summaryrefslogtreecommitdiff
path: root/eaaf_modules
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2020-02-14 08:46:52 +0100
committerThomas Lenz <thomas.lenz@egiz.gv.at>2020-02-14 08:46:52 +0100
commite23226c47807be597bbbae3891dbb94069d56836 (patch)
tree13419e53996ce9cfe82583cbe5a00c3be2698400 /eaaf_modules
parentcbfadcc7681c9f362c1e7e2c3eab43980c1236ef (diff)
downloadEAAF-Components-e23226c47807be597bbbae3891dbb94069d56836.tar.gz
EAAF-Components-e23226c47807be597bbbae3891dbb94069d56836.tar.bz2
EAAF-Components-e23226c47807be597bbbae3891dbb94069d56836.zip
Integrate HSM Facade from A-SIT+
The EaafKeyStoreFactory can be used to build KeyStores from differend providers and types
Diffstat (limited to 'eaaf_modules')
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java21
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java119
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/CredentialProviderTest.java60
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java44
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/resources/config/config_1.props4
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/resources/config/config_2.props12
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core.beans.xml3
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core_spring_config.beans.xml3
-rw-r--r--eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/config/config_1.props6
-rw-r--r--eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/config/config_2.props12
-rw-r--r--eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_core.beans.xml3
11 files changed, 152 insertions, 135 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java
index 1b14c92d..b9d0161f 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java
@@ -33,13 +33,6 @@ import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.naming.ConfigurationException;
-import at.gv.egiz.components.spring.api.IDestroyableObject;
-import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing;
-import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpAddableChainingMetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
-
import org.apache.commons.lang3.StringUtils;
import org.joda.time.DateTime;
import org.opensaml.core.criterion.EntityIdCriterion;
@@ -50,6 +43,12 @@ import org.opensaml.saml.metadata.resolver.filter.MetadataFilter;
import org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
+import at.gv.egiz.components.spring.api.IDestroyableObject;
+import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpAddableChainingMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
import lombok.extern.slf4j.Slf4j;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullElements;
import net.shibboleth.utilities.java.support.component.IdentifiedComponent;
@@ -408,13 +407,6 @@ public abstract class AbstractChainingMetadataProvider implements IGarbageCollec
private void addAndRemoveMetadataProvider() throws EaafConfigurationException {
log.info("EAAF chaining metadata resolver starting internal managment task .... ");
- /*
- * OpenSAML ChainingMetadataProvider can not remove a MetadataProvider
- * (UnsupportedOperationException) The ChainingMetadataProvider use internal a
- * unmodifiableList to hold all registrated MetadataProviders.
- */
- final Map<String, MetadataResolver> providersinuse = new HashMap<>();
-
// get all actually loaded metadata providers
final Map<String, MetadataResolver> loadedproviders = getAllActuallyLoadedResolvers();
@@ -438,7 +430,6 @@ public abstract class AbstractChainingMetadataProvider implements IGarbageCollec
if (StringUtils.isNotEmpty(metadataurl)
&& loadedproviders.containsKey(metadataurl)) {
// SAML2 SP is actually loaded, to nothing
- providersinuse.put(metadataurl, loadedproviders.get(metadataurl));
loadedproviders.remove(metadataurl);
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java
index bf551c0e..6477d8ff 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java
@@ -19,15 +19,9 @@
package at.gv.egiz.eaaf.modules.pvp2.impl.utils;
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
-import java.security.Security;
import java.security.cert.Certificate;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
@@ -37,27 +31,24 @@ import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.PostConstruct;
-import at.asitplus.hsmfacade.provider.HsmFacadeProvider;
-import at.asitplus.hsmfacade.provider.RemoteKeyStoreLoadParameter;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.xml.security.algorithms.JCEMapper;
+import org.opensaml.security.credential.UsageType;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.io.ResourceLoader;
+
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider;
import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.EaafKeyStoreX509CredentialAdapter;
-
-import org.apache.commons.lang3.StringUtils;
-import org.apache.xml.security.algorithms.JCEMapper;
-import org.opensaml.security.credential.UsageType;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.annotation.Lazy;
-import org.springframework.core.io.Resource;
-import org.springframework.core.io.ResourceLoader;
-
import lombok.extern.slf4j.Slf4j;
@Slf4j
@@ -70,6 +61,9 @@ public abstract class AbstractCredentialProvider implements IPvp2CredentialProvi
@Autowired
protected IConfiguration basicConfig;
+ @Autowired
+ private EaafKeyStoreFactory keyStoreFactory;
+
private KeyStore keyStore = null;
/**
@@ -78,23 +72,18 @@ public abstract class AbstractCredentialProvider implements IPvp2CredentialProvi
*
* @return keyStore friendlyName
*/
- public abstract String getFriendlyName();
+ public final String getFriendlyName() {
+ return getBasicKeyStoreConfig().getFriendlyName();
- /**
- * Get KeyStore.
