Integrate HSM Facade from A-SIT+

The EaafKeyStoreFactory can be used to build KeyStores from differend providers and types

6 files changed, 929 insertions, 3 deletions

diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/logging/EaafUtilsMessageSourceTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/logging/EaafUtilsMessageSourceTest.java
new file mode 100644
index 00000000..f6df60ae
--- /dev/null
+++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/logging/EaafUtilsMessageSourceTest.java
@@ -0,0 +1,36 @@
+package at.gv.egiz.eaaf.core.impl.logging;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.io.Resource;
+import org.springframework.core.io.ResourceLoader;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration("/spring/test_eaaf_pvp_not_lazy.beans.xml")
+public class EaafUtilsMessageSourceTest {
+
+  @Autowired
+  private ResourceLoader loader;
+  @Autowired(required = false)
+  private IMessageSourceLocation messageSource;
+
+  @Test
+  public void simpleTests() {
+    Assert.assertNotNull("No messageSource", messageSource);
+
+    Assert.assertNotNull("No sourcePath", messageSource.getMessageSourceLocation());
+
+    for (final String el : messageSource.getMessageSourceLocation()) {
+      final Resource messages = loader.getResource(el + ".properties");
+      Assert.assertTrue("Source not exist", messages.exists());
+
+    }
+
+  }
+}
diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/logging/JUnitTestStatusMessenger.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/logging/JUnitTestStatusMessenger.java
index be5d95b1..9c1d0c82 100644
--- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/logging/JUnitTestStatusMessenger.java
+++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/logging/JUnitTestStatusMessenger.java
@@ -3,6 +3,7 @@ package at.gv.egiz.eaaf.core.impl.logging;
 import java.text.MessageFormat;
 import java.util.HashMap;
 import java.util.Map;
+
 import at.gv.egiz.eaaf.core.api.IStatusMessenger;
 
 public class JUnitTestStatusMessenger implements IStatusMessenger {
@@ -48,7 +49,7 @@ public class JUnitTestStatusMessenger implements IStatusMessenger {
    * Add a message into Message-Store.
    *
    * @param msgCode message-code
-   * @param msg message
+   * @param msg     message
    */
   public void addMsg(final String msgCode, final String msg) {
     if (!msgStore.containsKey(msgCode)) {
diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/utils/test/KeyValueUtilsTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/utils/test/KeyValueUtilsTest.java
index 258c3210..58788392 100644
--- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/utils/test/KeyValueUtilsTest.java
+++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/utils/test/KeyValueUtilsTest.java
@@ -6,14 +6,17 @@ import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
 import java.util.Map.Entry;
-import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+
 import org.apache.commons.lang3.RandomStringUtils;
 import org.junit.Assert;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.BlockJUnit4ClassRunner;
+
 import com.google.common.collect.Sets;
 
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+
 @RunWith(BlockJUnit4ClassRunner.class)
 public class KeyValueUtilsTest {
 
@@ -442,5 +445,4 @@ public class KeyValueUtilsTest {
 
   }
 
-
 }
diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java
new file mode 100644
index 00000000..805000cb
--- /dev/null
+++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java
@@ -0,0 +1,555 @@
+package at.gv.egiz.eaaf.core.test.credentials;
+
+import java.security.KeyStore;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.BeansException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.annotation.DirtiesContext.MethodMode;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import com.google.common.base.Optional;
+import com.google.common.base.Predicates;
+import com.google.common.base.Throwables;
+import com.google.common.collect.FluentIterable;
+
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
+import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap;
+import io.grpc.StatusRuntimeException;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration("/spring/test_eaaf_pvp_lazy.beans.xml")
+@DirtiesContext(methodMode = MethodMode.BEFORE_METHOD)
+public class EaafKeyStoreFactoryTest {
+
+  private static final String PATH_TO_SOFTWARE_KEYSTORE_JKS =
+      "src/test/resources/data/junit_without_trustcerts.jks";
+  private static final String PATH_TO_SOFTWARE_KEYSTORE_PKCS12 =
+      "src/test/resources/data/junit_without_trustcerts.p12";
+  private static final String PATH_TO_HSM_FACADE_TRUST_CERT = "src/test/resources/data/test.crt";
+  private static final String SOFTWARE_KEYSTORE_PASSWORD = "password";
+
+  @Autowired
+  private DummyAuthConfigMap mapConfig;
+  @Autowired
+  private ApplicationContext context;
+
+  /**
+   * jUnit test set-up.
