Integrate HSM Facade from A-SIT+

The EaafKeyStoreFactory can be used to build KeyStores from differend providers and types
author: Thomas Lenz <thomas.lenz@egiz.gv.at> 2020-02-14 08:46:52 +0100
committer: Thomas Lenz <thomas.lenz@egiz.gv.at> 2020-02-14 08:46:52 +0100
commit: e23226c47807be597bbbae3891dbb94069d56836 (patch)
tree: 13419e53996ce9cfe82583cbe5a00c3be2698400 /eaaf_modules
parent: cbfadcc7681c9f362c1e7e2c3eab43980c1236ef (diff)
download: EAAF-Components-e23226c47807be597bbbae3891dbb94069d56836.tar.gz
EAAF-Components-e23226c47807be597bbbae3891dbb94069d56836.tar.bz2
EAAF-Components-e23226c47807be597bbbae3891dbb94069d56836.zip
11 files changed, 152 insertions, 135 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java
index 1b14c92d..b9d0161f 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java
@@ -33,13 +33,6 @@ import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
 import javax.naming.ConfigurationException;
 
-import at.gv.egiz.components.spring.api.IDestroyableObject;
-import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing;
-import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpAddableChainingMetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
-
 import org.apache.commons.lang3.StringUtils;
 import org.joda.time.DateTime;
 import org.opensaml.core.criterion.EntityIdCriterion;
@@ -50,6 +43,12 @@ import org.opensaml.saml.metadata.resolver.filter.MetadataFilter;
 import org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver;
 import org.opensaml.saml.saml2.metadata.EntityDescriptor;
 
+import at.gv.egiz.components.spring.api.IDestroyableObject;
+import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpAddableChainingMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
 import lombok.extern.slf4j.Slf4j;
 import net.shibboleth.utilities.java.support.annotation.constraint.NonnullElements;
 import net.shibboleth.utilities.java.support.component.IdentifiedComponent;
@@ -408,13 +407,6 @@ public abstract class AbstractChainingMetadataProvider implements IGarbageCollec
   private void addAndRemoveMetadataProvider() throws EaafConfigurationException {
     log.info("EAAF chaining metadata resolver starting internal managment task .... ");
 
-    /*
-     * OpenSAML ChainingMetadataProvider can not remove a MetadataProvider
-     * (UnsupportedOperationException) The ChainingMetadataProvider use internal a
-     * unmodifiableList to hold all registrated MetadataProviders.
-     */
-    final Map<String, MetadataResolver> providersinuse = new HashMap<>();
-
     // get all actually loaded metadata providers
     final Map<String, MetadataResolver> loadedproviders = getAllActuallyLoadedResolvers();
 
@@ -438,7 +430,6 @@ public abstract class AbstractChainingMetadataProvider implements IGarbageCollec
         if (StringUtils.isNotEmpty(metadataurl)
             && loadedproviders.containsKey(metadataurl)) {
           // SAML2 SP is actually loaded, to nothing
-          providersinuse.put(metadataurl, loadedproviders.get(metadataurl));
           loadedproviders.remove(metadataurl);
 
         }
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java
index bf551c0e..6477d8ff 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java
@@ -19,15 +19,9 @@
 
 package at.gv.egiz.eaaf.modules.pvp2.impl.utils;
 
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
-import java.security.Security;
 import java.security.cert.Certificate;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.Collections;
@@ -37,27 +31,24 @@ import java.util.List;
 import javax.annotation.Nonnull;
 import javax.annotation.PostConstruct;
 
-import at.asitplus.hsmfacade.provider.HsmFacadeProvider;
-import at.asitplus.hsmfacade.provider.RemoteKeyStoreLoadParameter;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.xml.security.algorithms.JCEMapper;
+import org.opensaml.security.credential.UsageType;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.io.ResourceLoader;
+
 import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
 import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
 import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
 import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
 import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider;
 import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
 import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
 import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.EaafKeyStoreX509CredentialAdapter;
-
-import org.apache.commons.lang3.StringUtils;
-import org.apache.xml.security.algorithms.JCEMapper;
-import org.opensaml.security.credential.UsageType;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.annotation.Lazy;
-import org.springframework.core.io.Resource;
-import org.springframework.core.io.ResourceLoader;
-
 import lombok.extern.slf4j.Slf4j;
 
 @Slf4j
@@ -70,6 +61,9 @@ public abstract class AbstractCredentialProvider implements IPvp2CredentialProvi
   @Autowired
   protected IConfiguration basicConfig;
 
