gerrit.onap Code Review - oom/platform/cert-service.git/blob

   1 /*-
   2  * ============LICENSE_START=======================================================
   3  *  Copyright (C) 2021 Nokia.
   4  * ================================================================================
   5  * Licensed under the Apache License, Version 2.0 (the "License");
   6  * you may not use this file except in compliance with the License.
   7  * You may obtain a copy of the License at
   8  *
   9  *      http://www.apache.org/licenses/LICENSE-2.0
  10  *
  11  * Unless required by applicable law or agreed to in writing, software
  12  * distributed under the License is distributed on an "AS IS" BASIS,
  13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  14  * See the License for the specific language governing permissions and
  15  * limitations under the License.
  16  *
  17  * SPDX-License-Identifier: Apache-2.0
  18  * ============LICENSE_END=========================================================
  19  */
  20
  21 package org.onap.oom.certservice.cmpv2client.impl;
  22
  23 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
  24 import org.bouncycastle.asn1.DERBitString;
  25 import org.bouncycastle.asn1.DEROctetString;
  26 import org.bouncycastle.asn1.cmp.PBMParameter;
  27 import org.bouncycastle.asn1.cmp.PKIBody;
  28 import org.bouncycastle.asn1.cmp.PKIHeader;
  29 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
  30 import org.bouncycastle.cert.cmp.CMPException;
  31 import org.bouncycastle.cert.cmp.ProtectedPKIMessage;
  32 import org.bouncycastle.cert.crmf.PKMACBuilder;
  33 import org.bouncycastle.cert.crmf.jcajce.JcePKMACValuesCalculator;
  34 import org.bouncycastle.jce.provider.BouncyCastleProvider;
  35 import org.junit.jupiter.api.AfterAll;
  36 import org.junit.jupiter.api.BeforeAll;
  37 import org.junit.jupiter.api.Test;
  38 import org.junit.jupiter.params.ParameterizedTest;
  39 import org.junit.jupiter.params.provider.ValueSource;
  40 import org.onap.oom.certservice.cmpv2client.exceptions.CmpClientException;
  41
  42 import java.security.Security;
  43
  44 import static org.junit.jupiter.api.Assertions.assertEquals;
  45 import static org.junit.jupiter.api.Assertions.assertNotNull;
  46 import static org.junit.jupiter.api.Assertions.assertTrue;
  47 import static org.onap.oom.certservice.cmpv2client.impl.PkiTestUtils.getProtectedPkiMessage;
  48 import static org.onap.oom.certservice.cmpv2client.impl.PkiTestUtils.getTestPkiHeader;
  49
  50 class PasswordBasedProtectionTest {
  51
  52     private static final ASN1ObjectIdentifier PASSWORD_BASED_MAC = new ASN1ObjectIdentifier("1.2.840.113533.7.66.13");
  53     private static final AlgorithmIdentifier SHA_1_ALGORITHM = new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.3.14.3.2.26"));
  54     private static final AlgorithmIdentifier H_MAC_SHA_1_ALGORITHM = new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.3.6.1.5.5.8.1.2"));
  55     private static final int MIN_ITERATION_COUNT = 1000;
  56     private static final int MAX_ITERATION_COUNT = 2000;
  57     private static final int SALT_LENGTH = 16;
  58
  59     @BeforeAll
  60     static void setUp() {
  61         Security.addProvider(new BouncyCastleProvider());
  62     }
  63
  64     @AfterAll
  65     static void clean() {
  66         Security.removeProvider("BC");
  67     }
  68
  69     @Test
  70     void shouldReturnPasswordBasedMacAlgorithmWhenGetAlgorithmMethodCalled() {
  71         //Given
  72         PasswordBasedProtection protection = new PasswordBasedProtection(null);
  73         //When
  74         AlgorithmIdentifier algorithmIdentifier = protection.getAlgorithmIdentifier();
  75         //Then
  76         assertEquals(PASSWORD_BASED_MAC, algorithmIdentifier.getAlgorithm());
  77     }
  78
