Add mutual ssl certificate validation test case

Add mutual ssl certificate validation test case for head only exported client certificate Remove unnecessary user and application creation
wso2 · Mar 17, 2024 · 61e9567 · 61e9567
1 parent 9408aae
commit 61e9567
Show file tree

Hide file tree

Showing 3 changed files with 61 additions and 78 deletions.
diff --git a/...tegration/tests/api/lifecycle/APISecurityMutualSSLCertificateChainValidationTestCase.java b/...tegration/tests/api/lifecycle/APISecurityMutualSSLCertificateChainValidationTestCase.java
@@ -26,32 +26,24 @@
 import org.testng.annotations.Factory;
 import org.testng.annotations.Test;
 import org.wso2.am.integration.clients.publisher.api.ApiException;
-import org.wso2.am.integration.clients.publisher.api.ApiResponse;
 import org.wso2.am.integration.clients.publisher.api.v1.dto.APIDTO;
 import org.wso2.am.integration.clients.publisher.api.v1.dto.APIOperationsDTO;
-import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationDTO;
-import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationKeyDTO;
-import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationKeyGenerateRequestDTO;
 import org.wso2.am.integration.test.utils.APIManagerIntegrationTestException;
 import org.wso2.am.integration.test.utils.base.APIMIntegrationConstants;
-import org.wso2.am.integration.test.utils.bean.APILifeCycleAction;
 import org.wso2.am.integration.test.utils.bean.APIRequest;
 import org.wso2.am.integration.test.utils.http.HTTPSClientUtils;
-import org.wso2.am.integration.test.utils.http.HttpRequestUtil;
 import org.wso2.carbon.automation.engine.annotations.ExecutionEnvironment;
 import org.wso2.carbon.automation.engine.annotations.SetEnvironment;
 import org.wso2.carbon.automation.engine.context.TestUserMode;
 import org.wso2.carbon.automation.test.utils.http.client.HttpResponse;
 import org.wso2.carbon.integration.common.utils.exceptions.AutomationUtilException;
-import org.wso2.carbon.um.ws.api.stub.ClaimValue;
 import org.wso2.carbon.um.ws.api.stub.RemoteUserStoreManagerServiceUserStoreExceptionException;
 import org.wso2.carbon.user.core.UserStoreException;
 
 import javax.xml.xpath.XPathExpressionException;
 import java.io.File;
 import java.io.IOException;
 import java.net.URL;
-import java.rmi.RemoteException;
 import java.security.KeyManagementException;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
@@ -65,16 +57,12 @@
 public class APISecurityMutualSSLCertificateChainValidationTestCase extends APIManagerLifecycleBaseTest {
 
  private final String rootCertAPI = "rootCertAPI";
+ private final String intermediateCertAPI = "intermediateCertAPI";
  private final String API_END_POINT_METHOD = "/customers/123";
  private final String API_VERSION_1_0_0 = "1.0.0";
- private final String APPLICATION_NAME = "APISecurityMutualSSLCertificateChainValidationTestCase";
- private String accessToken;
  private final String API_END_POINT_POSTFIX_URL = "jaxrs_basic/services/customers/customerservice/";
  private String apiEndPointUrl;
- private String applicationId;
- private String apiId1;
- String users[] = { "apisecUser", "apisecUser2@wso2.com", "apisecUser2@abc.com" };
- String endUserPassword = "password@123";
+ private String apiId1, apiId2;
 
  @DataProvider
  public static Object[][] userModeDataProvider() {
@@ -83,15 +71,6 @@ public static Object[][] userModeDataProvider() {
  new Object[] { TestUserMode.TENANT_ADMIN } };
  }
 
- private void createUser()
- throws RemoteException, RemoteUserStoreManagerServiceUserStoreExceptionException, UserStoreException {
-
- for (String user : users) {
- remoteUserStoreManagerServiceClient.addUser(user, endUserPassword, new String[] {}, new ClaimValue[] {},
- "default", false);
- }
- }
-
  @Factory(dataProvider = "userModeDataProvider")
  public APISecurityMutualSSLCertificateChainValidationTestCase(TestUserMode userMode) {
 