+  @Autowired
+  private EaafKeyStoreFactory keyStoreFactory;
+
   private KeyStore keyStore = null;
 
   /**
@@ -78,23 +72,18 @@ public abstract class AbstractCredentialProvider implements IPvp2CredentialProvi
    *
    * @return keyStore friendlyName
    */
-  public abstract String getFriendlyName();
+  public final String getFriendlyName() {
+    return getBasicKeyStoreConfig().getFriendlyName();
 
-  /**
-   * Get KeyStore.
-   *
-   * @return URL to the keyStore
-   * @throws EaafException In case of an invalid filepath
-   */
-  @Nonnull
-  public abstract String getKeyStoreFilePath() throws EaafException;
+  }
 
   /**
-   * Get keyStore password.
+   * Get the basic KeyStore configuration object for this SAML2 credential.
    *
-   * @return Password of the keyStore
+   * @return KeyStore configuration object
    */
-  public abstract String getKeyStorePassword();
+  @Nonnull
+  public abstract KeyStoreConfiguration getBasicKeyStoreConfig();
 
   /**
    * Get alias of key for metadata signing.
@@ -161,8 +150,6 @@ public abstract class AbstractCredentialProvider implements IPvp2CredentialProvi
     }
   }
 
-
-
   /**
    * Get Credentials to sign SAML2 messages, like AuthnRequest, Response,
    * Assertions as some examples.
@@ -257,56 +244,36 @@ public abstract class AbstractCredentialProvider implements IPvp2CredentialProvi
 
   }
 
-  private X509Certificate getRootCertificate() throws CertificateException {
-    String pem = "-----BEGIN CERTIFICATE-----\n" +
-            "MIIDFDCCAfygAwIBAgIEXIjqbjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARy\n" +
-            "b290MB4XDTE5MDMxMzExMzMwMloXDTIwMDMxMjExMzMwMlowDzENMAsGA1UEAwwE\n" +
-            "cm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKijWXfb7bvQ7CIw\n" +
-            "FuyuPUz+aN7uBgSSnpYamtzjagacdtGR2V2OVHfjVHhw+cSoNPaEEV2x0O9A+w8F\n" +
-            "FCatBT30l7/2scuJmrdXYlIhd17NU6HG/HKYvRYROkXrprsbdZobWqdF/zShLIvv\n" +
-            "0bwconAu7AxwlDgNJQz2pL0e94OkCT5rZyA4HFgzJ34XynXaCMbUbVXxVk6EuNaX\n" +
-            "hbyco0qhjOjSn7Rwk3iXp21V4vcYRVq44sG3ieU6jHq6LKmYSGJ1y0yv9ADYJwSp\n" +
-            "jCzRbOEKe/7QVvZIyzzqjhO3SAHONuFNX0V6zPCgMCjUOgHuOIEKLJR9p0YYYocX\n" +
-            "GBLcVuECAwEAAaN4MHYwDAYDVR0TBAUwAwEB/zA6BgNVHSMEMzAxgBQueuDUlVbB\n" +
-            "LBjP+iRFr6lUDBh58qETpBEwDzENMAsGA1UEAwwEcm9vdIIEXIjqbjAdBgNVHQ4E\n" +
-            "FgQULnrg1JVWwSwYz/okRa+pVAwYefIwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEB\n" +
-            "CwUAA4IBAQCEYSVpiKFO7FjCqTlkxNBY7e7891dq43DfX9i/Hb/AIvZDPe/RC46t\n" +
-            "EXd9LN7QYaXe35U5ZD1q7qmK7NoFJ9zp4D4mxA2iiBHz40GnRt+0abNdQiyw913W\n" +
-            "s/VIElAOv0tvCw+3SwzvLRU/AVCM1weW6IUbYv/Ty5zmLBsG3do3MmVF3cqXho2m\n" +
-            "pNaiubuaUsR8Ms1LqIr6R7Yf8MKSrgYWCOw60gj5O64RHnEJli52D+S/8Cue5GvG\n" +
-            "ECckmgLgGsRcWfFwRqqS7+XWt8Dv8xxD5vurvcs547Hn28kSHtF2i+KYLDVH2QjN\n" +
-            "dbO0qgEJlMPi7oGrsNjIkndrWseNrPA4\n" +
-            "-----END CERTIFICATE-----\n";
-    return (java.security.cert.X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(pem.getBytes()));
-  }
-
-  @Lazy
   @PostConstruct
   private void initialize() throws Exception {
     try {
-      final HsmFacadeProvider provider = HsmFacadeProvider.Companion.getInstance();
-      String clientUsername = "shibboleth-idp";
-      String clientPassword = "supersecret123";
-      String host = "localhost";
-      int port = 9000;
-      String hsmName = "software";
-      String keyStoreName = "shibboleth";
-      String keyStoreAlias = "shibboleth-sign";
-
-      provider.init(getRootCertificate(), clientUsername, clientPassword, host, port, hsmName);
-      Security.addProvider(provider);
-      //Security.insertProviderAt(provider, 1);
-      JCEMapper.setProviderId(provider.getName());
-      keyStore = KeyStore.getInstance("RemoteKeyStore", "HsmFacade");
-      keyStore.load(new RemoteKeyStoreLoadParameter(keyStoreName));
-
-      if (keyStore == null) {
-        throw new EaafConfigurationException("module.00",
-            new Object[] { getFriendlyName(), "KeyStore initialization failed. Maybe wrong password" });
+      final KeyStoreConfiguration keyStoreConfig = getBasicKeyStoreConfig();
+      keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig);
+
+      if (JCEMapper.getProviderId() != null
+          && !JCEMapper.getProviderId().equals(keyStore.getProvider().getName())) {
+        log.error("OpenSAML3.x can ONLY use a single type of CryptoProvider in an application. "
+            + "Can NOT set: {}, because {} was already set", keyStore.getProvider().getName(),
+            JCEMapper.getProviderId());
+        throw new EaafConfigurationException(EaafKeyStoreFactory.ERRORCODE_06,
+            new Object[] { keyStoreConfig.getFriendlyName(),
+                "OpenSAML3.x can ONLY use a single type of CryptoProvider" });
+
+      }
+
+      // Set JCEMapper only in case of HSM based KeyStores because Software KeyStores
+      // can use
+      // the default SecurityProvider system in OpenSAML3.x signing engine
+      if (!KeyStoreType.JKS.equals(keyStoreConfig.getKeyStoreType())
+          && !KeyStoreType.PKCS12.equals(keyStoreConfig.getKeyStoreType())
+          && JCEMapper.getProviderId() == null) {
+        log.info("Register CryptoProvider: {} as defaut for OpenSAML3.x",
+            keyStore.getProvider().getName());
+        JCEMapper.setProviderId(keyStore.getProvider().getName());
 
       }
 
-    } catch (IOException | KeyStoreException | EaafException e) {
+    } catch (final EaafException e) {
       log.error("Can not initialize KeyStore for eIDAS authentication client.", e);
       throw e;
 
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/CredentialProviderTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/CredentialProviderTest.java
index 7d95204b..3ba4629e 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/CredentialProviderTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/CredentialProviderTest.java
@@ -3,14 +3,8 @@ package at.gv.egiz.eaaf.modules.pvp2.test;
 import java.security.cert.X509Certificate;
 import java.util.List;
 
-import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
-import at.gv.egiz.eaaf.core.impl.idp.module.test.DummyAuthConfigMap;
-import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
-import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
-import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
-import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
-
 import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.xml.security.algorithms.JCEMapper;
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Test;
@@ -23,6 +17,14 @@ import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.TestPropertySource;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.DummyAuthConfigMap;
+import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
+
 
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration({
@@ -34,9 +36,14 @@ public class CredentialProviderTest {
 
   private static final String PATH_JKS_WITH_TRUST_CERTS = "src/test/resources/data/junit.jks";
   private static final String PATH_JKS_WITHOUT_TRUST_CERTS = "src/test/resources/data/junit_without_trustcerts.jks";
-  private static final String ALIAS_METADATA = "shibboleth-sign";
-  private static final String ALIAS_SIGN = "shibboleth-sign";
-  private static final String ALIAS_ENC = "shibboleth-sign";
+  //private static final String HSMF_ALIAS_METADATA = "shibboleth-sign";
+  //private static final String HSMF_ALIAS_SIGN = "shibboleth-sign";
+  //private static final String HSMF_ALIAS_ENC = "shibboleth-sign";
+  
+  private static final String ALIAS_METADATA = "meta";
+  private static final String ALIAS_SIGN = "sig";
+  private static final String ALIAS_ENC = "meta";
+  
   private static final String PASSWORD = "password";
 
 
@@ -59,6 +66,8 @@ public class CredentialProviderTest {
 
     config.removeConfigValue(DummyCredentialProvider.KEY_ENCRYPTION_ALIAS);
     config.removeConfigValue(DummyCredentialProvider.KEY_ENCRYPTION_PASSWORD);
+    
+    JCEMapper.setProviderId(null);
 
