From 5e32e9605b16d56de65ab0525facce35cd3b7c98 Mon Sep 17 00:00:00 2001
From: Michael Joseph Walsh <mjwalsh@mitre.org>
Date: Wed, 15 Feb 2012 12:11:10 -0500
Subject: [PATCH] refactored KeyStore unit test

---
 .../jwt/signer/service/impl/KeyStore.java     |  18 +--
 .../jwt/signer/service/impl/KeyStoreTest.java | 136 +++++++++++++++---
 2 files changed, 120 insertions(+), 34 deletions(-)

diff --git a/server/src/main/java/org/mitre/jwt/signer/service/impl/KeyStore.java b/server/src/main/java/org/mitre/jwt/signer/service/impl/KeyStore.java
index 8130e0a07..a9341d634 100644
--- a/server/src/main/java/org/mitre/jwt/signer/service/impl/KeyStore.java
+++ b/server/src/main/java/org/mitre/jwt/signer/service/impl/KeyStore.java
@@ -2,29 +2,18 @@ package org.mitre.jwt.signer.service.impl;
 
 import java.io.File;
 import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.FileOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
-import java.math.BigInteger;
 import java.security.GeneralSecurityException;
 import java.security.Key;
 import java.security.KeyPair;
-import java.security.KeyPairGenerator;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
 import java.security.PrivateKey;
 import java.security.Provider;
 import java.security.PublicKey;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
 import java.security.interfaces.RSAPrivateKey;
-import java.util.Date;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.bouncycastle.jce.X509Principal;
-import org.bouncycastle.x509.X509V3CertificateGenerator;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.core.io.Resource;
 
@@ -34,13 +23,11 @@ import org.springframework.core.io.Resource;
  * @author nemonik
  * 
  */
-@SuppressWarnings("deprecation")
 public class KeyStore implements InitializingBean {
 
 	private static Log logger = LogFactory.getLog(KeyStore.class);
 
-	public static final String TYPE = java.security.KeyStore.getDefaultType(); // "BKS";
-	public static final String PROVIDER = "BC";
+	public static final String TYPE = java.security.KeyStore.getDefaultType();
 	public static final String PASSWORD = "changeit";
 
 	private String password;
@@ -81,7 +68,7 @@ public class KeyStore implements InitializingBean {
 		InputStream inputStream = null;
 
 		try {
-			keystore = java.security.KeyStore.getInstance(TYPE); //, PROVIDER);
+			keystore = java.security.KeyStore.getInstance(TYPE);
 			inputStream = location.getInputStream();
 			keystore.load(inputStream, this.password.toCharArray());
 
@@ -169,4 +156,5 @@ public class KeyStore implements InitializingBean {
 		return "KeyStore [password=" + password + ", location=" + location
 				+ ", keystore=" + keystore + "]";
 	}
+	
 }
diff --git a/server/src/test/java/org/mitre/jwt/signer/service/impl/KeyStoreTest.java b/server/src/test/java/org/mitre/jwt/signer/service/impl/KeyStoreTest.java
index 62fdf400c..8a3e39d65 100644
--- a/server/src/test/java/org/mitre/jwt/signer/service/impl/KeyStoreTest.java
+++ b/server/src/test/java/org/mitre/jwt/signer/service/impl/KeyStoreTest.java
@@ -5,9 +5,19 @@ import static org.hamcrest.CoreMatchers.nullValue;
 import static org.junit.Assert.assertThat;
 
 import java.io.IOException;
+import java.math.BigInteger;
 import java.security.GeneralSecurityException;
 import java.security.Key;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.Security;
+import java.security.cert.X509Certificate;
+import java.security.interfaces.RSAPrivateKey;
+import java.util.Date;
 
+import org.bouncycastle.jce.X509Principal;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.x509.X509V3CertificateGenerator;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -15,7 +25,7 @@ import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 
-@SuppressWarnings("restriction") // I know... 
+@SuppressWarnings({ "restriction", "deprecation" }) // I know... 
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration(locations = {
 		"classpath:test-context.xml" })
@@ -25,31 +35,119 @@ public class KeyStoreTest {
 	@Qualifier("testKeystore")
 	KeyStore keystore;
 
