diff options
| author | Thomas <> | 2023-05-08 17:24:41 +0200 |
|---|---|---|
| committer | Thomas <> | 2023-05-08 17:24:41 +0200 |
| commit | 1e5c2de3a4aafb476070478b27a18caf9efc051b (patch) | |
| tree | 57abbdf5554a35725f49c3c7f0458aebea0faeea /eaaf_core_utils/src/test/java/at | |
| parent | 632a2a06d450da92685811325e7967a4f7471cae (diff) | |
| download | EAAF-Components-1e5c2de3a4aafb476070478b27a18caf9efc051b.tar.gz EAAF-Components-1e5c2de3a4aafb476070478b27a18caf9efc051b.tar.bz2 EAAF-Components-1e5c2de3a4aafb476070478b27a18caf9efc051b.zip | |
feat(core): add in-line method to KeyStoreFactory
The keystore type 'inline' can be used to build a keystore by using
PEM encoded certificate and key files.
Example: pkcs12:keystore?private=certs/key.pem&cert=certs/certificate.pem
Diffstat (limited to 'eaaf_core_utils/src/test/java/at')
2 files changed, 223 insertions, 0 deletions
diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java index 3e82c510..932beb31 100644 --- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java +++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java @@ -1,5 +1,8 @@ package at.gv.egiz.eaaf.core.test.credentials; +import static org.junit.Assert.assertThrows; +import static org.junit.jupiter.api.Assertions.assertEquals; + import java.security.Key; import java.security.KeyStore; import java.security.KeyStoreException; @@ -385,6 +388,86 @@ public class EaafKeyStoreFactoryTest { @Test @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) + public void inlineKeyStoreMissingPath() throws EaafException { + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + + final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); + keyStoreConfig.setKeyStoreType(KeyStoreType.INLINE); + + EaafConfigurationException error = assertThrows("wrong exception", EaafConfigurationException.class, + () -> keyStoreConfig.validate()); + assertEquals("internal.keystore.07", error.getErrorId(), "wrong errorcode"); + + } + + @Test + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) + public void inlineKeyStoreSuccess() throws EaafException { + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + + final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); + keyStoreConfig.setKeyStoreType(KeyStoreType.INLINE); + keyStoreConfig.setSoftKeyStoreFilePath( + "pkcs12:keystore?private=src/test/resources/data/certs/privateKey.pem" + + "&cert=src/test/resources/data/certs/selfSignedCertificate.pem" + + "&cert=src/test/resources/data/certs/issuingCa.pem&cert=certs/BRZStammCA201.pem"); + + keyStoreConfig.validate(); + + final Pair<KeyStore, Provider> keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig); + Assert.assertNotNull("KeyStore is null", keyStore); + Assert.assertNotNull("KeyStore is null", keyStore.getFirst()); + Assert.assertNull("KeyStore is null", keyStore.getSecond()); + + } + + @Test + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) + public void inlineKeyStoreEccSuccess() throws EaafException { + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + + final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); + keyStoreConfig.setKeyStoreType(KeyStoreType.INLINE); + keyStoreConfig.setSoftKeyStoreFilePath( + "pkcs12:keystore?private=src/test/resources/data/certs/privateEcKey.pem" + + "&cert=src/test/resources/data/certs/selfSignedEcCertificate.pem" + + "&cert=src/test/resources/data/certs/issuingCa.pem&cert=certs/BRZStammCA201.pem"); + + keyStoreConfig.validate(); + + final Pair<KeyStore, Provider> keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig); + Assert.assertNotNull("KeyStore is null", keyStore); + Assert.assertNotNull("KeyStore is null", keyStore.getFirst()); + Assert.assertNull("KeyStore is null", keyStore.getSecond()); + + } + + @Test + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) + public void inlineKeyStoreWrongKeys() throws EaafException { + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + + final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); + keyStoreConfig.setKeyStoreType(KeyStoreType.INLINE); + keyStoreConfig.setSoftKeyStoreFilePath( + "pkcs12:keystore?private=src/test/resources/data/certs/privateNotExist.pem" + + "&cert=src/test/resources/data/certs/selfSignedCertificate.pem" + + "&cert=src/test/resources/data/certs/issuingCa.pem&cert=certs/BRZStammCA201.pem"); + + keyStoreConfig.validate(); + + EaafConfigurationException