update jUnit tests to operate on HSM Facade from A-Sit+

3 files changed, 112 insertions, 76 deletions

diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java
index 6dbbba3e..970efd22 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java
@@ -4,9 +4,10 @@ import java.util.Map;
 
 import javax.annotation.Nonnull;
 
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+
 import org.apache.commons.lang3.StringUtils;
 
-import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
 import lombok.Getter;
 import lombok.Setter;
 import lombok.extern.slf4j.Slf4j;
@@ -139,7 +140,7 @@ public class KeyStoreConfiguration {
 
   /**
    * Validate the internal state of this configuration object.
-   * 
+   *
    * @throws EaafConfigurationException In case of a configuration error
    */
   public void validate() throws EaafConfigurationException {
@@ -147,7 +148,7 @@ public class KeyStoreConfiguration {
       log.trace("Validate HSM-Facade KeyStore ... ");
       checkConfigurationValue(keyStoreName, EaafKeyStoreFactory.ERRORCODE_07,
           friendlyName, "Missing 'KeyName' for HSM-Facade");
-     
+
     } else if (KeyStoreType.PKCS12.equals(keyStoreType)
         || KeyStoreType.JKS.equals(keyStoreType)) {
       log.trace("Validate software KeyStore ... ");
@@ -155,13 +156,13 @@ public class KeyStoreConfiguration {
           friendlyName, "Missing 'KeyPath' for software keystore");
       checkConfigurationValue(softKeyStorePassword, EaafKeyStoreFactory.ERRORCODE_07,
           friendlyName, "Missing 'KeyPassword' for software keystore");
-      
+
     } else {
       log.info("Validation of type: {} not supported yet", keyStoreType);
-      
+
     }
   }
-  
+
   public enum KeyStoreType {
     PKCS12("pkcs12"), JKS("jks"), HSMFACADE("hsmfacade"), PKCS11("pkcs11");
 
@@ -209,16 +210,16 @@ public class KeyStoreConfiguration {
     final String configValue = config.get(configParamKey);
     checkConfigurationValue(configValue, EaafKeyStoreFactory.ERRORCODE_04, configParamKey);
     return configValue;
-    
+
   }
 
-  private static void checkConfigurationValue(String configValue, String errorCode, String... params) 
+  private static void checkConfigurationValue(String configValue, String errorCode, String... params)
       throws EaafConfigurationException {
     if (StringUtils.isEmpty(configValue)) {
-      throw new EaafConfigurationException(errorCode, 
-          new Object[] { params});
-      
+      throw new EaafConfigurationException(errorCode,
+         params);
+
     }
-    
+
   }
 }
diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java
index c47805e8..b5727015 100644
--- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java
+++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java
@@ -6,6 +6,17 @@ import java.security.KeyStoreException;
 import java.security.cert.X509Certificate;
 import java.util.List;
 
+import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap;
+
 import org.apache.commons.lang3.RandomStringUtils;
 import org.junit.Assert;
 import org.junit.Before;
@@ -23,17 +34,6 @@ import com.google.common.base.Optional;
 import com.google.common.base.Predicates;
 import com.google.common.base.Throwables;
 import com.google.common.collect.FluentIterable;
-
-import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException;
-import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException;
-import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
-import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils;
-import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
-import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
-import at.gv.egiz.eaaf.core.impl.data.Pair;
-import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap;
 import io.grpc.StatusRuntimeException;
 
 @RunWith(SpringJUnit4ClassRunner.class)
@@ -41,13 +41,20 @@ import io.grpc.StatusRuntimeException;
 @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD)
 public class EaafKeyStoreFactoryTest {
 
