update to HSM-Facade v0.6.0 and add HealthCheck functionality

13 files changed, 369 insertions, 7 deletions

diff --git a/eaaf-springboot-utils/pom.xml b/eaaf-springboot-utils/pom.xml
index 1e6a85be..9e5a897b 100644
--- a/eaaf-springboot-utils/pom.xml
+++ b/eaaf-springboot-utils/pom.xml
@@ -36,13 +36,23 @@
 
   <dependencies>
     <dependency>
+      <groupId>at.gv.egiz.eaaf</groupId>
+      <artifactId>eaaf_core_utils</artifactId>
+    </dependency>
+    <dependency>
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-starter-web</artifactId>
       <scope>provided</scope>
     </dependency>
     <dependency>
       <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-actuator</artifactId>
+      <scope>provided</scope>    
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-configuration-processor</artifactId>
+      <scope>provided</scope>
     </dependency>    
     <dependency>
       <groupId>ch.qos.logback</groupId>
@@ -61,11 +71,31 @@
       <scope>test</scope>
     </dependency>
     <dependency>
+      <groupId>org.springframework</groupId>
+      <artifactId>spring-test</artifactId>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>at.gv.egiz.eaaf</groupId>
+      <artifactId>eaaf_core_utils</artifactId>
+      <scope>test</scope>
+      <type>test-jar</type>
+    </dependency>
+    <dependency>
       <groupId>org.apache.httpcomponents</groupId>
       <artifactId>httpclient</artifactId>
       <scope>test</scope>
     </dependency>
-
+    <dependency>
+      <groupId>org.powermock</groupId>
+      <artifactId>powermock-module-junit4</artifactId>
+      <scope>test</scope>
+     </dependency>
+    <dependency>
+      <groupId>org.powermock</groupId>
+      <artifactId>powermock-api-mockito2</artifactId>        
+      <scope>test</scope>
+    </dependency>      
   </dependencies>
 
   <build>
diff --git a/eaaf-springboot-utils/src/main/java/at/gv/egiz/eaaf/utils/springboot/actuator/HsmFacadeProviderHealthCheck.java b/eaaf-springboot-utils/src/main/java/at/gv/egiz/eaaf/utils/springboot/actuator/HsmFacadeProviderHealthCheck.java
new file mode 100644
index 00000000..d2406552
--- /dev/null
+++ b/eaaf-springboot-utils/src/main/java/at/gv/egiz/eaaf/utils/springboot/actuator/HsmFacadeProviderHealthCheck.java
@@ -0,0 +1,54 @@
+package at.gv.egiz.eaaf.utils.springboot.actuator;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.actuate.health.Health;
+import org.springframework.boot.actuate.health.HealthIndicator;
+import org.springframework.stereotype.Service;
+
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory.HsmFacadeStatus;
+import lombok.extern.slf4j.Slf4j;
+
+/**
+ * Implements a Spring-Actuator HealthCheck for HSM-Facade from A-SIT+.
+ * 
+ * @author tlenz
+ *
+ */
+@Slf4j
+@Service("HsmFacadeProvider")
+public class HsmFacadeProviderHealthCheck implements HealthIndicator {
+
+  @Autowired(required = false) EaafKeyStoreFactory factory;
+
+  @Override
+  public Health health() {
+    if (factory != null && factory.isHsmFacadeInitialized()) {
+      try {
+        HsmFacadeStatus status = factory.checkHsmFacadeStatus();
+        log.trace("Current HSM-Facade status: {}", status);
+        if (HsmFacadeStatus.UP.equals(status)) {
+          return Health.up().build();
+          
+        } else if (HsmFacadeStatus.DOWN.equals(status)) {          
+          return Health.down().build();
+          
+        }
+        
+      } catch (Exception e) {
+        log.warn("HSM-Facaden Health-Check has an error", e);
+        return Health.down(e).build();
+        
+      }
+            
+    } else {
+      log.trace("No {} or HSM-Facade is not initialized. Skipping healthCheck ...", 
+          EaafKeyStoreFactory.class.getName());
+      
+    }
+    
+    return Health.unknown().build();
+    
+  }
+    
+}
diff --git a/eaaf-springboot-utils/src/test/java/at/gv/egiz/eaaf/utils/springboot/test/SimpleSpringBootStarterTest.java b/eaaf-springboot-utils/src/test/java/at/gv/egiz/eaaf/utils/springboot/test/SimpleSpringBootStarterTest.java
index 3313d36e..611cc3aa 100644
--- a/eaaf-springboot-utils/src/test/java/at/gv/egiz/eaaf/utils/springboot/test/SimpleSpringBootStarterTest.java
+++ b/eaaf-springboot-utils/src/test/java/at/gv/egiz/eaaf/utils/springboot/test/SimpleSpringBootStarterTest.java
@@ -24,7 +24,7 @@ public class SimpleSpringBootStarterTest {
   public void Test() throws ClientProtocolException, IOException {
     
