add symmetric-key functionality into EaafKeyStoreFactory that supports passphrase based symmetric keys and keys from HSM-Facade

2 files changed, 324 insertions, 0 deletions

diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java
index cefb1e7e..fc945fdd 100644
--- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java
+++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java
@@ -7,6 +7,8 @@ import java.security.Provider;
 import java.security.cert.X509Certificate;
 import java.util.List;
 
+import javax.crypto.SecretKey;
+
 import org.apache.commons.lang3.RandomStringUtils;
 import org.junit.Assert;
 import org.junit.Before;
@@ -33,6 +35,8 @@ import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
 import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils;
 import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
 import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
+import at.gv.egiz.eaaf.core.impl.credential.SymmetricKeyConfiguration;
+import at.gv.egiz.eaaf.core.impl.credential.SymmetricKeyConfiguration.SymmetricKeyType;
 import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap;
 import io.grpc.StatusRuntimeException;
@@ -372,6 +376,67 @@ public class EaafKeyStoreFactoryTest {
   }
 
   @Test
+  @DirtiesContext
+  public void symmetricSoftwareKeyWithOutConfig() {
+    final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
+    Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
+
+    SymmetricKeyConfiguration keyConfig = new SymmetricKeyConfiguration();
+    keyConfig.setFriendlyName("jUnit test");
+    keyConfig.setKeyType(SymmetricKeyType.PASSPHRASE);
+    try {
+      keyStoreFactory.buildNewSymmetricKey(keyConfig);
+      Assert.fail("Wrong config not detected");
+
+    } catch (final EaafException e) {
+      org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e, "Wong ExceptionType");
+      Assert.assertEquals("wrong errorCode", "internal.key.00", e.getErrorId());
+
+    }    
+  }
+  
+  @Test
+  @DirtiesContext
+  public void symmetricSoftwareKeyWithOutSalt() {
+    final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
+    Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
+
+    SymmetricKeyConfiguration keyConfig = new SymmetricKeyConfiguration();
+    keyConfig.setFriendlyName("jUnit test");
+    keyConfig.setKeyType(SymmetricKeyType.PASSPHRASE);
+    keyConfig.setSoftKeyPassphrase(RandomStringUtils.randomAlphanumeric(10));
+    try {
+      keyStoreFactory.buildNewSymmetricKey(keyConfig);
+      Assert.fail("Wrong config not detected");
+
+    } catch (final EaafException e) {
+      org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e, "Wong ExceptionType");
+      Assert.assertEquals("wrong errorCode", "internal.key.00", e.getErrorId());
+
+    }    
+  }
+  
+  @Test
+  @DirtiesContext
+  public void symmetricSoftwareKeyValid() throws EaafException {
+    final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
+    Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
+
+    SymmetricKeyConfiguration keyConfig = new SymmetricKeyConfiguration();
+    keyConfig.setFriendlyName("jUnit test");
+    keyConfig.setKeyType(SymmetricKeyType.PASSPHRASE);
+    keyConfig.setSoftKeyPassphrase(RandomStringUtils.randomAlphanumeric(10));
+    keyConfig.setSoftKeySalt(RandomStringUtils.randomAlphanumeric(10));
+
+    Pair<SecretKey, Provider> key = keyStoreFactory.buildNewSymmetricKey(keyConfig);
+    Assert.assertNotNull("Key container is null", key);
+    Assert.assertNotNull("Key is null", key.getFirst());
+    Assert.assertNull("Provider is not null", key.getSecond());
+    
+  }
+  
+  @Test
+  @DirtiesContext
   public void hsmFacadeOnlyHostConfig() {
     mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST,
         RandomStringUtils.randomNumeric(10));
@@ -386,6 +451,7 @@ public class EaafKeyStoreFactoryTest {
   }
 
   @Test
+  @DirtiesContext
   public void hsmFacadeMissingPort() {
     mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST,
         RandomStringUtils.randomNumeric(10));
@@ -405,6 +471,7 @@ public class EaafKeyStoreFactoryTest {
   }
 
   @Test
+  @DirtiesContext
   public void hsmFacadeMissingUsername() {
     mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST,
         RandomStringUtils.randomNumeric(10));
@@ -423,6 +490,7 @@ public class EaafKeyStoreFactoryTest {
   }
 
   @Test
+  @DirtiesContext
   public void hsmFacadeMissingPassword() {
     mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST,
         RandomStringUtils.randomNumeric(10));
@@ -442,6 +510,7 @@ public class EaafKeyStoreFactoryTest {
   }
 
   @Test
+  @DirtiesContext
   public void hsmFacadeMissingTrustedCertificate() {
     mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST,
         RandomStringUtils.randomNumeric(10));
@@ -463,6 +532,7 @@ public class EaafKeyStoreFactoryTest {
   }
 
   @Test
+  @DirtiesContext
   public void hsmFacadeMissingTrustedCertificateFile() {
     mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST,
         RandomStringUtils.randomNumeric(10));
@@ -486,6 +556,7 @@ public class EaafKeyStoreFactoryTest {
   }
 
