[ELY-1586] Update the testsuite to make use of the utilities for cert…

…ificate generation instead of using pre-generated CAs and certs
justinmcook · Jun 8, 2018 · 2878d36 · 2878d36
1 parent be0a28f
commit 2878d36
Show file tree

Hide file tree

Showing 25 changed files with 876 additions and 220 deletions.
diff --git a/pom.xml b/pom.xml
@@ -513,6 +513,12 @@
             <version>${version.jmockit}</version>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcmail-jdk15on</artifactId>
+            <version>1.56</version>
+            <scope>test</scope>
+        </dependency>
 
         <!-- HSQL Database-->
         <dependency>

diff --git a/src/test/java/org/wildfly/security/auth/client/ElytronXmlParserTest.java b/src/test/java/org/wildfly/security/auth/client/ElytronXmlParserTest.java
@@ -1,18 +1,25 @@
 package org.wildfly.security.auth.client;
 
-import java.io.Closeable;
 import java.io.File;
 import java.io.FileOutputStream;
-import java.io.IOException;
 import java.net.URISyntaxException;
 import java.net.URL;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.KeyStore;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.cert.X509Certificate;
+
+import javax.security.auth.x500.X500Principal;
 
-import org.apache.commons.io.IOUtils;
 import org.junit.Assert;
 import org.junit.BeforeClass;
 import org.junit.Test;
 import org.wildfly.client.config.ConfigXMLParseException;
 import org.wildfly.security.SecurityFactory;
+import org.wildfly.security.x500.cert.SelfSignedX509CertificateAndSigningKey;
+import org.wildfly.security.x500.cert.X509CertificateBuilder;
 
 /**
  * @author Tomas Hofman (thofman@redhat.com)
@@ -21,11 +28,66 @@ public class ElytronXmlParserTest {
 
     private static File KEYSTORE_DIR = new File("./target/keystore");
     private static final String CLIENT_KEYSTORE_FILENAME = "/client.keystore";
+    private static final char[] PASSWORD = "password".toCharArray();
 