     DummySpringBootApp.main(new String[] {
-        "--spring.config.location=classpath:/jUnit_application.properties"});
+        "--spring.config.location=classpath:/config/jUnit_application.properties"});
         
     ConfigurableApplicationContext ctx = DummySpringBootApp.getCtx();
     Assert.assertNotNull("SpringBootContext", ctx);
diff --git a/eaaf-springboot-utils/src/test/java/at/gv/egiz/eaaf/utils/springboot/test/actuator/HsmFacadeProviderHealthCheckNoKeyStoreFactoryTest.java b/eaaf-springboot-utils/src/test/java/at/gv/egiz/eaaf/utils/springboot/test/actuator/HsmFacadeProviderHealthCheckNoKeyStoreFactoryTest.java
new file mode 100644
index 00000000..92c88544
--- /dev/null
+++ b/eaaf-springboot-utils/src/test/java/at/gv/egiz/eaaf/utils/springboot/test/actuator/HsmFacadeProviderHealthCheckNoKeyStoreFactoryTest.java
@@ -0,0 +1,38 @@
+package at.gv.egiz.eaaf.utils.springboot.test.actuator;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.actuate.health.Health;
+import org.springframework.boot.actuate.health.Status;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
+import at.gv.egiz.eaaf.utils.springboot.actuator.HsmFacadeProviderHealthCheck;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration("/spring/test_spring_actuator.xml")
+public class HsmFacadeProviderHealthCheckNoKeyStoreFactoryTest {
+    
+  @Mock
+  private EaafKeyStoreFactory keyStoreFactory;
+  
+  @InjectMocks
+  @Autowired 
+  private HsmFacadeProviderHealthCheck check;
+    
+  @Test
+  public void noEaafKeyStoreFactoryBean() {    
+    //get current status
+    Health status = check.health();
+    
+    //validate result
+    Assert.assertEquals("wrong statusCode", Status.UNKNOWN.getCode(), status.getStatus().getCode());
+    
+  }
+   
+}
diff --git a/eaaf-springboot-utils/src/test/java/at/gv/egiz/eaaf/utils/springboot/test/actuator/HsmFacadeProviderHealthCheckTest.java b/eaaf-springboot-utils/src/test/java/at/gv/egiz/eaaf/utils/springboot/test/actuator/HsmFacadeProviderHealthCheckTest.java
new file mode 100644
index 00000000..29feee5e
--- /dev/null
+++ b/eaaf-springboot-utils/src/test/java/at/gv/egiz/eaaf/utils/springboot/test/actuator/HsmFacadeProviderHealthCheckTest.java
@@ -0,0 +1,96 @@
+package at.gv.egiz.eaaf.utils.springboot.test.actuator;
+
+import static org.mockito.Mockito.when;
+
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.Mockito;
+import org.mockito.MockitoAnnotations;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.actuate.health.Health;
+import org.springframework.boot.actuate.health.Status;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory.HsmFacadeStatus;
+import at.gv.egiz.eaaf.utils.springboot.actuator.HsmFacadeProviderHealthCheck;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration("/spring/test_spring_actuator.xml")
+public class HsmFacadeProviderHealthCheckTest {
+    
+  @Mock
+  private EaafKeyStoreFactory keyStoreFactory = Mockito.mock(EaafKeyStoreFactory.class);
+  
+  @InjectMocks
+  @Autowired 
+  private HsmFacadeProviderHealthCheck check;
+  
+  @Before 
+  public void initMocks() {
+    MockitoAnnotations.initMocks(this);
+    
+  }
+  
+  @Test
+  public void hsmFacadeStatusUnknown() {