+  private static final String HSM_FACASE_HOST = "eid.a-sit.at";
+  private static final String HSM_FACASE_PORT = "9000";
+  private static final String HSM_FACASE_SSL_TRUST = "src/test/resources/data/hsm_facade_trust_root.crt";
+  private static final String HSM_FACASE_USERNAME = "authhandler-junit";
+  private static final String HSM_FACASE_PASSWORD = "supersecret123";
+  private static final String HSM_FACASE_HSM_NAME = "software";
+
   private static final String PATH_TO_SOFTWARE_KEYSTORE_JKS_WITH_TRUSTED_CERTS =
       "src/test/resources/data/junit.jks";
   private static final String PATH_TO_SOFTWARE_KEYSTORE_JKS =
       "src/test/resources/data/junit_without_trustcerts.jks";
   private static final String PATH_TO_SOFTWARE_KEYSTORE_PKCS12 =
       "src/test/resources/data/junit_without_trustcerts.p12";
-  private static final String PATH_TO_HSM_FACADE_TRUST_CERT = "src/test/resources/data/test.crt";
+  private static final String PATH_TO_HSM_FACADE_TRUST_CERT = "src/test/resources/data/hsm_facade_trust_root.crt";
   private static final String SOFTWARE_KEYSTORE_PASSWORD = "password";
 
   @Autowired
@@ -146,7 +153,7 @@ public class EaafKeyStoreFactoryTest {
 
     }
   }
-  
+
   @Test
   @DirtiesContext
   public void softwareKeyStoreWithoutPassword() {
@@ -177,7 +184,7 @@ public class EaafKeyStoreFactoryTest {
     final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration();
     keyStoreConfig.setKeyStoreType(KeyStoreType.JKS);
     keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD);
-    
+
 
     try {
       keyStoreFactory.buildNewKeyStore(keyStoreConfig);
@@ -216,7 +223,7 @@ public class EaafKeyStoreFactoryTest {
     keyStoreConfig.setKeyStoreType(KeyStoreType.JKS);
     keyStoreConfig.setSoftKeyStoreFilePath("src/test/resources/notexist.jks");
     keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD);
-    
+
 
     try {
       keyStoreFactory.buildNewKeyStore(keyStoreConfig);
@@ -239,7 +246,7 @@ public class EaafKeyStoreFactoryTest {
     keyStoreConfig.setKeyStoreType(KeyStoreType.JKS);
     keyStoreConfig.setSoftKeyStoreFilePath(PATH_TO_SOFTWARE_KEYSTORE_JKS);
     keyStoreConfig.setSoftKeyStorePassword("wrong password");
-    
+
 
     try {
       keyStoreFactory.buildNewKeyStore(keyStoreConfig);
@@ -262,14 +269,14 @@ public class EaafKeyStoreFactoryTest {
     keyStoreConfig.setKeyStoreType(KeyStoreType.JKS);
     keyStoreConfig.setSoftKeyStoreFilePath(PATH_TO_SOFTWARE_KEYSTORE_JKS);
     keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD);
-    
+
     keyStoreConfig.validate();
 
     final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig);
     Assert.assertNotNull("KeyStore is null", keyStore);
 
   }
-  
+
   @Test
   @DirtiesContext
   public void softwareKeyStoreAccessOperations() throws EaafException, KeyStoreException {
@@ -280,61 +287,61 @@ public class EaafKeyStoreFactoryTest {
     keyStoreConfig.setKeyStoreType(KeyStoreType.JKS);
     keyStoreConfig.setSoftKeyStoreFilePath(PATH_TO_SOFTWARE_KEYSTORE_JKS_WITH_TRUSTED_CERTS);
     keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD);
-    
+
     keyStoreConfig.validate();
 
     final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig);
     Assert.assertNotNull("KeyStore is null", keyStore);
-    
+
     //read trusted certs
-    List<X509Certificate> trustedCerts = EaafKeyStoreUtils.readCertsFromKeyStore(keyStore);
+    final List<X509Certificate> trustedCerts = EaafKeyStoreUtils.readCertsFromKeyStore(keyStore);
     Assert.assertNotNull("Trusted certs", trustedCerts);
     Assert.assertEquals("Trusted certs size", 2, trustedCerts.size());
 
