Add import and export command - US 183

1a77f7dd · ElyKar · 85ccbf85 · 1a77f7dd · 1a77f7dd · 1a77f7dd
Commit 1a77f7dd authored 9 years ago by ElyKar
--- a/auth/cert.go
+++ b/auth/cert.go
@@ -8,9 +8,11 @@ import (
 	"crypto/x509/pkix"
 	"encoding/pem"
 	"errors"
-	"github.com/pborman/uuid"
+	"fmt"
 	"math/big"
 	"time"
+
+	"github.com/pborman/uuid"
 )

 // GetCertificateRequest creates a request to be sent to any authoritative signer, as a PEM-encoded array of bytes.
@@ -116,6 +118,9 @@ func GetSelfSignedCertificate(days int, serial uint64, country, organization, un
 // PEMToCertificate tries to decode a PEM-encoded array of bytes to a certificate
 func PEMToCertificate(data []byte) (*x509.Certificate, error) {
 	block, _ := pem.Decode(data)
+	if block == nil {
+		return nil, fmt.Errorf("Data is not a valid pem-encoding")
+	}
 	return x509.ParseCertificate(block.Bytes)
 }


--- a/auth/privkey.go
+++ b/auth/privkey.go
@@ -6,6 +6,7 @@ import (
 	"crypto/rsa"
 	"crypto/x509"
 	"encoding/pem"
+	"fmt"
 )

 // Cipher used to encrypt private key content in PEM format
@@ -50,6 +51,9 @@ func EncryptedPEMToPrivateKey(data []byte, pwd string) (*rsa.PrivateKey, error)
 	var err error

 	block, _ := pem.Decode(data)
+	if block == nil {
+		return nil, fmt.Errorf("Data is not a valid pem-encoding")
+	}
 	decodedData := block.Bytes

 	if pwd != "" {

--- a/dfssc/impexp.go
+++ b/dfssc/impexp.go
+package main
+
+import (
+	"dfss/dfssc/user"
+	"fmt"
+	"os"
+)
+
+// export the certificate and private key of the user
+func exportConf(confFile string) {
+	fmt.Println("Export user configuration")
+	var keyPassphrase, confPassphrase string
+
+	config, err := user.NewConfig(fkey, fcert)
+	if err != nil {
+		_, _ = os.Stderr.WriteString(fmt.Sprintf("Couldn't open the files: %s", err))
+		os.Exit(1)
+		return
+	}
+
+	err = readPassphrases(&keyPassphrase, &confPassphrase, true)
+	if err != nil {
+		_, _ = os.Stderr.WriteString(fmt.Sprintf("An error occurred: %s", err))
+		os.Exit(1)
+		return
+	}
+
+	err = config.SaveConfigToFile(confFile, confPassphrase, keyPassphrase)
+	if err != nil {
+		_, _ = os.Stderr.WriteString(fmt.Sprintf("Couldn't save the configuration on the disk: %s", err))
+		os.Exit(1)
+		return
+	}
+
+}
+
+// Read two passphrases for the configuration
+func readPassphrases(keyPassphrase, confPassphrase *string, second bool) error {
+	fmt.Println("Enter the passphrase of the configuration")
+	err := readPassword(confPassphrase, second)
+	if err != nil {
+		return err
+	}
+
+	fmt.Println("Enter the passphrase of your current key (if any)")
+	err = readPassword(keyPassphrase, false)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// import the configuration
+func importConf(confFile string) {
+	var keyPassphrase, confPassphrase string
+	err := readPassphrases(&keyPassphrase, &confPassphrase, false)
+	if err != nil {
+		_, _ = os.Stderr.WriteString(fmt.Sprintf("An error occurred: %s", err))
+		os.Exit(1)
+		return
+	}
+
+	config, err := user.DecodeConfiguration(confFile, keyPassphrase, confPassphrase)
+	if err != nil {
+		_, _ = os.Stderr.WriteString(fmt.Sprintf("Couldnd't decrypt the configuration: %s", err))
+		os.Exit(1)
+		return
+	}
+
+	err = config.SaveUserInformations()