+    //set-up test result
+    when(keyStoreFactory.isHsmFacadeInitialized()).thenReturn(false);   
+    
+    //get current status
+    Health status = check.health();
+    
+    //validate result
+    Assert.assertEquals("wrong statusCode", Status.UNKNOWN.getCode(), status.getStatus().getCode());
+    
+  }
+  
+  @Test
+  public void statusUp() throws Exception {
+    //set-up test result
+    when(keyStoreFactory.isHsmFacadeInitialized()).thenReturn(true);
+    when(keyStoreFactory.checkHsmFacadeStatus()).thenReturn(HsmFacadeStatus.UP);    
+    
+    //get current status
+    Health status = check.health();
+    
+    //validate result
+    Assert.assertEquals("wrong statusCode", Status.UP.getCode(), status.getStatus().getCode());
+    
+  }
+ 
+  @Test
+  public void statusDown() throws Exception {
+    //set-up test result
+    when(keyStoreFactory.isHsmFacadeInitialized()).thenReturn(true);
+    when(keyStoreFactory.checkHsmFacadeStatus()).thenReturn(HsmFacadeStatus.DOWN);    
+    
+    //get current status
+    Health status = check.health();
+    
+    //validate result
+    Assert.assertEquals("wrong statusCode", Status.DOWN.getCode(), status.getStatus().getCode());
+    
+  }
+  
+  @Test
+  public void statusUnknown() throws Exception {
+    //set-up test result
+    when(keyStoreFactory.isHsmFacadeInitialized()).thenReturn(true);
+    when(keyStoreFactory.checkHsmFacadeStatus()).thenReturn(HsmFacadeStatus.UNKNOWN);    
+    
+    //get current status
+    Health status = check.health();
+    
+    //validate result
+    Assert.assertEquals("wrong statusCode", Status.UNKNOWN.getCode(), status.getStatus().getCode());
+    
+  }
+  
+  
+}
diff --git a/eaaf-springboot-utils/src/test/resources/config/config1.properties b/eaaf-springboot-utils/src/test/resources/config/config1.properties
new file mode 100644
index 00000000..ca134cf4
--- /dev/null
+++ b/eaaf-springboot-utils/src/test/resources/config/config1.properties
@@ -0,0 +1,15 @@
+security.hsmfacade.host=eid.a-sit.at
+security.hsmfacade.port=9050
+security.hsmfacade.trustedsslcert=src/test/resources/config/hsm_facade_trust_root.crt
+security.hsmfacade.username=authhandler-junit
+security.hsmfacade.password=supersecret123
+
+client.http.connection.timeout.socket=2
+client.http.connection.timeout.connection=2
+client.http.connection.timeout.request=2
+
+core.pendingrequestid.maxlifetime=180
+core.pendingrequestid.digist.type=passphrase
+core.pendingrequestid.digist.secret=pendingReqIdSecret
+core.pendingrequestid.digist.keystore.name=
+core.pendingrequestid.digist.key.alias=
\ No newline at end of file
diff --git a/eaaf-springboot-utils/src/test/resources/config/hsm_facade_trust_root.crt b/eaaf-springboot-utils/src/test/resources/config/hsm_facade_trust_root.crt
new file mode 100644
index 00000000..01be3821
--- /dev/null
+++ b/eaaf-springboot-utils/src/test/resources/config/hsm_facade_trust_root.crt
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBdDCCARqgAwIBAgIEXkz1yjAKBggqhkjOPQQDAjARMQ8wDQYDVQQDDAZlY3Jv
+b3QwHhcNMjAwMjE5MDg0NjAyWhcNMjEwMjE4MDg0NjAyWjARMQ8wDQYDVQQDDAZl
+Y3Jvb3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS8yvpVIWbPj4E7Lr87hwQR
