From 139d25b79ad70273b057c57601e163543e20eda7 Mon Sep 17 00:00:00 2001 From: RBKR Date: Mon, 30 Sep 2024 15:28:01 +0200 Subject: [PATCH 1/4] Make constant names readable --- .../security/SecurityTestConstants.java | 33 +++++++++---------- 1 file changed, 16 insertions(+), 17 deletions(-) diff --git a/bitrepository-core/src/test/java/org/bitrepository/protocol/security/SecurityTestConstants.java b/bitrepository-core/src/test/java/org/bitrepository/protocol/security/SecurityTestConstants.java index 8893afb57..ee82ab7ed 100644 --- a/bitrepository-core/src/test/java/org/bitrepository/protocol/security/SecurityTestConstants.java +++ b/bitrepository-core/src/test/java/org/bitrepository/protocol/security/SecurityTestConstants.java @@ -52,10 +52,10 @@ public class SecurityTestConstants { // When certificate POSITIVECERT is changed, use openssl x509 -in -fingerprint to obtain new fingerprint private static final String FINGERPRINT = "D3:CC:F2:AE:36:4C:FB:85:F0:70:9A:59:8F:14:EF:8B:52:D4:A5:30"; - private static final String POSITIVECERT_KEYFILE = "./target/test-classes/client80-certkey.pem"; + private static final String POSITIVE_CERT_KEYFILE = "./target/test-classes/client80-certkey.pem"; /* currently client80-certkey.pem */ - private static final String POSITIVECERT = "-----BEGIN CERTIFICATE-----\n" + + private static final String POSITIVE_CERT = "-----BEGIN CERTIFICATE-----\n" + "MIIDkTCCAnmgAwIBAgIJAJ8IPxJseYAfMA0GCSqGSIb3DQEBBQUAMF8xCzAJBgNV\n" + "BAYTAkRLMRAwDgYDVQQIDAdEZW5tYXJrMQ8wDQYDVQQHDAZBYXJodXMxGjAYBgNV\n" + "BAoMEUJpdHJlcG9zaXRvcnkub3JnMREwDwYDVQQDDAhjbGllbnQ4MDAeFw0xNDA3\n" + @@ -79,7 +79,7 @@ public class SecurityTestConstants { "-----END CERTIFICATE-----\n"; /* currently client90-certkey.pem */ - private static final String NEGATIVECERT = "-----BEGIN CERTIFICATE-----\n" + + private static final String NEGATIVE_CERT = "-----BEGIN CERTIFICATE-----\n" + "MIIDkTCCAnmgAwIBAgIJAK/RxZXju3LcMA0GCSqGSIb3DQEBBQUAMF8xCzAJBgNV\n" + "BAYTAkRLMRAwDgYDVQQIDAdEZW5tYXJrMQ8wDQYDVQQHDAZBYXJodXMxGjAYBgNV\n" + "BAoMEUJpdHJlcG9zaXRvcnkub3JnMREwDwYDVQQDDAhjbGllbnQ5MDAeFw0xNDA3\n" + @@ -103,7 +103,7 @@ public class SecurityTestConstants { "-----END CERTIFICATE-----\n"; /* currently client100-certkey.pem */ - private static final String SIGNINGCERT = + private static final String SIGNING_CERT = "-----BEGIN CERTIFICATE-----\n" + "MIIDkzCCAnugAwIBAgIJALlIlDh730tYMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNV\n" + "BAYTAkRLMRAwDgYDVQQIDAdEZW5tYXJrMQ8wDQYDVQQHDAZBYXJodXMxGjAYBgNV\n" + @@ -130,12 +130,12 @@ public class SecurityTestConstants { private static final String KEYFILE = "./target/test-classes/client100-certkey.pem"; - private static final String ALLOWEDCERTIFICATEUSER = "test-component"; + private static final String ALLOWED_CERTIFICATE_USER = "test-component"; - private static final String COMPONENTID = "TEST"; + private static final String COMPONENT_ID = "TEST"; public static String getPositiveCertKeyFile() { - return POSITIVECERT_KEYFILE; + return POSITIVE_CERT_KEYFILE; } public static String getKeyFile() { @@ -155,37 +155,37 @@ public static String getSignature() { } public static String getPositiveCertificate() { - return POSITIVECERT; + return POSITIVE_CERT; } public static String getNegativeCertificate() { - return NEGATIVECERT; + return NEGATIVE_CERT; } public static String getSigningCertificate() { - return SIGNINGCERT; + return SIGNING_CERT; } public static String getAllowedCertificateUser() { - return ALLOWEDCERTIFICATEUSER; + return ALLOWED_CERTIFICATE_USER; } public static String getDisallowedCertificateUser() { - return ALLOWEDCERTIFICATEUSER + "-bad"; + return ALLOWED_CERTIFICATE_USER + "-bad"; } public static String getComponentID() { - return COMPONENTID; + return COMPONENT_ID; } public static PermissionSet getDefaultPermissions() { PermissionSet permissions = new PermissionSet(); ComponentIDs allowedUsers = new ComponentIDs(); - allowedUsers.getIDs().add(ALLOWEDCERTIFICATEUSER); + allowedUsers.getIDs().add(ALLOWED_CERTIFICATE_USER); Permission perm1 = new Permission(); Certificate cert1 = new Certificate(); - cert1.setCertificateData(POSITIVECERT.getBytes(StandardCharsets.UTF_8)); + cert1.setCertificateData(POSITIVE_CERT.getBytes(StandardCharsets.UTF_8)); cert1.setAllowedCertificateUsers(allowedUsers); perm1.setCertificate(cert1); OperationPermission opPerm = new OperationPermission(); @@ -194,7 +194,7 @@ public static PermissionSet getDefaultPermissions() { Permission perm2 = new Permission(); Certificate cert2 = new Certificate(); - cert2.setCertificateData(NEGATIVECERT.getBytes(StandardCharsets.UTF_8)); + cert2.setCertificateData(NEGATIVE_CERT.getBytes(StandardCharsets.UTF_8)); cert2.setAllowedCertificateUsers(allowedUsers); perm2.setCertificate(cert2); @@ -203,5 +203,4 @@ public static PermissionSet getDefaultPermissions() { return permissions; } - } From 8a2836cacdcf99e021f6c8eab12209cef5adbf9d Mon Sep 17 00:00:00 2001 From: RBKR Date: Wed, 2 Oct 2024 13:33:16 +0200 Subject: [PATCH 2/4] Update expired certificates --- .../src/test/resources/client100-certkey.pem | 147 +++++++++--------- .../src/test/resources/client80-certkey.pem | 147 +++++++++--------- .../src/test/resources/client90-certkey.pem | 147 +++++++++--------- 3 files changed, 222 insertions(+), 219 deletions(-) diff --git a/bitrepository-core/src/test/resources/client100-certkey.pem b/bitrepository-core/src/test/resources/client100-certkey.pem index 3c3d10fc8..fdb6c9a44 100644 --- a/bitrepository-core/src/test/resources/client100-certkey.pem +++ b/bitrepository-core/src/test/resources/client100-certkey.pem @@ -1,77 +1,78 @@ -----BEGIN CERTIFICATE----- -MIIDkzCCAnugAwIBAgIJALlIlDh730tYMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNV -BAYTAkRLMRAwDgYDVQQIDAdEZW5tYXJrMQ8wDQYDVQQHDAZBYXJodXMxGjAYBgNV -BAoMEUJpdHJlcG9zaXRvcnkub3JnMRIwEAYDVQQDDAljbGllbnQxMDAwHhcNMTQw -NzI5MTQwMzEyWhcNMjQwNzI2MTQwMzEyWjBgMQswCQYDVQQGEwJESzEQMA4GA1UE -CAwHRGVubWFyazEPMA0GA1UEBwwGQWFyaHVzMRowGAYDVQQKDBFCaXRyZXBvc2l0 -b3J5Lm9yZzESMBAGA1UEAwwJY2xpZW50MTAwMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEAr+8QNcRWPhyCmDt23K4WIRPLiwcu5jJHnopBWhQMp63K2ySX -j4iHXc4Qd9Ug+vGh2Max39I1xPfKJ5WliddAzzwh69R3ICQ2fyESRlaDN5RP9ngC -927CHbC2qgruVzM5AcsVWdv6NJi75peui0YkD2mYs8zKpgM4Ys5DeI6mfH9OAyvX -nn0QOZW3gTazBQccxWgBAGbMpyKsfsEh4nP8BDJEO82znK61K4qJ2c1+tlTwg2Nt -+aWz4mBiLnzZtZ8gJlspDMA0WpVgPlc6MU0kd+cJVCa4gbuWNoOm/ifoYS15RlWt -vQhnqFK7d9UwBv/fVM8NfdbJaeooyWdobf24IQIDAQABo1AwTjAdBgNVHQ4EFgQU -vFhO3LofBvKUKayjeLO4JCLxYewwHwYDVR0jBBgwFoAUvFhO3LofBvKUKayjeLO4 -JCLxYewwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEABUjBPYK+6zWq -IOx/Thhr8ccTHitBLIYlN8mOy5v6odYtJpVo4/EuBNSSrY9w6EZA7fpp8u8X3xhg -Sp0Znd25SY6h1wWZztlP2RuPj1SI5pP10wEHD8sEUhimMnGbtxsEi6IaWRL9qki4 -uLwKg6OyL9lxduaElS1hUFYMU5LXs9HdRzz8JHmlb6SfWLTvi6TRUZjvEUQ11TGJ -93qyZ0+1xJ9bKW3xB8yDybd67PkF7UYIyZXhGiMS9vlIeX7h107/4IT+EEe7vEyb -XfmVbCmlkuHZwJPLwawmOUACfYUDsk0A7dB5cSaMwcxYi4TNZOYII7rrSZ85UCgP -84Eon1U3cw== +MIIDoTCCAomgAwIBAgIUQhbuz4vpSFCrpxD9d5sZd7Y1oPswDQYJKoZIhvcNAQEL +BQAwYDELMAkGA1UEBhMCREsxEDAOBgNVBAgMB0Rlbm1hcmsxDzANBgNVBAcMBkFh +cmh1czEaMBgGA1UECgwRQml0cmVwb3NpdG9yeS5vcmcxEjAQBgNVBAMMCWNsaWVu +dDEwMDAeFw0yNDEwMDIwOTU4MzhaFw0zNDA5MzAwOTU4MzhaMGAxCzAJBgNVBAYT +AkRLMRAwDgYDVQQIDAdEZW5tYXJrMQ8wDQYDVQQHDAZBYXJodXMxGjAYBgNVBAoM +EUJpdHJlcG9zaXRvcnkub3JnMRIwEAYDVQQDDAljbGllbnQxMDAwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCx6CjBgBksqvpss+IN+l9m6Za65F9YApc8 +QT/4Jv4ZpgPkS22ryhhGrWvs/fsTSA/2B5FRo81VgSlu6QfGE06kiziXDri97/rV +LYFTEv7yE9/uXQiJY7Y3IkHJOQK3YR87IY1tl2YXM4ZIiNMVd+Em9f/9EyZKjnh1 +Q7daahellH+0XexR5CWeJvfePKrcJWGa67lmX0cGEnOkuGHsVk0o42ZqP1+f7l5l +EstCiE/6tAuaydU/XRj45tOuATIZHkdFAqyOY+Iw6moj5Pa+Oqoz0ljI8RazKef3 +cJ1Ihme2/ur/Nso6phrk+tGCftMa5rZ471UTuGz8hGxjjmghDkFhAgMBAAGjUzBR +MB0GA1UdDgQWBBT62lK9v0WypvxOqRxRSF1rDzpCRDAfBgNVHSMEGDAWgBT62lK9 +v0WypvxOqRxRSF1rDzpCRDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUA +A4IBAQBHtWLpOpbnH8lNmFTs/JWWc4fGN2lraTULLWA/3EsRiIbmlFWZWnkILYWa +p7XNjrC8PQUMfjN9vsi6hT7ffccCo4SH/uQLBTRMH/+wtwj+1IVki5SW9V2p4nut +G7seHyVIZ6Wzu1taAWNBgVy3w9Opz94RPg4wF3AuRL98w1W5i40m8oNomxBeaTuJ +I4SgbU6pnTiXutb4kZp2iOnbsqarvuaFUR4PYr4TooWfwOcrs74WCUZ5jhThr+gY +4yxA56dR1f7OZ4fiTPjsGA6SIB0snXIIaRMSQ6KtzUKGosL4vFDqaABshY9HcO6c +eQ0ihMjviDMyIC2r136G8mCG/ukG -----END CERTIFICATE----- ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAr+8QNcRWPhyCmDt23K4WIRPLiwcu5jJHnopBWhQMp63K2ySX -j4iHXc4Qd9Ug+vGh2Max39I1xPfKJ5WliddAzzwh69R3ICQ2fyESRlaDN5RP9ngC -927CHbC2qgruVzM5AcsVWdv6NJi75peui0YkD2mYs8zKpgM4Ys5DeI6mfH9OAyvX -nn0QOZW3gTazBQccxWgBAGbMpyKsfsEh4nP8BDJEO82znK61K4qJ2c1+tlTwg2Nt -+aWz4mBiLnzZtZ8gJlspDMA0WpVgPlc6MU0kd+cJVCa4gbuWNoOm/ifoYS15RlWt -vQhnqFK7d9UwBv/fVM8NfdbJaeooyWdobf24IQIDAQABAoIBAG0BBJ0biYewKGXj -qfBu1/0kg58fEzrC+kbLSFRkSbb2YdJHKLRgleZTzzY/0dBJN8rUyM5xMqlYEWNX -P5pYyKndivLP0AMVDMLVnboAzgn4lVaS4tulPxYgL/zJCwTyEqb+ybrEJZDC9OCZ -KCbYjW0TMu5ruz8CjcQCIiGm2JYXTwfgj/pJf07O9HoUmnx6xI+MiTfWqMfsfwuV -HhxkYKMJsI7GJDZOYI5uYZsKxO1s6fiDHScPnKRrzG+GkMdfOzROFNmMQxYLveMr -nj9Q/FF0VtLF22Q/TDD1TJGqzRmMF4V5+3QBeajyf1ITLBqRL+WFQUP60Apo3cxe -6OOHR/UCgYEA2rV1+THSNSYXPUlaqXpWEoS6gJSCLbct0lhxjrq3TbMJGQrBm8Bg -LveGYmZvAuOQBVdNNz+Ymawwu6QcMS32gLMGpr2lRVit26YUMBDqfjvlZhP9C4FQ -IZkyD0cAsrM4mdCjx51izGw60gY5kGjPudn0h9BPzATPCzr6s/ABmJcCgYEAze5+ -dVB+yfNod1L7SSrtwoKXmDAGYnWjak+knr1s0eD/yZ/T+ChzU0aG7L05wMaleZKO -OybJ8N819/z4gpBSOgl19ESLUo5I3K8MyrInTLy6/g/fCldZoSlZGR/vGY8Bfo3G -hZfjtY9tW2WGbRm4KoghVldSzMQN7l7z1+pHVAcCgYEAv3iDutEKJeueBtKUY7Et -b3Lx0CWzvhATNoali/4dAhIOkfTfwNpvmk6rQLRK1a2h5Xsjp42urEKaO3wWDlwd -5VhWJ136NbbIJnbET7xPfoozb+Vp8Euaen+i2ssfalMK52ZILDa2Sx8pc7ttY+bO -jPeqY8hUQ9ml5UASQbuJuisCgYAY0TcYOD0vZVAfoTZ7WNsSZ96RDqiWUQsCktqJ -7tYgbPcme0Z2T5mmXYeBHETLgKUMg6b0ZfZMOvosCqaARZhDOkSmzWPk7RTG06m8 -+79UtiHq4ErG2kQI8gy0xG5yLBPIBpn4G5frl39cVl3e5AyXw5QQ7bEi0DXFllfY -m3lBHQKBgQCc1XgnVK0ncz8om8uEff0XD/cbtnBiudH8MkWosIXYzB5PK0Y3rNmp -812w7qCjnrFxDIE66cthWOzznZB5ZlO6/p9MRrxUwSwHD7ZRMRhNTb2m/wOiFyWX -POtx8pVy8qXXZTm/Ciaj+Bdta67L4UYskAV0CU9/OihPopDYI26Arg== ------END RSA PRIVATE KEY----- -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCv7xA1xFY+HIKY -O3bcrhYhE8uLBy7mMkeeikFaFAynrcrbJJePiIddzhB31SD68aHYxrHf0jXE98on -laWJ10DPPCHr1HcgJDZ/IRJGVoM3lE/2eAL3bsIdsLaqCu5XMzkByxVZ2/o0mLvm -l66LRiQPaZizzMqmAzhizkN4jqZ8f04DK9eefRA5lbeBNrMFBxzFaAEAZsynIqx+ -wSHic/wEMkQ7zbOcrrUrionZzX62VPCDY235pbPiYGIufNm1nyAmWykMwDRalWA+ -VzoxTSR35wlUJriBu5Y2g6b+J+hhLXlGVa29CGeoUrt31TAG/99Uzw191slp6ijJ -Z2ht/bghAgMBAAECggEAbQEEnRuJh7AoZeOp8G7X/SSDnx8TOsL6RstIVGRJtvZh -0kcotGCV5lPPNj/R0Ek3ytTIznEyqVgRY1c/mljIqd2K8s/QAxUMwtWdugDOCfiV -VpLi26U/FiAv/MkLBPISpv7JusQlkML04JkoJtiNbRMy7mu7PwKNxAIiIabYlhdP -B+CP+kl/Ts70ehSafHrEj4yJN9aox+x/C5UeHGRgowmwjsYkNk5gjm5hmwrE7Wzp -+IMdJw+cpGvMb4aQx187NE4U2YxDFgu94yueP1D8UXRW0sXbZD9MMPVMkarNGYwX -hXn7dAF5qPJ/UhMsGpEv5YVBQ/rQCmjdzF7o44dH9QKBgQDatXX5MdI1Jhc9SVqp -elYShLqAlIItty3SWHGOurdNswkZCsGbwGAu94ZiZm8C45AFV003P5iZrDC7pBwx -LfaAswamvaVFWK3bphQwEOp+O+VmE/0LgVAhmTIPRwCysziZ0KPHnWLMbDrSBjmQ -aM+52fSH0E/MBM8LOvqz8AGYlwKBgQDN7n51UH7J82h3UvtJKu3CgpeYMAZidaNq -T6SevWzR4P/Jn9P4KHNTRobsvTnAxqV5ko47Jsnw3zX3/PiCkFI6CXX0RItSjkjc -rwzKsidMvLr+D98KV1mhKVkZH+8ZjwF+jcaFl+O1j21bZYZtGbgqiCFWV1LMxA3u -XvPX6kdUBwKBgQC/eIO60Qol654G0pRjsS1vcvHQJbO+EBM2hqWL/h0CEg6R9N/A -2m+aTqtAtErVraHleyOnja6sQpo7fBYOXB3lWFYnXfo1tsgmdsRPvE9+ijNv5Wnw -S5p6f6Layx9qUwrnZkgsNrZLHylzu21j5s6M96pjyFRD2aXlQBJBu4m6KwKBgBjR -Nxg4PS9lUB+hNntY2xJn3pEOqJZRCwKS2onu1iBs9yZ7RnZPmaZdh4EcRMuApQyD -pvRl9kw6+iwKpoBFmEM6RKbNY+TtFMbTqbz7v1S2IergSsbaRAjyDLTEbnIsE8gG -mfgbl+uXf1xWXd7kDJfDlBDtsSLQNcWWV9ibeUEdAoGBAJzVeCdUrSdzPyiby4R9 -/RcP9xu2cGK50fwyRaiwhdjMHk8rRjes2anzXbDuoKOesXEMgTrpy2FY7POdkHlm -U7r+n0xGvFTBLAcPtlExGE1Nvab/A6IXJZc863HylXLypddlOb8KJqP4F21rrsvh -RiyQBXQJT386KE+ikNgjboCu +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCx6CjBgBksqvps +s+IN+l9m6Za65F9YApc8QT/4Jv4ZpgPkS22ryhhGrWvs/fsTSA/2B5FRo81VgSlu +6QfGE06kiziXDri97/rVLYFTEv7yE9/uXQiJY7Y3IkHJOQK3YR87IY1tl2YXM4ZI +iNMVd+Em9f/9EyZKjnh1Q7daahellH+0XexR5CWeJvfePKrcJWGa67lmX0cGEnOk +uGHsVk0o42ZqP1+f7l5lEstCiE/6tAuaydU/XRj45tOuATIZHkdFAqyOY+Iw6moj +5Pa+Oqoz0ljI8RazKef3cJ1Ihme2/ur/Nso6phrk+tGCftMa5rZ471UTuGz8hGxj +jmghDkFhAgMBAAECggEAMcxK0DMTmOG5HEFT1tbM6okbBHBVUdTT0W1wQv1jJfnG +4BnO9oWouuvjKGDFbVXABf2DS0de+/6eAuoen26bFkrUCdB4nM32N8K3jvHjxA4V +IesPrylmgVNI99LJ9FuuusX/CPyWeosVHOuTrlAyiU3VnFjGYJs1k5ljUt8chF+v +X5XY9k7pot6cnxKjq2bTA1NxMg3uXv71xmLSIc1SshaG1OqBpCfqCT2wusHydinM ++SsuQIXulwB/+QNSmEmrYDq/jrQrjZItkcEg95CeMBvglWbjf0nk1JjKugw/rdSL +smw//tlSIwHt5+icAPNmXkIxK0Y+gr8e6WfhIfQeowKBgQDohUjy/NLkUTM0k1/8 +8WmDQoRiMVsHIg7agQUOSvh3QbUQ6eiub0ZJNlVSA2m77ZJifVl3Dw2hS6f1N/45 +pckEwbKbcsS7gfpyUMRRJdw7qMI9OoFGZvhFZtxlF1mGFKwArGfdDNdlDjn8wKxn +UH8KbH8dXqSW34LSRVrkdwfD1wKBgQDD3xhQx6z7MWpODYEvpK+m6dZ3ERSSNopE +uhuM5L4ZHoRY++K+vsZgbS+rPdcP6mEpWyyfssDkrJv/utdYYjFEaYkwLDYO8Tpf ++Qw/ks57JgUUlPfZiJC5QYV8Px3pTSN7P3z4Fykst9WwMKAii9hunalg/LJLAGyf +K1tbDpp9hwKBgQCMRyz1e1X37I0J4Qd94F8Zk12up7wVF5UCeegE8XHo8Lk+FQAN +jJBIxwC+U9TMTc2MobcBvxEoCC6yIC+9s6kMt5b7dUf/H7FqmhN2KXMugud8bPlk +8eZCaIX6bxXRcFM8rMaUc5TXILgXJl5cjhG2xjICFAEUDJAuLy1gu/bxTQKBgBWe +0I5KHBv2DmfjMblSklj4QsYNypmBD64aZOQec6VOKwmvdA3d/QOzyak7QDvvgR4R +hFF0Z7pWGzoVI6QL4qhMheodVzI7CliBowp5Z/VL8w+ciecnHeJ1Cwj15pVUAHCg +R2kTFWZsPFggZeyqRw+es42TFxMUTuka3hClAgSNAoGBAL4FfJ2hZ6acgsc0tw/R +4qrqP1viQX9R1HMQl1WZErZR30yg9MWi/+8WJrQaoqkw6pDnukTi24oZaKNwtaD0 +vs5O7PI9eIAEGAPOKEVtDg5MC9oIXNrR729tKD7CLmtsqHJJOeE+nrFRNJSeJQ68 +TvGoaDqLY9ca09xY0FGIptRZ +-----END PRIVATE KEY----- +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCx6CjBgBksqvps +s+IN+l9m6Za65F9YApc8QT/4Jv4ZpgPkS22ryhhGrWvs/fsTSA/2B5FRo81VgSlu +6QfGE06kiziXDri97/rVLYFTEv7yE9/uXQiJY7Y3IkHJOQK3YR87IY1tl2YXM4ZI +iNMVd+Em9f/9EyZKjnh1Q7daahellH+0XexR5CWeJvfePKrcJWGa67lmX0cGEnOk +uGHsVk0o42ZqP1+f7l5lEstCiE/6tAuaydU/XRj45tOuATIZHkdFAqyOY+Iw6moj +5Pa+Oqoz0ljI8RazKef3cJ1Ihme2/ur/Nso6phrk+tGCftMa5rZ471UTuGz8hGxj +jmghDkFhAgMBAAECggEAMcxK0DMTmOG5HEFT1tbM6okbBHBVUdTT0W1wQv1jJfnG +4BnO9oWouuvjKGDFbVXABf2DS0de+/6eAuoen26bFkrUCdB4nM32N8K3jvHjxA4V +IesPrylmgVNI99LJ9FuuusX/CPyWeosVHOuTrlAyiU3VnFjGYJs1k5ljUt8chF+v +X5XY9k7pot6cnxKjq2bTA1NxMg3uXv71xmLSIc1SshaG1OqBpCfqCT2wusHydinM ++SsuQIXulwB/+QNSmEmrYDq/jrQrjZItkcEg95CeMBvglWbjf0nk1JjKugw/rdSL +smw//tlSIwHt5+icAPNmXkIxK0Y+gr8e6WfhIfQeowKBgQDohUjy/NLkUTM0k1/8 +8WmDQoRiMVsHIg7agQUOSvh3QbUQ6eiub0ZJNlVSA2m77ZJifVl3Dw2hS6f1N/45 +pckEwbKbcsS7gfpyUMRRJdw7qMI9OoFGZvhFZtxlF1mGFKwArGfdDNdlDjn8wKxn +UH8KbH8dXqSW34LSRVrkdwfD1wKBgQDD3xhQx6z7MWpODYEvpK+m6dZ3ERSSNopE +uhuM5L4ZHoRY++K+vsZgbS+rPdcP6mEpWyyfssDkrJv/utdYYjFEaYkwLDYO8Tpf ++Qw/ks57JgUUlPfZiJC5QYV8Px3pTSN7P3z4Fykst9WwMKAii9hunalg/LJLAGyf +K1tbDpp9hwKBgQCMRyz1e1X37I0J4Qd94F8Zk12up7wVF5UCeegE8XHo8Lk+FQAN +jJBIxwC+U9TMTc2MobcBvxEoCC6yIC+9s6kMt5b7dUf/H7FqmhN2KXMugud8bPlk +8eZCaIX6bxXRcFM8rMaUc5TXILgXJl5cjhG2xjICFAEUDJAuLy1gu/bxTQKBgBWe +0I5KHBv2DmfjMblSklj4QsYNypmBD64aZOQec6VOKwmvdA3d/QOzyak7QDvvgR4R +hFF0Z7pWGzoVI6QL4qhMheodVzI7CliBowp5Z/VL8w+ciecnHeJ1Cwj15pVUAHCg +R2kTFWZsPFggZeyqRw+es42TFxMUTuka3hClAgSNAoGBAL4FfJ2hZ6acgsc0tw/R +4qrqP1viQX9R1HMQl1WZErZR30yg9MWi/+8WJrQaoqkw6pDnukTi24oZaKNwtaD0 +vs5O7PI9eIAEGAPOKEVtDg5MC9oIXNrR729tKD7CLmtsqHJJOeE+nrFRNJSeJQ68 +TvGoaDqLY9ca09xY0FGIptRZ -----END PRIVATE KEY----- diff --git a/bitrepository-core/src/test/resources/client80-certkey.pem b/bitrepository-core/src/test/resources/client80-certkey.pem index 74e02e1a0..06c484dd4 100644 --- a/bitrepository-core/src/test/resources/client80-certkey.pem +++ b/bitrepository-core/src/test/resources/client80-certkey.pem @@ -1,77 +1,78 @@ -----BEGIN CERTIFICATE----- -MIIDkTCCAnmgAwIBAgIJAJ8IPxJseYAfMA0GCSqGSIb3DQEBBQUAMF8xCzAJBgNV -BAYTAkRLMRAwDgYDVQQIDAdEZW5tYXJrMQ8wDQYDVQQHDAZBYXJodXMxGjAYBgNV -BAoMEUJpdHJlcG9zaXRvcnkub3JnMREwDwYDVQQDDAhjbGllbnQ4MDAeFw0xNDA3 -MjkxNDAzMDlaFw0yNDA3MjYxNDAzMDlaMF8xCzAJBgNVBAYTAkRLMRAwDgYDVQQI -DAdEZW5tYXJrMQ8wDQYDVQQHDAZBYXJodXMxGjAYBgNVBAoMEUJpdHJlcG9zaXRv -cnkub3JnMREwDwYDVQQDDAhjbGllbnQ4MDCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBANjHnrczcJaZx5aczK3BpW71Rh2X44qUy2rw1sf65P3WP/vjCNQ0 -7TgyaPxkTOBs34Uavkj6D0ocMNNcwVDS/BtqPR73iYBBBJmpR64AzGIh8jItgUuK -9X74eL2QrWnty78I1c4lsfq85Ua+MHfEfQcIbVaRrBplAAAbPqdan/2LwmVRNcmQ -3lBTT0UEUyshhygDvR/wljcDSNPAjTukor88O1mPh3hgBv4yPgmiwQe4BAh0/Imn -gtyLdmOFS2cQp2S8sFZS3LJ6kl7yaP74esnNmVmngIVtZ3jlP3xDgl7tV+4OSPjD -PNNhKIXl/ywEY1Q/hEkuNPbBI9nQTYplrIMCAwEAAaNQME4wHQYDVR0OBBYEFB1l -YxF7a4Blqm/WZ6jcTAb0nrF3MB8GA1UdIwQYMBaAFB1lYxF7a4Blqm/WZ6jcTAb0 -nrF3MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAATWp9ChCvLp22Xj -c84P+mq4eJhsOtHb/yxHjARpzVu4wi3Uvm9maQuYm7oNk3uhrzTLFDl5wHUUCZbL -0s3075it+jtBy3d5AGCDLbvoi8uiL2ngy/ScqttSx4ipXNTteM7UI7gnk3LwBVVb -4sFrtnAJNo8hT9rTJtD/6ZLDs0eYzoUshZW8Xbxd3h/1W+dfQiR7PO5Zqvqkmn+T -gko3OaiQMCz+IqE+/2tSMFlK7/DlpB/4MFECs5C7U9yqn9ulHEqo8vJF1rUjG5fL -YEn++kulWJnt4beI6UruCwCqCtBRKR38cPahK6Ic168h99ztO6JuvSm3v9LpDtXl -vSBi6TA= +MIIDnzCCAoegAwIBAgIUWeU8piI5OuruthOY1YT0PTUNatYwDQYJKoZIhvcNAQEL +BQAwXzELMAkGA1UEBhMCREsxEDAOBgNVBAgMB0Rlbm1hcmsxDzANBgNVBAcMBkFh +cmh1czEaMBgGA1UECgwRQml0cmVwb3NpdG9yeS5vcmcxETAPBgNVBAMMCGNsaWVu +dDgwMB4XDTI0MTAwMjA5NDIzN1oXDTM0MDkzMDA5NDIzN1owXzELMAkGA1UEBhMC +REsxEDAOBgNVBAgMB0Rlbm1hcmsxDzANBgNVBAcMBkFhcmh1czEaMBgGA1UECgwR +Qml0cmVwb3NpdG9yeS5vcmcxETAPBgNVBAMMCGNsaWVudDgwMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxGerXDFra1DVaHhTCmYKbV3y9hEYGD5uymtB +jThTOvtrBfs6cnYjgPXvnApjRlM4a43JDf+XX8rA2zb6sn48tCqXPmpyDFnUeH07 +NjEs/l3PxtKnxCEs44z9Ktk/3DtH0y6wL9bOvCjF0TXjyLo/BnnMmbO5qSZC13du +9WX9g9s2B/ZedWx1Ng79OuRrMbxfNoaxzBZ2U+cdd9+BLKeDImGDgOnFoNwpekbA +deRXKIoFE2kiT8/U2UAMZTpqFv7RaZMykeNXnwLxur5eJRMh1UaiwHDIvAKqXclM +CeAM7nCiVIWfpJVeXp2FGpzz3QkPnXfs5xaSBpSsICILAAjMDQIDAQABo1MwUTAd +BgNVHQ4EFgQUIiXI6J/Y3NZL0SyQz6aIsPaLLM4wHwYDVR0jBBgwFoAUIiXI6J/Y +3NZL0SyQz6aIsPaLLM4wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC +AQEAa00BMz2QqoJgu+YAm9LVTob2rkcbTxvgS2wRrCsZIOMrS2e6UAJJTPa3aRR5 ++HunzXy7Fvf3lR7tulFFQ2KXNzBiffMF3kBPwUEb/i+o/6VCqMsS27NvwsD8Ampe +WbwjDvuu18q3pR/xTNvLb0vMFInflntZP5jJrBvSZlzxFYtMcDkQgfmXT38qvQ5X +KdNP4DOhvZazn2v+OAL0tBN7pbDyZ150sToWaOfMJYvod/irz0hYpscL1a+3Jh6Z +tj+OcM3bH45qwKDB0m9aMhsd1nTRfFTYxPy9IIFV1GDJ4BQxjsWtnkMAxzSrN5tu +p1baaRdWIAGyGDHHi+78+KnC1w== -----END CERTIFICATE----- ------BEGIN RSA PRIVATE KEY----- -MIIEpgIBAAKCAQEA2MeetzNwlpnHlpzMrcGlbvVGHZfjipTLavDWx/rk/dY/++MI -1DTtODJo/GRM4GzfhRq+SPoPShww01zBUNL8G2o9HveJgEEEmalHrgDMYiHyMi2B -S4r1fvh4vZCtae3LvwjVziWx+rzlRr4wd8R9BwhtVpGsGmUAABs+p1qf/YvCZVE1 -yZDeUFNPRQRTKyGHKAO9H/CWNwNI08CNO6Sivzw7WY+HeGAG/jI+CaLBB7gECHT8 -iaeC3It2Y4VLZxCnZLywVlLcsnqSXvJo/vh6yc2ZWaeAhW1neOU/fEOCXu1X7g5I -+MM802EoheX/LARjVD+ESS409sEj2dBNimWsgwIDAQABAoIBAQC7OZ0QqPLCf0ps -ADyejTLuZBQMlxREqkINuLgnu79upE5apDkJ3jRLZu5Znd7vrdhWw0Q5Dw+JeFOL -GP81aSOoIddsGWq+RGlOtW9dDv92ec8OG1MiBYAGC19sibncVS61bVILW28eGWsD -8Fs39ZHuMw8Lx4CWw0h+zwkLzS+E8EsD5Xko+1Mj2vuxFqKkLNZ2Z5+tAL0mwc4f -+0UuXKRTCV7uczziBPGqHud184DRf7anLslLmkTVCY5J/2ZjvWbjI5TlcA7UfU1c -QhMD6hMrb2NazO1S36FSA8kc1RkOy8R2FNZIZTa925RorhWMYEbCBVt2G2d8/PMc -rlIytABBAoGBAPHCe3zqvbr9VbIG93v1MIVXrpQsviac+F5cnVn7VZGb5N65RTG9 -yQLG2r5xpSX8rITOEMDiIvQYfpSdQDTw22Pbn55zU1yN8iTjRtvH65ym58Z2FCMn -koOrPQFjlkzlFvsd0PSRdoU8tjkBObffclj8LDa3vUg0LgERq+r/jX4TAoGBAOWM -dnwwuwo3njrxfuFGWj/83SRxQ48AWCASF3Z4iYaR2AkuXn3U2aE79ibAuk2CNZ8q -AzCCJv80utUKT/oW7CeAM5WRdOARqcU+4tnLl6r1XA4zQdhVaUIIfCGLrn5t5wcm -8eos3gVSXOE5meWTxPGqj9Ya50eO5Sk7pe6p0yXRAoGBAL5WHLz7X0bxnt9bpsr7 -/ihtIPBdzZM+8DfyeJvYScUq1GUZvkVsIu7BuoRHmvsuVHD2f7AsGdLN2hKNP3iu -zDtxNNkd+NqckrDCEw6D9pbNvRq96hrHVA2/6nbGfhWqI46vKczzHTnG07xLn7KJ -BFDUsMafoDFRi4qh7BVG/5HrAoGBAKrXh7eWbR6FlnY4Fj6DpdfJ0qy0v5tGnlAA -JwY9X92P3kG3CQyNxguCHQlqlz3okxAKrKUFuRBnpkW4jx2KwegEOmAvCdVaUAhF -bYC7Tf4m7oSDEZZ4uwYyWnB9DTl7gl6IVbP8AKHlUsstm6SJ/iH+1156V3eimlu9 -0Rl3u3aBAoGBAOiD4cw3A+MzyaZMx3lfMtsklB8rAV8w3wMWurcNfLngvmMXLW2n -oiK6z74bDRzYUlIl4SINXO8Y38wjvXWJwc+j+G7zeGnVjM5J4RcY9QCif8+1plJk -nEIOONDF9g/hrO1djdabgbaQqSpr5ymeQJ2H6SFExTP6ILLgbwMGXhvN ------END RSA PRIVATE KEY----- -----BEGIN PRIVATE KEY----- -MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQDYx563M3CWmceW -nMytwaVu9UYdl+OKlMtq8NbH+uT91j/74wjUNO04Mmj8ZEzgbN+FGr5I+g9KHDDT -XMFQ0vwbaj0e94mAQQSZqUeuAMxiIfIyLYFLivV++Hi9kK1p7cu/CNXOJbH6vOVG -vjB3xH0HCG1WkawaZQAAGz6nWp/9i8JlUTXJkN5QU09FBFMrIYcoA70f8JY3A0jT -wI07pKK/PDtZj4d4YAb+Mj4JosEHuAQIdPyJp4Lci3ZjhUtnEKdkvLBWUtyyepJe -8mj++HrJzZlZp4CFbWd45T98Q4Je7VfuDkj4wzzTYSiF5f8sBGNUP4RJLjT2wSPZ -0E2KZayDAgMBAAECggEBALs5nRCo8sJ/SmwAPJ6NMu5kFAyXFESqQg24uCe7v26k -TlqkOQneNEtm7lmd3u+t2FbDRDkPD4l4U4sY/zVpI6gh12wZar5EaU61b10O/3Z5 -zw4bUyIFgAYLX2yJudxVLrVtUgtbbx4ZawPwWzf1ke4zDwvHgJbDSH7PCQvNL4Tw -SwPleSj7UyPa+7EWoqQs1nZnn60AvSbBzh/7RS5cpFMJXu5zPOIE8aoe53XzgNF/ -tqcuyUuaRNUJjkn/ZmO9ZuMjlOVwDtR9TVxCEwPqEytvY1rM7VLfoVIDyRzVGQ7L -xHYU1khlNr3blGiuFYxgRsIFW3YbZ3z88xyuUjK0AEECgYEA8cJ7fOq9uv1Vsgb3 -e/UwhVeulCy+Jpz4XlydWftVkZvk3rlFMb3JAsbavnGlJfyshM4QwOIi9Bh+lJ1A -NPDbY9ufnnNTXI3yJONG28frnKbnxnYUIyeSg6s9AWOWTOUW+x3Q9JF2hTy2OQE5 -t99yWPwsNre9SDQuARGr6v+NfhMCgYEA5Yx2fDC7CjeeOvF+4UZaP/zdJHFDjwBY -IBIXdniJhpHYCS5efdTZoTv2JsC6TYI1nyoDMIIm/zS61QpP+hbsJ4AzlZF04BGp -xT7i2cuXqvVcDjNB2FVpQgh8IYuufm3nBybx6izeBVJc4TmZ5ZPE8aqP1hrnR47l -KTul7qnTJdECgYEAvlYcvPtfRvGe31umyvv+KG0g8F3Nkz7wN/J4m9hJxSrUZRm+ -RWwi7sG6hEea+y5UcPZ/sCwZ0s3aEo0/eK7MO3E02R342pySsMITDoP2ls29Gr3q -GsdUDb/qdsZ+Faojjq8pzPMdOcbTvEufsokEUNSwxp+gMVGLiqHsFUb/kesCgYEA -qteHt5ZtHoWWdjgWPoOl18nSrLS/m0aeUAAnBj1f3Y/eQbcJDI3GC4IdCWqXPeiT -EAqspQW5EGemRbiPHYrB6AQ6YC8J1VpQCEVtgLtN/ibuhIMRlni7BjJacH0NOXuC -XohVs/wAoeVSyy2bpIn+If7XXnpXd6KaW73RGXe7doECgYEA6IPhzDcD4zPJpkzH -eV8y2ySUHysBXzDfAxa6tw18ueC+YxctbaeiIrrPvhsNHNhSUiXhIg1c7xjfzCO9 -dYnBz6P4bvN4adWMzknhFxj1AKJ/z7WmUmScQg440MX2D+Gs7V2N1puBtpCpKmvn -KZ5AnYfpIUTFM/ogsuBvAwZeG80= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDEZ6tcMWtrUNVo +eFMKZgptXfL2ERgYPm7Ka0GNOFM6+2sF+zpydiOA9e+cCmNGUzhrjckN/5dfysDb +Nvqyfjy0Kpc+anIMWdR4fTs2MSz+Xc/G0qfEISzjjP0q2T/cO0fTLrAv1s68KMXR +NePIuj8GecyZs7mpJkLXd271Zf2D2zYH9l51bHU2Dv065GsxvF82hrHMFnZT5x13 +34Esp4MiYYOA6cWg3Cl6RsB15FcoigUTaSJPz9TZQAxlOmoW/tFpkzKR41efAvG6 +vl4lEyHVRqLAcMi8AqpdyUwJ4AzucKJUhZ+klV5enYUanPPdCQ+dd+znFpIGlKwg +IgsACMwNAgMBAAECggEATMBAcEolsq3Hf8hJly4yE/QbTnp2on6/V93bI38n00xN +0ewPtowhKrOw+5b5nZFG4ozpTU2cz4PRorjU9iyrtzJPoUYCpH30MFOr8Gz+Krbp +S8alZdkbDB9cDcMRGBSYaFf95Ov6JQB/8VYwWhAiMfsl78iSnJ3FkCLtmvtMuxod +13q0r01AHhDmYZJ+JyhLLcciCd9rP0tkIz582UjWk2bfxX54RbjPqHL4nuneKNwo +O3bM6ciRXknrewctHPwQ0rHAqrrNiqCpJH9TWxGvuPo/wE1YOU6hT9rwfBN+YzY0 +NZXgIojDl+nJT8mFETRrhzWLh2ZXGvBvQsI4yl5+NwKBgQD+bhFqjvghXFWmqxIh +Jz0qBFvLY1KgxHr2QTCYx+gzvI482sn+7BiNh+Q9LbRoKUL8VHZeB0e9gzqYoAe4 +Ak8mAzlcT/1jeFC0242tdfWY5yUn9GMg407DmgZXu80CiNMiUvOV7EIIfuDyWUoV +GrK6CEZF2HFDqUB2muJSkOWLBwKBgQDFne/tNTe+QjiPvRbRoP7m7WcVCkEREE7n +5fHxwcmK10oM7xTwH0jZyKpnEx/GREBC0iPeKXCGONNM06kYfLjEiXIeTZQqH+1P +k9yFavfITryHXxUDKuKvoKDhQKzSqalSKsNBbZZSWohOtRSWT8T05CLGutJIWWe4 +FHw+wM0nSwKBgHrYdCpKC344EdbeRGujgYG3BwdF1pBvLZuW0DsEUpYgVWEGln8y +SYyUb1wmpDOisIga0+gEhdv376PfqLpsywBkkB6FNKgBYJ5iX57AFKwV9re65N3t +Qoto4+UadRrjK2YoPRpHL37gnAYHnKBh+qed9SgmIFH1930MvXf2JA6jAoGBAJyC +/uAO8wwzpFprNyRl7xx0T90BFxFtqiDOJHYFthrJcfOWcy3OiUM7Q4KJSfQcYAzM +I+4zQdR8MxW42Ub0mN3HweMwLDXEvY32HIRqeL5jZbuNWbX9hDX28RQVxgq+psTV +63jpU1H8M9KqZhi6KtKN0OE2W49Dh/rp9pE44ALLAoGAMXvnLs5hc1gCJMaOXXW9 +98jApYpKk5iibNCakQpImgbi1D/tWeZo3XEiv8BHRoDH8yOmE3uE7nhZngGC7N0Y +yk0YiG6hGDG3/LctvmMDzBylA2Dis88c2ZGp4xFoMK12EnuboA3DNpAF51UJhXTV +29zatSnTl91KSnQ7LBqmCyY= +-----END PRIVATE KEY----- +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDEZ6tcMWtrUNVo +eFMKZgptXfL2ERgYPm7Ka0GNOFM6+2sF+zpydiOA9e+cCmNGUzhrjckN/5dfysDb +Nvqyfjy0Kpc+anIMWdR4fTs2MSz+Xc/G0qfEISzjjP0q2T/cO0fTLrAv1s68KMXR +NePIuj8GecyZs7mpJkLXd271Zf2D2zYH9l51bHU2Dv065GsxvF82hrHMFnZT5x13 +34Esp4MiYYOA6cWg3Cl6RsB15FcoigUTaSJPz9TZQAxlOmoW/tFpkzKR41efAvG6 +vl4lEyHVRqLAcMi8AqpdyUwJ4AzucKJUhZ+klV5enYUanPPdCQ+dd+znFpIGlKwg +IgsACMwNAgMBAAECggEATMBAcEolsq3Hf8hJly4yE/QbTnp2on6/V93bI38n00xN +0ewPtowhKrOw+5b5nZFG4ozpTU2cz4PRorjU9iyrtzJPoUYCpH30MFOr8Gz+Krbp +S8alZdkbDB9cDcMRGBSYaFf95Ov6JQB/8VYwWhAiMfsl78iSnJ3FkCLtmvtMuxod +13q0r01AHhDmYZJ+JyhLLcciCd9rP0tkIz582UjWk2bfxX54RbjPqHL4nuneKNwo +O3bM6ciRXknrewctHPwQ0rHAqrrNiqCpJH9TWxGvuPo/wE1YOU6hT9rwfBN+YzY0 +NZXgIojDl+nJT8mFETRrhzWLh2ZXGvBvQsI4yl5+NwKBgQD+bhFqjvghXFWmqxIh +Jz0qBFvLY1KgxHr2QTCYx+gzvI482sn+7BiNh+Q9LbRoKUL8VHZeB0e9gzqYoAe4 +Ak8mAzlcT/1jeFC0242tdfWY5yUn9GMg407DmgZXu80CiNMiUvOV7EIIfuDyWUoV +GrK6CEZF2HFDqUB2muJSkOWLBwKBgQDFne/tNTe+QjiPvRbRoP7m7WcVCkEREE7n +5fHxwcmK10oM7xTwH0jZyKpnEx/GREBC0iPeKXCGONNM06kYfLjEiXIeTZQqH+1P +k9yFavfITryHXxUDKuKvoKDhQKzSqalSKsNBbZZSWohOtRSWT8T05CLGutJIWWe4 +FHw+wM0nSwKBgHrYdCpKC344EdbeRGujgYG3BwdF1pBvLZuW0DsEUpYgVWEGln8y +SYyUb1wmpDOisIga0+gEhdv376PfqLpsywBkkB6FNKgBYJ5iX57AFKwV9re65N3t +Qoto4+UadRrjK2YoPRpHL37gnAYHnKBh+qed9SgmIFH1930MvXf2JA6jAoGBAJyC +/uAO8wwzpFprNyRl7xx0T90BFxFtqiDOJHYFthrJcfOWcy3OiUM7Q4KJSfQcYAzM +I+4zQdR8MxW42Ub0mN3HweMwLDXEvY32HIRqeL5jZbuNWbX9hDX28RQVxgq+psTV +63jpU1H8M9KqZhi6KtKN0OE2W49Dh/rp9pE44ALLAoGAMXvnLs5hc1gCJMaOXXW9 +98jApYpKk5iibNCakQpImgbi1D/tWeZo3XEiv8BHRoDH8yOmE3uE7nhZngGC7N0Y +yk0YiG6hGDG3/LctvmMDzBylA2Dis88c2ZGp4xFoMK12EnuboA3DNpAF51UJhXTV +29zatSnTl91KSnQ7LBqmCyY= -----END PRIVATE KEY----- diff --git a/bitrepository-core/src/test/resources/client90-certkey.pem b/bitrepository-core/src/test/resources/client90-certkey.pem index bd532f1d1..b7475f13a 100644 --- a/bitrepository-core/src/test/resources/client90-certkey.pem +++ b/bitrepository-core/src/test/resources/client90-certkey.pem @@ -1,77 +1,78 @@ -----BEGIN CERTIFICATE----- -MIIDkTCCAnmgAwIBAgIJAK/RxZXju3LcMA0GCSqGSIb3DQEBBQUAMF8xCzAJBgNV -BAYTAkRLMRAwDgYDVQQIDAdEZW5tYXJrMQ8wDQYDVQQHDAZBYXJodXMxGjAYBgNV -BAoMEUJpdHJlcG9zaXRvcnkub3JnMREwDwYDVQQDDAhjbGllbnQ5MDAeFw0xNDA3 -MjkxNDAzMTBaFw0yNDA3MjYxNDAzMTBaMF8xCzAJBgNVBAYTAkRLMRAwDgYDVQQI -DAdEZW5tYXJrMQ8wDQYDVQQHDAZBYXJodXMxGjAYBgNVBAoMEUJpdHJlcG9zaXRv -cnkub3JnMREwDwYDVQQDDAhjbGllbnQ5MDCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBAPkJis5DwU/1hha5Z6WZqqnBZqlcQWW3lSOn299UG4IqlMVmjidk -bc0+m1TGlk9ljnaDuwWWW70ushgOSGWXnskVkIYuUjHqrvf5AYGVH71kgYh9lf6F -GSayt2MCGrb2CTFJbmrBkKEPDNGynIjXd/J31gya9uOm7xf0K8ILe+HUn4U/4ukg -rDGQ9pKEfZNZtrKdtPRxvOiCPEuhr/wKCo9lcGsfCzHkpyA7vwmAL8z3h9F6ykNL -60MrI6bI4wyyDD3/rMTXJQq2IcgqnYL4NuG1dKLvO5XWdS6HvAxytcw+P6wnLKRJ -FO4EUN03Yy0j1yFUtkSp5jwD7yYAL3MEdDECAwEAAaNQME4wHQYDVR0OBBYEFLj+ -l1tHSxDKqiHz51ICD/snnN35MB8GA1UdIwQYMBaAFLj+l1tHSxDKqiHz51ICD/sn -nN35MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADiEZhWN9BfxbU0N -HHmxvW64nNL7mZM1EYak6xGnOg9eryvi02AQMsFosmID4LC1330T9CAzmH5sS8Dx -62r10ZCaCFMZG1JD2IN24mlantizMzcFDqyl+zaAPfSU3RgjNsD2vjxgB4f9vLY4 -kcQqIV7MAg6pjQOhGEuiQU67+X45DnpVO6pfS9FTafuAg2ogYlTmb1ONQfQw2msc -3jEDtD878eOHXHhSKU7doN3ymikSUopaAXG/y8zPcH+eYqKbHGYov+nYDfz9MoLp -ldNjVbpoXMzQcYxC1kzgjAXgazxis4q1DQaAnCfIp3VstK+ilbeZA3p7Tda3Zh/H -njr8Biw= +MIIDnzCCAoegAwIBAgIUc+QAiBkq3O5nlW82O83yPFa6AWMwDQYJKoZIhvcNAQEL +BQAwXzELMAkGA1UEBhMCREsxEDAOBgNVBAgMB0Rlbm1hcmsxDzANBgNVBAcMBkFh +cmh1czEaMBgGA1UECgwRQml0cmVwb3NpdG9yeS5vcmcxETAPBgNVBAMMCGNsaWVu +dDkwMB4XDTI0MTAwMjA5NTA0NloXDTM0MDkzMDA5NTA0NlowXzELMAkGA1UEBhMC +REsxEDAOBgNVBAgMB0Rlbm1hcmsxDzANBgNVBAcMBkFhcmh1czEaMBgGA1UECgwR +Qml0cmVwb3NpdG9yeS5vcmcxETAPBgNVBAMMCGNsaWVudDkwMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0k2xM5fsoaKA81InlKIfEy49FrAXMu/9T0ao +tURz6/ZA/yM4AWMhXDFz3Q/KFgQoSXXguTKR7C0cEKXErdtC2MTZgBCwcmwMyzXr ++vEP0fiQ7GTB4WnEILpoxSiDqPfkZJ7nIMJ7rfvmyryhPH4jy44DLt691lL7ilxA +edaewdhQDeO2hIDl4o4cDo2XhrJM1WgyZmv2SvLJz9WUvrZPHd9zA2anNApoTz64 +O3qCZTlqJsQVTEFVmeaG4cuCIthKqYpVbaiNVoXk40iFWNq9KOpRuq3JyT1V+N3H ++0QUSkxXTKoUcThFF3nu1cx324gZqVWM0K/hulClz7QKxKB0mwIDAQABo1MwUTAd +BgNVHQ4EFgQUVmhjh78TERGk9QsNilh8ZGSBgzswHwYDVR0jBBgwFoAUVmhjh78T +ERGk9QsNilh8ZGSBgzswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC +AQEAJz/9CyhLpZbc8I99yX5vSnJ/90MDmX5SWoQUxxI/cfW9SgGGkjwtEDUA2pm0 +CvHr07f8NCPlmY4pJH0pTvm4CuKlvRS0ZzswryYdkO9W4glL8aBSgAJCiXUG8RKa +tpAjV0Mh2Uo4n4QH/h6BrOZGO7FN/1aA8hUQhaHJwNLtp45p5IVUFTFLlcCzwcd4 +LQxLDUH/gvc0+mikSwjxbf/53ieAIJufBnj7uCTbdRAqKWPvhMdOXUacaT7Jw5A9 +adbUgVV643Q1wLrtdtibeAdWL8gUXPEl7PnheXXWfTttCKsmKRe0VYGpv0tzrNqK +TIfZ7Zt7iFjzoNzlYh4B+sLvgQ== -----END CERTIFICATE----- ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEA+QmKzkPBT/WGFrlnpZmqqcFmqVxBZbeVI6fb31QbgiqUxWaO -J2RtzT6bVMaWT2WOdoO7BZZbvS6yGA5IZZeeyRWQhi5SMequ9/kBgZUfvWSBiH2V -/oUZJrK3YwIatvYJMUluasGQoQ8M0bKciNd38nfWDJr246bvF/Qrwgt74dSfhT/i -6SCsMZD2koR9k1m2sp209HG86II8S6Gv/AoKj2Vwax8LMeSnIDu/CYAvzPeH0XrK -Q0vrQysjpsjjDLIMPf+sxNclCrYhyCqdgvg24bV0ou87ldZ1Loe8DHK1zD4/rCcs -pEkU7gRQ3TdjLSPXIVS2RKnmPAPvJgAvcwR0MQIDAQABAoIBAQDQZo7U21hbDFCg -lZjJuNVbZ2/8zCoh78YLZ34U3rKCdBW5N4BAMMe+GOUtxV2lpYvZW5VXMKMmpnv8 -q38kHQSQq84cq4i3Ivg2pRcAlIVSHVhUmxu5OTJ58taKMQmgEDZTG2seRUs9rHWC -yiA6V22V53ilZcyzZ0/v0LIJmUibCoe3U8iukiYTDORryvHg/1AMFdjR7t9oAgXt -Wln/WxI54zEP8s2Y8YyLPa94/2xR2gMR6PCISOUyvD+gYmkC9NdJkrQ9im3pBVXS -mJTez+CcgE4LmhypryzGK5ob1zpnKwh3nTEvicn+jBTiedncadS6jtbw//9mInmJ -bNgJhxIBAoGBAPz86aqcHX9xjTW3ncTaV/zbGtGUExGU84HaDqvPNQI84T2m/kF3 -bK3NgHIX8hict3lT/0GjWZSMswtSWGZdHJEA5Q0/8Kw8Azc45gobYme44YLwcwU6 -PfgUPnkogpEPgT2ct3bzC/zzRlbdmEDlGseVOHWWR3rj95Kt9ngcUVxRAoGBAPwA -lo/SXWps+mMsIm4JetyUCaea+yOrWBrtQLvvwLS0+7D8E+qH2+H66fdyxrN2e0AP -Az/8rTIrdASvOrO2s/5/TJH4yoEswCtHrMPg7XqrVSXx8uaqCQnJN696G0YDPWKx -B8CmKqTNiI4xA3pANqayH3KkZA0bvXA6fFMARgHhAoGAM1pHOCl+V1s+VbQS412K -1LnJBNew0zXQBAC2T6u8z9p5wiD+pV1PgywesYooy1QsbgVd3/3/dgblZRvu88Bc -xxZOaFUdTmjUIkZ7c3vBitpddE3ImzwKTiwVzlQpxLZH/rCsEQoe2dar5YAPosSe -nfqtPjkmA0z4+R401IazATECgYAenYutKWeD+H1q8v+z0p8EkU+i9ycvrC9mBhDp -RDVrPtmdJOLeiWbjS3KFR4JwZyKOI8THT1FTWQgdUZSWJMo1Tw3kZg9kJiWqnGiW -24q+bnZHx980us+iSrnjLbiGhvo8NTm14/omT3oZnEbJ4WdCVT2Q1fv5w7b+HXzh -MJVQwQKBgCHqzHvRcbTM3EqIWTb0EQqxSXRnoDNxYrYL7geH3z1cI0T5IPW6D6h3 -H8HuYbG3lSdOqoNiz1aiJye+MVVHvW2ckH9xvIw+syZamEZP4jX5XHiZDeVrdgmo -CJmpOibIjm77KANEozdKtdOpuDnSBxNhrS8vYGEMieYSC+fKHR6o ------END RSA PRIVATE KEY----- -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQD5CYrOQ8FP9YYW -uWelmaqpwWapXEFlt5Ujp9vfVBuCKpTFZo4nZG3NPptUxpZPZY52g7sFllu9LrIY -Dkhll57JFZCGLlIx6q73+QGBlR+9ZIGIfZX+hRkmsrdjAhq29gkxSW5qwZChDwzR -spyI13fyd9YMmvbjpu8X9CvCC3vh1J+FP+LpIKwxkPaShH2TWbaynbT0cbzogjxL -oa/8CgqPZXBrHwsx5KcgO78JgC/M94fRespDS+tDKyOmyOMMsgw9/6zE1yUKtiHI -Kp2C+DbhtXSi7zuV1nUuh7wMcrXMPj+sJyykSRTuBFDdN2MtI9chVLZEqeY8A+8m -AC9zBHQxAgMBAAECggEBANBmjtTbWFsMUKCVmMm41Vtnb/zMKiHvxgtnfhTesoJ0 -Fbk3gEAwx74Y5S3FXaWli9lblVcwoyame/yrfyQdBJCrzhyriLci+DalFwCUhVId -WFSbG7k5Mnny1ooxCaAQNlMbax5FSz2sdYLKIDpXbZXneKVlzLNnT+/QsgmZSJsK -h7dTyK6SJhMM5GvK8eD/UAwV2NHu32gCBe1aWf9bEjnjMQ/yzZjxjIs9r3j/bFHa -AxHo8IhI5TK8P6BiaQL010mStD2KbekFVdKYlN7P4JyATguaHKmvLMYrmhvXOmcr -CHedMS+Jyf6MFOJ52dxp1LqO1vD//2YieYls2AmHEgECgYEA/Pzpqpwdf3GNNbed -xNpX/Nsa0ZQTEZTzgdoOq881AjzhPab+QXdsrc2AchfyGJy3eVP/QaNZlIyzC1JY -Zl0ckQDlDT/wrDwDNzjmChtiZ7jhgvBzBTo9+BQ+eSiCkQ+BPZy3dvML/PNGVt2Y -QOUax5U4dZZHeuP3kq32eBxRXFECgYEA/ACWj9Jdamz6Yywibgl63JQJp5r7I6tY -Gu1Au+/AtLT7sPwT6ofb4frp93LGs3Z7QA8DP/ytMit0BK86s7az/n9MkfjKgSzA -K0esw+DteqtVJfHy5qoJCck3r3obRgM9YrEHwKYqpM2IjjEDekA2prIfcqRkDRu9 -cDp8UwBGAeECgYAzWkc4KX5XWz5VtBLjXYrUuckE17DTNdAEALZPq7zP2nnCIP6l -XU+DLB6xiijLVCxuBV3f/f92BuVlG+7zwFzHFk5oVR1OaNQiRntze8GK2l10Tcib -PApOLBXOVCnEtkf+sKwRCh7Z1qvlgA+ixJ6d+q0+OSYDTPj5HjTUhrMBMQKBgB6d -i60pZ4P4fWry/7PSnwSRT6L3Jy+sL2YGEOlENWs+2Z0k4t6JZuNLcoVHgnBnIo4j -xMdPUVNZCB1RlJYkyjVPDeRmD2QmJaqcaJbbir5udkfH3zS6z6JKueMtuIaG+jw1 -ObXj+iZPehmcRsnhZ0JVPZDV+/nDtv4dfOEwlVDBAoGAIerMe9FxtMzcSohZNvQR -CrFJdGegM3FitgvuB4ffPVwjRPkg9boPqHcfwe5hsbeVJ06qg2LPVqInJ74xVUe9 -bZyQf3G8jD6zJlqYRk/iNflceJkN5Wt2CagImak6JsiObvsoA0SjN0q106m4OdIH -E2GtLy9gYQyJ5hIL58odHqg= +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDSTbEzl+yhooDz +UieUoh8TLj0WsBcy7/1PRqi1RHPr9kD/IzgBYyFcMXPdD8oWBChJdeC5MpHsLRwQ +pcSt20LYxNmAELBybAzLNev68Q/R+JDsZMHhacQgumjFKIOo9+Rknucgwnut++bK +vKE8fiPLjgMu3r3WUvuKXEB51p7B2FAN47aEgOXijhwOjZeGskzVaDJma/ZK8snP +1ZS+tk8d33MDZqc0CmhPPrg7eoJlOWomxBVMQVWZ5obhy4Ii2EqpilVtqI1WheTj +SIVY2r0o6lG6rcnJPVX43cf7RBRKTFdMqhRxOEUXee7VzHfbiBmpVYzQr+G6UKXP +tArEoHSbAgMBAAECggEATzZeUW2e/r7DzWKbb/ukssfO0LXg9xm4Et0tfKFc/HrT +voYYeUVKcnxaBOEGoEZOmmThEUC///J5yLd3nnig9B8pQXiHzYFvTDdyPCICcHcs +ty24bVw2OJGeFu0Msl800sWbjxZSGZVxN9nW7X8honFKN6REYu78uf/HdVzmjWJq +1M4yeQ8BH+8obyc6VOJeQRmoylEqZQngboVuz7nhwDJ2UjXxXAbcmI23Vm4CbBfk +FztaXI+SxYoK81qQAdYUoJPq/OL6Vl/i47w/3K5bLG8KK5tMXncTyPi9460G1Kn0 +icSiOD9j9YPJRMfMrTG3vk0IEcm+0Cu2sYUA2QAkAQKBgQDf2aYM9NdJDBtXUH6c +eIAiAG3H+jENdT50a5a3SWwPQsWuu2qlVnx4lhCD9KrIqZ/fL8/kLAcCnstAS86e +MdoyZmt4msq0UDY7jy7h7D8Fnjc0fzg9mk5xFklxeBe8kmSTB24HZKDLXF2xypBA +DbSup1j0GEiZfvrGTbTSE9ECAQKBgQDwgff/6kQiPHt/Lt/KAupxO8s9nIGMESgb +WmpjJ7shFdPaR+DB84m4LyIc9jpLytIXmZz9OLlZ3afgTmTPpvc+zZrWjS0RJaYm +bGhVz5VsaJFMrob7Hu/dx9lImdrQRS/seFQ+8ZcsMLyyGiXFZ7ueMnt3rmXNpBWI +67AG9pg+mwKBgDC5Vjxxur6KpRTfT3/Nds5v23VwzuaIA50hof+pOp0jwpWi87aj +WZqBx3yBb/8XdNYGuTCIKMp4N/N5zLKAVWctBe2Ne9u9reBO7Tx9yMX3RzrlCh/W +i4Zv/HJ3WmtQThX2wwtW6uz44OgHGFjo4tA1WtZexsaqbflmBprHd3IBAoGBAOh+ +Kzf3xX93CkcLEAifQvTNQY5AkbbOCwBOKhPKH4o/KHmVDD9RZqtm3Mo0eGw2F1v7 +AhiDUiH+NL+P6MIXfGD4rpqDBLLTu0bfewigz6hpeTQwbompAWVaQMB/Alhc2ZP1 +SjNCpclxH6fnwOWQfnzR/irWqtDcsniWpaZFkSzLAoGBAKQ989bWAFOiHfXPGk3N +q6Njj+zGoqitawLaUyRtw3UQ7XJA7xmocNVQgCHIm0s6Ww1e+nUsXIbXpD4Xvyso +sMNol8gktTTIHWFIvDxyfBbFzjxRuTyJRd5zigmGph0cIzeT1A/+hl47zbMhpC1C +BRdbne4ovjG0I9biCzaGu7PF +-----END PRIVATE KEY----- +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDSTbEzl+yhooDz +UieUoh8TLj0WsBcy7/1PRqi1RHPr9kD/IzgBYyFcMXPdD8oWBChJdeC5MpHsLRwQ +pcSt20LYxNmAELBybAzLNev68Q/R+JDsZMHhacQgumjFKIOo9+Rknucgwnut++bK +vKE8fiPLjgMu3r3WUvuKXEB51p7B2FAN47aEgOXijhwOjZeGskzVaDJma/ZK8snP +1ZS+tk8d33MDZqc0CmhPPrg7eoJlOWomxBVMQVWZ5obhy4Ii2EqpilVtqI1WheTj +SIVY2r0o6lG6rcnJPVX43cf7RBRKTFdMqhRxOEUXee7VzHfbiBmpVYzQr+G6UKXP +tArEoHSbAgMBAAECggEATzZeUW2e/r7DzWKbb/ukssfO0LXg9xm4Et0tfKFc/HrT +voYYeUVKcnxaBOEGoEZOmmThEUC///J5yLd3nnig9B8pQXiHzYFvTDdyPCICcHcs +ty24bVw2OJGeFu0Msl800sWbjxZSGZVxN9nW7X8honFKN6REYu78uf/HdVzmjWJq +1M4yeQ8BH+8obyc6VOJeQRmoylEqZQngboVuz7nhwDJ2UjXxXAbcmI23Vm4CbBfk +FztaXI+SxYoK81qQAdYUoJPq/OL6Vl/i47w/3K5bLG8KK5tMXncTyPi9460G1Kn0 +icSiOD9j9YPJRMfMrTG3vk0IEcm+0Cu2sYUA2QAkAQKBgQDf2aYM9NdJDBtXUH6c +eIAiAG3H+jENdT50a5a3SWwPQsWuu2qlVnx4lhCD9KrIqZ/fL8/kLAcCnstAS86e +MdoyZmt4msq0UDY7jy7h7D8Fnjc0fzg9mk5xFklxeBe8kmSTB24HZKDLXF2xypBA +DbSup1j0GEiZfvrGTbTSE9ECAQKBgQDwgff/6kQiPHt/Lt/KAupxO8s9nIGMESgb +WmpjJ7shFdPaR+DB84m4LyIc9jpLytIXmZz9OLlZ3afgTmTPpvc+zZrWjS0RJaYm +bGhVz5VsaJFMrob7Hu/dx9lImdrQRS/seFQ+8ZcsMLyyGiXFZ7ueMnt3rmXNpBWI +67AG9pg+mwKBgDC5Vjxxur6KpRTfT3/Nds5v23VwzuaIA50hof+pOp0jwpWi87aj +WZqBx3yBb/8XdNYGuTCIKMp4N/N5zLKAVWctBe2Ne9u9reBO7Tx9yMX3RzrlCh/W +i4Zv/HJ3WmtQThX2wwtW6uz44OgHGFjo4tA1WtZexsaqbflmBprHd3IBAoGBAOh+ +Kzf3xX93CkcLEAifQvTNQY5AkbbOCwBOKhPKH4o/KHmVDD9RZqtm3Mo0eGw2F1v7 +AhiDUiH+NL+P6MIXfGD4rpqDBLLTu0bfewigz6hpeTQwbompAWVaQMB/Alhc2ZP1 +SjNCpclxH6fnwOWQfnzR/irWqtDcsniWpaZFkSzLAoGBAKQ989bWAFOiHfXPGk3N +q6Njj+zGoqitawLaUyRtw3UQ7XJA7xmocNVQgCHIm0s6Ww1e+nUsXIbXpD4Xvyso +sMNol8gktTTIHWFIvDxyfBbFzjxRuTyJRd5zigmGph0cIzeT1A/+hl47zbMhpC1C +BRdbne4ovjG0I9biCzaGu7PF -----END PRIVATE KEY----- From 8ecbacb3ff48513b753f4a6985ce859dc4cfb5f0 Mon Sep 17 00:00:00 2001 From: RBKR Date: Wed, 2 Oct 2024 14:53:47 +0200 Subject: [PATCH 3/4] Add class to provide test certificates dynamically and remove the hardcoded stuff --- .../protocol/security/CertificateIDTest.java | 21 +-- .../security/PermissionStoreTest.java | 23 +--- .../security/SecurityManagerTest.java | 27 ++-- .../security/SecurityTestConstants.java | 122 +----------------- .../security/SignatureGeneratorTest.java | 2 +- .../protocol/security/TestCertProvider.java | 98 ++++++++++++++ 6 files changed, 130 insertions(+), 163 deletions(-) create mode 100644 bitrepository-core/src/test/java/org/bitrepository/protocol/security/TestCertProvider.java diff --git a/bitrepository-core/src/test/java/org/bitrepository/protocol/security/CertificateIDTest.java b/bitrepository-core/src/test/java/org/bitrepository/protocol/security/CertificateIDTest.java index 976c11c44..9cdb8b02d 100644 --- a/bitrepository-core/src/test/java/org/bitrepository/protocol/security/CertificateIDTest.java +++ b/bitrepository-core/src/test/java/org/bitrepository/protocol/security/CertificateIDTest.java @@ -46,15 +46,12 @@ public void positiveCertificateIdentificationTest() throws Exception { addStep("Create CertificateID object based on the certificate used to sign the data", "CertificateID object not null"); Security.addProvider(new BouncyCastleProvider()); - ByteArrayInputStream bs = new ByteArrayInputStream( - SecurityTestConstants.getPositiveCertificate().getBytes(SecurityModuleConstants.defaultEncodingType)); - X509Certificate myCertificate = (X509Certificate) CertificateFactory.getInstance( - SecurityModuleConstants.CertificateType).generateCertificate(bs); + X509Certificate myCertificate = TestCertProvider.loadPositiveCert(); CertificateID certificateIDfromCertificate = new CertificateID(myCertificate.getIssuerX500Principal(), myCertificate.getSerialNumber()); addStep("Create CertificateID object based on signature", "Certificate object not null"); - byte[] decodeSig = Base64.decode(SecurityTestConstants.getSignature().getBytes(StandardCharsets.UTF_8)); + byte[] decodeSig = Base64.decode(TestCertProvider.getPositiveCertSignature().getBytes(StandardCharsets.UTF_8)); CMSSignedData s = new CMSSignedData(new CMSProcessableByteArray( SecurityTestConstants.getTestData().getBytes(SecurityModuleConstants.defaultEncodingType)), decodeSig); SignerInformation signer = s.getSignerInfos().getSigners().iterator().next(); @@ -70,21 +67,18 @@ public void negativeCertificateIdentificationTest() throws Exception { addStep("Create CertificateID object based on a certificate not used for signing the data", "CertificateID object not null"); Security.addProvider(new BouncyCastleProvider()); - ByteArrayInputStream bs = new ByteArrayInputStream( - SecurityTestConstants.getNegativeCertificate().getBytes(SecurityModuleConstants.defaultEncodingType)); - X509Certificate myCertificate = (X509Certificate) CertificateFactory.getInstance( - SecurityModuleConstants.CertificateType).generateCertificate(bs); + X509Certificate myCertificate = TestCertProvider.loadNegativeCert(); CertificateID certificateIDFromCertificate = new CertificateID(myCertificate.getIssuerX500Principal(), myCertificate.getSerialNumber()); addStep("Create CertificateID object based on signature", "Certificate object not null"); - byte[] decodeSig = Base64.decode(SecurityTestConstants.getSignature().getBytes(StandardCharsets.UTF_8)); + byte[] decodeSig = Base64.decode(TestCertProvider.getPositiveCertSignature().getBytes(StandardCharsets.UTF_8)); CMSSignedData s = new CMSSignedData(new CMSProcessableByteArray( SecurityTestConstants.getTestData().getBytes(SecurityModuleConstants.defaultEncodingType)), decodeSig); SignerInformation signer = s.getSignerInfos().getSigners().iterator().next(); CertificateID certificateIDFromSignature = new CertificateID(signer.getSID().getIssuer(), signer.getSID().getSerialNumber()); - addStep("Assert that the two CertificateID objects are equal", "Assert succeeds"); + addStep("Assert that the two CertificateID objects are not equal", "Assert succeeds"); Assert.assertNotSame(certificateIDFromCertificate, certificateIDFromSignature); } @@ -94,10 +88,7 @@ public void equalTest() throws Exception { addStep("Setup", ""); Security.addProvider(new BouncyCastleProvider()); - ByteArrayInputStream bs = new ByteArrayInputStream( - SecurityTestConstants.getNegativeCertificate().getBytes(SecurityModuleConstants.defaultEncodingType)); - X509Certificate myCertificate = (X509Certificate) CertificateFactory.getInstance( - SecurityModuleConstants.CertificateType).generateCertificate(bs); + X509Certificate myCertificate = TestCertProvider.loadNegativeCert(); X500Principal issuer = myCertificate.getIssuerX500Principal(); BigInteger serial = myCertificate.getSerialNumber(); CertificateID certificateID1 = new CertificateID(issuer, serial); diff --git a/bitrepository-core/src/test/java/org/bitrepository/protocol/security/PermissionStoreTest.java b/bitrepository-core/src/test/java/org/bitrepository/protocol/security/PermissionStoreTest.java index 16e50b030..dc0c48324 100644 --- a/bitrepository-core/src/test/java/org/bitrepository/protocol/security/PermissionStoreTest.java +++ b/bitrepository-core/src/test/java/org/bitrepository/protocol/security/PermissionStoreTest.java @@ -30,11 +30,8 @@ import org.testng.annotations.BeforeMethod; import org.testng.annotations.Test; -import java.io.ByteArrayInputStream; import java.math.BigInteger; -import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; -import java.util.Locale; import static org.testng.Assert.assertEquals; @@ -53,16 +50,13 @@ public void positiveCertificateRetrievalTest() throws Exception { addDescription("Tests that a certificate can be retrieved based on the correct signerId."); addStep("Create signer to lookup certificate", "No exceptions"); byte[] decodeSig = - Base64.decode(SecurityTestConstants.getSignature().getBytes(SecurityModuleConstants.defaultEncodingType)); + Base64.decode(TestCertProvider.getPositiveCertSignature().getBytes(SecurityModuleConstants.defaultEncodingType)); CMSSignedData s = new CMSSignedData(new CMSProcessableByteArray( SecurityTestConstants.getTestData().getBytes(SecurityModuleConstants.defaultEncodingType)), decodeSig); SignerInformation signer = s.getSignerInfos().getSigners().iterator().next(); addStep("Lookup certificate based on signerId", "No exceptions"); X509Certificate certificateFromStore = permissionStore.getCertificate(signer.getSID()); - ByteArrayInputStream bs = new ByteArrayInputStream( - SecurityTestConstants.getPositiveCertificate().getBytes(SecurityModuleConstants.defaultEncodingType)); - X509Certificate positiveCertificate = (X509Certificate) CertificateFactory.getInstance( - SecurityModuleConstants.CertificateType).generateCertificate(bs); + X509Certificate positiveCertificate = TestCertProvider.loadPositiveCert(); assertEquals(positiveCertificate, certificateFromStore); } @@ -71,7 +65,7 @@ public void negativeCertificateRetrievalTest() throws Exception { addDescription("Tests that a certificate cannot be retrieved based on the wrong signerId."); addStep("Create signer and modify its ID so lookup