From 638451a60281bae47d82a8ac043b3b900c209be3 Mon Sep 17 00:00:00 2001
From: Robert Varga <robert.varga@pantheon.tech>
Date: Sun, 28 Jan 2024 02:45:40 +0100
Subject: [PATCH] Import PKIUtilTest

We have ditched the use of PKIUtil and that class is going away. Rehost
PKIUtilTest to test our code instead. This code is imported from aaa.git
at ee5509ac1864eec537a9f9422fe49fc85b368e48.

JIRA: AAA-269
Change-Id: Ib7b9a41c5ba4e398ac859a8221fa2735d3b62afb
Signed-off-by: Robert Varga <robert.varga@pantheon.tech>
---
 ...ClientConfigurationBuilderFactoryImpl.java |  4 +-
 .../netconf/topology/spi/PKIUtilTest.java     | 78 +++++++++++++++++++
 .../src/test/resources/pki/dsa                | 12 +++
 .../src/test/resources/pki/dsa_encrypted      | 15 ++++
 .../src/test/resources/pki/ecdsa              |  5 ++
 .../src/test/resources/pki/ecdsa_encrypted    |  8 ++
 .../src/test/resources/pki/rsa                | 27 +++++++
 .../src/test/resources/pki/rsa_encrypted      | 30 +++++++
 8 files changed, 178 insertions(+), 1 deletion(-)
 create mode 100644 apps/netconf-topology/src/test/java/org/opendaylight/netconf/topology/spi/PKIUtilTest.java
 create mode 100644 apps/netconf-topology/src/test/resources/pki/dsa
 create mode 100644 apps/netconf-topology/src/test/resources/pki/dsa_encrypted
 create mode 100644 apps/netconf-topology/src/test/resources/pki/ecdsa
 create mode 100644 apps/netconf-topology/src/test/resources/pki/ecdsa_encrypted
 create mode 100644 apps/netconf-topology/src/test/resources/pki/rsa
 create mode 100644 apps/netconf-topology/src/test/resources/pki/rsa_encrypted

diff --git a/apps/netconf-topology/src/main/java/org/opendaylight/netconf/topology/spi/NetconfClientConfigurationBuilderFactoryImpl.java b/apps/netconf-topology/src/main/java/org/opendaylight/netconf/topology/spi/NetconfClientConfigurationBuilderFactoryImpl.java
index cf96f844b0..ad5c935f44 100644
--- a/apps/netconf-topology/src/main/java/org/opendaylight/netconf/topology/spi/NetconfClientConfigurationBuilderFactoryImpl.java
+++ b/apps/netconf-topology/src/main/java/org/opendaylight/netconf/topology/spi/NetconfClientConfigurationBuilderFactoryImpl.java
@@ -9,6 +9,7 @@ package org.opendaylight.netconf.topology.spi;
 
 import static java.util.Objects.requireNonNull;
 
+import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Strings;
 import java.io.IOException;
 import java.io.StringReader;
@@ -162,7 +163,8 @@ public final class NetconfClientConfigurationBuilderFactoryImpl implements Netco
         }
     }
 
-    private static KeyPair decodePrivateKey(final String privateKey, final String passphrase) throws IOException {
+    @VisibleForTesting
+    static KeyPair decodePrivateKey(final String privateKey, final String passphrase) throws IOException {
         try (var keyReader = new PEMParser(new StringReader(privateKey.replace("\\n", "\n")))) {
             final var obj = keyReader.readObject();
 
diff --git a/apps/netconf-topology/src/test/java/org/opendaylight/netconf/topology/spi/PKIUtilTest.java b/apps/netconf-topology/src/test/java/org/opendaylight/netconf/topology/spi/PKIUtilTest.java
new file mode 100644
index 0000000000..ddf2bb2f31
--- /dev/null
+++ b/apps/netconf-topology/src/test/java/org/opendaylight/netconf/topology/spi/PKIUtilTest.java
@@ -0,0 +1,78 @@
+/*
+ * Copyright (c) 2017 Brocade Communication Systems and others.  All rights reserved.