+T9DZf9WY5LMV7gF6NKpnJ5JkEql/s7fqBVbrh8aSNo6gmfmSk4VYGhPJ+DCMzzQj
+o2AwXjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFOXafzYpIOlu6BgNU+Ee
+JWuJobgWMB0GA1UdDgQWBBTl2n82KSDpbugYDVPhHiVriaG4FjALBgNVHQ8EBAMC
+AQYwCgYIKoZIzj0EAwIDSAAwRQIgRt/51PKL/bATuLCdib95Ika+h845Jo0G+Sbn
+bzNwJAcCIQCVD1cxEBuUkKaiaLbTiNVsEjvQb6ti0TFbbQUH66jCGA==
+-----END CERTIFICATE-----
diff --git a/eaaf-springboot-utils/src/test/resources/jUnit_application.properties b/eaaf-springboot-utils/src/test/resources/config/jUnit_application.properties
index dd7a77c1..dd7a77c1 100644
--- a/eaaf-springboot-utils/src/test/resources/jUnit_application.properties
+++ b/eaaf-springboot-utils/src/test/resources/config/jUnit_application.properties
diff --git a/eaaf-springboot-utils/src/test/resources/spring/test_spring_actuator.xml b/eaaf-springboot-utils/src/test/resources/spring/test_spring_actuator.xml
new file mode 100644
index 00000000..f41efac9
--- /dev/null
+++ b/eaaf-springboot-utils/src/test/resources/spring/test_spring_actuator.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xmlns:context="http://www.springframework.org/schema/context"
+  xmlns:tx="http://www.springframework.org/schema/tx"
+  xmlns:aop="http://www.springframework.org/schema/aop"
+  xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"
+  default-lazy-init="true">
+
+  <bean id="dummyAuthConfigMap"
+        class="at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap" >
+    <constructor-arg value="/config/config1.properties" />
+  </bean>
+         
+  <!-- bean id="eaafKeyStoreFactory"
+        class="at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory" /-->
+
+  <bean id="eaafUtilsMessageSource"
+        class="at.gv.egiz.eaaf.core.impl.logging.EaafUtilsMessageSource" />
+ 
+  <bean id="HsmFacadeProvider" 
+        class="at.gv.egiz.eaaf.utils.springboot.actuator.HsmFacadeProviderHealthCheck"/>
+ 
+</beans>
\ No newline at end of file
diff --git a/eaaf_core_utils/pom.xml b/eaaf_core_utils/pom.xml
index c7cefa8d..0afd56d0 100644
--- a/eaaf_core_utils/pom.xml
+++ b/eaaf_core_utils/pom.xml
@@ -45,7 +45,7 @@
       <groupId>at.asitplus.hsmfacade</groupId>
       <artifactId>provider</artifactId>
       <scope>provided</scope>
-    </dependency> 
+    </dependency>  
     <dependency>
       <groupId>io.grpc</groupId>
       <artifactId>grpc-core</artifactId>
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
index 1c6e6e76..63ad3d98 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
@@ -72,11 +72,14 @@ public class EaafKeyStoreFactory {
   private static final String HSM_FACADE_PROVIDER_METHOD_CONSTRUCT = "getInstance";
   private static final String HSM_FACADE_PROVIDER_METHOD_INIT = "init";
   private static final String HSM_FACADE_PROVIDER_METHOD_ISINITIALIZED = "isInitialized";
+  private static final String HSM_FACADE_PROVIDER_METHOD_HEALTHCHECK = "healthcheck";  
   private static final String HSM_FACADE_PROVIDER_INIT_ERROR_MSG
       = "Has HSM-Facade class supported '{}' method: {}";
   private static final String HSM_FACADE_PROVIDER = "HsmFacade";
   private static final String HSM_FACADE_KEYSTORE_TYPE = "RemoteKeyStore";
 
