Developer's Guide
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
JniRequestHeaderKmip.java
Go to the documentation of this file.
1 package com.p6r.kmipserverlib;
2 
3 import org.junit.*;
4 
5 import java.nio.charset.Charset;
6 
7 import static org.junit.Assert.assertEquals;
8 
18 public class JniRequestHeaderKmip {
19 
20  @BeforeClass
21  public static void oneTimeSetUp() {
22  // NOOP
23  System.out.println("@BeforeClass - oneTimeSetUp");
24  }
25 
26  @AfterClass
27  public static void oneTimeTearDown() {
28  // NOOP
29  System.out.println("@AfterClass - oneTimeTearDown");
30  }
31 
32  @Before
33  public void setUp() {
34  // NOOP
35  System.out.println("@Before - setUp");
36  }
37 
38  @After
39  public void tearDown() {
40  // NOOP
41  System.out.println("@After - tearDown");
42  }
43 
49  @Test
50  public void JNICall_CredentialKMIP() {
51  System.out.println("@Test - JNICall-RequestHeaderKMIP");
52 
53  // -> this parser is multi-thread safe by using JNI monitor locking
54  // -> use one parser object per server thread is recommended
55  P6KMIPServerLib sl = new P6KMIPServerLib();
56 
57  byte[] expectedBytes = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A };
58 
59  String testMessage =
60  "<RequestMessage>\n" +
61  "<RequestHeader>\n" +
62  " <ProtocolVersion>\n" +
63  " <ProtocolVersionMajor type=\"Integer\" value=\"1\"/>\n" +
64  " <ProtocolVersionMinor type=\"Integer\" value=\"4\"/>\n" +
65  " </ProtocolVersion>\n" +
66  " <ClientCorrelationValue type=\"TextString\" value=\"Client-1111-2222-3333-4444-5555-6666-77777-88888-999999-AAAAAAAAA\" />\n" +
67  " <ServerCorrelationValue type=\"TextString\" value=\"Server-38383874477565669929292992927834737hfhuehuehfb3yb3y43yg433400005\"/>\n" +
68  " <BatchCount type=\"Integer\" value=\"1\"/>\n" +
69  " <AttestationCapableIndicator type=\"Boolean\" value=\"true\" />\n" +
70  " <AttestationType type=\"Enumeration\" value=\"TPMQuote\" />\n" +
71  " <AttestationType type=\"Enumeration\" value=\"TCGIntegrityReport\" />\n" +
72  " <AttestationType type=\"Enumeration\" value=\"SAMLAssertion\" />\n" +
73  " <AttestationType type=\"Enumeration\" value=\"0x80000002\" />\n" +
74  " <Authentication>\n" +
75  " <Credential><CredentialType type=\"Enumeration\" value=\"UsernameAndPassword\"/><CredentialValue><Username type=\"TextString\" value=\"Jack\"/><Password type=\"TextString\" value=\"test1\"/></CredentialValue></Credential>\n" +
76  " <Credential><CredentialType type=\"Enumeration\" value=\"0x80000001\"/><CredentialValue type=\"ByteString\" value=\"0102030405060708090A\"/></Credential>\n" +
77  " <Credential><CredentialType type=\"Enumeration\" value=\"Device\"/>" +
78  " <CredentialValue>" +
79  " <DeviceSerialNumber type=\"TextString\" value=\"1AB-345-44\"/>" +
80  " <Password type=\"TextString\" value=\"test2\"/>" +
81  " <DeviceIdentifier type=\"TextString\" value=\"Port41\"/>" +
82  " <MachineIdentifier type=\"TextString\" value=\"12.45.78.3\"/>" +
83  " </CredentialValue>" +
84  " </Credential>\n" +
85  " </Authentication>\n" +
86  "</RequestHeader>\n" +
87  "<BatchItem>" +
88  "<Operation type=\"Enumeration\" value=\"DeriveKey\"/>\n" +
89  "<RequestPayload>\n" +
90  "<ObjectType type=\"Enumeration\" value=\"SymmetricKey\"/>\n" +
91  "<UniqueIdentifier type=\"TextString\" value=\"5daf8487-c50b-43ce-a02f-f1784b8cbc16\"/>\n" +
92  "<DerivationMethod type=\"Enumeration\" value=\"HASH\"/>\n" +
93  "<DerivationParameters>\n" +
94  "<CryptographicParameters>\n" +
95  "<HashingAlgorithm type=\"Enumeration\" value=\"SHA_256\"/>\n" +
96  "</CryptographicParameters>\n" +
97  "</DerivationParameters>\n" +
98  "<TemplateAttribute>\n" +
99  "<Attribute>\n" +
100  "<AttributeName type=\"TextString\" value=\"Cryptographic Algorithm\"/>\n" +
101  "<AttributeValue type=\"Enumeration\" value=\"AES\"/>\n" +
102  "</Attribute>\n" +
103  "<Attribute>\n" +
104  "<AttributeName type=\"TextString\" value=\"Cryptographic Length\"/>\n" +
105  "<AttributeValue type=\"Integer\" value=\"128\"/>\n" +
106  "</Attribute>\n" +
107  "<Attribute>\n" +
108  "<AttributeName type=\"TextString\" value=\"Cryptographic Usage Mask\"/>\n" +
109  "<AttributeValue type=\"Integer\" value=\"Decrypt Encrypt\"/>\n" +
110  "</Attribute>\n" +
