001/**
002 * Copyright 2005-2014 The Kuali Foundation
003 *
004 * Licensed under the Educational Community License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 * http://www.opensource.org/licenses/ecl2.php
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016package org.kuali.rice.ksb.security.admin;
017
018import org.junit.Test;
019import org.kuali.rice.core.api.resourceloader.GlobalResourceLoader;
020import org.kuali.rice.ksb.test.KSBTestCase;
021
022import javax.xml.namespace.QName;
023import java.security.GeneralSecurityException;
024import java.security.KeyStore;
025
026import static org.junit.Assert.assertEquals;
027import static org.junit.Assert.assertTrue;
028
029/**
030 * This is a test class used to test the KSB java security operation using certificates and keystores 
031 * 
032 * @author Kuali Rice Team (rice.collab@kuali.org)
033 *
034 */
035public class JavaSecurityManagementServiceTest extends KSBTestCase {
036    
037    private static final String TEST_CLIENT_ALIAS = "test_alias";
038    private static final String TEST_CLIENT_PASSWORD = "test_password";
039    private static final String MOCK_JAVA_SECURITY_MANAGEMENT_SERVICE_BEAN_ID = "testJavaSecurityManagementService";
040
041    private MockJavaSecurityManagementService getMockJavaSecurityManagementService() {
042        QName serviceName = new QName("KEW", MOCK_JAVA_SECURITY_MANAGEMENT_SERVICE_BEAN_ID);
043        return (MockJavaSecurityManagementService)GlobalResourceLoader.getService(serviceName);
044    }
045
046    @Test 
047    public void testCertificatesExistInKeyStores() throws Exception {
048        MockJavaSecurityManagementService securityService = getMockJavaSecurityManagementService();
049        String moduleKeyStoreAlias = securityService.getModuleKeyStoreAlias();
050        
051        // generate the client keystore file
052        KeyStore clientKeyStore = securityService.generateClientKeystore(TEST_CLIENT_ALIAS, TEST_CLIENT_PASSWORD);
053
054        // verify that the module cert is in the client keystore file
055        verifyKeyStoreContents(clientKeyStore, "client", moduleKeyStoreAlias, TEST_CLIENT_ALIAS);
056        assertEquals("Certs do not match in client keystore file", securityService.getCertificate(moduleKeyStoreAlias), clientKeyStore.getCertificate(moduleKeyStoreAlias));
057        
058        // verify that the client cert is in the module keystore file
059        verifyKeyStoreContents(securityService.getModuleKeyStore(), "module", TEST_CLIENT_ALIAS, securityService.getModuleKeyStoreAlias());
060        assertEquals("Certs do not match in module keystore file", clientKeyStore.getCertificate(moduleKeyStoreAlias), securityService.getCertificate(moduleKeyStoreAlias));
061    }
062    
063    private void verifyKeyStoreContents(KeyStore keyStore, String keyStoreQualifier, String certificateEntryAlias, String privateKeyEntryAlias) throws GeneralSecurityException {
064        assertTrue("Alias for Certificate Entry '" + certificateEntryAlias + "' should exist in " + keyStoreQualifier + " keystore file", keyStore.containsAlias(certificateEntryAlias));
065        assertTrue("Alias '" + certificateEntryAlias + "' should be Certificate Entry in " + keyStoreQualifier + " keystore file", keyStore.isCertificateEntry(certificateEntryAlias));
066        assertTrue("Alias for Private Key Entry '" + privateKeyEntryAlias + "' should exist in " + keyStoreQualifier + " keystore file", keyStore.containsAlias(privateKeyEntryAlias));
067        assertTrue("Alias '" + privateKeyEntryAlias + "' should be Private Key Entry in " + keyStoreQualifier + " keystore file", keyStore.entryInstanceOf(privateKeyEntryAlias, KeyStore.PrivateKeyEntry.class));
068    }
069
070}