+ * Copyright (c) 2024 PANTHEON.tech, s.r.o.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ */
+package org.opendaylight.netconf.topology.spi;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
+import java.nio.charset.StandardCharsets;
+import java.security.KeyPair;
+import org.bouncycastle.openssl.EncryptionException;
+import org.junit.jupiter.api.Test;
+
+class PKIUtilTest {
+    @Test
+    void testRSAKey() throws Exception {
+        assertNotNull(decodePrivateKey("rsa", ""));
+    }
+
+    @Test
+    void testRSAEncryptedKey() throws Exception {
+        assertNotNull(decodePrivateKey("rsa_encrypted", "passphrase"));
+    }
+
+    @Test
+    void testRSAWrongPassphrase() {
+        final var ex = assertThrows(EncryptionException.class, () -> decodePrivateKey("rsa_encrypted", "wrong"));
+        assertEquals("exception using cipher - please check password and data.", ex.getMessage());
+    }
+
+    @Test
+    void testDSAKey() throws Exception {
+        assertNotNull(decodePrivateKey("dsa", ""));
+    }
+
+    @Test
+    void testDSAEncryptedKey() throws Exception {
+        assertNotNull(decodePrivateKey("dsa_encrypted", "passphrase"));
+    }
+
+    @Test
+    void testDSAWrongPassphrase() {
+        final var ex = assertThrows(EncryptionException.class, () -> decodePrivateKey("dsa_encrypted", "wrong"));
+        assertEquals("exception using cipher - please check password and data.", ex.getMessage());
+    }
+
+    @Test
+    @SuppressWarnings("AbbreviationAsWordInName")
+    void testECDSAKey() throws Exception {
+        assertNotNull(decodePrivateKey("ecdsa", ""));
+    }
+
+    @Test
+    @SuppressWarnings("AbbreviationAsWordInName")
+    void testECDSAEncryptedKey() throws Exception {
+        assertNotNull(decodePrivateKey("ecdsa_encrypted", "passphrase"));
+    }
+
+    @Test
+    @SuppressWarnings("AbbreviationAsWordInName")
+    void testECDSAWrongPassphrase() {
+        final var ex = assertThrows(EncryptionException.class, () -> decodePrivateKey("ecdsa_encrypted", "wrong"));
+        assertEquals("exception using cipher - please check password and data.", ex.getMessage());
+    }
+
+    private static KeyPair decodePrivateKey(final String resourceName, final String password) throws Exception {
+        return NetconfClientConfigurationBuilderFactoryImpl.decodePrivateKey(
+            new String(PKIUtilTest.class.getResourceAsStream("/pki/" + resourceName).readAllBytes(),