+	if err != nil {
+		_, _ = os.Stderr.WriteString(fmt.Sprintf("Couldn't save the certificate and private key: %s", err))
+		os.Exit(1)
+		return
+	}
+}
--- a/dfssc/main.go
+++ b/dfssc/main.go
@@ -31,12 +31,14 @@ func init() {
 		fmt.Println("  dfssc [flags] command")

 		fmt.Println("\nThe commands are:")
-		fmt.Println("  help      print this help")
-		fmt.Println("  version   print dfss client version")
-		fmt.Println("  register  register a new client")
-		fmt.Println("  auth      authenticate a new client")
-		fmt.Println("  new       create a new contract")
-		fmt.Println("  show <c>  print contract information from file c")
+		fmt.Println("  help       print this help")
+		fmt.Println("  version    print dfss client version")
+		fmt.Println("  register   register a new client")
+		fmt.Println("  auth       authenticate a new client")
+		fmt.Println("  new        create a new contract")
+		fmt.Println("  show <c>   print contract information from file c")
+		fmt.Println("  export <c> export certificate and private key of the user to file c")
+		fmt.Println("  import <c> import private key and certificate from file c")

 		fmt.Println("\nFlags:")
 		flag.PrintDefaults()
@@ -61,6 +63,10 @@ func main() {
 		newContract()
 	case "show":
 		showContract(flag.Arg(1))
+	case "export":
+		exportConf(flag.Arg(1))
+	case "import":
+		importConf(flag.Arg(1))
 	default:
 		flag.Usage()
 	}

--- a/dfssc/security/files.go
+++ b/dfssc/security/files.go
 package security

 import (
+	"bytes"
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/rand"
 	"crypto/rsa"
 	"crypto/x509"
 	"dfss/auth"
 	"dfss/dfssc/common"
+	"encoding/base64"
+	"fmt"
+	"io"
+	"strings"
 )

 // GetCertificate return the Certificate stored on the disk
@@ -37,3 +45,49 @@ func GetPrivateKey(filename, passphrase string) (*rsa.PrivateKey, error) {

 	return key, nil
 }
+
+// AES-256 requires a 32 bytes key, this function extend the key to this length
+func extendKey(key string) string {
+	key = strings.Repeat(key, 32/len(key)+1)
+	return key[:32]
+}
+
+// EncryptStringAES enciphers the data using AES-256 algorithm
+func EncryptStringAES(key string, data []byte) ([]byte, error) {
+	key = extendKey(key)
+	block, err := aes.NewCipher(bytes.NewBufferString(key).Bytes())
+	if err != nil {
+		return nil, err
+	}
+	b := base64.StdEncoding.EncodeToString(data)
+	ciphertext := make([]byte, aes.BlockSize+len(b))
+
+	iv := ciphertext[:aes.BlockSize]
+	if _, err := io.ReadFull(rand.Reader, iv); err != nil {
+		return nil, err
+	}
+	cfb := cipher.NewCFBEncrypter(block, iv)
+	cfb.XORKeyStream(ciphertext[aes.BlockSize:], []byte(b))
+	return ciphertext, nil
+}
+
+// DecryptAES deciphers the data using AES-256 algorithm
+func DecryptAES(key string, data []byte) ([]byte, error) {
+	key = extendKey(key)
+	block, err := aes.NewCipher(bytes.NewBufferString(key).Bytes())
+	if err != nil {
+		return nil, err
+	}
+	if len(data) < aes.BlockSize {
+		return nil, fmt.Errorf("Ciphertext is not correctly encrypted")
+	}
+	iv := data[:aes.BlockSize]
+	data = data[aes.BlockSize:]
+	cfb := cipher.NewCFBDecrypter(block, iv)
+	cfb.XORKeyStream(data, data)
+	decoded, err := base64.StdEncoding.DecodeString(string(data))
