1 /*============LICENSE_START=======================================================
2 * aaf-certservice-client
3 * ================================================================================
4 * Copyright (C) 2020 Nokia. All rights reserved.
5 * ================================================================================
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at
10 * http://www.apache.org/licenses/LICENSE-2.0
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License.
17 * ============LICENSE_END=========================================================
20 package org.onap.aaf.certservice.client.certification.conversion;
22 import static org.assertj.core.api.Assertions.assertThatThrownBy;
23 import static org.junit.jupiter.api.Assertions.assertArrayEquals;
24 import static org.junit.jupiter.api.Assertions.assertEquals;
25 import static org.junit.jupiter.api.Assertions.assertThrows;
26 import static org.junit.jupiter.api.Assertions.assertTrue;
27 import static org.mockito.Mockito.mock;
28 import static org.mockito.Mockito.when;
30 import java.io.ByteArrayInputStream;
31 import java.io.IOException;
32 import java.nio.charset.StandardCharsets;
33 import java.nio.file.Files;
34 import java.nio.file.Path;
35 import java.security.KeyStore;
36 import java.security.KeyStoreException;
37 import java.security.NoSuchAlgorithmException;
38 import java.security.PrivateKey;
39 import java.security.UnrecoverableKeyException;
40 import java.security.cert.Certificate;
41 import java.security.cert.CertificateException;
42 import java.util.List;
43 import org.junit.jupiter.api.BeforeAll;
44 import org.junit.jupiter.api.Test;
45 import org.junit.jupiter.params.ParameterizedTest;
46 import org.junit.jupiter.params.provider.ValueSource;
47 import org.onap.aaf.certservice.client.certification.EncryptionAlgorithmConstants;
48 import org.onap.aaf.certservice.client.certification.exception.PemConversionException;
50 class PemConverterTest {
52 private static final String RESOURCES_PATH = "src/test/resources";
53 private static final String CERT1_PATH = RESOURCES_PATH + "/cert1.pem";
54 private static final String CERT2_PATH = RESOURCES_PATH + "/cert2.pem";
55 private static final String KEY_PATH = RESOURCES_PATH + "/privateKey";
56 private static final String EXPECTED_KEYSTORE_PATH = RESOURCES_PATH + "/expectedKeystore.jks";
57 private static final String EXPECTED_TRUSTSTORE_PATH = RESOURCES_PATH + "/expectedTruststore.jks";
58 private static final String PKCS12 = "PKCS12";
59 private static final String PKCS8 = "PKCS#8";
60 private static final String JKS = "JKS";
61 private static final String KEY_ERROR_MSG = "java.security.KeyStoreException: Key protection algorithm not found: java.lang.NullPointerException";
62 private static final String CERTIFICATES_ERROR_MSG = "The certificate couldn't be parsed correctly. certificate1";
63 private static final String PASSWORD_ERROR_MSG = "Password should be min. 16 chars long and should contain only alphanumeric characters and special characters like Underscore (_), Dollar ($) and Pound (#)";
64 private static byte[] key;
65 private PrivateKey privateKey = mock(PrivateKey.class);
68 static void setUpForAll() throws IOException {
69 key = Files.readAllBytes(Path.of(KEY_PATH));
73 @ValueSource(strings = {PKCS12, JKS})
74 void convertKeystoreShouldReturnKeystoreWithGivenPrivateKeyAndCertificateChain(String conversionTarget)
75 throws IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException, PemConversionException {
77 final String alias = "keystore-entry";
78 final Password password = new Password("d9D_u8LooYaXH4G48DtN#vw0");
79 final List<String> certificateChain = getCertificates();
80 final PemConverter converter = new PemConverter(conversionTarget);
81 final KeyStore expectedKeyStore = KeyStore.getInstance(conversionTarget);
82 expectedKeyStore.load(new ByteArrayInputStream(Files.readAllBytes(Path.of(EXPECTED_KEYSTORE_PATH))),
83 password.toCharArray());
84 final Certificate[] expectedChain = expectedKeyStore.getCertificateChain(alias);
85 privateKeyMockSetup();
88 final byte[] result = converter.convertKeystore(certificateChain, password, alias, privateKey);
91 final KeyStore actualKeyStore = KeyStore.getInstance(conversionTarget);
92 actualKeyStore.load(new ByteArrayInputStream(result), password.toCharArray());
