diff options
| author | Thomas <> | 2022-04-19 10:48:47 +0200 | 
|---|---|---|
| committer | Thomas <> | 2022-04-19 10:48:47 +0200 | 
| commit | 8863bbcff97c4f7ee86be063a222ec36c15b5546 (patch) | |
| tree | b7a29d097a4239e97f97b907f6a48d0ffec60dc0 /eaaf_core_utils/src | |
| parent | 7da4e762402a868920fc1212db78db6ce729b6ca (diff) | |
| download | EAAF-Components-8863bbcff97c4f7ee86be063a222ec36c15b5546.tar.gz EAAF-Components-8863bbcff97c4f7ee86be063a222ec36c15b5546.tar.bz2 EAAF-Components-8863bbcff97c4f7ee86be063a222ec36c15b5546.zip | |
test(http): add second SSL client authentication test
     INFO:
       SSL Client-Authentication with keys from HSM-Facade only works with
       BCJSSE Provider >= 1.70 and SystemD Parameter: -Dorg.bouncycastle.jsse.client.acceptRenegotiation=true
       if HTTP Server requires re-negotiation.
       Hint: do not enable SSL Debugging in BCJSSE Probider, because it throws
             a NullPointerException with HSM-Facade keys!!!!
Diffstat (limited to 'eaaf_core_utils/src')
| -rw-r--r-- | eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryProdHostTest.java | 41 | 
1 files changed, 17 insertions, 24 deletions
| diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryProdHostTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryProdHostTest.java index 55c17ee8..85fa6129 100644 --- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryProdHostTest.java +++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryProdHostTest.java @@ -1,20 +1,20 @@  package at.gv.egiz.eaaf.core.test.http; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; +  import java.io.IOException; -import java.security.KeyStore;  import java.security.KeyStoreException;  import java.security.NoSuchAlgorithmException; -import java.security.Provider;  import java.security.UnrecoverableKeyException;  import java.security.cert.CertificateEncodingException; -import java.security.cert.X509Certificate; -import java.util.Base64;  import org.apache.http.client.ClientProtocolException;  import org.apache.http.client.methods.CloseableHttpResponse;  import org.apache.http.client.methods.HttpGet;  import org.apache.http.client.methods.HttpUriRequest;  import org.apache.http.impl.client.CloseableHttpClient; +import org.apache.http.util.EntityUtils;  import org.junit.Assert;  import org.junit.Before;  import org.junit.BeforeClass; @@ -23,13 +23,12 @@ import org.junit.runner.RunWith;  import org.slf4j.LoggerFactory;  import org.springframework.beans.factory.annotation.Autowired;  import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.ClassMode;  import org.springframework.test.annotation.DirtiesContext.MethodMode;  import org.springframework.test.context.ContextConfiguration;  import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;  import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; -import at.gv.egiz.eaaf.core.impl.data.Pair;  import at.gv.egiz.eaaf.core.impl.http.HttpClientConfiguration;  import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory;  import ch.qos.logback.classic.Level; @@ -37,11 +36,10 @@ import ch.qos.logback.classic.Logger;  @RunWith(SpringJUnit4ClassRunner.class)  @ContextConfiguration("/spring/test_eaaf_pvp_not_lazy.beans.xml") -@DirtiesContext +@DirtiesContext(classMode = ClassMode.BEFORE_CLASS)  public class HttpClientFactoryProdHostTest {    @Autowired private IHttpClientFactory httpClientFactory; -  @Autowired private EaafKeyStoreFactory keyStoreFactory;    /**     * Initialize full class. @@ -51,6 +49,8 @@ public class HttpClientFactoryProdHostTest {      final Logger logger = (Logger) LoggerFactory.getLogger("org.bouncycastle.jsse");      logger.setLevel(Level.TRACE); +    System.setProperty("org.bouncycastle.jsse.client.acceptRenegotiation", "true"); +        }    /** @@ -71,28 +71,21 @@ public class HttpClientFactoryProdHostTest {      final HttpClientConfiguration clientConfig = new HttpClientConfiguration("jUnit-client");      clientConfig.setAuthMode("ssl"); -    //clientConfig.buildKeyStoreConfig("hsmfacade", null, null, "eid-junit"); -    //clientConfig.setSslKeyAlias("rsa-key-1");      clientConfig.buildKeyStoreConfig("hsmfacade", null, null, "authhandler"); -    clientConfig.setSslKeyAlias("authhandler-sign"); -    clientConfig.setDisableTlsHostCertificateValidation(false); +    clientConfig.setSslKeyAlias("authhandler-mis"); +    clientConfig.setDisableTlsHostCertificateValidation(true);      final CloseableHttpClient client = httpClientFactory.getHttpClient(clientConfig);      Assert.assertNotNull("httpClient", client); - -    final Pair<KeyStore, Provider> sslClientKeyStore = -        keyStoreFactory.buildNewKeyStore(clientConfig.getKeyStoreConfig()); -    final X509Certificate clientRootCert = (X509Certificate) sslClientKeyStore.getFirst() -            .getCertificateChain(clientConfig.getSslKeyAlias())[1]; -    final X509Certificate clientEeCert = (X509Certificate) sslClientKeyStore.getFirst() -        .getCertificateChain(clientConfig.getSslKeyAlias())[0]; -    Base64.getEncoder().encodeToString(clientEeCert.getEncoded());      //perform test request -    final HttpUriRequest httpGet2 = new HttpGet("https://apps.egiz.gv.at//sslclientcertdemo/"); -    final CloseableHttpResponse httpResp2 = client.execute(httpGet2); -    Assert.assertEquals("http statusCode", 200, httpResp2.getStatusLine().getStatusCode()); - +    final HttpUriRequest httpGet3 = new HttpGet("https://vollmachten.egiz.gv.at/mms-eid-test/services/GetMandatesService?wsdl"); +    final CloseableHttpResponse httpResp3 = client.execute(httpGet3); +    Assert.assertEquals("http statusCode", 200, httpResp3.getStatusLine().getStatusCode());  +    String body = EntityUtils.toString(httpResp3.getEntity()); +    assertFalse("no http body", body.isEmpty()); +    assertTrue("no WSDL", body.contains("name=\"GetMandatesOperation\"")); +        }  } | 
