summaryrefslogtreecommitdiff
path: root/eaaf_core_utils/src/test
diff options
context:
space:
mode:
authorThomas <>2021-04-16 22:20:05 +0200
committerThomas <>2021-04-16 22:20:05 +0200
commit3e734a0f1fedba00e594bd69e72bd2f18a0a60bf (patch)
tree49c7fcd1aff408e2d743cff3f05657bc8b0858ee /eaaf_core_utils/src/test
parentaf378b443868a0fecc5176a263dbd42718424d14 (diff)
parent3e3ba151078537a04dadce070934685c754336ff (diff)
downloadEAAF-Components-3e734a0f1fedba00e594bd69e72bd2f18a0a60bf.tar.gz
EAAF-Components-3e734a0f1fedba00e594bd69e72bd2f18a0a60bf.tar.bz2
EAAF-Components-3e734a0f1fedba00e594bd69e72bd2f18a0a60bf.zip
Merge branch 'feature/small_changes' into feature/VT-21-016
Diffstat (limited to 'eaaf_core_utils/src/test')
-rw-r--r--eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryProdHostTest.java98
-rw-r--r--eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryTest.java96
-rw-r--r--eaaf_core_utils/src/test/resources/data/hsm_ee-RSA_rootcert.crt3
-rw-r--r--eaaf_core_utils/src/test/resources/data/hsm_ee_eecert.crt3
-rw-r--r--eaaf_core_utils/src/test/resources/data/hsm_ee_rootcert.crt3
-rw-r--r--eaaf_core_utils/src/test/resources/data/server_host.crt18
-rw-r--r--eaaf_core_utils/src/test/resources/data/ssL_truststore.jksbin0 -> 799 bytes
-rw-r--r--eaaf_core_utils/src/test/resources/data/ssl_host.jksbin0 -> 2081 bytes
8 files changed, 221 insertions, 0 deletions
diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryProdHostTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryProdHostTest.java
new file mode 100644
index 00000000..55c17ee8
--- /dev/null
+++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryProdHostTest.java
@@ -0,0 +1,98 @@
+package at.gv.egiz.eaaf.core.test.http;
+
+import java.io.IOException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.Provider;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.X509Certificate;
+import java.util.Base64;
+
+import org.apache.http.client.ClientProtocolException;
+import org.apache.http.client.methods.CloseableHttpResponse;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.client.methods.HttpUriRequest;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.annotation.DirtiesContext.MethodMode;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.http.HttpClientConfiguration;
+import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory;
+import ch.qos.logback.classic.Level;
+import ch.qos.logback.classic.Logger;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration("/spring/test_eaaf_pvp_not_lazy.beans.xml")
+@DirtiesContext
+public class HttpClientFactoryProdHostTest {
+
+ @Autowired private IHttpClientFactory httpClientFactory;
+ @Autowired private EaafKeyStoreFactory keyStoreFactory;
+
+ /**
+ * Initialize full class.
+ */
+ @BeforeClass
+ public static void classInitializer() {
+ final Logger logger = (Logger) LoggerFactory.getLogger("org.bouncycastle.jsse");
+ logger.setLevel(Level.TRACE);
+
+ }
+
+ /**
+ * JUnit test set-up.
