in component-test/src/main/java/TestKeyRotation.java [38:120]
public void testKeyRotation() throws InterruptedException {
final Anubis anubis = tenantApplicationSecurityEnvironment.getAnubis();
//noinspection EmptyTryBlock
try (final AutoUserContext ignored = loginAdmin())
{
//Don't do anything yet.
}
final String systemToken = tenantApplicationSecurityEnvironment.getSystemSecurityEnvironment().systemToken(APP_NAME);
try (final AutoUserContext ignored1 = new AutoSeshat(systemToken)) {
//Create a signature set then test that it is listed.
final String timestamp = getTestSubject().createSignatureSet().getTimestamp();
{
final List<String> signatureSets = anubis.getAllSignatureSets();
Assert.assertTrue(signatureSets.contains(timestamp));
}
final Authentication adminAuthenticationOnFirstKeyset;
try (final AutoUserContext ignored2 = new AutoGuest()) {
adminAuthenticationOnFirstKeyset = getTestSubject().login(ADMIN_IDENTIFIER, TestEnvironment.encodePassword(ADMIN_PASSWORD));
}
Assert.assertTrue(canAccessResources(adminAuthenticationOnFirstKeyset));
//For identity, application signature and identity manager signature should be identical.
final ApplicationSignatureSet signatureSet = anubis.getSignatureSet(timestamp);
Assert.assertEquals(signatureSet.getApplicationSignature(), signatureSet.getIdentityManagerSignature());
final Signature applicationSignature = anubis.getApplicationSignature(timestamp);
Assert.assertEquals(signatureSet.getApplicationSignature(), applicationSignature);
TimeUnit.SECONDS.sleep(2); //Timestamp has resolution at seconds level -- Make sure that second signature set has different timestamp from the first one.
//Create a second signature set and test that it and the previous signature set are listed.
final String timestamp2 = getTestSubject().createSignatureSet().getTimestamp();
{
final List<String> signatureSets = anubis.getAllSignatureSets();
Assert.assertTrue(signatureSets.contains(timestamp));
Assert.assertTrue(signatureSets.contains(timestamp2));
}
final Authentication adminAuthenticationOnSecondKeyset;
try (final AutoUserContext ignored2 = new AutoGuest()) {
adminAuthenticationOnSecondKeyset = getTestSubject().login(ADMIN_IDENTIFIER, TestEnvironment
.encodePassword(ADMIN_PASSWORD));
}
Assert.assertTrue(canAccessResources(adminAuthenticationOnFirstKeyset));
Assert.assertTrue(canAccessResources(adminAuthenticationOnSecondKeyset));
//Get the newly created signature set, and test that its contents are correct.
final ApplicationSignatureSet signatureSet2 = anubis.getSignatureSet(timestamp2);
Assert.assertEquals(signatureSet2.getApplicationSignature(), signatureSet2.getIdentityManagerSignature());
//Delete one of the signature sets and test that it is no longer listed.
anubis.deleteSignatureSet(timestamp);
{
final List<String> signatureSets = anubis.getAllSignatureSets();
Assert.assertFalse(signatureSets.contains(timestamp));
Assert.assertTrue(signatureSets.contains(timestamp2));
}
Assert.assertTrue(canAccessResources(adminAuthenticationOnSecondKeyset));
Assert.assertFalse(canAccessResources(adminAuthenticationOnFirstKeyset));
//Getting the newly deleted signature set should fail.
try {
anubis.getSignatureSet(timestamp);
Assert.fail("Not found exception should be thrown.");
} catch (final NotFoundException ignored) {
}
//Getting the newly deleted application signature set should likewise fail.
try {
anubis.getApplicationSignature(timestamp);
Assert.fail("Not found exception should be thrown.");
} catch (final NotFoundException ignored) {
}
}
}