diff options
Diffstat (limited to 'eaaf_core_utils/src/test/java/at')
-rw-r--r-- | eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java | 143 |
1 files changed, 79 insertions, 64 deletions
diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java index c47805e8..b5727015 100644 --- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java +++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java @@ -6,6 +6,17 @@ import java.security.KeyStoreException; import java.security.cert.X509Certificate; import java.util.List; +import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap; + import org.apache.commons.lang3.RandomStringUtils; import org.junit.Assert; import org.junit.Before; @@ -23,17 +34,6 @@ import com.google.common.base.Optional; import com.google.common.base.Predicates; import com.google.common.base.Throwables; import com.google.common.collect.FluentIterable; - -import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException; -import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; -import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; -import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap; import io.grpc.StatusRuntimeException; @RunWith(SpringJUnit4ClassRunner.class) @@ -41,13 +41,20 @@ import io.grpc.StatusRuntimeException; @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public class EaafKeyStoreFactoryTest { + private static final String HSM_FACASE_HOST = "eid.a-sit.at"; + private static final String HSM_FACASE_PORT = "9000"; + private static final String HSM_FACASE_SSL_TRUST = "src/test/resources/data/hsm_facade_trust_root.crt"; + private static final String HSM_FACASE_USERNAME = "authhandler-junit"; + private static final String HSM_FACASE_PASSWORD = "supersecret123"; + private static final String HSM_FACASE_HSM_NAME = "software"; + private static final String PATH_TO_SOFTWARE_KEYSTORE_JKS_WITH_TRUSTED_CERTS = "src/test/resources/data/junit.jks"; private static final String PATH_TO_SOFTWARE_KEYSTORE_JKS = "src/test/resources/data/junit_without_trustcerts.jks"; private static final String PATH_TO_SOFTWARE_KEYSTORE_PKCS12 = "src/test/resources/data/junit_without_trustcerts.p12"; - private static final String PATH_TO_HSM_FACADE_TRUST_CERT = "src/test/resources/data/test.crt"; + private static final String PATH_TO_HSM_FACADE_TRUST_CERT = "src/test/resources/data/hsm_facade_trust_root.crt"; private static final String SOFTWARE_KEYSTORE_PASSWORD = "password"; @Autowired @@ -146,7 +153,7 @@ public class EaafKeyStoreFactoryTest { } } - + @Test @DirtiesContext public void softwareKeyStoreWithoutPassword() { @@ -177,7 +184,7 @@ public class EaafKeyStoreFactoryTest { final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); keyStoreConfig.setKeyStoreType(KeyStoreType.JKS); keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD); - + try { keyStoreFactory.buildNewKeyStore(keyStoreConfig); @@ -216,7 +223,7 @@ public class EaafKeyStoreFactoryTest { keyStoreConfig.setKeyStoreType(KeyStoreType.JKS); keyStoreConfig.setSoftKeyStoreFilePath("src/test/resources/notexist.jks"); keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD); - + try { keyStoreFactory.buildNewKeyStore(keyStoreConfig); @@ -239,7 +246,7 @@ public class EaafKeyStoreFactoryTest { keyStoreConfig.setKeyStoreType(KeyStoreType.JKS); keyStoreConfig.setSoftKeyStoreFilePath(PATH_TO_SOFTWARE_KEYSTORE_JKS); keyStoreConfig.setSoftKeyStorePassword("wrong password"); - + try { keyStoreFactory.buildNewKeyStore(keyStoreConfig); @@ -262,14 +269,14 @@ public class EaafKeyStoreFactoryTest { keyStoreConfig.setKeyStoreType(KeyStoreType.JKS); keyStoreConfig.setSoftKeyStoreFilePath(PATH_TO_SOFTWARE_KEYSTORE_JKS); keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD); - + keyStoreConfig.validate(); final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig); Assert.assertNotNull("KeyStore is null", keyStore); } - + @Test @DirtiesContext public void softwareKeyStoreAccessOperations() throws EaafException, KeyStoreException { @@ -280,61 +287,61 @@ public class EaafKeyStoreFactoryTest { keyStoreConfig.setKeyStoreType(KeyStoreType.JKS); keyStoreConfig.setSoftKeyStoreFilePath(PATH_TO_SOFTWARE_KEYSTORE_JKS_WITH_TRUSTED_CERTS); keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD); - + keyStoreConfig.validate(); final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig); Assert.assertNotNull("KeyStore is null", keyStore); - + //read trusted certs - List<X509Certificate> trustedCerts = EaafKeyStoreUtils.readCertsFromKeyStore(keyStore); + final List<X509Certificate> trustedCerts = EaafKeyStoreUtils.readCertsFromKeyStore(keyStore); Assert.assertNotNull("Trusted certs", trustedCerts); Assert.assertEquals("Trusted certs size", 2, trustedCerts.size()); //read priv. key - Pair<Key, X509Certificate[]> privCred1 = EaafKeyStoreUtils.getPrivateKeyAndCertificates( + final Pair<Key, X509Certificate[]> privCred1 = EaafKeyStoreUtils.getPrivateKeyAndCertificates( keyStore, "meta", "password".toCharArray(), true, "jUnit test"); Assert.assertNotNull("Credential 1", privCred1); Assert.assertNotNull("Credential 1 priv. key", privCred1.getFirst()); Assert.assertNotNull("Credential 1 