diff options
| author | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2020-06-22 09:00:57 +0200 | 
|---|---|---|
| committer | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2020-06-22 09:00:57 +0200 | 
| commit | 2b4d9dc8fcde4cdd5a13d9524b3a80a59376b4b8 (patch) | |
| tree | 1cf12e71b1a88f6efa664eb241915d91191fcf26 /eaaf_modules/eaaf_module_auth_sl20/src | |
| parent | dde5479553eb954e41fc8fe85abf45cf579d3034 (diff) | |
| download | EAAF-Components-2b4d9dc8fcde4cdd5a13d9524b3a80a59376b4b8.tar.gz EAAF-Components-2b4d9dc8fcde4cdd5a13d9524b3a80a59376b4b8.tar.bz2 EAAF-Components-2b4d9dc8fcde4cdd5a13d9524b3a80a59376b4b8.zip | |
fix problem with JOSE encryption in combination with HSM-Facade
add jUnit test for JoseUtils
Diffstat (limited to 'eaaf_modules/eaaf_module_auth_sl20/src')
12 files changed, 407 insertions, 62 deletions
| diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java index 1b824ad1..dae11370 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java @@ -295,6 +295,16 @@ public class JsonSecurityUtils implements IJoseTools {            keyStore.getFirst(), getEncryptionKeyAlias(), getEncryptionKeyPassword(), true,            FRIENDLYNAME_KEYSTORE); +      // set special provider if required +      if (keyStore.getSecond() != null) { +        log.trace("Injecting special Java Security Provider: {}", keyStore.getSecond().getName()); +        final ProviderContext providerCtx = new ProviderContext(); +        providerCtx.getSuppliedKeyProviderContext().setGeneralProvider( +            keyStore.getSecond().getName()); +        receiverJwe.setProviderContext(providerCtx); + +      } +              // validate key from header against key from config        final List<X509Certificate> x5cCerts = receiverJwe.getCertificateChainHeaderValue();        final String x5t256 = receiverJwe.getX509CertSha256ThumbprintHeaderValue(); @@ -336,7 +346,7 @@ public class JsonSecurityUtils implements IJoseTools {        // set key        receiverJwe.setKey(encryptionCred.getFirst()); - +              // decrypt payload        return mapper.getMapper().readTree(receiverJwe.getPlaintextString()); diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java index f0557619..c95bcc45 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java @@ -98,7 +98,11 @@ public class SL20Constants {        KeyManagementAlgorithmIdentifiers.RSA_OAEP_256;    public static final List<String> SL20_ALGORITHM_WHITELIST_KEYENCRYPTION = Collections -      .unmodifiableList(Arrays.asList(JSON_ALGORITHM_ENC_KEY_RSAOAEP, JSON_ALGORITHM_ENC_KEY_RSAOAEP256)); +      .unmodifiableList(Arrays.asList( +          JSON_ALGORITHM_ENC_KEY_RSAOAEP,  +          JSON_ALGORITHM_ENC_KEY_RSAOAEP256, +          KeyManagementAlgorithmIdentifiers.ECDH_ES_A128KW, +          KeyManagementAlgorithmIdentifiers.ECDH_ES_A256KW));    public static final String JSON_ALGORITHM_ENC_PAYLOAD_A128CBCHS256 =        ContentEncryptionAlgorithmIdentifiers.AES_128_CBC_HMAC_SHA_256; diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/AbstractJsonSecurityUtilsTest.java b/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/AbstractJsonSecurityUtilsTest.java new file mode 100644 index 00000000..ebea35c6 --- /dev/null +++ b/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/AbstractJsonSecurityUtilsTest.java @@ -0,0 +1,292 @@ +package at.gv.egiz.eaaf.modules.auth.sl20.utils; + +import java.io.IOException; +import java.security.Key; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.Provider; +import java.security.Security; +import