93 final Certificate[] actualChain = actualKeyStore.getCertificateChain(alias);
95 assertArrayEquals(key, actualKeyStore.getKey(alias, password.toCharArray()).getEncoded());
96 assertEquals(2, expectedChain.length);
97 assertArrayEquals(expectedChain, actualChain);
101 @ValueSource(strings = {PKCS12, JKS})
102 void convertKeystoreShouldThrowPemConverterExceptionBecauseOfWrongPassword(String conversionTarget) throws IOException {
104 final String alias = "keystore-entry";
105 final Password password = new Password("apple");
106 final List<String> certificateChain = getCertificates();
107 final PemConverter converter = new PemConverter(conversionTarget);
108 privateKeyMockSetup();
111 Exception exception = assertThrows(PemConversionException.class, () ->
112 converter.convertKeystore(certificateChain, password, alias, privateKey)
116 assertEquals(PASSWORD_ERROR_MSG, exception.getMessage());
120 @ValueSource(strings = {PKCS12, JKS})
121 void convertTruststoreShouldReturnTruststoreWithGivenCertificatesArray(String conversionTarget)
122 throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException, PemConversionException {
125 final PemConverter converter = new PemConverter(conversionTarget);
126 final String alias = "trusted-certificate-";
127 final String alias1 = alias + 1;
128 final String alias2 = alias + 2;
129 final Password password = new Password("9z6oFx1epRSCuBWU4Er8i_0y");
130 final List<String> trustedCertificates = getCertificates();
131 final KeyStore expectedTrustStore = KeyStore.getInstance(conversionTarget);
132 expectedTrustStore.load(new ByteArrayInputStream(Files.readAllBytes(Path.of(EXPECTED_TRUSTSTORE_PATH))),
133 password.toCharArray());
136 final byte[] result = converter.convertTruststore(trustedCertificates, password, alias);
139 final KeyStore actualKeyStore = KeyStore.getInstance(conversionTarget);
140 actualKeyStore.load(new ByteArrayInputStream(result), password.toCharArray());
142 assertTrue(actualKeyStore.containsAlias(alias1));
143 assertTrue(actualKeyStore.containsAlias(alias2));
144 assertEquals(expectedTrustStore.getCertificate(alias1), actualKeyStore.getCertificate(alias1));
145 assertEquals(expectedTrustStore.getCertificate(alias2), actualKeyStore.getCertificate(alias2));
149 @ValueSource(strings = {PKCS12, JKS})
150 void convertTruststoreShouldThrowPemConverterExceptionBecauseOfWrongPassword(String conversionTarget) throws IOException {
152 final String alias = "trusted-certificate-";
153 final Password password = new Password("nokia");
154 final List<String> trustedCertificates = getCertificates();
155 final PemConverter converter = new PemConverter(conversionTarget);
158 assertThatThrownBy(() ->
159 converter.convertTruststore(trustedCertificates, password, alias))
160 .isInstanceOf(PemConversionException.class).hasMessage(PASSWORD_ERROR_MSG);
164 void convertKeystoreShouldThrowPemConverterExceptionBecauseOfWrongPrivateKey() throws IOException {
166 final String alias = "keystore-entry";
167 final Password password = new Password("d9D_u8LooYaXH4G48DtN#vw0");
168 final List<String> certificateChain = getCertificates();
169 final PemConverter converter = new PemConverter(PKCS12);
172 assertThatThrownBy(() -> converter.convertKeystore(certificateChain, password, alias, privateKey))
173 .isInstanceOf(PemConversionException.class).hasMessage(KEY_ERROR_MSG);
177 @ValueSource(strings = {PKCS12, JKS})
178 void convertKeystoreShouldThrowPemConverterExceptionBecauseOfWrongCertificates(String conversionTarget) {
180 final String alias = "keystore-entry";
181 final Password password = new Password("d9D_u8LooYaXH4G48DtN#vw0");
182 final List<String> certificateChain = List.of("certificate1", "certificate2");
183 final PemConverter converter = new PemConverter(conversionTarget);
184 privateKeyMockSetup();
187 assertThatThrownBy(() -> converter.convertKeystore(certificateChain, password, alias, privateKey))
188 .isInstanceOf(PemConversionException.class).hasMessage(CERTIFICATES_ERROR_MSG);
191 private void privateKeyMockSetup() {
192 when(privateKey.getEncoded()).thenReturn(key);
193 when(privateKey.getAlgorithm()).thenReturn(EncryptionAlgorithmConstants.RSA_ENCRYPTION_ALGORITHM);
194 when(privateKey.getFormat()).thenReturn(PKCS8);
197 private List<String> getCertificates() throws IOException {
200 Path.of(CERT1_PATH), StandardCharsets.UTF_8),
202 Path.of(CERT2_PATH), StandardCharsets.UTF_8)