+	if err != nil {
+		return nil, err
+	}
+	return decoded, nil
+}
--- a/dfssc/user/config.go
+++ b/dfssc/user/config.go
+package user
+
+import (
+	"dfss/auth"
+	"dfss/dfssc/common"
+	"dfss/dfssc/security"
+	"encoding/json"
+	"fmt"
+)
+
+// Config represents the config file to be marshalled in json
+type Config struct {
+	KeyFile  string `json:"key"`
+	KeyData  []byte `json:"keyData"`
+	CertFile string `json:"cert"`
+	CertData []byte `json:"certData"`
+}
+
+// NewConfig creates a new config object from the key and certificate provided
+// The validity of those is checked later
+func NewConfig(keyFile, certFile string) (*Config, error) {
+	if !common.FileExists(keyFile) {
+		return nil, fmt.Errorf("No such file: %s", keyFile)
+	}
+
+	if !common.FileExists(certFile) {
+		return nil, fmt.Errorf("No such file: %s", certFile)
+	}
+
+	key, err := common.ReadFile(keyFile)
+
+	if err != nil {
+		return nil, err
+	}
+
+	cert, err := common.ReadFile(certFile)
+
+	if err != nil {
+		return nil, err
+	}
+
+	return &Config{
+		KeyData:  key,
+		KeyFile:  keyFile,
+		CertData: cert,
+		CertFile: certFile,
+	}, nil
+
+}
+
+// SaveConfigToFile marshals checks the  validity of the certificate and private key,
+// marshals the struct in JSON, encrypt the string using AES-256 with the provided passphrase,
+// and finally save it to a file
+func (c *Config) SaveConfigToFile(fileName, passphrase, keyPassphrase string) error {
+	if common.FileExists(fileName) {
+		return fmt.Errorf("Cannot overwrite file: %s", fileName)
+	}
+
+	if len(passphrase) < 4 {
+		return fmt.Errorf("Passphrase should be at least 4 characters long")
+	}
+
+	err := c.checkData(keyPassphrase)
+	if err != nil {
+		return err
+	}
+
+	data, err := json.Marshal(c)
+	if err != nil {
+		return err
+	}
+
+	encodedData, err := security.EncryptStringAES(passphrase, data)
+	if err != nil {
+		return err
+	}
+
+	err = common.SaveToDisk(encodedData, fileName)
+	return err
+}
+
+// DecodeConfiguration : decrypt and unmarshal the given configuration file
+// to create a Config object. It also checks the validity of the certificate and private key
+func DecodeConfiguration(fileName, keyPassphrase, confPassphrase string) (*Config, error) {
+	if !common.FileExists(fileName) {
+		return nil, fmt.Errorf("No such file: %s", fileName)
+	}
+
+	if len(confPassphrase) < 4 {
+		return nil, fmt.Errorf("Passphrase should be at least 4 characters long")
+	}
+
+	encodedData, err := common.ReadFile(fileName)
+	if err != nil {
+		return nil, err
+	}
+
+	decodedData, err := security.DecryptAES(confPassphrase, encodedData)
+	if err != nil {
+		return nil, err
+	}
+
+	var config Config
+	err = json.Unmarshal(decodedData, &config)
+	if err != nil {
+		return nil, err
+	}
+
+	err = config.checkData(keyPassphrase)
+	if err != nil {
+		return nil, err
+	}
+
+	return &config, nil
+}
+
+// Check that the certificate is valid, and that the private key is valid too
+// using the passphrase
+func (c *Config) checkData(keyPassphrase string) error {
+	_, err := auth.PEMToCertificate(c.CertData)
+	if err != nil {
+		return err
+	}
+
