Source code

001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.hbase.io.crypto.tls;
019
020import static org.junit.jupiter.api.Assertions.assertEquals;
021import static org.junit.jupiter.api.Assertions.assertThrows;
022
023import java.io.IOException;
024import java.security.KeyStore;
025import org.apache.hadoop.hbase.HBaseParameterizedTestTemplate;
026import org.apache.hadoop.hbase.testclassification.SecurityTests;
027import org.apache.hadoop.hbase.testclassification.SmallTests;
028import org.junit.jupiter.api.Tag;
029import org.junit.jupiter.api.TestTemplate;
030
031/**
032 * This file has been copied from the Apache ZooKeeper project.
033 * @see <a href=
034 *      "https://github.com/apache/zookeeper/blob/master/zookeeper-server/src/test/java/org/apache/zookeeper/common/BCFKSFileLoaderTest.java">Base
035 *      revision</a>
036 */
037@Tag(SecurityTests.TAG)
038@Tag(SmallTests.TAG)
039@HBaseParameterizedTestTemplate(name = "{index}: caKeyType={0}, certKeyType={1}, keyPassword={2}")
040public class TestBCFKSFileLoader extends AbstractTestX509Parameterized {
041
042  public TestBCFKSFileLoader(X509KeyType caKeyType, X509KeyType certKeyType, char[] keyPassword) {
043    super(caKeyType, certKeyType, keyPassword);
044  }
045
046  @TestTemplate
047  public void testLoadKeyStore() throws Exception {
048    String path = x509TestContext.getKeyStoreFile(KeyStoreFileType.BCFKS).getAbsolutePath();
049    KeyStore ks = new BCFKSFileLoader.Builder().setKeyStorePath(path)
050      .setKeyStorePassword(x509TestContext.getKeyStorePassword()).build().loadKeyStore();
051    assertEquals(1, ks.size());
052  }
053
054  @TestTemplate
055  public void testLoadKeyStoreWithWrongPassword() throws IOException {
056    String path = x509TestContext.getKeyStoreFile(KeyStoreFileType.BCFKS).getAbsolutePath();
057    assertThrows(IOException.class, () -> {
058      new BCFKSFileLoader.Builder().setKeyStorePath(path)
059        .setKeyStorePassword("wrong password".toCharArray()).build().loadKeyStore();
060    });
061  }
062
063  @TestTemplate
064  public void testLoadKeyStoreWithWrongFilePath() throws IOException {
065    String path = x509TestContext.getKeyStoreFile(KeyStoreFileType.BCFKS).getAbsolutePath();
066    assertThrows(IOException.class, () -> {
067      new BCFKSFileLoader.Builder().setKeyStorePath(path + ".does_not_exist")
068        .setKeyStorePassword(x509TestContext.getKeyStorePassword()).build().loadKeyStore();
069    });
070  }
071
072  @TestTemplate
073  public void testLoadKeyStoreWithNullFilePath() {
074    assertThrows(NullPointerException.class, () -> {
075      new BCFKSFileLoader.Builder().setKeyStorePassword(x509TestContext.getKeyStorePassword())
076        .build().loadKeyStore();
077    });
078  }
079
080  @TestTemplate
081  public void testLoadKeyStoreWithWrongFileType() throws IOException {
082    String path = x509TestContext.getKeyStoreFile(KeyStoreFileType.PEM).getAbsolutePath();
083    assertThrows(IOException.class, () -> {
084      // Trying to load a PEM file with BCFKS loader should fail
085      new BCFKSFileLoader.Builder().setKeyStorePath(path)
086        .setKeyStorePassword(x509TestContext.getKeyStorePassword()).build().loadKeyStore();
087    });
088  }
089
090  @TestTemplate
091  public void testLoadTrustStore() throws Exception {
092    String path = x509TestContext.getTrustStoreFile(KeyStoreFileType.BCFKS).getAbsolutePath();
093    KeyStore ts = new BCFKSFileLoader.Builder().setTrustStorePath(path)
094      .setTrustStorePassword(x509TestContext.getTrustStorePassword()).build().loadTrustStore();
095    assertEquals(1, ts.size());
096  }
097
098  @TestTemplate
099  public void testLoadTrustStoreWithWrongPassword() throws IOException {
100    String path = x509TestContext.getTrustStoreFile(KeyStoreFileType.BCFKS).getAbsolutePath();
101    assertThrows(IOException.class, () -> {
102
103      new BCFKSFileLoader.Builder().setTrustStorePath(path)
104        .setTrustStorePassword("wrong password".toCharArray()).build().loadTrustStore();
105    });
106  }
107
108  @TestTemplate
109  public void testLoadTrustStoreWithWrongFilePath() throws IOException {
110    String path = x509TestContext.getTrustStoreFile(KeyStoreFileType.BCFKS).getAbsolutePath();
111    assertThrows(IOException.class, () -> {
112      new BCFKSFileLoader.Builder().setTrustStorePath(path + ".does_not_exist")
113        .setTrustStorePassword(x509TestContext.getTrustStorePassword()).build().loadTrustStore();
114    });
115  }
116
117  @TestTemplate
118  public void testLoadTrustStoreWithNullFilePath() {
119    assertThrows(NullPointerException.class, () -> {
120      new BCFKSFileLoader.Builder().setTrustStorePassword(x509TestContext.getTrustStorePassword())
121        .build().loadTrustStore();
122    });
123  }
124
125  @TestTemplate
126  public void testLoadTrustStoreWithWrongFileType() throws IOException {
127    String path = x509TestContext.getTrustStoreFile(KeyStoreFileType.PEM).getAbsolutePath();
128    assertThrows(IOException.class, () -> {
129      // Trying to load a PEM file with BCFKS loader should fail
130      new BCFKSFileLoader.Builder().setTrustStorePath(path)
131        .setTrustStorePassword(x509TestContext.getTrustStorePassword()).build().loadTrustStore();
132    });
133  }
134
135}