+   */
+  @Before
+  public void testSetup() {
+    mapConfig.clearAllConfig();
+
+  }
+
+  @Test
+  @DirtiesContext
+  public void startWithoutConfigHsmFacadeConfig() {
+    final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
+    Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
+
+  }
+
+  @Test
+  @DirtiesContext
+  public void buildyStoreWithOutConfig() {
+    final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
+    Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
+
+    final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration();
+    try {
+      keyStoreFactory.buildNewKeyStore(keyStoreConfig);
+      Assert.fail("Wrong config not detected");
+
+    } catch (final EaafException e) {
+      org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e, "Wong ExceptionType");
+      Assert.assertEquals("wrong errorCode", "internal.keystore.01", e.getErrorId());
+
+    }
+  }
+
+  @Test
+  @DirtiesContext
+  public void buildyStoreWithPkcs11() {
+    final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
+    Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
+
+    final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration();
+    keyStoreConfig.setKeyStoreType(KeyStoreType.PKCS11);
+    try {
+      keyStoreFactory.buildNewKeyStore(keyStoreConfig);
+      Assert.fail("Wrong config not detected");
+
+    } catch (final EaafException e) {
+      org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e, "Wong ExceptionType");
+      Assert.assertEquals("wrong errorCode", "internal.keystore.02", e.getErrorId());
+
+    }
+  }
+
+  @Test
+  @DirtiesContext
+  public void softwareKeyStoreWithoutConfig() {
+    final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
+    Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
+
+    final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration();
+    keyStoreConfig.setKeyStoreType(KeyStoreType.JKS);
+    try {
+      keyStoreFactory.buildNewKeyStore(keyStoreConfig);
+      Assert.fail("Wrong config not detected");
+
+    } catch (final EaafException e) {
+      org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e, "Wong ExceptionType");
+      Assert.assertEquals("wrong errorCode", "internal.keystore.06", e.getErrorId());
+
+    }
+  }
+
+  @Test
+  @DirtiesContext
+  public void softwareKeyStoreWithoutConfigSecond() {
+    final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
+    Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
+
+    final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration();
+    keyStoreConfig.setKeyStoreType(KeyStoreType.PKCS12);
+    try {
+      keyStoreFactory.buildNewKeyStore(keyStoreConfig);
+      Assert.fail("Wrong config not detected");
+
+    } catch (final EaafException e) {
+      org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e, "Wong ExceptionType");
+      Assert.assertEquals("wrong errorCode", "internal.keystore.06", e.getErrorId());
+
+    }
+  }
+  
+  @Test
+  @DirtiesContext
+  public void softwareKeyStoreWithoutPassword() {
+    final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
+    Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
+
+    final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration();
+    keyStoreConfig.setKeyStoreType(KeyStoreType.JKS);
+    keyStoreConfig.setSoftKeyStoreFilePath(PATH_TO_SOFTWARE_KEYSTORE_JKS);
+
+    try {
+      keyStoreFactory.buildNewKeyStore(keyStoreConfig);
+      Assert.fail("Wrong config not detected");
+
+    } catch (final EaafException e) {
+      org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e, "Wong ExceptionType");
+      Assert.assertEquals("wrong errorCode", "internal.keystore.06", e.getErrorId());
+
+    }
+  }
+
+  @Test
+  @DirtiesContext
+  public void softwareKeyStoreWithoutPath() {
+    final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
+    Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
+
+    final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration();
+    keyStoreConfig.setKeyStoreType(KeyStoreType.JKS);
+    keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD);
+    
+
+    try {
+      keyStoreFactory.buildNewKeyStore(keyStoreConfig);
+      Assert.fail("Wrong config not detected");
+
+    } catch (final EaafException e) {
