1 /*============LICENSE_START=======================================================
2 * aaf-certservice-client
3 * ================================================================================
4 * Copyright (C) 2020 Nokia. All rights reserved.
5 * ================================================================================
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at
10 * http://www.apache.org/licenses/LICENSE-2.0
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License.
17 * ============LICENSE_END=========================================================
20 package org.onap.aaf.certservice.client.certification.conversion;
22 import static org.assertj.core.api.Assertions.assertThatThrownBy;
23 import static org.junit.jupiter.api.Assertions.assertArrayEquals;
24 import static org.junit.jupiter.api.Assertions.assertEquals;
25 import static org.junit.jupiter.api.Assertions.assertThrows;
26 import static org.junit.jupiter.api.Assertions.assertTrue;
27 import static org.mockito.Mockito.mock;
28 import static org.mockito.Mockito.when;
30 import java.io.ByteArrayInputStream;
31 import java.io.IOException;
32 import java.nio.charset.StandardCharsets;
33 import java.nio.file.Files;
34 import java.nio.file.Path;
35 import java.security.KeyStore;
36 import java.security.KeyStoreException;
37 import java.security.NoSuchAlgorithmException;
38 import java.security.PrivateKey;
39 import java.security.UnrecoverableKeyException;
40 import java.security.cert.Certificate;
41 import java.security.cert.CertificateException;
42 import java.util.List;
43 import org.junit.jupiter.api.BeforeAll;
44 import org.junit.jupiter.api.Test;
45 import org.onap.aaf.certservice.client.certification.EncryptionAlgorithmConstants;
46 import org.onap.aaf.certservice.client.certification.exception.PemToPKCS12ConverterException;
48 class PemToPKCS12ConverterTest {
50 private static final String RESOURCES_PATH = "src/test/resources";
51 private static final String CERT1_PATH = RESOURCES_PATH + "/cert1.pem";
52 private static final String CERT2_PATH = RESOURCES_PATH + "/cert2.pem";
53 private static final String KEY_PATH = RESOURCES_PATH + "/privateKey";
54 private static final String EXPECTED_KEYSTORE_PATH = RESOURCES_PATH + "/expectedKeystore.jks";
55 private static final String EXPECTED_TRUSTSTORE_PATH = RESOURCES_PATH + "/expectedTruststore.jks";
56 private static final String PKCS12 = "PKCS12";
57 private static final String PKCS8 = "PKCS#8";
58 private static final String KEY_ERROR_MSG = "java.security.KeyStoreException: Key protection algorithm not found: java.lang.NullPointerException";
59 private static final String CERTIFICATES_ERROR_MSG = "The certificate couldn't be parsed correctly. certificate1";
60 private static final String PASSWORD_ERROR_MSG = "Password should be min. 16 chars long and should contain only alphanumeric characters and special characters like Underscore (_), Dollar ($) and Pound (#)";
61 private static byte[] key;
62 private PrivateKey privateKey = mock(PrivateKey.class);
65 static void setUpForAll() throws IOException {
66 key = Files.readAllBytes(Path.of(KEY_PATH));
70 void convertKeystoreShouldReturnKeystoreWithGivenPrivateKeyAndCertificateChain()
71 throws IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException, PemToPKCS12ConverterException {
73 final String alias = "keystore-entry";
74 final Password password = new Password("d9D_u8LooYaXH4G48DtN#vw0");
75 final List<String> certificateChain = getCertificates();
76 final PemToPKCS12Converter converter = new PemToPKCS12Converter();
77 final KeyStore expectedKeyStore = KeyStore.getInstance(PKCS12);
78 expectedKeyStore.load(new ByteArrayInputStream(Files.readAllBytes(Path.of(EXPECTED_KEYSTORE_PATH))),
79 password.toCharArray());
80 final Certificate[] expectedChain = expectedKeyStore.getCertificateChain(alias);
81 privateKeyMockSetup();
84 final byte[] result = converter.convertKeystore(certificateChain, password, alias, privateKey);
87 final KeyStore actualKeyStore = KeyStore.getInstance(PKCS12);
88 actualKeyStore.load(new ByteArrayInputStream(result), password.toCharArray());