+ *
+ */
+ @Before
+ public void setup() {
+
+ }
+
+ @Test
+ @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD)
+ public void getCustomClientX509AuthWithHsmFacadeTrustStore() throws EaafException, ClientProtocolException,
+ IOException, KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException,
+ CertificateEncodingException {
+ System.setProperty("javax.net.debug", "ssl:handshake");
+
+ final HttpClientConfiguration clientConfig = new HttpClientConfiguration("jUnit-client");
+ clientConfig.setAuthMode("ssl");
+ //clientConfig.buildKeyStoreConfig("hsmfacade", null, null, "eid-junit");
+ //clientConfig.setSslKeyAlias("rsa-key-1");
+ clientConfig.buildKeyStoreConfig("hsmfacade", null, null, "authhandler");
+ clientConfig.setSslKeyAlias("authhandler-sign");
+ clientConfig.setDisableTlsHostCertificateValidation(false);
+
+ final CloseableHttpClient client = httpClientFactory.getHttpClient(clientConfig);
+ Assert.assertNotNull("httpClient", client);
+
+ final Pair<KeyStore, Provider> sslClientKeyStore =
+ keyStoreFactory.buildNewKeyStore(clientConfig.getKeyStoreConfig());
+ final X509Certificate clientRootCert = (X509Certificate) sslClientKeyStore.getFirst()
+ .getCertificateChain(clientConfig.getSslKeyAlias())[1];
+ final X509Certificate clientEeCert = (X509Certificate) sslClientKeyStore.getFirst()
+ .getCertificateChain(clientConfig.getSslKeyAlias())[0];
+ Base64.getEncoder().encodeToString(clientEeCert.getEncoded());
+
+ //perform test request
+ final HttpUriRequest httpGet2 = new HttpGet("https://apps.egiz.gv.at//sslclientcertdemo/");
+ final CloseableHttpResponse httpResp2 = client.execute(httpGet2);
+ Assert.assertEquals("http statusCode", 200, httpResp2.getStatusLine().getStatusCode());
+
+ }
+
+}
diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryTest.java
index baedadc8..c71d8352 100644
--- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryTest.java
+++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryTest.java
@@ -5,9 +5,14 @@ import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.InetAddress;
import java.net.SocketTimeoutException;
+import java.security.Key;
+import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
import java.security.Provider;
+import java.security.UnrecoverableKeyException;
import java.security.cert.X509Certificate;
import org.apache.commons.lang3.RandomStringUtils;
@@ -20,10 +25,13 @@ import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.entity.ContentType;
import org.apache.http.impl.client.CloseableHttpClient;
import org.junit.After;
+import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
+import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;
+import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.annotation.DirtiesContext;
import org.springframework.test.annotation.DirtiesContext.MethodMode;
@@ -32,12 +40,16 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.data.Triple;
import at.gv.egiz.eaaf.core.impl.http.HttpClientConfiguration;
import at.gv.egiz.eaaf.core.impl.http.HttpUtils;
import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory;
import at.gv.egiz.eaaf.core.impl.utils.StreamUtils;
+import ch.qos.logback.classic.Level;
+import ch.qos.logback.classic.Logger;
import okhttp3.HttpUrl;
import okhttp3.mockwebserver.MockResponse;
import okhttp3.mockwebserver.MockWebServer;
@@ -58,6 +70,27 @@ public class HttpClientFactoryTest {
private HttpUrl mockServerUrl;
/**
+ * Initialize full class.
+ */
+ @BeforeClass
+ public static void classInitializer() {
+ final Logger logger = (Logger) LoggerFactory.getLogger("org.bouncycastle.jsse");
+ logger.setLevel(Level.TRACE);
+
+ }
+
+ /**
+ * Reset test environment.
+ */
+ @AfterClass
+ public static void classReset() {
+ System.clearProperty("javax.net.ssl.trustStoreType");
+ System.clearProperty("javax.net.ssl.trustStore");
+ System.clearProperty("javax.net.ssl.trustStorePassword");
+
+ }
+
+ /**
* JUnit test set-up.