java.security.cert.CertificateEncodingException; +import java.security.cert.X509Certificate; + +import org.apache.commons.lang3.RandomStringUtils; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.jose4j.jca.ProviderContext; +import org.jose4j.jwa.AlgorithmConstraints; +import org.jose4j.jwa.AlgorithmConstraints.ConstraintType; +import org.jose4j.jwe.ContentEncryptionAlgorithmIdentifiers; +import org.jose4j.jwe.JsonWebEncryption; +import org.jose4j.jwe.KeyManagementAlgorithmIdentifiers; +import org.jose4j.lang.JoseException; +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import com.fasterxml.jackson.databind.JsonNode; + +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap; +import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/spring/test_eaaf_sl20_hsm.beans.xml") +public abstract class AbstractJsonSecurityUtilsTest { + +  @Autowired protected DummyAuthConfigMap config; +  @Autowired protected IJoseTools joseTools; +  @Autowired protected EaafKeyStoreFactory keyStoreFactory; +   +  @BeforeClass +  public static void classInitializer() { +    Security.addProvider(new BouncyCastleProvider()); +     +  } +   +  protected abstract void setRsaSigningKey();   +   +  protected abstract void setEcSigningKey(); +   +  protected abstract void setRsaEncryptionKey(); +   +  protected abstract void setEcEncryptionKey(); +   +  protected abstract Pair<KeyStore, Provider> getEncryptionKeyStore() throws EaafException; +   +  protected abstract String getRsaKeyAlias();   +   +  protected abstract String getRsaKeyPassword(); +   +  protected abstract String getEcKeyAlias();   +   +  protected abstract String getEcKeyPassword(); +   +   +  @Test +  public void fullEncryptDecrypt() throws JoseException, EaafException {  +    String payLoad = "{\"aac\":\"" + RandomStringUtils.randomAlphanumeric(100) + "\"}"; +     +    final JsonWebEncryption jwe = new JsonWebEncryption(); +    jwe.setAlgorithmHeaderValue(KeyManagementAlgorithmIdentifiers.ECDH_ES_A256KW); +    jwe.setEncryptionMethodHeaderParameter(ContentEncryptionAlgorithmIdentifiers.AES_128_GCM); +    jwe.setKey(joseTools.getEncryptionCertificate().getPublicKey()); +    jwe.setX509CertSha256ThumbprintHeaderValue(joseTools.getEncryptionCertificate()); +    jwe.setPayload(payLoad); +     +    // set special provider if required +    Pair<KeyStore, Provider> rsaEncKeyStore = getEncryptionKeyStore(); +    if (rsaEncKeyStore.getSecond() != null) { +      final ProviderContext providerCtx = new ProviderContext(); +      providerCtx.getSuppliedKeyProviderContext().setSignatureProvider( +          rsaEncKeyStore.getSecond().getName()); +      jwe.setProviderContext(providerCtx); + +    } +     +    String encData = jwe.getCompactSerialization(); +    Assert.assertNotNull("JWE Encryption", encData); +     +     +    JsonNode decData = joseTools.decryptPayload(encData);    +    Assert.assertNotNull("JWE Decryption", decData); +     +  } +   +  @Test +  public void encryptionRsa() throws JoseException, EaafException { +    String payLoad = "{\"aac\":\"" + RandomStringUtils.randomAlphanumeric(100) + "\"}"; +    Pair<KeyStore, Provider> rsaEncKeyStore = getEncryptionKeyStore();     +    Pair<Key, X509Certificate[]> key = EaafKeyStoreUtils.getPrivateKeyAndCertificates( +        rsaEncKeyStore.getFirst(), getRsaKeyAlias(), getRsaKeyPassword().toCharArray(),  +        true, "jUnit RSA JWE"); +     +    final JsonWebEncryption jwe = new JsonWebEncryption(); +    jwe.setAlgorithmHeaderValue(KeyManagementAlgorithmIdentifiers.RSA_OAEP_256); +    