コード例 #1
0
        public virtual void TestReload()
        {
            KeyPair kp = KeyStoreTestUtil.GenerateKeyPair("RSA");

            cert1 = KeyStoreTestUtil.GenerateCertificate("CN=Cert1", kp, 30, "SHA1withRSA");
            cert2 = KeyStoreTestUtil.GenerateCertificate("CN=Cert2", kp, 30, "SHA1withRSA");
            string truststoreLocation = Basedir + "/testreload.jks";

            KeyStoreTestUtil.CreateTrustStore(truststoreLocation, "password", "cert1", cert1);
            ReloadingX509TrustManager tm = new ReloadingX509TrustManager("jks", truststoreLocation
                                                                         , "password", 10);

            try
            {
                tm.Init();
                Assert.Equal(1, tm.GetAcceptedIssuers().Length);
                // Wait so that the file modification time is different
                Thread.Sleep((tm.GetReloadInterval() + 1000));
                // Add another cert
                IDictionary <string, X509Certificate> certs = new Dictionary <string, X509Certificate
                                                                              >();
                certs["cert1"] = cert1;
                certs["cert2"] = cert2;
                KeyStoreTestUtil.CreateTrustStore(truststoreLocation, "password", certs);
                // and wait to be sure reload has taken place
                Assert.Equal(10, tm.GetReloadInterval());
                // Wait so that the file modification time is different
                Thread.Sleep((tm.GetReloadInterval() + 200));
                Assert.Equal(2, tm.GetAcceptedIssuers().Length);
            }
            finally
            {
                tm.Destroy();
            }
        }
コード例 #2
0
        public virtual void TestReloadCorruptTrustStore()
        {
            KeyPair kp = KeyStoreTestUtil.GenerateKeyPair("RSA");

            cert1 = KeyStoreTestUtil.GenerateCertificate("CN=Cert1", kp, 30, "SHA1withRSA");
            cert2 = KeyStoreTestUtil.GenerateCertificate("CN=Cert2", kp, 30, "SHA1withRSA");
            string truststoreLocation = Basedir + "/testcorrupt.jks";

            KeyStoreTestUtil.CreateTrustStore(truststoreLocation, "password", "cert1", cert1);
            ReloadingX509TrustManager tm = new ReloadingX509TrustManager("jks", truststoreLocation
                                                                         , "password", 10);

            try
            {
                tm.Init();
                Assert.Equal(1, tm.GetAcceptedIssuers().Length);
                X509Certificate cert = tm.GetAcceptedIssuers()[0];
                OutputStream    os   = new FileOutputStream(truststoreLocation);
                os.Write(1);
                os.Close();
                new FilePath(truststoreLocation).SetLastModified(Runtime.CurrentTimeMillis() - 1000
                                                                 );
                // Wait so that the file modification time is different
                Thread.Sleep((tm.GetReloadInterval() + 200));
                Assert.Equal(1, tm.GetAcceptedIssuers().Length);
                Assert.Equal(cert, tm.GetAcceptedIssuers()[0]);
            }
            finally
            {
                tm.Destroy();
            }
        }
コード例 #3
0
        public virtual void TestReloadMissingTrustStore()
        {
            KeyPair kp = KeyStoreTestUtil.GenerateKeyPair("RSA");

            cert1 = KeyStoreTestUtil.GenerateCertificate("CN=Cert1", kp, 30, "SHA1withRSA");
            cert2 = KeyStoreTestUtil.GenerateCertificate("CN=Cert2", kp, 30, "SHA1withRSA");
            string truststoreLocation = Basedir + "/testmissing.jks";

            KeyStoreTestUtil.CreateTrustStore(truststoreLocation, "password", "cert1", cert1);
            ReloadingX509TrustManager tm = new ReloadingX509TrustManager("jks", truststoreLocation
                                                                         , "password", 10);

            try
            {
                tm.Init();
                Assert.Equal(1, tm.GetAcceptedIssuers().Length);
                X509Certificate cert = tm.GetAcceptedIssuers()[0];
                new FilePath(truststoreLocation).Delete();
                // Wait so that the file modification time is different
                Thread.Sleep((tm.GetReloadInterval() + 200));
                Assert.Equal(1, tm.GetAcceptedIssuers().Length);
                Assert.Equal(cert, tm.GetAcceptedIssuers()[0]);
            }
            finally
            {
                tm.Destroy();
            }
        }
コード例 #4
0
        /// <exception cref="System.Exception"/>
        private Configuration CreateConfiguration(bool clientCert, bool trustStore)
        {
            Configuration conf = new Configuration();

