[jboss-cvs] Picketbox SVN: r402 - in branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test: resources and 1 other directories.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Fri Apr 12 05:36:17 EDT 2013 

Author: pskopek
Date: 2013-04-12 05:36:17 -0400 (Fri, 12 Apr 2013)
New Revision: 402

Added:
   branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/replacement_keystore/
   branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/replacement_keystore/replacement-vault.keystore
Modified:
   branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/security/vault/SecurityVaultUnitTestCase.java
Log:
TestCase update security vault keystore replacement problem.

Modified: branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/security/vault/SecurityVaultUnitTestCase.java
===================================================================
--- branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/security/vault/SecurityVaultUnitTestCase.java	2013-04-10 18:30:24 UTC (rev 401)
+++ branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/security/vault/SecurityVaultUnitTestCase.java	2013-04-12 09:36:17 UTC (rev 402)
@@ -23,6 +23,7 @@
 
 import org.jboss.security.plugins.PBEUtils;
 import org.jboss.security.vault.SecurityVault;
+import org.jboss.security.vault.SecurityVaultException;
 import org.jboss.security.vault.SecurityVaultFactory;
 import org.jboss.security.vault.SecurityVaultUtil;
 import org.junit.Before;
@@ -43,6 +44,10 @@
 
 /**
  * Unit Test the {@link SecurityVault} Implementation
+ * 
+ * Note: replacement-vault.keystore has been created using: 
+ *       keytool -genkey -alias mykey -keystore replacement-vault.keystore -keyalg RSA -keysize 1024 -storepass supersecret11 -keypass supersecret11 -dname "CN=Picketbox vault,OU=picketbox,O=JBoss"
+ *       
  * @author Anil.Saldhana at redhat.com
  * @since Aug 12, 2011
  */
@@ -206,6 +211,80 @@
    }
    
    @Test
+   public void testVaultWithReplacedKeystore() throws Exception {
+
+       String vaultBlock = "vb1";
+       String attributeName = "attr11";
+       
+       char[] attributeValue = "secret11".toCharArray();
+       
+       SecurityVault vault = SecurityVaultFactory.get(); 
+       maskedPWD = getMaskedPassword(keyStorePass, salt, iterationCount);
+
+       Map<String,Object> options = new HashMap<String,Object>(); 
+       options.putAll(getMap());
+       // change path for vault data
+       String originalVaultEncDir = "${java.io.tmpdir}/replacement-vault-test/";
+
+       // re-create the dir
+       
+       File d = new File(System.getProperty("java.io.tmpdir") + "/replacement-vault-test");
+       if (d.exists()) {
+           for (File f: d.listFiles()) { f.delete(); }
+           d.delete();
+       }
+       d.mkdirs();
+       options.put(PicketBoxSecurityVault.ENC_FILE_DIR, originalVaultEncDir);
+       
+       vault.init(options);
+       assertTrue("Original vault has to be initialized", vault.isInitialized());
+       
+       Map<String,Object> handshakeOptions = new HashMap<String,Object>();
+       handshakeOptions.put(PicketBoxSecurityVault.PUBLIC_CERT, "vault");
+       
+       byte[] sharedKey = vault.handshake(handshakeOptions);
+       assertNotNull("Orignal shared key after handshake", sharedKey);
+       
+       vault.store(vaultBlock, attributeName, attributeValue , sharedKey);
+       assertTrue("Original stored value has to exist", vault.exists(vaultBlock, attributeName));
+
+       //Now retrieve 
+       assertEquals("Original retrieved secured attribute", new String(attributeValue), new String(vault.retrieve(vaultBlock, attributeName, sharedKey))); 
+       vault.store(vaultBlock+"1", attributeName+"2", attributeValue , sharedKey);
+       assertEquals("Original retrieved secured attribute2", new String(attributeValue), new String(vault.retrieve(vaultBlock+"1", attributeName+"2", sharedKey))); 
+       System.out.println("Currently storing:" + vault.keyList());
+
+       // replace keystore
+       Map<String, Object> opt = getReplacementVaultOptions(originalVaultEncDir);
+
+       vault.init(opt);
+       assertTrue("Replaced vault has to be initialized", vault.isInitialized());
+
+       handshakeOptions = new HashMap<String,Object>();
+       handshakeOptions.put(PicketBoxSecurityVault.PUBLIC_CERT, "mykey");
+       
+       // we don't need new shared key, we have to use the old one
+       vault.handshake(handshakeOptions);
+
+       assertNotNull("Replaced shared key after handshake", sharedKey);
+       
+       // Now retrieve secret value from vault with replaced keystore 
+       try {
+           String fromVault = new String(vault.retrieve(vaultBlock, attributeName, sharedKey));
+           if (fromVault.equals(new String(attributeValue))) {
+               fail("Got secret value from vault with replaced keystore and the value is even correct.");
+           }
+           else {
+               fail("It should not be possible to get secret value from the vault with different keystore.");
+           }
+       }
+       catch (SecurityVaultException e) {
+           // ignore
+       }
+       
+   }
+   
+   @Test
    public void testUtil() throws Exception
    {
 	   assertFalse(SecurityVaultUtil.isVaultFormat((String)null));
@@ -242,4 +321,19 @@
       
       return options;
    }
+   
+    private Map<String, Object> getReplacementVaultOptions(String encDataDir) throws Exception {
+        String salz = "35911953";
+        int iter = 88;
+        String password = getMaskedPassword("supersecret11", salz, iter);
+        
+        Map<String, Object> options = new HashMap<String, Object>();
+        options.put(PicketBoxSecurityVault.KEYSTORE_URL, "target/test-classes/replacement_keystore/replacement-vault.keystore");
+        options.put(PicketBoxSecurityVault.KEYSTORE_PASSWORD, password);
+        options.put(PicketBoxSecurityVault.KEYSTORE_ALIAS, "mykey");
+        options.put(PicketBoxSecurityVault.SALT, salz);
+        options.put(PicketBoxSecurityVault.ITERATION_COUNT, String.valueOf(iter));
+        options.put(PicketBoxSecurityVault.ENC_FILE_DIR, encDataDir);
+        return options;
+    }
 }
\ No newline at end of file

Added: branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/replacement_keystore/replacement-vault.keystore
===================================================================
(Binary files differ)


Property changes on: branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/replacement_keystore/replacement-vault.keystore
___________________________________________________________________
Added: svn:mime-type
   + application/octet-stream

More information about the jboss-cvs-commits mailing list