1 package com.atlassian.asap.core.keys.privatekey;
2
3 import com.atlassian.asap.api.exception.CannotRetrieveKeyException;
4 import com.atlassian.asap.core.keys.DataUriKeyReader;
5 import com.atlassian.asap.core.keys.KeyProvider;
6 import com.atlassian.asap.core.validator.ValidatedKeyId;
7 import org.junit.Rule;
8 import org.junit.Test;
9 import org.junit.rules.ExpectedException;
10 import org.mockito.Mock;
11 import org.mockito.junit.MockitoJUnit;
12 import org.mockito.junit.MockitoRule;
13
14 import java.io.InputStreamReader;
15 import java.net.URI;
16 import java.security.PrivateKey;
17 import java.util.Optional;
18
19 import static com.atlassian.asap.core.keys.privatekey.EnvironmentVariableKeyProvider.Environment;
20 import static org.hamcrest.Matchers.containsString;
21 import static org.hamcrest.Matchers.not;
22 import static org.junit.Assert.assertSame;
23 import static org.mockito.Matchers.any;
24 import static org.mockito.Mockito.when;
25
26 public class EnvironmentVariableKeyProviderTest {
27 private static final String VALID_KID = "issuer/kid";
28 private static final String PROPERTY_NAME = "property.name";
29 private static final URI VALID_URL = URI.create("env:///" + PROPERTY_NAME);
30 private static final String VALID_KEY_DATA = "data:application/pkcs8;kid=issuer%2Fkid;base64,EncodedKeyData";
31
32 @Rule
33 public final MockitoRule mockitoRule = MockitoJUnit.rule();
34
35 @Rule
36 public final ExpectedException expectedException = ExpectedException.none();
37
38 @Mock
39 private DataUriKeyReader keyReader;
40 @Mock
41 private Environment environment;
42 @Mock
43 private PrivateKey privateKey;
44
45 @Test
46 public void shouldBeAbleToReadKeyFromEnvironment() throws Exception {
47 when(environment.getVariable(PROPERTY_NAME)).thenReturn(Optional.of(VALID_KEY_DATA));
48 when(keyReader.readPrivateKey(any(InputStreamReader.class))).thenReturn(privateKey);
49 KeyProvider<PrivateKey> keyProvider = new EnvironmentVariableKeyProvider(PROPERTY_NAME, keyReader, environment);
50
51 assertSame(privateKey, keyProvider.getKey(ValidatedKeyId.validate(VALID_KID)));
52 }
53
54 @Test
55 public void shouldFailWhenKeyIsNotAUri() throws Exception {
56 when(environment.getVariable(PROPERTY_NAME)).thenReturn(Optional.of("unparseable private key data uri"));
57
58 expectedException.expect(IllegalArgumentException.class);
59 expectedException.expectMessage(not(containsString("private key")));
60
61 KeyProvider<PrivateKey> keyProvider = new EnvironmentVariableKeyProvider(PROPERTY_NAME, keyReader, environment);
62 keyProvider.getKey(ValidatedKeyId.validate(VALID_KID));
63 }
64
65 @Test
66 public void shouldFailWhenKeyParserFails() throws Exception {
67 when(environment.getVariable(PROPERTY_NAME)).thenReturn(Optional.of(VALID_KEY_DATA));
68 when(keyReader.readPrivateKey(any(InputStreamReader.class)))
69 .thenThrow(new CannotRetrieveKeyException("Random error"));
70
71 expectedException.expect(IllegalArgumentException.class);
72 expectedException.expectMessage(not(containsString(VALID_KEY_DATA)));
73
74
75 KeyProvider<PrivateKey> keyProvider = new EnvironmentVariableKeyProvider(PROPERTY_NAME, keyReader, environment);
76 keyProvider.getKey(ValidatedKeyId.validate(VALID_KID));
77 }
78
79 @Test
80 public void shouldFailWhenEnvironmentVariableIsNotDefined() throws Exception {
81 when(environment.getVariable(PROPERTY_NAME)).thenReturn(Optional.empty());
82
83 expectedException.expect(IllegalArgumentException.class);
84
85 KeyProvider<PrivateKey> keyProvider = EnvironmentVariableKeyProvider.fromUri(VALID_URL, keyReader);
86 keyProvider.getKey(ValidatedKeyId.validate("some/other/key/identifier"));
87 }
88
89 @Test(expected = IllegalArgumentException.class)
90 public void shouldFailToConstructIfUriDoesNotHaveEnvSchema() throws Exception {
91 EnvironmentVariableKeyProvider.fromUri(new URI("env:opaque"), keyReader);
92 }
93 }