*
*/
@@ -595,4 +628,67 @@ public class HttpClientFactoryTest {
}
+ @Test
+ @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD)
+ public void getCustomClientX509AuthWithHsmFacadeTrustStore() throws EaafException, ClientProtocolException,
+ IOException, KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException {
+
+ final String current = new java.io.File(".").getCanonicalPath();
+ System.setProperty("javax.net.ssl.trustStoreType", "jks");
+ System.setProperty("javax.net.ssl.trustStore",
+ current + "/src/test/resources/data/ssL_truststore.jks");
+ System.setProperty("javax.net.ssl.trustStorePassword",
+ "password");
+
+ final KeyStoreConfiguration sslServerCertConfig = new KeyStoreConfiguration();
+ sslServerCertConfig.setKeyStoreType(KeyStoreType.JKS);
+ sslServerCertConfig.setFriendlyName("SSL host cert");
+ sslServerCertConfig.setSoftKeyStoreFilePath("src/test/resources/data/ssl_host.jks");
+ sslServerCertConfig.setSoftKeyStorePassword("password");
+
+ Pair<KeyStore, Provider> sslServerHostKeyStore =
+ keyStoreFactory.buildNewKeyStore(sslServerCertConfig);
+
+
+ final HttpClientConfiguration clientConfig = new HttpClientConfiguration("jUnit-client");
+ clientConfig.setAuthMode("ssl");
+ clientConfig.buildKeyStoreConfig("hsmfacade", null, null, "authhandler");
+ clientConfig.setSslKeyAlias("authhandler-sign");
+ clientConfig.setDisableTlsHostCertificateValidation(false);
+
+ final CloseableHttpClient client = httpClientFactory.getHttpClient(clientConfig);
+ Assert.assertNotNull("httpClient", client);
+
+ //set-up mock-up web-server with SSL client authentication
+ final Pair<KeyStore, Provider> sslClientKeyStore =
+ keyStoreFactory.buildNewKeyStore(clientConfig.getKeyStoreConfig());
+ final X509Certificate clientRootCert = (X509Certificate) sslClientKeyStore.getFirst()
+ .getCertificateChain(clientConfig.getSslKeyAlias())[1];
+ final X509Certificate clientEeCert = (X509Certificate) sslClientKeyStore.getFirst()
+ .getCertificateChain(clientConfig.getSslKeyAlias())[0];
+
+ Key sslKey = sslServerHostKeyStore.getFirst().getKey("ssl", "password".toCharArray());
+ X509Certificate sslCert = (X509Certificate) sslServerHostKeyStore.getFirst().getCertificate("ssl");
+ KeyPair keyPair = new KeyPair(sslCert.getPublicKey(), (PrivateKey) sslKey);
+ HeldCertificate localhostCertificate = new HeldCertificate(keyPair, sslCert);
+ final HandshakeCertificates serverCertificates = new HandshakeCertificates.Builder()
+ .addTrustedCertificate(clientEeCert)
+ .addTrustedCertificate(clientRootCert)
+ .heldCertificate(localhostCertificate)
+ .build();
+ mockWebServer = new MockWebServer();
+
+ mockWebServer.useHttps(serverCertificates.sslSocketFactory(), false);
+ mockWebServer.requireClientAuth();
+ mockWebServer.enqueue(new MockResponse().setResponseCode(200)
