knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kris...@apache.org
Subject [knox] branch master updated: KNOX-1793 - DefaultKeystoreService should not validate the signing key on initialization (#61)
Date Wed, 27 Feb 2019 19:37:47 GMT
This is an automated email from the ASF dual-hosted git repository.

krisden pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git


The following commit(s) were added to refs/heads/master by this push:
     new 94e423c  KNOX-1793 - DefaultKeystoreService should not validate the signing key on
initialization (#61)
94e423c is described below

commit 94e423c7288df44d2648afc87703bdb1596c2029
Author: Robert Levas <rlevas@users.noreply.github.com>
AuthorDate: Wed Feb 27 14:37:43 2019 -0500

    KNOX-1793 - DefaultKeystoreService should not validate the signing key on initialization
(#61)
---
 .../org/apache/knox/gateway/GatewayResources.java  |  18 ++
 .../gateway/services/DefaultGatewayServices.java   |   4 +
 .../security/impl/DefaultKeystoreService.java      |  28 ---
 .../token/impl/DefaultTokenAuthorityService.java   |  88 +++++++--
 .../impl/DefaultTokenAuthorityServiceTest.java     | 217 ++++++++++++++++++++-
 5 files changed, 307 insertions(+), 48 deletions(-)

diff --git a/gateway-server/src/main/java/org/apache/knox/gateway/GatewayResources.java b/gateway-server/src/main/java/org/apache/knox/gateway/GatewayResources.java
index 0d8d0c7..6e1422d 100644
--- a/gateway-server/src/main/java/org/apache/knox/gateway/GatewayResources.java
+++ b/gateway-server/src/main/java/org/apache/knox/gateway/GatewayResources.java
@@ -82,4 +82,22 @@ public interface GatewayResources {
 
   @Resource( text="Forward method: {0} to default context: {1}" )
   String forwardToDefaultTopology(String method, String context );
+
+  @Resource( text="The keystore used to acquire the signing key is not available. The file
could be missing or the password could be incorrect: {0}")
+  String signingKeystoreNotAvailable( String path );
+
+  @Resource( text="Provisioned signing key passphrase cannot be acquired using the alias
name {0}.")
+  String signingKeyPassphraseNotAvailable( String alias);
+
+  @Resource( text="The public signing key was not found in the signing keystore using the
alias name {0}.")
+  String publicSigningKeyNotFound( String alias );
+
+  @Resource( text="The private signing key was not found in the signing keystore using the
alias name {0}. The alias could be missing or the password could be incorrect.")
+  String privateSigningKeyNotFound( String alias );
+
+  @Resource( text="The private signing key found in the signing keystore using the alias
name {0} is not a RSAPrivateKey")
+  String privateSigningKeyWrongType( String alias );
+
+  @Resource( text="The public signing key found in the signing keystore using the alias name
{0} is not a RSAPublicKey")
+  String publicSigningKeyWrongType( String alias );
 }
diff --git a/gateway-server/src/main/java/org/apache/knox/gateway/services/DefaultGatewayServices.java
b/gateway-server/src/main/java/org/apache/knox/gateway/services/DefaultGatewayServices.java
index 171de72..1c9204e 100644
--- a/gateway-server/src/main/java/org/apache/knox/gateway/services/DefaultGatewayServices.java
+++ b/gateway-server/src/main/java/org/apache/knox/gateway/services/DefaultGatewayServices.java
@@ -162,6 +162,8 @@ public class DefaultGatewayServices implements GatewayServices {
     SSLService ssl = (SSLService) services.get(SSL_SERVICE);
     ssl.start();
 
+    (services.get(TOKEN_SERVICE)).start();
+
     ServerInfoService sis = (ServerInfoService) services.get(SERVER_INFO_SERVICE);
     sis.start();
 
@@ -192,6 +194,8 @@ public class DefaultGatewayServices implements GatewayServices {
     SSLService ssl = (SSLService) services.get(SSL_SERVICE);
     ssl.stop();
 
