diff options
Diffstat (limited to 'certService/src/test/java')
8 files changed, 400 insertions, 22 deletions
diff --git a/certService/src/test/java/org/onap/oom/certservice/api/CertificationControllerTest.java b/certService/src/test/java/org/onap/oom/certservice/api/CertificationControllerTest.java index abd950e8..0bf37901 100644 --- a/certService/src/test/java/org/onap/oom/certservice/api/CertificationControllerTest.java +++ b/certService/src/test/java/org/onap/oom/certservice/api/CertificationControllerTest.java @@ -2,7 +2,7 @@ * ============LICENSE_START======================================================= * PROJECT * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. + * Copyright (C) 2020-2021 Nokia. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -32,8 +32,8 @@ import org.junit.jupiter.api.Test; import org.junit.jupiter.api.extension.ExtendWith; import org.mockito.Mock; import org.mockito.junit.jupiter.MockitoExtension; +import org.onap.oom.certservice.certification.model.CertificateUpdateModel; import org.onap.oom.certservice.certification.CertificationModelFactory; -import org.onap.oom.certservice.certification.exception.Cmpv2ClientAdapterException; import org.onap.oom.certservice.certification.exception.Cmpv2ServerNotFoundException; import org.onap.oom.certservice.certification.exception.CsrDecryptionException; import org.onap.oom.certservice.certification.exception.DecryptionException; @@ -52,6 +52,8 @@ class CertificationControllerTest { private static final String TEST_WRONG_ENCODED_CSR = "wrongEncodedCSR"; private static final String TEST_WRONG_ENCODED_PK = "wrongEncodedPK"; private static final String TEST_WRONG_CA_NAME = "wrongTestCa"; + private static final String TEST_ENCODED_OLD_PK = "encodedOldPK"; + private static final String TEST_ENCODED_OLD_CERT = "encodedOldCert"; private CertificationController certificationController; @@ -65,7 +67,7 @@ class CertificationControllerTest { @Test void shouldReturnDataAboutCsrBaseOnEncodedParameters() - throws DecryptionException, CmpClientException, Cmpv2ClientAdapterException { + throws DecryptionException, CmpClientException { // Given CertificationModel testCertificationModel = new CertificationModel( Arrays.asList("ENTITY_CERT", "INTERMEDIATE_CERT"), @@ -87,7 +89,7 @@ class CertificationControllerTest { @Test void shouldThrowCsrDecryptionExceptionWhenCreatingCsrModelFails() - throws DecryptionException, CmpClientException, Cmpv2ClientAdapterException { + throws DecryptionException, CmpClientException { // Given String expectedMessage = "Incorrect CSR, decryption failed"; when(certificationModelFactory.createCertificationModel(TEST_WRONG_ENCODED_CSR, TEST_ENCODED_PK, TEST_CA_NAME)) @@ -107,7 +109,7 @@ class CertificationControllerTest { @Test void shouldThrowPemDecryptionExceptionWhenCreatingPemModelFails() - throws DecryptionException, CmpClientException, Cmpv2ClientAdapterException { + throws DecryptionException, CmpClientException { // Given String expectedMessage = "Incorrect PEM, decryption failed"; when(certificationModelFactory.createCertificationModel(TEST_ENCODED_CSR, TEST_WRONG_ENCODED_PK, TEST_CA_NAME)) @@ -127,7 +129,7 @@ class CertificationControllerTest { @Test void shouldThrowCmpv2ServerNotFoundWhenGivenWrongCaName() - throws DecryptionException, CmpClientException, Cmpv2ClientAdapterException { + throws DecryptionException, CmpClientException { // Given String expectedMessage = "No server found for given CA name"; when(certificationModelFactory.createCertificationModel(TEST_ENCODED_CSR, TEST_ENCODED_PK, TEST_WRONG_CA_NAME)) @@ -144,4 +146,31 @@ class CertificationControllerTest { // Then assertEquals(expectedMessage, actualMessage); } + + @Test + void shouldUpdateEndpointReturnDataAboutCsrBaseOnEncodedParameters() { + // Given + CertificationModel testCertificationModel = new CertificationModel( + Arrays.asList("ENTITY_CERT", "INTERMEDIATE_CERT"), + Arrays.asList("CA_CERT", "EXTRA_CA_CERT") + ); + CertificateUpdateModel certificateUpdateModel = new