@@ -105,7 +84,6 @@ public void initialize() throws APIManagerIntegrationTestException, IOException,
  UserStoreException {
 
  super.init(userMode);
- createUser();
  apiEndPointUrl = backEndServerUrl.getWebAppURLHttp() + API_END_POINT_POSTFIX_URL;
 
  APIRequest apiRequest1 = new APIRequest(rootCertAPI, rootCertAPI, new URL(apiEndPointUrl));
@@ -136,60 +114,44 @@ public void initialize() throws APIManagerIntegrationTestException, IOException,
  HttpResponse response1 = restAPIPublisher.addAPI(apiRequest1);
  apiId1 = response1.getData();
 
- String certOne = getAMResourceLocation() + File.separator + "lifecycletest" + File.separator + "mutualssl"
+ String rootCertPath = getAMResourceLocation() + File.separator + "lifecycletest" + File.separator + "mutualssl"
  + File.separator + "cert_chain_root.cer";
- restAPIPublisher.uploadCertificate(new File(certOne), "example", apiId1,
+ restAPIPublisher.uploadCertificate(new File(rootCertPath), "cert_chain_root", apiId1,
  APIMIntegrationConstants.API_TIER.UNLIMITED);
- }
-
- @Test(description = "This test case tests the behaviour of internal Key token on Created API with authentication "
- + "types")
- public void testCreateAndDeployRevisionWithInternalKeyTesting()
- throws JSONException, ApiException, XPathExpressionException, APIManagerIntegrationTestException,
- IOException, org.wso2.am.integration.clients.store.api.ApiException, InterruptedException {
-
  createAPIRevisionAndDeployUsingRest(apiId1, restAPIPublisher);
- APIDTO api1 = restAPIPublisher.getAPIByID(apiId1);
- waitForAPIDeploymentSync(api1.getProvider(), api1.getName(), api1.getVersion(),
- APIMIntegrationConstants.IS_API_EXISTS);
- ApiResponse<org.wso2.am.integration.clients.publisher.api.v1.dto.APIKeyDTO> keyDTOApiResponse1 = restAPIPublisher.generateInternalApiKey(
- apiId1);
- Assert.assertEquals(keyDTOApiResponse1.getStatusCode(), 200);
- HttpResponse httpResponse1 = invokeApiWithInternalKey(rootCertAPI, API_VERSION_1_0_0, API_END_POINT_METHOD,
- keyDTOApiResponse1.getData().getApikey());
- Assert.assertEquals(httpResponse1.getResponseCode(), 200);
- restAPIPublisher.changeAPILifeCycleStatus(apiId1, APILifeCycleAction.PUBLISH.getAction());
-
- HttpResponse applicationResponse = restAPIStore.createApplication(APPLICATION_NAME, "Test Application",
- APIMIntegrationConstants.APPLICATION_TIER.UNLIMITED, ApplicationDTO.TokenTypeEnum.JWT);
 
- applicationId = applicationResponse.getData();
- ArrayList grantTypes = new ArrayList();
- grantTypes.add(APIMIntegrationConstants.GRANT_TYPE.PASSWORD);
- grantTypes.add(APIMIntegrationConstants.GRANT_TYPE.CLIENT_CREDENTIAL);
- ApplicationKeyDTO applicationKeyDTO = restAPIStore.generateKeys(applicationId, "36000", "",
- ApplicationKeyGenerateRequestDTO.KeyTypeEnum.PRODUCTION, null, grantTypes);
- //get access token
- accessToken = applicationKeyDTO.getToken().getAccessToken();
+ APIRequest apiRequest2 = new APIRequest(intermediateCertAPI, intermediateCertAPI, new URL(apiEndPointUrl));
+ apiRequest2.setVersion(API_VERSION_1_0_0);
+ apiRequest2.setTiersCollection(APIMIntegrationConstants.API_TIER.UNLIMITED);
+ apiRequest2.setTier(APIMIntegrationConstants.API_TIER.UNLIMITED);
+ apiRequest2.setTags(API_TAGS);
+ apiRequest2.setVisibility(APIDTO.VisibilityEnum.PUBLIC.getValue());
+ apiRequest2.setProvider(user.getUserName());
+ apiRequest2.setOperationsDTOS(operationsDTOS);
+ apiRequest2.setSecurityScheme(securitySchemes);
+ apiRequest2.setDefault_version("true");
+ apiRequest2.setHttps_checked("https");
+ apiRequest2.setHttp_checked(null);
+ apiRequest2.setDefault_version_checked("true");
+ HttpResponse response2 = restAPIPublisher.addAPI(apiRequest2);
+ apiId2 = response2.getData();
+
+ String intermediateCertPath = getAMResourceLocation() + File.separator + "lifecycletest" + File.separator + "mutualssl"
+ + File.separator + "cert_chain_intermediate.cer";
+ restAPIPublisher.uploadCertificate(new File(intermediateCertPath), "cert_chain_intermediate", apiId2,
+ APIMIntegrationConstants.API_TIER.UNLIMITED);
+ createAPIRevisionAndDeployUsingRest(apiId2, restAPIPublisher);
 
