diff options
Diffstat (limited to 'eaaf_core_utils/src/test')
24 files changed, 2379 insertions, 39 deletions
diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/logging/EaafUtilsMessageSourceTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/logging/EaafUtilsMessageSourceTest.java index 53ea54dc..125dcb09 100644 --- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/logging/EaafUtilsMessageSourceTest.java +++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/logging/EaafUtilsMessageSourceTest.java @@ -2,19 +2,21 @@ package at.gv.egiz.eaaf.core.impl.logging; import java.util.List; -import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation; - import org.junit.Assert; import org.junit.Test; import org.junit.runner.RunWith; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.core.io.Resource; import org.springframework.core.io.ResourceLoader; +import org.springframework.test.annotation.DirtiesContext; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation; + @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration("/spring/test_eaaf_pvp_not_lazy.beans.xml") +@DirtiesContext public class EaafUtilsMessageSourceTest { @Autowired diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/utils/test/AuthenticatedEncryptionPendingRequestIdGenerationStrategyTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/utils/test/AuthenticatedEncryptionPendingRequestIdGenerationStrategyTest.java new file mode 100644 index 00000000..93ef17b9 --- /dev/null +++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/utils/test/AuthenticatedEncryptionPendingRequestIdGenerationStrategyTest.java @@ -0,0 +1,447 @@ +package at.gv.egiz.eaaf.core.impl.utils.test; + +import java.io.UnsupportedEncodingException; +import java.security.Provider; +import java.util.Base64; + +import javax.crypto.SecretKey; + +import org.apache.commons.lang3.RandomStringUtils; +import org.apache.commons.lang3.StringUtils; +import org.joda.time.DateTime; +import org.joda.time.ReadableInstant; +import org.joda.time.format.DateTimeFormat; +import org.jose4j.jwe.ContentEncryptionAlgorithmIdentifiers; +import org.jose4j.jwe.JsonWebEncryption; +import org.jose4j.jwe.KeyManagementAlgorithmIdentifiers; +import org.jose4j.lang.JoseException; +import org.junit.Assert; +import org.junit.Ignore; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.SymmetricKeyConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.SymmetricKeyConfiguration.SymmetricKeyType; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.utils.AuthenticatedEncryptionPendingRequestIdGenerationStrategy; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/spring/test_eaaf_pvp_not_lazy.beans.xml") +@DirtiesContext +public class AuthenticatedEncryptionPendingRequestIdGenerationStrategyTest { + + @Autowired private EaafKeyStoreFactory keyStoreFactory; + @Autowired private AuthenticatedEncryptionPendingRequestIdGenerationStrategy pendingIdStrategy; + + + @Test + public void generatePendingRequestId() throws EaafException { + String pendingId = pendingIdStrategy.generateExternalPendingRequestId(); + Assert.assertNotNull("pendingId", pendingId); + + } + + @Test + public void validatePendingRequestId() throws EaafException { + String extPendingId = pendingIdStrategy.generateExternalPendingRequestId(); + Assert.assertNotNull("external pendingId", extPendingId); + + + String pendingId = pendingIdStrategy.validateAndGetPendingRequestId(extPendingId); + Assert.assertNotNull("internal pendingId", pendingId); + + String pendingId2 = pendingIdStrategy.getPendingRequestIdWithOutChecks(extPendingId); + Assert.assertNotNull("internal pendingId", pendingId2); + + Assert.assertEquals("pendingId not match", pendingId, pendingId2); + + } + + @Test + public void nullPendingRequestId() { + try { + pendingIdStrategy.validateAndGetPendingRequestId(null); + Assert.fail("Wrong pendingId not detected"); + + } catch (PendingReqIdValidationException e) { + Assert.assertNull("internal pendingReqId", e.getInvalidInternalPendingReqId()); + Assert.assertNull("internal pendingReq", e.getInvalidPendingReq()); + Assert.assertEquals("Wrong errorId", "internal.pendingreqid.00", e.getErrorId()); + + } + } + + @Test + public void emptyPendingRequestId() { + try { + pendingIdStrategy.validateAndGetPendingRequestId(StringUtils.EMPTY); + Assert.fail("Wrong pendingId not detected"); + + } catch (PendingReqIdValidationException e) { + Assert.assertNull("internal pendingReqId", e.getInvalidInternalPendingReqId()); + Assert.assertNull("internal pendingReq", e.getInvalidPendingReq()); + Assert.assertEquals("Wrong errorId", "internal.pendingreqid.00", e.getErrorId()); + + } + } + + @Test + public void noBase64UrlPendingRequestId() { + try { + pendingIdStrategy.validateAndGetPendingRequestId(RandomStringUtils.randomAlphanumeric(25)); + Assert.fail("Wrong pendingId not detected"); + + } catch (PendingReqIdValidationException e) { + Assert.assertNull("internal pendingReqId", e.getInvalidInternalPendingReqId()); + Assert.assertNull("internal pendingReq", e.getInvalidPendingReq()); + Assert.assertEquals("Wrong errorId", "internal.pendingreqid.05", e.getErrorId()); + + } + } + + @Test + public void toLongBase64UrlPendingRequestId() { + try { + pendingIdStrategy.validateAndGetPendingRequestId(Base64.getUrlEncoder() + .encodeToString(RandomStringUtils.randomAlphanumeric(1100).getBytes())); + Assert.fail("Wrong pendingId not detected"); + + } catch (PendingReqIdValidationException e) { + Assert.assertNull("internal pendingReqId", e.getInvalidInternalPendingReqId()); + Assert.assertNull("internal pendingReq", e.getInvalidPendingReq()); + Assert.assertEquals("Wrong errorId", "internal.pendingreqid.03", e.getErrorId()); + + } + } + + @Test + public void wrongFormat() throws EaafException, JoseException, UnsupportedEncodingException { + String payLoad = RandomStringUtils.randomAlphanumeric(25); + + String extPendingId = generateEncryptedPendingId(payLoad, + KeyManagementAlgorithmIdentifiers.DIRECT, + ContentEncryptionAlgorithmIdentifiers.AES_128_GCM, + "pendingReqIdSecret"); + + try { + pendingIdStrategy.validateAndGetPendingRequestId(Base64.getUrlEncoder() + .encodeToString(extPendingId.getBytes())); + Assert.fail("Wrong pendingId not detected"); + + } catch (PendingReqIdValidationException e) { + Assert.assertNull("internal pendingReqId", e.getInvalidInternalPendingReqId()); + Assert.assertNull("internal pendingReq", e.getInvalidPendingReq()); + Assert.assertEquals("Wrong errorId", "internal.pendingreqid.01", e.getErrorId()); + + } + } + + @Test + public void wrongFormatToLong() throws EaafException, JoseException, UnsupportedEncodingException { + String payLoad = RandomStringUtils.randomAlphanumeric(25) + "|" + + RandomStringUtils.randomAlphanumeric(25) + "|" + "aabbcc"; + + String extPendingId = generateEncryptedPendingId(payLoad, + KeyManagementAlgorithmIdentifiers.DIRECT, + ContentEncryptionAlgorithmIdentifiers.AES_128_GCM, + "pendingReqIdSecret"); + + try { + pendingIdStrategy.validateAndGetPendingRequestId(Base64.getUrlEncoder() + .encodeToString(extPendingId.getBytes())); + Assert.fail("Wrong pendingId not detected"); + + } catch (PendingReqIdValidationException e) { + Assert.assertNull("internal pendingReqId", e.getInvalidInternalPendingReqId()); + Assert.assertNull("internal pendingReq", e.getInvalidPendingReq()); + Assert.assertEquals("Wrong errorId", "internal.pendingreqid.01", e.getErrorId()); + + } + } + + @Test + public void wrongFormatNoDate() throws EaafException, JoseException, UnsupportedEncodingException { + String payLoad = RandomStringUtils.randomAlphanumeric(25) + "|" + + RandomStringUtils.randomAlphanumeric(25); + + String extPendingId = generateEncryptedPendingId(payLoad, + KeyManagementAlgorithmIdentifiers.DIRECT, + ContentEncryptionAlgorithmIdentifiers.AES_128_GCM, + "pendingReqIdSecret"); + + try { + pendingIdStrategy.validateAndGetPendingRequestId(Base64.getUrlEncoder() + .encodeToString(extPendingId.getBytes())); + Assert.fail("Wrong pendingId not detected"); + + } catch (PendingReqIdValidationException e) { + Assert.assertNull("internal pendingReqId", e.getInvalidInternalPendingReqId()); + Assert.assertNull("internal pendingReq", e.getInvalidPendingReq()); + Assert.assertEquals("Wrong errorId", "internal.pendingreqid.05", e.getErrorId()); + + } + } + + @Test + public void wrongFormatWrongDate() throws EaafException, JoseException, UnsupportedEncodingException { + String payLoad = "2020-01-01 12:01:55 111 +00:00" + "|" + + RandomStringUtils.randomAlphanumeric(25); + + String extPendingId = generateEncryptedPendingId(payLoad, + KeyManagementAlgorithmIdentifiers.DIRECT, + ContentEncryptionAlgorithmIdentifiers.AES_128_GCM, + "pendingReqIdSecret"); + + try { + pendingIdStrategy.validateAndGetPendingRequestId(Base64.getUrlEncoder() + .encodeToString(extPendingId.getBytes())); + Assert.fail("Wrong pendingId not detected"); + + } catch (PendingReqIdValidationException e) { + Assert.assertNotNull("internal pendingReqId", e.getInvalidInternalPendingReqId()); + Assert.assertNull("internal pendingReq", e.getInvalidPendingReq()); + Assert.assertEquals("Wrong errorId", "internal.pendingreqid.06", e.getErrorId()); + + } + } + + @Test + public void wrongFormatNotValidation() throws EaafException, JoseException, UnsupportedEncodingException { + String payLoad = RandomStringUtils.randomAlphanumeric(25); + + String extPendingId = generateEncryptedPendingId(payLoad, + KeyManagementAlgorithmIdentifiers.DIRECT, + ContentEncryptionAlgorithmIdentifiers.AES_128_GCM, + "pendingReqIdSecret"); + + try { + pendingIdStrategy.getPendingRequestIdWithOutChecks(Base64.getUrlEncoder() + .encodeToString(extPendingId.getBytes())); + Assert.fail("Wrong pendingId not detected"); + + } catch (PendingReqIdValidationException e) { + Assert.assertNull("internal pendingReqId", e.getInvalidInternalPendingReqId()); + Assert.assertNull("internal pendingReq", e.getInvalidPendingReq()); + Assert.assertEquals("Wrong errorId", "internal.pendingreqid.01", e.getErrorId()); + + } + } + + @Test + public void wrongFormatToLongNotValidation() throws EaafException, JoseException, UnsupportedEncodingException { + String payLoad = RandomStringUtils.randomAlphanumeric(25) + "|" + + RandomStringUtils.randomAlphanumeric(25) + "|" + "aabbcc"; + + String extPendingId = generateEncryptedPendingId(payLoad, + KeyManagementAlgorithmIdentifiers.DIRECT, + ContentEncryptionAlgorithmIdentifiers.AES_128_GCM, + "pendingReqIdSecret"); + + try { + pendingIdStrategy.getPendingRequestIdWithOutChecks(Base64.getUrlEncoder() + .encodeToString(extPendingId.getBytes())); + Assert.fail("Wrong pendingId not detected"); + + } catch (PendingReqIdValidationException e) { + Assert.assertNull("internal pendingReqId", e.getInvalidInternalPendingReqId()); + Assert.assertNull("internal pendingReq", e.getInvalidPendingReq()); + Assert.assertEquals("Wrong errorId", "internal.pendingreqid.01", e.getErrorId()); + + } + } + + @Test + public void wrongFormatNoDateNotValidation() throws EaafException, JoseException, UnsupportedEncodingException { + String payLoad = RandomStringUtils.randomAlphanumeric(25) + "|" + + RandomStringUtils.randomAlphanumeric(25); + + String extPendingId = generateEncryptedPendingId(payLoad, + KeyManagementAlgorithmIdentifiers.DIRECT, + ContentEncryptionAlgorithmIdentifiers.AES_128_GCM, + "pendingReqIdSecret"); + + + String intPendingId = pendingIdStrategy.getPendingRequestIdWithOutChecks(Base64.getUrlEncoder() + .encodeToString(extPendingId.getBytes())); + Assert.assertNotNull("Int PendingId", intPendingId); + + } + + @Test + public void wrongFormatWrongDateNotValidation() throws EaafException, JoseException, UnsupportedEncodingException { + String payLoad = "2020-01-01 12:01:55 111" + "|" + + RandomStringUtils.randomAlphanumeric(25); + + String extPendingId = generateEncryptedPendingId(payLoad, + KeyManagementAlgorithmIdentifiers.DIRECT, + ContentEncryptionAlgorithmIdentifiers.AES_128_GCM, + "pendingReqIdSecret"); + + + String intPendingId = pendingIdStrategy.getPendingRequestIdWithOutChecks(Base64.getUrlEncoder() + .encodeToString(extPendingId.getBytes())); + Assert.assertNotNull("Int PendingId", intPendingId); + + + } + + @Test + public void validFormat() throws EaafException, JoseException, UnsupportedEncodingException { + String intId = RandomStringUtils.randomAlphanumeric(25); + ReadableInstant now = DateTime.now(); + String payLoad = DateTimeFormat.forPattern("yyyy-MM-dd HH:mm:ss SSS").print(now) + + "|" + intId; + + String extPendingId = generateEncryptedPendingId(payLoad, + KeyManagementAlgorithmIdentifiers.DIRECT, + ContentEncryptionAlgorithmIdentifiers.AES_128_GCM, + "pendingReqIdSecret"); + + + String intPendingId = pendingIdStrategy.getPendingRequestIdWithOutChecks(Base64.getUrlEncoder() + .encodeToString(extPendingId.getBytes())); + Assert.assertNotNull("Int PendingId", intPendingId); + Assert.assertEquals("pendingId not match", intId, intPendingId); + + } + + @Test + public void validFormatNotValidation() throws EaafException, JoseException, UnsupportedEncodingException { + String intId = RandomStringUtils.randomAlphanumeric(25); + String payLoad = "2020-01-01 12:01:55 111" + + "|" + intId; + + String extPendingId = generateEncryptedPendingId(payLoad, + KeyManagementAlgorithmIdentifiers.DIRECT, + ContentEncryptionAlgorithmIdentifiers.AES_128_GCM, + "pendingReqIdSecret"); + + String intPendingId = pendingIdStrategy.getPendingRequestIdWithOutChecks(Base64.getUrlEncoder() + .encodeToString(extPendingId.getBytes())); + Assert.assertNotNull("Int PendingId", intPendingId); + + } + + @Test + public void validFormatWrongDateNotValidation() throws EaafException, JoseException, UnsupportedEncodingException { + String intId = RandomStringUtils.randomAlphanumeric(25); + String payLoad = "2020-01-01 12:01:55 111" + "|" + + intId; + + String extPendingId = generateEncryptedPendingId(payLoad, + KeyManagementAlgorithmIdentifiers.DIRECT, + ContentEncryptionAlgorithmIdentifiers.AES_128_GCM, + "pendingReqIdSecret"); + + + String intPendingId = pendingIdStrategy.getPendingRequestIdWithOutChecks(Base64.getUrlEncoder() + .encodeToString(extPendingId.getBytes())); + Assert.assertNotNull("Int PendingId", intPendingId); + Assert.assertEquals("pendingId not match", intId, intPendingId); + + + } + + @Test + public void wrongEncrypted() throws EaafException, JoseException, UnsupportedEncodingException { + String payLoad = RandomStringUtils.randomAlphanumeric(25); + + String extPendingId = generateEncryptedPendingId(payLoad, + KeyManagementAlgorithmIdentifiers.DIRECT, + ContentEncryptionAlgorithmIdentifiers.AES_128_GCM, + "wrongPassword"); + + try { + pendingIdStrategy.validateAndGetPendingRequestId(Base64.getUrlEncoder() + .encodeToString(extPendingId.getBytes())); + Assert.fail("Wrong pendingId not detected"); + + } catch (PendingReqIdValidationException e) { + Assert.assertNull("internal pendingReqId", e.getInvalidInternalPendingReqId()); + Assert.assertNull("internal pendingReq", e.getInvalidPendingReq()); + Assert.assertEquals("Wrong errorId", "internal.pendingreqid.04", e.getErrorId()); + + } + } + + @Ignore + @Test + public void wrongEncryptionAlg() throws EaafException, JoseException, UnsupportedEncodingException { + String payLoad = RandomStringUtils.randomAlphanumeric(25); + + String extPendingId = generateEncryptedPendingId(payLoad, + KeyManagementAlgorithmIdentifiers.A256KW, + ContentEncryptionAlgorithmIdentifiers.AES_128_CBC_HMAC_SHA_256, + "pendingReqIdSecret"); + + try { + pendingIdStrategy.validateAndGetPendingRequestId(Base64.getUrlEncoder() + .encodeToString(extPendingId.getBytes())); + Assert.fail("Wrong pendingId not detected"); + + } catch (PendingReqIdValidationException e) { + Assert.assertNull("internal pendingReqId", e.getInvalidInternalPendingReqId()); + Assert.assertNull("internal pendingReq", e.getInvalidPendingReq()); + Assert.assertEquals("Wrong errorId", "process.99", e.getErrorId()); + Assert.assertEquals("Wrong errorMsg", + "No StatusMessager-Backend available! StatusCode:process.99 Params:[null, " + + "PendingReqId has an unvalid format]", + e.getMessage()); + + } + } + + @Ignore + @Test + public void wrongKeyEncAlg() throws EaafException, JoseException, UnsupportedEncodingException { + String payLoad = RandomStringUtils.randomAlphanumeric(25); + + String extPendingId = generateEncryptedPendingId(payLoad, + KeyManagementAlgorithmIdentifiers.A128KW, + ContentEncryptionAlgorithmIdentifiers.AES_128_CBC_HMAC_SHA_256, + "pendingReqIdSecret"); + + try { + pendingIdStrategy.validateAndGetPendingRequestId(Base64.getUrlEncoder() + .encodeToString(extPendingId.getBytes())); + Assert.fail("Wrong pendingId not detected"); + + } catch (PendingReqIdValidationException e) { + Assert.assertNull("internal pendingReqId", e.getInvalidInternalPendingReqId()); + Assert.assertNull("internal pendingReq", e.getInvalidPendingReq()); + Assert.assertEquals("Wrong errorId", "process.99", e.getErrorId()); + Assert.assertEquals("Wrong errorMsg", + "No StatusMessager-Backend available! StatusCode:process.99 Params:[null, " + + "PendingReqId is NOT a valid String]", + e.getMessage()); + + } + } + + private String generateEncryptedPendingId(String payLoad, String direct, String aes128Gcm, String softKeyPassphrase) + throws EaafException, JoseException, UnsupportedEncodingException { + SymmetricKeyConfiguration config = new SymmetricKeyConfiguration(); + config.setFriendlyName("jUnit"); + config.setKeyType(SymmetricKeyType.PASSPHRASE); + config.setSoftKeySalt("notRequiredInThisScenario"); + config.setSoftKeyPassphrase(softKeyPassphrase); + Pair<SecretKey, Provider> key = keyStoreFactory.buildNewSymmetricKey(config); + + JsonWebEncryption encToken = new JsonWebEncryption(); + encToken.setAlgorithmHeaderValue(direct); + encToken.setEncryptionMethodHeaderParameter(aes128Gcm); + encToken.setKey(key.getFirst()); + encToken.setPayload(payLoad); + + return encToken.getCompactSerialization(); + + } + +} diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/utils/test/AuthenticatedEncryptionPendingRequestIdGenerationStrategyWithHsmTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/utils/test/AuthenticatedEncryptionPendingRequestIdGenerationStrategyWithHsmTest.java new file mode 100644 index 00000000..b588bb3a --- /dev/null +++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/utils/test/AuthenticatedEncryptionPendingRequestIdGenerationStrategyWithHsmTest.java @@ -0,0 +1,44 @@ +package at.gv.egiz.eaaf.core.impl.utils.test; + +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.utils.AuthenticatedEncryptionPendingRequestIdGenerationStrategy; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/spring/test_eaaf_pvp_not_lazy_with_hsm.beans.xml") +@DirtiesContext +public class AuthenticatedEncryptionPendingRequestIdGenerationStrategyWithHsmTest { + + @Autowired private AuthenticatedEncryptionPendingRequestIdGenerationStrategy pendingIdStrategy; + + @Test + public void generatePendingRequestId() throws EaafException { + String pendingId = pendingIdStrategy.generateExternalPendingRequestId(); + Assert.assertNotNull("pendingId", pendingId); + + } + + @Test + public void validatePendingRequestId() throws EaafException { + String extPendingId = pendingIdStrategy.generateExternalPendingRequestId(); + Assert.assertNotNull("external pendingId", extPendingId); + + + String pendingId = pendingIdStrategy.validateAndGetPendingRequestId(extPendingId); + Assert.assertNotNull("internal pendingId", pendingId); + + String pendingId2 = pendingIdStrategy.getPendingRequestIdWithOutChecks(extPendingId); + Assert.assertNotNull("internal pendingId", pendingId2); + + Assert.assertEquals("pendingId not match", pendingId, pendingId2); + + } + +} diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/utils/test/KeyValueUtilsTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/utils/test/KeyValueUtilsTest.java index 58788392..ca90f05b 100644 --- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/utils/test/KeyValueUtilsTest.java +++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/utils/test/KeyValueUtilsTest.java @@ -153,7 +153,8 @@ public class KeyValueUtilsTest { + RandomStringUtils.randomAlphabetic(6) + KeyValueUtils.KEY_DELIMITER + RandomStringUtils.randomAlphabetic(5); final Map<String, String> testMap = generateTestMap(testPrefix, 5, 5); - + testMap.put(testPrefix, RandomStringUtils.randomAlphabetic(10)); + final Map<String, String> result = KeyValueUtils.removePrefixFromKeys(testMap, testPrefix); Assert.assertNotNull("Result is null", result); Assert.assertFalse("Result is empty", result.isEmpty()); diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/builder/BpkBuilderTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/builder/BpkBuilderTest.java new file mode 100644 index 00000000..bccab09f --- /dev/null +++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/builder/BpkBuilderTest.java @@ -0,0 +1,562 @@ +package at.gv.egiz.eaaf.core.test.builder; + +import java.security.InvalidAlgorithmParameterException; +import java.security.InvalidKeyException; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.PublicKey; +import java.security.SecureRandom; +import java.security.spec.ECGenParameterSpec; + +import org.apache.commons.lang3.RandomStringUtils; +import org.jose4j.jwe.ContentEncryptionAlgorithmIdentifiers; +import org.jose4j.jwe.JsonWebEncryption; +import org.jose4j.jwe.KeyManagementAlgorithmIdentifiers; +import org.jose4j.lang.JoseException; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.BlockJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException; +import at.gv.egiz.eaaf.core.impl.builder.BpkBuilder; +import at.gv.egiz.eaaf.core.impl.data.Pair; + +@RunWith(BlockJUnit4ClassRunner.class) +public class BpkBuilderTest { + + private static final String BASEID = "RUxHQVRlc3RQQjBYWFjFkHpnw7xyX1hYWFTDvHpla8OnaQ=="; + + private KeyPair keyPair; + + + /** + * jUnit test initializer. + * @throws NoSuchProviderException In case of an error + * @throws NoSuchAlgorithmException In case of an error + */ + @Before + public void initialize() throws NoSuchAlgorithmException, NoSuchProviderException { + KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA"); + keyGen.initialize(2048); + keyPair = keyGen.generateKeyPair(); + + } + + @Test + public void encBpkTextualLength() throws EaafBuilderException, InvalidKeyException, NoSuchAlgorithmException, + NoSuchProviderException, InvalidAlgorithmParameterException, JoseException { + String bpk = "MDEyMzQ1Njc4OWFiY2RIZg+CU"; + String target = EaafConstants.URN_PREFIX_CDID + "AA"; + + printResult("Legacy RSA 1024:", BpkBuilder.encryptBpk(bpk, target, generateRsaPubKey(1024))); + printResult("Legacy RSA 2048:", BpkBuilder.encryptBpk(bpk, target, generateRsaPubKey(2048))); + printResult("Legacy RSA 3072:", BpkBuilder.encryptBpk(bpk, target, generateRsaPubKey(3072))); + printResult("Legacy RSA 4096:", BpkBuilder.encryptBpk(bpk, target, generateRsaPubKey(4096))); + + + bpk = "V1::urn:publicid:gv.at:cdid+BW::MDEyMzQ1Njc 4OW FiY2RIZg+CU&g=::2004-01-22T20:57:12"; + + printResult("RSA 2048:", createJsonEnc(generateRsaPubKey(2048), bpk, target, + KeyManagementAlgorithmIdentifiers.RSA_OAEP_256)); + printResult("RSA 3072:", createJsonEnc(generateRsaPubKey(3072), bpk, target, + KeyManagementAlgorithmIdentifiers.RSA_OAEP_256)); + printResult("RSA 4096:", createJsonEnc(generateRsaPubKey(4048), bpk, target, + KeyManagementAlgorithmIdentifiers.RSA_OAEP_256)); + + printResult("ECC 256:", createJsonEnc(generateEcPubKey("secp256r1"), bpk, target, + KeyManagementAlgorithmIdentifiers.ECDH_ES_A128KW)); + printResult("ECC 384:", createJsonEnc(generateEcPubKey("secp384r1"), bpk, target, + KeyManagementAlgorithmIdentifiers.ECDH_ES_A128KW)); + printResult("ECC 521:", createJsonEnc(generateEcPubKey("secp521r1"), bpk, target, + KeyManagementAlgorithmIdentifiers.ECDH_ES_A128KW)); + + System.out.println("Finished!"); + } + + private void printResult(String prefix, String body) { + System.out.println(prefix + " " + body.length() + " full:" + body); + + } + + private String createJsonEnc(PublicKey pubKey, String bpk, String target, String keyWrapAlg) throws JoseException { + JsonWebEncryption enc = new JsonWebEncryption(); + enc.setKey(pubKey); + enc.setPayload(bpk); + enc.setAlgorithmHeaderValue(keyWrapAlg); + enc.setEncryptionMethodHeaderParameter(ContentEncryptionAlgorithmIdentifiers.AES_128_GCM); + enc.setKeyIdHeaderValue("myFirstKey"); + enc.setContentTypeHeaderValue(target); + return enc.getCompactSerialization(); + + } + + private PublicKey generateRsaPubKey(int size) throws NoSuchAlgorithmException { + KeyPairGenerator keyGen3 = KeyPairGenerator.getInstance("RSA"); + keyGen3.initialize(size); + return keyGen3.generateKeyPair().getPublic(); + + } + + private PublicKey generateEcPubKey(String curve) throws NoSuchAlgorithmException, + NoSuchProviderException, InvalidAlgorithmParameterException { + KeyPairGenerator generator = KeyPairGenerator.getInstance("EC"); + ECGenParameterSpec ecSpec = new ECGenParameterSpec(curve); + generator.initialize(ecSpec, new SecureRandom()); + return generator.generateKeyPair().getPublic(); + + } + + @Test + public void encBpkWrongTarget() throws InvalidKeyException { + String bpk = RandomStringUtils.randomAlphanumeric(25); + String target = RandomStringUtils.randomAlphanumeric(25); + + try { + BpkBuilder.encryptBpk(bpk, target, keyPair.getPublic()); + Assert.fail("Wrong parameters not detected"); + + } catch (EaafBuilderException e) { + Assert.assertEquals("Wrong errorMsg", "builder.32", e.getErrorId()); + + } + } + + @Test + public void decBpkWrongTarget() throws InvalidKeyException { + String bpk = RandomStringUtils.randomAlphanumeric(25); + String target = RandomStringUtils.randomAlphanumeric(25); + + try { + BpkBuilder.decryptBpk(bpk, target, keyPair.getPrivate()); + Assert.fail("Wrong parameters not detected"); + + } catch (EaafBuilderException e) { + Assert.assertEquals("Wrong errorMsg", "builder.32", e.getErrorId()); + + } + } + + @Test + public void decBpkWrongTargetInEncBpk() throws InvalidKeyException, EaafBuilderException { + String bpk = RandomStringUtils.randomAlphanumeric(25); + String target = EaafConstants.URN_PREFIX_CDID + "AA"; + + String encBpk = BpkBuilder.encryptBpk(bpk, target, keyPair.getPublic()); + try { + BpkBuilder.decryptBpk(encBpk, + EaafConstants.URN_PREFIX_CDID + "BB", keyPair.getPrivate()); + Assert.fail("Wrong parameters not detected"); + + } catch (EaafBuilderException e) { + Assert.assertEquals("Wrong errorMsg", "builder.30", e.getErrorId()); + + } + } + + @Test + public void encBpkSuccess() throws EaafBuilderException, InvalidKeyException { + String bpk = RandomStringUtils.randomAlphanumeric(25); + String target = EaafConstants.URN_PREFIX_CDID + "AA"; + + String encBpk = BpkBuilder.encryptBpk(bpk, target, keyPair.getPublic()); + + Assert.assertNotNull("encBpk", encBpk); + + Pair<String, String> decBpk = BpkBuilder.decryptBpk(encBpk, target, keyPair.getPrivate()); + + Assert.assertEquals("wrong bBK", bpk, decBpk.getFirst()); + Assert.assertEquals("wrong bBK-Target", target, decBpk.getSecond()); + + } + + @Test + public void encWbpkSuccess() throws EaafBuilderException, InvalidKeyException { + String bpk = RandomStringUtils.randomAlphanumeric(25); + String target = EaafConstants.URN_PREFIX_WBPK + "XFN+123456i"; + + String encBpk = BpkBuilder.encryptBpk(bpk, target, keyPair.getPublic()); + + Assert.assertNotNull("encBpk", encBpk); + + Pair<String, String> decBpk = BpkBuilder.decryptBpk(encBpk, target, keyPair.getPrivate()); + + Assert.assertEquals("wrong bBK", bpk, decBpk.getFirst()); + Assert.assertEquals("wrong bBK-Target", target, decBpk.getSecond()); + + } + + @Test + public void encWbpkSuccessSecond() throws EaafBuilderException, InvalidKeyException { + String bpk = RandomStringUtils.randomAlphanumeric(25); + String target = EaafConstants.URN_PREFIX_WBPK + "FN+123456i"; + + String encBpk = BpkBuilder.encryptBpk(bpk, target, keyPair.getPublic()); + + Assert.assertNotNull("encBpk", encBpk); + + Pair<String, String> decBpk = BpkBuilder.decryptBpk(encBpk, + EaafConstants.URN_PREFIX_WBPK + "XFN+123456i", keyPair.getPrivate()); + + Assert.assertEquals("wrong bBK", bpk, decBpk.getFirst()); + Assert.assertEquals("wrong bBK-Target", + EaafConstants.URN_PREFIX_WBPK + "XFN+123456i", decBpk.getSecond()); + + } + + + @Test + public void noBaseId() { + try { + BpkBuilder.generateAreaSpecificPersonIdentifier(null, EaafConstants.URN_PREFIX_CDID + "AA"); + + } catch (EaafBuilderException e) { + Assert.assertEquals("Wrong errorCode", "builder.33", e.getErrorId()); + } + } + + @Test + public void noTarget() { + try { + BpkBuilder.generateAreaSpecificPersonIdentifier(BASEID, null); + + } catch (EaafBuilderException e) { + Assert.assertEquals("Wrong errorCode", "builder.33", e.getErrorId()); + } + } + + @Test + public void noBaseIdType() { + try { + BpkBuilder.generateAreaSpecificPersonIdentifier(BASEID, + null, EaafConstants.URN_PREFIX_CDID + "AA"); + + } catch (EaafBuilderException e) { + Assert.assertEquals("Wrong errorCode", "builder.33", e.getErrorId()); + } + } + + @Test + public void wrongBaseIdType() { + try { + BpkBuilder.generateAreaSpecificPersonIdentifier(BASEID, + EaafConstants.URN_PREFIX_CDID + "BB", EaafConstants.URN_PREFIX_CDID + "AA"); + + } catch (EaafBuilderException e) { + Assert.assertEquals("Wrong errorCode", "builder.33", e.getErrorId()); + } + } + + @Test + public void baseIdTypeEqualsTarget() throws EaafBuilderException { + Pair<String, String> result1 = BpkBuilder.generateAreaSpecificPersonIdentifier(BASEID, + EaafConstants.URN_PREFIX_CDID + "AA", EaafConstants.URN_PREFIX_CDID + "AA"); + + Assert.assertEquals("first bPK", BASEID, + result1.getFirst()); + Assert.assertEquals("first bPK", "urn:publicid:gv.at:cdid+AA", + result1.getSecond()); + + } + + @Test + public void buildBpk() throws EaafBuilderException { + + Pair<String, String> result1 = BpkBuilder.generateAreaSpecificPersonIdentifier( + BASEID, EaafConstants.URN_PREFIX_CDID + "AA"); + Pair<String, String> result2 = BpkBuilder.generateAreaSpecificPersonIdentifier( + BASEID, EaafConstants.URN_PREFIX_CDID + "BB"); + + Assert.assertEquals("first bPK", "b1Ip610zZq/Or/uCqgb51lnAdZM=", + result1.getFirst()); + Assert.assertEquals("first bPK", "urn:publicid:gv.at:cdid+AA", + result1.getSecond()); + + Assert.assertEquals("second bPK", "uYst6hjKJvyp7s/ezD8zsnkcj9k=", + result2.getFirst()); + Assert.assertEquals("second bPK", "urn:publicid:gv.at:cdid+BB", + result2.getSecond()); + + } + + @Test + public void buildWbpkFn() throws EaafBuilderException { + + Pair<String, String> result1 = BpkBuilder.generateAreaSpecificPersonIdentifier( + BASEID, EaafConstants.URN_PREFIX_WBPK + "FN+123456i"); + + Assert.assertEquals("wbPK", "k65HRxpVcoZ2OPZHo3j2LEn/JQE=", + result1.getFirst()); + Assert.assertEquals("wbPK", "urn:publicid:gv.at:wbpk+XFN+123456i", + result1.getSecond()); + + } + + @Test + public void buildWbpkZvr() throws EaafBuilderException { + + Pair<String, String> result1 = BpkBuilder.generateAreaSpecificPersonIdentifier( + BASEID, EaafConstants.URN_PREFIX_WBPK + "ZVR+123456"); + + Assert.assertEquals("wbPK", "1WvaBLiTxcc3kVzfB71Zh2sCtvA=", + result1.getFirst()); + Assert.assertEquals("wbPK", "urn:publicid:gv.at:wbpk+XZVR+123456", + result1.getSecond()); + + } + + @Test + public void buildWbpkErsb() throws EaafBuilderException { + + Pair<String, String> result1 = BpkBuilder.generateAreaSpecificPersonIdentifier( + BASEID, EaafConstants.URN_PREFIX_WBPK + "ERSB+123456"); + + Assert.assertEquals("wbPK", "xtAWGAiblvhYJiCpUB3dwdRFPpg=", + result1.getFirst()); + Assert.assertEquals("wbPK", "urn:publicid:gv.at:wbpk+XERSB+123456", + result1.getSecond()); + + } + + @Test + public void buildWbpkXFn() throws EaafBuilderException { + + Pair<String, String> result1 = BpkBuilder.generateAreaSpecificPersonIdentifier( + BASEID, EaafConstants.URN_PREFIX_WBPK + "XFN+123456i"); + + Assert.assertEquals("wbPK", "k65HRxpVcoZ2OPZHo3j2LEn/JQE=", + result1.getFirst()); + Assert.assertEquals("wbPK", "urn:publicid:gv.at:wbpk+XFN+123456i", + result1.getSecond()); + + } + + @Test + public void buildWbpkXZvr() throws EaafBuilderException { + + Pair<String, String> result1 = BpkBuilder.generateAreaSpecificPersonIdentifier( + BASEID, EaafConstants.URN_PREFIX_WBPK + "XZVR+123456"); + + Assert.assertEquals("wbPK", "1WvaBLiTxcc3kVzfB71Zh2sCtvA=", + result1.getFirst()); + Assert.assertEquals("wbPK", "urn:publicid:gv.at:wbpk+XZVR+123456", + result1.getSecond()); + + } + + @Test + public void buildWbpkXErsb() throws EaafBuilderException { + + Pair<String, String> result1 = BpkBuilder.generateAreaSpecificPersonIdentifier( + BASEID, EaafConstants.URN_PREFIX_WBPK + "XERSB+123456"); + + Assert.assertEquals("wbPK", "xtAWGAiblvhYJiCpUB3dwdRFPpg=", + result1.getFirst()); + Assert.assertEquals("wbPK", "urn:publicid:gv.at:wbpk+XERSB+123456", + result1.getSecond()); + + } + + @Test + public void buildWbpkOthers() throws EaafBuilderException { + + Pair<String, String> result1 = BpkBuilder.generateAreaSpecificPersonIdentifier( + BASEID, EaafConstants.URN_PREFIX_WBPK + "XABC+123456"); + + Assert.assertEquals("wbPK", "wv96/xKUyi6YoYGv7IcIlFTsJIk=", + result1.getFirst()); + Assert.assertEquals("wbPK", "urn:publicid:gv.at:wbpk+XABC+123456", + result1.getSecond()); + + } + + @Test + public void buildEidasId() throws EaafBuilderException { + + Pair<String, String> result1 = BpkBuilder.generateAreaSpecificPersonIdentifier( + BASEID, EaafConstants.URN_PREFIX_EIDAS + "AT+ES"); + + Assert.assertEquals("eidas", "AT/ES/7AuLZNKsiRr97yvLsQ16SZ6r0q0=", + result1.getFirst()); + Assert.assertEquals("wbPK", "urn:publicid:gv.at:eidasid+AT+ES", + result1.getSecond()); + + } + + @Test + public void normalizeNullTarget() { + Assert.assertNull("Wrong normalized target", + BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(null)); + + } + + @Test + public void normalizeBpkTarget() { + String target = EaafConstants.URN_PREFIX_CDID + RandomStringUtils.randomAlphabetic(2); + Assert.assertEquals("Wrong normalized target", + target, + BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(target)); + + } + + @Test + public void normalizeWbpkTargetWithX() { + String target = EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + RandomStringUtils.randomAlphabetic(2); + Assert.assertEquals("Wrong normalized target", + target, + BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(target)); + + } + + @Test + public void normalizeWbpkTargetWithOutXNoMapping() { + String target = EaafConstants.URN_PREFIX_WBPK + RandomStringUtils.randomAlphabetic(2); + Assert.assertEquals("Wrong normalized target", + target, + BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(target)); + + } + + @Test + public void normalizeWbpkTargetWithOutXMappingFn() { + Assert.assertEquals("Wrong normalized target", + EaafConstants.URN_PREFIX_WBPK + "XFN+123456i", + BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(EaafConstants.URN_PREFIX_WBPK + "FN+123456i")); + + } + + @Test + public void normalizeWbpkTargetWithOutXMappingZvr() { + Assert.assertEquals("Wrong normalized target", + EaafConstants.URN_PREFIX_WBPK + "XZVR+1122334455", + BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(EaafConstants.URN_PREFIX_WBPK + "ZVR+1122334455")); + + } + + @Test + public void normalizeWbpkTargetWithOutXMappingErsb() { + Assert.assertEquals("Wrong normalized target", + EaafConstants.URN_PREFIX_WBPK + "XERSB+998877665544", + BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(EaafConstants.URN_PREFIX_WBPK + "ERSB+998877665544")); + + } + + @Test + public void normalizeEidasTarget() { + String target = EaafConstants.URN_PREFIX_EIDAS + RandomStringUtils.randomAlphabetic(2) + + "+" + RandomStringUtils.randomAlphabetic(2); + Assert.assertEquals("Wrong normalized target", + target, + BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(target)); + + } + + @Test + public void calcNormalizeNullTarget() { + Assert.assertNull("Wrong normalized target", + BpkBuilder.normalizeBpkTargetIdentifierToNonXFormat(null)); + + } + + @Test + public void calcNormalizeBpkTarget() { + String target = EaafConstants.URN_PREFIX_CDID + RandomStringUtils.randomAlphabetic(2); + Assert.assertEquals("Wrong normalized target", + target, + BpkBuilder.normalizeBpkTargetIdentifierToNonXFormat(target)); + + } + + @Test + public void calcNormalizeWbpkTargetWithoutX() { + + Assert.assertEquals("Wrong normalized target", + EaafConstants.URN_PREFIX_WBPK + "FN+123456i", + BpkBuilder.normalizeBpkTargetIdentifierToNonXFormat(EaafConstants.URN_PREFIX_WBPK + "FN+123456i")); + + } + + @Test + public void calcNormalizeWbpkTargetWithOutXNoMapping() { + String target = EaafConstants.URN_PREFIX_WBPK + RandomStringUtils.randomAlphabetic(2); + Assert.assertEquals("Wrong normalized target", + target, + BpkBuilder.normalizeBpkTargetIdentifierToNonXFormat(target)); + + } + + @Test + public void calcNormalizeWbpkTargetWithXMappingFn() { + Assert.assertEquals("Wrong normalized target", + EaafConstants.URN_PREFIX_WBPK + "FN+123456i", + BpkBuilder.normalizeBpkTargetIdentifierToNonXFormat(EaafConstants.URN_PREFIX_WBPK + "XFN+123456i")); + + } + + @Test + public void calcNormalizeWbpkTargetWithXMappingZvr() { + Assert.assertEquals("Wrong normalized target", + EaafConstants.URN_PREFIX_WBPK + "ZVR+1122334455", + BpkBuilder.normalizeBpkTargetIdentifierToNonXFormat(EaafConstants.URN_PREFIX_WBPK + "XZVR+1122334455")); + + } + + @Test + public void calcNormalizeWbpkTargetWithXMappingErsb() { + Assert.assertEquals("Wrong normalized target", + EaafConstants.URN_PREFIX_WBPK + "ERSB+998877665544", + BpkBuilder.normalizeBpkTargetIdentifierToNonXFormat( + EaafConstants.URN_PREFIX_WBPK + "XERSB+998877665544")); + + } + + @Test + public void calcNormalizeEidasTarget() { + String target = EaafConstants.URN_PREFIX_EIDAS + RandomStringUtils.randomAlphabetic(2) + + "+" + RandomStringUtils.randomAlphabetic(2); + Assert.assertEquals("Wrong normalized target", + target, + BpkBuilder.normalizeBpkTargetIdentifierToNonXFormat(target)); + + } + + @Test + public void removeBpkPrefix() { + String spTarget = RandomStringUtils.randomAlphabetic(2); + Assert.assertEquals("Wrong SP target without prefix", + spTarget, + BpkBuilder.removeBpkTypePrefix(EaafConstants.URN_PREFIX_CDID + spTarget)); + + } + + @Test + public void removeWpbkPrefix() { + String spTarget = RandomStringUtils.randomAlphabetic(10); + Assert.assertEquals("Wrong SP target without prefix", + spTarget, + BpkBuilder.removeBpkTypePrefix(EaafConstants.URN_PREFIX_WBPK + spTarget)); + + } + + @Test + public void removeEidasPbkPrefix() { + String spTarget = RandomStringUtils.randomAlphabetic(2) + "+" + RandomStringUtils.randomAlphabetic(2); + Assert.assertEquals("Wrong SP target without prefix", + spTarget, + BpkBuilder.removeBpkTypePrefix(EaafConstants.URN_PREFIX_EIDAS + spTarget)); + + } + + @Test + public void removeUnknownPbkPrefix() { + String spTarget = RandomStringUtils.randomAlphabetic(10); + Assert.assertEquals("Wrong SP target without prefix", + EaafConstants.URN_PREFIX_BASEID + spTarget, + BpkBuilder.removeBpkTypePrefix(EaafConstants.URN_PREFIX_BASEID + spTarget)); + + } +} diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java index cefb1e7e..3e82c510 100644 --- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java +++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java @@ -4,18 +4,23 @@ import java.security.Key; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.Provider; +import java.security.Security; import java.security.cert.X509Certificate; import java.util.List; +import javax.crypto.SecretKey; + import org.apache.commons.lang3.RandomStringUtils; import org.junit.Assert; import org.junit.Before; +import org.junit.Ignore; import org.junit.Test; import org.junit.runner.RunWith; import org.springframework.beans.BeansException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.ApplicationContext; import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.ClassMode; import org.springframework.test.annotation.DirtiesContext.MethodMode; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; @@ -25,6 +30,7 @@ import com.google.common.base.Predicates; import com.google.common.base.Throwables; import com.google.common.collect.FluentIterable; +import at.asitplus.hsmfacade.provider.HsmFacadeProvider; import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException; import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; import at.gv.egiz.eaaf.core.exceptions.EaafException; @@ -33,13 +39,15 @@ import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils; import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; +import at.gv.egiz.eaaf.core.impl.credential.SymmetricKeyConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.SymmetricKeyConfiguration.SymmetricKeyType; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap; import io.grpc.StatusRuntimeException; @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration("/spring/test_eaaf_pvp_lazy.beans.xml") -@DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) +@DirtiesContext(classMode = ClassMode.BEFORE_EACH_TEST_METHOD) public class EaafKeyStoreFactoryTest { private static final String HSM_FACASE_HOST = "eid.a-sit.at"; @@ -66,14 +74,15 @@ public class EaafKeyStoreFactoryTest { /** * jUnit test set-up. */ - @Before + @Before public void testSetup() { mapConfig.clearAllConfig(); - + Security.removeProvider(HsmFacadeProvider.getInstance().getName()); + } @Test - @DirtiesContext + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public void startWithoutConfigHsmFacadeConfig() { final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); @@ -81,7 +90,7 @@ public class EaafKeyStoreFactoryTest { } @Test - @DirtiesContext + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public void