will fail", "No exceptions"); byte[] decodeSig = - Base64.decode(SecurityTestConstants.getSignature().getBytes(SecurityModuleConstants.defaultEncodingType)); + Base64.decode(TestCertProvider.getPositiveCertSignature().getBytes(SecurityModuleConstants.defaultEncodingType)); CMSSignedData s = new CMSSignedData(new CMSProcessableByteArray( SecurityTestConstants.getTestData().getBytes(SecurityModuleConstants.defaultEncodingType)), decodeSig); SignerInformation signer = s.getSignerInfos().getSigners().iterator().next(); @@ -81,10 +75,7 @@ public void negativeCertificateRetrievalTest() throws Exception { signerId = new SignerId(signerId.getIssuer(), serial); addStep("Lookup certificate based on signerId", "No exceptions"); X509Certificate certificateFromStore = permissionStore.getCertificate(signerId); - ByteArrayInputStream bs = new ByteArrayInputStream( - SecurityTestConstants.getPositiveCertificate().getBytes(SecurityModuleConstants.defaultEncodingType)); - X509Certificate positiveCertificate = (X509Certificate) CertificateFactory.getInstance( - SecurityModuleConstants.CertificateType).generateCertificate(bs); + X509Certificate positiveCertificate = TestCertProvider.loadPositiveCert(); assertEquals(positiveCertificate, certificateFromStore); } @@ -103,7 +94,7 @@ public void certificateFingerprintTest() throws Exception { addDescription("Tests that a certificate fingerprint can correctly be retrieved for a signer."); addFixture("Create signer to lookup fingerprint"); byte[] decodeSig = - Base64.decode(SecurityTestConstants.getSignature().getBytes(SecurityModuleConstants.defaultEncodingType)); + Base64.decode(TestCertProvider.getPositiveCertSignature().getBytes(SecurityModuleConstants.defaultEncodingType)); CMSSignedData s = new CMSSignedData(new CMSProcessableByteArray( SecurityTestConstants.getTestData().getBytes(SecurityModuleConstants.defaultEncodingType)), decodeSig); SignerInformation signer = s.getSignerInfos().getSigners().iterator().next(); @@ -111,7 +102,7 @@ public void certificateFingerprintTest() throws Exception { addStep("Lookup fingerprint based on signerId", "The correct finger print should be returned with openssl" + "used to generate reference finger print"); String certificateFingerprintFromStore = permissionStore.getCertificateFingerprint(signer.getSID()); - String referenceCertificateFingerprint = SecurityTestConstants.getFingerprintForSignatureCert(); - assertEquals(referenceCertificateFingerprint.toLowerCase(Locale.ROOT).replaceAll(":", ""), certificateFingerprintFromStore); + String referenceCertificateFingerprint = TestCertProvider.getFingerprintForPositiveCert(); + assertEquals(referenceCertificateFingerprint, certificateFingerprintFromStore); } } diff --git a/bitrepository-core/src/test/java/org/bitrepository/protocol/security/SecurityManagerTest.java b/bitrepository-core/src/test/java/org/bitrepository/protocol/security/SecurityManagerTest.java index 7038c58df..da047e206 100644 --- a/bitrepository-core/src/test/java/org/bitrepository/protocol/security/SecurityManagerTest.java +++ b/bitrepository-core/src/test/java/org/bitrepository/protocol/security/SecurityManagerTest.java @@ -44,7 +44,7 @@ import org.testng.annotations.BeforeMethod; import org.testng.annotations.Test; -import java.io.UnsupportedEncodingException; +import java.io.IOException; import java.nio.charset.StandardCharsets; import java.util.List; @@ -93,13 +93,13 @@ public void operationAuthorizationBehaviourTest() throws Exception { addStep("Check that PUT_FILE is allowed for both collections.", "PUT_FILE is allowed."); try { securityManager.authorizeOperation(PutFileRequest.class.getSimpleName(), - SecurityTestConstants.getTestData(), SecurityTestConstants.getSignature(), collectionID1); + SecurityTestConstants.getTestData(), TestCertProvider.getPositiveCertSignature(), collectionID1); } catch (OperationAuthorizationException e) { Assert.fail(e.getMessage()); } try { securityManager.authorizeOperation(PutFileRequest.class.getSimpleName(), - SecurityTestConstants.getTestData(), SecurityTestConstants.getSignature(), collectionID2); + SecurityTestConstants.getTestData(), TestCertProvider.getPositiveCertSignature(), collectionID2); } catch (OperationAuthorizationException e) { Assert.fail(e.getMessage()); } @@ -110,14 +110,14 @@ public void operationAuthorizationBehaviourTest() throws Exception { try { securityManager.authorizeOperation(GetFileRequest.class.getSimpleName(), - SecurityTestConstants.getTestData(), SecurityTestConstants.getSignature(), collectionID1); + SecurityTestConstants.getTestData(), TestCertProvider.getPositiveCertSignature(), collectionID1); } catch (OperationAuthorizationException e) { Assert.fail(e.getMessage()); } try { securityManager.authorizeOperation(GetFileRequest.class.getSimpleName(), - SecurityTestConstants.getTestData(), SecurityTestConstants.getSignature(), collectionID2); + SecurityTestConstants.getTestData(), TestCertProvider.getPositiveCertSignature(), collectionID2); Assert.fail("SecurityManager did not throw the expected OperationAuthorizationException"); } catch (OperationAuthorizationException ignored) { } @@ -132,7 +132,7 @@ public void certificateAuthorizationBehaviourTest() throws Exception { try { securityManager.authorizeCertificateUse(SecurityTestConstants.getAllowedCertificateUser(), - SecurityTestConstants.getTestData(), SecurityTestConstants.getSignature()); + SecurityTestConstants.getTestData(), TestCertProvider.getPositiveCertSignature()); } catch (CertificateUseException e) { Assert.fail(e.getMessage()); } @@ -140,7 +140,7 @@ public void certificateAuthorizationBehaviourTest() throws Exception { addStep("Check that an unregistered component is not allowed.", "The unregistered component is not allowed."); try { securityManager.authorizeCertificateUse(SecurityTestConstants.getDisallowedCertificateUser(), - SecurityTestConstants.getTestData(), SecurityTestConstants.getSignature()); + SecurityTestConstants.getTestData(), TestCertProvider.getPositiveCertSignature()); Assert.fail("SecurityManager did not throw the expected CertificateUseException"); } catch (CertificateUseException ignored) { } @@ -175,7 +175,7 @@ public void positiveSigningAuthenticationRoundtripTest() throws Exception { public void negativeSigningAuthenticationRoundtripUnkonwnCertificateTest() throws Exception { addDescription("Tests that a roundtrip of signing a request and afterwards authenticating it fails due to " + "a unknown certificate."); - addStep("Sign a chunck of data.", "Data is signed succesfully"); + addStep("Sign a chunk of data.", "Data is signed successfully"); String signature = null; try { signature = securityManager.signMessage(SecurityTestConstants.getTestData()); @@ -223,13 +223,12 @@ public void negativeSigningAuthenticationRoundtripBadDataTest() throws Exception } } - private PermissionSet getCollectionLimitedPermissionSet() throws UnsupportedEncodingException { + private PermissionSet getCollectionLimitedPermissionSet() throws Exception { PermissionSet permissions = new PermissionSet(); Permission signingCertPerm = new Permission(); Certificate signingCert = new Certificate(); - signingCert.setCertificateData(SecurityTestConstants.getPositiveCertificate() - .getBytes(SecurityModuleConstants.defaultEncodingType)); + signingCert.setCertificateData(TestCertProvider.loadPositiveCert().getEncoded()); signingCertPerm.setCertificate(signingCert); OperationPermission opPerm1 = new OperationPermission(); @@ -245,16 +244,14 @@ private PermissionSet getCollectionLimitedPermissionSet() throws UnsupportedEnco return permissions; } - - private PermissionSet getSigningCertPermission() throws UnsupportedEncodingException { + private PermissionSet getSigningCertPermission() throws Exception { PermissionSet permissions = new PermissionSet(); ComponentIDs allowedUsers = new ComponentIDs(); allowedUsers.getIDs().add(SecurityTestConstants.getAllowedCertificateUser()); Permission signingCertPerm = new Permission(); Certificate signingCert = new Certificate(); - signingCert.setCertificateData(SecurityTestConstants.getSigningCertificate() - .getBytes(SecurityModuleConstants.defaultEncodingType)); + signingCert.setCertificateData(TestCertProvider.loadSigningCert().getEncoded()); signingCert.setAllowedCertificateUsers(allowedUsers); signingCertPerm.setCertificate(signingCert); diff --git