2 * Copyright (c) 2018 ZTE Corporation. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 package org.opendaylight.netconf.client.mdsal.impl;
10 import static org.hamcrest.CoreMatchers.startsWith;
11 import static org.hamcrest.MatcherAssert.assertThat;
12 import static org.junit.Assert.assertThrows;
13 import static org.junit.Assert.assertTrue;
14 import static org.mockito.ArgumentMatchers.any;
15 import static org.mockito.Mockito.doAnswer;
16 import static org.mockito.Mockito.doReturn;
18 import java.nio.charset.StandardCharsets;
19 import java.security.KeyStoreException;
20 import java.util.ArrayList;
21 import java.util.List;
23 import org.junit.jupiter.api.AfterEach;
24 import org.junit.jupiter.api.BeforeEach;
25 import org.junit.jupiter.api.Test;
26 import org.junit.jupiter.api.extension.ExtendWith;
27 import org.mockito.Mock;
28 import org.mockito.junit.jupiter.MockitoExtension;
29 import org.opendaylight.aaa.encrypt.AAAEncryptionService;
30 import org.opendaylight.mdsal.binding.api.DataBroker;
31 import org.opendaylight.mdsal.binding.api.DataObjectModification;
32 import org.opendaylight.mdsal.binding.api.DataTreeChangeListener;
33 import org.opendaylight.mdsal.binding.api.DataTreeModification;
34 import org.opendaylight.mdsal.binding.api.RpcProviderService;
35 import org.opendaylight.mdsal.singleton.api.ClusterSingletonServiceProvider;
36 import org.opendaylight.netconf.api.xml.XmlUtil;
37 import org.opendaylight.netconf.keystore.legacy.impl.DefaultNetconfKeystoreService;
38 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev231109.Keystore;
39 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev231109._private.keys.PrivateKey;
40 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev231109._private.keys.PrivateKeyBuilder;
41 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev231109._private.keys.PrivateKeyKey;
42 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev231109.trusted.certificates.TrustedCertificate;
43 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev231109.trusted.certificates.TrustedCertificateBuilder;
44 import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev231109.trusted.certificates.TrustedCertificateKey;
45 import org.opendaylight.yangtools.concepts.Registration;
46 import org.w3c.dom.Document;
47 import org.w3c.dom.Element;
49 @ExtendWith(MockitoExtension.class)
50 class DefaultSslContextFactoryProviderTest {
51 private static final String XML_ELEMENT_PRIVATE_KEY = "private-key";
52 private static final String XML_ELEMENT_NAME = "name";
53 private static final String XML_ELEMENT_DATA = "data";
54 private static final String XML_ELEMENT_CERT_CHAIN = "certificate-chain";
55 private static final String XML_ELEMENT_TRUSTED_CERT = "trusted-certificate";
56 private static final String XML_ELEMENT_CERT = "certificate";
59 private DataBroker dataBroker;
61 private RpcProviderService rpcProvider;
63 private ClusterSingletonServiceProvider cssProvider;
65 private AAAEncryptionService encryptionService;
67 private Registration registration;
69 private DataTreeModification<Keystore> dataTreeModification1;
71 private DataTreeModification<Keystore> dataTreeModification2;
73 private DataObjectModification<Keystore> keystoreObjectModification1;
75 private DataObjectModification<Keystore> keystoreObjectModification2;
77 private DataObjectModification<PrivateKey> privateKeyModification;
79 private DataObjectModification<TrustedCertificate> trustedCertificateModification;
81 private DataTreeChangeListener<Keystore> listener;
82 private DefaultNetconfKeystoreService keystore;
87 listener = inv.getArgument(1);
89 }).when(dataBroker).registerTreeChangeListener(any(), any());
90 doReturn(registration).when(cssProvider).registerClusterSingletonService(any());
91 keystore = new DefaultNetconfKeystoreService(dataBroker, rpcProvider, cssProvider, encryptionService);
99 private DefaultSslContextFactoryProvider newProvider() {
100 return new DefaultSslContextFactoryProvider(keystore);
104 void testKeystoreAdapterInit() throws Exception {
105 try (var keystoreAdapter = newProvider()) {
106 final var ex = assertThrows(KeyStoreException.class, () -> keystoreAdapter.getJavaKeyStore(Set.of()));
107 assertThat(ex.getMessage(), startsWith("No keystore private key found"));