- *
- * @return URL to the keyStore
- * @throws EaafException In case of an invalid filepath
- */
- @Nonnull
- public abstract String getKeyStoreFilePath() throws EaafException;
+ }
/**
- * Get keyStore password.
+ * Get the basic KeyStore configuration object for this SAML2 credential.
*
- * @return Password of the keyStore
+ * @return KeyStore configuration object
*/
- public abstract String getKeyStorePassword();
+ @Nonnull
+ public abstract KeyStoreConfiguration getBasicKeyStoreConfig();
/**
* Get alias of key for metadata signing.
@@ -161,8 +150,6 @@ public abstract class AbstractCredentialProvider implements IPvp2CredentialProvi
}
}
-
-
/**
* Get Credentials to sign SAML2 messages, like AuthnRequest, Response,
* Assertions as some examples.
@@ -257,56 +244,36 @@ public abstract class AbstractCredentialProvider implements IPvp2CredentialProvi
}
- private X509Certificate getRootCertificate() throws CertificateException {
- String pem = "-----BEGIN CERTIFICATE-----\n" +
- "MIIDFDCCAfygAwIBAgIEXIjqbjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARy\n" +
- "b290MB4XDTE5MDMxMzExMzMwMloXDTIwMDMxMjExMzMwMlowDzENMAsGA1UEAwwE\n" +
- "cm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKijWXfb7bvQ7CIw\n" +
- "FuyuPUz+aN7uBgSSnpYamtzjagacdtGR2V2OVHfjVHhw+cSoNPaEEV2x0O9A+w8F\n" +
- "FCatBT30l7/2scuJmrdXYlIhd17NU6HG/HKYvRYROkXrprsbdZobWqdF/zShLIvv\n" +
- "0bwconAu7AxwlDgNJQz2pL0e94OkCT5rZyA4HFgzJ34XynXaCMbUbVXxVk6EuNaX\n" +
- "hbyco0qhjOjSn7Rwk3iXp21V4vcYRVq44sG3ieU6jHq6LKmYSGJ1y0yv9ADYJwSp\n" +
- "jCzRbOEKe/7QVvZIyzzqjhO3SAHONuFNX0V6zPCgMCjUOgHuOIEKLJR9p0YYYocX\n" +
- "GBLcVuECAwEAAaN4MHYwDAYDVR0TBAUwAwEB/zA6BgNVHSMEMzAxgBQueuDUlVbB\n" +
- "LBjP+iRFr6lUDBh58qETpBEwDzENMAsGA1UEAwwEcm9vdIIEXIjqbjAdBgNVHQ4E\n" +
- "FgQULnrg1JVWwSwYz/okRa+pVAwYefIwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEB\n" +
- "CwUAA4IBAQCEYSVpiKFO7FjCqTlkxNBY7e7891dq43DfX9i/Hb/AIvZDPe/RC46t\n" +
- "EXd9LN7QYaXe35U5ZD1q7qmK7NoFJ9zp4D4mxA2iiBHz40GnRt+0abNdQiyw913W\n" +
- "s/VIElAOv0tvCw+3SwzvLRU/AVCM1weW6IUbYv/Ty5zmLBsG3do3MmVF3cqXho2m\n" +
- "pNaiubuaUsR8Ms1LqIr6R7Yf8MKSrgYWCOw60gj5O64RHnEJli52D+S/8Cue5GvG\n" +
- "ECckmgLgGsRcWfFwRqqS7+XWt8Dv8xxD5vurvcs547Hn28kSHtF2i+KYLDVH2QjN\n" +
- "dbO0qgEJlMPi7oGrsNjIkndrWseNrPA4\n" +
- "-----END CERTIFICATE-----\n";
- return (java.security.cert.X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(pem.getBytes()));
- }
-
- @Lazy
@PostConstruct
private void initialize() throws Exception {
try {
- final HsmFacadeProvider provider = HsmFacadeProvider.Companion.getInstance();
- String clientUsername = "shibboleth-idp";
- String clientPassword = "supersecret123";
- String host = "localhost";
- int port = 9000;
- String hsmName = "software";
- String keyStoreName = "shibboleth";
- String keyStoreAlias = "shibboleth-sign";
-
- provider.init(getRootCertificate(), clientUsername, clientPassword, host, port, hsmName);
- Security.addProvider(provider);
- //Security.insertProviderAt(provider, 1);
- JCEMapper.setProviderId(provider.getName());
- keyStore = KeyStore.getInstance("RemoteKeyStore", "HsmFacade");
- keyStore.load(new RemoteKeyStoreLoadParameter(keyStoreName));
-
- if (keyStore == null) {
- throw new EaafConfigurationException("module.00",
- new Object[] { getFriendlyName(), "KeyStore initialization failed. Maybe wrong password" });
+ final KeyStoreConfiguration keyStoreConfig = getBasicKeyStoreConfig();
+ keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig);
+
+ if (JCEMapper.getProviderId() != null
+ && !JCEMapper.getProviderId().equals(keyStore.getProvider().getName())) {
+ log.error("OpenSAML3.x can ONLY use a single type of CryptoProvider in an application. "
+ + "Can NOT set: {}, because {} was already set", keyStore.getProvider().getName(),
+ JCEMapper.getProviderId());
+ throw new EaafConfigurationException(EaafKeyStoreFactory.ERRORCODE_06,