+ .setBody("Successful auth!"));
+ mockServerUrl = mockWebServer.url("/sp/junit");
+
+ //perform test request
+ final HttpUriRequest httpGet2 = new HttpGet(mockServerUrl.url().toString());
+ final CloseableHttpResponse httpResp2 = client.execute(httpGet2);
+ Assert.assertEquals("http statusCode", 200, httpResp2.getStatusLine().getStatusCode());
+
+ }
+
}
diff --git a/eaaf_core_utils/src/test/resources/data/hsm_ee-RSA_rootcert.crt b/eaaf_core_utils/src/test/resources/data/hsm_ee-RSA_rootcert.crt
new file mode 100644
index 00000000..aa83c8d9
--- /dev/null
+++ b/eaaf_core_utils/src/test/resources/data/hsm_ee-RSA_rootcert.crt
@@ -0,0 +1,3 @@
+-----BEGIN CERTIFICATE-----
+MIICDTCCAbOgAwIBAgIIVLxIFI8kRpkwCgYIKoZIzj0EAwIwEjEQMA4GA1UEAwwHRUMtUm9vdDAeFw0yMDA2MTgwNzM2MTBaFw0yNTA2MTgwNzM2MTBaMDwxGzAZBgNVBAMMEmludC1yc2Eta2V5LTEtMDAwMTERMA8GA1UECgwIc29mdHdhcmUxCjAIBgNVBAUTATEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDrM1ocQqtch95Dm21JHi0V35nlWZibsjLqR+g8ERdD1qFgun/X0I/Rbft+KxB8QsDX7UmIjXGdavNcEjY/XcbiJxUcpv7vn/2+x3JxZO6Iye/ut001okICt3OGIqP93ZEnIaTTNhDsK7OnvD/eUjlmuHiTaFq1dZLKYDQlz9jl/9F4axfrz1V7oo60iqFIW+7tlUeh8VGDUPjQpHghzjHXTJv/OIAt752K31Tn8KR3kvkn6WTPo8eOWVaPQ480Dik0e2afTPPJNZJ7BW111IwqBAOKp586yVsQ4XVEF8H64Cq+s+b4/HBboo9TDJKTJvo2yQmcTsahbH+Rlm20ifUTAgMBAAEwCgYIKoZIzj0EAwIDSAAwRQIhANKN/N2Atb5fbeHSB2Myv/JcNf9JonxFe92AOu4f62NNAiBjOEeg4OyJZKPiDl6aqYVtz1Qroo6xzUC9UVA4qNe4LA==
+-----END CERTIFICATE-----
diff --git a/eaaf_core_utils/src/test/resources/data/hsm_ee_eecert.crt b/eaaf_core_utils/src/test/resources/data/hsm_ee_eecert.crt
new file mode 100644
index 00000000..b4c47c78
--- /dev/null
+++ b/eaaf_core_utils/src/test/resources/data/hsm_ee_eecert.crt
@@ -0,0 +1,3 @@
+-----BEGIN CERTIFICATE-----
+MIIDEzCCArqgAwIBAgIIMrAOP6EqywMwCgYIKoZIzj0EAwIwEjEQMA4GA1UEAwwHRUMtUm9vdDAeFw0yMDA2MTgwNzM2MDlaFw0yNTA2MTgwNzM2MDlaMEMxIjAgBgNVBAMMGWludC1hdXRoaGFuZGxlci1zaWduLTAwMDExETAPBgNVBAoMCHNvZnR3YXJlMQowCAYDVQQFEwExMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5j2vR8ZV88fOJzFHmLuPizHXk+aiE0fX8Bu63FqCNa2Vy343u2k+4HVQBWpAtyRej8nL7JQuhFa11YRtVF+Vos9cyUDk482sUlYA2LdAFIuHJP6iTRrrHYdiTskc3FQUm9m9KorVFwnfzqJ40wjn9hD0xKCE0odk9IHA5aLTul0mSMcHQ+MMu2cbelK2TWTEC0wcGum2NrTWukhf0E4/e4SuqMgEUPdHSEaNZLGKZU0kyVtXKK0HCtWF8OKGay4V504dk3qnmRHHO8ik3oyPk2yLipQAPL0bUGMZ7tlRLo5VxJvkZSsJfAzvYn1JzcQIt6bXszQGU/JS6dw7Jq99Ckzox/vk8p1YUPd4tCuUJPXzhFhI7CedHKGItwk7mQf5llgeVJy40sVrFwHLDPufY5mlm9C+gVBs71+ibT/sJ96gCueWqduzDX8fHzeaNVj2NFEx2pT46D5cbRWZBow3+Rx+hpge6SDMzaebpbkgLPX+35D952bMLjm+9T0DulGk1tLL2k4YK+1WWUprlo+rm65OA5FxnO5YxNmGk2Uizu3tSoZMxmXwEWoFfYaMsTt5Not3+CLPjfs6pE4ML9ifAOxW+pPsmanDiNaMiL0/aSddvvkv3lSMRiU9nYh3DuOu6sGIMaPdyYF0V/9Fua2SDZV3QKIbzPbJfEsXFKtjtzUCAwEAATAKBggqhkjOPQQDAgNHADBEAiBHsK819KfxVn91KAmjRjb7zx8TLLBApyaZHXi5HVrYUwIgQbF6u6bXziAWdijlJC0IOWdBuTLWmTvFqBH7uX1HL9c=