+      org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e, "Wong ExceptionType");
+      Assert.assertEquals("wrong errorCode", "internal.keystore.06", e.getErrorId());
+
+    }
+  }
+
+  @Test
+  @DirtiesContext
+  public void softwareKeyStoreWithoutType() throws EaafException {
+    final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
+    Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
+
+    final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration();
+    keyStoreConfig.setKeyStoreType(KeyStoreType.JKS);
+    keyStoreConfig.setSoftKeyStoreFilePath(PATH_TO_SOFTWARE_KEYSTORE_JKS);
+    keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD);
+
+    final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig);
+    Assert.assertNotNull("KeyStore is null", keyStore);
+
+  }
+
+  @Test
+  @DirtiesContext
+  public void softwareKeyStoreWithWrongPath() {
+    final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
+    Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
+
+    final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration();
+    keyStoreConfig.setKeyStoreType(KeyStoreType.JKS);
+    keyStoreConfig.setSoftKeyStoreFilePath("src/test/resources/notexist.jks");
+    keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD);
+    
+
+    try {
+      keyStoreFactory.buildNewKeyStore(keyStoreConfig);
+      Assert.fail("Wrong config not detected");
+
+    } catch (final EaafException e) {
+      org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e, "Wong ExceptionType");
+      Assert.assertEquals("wrong errorCode", "internal.keystore.05", e.getErrorId());
+
+    }
+  }
+
+  @Test
+  @DirtiesContext
+  public void softwareKeyStoreWithWrongPassword() {
+    final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
+    Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
+
+    final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration();
+    keyStoreConfig.setKeyStoreType(KeyStoreType.JKS);
+    keyStoreConfig.setSoftKeyStoreFilePath(PATH_TO_SOFTWARE_KEYSTORE_JKS);
+    keyStoreConfig.setSoftKeyStorePassword("wrong password");
+    
+
+    try {
+      keyStoreFactory.buildNewKeyStore(keyStoreConfig);
+      Assert.fail("Wrong config not detected");
+
+    } catch (final EaafException e) {
+      org.springframework.util.Assert.isInstanceOf(EaafFactoryException.class, e, "Wong ExceptionType");
+      Assert.assertEquals("wrong errorCode", "internal.keystore.06", e.getErrorId());
+
+    }
+  }
+
+  @Test
+  @DirtiesContext
+  public void softwareKeyStoreSuccessJks() throws EaafException {
+    final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
+    Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
+
+    final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration();
+    keyStoreConfig.setKeyStoreType(KeyStoreType.JKS);
+    keyStoreConfig.setSoftKeyStoreFilePath(PATH_TO_SOFTWARE_KEYSTORE_JKS);
+    keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD);
+    
+
+    final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig);
+    Assert.assertNotNull("KeyStore is null", keyStore);
+
+  }
+
+  @Test
+  @DirtiesContext
+  public void softwareKeyStoreSuccessPkcs12() throws EaafException {
+    final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
+    Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
+
+    final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration();
+    keyStoreConfig.setKeyStoreType(KeyStoreType.PKCS12);
+    keyStoreConfig.setSoftKeyStoreFilePath(PATH_TO_SOFTWARE_KEYSTORE_PKCS12);
+    keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD);
+
+    final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig);
+    Assert.assertNotNull("KeyStore is null", keyStore);
+
+  }
+
+  @Test
+  public void hsmFacadeOnlyHostConfig() {
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST,
+        RandomStringUtils.randomNumeric(10));
+    try {
+      context.getBean(EaafKeyStoreFactory.class);
+      Assert.fail("Missing HSM Facade not detected");
+
+    } catch (final BeansException e) {
+      checkMissingConfigException(e);
+
+    }
+  }
+
+  @Test
+  public void hsmFacadeMissingPort() {
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST,
+        RandomStringUtils.randomNumeric(10));