+ new Object[] { keyStoreConfig.getFriendlyName(),
+ "OpenSAML3.x can ONLY use a single type of CryptoProvider" });
+
+ }
+
+ // Set JCEMapper only in case of HSM based KeyStores because Software KeyStores
+ // can use
+ // the default SecurityProvider system in OpenSAML3.x signing engine
+ if (!KeyStoreType.JKS.equals(keyStoreConfig.getKeyStoreType())
+ && !KeyStoreType.PKCS12.equals(keyStoreConfig.getKeyStoreType())
+ && JCEMapper.getProviderId() == null) {
+ log.info("Register CryptoProvider: {} as defaut for OpenSAML3.x",
+ keyStore.getProvider().getName());
+ JCEMapper.setProviderId(keyStore.getProvider().getName());
}
- } catch (IOException | KeyStoreException | EaafException e) {
+ } catch (final EaafException e) {
log.error("Can not initialize KeyStore for eIDAS authentication client.", e);
throw e;
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/CredentialProviderTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/CredentialProviderTest.java
index 7d95204b..3ba4629e 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/CredentialProviderTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/CredentialProviderTest.java
@@ -3,14 +3,8 @@ package at.gv.egiz.eaaf.modules.pvp2.test;
import java.security.cert.X509Certificate;
import java.util.List;
-import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
-import at.gv.egiz.eaaf.core.impl.idp.module.test.DummyAuthConfigMap;
-import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
-import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
-import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
-import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
-
import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.xml.security.algorithms.JCEMapper;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
@@ -23,6 +17,14 @@ import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.TestPropertySource;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.DummyAuthConfigMap;
+import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
+
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration({
@@ -34,9 +36,14 @@ public class CredentialProviderTest {
private static final String PATH_JKS_WITH_TRUST_CERTS = "src/test/resources/data/junit.jks";
private static final String PATH_JKS_WITHOUT_TRUST_CERTS = "src/test/resources/data/junit_without_trustcerts.jks";
- private static final String ALIAS_METADATA = "shibboleth-sign";
- private static final String ALIAS_SIGN = "shibboleth-sign";
- private static final String ALIAS_ENC = "shibboleth-sign";
+ //private static final String HSMF_ALIAS_METADATA = "shibboleth-sign";
+ //private static final String HSMF_ALIAS_SIGN = "shibboleth-sign";
+ //private static final String HSMF_ALIAS_ENC = "shibboleth-sign";
+
+ private static final String ALIAS_METADATA = "meta";
+ private static final String ALIAS_SIGN = "sig";
+ private static final String ALIAS_ENC = "meta";
+
private static final String PASSWORD = "password";
@@ -59,6 +66,8 @@ public class CredentialProviderTest {
config.removeConfigValue(DummyCredentialProvider.KEY_ENCRYPTION_ALIAS);
config.removeConfigValue(DummyCredentialProvider.KEY_ENCRYPTION_PASSWORD);
+
+ JCEMapper.setProviderId(null);
}
@@ -86,7 +95,7 @@ public class CredentialProviderTest {
Assert.fail("No KeyStore not detected");
} catch (final BeansException e) {
- org.springframework.util.Assert.isInstanceOf(java.io.FileNotFoundException.class,
+ org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class,
e.getCause(), "Wrong exception");
}
@@ -101,7 +110,7 @@ public class CredentialProviderTest {
Assert.fail("No KeyStore not detected");
} catch (final BeansException e) {
- org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class,
+ org.springframework.util.Assert.isInstanceOf(EaafFactoryException.class,
e.getCause(), "Wrong exception");
}
@@ -384,6 +393,33 @@ public class CredentialProviderTest {
