1 files changed, 154 insertions, 0 deletions

diff --git a/certService/src/test/java/org/onap/oom/certservice/cmpv2client/impl/protections/PasswordBasedProtectionTest.java b/certService/src/test/java/org/onap/oom/certservice/cmpv2client/impl/protections/PasswordBasedProtectionTest.java
new file mode 100644
index 00000000..c249fab7
--- /dev/null
+++ b/certService/src/test/java/org/onap/oom/certservice/cmpv2client/impl/protections/PasswordBasedProtectionTest.java
@@ -0,0 +1,154 @@
+/*-
+ * ============LICENSE_START=======================================================
+ *  Copyright (C) 2021 Nokia.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.oom.certservice.cmpv2client.impl.protections;
+
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.DERBitString;
+import org.bouncycastle.asn1.DEROctetString;
+import org.bouncycastle.asn1.cmp.PBMParameter;
+import org.bouncycastle.asn1.cmp.PKIBody;
+import org.bouncycastle.asn1.cmp.PKIHeader;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.cert.cmp.CMPException;
+import org.bouncycastle.cert.cmp.ProtectedPKIMessage;
+import org.bouncycastle.cert.crmf.PKMACBuilder;
+import org.bouncycastle.cert.crmf.jcajce.JcePKMACValuesCalculator;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
+import org.onap.oom.certservice.cmpv2client.exceptions.CmpClientException;
+
+import java.security.Security;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.onap.oom.certservice.cmpv2client.impl.protections.PkiTestUtils.getProtectedPkiMessage;
+import static org.onap.oom.certservice.cmpv2client.impl.protections.PkiTestUtils.getTestPkiHeader;
+
+class PasswordBasedProtectionTest {
+
+    private static final ASN1ObjectIdentifier PASSWORD_BASED_MAC = new ASN1ObjectIdentifier("1.2.840.113533.7.66.13");
+    private static final AlgorithmIdentifier SHA_1_ALGORITHM = new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.3.14.3.2.26"));
+    private static final AlgorithmIdentifier H_MAC_SHA_1_ALGORITHM = new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.3.6.1.5.5.8.1.2"));
+    private static final int MIN_ITERATION_COUNT = 1000;
+    private static final int MAX_ITERATION_COUNT = 2000;
+    private static final int SALT_LENGTH = 16;
+
+    @BeforeAll
+    static void setUp() {
+        Security.addProvider(new BouncyCastleProvider());
+    }
+
+    @AfterAll
+    static void clean() {
+        Security.removeProvider("BC");
+    }
+
+    @Test
+    void shouldReturnPasswordBasedMacAlgorithmWhenGetAlgorithmMethodCalled() {
+        //Given
+        PasswordBasedProtection protection = new PasswordBasedProtection(null);
+        //When
+        AlgorithmIdentifier algorithmIdentifier = protection.getAlgorithmIdentifier();
+        //Then
+        assertEquals(PASSWORD_BASED_MAC, algorithmIdentifier.getAlgorithm());
+    }
+
+    @Test
+    void shouldSetPasswordBasedParametersWhenGetAlgorithmMethodCalled() {
+        //Given
+        PasswordBasedProtection protection = new PasswordBasedProtection(null);
+        //When
+        AlgorithmIdentifier algorithmIdentifier = protection.getAlgorithmIdentifier();
+        //Then
+        assertTrue(algorithmIdentifier.getParameters() instanceof PBMParameter);
+    }
+
+    @Test
+    void shouldSetSha1ForOwfWhenGetAlgorithmMethodCalled() {
+        //Given
+        PasswordBasedProtection protection = new PasswordBasedProtection(null);
+        //When
+        AlgorithmIdentifier algorithmIdentifier = protection.getAlgorithmIdentifier();
+        //Then
+        PBMParameter pbmParameters = (PBMParameter) algorithmIdentifier.getParameters();
+        assertEquals(SHA_1_ALGORITHM, pbmParameters.getOwf());
+    }
+
+    @Test
+    void shouldSetHMacSha1ForMacWhenGetAlgorithmMethodCalled() {
+        //Given
+        PasswordBasedProtection protection = new PasswordBasedProtection(null);
+        //When
+        AlgorithmIdentifier algorithmIdentifier = protection.getAlgorithmIdentifier();
+        //Then
+        PBMParameter pbmParameters = (PBMParameter) algorithmIdentifier.getParameters();
+        assertEquals(H_MAC_SHA_1_ALGORITHM, pbmParameters.getMac());
+    }
+
+    @Test
+    void shouldSetSaltWhenGetAlgorithmMethodCalled() {
+        //Given
+        PasswordBasedProtection protection = new PasswordBasedProtection(null);
+        //When
+        AlgorithmIdentifier algorithmIdentifier = protection.getAlgorithmIdentifier();
+        //Then
+        PBMParameter pbmParameters = (PBMParameter) algorithmIdentifier.getParameters();
+        assertTrue(pbmParameters.getSalt() instanceof DEROctetString);
+        DEROctetString salt = (DEROctetString) pbmParameters.getSalt();
+        assertEquals(SALT_LENGTH, salt.getOctets().length);
+    }
+
+    @Test
+    void shouldSetIterationCountWhenGetAlgorithmMethodCalled() {
+        //Given
+        PasswordBasedProtection protection = new PasswordBasedProtection(null);
+        //When
+        AlgorithmIdentifier algorithmIdentifier = protection.getAlgorithmIdentifier();
+        //Then
+        PBMParameter pbmParameters = (PBMParameter) algorithmIdentifier.getParameters();
+        assertNotNull(pbmParameters.getIterationCount());
+        long iterationCount = pbmParameters.getIterationCount().getValue().longValue();
+        assertTrue(MIN_ITERATION_COUNT <= iterationCount && iterationCount < MAX_ITERATION_COUNT,
+                "Iteration count not in range");
+    }
+
+    @ParameterizedTest
+    @ValueSource(strings = {"test", "123"})
+    void shouldReturnProtectionByPasswordWhenGenerateProtectionMethodCalled(String initAuthPassword)
+            throws CmpClientException, CMPException {
+        //Given
+        PasswordBasedProtection protection = new PasswordBasedProtection(initAuthPassword);
+        PKIHeader pkiHeader = getTestPkiHeader(protection.getAlgorithmIdentifier());
+        PKIBody pkiBody = PkiTestUtils.getTestPkiBody(SHA_1_ALGORITHM);
+        //When
+        DERBitString messageProtection = protection.generatePkiMessageProtection(pkiHeader, pkiBody);
+        //Then
+        ProtectedPKIMessage protectedPkiMessage = getProtectedPkiMessage(pkiHeader, pkiBody, messageProtection);
+        PKMACBuilder pkMacBuilder = new PKMACBuilder(new JcePKMACValuesCalculator());
+        assertTrue(protectedPkiMessage.verify(pkMacBuilder, initAuthPassword.toCharArray()));
+    }
+
+}