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME,
+        RandomStringUtils.randomAlphanumeric(10));
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD,
+        RandomStringUtils.randomNumeric(10));
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HSM_NAME,
+        RandomStringUtils.randomAlphanumeric(10));
+
+    try {
+      context.getBean(EaafKeyStoreFactory.class);
+      Assert.fail("Missing HSM Facade not detected");
+
+    } catch (final BeansException e) {
+      checkMissingConfigException(e);
+
+    }
+  }
+
+  @Test
+  public void hsmFacadeMissingUsername() {
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST,
+        RandomStringUtils.randomNumeric(10));
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT,
+        RandomStringUtils.randomNumeric(4));
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD,
+        RandomStringUtils.randomNumeric(10));
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HSM_NAME,
+        RandomStringUtils.randomAlphanumeric(10));
+
+    try {
+      context.getBean(EaafKeyStoreFactory.class);
+      Assert.fail("Missing HSM Facade not detected");
+
+    } catch (final BeansException e) {
+      checkMissingConfigException(e);
+
+    }
+  }
+
+  @Test
+  public void hsmFacadeMissingPassword() {
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST,
+        RandomStringUtils.randomNumeric(10));
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT,
+        RandomStringUtils.randomNumeric(4));
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME,
+        RandomStringUtils.randomAlphanumeric(10));
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HSM_NAME,
+        RandomStringUtils.randomAlphanumeric(10));
+
+    try {
+      context.getBean(EaafKeyStoreFactory.class);
+      Assert.fail("Missing HSM Facade not detected");
+
+    } catch (final BeansException e) {
+      checkMissingConfigException(e);
+
+    }
+  }
+
+  @Test
+  public void hsmFacadeMissingKeyStoreName() {
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST,
+        RandomStringUtils.randomNumeric(10));
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT,
+        RandomStringUtils.randomNumeric(4));
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME,
+        RandomStringUtils.randomAlphanumeric(10));
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD,
+        RandomStringUtils.randomAlphanumeric(10));
+
+    try {
+      context.getBean(EaafKeyStoreFactory.class);
+      Assert.fail("Missing HSM Facade not detected");
+
+    } catch (final BeansException e) {
+      checkMissingConfigException(e);
+
+    }
+  }
+
+  @Test
+  public void hsmFacadeMissingTrustedCertificate() {
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST,
+        RandomStringUtils.randomNumeric(10));
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT,
+        RandomStringUtils.randomNumeric(4));
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME,
+        RandomStringUtils.randomNumeric(10));
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD,
+        RandomStringUtils.randomAlphanumeric(10));
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HSM_NAME,
+        RandomStringUtils.randomAlphanumeric(10));
+
+    try {
+      context.getBean(EaafKeyStoreFactory.class);
+      Assert.fail("Missing HSM Facade not detected");
+
+    } catch (final BeansException e) {
+      checkMissingConfigException(e);
+
+    }
+  }
+
+  @Test
+  public void hsmFacadeMissingTrustedCertificateFile() {
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST,
+        RandomStringUtils.randomNumeric(10));
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT,
+        RandomStringUtils.randomNumeric(4));
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME,
+        RandomStringUtils.randomNumeric(10));
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD,
+        RandomStringUtils.randomAlphanumeric(10));
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HSM_NAME,
+        RandomStringUtils.randomAlphanumeric(10));
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST,
+        "src/test/resources/data/notexist.crt");
+
+    try {
+      context.getBean(EaafKeyStoreFactory.class);
+      Assert.fail("Missing HSM Facade not detected");
+
+    } catch (final BeansException e) {
