summaryrefslogtreecommitdiff
path: root/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2020-02-17 11:33:09 +0100
committerThomas Lenz <thomas.lenz@egiz.gv.at>2020-02-17 11:33:09 +0100
commit3b7eb43b0df868e492ccd7ad2daca5e4c0053bb2 (patch)
tree93fb63193581f49f2679dc0f2e9263845927afc8 /eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java
parentdfd7c39666563e7f56fc63c275b58cc37bc2a952 (diff)
downloadEAAF-Components-3b7eb43b0df868e492ccd7ad2daca5e4c0053bb2.tar.gz
EAAF-Components-3b7eb43b0df868e492ccd7ad2daca5e4c0053bb2.tar.bz2
EAAF-Components-3b7eb43b0df868e492ccd7ad2daca5e4c0053bb2.zip
update jUnit tests to operate on HSM Facade from A-Sit+
Diffstat (limited to 'eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java')
-rw-r--r--eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java143
1 files changed, 79 insertions, 64 deletions
diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java
index c47805e8..b5727015 100644
--- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java
+++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java
@@ -6,6 +6,17 @@ import java.security.KeyStoreException;
import java.security.cert.X509Certificate;
import java.util.List;
+import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap;
+
import org.apache.commons.lang3.RandomStringUtils;
import org.junit.Assert;
import org.junit.Before;
@@ -23,17 +34,6 @@ import com.google.common.base.Optional;
import com.google.common.base.Predicates;
import com.google.common.base.Throwables;
import com.google.common.collect.FluentIterable;
-
-import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException;
-import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException;
-import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
-import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils;
-import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
-import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
-import at.gv.egiz.eaaf.core.impl.data.Pair;
-import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap;
import io.grpc.StatusRuntimeException;
@RunWith(SpringJUnit4ClassRunner.class)
@@ -41,13 +41,20 @@ import io.grpc.StatusRuntimeException;
@DirtiesContext(methodMode = MethodMode.BEFORE_METHOD)
public class EaafKeyStoreFactoryTest {
+ private static final String HSM_FACASE_HOST = "eid.a-sit.at";
+ private static final String HSM_FACASE_PORT = "9000";
+ private static final String HSM_FACASE_SSL_TRUST = "src/test/resources/data/hsm_facade_trust_root.crt";
+ private static final String HSM_FACASE_USERNAME = "authhandler-junit";
+ private static final String HSM_FACASE_PASSWORD = "supersecret123";
+ private static final String HSM_FACASE_HSM_NAME = "software";
+
private static final String PATH_TO_SOFTWARE_KEYSTORE_JKS_WITH_TRUSTED_CERTS =
"src/test/resources/data/junit.jks";
private static final String PATH_TO_SOFTWARE_KEYSTORE_JKS =
"src/test/resources/data/junit_without_trustcerts.jks";
private static final String PATH_TO_SOFTWARE_KEYSTORE_PKCS12 =
"src/test/resources/data/junit_without_trustcerts.p12";
- private static final String PATH_TO_HSM_FACADE_TRUST_CERT = "src/test/resources/data/test.crt";
+ private static final String PATH_TO_HSM_FACADE_TRUST_CERT = "src/test/resources/data/hsm_facade_trust_root.crt";
private static final String SOFTWARE_KEYSTORE_PASSWORD = "password";
@Autowired
@@ -146,7 +153,7 @@ public class EaafKeyStoreFactoryTest {
}
}
-
+
@Test
@DirtiesContext
public void softwareKeyStoreWithoutPassword() {
@@ -177,7 +184,7 @@ public class EaafKeyStoreFactoryTest {
final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration();
keyStoreConfig.setKeyStoreType(KeyStoreType.JKS);
keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD);
-
+
try {
keyStoreFactory.buildNewKeyStore(keyStoreConfig);