   }
 
@@ -86,7 +95,7 @@ public class CredentialProviderTest {
       Assert.fail("No KeyStore not detected");
 
     } catch (final BeansException e) {
-      org.springframework.util.Assert.isInstanceOf(java.io.FileNotFoundException.class,
+      org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class,
           e.getCause(), "Wrong exception");
     }
 
@@ -101,7 +110,7 @@ public class CredentialProviderTest {
       Assert.fail("No KeyStore not detected");
 
     } catch (final BeansException e) {
-      org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class,
+      org.springframework.util.Assert.isInstanceOf(EaafFactoryException.class,
           e.getCause(), "Wrong exception");
 
     }
@@ -384,6 +393,33 @@ public class CredentialProviderTest {
 
   @Test
   @DirtiesContext
+  public void otherKeyStoreTypeAlreadyLoaded() throws CredentialsNotAvailableException {
+    config.putConfigValue(DummyCredentialProvider.KEYSTORE_PATH, PATH_JKS_WITHOUT_TRUST_CERTS);
+
+    config.putConfigValue(PvpConstants.CONFIG_PROP_SEC_SIGNING_RSA_ALG,
+        "RSA-SIG_" + RandomStringUtils.randomAlphabetic(10));
+    config.putConfigValue(PvpConstants.CONFIG_PROP_SEC_SIGNING_EC_ALG,
+        "EC-SIG_" + RandomStringUtils.randomAlphabetic(10));
+    config.putConfigValue(PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_RSA_ALG,
+        "RSA_ENC_" + RandomStringUtils.randomAlphabetic(10));
+    config.putConfigValue(PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_EC_ALG,
+        "EC-ENC_" + RandomStringUtils.randomAlphabetic(10));
+    
+    try {
+      JCEMapper.setProviderId(RandomStringUtils.randomAlphabetic(5));
+      
+      context.getBean(DummyCredentialProvider.class);
+
+    } catch (final BeansException e) {
+      org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class,
+          e.getCause(), "Wrong exception");
+
+    }
+
+  }
+  
+  @Test
+  @DirtiesContext
   public void notKeyConfiguration() {
     final DummyCredentialProvider credential = context.getBean(DummyCredentialProvider.class);
 
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java
index b9f1326d..0f8eff72 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java
@@ -1,15 +1,12 @@
 package at.gv.egiz.eaaf.modules.pvp2.test.dummy;
 
-import java.net.MalformedURLException;
+import org.springframework.beans.factory.annotation.Autowired;
 
 import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
 import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
 
-import org.springframework.beans.factory.annotation.Autowired;
-
 public class DummyCredentialProvider extends AbstractCredentialProvider {
 
   @Autowired IConfiguration basicConfig;
@@ -26,32 +23,26 @@ public class DummyCredentialProvider extends AbstractCredentialProvider {
   public static final String KEY_ENCRYPTION_ALIAS = "key.enc.alias";
   public static final String KEY_ENCRYPTION_PASSWORD = "key.enc.pass";
 
+  private static final String KEYSTORENAME = "jUnit test credential provider";
+  
   @Override
-  public String getFriendlyName() {
-    return "jUnit test credential provider";
+  public KeyStoreConfiguration getBasicKeyStoreConfig() {
+    KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration();
+    keyStoreConfig.setKeyStoreType(KeyStoreType.JKS);
+    keyStoreConfig.setFriendlyName(KEYSTORENAME);
+    
+    keyStoreConfig.setSoftKeyStoreFilePath(getKeyStoreFilePath());
+    keyStoreConfig.setSoftKeyStorePassword(getKeyStorePassword());
+    
+    return keyStoreConfig;
   }
 
-  @Override
-  public String getKeyStoreFilePath() throws EaafException {
+  public String getKeyStoreFilePath() {
     final String path = basicConfig.getBasicConfiguration(KEYSTORE_PATH);
-
-    if (path != null) {
-      try {
-        return FileUtils.makeAbsoluteUrl(
-            path,
-            basicConfig.getConfigurationRootDirectory());
-
-      } catch (final MalformedURLException e) {
-        throw new EaafConfigurationException("internel test error", null, e);
-
-      }
-    }
-
-    throw new EaafConfigurationException("No keyStore path", null);
-
+    return path;
+   
   }
 
-  @Override
   public String getKeyStorePassword() {
     return basicConfig.getBasicConfiguration(KEYSTORE_PASSWORD);
   }
@@ -86,4 +77,5 @@ public class DummyCredentialProvider extends AbstractCredentialProvider {
     return basicConfig.getBasicConfiguration(KEY_ENCRYPTION_PASSWORD);
   }
 