  79     @Test
  80     void shouldSetPasswordBasedParametersWhenGetAlgorithmMethodCalled() {
  81         //Given
  82         PasswordBasedProtection protection = new PasswordBasedProtection(null);
  83         //When
  84         AlgorithmIdentifier algorithmIdentifier = protection.getAlgorithmIdentifier();
  85         //Then
  86         assertTrue(algorithmIdentifier.getParameters() instanceof PBMParameter);
  87     }
  88
  89     @Test
  90     void shouldSetSha1ForOwfWhenGetAlgorithmMethodCalled() {
  91         //Given
  92         PasswordBasedProtection protection = new PasswordBasedProtection(null);
  93         //When
  94         AlgorithmIdentifier algorithmIdentifier = protection.getAlgorithmIdentifier();
  95         //Then
  96         PBMParameter pbmParameters = (PBMParameter) algorithmIdentifier.getParameters();
  97         assertEquals(SHA_1_ALGORITHM, pbmParameters.getOwf());
  98     }
  99
 100     @Test
 101     void shouldSetHMacSha1ForMacWhenGetAlgorithmMethodCalled() {
 102         //Given
 103         PasswordBasedProtection protection = new PasswordBasedProtection(null);
 104         //When
 105         AlgorithmIdentifier algorithmIdentifier = protection.getAlgorithmIdentifier();
 106         //Then
 107         PBMParameter pbmParameters = (PBMParameter) algorithmIdentifier.getParameters();
 108         assertEquals(H_MAC_SHA_1_ALGORITHM, pbmParameters.getMac());
 109     }
 110
 111     @Test
 112     void shouldSetSaltWhenGetAlgorithmMethodCalled() {
 113         //Given
 114         PasswordBasedProtection protection = new PasswordBasedProtection(null);
 115         //When
 116         AlgorithmIdentifier algorithmIdentifier = protection.getAlgorithmIdentifier();
 117         //Then
 118         PBMParameter pbmParameters = (PBMParameter) algorithmIdentifier.getParameters();
 119         assertTrue(pbmParameters.getSalt() instanceof DEROctetString);
 120         DEROctetString salt = (DEROctetString) pbmParameters.getSalt();
 121         assertEquals(SALT_LENGTH, salt.getOctets().length);
 122     }
 123
 124     @Test
 125     void shouldSetIterationCountWhenGetAlgorithmMethodCalled() {
 126         //Given
 127         PasswordBasedProtection protection = new PasswordBasedProtection(null);
 128         //When
 129         AlgorithmIdentifier algorithmIdentifier = protection.getAlgorithmIdentifier();
 130         //Then
 131         PBMParameter pbmParameters = (PBMParameter) algorithmIdentifier.getParameters();
 132         assertNotNull(pbmParameters.getIterationCount());
 133         long iterationCount = pbmParameters.getIterationCount().getValue().longValue();
 134         assertTrue(MIN_ITERATION_COUNT <= iterationCount && iterationCount < MAX_ITERATION_COUNT,
 135                 "Iteration count not in range");
 136     }
 137
 138     @ParameterizedTest
 139     @ValueSource(strings = {"test", "123"})
 140     void shouldReturnProtectionByPasswordWhenGenerateProtectionMethodCalled(String initAuthPassword)
 141             throws CmpClientException, CMPException {
 142         //Given
 143         PasswordBasedProtection protection = new PasswordBasedProtection(initAuthPassword);
 144         PKIHeader pkiHeader = getTestPkiHeader(protection.getAlgorithmIdentifier());
 145         PKIBody pkiBody = PkiTestUtils.getTestPkiBody(SHA_1_ALGORITHM);
 146         //When
 147         DERBitString messageProtection = protection.generatePkiMessageProtection(pkiHeader, pkiBody);
 148         //Then
 149         ProtectedPKIMessage protectedPkiMessage = getProtectedPkiMessage(pkiHeader, pkiBody, messageProtection);
 150         PKMACBuilder pkMacBuilder = new PKMACBuilder(new JcePKMACValuesCalculator());
 151         assertTrue(protectedPkiMessage.verify(pkMacBuilder, initAuthPassword.toCharArray()));
 152     }
 153
 154 }