+                StandardCharsets.UTF_8),
+            password);
+    }
+}
diff --git a/apps/netconf-topology/src/test/resources/pki/dsa b/apps/netconf-topology/src/test/resources/pki/dsa
new file mode 100644
index 0000000000..68ed4d13a2
--- /dev/null
+++ b/apps/netconf-topology/src/test/resources/pki/dsa
@@ -0,0 +1,12 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBugIBAAKBgQDX2jD1uOw2ouCMmYa3ONWd/79UtIBoh3yRnL098mse0Uenhfib
++OhoH89eQSsuzr7rYaQmTYbPJbiNJW4TNV6uKVUCxA94tz7Q8EGeQBdK6RJ1s4p5
+drjRjBpv7FECXAva4lbmt391mKXrT15/lRPHa+F0NiknSfCT9gswV+forwIVAKtd
+cQ9lRCU7EF0jRTXyOzzgCJQdAoGAdUFEoZBGzu20Wh1hZLgnU4CJDaXgYViMQ7dZ
+uOTnU2zh79FswQr80FlgD7ki4MrjNRKEP7gnzB/k0Ohxha0Jci/gOcdQ1l4IUEGH
+IdHRjectiBGvjyoPUaWqCXNus4SGRVDdNWOy+LDHKgVe7oV0ogheJjutuR6hZJ6S
+0bejpfUCgYBfEfz5iIoInPUHqCroAU8jhZQk0GKVtTrBYXAYfubFHrE84f9cjgOx
+PfMSXq/nsctPlpRasAnPBX7PnK2+vRHATZxHKWBt04X5FjhkZFI8mb9hoxhEEUaN
+aiAAk6T9ECO+dUpzkHdhe44SuMdbS5iF7siuWVI91x7fMhWaS+7M6wIUJn1Bxaxb
+HjGSrtESj4x14sl1J9Y=
+-----END DSA PRIVATE KEY-----
\ No newline at end of file
diff --git a/apps/netconf-topology/src/test/resources/pki/dsa_encrypted b/apps/netconf-topology/src/test/resources/pki/dsa_encrypted
new file mode 100644
index 0000000000..471a986d3c
--- /dev/null
+++ b/apps/netconf-topology/src/test/resources/pki/dsa_encrypted
@@ -0,0 +1,15 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-128-CBC,CE6BEEFDDD9D34F115A3356B4189A05E
+
+Ml+tLoRvTkJUlDABwksLkOD2F0g8kOObX5tNuS7vOMKM3YM7DgjR0Au4J7x5rQzn
++0hzWDQbbFdY71Ybe7UA8aSpkiig01Ti2c3aNHcXMPNTSLpaHCPTWmGp5eVwmB1D
+OxvfwHhhAu1N1yKJBdgwFI1n+8EFU4qjROsElNB05/jcDeVGQsk0pG9HgJlw7WXM
+8MkOi0YKcB/ig51sYP+cb9ZNs9+lTwY708l5kWV8MrocMoA5fb16shCBRsijBE6p
+O6u9wjjRcOFvk2qZzZCCStcBkhRZhr+FBsvcuU9aHgcTKb3JXIhwXTKxkYspWn/z
+qcWiC+4FVT/QnrU1bA0a/DE4AqjX9/yS3tRSX50W2X8wEcYnjay9ziaYAglt0bNJ
+laCYNFKn5fdYQtBAOV/JerfrjGCOD54I1Ml7KV93m6GvVUlMabWbHdi6khaJahYj
+eh2Sa+243JnH2sFpMGmXtTLXqZ90r44M4LjoafcPyC9sEE5Wo4FlBSCit0qrzdiq
+SeWmWkjzeiB+s4F5vamYjICuSiUy2w5pKUZUtxWIwbb3TR63yK0+zIhevPoeplsk
+Ho5E5e+NIGl+XjpWar7UVw==
+-----END DSA PRIVATE KEY-----
\ No newline at end of file
diff --git a/apps/netconf-topology/src/test/resources/pki/ecdsa b/apps/netconf-topology/src/test/resources/pki/ecdsa
new file mode 100644
index 0000000000..396ab593cc
--- /dev/null
+++ b/apps/netconf-topology/src/test/resources/pki/ecdsa
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIDSsy5OjA1O8UoAZPVaLQW6AO94uZfpz613OYNfyrJ0ioAoGCCqGSM49