+	_, err = auth.EncryptedPEMToPrivateKey(c.KeyData, keyPassphrase)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// SaveUserInformations save the certificate and private key to the files specified in the Config struct
+func (c *Config) SaveUserInformations() error {
+	if common.FileExists(c.KeyFile) {
+		return fmt.Errorf("Cannot overwrite file: %s", c.KeyFile)
+	}
+
+	if common.FileExists(c.CertFile) {
+		return fmt.Errorf("Cannot overwrite file: %s", c.CertFile)
+	}
+
+	err := common.SaveToDisk(c.KeyData, c.KeyFile)
+	if err != nil {
+		common.DeleteQuietly(c.KeyFile)
+		return err
+	}
+
+	err = common.SaveToDisk(c.CertData, c.CertFile)
+	if err != nil {
+		common.DeleteQuietly(c.KeyFile)
+		common.DeleteQuietly(c.CertFile)
+		return err
+	}
+
+	return nil
+}
--- a/dfssc/user/config_test.go
+++ b/dfssc/user/config_test.go
+package user
+
+import (
+	"dfss/dfssc/common"
+	"dfss/dfssc/security"
+	"fmt"
+	"os"
+	"path/filepath"
+	"testing"
+
+	"github.com/bmizerany/assert"
+)
+
+const certFixture = `-----BEGIN CERTIFICATE-----
+MIIB5TCCAY+gAwIBAgIJAKId2y6Lo9T8MA0GCSqGSIb3DQEBCwUAME0xCzAJBgNV
+BAYTAkZSMQ0wCwYDVQQKDARERlNTMRswGQYDVQQLDBJERlNTIFBsYXRmb3JtIHYw
+LjExEjAQBgNVBAMMCWxvY2FsaG9zdDAgFw0xNjAxMjYxNTM2NTNaGA80NDgwMDMw
+ODE1MzY1M1owTTELMAkGA1UEBhMCRlIxDTALBgNVBAoMBERGU1MxGzAZBgNVBAsM
+EkRGU1MgUGxhdGZvcm0gdjAuMTESMBAGA1UEAwwJbG9jYWxob3N0MFwwDQYJKoZI
+hvcNAQEBBQADSwAwSAJBAMGAgCtkRLePYFRTUN0V/0v/6phm0guHGS6f0TkSEas4
+CGZTKFJVTBksMGIBtfyYw3XQx2bO8myeypDN5nV05DcCAwEAAaNQME4wHQYDVR0O
+BBYEFO09nxx5/qeLK5Wig1+3kg66gn/mMB8GA1UdIwQYMBaAFO09nxx5/qeLK5Wi
+g1+3kg66gn/mMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADQQCqNSH+rt/Z
+ru2rkabLiHOGjI+AenSOvqWZ2dWAlLksYcyuQHKwjGWgpmqkiQCnkIDwIxZvu69Y
+OBz0ASFn7eym
+-----END CERTIFICATE-----
+`
+
+const keyFixture = `-----BEGIN RSA PRIVATE KEY-----
+MIIBOwIBAAJBAMGAgCtkRLePYFRTUN0V/0v/6phm0guHGS6f0TkSEas4CGZTKFJV
+TBksMGIBtfyYw3XQx2bO8myeypDN5nV05DcCAwEAAQJAHSdRKDh5KfbOGqZa3pR7
+3GV4YPHM37PBFYc6rJCOXO9W8L4Q1kvEhjKXp7ke18Cge7bVmlKspvxvC62gxSQm
+QQIhAPMYwpp29ZREdk8yU65Sp6w+EbZS9TjZkC+pk3syYjaxAiEAy8XWnnDMsUxb
+6vp1SaaIfxI441AYzh3+8c56CAvt02cCIQDQ2jfvHz7zyDHg7rsILMkTaSwseW9n
+DTwcRtOHZ40LsQIgDWEVAVwopG9+DYSaVNahWa6Jm6szpbzkc136NzMJT3sCIQDv
+T2KSQQIYEvPYZmE+1b9f3rs/w7setrGtqVFkm/fTWQ==
+-----END RSA PRIVATE KEY-----
+`
+
+var cPath = os.TempDir()
+
+// TestInvalidFiles assert an error is raised when provided with wrong files
+func TestInvalidFiles(t *testing.T) {
+	keyFile := filepath.Join(cPath, "invalidKey.pem")
+	certFile := filepath.Join(cPath, "invalidCert.pem")
+	defer deleteFiles(keyFile, certFile, "invalidConf.pem")
+
+	_, err := NewConfig("inexistantKey", "inexistantCert")
+	assert.Tf(t, err != nil, "No key file nor cert file, expected error")
+
+	_ = common.SaveStringToDisk(fmt.Sprintf("%s", []byte(keyFixture)), keyFile)
+	_, err = NewConfig(keyFile, "inexistantCert")
+	assert.Tf(t, err != nil, "No cert file, expected error")
+
+	_ = security.SaveCertificate(fmt.Sprintf("%s", []byte(certFixture)), certFile)
+	_, err = NewConfig(keyFile, certFile)
+	assert.Tf(t, err == nil, "Expected no error, files are present and valid")
+}
+
+// TestErrorDumpingConfig checks the error that may be raised while dumping the configuration to the disk
+func TestErrorDumpingConfig(t *testing.T) {
+	keyFile := filepath.Join(cPath, "privKey.pem")
