external-software/github_OpenIdentityPlatform_OpenDJ.git

parent: d72ef9cf | patch | commit | show whitespace

Enable test case org.opends.server.types.CryptoManagerTestCase#testCompromi...

coulbeck

04.18.2007 5b373fe3ed40198ed9f6d558e05c0521bdd1b92c

Enable test case org.opends.server.types.CryptoManagerTestCase#testCompromisedKey.

3 files modified

	opends/src/server/org/opends/server/core/TrustStoreSyncThread.java	27 ●●●●● patch \| view \| raw \| blame \| history
	opends/src/server/org/opends/server/types/CryptoManager.java	8 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/unit-tests-testng/src/server/org/opends/server/types/CryptoManagerTestCase.java	17 ●●●●● patch \| view \| raw \| blame \| history

 opends/src/server/org/opends/server/core/TrustStoreSyncThread.java

@@ -724,11 +724,34 @@
  public void handleModifyOperation(PostResponseModifyOperation modifyOperation,
                                    Entry oldEntry, Entry newEntry)
  {
    if (!modifyOperation.getEntryDN().isDescendantOf(instanceKeysDN))
    if (modifyOperation.getEntryDN().isDescendantOf(instanceKeysDN))
    {
      return;
      handleInstanceKeyModifyOperation(newEntry);
    }
    else if (modifyOperation.getEntryDN().isDescendantOf(secretKeysDN))
    {
      try
      {
        if (newEntry.hasObjectClass(ocCipherKey))
        {
          DirectoryServer.getCryptoManager().importCipherKeyEntry(newEntry);
        }
        else if (newEntry.hasObjectClass(ocMacKey))
        {
          DirectoryServer.getCryptoManager().importMacKeyEntry(newEntry);
        }
      }
      catch (CryptoManager.CryptoManagerException e)
      {
        Message message = Message.raw("Failed to import modified key entry: %s",
                                      e.getMessage());
        ErrorLogger.logError(message);
      }
    }
    }

  private void handleInstanceKeyModifyOperation(Entry newEntry)
  {
    RDN srcRDN = newEntry.getDN().getRDN();

    // Only process the entry if it has the expected form of RDN.

 opends/src/server/org/opends/server/types/CryptoManager.java

@@ -2312,6 +2312,10 @@
      // Check map for existing key entry with the supplied keyID.
      CipherKeyEntry keyEntry = getKeyEntry(cryptoManager, keyID);
      if (null != keyEntry) {
        if (isCompromised && !keyEntry.isCompromised())
        {
          keyEntry.setIsCompromised();
        }
        // TODO: compare keyEntry with supplied parameters to ensure
        // equal.
        return keyEntry;
@@ -2765,6 +2769,10 @@
      // Check map for existing key entry with the supplied keyID.
      MacKeyEntry keyEntry = getKeyEntry(cryptoManager, keyID);
      if (null != keyEntry) {
        if (isCompromised && !keyEntry.isCompromised())
        {
          keyEntry.setIsCompromised();
        }
        // TODO: compare keyEntry with supplied parameters to ensure
        // equal.
        return keyEntry;

 opends/tests/unit-tests-testng/src/server/org/opends/server/types/CryptoManagerTestCase.java

@@ -31,8 +31,6 @@
import static org.testng.Assert.assertTrue;

import org.opends.server.TestCaseUtils;
import org.opends.server.schema.DirectoryStringSyntax;
import org.opends.server.schema.BinarySyntax;
import org.opends.server.protocols.internal.InternalClientConnection;
import org.opends.server.protocols.internal.InternalSearchOperation;
import org.opends.server.config.ConfigConstants;
@@ -349,7 +347,7 @@

   @throws Exception In case something exceptional happens.
   */
  @Test(enabled=false)
  @Test(enabled=true)
  public void testCompromisedKey() throws Exception {
    final CryptoManager cm = DirectoryServer.getCryptoManager();
    final String secretMessage = "zyxwvutsrqponmlkjihgfedcba";
@@ -417,16 +415,11 @@
            cipherKeyLength, secretMessage.getBytes());

    // test for identical keys
    try {
      Method m = Arrays.class.getMethod("copyOfRange", (new byte[16]).getClass(),
              Integer.TYPE, Integer.TYPE);
      final byte[] keyID = (byte[])m.invoke(null, cipherText, 0, 16);
      final byte[] keyID2 = (byte[])m.invoke(null, cipherText2, 0, 16);
    final byte[] keyID = new byte[16];
    final byte[] keyID2 = new byte[16];
    System.arraycopy(cipherText, 0, keyID, 0, 16);
    System.arraycopy(cipherText2, 0, keyID2, 0, 16);
      assertTrue(! Arrays.equals(keyID, keyID2));
    }
    catch (NoSuchMethodException ex) {
      // skip this test - requires at least Java 6
    }

    // confirm ciphertext produced using compromised key can still
    // be decrypted.