 
     /**
      * ELY-1428
      */
+    private static void createClientKeyStore(KeyStore clientKeyStore) throws Exception {
+        // Generate testclient2.example.com self signed certificate
+        X500Principal testClient2DN = new X500Principal("CN=testclient2.example.com, OU=JBoss, O=Red Hat, L=Raleigh, ST=North Carolina, C=US");
+        SelfSignedX509CertificateAndSigningKey testClient2SelfSignedX509CertificateAndSigningKey = SelfSignedX509CertificateAndSigningKey.builder()
+                .setKeyAlgorithmName("DSA")
+                .setSignatureAlgorithmName("SHA1withDSA")
+                .setDn(testClient2DN)
+                .setKeySize(1024)
+                .build();
+        X509Certificate testClient2Certificate = testClient2SelfSignedX509CertificateAndSigningKey.getSelfSignedCertificate();
+        clientKeyStore.setKeyEntry("dnsincnclient", testClient2SelfSignedX509CertificateAndSigningKey.getSigningKey(), PASSWORD, new X509Certificate[]{testClient2Certificate});
+
+
+        // Generate Test Authority self signed certificate
+        X500Principal testAuthorityDN = new X500Principal("CN=Test Authority, OU=JBoss, O=Red Hat, L=Raleigh, ST=North Carolina, C=US");
+        SelfSignedX509CertificateAndSigningKey testAuthoritySelfSignedX509CertificateAndSigningKey = SelfSignedX509CertificateAndSigningKey.builder()
+                .setDn(testAuthorityDN)
+                .setKeyAlgorithmName("RSA")
+                .setSignatureAlgorithmName("SHA1withRSA")
+                .build();
+        X509Certificate testAuthorityCertificate = testAuthoritySelfSignedX509CertificateAndSigningKey.getSelfSignedCertificate();
+        clientKeyStore.setKeyEntry("testauthority", testAuthoritySelfSignedX509CertificateAndSigningKey.getSigningKey(), PASSWORD, new X509Certificate[]{testAuthorityCertificate});
+
+
+        // Generate Test Client 1 self signed certificate
+        X500Principal testClient1DN = new X500Principal("CN=Test Client 1, OU=JBoss, O=Red Hat, L=Raleigh, ST=North Carolina, C=US");
+        SelfSignedX509CertificateAndSigningKey testClient1SelfSignedX509CertificateAndSigningKey = SelfSignedX509CertificateAndSigningKey.builder()
+                .setDn(testClient1DN)
+                .setKeyAlgorithmName("RSA")
+                .setSignatureAlgorithmName("SHA1withRSA")
+                .addExtension(false, "SubjectAlternativeName", "DNS:testclient1.example.com")
+                .build();
+        X509Certificate testClient1Certificate = testClient1SelfSignedX509CertificateAndSigningKey.getSelfSignedCertificate();
+        clientKeyStore.setKeyEntry("testclient1", testClient1SelfSignedX509CertificateAndSigningKey.getSigningKey(), PASSWORD, new X509Certificate[]{testClient1Certificate});
+
+
+        // Generate Signed Test Client certificate signed by Test Authority
+        X500Principal signedTestClientDN = new X500Principal("CN=Signed Test Client, OU=JBoss, O=Red Hat, ST=North Carolina, C=US");
+
+        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
+        KeyPair signedTestClientGeneratedKeys = keyPairGenerator.generateKeyPair();
+        PrivateKey signedTestClientSigningKey = signedTestClientGeneratedKeys.getPrivate();
+        PublicKey signedTestClientPublicKey = signedTestClientGeneratedKeys.getPublic();
+
+        X509Certificate signedTestClientCertificate = new X509CertificateBuilder()
+                .setIssuerDn(testAuthorityDN)
+                .setSubjectDn(signedTestClientDN)
+                .setSignatureAlgorithmName("SHA1withRSA")
+                .setSigningKey(testAuthoritySelfSignedX509CertificateAndSigningKey.getSigningKey())
+                .setPublicKey(signedTestClientPublicKey)
+                .build();
+        clientKeyStore.setKeyEntry("testclientsignedbyca", signedTestClientSigningKey, PASSWORD, new X509Certificate[]{signedTestClientCertificate, testAuthorityCertificate});
+    }
+
     @Test
     public void testKeyStoreClearPassword() throws ConfigXMLParseException, URISyntaxException {
         URL config = getClass().getResource("test-wildfly-config-v1_1.xml");
@@ -34,32 +96,20 @@ public void testKeyStoreClearPassword() throws ConfigXMLParseException, URISynta
     }
 
     @BeforeClass
-    public static void prepareKeyStores() throws IOException {
+    public static void prepareKeyStores() throws Exception {
         if (KEYSTORE_DIR.exists() == false) {
             KEYSTORE_DIR.mkdirs();
         }
 
-        copyKeyStore(CLIENT_KEYSTORE_FILENAME);
-    }
+        KeyStore clientKeyStore = KeyStore.getInstance("JKS");
+        clientKeyStore.load(null, null);
 
-    private static File copyKeyStore(String keyStoreFileName) throws IOException {
-        File keyStore = new File(KEYSTORE_DIR, keyStoreFileName);
-        FileOutputStream fos = null;
-        try {
-            fos = new FileOutputStream(keyStore);
-            IOUtils.copy(ElytronXmlParserTest.class.getResourceAsStream(keyStoreFileName), fos);
-        } finally {
-            safeClose(fos);
-        }
-        return keyStore;
-    }
+        createClientKeyStore(clientKeyStore);
 
-    private static void safeClose(Closeable c) {
-        if (c != null) {
-            try {
-                c.close();
-            } catch (Throwable ignored) {}
+        File clientFile = new File(KEYSTORE_DIR, CLIENT_KEYSTORE_FILENAME);
+
+        try (FileOutputStream clientStream = new FileOutputStream(clientFile)){
+            clientKeyStore.store(clientStream, PASSWORD);
         }
     }
-
 }
diff --git a/src/test/java/org/wildfly/security/auth/client/XmlConfigurationTest.java b/src/test/java/org/wildfly/security/auth/client/XmlConfigurationTest.java
@@ -25,16 +25,26 @@
 
 import java.io.ByteArrayInputStream;
 import java.io.File;
+import java.io.FileOutputStream;
+import java.io.OutputStream;
+import java.math.BigInteger;
 import java.net.URI;
 import java.nio.charset.StandardCharsets;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.KeyStore;
+import java.security.PrivateKey;
 import java.security.Provider;
+import java.security.PublicKey;
 import java.security.Security;
+import java.security.cert.X509Certificate;
 import java.util.Arrays;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
 