+  public enum HsmFacadeStatus { UP, DOWN, UNKNOWN }
+  
   @Autowired
   private IConfiguration basicConfig;
   @Autowired
@@ -171,6 +174,44 @@ public class EaafKeyStoreFactory {
     return isHsmFacadeInitialized;
 
   }
+  
+  /**
+   * Get the current status for HSM-Facade interaction.
+   * 
+   * @return {@link HsmFacadeStatus} to indicate the current status.
+   */
+  public HsmFacadeStatus checkHsmFacadeStatus() {
+    if (isHsmFacadeInitialized()) {
+      final Provider alreadyLoadedProvider = Security.getProvider(HSM_FACADE_PROVIDER);
+      if (alreadyLoadedProvider != null) {
+        try {
+          final Method healthCheck =
+              alreadyLoadedProvider.getClass().getMethod(HSM_FACADE_PROVIDER_METHOD_HEALTHCHECK, new Class[]{});
+          boolean currentHealthStatus = (boolean) healthCheck.invoke(alreadyLoadedProvider);         
+          HsmFacadeStatus status = currentHealthStatus ? HsmFacadeStatus.UP : HsmFacadeStatus.DOWN;
+          log.trace("Current HSM-Facade status is: ", status);          
+          return status;
+
+        } catch (final Exception e) {
+          log.info("Can not determine state of alreay loaded HSM Facade: {} because HealthCheck not support", 
+              alreadyLoadedProvider.getVersion());
+          log.debug("Full HSM-Facade health-check exception", e);
+          return HsmFacadeStatus.UNKNOWN;
+          
+        }
+        
+      } else {
+        log.warn("HSM-Facade is marked as 'initialized', but not load as Security-Provider");
+        return HsmFacadeStatus.DOWN;        
+      }
+            
+    } else {
+      log.trace("HSM-Facade is not initialized. Set status do 'unknown'");
+      return HsmFacadeStatus.UNKNOWN;
+      
+    }        
+  }
+  
 
   @PostConstruct
   private void initialize() throws EaafException {
@@ -354,7 +395,7 @@ public class EaafKeyStoreFactory {
   private Pair<KeyStore, Provider> getKeyStoreFromHsmFacade(String keyStoreName, String friendlyName)
       throws EaafFactoryException, EaafConfigurationException {
     final String validatedKeyStoreName = checkConfigurationParameter(keyStoreName,
-        ERRORCODE_06, friendlyName, "KeyStoreName missing for HSM Facade");
+        ERRORCODE_06, friendlyName, "KeyStoreName missing for HSM Fac)ade");
 
     try {
       final KeyStore keyStore = KeyStore.getInstance(HSM_FACADE_KEYSTORE_TYPE, HSM_FACADE_PROVIDER);
diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java
index 6d1b63d7..24fb271f 100644
--- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java
+++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java
@@ -288,6 +288,9 @@ public class EaafKeyStoreFactoryTest {
     Assert.assertNotNull("KeyStore is null", keyStore.getFirst());
     Assert.assertNull("KeyStore is null", keyStore.getSecond());
 
+    Assert.assertEquals("Wrong HSM-Facade state", EaafKeyStoreFactory.HsmFacadeStatus.UNKNOWN, 
+        keyStoreFactory.checkHsmFacadeStatus());
+    
   }
 
   @Test
@@ -607,17 +610,44 @@ public class EaafKeyStoreFactoryTest {
 
     final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
     Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
+    Assert.assertEquals("Wrong HSM-Facade state", EaafKeyStoreFactory.HsmFacadeStatus.UP, 
+        keyStoreFactory.checkHsmFacadeStatus());
 