+	static {
+		// Need to create the certificate
+		Security.addProvider(new BouncyCastleProvider());
+	}
+
+	/**
+	 * Creates a certificate.
+	 * 
+	 * @param commonName
+	 * @param daysNotValidBefore
+	 * @param daysNotValidAfter
+	 * @return
+	 */
+	private X509V3CertificateGenerator createCertificate(
+			String commonName, int daysNotValidBefore, int daysNotValidAfter) {
+		// BC sez X509V3CertificateGenerator is deprecated and the docs say to
+		// use another, but it seemingly isn't included jar...
+		X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator();
+
+		v3CertGen
+				.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
+		v3CertGen.setIssuerDN(new X509Principal("CN=" + commonName
+				+ ", OU=None, O=None L=None, C=None"));
+		v3CertGen.setNotBefore(new Date(System.currentTimeMillis()
+				- (1000L * 60 * 60 * 24 * daysNotValidBefore)));
+		v3CertGen.setNotAfter(new Date(System.currentTimeMillis()
+				+ (1000L * 60 * 60 * 24 * daysNotValidAfter)));
+		v3CertGen.setSubjectDN(new X509Principal("CN=" + commonName
+				+ ", OU=None, O=None L=None, C=None"));
+		return v3CertGen;
+	}
+
+	/**
+	 * Create an RSA KeyPair and insert into specified KeyStore
+	 * 
+	 * @param location
+	 * @param domainName
+	 * @param alias
+	 * @param keystorePassword
+	 * @param aliasPassword
+	 * @param daysNotValidBefore
+	 * @param daysNotValidAfter
+	 * @return
+	 * @throws GeneralSecurityException
+	 * @throws IOException
+	 */
+	public java.security.KeyStore generateRsaKeyPair(
+			String domainName, String alias, String aliasPassword, int daysNotValidBefore, int daysNotValidAfter)
+			throws GeneralSecurityException, IOException {
+
+		java.security.KeyStore ks = keystore.getKeystore();
+
+		KeyPairGenerator rsaKeyPairGenerator = null;
+
+		rsaKeyPairGenerator = KeyPairGenerator.getInstance("RSA");
+
+		rsaKeyPairGenerator.initialize(2048);
+		KeyPair rsaKeyPair = rsaKeyPairGenerator.generateKeyPair();
+
+		// BC sez X509V3CertificateGenerator is deprecated and the docs say to
+		// use another, but it seemingly isn't included jar...
+		X509V3CertificateGenerator v3CertGen = createCertificate(domainName,
+				daysNotValidBefore, daysNotValidAfter);
+
+		RSAPrivateKey rsaPrivateKey = (RSAPrivateKey) rsaKeyPair.getPrivate();
+
+		v3CertGen.setPublicKey(rsaKeyPair.getPublic());
+		v3CertGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
+
+		// BC docs say to use another, but it seemingly isn't included...
+		X509Certificate certificate = v3CertGen
+				.generateX509Certificate(rsaPrivateKey);
+
+		// if exist, overwrite
+		ks.setKeyEntry(alias, rsaPrivateKey, aliasPassword.toCharArray(),
+				new java.security.cert.Certificate[] { certificate });
+
+		keystore.setKeystore(ks);
+		
+		return ks;
+	}
+	
 	@Test
 	public void storeKeyPair() throws GeneralSecurityException, IOException {
-//
-//		java.security.KeyStore ks = KeyStore.generateRsaKeyPair(keystore
-//				.getLocation().getFile().getPath(), "OpenID Connect Server",
-//				"test", KeyStore.PASSWORD, KeyStore.PASSWORD, 30, 30);
-//
-//		keystore.setKeystore(ks);
-//
-//		assertThat(ks, not(nullValue()));
-		assertThat(true, not(false));
+
+		java.security.KeyStore ks  = null;
+			
+		try {
+			ks = generateRsaKeyPair("OpenID Connect Server", "storeKeyPair", "changeit", 30, 365);
+
+		} catch (GeneralSecurityException e) {
+			// TODO Auto-generated catch block
+			e.printStackTrace();
+		} catch (IOException e) {
+			// TODO Auto-generated catch block
+			e.printStackTrace();
+		}
+		
+		assertThat(ks, not(nullValue()));
 	}
 
 	@Test
 	public void readKey() throws GeneralSecurityException {
 
-//		Key key = keystore.getKeystore().getKey("test",
-//				KeyStore.PASSWORD.toCharArray());
-//
-//		System.out.println("-----BEGIN PRIVATE KEY-----");
-//		System.out
-//				.println(new sun.misc.BASE64Encoder().encode(key.getEncoded()));
-//		System.out.println("-----END PRIVATE KEY-----");
-//
-//		assertThat(key, not(nullValue()));
+		Key key = keystore.getKeystore().getKey("storeKeyPair",
+				KeyStore.PASSWORD.toCharArray());
+
+		System.out.println("-----BEGIN PRIVATE KEY-----");
+		System.out
+				.println(new sun.misc.BASE64Encoder().encode(key.getEncoded()));
+		System.out.println("-----END PRIVATE KEY-----");
+
+		assertThat(key, not(nullValue()));
 		assertThat(true, not(false));
 	}
 }