use crate::security::mikey::{Mikey, MikeyConfig, MikeyKeyExchangeMethod, MikeyRole};
use crate::security::SecurityKeyExchange;
use crate::srtp::{SRTP_AES128_CM_SHA1_32, SRTP_AES128_CM_SHA1_80};
#[test]
fn test_mikey_init() {
let psk = vec![1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16];
let initiator_config = MikeyConfig {
method: MikeyKeyExchangeMethod::Psk,
psk: Some(psk.clone()),
srtp_profile: SRTP_AES128_CM_SHA1_80,
..Default::default()
};
let mut initiator = Mikey::new(initiator_config, MikeyRole::Initiator);
let result = initiator.init();
assert!(
result.is_ok(),
"Failed to initialize initiator: {:?}",
result
);
}
#[test]
fn test_mikey_status_check() {
let psk = vec![1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16];
let initiator_config = MikeyConfig {
method: MikeyKeyExchangeMethod::Psk,
psk: Some(psk.clone()),
srtp_profile: SRTP_AES128_CM_SHA1_80,
..Default::default()
};
let mut initiator = Mikey::new(initiator_config, MikeyRole::Initiator);
assert!(!initiator.is_complete());
assert!(initiator.get_srtp_key().is_none());
assert!(initiator.get_srtp_suite().is_none());
initiator.init().expect("Failed to initialize");
assert!(!initiator.is_complete());
}
#[test]
fn test_mikey_crypto_suites() {
let psk = vec![1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16];
let initiator_config = MikeyConfig {
method: MikeyKeyExchangeMethod::Psk,
psk: Some(psk.clone()),
srtp_profile: SRTP_AES128_CM_SHA1_80,
..Default::default()
};
let mut initiator = Mikey::new(initiator_config, MikeyRole::Initiator);
initiator.init().expect("Failed to initialize");
let initiator_config2 = MikeyConfig {
method: MikeyKeyExchangeMethod::Psk,
psk: Some(psk.clone()),
srtp_profile: SRTP_AES128_CM_SHA1_32,
..Default::default()
};
let mut initiator2 = Mikey::new(initiator_config2, MikeyRole::Initiator);
initiator2.init().expect("Failed to initialize");
assert!(!initiator.is_complete());
assert!(!initiator2.is_complete());
}
#[test]
fn test_mikey_pke_certificate_generation() {
use crate::security::mikey::crypto::{generate_key_pair_and_certificate, CertificateConfig};
let config = CertificateConfig::enterprise_server("test-server.example.com");
let result = generate_key_pair_and_certificate(config);
assert!(
result.is_ok(),
"Failed to generate certificate: {:?}",
result
);
let key_pair = result.unwrap();
assert!(
!key_pair.certificate.is_empty(),
"Certificate should not be empty"
);
assert!(
!key_pair.private_key.is_empty(),
"Private key should not be empty"
);
assert!(
!key_pair.public_key.is_empty(),
"Public key should not be empty"
);
use crate::security::mikey::crypto::extract_certificate_info;
let cert_info = extract_certificate_info(&key_pair.certificate);
assert!(
cert_info.is_ok(),
"Certificate should be parseable: {:?}",
cert_info
);
let info = cert_info.unwrap();
assert_eq!(info.subject_cn, "test-server.example.com");
}
#[test]
fn test_mikey_pke_ca_generation() {
use crate::security::mikey::crypto::{generate_ca_certificate, CertificateConfig};
let config = CertificateConfig::high_security("Test Root CA");
let result = generate_ca_certificate(config);
assert!(
result.is_ok(),
"Failed to generate CA certificate: {:?}",
result
);
let ca_key_pair = result.unwrap();
assert!(!ca_key_pair.certificate.is_empty());
assert!(!ca_key_pair.private_key.is_empty());
assert!(!ca_key_pair.public_key.is_empty());
}
#[test]
fn test_mikey_pke_certificate_signing() {
use crate::security::mikey::crypto::{
extract_certificate_info, generate_ca_certificate, sign_certificate_with_ca,
CertificateConfig,
};
let ca_config = CertificateConfig::enterprise_server("Test CA");
let ca_key_pair = generate_ca_certificate(ca_config).unwrap();
let subject_config = CertificateConfig::enterprise_client("test-user@example.com");
let result = sign_certificate_with_ca(&ca_key_pair, subject_config);
assert!(
result.is_ok(),
"Failed to sign certificate with CA: {:?}",
result
);
let signed_cert = result.unwrap();
let cert_info = extract_certificate_info(&signed_cert.certificate).unwrap();
assert_eq!(cert_info.subject_cn, "User test-user@example.com");
}
#[test]
fn test_mikey_pke_init() {
use crate::security::mikey::crypto::{generate_key_pair_and_certificate, CertificateConfig};