+AwEHoUQDQgAEGHbGMutC96N8UDSdU2xVMi6gSQTIr7XfhBBEUP6GIZJ5uMvb8yy1
+nZf3WwMCXBrUOOb3MRRxl+0kxb7MBCcrWA==
+-----END EC PRIVATE KEY-----
\ No newline at end of file
diff --git a/apps/netconf-topology/src/test/resources/pki/ecdsa_encrypted b/apps/netconf-topology/src/test/resources/pki/ecdsa_encrypted
new file mode 100644
index 0000000000..eae5538ae0
--- /dev/null
+++ b/apps/netconf-topology/src/test/resources/pki/ecdsa_encrypted
@@ -0,0 +1,8 @@
+-----BEGIN EC PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-128-CBC,44F79772666E794C848D5BFD39E9C880
+
+8F7aUxNriYZ+JDwir6lREQYcaUck14MP27niojRCssZKTDfBkMsknUcWQgCDqh4E
+kAkClTRfdfrcPGLMhHDKhwrd/1EbEskOpXHdxIBAcKc7KhUSQyb3gZlRZdkaZWNo
+Vt31vRK7tHhmmhlEPmZr7nzilH1yySkcXhNUQzZJJc0=
+-----END EC PRIVATE KEY-----
\ No newline at end of file
diff --git a/apps/netconf-topology/src/test/resources/pki/rsa b/apps/netconf-topology/src/test/resources/pki/rsa
new file mode 100644
index 0000000000..68e61eb9c8
--- /dev/null
+++ b/apps/netconf-topology/src/test/resources/pki/rsa
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAq8ypxe2iWBmnY3DfDffK5OyW5Z7FIeLug6m7kRsGoat5jRXf
+G3tWcYGkHokWL7QMf+PsQfOxy46+c7mmx0u20TRIVQ5qcJpwvfkkJg6xfh5u1Wno
+K/rTxZ2Tno28yXwnMxItRqnpGxXl/DaPdMtxdO+MW0EQvMWwlrKgSEXSrZHoLWyR
+A6jUN1t1noi9fT2Pq9xadhJWkD0TNZBx0aMqeg91OlCcPKBenpfMi8D/u+uMa/F3
+iznD6HxARUz1UJRtDi7cFMi0pYw0tlTZOMWDneQwI/lRdZ6JDWea+qRKQ4R2LAyf
+lFlYi0ILLgfrd7uHbhRa3f/+CIJU4Jbv/2B9OwIDAQABAoIBAAH+sWX7+WueeKQd
+9mkaHIAGA0aNTmqzUOO0f9oSf0Q3UoUB4QJXr0xIHhjArMJHC/IcOm0VoFXlxW5g
+lIAx7+CEA+cA8Nl34aFDGFlcyFDXl5/gx/Jiyjy8NK+do7iPOYFNT7tHU86dtXr1
+Qzsu9ZVPBsk0ezZF8WP+lP/h161uRG3Ztcc0veljBVDuwVQO9s7Rr66/CmlUWLqw
+dw38BNJHboza/8W/sft9NyEPz5u+OumFL3AtlHpu2K7CrZ+6WJ23QMMtON6mrNpK
+ro485qVhUFEJ/IRkZsfpXVAQciJ1v9B9KuBpgKyoNJwkl6m7LlgSSBZSJlX7Q29e
+bSJdpyECgYEA1eC24tsBZiQNws7XgFL2jMFtv8Y6ewZnx6dTWcp2xSRllvexZZSD
+w2R4g0HIqXGLu/S13JOBpPAg7TwylsrPzX0FZ4qk+4++EEshwGYUY1OInmeSjlup
+zA65WWplUQYPuXUAFuYMn6DoV661MZ5WWQ+TTNowIGI1oM5ad1a9ftECgYEAzaJx
+2kFfZqGfiyG/8+SLWG8kw5UGOkdOtzD9mboc/J07QA5Lk0BX5zD5EK48vLS7GDPr
+jmYNWH12Mol8d/PH3yAs/qe/ddkR7OyImAJOmaLYI51ZyrYSnp0Tb9ek1fMmmaY8
+Lf6SU/EeZ7C0rvm99x1eWizF46kgKJbTAlDodksCgYEAzzXlOihAVLr9cg1/j93Q
+7FHCiJf+tI5iIXalNEsJgrpeikLzZZzbg4RllZU4WaGeZb0SLN/kLO5QmEdII/ve
+FBHaGJSkfuymkZaY3pSHkCuwIvfpb26zNPXW8SA5hKRAu8b1DTpYZJc6QykKd0YW
+FjcW2NBS7Cz6FA+YaiJpeOECgYEAvdVKD7er754jIBkvEGOa9C/em6O2lRSBKYLT
