bitrepository · m-atlantis · Jan 15, 2025 · Sep 30, 2024 · Oct 2, 2024 · Oct 2, 2024
diff --git a/bitrepository-core/src/test/java/org/bitrepository/protocol/security/CertificateIDTest.java b/bitrepository-core/src/test/java/org/bitrepository/protocol/security/CertificateIDTest.java
@@ -46,15 +46,12 @@ public void positiveCertificateIdentificationTest() throws Exception {
         addStep("Create CertificateID object based on the certificate used to sign the data", "CertificateID object not null");
         Security.addProvider(new BouncyCastleProvider());
 
-        ByteArrayInputStream bs = new ByteArrayInputStream(
-                SecurityTestConstants.getPositiveCertificate().getBytes(SecurityModuleConstants.defaultEncodingType));
-        X509Certificate myCertificate = (X509Certificate) CertificateFactory.getInstance(
-                SecurityModuleConstants.CertificateType).generateCertificate(bs);
+        X509Certificate myCertificate = TestCertProvider.loadPositiveCert();
         CertificateID certificateIDfromCertificate =
                 new CertificateID(myCertificate.getIssuerX500Principal(), myCertificate.getSerialNumber());
 
         addStep("Create CertificateID object based on signature", "Certificate object not null");
-        byte[] decodeSig = Base64.decode(SecurityTestConstants.getSignature().getBytes(StandardCharsets.UTF_8));
+        byte[] decodeSig = Base64.decode(TestCertProvider.getPositiveCertSignature().getBytes(StandardCharsets.UTF_8));
         CMSSignedData s = new CMSSignedData(new CMSProcessableByteArray(
                 SecurityTestConstants.getTestData().getBytes(SecurityModuleConstants.defaultEncodingType)), decodeSig);
         SignerInformation signer = s.getSignerInfos().getSigners().iterator().next();
@@ -70,21 +67,18 @@ public void negativeCertificateIdentificationTest() throws Exception {
         addStep("Create CertificateID object based on a certificate not used for signing the data", "CertificateID object not null");
         Security.addProvider(new BouncyCastleProvider());
 
-        ByteArrayInputStream bs = new ByteArrayInputStream(
-                SecurityTestConstants.getNegativeCertificate().getBytes(SecurityModuleConstants.defaultEncodingType));
-        X509Certificate myCertificate = (X509Certificate) CertificateFactory.getInstance(
-                SecurityModuleConstants.CertificateType).generateCertificate(bs);
+        X509Certificate myCertificate = TestCertProvider.loadNegativeCert();
         CertificateID certificateIDFromCertificate =
                 new CertificateID(myCertificate.getIssuerX500Principal(), myCertificate.getSerialNumber());
 
         addStep("Create CertificateID object based on signature", "Certificate object not null");
-        byte[] decodeSig = Base64.decode(SecurityTestConstants.getSignature().getBytes(StandardCharsets.UTF_8));
+        byte[] decodeSig = Base64.decode(TestCertProvider.getPositiveCertSignature().getBytes(StandardCharsets.UTF_8));
         CMSSignedData s = new CMSSignedData(new CMSProcessableByteArray(
                 SecurityTestConstants.getTestData().getBytes(SecurityModuleConstants.defaultEncodingType)), decodeSig);
         SignerInformation signer = s.getSignerInfos().getSigners().iterator().next();
         CertificateID certificateIDFromSignature = new CertificateID(signer.getSID().getIssuer(), signer.getSID().getSerialNumber());
 
-        addStep("Assert that the two CertificateID objects are equal", "Assert succeeds");
+        addStep("Assert that the two CertificateID objects are not equal", "Assert succeeds");
         Assert.assertNotSame(certificateIDFromCertificate, certificateIDFromSignature);
     }
 
@@ -94,10 +88,7 @@ public void equalTest() throws Exception {
         addStep("Setup", "");
         Security.addProvider(new BouncyCastleProvider());
 
