From 8d6af06b056d19f52a6301771601f3948380bcee Mon Sep 17 00:00:00 2001
From: coulbeck <coulbeck@localhost>
Date: Thu, 04 Oct 2007 16:18:59 +0000
Subject: [PATCH] Enable test case org.opends.server.types.CryptoManagerTestCase#testCompromisedKey.
---
opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/types/CryptoManagerTestCase.java | 19 ++++++-------------
opendj-sdk/opends/src/server/org/opends/server/core/TrustStoreSyncThread.java | 27 +++++++++++++++++++++++++--
opendj-sdk/opends/src/server/org/opends/server/types/CryptoManager.java | 8 ++++++++
3 files changed, 39 insertions(+), 15 deletions(-)
diff --git a/opendj-sdk/opends/src/server/org/opends/server/core/TrustStoreSyncThread.java b/opendj-sdk/opends/src/server/org/opends/server/core/TrustStoreSyncThread.java
index d096375..7b2e99e 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/core/TrustStoreSyncThread.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/core/TrustStoreSyncThread.java
@@ -724,11 +724,34 @@
public void handleModifyOperation(PostResponseModifyOperation modifyOperation,
Entry oldEntry, Entry newEntry)
{
- if (!modifyOperation.getEntryDN().isDescendantOf(instanceKeysDN))
+ if (modifyOperation.getEntryDN().isDescendantOf(instanceKeysDN))
{
- return;
+ handleInstanceKeyModifyOperation(newEntry);
}
+ else if (modifyOperation.getEntryDN().isDescendantOf(secretKeysDN))
+ {
+ try
+ {
+ if (newEntry.hasObjectClass(ocCipherKey))
+ {
+ DirectoryServer.getCryptoManager().importCipherKeyEntry(newEntry);
+ }
+ else if (newEntry.hasObjectClass(ocMacKey))
+ {
+ DirectoryServer.getCryptoManager().importMacKeyEntry(newEntry);
+ }
+ }
+ catch (CryptoManager.CryptoManagerException e)
+ {
+ Message message = Message.raw("Failed to import modified key entry: %s",
+ e.getMessage());
+ ErrorLogger.logError(message);
+ }
+ }
+ }
+ private void handleInstanceKeyModifyOperation(Entry newEntry)
+ {
RDN srcRDN = newEntry.getDN().getRDN();
// Only process the entry if it has the expected form of RDN.
diff --git a/opendj-sdk/opends/src/server/org/opends/server/types/CryptoManager.java b/opendj-sdk/opends/src/server/org/opends/server/types/CryptoManager.java
index 553b627..7bc6388 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/types/CryptoManager.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/types/CryptoManager.java
@@ -2312,6 +2312,10 @@
// Check map for existing key entry with the supplied keyID.
CipherKeyEntry keyEntry = getKeyEntry(cryptoManager, keyID);
if (null != keyEntry) {
+ if (isCompromised && !keyEntry.isCompromised())
+ {
+ keyEntry.setIsCompromised();
+ }
// TODO: compare keyEntry with supplied parameters to ensure
// equal.
return keyEntry;
@@ -2765,6 +2769,10 @@
// Check map for existing key entry with the supplied keyID.
MacKeyEntry keyEntry = getKeyEntry(cryptoManager, keyID);
if (null != keyEntry) {
+ if (isCompromised && !keyEntry.isCompromised())
+ {
+ keyEntry.setIsCompromised();
+ }
// TODO: compare keyEntry with supplied parameters to ensure
// equal.
return keyEntry;
diff --git a/opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/types/CryptoManagerTestCase.java b/opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/types/CryptoManagerTestCase.java
index 6a3a6b6..973cf74 100644
--- a/opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/types/CryptoManagerTestCase.java
+++ b/opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/types/CryptoManagerTestCase.java
@@ -31,8 +31,6 @@
import static org.testng.Assert.assertTrue;
import org.opends.server.TestCaseUtils;
-import org.opends.server.schema.DirectoryStringSyntax;
-import org.opends.server.schema.BinarySyntax;
import org.opends.server.protocols.internal.InternalClientConnection;
import org.opends.server.protocols.internal.InternalSearchOperation;
import org.opends.server.config.ConfigConstants;
@@ -349,7 +347,7 @@
@throws Exception In case something exceptional happens.
*/
- @Test(enabled=false)
+ @Test(enabled=true)
public void testCompromisedKey() throws Exception {
final CryptoManager cm = DirectoryServer.getCryptoManager();
final String secretMessage = "zyxwvutsrqponmlkjihgfedcba";
@@ -417,16 +415,11 @@
cipherKeyLength, secretMessage.getBytes());
// test for identical keys
- try {
- Method m = Arrays.class.getMethod("copyOfRange", (new byte[16]).getClass(),
- Integer.TYPE, Integer.TYPE);
- final byte[] keyID = (byte[])m.invoke(null, cipherText, 0, 16);
- final byte[] keyID2 = (byte[])m.invoke(null, cipherText2, 0, 16);
- assertTrue(! Arrays.equals(keyID, keyID2));
- }
- catch (NoSuchMethodException ex) {
- // skip this test - requires at least Java 6
- }
+ final byte[] keyID = new byte[16];
+ final byte[] keyID2 = new byte[16];
+ System.arraycopy(cipherText, 0, keyID, 0, 16);
+ System.arraycopy(cipherText2, 0, keyID2, 0, 16);
+ assertTrue(! Arrays.equals(keyID, keyID2));
// confirm ciphertext produced using compromised key can still
// be decrypted.
--
Gitblit v1.10.0