- HttpResponse httpResponseAfterPublish = invokeApiWithInternalKey(rootCertAPI, API_VERSION_1_0_0,
- API_END_POINT_METHOD, keyDTOApiResponse1.getData().getApikey());
- Assert.assertEquals(httpResponseAfterPublish.getResponseCode(), 200);
+ waitForAPIDeploymentSync(user.getUserName(), rootCertAPI, API_VERSION_1_0_0,
+ APIMIntegrationConstants.IS_API_EXISTS);
+ waitForAPIDeploymentSync(user.getUserName(), intermediateCertAPI, API_VERSION_1_0_0,
+ APIMIntegrationConstants.IS_API_EXISTS);
 
  // wait until certificates loaded
  Thread.sleep(120000);
  }
 
- private HttpResponse invokeApiWithInternalKey(String context, String version, String resource, String internalKey)
- throws XPathExpressionException, IOException {
-
- Map<String, String> requestHeaders = new HashMap<>();
- requestHeaders.put("accept", "application/json");
- requestHeaders.put("Internal-Key", internalKey);
- return HttpRequestUtil.doGet(getAPIInvocationURLHttps(context, version) + resource, requestHeaders);
- }
-
- @Test(description = "Invoke mutual SSL only API with not supported certificate", dependsOnMethods = "testCreateAndDeployRevisionWithInternalKeyTesting")
+ @Test(description = "Invoke mutual SSL only API with not supported certificate")
  public void testAPIInvocationWithMutualSSLOnlyAPINegative()
  throws IOException, XPathExpressionException, NoSuchAlgorithmException, KeyStoreException,
  KeyManagementException, UnrecoverableKeyException {
@@ -215,7 +177,6 @@ public void testAPIInvocationWithMutualSSLMandatory()
 
  Map<String, String> requestHeaders = new HashMap<>();
  requestHeaders.put("accept", "text/xml");
- requestHeaders.put("Authorization", "Bearer " + accessToken);
 
  // Using root certificate
  HttpResponse rootCertResponse = HTTPSClientUtils.doMutulSSLGet(
@@ -231,6 +192,13 @@ public void testAPIInvocationWithMutualSSLMandatory()
  getAPIInvocationURLHttps(rootCertAPI, API_VERSION_1_0_0) + API_END_POINT_METHOD, requestHeaders);
  Assert.assertEquals(clientCertResponse.getResponseCode(), HttpStatus.SC_OK, "Mutual SSL Authentication has not succeed");
 
+ // Using client certificate with head only exported certificate
+ HttpResponse headOnlyClientCertResponse = HTTPSClientUtils.doMutulSSLGet(
+ getAMResourceLocation() + File.separator + "lifecycletest" + File.separator + "mutualssl"
+ + File.separator + "cert_chain_client_head_only.jks",
+ getAPIInvocationURLHttps(rootCertAPI, API_VERSION_1_0_0) + API_END_POINT_METHOD, requestHeaders);
+ Assert.assertEquals(headOnlyClientCertResponse.getResponseCode(), HttpStatus.SC_OK, "Mutual SSL Authentication has not succeed");
+
  // For default API version with root certificate
  HttpResponse defaultRootCertResponse = HTTPSClientUtils.doMutulSSLGet(
  getAMResourceLocation() + File.separator + "lifecycletest" + File.separator + "mutualssl"
@@ -251,15 +219,7 @@ public void testAPIInvocationWithMutualSSLMandatory()
  @AfterClass(alwaysRun = true)
  public void cleanUpArtifacts() throws Exception {
 