            KeyStoreTestUtil.SetupSSLConfig(KeystoresDir, sslConfsDir, conf, clientCert, trustStore
                                            );
            return(conf);
        }
コード例 #5
0
        /// <summary>
        /// Performs complete setup of SSL configuration in preparation for testing an
        /// SSLFactory.
        /// </summary>
        /// <remarks>
        /// Performs complete setup of SSL configuration in preparation for testing an
        /// SSLFactory.  This includes keys, certs, keystores, truststores, the server
        /// SSL configuration file, the client SSL configuration file, and the master
        /// configuration file read by the SSLFactory.
        /// </remarks>
        /// <param name="keystoresDir">String directory to save keystores</param>
        /// <param name="sslConfDir">String directory to save SSL configuration files</param>
        /// <param name="conf">
        /// Configuration master configuration to be used by an SSLFactory,
        /// which will be mutated by this method
        /// </param>
        /// <param name="useClientCert">
        /// boolean true to make the client present a cert in the
        /// SSL handshake
        /// </param>
        /// <param name="trustStore">boolean true to create truststore, false not to create it
        ///     </param>
        /// <exception cref="System.Exception"/>
        public static void SetupSSLConfig(string keystoresDir, string sslConfDir, Configuration
                                          conf, bool useClientCert, bool trustStore)
        {
            string   clientKS          = keystoresDir + "/clientKS.jks";
            string   clientPassword    = "******";
            string   serverKS          = keystoresDir + "/serverKS.jks";
            string   serverPassword    = "******";
            string   trustKS           = null;
            string   trustPassword     = "******";
            FilePath sslClientConfFile = new FilePath(sslConfDir + "/ssl-client.xml");
            FilePath sslServerConfFile = new FilePath(sslConfDir + "/ssl-server.xml");
            IDictionary <string, X509Certificate> certs = new Dictionary <string, X509Certificate
                                                                          >();

            if (useClientCert)
            {
                KeyPair         cKP   = KeyStoreTestUtil.GenerateKeyPair("RSA");
                X509Certificate cCert = KeyStoreTestUtil.GenerateCertificate("CN=localhost, O=client"
                                                                             , cKP, 30, "SHA1withRSA");
                KeyStoreTestUtil.CreateKeyStore(clientKS, clientPassword, "client", cKP.GetPrivate
                                                    (), cCert);
                certs["client"] = cCert;
            }
            KeyPair         sKP   = KeyStoreTestUtil.GenerateKeyPair("RSA");
            X509Certificate sCert = KeyStoreTestUtil.GenerateCertificate("CN=localhost, O=server"
                                                                         , sKP, 30, "SHA1withRSA");

            KeyStoreTestUtil.CreateKeyStore(serverKS, serverPassword, "server", sKP.GetPrivate
                                                (), sCert);
            certs["server"] = sCert;
            if (trustStore)
            {
                trustKS = keystoresDir + "/trustKS.jks";
                KeyStoreTestUtil.CreateTrustStore(trustKS, trustPassword, certs);
            }
            Configuration clientSSLConf = CreateClientSSLConfig(clientKS, clientPassword, clientPassword
                                                                , trustKS);
            Configuration serverSSLConf = CreateServerSSLConfig(serverKS, serverPassword, serverPassword
                                                                , trustKS);