CertificateUpdateModel.CertificateUpdateModelBuilder() + .setEncodedCsr(TEST_ENCODED_CSR) + .setEncodedPrivateKey(TEST_ENCODED_PK) + .setEncodedOldCert(TEST_ENCODED_OLD_CERT) + .setEncodedOldPrivateKey(TEST_ENCODED_OLD_PK) + .setCaName(TEST_CA_NAME) + .build(); + when(certificationModelFactory.createCertificationModel(certificateUpdateModel)).thenReturn(testCertificationModel); + + // When + ResponseEntity<CertificationModel> responseCertificationModel = + certificationController.updateCertificate(TEST_CA_NAME, TEST_ENCODED_CSR, + TEST_ENCODED_PK, TEST_ENCODED_OLD_CERT, TEST_ENCODED_OLD_PK); + + // Then + assertEquals(HttpStatus.OK, responseCertificationModel.getStatusCode()); + assertThat(responseCertificationModel.getBody()).isEqualToComparingFieldByField(testCertificationModel); + } + } diff --git a/certService/src/test/java/org/onap/oom/certservice/api/ReloadConfigControllerTest.java b/certService/src/test/java/org/onap/oom/certservice/api/ReloadConfigControllerTest.java index 8b367e1a..4247809c 100644 --- a/certService/src/test/java/org/onap/oom/certservice/api/ReloadConfigControllerTest.java +++ b/certService/src/test/java/org/onap/oom/certservice/api/ReloadConfigControllerTest.java @@ -2,7 +2,7 @@ * ============LICENSE_START======================================================= * PROJECT * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. + * Copyright (C) 2020-2021 Nokia. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -36,7 +36,7 @@ import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; @ExtendWith(MockitoExtension.class) -public class ReloadConfigControllerTest { +class ReloadConfigControllerTest { private static final String ERROR_MESSAGE = "Exception occurred during CMP Servers configuration loading"; diff --git a/certService/src/test/java/org/onap/oom/certservice/certification/CertificationModelFactoryTest.java b/certService/src/test/java/org/onap/oom/certservice/certification/CertificationModelFactoryTest.java index 8d28148b..705ae004 100644 --- a/certService/src/test/java/org/onap/oom/certservice/certification/CertificationModelFactoryTest.java +++ b/certService/src/test/java/org/onap/oom/certservice/certification/CertificationModelFactoryTest.java @@ -2,7 +2,7 @@ * ============LICENSE_START======================================================= * PROJECT * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. + * Copyright (C) 2020-2021 Nokia. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -43,7 +43,6 @@ import static org.assertj.core.api.Assertions.assertThat; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; -import static org.mockito.ArgumentMatchers.eq; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; import static org.onap.oom.certservice.certification.CertificationData.CA_CERT; @@ -111,8 +110,8 @@ class CertificationModelFactoryTest { String expectedMessage = "Incorrect CSR, decryption failed"; when( csrModelFactory.createCsrModel( - eq(new CsrModelFactory.StringBase64(ENCODED_WRONG_CSR)), - eq(new CsrModelFactory.StringBase64(ENCODED_WRONG_PK)) + new CsrModelFactory.StringBase64(ENCODED_WRONG_CSR), + new CsrModelFactory.StringBase64(ENCODED_WRONG_PK) ) ).thenThrow( new CsrDecryptionException(expectedMessage) @@ -158,7 +157,7 @@ class CertificationModelFactoryTest { CsrModel csrModel = mockCsrFactoryModelCreation(); Cmpv2Server testServer = mockCmpv2ProviderServerSelection(); when( - certificationProvider.signCsr(eq(csrModel), eq(testServer)) + certificationProvider.signCsr(csrModel, testServer) ).thenThrow( new CmpClientException(expectedMessage) ); @@ -178,14 +177,14 @@ class CertificationModelFactoryTest { throws CmpClientException, Cmpv2ClientAdapterException { CertificationModel expectedCertificationModel = getCertificationModel(); when( - certificationProvider.signCsr(eq(csrModel), eq(testServer)) + certificationProvider.signCsr(csrModel, testServer) ).thenReturn(expectedCertificationModel); } private Cmpv2Server mockCmpv2ProviderServerSelection() { Cmpv2Server testServer = getCmpv2Server(); when( - cmpv2ServerProvider.getCmpv2Server(eq(TEST_CA)) + cmpv2ServerProvider.getCmpv2Server(TEST_CA) ).thenReturn(testServer); return testServer; } @@ -195,8 +194,8 @@ class CertificationModelFactoryTest { CsrModel csrModel = getCsrModel(); when( csrModelFactory.createCsrModel( - eq(new CsrModelFactory.StringBase64(ENCODED_CSR)), - eq(new CsrModelFactory.StringBase64(ENCODED_PK)) + new CsrModelFactory.StringBase64(ENCODED_CSR), + new CsrModelFactory.StringBase64(ENCODED_PK) ) ).thenReturn(csrModel); return csrModel; diff --git a/certService/src/test/java/org/onap/oom/certservice/certification/configuration/CmpServersConfigLoaderTest.java b/certService/src/test/java/org/onap/oom/certservice/certification/configuration/CmpServersConfigLoaderTest.java index b755b977..98932d0c 100644 --- a/certService/src/test/java/org/onap/oom/certservice/certification/configuration/CmpServersConfigLoaderTest.java +++ b/certService/src/test/java/org/onap/oom/certservice/certification/configuration/CmpServersConfigLoaderTest.java @@ -2,7 +2,7 @@ * ============LICENSE_START======================================================= * PROJECT * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. + * Copyright (C) 2020-2021 Nokia. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -70,8 +70,9 @@ class CmpServersConfigLoaderTest { List<Cmpv2Server> cmpServers = configLoader.load(path); // Then - assertThat(cmpServers).isNotNull(); - assertThat(cmpServers).hasSize(2); + assertThat(cmpServers) + .isNotNull() + .hasSize(2); verifyThatCmpServerEquals(cmpServers.get(0), EXPECTED_FIRST_CMP_SERVER); verifyThatCmpServerEquals(cmpServers.get(1), EXPECTED_SECOND_CMP_SERVER); } @@ -109,7 +110,7 @@ class CmpServersConfigLoaderTest { private void verifyThatCmpServerEquals(Cmpv2Server cmpv2Server, Map<String, String> expected) { assertThat(cmpv2Server.getCaName()).isEqualTo(expected.get("CA_NAME")); assertThat(cmpv2Server.getUrl()).isEqualTo(expected.get("URL")); - assertThat(cmpv2Server.getIssuerDN().toString()).isEqualTo(expected.get("ISSUER_DN")); + assertThat(cmpv2Server.getIssuerDN()).hasToString(expected.get("ISSUER_DN")); assertThat(cmpv2Server.getCaMode().name()).isEqualTo(expected.get("CA_MODE")); assertThat(cmpv2Server.getAuthentication().getIak()).isEqualTo(expected.get("IAK")); assertThat(cmpv2Server.getAuthentication().getRv()).isEqualTo(expected.get("RV")); diff --git a/certService/src/test/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelperTest.java b/certService/src/test/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelperTest.java index 0aae26a4..0d614cdc 100644 --- a/certService/src/test/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelperTest.java +++ b/certService/src/test/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelperTest.java @@ -33,7 +33,7 @@ import org.bouncycastle.asn1.x509.KeyUsage; import org.junit.jupiter.api.Test; import org.onap.oom.certservice.cmpv2client.exceptions.CmpClientException; -public class CmpMessageHelperTest { +class CmpMessageHelperTest { private final KeyUsage expectedKeyUsage = new KeyUsage( KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.nonRepudiation); diff --git a/certService/src/test/java/org/onap/oom/certservice/cmpv2client/impl/PasswordBasedProtectionTest.java b/certService/src/test/java/org/onap/oom/certservice/cmpv2client/impl/PasswordBasedProtectionTest.java new file mode 100644 index 00000000..b280a2e6 --- /dev/null +++ b/certService/src/test/java/org/onap/oom/certservice/cmpv2client/impl/PasswordBasedProtectionTest.java @@ -0,0 +1,154 @@ +/*- + * ============LICENSE_START======================================================= + * Copyright (C) 2021 Nokia. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.cmpv2client.impl; + +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.DERBitString; +import org.bouncycastle.asn1.DEROctetString; +import org.bouncycastle.asn1.cmp.PBMParameter; +import org.bouncycastle.asn1.cmp.PKIBody; +import org.bouncycastle.asn1.cmp.PKIHeader; +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.cert.cmp.CMPException; +import org.bouncycastle.cert.cmp.ProtectedPKIMessage; +import org.bouncycastle.cert.crmf.PKMACBuilder; +import org.bouncycastle.cert.crmf.jcajce.JcePKMACValuesCalculator; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.junit.jupiter.api.AfterAll; +import org.junit.jupiter.api.BeforeAll; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.ValueSource; +import org.onap.oom.certservice.cmpv2client.exceptions.CmpClientException; + +import java.security.Security; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertTrue; +import static org.onap.oom.certservice.cmpv2client.impl.PkiTestUtils.getProtectedPkiMessage; +import static org.onap.oom.certservice.cmpv2client.impl.PkiTestUtils.getTestPkiHeader; + +class PasswordBasedProtectionTest { + + private static final ASN1ObjectIdentifier PASSWORD_BASED_MAC = new ASN1ObjectIdentifier("1.2.840.113533.7.66.13"); + private static final AlgorithmIdentifier SHA_1_ALGORITHM = new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.3.14.3.2.26")); + private static final AlgorithmIdentifier H_MAC_SHA_1_ALGORITHM = new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.3.6.1.5.5.8.1.2")); + private static final int MIN_ITERATION_COUNT = 1000; + private static final int MAX_ITERATION_COUNT = 2000; + private static final int SALT_LENGTH = 16; + + @BeforeAll + static void setUp() { + Security.addProvider(new BouncyCastleProvider()); + } + + @AfterAll + static void clean() { + Security.removeProvider("BC"); + } + + @Test + void shouldReturnPasswordBasedMacAlgorithmWhenGetAlgorithmMethodCalled() { + //Given + PasswordBasedProtection protection = new PasswordBasedProtection(null); + //When + AlgorithmIdentifier algorithmIdentifier = protection.getAlgorithmIdentifier(); + //Then + assertEquals(PASSWORD_BASED_MAC, algorithmIdentifier.getAlgorithm()); + } + + @Test + void shouldSetPasswordBasedParametersWhenGetAlgorithmMethodCalled() { + //Given + PasswordBasedProtection protection = new PasswordBasedProtection(null); + //When + AlgorithmIdentifier algorithmIdentifier = protection.getAlgorithmIdentifier(); + //Then + assertTrue(algorithmIdentifier.getParameters() instanceof PBMParameter); + } + + @Test + void shouldSetSha1ForOwfWhenGetAlgorithmMethodCalled() { + //Given + PasswordBasedProtection protection = new PasswordBasedProtection(null); + //When + AlgorithmIdentifier algorithmIdentifier = protection.getAlgorithmIdentifier(); + //Then + PBMParameter pbmParameters = (PBMParameter) algorithmIdentifier.getParameters(); + assertEquals(SHA_1_ALGORITHM, pbmParameters.getOwf()); + } + + @Test + void shouldSetHMacSha1ForMacWhenGetAlgorithmMethodCalled() { + //Given + PasswordBasedProtection protection = new PasswordBasedProtection(null); + //When + AlgorithmIdentifier algorithmIdentifier = protection.getAlgorithmIdentifier(); + //Then + PBMParameter pbmParameters = (PBMParameter) algorithmIdentifier.getParameters(); + assertEquals(H_MAC_SHA_1_ALGORITHM, pbmParameters.getMac()); + } + + @Test + void shouldSetSaltWhenGetAlgorithmMethodCalled() { + //Given + PasswordBasedProtection protection = new PasswordBasedProtection(null); + //When + AlgorithmIdentifier algorithmIdentifier = protection.getAlgorithmIdentifier(); + //Then + PBMParameter pbmParameters = (PBMParameter) algorithmIdentifier.getParameters(); + assertTrue(pbmParameters.getSalt() instanceof DEROctetString); + DEROctetString salt = (DEROctetString) pbmParameters.getSalt(); + assertEquals(SALT_LENGTH, salt.getOctets().length); + } + + @Test + void shouldSetIterationCountWhenGetAlgorithmMethodCalled() { + //Given + PasswordBasedProtection protection = new PasswordBasedProtection(null); + //When + AlgorithmIdentifier algorithmIdentifier = protection.getAlgorithmIdentifier(); + //Then + PBMParameter pbmParameters = (PBMParameter) algorithmIdentifier.getParameters(); + assertNotNull(pbmParameters.getIterationCount()); + long iterationCount = pbmParameters.getIterationCount().getValue().longValue(); + assertTrue(MIN_ITERATION_COUNT <= iterationCount && iterationCount < MAX_ITERATION_COUNT, + "Iteration count not in range"); + } + + @ParameterizedTest + @ValueSource(strings = {"test", "123"}) + void shouldReturnProtectionByPasswordWhenGenerateProtectionMethodCalled(String initAuthPassword) + throws CmpClientException, CMPException { + //Given + PasswordBasedProtection protection = new PasswordBasedProtection(initAuthPassword); + PKIHeader pkiHeader = getTestPkiHeader(protection.getAlgorithmIdentifier()); + PKIBody pkiBody = PkiTestUtils.getTestPkiBody(SHA_1_ALGORITHM); + //When + DERBitString messageProtection = protection.generatePkiMessageProtection(pkiHeader, pkiBody); + //Then + ProtectedPKIMessage protectedPkiMessage = getProtectedPkiMessage(pkiHeader, pkiBody, messageProtection); + PKMACBuilder pkMacBuilder = new PKMACBuilder(new JcePKMACValuesCalculator()); + assertTrue(protectedPkiMessage.verify(pkMacBuilder, initAuthPassword.toCharArray())); + } + +} diff --git a/certService/src/test/java/org/onap/oom/certservice/cmpv2client/impl/PkiTestUtils.java b/certService/src/test/java/org/onap/oom/certservice/cmpv2client/impl/PkiTestUtils.java new file mode 100644 index 00000000..7f7df455 --- /dev/null +++ b/certService/src/test/java/org/onap/oom/certservice/cmpv2client/impl/PkiTestUtils.java @@ -0,0 +1,101 @@ +/*- + * ============LICENSE_START======================================================= + * Copyright (C) 2021 Nokia. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.cmpv2client.impl; + +import org.bouncycastle.asn1.DERBitString; +import org.bouncycastle.asn1.DERGeneralizedTime; +import org.bouncycastle.asn1.cmp.PKIBody; +import org.bouncycastle.asn1.cmp.PKIHeader; +import org.bouncycastle.asn1.cmp.PKIHeaderBuilder; +import org.bouncycastle.asn1.cmp.PKIMessage; +import org.bouncycastle.asn1.crmf.CertReqMessages; +import org.bouncycastle.asn1.crmf.CertReqMsg; +import org.bouncycastle.asn1.crmf.CertRequest; +import org.bouncycastle.asn1.crmf.CertTemplateBuilder; +import org.bouncycastle.asn1.x500.X500Name; +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.asn1.x509.GeneralName; +import org.bouncycastle.cert.cmp.GeneralPKIMessage; +import org.bouncycastle.cert.cmp.ProtectedPKIMessage; +import org.bouncycastle.operator.ContentVerifierProvider; +import org.bouncycastle.operator.OperatorCreationException; +import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder; + +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.PublicKey; +import java.util.Date; + +final class PkiTestUtils { + + private static final String CN_TEST_SUBJECT = "CN=test1Subject"; + private static final String CN_TEST_ISSUER = "CN=test2Issuer"; + private static final int TEST_CERT_REQUEST_ID = 1432; + private static final int PVNO = 0; + private static final String BC_PROVIDER = "BC"; + private static final String RSA = "RSA"; + + private PkiTestUtils() { + } + + static PKIBody getTestPkiBody(AlgorithmIdentifier signingAlgorithm) { + CertTemplateBuilder certTemplateBuilder = + new CertTemplateBuilder() + .setIssuer(new X500Name(CN_TEST_ISSUER)) + .setSubject(new X500Name(CN_TEST_SUBJECT)) + .setSigningAlg(signingAlgorithm); + + CertRequest certRequest = new CertRequest(TEST_CERT_REQUEST_ID, certTemplateBuilder.build(), null); + CertReqMsg certReqMsg = new CertReqMsg(certRequest, null, null); + + CertReqMessages certReqMessages = new CertReqMessages(certReqMsg); + return new PKIBody(0, certReqMessages); + } + + static PKIHeader getTestPkiHeader(AlgorithmIdentifier protectionAlgorithm) { + PKIHeaderBuilder pkiHeader = new PKIHeaderBuilder( + PVNO, + new GeneralName(new X500Name(CN_TEST_SUBJECT)), + new GeneralName(new X500Name(CN_TEST_ISSUER))); + pkiHeader.setProtectionAlg(protectionAlgorithm); + pkiHeader.setMessageTime(new DERGeneralizedTime(new Date())); + return pkiHeader.build(); + } + + static ProtectedPKIMessage getProtectedPkiMessage(PKIHeader pkiHeader, PKIBody pkiBody, DERBitString messageProtection) { + PKIMessage pkiMessage = new PKIMessage(pkiHeader, pkiBody, messageProtection); + GeneralPKIMessage