+import javax.security.auth.x500.X500Principal;
 import javax.xml.stream.XMLStreamException;
 
 import org.junit.AfterClass;
@@ -49,6 +59,9 @@
 import org.wildfly.security.credential.X509CertificateChainPrivateCredential;
 import org.wildfly.security.credential.store.CredentialStoreBuilder;
 import org.wildfly.security.credential.store.impl.KeyStoreCredentialStore;
+import org.wildfly.security.x500.cert.BasicConstraintsExtension;
+import org.wildfly.security.x500.cert.SelfSignedX509CertificateAndSigningKey;
+import org.wildfly.security.x500.cert.X509CertificateBuilder;
 
 /**
  * @author <a href="mailto:david.lloyd@redhat.com">David M. Lloyd</a>
@@ -60,6 +73,13 @@ public class XmlConfigurationTest {
 
     private static final Provider provider = new WildFlyElytronProvider();
 
+    private static final char[] PASSWORD = "Elytron".toCharArray();
+    private static final String CA_JKS_LOCATION = "./target/test-classes/ca/jks";
+    private static final String LADYBIRD_LOCATION = "ladybird.keystore";
+
+    private static File ladybirdFile = null;
+    private static File workingDirCA = null;
+
     private static Map<String, String> stores = new HashMap<>();
     private static String BASE_STORE_DIRECTORY = "target/ks-cred-stores";
     static {
@@ -82,8 +102,52 @@ public static void cleanCredentialStores() {
         }
     }
 
+    private static void createLadybirdKeyStore(File ladybirdFile) throws Exception{
+        X500Principal issuerDN = new X500Principal("O=Root Certificate Authority, EMAILADDRESS=elytron@wildfly.org, C=UK, ST=Elytron, CN=Elytron CA");
+        X500Principal ladybirdDN = new X500Principal("OU=Elytron, O=Elytron, C=UK, ST=Elytron, CN=Ladybird");
+
+        KeyStore ladybirdKeyStore = KeyStore.getInstance("JKS");
+        ladybirdKeyStore.load(null, null);
+
+        SelfSignedX509CertificateAndSigningKey issuerSelfSignedX509CertificateAndSigningKey = SelfSignedX509CertificateAndSigningKey.builder()
+                .setDn(issuerDN)
+                .setKeyAlgorithmName("RSA")
+                .setSignatureAlgorithmName("SHA1withRSA")
+                .addExtension(false, "BasicConstraints", "CA:true,pathlen:2147483647")
+                .build();
+        X509Certificate issuerCertificate = issuerSelfSignedX509CertificateAndSigningKey.getSelfSignedCertificate();
+        ladybirdKeyStore.setCertificateEntry("ca", issuerCertificate);
+
+        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
+        KeyPair ladybirdKeys = keyPairGenerator.generateKeyPair();
+        PrivateKey ladybirdSigningKey = ladybirdKeys.getPrivate();
+        PublicKey ladybirdPublicKey = ladybirdKeys.getPublic();
+
+        X509Certificate ladybirdCertificate = new X509CertificateBuilder()
+                .setIssuerDn(issuerDN)
+                .setSubjectDn(ladybirdDN)
+                .setSignatureAlgorithmName("SHA1withRSA")
+                .setSigningKey(issuerSelfSignedX509CertificateAndSigningKey.getSigningKey())
+                .setPublicKey(ladybirdPublicKey)
+                .setSerialNumber(new BigInteger("4"))
+                .addExtension(new BasicConstraintsExtension(false, false, -1))
+                .build();
+        ladybirdKeyStore.setKeyEntry("ladybird", ladybirdSigningKey, PASSWORD, new X509Certificate[]{ladybirdCertificate, issuerCertificate});
+
+        try (OutputStream ladybirdStream = new FileOutputStream(ladybirdFile)) {
+            ladybirdKeyStore.store(ladybirdStream, PASSWORD);
+        }
+    }
+
     @BeforeClass
     public static void setUp() throws Exception {
+        workingDirCA = new File(CA_JKS_LOCATION);
+        if (workingDirCA.exists() == false) {
+            workingDirCA.mkdirs();
+        }
+        ladybirdFile = new File(workingDirCA, LADYBIRD_LOCATION);
+        createLadybirdKeyStore(ladybirdFile);
+
         Security.addProvider(provider);
         cleanCredentialStores();
         // setup vaults that need to be complete before a test starts
@@ -98,6 +162,10 @@ public static void setUp() throws Exception {
     @AfterClass
     public static void tearDown() {
         Security.removeProvider(provider.getName());
+        ladybirdFile.delete();
+        ladybirdFile = null;
+        workingDirCA.delete();
+        workingDirCA = null;
     }
 
