001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.hbase.io.crypto.tls;
019
020import java.io.IOException;
021import java.security.KeyStore;
022import org.apache.hadoop.hbase.HBaseClassTestRule;
023import org.apache.hadoop.hbase.testclassification.SecurityTests;
024import org.apache.hadoop.hbase.testclassification.SmallTests;
025import org.junit.Assert;
026import org.junit.ClassRule;
027import org.junit.Test;
028import org.junit.experimental.categories.Category;
029import org.junit.runner.RunWith;
030import org.junit.runners.Parameterized;
031
032/**
033 * This file has been copied from the Apache ZooKeeper project.
034 * @see <a href=
035 *      "https://github.com/apache/zookeeper/blob/master/zookeeper-server/src/test/java/org/apache/zookeeper/common/JKSFileLoaderTest.java">Base
036 *      revision</a>
037 */
038@RunWith(Parameterized.class)
039@Category({ SecurityTests.class, SmallTests.class })
040public class TestJKSFileLoader extends AbstractTestX509Parameterized {
041
042  @ClassRule
043  public static final HBaseClassTestRule CLASS_RULE =
044    HBaseClassTestRule.forClass(TestJKSFileLoader.class);
045
046  @Test
047  public void testLoadKeyStore() throws Exception {
048    String path = x509TestContext.getKeyStoreFile(KeyStoreFileType.JKS).getAbsolutePath();
049    KeyStore ks = new JKSFileLoader.Builder().setKeyStorePath(path)
050      .setKeyStorePassword(x509TestContext.getKeyStorePassword()).build().loadKeyStore();
051    Assert.assertEquals(1, ks.size());
052  }
053
054  @Test(expected = Exception.class)
055  public void testLoadKeyStoreWithWrongPassword() throws Exception {
056    String path = x509TestContext.getKeyStoreFile(KeyStoreFileType.JKS).getAbsolutePath();
057    new JKSFileLoader.Builder().setKeyStorePath(path)
058      .setKeyStorePassword("wrong password".toCharArray()).build().loadKeyStore();
059  }
060
061  @Test(expected = IOException.class)
062  public void testLoadKeyStoreWithWrongFilePath() throws Exception {
063    String path = x509TestContext.getKeyStoreFile(KeyStoreFileType.JKS).getAbsolutePath();
064    new JKSFileLoader.Builder().setKeyStorePath(path + ".does_not_exist")
065      .setKeyStorePassword(x509TestContext.getKeyStorePassword()).build().loadKeyStore();
066  }
067
068  @Test(expected = NullPointerException.class)
069  public void testLoadKeyStoreWithNullFilePath() throws Exception {
070    new JKSFileLoader.Builder().setKeyStorePassword(x509TestContext.getKeyStorePassword()).build()
071      .loadKeyStore();
072  }
073
074  @Test(expected = IOException.class)
075  public void testLoadKeyStoreWithWrongFileType() throws Exception {
076    // Trying to load a PEM file with JKS loader should fail
077    String path = x509TestContext.getKeyStoreFile(KeyStoreFileType.PEM).getAbsolutePath();
078    new JKSFileLoader.Builder().setKeyStorePath(path)
079      .setKeyStorePassword(x509TestContext.getKeyStorePassword()).build().loadKeyStore();
080  }
081
082  @Test
083  public void testLoadTrustStore() throws Exception {
084    String path = x509TestContext.getTrustStoreFile(KeyStoreFileType.JKS).getAbsolutePath();
085    KeyStore ts = new JKSFileLoader.Builder().setTrustStorePath(path)
086      .setTrustStorePassword(x509TestContext.getTrustStorePassword()).build().loadTrustStore();
087    Assert.assertEquals(1, ts.size());
088  }
089
090  @Test(expected = Exception.class)
091  public void testLoadTrustStoreWithWrongPassword() throws Exception {
092    String path = x509TestContext.getTrustStoreFile(KeyStoreFileType.JKS).getAbsolutePath();
093    new JKSFileLoader.Builder().setTrustStorePath(path)
094      .setTrustStorePassword("wrong password".toCharArray()).build().loadTrustStore();
095  }
096
097  @Test(expected = IOException.class)
098  public void testLoadTrustStoreWithWrongFilePath() throws Exception {
099    String path = x509TestContext.getTrustStoreFile(KeyStoreFileType.JKS).getAbsolutePath();
100    new JKSFileLoader.Builder().setTrustStorePath(path + ".does_not_exist")
101      .setTrustStorePassword(x509TestContext.getTrustStorePassword()).build().loadTrustStore();
102  }
103
104  @Test(expected = NullPointerException.class)
105  public void testLoadTrustStoreWithNullFilePath() throws Exception {
106    new JKSFileLoader.Builder().setTrustStorePassword(x509TestContext.getTrustStorePassword())
107      .build().loadTrustStore();
108  }
109
110  @Test(expected = IOException.class)
111  public void testLoadTrustStoreWithWrongFileType() throws Exception {
112    // Trying to load a PEM file with JKS loader should fail
113    String path = x509TestContext.getTrustStoreFile(KeyStoreFileType.PEM).getAbsolutePath();
114    new JKSFileLoader.Builder().setTrustStorePath(path)
115      .setTrustStorePassword(x509TestContext.getTrustStorePassword()).build().loadTrustStore();
116  }
117}