@Test
@DirtiesContext
+ public void otherKeyStoreTypeAlreadyLoaded() throws CredentialsNotAvailableException {
+ config.putConfigValue(DummyCredentialProvider.KEYSTORE_PATH, PATH_JKS_WITHOUT_TRUST_CERTS);
+
+ config.putConfigValue(PvpConstants.CONFIG_PROP_SEC_SIGNING_RSA_ALG,
+ "RSA-SIG_" + RandomStringUtils.randomAlphabetic(10));
+ config.putConfigValue(PvpConstants.CONFIG_PROP_SEC_SIGNING_EC_ALG,
+ "EC-SIG_" + RandomStringUtils.randomAlphabetic(10));
+ config.putConfigValue(PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_RSA_ALG,
+ "RSA_ENC_" + RandomStringUtils.randomAlphabetic(10));
+ config.putConfigValue(PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_EC_ALG,
+ "EC-ENC_" + RandomStringUtils.randomAlphabetic(10));
+
+ try {
+ JCEMapper.setProviderId(RandomStringUtils.randomAlphabetic(5));
+
+ context.getBean(DummyCredentialProvider.class);
+
+ } catch (final BeansException e) {
+ org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class,
+ e.getCause(), "Wrong exception");
+
+ }
+
+ }
+
+ @Test
+ @DirtiesContext
public void notKeyConfiguration() {
final DummyCredentialProvider credential = context.getBean(DummyCredentialProvider.class);
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java
index b9f1326d..0f8eff72 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java
@@ -1,15 +1,12 @@
package at.gv.egiz.eaaf.modules.pvp2.test.dummy;
-import java.net.MalformedURLException;
+import org.springframework.beans.factory.annotation.Autowired;
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
-import org.springframework.beans.factory.annotation.Autowired;
-
public class DummyCredentialProvider extends AbstractCredentialProvider {
@Autowired IConfiguration basicConfig;
@@ -26,32 +23,26 @@ public class DummyCredentialProvider extends AbstractCredentialProvider {
public static final String KEY_ENCRYPTION_ALIAS = "key.enc.alias";
public static final String KEY_ENCRYPTION_PASSWORD = "key.enc.pass";
+ private static final String KEYSTORENAME = "jUnit test credential provider";
+
@Override
- public String getFriendlyName() {
- return "jUnit test credential provider";
+ public KeyStoreConfiguration getBasicKeyStoreConfig() {
+ KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration();
+ keyStoreConfig.setKeyStoreType(KeyStoreType.JKS);
+ keyStoreConfig.setFriendlyName(KEYSTORENAME);
+
+ keyStoreConfig.setSoftKeyStoreFilePath(getKeyStoreFilePath());
+ keyStoreConfig.setSoftKeyStorePassword(getKeyStorePassword());
+
+ return keyStoreConfig;
}
- @Override
- public String getKeyStoreFilePath() throws EaafException {
+ public String getKeyStoreFilePath() {
final String path = basicConfig.getBasicConfiguration(KEYSTORE_PATH);
-
- if (path != null) {
- try {
- return FileUtils.makeAbsoluteUrl(
- path,
- basicConfig.getConfigurationRootDirectory());
-
- } catch (final MalformedURLException e) {
- throw new EaafConfigurationException("internel test error", null, e);
-
- }
- }
-
- throw new EaafConfigurationException("No keyStore path", null);
-
+ return path;
+
}
- @Override
public String getKeyStorePassword() {
return basicConfig.getBasicConfiguration(KEYSTORE_PASSWORD);
}
@@ -86,4 +77,5 @@ public class DummyCredentialProvider extends AbstractCredentialProvider {
return basicConfig.getBasicConfiguration(KEY_ENCRYPTION_PASSWORD);
}
+
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/config/config_1.props b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/config/config_1.props
index 60cecebb..164b8807 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/config/config_1.props
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/config/config_1.props
@@ -1,8 +1,8 @@
keystore.path=classpath:/data/junit.jks
keystore.pass=password
-key.metadata.alias=shibboleth-sign
+key.metadata.alias=meta
key.metadata.pass=password
-key.sig.alias=shibboleth-sign