+    (services.get(TOKEN_SERVICE)).stop();
+
     ServerInfoService sis = (ServerInfoService) services.get(SERVER_INFO_SERVICE);
     sis.stop();
 
diff --git a/gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/DefaultKeystoreService.java
b/gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/DefaultKeystoreService.java
index d62d1ff..45305c1 100644
--- a/gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/DefaultKeystoreService.java
+++ b/gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/DefaultKeystoreService.java
@@ -66,8 +66,6 @@ public class DefaultKeystoreService extends BaseKeystoreService implements
   private static GatewayResources RES = ResourcesFactory.get( GatewayResources.class );
 
   private GatewayConfig config;
-  private String signingKeystoreName;
-  private String signingKeyAlias;
   private Map<String, Map<String, String>> cache = new ConcurrentHashMap<>();
   private Lock readLock;
   private Lock writeLock;
@@ -88,32 +86,6 @@ public class DefaultKeystoreService extends BaseKeystoreService implements
         throw new ServiceLifecycleException( RES.failedToCreateKeyStoreDirectory( ksd.getAbsolutePath()
) );
       }
     }
-
-    signingKeystoreName = config.getSigningKeystoreName();
-    // ensure that the keystore actually exists and fail to start if not
-    if (signingKeystoreName != null) {
-      File sks = new File(this.keyStoreDir, signingKeystoreName);
-      if (!sks.exists()) {
-        throw new ServiceLifecycleException("Configured signing keystore does not exist.");
-      }
-      signingKeyAlias = config.getSigningKeyAlias();
-      if (signingKeyAlias != null) {
-        // ensure that the signing key alias exists in the configured keystore
-        KeyStore ks;
-        try {
-          ks = getSigningKeystore();
-          if (ks != null) {
-            if (!ks.containsAlias(signingKeyAlias)) {
-              throw new ServiceLifecycleException("Configured signing key alias does not
exist.");
-            }
-          }
-        } catch (KeystoreServiceException e) {
-          throw new ServiceLifecycleException("Unable to get the configured signing keystore.",
e);
-        } catch (KeyStoreException e) {
-          throw new ServiceLifecycleException("Signing keystore has not been loaded.", e);
-        }
-      }
-    }
   }
 
   @Override
diff --git a/gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/DefaultTokenAuthorityService.java
b/gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/DefaultTokenAuthorityService.java
index 190d0dc..cb452c6 100644
--- a/gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/DefaultTokenAuthorityService.java
+++ b/gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/DefaultTokenAuthorityService.java
@@ -17,9 +17,14 @@
  */
 package org.apache.knox.gateway.services.token.impl;
 
+import java.security.Key;
+import java.security.KeyStore;
 import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
 import java.security.Principal;
 import java.security.PublicKey;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
 import java.security.interfaces.RSAPrivateKey;
 import java.security.interfaces.RSAPublicKey;
 import java.util.Map;
@@ -30,7 +35,9 @@ import java.util.HashSet;
 
 import javax.security.auth.Subject;
 
+import org.apache.knox.gateway.GatewayResources;
 import org.apache.knox.gateway.config.GatewayConfig;
+import org.apache.knox.gateway.i18n.resources.ResourcesFactory;
 import org.apache.knox.gateway.services.Service;
 import org.apache.knox.gateway.services.ServiceLifecycleException;
 import org.apache.knox.gateway.services.security.AliasService;
@@ -48,11 +55,12 @@ import com.nimbusds.jose.crypto.RSASSASigner;
 import com.nimbusds.jose.crypto.RSASSAVerifier;
 
 public class DefaultTokenAuthorityService implements JWTokenAuthority, Service {
+  private static final GatewayResources RESOURCES = ResourcesFactory.get(GatewayResources.class);
 
   private static final Set<String> SUPPORTED_SIG_ALGS = new HashSet<>();
   private AliasService as;
   private KeystoreService ks;
-  String signingKeyAlias;
+  private GatewayConfig config;
 
   static {
       // Only standard RSA signature algorithms are accepted
@@ -161,14 +169,18 @@ public class DefaultTokenAuthorityService implements JWTokenAuthority,
Service {
     return as.getSigningKeyPassphrase();
   }
 
+  private String getSigningKeyAlias() {
+    String alias = config.getSigningKeyAlias();
+    return (alias == null) ? GatewayConfig.DEFAULT_SIGNING_KEY_ALIAS : alias;
+  }
+
   private String getSigningKeyAlias(String signingKeystoreAlias) {
     if(signingKeystoreAlias != null) {
      return signingKeystoreAlias;
     }
-    if(signingKeyAlias != null) {
-      return signingKeyAlias;
-    }
-    return GatewayConfig.DEFAULT_SIGNING_KEY_ALIAS;
+
+    // Fallback to defaults
+    return getSigningKeyAlias();
   }
 