let server_config = CertificateConfig::enterprise_server("server.example.com");
let server_keys = generate_key_pair_and_certificate(server_config).unwrap();
let client_config = CertificateConfig::enterprise_client("client@example.com");
let client_keys = generate_key_pair_and_certificate(client_config).unwrap();
let initiator_config = MikeyConfig {
method: MikeyKeyExchangeMethod::Pk,
certificate: Some(server_keys.certificate.clone()),
private_key: Some(server_keys.private_key.clone()),
peer_certificate: Some(client_keys.certificate.clone()),
srtp_profile: SRTP_AES128_CM_SHA1_80,
..Default::default()
};
let mut initiator = Mikey::new(initiator_config, MikeyRole::Initiator);
let result = initiator.init();
assert!(
result.is_ok(),
"Failed to initialize MIKEY-PKE initiator: {:?}",
result
);
assert!(
initiator.get_srtp_key().is_some(),
"MIKEY-PKE should generate SRTP keys"
);
assert!(
initiator.get_srtp_suite().is_some(),
"MIKEY-PKE should have SRTP suite"
);
}
#[test]
fn test_mikey_pke_vs_psk_mode() {
use crate::security::mikey::crypto::{generate_key_pair_and_certificate, CertificateConfig};
let psk = vec![1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16];
let psk_config = MikeyConfig {
method: MikeyKeyExchangeMethod::Psk,
psk: Some(psk),
srtp_profile: SRTP_AES128_CM_SHA1_80,
..Default::default()
};
let mut psk_mikey = Mikey::new(psk_config, MikeyRole::Initiator);
let psk_result = psk_mikey.init();
assert!(
psk_result.is_ok(),
"PSK mode should initialize successfully"
);
let server_config = CertificateConfig::enterprise_server("test.example.com");
let server_keys = generate_key_pair_and_certificate(server_config).unwrap();
let client_config = CertificateConfig::enterprise_client("client@example.com");
let client_keys = generate_key_pair_and_certificate(client_config).unwrap();
let pke_config = MikeyConfig {
method: MikeyKeyExchangeMethod::Pk,
certificate: Some(server_keys.certificate),
private_key: Some(server_keys.private_key),
peer_certificate: Some(client_keys.certificate),
srtp_profile: SRTP_AES128_CM_SHA1_80,
..Default::default()
};
let mut pke_mikey = Mikey::new(pke_config, MikeyRole::Initiator);
let pke_result = pke_mikey.init();
assert!(
pke_result.is_ok(),
"PKE mode should initialize successfully"
);
assert!(
psk_mikey.get_srtp_key().is_some() || pke_mikey.get_srtp_key().is_some(),
"At least one method should provide SRTP keys"
);
}
#[test]
fn test_mikey_pke_unified_security_integration() {
use crate::api::common::config::SecurityConfig;
use crate::api::common::unified_security::SecurityContextFactory;
use crate::security::mikey::crypto::{generate_key_pair_and_certificate, CertificateConfig};
let server_config = CertificateConfig::enterprise_server("unified-test.example.com");
let server_keys = generate_key_pair_and_certificate(server_config).unwrap();
let client_config = CertificateConfig::enterprise_client("unified-client@example.com");
let client_keys = generate_key_pair_and_certificate(client_config).unwrap();
let security_config = SecurityConfig::mikey_pke_with_certificates(
server_keys.certificate,
server_keys.private_key,
client_keys.certificate,
);
let result = SecurityContextFactory::create_context(security_config);
assert!(
result.is_ok(),
"Failed to create unified security context for MIKEY-PKE: {:?}",
result
);
let context = result.unwrap();
assert_eq!(
context.get_method(),
crate::api::common::config::KeyExchangeMethod::Mikey
);
}
#[test]
fn test_mikey_certificate_validation() {
use crate::security::mikey::crypto::{
generate_ca_certificate, sign_certificate_with_ca, validate_certificate_chain,
CertificateConfig,
};
let ca_config = CertificateConfig::enterprise_server("Validation Test CA");
let ca_keys = generate_ca_certificate(ca_config).unwrap();
let subject_config = CertificateConfig::enterprise_client("validation-test@example.com");
let subject_keys = sign_certificate_with_ca(&ca_keys, subject_config).unwrap();
let validation_result =
validate_certificate_chain(&subject_keys.certificate, &ca_keys.certificate);
assert!(
validation_result.is_ok(),
"Certificate chain validation should succeed: {:?}",
validation_result
);
}