Source code

001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.hbase.io.crypto.tls;
019
020import static org.junit.jupiter.api.Assertions.assertEquals;
021import static org.junit.jupiter.api.Assertions.assertThrows;
022
023import java.io.IOException;
024import java.security.KeyStore;
025import org.apache.hadoop.hbase.HBaseParameterizedTestTemplate;
026import org.apache.hadoop.hbase.testclassification.SecurityTests;
027import org.apache.hadoop.hbase.testclassification.SmallTests;
028import org.junit.jupiter.api.Tag;
029import org.junit.jupiter.api.TestTemplate;
030
031/**
032 * This file has been copied from the Apache ZooKeeper project.
033 * @see <a href=
034 *      "https://github.com/apache/zookeeper/blob/master/zookeeper-server/src/test/java/org/apache/zookeeper/common/PKCS12FileLoaderTest.java">Base
035 *      revision</a>
036 */
037@Tag(SecurityTests.TAG)
038@Tag(SmallTests.TAG)
039@HBaseParameterizedTestTemplate(name = "{index}: caKeyType={0}, certKeyType={1}, keyPassword={2}")
040public class TestPKCS12FileLoader extends AbstractTestX509Parameterized {
041
042  public TestPKCS12FileLoader(X509KeyType caKeyType, X509KeyType certKeyType, char[] keyPassword) {
043    super(caKeyType, certKeyType, keyPassword);
044  }
045
046  @TestTemplate
047  public void testLoadKeyStore() throws Exception {
048    String path = x509TestContext.getKeyStoreFile(KeyStoreFileType.PKCS12).getAbsolutePath();
049    KeyStore ks = new PKCS12FileLoader.Builder().setKeyStorePath(path)
050      .setKeyStorePassword(x509TestContext.getKeyStorePassword()).build().loadKeyStore();
051    assertEquals(1, ks.size());
052  }
053
054  @TestTemplate
055  public void testLoadKeyStoreWithWrongPassword() throws IOException {
056    String path = x509TestContext.getKeyStoreFile(KeyStoreFileType.PKCS12).getAbsolutePath();
057    assertThrows(IOException.class, () -> {
058      new PKCS12FileLoader.Builder().setKeyStorePath(path)
059        .setKeyStorePassword("wrong password".toCharArray()).build().loadKeyStore();
060    });
061  }
062
063  @TestTemplate
064  public void testLoadKeyStoreWithWrongFilePath() throws IOException {
065    String path = x509TestContext.getKeyStoreFile(KeyStoreFileType.PKCS12).getAbsolutePath();
066    assertThrows(IOException.class, () -> {
067      new PKCS12FileLoader.Builder().setKeyStorePath(path + ".does_not_exist")
068        .setKeyStorePassword(x509TestContext.getKeyStorePassword()).build().loadKeyStore();
069    });
070  }
071
072  @TestTemplate
073  public void testLoadKeyStoreWithNullFilePath() {
074    assertThrows(NullPointerException.class, () -> {
075      new PKCS12FileLoader.Builder().setKeyStorePassword(x509TestContext.getKeyStorePassword())
076        .build().loadKeyStore();
077    });
078  }
079
080  @TestTemplate
081  public void testLoadKeyStoreWithWrongFileType() throws IOException {
082    String path = x509TestContext.getKeyStoreFile(KeyStoreFileType.PEM).getAbsolutePath();
083    assertThrows(IOException.class, () -> {
084      // Trying to load a PEM file with PKCS12 loader should fail
085      new PKCS12FileLoader.Builder().setKeyStorePath(path)
086        .setKeyStorePassword(x509TestContext.getKeyStorePassword()).build().loadKeyStore();
087    });
088  }
089
090  @TestTemplate
091  public void testLoadTrustStore() throws Exception {
092    String path = x509TestContext.getTrustStoreFile(KeyStoreFileType.PKCS12).getAbsolutePath();
093    KeyStore ts = new PKCS12FileLoader.Builder().setTrustStorePath(path)
094      .setTrustStorePassword(x509TestContext.getTrustStorePassword()).build().loadTrustStore();
095    assertEquals(1, ts.size());
096  }
097
098  @TestTemplate
099  public void testLoadTrustStoreWithWrongPassword() throws IOException {
100    String path = x509TestContext.getTrustStoreFile(KeyStoreFileType.PKCS12).getAbsolutePath();
101    assertThrows(IOException.class, () -> {
102      new PKCS12FileLoader.Builder().setTrustStorePath(path)
103        .setTrustStorePassword("wrong password".toCharArray()).build().loadTrustStore();
104    });
105  }
106
107  @TestTemplate
108  public void testLoadTrustStoreWithWrongFilePath() throws IOException {
109    String path = x509TestContext.getTrustStoreFile(KeyStoreFileType.PKCS12).getAbsolutePath();
110    assertThrows(IOException.class, () -> {
111      new PKCS12FileLoader.Builder().setTrustStorePath(path + ".does_not_exist")
112        .setTrustStorePassword(x509TestContext.getTrustStorePassword()).build().loadTrustStore();
113    });
114  }
115
116  @TestTemplate
117  public void testLoadTrustStoreWithNullFilePath() {
118    assertThrows(NullPointerException.class, () -> {
119      new PKCS12FileLoader.Builder().setTrustStorePassword(x509TestContext.getTrustStorePassword())
120        .build().loadTrustStore();
121    });
122  }
123
124  @TestTemplate
125  public void testLoadTrustStoreWithWrongFileType() {
126    assertThrows(IOException.class, () -> {
127      // Trying to load a PEM file with PKCS12 loader should fail
128      String path = x509TestContext.getTrustStoreFile(KeyStoreFileType.PEM).getAbsolutePath();
129      new PKCS12FileLoader.Builder().setTrustStorePath(path)
130        .setTrustStorePassword(x509TestContext.getTrustStorePassword()).build().loadTrustStore();
131    });
132  }
133}