+      checkMissingConfigException(e, "internal.keystore.05");
+
+    }
+  }
+
+  @Test
+  public void hsmFacadeMissingWrongTrustedCertificate() {
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST,
+        RandomStringUtils.randomNumeric(10));
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT,
+        RandomStringUtils.randomNumeric(4));
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME,
+        RandomStringUtils.randomNumeric(10));
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD,
+        RandomStringUtils.randomAlphanumeric(10));
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HSM_NAME,
+        RandomStringUtils.randomAlphanumeric(10));
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST,
+        "src/test/resources/spring/test_eaaf_pvp_lazy.beans.xml");
+
+    try {
+      context.getBean(EaafKeyStoreFactory.class);
+      Assert.fail("Missing HSM Facade not detected");
+
+    } catch (final BeansException e) {
+      checkMissingConfigException(e, "internal.keystore.05");
+
+    }
+  }
+
+  @Test
+  @DirtiesContext
+  public void hsmFacadeInitialized() {
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST,
+        RandomStringUtils.randomNumeric(10));
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT,
+        RandomStringUtils.randomNumeric(4));
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME,
+        RandomStringUtils.randomNumeric(10));
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD,
+        RandomStringUtils.randomAlphanumeric(10));
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HSM_NAME,
+        RandomStringUtils.randomAlphanumeric(10));
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST,
+        PATH_TO_HSM_FACADE_TRUST_CERT);
+
+    final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
+    Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
+
+  }
+
+  @Test
+  @DirtiesContext
+  public void hsmFacadeKeyStoreNoKeyStoreName() {
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST,
+        RandomStringUtils.randomNumeric(10));
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT,
+        RandomStringUtils.randomNumeric(4));
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME,
+        RandomStringUtils.randomNumeric(10));
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD,
+        RandomStringUtils.randomAlphanumeric(10));
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HSM_NAME,
+        RandomStringUtils.randomAlphanumeric(10));
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST,
+        PATH_TO_HSM_FACADE_TRUST_CERT);
+
+    final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
+    Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
+
+    final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration();
+    keyStoreConfig.setKeyStoreType(KeyStoreType.HSMFACADE);
+
+    try {
+      keyStoreFactory.buildNewKeyStore(keyStoreConfig);
+      Assert.fail("Wrong config not detected");
+
+    } catch (final EaafException e) {
+      org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e, "Wong ExceptionType");
+      Assert.assertEquals("wrong errorCode", "internal.keystore.06", e.getErrorId());
+    }
+
+  }
+
+  @Test
+  @DirtiesContext
+  public void hsmFacadeKeyStoreSuccess() throws EaafException {
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST,
+        RandomStringUtils.randomNumeric(10));
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT,
+        RandomStringUtils.randomNumeric(4));
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME,
+        RandomStringUtils.randomNumeric(10));
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD,
+        RandomStringUtils.randomAlphanumeric(10));
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HSM_NAME,
+        RandomStringUtils.randomAlphanumeric(10));
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST,
+        PATH_TO_HSM_FACADE_TRUST_CERT);
+
+    final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
+    Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
+
+    final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration();
+    keyStoreConfig.setKeyStoreType(KeyStoreType.HSMFACADE);
+    keyStoreConfig.setKeyStoreName("testkeyStore");
+
+    try {
+      final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig);