- restAPIStore.deleteApplication(applicationId);
  restAPIPublisher.deleteAPI(apiId1);
- removeUsers();
- }
-
- private void removeUsers() throws RemoteException, RemoteUserStoreManagerServiceUserStoreExceptionException {
-
- for (String user : users) {
- remoteUserStoreManagerServiceClient.removeUser(user);
- }
+ restAPIPublisher.deleteAPI(apiId2);
  }
 }
diff --git a/...d/src/test/resources/artifacts/AM/lifecycletest/mutualssl/cert_chain_client_head_only.jks b/...d/src/test/resources/artifacts/AM/lifecycletest/mutualssl/cert_chain_client_head_only.jks
diff --git a/...ckend/src/test/resources/artifacts/AM/lifecycletest/mutualssl/cert_chain_intermediate.cer b/...ckend/src/test/resources/artifacts/AM/lifecycletest/mutualssl/cert_chain_intermediate.cer
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID6DCCAtCgAwIBAgIUfUON+4ekletjetDwaT0BjeU3pVswDQYJKoZIhvcNAQEL
+BQAwZzELMAkGA1UEBhMCTEsxDjAMBgNVBAgMBWFiY2RlMQ4wDAYDVQQHDAVhYmNk
+ZTEOMAwGA1UECgwFYWJjZGUxDjAMBgNVBAsMBWFiY2RlMRgwFgYDVQQDDA9jZXJ0
+LWNoYWluLXJvb3QwHhcNMjQwMjI2MTE0MDQ1WhcNMjgxMjMxMTgyOTU5WjBvMQsw
+CQYDVQQGEwJMSzEOMAwGA1UECAwFYWJjZGUxDjAMBgNVBAcMBWFiY2RlMQ4wDAYD
+VQQKDAVhYmNkZTEOMAwGA1UECwwFYWJjZGUxIDAeBgNVBAMMF2NlcnQtY2hhaW4t
+aW50ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAur4k
+JgUu7Iz3MVNhP/NPVzWBMzUU+/wg4cNcbiZlCnupZ+7O+1EFbKD0ym3GhBYFKX3z
+oAfLVd6ul3SbeyvbWwG5Hv9Ahv+CYSsNOBqNfwz4Su+XNsaHukwEgr74YkFe6Uj8
+W1paroz07Ra8lqx4iFzKAmsfMxNq2EmpMGPIwFXJde1E8R26J79jYWdYRMYjEKXw
+J8hf+GDdTMn70d48EGjh+8q8wz3mf6VfNchXD60kywZjBWn5XwOowffULwR6Xaze
+lc4JIsxhMalBNlE6auAI4U9N82tgLaP+YZ0fnsPWAxqVvSCyX0TZIVe/DQ/4cFxW
+fM18VBYXHMZ1i7B8IQIDAQABo4GDMIGAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
+AQH/BAQDAgGGMB8GA1UdIwQYMBaAFGwbNBqwR2b9p4jR2wQGUAHsFXH8MB0GA1Ud
+DgQWBBRGpwm9vwksu7hT45jwfbspwLtbxTAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
+KwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAMdGNDfSCsycTkxigszBdSOlpQ37
+7+Pg2pSuCwSASZALmgIHOCquRrHv8Gb+NM0kfwPXUwKP+nzuVNF89P5kYtKfKpK5
+DATe7o5OMQZt7PLqqC4YyTkVl/j55MySM4x7H1s3lZj4L7H8UOOoBAmtftOz2iR0
+5s9260QdsUb9HOYBgHvmdbLS4FOiFfiVZByM/Iv3wNtGMDjleEj31EzBRbY1AgC6
+VAfRF1Y2Lk+k/ONoEiy5MdFavmIn3SsEsRWDCtHZgS5Bk1uvPJ9s3E1IU7DwBsIE
+W25P+PK7D0a+WB3s99CbfxbLm4rh01lbSFraDwv447qIZtILgXSDfqsgjPY=
+-----END CERTIFICATE-----