-        ByteArrayInputStream bs = new ByteArrayInputStream(
-                SecurityTestConstants.getNegativeCertificate().getBytes(SecurityModuleConstants.defaultEncodingType));
-        X509Certificate myCertificate = (X509Certificate) CertificateFactory.getInstance(
-                SecurityModuleConstants.CertificateType).generateCertificate(bs);
+        X509Certificate myCertificate = TestCertProvider.loadNegativeCert();
         X500Principal issuer = myCertificate.getIssuerX500Principal();
         BigInteger serial = myCertificate.getSerialNumber();
         CertificateID certificateID1 = new CertificateID(issuer, serial);

diff --git a/...epository-core/src/test/java/org/bitrepository/protocol/security/PermissionStoreTest.java b/...epository-core/src/test/java/org/bitrepository/protocol/security/PermissionStoreTest.java
@@ -30,11 +30,8 @@
 import org.testng.annotations.BeforeMethod;
 import org.testng.annotations.Test;
 
-import java.io.ByteArrayInputStream;
 import java.math.BigInteger;
-import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
-import java.util.Locale;
 
 import static org.testng.Assert.assertEquals;
 
@@ -53,16 +50,13 @@ public void positiveCertificateRetrievalTest() throws Exception {
         addDescription("Tests that a certificate can be retrieved based on the correct signerId.");
         addStep("Create signer to lookup certificate", "No exceptions");
         byte[] decodeSig = 
-                Base64.decode(SecurityTestConstants.getSignature().getBytes(SecurityModuleConstants.defaultEncodingType));
+                Base64.decode(TestCertProvider.getPositiveCertSignature().getBytes(SecurityModuleConstants.defaultEncodingType));
         CMSSignedData s = new CMSSignedData(new CMSProcessableByteArray(
                 SecurityTestConstants.getTestData().getBytes(SecurityModuleConstants.defaultEncodingType)), decodeSig);
         SignerInformation signer = s.getSignerInfos().getSigners().iterator().next();
         addStep("Lookup certificate based on signerId", "No exceptions");
         X509Certificate certificateFromStore = permissionStore.getCertificate(signer.getSID());        
-        ByteArrayInputStream bs = new ByteArrayInputStream(
-                SecurityTestConstants.getPositiveCertificate().getBytes(SecurityModuleConstants.defaultEncodingType));
-        X509Certificate positiveCertificate = (X509Certificate) CertificateFactory.getInstance(
-                SecurityModuleConstants.CertificateType).generateCertificate(bs);
+        X509Certificate positiveCertificate = TestCertProvider.loadPositiveCert();
         assertEquals(positiveCertificate, certificateFromStore);
     }
 
@@ -71,7 +65,7 @@ public void negativeCertificateRetrievalTest() throws Exception {
         addDescription("Tests that a certificate cannot be retrieved based on the wrong signerId.");
         addStep("Create signer and modify its ID so lookup will fail", "No exceptions");
         byte[] decodeSig = 
-                Base64.decode(SecurityTestConstants.getSignature().getBytes(SecurityModuleConstants.defaultEncodingType));
+                Base64.decode(TestCertProvider.getPositiveCertSignature().getBytes(SecurityModuleConstants.defaultEncodingType));
         CMSSignedData s = new CMSSignedData(new CMSProcessableByteArray(
                 SecurityTestConstants.getTestData().getBytes(SecurityModuleConstants.defaultEncodingType)), decodeSig);
         SignerInformation signer = s.getSignerInfos().getSigners().iterator().next();
@@ -81,10 +75,7 @@ public void negativeCertificateRetrievalTest() throws Exception {
         signerId = new SignerId(signerId.getIssuer(), serial);
         addStep("Lookup certificate based on signerId", "No exceptions");
         X509Certificate certificateFromStore = permissionStore.getCertificate(signerId);        
-        ByteArrayInputStream bs = new ByteArrayInputStream(
-                SecurityTestConstants.getPositiveCertificate().getBytes(SecurityModuleConstants.defaultEncodingType));
-        X509Certificate positiveCertificate = (X509Certificate) CertificateFactory.getInstance(
-                SecurityModuleConstants.CertificateType).generateCertificate(bs);
+        X509Certificate positiveCertificate = TestCertProvider.loadPositiveCert();
         assertEquals(positiveCertificate, certificateFromStore);
     }
 
