summaryrefslogtreecommitdiff
path: root/eaaf_modules/eaaf_module_auth_sl20/src/test
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2020-08-26 16:21:39 +0200
committerThomas Lenz <thomas.lenz@egiz.gv.at>2020-08-26 16:21:39 +0200
commitbe7b4a37fb0844e9f1b9ed91742af3d204f68f22 (patch)
tree29f7db190f647ab35905784c805cfefb9c73abba /eaaf_modules/eaaf_module_auth_sl20/src/test
parent4d49513b7c28197b6c767e79e510db18ba73acb5 (diff)
downloadEAAF-Components-be7b4a37fb0844e9f1b9ed91742af3d204f68f22.tar.gz
EAAF-Components-be7b4a37fb0844e9f1b9ed91742af3d204f68f22.tar.bz2
EAAF-Components-be7b4a37fb0844e9f1b9ed91742af3d204f68f22.zip
refactor JWS and JWE implementation in SL2.0 module to reuse JWS and JWE specific implementation in other classes
Diffstat (limited to 'eaaf_modules/eaaf_module_auth_sl20/src/test')
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/AbstractJsonSecurityUtilsTest.java250
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtilsHsmKeyTest.java34
2 files changed, 145 insertions, 139 deletions
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/AbstractJsonSecurityUtilsTest.java b/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/AbstractJsonSecurityUtilsTest.java
index ebea35c6..917ef1e0 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/AbstractJsonSecurityUtilsTest.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/AbstractJsonSecurityUtilsTest.java
@@ -9,8 +9,18 @@ import java.security.Security;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap;
+import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult;
+
import org.apache.commons.lang3.RandomStringUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.jose4j.base64url.Base64Url;
import org.jose4j.jca.ProviderContext;
import org.jose4j.jwa.AlgorithmConstraints;
import org.jose4j.jwa.AlgorithmConstraints.ConstraintType;
@@ -28,15 +38,6 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import com.fasterxml.jackson.databind.JsonNode;
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
-import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils;
-import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
-import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
-import at.gv.egiz.eaaf.core.impl.data.Pair;
-import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap;
-import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult;
-
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration("/spring/test_eaaf_sl20_hsm.beans.xml")
public abstract class AbstractJsonSecurityUtilsTest {
@@ -44,45 +45,45 @@ public abstract class AbstractJsonSecurityUtilsTest {
@Autowired protected DummyAuthConfigMap config;
@Autowired protected IJoseTools joseTools;
@Autowired protected EaafKeyStoreFactory keyStoreFactory;
-
+
@BeforeClass
public static void classInitializer() {
Security.addProvider(new BouncyCastleProvider());
-
+
}
-
- protected abstract void setRsaSigningKey();
-
+
+ protected abstract void setRsaSigningKey();
+
protected abstract void setEcSigningKey();
-
+
protected abstract void setRsaEncryptionKey();
-
+
protected abstract void setEcEncryptionKey();
-
+
protected abstract Pair<KeyStore, Provider> getEncryptionKeyStore() throws EaafException;
-
- protected abstract String getRsaKeyAlias();
-
+
+ protected abstract String getRsaKeyAlias();
+
protected abstract String getRsaKeyPassword();
-
- protected abstract String getEcKeyAlias();
-
+
+ protected abstract String getEcKeyAlias();