+	certFile := filepath.Join(cPath, "cert.pem")
+	defer deleteFiles(keyFile, certFile, "invalidConf.pem")
+
+	err := common.SaveStringToDisk(fmt.Sprintf("%s", []byte(keyFixture)), keyFile)
+	assert.Tf(t, err == nil, "Expected no error, file is present")
+
+	err = security.SaveCertificate(fmt.Sprintf("%s", []byte(certFixture)), certFile)
+	assert.Tf(t, err == nil, "Expected no error, cert is valid")
+
+	config, err := NewConfig(keyFile, certFile)
+	assert.Tf(t, err == nil, "Expected no error, files are present and valid")
+
+	err = config.SaveConfigToFile("file", "abc", "")
+	assert.Tf(t, err != nil, "Expected an error, passphrase is too short (< 4 char)")
+
+	err = config.SaveConfigToFile(keyFile, "passphrase", "")
+	assert.Tf(t, err != nil, "Expected an error, file is already there")
+
+	common.DeleteQuietly(keyFile)
+	_ = common.SaveStringToDisk("Invalid key", keyFile)
+	config, _ = NewConfig(keyFile, certFile)
+	err = config.SaveConfigToFile("file", "passphrase", "passphrase")
+	assert.Tf(t, err != nil, "Expected an error, private key is invalid")
+
+	common.DeleteQuietly(certFile)
+	common.DeleteQuietly(keyFile)
+	_ = common.SaveStringToDisk(fmt.Sprintf("%s", []byte(keyFixture)), keyFile)
+	_ = common.SaveStringToDisk("Invalid certificate", certFile)
+	config, _ = NewConfig(keyFile, certFile)
+	err = config.SaveConfigToFile("file", "passphrase", "passphrase")
+	assert.Tf(t, err != nil, "Expected an error, certificate is invalid")
+
+}
+
+// TestDumpingFile tries to save the configuration and checks there are no problems
+func TestDumpingFile(t *testing.T) {
+	keyFile := filepath.Join(cPath, "privKey2.pem")
+	certFile := filepath.Join(cPath, "cert2.pem")
+	configPath := filepath.Join(os.TempDir(), "dfss.conf")
+	common.DeleteQuietly(configPath)
+	defer deleteFiles(keyFile, certFile, configPath)
+
+	err := common.SaveStringToDisk(fmt.Sprintf("%s", []byte(keyFixture)), keyFile)
+	assert.Tf(t, err == nil, "Expected no error, file is present")
+
+	err = security.SaveCertificate(fmt.Sprintf("%s", []byte(certFixture)), certFile)
+	assert.Tf(t, err == nil, "Expected no error, cert is valid")
+
+	config, err := NewConfig(keyFile, certFile)
+	assert.Tf(t, err == nil, "Expected no error, files are present and valid")
+
+	err = config.SaveConfigToFile(configPath, "passphrase", "")
+	assert.Tf(t, err == nil, "Expected no error, config is valid")
+
+	assert.Tf(t, common.FileExists(configPath), "Expected a config file present")
+	_, err = common.ReadFile(configPath)
+
+	assert.Tf(t, err == nil, "Expected no error, config is present")
+}
+
+// TestErrorDecodeFile tries to decode a configuration file and checks the errors raised
+func TestErrorDecodeFile(t *testing.T) {
+	keyFile := filepath.Join(cPath, "privKey2.pem")
+	certFile := filepath.Join(cPath, "cert2.pem")
+	configPath := filepath.Join(os.TempDir(), "dfss2.conf")
+	common.DeleteQuietly(configPath)
+	defer deleteFiles(keyFile, certFile, configPath)
+
+	_ = common.SaveStringToDisk(fmt.Sprintf("%s", []byte(keyFixture)), keyFile)
+	_ = security.SaveCertificate(fmt.Sprintf("%s", []byte(certFixture)), certFile)
+
+	_, err := DecodeConfiguration("inexistantFile", "passphrase", "")