@@ -103,15 +94,15 @@ public void certificateFingerprintTest() throws Exception {
         addDescription("Tests that a certificate fingerprint can correctly be retrieved for a signer.");
         addFixture("Create signer to lookup fingerprint");
         byte[] decodeSig =
-                Base64.decode(SecurityTestConstants.getSignature().getBytes(SecurityModuleConstants.defaultEncodingType));
+                Base64.decode(TestCertProvider.getPositiveCertSignature().getBytes(SecurityModuleConstants.defaultEncodingType));
         CMSSignedData s = new CMSSignedData(new CMSProcessableByteArray(
                 SecurityTestConstants.getTestData().getBytes(SecurityModuleConstants.defaultEncodingType)), decodeSig);
         SignerInformation signer = s.getSignerInfos().getSigners().iterator().next();
 
         addStep("Lookup fingerprint based on signerId", "The correct finger print should be returned with openssl" +
                 "used to generate reference finger print");
         String certificateFingerprintFromStore = permissionStore.getCertificateFingerprint(signer.getSID());
-        String referenceCertificateFingerprint = SecurityTestConstants.getFingerprintForSignatureCert();
-        assertEquals(referenceCertificateFingerprint.toLowerCase(Locale.ROOT).replaceAll(":", ""), certificateFingerprintFromStore);
+        String referenceCertificateFingerprint = TestCertProvider.getFingerprintForPositiveCert();
+        assertEquals(referenceCertificateFingerprint, certificateFingerprintFromStore);
     }
 }
diff --git a/...epository-core/src/test/java/org/bitrepository/protocol/security/SecurityManagerTest.java b/...epository-core/src/test/java/org/bitrepository/protocol/security/SecurityManagerTest.java
@@ -44,7 +44,7 @@
 import org.testng.annotations.BeforeMethod;
 import org.testng.annotations.Test;
 
-import java.io.UnsupportedEncodingException;
+import java.io.IOException;
 import java.nio.charset.StandardCharsets;
 import java.util.List;
 
@@ -93,13 +93,13 @@ public void operationAuthorizationBehaviourTest() throws Exception {
         addStep("Check that PUT_FILE is allowed for both collections.", "PUT_FILE is allowed.");
         try {
             securityManager.authorizeOperation(PutFileRequest.class.getSimpleName(),
-                    SecurityTestConstants.getTestData(), SecurityTestConstants.getSignature(), collectionID1);
+                    SecurityTestConstants.getTestData(), TestCertProvider.getPositiveCertSignature(), collectionID1);
         } catch (OperationAuthorizationException e) {
             Assert.fail(e.getMessage());
         }
         try {
             securityManager.authorizeOperation(PutFileRequest.class.getSimpleName(),
-                    SecurityTestConstants.getTestData(), SecurityTestConstants.getSignature(), collectionID2);
+                    SecurityTestConstants.getTestData(), TestCertProvider.getPositiveCertSignature(), collectionID2);
         } catch (OperationAuthorizationException e) {
             Assert.fail(e.getMessage());
         }
@@ -110,14 +110,14 @@ public void operationAuthorizationBehaviourTest() throws Exception {
 
         try {
             securityManager.authorizeOperation(GetFileRequest.class.getSimpleName(),
-                    SecurityTestConstants.getTestData(), SecurityTestConstants.getSignature(), collectionID1);
+                    SecurityTestConstants.getTestData(), TestCertProvider.getPositiveCertSignature(), collectionID1);
         } catch (OperationAuthorizationException e) {
             Assert.fail(e.getMessage());
         }
 
