diff options
Diffstat (limited to 'eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EncryptionTask.java')
-rw-r--r-- | eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EncryptionTask.java | 156 |
1 files changed, 156 insertions, 0 deletions
diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EncryptionTask.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EncryptionTask.java new file mode 100644 index 00000000..ac456c13 --- /dev/null +++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EncryptionTask.java @@ -0,0 +1,156 @@ +package at.gv.egiz.eaaf.core.test.credentials; + +import static org.junit.Assert.assertArrayEquals; + +import java.security.Provider; +import java.util.concurrent.CompletableFuture; + +import javax.crypto.Cipher; +import javax.crypto.SecretKey; +import javax.crypto.spec.GCMParameterSpec; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Assert; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.scheduling.annotation.Async; +import org.springframework.scheduling.annotation.AsyncResult; + +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.SymmetricKeyConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.SymmetricKeyConfiguration.SymmetricKeyType; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.utils.Random; +import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap; +import lombok.Getter; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +@Getter +public class EncryptionTask implements Runnable { + + private static final String HSM_FACASE_HOST = "eid.a-sit.at"; + private static final String HSM_FACASE_PORT = "9050"; + private static final String HSM_FACASE_SSL_TRUST = "src/test/resources/data/hsm_facade_trust_root.crt"; + private static final String HSM_FACASE_USERNAME = "authhandler-junit"; + private static final String HSM_FACASE_PASSWORD = "supersecret123"; + private static final String PATH_TO_SOFTWARE_KEYSTORE_JKS_WITH_TRUSTED_CERTS = + "src/test/resources/data/junit.jks"; + private static final String PATH_TO_SOFTWARE_KEYSTORE_JKS = + "src/test/resources/data/junit_without_trustcerts.jks"; + private static final String PATH_TO_SOFTWARE_KEYSTORE_PKCS12 = + "src/test/resources/data/junit_without_trustcerts.p12"; + private static final String SOFTWARE_KEYSTORE_PASSWORD = "password"; + + private static final String HSM_FACADE_KEY_ALIAS = "authhandler-sign"; + + private static final String CIPHER_MODE = "AES/GCM/NoPadding"; + private static final int GCM_NONCE_LENGTH = 12; // in bytes + private static final int GCM_TAG_LENGTH = 16; // in bytes + + protected static final String KEYNAME = "AES"; + + @Autowired + private DummyAuthConfigMap mapConfig; + @Autowired + private ApplicationContext context; + + String keyName; + int rounds; + private Exception error; + + public EncryptionTask(ApplicationContext context2, DummyAuthConfigMap mapConfig2, + String keyName, int rounds) { + this.context = context2; + this.mapConfig = mapConfig2; + + this.keyName = keyName; + this.rounds = rounds; + + } + + @Override + public void run() { + run(this.keyName, this.rounds); + + } + + @Async + public CompletableFuture<String> run(String keyName, int rounds) { + try { + Pair<SecretKey, Provider> key = loadSymmetricKey(keyName); + Assert.assertNotNull("Key container is null", key); + + for(int i = 0; i < rounds; i++) { + + log.info("Starting threat: {} Round: {}", Thread.currentThread().getName(), i); + + byte[] data = RandomStringUtils.randomAlphanumeric(1024*64).getBytes(); + Pair<byte[], byte[]> enc = encryptData(key.getFirst(), data); + + byte[] checkData = decryptData(enc, key.getFirst()); + log.info("Finishing threat: {} Round: {}", Thread.currentThread().getName(), i); + + + assertArrayEquals("plaintext not match", data, checkData); + + + + } + + } catch (Exception e) { + this.error = e; + throw new RuntimeException(e); + + } + + return new AsyncResult<>("finished").completable(); + + } + + private byte[] decryptData(Pair<byte[], byte[]> enc, SecretKey secret) throws Exception { + final GCMParameterSpec iv = new GCMParameterSpec(GCM_TAG_LENGTH * 8, enc.getSecond()); + final Cipher cipher = Cipher.getInstance(CIPHER_MODE); + cipher.init(Cipher.DECRYPT_MODE, secret, iv); + return cipher.doFinal(enc.getFirst()); + + } + + + + private Pair<byte[], byte[]> encryptData(SecretKey secret, byte[] toEncrypt) throws Exception { + final byte[] nonce = Random.nextBytes(GCM_NONCE_LENGTH); + final GCMParameterSpec spec = new GCMParameterSpec(GCM_TAG_LENGTH * 8, nonce); + final Cipher cipher = Cipher.getInstance(CIPHER_MODE); + cipher.init(Cipher.ENCRYPT_MODE, secret, spec); + + final byte[] encdata = cipher.doFinal(toEncrypt); + final byte[] iv = cipher.getIV(); + + return Pair.newInstance(encdata, iv); + + } + + private Pair<SecretKey, Provider> loadSymmetricKey(String keyName) throws EaafException { + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, HSM_FACASE_HOST); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT, HSM_FACASE_PORT); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST, HSM_FACASE_SSL_TRUST); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME, HSM_FACASE_USERNAME); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD, HSM_FACASE_PASSWORD); + + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + + SymmetricKeyConfiguration keyConfig = new SymmetricKeyConfiguration(); + keyConfig.setFriendlyName("jUnit test"); + keyConfig.setKeyType(SymmetricKeyType.HSMFACADE); + keyConfig.setKeyStoreName("authhandler"); + keyConfig.setKeyAlias(keyName); + + return keyStoreFactory.buildNewSymmetricKey(keyConfig); + } + + + +} |