+	assert.Tf(t, err != nil, "File is invalid, impossible to decode configuration")
+
+	_, err = DecodeConfiguration(keyFile, "pas", "")
+	assert.Tf(t, err != nil, "Passphrase is invalid, should be at least 4 char long")
+
+	config, err := NewConfig(keyFile, certFile)
+	assert.Tf(t, err == nil, "Expected no error, files are present and valid")
+
+	err = config.SaveConfigToFile(configPath, "passphrase", "")
+	assert.Tf(t, err == nil, "Expected no error, config is valid")
+
+	config, err = DecodeConfiguration(configPath, "pass", "")
+	assert.Tf(t, err != nil, "Expected error, wrong passphrase")
+
+}
+
+// TestDecodeConfig tries to decode the configuration and checks it is right
+func TestDecodeConfig(t *testing.T) {
+	keyFile := filepath.Join(cPath, "privKey4.pem")
+	certFile := filepath.Join(cPath, "cert4.pem")
+	configPath := filepath.Join(os.TempDir(), "dfss4.conf")
+	common.DeleteQuietly(configPath)
+	defer deleteFiles(keyFile, certFile, configPath)
+
+	_ = common.SaveStringToDisk(fmt.Sprintf("%s", []byte(keyFixture)), keyFile)
+	_ = security.SaveCertificate(fmt.Sprintf("%s", []byte(certFixture)), certFile)
+
+	config, err := NewConfig(keyFile, certFile)
+	assert.Tf(t, err == nil, "Expected no error, files are present and valid")
+
+	err = config.SaveConfigToFile(configPath, "passphrase", "")
+	assert.Tf(t, err == nil, "Expected no error, config is valid")
+
+	decoded, err := DecodeConfiguration(configPath, "", "passphrase")
+	assert.Tf(t, err == nil, "Expected no error, config should have been decodedi")
+
+	assert.Equalf(t, config.KeyFile, decoded.KeyFile, "Wrong keyFile parameter")
+	assert.Equalf(t, config.KeyData, decoded.KeyData, "Wrong keyData parameter")
+	assert.Equalf(t, config.CertFile, decoded.CertFile, "Wrong certFile parameter")
+	assert.Equalf(t, config.CertData, decoded.CertData, "Wrong certData parameter")
+}
+
+// TestSaveFilesToDisk tries to create the certificate and private key on the disk from
+// the config file
+func TestSaveFilesToDisk(t *testing.T) {
+	keyFile := filepath.Join(cPath, "privKey5.pem")
+	certFile := filepath.Join(cPath, "cert5.pem")
+	configPath := filepath.Join(os.TempDir(), "dfss5.conf")
+	deleteFiles(keyFile, certFile, configPath)
+	defer deleteFiles(keyFile, certFile, configPath)
+
+	_ = common.SaveStringToDisk(fmt.Sprintf("%s", []byte(keyFixture)), keyFile)
+	_ = security.SaveCertificate(fmt.Sprintf("%s", []byte(certFixture)), certFile)
+
+	config, err := NewConfig(keyFile, certFile)
+	assert.Tf(t, err == nil, "Expected no error, files are present and valid")
+
+	err = config.SaveUserInformations()
+	assert.Tf(t, err != nil, "Expected an error, files are already present")
+	common.DeleteQuietly(keyFile)
+
+	err = config.SaveUserInformations()
+	assert.Tf(t, err != nil, "Expected an error, certificate file is already present")
+
+	common.DeleteQuietly(certFile)
+
+	err = config.SaveUserInformations()
+	assert.Tf(t, err == nil, "No error expected, files are not here")
+
+	assert.Tf(t, common.FileExists(keyFile), "Expected private key file")
+	assert.Tf(t, common.FileExists(certFile), "Expected certificate file")
+}
+
+// Helper function to delete all the files
+func deleteFiles(keyFile, certFile, confFile string) {