     private static ConfigurationXMLStreamReader openFile(byte[] xmlBytes, String fileName) throws ConfigXMLParseException {

diff --git a/src/test/java/org/wildfly/security/keystore/FilteringKeyStoreTest.java b/src/test/java/org/wildfly/security/keystore/FilteringKeyStoreTest.java
@@ -19,33 +19,51 @@
 
 import static org.junit.Assert.assertEquals;
 
-import java.io.InputStream;
 import java.security.KeyStore;
+import java.security.cert.X509Certificate;
 import java.util.Arrays;
 import java.util.Enumeration;
 import java.util.HashSet;
 import java.util.Set;
 import java.util.function.Predicate;
 
+import javax.security.auth.x500.X500Principal;
+
 import org.junit.BeforeClass;
 import org.junit.Test;
+import org.wildfly.security.x500.cert.SelfSignedX509CertificateAndSigningKey;
 
 /**
  * Testing of the filtering KeyStore implementation.
  *
  * @author <a href="mailto:darran.lofthouse@jboss.com">Darran Lofthouse</a>
  */
 public class FilteringKeyStoreTest {
-
     private static KeyStore baseKeyStore;
+    private static final char[] PASSWORD = "Elytron".toCharArray();
+
+    private static void createFilteredKeyStore(KeyStore filteredKeyStore) throws Exception{
+        X500Principal DN = new X500Principal("CN=Elytron, OU=Elytron, O=Elytron, L=Elytron, ST=Elytron, C=GB");
+
+        SelfSignedX509CertificateAndSigningKey selfSignedX509CertificateAndSigningKey = SelfSignedX509CertificateAndSigningKey.builder()
+                .setDn(DN)
+                .setKeyAlgorithmName("RSA")
+                .setSignatureAlgorithmName("SHA256withRSA")
+                .build();
+        X509Certificate certificate = selfSignedX509CertificateAndSigningKey.getSelfSignedCertificate();
+
+        filteredKeyStore.setKeyEntry("alias1", selfSignedX509CertificateAndSigningKey.getSigningKey(), PASSWORD, new X509Certificate[]{certificate});
+        filteredKeyStore.setKeyEntry("alias2", selfSignedX509CertificateAndSigningKey.getSigningKey(), PASSWORD, new X509Certificate[]{certificate});
+        filteredKeyStore.setKeyEntry("alias3", selfSignedX509CertificateAndSigningKey.getSigningKey(), PASSWORD, new X509Certificate[]{certificate});
+        filteredKeyStore.setKeyEntry("alias4", selfSignedX509CertificateAndSigningKey.getSigningKey(), PASSWORD, new X509Certificate[]{certificate});
+    }
 
     @BeforeClass
-    public static void loadKeyStore() throws Exception {
-        KeyStore keyStore = KeyStore.getInstance("jks");
-        try (InputStream is = FilteringKeyStoreTest.class.getResourceAsStream("filtered.keystore")) {
-            keyStore.load(is, "Elytron".toCharArray());
-        }
-        baseKeyStore = keyStore;
+    public static void setUp() throws Exception{
+        baseKeyStore = KeyStore.getInstance("JKS");
+        baseKeyStore.load(null, null);
+
+        createFilteredKeyStore(baseKeyStore);
     }
 
     public void performTest(Predicate<String> aliasPredicate, String... expectedAlias) throws Exception {