generalPkiMessage = new GeneralPKIMessage(pkiMessage); + return new ProtectedPKIMessage(generalPkiMessage); + } + + static KeyPair getKeyPair() throws NoSuchAlgorithmException, NoSuchProviderException { + KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(RSA, BC_PROVIDER); + return keyPairGenerator.generateKeyPair(); + } + + static ContentVerifierProvider getContentVerifierProvider(PublicKey publicKey) throws OperatorCreationException { + return new JcaContentVerifierProviderBuilder() + .setProvider(BC_PROVIDER) + .build(publicKey); + } +} diff --git a/certService/src/test/java/org/onap/oom/certservice/cmpv2client/impl/SignatureProtectionTest.java b/certService/src/test/java/org/onap/oom/certservice/cmpv2client/impl/SignatureProtectionTest.java new file mode 100644 index 00000000..ba382c42 --- /dev/null +++ b/certService/src/test/java/org/onap/oom/certservice/cmpv2client/impl/SignatureProtectionTest.java @@ -0,0 +1,94 @@ +/*- + * ============LICENSE_START======================================================= + * Copyright (C) 2021 Nokia. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.cmpv2client.impl; + +import org.bouncycastle.asn1.DERBitString; +import org.bouncycastle.asn1.cmp.PKIBody; +import org.bouncycastle.asn1.cmp.PKIHeader; +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.cert.cmp.CMPException; +import org.bouncycastle.cert.cmp.ProtectedPKIMessage; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.bouncycastle.operator.ContentVerifierProvider; +import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder; +import org.bouncycastle.operator.OperatorCreationException; +import org.junit.jupiter.api.AfterAll; +import org.junit.jupiter.api.BeforeAll; +import org.junit.jupiter.api.Test; +import org.onap.oom.certservice.cmpv2client.exceptions.CmpClientException; + +import java.security.GeneralSecurityException; +import java.security.KeyPair; +import java.security.Security; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertTrue; +import static org.onap.oom.certservice.cmpv2client.impl.PkiTestUtils.getProtectedPkiMessage; +import static org.onap.oom.certservice.cmpv2client.impl.PkiTestUtils.getTestPkiBody; +import static org.onap.oom.certservice.cmpv2client.impl.PkiTestUtils.getTestPkiHeader; + +class SignatureProtectionTest { + + private static final String SHA256_RSA_OID = "1.2.840.113549.1.1.11"; + private static final AlgorithmIdentifier SHA256_RSA_ALGORITHM = new DefaultSignatureAlgorithmIdentifierFinder() + .find("SHA256withRSA"); + private static final String BC_PROVIDER = "BC"; + + @BeforeAll + static void setUp() { + Security.addProvider(new BouncyCastleProvider()); + } + + @AfterAll + static void clean() { + Security.removeProvider(BC_PROVIDER); + } + + @Test + void shouldReturnExpectedAlgorithmWhenGetAlgorithmMethodCalled() { + //Given + SignatureProtection signatureProtection = new SignatureProtection(null); + //When + AlgorithmIdentifier algorithmIdentifier = signatureProtection.getAlgorithmIdentifier(); + //Then + assertNotNull(algorithmIdentifier); + assertNotNull(algorithmIdentifier.getAlgorithm()); + assertEquals(SHA256_RSA_OID, algorithmIdentifier.getAlgorithm().toString()); + } + + @Test + void shouldReturnProtectionByPkWhenGenerateProtectionMethodCalled() + throws GeneralSecurityException, CmpClientException, OperatorCreationException, CMPException { + //Given + KeyPair keyPair = PkiTestUtils.getKeyPair(); + SignatureProtection signatureProtection = new SignatureProtection(keyPair.getPrivate()); + PKIHeader pkiHeader = getTestPkiHeader(SHA256_RSA_ALGORITHM); + PKIBody pkiBody = getTestPkiBody(SHA256_RSA_ALGORITHM); + //When + DERBitString protection = signatureProtection.generatePkiMessageProtection(pkiHeader, pkiBody); + //Then + ProtectedPKIMessage protectedPkiMessage = getProtectedPkiMessage(pkiHeader, pkiBody, protection); + ContentVerifierProvider verifierProvider = PkiTestUtils.getContentVerifierProvider(keyPair.getPublic()); + assertTrue(protectedPkiMessage.verify(verifierProvider)); + } + +} |