+	common.DeleteQuietly(keyFile)
+	common.DeleteQuietly(certFile)
+	common.DeleteQuietly(confFile)
+}
--- a/tests/impexp_test.go
+++ b/tests/impexp_test.go
+package tests
+
+import (
+	"dfss/dfssc/common"
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strings"
+	"testing"
+
+	"github.com/bmizerany/assert"
+)
+
+// TestExport tries to export the certificate and pricate key of the client
+//
+// CLASSIC SCENARIO
+// 1. Export is node successfully
+//
+// BAD CASES
+// 1. Wrong passphrase for unlocking private key
+// 2. Missing certificate for the client
+func TestExport(t *testing.T) {
+	// Initialize the directory and files
+	workingDir, err := ioutil.TempDir("", "dfss_")
+	assert.Equal(t, nil, err)
+
+	certPath := filepath.Join(workingDir, "cert.pem")
+	certFixture, _ := common.ReadFile(filepath.Join(os.Getenv("GOPATH"), "src", "dfss", "tests", "testdata", "cert.pem"))
+	err = common.SaveToDisk(certFixture, certPath)
+	assert.Equal(t, nil, err)
+
+	keyPath := filepath.Join(workingDir, "key.pem")
+	keyFixture, _ := common.ReadFile(filepath.Join(os.Getenv("GOPATH"), "src", "dfss", "tests", "testdata", "key.pem"))
+	err = common.SaveToDisk(keyFixture, keyPath)
+
+	confPath := filepath.Join(workingDir, "dfssc.conf")
+	common.DeleteQuietly(confPath)
+	assert.Equal(t, nil, err)
+	path := filepath.Join(os.Getenv("GOPATH"), "bin", "dfssc")
+
+	// Basic command
+	cmd := exec.Command(path, "-cert", certPath, "-key", keyPath, "export", confPath)
+
+	// Export the configuration
+	cmd.Stdin = strings.NewReader(
+		"pass\n" +
+			"password\n",
+	)
+	cmd.Stdout = os.Stdout
+	err = cmd.Run()
+	assert.Equal(t, nil, err)
+	assert.T(t, common.FileExists(confPath))
+
+	// Bad case 1 : Wrong passphrase for private key
+	badCmd1 := exec.Command(path, "-cert", certPath, "-key", keyPath, "export", confPath)
+	common.DeleteQuietly(confPath)
+	badCmd1.Stdin = strings.NewReader(
+		"passphrase\n" +
+			"wrong passphrase\n",
+	)
+	_ = badCmd1.Run()
+	// assert.Equalf(t, nil, err, "%x", err)
+	assert.T(t, !common.FileExists(confPath))
+
+	// Bad case 2 : Missing certificate
+	badCmd2 := exec.Command(path, "-cert", certPath, "-key", keyPath, "export", confPath)
+	common.DeleteQuietly(certPath)
+	badCmd2.Stdin = strings.NewReader(
+		"passphrase\n" +
+			"password\n",
+	)
+	_ = badCmd2.Run()
+	// assert.Equal(t, nil, err)
+	assert.T(t, !common.FileExists(confPath))
+}
+
+// TestImport tries to import the certificate and private key of a user
+//
+// CLASSIC SCENARIO
+// Import is done without problem
+//
+// BAD CASES
+// 1. There is already a private key
+// 2. Wrong passphrase for the configuration
+// 3. Wrong passphrase for the private key
+func TestImport(t *testing.T) {
+	// Initialize the directory and files
+	workingDir, err := ioutil.TempDir("", "dfss_")
+	assert.Equal(t, nil, err)
+
+	certPath := filepath.Join(workingDir, "cert.pem")
+	certFixture, _ := common.ReadFile(filepath.Join(os.Getenv("GOPATH"), "src", "dfss", "tests", "testdata", "cert.pem"))
+	err = common.SaveToDisk(certFixture, certPath)
+	assert.Equal(t, nil, err)
+
+	keyPath := filepath.Join(workingDir, "key.pem")
+	keyFixture, _ := common.ReadFile(filepath.Join(os.Getenv("GOPATH"), "src", "dfss", "tests", "testdata", "key.pem"))