@@ -216,7 +223,7 @@ public class EaafKeyStoreFactoryTest {
keyStoreConfig.setKeyStoreType(KeyStoreType.JKS);
keyStoreConfig.setSoftKeyStoreFilePath("src/test/resources/notexist.jks");
keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD);
-
+
try {
keyStoreFactory.buildNewKeyStore(keyStoreConfig);
@@ -239,7 +246,7 @@ public class EaafKeyStoreFactoryTest {
keyStoreConfig.setKeyStoreType(KeyStoreType.JKS);
keyStoreConfig.setSoftKeyStoreFilePath(PATH_TO_SOFTWARE_KEYSTORE_JKS);
keyStoreConfig.setSoftKeyStorePassword("wrong password");
-
+
try {
keyStoreFactory.buildNewKeyStore(keyStoreConfig);
@@ -262,14 +269,14 @@ public class EaafKeyStoreFactoryTest {
keyStoreConfig.setKeyStoreType(KeyStoreType.JKS);
keyStoreConfig.setSoftKeyStoreFilePath(PATH_TO_SOFTWARE_KEYSTORE_JKS);
keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD);
-
+
keyStoreConfig.validate();
final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig);
Assert.assertNotNull("KeyStore is null", keyStore);
}
-
+
@Test
@DirtiesContext
public void softwareKeyStoreAccessOperations() throws EaafException, KeyStoreException {
@@ -280,61 +287,61 @@ public class EaafKeyStoreFactoryTest {
keyStoreConfig.setKeyStoreType(KeyStoreType.JKS);
keyStoreConfig.setSoftKeyStoreFilePath(PATH_TO_SOFTWARE_KEYSTORE_JKS_WITH_TRUSTED_CERTS);
keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD);
-
+
keyStoreConfig.validate();
final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig);
Assert.assertNotNull("KeyStore is null", keyStore);
-
+
//read trusted certs
- List<X509Certificate> trustedCerts = EaafKeyStoreUtils.readCertsFromKeyStore(keyStore);
+ final List<X509Certificate> trustedCerts = EaafKeyStoreUtils.readCertsFromKeyStore(keyStore);
Assert.assertNotNull("Trusted certs", trustedCerts);
Assert.assertEquals("Trusted certs size", 2, trustedCerts.size());
//read priv. key
- Pair<Key, X509Certificate[]> privCred1 = EaafKeyStoreUtils.getPrivateKeyAndCertificates(
+ final Pair<Key, X509Certificate[]> privCred1 = EaafKeyStoreUtils.getPrivateKeyAndCertificates(
keyStore, "meta", "password".toCharArray(), true, "jUnit test");
Assert.assertNotNull("Credential 1", privCred1);
Assert.assertNotNull("Credential 1 priv. key", privCred1.getFirst());
Assert.assertNotNull("Credential 1 certificate", privCred1.getSecond());
-
+
//read priv. key
- Pair<Key, X509Certificate[]> privCred2 = EaafKeyStoreUtils.getPrivateKeyAndCertificates(
+ final Pair<Key, X509Certificate[]> privCred2 = EaafKeyStoreUtils.getPrivateKeyAndCertificates(
keyStore, "sig", "password".toCharArray(), true, "jUnit test");
Assert.assertNotNull("Credential 2", privCred2);
Assert.assertNotNull("Credential 2 priv. key", privCred2.getFirst());
Assert.assertNotNull("Credential 2 certificate", privCred2.getSecond());
-
-
+
+
//read priv. key
- Pair<Key, X509Certificate[]> privCred3 = EaafKeyStoreUtils.getPrivateKeyAndCertificates(
+ final Pair<Key, X509Certificate[]> privCred3 = EaafKeyStoreUtils.getPrivateKeyAndCertificates(
keyStore, "notexist", "password".toCharArray(), false, "jUnit test");
Assert.assertNull("Credential 3", privCred3);
-
+
//read priv. key
- Pair<Key, X509Certificate[]> privCred4 = EaafKeyStoreUtils.getPrivateKeyAndCertificates(
+ final Pair<Key, X509Certificate[]> privCred4 = EaafKeyStoreUtils.getPrivateKeyAndCertificates(
keyStore, "meta", "wrong".toCharArray(), false, "jUnit test");
Assert.assertNull("Credential 3", privCred4);
-
+
try {
EaafKeyStoreUtils.getPrivateKeyAndCertificates(
keyStore, "meta", "wrong".toCharArray(), true, "jUnit test");
Assert.fail("Wrong password not detected");
-
- } catch (EaafKeyAccessException e) {
+
+ } catch (final EaafKeyAccessException e) {
Assert.assertEquals("wrong errorcode", "internal.keystore.09", e.getErrorId());
}
-
+
try {
EaafKeyStoreUtils.getPrivateKeyAndCertificates(