			@@ -724,11 +724,34 @@
			public void handleModifyOperation(PostResponseModifyOperation modifyOperation,
			Entry oldEntry, Entry newEntry)
			{
			if (!modifyOperation.getEntryDN().isDescendantOf(instanceKeysDN))
			if (modifyOperation.getEntryDN().isDescendantOf(instanceKeysDN))
			{
			return;
			handleInstanceKeyModifyOperation(newEntry);
			}
			else if (modifyOperation.getEntryDN().isDescendantOf(secretKeysDN))
			{
			try
			{
			if (newEntry.hasObjectClass(ocCipherKey))
			{
			DirectoryServer.getCryptoManager().importCipherKeyEntry(newEntry);
			}
			else if (newEntry.hasObjectClass(ocMacKey))
			{
			DirectoryServer.getCryptoManager().importMacKeyEntry(newEntry);
			}
			}
			catch (CryptoManager.CryptoManagerException e)
			{
			Message message = Message.raw("Failed to import modified key entry: %s",
			e.getMessage());
			ErrorLogger.logError(message);
			}
			}
			}

			private void handleInstanceKeyModifyOperation(Entry newEntry)
			{
			RDN srcRDN = newEntry.getDN().getRDN();

			// Only process the entry if it has the expected form of RDN.

			@@ -2312,6 +2312,10 @@
			// Check map for existing key entry with the supplied keyID.
			CipherKeyEntry keyEntry = getKeyEntry(cryptoManager, keyID);
			if (null != keyEntry) {
			if (isCompromised && !keyEntry.isCompromised())
			{
			keyEntry.setIsCompromised();
			}
			// TODO: compare keyEntry with supplied parameters to ensure
			// equal.
			return keyEntry;
			@@ -2765,6 +2769,10 @@
			// Check map for existing key entry with the supplied keyID.
			MacKeyEntry keyEntry = getKeyEntry(cryptoManager, keyID);
			if (null != keyEntry) {
			if (isCompromised && !keyEntry.isCompromised())
			{
			keyEntry.setIsCompromised();
			}
			// TODO: compare keyEntry with supplied parameters to ensure
			// equal.
			return keyEntry;

			@@ -31,8 +31,6 @@
			import static org.testng.Assert.assertTrue;

			import org.opends.server.TestCaseUtils;
			import org.opends.server.schema.DirectoryStringSyntax;
			import org.opends.server.schema.BinarySyntax;
			import org.opends.server.protocols.internal.InternalClientConnection;
			import org.opends.server.protocols.internal.InternalSearchOperation;
			import org.opends.server.config.ConfigConstants;
			@@ -349,7 +347,7 @@

			@throws Exception In case something exceptional happens.
			*/
			@Test(enabled=false)
			@Test(enabled=true)
			public void testCompromisedKey() throws Exception {
			final CryptoManager cm = DirectoryServer.getCryptoManager();
			final String secretMessage = "zyxwvutsrqponmlkjihgfedcba";
			@@ -417,16 +415,11 @@
			cipherKeyLength, secretMessage.getBytes());

			// test for identical keys
			try {
			Method m = Arrays.class.getMethod("copyOfRange", (new byte[16]).getClass(),
			Integer.TYPE, Integer.TYPE);
			final byte[] keyID = (byte[])m.invoke(null, cipherText, 0, 16);
			final byte[] keyID2 = (byte[])m.invoke(null, cipherText2, 0, 16);
			final byte[] keyID = new byte[16];
			final byte[] keyID2 = new byte[16];
			System.arraycopy(cipherText, 0, keyID, 0, 16);
			System.arraycopy(cipherText2, 0, keyID2, 0, 16);
			assertTrue(! Arrays.equals(keyID, keyID2));
			}
			catch (NoSuchMethodException ex) {
			// skip this test - requires at least Java 6
			}

			// confirm ciphertext produced using compromised key can still
			// be decrypted.