+      Assert.assertNotNull("KeyStore is null", keyStore);
+
+    } catch (final StatusRuntimeException e) {
+      // because there is no mockup of HSM facade available
+      // Assert.assertTrue("Wrong exception", e.getMessage().contains("io
+      // exception"));
+
+    }
+
+  }
+
+  private void checkMissingConfigException(Exception e) {
+    checkMissingConfigException(e, "internal.keystore.04");
+
+  }
+
+  private void checkMissingConfigException(Exception e, String errorCode) {
+    final Optional<Throwable> eaafException = FluentIterable.from(
+        Throwables.getCausalChain(e)).filter(
+            Predicates.instanceOf(EaafConfigurationException.class)).first();
+    Assert.assertTrue("Wrong exception", eaafException.isPresent());
+    Assert.assertEquals("Wrong errorCode",
+        errorCode, ((EaafException) eaafException.get()).getErrorId());
+
+  }
+
+}
diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/KeyStoreConfigurationTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/KeyStoreConfigurationTest.java
new file mode 100644
index 00000000..8cb81107
--- /dev/null
+++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/KeyStoreConfigurationTest.java
@@ -0,0 +1,190 @@
+package at.gv.egiz.eaaf.core.test.credentials;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.BlockJUnit4ClassRunner;
+
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
+
+@RunWith(BlockJUnit4ClassRunner.class)
+public class KeyStoreConfigurationTest {
+
+  private Map<String, String> config;
+
+  @Before
+  public void testSetup() {
+    config = new HashMap<>();
+
+  }
+
+  @Test
+  public void emptyConfigMap() {
+    try {
+      KeyStoreConfiguration.buildFromConfigurationMap(config, "jUnitTest");
+      Assert.fail("Wrong config not detected");
+
+    } catch (final EaafConfigurationException e) {
+      Assert.assertEquals("wrong errorCode", "internal.keystore.04", e.getErrorId());
+    }
+  }
+
+  @Test
+  public void emptyKeyStoreType() {
+    try {
+      config.put("keystore.type", "");
+
+      KeyStoreConfiguration.buildFromConfigurationMap(config, "jUnitTest");
+      Assert.fail("Wrong config not detected");
+
+    } catch (final EaafConfigurationException e) {
+      Assert.assertEquals("wrong errorCode", "internal.keystore.04", e.getErrorId());
+    }
+  }
+
+  @Test
+  public void unknownKeyStoreType() {
+    try {
+      config.put("keystore.type", "test");
+
+      KeyStoreConfiguration.buildFromConfigurationMap(config, "jUnitTest");
+      Assert.fail("Wrong config not detected");
+
+    } catch (final EaafConfigurationException e) {
+      Assert.assertEquals("wrong errorCode", "internal.keystore.01", e.getErrorId());
+    }
+  }
+
+  @Test
+  public void pkcs11KeyStoreType() throws EaafConfigurationException {
+    config.put("keystore.type", "pkcs11");
+    try {
+      final KeyStoreConfiguration keyStoreConfig = KeyStoreConfiguration.buildFromConfigurationMap(config,
+          "jUnitTest");
+      Assert.fail("Wrong config not detected");
+
+    } catch (final EaafConfigurationException e) {
+      Assert.assertEquals("wrong errorCode", "internal.keystore.02", e.getErrorId());
+    }
+  }
+
+  @Test
+  public void hsmFacadeKeyStoreTypeMissingName() {
+    try {
+      config.put("keystore.type", "hsmfacade");
+
+      KeyStoreConfiguration.buildFromConfigurationMap(config, "jUnitTest");
+      Assert.fail("Wrong config not detected");
+
+    } catch (final EaafConfigurationException e) {
+      Assert.assertEquals("wrong errorCode", "internal.keystore.04", e.getErrorId());
+    }
+  }
+
+  @Test
+  public void hsmFacadeKeyStoreTypeSucces() throws EaafConfigurationException {
+    final String keyStoreName = RandomStringUtils.randomAlphabetic(5);
+    config.put("keystore.type", "hsmfacade");
+    config.put("keystore.name", keyStoreName);
+
+    final KeyStoreConfiguration keyStoreConfig = KeyStoreConfiguration.buildFromConfigurationMap(config,
+        "jUnitTest");
+
+    Assert.assertNotNull("KeyStore config object", keyStoreConfig);
+    Assert.assertEquals("Wrong Type", KeyStoreType.HSMFACADE, keyStoreConfig.getKeyStoreType());
+    Assert.assertEquals("Wrong KeyStoreName", keyStoreName, keyStoreConfig.getKeyStoreName());
+
+  }
+
+  @Test
