Add OSCORE test in SecurityStoreTest

Author: sbernard31

leshan-integration-tests/src/test/java/org/eclipse/leshan/integration/tests/security/RedisSecurityStoreTest.java

@@ -17,11 +17,28 @@
 
 import org.eclipse.leshan.core.endpoint.Protocol;
 import org.eclipse.leshan.integration.tests.util.LeshanTestServerBuilder;
+import org.eclipse.leshan.servers.security.NonUniqueSecurityInfoException;
+import org.junit.jupiter.api.Disabled;
+import org.junit.jupiter.api.Test;
 
 public class RedisSecurityStoreTest extends SecurityStoreTest {
 
     @Override
     protected LeshanTestServerBuilder givenServerUsing(Protocol givenProtocol) {
         return super.givenServerUsing(givenProtocol).withRedisRegistrationStore().withRedisSecurityStore();
     }
+
+    @Override
+    @Test
+    @Disabled("OSCORE not supported yet")
+    void change_oscore_rid_cleanup() throws NonUniqueSecurityInfoException {
+        // "OSCORE not supported yet"
+    }
+
+    @Override
+    @Test
+    @Disabled("OSCORE not supported yet")
+    void nonunique_oscore_rid() throws NonUniqueSecurityInfoException {
+        // "OSCORE not supported yet"
+    }
 }

leshan-integration-tests/src/test/java/org/eclipse/leshan/integration/tests/security/SecurityStoreTest.java

@@ -20,9 +20,20 @@
 import static org.eclipse.leshan.integration.tests.util.Credentials.GOOD_ENDPOINT;
 import static org.eclipse.leshan.integration.tests.util.Credentials.GOOD_PSK_ID;
 import static org.eclipse.leshan.integration.tests.util.Credentials.GOOD_PSK_KEY;
+import static org.eclipse.leshan.integration.tests.util.Credentials.OSCORE_AEAD_ALGORITHM;
+import static org.eclipse.leshan.integration.tests.util.Credentials.OSCORE_HKDF_ALGORITHM;
+import static org.eclipse.leshan.integration.tests.util.Credentials.OSCORE_MASTER_SALT;
+import static org.eclipse.leshan.integration.tests.util.Credentials.OSCORE_MASTER_SECRET;
+import static org.eclipse.leshan.integration.tests.util.Credentials.OSCORE_OTHER_MASTER_SALT;
+import static org.eclipse.leshan.integration.tests.util.Credentials.OSCORE_OTHER_RECIPIENT_ID;
+import static org.eclipse.leshan.integration.tests.util.Credentials.OSCORE_OTHER_SENDER_ID;
+import static org.eclipse.leshan.integration.tests.util.Credentials.OSCORE_RECIPIENT_ID;
+import static org.eclipse.leshan.integration.tests.util.Credentials.OSCORE_SENDER_ID;
+import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.junit.jupiter.api.Assertions.fail;
 
 import org.eclipse.leshan.core.endpoint.Protocol;
+import org.eclipse.leshan.core.oscore.OscoreSetting;
 import org.eclipse.leshan.integration.tests.util.Credentials;
 import org.eclipse.leshan.integration.tests.util.LeshanTestServer;
 import org.eclipse.leshan.integration.tests.util.LeshanTestServerBuilder;
@@ -34,17 +45,17 @@
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 
-public class SecurityStoreTest {
+class SecurityStoreTest {
 
     LeshanTestServer server;
 
     @BeforeEach
-    public void start() {
+    void start() {
         server = givenServerUsing(Protocol.COAPS).with("Californium").build();
     }
 
     @AfterEach
-    public void stop() throws InterruptedException {
+    void stop() {
         if (server != null)
             server.destroy();
     }
@@ -54,19 +65,18 @@ protected LeshanTestServerBuilder givenServerUsing(Protocol givenProtocol) {
     }
 
     @Test
-    public void nonunique_psk_identity() throws NonUniqueSecurityInfoException {
+    void nonunique_psk_identity() throws NonUniqueSecurityInfoException {
         EditableSecurityStore ess = server.getSecurityStore();
 
         ess.add(SecurityInfo.newPreSharedKeyInfo(GOOD_ENDPOINT, GOOD_PSK_ID, GOOD_PSK_KEY));
-        try {
+        // "Non-unique PSK identity should throw exception on add"
+        assertThrows(NonUniqueSecurityInfoException.class, () -> {
             ess.add(SecurityInfo.newPreSharedKeyInfo(BAD_ENDPOINT, GOOD_PSK_ID, GOOD_PSK_KEY));
-            fail("Non-unique PSK identity should throw exception on add");
-        } catch (NonUniqueSecurityInfoException e) {
-        }
+        });
     }
 