buildyStoreWithOutConfig() { final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); @@ -99,7 +108,7 @@ public class EaafKeyStoreFactoryTest { } @Test - @DirtiesContext + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public void buildyStoreWithPkcs11() { final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); @@ -118,7 +127,7 @@ public class EaafKeyStoreFactoryTest { } @Test - @DirtiesContext + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public void softwareKeyStoreWithoutConfig() { final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); @@ -137,7 +146,7 @@ public class EaafKeyStoreFactoryTest { } @Test - @DirtiesContext + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public void softwareKeyStoreWithoutConfigSecond() { final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); @@ -156,7 +165,7 @@ public class EaafKeyStoreFactoryTest { } @Test - @DirtiesContext + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public void softwareKeyStoreWithoutPassword() { final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); @@ -177,7 +186,7 @@ public class EaafKeyStoreFactoryTest { } @Test - @DirtiesContext + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public void softwareKeyStoreWithoutPath() { final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); @@ -199,7 +208,7 @@ public class EaafKeyStoreFactoryTest { } @Test - @DirtiesContext + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public void softwareKeyStoreWithoutType() throws EaafException { final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); @@ -217,7 +226,7 @@ public class EaafKeyStoreFactoryTest { } @Test - @DirtiesContext + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public void softwareKeyStoreWithWrongPath() { final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); @@ -234,13 +243,13 @@ public class EaafKeyStoreFactoryTest { } catch (final EaafException e) { org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e, "Wong ExceptionType"); - Assert.assertEquals("wrong errorCode", "internal.keystore.05", e.getErrorId()); + Assert.assertEquals("wrong errorCode", "internal.keystore.06", e.getErrorId()); } } @Test - @DirtiesContext + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public void softwareKeyStoreWithWrongPassword() { final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); @@ -263,7 +272,7 @@ public class EaafKeyStoreFactoryTest { } @Test - @DirtiesContext + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public void softwareKeyStoreSuccessJks() throws EaafException { final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); @@ -280,10 +289,13 @@ public class EaafKeyStoreFactoryTest { Assert.assertNotNull("KeyStore is null", keyStore.getFirst()); Assert.assertNull("KeyStore is null", keyStore.getSecond()); + Assert.assertEquals("Wrong HSM-Facade state", EaafKeyStoreFactory.HsmFacadeStatus.UNKNOWN, + keyStoreFactory.checkHsmFacadeStatus()); + } @Test - @DirtiesContext + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public void softwareKeyStoreAccessOperations() throws EaafException, KeyStoreException { final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); @@ -352,7 +364,7 @@ public class EaafKeyStoreFactoryTest { } @Test - @DirtiesContext + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public void softwareKeyStoreSuccessPkcs12() throws EaafException { final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); @@ -372,6 +384,75 @@ public class EaafKeyStoreFactoryTest { } @Test + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) + public void symmetricSoftwareKeyWithOutConfig() { + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + + SymmetricKeyConfiguration keyConfig = new SymmetricKeyConfiguration(); + keyConfig.setFriendlyName("jUnit test"); + keyConfig.setKeyType(SymmetricKeyType.PASSPHRASE); + try { + keyStoreFactory.buildNewSymmetricKey(keyConfig); + Assert.fail("Wrong config not detected"); + + } catch (final EaafException e) { + org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e, "Wong ExceptionType"); + Assert.assertEquals("wrong errorCode", "internal.key.00", e.getErrorId()); + + } + } + + @Test + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) + public void symmetricSoftwareKeyWithOutSalt() { + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + + SymmetricKeyConfiguration keyConfig = new SymmetricKeyConfiguration(); + keyConfig.setFriendlyName("jUnit test"); + keyConfig.setKeyType(SymmetricKeyType.PASSPHRASE); + keyConfig.setSoftKeyPassphrase(RandomStringUtils.randomAlphanumeric(10)); + try { + keyStoreFactory.buildNewSymmetricKey(keyConfig); + Assert.fail("Wrong config not detected"); + + } catch (final EaafException e) { + org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e, "Wong ExceptionType"); + Assert.assertEquals("wrong errorCode", "internal.key.00", e.getErrorId()); + + } + } + + @Test + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) + public void symmetricSoftwareKeyValid() throws EaafException { + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + + SymmetricKeyConfiguration keyConfig = new SymmetricKeyConfiguration(); + keyConfig.setFriendlyName("jUnit test"); + keyConfig.setKeyType(SymmetricKeyType.PASSPHRASE); + keyConfig.setSoftKeyPassphrase(RandomStringUtils.randomAlphanumeric(10)); + keyConfig.setSoftKeySalt(RandomStringUtils.randomAlphanumeric(10)); + + Pair<SecretKey, Provider> key = keyStoreFactory.buildNewSymmetricKey(keyConfig); + Assert.assertNotNull("Key container is null", key); + Assert.assertNotNull("Key is null", key.getFirst()); + Assert.assertNull("Provider is not null", key.getSecond()); + + } + + @Test + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) + public void hsmFacadeNoHostConfig() { + context.getBean(EaafKeyStoreFactory.class); + + } + + + @Test + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public void hsmFacadeOnlyHostConfig() { mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, RandomStringUtils.randomNumeric(10)); @@ -386,6 +467,7 @@ public class EaafKeyStoreFactoryTest { } @Test + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public void hsmFacadeMissingPort() { mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, RandomStringUtils.randomNumeric(10)); @@ -405,6 +487,7 @@ public class EaafKeyStoreFactoryTest { } @Test + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public void hsmFacadeMissingUsername() { mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, RandomStringUtils.randomNumeric(10)); @@ -423,6 +506,7 @@ public class EaafKeyStoreFactoryTest { } @Test + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public void hsmFacadeMissingPassword() { mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, RandomStringUtils.randomNumeric(10)); @@ -442,6 +526,7 @@ public class EaafKeyStoreFactoryTest { } @Test + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public void hsmFacadeMissingTrustedCertificate() { mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, RandomStringUtils.randomNumeric(10)); @@ -463,6 +548,7 @@ public class EaafKeyStoreFactoryTest { } @Test + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public void hsmFacadeMissingTrustedCertificateFile() { mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, RandomStringUtils.randomNumeric(10)); @@ -485,7 +571,8 @@ public class EaafKeyStoreFactoryTest { } } - @Test + @Test + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public void hsmFacadeMissingWrongTrustedCertificate() { mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, RandomStringUtils.randomNumeric(10)); @@ -508,8 +595,35 @@ public class EaafKeyStoreFactoryTest { } } + @Test + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) + public void hsmFacadeWrongGrpcDeadlineParameter() { + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, + RandomStringUtils.randomNumeric(10)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT, + RandomStringUtils.randomNumeric(4)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME, + RandomStringUtils.randomNumeric(10)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD, + RandomStringUtils.randomAlphanumeric(10)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST, + "src/test/resources/spring/test_eaaf_pvp_lazy.beans.xml"); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_GRPC_DEADLINE, + RandomStringUtils.randomAlphabetic(5)); + + try { + context.getBean(EaafKeyStoreFactory.class); + Assert.fail("Missing HSM Facade not detected"); + + } catch (final BeansException e) { + checkMissingConfigException(e, "internal.keystore.05"); + + } + } + + @Ignore @Test - @DirtiesContext + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public void hsmFacadeInitialized() { mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, RandomStringUtils.randomNumeric(10)); @@ -521,14 +635,54 @@ public class EaafKeyStoreFactoryTest { RandomStringUtils.randomAlphanumeric(10)); mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST, PATH_TO_HSM_FACADE_TRUST_CERT); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_GRPC_DEADLINE, + RandomStringUtils.randomNumeric(2)); + + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + Assert.assertEquals("Wrong HSM-Facade state", EaafKeyStoreFactory.HsmFacadeStatus.UP, + keyStoreFactory.checkHsmFacadeStatus()); + + } + + @Test + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) + public void hsmFacadeHealthCheckNoProvider() { + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, + RandomStringUtils.randomNumeric(10)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT, + RandomStringUtils.randomNumeric(4)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME, + RandomStringUtils.randomNumeric(10)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD, + RandomStringUtils.randomAlphanumeric(10)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST, + PATH_TO_HSM_FACADE_TRUST_CERT); final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + + Security.removeProvider("HsmFacade"); + Assert.assertEquals("Wrong HSM-Facade state", EaafKeyStoreFactory.HsmFacadeStatus.DOWN, + keyStoreFactory.checkHsmFacadeStatus()); } + + @Test + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) + public void hsmFacadeAlreadLoaded() { + HsmFacadeProvider provider = HsmFacadeProvider.getInstance(); + Security.addProvider(provider); + + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + Assert.assertEquals("Wrong HSM-Facade state", EaafKeyStoreFactory.HsmFacadeStatus.UP, + keyStoreFactory.checkHsmFacadeStatus()); + } + @Test - @DirtiesContext + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public void hsmFacadeKeyStoreNoKeyStoreName() { configureHsmFacade(); @@ -550,7 +704,7 @@ public class EaafKeyStoreFactoryTest { } @Test - @DirtiesContext + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public void hsmFacadeKeyStoreSuccess() throws EaafException { configureHsmFacade(); @@ -578,13 +732,106 @@ public class EaafKeyStoreFactoryTest { } @Test - @DirtiesContext - public void hsmFacadeKeyStoreSuccessASitTestFacade() throws EaafException, KeyStoreException { + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) + public void symmetricHsmFacadeKeyWithOutConfig() { configureHsmFacade(); + + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + SymmetricKeyConfiguration keyConfig = new SymmetricKeyConfiguration(); + keyConfig.setFriendlyName("jUnit test"); + keyConfig.setKeyType(SymmetricKeyType.HSMFACADE); + try { + keyStoreFactory.buildNewSymmetricKey(keyConfig); + Assert.fail("Wrong config not detected"); + + } catch (final EaafException e) { + org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e, "Wong ExceptionType"); + Assert.assertEquals("wrong errorCode", "internal.keystore.06", e.getErrorId()); + + } + } + + @Test + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) + public void symmetricHsmFacadeKeyWithOutKeyAlias() { + configureHsmFacade(); + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + SymmetricKeyConfiguration keyConfig = new SymmetricKeyConfiguration(); + keyConfig.setFriendlyName("jUnit test"); + keyConfig.setKeyType(SymmetricKeyType.HSMFACADE); + keyConfig.setKeyStoreName("authhandler"); + try { + keyStoreFactory.buildNewSymmetricKey(keyConfig); + Assert.fail("Wrong config not detected"); + + } catch (final EaafException e) { + org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e, "Wong ExceptionType"); + Assert.assertEquals("wrong errorCode", "internal.key.00", e.getErrorId()); + + } + } + + @Test + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) + public void symmetricHsmFacadeKeyWrongKeyAlias() { + configureHsmFacade(); + + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + + SymmetricKeyConfiguration keyConfig = new SymmetricKeyConfiguration(); + keyConfig.setFriendlyName("jUnit test"); + keyConfig.setKeyType(SymmetricKeyType.HSMFACADE); + keyConfig.setKeyStoreName("authhandler"); + keyConfig.setKeyAlias("notExist"); + + try { + keyStoreFactory.buildNewSymmetricKey(keyConfig); + Assert.fail("Wrong config not detected"); + + } catch (final EaafException e) { + org.springframework.util.Assert.isInstanceOf(EaafKeyAccessException.class, e, "Wong ExceptionType"); + Assert.assertEquals("wrong errorCode", "internal.keystore.09", e.getErrorId()); + + } + } + + @Test + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) + public void symmetricHsmFacadeKeyValid() throws EaafException { + configureHsmFacade(); + + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + + SymmetricKeyConfiguration keyConfig = new SymmetricKeyConfiguration(); + keyConfig.setFriendlyName("jUnit test"); + keyConfig.setKeyType(SymmetricKeyType.HSMFACADE); + keyConfig.setKeyStoreName("authhandler"); + keyConfig.setKeyAlias("aes-key-1"); + + Pair<SecretKey, Provider> key = keyStoreFactory.buildNewSymmetricKey(keyConfig); + Assert.assertNotNull("Key container is null", key); + Assert.assertNotNull("Key is null", key.getFirst()); + Assert.assertNotNull("Provider is null", key.getFirst()); + + } + + @Test + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) + public void hsmFacadeKeyStoreSuccessASitTestFacade() throws EaafException, KeyStoreException { + configureHsmFacade(); + + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + Assert.assertEquals("Wrong HSM-Facade state", EaafKeyStoreFactory.HsmFacadeStatus.UP, + keyStoreFactory.checkHsmFacadeStatus()); + final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); keyStoreConfig.setKeyStoreType(KeyStoreType.HSMFACADE); keyStoreConfig.setKeyStoreName("authhandler"); diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EncryptionTask.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EncryptionTask.java new file mode 100644 index 00000000..ac456c13 --- /dev/null +++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EncryptionTask.java @@ -0,0 +1,156 @@ +package at.gv.egiz.eaaf.core.test.credentials; + +import static org.junit.Assert.assertArrayEquals; + +import java.security.Provider; +import java.util.concurrent.CompletableFuture; + +import javax.crypto.Cipher; +import javax.crypto.SecretKey; +import javax.crypto.spec.GCMParameterSpec; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Assert; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.scheduling.annotation.Async; +import org.springframework.scheduling.annotation.AsyncResult; + +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.SymmetricKeyConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.SymmetricKeyConfiguration.SymmetricKeyType; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.utils.Random; +import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap; +import lombok.Getter; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +@Getter +public class EncryptionTask implements Runnable { + + private static final String HSM_FACASE_HOST = "eid.a-sit.at"; + private static final String HSM_FACASE_PORT = "9050"; + private static final String HSM_FACASE_SSL_TRUST = "src/test/resources/data/hsm_facade_trust_root.crt"; + private static final String HSM_FACASE_USERNAME = "authhandler-junit"; + private static final String HSM_FACASE_PASSWORD = "supersecret123"; + private static final String PATH_TO_SOFTWARE_KEYSTORE_JKS_WITH_TRUSTED_CERTS = + "src/test/resources/data/junit.jks"; + private static final String PATH_TO_SOFTWARE_KEYSTORE_JKS = + "src/test/resources/data/junit_without_trustcerts.jks"; + private static final String PATH_TO_SOFTWARE_KEYSTORE_PKCS12 = + "src/test/resources/data/junit_without_trustcerts.p12"; + private static final String SOFTWARE_KEYSTORE_PASSWORD = "password"; + + private static final String HSM_FACADE_KEY_ALIAS = "authhandler-sign"; + + private static final String CIPHER_MODE = "AES/GCM/NoPadding"; + private static final int GCM_NONCE_LENGTH = 12; // in bytes + private static final int GCM_TAG_LENGTH = 16; // in bytes + + protected static final String KEYNAME = "AES"; + + @Autowired + private DummyAuthConfigMap mapConfig; + @Autowired + private ApplicationContext context; + + String keyName; + int rounds; + private Exception error; + + public EncryptionTask(ApplicationContext context2, DummyAuthConfigMap mapConfig2, + String keyName, int rounds) { + this.context = context2; + this.mapConfig = mapConfig2; + + this.keyName = keyName; + this.rounds = rounds; + + } + + @Override + public void run() { + run(this.keyName, this.rounds); + + } + + @Async + public CompletableFuture<String> run(String keyName, int rounds) { + try { + Pair<SecretKey, Provider> key = loadSymmetricKey(keyName); + Assert.assertNotNull("Key container is null", key); + + for(int i = 0; i < rounds; i++) { + + log.info("Starting threat: {} Round: {}", Thread.currentThread().getName(), i); + + byte[] data = RandomStringUtils.randomAlphanumeric(1024*64).getBytes(); + Pair<byte[], byte[]> enc = encryptData(key.getFirst(), data); + + byte[] checkData = decryptData(enc, key.getFirst()); + log.info("Finishing threat: {} Round: {}", Thread.currentThread().getName(), i); + + + assertArrayEquals("plaintext not match", data, checkData); + + + + } + + } catch (Exception e) { + this.error = e; + throw new RuntimeException(e); + + } + + return new AsyncResult<>("finished").completable(); + + } + + private byte[] decryptData(Pair<byte[], byte[]> enc, SecretKey secret) throws Exception { + final GCMParameterSpec iv = new GCMParameterSpec(GCM_TAG_LENGTH * 8, enc.getSecond()); + final Cipher cipher = Cipher.getInstance(CIPHER_MODE); + cipher.init(Cipher.DECRYPT_MODE, secret, iv); + return cipher.doFinal(enc.getFirst()); + + } + + + + private Pair<byte[], byte[]> encryptData(SecretKey secret, byte[] toEncrypt) throws Exception { + final byte[] nonce = Random.nextBytes(GCM_NONCE_LENGTH); + final GCMParameterSpec spec = new GCMParameterSpec(GCM_TAG_LENGTH * 8, nonce); + final Cipher cipher = Cipher.getInstance(CIPHER_MODE); + cipher.init(Cipher.ENCRYPT_MODE, secret, spec); + + final byte[] encdata = cipher.doFinal(toEncrypt); + final byte[] iv = cipher.getIV(); + + return Pair.newInstance(encdata, iv); + + } + + private Pair<SecretKey, Provider> loadSymmetricKey(String keyName) throws EaafException { + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, HSM_FACASE_HOST); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT, HSM_FACASE_PORT); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST, HSM_FACASE_SSL_TRUST); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME, HSM_FACASE_USERNAME); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD, HSM_FACASE_PASSWORD); + + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + + SymmetricKeyConfiguration keyConfig = new SymmetricKeyConfiguration(); + keyConfig.setFriendlyName("jUnit test"); + keyConfig.setKeyType(SymmetricKeyType.HSMFACADE); + keyConfig.setKeyStoreName("authhandler"); + keyConfig.setKeyAlias(keyName); + + return keyStoreFactory.buildNewSymmetricKey(keyConfig); + } + + + +} diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/KeyOperationPerformanceTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/KeyOperationPerformanceTest.java new file mode 100644 index 00000000..90d878b9 --- /dev/null +++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/KeyOperationPerformanceTest.java @@ -0,0 +1,155 @@ +package at.gv.egiz.eaaf.core.test.credentials; + +import static org.junit.Assert.assertFalse; + +import java.security.Provider; +import java.security.Security; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; + +import javax.crypto.SecretKey; + +import org.junit.Assert; +import org.junit.Before; +import org.junit.Ignore; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.ClassMode; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.asitplus.hsmfacade.provider.HsmFacadeProvider; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.SymmetricKeyConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.SymmetricKeyConfiguration.SymmetricKeyType; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap; +import lombok.extern.slf4j.Slf4j; + +@Ignore +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/spring/test_eaaf_pvp_lazy.beans.xml") +@DirtiesContext(classMode = ClassMode.BEFORE_EACH_TEST_METHOD) +@Slf4j +public class KeyOperationPerformanceTest { + + private static final String HSM_FACASE_HOST = "eid.a-sit.at"; + private static final String HSM_FACASE_PORT = "9050"; + private static final String HSM_FACASE_SSL_TRUST = "src/test/resources/data/hsm_facade_trust_root.crt"; + private static final String HSM_FACASE_USERNAME = "authhandler-junit"; + private static final String HSM_FACASE_PASSWORD = "supersecret123"; + private static final String PATH_TO_SOFTWARE_KEYSTORE_JKS_WITH_TRUSTED_CERTS = + "src/test/resources/data/junit.jks"; + private static final String PATH_TO_SOFTWARE_KEYSTORE_JKS = + "src/test/resources/data/junit_without_trustcerts.jks"; + private static final String PATH_TO_SOFTWARE_KEYSTORE_PKCS12 = + "src/test/resources/data/junit_without_trustcerts.p12"; + private static final String SOFTWARE_KEYSTORE_PASSWORD = "password"; + + private static final String HSM_FACADE_KEY_ALIAS = "authhandler-sign"; + + private static final String CIPHER_MODE = "AES/GCM/NoPadding"; + private static final int GCM_NONCE_LENGTH = 12; // in bytes + private static final int GCM_TAG_LENGTH = 16; // in bytes + + protected static final String KEYNAME = "AES"; + + + private static final String AES_KEY_1 = "aes-key-1"; + private static final String AES_KEY_2 = "aes-key-2"; + + private static final List<String> ALL_AES_KEYS = Arrays.asList(AES_KEY_1, AES_KEY_2); + + @Autowired + private DummyAuthConfigMap mapConfig; + @Autowired + private ApplicationContext context; + + /** + * jUnit test set-up. + */ + @Before + public void testSetup() { + mapConfig.clearAllConfig(); + Security.removeProvider(HsmFacadeProvider.getInstance().getName()); + + } + + @Ignore + @Test + public void symmetricHsmFacadeKeyLoad() throws EaafException { + Pair<SecretKey, Provider> key = loadSymmetricKey(AES_KEY_1); + Assert.assertNotNull("Key container is null", key); + Assert.assertNotNull("Key is null", key.getFirst()); + Assert.assertNotNull("Provider is null", key.getFirst()); + + } + + + @Ignore + @Test + public void symmetricHsmFacadeKeyOperations() throws Exception { + Pair<SecretKey, Provider> key = loadSymmetricKey(AES_KEY_1); + Assert.assertNotNull("Key container is null", key); + new EncryptionTask(context, mapConfig, AES_KEY_2, 15).run(AES_KEY_2, 15); + + } + + @Test + public void symmetricHsmFacadeMultithreatKeyOperations() throws Exception { + Pair<SecretKey, Provider> key = loadSymmetricKey(AES_KEY_1); + Assert.assertNotNull("Key container is null", key); + + int threads = 30; + + ArrayList<EncryptionTask> taskList = new ArrayList<EncryptionTask>(); + ArrayList<Thread> threadList = new ArrayList<Thread>(); + for(int i=0; i < threads; i++){ + EncryptionTask task = new EncryptionTask(context, mapConfig, ALL_AES_KEYS.get(i % 2), 20); + taskList.add(task); + Thread t = new Thread(task); + threadList.add(t); + t.start(); + } + + // wait until they are all done + log.trace("Wait for mandate sources .... "); + for(int i=0; i<threadList.size(); i++){ + threadList.get(i).join(); + } + log.trace("Mandate sources collection finished "); + + + assertFalse("Find Thread with error", taskList.stream() + .filter(el -> el.getError() != null) + .findFirst() + .isPresent()); + + + } + + private Pair<SecretKey, Provider> loadSymmetricKey(String keyName) throws EaafException { + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, HSM_FACASE_HOST); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT, HSM_FACASE_PORT); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST, HSM_FACASE_SSL_TRUST); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME, HSM_FACASE_USERNAME); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD, HSM_FACASE_PASSWORD); + + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + + SymmetricKeyConfiguration keyConfig = new SymmetricKeyConfiguration(); + keyConfig.setFriendlyName("jUnit test"); + keyConfig.setKeyType(SymmetricKeyType.HSMFACADE); + keyConfig.setKeyStoreName("authhandler"); + keyConfig.setKeyAlias(keyName); + + return keyStoreFactory.buildNewSymmetricKey(keyConfig); + } + +} diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/SymmetricKeyConfigurationTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/SymmetricKeyConfigurationTest.java new file mode 100644 index 00000000..eb4eb212 --- /dev/null +++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/SymmetricKeyConfigurationTest.java @@ -0,0 +1,162 @@ +package at.gv.egiz.eaaf.core.test.credentials; + +import java.util.HashMap; +import java.util.Map; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.BlockJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.impl.credential.SymmetricKeyConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.SymmetricKeyConfiguration.SymmetricKeyType; + +@RunWith(BlockJUnit4ClassRunner.class) +public class SymmetricKeyConfigurationTest { + + private Map<String, String> config; + + @Before + public void testSetup() { + config = new HashMap<>(); + + } + + @Test + public void emptyConfigMap() { + try { + SymmetricKeyConfiguration.buildFromConfigurationMap(config, "jUnitTest"); + Assert.fail("Wrong config not detected"); + + } catch (final EaafConfigurationException e) { + Assert.assertEquals("wrong errorCode", "internal.keystore.04", e.getErrorId()); + } + } + + @Test + public void emptyKeyType() { + try { + config.put("key.type", ""); + + SymmetricKeyConfiguration.buildFromConfigurationMap(config, "jUnitTest"); + Assert.fail("Wrong config not detected"); + + } catch (final EaafConfigurationException e) { + Assert.assertEquals("wrong errorCode", "internal.keystore.04", e.getErrorId()); + } + } + + @Test + public void unknownKeyType() { + try { + config.put("key.type", "test"); + + SymmetricKeyConfiguration.buildFromConfigurationMap(config, "jUnitTest"); + Assert.fail("Wrong config not detected"); + + } catch (final EaafConfigurationException e) { + Assert.assertEquals("wrong errorCode", "internal.keystore.01", e.getErrorId()); + } + } + + @Test + public void hsmFacadeKeyTypeMissingName() { + try { + config.put("key.type", "hsmfacade"); + + SymmetricKeyConfiguration.buildFromConfigurationMap(config, "jUnitTest"); + Assert.fail("Wrong config not detected"); + + } catch (final EaafConfigurationException e) { + Assert.assertEquals("wrong errorCode", "internal.keystore.04", e.getErrorId()); + } + } + + @Test + public void hsmFacadeKeyTypeMissingAlias() { + try { + final String keyStoreName = RandomStringUtils.randomAlphabetic(5); + config.put("key.type", "hsmfacade"); + config.put("keystore.name", keyStoreName); + + SymmetricKeyConfiguration.buildFromConfigurationMap(config, "jUnitTest"); + Assert.fail("Wrong config not detected"); + + } catch (final EaafConfigurationException e) { + Assert.assertEquals("wrong errorCode", "internal.keystore.04", e.getErrorId()); + } + } + + @Test + public void hsmFacadeKeyTypeSucces() throws EaafConfigurationException { + final String keyStoreName = RandomStringUtils.randomAlphabetic(5); + final String keyAlias = RandomStringUtils.randomAlphabetic(5); + config.put("key.type", "hsmfacade"); + config.put("keystore.name", keyStoreName); + config.put("key.alias", keyAlias); + + final SymmetricKeyConfiguration keyStoreConfig = SymmetricKeyConfiguration.buildFromConfigurationMap(config, + "jUnitTest"); + + Assert.assertNotNull("KeyStore config object", keyStoreConfig); + Assert.assertEquals("Wrong Type", SymmetricKeyType.HSMFACADE, keyStoreConfig.getKeyType()); + Assert.assertEquals("Wrong KeyStoreName", keyStoreName, keyStoreConfig.getKeyStoreName()); + Assert.assertEquals("Wrong KeyStoreName", keyAlias, keyStoreConfig.getKeyAlias()); + + + keyStoreConfig.validate(); + + } + + @Test + public void passphraseKeyTypeMissingPassphrase() { + try { + config.put("key.type", "passphrase"); + + SymmetricKeyConfiguration.buildFromConfigurationMap(config, "jUnitTest"); + Assert.fail("Wrong config not detected"); + + } catch (final EaafConfigurationException e) { + Assert.assertEquals("wrong errorCode", "internal.keystore.04", e.getErrorId()); + } + } + + @Test + public void passphraseKeyTypeMissingSalt() { + try { + final String passphrase = RandomStringUtils.randomAlphabetic(5); + config.put("key.type", "passphrase"); + config.put("key.passphrase", passphrase); + + SymmetricKeyConfiguration.buildFromConfigurationMap(config, "jUnitTest"); + Assert.fail("Wrong config not detected"); + + } catch (final EaafConfigurationException e) { + Assert.assertEquals("wrong errorCode", "internal.keystore.04", e.getErrorId()); + } + } + + @Test + public void passphraseKeyTypeSucces() throws EaafConfigurationException { + final String passphrase = RandomStringUtils.randomAlphabetic(5); + final String salt = RandomStringUtils.randomAlphabetic(5); + config.put("key.type", "passphrase"); + config.put("key.passphrase", passphrase); + config.put("key.salt", salt); + + final SymmetricKeyConfiguration keyStoreConfig = SymmetricKeyConfiguration.buildFromConfigurationMap(config, + "jUnitTest"); + + Assert.assertNotNull("KeyStore config object", keyStoreConfig); + Assert.assertEquals("Wrong Type", SymmetricKeyType.PASSPHRASE, keyStoreConfig.getKeyType()); + Assert.assertEquals("Wrong KeyStoreName", passphrase, keyStoreConfig.getSoftKeyPassphrase()); + Assert.assertEquals("Wrong KeyStoreName", salt, keyStoreConfig.getSoftKeySalt()); + + keyStoreConfig.validate(); + + } +} + diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/dummy/DummyAuthConfigMap.