[GitHub] risdenk commented on a change in pull request #61: KNOX-1793 - DefaultKeystoreService should not validate the signing key on initialization

Tue, 26 Feb 2019 14:47:34 -0800 

risdenk commented on a change in pull request #61: KNOX-1793 - 
DefaultKeystoreService should not validate the signing key on initialization
URL: https://github.com/apache/knox/pull/61#discussion_r260522764
 
 

 ##########
 File path: 
gateway-server/src/test/java/org/apache/knox/gateway/services/token/impl/DefaultTokenAuthorityServiceTest.java
 ##########
 @@ -327,4 +327,215 @@ public void testTokenCreationCustomSigningKey() throws 
Exception {
     assertFalse(ta.verifyToken(token));
     assertTrue(ta.verifyToken(token, customPublicKey));
   }
+
+  @Test
+  public void testServiceStart() throws Exception {
+    /*
+     Generated testSigningKeyName.jks with the following commands:
+     cd gateway-server/src/test/resources/keystores/
+     keytool -genkey -alias testSigningKeyAlias -keyalg RSA -keystore 
testSigningKeyName.jks \
+         -storepass testSigningKeyPassphrase -keypass testSigningKeyPassphrase 
-keysize 2048 \
+         -dname 'CN=testSigningKey,OU=example,O=Apache,L=US,ST=CA,C=US' 
-noprompt
+     */
+
+    String basedir = System.getProperty("basedir");
+    if (basedir == null) {
+      basedir = new File(".").getCanonicalPath();
+    }
+
+    GatewayConfig config = EasyMock.createMock(GatewayConfig.class);
+    EasyMock.expect(config.getGatewayKeystoreDir()).andReturn(basedir + 
"/target/test-classes/keystores").atLeastOnce();
+    EasyMock.expect(config.getSigningKeystorePath()).andReturn(basedir + 
"/target/test-classes/keystores/server-keystore.jks").atLeastOnce();
+    
EasyMock.expect(config.getSigningKeystoreType()).andReturn("jks").atLeastOnce();
+    
EasyMock.expect(config.getSigningKeystorePasswordAlias()).andReturn(GatewayConfig.DEFAULT_SIGNING_KEYSTORE_PASSWORD_ALIAS).anyTimes();
+    
EasyMock.expect(config.getSigningKeyAlias()).andReturn("server").anyTimes();
+
+    MasterService ms = EasyMock.createMock(MasterService.class);
+    
EasyMock.expect(ms.getMasterSecret()).andReturn("horton".toCharArray()).atLeastOnce();
+
+    AliasService as = EasyMock.createMock(AliasService.class);
+    
EasyMock.expect(as.getSigningKeyPassphrase()).andReturn("horton".toCharArray()).atLeastOnce();
+
+    EasyMock.replay(config, ms, as);
+
+    DefaultKeystoreService ks = new DefaultKeystoreService();
+    ks.setMasterService(ms);
+    ks.init(config, new HashMap<>());
+    ks.start();
+
+    DefaultTokenAuthorityService ta = new DefaultTokenAuthorityService();
+    ta.setAliasService(as);
+    ta.setKeystoreService(ks);
+    ta.init(config, new HashMap<>());
+    ta.start();
+
+    EasyMock.verify(config, ms, as);
 
 Review comment:
   Should stop the ks and ts to follow the rest of the lifecycle?

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

Reply via email to