            SaveConfig(sslClientConfFile, clientSSLConf);
            SaveConfig(sslServerConfFile, serverSSLConf);
            conf.Set(SSLFactory.SslHostnameVerifierKey, "ALLOW_ALL");
            conf.Set(SSLFactory.SslClientConfKey, sslClientConfFile.GetName());
            conf.Set(SSLFactory.SslServerConfKey, sslServerConfFile.GetName());
            conf.SetBoolean(SSLFactory.SslRequireClientCertKey, useClientCert);
        }
コード例 #6
0
 public virtual void CleanUp()
 {
     sslConfsDir = KeyStoreTestUtil.GetClasspathDir(typeof(TestSSLFactory));
     KeyStoreTestUtil.CleanupSSLConfig(KeystoresDir, sslConfsDir);
 }
コード例 #7
0
        /// <summary>
        /// Checks that SSLFactory initialization is successful with the given
        /// arguments.
        /// </summary>
        /// <remarks>
        /// Checks that SSLFactory initialization is successful with the given
        /// arguments.  This is a helper method for writing test cases that cover
        /// different combinations of settings for the store password and key password.
        /// It takes care of bootstrapping a keystore, a truststore, and SSL client or
        /// server configuration.  Then, it initializes an SSLFactory.  If no exception
        /// is thrown, then initialization was successful.
        /// </remarks>
        /// <param name="mode">SSLFactory.Mode mode to test</param>
        /// <param name="password">String store password to set on keystore</param>
        /// <param name="keyPassword">String key password to set on keystore</param>
        /// <param name="confPassword">
        /// String store password to set in SSL config file, or null
        /// to avoid setting in SSL config file
        /// </param>
        /// <param name="confKeyPassword">
        /// String key password to set in SSL config file, or
        /// null to avoid setting in SSL config file
        /// </param>
        /// <param name="useCredProvider">
        /// boolean to indicate whether passwords should be set
        /// into the config or not. When set to true nulls are set and aliases are
        /// expected to be resolved through credential provider API through the
        /// Configuration.getPassword method
        /// </param>
        /// <exception cref="System.Exception">for any error</exception>
        private void CheckSSLFactoryInitWithPasswords(SSLFactory.Mode mode, string password
                                                      , string keyPassword, string confPassword, string confKeyPassword, bool useCredProvider
                                                      )
        {
            string keystore   = new FilePath(KeystoresDir, "keystore.jks").GetAbsolutePath();
            string truststore = new FilePath(KeystoresDir, "truststore.jks").GetAbsolutePath(
                );
            string trustPassword = "******";
            // Create keys, certs, keystore, and truststore.
            KeyPair         keyPair = KeyStoreTestUtil.GenerateKeyPair("RSA");
            X509Certificate cert    = KeyStoreTestUtil.GenerateCertificate("CN=Test", keyPair, 30
                                                                           , "SHA1withRSA");

            KeyStoreTestUtil.CreateKeyStore(keystore, password, keyPassword, "Test", keyPair.
                                            GetPrivate(), cert);
            IDictionary <string, X509Certificate> certs = Collections.SingletonMap("server", cert
                                                                                   );

            KeyStoreTestUtil.CreateTrustStore(truststore, trustPassword, certs);
            // Create SSL configuration file, for either server or client.
            string        sslConfFileName;
            Configuration sslConf;

            // if the passwords are provisioned in a cred provider then don't set them
            // in the configuration properly - expect them to be resolved through the
            // provider
            if (useCredProvider)
            {
                confPassword    = null;
                confKeyPassword = null;
            }
            if (mode == SSLFactory.Mode.Server)
            {
                sslConfFileName = "ssl-server.xml";
                sslConf         = KeyStoreTestUtil.CreateServerSSLConfig(keystore, confPassword, confKeyPassword
                                                                         , truststore);
                if (useCredProvider)
                {
                    FilePath testDir = new FilePath(Runtime.GetProperty("test.build.data", "target/test-dir"
                                                                        ));
                    Path   jksPath = new Path(testDir.ToString(), "test.jks");
                    string ourUrl  = JavaKeyStoreProvider.SchemeName + "://file" + jksPath.ToUri();
                    sslConf.Set(CredentialProviderFactory.CredentialProviderPath, ourUrl);
                }
            }
            else
            {
                sslConfFileName = "ssl-client.xml";
                sslConf         = KeyStoreTestUtil.CreateClientSSLConfig(keystore, confPassword, confKeyPassword
                                                                         , truststore);
            }
            KeyStoreTestUtil.SaveConfig(new FilePath(sslConfsDir, sslConfFileName), sslConf);
            // Create the master configuration for use by the SSLFactory, which by
            // default refers to the ssl-server.xml or ssl-client.xml created above.
            Configuration conf = new Configuration();

            conf.SetBoolean(SSLFactory.SslRequireClientCertKey, true);
            // Try initializing an SSLFactory.
            SSLFactory sslFactory = new SSLFactory(mode, conf);

            try
            {
                sslFactory.Init();
            }
            finally
            {
                sslFactory.Destroy();
            }
        }
コード例 #8
0
 public virtual void TestServerCredProviderPasswords()
 {
     KeyStoreTestUtil.ProvisionPasswordsToCredentialProvider();
     CheckSSLFactoryInitWithPasswords(SSLFactory.Mode.Server, "storepass", "keypass",
                                      null, null, true);
 }