+  public void softwareKeyStoreTypeMissingPath() {
+    try {
+      final String keyStorePass = RandomStringUtils.randomAlphabetic(5);
+      config.put("keystore.type", "software");
+      config.put("keystore.password", keyStorePass);
+      config.put("keystore.type", "jks");
+
+      KeyStoreConfiguration.buildFromConfigurationMap(config, "jUnitTest");
+      Assert.fail("Wrong config not detected");
+
+    } catch (final EaafConfigurationException e) {
+      Assert.assertEquals("wrong errorCode", "internal.keystore.04", e.getErrorId());
+    }
+  }
+
+  @Test
+  public void softwareKeyStoreTypeMissingPassword() {
+    try {
+      final String keyStorePath = RandomStringUtils.randomAlphabetic(5);
+      config.put("keystore.type", "software");
+      config.put("keystore.software.path", keyStorePath);
+      config.put("keystore.type", "jks");
+
+      KeyStoreConfiguration.buildFromConfigurationMap(config, "jUnitTest");
+      Assert.fail("Wrong config not detected");
+
+    } catch (final EaafConfigurationException e) {
+      Assert.assertEquals("wrong errorCode", "internal.keystore.04", e.getErrorId());
+    }
+  }
+
+  @Test
+  public void softwareKeyStoreTypeUnknownType() {
+    try {
+      final String keyStorePath = RandomStringUtils.randomAlphabetic(5);
+      final String keyStorePass = RandomStringUtils.randomAlphabetic(5);
+      config.put("keystore.path", keyStorePath);
+      config.put("keystore.password", keyStorePass);
+      config.put("keystore.type", RandomStringUtils.randomAlphabetic(4));
+
+      KeyStoreConfiguration.buildFromConfigurationMap(config, "jUnitTest");
+      Assert.fail("Wrong config not detected");
+
+    } catch (final EaafConfigurationException e) {
+      Assert.assertEquals("wrong errorCode", "internal.keystore.01", e.getErrorId());
+    }
+  }
+
+  @Test
+  public void softwareKeyStoreTypeSuccesJks() throws EaafConfigurationException {
+    final String keyStorePath = RandomStringUtils.randomAlphabetic(5);
+    final String keyStorePass = RandomStringUtils.randomAlphabetic(5);
+    config.put("keystore.type", "jks");
+    config.put("keystore.path", keyStorePath);
+    config.put("keystore.password", keyStorePass);
+
+    final KeyStoreConfiguration keyStoreConfig = KeyStoreConfiguration.buildFromConfigurationMap(config,
+        "jUnitTest");
+
+    Assert.assertNotNull("KeyStore config object", keyStoreConfig);
+    Assert.assertEquals("Wrong Type", KeyStoreType.JKS, keyStoreConfig.getKeyStoreType());
+    Assert.assertEquals("Wrong KeyStoreName", keyStorePath, keyStoreConfig.getSoftKeyStoreFilePath());
+    Assert.assertEquals("Wrong KeyStoreName", keyStorePass, keyStoreConfig.getSoftKeyStorePassword());
+
+  }
+
+  @Test
+  public void softwareKeyStoreTypeSuccesPkcs12() throws EaafConfigurationException {
+    final String keyStorePath = RandomStringUtils.randomAlphabetic(5);
+    final String keyStorePass = RandomStringUtils.randomAlphabetic(5);
+    config.put("keystore.type", "pkcs12");
+    config.put("keystore.path", keyStorePath);
+    config.put("keystore.password", keyStorePass);
+
+    final KeyStoreConfiguration keyStoreConfig = KeyStoreConfiguration.buildFromConfigurationMap(config,
+        "jUnitTest");
+
+    Assert.assertNotNull("KeyStore config object", keyStoreConfig);
+    Assert.assertEquals("Wrong Type", KeyStoreType.PKCS12, keyStoreConfig.getKeyStoreType());
+    Assert.assertEquals("Wrong KeyStoreName", keyStorePath, keyStoreConfig.getSoftKeyStoreFilePath());
+    Assert.assertEquals("Wrong KeyStoreName", keyStorePass, keyStoreConfig.getSoftKeyStorePassword());
+
+  }
+}
diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/dummy/DummyAuthConfigMap.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/dummy/DummyAuthConfigMap.java
new file mode 100644
index 00000000..bf1dfd03
--- /dev/null
+++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/dummy/DummyAuthConfigMap.java
@@ -0,0 +1,142 @@
+package at.gv.egiz.eaaf.core.test.dummy;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URI;
+import java.net.URL;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Properties;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
+import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+
+/**
+ * Dummy Application-configuration implementation for jUnit tests.