   }
 
   @Test
   @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD)
+  public void hsmFacadeHealthCheckNoProvider() {
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST,
+        RandomStringUtils.randomNumeric(10));
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT,
+        RandomStringUtils.randomNumeric(4));
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME,
+        RandomStringUtils.randomNumeric(10));
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD,
+        RandomStringUtils.randomAlphanumeric(10));
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST,
+        PATH_TO_HSM_FACADE_TRUST_CERT);
+
+    final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
+    Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
+    
+    Security.removeProvider("HsmFacade");
+    Assert.assertEquals("Wrong HSM-Facade state", EaafKeyStoreFactory.HsmFacadeStatus.DOWN, 
+        keyStoreFactory.checkHsmFacadeStatus());
+
+  }
+  
+  @Test
+  @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD)
   public void hsmFacadeAlreadLoaded() {
     HsmFacadeProvider provider = HsmFacadeProvider.getInstance();
     Security.addProvider(provider);
     
     final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
     Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
+    Assert.assertEquals("Wrong HSM-Facade state", EaafKeyStoreFactory.HsmFacadeStatus.UP, 
+        keyStoreFactory.checkHsmFacadeStatus());
 
   }
   
@@ -769,7 +799,9 @@ public class EaafKeyStoreFactoryTest {
 
     final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
     Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
-
+    Assert.assertEquals("Wrong HSM-Facade state", EaafKeyStoreFactory.HsmFacadeStatus.UP, 
+        keyStoreFactory.checkHsmFacadeStatus());
+    
     final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration();
     keyStoreConfig.setKeyStoreType(KeyStoreType.HSMFACADE);
     keyStoreConfig.setKeyStoreName("authhandler");
diff --git a/pom.xml b/pom.xml
index 88b17165..64f83058 100644
--- a/pom.xml
+++ b/pom.xml
@@ -43,12 +43,12 @@
     <iaik.prod.iaik_xades.version>2.13_moa</iaik.prod.iaik_xades.version>
     <iaik.prod.iaik_xsect.version>2.14_moa</iaik.prod.iaik_xsect.version>
 
-    <hsm-facade-provider.version>0.5.3-SNAPSHOT</hsm-facade-provider.version>
+    <hsm-facade-provider.version>0.6.0</hsm-facade-provider.version>
     <io.grpc-core.version>1.34.0</io.grpc-core.version>
 
     <!-- Other third-party libs -->
     <spring-boot-starter-web.version>2.3.7.RELEASE</spring-boot-starter-web.version>
-    <org.springframework.version>5.2.8.RELEASE</org.springframework.version>
+    <org.springframework.version>5.2.12.RELEASE</org.springframework.version>
     <org.opensaml.version>3.4.5</org.opensaml.version>
     <org.apache.santuario.xmlsec.version>2.2.0</org.apache.santuario.xmlsec.version>
     <org.cryptacular.version>1.2.4</org.cryptacular.version>
@@ -86,6 +86,7 @@
     <surefire.version>2.22.1</surefire.version>
     <junit.version>4.13.1</junit.version>
     <com.squareup.okhttp3.version>4.4.1</com.squareup.okhttp3.version>
+    <org.powermock.version>2.0.9</org.powermock.version>
 
     <!-- Code helper plug-ins -->
     <org.projectlombok.lombok.version>1.18.12</org.projectlombok.lombok.version>
@@ -424,6 +425,11 @@
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-configuration-processor</artifactId>
         <version>${spring-boot-starter-web.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-starter-actuator</artifactId>
+        <version>${spring-boot-starter-web.version}</version>
       </dependency>            
       <dependency>
         <groupId>org.springframework</groupId>
@@ -621,6 +627,18 @@
         <scope>test</scope>
         <type>test-jar</type>
       </dependency>
+      <dependency>
+        <groupId>org.powermock</groupId>
+        <artifactId>powermock-module-junit4</artifactId>
+        <version>${org.powermock.version}</version>
+        <scope>test</scope>
+       </dependency>
+      <dependency>
+        <groupId>org.powermock</groupId>
+        <artifactId>powermock-api-mockito2</artifactId>        
+        <version>${org.powermock.version}</version>
+        <scope>test</scope>
+      </dependency>      
     </dependencies>
   </dependencyManagement>
   <dependencies>