   @Override
@@ -184,7 +196,7 @@ public class DefaultTokenAuthorityService implements JWTokenAuthority,
Service {
     PublicKey key;
     try {
       if (publicKey == null) {
-        key = ks.getSigningKeystore().getCertificate(getSigningKeyAlias(signingKeyAlias)).getPublicKey();
+        key = ks.getSigningKeystore().getCertificate(getSigningKeyAlias()).getPublicKey();
       }
       else {
         key = publicKey;
@@ -205,26 +217,64 @@ public class DefaultTokenAuthorityService implements JWTokenAuthority,
Service {
     if (as == null || ks == null) {
       throw new ServiceLifecycleException("Alias or Keystore service is not set");
     }
-    signingKeyAlias = config.getSigningKeyAlias();
+    this.config = config;
+  }
 
-    RSAPrivateKey key;
+  @Override
+  public void start() throws ServiceLifecycleException {
+    // Ensure that the default signing keystore is available
+    KeyStore keystore;
+    try {
+      keystore = ks.getSigningKeystore();
+      if (keystore == null) {
+        throw new ServiceLifecycleException(RESOURCES.signingKeystoreNotAvailable(config.getSigningKeystorePath()));
+      }
+    } catch (KeystoreServiceException e) {
+      throw new ServiceLifecycleException(RESOURCES.signingKeystoreNotAvailable(config.getSigningKeystorePath()),
e);
+    }
+
+    // Ensure that the password for the signing key is available
     char[] passphrase;
     try {
       passphrase = as.getSigningKeyPassphrase();
-      if (passphrase != null) {
-        key = (RSAPrivateKey) ks.getSigningKey(getSigningKeyAlias(signingKeyAlias),
-            passphrase);
-        if (key == null) {
-          throw new ServiceLifecycleException("Provisioned passphrase cannot be used to acquire
signing key.");
-        }
+      if (passphrase == null) {
+        throw new ServiceLifecycleException(RESOURCES.signingKeyPassphraseNotAvailable(config.getSigningKeyPassphraseAlias()));
       }
-    } catch (AliasServiceException | KeystoreServiceException e) {
-      throw new ServiceLifecycleException("Provisioned signing key passphrase cannot be acquired.",
e);
+    } catch (AliasServiceException e) {
+      throw new ServiceLifecycleException(RESOURCES.signingKeyPassphraseNotAvailable(config.getSigningKeyPassphraseAlias()),
e);
     }
-  }
 
-  @Override
-  public void start() throws ServiceLifecycleException {
+    String signingKeyAlias = getSigningKeyAlias();
+
+    // Ensure that the public signing keys is available
+    try {
+      Certificate certificate = keystore.getCertificate(signingKeyAlias);
+      if(certificate == null) {
+        throw new ServiceLifecycleException(RESOURCES.publicSigningKeyNotFound(signingKeyAlias));
+      }
+      PublicKey publicKey = certificate.getPublicKey();
+      if (publicKey == null) {
+        throw new ServiceLifecycleException(RESOURCES.publicSigningKeyNotFound(signingKeyAlias));
+      }
+      else if (! (publicKey instanceof  RSAPublicKey)) {
+        throw new ServiceLifecycleException(RESOURCES.publicSigningKeyWrongType(signingKeyAlias));
+      }
+    } catch (KeyStoreException e) {
+      throw new ServiceLifecycleException(RESOURCES.publicSigningKeyNotFound(signingKeyAlias),
e);
+    }
+
+    // Ensure that the private signing keys is available
+    try {
+      Key key = keystore.getKey(signingKeyAlias, passphrase);
+      if (key == null) {
+        throw new ServiceLifecycleException(RESOURCES.privateSigningKeyNotFound(signingKeyAlias));
+      }
+      else if (! (key instanceof  RSAPrivateKey)) {
+        throw new ServiceLifecycleException(RESOURCES.privateSigningKeyWrongType(signingKeyAlias));
+      }
+    } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e)
{
+      throw new ServiceLifecycleException(RESOURCES.privateSigningKeyNotFound(signingKeyAlias),
e);
+    }
   }
 
