diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/api/lifecycle/APISecurityMutualSSLCertificateChainValidationTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/api/lifecycle/APISecurityMutualSSLCertificateChainValidationTestCase.java index ff50343ff6..41bc01cd91 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/api/lifecycle/APISecurityMutualSSLCertificateChainValidationTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/api/lifecycle/APISecurityMutualSSLCertificateChainValidationTestCase.java @@ -26,24 +26,17 @@ import org.testng.annotations.Factory; import org.testng.annotations.Test; import org.wso2.am.integration.clients.publisher.api.ApiException; -import org.wso2.am.integration.clients.publisher.api.ApiResponse; import org.wso2.am.integration.clients.publisher.api.v1.dto.APIDTO; import org.wso2.am.integration.clients.publisher.api.v1.dto.APIOperationsDTO; -import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationDTO; -import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationKeyDTO; -import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationKeyGenerateRequestDTO; import org.wso2.am.integration.test.utils.APIManagerIntegrationTestException; import org.wso2.am.integration.test.utils.base.APIMIntegrationConstants; -import org.wso2.am.integration.test.utils.bean.APILifeCycleAction; import org.wso2.am.integration.test.utils.bean.APIRequest; import org.wso2.am.integration.test.utils.http.HTTPSClientUtils; -import org.wso2.am.integration.test.utils.http.HttpRequestUtil; import org.wso2.carbon.automation.engine.annotations.ExecutionEnvironment; import org.wso2.carbon.automation.engine.annotations.SetEnvironment; import org.wso2.carbon.automation.engine.context.TestUserMode; import org.wso2.carbon.automation.test.utils.http.client.HttpResponse; import org.wso2.carbon.integration.common.utils.exceptions.AutomationUtilException; -import org.wso2.carbon.um.ws.api.stub.ClaimValue; import org.wso2.carbon.um.ws.api.stub.RemoteUserStoreManagerServiceUserStoreExceptionException; import org.wso2.carbon.user.core.UserStoreException; @@ -51,7 +44,6 @@ import java.io.File; import java.io.IOException; import java.net.URL; -import java.rmi.RemoteException; import java.security.KeyManagementException; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; @@ -65,16 +57,12 @@ public class APISecurityMutualSSLCertificateChainValidationTestCase extends APIManagerLifecycleBaseTest { private final String rootCertAPI = "rootCertAPI"; + private final String intermediateCertAPI = "intermediateCertAPI"; private final String API_END_POINT_METHOD = "/customers/123"; private final String API_VERSION_1_0_0 = "1.0.0"; - private final String APPLICATION_NAME = "APISecurityMutualSSLCertificateChainValidationTestCase"; - private String accessToken; private final String API_END_POINT_POSTFIX_URL = "jaxrs_basic/services/customers/customerservice/"; private String apiEndPointUrl; - private String applicationId; - private String apiId1; - String users[] = { "apisecUser", "apisecUser2@wso2.com", "apisecUser2@abc.com" }; - String endUserPassword = "password@123"; + private String apiId1, apiId2; @DataProvider public static Object[][] userModeDataProvider() { @@ -83,15 +71,6 @@ public static Object[][] userModeDataProvider() { new Object[] { TestUserMode.TENANT_ADMIN } }; } - private void createUser() - throws RemoteException, RemoteUserStoreManagerServiceUserStoreExceptionException, UserStoreException { - - for (String user : users) { - remoteUserStoreManagerServiceClient.addUser(user, endUserPassword, new String[] {}, new ClaimValue[] {}, - "default", false); - } - } - @Factory(dataProvider = "userModeDataProvider") public APISecurityMutualSSLCertificateChainValidationTestCase(TestUserMode userMode) { @@ -105,7 +84,6 @@ public void initialize() throws APIManagerIntegrationTestException, IOException, UserStoreException { super.init(userMode); - createUser(); apiEndPointUrl = backEndServerUrl.getWebAppURLHttp() + API_END_POINT_POSTFIX_URL; APIRequest apiRequest1 = new APIRequest(rootCertAPI, rootCertAPI, new URL(apiEndPointUrl)); @@ -136,60 +114,44 @@ public void initialize() throws APIManagerIntegrationTestException, IOException, HttpResponse response1 = restAPIPublisher.addAPI(apiRequest1); apiId1 = response1.getData(); - String certOne = getAMResourceLocation() + File.separator + "lifecycletest" + File.separator + "mutualssl" + String rootCertPath = getAMResourceLocation() + File.separator + "lifecycletest" + File.separator + "mutualssl" + File.separator + "cert_chain_root.cer"; - restAPIPublisher.uploadCertificate(new File(certOne), "example", apiId1, + restAPIPublisher.uploadCertificate(new File(rootCertPath), "cert_chain_root", apiId1, APIMIntegrationConstants.API_TIER.UNLIMITED); - } - - @Test(description = "This test case tests the behaviour of internal Key token on Created API with authentication " - + "types") - public void testCreateAndDeployRevisionWithInternalKeyTesting() - throws JSONException, ApiException, XPathExpressionException, APIManagerIntegrationTestException, - IOException, org.wso2.am.integration.clients.store.api.ApiException, InterruptedException { - createAPIRevisionAndDeployUsingRest(apiId1, restAPIPublisher); - APIDTO api1 = restAPIPublisher.getAPIByID(apiId1); - waitForAPIDeploymentSync(api1.getProvider(), api1.getName(), api1.getVersion(), - APIMIntegrationConstants.IS_API_EXISTS); - ApiResponse keyDTOApiResponse1 = restAPIPublisher.generateInternalApiKey( - apiId1); - Assert.assertEquals(keyDTOApiResponse1.getStatusCode(), 200); - HttpResponse httpResponse1 = invokeApiWithInternalKey(rootCertAPI, API_VERSION_1_0_0, API_END_POINT_METHOD, - keyDTOApiResponse1.getData().getApikey()); - Assert.assertEquals(httpResponse1.getResponseCode(), 200); - restAPIPublisher.changeAPILifeCycleStatus(apiId1, APILifeCycleAction.PUBLISH.getAction()); - - HttpResponse applicationResponse = restAPIStore.createApplication(APPLICATION_NAME, "Test Application", - APIMIntegrationConstants.APPLICATION_TIER.UNLIMITED, ApplicationDTO.TokenTypeEnum.JWT); - applicationId = applicationResponse.getData(); - ArrayList grantTypes = new ArrayList(); - grantTypes.add(APIMIntegrationConstants.GRANT_TYPE.PASSWORD); - grantTypes.add(APIMIntegrationConstants.GRANT_TYPE.CLIENT_CREDENTIAL); - ApplicationKeyDTO applicationKeyDTO = restAPIStore.generateKeys(applicationId, "36000", "", - ApplicationKeyGenerateRequestDTO.KeyTypeEnum.PRODUCTION, null, grantTypes); - //get access token - accessToken = applicationKeyDTO.getToken().getAccessToken(); + APIRequest apiRequest2 = new APIRequest(intermediateCertAPI, intermediateCertAPI, new