[jboss-cvs] Picketbox SVN: r402 - in branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test: resources and 1 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Fri Apr 12 05:36:17 EDT 2013
Author: pskopek
Date: 2013-04-12 05:36:17 -0400 (Fri, 12 Apr 2013)
New Revision: 402
Added:
branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/replacement_keystore/
branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/replacement_keystore/replacement-vault.keystore
Modified:
branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/security/vault/SecurityVaultUnitTestCase.java
Log:
TestCase update security vault keystore replacement problem.
Modified: branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/security/vault/SecurityVaultUnitTestCase.java
===================================================================
--- branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/security/vault/SecurityVaultUnitTestCase.java 2013-04-10 18:30:24 UTC (rev 401)
+++ branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/security/vault/SecurityVaultUnitTestCase.java 2013-04-12 09:36:17 UTC (rev 402)
@@ -23,6 +23,7 @@
import org.jboss.security.plugins.PBEUtils;
import org.jboss.security.vault.SecurityVault;
+import org.jboss.security.vault.SecurityVaultException;
import org.jboss.security.vault.SecurityVaultFactory;
import org.jboss.security.vault.SecurityVaultUtil;
import org.junit.Before;
@@ -43,6 +44,10 @@
/**
* Unit Test the {@link SecurityVault} Implementation
+ *
+ * Note: replacement-vault.keystore has been created using:
+ * keytool -genkey -alias mykey -keystore replacement-vault.keystore -keyalg RSA -keysize 1024 -storepass supersecret11 -keypass supersecret11 -dname "CN=Picketbox vault,OU=picketbox,O=JBoss"
+ *
* @author Anil.Saldhana at redhat.com
* @since Aug 12, 2011
*/
@@ -206,6 +211,80 @@
}
@Test
+ public void testVaultWithReplacedKeystore() throws Exception {
+
+ String vaultBlock = "vb1";
+ String attributeName = "attr11";
+
+ char[] attributeValue = "secret11".toCharArray();
+
+ SecurityVault vault = SecurityVaultFactory.get();
+ maskedPWD = getMaskedPassword(keyStorePass, salt, iterationCount);
+
+ Map<String,Object> options = new HashMap<String,Object>();
+ options.putAll(getMap());
+ // change path for vault data
+ String originalVaultEncDir = "${java.io.tmpdir}/replacement-vault-test/";
+
+ // re-create the dir
+
+ File d = new File(System.getProperty("java.io.tmpdir") + "/replacement-vault-test");
+ if (d.exists()) {
+ for (File f: d.listFiles()) { f.delete(); }
+ d.delete();
+ }
+ d.mkdirs();
+ options.put(PicketBoxSecurityVault.ENC_FILE_DIR, originalVaultEncDir);
+
+ vault.init(options);
+ assertTrue("Original vault has to be initialized", vault.isInitialized());
+
+ Map<String,Object> handshakeOptions = new HashMap<String,Object>();
+ handshakeOptions.put(PicketBoxSecurityVault.PUBLIC_CERT, "vault");
+
+ byte[] sharedKey = vault.handshake(handshakeOptions);
+ assertNotNull("Orignal shared key after handshake", sharedKey);
+
+ vault.store(vaultBlock, attributeName, attributeValue , sharedKey);
+ assertTrue("Original stored value has to exist", vault.exists(vaultBlock, attributeName));
+
+ //Now retrieve
+ assertEquals("Original retrieved secured attribute", new String(attributeValue), new String(vault.retrieve(vaultBlock, attributeName, sharedKey)));
+ vault.store(vaultBlock+"1", attributeName+"2", attributeValue , sharedKey);
+ assertEquals("Original retrieved secured attribute2", new String(attributeValue), new String(vault.retrieve(vaultBlock+"1", attributeName+"2", sharedKey)));
+ System.out.println("Currently storing:" + vault.keyList());
+
+ // replace keystore
+ Map<String, Object> opt = getReplacementVaultOptions(originalVaultEncDir);
+
+ vault.init(opt);
+ assertTrue("Replaced vault has to be initialized", vault.isInitialized());
+
+ handshakeOptions = new HashMap<String,Object>();
+ handshakeOptions.put(PicketBoxSecurityVault.PUBLIC_CERT, "mykey");
+
+ // we don't need new shared key, we have to use the old one
+ vault.handshake(handshakeOptions);
+
+ assertNotNull("Replaced shared key after handshake", sharedKey);
+
+ // Now retrieve secret value from vault with replaced keystore
+ try {
+ String fromVault = new String(vault.retrieve(vaultBlock, attributeName, sharedKey));
+ if (fromVault.equals(new String(attributeValue))) {
+ fail("Got secret value from vault with replaced keystore and the value is even correct.");
+ }
+ else {
+ fail("It should not be possible to get secret value from the vault with different keystore.");
+ }
+ }
+ catch (SecurityVaultException e) {
+ // ignore
+ }
+
+ }
+
+ @Test
public void testUtil() throws Exception
{
assertFalse(SecurityVaultUtil.isVaultFormat((String)null));
@@ -242,4 +321,19 @@
return options;
}
+
+ private Map<String, Object> getReplacementVaultOptions(String encDataDir) throws Exception {
+ String salz = "35911953";
+ int iter = 88;
+ String password = getMaskedPassword("supersecret11", salz, iter);
+
+ Map<String, Object> options = new HashMap<String, Object>();
+ options.put(PicketBoxSecurityVault.KEYSTORE_URL, "target/test-classes/replacement_keystore/replacement-vault.keystore");
+ options.put(PicketBoxSecurityVault.KEYSTORE_PASSWORD, password);
+ options.put(PicketBoxSecurityVault.KEYSTORE_ALIAS, "mykey");
+ options.put(PicketBoxSecurityVault.SALT, salz);
+ options.put(PicketBoxSecurityVault.ITERATION_COUNT, String.valueOf(iter));
+ options.put(PicketBoxSecurityVault.ENC_FILE_DIR, encDataDir);
+ return options;
+ }
}
\ No newline at end of file
Added: branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/replacement_keystore/replacement-vault.keystore
===================================================================
(Binary files differ)
Property changes on: branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/replacement_keystore/replacement-vault.keystore
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
More information about the jboss-cvs-commits
mailing list