keyStore, "wrong", "password".toCharArray(), true, "jUnit test");
Assert.fail("Wrong alias not detected");
-
- } catch (EaafKeyAccessException e) {
+
+ } catch (final EaafKeyAccessException e) {
Assert.assertEquals("wrong errorcode", "internal.keystore.09", e.getErrorId());
}
-
-
+
+
}
@Test
@@ -349,7 +356,7 @@ public class EaafKeyStoreFactoryTest {
keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD);
keyStoreConfig.validate();
-
+
final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig);
Assert.assertNotNull("KeyStore is null", keyStore);
@@ -550,18 +557,7 @@ public class EaafKeyStoreFactoryTest {
@Test
@DirtiesContext
public void hsmFacadeKeyStoreNoKeyStoreName() {
- mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST,
- RandomStringUtils.randomNumeric(10));
- mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT,
- RandomStringUtils.randomNumeric(4));
- mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME,
- RandomStringUtils.randomNumeric(10));
- mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD,
- RandomStringUtils.randomAlphanumeric(10));
- mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HSM_NAME,
- RandomStringUtils.randomAlphanumeric(10));
- mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST,
- PATH_TO_HSM_FACADE_TRUST_CERT);
+ configureHsmFacade();
final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
@@ -583,28 +579,17 @@ public class EaafKeyStoreFactoryTest {
@Test
@DirtiesContext
public void hsmFacadeKeyStoreSuccess() throws EaafException {
- mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST,
- RandomStringUtils.randomNumeric(10));
- mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT,
- RandomStringUtils.randomNumeric(4));
- mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME,
- RandomStringUtils.randomNumeric(10));
- mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD,
- RandomStringUtils.randomAlphanumeric(10));
- mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HSM_NAME,
- RandomStringUtils.randomAlphanumeric(10));
- mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST,
- PATH_TO_HSM_FACADE_TRUST_CERT);
+ configureHsmFacade();
final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration();
keyStoreConfig.setKeyStoreType(KeyStoreType.HSMFACADE);
- keyStoreConfig.setKeyStoreName("testkeyStore");
+ keyStoreConfig.setKeyStoreName("authhandler");
keyStoreConfig.validate();
-
+
try {
final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig);
Assert.assertNotNull("KeyStore is null", keyStore);
@@ -615,6 +600,36 @@ public class EaafKeyStoreFactoryTest {
// exception"));
}
+ }
+
+ @Test
+ @DirtiesContext
+ public void hsmFacadeKeyStoreSuccessASitTestFacade() throws EaafException {
+ configureHsmFacade();
+
+ final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
+ Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
+
+ final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration();
+ keyStoreConfig.setKeyStoreType(KeyStoreType.HSMFACADE);
+ keyStoreConfig.setKeyStoreName("authhandler");
+
+ keyStoreConfig.validate();
+
+ final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig);
+ Assert.assertNotNull("KeyStore is null", keyStore);
+
+ }
+
+ private void configureHsmFacade() {
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, HSM_FACASE_HOST);
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT, HSM_FACASE_PORT);
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST, HSM_FACASE_SSL_TRUST);
+
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME, HSM_FACASE_USERNAME);
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD, HSM_FACASE_PASSWORD);
+
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HSM_NAME, HSM_FACASE_HSM_NAME);
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-28 18:14:14 +0000