         try {
             securityManager.authorizeOperation(GetFileRequest.class.getSimpleName(),
-                    SecurityTestConstants.getTestData(), SecurityTestConstants.getSignature(), collectionID2);
+                    SecurityTestConstants.getTestData(), TestCertProvider.getPositiveCertSignature(), collectionID2);
             Assert.fail("SecurityManager did not throw the expected OperationAuthorizationException");
         } catch (OperationAuthorizationException ignored) {
         }
@@ -132,15 +132,15 @@ public void certificateAuthorizationBehaviourTest() throws Exception {
 
         try {
             securityManager.authorizeCertificateUse(SecurityTestConstants.getAllowedCertificateUser(),
-                    SecurityTestConstants.getTestData(), SecurityTestConstants.getSignature());
+                    SecurityTestConstants.getTestData(), TestCertProvider.getPositiveCertSignature());
         } catch (CertificateUseException e) {
             Assert.fail(e.getMessage());
         }
         Assert.assertNotNull(getSigningCertPermission().getPermission().get(0).getCertificate().getAllowedCertificateUsers());
         addStep("Check that an unregistered component is not allowed.", "The unregistered component is not allowed.");
         try {
             securityManager.authorizeCertificateUse(SecurityTestConstants.getDisallowedCertificateUser(),
-                    SecurityTestConstants.getTestData(), SecurityTestConstants.getSignature());
+                    SecurityTestConstants.getTestData(), TestCertProvider.getPositiveCertSignature());
             Assert.fail("SecurityManager did not throw the expected CertificateUseException");
         } catch (CertificateUseException ignored) {
         }
@@ -175,7 +175,7 @@ public void positiveSigningAuthenticationRoundtripTest() throws Exception {
     public void negativeSigningAuthenticationRoundtripUnkonwnCertificateTest() throws Exception {
         addDescription("Tests that a roundtrip of signing a request and afterwards authenticating it fails due to " +
                 "a unknown certificate.");
-        addStep("Sign a chunck of data.", "Data is signed succesfully");
+        addStep("Sign a chunk of data.", "Data is signed successfully");
         String signature = null;
         try {
             signature = securityManager.signMessage(SecurityTestConstants.getTestData());
@@ -223,13 +223,12 @@ public void negativeSigningAuthenticationRoundtripBadDataTest() throws Exception
         }
     }
 
-    private PermissionSet getCollectionLimitedPermissionSet() throws UnsupportedEncodingException {
+    private PermissionSet getCollectionLimitedPermissionSet() throws Exception {
         PermissionSet permissions = new PermissionSet();
         Permission signingCertPerm = new Permission();
 
         Certificate signingCert = new Certificate();
-        signingCert.setCertificateData(SecurityTestConstants.getPositiveCertificate()
-                .getBytes(SecurityModuleConstants.defaultEncodingType));
+        signingCert.setCertificateData(TestCertProvider.loadPositiveCert().getEncoded());
 
         signingCertPerm.setCertificate(signingCert);
         OperationPermission opPerm1 = new OperationPermission();
@@ -245,16 +244,14 @@ private PermissionSet getCollectionLimitedPermissionSet() throws UnsupportedEnco
         return permissions;
     }
 
-
-    private PermissionSet getSigningCertPermission() throws UnsupportedEncodingException {
+    private PermissionSet getSigningCertPermission() throws Exception {
         PermissionSet permissions = new PermissionSet();
         ComponentIDs allowedUsers = new ComponentIDs();
         allowedUsers.getIDs().add(SecurityTestConstants.getAllowedCertificateUser());
         Permission signingCertPerm = new Permission();
 
         Certificate signingCert = new Certificate();
-        signingCert.setCertificateData(SecurityTestConstants.getSigningCertificate()
-                .getBytes(SecurityModuleConstants.defaultEncodingType));
+        signingCert.setCertificateData(TestCertProvider.loadSigningCert().getEncoded());
         signingCert.setAllowedCertificateUsers(allowedUsers);
 
         signingCertPerm.setCertificate(signingCert);