89 final Certificate[] actualChain = actualKeyStore.getCertificateChain(alias);
91 assertArrayEquals(key, actualKeyStore.getKey(alias, password.toCharArray()).getEncoded());
92 assertEquals(2, expectedChain.length);
93 assertArrayEquals(expectedChain, actualChain);
97 void convertKeystoreShouldThrowPemToPKCS12ConverterExceptionBecauseOfWrongPassword() throws IOException {
99 final String alias = "keystore-entry";
100 final Password password = new Password("apple");
101 final List<String> certificateChain = getCertificates();
102 final PemToPKCS12Converter converter = new PemToPKCS12Converter();
103 privateKeyMockSetup();
106 Exception exception = assertThrows(PemToPKCS12ConverterException.class, () ->
107 converter.convertKeystore(certificateChain, password, alias, privateKey)
111 assertEquals(PASSWORD_ERROR_MSG, exception.getMessage());
115 void convertTruststoreShouldReturnTruststoreWithGivenCertificatesArray()
116 throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException, PemToPKCS12ConverterException {
119 final PemToPKCS12Converter converter = new PemToPKCS12Converter();
120 final String alias = "trusted-certificate-";
121 final String alias1 = alias + 1;
122 final String alias2 = alias + 2;
123 final Password password = new Password("9z6oFx1epRSCuBWU4Er8i_0y");
124 final List<String> trustedCertificates = getCertificates();
125 final KeyStore expectedTrustStore = KeyStore.getInstance(PKCS12);
126 expectedTrustStore.load(new ByteArrayInputStream(Files.readAllBytes(Path.of(EXPECTED_TRUSTSTORE_PATH))),
127 password.toCharArray());
130 final byte[] result = converter.convertTruststore(trustedCertificates, password, alias);
133 final KeyStore actualKeyStore = KeyStore.getInstance(PKCS12);
134 actualKeyStore.load(new ByteArrayInputStream(result), password.toCharArray());
136 assertTrue(actualKeyStore.containsAlias(alias1));
137 assertTrue(actualKeyStore.containsAlias(alias2));
138 assertEquals(expectedTrustStore.getCertificate(alias1), actualKeyStore.getCertificate(alias1));
139 assertEquals(expectedTrustStore.getCertificate(alias2), actualKeyStore.getCertificate(alias2));
143 void convertTruststoreShouldThrowPemToPKCS12ConverterExceptionBecauseOfWrongPassword() throws IOException {
145 final String alias = "trusted-certificate-";
146 final Password password = new Password("nokia");
147 final List<String> trustedCertificates = getCertificates();
148 final PemToPKCS12Converter converter = new PemToPKCS12Converter();
151 assertThatThrownBy(() ->
152 converter.convertTruststore(trustedCertificates, password, alias))
153 .isInstanceOf(PemToPKCS12ConverterException.class).hasMessage(PASSWORD_ERROR_MSG);
157 void convertKeystoreShouldThrowPemToPKCS12ConverterExceptionBecauseOfWrongPrivateKey() throws IOException {
159 final String alias = "keystore-entry";
160 final Password password = new Password("d9D_u8LooYaXH4G48DtN#vw0");
161 final List<String> certificateChain = getCertificates();
162 final PemToPKCS12Converter converter = new PemToPKCS12Converter();
165 assertThatThrownBy(() -> converter.convertKeystore(certificateChain, password, alias, privateKey))
166 .isInstanceOf(PemToPKCS12ConverterException.class).hasMessage(KEY_ERROR_MSG);
170 void convertKeystoreShouldThrowPemToPKCS12ConverterExceptionBecauseOfWrongCertificates() {
172 final String alias = "keystore-entry";
173 final Password password = new Password("d9D_u8LooYaXH4G48DtN#vw0");
174 final List<String> certificateChain = List.of("certificate1", "certificate2");
175 final PemToPKCS12Converter converter = new PemToPKCS12Converter();
176 privateKeyMockSetup();
179 assertThatThrownBy(() -> converter.convertKeystore(certificateChain, password, alias, privateKey))
180 .isInstanceOf(PemToPKCS12ConverterException.class).hasMessage(CERTIFICATES_ERROR_MSG);
183 private void privateKeyMockSetup() {
184 when(privateKey.getEncoded()).thenReturn(key);
185 when(privateKey.getAlgorithm()).thenReturn(EncryptionAlgorithmConstants.RSA_ENCRYPTION_ALGORITHM);
186 when(privateKey.getFormat()).thenReturn(PKCS8);
189 private List<String> getCertificates() throws IOException {
192 Path.of(CERT1_PATH), StandardCharsets.UTF_8),
194 Path.of(CERT2_PATH), StandardCharsets.UTF_8)