+
 }
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/config/config_1.props b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/config/config_1.props
index 60cecebb..164b8807 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/config/config_1.props
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/config/config_1.props
@@ -1,8 +1,8 @@
 keystore.path=classpath:/data/junit.jks
 keystore.pass=password
-key.metadata.alias=shibboleth-sign
+key.metadata.alias=meta
 key.metadata.pass=password
-key.sig.alias=shibboleth-sign
+key.sig.alias=sig
 key.sig.pass=password
 key.enc.alias=
 key.enc.pass=
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/config/config_2.props b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/config/config_2.props
new file mode 100644
index 00000000..60cecebb
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/config/config_2.props
@@ -0,0 +1,12 @@
+keystore.path=classpath:/data/junit.jks
+keystore.pass=password
+key.metadata.alias=shibboleth-sign
+key.metadata.pass=password
+key.sig.alias=shibboleth-sign
+key.sig.pass=password
+key.enc.alias=
+key.enc.pass=
+
+client.http.connection.timeout.socket=2
+client.http.connection.timeout.connection=2
+client.http.connection.timeout.request=2
+\ No newline at end of file
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core.beans.xml b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core.beans.xml
index 3b2d0a28..5e3f0b9b 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core.beans.xml
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core.beans.xml
@@ -19,4 +19,7 @@
   <bean id="httpClientFactory"
         class="at.gv.egiz.eaaf.core.impl.utils.HttpClientFactory" />
 
+  <bean id="eaafKeyStoreFactory"
+        class="at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory" />
+
 </beans>
 \ No newline at end of file
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core_spring_config.beans.xml b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core_spring_config.beans.xml
index c1660a70..5aef9544 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core_spring_config.beans.xml
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core_spring_config.beans.xml
@@ -15,4 +15,7 @@
         <constructor-arg value="/config/config_1.props" />
   </bean>
 
+  <bean id="eaafKeyStoreFactory"
+        class="at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory" />
+
 </beans>
 \ No newline at end of file
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/config/config_1.props b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/config/config_1.props
index 5dea3d51..164b8807 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/config/config_1.props
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/config/config_1.props
@@ -1,14 +1,12 @@
 keystore.path=classpath:/data/junit.jks
 keystore.pass=password
-key.metadata.alias=shibboleth-sign
+key.metadata.alias=meta
 key.metadata.pass=password
-key.sig.alias=shibboleth-sign
+key.sig.alias=sig
 key.sig.pass=password
 key.enc.alias=
 key.enc.pass=
 
-pvp2.assertion.encryption.active=true
-
 client.http.connection.timeout.socket=2
 client.http.connection.timeout.connection=2
 client.http.connection.timeout.request=2
 \ No newline at end of file
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/config/config_2.props b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/config/config_2.props
new file mode 100644
index 00000000..60cecebb
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/config/config_2.props
@@ -0,0 +1,12 @@
+keystore.path=classpath:/data/junit.jks
+keystore.pass=password
+key.metadata.alias=shibboleth-sign
+key.metadata.pass=password
+key.sig.alias=shibboleth-sign
+key.sig.pass=password
+key.enc.alias=
+key.enc.pass=
+
+client.http.connection.timeout.socket=2
+client.http.connection.timeout.connection=2
+client.http.connection.timeout.request=2
+\ No newline at end of file
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_core.beans.xml b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_core.beans.xml
index 375224bb..8c0b8596 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_core.beans.xml
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_core.beans.xml
@@ -21,5 +21,8 @@
   
   <bean id="httpClientFactory"
         class="at.gv.egiz.eaaf.core.impl.utils.HttpClientFactory" />
+        
+  <bean id="eaafKeyStoreFactory"
+        class="at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory" />        
 
 </beans>
 \ No newline at end of file
author	Thomas Lenz <thomas.lenz@egiz.gv.at>	2020-02-14 08:46:52 +0100
committer	Thomas Lenz <thomas.lenz@egiz.gv.at>	2020-02-14 08:46:52 +0100
commit	e23226c47807be597bbbae3891dbb94069d56836 (patch)
tree	13419e53996ce9cfe82583cbe5a00c3be2698400 /eaaf_modules
parent	cbfadcc7681c9f362c1e7e2c3eab43980c1236ef (diff)
download	EAAF-Components-e23226c47807be597bbbae3891dbb94069d56836.tar.gz EAAF-Components-e23226c47807be597bbbae3891dbb94069d56836.tar.bz2 EAAF-Components-e23226c47807be597bbbae3891dbb94069d56836.zip