+key.sig.alias=sig
key.sig.pass=password
key.enc.alias=
key.enc.pass=
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/config/config_2.props b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/config/config_2.props
new file mode 100644
index 00000000..60cecebb
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/config/config_2.props
@@ -0,0 +1,12 @@
+keystore.path=classpath:/data/junit.jks
+keystore.pass=password
+key.metadata.alias=shibboleth-sign
+key.metadata.pass=password
+key.sig.alias=shibboleth-sign
+key.sig.pass=password
+key.enc.alias=
+key.enc.pass=
+
+client.http.connection.timeout.socket=2
+client.http.connection.timeout.connection=2
+client.http.connection.timeout.request=2 \ No newline at end of file
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core.beans.xml b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core.beans.xml
index 3b2d0a28..5e3f0b9b 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core.beans.xml
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core.beans.xml
@@ -19,4 +19,7 @@
<bean id="httpClientFactory"
class="at.gv.egiz.eaaf.core.impl.utils.HttpClientFactory" />
+ <bean id="eaafKeyStoreFactory"
+ class="at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory" />
+
</beans> \ No newline at end of file
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core_spring_config.beans.xml b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core_spring_config.beans.xml
index c1660a70..5aef9544 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core_spring_config.beans.xml
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core_spring_config.beans.xml
@@ -15,4 +15,7 @@
<constructor-arg value="/config/config_1.props" />
</bean>
+ <bean id="eaafKeyStoreFactory"
+ class="at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory" />
+
</beans> \ No newline at end of file
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/config/config_1.props b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/config/config_1.props
index 5dea3d51..164b8807 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/config/config_1.props
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/config/config_1.props
@@ -1,14 +1,12 @@
keystore.path=classpath:/data/junit.jks
keystore.pass=password
-key.metadata.alias=shibboleth-sign
+key.metadata.alias=meta
key.metadata.pass=password
-key.sig.alias=shibboleth-sign
+key.sig.alias=sig
key.sig.pass=password
key.enc.alias=
key.enc.pass=
-pvp2.assertion.encryption.active=true
-
client.http.connection.timeout.socket=2
client.http.connection.timeout.connection=2
client.http.connection.timeout.request=2 \ No newline at end of file
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/config/config_2.props b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/config/config_2.props
new file mode 100644
index 00000000..60cecebb
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/config/config_2.props
@@ -0,0 +1,12 @@
+keystore.path=classpath:/data/junit.jks
+keystore.pass=password
+key.metadata.alias=shibboleth-sign
+key.metadata.pass=password
+key.sig.alias=shibboleth-sign
+key.sig.pass=password
+key.enc.alias=
+key.enc.pass=
+
+client.http.connection.timeout.socket=2
+client.http.connection.timeout.connection=2
+client.http.connection.timeout.request=2 \ No newline at end of file
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_core.beans.xml b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_core.beans.xml
index 375224bb..8c0b8596 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_core.beans.xml
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_core.beans.xml
@@ -21,5 +21,8 @@
<bean id="httpClientFactory"
class="at.gv.egiz.eaaf.core.impl.utils.HttpClientFactory" />
+
+ <bean id="eaafKeyStoreFactory"
+ class="at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory" />
</beans> \ No newline at end of file