+
protected abstract String getEcKeyPassword();
-
-
+
+
@Test
- public void fullEncryptDecrypt() throws JoseException, EaafException {
- String payLoad = "{\"aac\":\"" + RandomStringUtils.randomAlphanumeric(100) + "\"}";
-
+ public void fullEncryptDecrypt() throws JoseException, EaafException {
+ final String payLoad = "{\"aac\":\"" + RandomStringUtils.randomAlphanumeric(100) + "\"}";
+
final JsonWebEncryption jwe = new JsonWebEncryption();
jwe.setAlgorithmHeaderValue(KeyManagementAlgorithmIdentifiers.ECDH_ES_A256KW);
jwe.setEncryptionMethodHeaderParameter(ContentEncryptionAlgorithmIdentifiers.AES_128_GCM);
jwe.setKey(joseTools.getEncryptionCertificate().getPublicKey());
jwe.setX509CertSha256ThumbprintHeaderValue(joseTools.getEncryptionCertificate());
jwe.setPayload(payLoad);
-
+
// set special provider if required
- Pair<KeyStore, Provider> rsaEncKeyStore = getEncryptionKeyStore();
+ final Pair<KeyStore, Provider> rsaEncKeyStore = getEncryptionKeyStore();
if (rsaEncKeyStore.getSecond() != null) {
final ProviderContext providerCtx = new ProviderContext();
providerCtx.getSuppliedKeyProviderContext().setSignatureProvider(
@@ -90,30 +91,30 @@ public abstract class AbstractJsonSecurityUtilsTest {
jwe.setProviderContext(providerCtx);
}
-
- String encData = jwe.getCompactSerialization();
+
+ final String encData = jwe.getCompactSerialization();
Assert.assertNotNull("JWE Encryption", encData);
-
-
- JsonNode decData = joseTools.decryptPayload(encData);
+
+
+ final JsonNode decData = joseTools.decryptPayload(encData);
Assert.assertNotNull("JWE Decryption", decData);
-
+
}
-
+
@Test
public void encryptionRsa() throws JoseException, EaafException {
- String payLoad = "{\"aac\":\"" + RandomStringUtils.randomAlphanumeric(100) + "\"}";
- Pair<KeyStore, Provider> rsaEncKeyStore = getEncryptionKeyStore();
- Pair<Key, X509Certificate[]> key = EaafKeyStoreUtils.getPrivateKeyAndCertificates(
- rsaEncKeyStore.getFirst(), getRsaKeyAlias(), getRsaKeyPassword().toCharArray(),
+ final String payLoad = "{\"aac\":\"" + RandomStringUtils.randomAlphanumeric(100) + "\"}";
+ final Pair<KeyStore, Provider> rsaEncKeyStore = getEncryptionKeyStore();
+ final Pair<Key, X509Certificate[]> key = EaafKeyStoreUtils.getPrivateKeyAndCertificates(
+ rsaEncKeyStore.getFirst(), getRsaKeyAlias(), getRsaKeyPassword().toCharArray(),
true, "jUnit RSA JWE");
-
+
final JsonWebEncryption jwe = new JsonWebEncryption();
jwe.setAlgorithmHeaderValue(KeyManagementAlgorithmIdentifiers.RSA_OAEP_256);
jwe.setEncryptionMethodHeaderParameter(ContentEncryptionAlgorithmIdentifiers.AES_128_GCM);
jwe.setKey(key.getSecond()[0].getPublicKey());
jwe.setPayload(payLoad);
-
+
// set special provider if required
if (rsaEncKeyStore.getSecond() != null) {
final ProviderContext providerCtx = new ProviderContext();
@@ -122,27 +123,27 @@ public abstract class AbstractJsonSecurityUtilsTest {
jwe.setProviderContext(providerCtx);
}
-
- String encData = jwe.getCompactSerialization();
+
+ final String encData = jwe.getCompactSerialization();
Assert.assertNotNull("JWE", encData);
-
-
+
+
}
-
+
@Test
public void encryptionEc() throws JoseException, EaafException {
- String payLoad = "{\"aac\":\"" + RandomStringUtils.randomAlphanumeric(100) + "\"}";
- Pair<KeyStore, Provider> rsaEncKeyStore = getEncryptionKeyStore();
- Pair<Key, X509Certificate[]> key = EaafKeyStoreUtils.getPrivateKeyAndCertificates(
- rsaEncKeyStore.getFirst(), getEcKeyAlias(), getEcKeyPassword().toCharArray(),
+ final String payLoad = "{\"aac\":\"" + RandomStringUtils.randomAlphanumeric(100) + "\"}";
+ final Pair<KeyStore, Provider> rsaEncKeyStore = getEncryptionKeyStore();
+ final Pair<Key, X509Certificate[]> key = EaafKeyStoreUtils.getPrivateKeyAndCertificates(
+ rsaEncKeyStore.getFirst(), getEcKeyAlias(), getEcKeyPassword().toCharArray(),
true, "jUnit RSA JWE");
-
+
final JsonWebEncryption jwe = new JsonWebEncryption();
jwe.setAlgorithmHeaderValue(KeyManagementAlgorithmIdentifiers.ECDH_ES_A256KW);
jwe.setEncryptionMethodHeaderParameter(ContentEncryptionAlgorithmIdentifiers.AES_128_GCM);
jwe.setKey(key.getSecond()[0].getPublicKey());
jwe.setPayload(payLoad);
-
+
// set special provider if required
if (rsaEncKeyStore.getSecond() != null) {
final ProviderContext providerCtx = new ProviderContext();
@@ -151,142 +152,139 @@ public abstract class AbstractJsonSecurityUtilsTest {
jwe.setProviderContext(providerCtx);
}
-
- String encData = jwe.getCompactSerialization();
-
+
+ final String encData = jwe.getCompactSerialization();
+
Assert.assertNotNull("JWE", encData);
-
-
+
+
}
-
+
@Test
- public void noTrustedCert() throws CertificateEncodingException, KeyStoreException,
+ public void noTrustedCert() throws CertificateEncodingException, KeyStoreException,
JoseException, IOException, EaafException {
setRsaSigningKey();
setRsaEncryptionKey();
-
- String payLoad = "{\"aac\":\"" + RandomStringUtils.randomAlphanumeric(100) + "\"}";
-
- String jws = joseTools.createSignature(payLoad);
+
+ final String payLoad = "{\"aac\":\"" + RandomStringUtils.randomAlphanumeric(100) + "\"}";
+
+ final String jws = joseTools.createSignature(payLoad);
Assert.assertNotNull("Signed msg", jws);
-
+
try {
joseTools.validateSignature(
jws,
keyStoreFactory.buildNewKeyStore(getSigTrustStoreConfigOnlyEc()).getFirst(),
- getDefaultAlgorithmConstrains());
+ getDefaultAlgorithmConstrains());
Assert.fail("Wrong JOSE Sig not detected");
-
- } catch (JoseException e) {
- Assert.assertEquals("Wrong errorCode",
- "Can NOT select verification key for JWS. Signature verification FAILED",
+
+ } catch (final JoseException e) {
+ Assert.assertEquals("Wrong errorCode",
+ "Can NOT select verification key for JWS. Signature verification FAILED",
e.getMessage());
-
+
}
}
-
+
@Test
- public void invalidSignature() throws CertificateEncodingException, KeyStoreException,
+ public void invalidSignature() throws CertificateEncodingException, KeyStoreException,
JoseException, IOException, EaafException {
setRsaSigningKey();
setRsaEncryptionKey();
-
- String payLoad = "{\"aac\":\"" + RandomStringUtils.randomAlphanumeric(100) + "\"}";
-
- String jws = joseTools.createSignature(payLoad);
+
+ final String payLoad = "{\"aac\":\"" + RandomStringUtils.randomAlphanumeric(100) + "\"}";
+
+ final String jws = joseTools.createSignature(payLoad);
Assert.assertNotNull("Signed msg", jws);
-
- String invalidJws =
- jws.substring(0, jws.indexOf(".") + 5) + "dd" + jws.substring(jws.indexOf(".") + 6);
-
- try {
- joseTools.validateSignature(
- invalidJws,
- keyStoreFactory.buildNewKeyStore(getSigTrustStoreConfigValid()).getFirst(),
- getDefaultAlgorithmConstrains());
- Assert.fail("Wrong JOSE Sig not detected");
-
- } catch (JoseException e) {
- Assert.assertEquals("Wrong errorCode",
- "JWS signature is invalid.",
- e.getMessage());
-
- }
-
+
+ final String invalidJws = jws.substring(0, jws.indexOf("."))
+ + "."
+ + Base64Url.encodeUtf8ByteRepresentation("{\"aac\":\"" + RandomStringUtils.randomAlphabetic(25) + "\"}")
+ + "."
+ + jws.substring(jws.lastIndexOf(".") + 1);
+
+
+ final VerificationResult result = joseTools.validateSignature(
+ invalidJws,
+ keyStoreFactory.buildNewKeyStore(getSigTrustStoreConfigValid()).getFirst(),
+ getDefaultAlgorithmConstrains());
+
+ Assert.assertFalse("wrong sig. verification state", result.isValidSigned());
+
}
-
+
@Test
- public void validSigningRsa() throws CertificateEncodingException, KeyStoreException,
+ public void validSigningRsa() throws CertificateEncodingException, KeyStoreException,
JoseException, IOException, EaafException {
setRsaSigningKey();
setRsaEncryptionKey();
-
- String payLoad = "{\"aac\":\"" + RandomStringUtils.randomAlphanumeric(100) + "\"}";
-
- String jws = joseTools.createSignature(payLoad);
+
+ final String payLoad = "{\"aac\":\"" + RandomStringUtils.randomAlphanumeric(100) + "\"}";
+
+ final String jws = joseTools.createSignature(payLoad);
Assert.assertNotNull("Signed msg", jws);
-
- VerificationResult verify = joseTools.validateSignature(
+
+ final VerificationResult verify = joseTools.validateSignature(
jws,
keyStoreFactory.buildNewKeyStore(getSigTrustStoreConfigValid()).getFirst(),
- getDefaultAlgorithmConstrains());
+ getDefaultAlgorithmConstrains());
Assert.assertTrue("wrong verify state", verify.isValidSigned());
Assert.assertNotNull("JWS Header", verify.getJoseHeader());
Assert.assertNotNull("JWS Payload", verify.getPayload());
Assert.assertNotNull("CertChain", verify.getCertChain());
-
+
}
-
+
@Test
- public void validSigningEc() throws CertificateEncodingException, KeyStoreException,
+ public void validSigningEc() throws CertificateEncodingException, KeyStoreException,
JoseException, IOException, EaafException {
setEcSigningKey();
setEcEncryptionKey();
-
- String payLoad = "{\"aac\":\"" + RandomStringUtils.randomAlphanumeric(100) + "\"}";
-
- String jws = joseTools.createSignature(payLoad);
+
+ final String payLoad = "{\"aac\":\"" + RandomStringUtils.randomAlphanumeric(100) + "\"}";
+
+ final String jws = joseTools.createSignature(payLoad);
Assert.assertNotNull("Signed msg", jws);
-
- VerificationResult verify = joseTools.validateSignature(
+
+ final VerificationResult verify = joseTools.validateSignature(
jws,
keyStoreFactory.buildNewKeyStore(getSigTrustStoreConfigValid()).getFirst(),
- getDefaultAlgorithmConstrains());
+ getDefaultAlgorithmConstrains());
Assert.assertTrue("wrong verify state", verify.isValidSigned());
Assert.assertNotNull("JWS Header", verify.getJoseHeader());
Assert.assertNotNull("JWS Payload", verify.getPayload());
Assert.assertNotNull("CertChain", verify.getCertChain());
-
+
}
-
+
protected KeyStoreConfiguration getSigTrustStoreConfigValid() {
- KeyStoreConfiguration trustConfig = new KeyStoreConfiguration();
+ final KeyStoreConfiguration trustConfig = new KeyStoreConfiguration();
trustConfig.setFriendlyName("jUnit TrustStore");
trustConfig.setKeyStoreType(KeyStoreType.JKS);
trustConfig.setSoftKeyStoreFilePath("src/test/resources/data/junit.jks");
trustConfig.setSoftKeyStorePassword("password");