   @Override
diff --git a/gateway-server/src/test/java/org/apache/knox/gateway/services/token/impl/DefaultTokenAuthorityServiceTest.java
b/gateway-server/src/test/java/org/apache/knox/gateway/services/token/impl/DefaultTokenAuthorityServiceTest.java
index 07faa11..1cbdf9b 100644
--- a/gateway-server/src/test/java/org/apache/knox/gateway/services/token/impl/DefaultTokenAuthorityServiceTest.java
+++ b/gateway-server/src/test/java/org/apache/knox/gateway/services/token/impl/DefaultTokenAuthorityServiceTest.java
@@ -24,6 +24,7 @@ import java.util.Collections;
 import java.util.HashMap;
 
 import org.apache.knox.gateway.config.GatewayConfig;
+import org.apache.knox.gateway.services.ServiceLifecycleException;
 import org.apache.knox.gateway.services.security.AliasService;
 import org.apache.knox.gateway.services.security.MasterService;
 import org.apache.knox.gateway.services.security.impl.DefaultKeystoreService;
@@ -301,7 +302,6 @@ public class DefaultTokenAuthorityServiceTest {
     EasyMock.expect(config.getSigningKeyAlias()).andReturn("server").anyTimes();
 
     MasterService ms = EasyMock.createNiceMock(MasterService.class);
-    EasyMock.expect(ms.getMasterSecret()).andReturn("horton".toCharArray());
 