+ *
+ * @author tlenz
+ *
+ */
+public class DummyAuthConfigMap implements IConfigurationWithSP {
+
+  private Map<String, String> config = new HashMap<>();
+
+  /**
+   * Creates an emptry configuration.
+   *
+   */
+  public DummyAuthConfigMap() {
+
+  }
+
+  /**
+   * Dummy Application-configuration.
+   *
+   * @param configIs Property based configuration
+   * @throws IOException In case of an configuration read error
+   */
+  public DummyAuthConfigMap(final InputStream configIs) throws IOException {
+
+    final Properties props = new Properties();
+    props.load(configIs);
+
+    config = KeyValueUtils.convertPropertiesToMap(props);
+
+  }
+
+  /**
+   * Dummy Application-configuration.
+   *
+   * @param path Path to property based configuration
+   * @throws IOException In case of an configuration read error
+   */
+  public DummyAuthConfigMap(final String path) throws IOException {
+
+    final Properties props = new Properties();
+    props.load(this.getClass().getResourceAsStream(path));
+
+    config = KeyValueUtils.convertPropertiesToMap(props);
+
+  }
+
+  @Override
+  public String getBasicConfiguration(final String key) {
+    return config.get(key);
+
+  }
+
+  @Override
+  public String getBasicConfiguration(final String key, final String defaultValue) {
+    final String value = getBasicConfiguration(key);
+    if (StringUtils.isEmpty(value)) {
+      return defaultValue;
+    } else {
+      return value;
+    }
+
+  }
+
+  @Override
+  public boolean getBasicConfigurationBoolean(final String key) {
+    final String value = getBasicConfiguration(key);
+    if (StringUtils.isEmpty(value)) {
+      return false;
+    } else {
+      return Boolean.valueOf(value);
+    }
+  }
+
+  @Override
+  public boolean getBasicConfigurationBoolean(final String key, final boolean defaultValue) {
+    return Boolean.parseBoolean(getBasicConfiguration(key, String.valueOf(defaultValue)));
+
+  }
+
+  @Override
+  public Map<String, String> getBasicConfigurationWithPrefix(final String prefix) {
+    return KeyValueUtils.getSubSetWithPrefix(config, prefix);
+
+  }
+
+  @Override
+  public ISpConfiguration getServiceProviderConfiguration(final String uniqueID)
+      throws EaafConfigurationException {
+    return null;
+  }
+
+  @Override
+  public <T> T getServiceProviderConfiguration(final String spIdentifier, final Class<T> decorator)
+      throws EaafConfigurationException {
+    return null;
+  }
+
+  @Override
+  public URI getConfigurationRootDirectory() {
+    return new java.io.File(".").toURI();
+
+  }
+
+  @Override
+  public String validateIdpUrl(final URL authReqUrl) throws EaafException {
+    return null;
+  }
+
+  public void putConfigValue(final String key, final String value) {
+    config.put(key, value);
+  }
+
+  public void removeConfigValue(final String key) {
+    config.remove(key);
+
+  }
+
+  public void clearAllConfig() {
+    config.clear();
+  }
+
+}