     //read priv. key
-    Pair<Key, X509Certificate[]> privCred1 = EaafKeyStoreUtils.getPrivateKeyAndCertificates(
+    final Pair<Key, X509Certificate[]> privCred1 = EaafKeyStoreUtils.getPrivateKeyAndCertificates(
         keyStore, "meta", "password".toCharArray(), true, "jUnit test");
     Assert.assertNotNull("Credential 1", privCred1);
     Assert.assertNotNull("Credential 1 priv. key", privCred1.getFirst());
     Assert.assertNotNull("Credential 1 certificate", privCred1.getSecond());
-    
+
     //read priv. key
-    Pair<Key, X509Certificate[]> privCred2 = EaafKeyStoreUtils.getPrivateKeyAndCertificates(
+    final Pair<Key, X509Certificate[]> privCred2 = EaafKeyStoreUtils.getPrivateKeyAndCertificates(
         keyStore, "sig", "password".toCharArray(), true, "jUnit test");
     Assert.assertNotNull("Credential 2", privCred2);
     Assert.assertNotNull("Credential 2 priv. key", privCred2.getFirst());
     Assert.assertNotNull("Credential 2 certificate", privCred2.getSecond());
-    
-    
+
+
     //read priv. key
-    Pair<Key, X509Certificate[]> privCred3 = EaafKeyStoreUtils.getPrivateKeyAndCertificates(
+    final Pair<Key, X509Certificate[]> privCred3 = EaafKeyStoreUtils.getPrivateKeyAndCertificates(
         keyStore, "notexist", "password".toCharArray(), false, "jUnit test");
     Assert.assertNull("Credential 3", privCred3);
-    
+
   //read priv. key
-    Pair<Key, X509Certificate[]> privCred4 = EaafKeyStoreUtils.getPrivateKeyAndCertificates(
+    final Pair<Key, X509Certificate[]> privCred4 = EaafKeyStoreUtils.getPrivateKeyAndCertificates(
         keyStore, "meta", "wrong".toCharArray(), false, "jUnit test");
     Assert.assertNull("Credential 3", privCred4);
-    
+
     try {
       EaafKeyStoreUtils.getPrivateKeyAndCertificates(
           keyStore, "meta", "wrong".toCharArray(), true, "jUnit test");
       Assert.fail("Wrong password not detected");
-      
-    } catch (EaafKeyAccessException e) {
+
+    } catch (final EaafKeyAccessException e) {
       Assert.assertEquals("wrong errorcode", "internal.keystore.09", e.getErrorId());
     }
-    
+
     try {
       EaafKeyStoreUtils.getPrivateKeyAndCertificates(
           keyStore, "wrong", "password".toCharArray(), true, "jUnit test");
       Assert.fail("Wrong alias not detected");
-      
-    } catch (EaafKeyAccessException e) {
+
+    } catch (final EaafKeyAccessException e) {
       Assert.assertEquals("wrong errorcode", "internal.keystore.09", e.getErrorId());
     }
-        
-    
+
+
   }
 
   @Test
@@ -349,7 +356,7 @@ public class EaafKeyStoreFactoryTest {
     keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD);
 
     keyStoreConfig.validate();
-    
+
     final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig);
     Assert.assertNotNull("KeyStore is null", keyStore);
 
@@ -550,18 +557,7 @@ public class EaafKeyStoreFactoryTest {
   @Test
   @DirtiesContext
   public void hsmFacadeKeyStoreNoKeyStoreName() {
-    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST,
-        RandomStringUtils.randomNumeric(10));
-    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT,
-        RandomStringUtils.randomNumeric(4));
-    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME,
-        RandomStringUtils.randomNumeric(10));
-    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD,
-        RandomStringUtils.randomAlphanumeric(10));
-    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HSM_NAME,
-        RandomStringUtils.randomAlphanumeric(10));
-    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST,
-        PATH_TO_HSM_FACADE_TRUST_CERT);
+    configureHsmFacade();
 
     final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
     Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
@@ -583,28 +579,17 @@ public class EaafKeyStoreFactoryTest {
   @Test
   @DirtiesContext
   public void hsmFacadeKeyStoreSuccess() throws EaafException {
-    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST,
-        RandomStringUtils.randomNumeric(10));
-    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT,
-        RandomStringUtils.randomNumeric(4));
-    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME,
-        RandomStringUtils.randomNumeric(10));
-    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD,
-        RandomStringUtils.randomAlphanumeric(10));
-    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HSM_NAME,
-        RandomStringUtils.randomAlphanumeric(10));
-    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST,
-        PATH_TO_HSM_FACADE_TRUST_CERT);
+    configureHsmFacade();
 
     final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
     Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
 
     final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration();
     keyStoreConfig.setKeyStoreType(KeyStoreType.HSMFACADE);
-    keyStoreConfig.setKeyStoreName("testkeyStore");
+    keyStoreConfig.setKeyStoreName("authhandler");
 
     keyStoreConfig.validate();
-    
+
     try {
       final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig);
       Assert.assertNotNull("KeyStore is null", keyStore);
@@ -615,6 +600,36 @@ public class EaafKeyStoreFactoryTest {
       // exception"));
 