     AliasService as = EasyMock.createNiceMock(AliasService.class);
     EasyMock.expect(as.getSigningKeyPassphrase()).andReturn("horton".toCharArray()).anyTimes();
@@ -327,4 +327,219 @@ public class DefaultTokenAuthorityServiceTest {
     assertFalse(ta.verifyToken(token));
     assertTrue(ta.verifyToken(token, customPublicKey));
   }
+
+  @Test
+  public void testServiceStart() throws Exception {
+    /*
+     Generated testSigningKeyName.jks with the following commands:
+     cd gateway-server/src/test/resources/keystores/
+     keytool -genkey -alias testSigningKeyAlias -keyalg RSA -keystore testSigningKeyName.jks
\
+         -storepass testSigningKeyPassphrase -keypass testSigningKeyPassphrase -keysize 2048
\
+         -dname 'CN=testSigningKey,OU=example,O=Apache,L=US,ST=CA,C=US' -noprompt
+     */
+
+    String basedir = System.getProperty("basedir");
+    if (basedir == null) {
+      basedir = new File(".").getCanonicalPath();
+    }
+
+    GatewayConfig config = EasyMock.createMock(GatewayConfig.class);
+    EasyMock.expect(config.getGatewayKeystoreDir()).andReturn(basedir + "/target/test-classes/keystores").atLeastOnce();
+    EasyMock.expect(config.getSigningKeystorePath()).andReturn(basedir + "/target/test-classes/keystores/server-keystore.jks").atLeastOnce();
+    EasyMock.expect(config.getSigningKeystoreType()).andReturn("jks").atLeastOnce();
+    EasyMock.expect(config.getSigningKeystorePasswordAlias()).andReturn(GatewayConfig.DEFAULT_SIGNING_KEYSTORE_PASSWORD_ALIAS).anyTimes();
+    EasyMock.expect(config.getSigningKeyAlias()).andReturn("server").anyTimes();
+
+    MasterService ms = EasyMock.createMock(MasterService.class);
+    EasyMock.expect(ms.getMasterSecret()).andReturn("horton".toCharArray()).atLeastOnce();
+
+    AliasService as = EasyMock.createMock(AliasService.class);
+    EasyMock.expect(as.getSigningKeyPassphrase()).andReturn("horton".toCharArray()).atLeastOnce();
+
+    EasyMock.replay(config, ms, as);
+
+    DefaultKeystoreService ks = new DefaultKeystoreService();
+    ks.setMasterService(ms);
+    ks.init(config, new HashMap<>());
+    ks.start();
+
+    DefaultTokenAuthorityService ta = new DefaultTokenAuthorityService();
+    ta.setAliasService(as);
+    ta.setKeystoreService(ks);
+    ta.init(config, new HashMap<>());
+    ta.start();
+
+    // Stop the started services...
+    ta.stop();
+    ks.stop();
+
+    EasyMock.verify(config, ms, as);
+  }
+
+  @Test(expected = ServiceLifecycleException.class)
+  public void testServiceStartMissingKeystore() throws Exception {
+    String basedir = System.getProperty("basedir");
+    if (basedir == null) {
+      basedir = new File(".").getCanonicalPath();
+    }
+
+    GatewayConfig config = EasyMock.createMock(GatewayConfig.class);
+    EasyMock.expect(config.getGatewayKeystoreDir()).andReturn(basedir + "/target/test-classes/keystores").atLeastOnce();
+    EasyMock.expect(config.getSigningKeystorePath()).andReturn(basedir + "/target/test-classes/keystores/missing-server-keystore.jks").atLeastOnce();
+    EasyMock.expect(config.getSigningKeystoreType()).andReturn("jks").atLeastOnce();
+    EasyMock.expect(config.getSigningKeystorePasswordAlias()).andReturn(GatewayConfig.DEFAULT_SIGNING_KEYSTORE_PASSWORD_ALIAS).anyTimes();
+
+    MasterService ms = EasyMock.createMock(MasterService.class);
+    EasyMock.expect(ms.getMasterSecret()).andReturn("horton".toCharArray()).atLeastOnce();
+
+    AliasService as = EasyMock.createMock(AliasService.class);
+    EasyMock.expect(as.getSigningKeyPassphrase()).andReturn("horton".toCharArray()).atLeastOnce();
+
+    EasyMock.replay(config, ms, as);
+
+    DefaultKeystoreService ks = new DefaultKeystoreService();
+    ks.setMasterService(ms);
+    ks.init(config, new HashMap<>());
+    ks.start();
+
+    DefaultTokenAuthorityService ta = new DefaultTokenAuthorityService();
+    ta.setAliasService(as);
+    ta.setKeystoreService(ks);
+    ta.init(config, new HashMap<>());
+    ta.start();
+
+    EasyMock.verify(config, ms, as);
+  }
+
+  @Test(expected = ServiceLifecycleException.class)
+  public void testServiceStartInvalidKeystorePassword() throws Exception {
+    /*
+     Generated testSigningKeyName.jks with the following commands:
+     cd gateway-server/src/test/resources/keystores/
+     keytool -genkey -alias testSigningKeyAlias -keyalg RSA -keystore testSigningKeyName.jks
\
+         -storepass testSigningKeyPassphrase -keypass testSigningKeyPassphrase -keysize 2048
\
+         -dname 'CN=testSigningKey,OU=example,O=Apache,L=US,ST=CA,C=US' -noprompt
+     */
+
+    String basedir = System.getProperty("basedir");
+    if (basedir == null) {
+      basedir = new File(".").getCanonicalPath();
+    }
+
+    GatewayConfig config = EasyMock.createMock(GatewayConfig.class);
+    EasyMock.expect(config.getGatewayKeystoreDir()).andReturn(basedir + "/target/test-classes/keystores").atLeastOnce();
+    EasyMock.expect(config.getSigningKeystorePath()).andReturn(basedir + "/target/test-classes/keystores/server-keystore.jks").atLeastOnce();
+    EasyMock.expect(config.getSigningKeystoreType()).andReturn("jks").atLeastOnce();