jwe.setEncryptionMethodHeaderParameter(ContentEncryptionAlgorithmIdentifiers.AES_128_GCM); +    jwe.setKey(key.getSecond()[0].getPublicKey()); +    jwe.setPayload(payLoad); +     +    // set special provider if required +    if (rsaEncKeyStore.getSecond() != null) { +      final ProviderContext providerCtx = new ProviderContext(); +      providerCtx.getSuppliedKeyProviderContext().setSignatureProvider( +          rsaEncKeyStore.getSecond().getName()); +      jwe.setProviderContext(providerCtx); + +    } +     +    String encData = jwe.getCompactSerialization();     +    Assert.assertNotNull("JWE", encData); +     +     +  } +   +  @Test +  public void encryptionEc() throws JoseException, EaafException { +    String payLoad = "{\"aac\":\"" + RandomStringUtils.randomAlphanumeric(100) + "\"}"; +    Pair<KeyStore, Provider> rsaEncKeyStore = getEncryptionKeyStore(); +    Pair<Key, X509Certificate[]> key = EaafKeyStoreUtils.getPrivateKeyAndCertificates( +        rsaEncKeyStore.getFirst(), getEcKeyAlias(), getEcKeyPassword().toCharArray(),  +        true, "jUnit RSA JWE"); +     +    final JsonWebEncryption jwe = new JsonWebEncryption(); +    jwe.setAlgorithmHeaderValue(KeyManagementAlgorithmIdentifiers.ECDH_ES_A256KW); +    jwe.setEncryptionMethodHeaderParameter(ContentEncryptionAlgorithmIdentifiers.AES_128_GCM); +    jwe.setKey(key.getSecond()[0].getPublicKey()); +    jwe.setPayload(payLoad); +     +    // set special provider if required +    if (rsaEncKeyStore.getSecond() != null) { +      final ProviderContext providerCtx = new ProviderContext(); +      providerCtx.getSuppliedKeyProviderContext().setSignatureProvider( +          rsaEncKeyStore.getSecond().getName()); +      jwe.setProviderContext(providerCtx); + +    } +     +    String encData = jwe.getCompactSerialization(); +     +    Assert.assertNotNull("JWE", encData); +     +             +  } +   + +  @Test +  public void noTrustedCert() throws CertificateEncodingException, KeyStoreException,  +      JoseException, IOException, EaafException { +    setRsaSigningKey(); +    setRsaEncryptionKey(); +     +    String payLoad = "{\"aac\":\"" + RandomStringUtils.randomAlphanumeric(100) + "\"}"; +         +    String jws = joseTools.createSignature(payLoad);     +    Assert.assertNotNull("Signed msg", jws); +     +    try { +      joseTools.validateSignature( +          jws, +          keyStoreFactory.buildNewKeyStore(getSigTrustStoreConfigOnlyEc()).getFirst(), +          getDefaultAlgorithmConstrains());       +      Assert.fail("Wrong JOSE Sig not detected"); +       +    } catch (JoseException e) { +      Assert.assertEquals("Wrong errorCode",  +          "Can NOT select verification key for JWS. Signature verification FAILED",  +          e.getMessage()); +       +    } +  } +   +  @Test +  public void invalidSignature() throws CertificateEncodingException, KeyStoreException,  +      JoseException, IOException, EaafException { +    setRsaSigningKey(); +    setRsaEncryptionKey(); +     +    String payLoad = "{\"aac\":\"" + RandomStringUtils.randomAlphanumeric(100) + "\"}"; +         +    String jws = joseTools.createSignature(payLoad);     +    Assert.assertNotNull("Signed msg", jws); +     +    String invalidJws =  +        jws.substring(0, jws.indexOf(".") + 5) + "dd" + jws.substring(jws.indexOf(".") + 6);   +         +    try { +      joseTools.validateSignature( +          invalidJws, +          keyStoreFactory.buildNewKeyStore(getSigTrustStoreConfigValid()).getFirst(), +          