001 /**
002 * Copyright 2005-2011 The Kuali Foundation
003 *
004 * Licensed under the Educational Community License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 * http://www.opensource.org/licenses/ecl2.php
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016 package org.kuali.rice.ksb.security.admin;
017
018 import org.junit.Test;
019 import org.kuali.rice.core.api.resourceloader.GlobalResourceLoader;
020 import org.kuali.rice.ksb.test.KSBTestCase;
021
022 import javax.xml.namespace.QName;
023 import java.security.GeneralSecurityException;
024 import java.security.KeyStore;
025
026 import static org.junit.Assert.assertEquals;
027 import static org.junit.Assert.assertTrue;
028
029 /**
030 * This is a test class used to test the KSB java security operation using certificates and keystores
031 *
032 * @author Kuali Rice Team (rice.collab@kuali.org)
033 *
034 */
035 public class JavaSecurityManagementServiceTest extends KSBTestCase {
036
037 private static final String TEST_CLIENT_ALIAS = "test_alias";
038 private static final String TEST_CLIENT_PASSWORD = "test_password";
039 private static final String MOCK_JAVA_SECURITY_MANAGEMENT_SERVICE_BEAN_ID = "testJavaSecurityManagementService";
040
041 private MockJavaSecurityManagementService getMockJavaSecurityManagementService() {
042 QName serviceName = new QName("KEW", MOCK_JAVA_SECURITY_MANAGEMENT_SERVICE_BEAN_ID);
043 return (MockJavaSecurityManagementService)GlobalResourceLoader.getService(serviceName);
044 }
045
046 @Test
047 public void testCertificatesExistInKeyStores() throws Exception {
048 MockJavaSecurityManagementService securityService = getMockJavaSecurityManagementService();
049 String moduleKeyStoreAlias = securityService.getModuleKeyStoreAlias();
050
051 // generate the client keystore file
052 KeyStore clientKeyStore = securityService.generateClientKeystore(TEST_CLIENT_ALIAS, TEST_CLIENT_PASSWORD);
053
054 // verify that the module cert is in the client keystore file
055 verifyKeyStoreContents(clientKeyStore, "client", moduleKeyStoreAlias, TEST_CLIENT_ALIAS);
056 assertEquals("Certs do not match in client keystore file", securityService.getCertificate(moduleKeyStoreAlias), clientKeyStore.getCertificate(moduleKeyStoreAlias));
057
058 // verify that the client cert is in the module keystore file
059 verifyKeyStoreContents(securityService.getModuleKeyStore(), "module", TEST_CLIENT_ALIAS, securityService.getModuleKeyStoreAlias());
060 assertEquals("Certs do not match in module keystore file", clientKeyStore.getCertificate(moduleKeyStoreAlias), securityService.getCertificate(moduleKeyStoreAlias));
061 }
062
063 private void verifyKeyStoreContents(KeyStore keyStore, String keyStoreQualifier, String certificateEntryAlias, String privateKeyEntryAlias) throws GeneralSecurityException {
064 assertTrue("Alias for Certificate Entry '" + certificateEntryAlias + "' should exist in " + keyStoreQualifier + " keystore file", keyStore.containsAlias(certificateEntryAlias));
065 assertTrue("Alias '" + certificateEntryAlias + "' should be Certificate Entry in " + keyStoreQualifier + " keystore file", keyStore.isCertificateEntry(certificateEntryAlias));
066 assertTrue("Alias for Private Key Entry '" + privateKeyEntryAlias + "' should exist in " + keyStoreQualifier + " keystore file", keyStore.containsAlias(privateKeyEntryAlias));
067 assertTrue("Alias '" + privateKeyEntryAlias + "' should be Private Key Entry in " + keyStoreQualifier + " keystore file", keyStore.entryInstanceOf(privateKeyEntryAlias, KeyStore.PrivateKeyEntry.class));
068 }
069
070 }