111  "</TemplateAttribute>\n" +
112  "</RequestPayload>\n" +
113  "</BatchItem>\n" +
114  "</RequestMessage>";
115 
116  try {
117  sl.initializeLibrary(P6KMIPServerLib.FLAGS_ALLLOG);
118 
119  String libVersion = sl.getLibraryVersion();
120  System.out.println(libVersion);
121 
122  // -> server read incoming KMIP request message from a socket and loaded those bytes (e.g., TTLV, XML, JSON) into the parser)
123  // -> the type of message: TTLV, XML, JSON can be determine by the mime type passed in the HTTP request, or lack of one if just using SSL connection
124  sl.setMessageBuffer(testMessage.getBytes(Charset.forName("UTF-8")), KMIPConstants.FORMAT_MSGXML);
125 
126  // -> now we can pull parts of the request message apart, this can be done over and over again if desired
127  RequestHeader rh = sl.getRequestHeader();
128  assertEquals("1.4", rh.getProtocolVersion());
129 
130  String clientCorr = rh.getClientCorrelation();
131  assertEquals("Client-1111-2222-3333-4444-5555-6666-77777-88888-999999-AAAAAAAAA", clientCorr);
132 
133  String serverCorr = rh.getServerCorrelation();
134  assertEquals("Server-38383874477565669929292992927834737hfhuehuehfb3yb3y43yg433400005", serverCorr);
135 
136 
137  // -> client sent multiple credentials
138  Credential credOne = sl.getCredential(1);
139  if (credOne instanceof PasswordCredential) {
140  PasswordCredential pc = (PasswordCredential) credOne;
141  assertEquals("Jack", pc.getUserName());
142  assertEquals("test1", pc.getPassword());
143  } else assertEquals(0, 1);
144 
145  // -> client sent an extension credential
146  credOne = sl.getCredential(2);
147  if (credOne instanceof ByteStringCredential) {
148  ByteStringCredential bs = (ByteStringCredential) credOne;
149  int type = bs.getCredentialType();
150  assertEquals(0x80000001, type);
151  byte[] value = bs.getExtensionCredential();
152  assertEquals(expectedBytes.length, value.length);
153  for( int i=0; i < value.length; i++ ) {
154  assertEquals(expectedBytes[i], value[i]);
155  }
156  } else assertEquals(0,1);
157 
158  credOne = sl.getCredential(3);
159  if (credOne instanceof DeviceCredential) {
160  DeviceCredential dc = (DeviceCredential) credOne;
161  assertEquals("1AB-345-44", dc.getSerialNumber());
162  assertEquals("test2", dc.getPassword());
163  assertEquals("Port41", dc.getDeviceIdentifier());
164  assertEquals("12.45.78.3", dc.getMachineIdentifer());
165  assertEquals(null, dc.getNetworkIdentifer());
166  } else assertEquals(0, 1);
167 
168  // -> Note, attestation Credential not yet supported (no KMIP specific definition on its use)
169 
170 
171  // -> client sent attestations it supports
172  boolean attestationCapable = rh.getAttestationCapableIndicator();
173  assertEquals(true, attestationCapable);
174 
175  int[] attestationTypes = rh.getAttestationTypes();
176  assertEquals(4, attestationTypes.length);
177  assertEquals(KMIPConstants.ATTEST_TPM_QUOTE, attestationTypes[0]);
178  assertEquals(KMIPConstants.ATTEST_TCG_INTEGRITY, attestationTypes[1]);
179  assertEquals(KMIPConstants.ATTEST_SAML_ASSERTION, attestationTypes[2]);
180  assertEquals(0x80000002, attestationTypes[3]);
181 
182 
183  // -> this unit test is concerned mainly with request header parsing
184  for (int i = 0; i < rh.getBatchCount(); i++) {
185 
186  BatchItem bi = sl.getBatchItem(i + 1);
187  if (bi instanceof DeriveKeyBatchItem) {
188  DeriveKeyBatchItem ck = (DeriveKeyBatchItem) bi;
189 
190  // -> batch id is not required if only one batch item is present
191  byte[] batchId = ck.getUniqueBatchId();
192  assertEquals(null, batchId);
193 
194  int objectType = ck.getObjectType();
195  assertEquals(KMIPConstants.OBJECT_SYMMETRICKEY, objectType);
196 
197  String[] UIDs = ck.getUniqueIds();
198  assertEquals(1, UIDs.length);
199  assertEquals("5daf8487-c50b-43ce-a02f-f1784b8cbc16", UIDs[0]);
200  }
201  }
202  sl.freeLibrary();
203 
204  } catch (Exception e) {
205  // -> we shoud not get here
206  System.out.println(e.toString());
207  assertEquals(0, 1);
208  }
209  }
210 }
211 
212 
void JNICall_CredentialKMIP()
Test: Verify parser can handle all the possible fields in a Request Header.
A JUNIT test demonstrating how to parse an incoming KMIP request from a client.