getDefaultAlgorithmConstrains()); +      Assert.fail("Wrong JOSE Sig not detected"); +       +    } catch (JoseException e) { +      Assert.assertEquals("Wrong errorCode",  +          "JWS signature is invalid.",  +          e.getMessage()); +       +    } +     +  } +   +  @Test +  public void validSigningRsa() throws CertificateEncodingException, KeyStoreException,  +      JoseException, IOException, EaafException { +    setRsaSigningKey(); +    setRsaEncryptionKey(); +     +    String payLoad = "{\"aac\":\"" + RandomStringUtils.randomAlphanumeric(100) + "\"}"; +         +    String jws = joseTools.createSignature(payLoad);     +    Assert.assertNotNull("Signed msg", jws); +     +    VerificationResult verify = joseTools.validateSignature( +        jws, +        keyStoreFactory.buildNewKeyStore(getSigTrustStoreConfigValid()).getFirst(), +        getDefaultAlgorithmConstrains());     +    Assert.assertTrue("wrong verify state", verify.isValidSigned()); +    Assert.assertNotNull("JWS Header", verify.getJoseHeader()); +    Assert.assertNotNull("JWS Payload", verify.getPayload()); +    Assert.assertNotNull("CertChain", verify.getCertChain()); + +     +  } +   +  @Test +  public void validSigningEc() throws CertificateEncodingException, KeyStoreException,  +      JoseException, IOException, EaafException { +    setEcSigningKey(); +    setEcEncryptionKey(); +     +    String payLoad = "{\"aac\":\"" + RandomStringUtils.randomAlphanumeric(100) + "\"}"; +         +    String jws = joseTools.createSignature(payLoad);     +    Assert.assertNotNull("Signed msg", jws); +     +    VerificationResult verify = joseTools.validateSignature( +        jws, +        keyStoreFactory.buildNewKeyStore(getSigTrustStoreConfigValid()).getFirst(), +        getDefaultAlgorithmConstrains());     +    Assert.assertTrue("wrong verify state", verify.isValidSigned()); +    Assert.assertNotNull("JWS Header", verify.getJoseHeader()); +    Assert.assertNotNull("JWS Payload", verify.getPayload()); +    Assert.assertNotNull("CertChain", verify.getCertChain()); +     +  } +   +  protected KeyStoreConfiguration getSigTrustStoreConfigValid() { +    KeyStoreConfiguration trustConfig = new KeyStoreConfiguration(); +    trustConfig.setFriendlyName("jUnit TrustStore"); +    trustConfig.setKeyStoreType(KeyStoreType.JKS); +    trustConfig.setSoftKeyStoreFilePath("src/test/resources/data/junit.jks"); +    trustConfig.setSoftKeyStorePassword("password"); +     +    return trustConfig; +         +  } +   +  protected KeyStoreConfiguration getSigTrustStoreConfigOnlyEc() { +    KeyStoreConfiguration trustConfig = new KeyStoreConfiguration(); +    trustConfig.setFriendlyName("jUnit TrustStore"); +    trustConfig.setKeyStoreType(KeyStoreType.JKS); +    trustConfig.setSoftKeyStoreFilePath("src/test/resources/data/junit_no_rsa.jks"); +    trustConfig.setSoftKeyStorePassword("password"); +     +    return trustConfig; +         +  } +   +  private AlgorithmConstraints getDefaultAlgorithmConstrains() { +    return new AlgorithmConstraints(ConstraintType.WHITELIST, +        SL20Constants.SL20_ALGORITHM_WHITELIST_SIGNING +        .toArray(new String[SL20Constants.SL20_ALGORITHM_WHITELIST_SIGNING.size()])); +  } +   +} diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtilsHsmKeyTest.java b/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtilsHsmKeyTest.java deleted file mode 100644 index 64987942..00000000 --- a/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtilsHsmKeyTest.java +++ /dev/null @@ -1,41 +0,0 @@ -package at.gv.egiz.eaaf.modules.auth.sl20.utils; - -import java.security.Security; - -import org.apache.commons.lang3.RandomStringUtils; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.junit.Assert; -import org.junit.BeforeClass; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; - -import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception; - -@RunWith(SpringJUnit4ClassRunner.class) -@ContextConfiguration("/spring/test_eaaf_sl20_hsm.beans.xml") -public class JsonSecurityUtilsHsmKeyTest { - -  @Autowired private IJoseTools joseTools; -   -  @BeforeClass -  public static void classInitializer() { -    Security.addProvider(new BouncyCastleProvider()); -     -  } -   -  @Test -  public void simpleSigningTest() throws SL20Exception { -    String payLoad = "{\"aac\":\"" + RandomStringUtils.randomAlphanumeric(100) + "\"}"; -         -    String jws = joseTools.createSignature(payLoad);     -    Assert.assertNotNull("Signed msg", jws); -       -    //VerificationResult verify = joseTools.validateSignature(jws);     -    //Assert.assertTrue("wrong verify state", verify.isValidSigned()); -     -  } -   -} diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtilsSoftwareKeyTest.java b/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtilsSoftwareKeyTest.java index 5b8acb16..d78bdbd7 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtilsSoftwareKeyTest.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtilsSoftwareKeyTest.java @@ -1,42 +1,110 @@  package at.gv.egiz.eaaf.modules.auth.sl20.utils; -import java.security.Security; +import java.security.KeyStore; +import java.security.Provider;  import org.apache.commons.lang3.RandomStringUtils; -import org.bouncycastle.jce.provider.BouncyCastleProvider;  import org.junit.Assert; -import org.junit.BeforeClass;  import org.junit.Test;  import org.junit.runner.RunWith; -import org.springframework.beans.factory.annotation.Autowired;  import org.springframework.test.context.ContextConfiguration;  import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.util.Base64Utils; -import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; +import at.gv.egiz.eaaf.core.impl.data.Pair;  import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception; +  @RunWith(SpringJUnit4ClassRunner.class)  @ContextConfiguration("/spring/test_eaaf_sl20.beans.xml") -public class JsonSecurityUtilsSoftwareKeyTest { +public class JsonSecurityUtilsSoftwareKeyTest extends AbstractJsonSecurityUtilsTest { -  @Autowired private IJoseTools joseTools; -   -  @BeforeClass -  public static void classInitializer() { -    Security.addProvider(new BouncyCastleProvider()); -     +  @Test +  public void invalidSignatureRandomString() { +    try { +      joseTools.validateSignature(RandomStringUtils.randomAlphabetic(10)); +      Assert.fail("Wrong JOSE Sig not detected"); +       +    } catch (SL20Exception e) { +      Assert.assertEquals("Wrong errorCode", "sl20.05", e.getErrorId()); +    } +          }    @Test -  public void simpleSigningTest() throws SL20Exception { -    String payLoad = "{\"aac\":\"" + RandomStringUtils.randomAlphanumeric(100) + "\"}"; -         -    String jws = joseTools.createSignature(payLoad);     -    Assert.assertNotNull("Signed msg", jws); +  public void invalidSignatureRandomBase64UrlEncoded() { +    String testValue = Base64Utils.encodeToUrlSafeString(RandomStringUtils.randomAlphanumeric(10).getBytes()) +        + "." +        + Base64Utils.encodeToUrlSafeString(RandomStringUtils.randomAlphanumeric(10).getBytes()) +        + "." +        + Base64Utils.encodeToUrlSafeString(RandomStringUtils.randomAlphanumeric(10).getBytes()); +     +    try {      +      joseTools.validateSignature(testValue); +      Assert.fail("Wrong JOSE Sig not detected"); +       +    } catch (SL20Exception e) { +      Assert.assertEquals("Wrong errorCode", "sl20.05", e.getErrorId()); +    } -    VerificationResult verify = joseTools.validateSignature(jws);     -    Assert.assertTrue("wrong verify state", verify.isValidSigned()); +  } +     +  @Override +  protected void setRsaSigningKey() { +    config.putConfigValue("modules.sl20.security.sign.alias", "meta"); +     +  } + +  @Override +  protected void setEcSigningKey() { +    config.putConfigValue("modules.sl20.security.sign.alias", "sig"); +     +  } +   +  @Override +  protected void setRsaEncryptionKey() { +    config.putConfigValue("modules.sl20.security.encryption.alias", "meta"); +     +  } + +  @Override +  protected void setEcEncryptionKey() { +    config.putConfigValue("modules.sl20.security.encryption.alias", "sig");    } + +  @Override +  protected Pair<KeyStore, Provider> getEncryptionKeyStore() throws EaafException {     +    KeyStoreConfiguration keyConfig = new KeyStoreConfiguration(); +    keyConfig.setFriendlyName("Junit Enc Key Rsa"); +    keyConfig.setKeyStoreType(KeyStoreType.JKS); +    keyConfig.setSoftKeyStoreFilePath("src/test/resources/data/junit.jks"); +    keyConfig.setSoftKeyStorePassword("password"); +     +    return keyStoreFactory.buildNewKeyStore(keyConfig); +  } + +  @Override +  protected String getRsaKeyAlias() { +    return "meta"; +  } + +  @Override +  protected String getRsaKeyPassword() { +    return "password"; +  } + +  @Override +  protected String getEcKeyAlias() { +    return "sig"; +  } + +  @Override +  protected String getEcKeyPassword() { +    return "password"; +  }  } diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/hsm_ec.crt b/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/hsm_ec.crt new file mode 100644 index 00000000..ad780a21 --- /dev/null +++ b/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/hsm_ec.crt @@ -0,0 +1,3 @@ +-----BEGIN CERTIFICATE----- +MIIBQTCB56ADAgECAghqWvzGZbotTjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdFQy1Sb290MB4XDTIwMDYxODA3MzYwOVoXDTI1MDYxODA3MzYwOVowOzEaMBgGA1UEAwwRaW50LWVjLWtleS0xLTAwMDExETAPBgNVBAoMCHNvZnR3YXJlMQowCAYDVQQFEwExMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEMYva5n1ISLX4bZdG9ecGVNVId7OEY4Yjeu+4kk+nbppxNMj6JX5tO2iCCpgHlKC5WWTSJyxSQh3CoLzc8XLUmjAKBggqhkjOPQQDAgNJADBGAiEAiegmUzDThtinnuUwsHXwdr4Y/XUednOyIy7RBeClvyYCIQC/v5NZzg+H6FUrQ2nds2hlB6sD7z5cZPJcqm8+S0wYCw== +-----END CERTIFICATE----- diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/hsm_rsa.crt b/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/hsm_rsa.crt new file mode 100644 index 00000000..aa83c8d9 --- /dev/null +++ b/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/hsm_rsa.crt @@ -0,0 +1,3 @@ +-----BEGIN CERTIFICATE----- +MIICDTCCAbOgAwIBAgIIVLxIFI8kRpkwCgYIKoZIzj0EAwIwEjEQMA4GA1UEAwwHRUMtUm9vdDAeFw0yMDA2MTgwNzM2MTBaFw0yNTA2MTgwNzM2MTBaMDwxGzAZBgNVBAMMEmludC1yc2Eta2V5LTEtMDAwMTERMA8GA1UECgwIc29mdHdhcmUxCjAIBgNVBAUTATEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDrM1ocQqtch95Dm21JHi0V35nlWZibsjLqR+g8ERdD1qFgun/X0I/Rbft+KxB8QsDX7UmIjXGdavNcEjY/XcbiJxUcpv7vn/2+x3JxZO6Iye/ut001okICt3OGIqP93ZEnIaTTNhDsK7OnvD/eUjlmuHiTaFq1dZLKYDQlz9jl/9F4axfrz1V7oo60iqFIW+7tlUeh8VGDUPjQpHghzjHXTJv/OIAt752K31Tn8KR3kvkn6WTPo8eOWVaPQ480Dik0e2afTPPJNZJ7BW111IwqBAOKp586yVsQ4XVEF8H64Cq+s+b4/HBboo9TDJKTJvo2yQmcTsahbH+Rlm20ifUTAgMBAAEwCgYIKoZIzj0EAwIDSAAwRQIhANKN/N2Atb5fbeHSB2Myv/JcNf9JonxFe92AOu4f62NNAiBjOEeg4OyJZKPiDl6aqYVtz1Qroo6xzUC9UVA4qNe4LA== +-----END