     @Test
-    public void change_psk_identity_cleanup() throws NonUniqueSecurityInfoException {
+    void change_psk_identity_cleanup() throws NonUniqueSecurityInfoException {
 
         EditableSecurityStore ess = server.getSecurityStore();
 
@@ -80,4 +90,47 @@ public void change_psk_identity_cleanup() throws NonUniqueSecurityInfoException
             fail("PSK identity change for existing endpoint should have cleaned up old PSK identity");
         }
     }
+
+    @Test
+    void nonunique_oscore_rid() throws NonUniqueSecurityInfoException {
+        EditableSecurityStore ess = server.getSecurityStore();
+
+        OscoreSetting firstOscoreSetting = new OscoreSetting(OSCORE_SENDER_ID, //
+                OSCORE_RECIPIENT_ID, // we use same RID
+                OSCORE_MASTER_SECRET, OSCORE_AEAD_ALGORITHM, OSCORE_HKDF_ALGORITHM, OSCORE_MASTER_SALT);
+
+        OscoreSetting secondOscoreSetting = new OscoreSetting(OSCORE_OTHER_SENDER_ID, //
+                OSCORE_RECIPIENT_ID, // we use same RID
+                OSCORE_MASTER_SECRET, OSCORE_AEAD_ALGORITHM, OSCORE_HKDF_ALGORITHM, OSCORE_OTHER_MASTER_SALT);
+
+        ess.add(SecurityInfo.newOscoreInfo(GOOD_ENDPOINT, firstOscoreSetting));
+        // "Non-unique RID should throw exception on add"
+        assertThrows(NonUniqueSecurityInfoException.class, () -> {
+            ess.add(SecurityInfo.newOscoreInfo(BAD_ENDPOINT, secondOscoreSetting));
+        });
+    }
+
+    @Test
+    void change_oscore_rid_cleanup() throws NonUniqueSecurityInfoException {
+
+        EditableSecurityStore ess = server.getSecurityStore();
+
+        OscoreSetting firstOscoreSetting = new OscoreSetting(OSCORE_SENDER_ID, //
+                OSCORE_RECIPIENT_ID, // we use different RID
+                OSCORE_MASTER_SECRET, OSCORE_AEAD_ALGORITHM, OSCORE_HKDF_ALGORITHM, OSCORE_MASTER_SALT);
+
+        OscoreSetting secondOscoreSetting = new OscoreSetting(OSCORE_OTHER_SENDER_ID, //
+                OSCORE_OTHER_RECIPIENT_ID, // we use different RID
+                OSCORE_MASTER_SECRET, OSCORE_AEAD_ALGORITHM, OSCORE_HKDF_ALGORITHM, OSCORE_OTHER_MASTER_SALT);
+
+        ess.add(SecurityInfo.newOscoreInfo(GOOD_ENDPOINT, firstOscoreSetting));
+        // Change PSK id for endpoint
+        ess.add(SecurityInfo.newOscoreInfo(GOOD_ENDPOINT, secondOscoreSetting));
+        // Original/old PSK id should not be reserved any more
+        try {
+            ess.add(SecurityInfo.newOscoreInfo(BAD_ENDPOINT, firstOscoreSetting));
+        } catch (NonUniqueSecurityInfoException e) {
+            fail("PSK identity change for existing endpoint should have cleaned up old PSK identity");
+        }
+    }
 }

leshan-integration-tests/src/test/java/org/eclipse/leshan/integration/tests/util/Credentials.java

@@ -57,6 +57,11 @@ public class Credentials {
     public static final byte[] OSCORE_SENDER_ID = "secret".getBytes();
     public static final byte[] OSCORE_RECIPIENT_ID = Hex.decodeHex("FEDCBA".toCharArray());
 
+    public static final byte[] OSCORE_OTHER_MASTER_SECRET = Hex.decodeHex("0012345678".toCharArray());
+    public static final byte[] OSCORE_OTHER_MASTER_SALT = Hex.decodeHex("0009876543".toCharArray());
+    public static final byte[] OSCORE_OTHER_SENDER_ID = "other".getBytes();
+    public static final byte[] OSCORE_OTHER_RECIPIENT_ID = Hex.decodeHex("00FEDC".toCharArray());
+
     public static final byte[] OSCORE_BOOTSTRAP_MASTER_SECRET = Hex.decodeHex("BB1234567890".toCharArray());
     public static final byte[] OSCORE_BOOTSTRAP_MASTER_SALT = Hex.decodeHex("BB0987654321".toCharArray());
     public static final byte[] OSCORE_BOOTSTRAP_SENDER_ID = Hex.decodeHex("BBABCDEF".toCharArray());