Source code

001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.hbase.io.crypto.tls;
019
020import static org.junit.jupiter.api.Assertions.assertEquals;
021import static org.junit.jupiter.api.Assertions.assertThrows;
022
023import java.io.IOException;
024import java.security.KeyStore;
025import java.security.KeyStoreException;
026import org.apache.hadoop.hbase.HBaseParameterizedTestTemplate;
027import org.apache.hadoop.hbase.testclassification.SecurityTests;
028import org.apache.hadoop.hbase.testclassification.SmallTests;
029import org.junit.jupiter.api.Tag;
030import org.junit.jupiter.api.TestTemplate;
031
032/**
033 * This file has been copied from the Apache ZooKeeper project.
034 * @see <a href=
035 *      "https://github.com/apache/zookeeper/blob/master/zookeeper-server/src/test/java/org/apache/zookeeper/common/PEMFileLoaderTest.java">Base
036 *      revision</a>
037 */
038@Tag(SecurityTests.TAG)
039@Tag(SmallTests.TAG)
040@HBaseParameterizedTestTemplate(name = "{index}: caKeyType={0}, certKeyType={1}, keyPassword={2}")
041public class TestPEMFileLoader extends AbstractTestX509Parameterized {
042
043  public TestPEMFileLoader(X509KeyType caKeyType, X509KeyType certKeyType, char[] keyPassword) {
044    super(caKeyType, certKeyType, keyPassword);
045  }
046
047  @TestTemplate
048  public void testLoadKeyStore() throws Exception {
049    String path = x509TestContext.getKeyStoreFile(KeyStoreFileType.PEM).getAbsolutePath();
050    KeyStore ks = new PEMFileLoader.Builder().setKeyStorePath(path)
051      .setKeyStorePassword(x509TestContext.getKeyStorePassword()).build().loadKeyStore();
052    assertEquals(1, ks.size());
053  }
054
055  @TestTemplate
056  public void testLoadKeyStoreWithWrongPassword() throws IOException {
057    String path = x509TestContext.getKeyStoreFile(KeyStoreFileType.PEM).getAbsolutePath();
058    assertThrows(Exception.class, () -> {
059      new PEMFileLoader.Builder().setKeyStorePath(path)
060        .setKeyStorePassword("wrong password".toCharArray()).build().loadKeyStore();
061    });
062  }
063
064  @TestTemplate
065  public void testLoadKeyStoreWithWrongFilePath() throws IOException {
066    String path = x509TestContext.getKeyStoreFile(KeyStoreFileType.PEM).getAbsolutePath();
067    assertThrows(IOException.class, () -> {
068      new PEMFileLoader.Builder().setKeyStorePath(path + ".does_not_exist")
069        .setKeyStorePassword(x509TestContext.getKeyStorePassword()).build().loadKeyStore();
070    });
071  }
072
073  @TestTemplate
074  public void testLoadKeyStoreWithNullFilePath() {
075    assertThrows(NullPointerException.class, () -> {
076      new PEMFileLoader.Builder().setKeyStorePassword(x509TestContext.getKeyStorePassword()).build()
077        .loadKeyStore();
078    });
079  }
080
081  @TestTemplate
082  public void testLoadKeyStoreWithWrongFileType() throws IOException {
083    String path = x509TestContext.getKeyStoreFile(KeyStoreFileType.JKS).getAbsolutePath();
084    assertThrows(KeyStoreException.class, () -> {
085      // Trying to load a JKS file with PEM loader should fail
086      new PEMFileLoader.Builder().setKeyStorePath(path)
087        .setKeyStorePassword(x509TestContext.getKeyStorePassword()).build().loadKeyStore();
088    });
089  }
090
091  @TestTemplate
092  public void testLoadTrustStore() throws Exception {
093    String path = x509TestContext.getTrustStoreFile(KeyStoreFileType.PEM).getAbsolutePath();
094    KeyStore ts = new PEMFileLoader.Builder().setTrustStorePath(path)
095      .setTrustStorePassword(x509TestContext.getTrustStorePassword()).build().loadTrustStore();
096    assertEquals(1, ts.size());
097  }
098
099  @TestTemplate
100  public void testLoadTrustStoreWithWrongFilePath() throws IOException {
101    String path = x509TestContext.getTrustStoreFile(KeyStoreFileType.PEM).getAbsolutePath();
102    assertThrows(IOException.class, () -> {
103      new PEMFileLoader.Builder().setTrustStorePath(path + ".does_not_exist")
104        .setTrustStorePassword(x509TestContext.getTrustStorePassword()).build().loadTrustStore();
105    });
106  }
107
108  @TestTemplate
109  public void testLoadTrustStoreWithNullFilePath() {
110    assertThrows(NullPointerException.class, () -> {
111      new PEMFileLoader.Builder().setTrustStorePassword(x509TestContext.getTrustStorePassword())
112        .build().loadTrustStore();
113    });
114  }
115
116  @TestTemplate
117  public void testLoadTrustStoreWithWrongFileType() throws Exception {
118    // Trying to load a JKS file with PEM loader should fail
119    String path = x509TestContext.getTrustStoreFile(KeyStoreFileType.JKS).getAbsolutePath();
120    KeyStore ts = new PEMFileLoader.Builder().setTrustStorePath(path)
121      .setTrustStorePassword(x509TestContext.getTrustStorePassword()).build().loadTrustStore();
122    assertEquals(0, ts.size());
123  }
124}