CERTIFICATE----- diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/junit.jks b/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/junit.jksBinary files differ index 59e6ad13..a18df332 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/junit.jks +++ b/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/junit.jks diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/junit_without_trustcerts.jks b/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/junit_no_rsa.jksBinary files differ index b5262cb8..370cf19e 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/junit_without_trustcerts.jks +++ b/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/junit_no_rsa.jks diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/junit_without_trustcerts.p12 b/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/junit_without_trustcerts.p12Binary files differ deleted file mode 100644 index c3fe2681..00000000 --- a/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/junit_without_trustcerts.p12 +++ /dev/null diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/software_ec.crt b/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/software_ec.crt new file mode 100644 index 00000000..5311f3f1 --- /dev/null +++ b/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/software_ec.crt @@ -0,0 +1,3 @@ +-----BEGIN CERTIFICATE----- +MIIBbTCCARKgAwIBAgIEXjF+qTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJBVDENMAsGA1UEBwwERUdJWjEOMAwGA1UECgwFalVuaXQxEDAOBgNVBAMMB3NpZ25pbmcwHhcNMjAwMTI5MTI0NjMzWhcNMjcwMTI4MTI0NjMzWjA+MQswCQYDVQQGEwJBVDENMAsGA1UEBwwERUdJWjEOMAwGA1UECgwFalVuaXQxEDAOBgNVBAMMB3NpZ25pbmcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASRt7gZRrr4rSEE7Q922oKQJF+mlkwCLZnv8ZzHtH54s4VdyQFIBjQF1PPf9PTn+5tid8QJehZPndcoeD7J8fPJMAoGCCqGSM49BAMCA0kAMEYCIQDFUO0owvqMVRO2FmD+vb8mqJBpWCE6Cl5pEHaygTa5LwIhANsmjI2azWiTSFjb7Ou5fnCfbeiJUP0s66m8qS4rYl9L +-----END CERTIFICATE----- diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/software_rsa.crt b/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/software_rsa.crt new file mode 100644 index 00000000..c70f5031 --- /dev/null +++ b/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/software_rsa.crt @@ -0,0 +1,3 @@ +-----BEGIN CERTIFICATE----- +MIIC+jCCAeKgAwIBAgIEXjF+fTANBgkqhkiG9w0BAQsFADA/MQswCQYDVQQGEwJBVDENMAsGA1UEBwwERUdJWjEOMAwGA1UECgwFalVuaXQxETAPBgNVBAMMCE1ldGFkYXRhMB4XDTIwMDEyOTEyNDU0OVoXDTI2MDEyODEyNDU0OVowPzELMAkGA1UEBhMCQVQxDTALBgNVBAcMBEVHSVoxDjAMBgNVBAoMBWpVbml0MREwDwYDVQQDDAhNZXRhZGF0YTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK230G3dxNbNlSYAO5Kx/Js0aBAgxMt7q9m+dA35fK/dOvF/GjrqjWsMCnax+no9gLnq6x0gXiJclz6Hrp/YDOfLrJjMpNL/r0FWT947vbnEj7eT8TdY5d6Yi8AZulZmjiCI5nbZh2zwrP4+WqRroLoPhXQj8mDyp26M4xHBBUhLMRc2HV4S+XH4uNZ/vTmb8vBg31XGHCY33gl7/KA54JNGxJdN8Dxv6yHYsm91ZfVrX39W0iYLUNhUCkolwuQmjDVfrExM8BTLIONbf+erJoCm3A9ghZyDYRQ/e69/UEUqDa6XOzykr88INkQscEiAXCDS+EBPMpKo+t3lPIA9r7kCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAh/2mg4S03bdZy1OVtEAudBT9YZb9OF34hxPtNbkB/V04wSIg1d4TBr5KDhV7CdiUOxPZzHpS8LUCgfGX306FB6NXzh/b67uTOPaE72AB4VIT/Np0fsM7k5WhG9k9NoprIGiqCz2lXcfpZiT+LtSO1vWSYI87wR9KOSWjcw/5i5qZIAJuwvLCQj5JtUsmrhHK75222J3TJf4dS/gfN4xfY2rW9vcXtH6//8WdWp/zx9V7Z1ZsDb8TDKtBCEGuFDgVeU5ScKtVq8qRoUKD3Ve76cZipurO3KrRrVAuZP2EfLkZdHEHqe8GPigNnZ5kTn8V2VJ3iRAQ73hpJRR98tFd0A== +-----END CERTIFICATE----- | 
