATE*"); // illegal character *
descriptor.setProtection(new TlsProtection());
descriptor.getProtection().authentication = true;
descriptor.getProtection().encryption = true;
descriptor.setCiphers("RSA,AES,SHA,!EC,!MD5");
descriptor.setProtocols("!SSL,-TLS,+TLS1.2");
ValidationUtil.validate(descriptor);
}
}