112 void testWritePrivateKey() throws Exception {
113 doReturn(keystoreObjectModification1).when(dataTreeModification1).getRootNode();
114 doReturn(List.of(privateKeyModification)).when(keystoreObjectModification1)
115 .getModifiedChildren(PrivateKey.class);
116 doReturn(DataObjectModification.ModificationType.WRITE).when(privateKeyModification).modificationType();
118 final var privateKey = getPrivateKey();
119 doReturn(privateKey).when(privateKeyModification).dataAfter();
121 try (var keystoreAdapter = newProvider()) {
122 listener.onDataTreeChanged(List.of(dataTreeModification1));
124 final var keyStore = keystoreAdapter.getJavaKeyStore(Set.of());
125 assertTrue(keyStore.containsAlias(privateKey.getName()));
130 void testWritePrivateKeyAndTrustedCertificate() throws Exception {
131 // Prepare PrivateKey configuration
132 doReturn(keystoreObjectModification1).when(dataTreeModification1).getRootNode();
134 doReturn(List.of(privateKeyModification)).when(keystoreObjectModification1)
135 .getModifiedChildren(PrivateKey.class);
136 doReturn(DataObjectModification.ModificationType.WRITE).when(privateKeyModification).modificationType();
138 final var privateKey = getPrivateKey();
139 doReturn(privateKey).when(privateKeyModification).dataAfter();
141 // Prepare TrustedCertificate configuration
142 doReturn(keystoreObjectModification2).when(dataTreeModification2).getRootNode();
144 doReturn(List.of()).when(keystoreObjectModification2).getModifiedChildren(PrivateKey.class);
145 doReturn(List.of(trustedCertificateModification)).when(keystoreObjectModification2)
146 .getModifiedChildren(TrustedCertificate.class);
147 doReturn(DataObjectModification.ModificationType.WRITE).when(trustedCertificateModification).modificationType();
149 final var trustedCertificate = getTrustedCertificate();
150 doReturn(trustedCertificate).when(trustedCertificateModification).dataAfter();
152 try (var keystoreAdapter = newProvider()) {
153 // Apply configurations
154 listener.onDataTreeChanged(List.of(dataTreeModification1, dataTreeModification2));
157 final var keyStore = keystoreAdapter.getJavaKeyStore(Set.of());
158 assertTrue(keyStore.containsAlias(privateKey.getName()));
159 assertTrue(keyStore.containsAlias(trustedCertificate.getName()));
163 private static PrivateKey getPrivateKey() throws Exception {
164 final var privateKeys = new ArrayList<PrivateKey>();
165 final var document = readKeystoreXML();
166 final var nodeList = document.getElementsByTagName(XML_ELEMENT_PRIVATE_KEY);
167 for (int i = 0; i < nodeList.getLength(); i++) {
168 if (nodeList.item(i) instanceof Element element) {
169 final var keyName = element.getElementsByTagName(XML_ELEMENT_NAME).item(0).getTextContent();
170 final var keyData = element.getElementsByTagName(XML_ELEMENT_DATA).item(0).getTextContent()
171 .getBytes(StandardCharsets.UTF_8);
172 final var certNodes = element.getElementsByTagName(XML_ELEMENT_CERT_CHAIN);
173 final var certChain = new ArrayList<byte[]>();
174 for (int j = 0; j < certNodes.getLength(); j++) {
175 if (certNodes.item(j) instanceof Element certNode) {
176 certChain.add(certNode.getTextContent().getBytes(StandardCharsets.UTF_8));
180 privateKeys.add(new PrivateKeyBuilder()
181 .withKey(new PrivateKeyKey(keyName))
184 .setCertificateChain(certChain)
189 return privateKeys.get(0);
192 private static TrustedCertificate getTrustedCertificate() throws Exception {
193 final var trustedCertificates = new ArrayList<TrustedCertificate>();
194 final var document = readKeystoreXML();
195 final var nodeList = document.getElementsByTagName(XML_ELEMENT_TRUSTED_CERT);
196 for (int i = 0; i < nodeList.getLength(); i++) {
197 if (nodeList.item(i) instanceof Element element) {
198 final var certName = element.getElementsByTagName(XML_ELEMENT_NAME).item(0).getTextContent();
199 final var certData = element.getElementsByTagName(XML_ELEMENT_CERT).item(0).getTextContent()
200 .getBytes(StandardCharsets.UTF_8);
202 trustedCertificates.add(new TrustedCertificateBuilder()
203 .withKey(new TrustedCertificateKey(certName))
205 .setCertificate(certData)
210 return trustedCertificates.get(0);
213 private static Document readKeystoreXML() throws Exception {
214 return XmlUtil.readXmlToDocument(
215 DefaultSslContextFactoryProviderTest.class.getResourceAsStream("/netconf-keystore.xml"));