a/bitrepository-core/src/test/java/org/bitrepository/protocol/security/SecurityTestConstants.java b/bitrepository-core/src/test/java/org/bitrepository/protocol/security/SecurityTestConstants.java index ee82ab7ed..28eb22f7b 100644 --- a/bitrepository-core/src/test/java/org/bitrepository/protocol/security/SecurityTestConstants.java +++ b/bitrepository-core/src/test/java/org/bitrepository/protocol/security/SecurityTestConstants.java @@ -28,106 +28,14 @@ import org.bitrepository.settings.repositorysettings.Permission; import org.bitrepository.settings.repositorysettings.PermissionSet; -import java.nio.charset.StandardCharsets; - /** - * Class to hold constants for used with the security module tests. + * Class to hold constants for use with the security module tests. */ public class SecurityTestConstants { - /* - * Notes about how to update the certificates, signature etc. found - * as comments in the variables below - */ private static final String DATA = "Hello world!"; - // Use output from SignatureGeneratorTest to make a new signature if certificate changes - private static final String SIGNATURE_JAVA = - "MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgMFADCABgkqhkiG9w0BBwEAADGCAZcwggGTAgEBMGwwXzELMAkGA1UEBhMCREsxEDAOBgNVBAgMB0Rlbm1hcmsxDzANBgNVBAcMBkFhcmh1czEaMBgGA1UECgwRQml0cmVwb3NpdG9yeS5vcmcxETAPBgNVBAMMCGNsaWVudDgwAgkAnwg/Emx5gB8wDQYJYIZIAWUDBAIDBQAwDQYJKoZIhvcNAQEBBQAEggEABkj3VQR6B5Lc0LZ7YAHvFCvDn2tCObPlLNpq0U1VRkLgIVMFQkZL4PpvG/MS/nEPI+VFz8Cty/UtODd23il6PnLjwwqYHKGCDnbJSg8YkX+UOO0NBr6Th6a6NWyeOElWiKxJ6pysXTV/b1DtY/uFFprLOPAgLVnp4TjZBtNuPFU+EBvvO1aFzKESpNPCs/qzF8Usf1ZqE+OPh49XLMqlKv4h8w1pjWLaZg4yCcqvPbqu1VjkvjNhkGHpc/k1whblBmMZ8JpdLlKCsWvj0+IuoztnClFQ/aDL1dkexnEaTf/CDhI8tFP1CEJZBUp0MjOtyPQbHGMe+1lxRWbsGYzusgAAAAAAAA=="; - // Use openssl to generate signature: - // openssl smime -sign -md sha512 -binary -nocerts -noattr -in message -out new.sig -outform der -inkey pkey.pem -signer cert.pem - // base64 new.sig > signature.openssl - // After which concatenate the lines of signature.openssl to a single line - private static final String SIGNATURE = - "MIIBzwYJKoZIhvcNAQcCoIIBwDCCAbwCAQExDzANBglghkgBZQMEAgMFADALBgkqhkiG9w0BBwExggGXMIIBkwIBATBsMF8xCzAJBgNVBAYTAkRLMRAwDgYDVQQIDAdEZW5tYXJrMQ8wDQYDVQQHDAZBYXJodXMxGjAYBgNVBAoMEUJpdHJlcG9zaXRvcnkub3JnMREwDwYDVQQDDAhjbGllbnQ4MAIJAJ8IPxJseYAfMA0GCWCGSAFlAwQCAwUAMA0GCSqGSIb3DQEBAQUABIIBAAZI91UEegeS3NC2e2AB7xQrw59rQjmz5SzaatFNVUZC4CFTBUJGS+D6bxvzEv5xDyPlRc/Arcv1LTg3dt4pej5y48MKmByhgg52yUoPGJF/lDjtDQa+k4emujVsnjhJVoisSeqcrF01f29Q7WP7hRaayzjwIC1Z6eE42QbTbjxVPhAb7ztWhcyhEqTTwrP6sxfFLH9WahPjj4ePVyzKpSr+IfMNaY1i2mYOMgnKrz26rtVY5L4zYZBh6XP5NcIW5QZjGfCaXS5SgrFr49PiLqM7ZwpRUP2gy9XZHsZxGk3/wg4SPLRT9QhCWQVKdDIzrcj0GxxjHvtZcUVm7BmM7rI="; - - // When certificate POSITIVECERT is changed, use openssl x509 -in -fingerprint to obtain new fingerprint - private static final String FINGERPRINT = "D3:CC:F2:AE:36:4C:FB:85:F0:70:9A:59:8F:14:EF:8B:52:D4:A5:30"; private static final String POSITIVE_CERT_KEYFILE = "./target/test-classes/client80-certkey.pem"; - /* currently client80-certkey.pem */ - private static final String POSITIVE_CERT = "-----BEGIN CERTIFICATE-----\n" + - "MIIDkTCCAnmgAwIBAgIJAJ8IPxJseYAfMA0GCSqGSIb3DQEBBQUAMF8xCzAJBgNV\n" + - "BAYTAkRLMRAwDgYDVQQIDAdEZW5tYXJrMQ8wDQYDVQQHDAZBYXJodXMxGjAYBgNV\n" + - "BAoMEUJpdHJlcG9zaXRvcnkub3JnMREwDwYDVQQDDAhjbGllbnQ4MDAeFw0xNDA3\n" + - "MjkxNDAzMDlaFw0yNDA3MjYxNDAzMDlaMF8xCzAJBgNVBAYTAkRLMRAwDgYDVQQI\n" + - "DAdEZW5tYXJrMQ8wDQYDVQQHDAZBYXJodXMxGjAYBgNVBAoMEUJpdHJlcG9zaXRv\n" + - "cnkub3JnMREwDwYDVQQDDAhjbGllbnQ4MDCCASIwDQYJKoZIhvcNAQEBBQADggEP\n" + - "ADCCAQoCggEBANjHnrczcJaZx5aczK3BpW71Rh2X44qUy2rw1sf65P3WP/vjCNQ0\n" + - "7TgyaPxkTOBs34Uavkj6D0ocMNNcwVDS/BtqPR73iYBBBJmpR64AzGIh8jItgUuK\n" + - "9X74eL2QrWnty78I1c4lsfq85Ua+MHfEfQcIbVaRrBplAAAbPqdan/2LwmVRNcmQ\n" + - "3lBTT0UEUyshhygDvR/wljcDSNPAjTukor88O1mPh3hgBv4yPgmiwQe4BAh0/Imn\n" + - "gtyLdmOFS2cQp2S8sFZS3LJ6kl7yaP74esnNmVmngIVtZ3jlP3xDgl7tV+4OSPjD\n" + - "PNNhKIXl/ywEY1Q/hEkuNPbBI9nQTYplrIMCAwEAAaNQME4wHQYDVR0OBBYEFB1l\n" + - "YxF7a4Blqm/WZ6jcTAb0nrF3MB8GA1UdIwQYMBaAFB1lYxF7a4Blqm/WZ6jcTAb0\n" + - "nrF3MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAATWp9ChCvLp22Xj\n" + - "c84P+mq4eJhsOtHb/yxHjARpzVu4wi3Uvm9maQuYm7oNk3uhrzTLFDl5wHUUCZbL\n" + - "0s3075it+jtBy3d5AGCDLbvoi8uiL2ngy/ScqttSx4ipXNTteM7UI7gnk3LwBVVb\n" + - "4sFrtnAJNo8hT9rTJtD/6ZLDs0eYzoUshZW8Xbxd3h/1W+dfQiR7PO5Zqvqkmn+T\n" + - "gko3OaiQMCz+IqE+/2tSMFlK7/DlpB/4MFECs5C7U9yqn9ulHEqo8vJF1rUjG5fL\n" + - "YEn++kulWJnt4beI6UruCwCqCtBRKR38cPahK6Ic168h99ztO6JuvSm3v9LpDtXl\n" + - "vSBi6TA=\n" + - "-----END CERTIFICATE-----\n"; - - /* currently client90-certkey.pem */ - private static final String NEGATIVE_CERT = "-----BEGIN CERTIFICATE-----\n" + - "MIIDkTCCAnmgAwIBAgIJAK/RxZXju3LcMA0GCSqGSIb3DQEBBQUAMF8xCzAJBgNV\n" + - "BAYTAkRLMRAwDgYDVQQIDAdEZW5tYXJrMQ8wDQYDVQQHDAZBYXJodXMxGjAYBgNV\n" + - "BAoMEUJpdHJlcG9zaXRvcnkub3JnMREwDwYDVQQDDAhjbGllbnQ5MDAeFw0xNDA3\n" + - "MjkxNDAzMTBaFw0yNDA3MjYxNDAzMTBaMF8xCzAJBgNVBAYTAkRLMRAwDgYDVQQI\n" + - "DAdEZW5tYXJrMQ8wDQYDVQQHDAZBYXJodXMxGjAYBgNVBAoMEUJpdHJlcG9zaXRv\n" + - "cnkub3JnMREwDwYDVQQDDAhjbGllbnQ5MDCCASIwDQYJKoZIhvcNAQEBBQADggEP\n" + - "ADCCAQoCggEBAPkJis5DwU/1hha5Z6WZqqnBZqlcQWW3lSOn299UG4IqlMVmjidk\n" + - "bc0+m1TGlk9ljnaDuwWWW70ushgOSGWXnskVkIYuUjHqrvf5AYGVH71kgYh9lf6F\n" + - "GSayt2MCGrb2CTFJbmrBkKEPDNGynIjXd/J31gya9uOm7xf0K8ILe+HUn4U/4ukg\n" + - "rDGQ9pKEfZNZtrKdtPRxvOiCPEuhr/wKCo9lcGsfCzHkpyA7vwmAL8z3h9F6ykNL\n" + - "60MrI6bI4wyyDD3/rMTXJQq2IcgqnYL4NuG1dKLvO5XWdS6HvAxytcw+P6wnLKRJ\n" + - "FO4EUN03Yy0j1yFUtkSp5jwD7yYAL3MEdDECAwEAAaNQME4wHQYDVR0OBBYEFLj+\n" + - "l1tHSxDKqiHz51ICD/snnN35MB8GA1UdIwQYMBaAFLj+l1tHSxDKqiHz51ICD/sn\n" + - "nN35MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADiEZhWN9BfxbU0N\n" + - "HHmxvW64nNL7mZM1EYak6xGnOg9eryvi02AQMsFosmID4LC1330T9CAzmH5sS8Dx\n" + - "62r10ZCaCFMZG1JD2IN24mlantizMzcFDqyl+zaAPfSU3RgjNsD2vjxgB4f9vLY4\n" + - "kcQqIV7MAg6pjQOhGEuiQU67+X45DnpVO6pfS9FTafuAg2ogYlTmb1ONQfQw2msc\n" + - "3jEDtD878eOHXHhSKU7doN3ymikSUopaAXG/y8zPcH+eYqKbHGYov+nYDfz9MoLp\n" + - "ldNjVbpoXMzQcYxC1kzgjAXgazxis4q1DQaAnCfIp3VstK+ilbeZA3p7Tda3Zh/H\n" + - "njr8Biw=\n" + - "-----END CERTIFICATE-----\n"; - - /* currently client100-certkey.pem */ - private static final String SIGNING_CERT = - "-----BEGIN CERTIFICATE-----\n" + - "MIIDkzCCAnugAwIBAgIJALlIlDh730tYMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNV\n" + - "BAYTAkRLMRAwDgYDVQQIDAdEZW5tYXJrMQ8wDQYDVQQHDAZBYXJodXMxGjAYBgNV\n" + - "BAoMEUJpdHJlcG9zaXRvcnkub3JnMRIwEAYDVQQDDAljbGllbnQxMDAwHhcNMTQw\n" + - "NzI5MTQwMzEyWhcNMjQwNzI2MTQwMzEyWjBgMQswCQYDVQQGEwJESzEQMA4GA1UE\n" + - "CAwHRGVubWFyazEPMA0GA1UEBwwGQWFyaHVzMRowGAYDVQQKDBFCaXRyZXBvc2l0\n" + - "b3J5Lm9yZzESMBAGA1UEAwwJY2xpZW50MTAwMIIBIjANBgkqhkiG9w0BAQEFAAOC\n" + - "AQ8AMIIBCgKCAQEAr+8QNcRWPhyCmDt23K4WIRPLiwcu5jJHnopBWhQMp63K2ySX\n" + - "j4iHXc4Qd9Ug+vGh2Max39I1xPfKJ5WliddAzzwh69R3ICQ2fyESRlaDN5RP9ngC\n" + - "927CHbC2qgruVzM5AcsVWdv6NJi75peui0YkD2mYs8zKpgM4Ys5DeI6mfH9OAyvX\n" + - "nn0QOZW3gTazBQccxWgBAGbMpyKsfsEh4nP8BDJEO82znK61K4qJ2c1+tlTwg2Nt\n" + - "+aWz4mBiLnzZtZ8gJlspDMA0WpVgPlc6MU0kd+cJVCa4gbuWNoOm/ifoYS15RlWt\n" + - "vQhnqFK7d9UwBv/fVM8NfdbJaeooyWdobf24IQIDAQABo1AwTjAdBgNVHQ4EFgQU\n" + - "vFhO3LofBvKUKayjeLO4JCLxYewwHwYDVR0jBBgwFoAUvFhO3LofBvKUKayjeLO4\n" + - "JCLxYewwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEABUjBPYK+6zWq\n" + - "IOx/Thhr8ccTHitBLIYlN8mOy5v6odYtJpVo4/EuBNSSrY9w6EZA7fpp8u8X3xhg\n" + - "Sp0Znd25SY6h1wWZztlP2RuPj1SI5pP10wEHD8sEUhimMnGbtxsEi6IaWRL9qki4\n" + - "uLwKg6OyL9lxduaElS1hUFYMU5LXs9HdRzz8JHmlb6SfWLTvi6TRUZjvEUQ11TGJ\n" + - "93qyZ0+1xJ9bKW3xB8yDybd67PkF7UYIyZXhGiMS9vlIeX7h107/4IT+EEe7vEyb\n" + - "XfmVbCmlkuHZwJPLwawmOUACfYUDsk0A7dB5cSaMwcxYi4TNZOYII7rrSZ85UCgP\n" + - "84Eon1U3cw==\n" + - "-----END CERTIFICATE-----\n"; - - private static final String KEYFILE = "./target/test-classes/client100-certkey.pem"; private static final String ALLOWED_CERTIFICATE_USER = "test-component"; @@ -146,26 +54,6 @@ public static String getTestData() { return DATA; } - public static String getFingerprintForSignatureCert() { - return FINGERPRINT; - } - - public static String getSignature() { - return SIGNATURE; - } - - public static String getPositiveCertificate() { - return POSITIVE_CERT; - } - - public static String getNegativeCertificate() { - return NEGATIVE_CERT; - } - - public static String getSigningCertificate() { - return SIGNING_CERT; - } - public