     }
+  }
+
+  @Test
+  @DirtiesContext
+  public void hsmFacadeKeyStoreSuccessASitTestFacade() throws EaafException {
+    configureHsmFacade();
+
+    final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
+    Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
+
+    final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration();
+    keyStoreConfig.setKeyStoreType(KeyStoreType.HSMFACADE);
+    keyStoreConfig.setKeyStoreName("authhandler");
+
+    keyStoreConfig.validate();
+
+    final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig);
+    Assert.assertNotNull("KeyStore is null", keyStore);
+
+  }
+
+  private void configureHsmFacade() {
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, HSM_FACASE_HOST);
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT, HSM_FACASE_PORT);
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST, HSM_FACASE_SSL_TRUST);
+
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME, HSM_FACASE_USERNAME);
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD, HSM_FACASE_PASSWORD);
+
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HSM_NAME, HSM_FACASE_HSM_NAME);
 
   }
 
diff --git a/eaaf_core_utils/src/test/resources/data/hsm_facade_trust_root.crt b/eaaf_core_utils/src/test/resources/data/hsm_facade_trust_root.crt
new file mode 100644
index 00000000..37fdc389
--- /dev/null
+++ b/eaaf_core_utils/src/test/resources/data/hsm_facade_trust_root.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDFDCCAfygAwIBAgIEXIjqbjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARy
+b290MB4XDTE5MDMxMzExMzMwMloXDTIwMDMxMjExMzMwMlowDzENMAsGA1UEAwwE
+cm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKijWXfb7bvQ7CIw
+FuyuPUz+aN7uBgSSnpYamtzjagacdtGR2V2OVHfjVHhw+cSoNPaEEV2x0O9A+w8F
+FCatBT30l7/2scuJmrdXYlIhd17NU6HG/HKYvRYROkXrprsbdZobWqdF/zShLIvv
+0bwconAu7AxwlDgNJQz2pL0e94OkCT5rZyA4HFgzJ34XynXaCMbUbVXxVk6EuNaX
+hbyco0qhjOjSn7Rwk3iXp21V4vcYRVq44sG3ieU6jHq6LKmYSGJ1y0yv9ADYJwSp
+jCzRbOEKe/7QVvZIyzzqjhO3SAHONuFNX0V6zPCgMCjUOgHuOIEKLJR9p0YYYocX
+GBLcVuECAwEAAaN4MHYwDAYDVR0TBAUwAwEB/zA6BgNVHSMEMzAxgBQueuDUlVbB
+LBjP+iRFr6lUDBh58qETpBEwDzENMAsGA1UEAwwEcm9vdIIEXIjqbjAdBgNVHQ4E
+FgQULnrg1JVWwSwYz/okRa+pVAwYefIwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEB
+CwUAA4IBAQCEYSVpiKFO7FjCqTlkxNBY7e7891dq43DfX9i/Hb/AIvZDPe/RC46t
+EXd9LN7QYaXe35U5ZD1q7qmK7NoFJ9zp4D4mxA2iiBHz40GnRt+0abNdQiyw913W
+s/VIElAOv0tvCw+3SwzvLRU/AVCM1weW6IUbYv/Ty5zmLBsG3do3MmVF3cqXho2m
+pNaiubuaUsR8Ms1LqIr6R7Yf8MKSrgYWCOw60gj5O64RHnEJli52D+S/8Cue5GvG
+ECckmgLgGsRcWfFwRqqS7+XWt8Dv8xxD5vurvcs547Hn28kSHtF2i+KYLDVH2QjN
+dbO0qgEJlMPi7oGrsNjIkndrWseNrPA4
+-----END CERTIFICATE-----
+ 
\ No newline at end of file