+-----END CERTIFICATE-----
diff --git a/eaaf_core_utils/src/test/resources/data/hsm_ee_rootcert.crt b/eaaf_core_utils/src/test/resources/data/hsm_ee_rootcert.crt
new file mode 100644
index 00000000..fa7b132f
--- /dev/null
+++ b/eaaf_core_utils/src/test/resources/data/hsm_ee_rootcert.crt
@@ -0,0 +1,3 @@
+-----BEGIN CERTIFICATE-----
+MIIBPDCB46ADAgECAghZ0/gtbA6FrjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdFQy1Sb290MB4XDTIwMDYxODA3MzU1M1oXDTMwMDYxODA3MzU1M1owEjEQMA4GA1UEAwwHRUMtUm9vdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABIjgL+6qiE9oj2yWCkVm6s7AaYkbDhTptYXTW92MhASiTqxL6g8tr28MlRA2P8HPrNSK9payeMe5QW9Kxn+EMPejIzAhMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgWgMAoGCCqGSM49BAMCA0gAMEUCIDq2f4xjYD8pzr+mdzuT8wzePRnj/EatjmimGnvNt3FjAiEArezudh6G+wE+ds6S0dnFxG0o/BrbR0fiRNTQwiZA9ec=
+-----END CERTIFICATE-----
diff --git a/eaaf_core_utils/src/test/resources/data/server_host.crt b/eaaf_core_utils/src/test/resources/data/server_host.crt
new file mode 100644
index 00000000..21d3a1e4
--- /dev/null
+++ b/eaaf_core_utils/src/test/resources/data/server_host.crt
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC2TCCAcECBGB5WpEwDQYJKoZIhvcNAQELBQAwMTELMAkGA1UEBhMCQVQxDjAM
+BgNVBAsMBWpVbml0MRIwEAYDVQQDDAlsb2NhbGhvc3QwHhcNMjEwNDE2MDkzNjE3
+WhcNMjQwMTEwMDkzNjE3WjAxMQswCQYDVQQGEwJBVDEOMAwGA1UECwwFalVuaXQx
+EjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAJVYLzPzq7oBGS5Wer0++rHbp+DWI7srAV1lGHdq8ST6APh/7fEVWpdZDpMY
+bOXl6uIiVmMsx/jUhQwOu4rFXThiQlwyQOv57SO7WHqNPqbRs/EUVnzW35aXU/DB
+CmkqKyjK/+vuq7tIahlpqrppCzBVC9/Z15U+RMTdnATrohALNJovydH3VSkdkKX0
+5BDx779/8malTgyWTUgl+p3F/91iIIl4ZvIngo2ZYQCFm1nV6jmpErGFkG6YVrO7
+oe3OlGKFiXtqCmq+NSFeXsv/SaXWNUw82pYKuK/5EFSLX49HLBBDI14eOCuVLnGA
+H/kG3tGteYMBNzSMmC/kcKgRDnUCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAAJn2
+a/VbtXGmHe9wmtu8K3noyECfG5fbu9URUjXhCBlXGcdjfz1gzrOHcmaBndk0a566
+R2W0fLvjLpjWChrj7r34EpNYGPMLV2gp3ZkiSGl9kv8mf9iChK6+ga3SlyHJuXXu
+gw6eOIAxBrE/vLw+pZtCEV9yPrIydkt19jjejf1wjs5y2G7m5r5pBIh6Wlmmc4f2
+3M6l6Dge78WVdUaU5AeAHjgGgXwULxmLGxi6yiS5HsSeb79oGz9psHbq1EAvwOVY
+sLepTbDQvX/VAAG7HOJXhdGM0fRIkM7HFA5+6joTHvAKhuMlFIJ8Y4QIG2QaIBAh
+eBBh91x/aB2xOKs+Kg==
+-----END CERTIFICATE-----
diff --git a/eaaf_core_utils/src/test/resources/data/ssL_truststore.jks b/eaaf_core_utils/src/test/resources/data/ssL_truststore.jks
new file mode 100644
index 00000000..4d7bc2f3
--- /dev/null
+++ b/eaaf_core_utils/src/test/resources/data/ssL_truststore.jks
Binary files differ
diff --git a/eaaf_core_utils/src/test/resources/data/ssl_host.jks b/eaaf_core_utils/src/test/resources/data/ssl_host.jks
new file mode 100644
index 00000000..4ca07595
--- /dev/null
+++ b/eaaf_core_utils/src/test/resources/data/ssl_host.jks
Binary files differ