static String getAllowedCertificateUser() { return ALLOWED_CERTIFICATE_USER; } @@ -178,14 +66,15 @@ public static String getComponentID() { return COMPONENT_ID; } - public static PermissionSet getDefaultPermissions() { + public static PermissionSet getDefaultPermissions() throws Exception { PermissionSet permissions = new PermissionSet(); ComponentIDs allowedUsers = new ComponentIDs(); allowedUsers.getIDs().add(ALLOWED_CERTIFICATE_USER); Permission perm1 = new Permission(); Certificate cert1 = new Certificate(); - cert1.setCertificateData(POSITIVE_CERT.getBytes(StandardCharsets.UTF_8)); + byte[] positiveCert = TestCertProvider.loadPositiveCert().getEncoded(); + cert1.setCertificateData(positiveCert); cert1.setAllowedCertificateUsers(allowedUsers); perm1.setCertificate(cert1); OperationPermission opPerm = new OperationPermission(); @@ -194,7 +83,8 @@ public static PermissionSet getDefaultPermissions() { Permission perm2 = new Permission(); Certificate cert2 = new Certificate(); - cert2.setCertificateData(NEGATIVE_CERT.getBytes(StandardCharsets.UTF_8)); + byte[] negativeCert = TestCertProvider.loadNegativeCert().getEncoded(); + cert2.setCertificateData(negativeCert); cert2.setAllowedCertificateUsers(allowedUsers); perm2.setCertificate(cert2); diff --git a/bitrepository-core/src/test/java/org/bitrepository/protocol/security/SignatureGeneratorTest.java b/bitrepository-core/src/test/java/org/bitrepository/protocol/security/SignatureGeneratorTest.java index f1b39900f..486ba4c04 100644 --- a/bitrepository-core/src/test/java/org/bitrepository/protocol/security/SignatureGeneratorTest.java +++ b/bitrepository-core/src/test/java/org/bitrepository/protocol/security/SignatureGeneratorTest.java @@ -9,7 +9,7 @@ public class SignatureGeneratorTest { /* * Test to generate new signature for SecurityTestConstants */ - @Test(enabled = false) + @Test public void generateSignature() throws MessageSigningException { PermissionStore permissionStore = new PermissionStore(); MessageAuthenticator authenticator = new BasicMessageAuthenticator(permissionStore); diff --git a/bitrepository-core/src/test/java/org/bitrepository/protocol/security/TestCertProvider.java b/bitrepository-core/src/test/java/org/bitrepository/protocol/security/TestCertProvider.java new file mode 100644 index 000000000..ead78596e --- /dev/null +++ b/bitrepository-core/src/test/java/org/bitrepository/protocol/security/TestCertProvider.java @@ -0,0 +1,98 @@ +package org.bitrepository.protocol.security; + +import org.apache.commons.codec.digest.DigestUtils; +import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; +import org.bouncycastle.cert.X509CertificateHolder; +import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.bouncycastle.openssl.PEMParser; +import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter; +import org.bouncycastle.util.encoders.Base64; + +import java.io.BufferedReader; +import java.nio.charset.StandardCharsets; +import java.nio.file.Files; +import java.nio.file.Path; +import java.security.KeyStore; +import java.security.PrivateKey; +import java.security.Security; +import java.security.cert.Certificate; +import java.security.cert.X509Certificate; + +/** + * Simple class for loading test certificates and simplifying actions related to them. + * Previously the certificates were hardcoded, which did not seem very practical once they expired. + * With this class it should only be necessary to update the cert/key-files once they expire and that's it. + */ +public class TestCertProvider { + static { + Security.addProvider(new BouncyCastleProvider()); + } + + public static X509Certificate loadPositiveCert() throws Exception { + return loadCertificate("client80-certkey.pem"); + } + + public static X509Certificate loadNegativeCert() throws Exception { + return loadCertificate("client90-certkey.pem"); + } + + public static X509Certificate loadSigningCert() throws Exception { + return loadCertificate("client100-certkey.pem"); + } + + public static String getFingerprintForPositiveCert() throws Exception { + X509Certificate signingCert = loadPositiveCert(); + return DigestUtils.sha1Hex(signingCert.getEncoded()); + } + + public static String getPositiveCertSignature() throws Exception { + MessageSigner signer = new BasicMessageSigner(); + signer.setPrivateKeyEntry(loadPrivateKeyEntry("client80-certkey.pem")); + byte[] signature = signer.signMessage(SecurityTestConstants.getTestData().getBytes(StandardCharsets.UTF_8)); + return new String(Base64.encode(signature), StandardCharsets.UTF_8); + } + + private static X509Certificate loadCertificate(String fileName) throws Exception { + X509Certificate cert = null; + + Path pemFilePath = Path.of(TestCertProvider.class.getClassLoader().getResource(fileName).toURI()); + try (BufferedReader reader = Files.newBufferedReader(pemFilePath, StandardCharsets.UTF_8); + PEMParser pemParser = new PEMParser(reader)) { + + Object pemObj = pemParser.readObject(); + if (pemObj instanceof X509Certificate) { + cert = (X509Certificate) pemObj; + } else if (pemObj instanceof X509CertificateHolder) { + cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate((X509CertificateHolder) pemObj); + } + } + return cert; + } + + private static KeyStore.PrivateKeyEntry loadPrivateKeyEntry(String fileName) throws Exception { + PrivateKey privKey = null; + X509Certificate privCert = null; + + Path pemFilePath = Path.of(TestCertProvider.class.getClassLoader().getResource(fileName).toURI()); + try (BufferedReader reader = Files.newBufferedReader(pemFilePath, StandardCharsets.UTF_8); + PEMParser pemParser = new PEMParser(reader)) { + Object pemObj = pemParser.readObject(); + while (pemObj != null) { + if (pemObj instanceof X509Certificate) { + privCert = (X509Certificate) pemObj; + } else if (pemObj instanceof PrivateKey) { + privKey = (PrivateKey) pemObj; + } else if (pemObj instanceof X509CertificateHolder) { + privCert = new JcaX509CertificateConverter().setProvider("BC").getCertificate((X509CertificateHolder) pemObj); + } else if (pemObj instanceof PrivateKeyInfo) { + PrivateKeyInfo pki = (PrivateKeyInfo) pemObj; + JcaPEMKeyConverter converter = new JcaPEMKeyConverter(); + privKey = converter.getPrivateKey(pki); + } + pemObj = pemParser.readObject(); + } + } + return new KeyStore.PrivateKeyEntry(privKey, new Certificate[] {privCert}); + } +} From bfba5c9ea5d5c48f55002581667bce7af8d6eb74 Mon Sep 17 00:00:00 2001 From: RBKR Date: Wed, 2 Oct 2024 15:32:58 +0200 Subject: [PATCH 4/4] Add script to update certkeys --- .../src/test/resources/update-certkeys.sh | 47 +++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100755 bitrepository-core/src/test/resources/update-certkeys.sh diff --git a/bitrepository-core/src/test/resources/update-certkeys.sh b/bitrepository-core/src/test/resources/update-certkeys.sh new file mode 100755 index 000000000..d74d435b0 --- /dev/null +++ b/bitrepository-core/src/test/resources/update-certkeys.sh @@ -0,0 +1,47 @@ +#!/bin/bash +# Run this script to update test-pem-files with certificates/keys +# I.e. './update-certkeys.sh' or './bitrepository-core/src/test/resources/update-certkeys.sh' +# The script is just a slightly modified version of KBs 'cert-admin.sh' that is usually used to create self-signed certs + +genkey () { + ## KEYFILE + openssl genrsa -out "${1%.pem}.pem" 2048 + chmod go= "${1%.pem}.pem" +} + +gencert () { + ## KEYFILE CERTFILE [CN] + ## KEYFILE must exist + if [ -n "$3" ] ; then + openssl req -sha256 -new -x509 -key "${1%.pem}.pem" -out "${2%.pem}.pem" \ + -days 3650 \ + -subj /C=DK/ST=Denmark/L=Aarhus/O="Bitrepository.org"/CN=$3 + else + openssl req -sha256 -new -x509 -key "${1%.pem}.pem" -out "${2%.pem}.pem" \ + -days 3650 + fi +} + +combine () { + ## KEYFILE CERTFILE CERTKEYFILE + cat ${2%.pem}.pem ${1%.pem}.pem > ${3%.pem}.pem + openssl pkey -in ${1%.pem}.pem >> ${3%.pem}.pem + chmod go= "${3%.pem}.pem" +} + +genall () { + ## PREFIX CN + ## make PREFIX-key.pem PREFIX-cert.pem and PREFIX-certkey.pem + genkey $1-key + gencert $1-key $1-cert $2 + combine $1-key $1-cert $1-certkey + # Don't care about individual files - REMOVE THIS IF YOU WANT THE SEPARATE FILES + rm $1-key.pem $1-cert.pem +} + +SOURCE=$(dirname ${BASH_SOURCE[0]}) +pushd $SOURCE > /dev/null +genall client80 client80 +genall client90 client90 +genall client100 client100 +popd > /dev/null \ No newline at end of file