+	err = common.SaveToDisk(keyFixture, keyPath)
+	assert.Equal(t, nil, err)
+
+	confPath := filepath.Join(workingDir, "dfssc.conf")
+	common.DeleteQuietly(confPath)
+	assert.Equal(t, nil, err)
+	path := filepath.Join(os.Getenv("GOPATH"), "bin", "dfssc")
+
+	// Create the config file
+	cmd := exec.Command(path, "-cert", certPath, "-key", keyPath, "export", confPath)
+
+	cmd.Stdin = strings.NewReader(
+		"pass\n" +
+			"password\n",
+	)
+	err = cmd.Run()
+	assert.Equal(t, nil, err)
+	assert.T(t, common.FileExists(confPath))
+
+	// Nominal case
+	common.DeleteQuietly(certPath)
+	common.DeleteQuietly(keyPath)
+
+	cmd = exec.Command(path, "import", confPath)
+	cmd.Stdin = strings.NewReader(
+		"pass\n" +
+			"password\n",
+	)
+	err = cmd.Run()
+	assert.Equal(t, nil, err)
+	assert.T(t, common.FileExists(certPath))
+	assert.T(t, common.FileExists(keyPath))
+
+	// Bad case 1 : There is already the key file
+	common.DeleteQuietly(certPath)
+
+	badCmd1 := exec.Command(path, "import", confPath)
+	badCmd1.Stdin = strings.NewReader(
+		"pass\n" +
+			"password\n",
+	)
+	_ = badCmd1.Run()
+	// assert.Equalf(t, nil, err, "%x", err)
+	assert.T(t, !common.FileExists(certPath))
+
+	// Bad case 2 : Wrong passphrase of the configuration
+	common.DeleteQuietly(keyPath)
+
+	badCmd2 := exec.Command(path, "import", confPath)
+	badCmd2.Stdin = strings.NewReader(
+		"I am a wrong passphrase\n" +
+			"password\n",
+	)
+	_ = badCmd2.Run()
+	// assert.Equal(t, nil, err)
+	assert.T(t, !common.FileExists(certPath))
+	assert.T(t, !common.FileExists(keyPath))
+
+	// Bad case 3 : Wrong passphrase for the private key
+	badCmd3 := exec.Command(path, "import", confPath)
+	badCmd3.Stdin = strings.NewReader(
+		"\n" +
+			"I am a wrong passphrase\n",
+	)
+	_ = badCmd3.Run()
+	// assert.Equal(t, nil, err)
+	assert.T(t, !common.FileExists(certPath))
+	assert.T(t, !common.FileExists(keyPath))
+}
--- a/tests/testdata/cert.pem
+++ b/tests/testdata/cert.pem
+-----BEGIN CERTIFICATE-----
+MIIBkDCCAToCCQDSSWVk2vWTdjANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJG
+UjENMAsGA1UECgwEREZTUzEbMBkGA1UECwwSREZTUyBQbGF0Zm9ybSB2MC4xMRIw
+EAYDVQQDDAlsb2NhbGhvc3QwIBcNMTYwMTI2MTUzNjUzWhgPNDQ4MDAzMDgxNTM2
+NTNaME8xCzAJBgNVBAYTAkZSMQ0wCwYDVQQKDARERlNTMRkwFwYDVQQLDBBERlNT
+IENsaWVudCB2MC4xMRYwFAYDVQQDDA10ZXN0QHRlc3QuY29tMFwwDQYJKoZIhvcN
+AQEBBQADSwAwSAJBAMxHU0NP/elQbmM5HDZS5iWXr4wllaJ2bWWD0cZPI1p+jty0
+wwkKwxEklPGZCDWq1+/C4EawaqMrtZW4HQVxdu8CAwEAATANBgkqhkiG9w0BAQsF
+AANBACl2/KBGR8N4qzpNecr1yDdyfyE4nGYgr8aktAeHHNWFg53q3/VHokK0jEus
+iM6sQlvDCoaE01s6gXrarE+APfU=
+-----END CERTIFICATE-----
--- a/tests/testdata/key.pem
+++ b/tests/testdata/key.pem
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,3AEE90521B16D55A
+
+3848I///OSqUkY2nNmjP+CRz+mnwg1gTImYfwTQDvGgTeMBZyYh9N7wTir10/3rJ
+AD9hu6SgkZ1N9/jV7m4rVW8uJvBFyL+ZIq2aEvt2lpWwXF4Re9OeZGHrQSpVlLSD
+Kv3ZTQyEaTrQ35LgfMtd6UEd5YO/I+pv3ggUtxaNCJeu2hDsEpBkOhWfslCeidZ7
+m3wR7I3zyXr2rHMO455yusuCrg+puel8/FSMwhGXTOi2GA2C//rRolGn31GZJD8o
+STTjKNbxXzo6wuuuoiubSycOw6iLb/P9S05/CKkcV99cZRW2wjIf2BecXjC1sezP
+hxQs83QuqN06NIfhARGgfibYPny5AtZRP2PyU/JOIgvwLrNL5Z8VjioF0+/ZfXCi
+MhNuq+NLSa0WujUwWEzn4g3EJzrylFx6/RKQju7Y23A=
+-----END RSA PRIVATE KEY-----