refactored KeyStore unit test
Michael Joseph Walsh
parent
a63c033135
commit
5e32e9605b
|
|
@ -2,29 +2,18 @@ package org.mitre.jwt.signer.service.impl;
|
|||
|
||||
import java.io.File;
|
||||
import java.io.FileInputStream;
|
||||
import java.io.FileNotFoundException;
|
||||
import java.io.FileOutputStream;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.math.BigInteger;
|
||||
import java.security.GeneralSecurityException;
|
||||
import java.security.Key;
|
||||
import java.security.KeyPair;
|
||||
import java.security.KeyPairGenerator;
|
||||
import java.security.KeyStoreException;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.PrivateKey;
|
||||
import java.security.Provider;
|
||||
import java.security.PublicKey;
|
||||
import java.security.cert.CertificateException;
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.security.interfaces.RSAPrivateKey;
|
||||
import java.util.Date;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.bouncycastle.jce.X509Principal;
|
||||
import org.bouncycastle.x509.X509V3CertificateGenerator;
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
import org.springframework.core.io.Resource;
|
||||
|
||||
|
|
@ -34,13 +23,11 @@ import org.springframework.core.io.Resource;
|
|||
* @author nemonik
|
||||
*
|
||||
*/
|
||||
@SuppressWarnings("deprecation")
|
||||
public class KeyStore implements InitializingBean {
|
||||
|
||||
private static Log logger = LogFactory.getLog(KeyStore.class);
|
||||
|
||||
public static final String TYPE = java.security.KeyStore.getDefaultType(); // "BKS";
|
||||
public static final String PROVIDER = "BC";
|
||||
public static final String TYPE = java.security.KeyStore.getDefaultType();
|
||||
public static final String PASSWORD = "changeit";
|
||||
|
||||
private String password;
|
||||
|
|
@ -81,7 +68,7 @@ public class KeyStore implements InitializingBean {
|
|||
InputStream inputStream = null;
|
||||
|
||||
try {
|
||||
keystore = java.security.KeyStore.getInstance(TYPE); //, PROVIDER);
|
||||
keystore = java.security.KeyStore.getInstance(TYPE);
|
||||
inputStream = location.getInputStream();
|
||||
keystore.load(inputStream, this.password.toCharArray());
|
||||
|
||||
|
|
@ -169,4 +156,5 @@ public class KeyStore implements InitializingBean {
|
|||
return "KeyStore [password=" + password + ", location=" + location
|
||||
+ ", keystore=" + keystore + "]";
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5,9 +5,19 @@ import static org.hamcrest.CoreMatchers.nullValue;
|
|||
import static org.junit.Assert.assertThat;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.math.BigInteger;
|
||||
import java.security.GeneralSecurityException;
|
||||
import java.security.Key;
|
||||
import java.security.KeyPair;
|
||||
import java.security.KeyPairGenerator;
|
||||
import java.security.Security;
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.security.interfaces.RSAPrivateKey;
|
||||
import java.util.Date;
|
||||
|
||||
import org.bouncycastle.jce.X509Principal;
|
||||
import org.bouncycastle.jce.provider.BouncyCastleProvider;
|
||||
import org.bouncycastle.x509.X509V3CertificateGenerator;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
|
|
@ -15,7 +25,7 @@ import org.springframework.beans.factory.annotation.Qualifier;
|
|||
import org.springframework.test.context.ContextConfiguration;
|
||||
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
|
||||
|
||||
@SuppressWarnings("restriction") // I know...
|
||||
@SuppressWarnings({ "restriction", "deprecation" }) // I know...
|
||||
@RunWith(SpringJUnit4ClassRunner.class)
|
||||
@ContextConfiguration(locations = {
|
||||
"classpath:test-context.xml" })
|
||||
|
|
@ -25,31 +35,119 @@ public class KeyStoreTest {
|
|||
@Qualifier("testKeystore")
|
||||
KeyStore keystore;
|
||||
|
||||
static {
|
||||
// Need to create the certificate
|
||||
Security.addProvider(new BouncyCastleProvider());
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a certificate.
|
||||
*
|
||||
* @param commonName
|
||||
* @param daysNotValidBefore
|
||||
* @param daysNotValidAfter
|
||||
* @return
|
||||
*/
|
||||
private X509V3CertificateGenerator createCertificate(
|
||||
String commonName, int daysNotValidBefore, int daysNotValidAfter) {
|
||||
// BC sez X509V3CertificateGenerator is deprecated and the docs say to
|
||||
// use another, but it seemingly isn't included jar...