URL(apiEndPointUrl)); + apiRequest2.setVersion(API_VERSION_1_0_0); + apiRequest2.setTiersCollection(APIMIntegrationConstants.API_TIER.UNLIMITED); + apiRequest2.setTier(APIMIntegrationConstants.API_TIER.UNLIMITED); + apiRequest2.setTags(API_TAGS); + apiRequest2.setVisibility(APIDTO.VisibilityEnum.PUBLIC.getValue()); + apiRequest2.setProvider(user.getUserName()); + apiRequest2.setOperationsDTOS(operationsDTOS); + apiRequest2.setSecurityScheme(securitySchemes); + apiRequest2.setDefault_version("true"); + apiRequest2.setHttps_checked("https"); + apiRequest2.setHttp_checked(null); + apiRequest2.setDefault_version_checked("true"); + HttpResponse response2 = restAPIPublisher.addAPI(apiRequest2); + apiId2 = response2.getData(); + + String intermediateCertPath = getAMResourceLocation() + File.separator + "lifecycletest" + File.separator + "mutualssl" + + File.separator + "cert_chain_intermediate.cer"; + restAPIPublisher.uploadCertificate(new File(intermediateCertPath), "cert_chain_intermediate", apiId2, + APIMIntegrationConstants.API_TIER.UNLIMITED); + createAPIRevisionAndDeployUsingRest(apiId2, restAPIPublisher); - HttpResponse httpResponseAfterPublish = invokeApiWithInternalKey(rootCertAPI, API_VERSION_1_0_0, - API_END_POINT_METHOD, keyDTOApiResponse1.getData().getApikey()); - Assert.assertEquals(httpResponseAfterPublish.getResponseCode(), 200); + waitForAPIDeploymentSync(user.getUserName(), rootCertAPI, API_VERSION_1_0_0, + APIMIntegrationConstants.IS_API_EXISTS); + waitForAPIDeploymentSync(user.getUserName(), intermediateCertAPI, API_VERSION_1_0_0, + APIMIntegrationConstants.IS_API_EXISTS); // wait until certificates loaded Thread.sleep(120000); } - private HttpResponse invokeApiWithInternalKey(String context, String version, String resource, String internalKey) - throws XPathExpressionException, IOException { - - Map requestHeaders = new HashMap<>(); - requestHeaders.put("accept", "application/json"); - requestHeaders.put("Internal-Key", internalKey); - return HttpRequestUtil.doGet(getAPIInvocationURLHttps(context, version) + resource, requestHeaders); - } - - @Test(description = "Invoke mutual SSL only API with not supported certificate", dependsOnMethods = "testCreateAndDeployRevisionWithInternalKeyTesting") + @Test(description = "Invoke mutual SSL only API with not supported certificate") public void testAPIInvocationWithMutualSSLOnlyAPINegative() throws IOException, XPathExpressionException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, UnrecoverableKeyException { @@ -215,7 +177,6 @@ public void testAPIInvocationWithMutualSSLMandatory() Map requestHeaders = new HashMap<>(); requestHeaders.put("accept", "text/xml"); - requestHeaders.put("Authorization", "Bearer " + accessToken); // Using root certificate HttpResponse rootCertResponse = HTTPSClientUtils.doMutulSSLGet( @@ -231,6 +192,13 @@ public void testAPIInvocationWithMutualSSLMandatory() getAPIInvocationURLHttps(rootCertAPI, API_VERSION_1_0_0) + API_END_POINT_METHOD, requestHeaders); Assert.assertEquals(clientCertResponse.getResponseCode(), HttpStatus.SC_OK, "Mutual SSL Authentication has not succeed"); + // Using client certificate with head only exported certificate + HttpResponse headOnlyClientCertResponse = HTTPSClientUtils.doMutulSSLGet( + getAMResourceLocation() + File.separator + "lifecycletest" + File.separator + "mutualssl" + + File.separator + "cert_chain_client_head_only.jks", + getAPIInvocationURLHttps(rootCertAPI, API_VERSION_1_0_0) + API_END_POINT_METHOD, requestHeaders); + Assert.assertEquals(headOnlyClientCertResponse.getResponseCode(), HttpStatus.SC_OK, "Mutual SSL Authentication has not succeed"); + // For default API version with root certificate HttpResponse defaultRootCertResponse = HTTPSClientUtils.doMutulSSLGet( getAMResourceLocation() + File.separator + "lifecycletest" + File.separator + "mutualssl" @@ -251,15 +219,7 @@ public void testAPIInvocationWithMutualSSLMandatory() @AfterClass(alwaysRun = true) public void cleanUpArtifacts() throws Exception { - restAPIStore.deleteApplication(applicationId); restAPIPublisher.deleteAPI(apiId1); - removeUsers(); - } - - private void removeUsers() throws RemoteException, RemoteUserStoreManagerServiceUserStoreExceptionException { - - for (String user : users) { - remoteUserStoreManagerServiceClient.removeUser(user); - } + restAPIPublisher.deleteAPI(apiId2); } } diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/lifecycletest/mutualssl/cert_chain_client_head_only.jks b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/lifecycletest/mutualssl/cert_chain_client_head_only.jks new file mode 100644 index 0000000000..43d34b5a87 Binary files /dev/null and b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/lifecycletest/mutualssl/cert_chain_client_head_only.jks differ diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/lifecycletest/mutualssl/cert_chain_intermediate.cer b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/lifecycletest/mutualssl/cert_chain_intermediate.cer new file mode 100644 index 0000000000..9d1a4998ae --- /dev/null +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/lifecycletest/mutualssl/cert_chain_intermediate.cer @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID6DCCAtCgAwIBAgIUfUON+4ekletjetDwaT0BjeU3pVswDQYJKoZIhvcNAQEL +BQAwZzELMAkGA1UEBhMCTEsxDjAMBgNVBAgMBWFiY2RlMQ4wDAYDVQQHDAVhYmNk +ZTEOMAwGA1UECgwFYWJjZGUxDjAMBgNVBAsMBWFiY2RlMRgwFgYDVQQDDA9jZXJ0 +LWNoYWluLXJvb3QwHhcNMjQwMjI2MTE0MDQ1WhcNMjgxMjMxMTgyOTU5WjBvMQsw +CQYDVQQGEwJMSzEOMAwGA1UECAwFYWJjZGUxDjAMBgNVBAcMBWFiY2RlMQ4wDAYD +VQQKDAVhYmNkZTEOMAwGA1UECwwFYWJjZGUxIDAeBgNVBAMMF2NlcnQtY2hhaW4t +aW50ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAur4k +JgUu7Iz3MVNhP/NPVzWBMzUU+/wg4cNcbiZlCnupZ+7O+1EFbKD0ym3GhBYFKX3z +oAfLVd6ul3SbeyvbWwG5Hv9Ahv+CYSsNOBqNfwz4Su+XNsaHukwEgr74YkFe6Uj8 +W1paroz07Ra8lqx4iFzKAmsfMxNq2EmpMGPIwFXJde1E8R26J79jYWdYRMYjEKXw +J8hf+GDdTMn70d48EGjh+8q8wz3mf6VfNchXD60kywZjBWn5XwOowffULwR6Xaze +lc4JIsxhMalBNlE6auAI4U9N82tgLaP+YZ0fnsPWAxqVvSCyX0TZIVe/DQ/4cFxW +fM18VBYXHMZ1i7B8IQIDAQABo4GDMIGAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P +AQH/BAQDAgGGMB8GA1UdIwQYMBaAFGwbNBqwR2b9p4jR2wQGUAHsFXH8MB0GA1Ud +DgQWBBRGpwm9vwksu7hT45jwfbspwLtbxTAdBgNVHSUEFjAUBggrBgEFBQcDAQYI +KwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAMdGNDfSCsycTkxigszBdSOlpQ37 +7+Pg2pSuCwSASZALmgIHOCquRrHv8Gb+NM0kfwPXUwKP+nzuVNF89P5kYtKfKpK5 +DATe7o5OMQZt7PLqqC4YyTkVl/j55MySM4x7H1s3lZj4L7H8UOOoBAmtftOz2iR0 +5s9260QdsUb9HOYBgHvmdbLS4FOiFfiVZByM/Iv3wNtGMDjleEj31EzBRbY1AgC6 +VAfRF1Y2Lk+k/ONoEiy5MdFavmIn3SsEsRWDCtHZgS5Bk1uvPJ9s3E1IU7DwBsIE +W25P+PK7D0a+WB3s99CbfxbLm4rh01lbSFraDwv447qIZtILgXSDfqsgjPY= +-----END CERTIFICATE-----