error = assertThrows("wrong exception", EaafConfigurationException.class, + () -> keyStoreFactory.buildNewKeyStore(keyStoreConfig)); + assertEquals("internal.keystore.15", error.getErrorId(), "wrong errorcode"); + + } + + @Test + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public void symmetricSoftwareKeyWithOutConfig() { final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/InlineKeyStoreTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/InlineKeyStoreTest.java new file mode 100644 index 00000000..d4419956 --- /dev/null +++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/InlineKeyStoreTest.java @@ -0,0 +1,140 @@ +package at.gv.egiz.eaaf.core.test.credentials; + +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertThrows; + +import java.net.URL; + +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.core.io.ResourceLoader; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.ClassMode; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.credential.inline.InlineKeyStoreParser; +import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap; +import lombok.SneakyThrows; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/spring/test_eaaf_pvp_lazy.beans.xml") +@DirtiesContext(classMode = ClassMode.BEFORE_EACH_TEST_METHOD) +public class InlineKeyStoreTest { + + @Autowired + private DummyAuthConfigMap mapConfig; + + @Autowired + private ResourceLoader resourceLoader; + + @Test + @SneakyThrows + public void inlineKeyStoreEccSuccess() throws EaafException { + assertNotNull("no keystore", InlineKeyStoreParser.buildKeyStore( + new URL(null, + "pkcs12:keystore?private=src/test/resources/data/certs/privateEcKey.pem" + + "&cert=src/test/resources/data/certs/selfSignedEcCertificate.pem", + new InlineKeyStoreParser()), + resourceLoader, + mapConfig.getConfigurationRootDirectory())); + + } + + @Test + @SneakyThrows + public void inlineTrustStoreSuccess() throws EaafException { + assertNotNull("no keystore", InlineKeyStoreParser.buildKeyStore( + new URL(null, + "pkcs12:truststore?" + + "cert=src/test/resources/data/certs/selfSignedEcCertificate.pem", + new InlineKeyStoreParser()), + resourceLoader, + mapConfig.getConfigurationRootDirectory())); + + } + + @Test + @SneakyThrows + public void inlineKeyStoreSymSuccess() throws EaafException { + assertNotNull("no keystore", InlineKeyStoreParser.buildKeyStore( + new URL(null, + "pkcs12:keystore?" + + "inlineSecret=mxuqEAXci2cMNU5FCdbxIaNzJoMv%2FWds7j9gY992TTw%3D", + new InlineKeyStoreParser()), + resourceLoader, + mapConfig.getConfigurationRootDirectory())); + + } + + @Test + @SneakyThrows + public void invalidCertFile() throws EaafException { + check("pkcs12:keystore?" + + "private=src/test/resources/data/certs/privateEcKey.pem" + + "&cert=src/test/resources/data/certs/invalidCertificate.pem"); + + } + + @Test + @SneakyThrows + public void missingKey() throws EaafException { + check("pkcs12:keystore?" + + "cert=src/test/resources/data/certs/selfSignedEcCertificate.pem" + + "&cert=src/test/resources/data/certs/BRZStammCA201.pem"); + + } + + @Test + @SneakyThrows + public void missingCert() throws EaafException { + check("pkcs12:keystore?" + + "private=src/test/resources/data/certs/privateEcKey.pem"); + + } + + @Test + @SneakyThrows + public void invalidType() throws EaafException { + check("pkcs12:unknown?" + + "private=src/test/resources/data/certs/privateEcKey.pem"); + + } + + @Test + @SneakyThrows + public void twoKeyFiles() throws EaafException { + check("pkcs12:keystore?" + + "cert=src/test/resources/data/certs/selfSignedEcCertificate.pem" + + "&private=src/test/resources/data/certs/privateEcKey.pem" + + "&private=src/test/resources/data/certs/privateEcKey.pem"); + + } + + @Test + @SneakyThrows + public void twoSymKeyFiles() throws EaafException { + check("pkcs12:keystore?" + + "inlineSecret=mxuqEAXci2cMNU5FCdbxIaNzJoMv%2FWds7j9gY992TTw%3D" + + "&inlineSecret=mxuqEAXci2cMNU5FCdbxIaNzJoMv%2FWds7j9gY992TTw%3D"); + + } + + @Test + @SneakyThrows + public void missingParams() throws EaafException { + check("pkcs12:keystore"); + + } + + private void check(String url) { + assertThrows(IllegalArgumentException.class, + () -> InlineKeyStoreParser.buildKeyStore( + new URL(null, url, new InlineKeyStoreParser()), resourceLoader, + mapConfig.getConfigurationRootDirectory())); + + } + +} |