|
||||
X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator();
|
||||
|
||||
v3CertGen
|
||||
.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
|
||||
v3CertGen.setIssuerDN(new X509Principal("CN=" + commonName
|
||||
+ ", OU=None, O=None L=None, C=None"));
|
||||
v3CertGen.setNotBefore(new Date(System.currentTimeMillis()
|
||||
- (1000L * 60 * 60 * 24 * daysNotValidBefore)));
|
||||
v3CertGen.setNotAfter(new Date(System.currentTimeMillis()
|
||||
+ (1000L * 60 * 60 * 24 * daysNotValidAfter)));
|
||||
v3CertGen.setSubjectDN(new X509Principal("CN=" + commonName
|
||||
+ ", OU=None, O=None L=None, C=None"));
|
||||
return v3CertGen;
|
||||
}
|
||||
|
||||
/**
|
||||
* Create an RSA KeyPair and insert into specified KeyStore
|
||||
*
|
||||
* @param location
|
||||
* @param domainName
|
||||
* @param alias
|
||||
* @param keystorePassword
|
||||
* @param aliasPassword
|
||||
* @param daysNotValidBefore
|
||||
* @param daysNotValidAfter
|
||||
* @return
|
||||
* @throws GeneralSecurityException
|
||||
* @throws IOException
|
||||
*/
|
||||
public java.security.KeyStore generateRsaKeyPair(
|
||||
String domainName, String alias, String aliasPassword, int daysNotValidBefore, int daysNotValidAfter)
|
||||
throws GeneralSecurityException, IOException {
|
||||
|
||||
java.security.KeyStore ks = keystore.getKeystore();
|
||||
|
||||
KeyPairGenerator rsaKeyPairGenerator = null;
|
||||
|
||||
rsaKeyPairGenerator = KeyPairGenerator.getInstance("RSA");
|
||||
|
||||
rsaKeyPairGenerator.initialize(2048);
|
||||
KeyPair rsaKeyPair = rsaKeyPairGenerator.generateKeyPair();
|
||||
|
||||
// BC sez X509V3CertificateGenerator is deprecated and the docs say to
|
||||
// use another, but it seemingly isn't included jar...
|
||||
X509V3CertificateGenerator v3CertGen = createCertificate(domainName,
|
||||
daysNotValidBefore, daysNotValidAfter);
|
||||
|
||||
RSAPrivateKey rsaPrivateKey = (RSAPrivateKey) rsaKeyPair.getPrivate();
|
||||
|
||||
v3CertGen.setPublicKey(rsaKeyPair.getPublic());
|
||||
v3CertGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
|
||||
|
||||
// BC docs say to use another, but it seemingly isn't included...
|
||||
X509Certificate certificate = v3CertGen
|
||||
.generateX509Certificate(rsaPrivateKey);
|
||||
|
||||
// if exist, overwrite
|
||||
ks.setKeyEntry(alias, rsaPrivateKey, aliasPassword.toCharArray(),
|
||||
new java.security.cert.Certificate[] { certificate });
|
||||
|
||||
keystore.setKeystore(ks);
|
||||
|
||||
return ks;
|
||||
}
|
||||
|
||||
@Test
|
||||
public void storeKeyPair() throws GeneralSecurityException, IOException {
|
||||
//
|
||||
// java.security.KeyStore ks = KeyStore.generateRsaKeyPair(keystore
|
||||
// .getLocation().getFile().getPath(), "OpenID Connect Server",
|
||||
// "test", KeyStore.PASSWORD, KeyStore.PASSWORD, 30, 30);
|
||||
//
|
||||
// keystore.setKeystore(ks);
|
||||
//
|
||||
// assertThat(ks, not(nullValue()));
|
||||
assertThat(true, not(false));
|
||||
|
||||
java.security.KeyStore ks = null;
|
||||
|
||||
try {
|
||||
ks = generateRsaKeyPair("OpenID Connect Server", "storeKeyPair", "changeit", 30, 365);
|
||||
|
||||
} catch (GeneralSecurityException e) {
|
||||
// TODO Auto-generated catch block
|
||||
e.printStackTrace();
|
||||
} catch (IOException e) {
|
||||
// TODO Auto-generated catch block
|
||||
e.printStackTrace();
|
||||
}
|
||||
|
||||
assertThat(ks, not(nullValue()));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void readKey() throws GeneralSecurityException {
|
||||
|
||||
// Key key = keystore.getKeystore().getKey("test",
|
||||
// KeyStore.PASSWORD.toCharArray());
|
||||
//
|
||||
// System.out.println("-----BEGIN PRIVATE KEY-----");
|
||||
// System.out
|
||||
// .println(new sun.misc.BASE64Encoder().encode(key.getEncoded()));
|
||||
// System.out.println("-----END PRIVATE KEY-----");
|
||||
//
|
||||
// assertThat(key, not(nullValue()));
|
||||
Key key = keystore.getKeystore().getKey("storeKeyPair",
|
||||
KeyStore.PASSWORD.toCharArray());
|
||||
|
||||
System.out.println("-----BEGIN PRIVATE KEY-----");
|
||||
System.out
|
||||
.println(new sun.misc.BASE64Encoder().encode(key.getEncoded()));
|
||||
System.out.println("-----END PRIVATE KEY-----");
|
||||
|
||||
assertThat(key, not(nullValue()));
|
||||
assertThat(true, not(false));
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue