risdenk commented on a change in pull request #61: KNOX-1793 - DefaultKeystoreService should not validate the signing key on initialization URL: https://github.com/apache/knox/pull/61#discussion_r260522764
########## File path: gateway-server/src/test/java/org/apache/knox/gateway/services/token/impl/DefaultTokenAuthorityServiceTest.java ########## @@ -327,4 +327,215 @@ public void testTokenCreationCustomSigningKey() throws Exception { assertFalse(ta.verifyToken(token)); assertTrue(ta.verifyToken(token, customPublicKey)); } + + @Test + public void testServiceStart() throws Exception { + /* + Generated testSigningKeyName.jks with the following commands: + cd gateway-server/src/test/resources/keystores/ + keytool -genkey -alias testSigningKeyAlias -keyalg RSA -keystore testSigningKeyName.jks \ + -storepass testSigningKeyPassphrase -keypass testSigningKeyPassphrase -keysize 2048 \ + -dname 'CN=testSigningKey,OU=example,O=Apache,L=US,ST=CA,C=US' -noprompt + */ + + String basedir = System.getProperty("basedir"); + if (basedir == null) { + basedir = new File(".").getCanonicalPath(); + } + + GatewayConfig config = EasyMock.createMock(GatewayConfig.class); + EasyMock.expect(config.getGatewayKeystoreDir()).andReturn(basedir + "/target/test-classes/keystores").atLeastOnce(); + EasyMock.expect(config.getSigningKeystorePath()).andReturn(basedir + "/target/test-classes/keystores/server-keystore.jks").atLeastOnce(); + EasyMock.expect(config.getSigningKeystoreType()).andReturn("jks").atLeastOnce(); + EasyMock.expect(config.getSigningKeystorePasswordAlias()).andReturn(GatewayConfig.DEFAULT_SIGNING_KEYSTORE_PASSWORD_ALIAS).anyTimes(); + EasyMock.expect(config.getSigningKeyAlias()).andReturn("server").anyTimes(); + + MasterService ms = EasyMock.createMock(MasterService.class); + EasyMock.expect(ms.getMasterSecret()).andReturn("horton".toCharArray()).atLeastOnce(); + + AliasService as = EasyMock.createMock(AliasService.class); + EasyMock.expect(as.getSigningKeyPassphrase()).andReturn("horton".toCharArray()).atLeastOnce(); + + EasyMock.replay(config, ms, as); + + DefaultKeystoreService ks = new DefaultKeystoreService(); + ks.setMasterService(ms); + ks.init(config, new HashMap<>()); + ks.start(); + + DefaultTokenAuthorityService ta = new DefaultTokenAuthorityService(); + ta.setAliasService(as); + ta.setKeystoreService(ks); + ta.init(config, new HashMap<>()); + ta.start(); + + EasyMock.verify(config, ms, as); Review comment: Should stop the ks and ts to follow the rest of the lifecycle? ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services