summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas <>2022-04-19 10:48:47 +0200
committerThomas <>2022-04-19 10:48:47 +0200
commit8863bbcff97c4f7ee86be063a222ec36c15b5546 (patch)
treeb7a29d097a4239e97f97b907f6a48d0ffec60dc0
parent7da4e762402a868920fc1212db78db6ce729b6ca (diff)
downloadEAAF-Components-8863bbcff97c4f7ee86be063a222ec36c15b5546.tar.gz
EAAF-Components-8863bbcff97c4f7ee86be063a222ec36c15b5546.tar.bz2
EAAF-Components-8863bbcff97c4f7ee86be063a222ec36c15b5546.zip
test(http): add second SSL client authentication test
INFO: SSL Client-Authentication with keys from HSM-Facade only works with BCJSSE Provider >= 1.70 and SystemD Parameter: -Dorg.bouncycastle.jsse.client.acceptRenegotiation=true if HTTP Server requires re-negotiation. Hint: do not enable SSL Debugging in BCJSSE Probider, because it throws a NullPointerException with HSM-Facade keys!!!!
-rw-r--r--eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryProdHostTest.java41
1 files changed, 17 insertions, 24 deletions
diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryProdHostTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryProdHostTest.java
index 55c17ee8..85fa6129 100644
--- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryProdHostTest.java
+++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryProdHostTest.java
@@ -1,20 +1,20 @@
package at.gv.egiz.eaaf.core.test.http;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
import java.io.IOException;
-import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
-import java.security.Provider;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateEncodingException;
-import java.security.cert.X509Certificate;
-import java.util.Base64;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.util.EntityUtils;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
@@ -23,13 +23,12 @@ import org.junit.runner.RunWith;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.annotation.DirtiesContext.ClassMode;
import org.springframework.test.annotation.DirtiesContext.MethodMode;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
-import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.http.HttpClientConfiguration;
import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory;
import ch.qos.logback.classic.Level;
@@ -37,11 +36,10 @@ import ch.qos.logback.classic.Logger;
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration("/spring/test_eaaf_pvp_not_lazy.beans.xml")
-@DirtiesContext
+@DirtiesContext(classMode = ClassMode.BEFORE_CLASS)
public class HttpClientFactoryProdHostTest {
@Autowired private IHttpClientFactory httpClientFactory;
- @Autowired private EaafKeyStoreFactory keyStoreFactory;
/**
* Initialize full class.
@@ -51,6 +49,8 @@ public class HttpClientFactoryProdHostTest {
final Logger logger = (Logger) LoggerFactory.getLogger("org.bouncycastle.jsse");
logger.setLevel(Level.TRACE);
+ System.setProperty("org.bouncycastle.jsse.client.acceptRenegotiation", "true");
+
}
/**
@@ -71,28 +71,21 @@ public class HttpClientFactoryProdHostTest {
final HttpClientConfiguration clientConfig = new HttpClientConfiguration("jUnit-client");
clientConfig.setAuthMode("ssl");
- //clientConfig.buildKeyStoreConfig("hsmfacade", null, null, "eid-junit");
- //clientConfig.setSslKeyAlias("rsa-key-1");
clientConfig.buildKeyStoreConfig("hsmfacade", null, null, "authhandler");
- clientConfig.setSslKeyAlias("authhandler-sign");
- clientConfig.setDisableTlsHostCertificateValidation(false);
+ clientConfig.setSslKeyAlias("authhandler-mis");
+ clientConfig.setDisableTlsHostCertificateValidation(true);
final CloseableHttpClient client = httpClientFactory.getHttpClient(clientConfig);
Assert.assertNotNull("httpClient", client);
-
- final Pair<KeyStore, Provider> sslClientKeyStore =
- keyStoreFactory.buildNewKeyStore(clientConfig.getKeyStoreConfig());
- final X509Certificate clientRootCert = (X509Certificate) sslClientKeyStore.getFirst()
- .getCertificateChain(clientConfig.getSslKeyAlias())[1];
- final X509Certificate clientEeCert = (X509Certificate) sslClientKeyStore.getFirst()
- .getCertificateChain(clientConfig.getSslKeyAlias())[0];
- Base64.getEncoder().encodeToString(clientEeCert.getEncoded());
//perform test request
- final HttpUriRequest httpGet2 = new HttpGet("https://apps.egiz.gv.at//sslclientcertdemo/");
- final CloseableHttpResponse httpResp2 = client.execute(httpGet2);
- Assert.assertEquals("http statusCode", 200, httpResp2.getStatusLine().getStatusCode());
-
+ final HttpUriRequest httpGet3 = new HttpGet("https://vollmachten.egiz.gv.at/mms-eid-test/services/GetMandatesService?wsdl");
+ final CloseableHttpResponse httpResp3 = client.execute(httpGet3);
+ Assert.assertEquals("http statusCode", 200, httpResp3.getStatusLine().getStatusCode());
+ String body = EntityUtils.toString(httpResp3.getEntity());
+ assertFalse("no http body", body.isEmpty());
+ assertTrue("no WSDL", body.contains("name=\"GetMandatesOperation\""));
+
}
}