OPENDJ-3027 Delete all references to old keys when importing new ones via r...

Fabio Pistolesi

25.54.2016 b93c8bf6f5bb9560e9ba219eb6be1ea9bb12f3be

 opendj-server-legacy/src/test/java/org/opends/server/crypto/CryptoManagerTestCase.java

@@ -24,6 +24,7 @@
import java.security.MessageDigest;
import java.util.Arrays;
import java.util.List;
import java.util.UUID;

import javax.crypto.Mac;

@@ -33,6 +34,7 @@
import org.opends.admin.ads.ADSContext;
import org.opends.server.TestCaseUtils;
import org.opends.server.core.DirectoryServer;
import org.opends.server.protocols.internal.InternalClientConnection;
import org.opends.server.protocols.internal.InternalSearchOperation;
import org.opends.server.protocols.internal.SearchRequest;
import org.opends.server.protocols.ldap.LDAPAttribute;
@@ -41,19 +43,24 @@
import org.opends.server.types.CryptoManager;
import org.opends.server.types.CryptoManagerException;
import org.forgerock.opendj.ldap.DN;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
import org.opends.server.types.Modification;
import org.opends.server.util.EmbeddedUtils;
import org.opends.server.util.StaticUtils;
import org.opends.server.util.TimeThread;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;

import static org.assertj.core.api.Assertions.*;
import static org.forgerock.opendj.ldap.ModificationType.*;
import static org.opends.server.config.ConfigConstants.*;
import static org.opends.server.protocols.internal.InternalClientConnection.*;
import static org.opends.server.protocols.internal.Requests.*;
import static org.opends.server.types.Attributes.create;
import static org.testng.Assert.*;

/**
@@ -74,6 +81,36 @@
    TestCaseUtils.restartServer();
  }

  @Test(expectedExceptions = CryptoManagerException.class)
  public void testImportKeysReplacesExistingKeys()
      throws Exception {
    final CryptoManagerImpl cm = DirectoryServer.getCryptoManager();
    final int keyLength = 56;
    final String cipher = "DES/CFB/NoPadding";
    byte[] cipherText = cm.encrypt(cipher, keyLength, new byte[56]);
    Entry oldKey = getKeyForCipher(cipher, keyLength);
    // Force import by changing the keyID
    Modification mod = new Modification(REPLACE, create("ds-cfg-key-id", UUID.randomUUID().toString()));
    oldKey.applyModification(mod);
    cm.importCipherKeyEntry(oldKey);
    try
    {
      cm.decrypt(cipherText);
      Assert.fail("Was expecting a CryptoManager exception, the key should be invalid.");
    }
    finally
    {
    }
  }

  private Entry getKeyForCipher(String cipher, int keyLength) throws DirectoryException
  {
    SearchRequest request = newSearchRequest("cn=secret keys, cn=admin data", SearchScope.WHOLE_SUBTREE,
        "&(ds-cfg-cipher-transformation-name=" + cipher + ")(ds-cfg-key-length-bits=" + keyLength + ")");
    InternalClientConnection conn = getRootConnection();
    InternalSearchOperation search = conn.processSearch(request);
    return search.getSearchEntries().get(0);
  }

  @Test
  public void testGetInstanceKeyCertificate()