+    EasyMock.expect(config.getSigningKeystorePasswordAlias()).andReturn(GatewayConfig.DEFAULT_SIGNING_KEYSTORE_PASSWORD_ALIAS).anyTimes();
+    EasyMock.expect(config.getSigningKeyAlias()).andReturn("server").anyTimes();
+
+    MasterService ms = EasyMock.createMock(MasterService.class);
+    EasyMock.expect(ms.getMasterSecret()).andReturn("invalid_password".toCharArray()).atLeastOnce();
+
+    AliasService as = EasyMock.createMock(AliasService.class);
+    EasyMock.expect(as.getSigningKeyPassphrase()).andReturn("horton".toCharArray()).atLeastOnce();
+
+    EasyMock.replay(config, ms, as);
+
+    DefaultKeystoreService ks = new DefaultKeystoreService();
+    ks.setMasterService(ms);
+    ks.init(config, new HashMap<>());
+    ks.start();
+
+    DefaultTokenAuthorityService ta = new DefaultTokenAuthorityService();
+    ta.setAliasService(as);
+    ta.setKeystoreService(ks);
+    ta.init(config, new HashMap<>());
+    ta.start();
+
+    EasyMock.verify(config, ms, as);
+  }
+
+  @Test(expected = ServiceLifecycleException.class)
+  public void testServiceStartMissingKey() throws Exception {
+    /*
+     Generated testSigningKeyName.jks with the following commands:
+     cd gateway-server/src/test/resources/keystores/
+     keytool -genkey -alias testSigningKeyAlias -keyalg RSA -keystore testSigningKeyName.jks
\
+         -storepass testSigningKeyPassphrase -keypass testSigningKeyPassphrase -keysize 2048
\
+         -dname 'CN=testSigningKey,OU=example,O=Apache,L=US,ST=CA,C=US' -noprompt
+     */
+
+    String basedir = System.getProperty("basedir");
+    if (basedir == null) {
+      basedir = new File(".").getCanonicalPath();
+    }
+
+    GatewayConfig config = EasyMock.createMock(GatewayConfig.class);
+    EasyMock.expect(config.getGatewayKeystoreDir()).andReturn(basedir + "/target/test-classes/keystores").atLeastOnce();
+    EasyMock.expect(config.getSigningKeystorePath()).andReturn(basedir + "/target/test-classes/keystores/server-keystore.jks").atLeastOnce();
+    EasyMock.expect(config.getSigningKeystoreType()).andReturn("jks").atLeastOnce();
+    EasyMock.expect(config.getSigningKeystorePasswordAlias()).andReturn(GatewayConfig.DEFAULT_SIGNING_KEYSTORE_PASSWORD_ALIAS).anyTimes();
+    EasyMock.expect(config.getSigningKeyAlias()).andReturn("invalid_key").anyTimes();
+
+    MasterService ms = EasyMock.createMock(MasterService.class);
+    EasyMock.expect(ms.getMasterSecret()).andReturn("horton".toCharArray()).atLeastOnce();
+
+    AliasService as = EasyMock.createMock(AliasService.class);
+    EasyMock.expect(as.getSigningKeyPassphrase()).andReturn("horton".toCharArray()).atLeastOnce();
+
+    EasyMock.replay(config, ms, as);
+
+    DefaultKeystoreService ks = new DefaultKeystoreService();
+    ks.setMasterService(ms);
+    ks.init(config, new HashMap<>());
+    ks.start();
+
+    DefaultTokenAuthorityService ta = new DefaultTokenAuthorityService();
+    ta.setAliasService(as);
+    ta.setKeystoreService(ks);
+    ta.init(config, new HashMap<>());
+    ta.start();
+
+    EasyMock.verify(config, ms, as);
+  }
+
+  @Test(expected = ServiceLifecycleException.class)
+  public void testServiceInvalidKeyPassword() throws Exception {
+    /*
+     Generated testSigningKeyName.jks with the following commands:
+     cd gateway-server/src/test/resources/keystores/
+     keytool -genkey -alias testSigningKeyAlias -keyalg RSA -keystore testSigningKeyName.jks
\
+         -storepass testSigningKeyPassphrase -keypass testSigningKeyPassphrase -keysize 2048
\
+         -dname 'CN=testSigningKey,OU=example,O=Apache,L=US,ST=CA,C=US' -noprompt
+     */
+
+    String basedir = System.getProperty("basedir");
+    if (basedir == null) {
+      basedir = new File(".").getCanonicalPath();
+    }
+
+    GatewayConfig config = EasyMock.createMock(GatewayConfig.class);
+    EasyMock.expect(config.getGatewayKeystoreDir()).andReturn(basedir + "/target/test-classes/keystores").atLeastOnce();
+    EasyMock.expect(config.getSigningKeystorePath()).andReturn(basedir + "/target/test-classes/keystores/server-keystore.jks").atLeastOnce();
+    EasyMock.expect(config.getSigningKeystoreType()).andReturn("jks").atLeastOnce();
+    EasyMock.expect(config.getSigningKeystorePasswordAlias()).andReturn(GatewayConfig.DEFAULT_SIGNING_KEYSTORE_PASSWORD_ALIAS).anyTimes();
+    EasyMock.expect(config.getSigningKeyAlias()).andReturn("server").anyTimes();
+
+    MasterService ms = EasyMock.createMock(MasterService.class);
+    EasyMock.expect(ms.getMasterSecret()).andReturn("horton".toCharArray()).atLeastOnce();
+
+    AliasService as = EasyMock.createMock(AliasService.class);
+    EasyMock.expect(as.getSigningKeyPassphrase()).andReturn("invalid".toCharArray()).atLeastOnce();
+
+    EasyMock.replay(config, ms, as);
+
+    DefaultKeystoreService ks = new DefaultKeystoreService();
+    ks.setMasterService(ms);
+    ks.init(config, new HashMap<>());
+    ks.start();
+
+    DefaultTokenAuthorityService ta = new DefaultTokenAuthorityService();
+    ta.setAliasService(as);
+    ta.setKeystoreService(ks);
+    ta.init(config, new HashMap<>());
+    ta.start();
+
+    EasyMock.verify(config, ms, as);
+  }
 }


Mime
View raw message