certificate", privCred1.getSecond()); - + //read priv. key - Pair<Key, X509Certificate[]> privCred2 = EaafKeyStoreUtils.getPrivateKeyAndCertificates( + final Pair<Key, X509Certificate[]> privCred2 = EaafKeyStoreUtils.getPrivateKeyAndCertificates( keyStore, "sig", "password".toCharArray(), true, "jUnit test"); Assert.assertNotNull("Credential 2", privCred2); Assert.assertNotNull("Credential 2 priv. key", privCred2.getFirst()); Assert.assertNotNull("Credential 2 certificate", privCred2.getSecond()); - - + + //read priv. key - Pair<Key, X509Certificate[]> privCred3 = EaafKeyStoreUtils.getPrivateKeyAndCertificates( + final Pair<Key, X509Certificate[]> privCred3 = EaafKeyStoreUtils.getPrivateKeyAndCertificates( keyStore, "notexist", "password".toCharArray(), false, "jUnit test"); Assert.assertNull("Credential 3", privCred3); - + //read priv. key - Pair<Key, X509Certificate[]> privCred4 = EaafKeyStoreUtils.getPrivateKeyAndCertificates( + final Pair<Key, X509Certificate[]> privCred4 = EaafKeyStoreUtils.getPrivateKeyAndCertificates( keyStore, "meta", "wrong".toCharArray(), false, "jUnit test"); Assert.assertNull("Credential 3", privCred4); - + try { EaafKeyStoreUtils.getPrivateKeyAndCertificates( keyStore, "meta", "wrong".toCharArray(), true, "jUnit test"); Assert.fail("Wrong password not detected"); - - } catch (EaafKeyAccessException e) { + + } catch (final EaafKeyAccessException e) { Assert.assertEquals("wrong errorcode", "internal.keystore.09", e.getErrorId()); } - + try { EaafKeyStoreUtils.getPrivateKeyAndCertificates( keyStore, "wrong", "password".toCharArray(), true, "jUnit test"); Assert.fail("Wrong alias not detected"); - - } catch (EaafKeyAccessException e) { + + } catch (final EaafKeyAccessException e) { Assert.assertEquals("wrong errorcode", "internal.keystore.09", e.getErrorId()); } - - + + } @Test @@ -349,7 +356,7 @@ public class EaafKeyStoreFactoryTest { keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD); keyStoreConfig.validate(); - + final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig); Assert.assertNotNull("KeyStore is null", keyStore); @@ -550,18 +557,7 @@ public class EaafKeyStoreFactoryTest { @Test @DirtiesContext public void hsmFacadeKeyStoreNoKeyStoreName() { - mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, - RandomStringUtils.randomNumeric(10)); - mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT, - RandomStringUtils.randomNumeric(4)); - mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME, - RandomStringUtils.randomNumeric(10)); - mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD, - RandomStringUtils.randomAlphanumeric(10)); - mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HSM_NAME, - RandomStringUtils.randomAlphanumeric(10)); - mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST, - PATH_TO_HSM_FACADE_TRUST_CERT); + configureHsmFacade(); final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); @@ -583,28 +579,17 @@ public class EaafKeyStoreFactoryTest { @Test @DirtiesContext public void hsmFacadeKeyStoreSuccess() throws EaafException { - mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, - RandomStringUtils.randomNumeric(10)); - mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT, - RandomStringUtils.randomNumeric(4)); - mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME, - RandomStringUtils.randomNumeric(10)); - mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD, - RandomStringUtils.randomAlphanumeric(10)); - mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HSM_NAME, - RandomStringUtils.randomAlphanumeric(10)); - mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST, - PATH_TO_HSM_FACADE_TRUST_CERT); + configureHsmFacade(); final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); keyStoreConfig.setKeyStoreType(KeyStoreType.HSMFACADE); - keyStoreConfig.setKeyStoreName("testkeyStore"); + keyStoreConfig.setKeyStoreName("authhandler"); keyStoreConfig.validate(); - + try { final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig); Assert.assertNotNull("KeyStore is null", keyStore); @@ -615,6 +600,36 @@ public class EaafKeyStoreFactoryTest { // exception")); } + } + + @Test + @DirtiesContext + public void hsmFacadeKeyStoreSuccessASitTestFacade() throws EaafException { + configureHsmFacade(); + + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + + final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); + keyStoreConfig.setKeyStoreType(KeyStoreType.HSMFACADE); + keyStoreConfig.setKeyStoreName("authhandler"); + + keyStoreConfig.validate(); + + final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig); + Assert.assertNotNull("KeyStore is null", keyStore); + + } + + private void configureHsmFacade() { + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, HSM_FACASE_HOST); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT, HSM_FACASE_PORT); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST, HSM_FACASE_SSL_TRUST); + + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME, HSM_FACASE_USERNAME); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD, HSM_FACASE_PASSWORD); + + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HSM_NAME, HSM_FACASE_HSM_NAME); } |