-
+
return trustConfig;
-
+
}
-
+
protected KeyStoreConfiguration getSigTrustStoreConfigOnlyEc() {
- KeyStoreConfiguration trustConfig = new KeyStoreConfiguration();
+ final KeyStoreConfiguration trustConfig = new KeyStoreConfiguration();
trustConfig.setFriendlyName("jUnit TrustStore");
trustConfig.setKeyStoreType(KeyStoreType.JKS);
trustConfig.setSoftKeyStoreFilePath("src/test/resources/data/junit_no_rsa.jks");
trustConfig.setSoftKeyStorePassword("password");
-
+
return trustConfig;
-
+
}
-
+
private AlgorithmConstraints getDefaultAlgorithmConstrains() {
return new AlgorithmConstraints(ConstraintType.WHITELIST,
SL20Constants.SL20_ALGORITHM_WHITELIST_SIGNING
.toArray(new String[SL20Constants.SL20_ALGORITHM_WHITELIST_SIGNING.size()]));
}
-
+
}
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtilsHsmKeyTest.java b/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtilsHsmKeyTest.java
index d9406b2d..4f8b2a23 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtilsHsmKeyTest.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtilsHsmKeyTest.java
@@ -3,51 +3,59 @@ package at.gv.egiz.eaaf.modules.auth.sl20.utils;
import java.security.KeyStore;
import java.security.Provider;
-import org.apache.commons.lang3.StringUtils;
-import org.junit.runner.RunWith;
-import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-
import at.gv.egiz.eaaf.core.exceptions.EaafException;
import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
import at.gv.egiz.eaaf.core.impl.data.Pair;
+import org.apache.commons.lang3.StringUtils;
+import org.junit.Before;
+import org.junit.runner.RunWith;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration("/spring/test_eaaf_sl20_hsm.beans.xml")
public class JsonSecurityUtilsHsmKeyTest extends AbstractJsonSecurityUtilsTest {
+ @Before
+ public void initialize() {
+ config.putConfigValue("modules.sl20.security.sigalg.rsa", "RS256");
+ config.putConfigValue("modules.sl20.security.sigalg.ecc", "ES256");
+
+ }
+
@Override
protected void setRsaSigningKey() {
config.putConfigValue("modules.sl20.security.sign.alias", "rsa-key-1");
-
+
}
@Override
protected void setEcSigningKey() {
config.putConfigValue("modules.sl20.security.sign.alias", "ec-key-1");
-
+
}
@Override
protected void setRsaEncryptionKey() {
config.putConfigValue("modules.sl20.security.encryption.alias", "rsa-key-1");
-
+
}
@Override
protected void setEcEncryptionKey() {
config.putConfigValue("modules.sl20.security.encryption.alias", "ec-key-1");
-
+
}
@Override
- protected Pair<KeyStore, Provider> getEncryptionKeyStore() throws EaafException {
- KeyStoreConfiguration keyConfig = new KeyStoreConfiguration();
+ protected Pair<KeyStore, Provider> getEncryptionKeyStore() throws EaafException {
+ final KeyStoreConfiguration keyConfig = new KeyStoreConfiguration();
keyConfig.setFriendlyName("Junit Enc Key Rsa");
keyConfig.setKeyStoreType(KeyStoreType.HSMFACADE);
keyConfig.setKeyStoreName("eid-junit");
-
+
return keyStoreFactory.buildNewKeyStore(keyConfig);
}
@@ -71,5 +79,5 @@ public class JsonSecurityUtilsHsmKeyTest extends AbstractJsonSecurityUtilsTest {
return StringUtils.EMPTY;
}
-
+
}