+ixgSbG5mZVMNF8odnDNMqsZ/EaIy2jwMKHAzv85K0Iq12jK2AFi+0PRhPtT+xF70
+FoiCsThxGifH3ehJth3B9Mz5wf1vVAbvpXJO+aktbYHmu2WYpkl5cfvFT88w/eeG
+squofpMCgYEAmfpGOGhFP44FUGSQ3hu9B5oEVRgz5HlT7UFW91vG1QnkH2ki95xB
+x6/miOzmAQTa8U5PataFPe/8FFOKk6nweo1ZP18/C4RY63WeQJxCstHSsqevYlZa
+yhvFwUxJoz3u3JywcDHBrbRTDZTmQgz4qWGtqSpW35lYc1mX85OTc0I=
+-----END RSA PRIVATE KEY-----
\ No newline at end of file
diff --git a/apps/netconf-topology/src/test/resources/pki/rsa_encrypted b/apps/netconf-topology/src/test/resources/pki/rsa_encrypted
new file mode 100644
index 0000000000..d48b04fcb2
--- /dev/null
+++ b/apps/netconf-topology/src/test/resources/pki/rsa_encrypted
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-128-CBC,1BB466DFE9DCC889D4FA4A9B767D7C0B
+
+DR/EgP23gGyjT1yffiBHSWgREeMivLXEpTbZvx4Bu4ey+gNEASTZI3Gs31uV6PFO
+EeCekNIKURdnqcBaJLkWitdRkaEWCJePYBFTg4U6S/IPcLaelUCUVaM+Bfs46End
+Z48FQfn/yBOjU1r0vnvM8fFYw4fQ2ixmuGUltX3VYThyzcmIzBz7cPQFpFx2JkQn
+boWMUUkHQTnSQNEG9o9pJA0Mf5rBawjwJ/ftvzjLJOIau7o2DbK3k6aDvZmqcD99
+2WD58yjiMiPogl74iXzKyJS7RTWG129juUKDM3m3LDhVzFxV902BKdNZRKOSJhOU
+zdDAnlX2NZjnK/6gFjyE/WwAI4JiNAntxbKgtBp4T7+RjsfMvEwFhSJUN2xs8SEd
+siEu6B7mqWE1VQVPLlrAuar3OHHhueXbDJlZxc+RMQ/4mLCvYXU7FLMzz8Cs72ME
+eKWSpxYHCdbdrGUCgvnDI5tmGSgEoWG6dwJViLO4sXpktY6vnvj5B0oCt04JEbyL
+DgKQtRA0idGFq/+reRyxiiom1Ot91+WBc86O8WWn0ReK5Mv86OZgPjvAY8x9Msss
+iPYn/OCCUQW9qadQVaY/7QnM8AOIRiu4RDo9azKfHfkPE+3UAiJDNmM/VSeXiXlV
+X2PZ0ObpNyAFiZDIabdQ2pmdLPVm9Iy/aYfpaIPUnBpIWfpW/AP9ffLojVk9HfR6
+pIiTfs2TJaZ/LttNi4wSgAA3nGmJWCCO0SyT80I6wivSSkPlnj3wKyVPtFRPelb8
+a5CAuLGKpx7nUlgYAyg4Bw9H+s7txpm3MqpD3VcTIYcNzDeskq1TTlzxJ02MZyxA
+3WENOWtbq9ZdTj1imgJcL+XCNPfF7UogPM5xCSiT1pz4uK9KMYwpLaprfVX3Po2D
+tAMlyrNBs3pvueSHhA44op8h3mSPcXG6KlJc9Z9NR+C3ox7rDhx/plP456Ivd8cq
+j9ciMHEM37yQnike8AmkYD/IKr3aACKQbJcFuzspVk0eBHBNXourXFrUD9eovbqW
+TKUfm5cYrDnsaAsLwYwJBEf4KU35umU7gcgLj9WAInpqSSi+kgbu8b58PnrKQC24
+zPYpniaFiaCzVmrTE6O1kyybsT61sKvSNLS9BQgc0CAFEyqB8xSxB/KCwu3pv0BO
+gPGrze/fp1zUfv12Ns1he5WwlrY1f+3LjJ6r0Xm2+5PbZOv9PURZU/CqLoJRBeKg
+rMVwVKMhediZE+mwvQex/Lx0djFOuZ3mYSR2WB5tAqf62gKlA5wW6/LdawuBOzv7
+VVcSTgzoz3SY5k15afSlJOPGPR7hgqKePR4z64AHmiEbCHm6nA0D1dT0R3ErcGFa
+t2J6s4SnObswY2Yd1Eg+4e6FUgOJ/RAozpSKXETVbNk4iUoDxsgz7KYx0eVX52mI
+1vVvoPs4LIp/IxYgpFXf70TRYcDmGINmPb6Oibe7jEX3CuMQkrHc3f98t7uKM2fg
+UuSEhEkoZvHMDvNm3HnfRgzcqVr8RLol4+yD/3yJf6IGA2p5OWcEg064Nog4gIW8
+sRpWC8J4RgMlUrpqwtxrQtG/ymrg3mJV+37ktGUD60pAgqXpNFkGI6WR+A+3H2WP
+-----END RSA PRIVATE KEY-----
\ No newline at end of file
-- 
2.36.6