[
https://issues.apache.org/jira/browse/KNOX-1793?focusedWorklogId=204846&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-204846
]
ASF GitHub Bot logged work on KNOX-1793:
----------------------------------------
Author: ASF GitHub Bot
Created on: 26/Feb/19 23:10
Start Date: 26/Feb/19 23:10
Worklog Time Spent: 10m
Work Description: rlevas commented on pull request #61: KNOX-1793 -
DefaultKeystoreService should not validate the signing key on initialization
URL: https://github.com/apache/knox/pull/61#discussion_r260530244
##########
File path:
gateway-server/src/test/java/org/apache/knox/gateway/services/token/impl/DefaultTokenAuthorityServiceTest.java
##########
@@ -327,4 +327,215 @@ public void testTokenCreationCustomSigningKey() throws
Exception {
assertFalse(ta.verifyToken(token));
assertTrue(ta.verifyToken(token, customPublicKey));
}
+
+ @Test
+ public void testServiceStart() throws Exception {
+ /*
+ Generated testSigningKeyName.jks with the following commands:
+ cd gateway-server/src/test/resources/keystores/
+ keytool -genkey -alias testSigningKeyAlias -keyalg RSA -keystore
testSigningKeyName.jks \
+ -storepass testSigningKeyPassphrase -keypass testSigningKeyPassphrase
-keysize 2048 \
+ -dname 'CN=testSigningKey,OU=example,O=Apache,L=US,ST=CA,C=US'
-noprompt
+ */
+
+ String basedir = System.getProperty("basedir");
+ if (basedir == null) {
+ basedir = new File(".").getCanonicalPath();
+ }
+
+ GatewayConfig config = EasyMock.createMock(GatewayConfig.class);
+ EasyMock.expect(config.getGatewayKeystoreDir()).andReturn(basedir +
"/target/test-classes/keystores").atLeastOnce();
+ EasyMock.expect(config.getSigningKeystorePath()).andReturn(basedir +
"/target/test-classes/keystores/server-keystore.jks").atLeastOnce();
+
EasyMock.expect(config.getSigningKeystoreType()).andReturn("jks").atLeastOnce();
+
EasyMock.expect(config.getSigningKeystorePasswordAlias()).andReturn(GatewayConfig.DEFAULT_SIGNING_KEYSTORE_PASSWORD_ALIAS).anyTimes();
+
EasyMock.expect(config.getSigningKeyAlias()).andReturn("server").anyTimes();
+
+ MasterService ms = EasyMock.createMock(MasterService.class);
+
EasyMock.expect(ms.getMasterSecret()).andReturn("horton".toCharArray()).atLeastOnce();
+
+ AliasService as = EasyMock.createMock(AliasService.class);
+
EasyMock.expect(as.getSigningKeyPassphrase()).andReturn("horton".toCharArray()).atLeastOnce();
+
+ EasyMock.replay(config, ms, as);
+
+ DefaultKeystoreService ks = new DefaultKeystoreService();
+ ks.setMasterService(ms);
+ ks.init(config, new HashMap<>());
+ ks.start();
+
+ DefaultTokenAuthorityService ta = new DefaultTokenAuthorityService();
+ ta.setAliasService(as);
+ ta.setKeystoreService(ks);
+ ta.init(config, new HashMap<>());
+ ta.start();
+
+ EasyMock.verify(config, ms, as);
Review comment:
This seems unnecessary for the test since we are only testing the start
process. Also both stop operations are no-ops anyway. Maybe a stop test
(`testServiceStop()`) is in order?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
-------------------
Worklog Id: (was: 204846)
Time Spent: 50m (was: 40m)
> DefaultKeystoreService should not validate the signing key on initialization
> ----------------------------------------------------------------------------
>
> Key: KNOX-1793
> URL: https://issues.apache.org/jira/browse/KNOX-1793
> Project: Apache Knox
> Issue Type: Improvement
> Components: Server
> Affects Versions: 1.3.0
> Reporter: Robert Levas
> Assignee: Robert Levas
> Priority: Major
> Fix For: 1.3.0
>
> Time Spent: 50m
> Remaining Estimate: 0h
>
> The {{org.apache.knox.gateway.services.security.impl.DefaultKeystoreService}}
> implementation should not validate the _signing_ key on initialization. This
> should be a validation task for users of the signing key.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
