Allow the storage service client to trust the Signal CA root.

2026-04-21 19:48:01 +01:00 · 2020-12-23 17:54:03 -05:00
parent cdc6afefe2
commit a1434524a4
5 changed files with 100 additions and 40 deletions
--- a/service/src/test/java/org/whispersystems/textsecuregcm/securestorage/SecureStorageClientTest.java
+++ b/service/src/test/java/org/whispersystems/textsecuregcm/securestorage/SecureStorageClientTest.java
@@ -7,14 +7,19 @@ package org.whispersystems.textsecuregcm.securestorage;

 import com.github.tomakehurst.wiremock.junit.WireMockRule;
 import org.apache.commons.lang3.RandomStringUtils;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.junit.After;
+import org.junit.AfterClass;
 import org.junit.Before;
+import org.junit.BeforeClass;
 import org.junit.Rule;
 import org.junit.Test;
 import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentialGenerator;
 import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentials;
 import org.whispersystems.textsecuregcm.configuration.SecureStorageServiceConfiguration;

+import java.security.Security;
+import java.security.cert.CertificateException;
 import java.util.UUID;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Executors;
@@ -39,8 +44,13 @@ public class SecureStorageClientTest {
    @Rule
    public WireMockRule wireMockRule = new WireMockRule(options().dynamicPort().dynamicHttpsPort());

+    @BeforeClass
+    public static void setupBeforeClass() {
+        Security.addProvider(new BouncyCastleProvider());
+    }
+
    @Before
-    public void setUp() {
+    public void setUp() throws CertificateException {
        accountUuid         = UUID.randomUUID();
        credentialGenerator = mock(ExternalServiceCredentialGenerator.class);
        httpExecutor        = Executors.newSingleThreadExecutor();
@@ -48,6 +58,24 @@ public class SecureStorageClientTest {
        final SecureStorageServiceConfiguration config = new SecureStorageServiceConfiguration();
        config.setUri("http://localhost:" + wireMockRule.port());

+        // This is a randomly-generated, throwaway certificate that's not actually connected to anything
+        config.setStorageCaCertificate(
+                "-----BEGIN CERTIFICATE-----\n" +
+                "MIICZDCCAc2gAwIBAgIBADANBgkqhkiG9w0BAQ0FADBPMQswCQYDVQQGEwJ1czEL\n" +
+                "MAkGA1UECAwCVVMxHjAcBgNVBAoMFVNpZ25hbCBNZXNzZW5nZXIsIExMQzETMBEG\n" +
+                "A1UEAwwKc2lnbmFsLm9yZzAeFw0yMDEyMjMyMjQ3NTlaFw0zMDEyMjEyMjQ3NTla\n" +
+                "ME8xCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJVUzEeMBwGA1UECgwVU2lnbmFsIE1l\n" +
+                "c3NlbmdlciwgTExDMRMwEQYDVQQDDApzaWduYWwub3JnMIGfMA0GCSqGSIb3DQEB\n" +
+                "AQUAA4GNADCBiQKBgQCfSLcZNHYqbxSsgWp4JvbPRHjQTrlsrKrgD2q7f/OY6O3Y\n" +
+                "/X0QNcNSOJpliN8rmzwslfsrXHO3q1diGRw4xHogUJZ/7NQrHiP/zhN0VTDh49pD\n" +
+                "ZpjXVyUbayLS/6qM5arKxBspzEFBb5v8cF6bPr76SO/rpGXiI0j6yJKX6fRiKwID\n" +
+                "AQABo1AwTjAdBgNVHQ4EFgQU6Jrs/Fmj0z4dA3wvdq/WqA4P49IwHwYDVR0jBBgw\n" +
+                "FoAU6Jrs/Fmj0z4dA3wvdq/WqA4P49IwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B\n" +
+                "AQ0FAAOBgQB+5d5+NtzLILfrc9QmJdIO1YeDP64JmFwTER0kEUouRsb9UwknVWZa\n" +
+                "y7MTM4NoBV1k0zb5LAk89SIDPr/maW5AsLtEomzjnEiomjoMBUdNe3YCgQReoLnr\n" +
+                "R/QaUNbrCjTGYfBsjGbIzmkWPUyTec2ZdRyJ8JiVl386+6CZkxnndQ==\n" +
+                "-----END CERTIFICATE-----");
+
        secureStorageClient = new SecureStorageClient(credentialGenerator, httpExecutor, config);
    }

@@ -57,6 +85,11 @@ public class SecureStorageClientTest {
        httpExecutor.awaitTermination(1, TimeUnit.SECONDS);
    }

+    @AfterClass
+    public static void tearDownAfterClass() {
+        Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
+    }
+
    @Test
    public void deleteStoredData() {
        final String username = RandomStringUtils.randomAlphabetic(16);