   @Test
+  @DirtiesContext
   public void hsmFacadeMissingWrongTrustedCertificate() {
     mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST,
         RandomStringUtils.randomNumeric(10));
@@ -579,6 +650,97 @@ public class EaafKeyStoreFactoryTest {
 
   @Test
   @DirtiesContext
+  public void symmetricHsmFacadeKeyWithOutConfig() {
+    configureHsmFacade();
+    
+    final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
+    Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
+
+    SymmetricKeyConfiguration keyConfig = new SymmetricKeyConfiguration();
+    keyConfig.setFriendlyName("jUnit test");
+    keyConfig.setKeyType(SymmetricKeyType.HSMFACADE);
+    try {
+      keyStoreFactory.buildNewSymmetricKey(keyConfig);
+      Assert.fail("Wrong config not detected");
+
+    } catch (final EaafException e) {
+      org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e, "Wong ExceptionType");
+      Assert.assertEquals("wrong errorCode", "internal.keystore.06", e.getErrorId());
+
+    }    
+  }
+  
+  @Test
+  @DirtiesContext
+  public void symmetricHsmFacadeKeyWithOutKeyAlias() {
+    configureHsmFacade();
+    
+    final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
+    Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
+
+    SymmetricKeyConfiguration keyConfig = new SymmetricKeyConfiguration();
+    keyConfig.setFriendlyName("jUnit test");
+    keyConfig.setKeyType(SymmetricKeyType.HSMFACADE);
+    keyConfig.setKeyStoreName("authhandler");
+    try {
+      keyStoreFactory.buildNewSymmetricKey(keyConfig);
+      Assert.fail("Wrong config not detected");
+
+    } catch (final EaafException e) {
+      org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e, "Wong ExceptionType");
+      Assert.assertEquals("wrong errorCode", "internal.key.00", e.getErrorId());
+
+    }    
+  }
+  
+  @Test
+  @DirtiesContext
+  public void symmetricHsmFacadeKeyWrongKeyAlias() {
+    configureHsmFacade();
+    
+    final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
+    Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
+
+    SymmetricKeyConfiguration keyConfig = new SymmetricKeyConfiguration();
+    keyConfig.setFriendlyName("jUnit test");
+    keyConfig.setKeyType(SymmetricKeyType.HSMFACADE);
+    keyConfig.setKeyStoreName("authhandler");
+    keyConfig.setKeyAlias("notExist");
+    
+    try {
+      keyStoreFactory.buildNewSymmetricKey(keyConfig);
+      Assert.fail("Wrong config not detected");
+
+    } catch (final EaafException e) {
+      org.springframework.util.Assert.isInstanceOf(EaafKeyAccessException.class, e, "Wong ExceptionType");
+      Assert.assertEquals("wrong errorCode", "internal.keystore.09", e.getErrorId());
+
+    }    
+  }
+  
+  @Test
+  @DirtiesContext
+  public void symmetricHsmFacadeKeyValid() throws EaafException {
+    configureHsmFacade();
+    
+    final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
+    Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
+
+    SymmetricKeyConfiguration keyConfig = new SymmetricKeyConfiguration();
+    keyConfig.setFriendlyName("jUnit test");
+    keyConfig.setKeyType(SymmetricKeyType.HSMFACADE);
+    keyConfig.setKeyStoreName("authhandler");
+    keyConfig.setKeyAlias("aes-key-1");
+
+    Pair<SecretKey, Provider> key = keyStoreFactory.buildNewSymmetricKey(keyConfig);
+    Assert.assertNotNull("Key container is null", key);
+    Assert.assertNotNull("Key is null", key.getFirst());
+    Assert.assertNotNull("Provider is null", key.getFirst());
+    
+  }
+  
+  @Test
+  @DirtiesContext
   public void hsmFacadeKeyStoreSuccessASitTestFacade() throws EaafException, KeyStoreException {
     configureHsmFacade();
 
diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/SymmetricKeyConfigurationTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/SymmetricKeyConfigurationTest.java
new file mode 100644
index 00000000..eb4eb212
--- /dev/null
+++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/SymmetricKeyConfigurationTest.java
@@ -0,0 +1,162 @@
+package at.gv.egiz.eaaf.core.test.credentials;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.BlockJUnit4ClassRunner;
+
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.impl.credential.SymmetricKeyConfiguration;
+import at.gv.egiz.eaaf.core.impl.credential.SymmetricKeyConfiguration.SymmetricKeyType;
+
+@RunWith(BlockJUnit4ClassRunner.class)
+public class SymmetricKeyConfigurationTest {
+
+  private Map<String, String> config;
+
+  @Before
+  public void testSetup() {
+    config = new HashMap<>();
+
+  }
+
+  @Test
+  public void emptyConfigMap() {
+    try {
+      SymmetricKeyConfiguration.buildFromConfigurationMap(config, "jUnitTest");
+      Assert.fail("Wrong config not detected");
+
+    } catch (final EaafConfigurationException e) {
+      Assert.assertEquals("wrong errorCode", "internal.keystore.04", e.getErrorId());
+    }
+  }
+  
+  @Test
+  public void emptyKeyType() {
+    try {
+      config.put("key.type", "");
+
+      SymmetricKeyConfiguration.buildFromConfigurationMap(config, "jUnitTest");
+      Assert.fail("Wrong config not detected");
+
+    } catch (final EaafConfigurationException e) {
+      Assert.assertEquals("wrong errorCode", "internal.keystore.04", e.getErrorId());
+    }
+  }
+
+  @Test
+  public void unknownKeyType() {
+    try {
+      config.put("key.type", "test");
+
+      SymmetricKeyConfiguration.buildFromConfigurationMap(config, "jUnitTest");
+      Assert.fail("Wrong config not detected");
+
+    } catch (final EaafConfigurationException e) {
+      Assert.assertEquals("wrong errorCode", "internal.keystore.01", e.getErrorId());
+    }
+  }
+  
+  @Test
+  public void hsmFacadeKeyTypeMissingName() {
+    try {
+      config.put("key.type", "hsmfacade");
+
+      SymmetricKeyConfiguration.buildFromConfigurationMap(config, "jUnitTest");
+      Assert.fail("Wrong config not detected");
+
+    } catch (final EaafConfigurationException e) {
+      Assert.assertEquals("wrong errorCode", "internal.keystore.04", e.getErrorId());
+    }
+  }
+
+  @Test
+  public void hsmFacadeKeyTypeMissingAlias() {
+    try {
+      final String keyStoreName = RandomStringUtils.randomAlphabetic(5);
+      config.put("key.type", "hsmfacade");
+      config.put("keystore.name", keyStoreName);
+
+      SymmetricKeyConfiguration.buildFromConfigurationMap(config, "jUnitTest");
+      Assert.fail("Wrong config not detected");
+
+    } catch (final EaafConfigurationException e) {
+      Assert.assertEquals("wrong errorCode", "internal.keystore.04", e.getErrorId());
+    }
+  }
+  
+  @Test
+  public void hsmFacadeKeyTypeSucces() throws EaafConfigurationException {
+    final String keyStoreName = RandomStringUtils.randomAlphabetic(5);
+    final String keyAlias = RandomStringUtils.randomAlphabetic(5);
+    config.put("key.type", "hsmfacade");
+    config.put("keystore.name", keyStoreName);
+    config.put("key.alias", keyAlias);
+    
+    final SymmetricKeyConfiguration keyStoreConfig = SymmetricKeyConfiguration.buildFromConfigurationMap(config,
+        "jUnitTest");
+
+    Assert.assertNotNull("KeyStore config object", keyStoreConfig);
+    Assert.assertEquals("Wrong Type", SymmetricKeyType.HSMFACADE, keyStoreConfig.getKeyType());
+    Assert.assertEquals("Wrong KeyStoreName", keyStoreName, keyStoreConfig.getKeyStoreName());
+    Assert.assertEquals("Wrong KeyStoreName", keyAlias, keyStoreConfig.getKeyAlias());
+    
+    
+    keyStoreConfig.validate();
+    
+  }
+  
+  @Test
+  public void passphraseKeyTypeMissingPassphrase() {
+    try {
+      config.put("key.type", "passphrase");
+
+      SymmetricKeyConfiguration.buildFromConfigurationMap(config, "jUnitTest");
+      Assert.fail("Wrong config not detected");
+
+    } catch (final EaafConfigurationException e) {
+      Assert.assertEquals("wrong errorCode", "internal.keystore.04", e.getErrorId());
+    }
+  }
+
+  @Test
+  public void passphraseKeyTypeMissingSalt() {
+    try {
+      final String passphrase = RandomStringUtils.randomAlphabetic(5);
+      config.put("key.type", "passphrase");
+      config.put("key.passphrase", passphrase);
+
+      SymmetricKeyConfiguration.buildFromConfigurationMap(config, "jUnitTest");
+      Assert.fail("Wrong config not detected");
+
+    } catch (final EaafConfigurationException e) {
+      Assert.assertEquals("wrong errorCode", "internal.keystore.04", e.getErrorId());
+    }
+  }
+  
+  @Test
+  public void passphraseKeyTypeSucces() throws EaafConfigurationException {
+    final String passphrase = RandomStringUtils.randomAlphabetic(5);
+    final String salt = RandomStringUtils.randomAlphabetic(5);
+    config.put("key.type", "passphrase");
+    config.put("key.passphrase", passphrase);
+    config.put("key.salt", salt);
+    
+    final SymmetricKeyConfiguration keyStoreConfig = SymmetricKeyConfiguration.buildFromConfigurationMap(config,
+        "jUnitTest");
+
+    Assert.assertNotNull("KeyStore config object", keyStoreConfig);
+    Assert.assertEquals("Wrong Type", SymmetricKeyType.PASSPHRASE, keyStoreConfig.getKeyType());
+    Assert.assertEquals("Wrong KeyStoreName", passphrase, keyStoreConfig.getSoftKeyPassphrase());
+    Assert.assertEquals("Wrong KeyStoreName", salt, keyStoreConfig.getSoftKeySalt());
+    
+    keyStoreConfig.validate();
+    
+  }
+}
+