001/** 002 * Copyright 2005-2014 The Kuali Foundation 003 * 004 * Licensed under the Educational Community License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.opensource.org/licenses/ecl2.php 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 */ 016package org.kuali.rice.ksb.security.admin; 017 018import org.junit.Test; 019import org.kuali.rice.core.api.resourceloader.GlobalResourceLoader; 020import org.kuali.rice.ksb.test.KSBTestCase; 021 022import javax.xml.namespace.QName; 023import java.security.GeneralSecurityException; 024import java.security.KeyStore; 025 026import static org.junit.Assert.assertEquals; 027import static org.junit.Assert.assertTrue; 028 029/** 030 * This is a test class used to test the KSB java security operation using certificates and keystores 031 * 032 * @author Kuali Rice Team (rice.collab@kuali.org) 033 * 034 */ 035public class JavaSecurityManagementServiceTest extends KSBTestCase { 036 037 private static final String TEST_CLIENT_ALIAS = "test_alias"; 038 private static final String TEST_CLIENT_PASSWORD = "test_password"; 039 private static final String MOCK_JAVA_SECURITY_MANAGEMENT_SERVICE_BEAN_ID = "testJavaSecurityManagementService"; 040 041 private MockJavaSecurityManagementService getMockJavaSecurityManagementService() { 042 QName serviceName = new QName("KEW", MOCK_JAVA_SECURITY_MANAGEMENT_SERVICE_BEAN_ID); 043 return (MockJavaSecurityManagementService)GlobalResourceLoader.getService(serviceName); 044 } 045 046 @Test 047 public void testCertificatesExistInKeyStores() throws Exception { 048 MockJavaSecurityManagementService securityService = getMockJavaSecurityManagementService(); 049 String moduleKeyStoreAlias = securityService.getModuleKeyStoreAlias(); 050 051 // generate the client keystore file 052 KeyStore clientKeyStore = securityService.generateClientKeystore(TEST_CLIENT_ALIAS, TEST_CLIENT_PASSWORD); 053 054 // verify that the module cert is in the client keystore file 055 verifyKeyStoreContents(clientKeyStore, "client", moduleKeyStoreAlias, TEST_CLIENT_ALIAS); 056 assertEquals("Certs do not match in client keystore file", securityService.getCertificate(moduleKeyStoreAlias), clientKeyStore.getCertificate(moduleKeyStoreAlias)); 057 058 // verify that the client cert is in the module keystore file 059 verifyKeyStoreContents(securityService.getModuleKeyStore(), "module", TEST_CLIENT_ALIAS, securityService.getModuleKeyStoreAlias()); 060 assertEquals("Certs do not match in module keystore file", clientKeyStore.getCertificate(moduleKeyStoreAlias), securityService.getCertificate(moduleKeyStoreAlias)); 061 } 062 063 private void verifyKeyStoreContents(KeyStore keyStore, String keyStoreQualifier, String certificateEntryAlias, String privateKeyEntryAlias) throws GeneralSecurityException { 064 assertTrue("Alias for Certificate Entry '" + certificateEntryAlias + "' should exist in " + keyStoreQualifier + " keystore file", keyStore.containsAlias(certificateEntryAlias)); 065 assertTrue("Alias '" + certificateEntryAlias + "' should be Certificate Entry in " + keyStoreQualifier + " keystore file", keyStore.isCertificateEntry(certificateEntryAlias)); 066 assertTrue("Alias for Private Key Entry '" + privateKeyEntryAlias + "' should exist in " + keyStoreQualifier + " keystore file", keyStore.containsAlias(privateKeyEntryAlias)); 067 assertTrue("Alias '" + privateKeyEntryAlias + "' should be Private Key Entry in " + keyStoreQualifier + " keystore file", keyStore.entryInstanceOf(privateKeyEntryAlias, KeyStore.PrivateKeyEntry.class)); 068 } 069 070}