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/dummy/DummyAuthConfigMap.java index bf1dfd03..09301f57 100644 --- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/dummy/DummyAuthConfigMap.java +++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/dummy/DummyAuthConfigMap.java @@ -123,7 +123,7 @@ public class DummyAuthConfigMap implements IConfigurationWithSP { @Override public String validateIdpUrl(final URL authReqUrl) throws EaafException { - return null; + return authReqUrl.toExternalForm(); } public void putConfigValue(final String key, final String value) { diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryProdHostTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryProdHostTest.java new file mode 100644 index 00000000..55c17ee8 --- /dev/null +++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryProdHostTest.java @@ -0,0 +1,98 @@ +package at.gv.egiz.eaaf.core.test.http; + +import java.io.IOException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.Provider; +import java.security.UnrecoverableKeyException; +import java.security.cert.CertificateEncodingException; +import java.security.cert.X509Certificate; +import java.util.Base64; + +import org.apache.http.client.ClientProtocolException; +import org.apache.http.client.methods.CloseableHttpResponse; +import org.apache.http.client.methods.HttpGet; +import org.apache.http.client.methods.HttpUriRequest; +import org.apache.http.impl.client.CloseableHttpClient; +import org.junit.Assert; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.MethodMode; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.http.HttpClientConfiguration; +import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory; +import ch.qos.logback.classic.Level; +import ch.qos.logback.classic.Logger; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/spring/test_eaaf_pvp_not_lazy.beans.xml") +@DirtiesContext +public class HttpClientFactoryProdHostTest { + + @Autowired private IHttpClientFactory httpClientFactory; + @Autowired private EaafKeyStoreFactory keyStoreFactory; + + /** + * Initialize full class. + */ + @BeforeClass + public static void classInitializer() { + final Logger logger = (Logger) LoggerFactory.getLogger("org.bouncycastle.jsse"); + logger.setLevel(Level.TRACE); + + } + + /** + * JUnit test set-up. + * + */ + @Before + public void setup() { + + } + + @Test + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) + public void getCustomClientX509AuthWithHsmFacadeTrustStore() throws EaafException, ClientProtocolException, + IOException, KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException, + CertificateEncodingException { + System.setProperty("javax.net.debug", "ssl:handshake"); + + final HttpClientConfiguration clientConfig = new HttpClientConfiguration("jUnit-client"); + clientConfig.setAuthMode("ssl"); + //clientConfig.buildKeyStoreConfig("hsmfacade", null, null, "eid-junit"); + //clientConfig.setSslKeyAlias("rsa-key-1"); + clientConfig.buildKeyStoreConfig("hsmfacade", null, null, "authhandler"); + clientConfig.setSslKeyAlias("authhandler-sign"); + clientConfig.setDisableTlsHostCertificateValidation(false); + + final CloseableHttpClient client = httpClientFactory.getHttpClient(clientConfig); + Assert.assertNotNull("httpClient", client); + + final Pair<KeyStore, Provider> sslClientKeyStore = + keyStoreFactory.buildNewKeyStore(clientConfig.getKeyStoreConfig()); + final X509Certificate clientRootCert = (X509Certificate) sslClientKeyStore.getFirst() + .getCertificateChain(clientConfig.getSslKeyAlias())[1]; + final X509Certificate clientEeCert = (X509Certificate) sslClientKeyStore.getFirst() + .getCertificateChain(clientConfig.getSslKeyAlias())[0]; + Base64.getEncoder().encodeToString(clientEeCert.getEncoded()); + + //perform test request + final HttpUriRequest httpGet2 = new HttpGet("https://apps.egiz.gv.at//sslclientcertdemo/"); + final CloseableHttpResponse httpResp2 = client.execute(httpGet2); + Assert.assertEquals("http statusCode", 200, httpResp2.getStatusLine().getStatusCode()); + + } + +} diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryTest.java index 25bd3008..c71d8352 100644 --- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryTest.java +++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryTest.java @@ -1,42 +1,66 @@ package at.gv.egiz.eaaf.core.test.http; +import java.io.ByteArrayInputStream; import java.io.IOException; import java.net.HttpURLConnection; import java.net.InetAddress; +import java.net.SocketTimeoutException; +import java.security.Key; +import java.security.KeyPair; import java.security.KeyStore; import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; import java.security.Provider; +import java.security.UnrecoverableKeyException; import java.security.cert.X509Certificate; import org.apache.commons.lang3.RandomStringUtils; +import org.apache.http.StatusLine; import org.apache.http.client.ClientProtocolException; import org.apache.http.client.methods.CloseableHttpResponse; import org.apache.http.client.methods.HttpGet; +import org.apache.http.client.methods.HttpPost; import org.apache.http.client.methods.HttpUriRequest; +import org.apache.http.entity.ContentType; import org.apache.http.impl.client.CloseableHttpClient; import org.junit.After; +import org.junit.AfterClass; import org.junit.Assert; import org.junit.Before; +import org.junit.BeforeClass; import org.junit.Test; import org.junit.runner.RunWith; +import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.MethodMode; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.data.Triple; import at.gv.egiz.eaaf.core.impl.http.HttpClientConfiguration; +import at.gv.egiz.eaaf.core.impl.http.HttpUtils; import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory; +import at.gv.egiz.eaaf.core.impl.utils.StreamUtils; +import ch.qos.logback.classic.Level; +import ch.qos.logback.classic.Logger; import okhttp3.HttpUrl; import okhttp3.mockwebserver.MockResponse; import okhttp3.mockwebserver.MockWebServer; import okhttp3.mockwebserver.RecordedRequest; +import okhttp3.mockwebserver.SocketPolicy; import okhttp3.tls.HandshakeCertificates; import okhttp3.tls.HeldCertificate; @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration("/spring/test_eaaf_pvp_not_lazy.beans.xml") +@DirtiesContext public class HttpClientFactoryTest { @Autowired private EaafKeyStoreFactory keyStoreFactory; @@ -46,6 +70,27 @@ public class HttpClientFactoryTest { private HttpUrl mockServerUrl; /** + * Initialize full class. + */ + @BeforeClass + public static void classInitializer() { + final Logger logger = (Logger) LoggerFactory.getLogger("org.bouncycastle.jsse"); + logger.setLevel(Level.TRACE); + + } + + /** + * Reset test environment. + */ + @AfterClass + public static void classReset() { + System.clearProperty("javax.net.ssl.trustStoreType"); + System.clearProperty("javax.net.ssl.trustStore"); + System.clearProperty("javax.net.ssl.trustStorePassword"); + + } + + /** * JUnit test set-up. * */ @@ -84,6 +129,27 @@ public class HttpClientFactoryTest { } @Test + public void defaultHttpClientRetryOneTime() throws EaafException, InterruptedException, + ClientProtocolException, IOException { + final CloseableHttpClient client = httpClientFactory.getHttpClient(); + Assert.assertNotNull("No httpClient", client); + + mockWebServer = new MockWebServer(); + mockServerUrl = mockWebServer.url("/sp/junit"); + mockWebServer.enqueue(new MockResponse() + .setSocketPolicy(SocketPolicy.NO_RESPONSE) + .setResponseCode(HttpURLConnection.HTTP_NO_CONTENT)); + mockWebServer.enqueue(new MockResponse().setResponseCode(200) + .setBody("GetData")); + + //request webservice + final HttpUriRequest httpGet1 = new HttpGet(mockServerUrl.url().toString()); + final CloseableHttpResponse httpResp1 = client.execute(httpGet1); + Assert.assertEquals("http statusCode", 200, httpResp1.getStatusLine().getStatusCode()); + + } + + @Test public void getCustomClientsDefault() throws EaafException { final HttpClientConfiguration config = new HttpClientConfiguration("jUnit"); Assert.assertFalse("Wrong default config - Hostnamevalidation", @@ -109,7 +175,7 @@ public class HttpClientFactoryTest { } @Test - public void getCustomClientBasicAuth() throws EaafException, ClientProtocolException, + public void getCustomClientBasicAuth() throws EaafException, ClientProtocolException, IOException, InterruptedException { final HttpClientConfiguration config = new HttpClientConfiguration("jUnit"); config.setAuthMode("password"); @@ -157,6 +223,193 @@ public class HttpClientFactoryTest { } @Test + public void httpPostRetryNotAllowed() throws EaafException, InterruptedException, + ClientProtocolException, IOException { + final HttpClientConfiguration config = + new HttpClientConfiguration("jUnit_retry_" + RandomStringUtils.randomAlphabetic(3)); + config.setHttpErrorRetryCount(2); + config.setHttpErrorRetryPost(false); + + final CloseableHttpClient client = httpClientFactory.getHttpClient(config); + Assert.assertNotNull("No httpClient", client); + + + mockWebServer = new MockWebServer(); + mockServerUrl = mockWebServer.url("/sp/junit"); + mockWebServer.enqueue(new MockResponse() + .setSocketPolicy(SocketPolicy.NO_RESPONSE) + .setResponseCode(HttpURLConnection.HTTP_NO_CONTENT)); + mockWebServer.enqueue(new MockResponse().setResponseCode(200) + .setBody("GetData")); + + //request webservice + final HttpUriRequest httpGet1 = new HttpPost(mockServerUrl.url().toString()); + try { + client.execute(httpGet1); + Assert.fail("HTTP POST retry not allowed"); + + } catch (final SocketTimeoutException e) { + Assert.assertNotNull("No errorMsg", e.getMessage()); + + } + + } + + @Test + public void httpPostRetryOneTime() throws EaafException, InterruptedException, + ClientProtocolException, IOException { + final HttpClientConfiguration config = + new HttpClientConfiguration("jUnit_retry_" + RandomStringUtils.randomAlphabetic(3)); + config.setHttpErrorRetryCount(2); + config.setHttpErrorRetryPost(true); + + final CloseableHttpClient client = httpClientFactory.getHttpClient(config); + Assert.assertNotNull("No httpClient", client); + + + mockWebServer = new MockWebServer(); + mockServerUrl = mockWebServer.url("/sp/junit"); + mockWebServer.enqueue(new MockResponse() + .setSocketPolicy(SocketPolicy.NO_RESPONSE) + .setResponseCode(HttpURLConnection.HTTP_NO_CONTENT)); + mockWebServer.enqueue(new MockResponse().setResponseCode(200) + .setBody("GetData")); + + //request webservice + final HttpUriRequest httpGet1 = new HttpPost(mockServerUrl.url().toString()); + final StatusLine httpResp1 = client.execute(httpGet1, + HttpUtils.simpleStatusCodeResponseHandler()); + Assert.assertEquals("http statusCode", 200, httpResp1.getStatusCode()); + + } + + @Test + public void testHttpClientRetryOneTime() throws EaafException, InterruptedException, + ClientProtocolException, IOException { + final HttpClientConfiguration config = + new HttpClientConfiguration("jUnit_retry_" + RandomStringUtils.randomAlphabetic(3)); + config.setHttpErrorRetryCount(2); + + final CloseableHttpClient client = httpClientFactory.getHttpClient(config); + Assert.assertNotNull("No httpClient", client); + + + mockWebServer = new MockWebServer(); + mockServerUrl = mockWebServer.url("/sp/junit"); + mockWebServer.enqueue(new MockResponse() + .setSocketPolicy(SocketPolicy.NO_RESPONSE) + .setResponseCode(HttpURLConnection.HTTP_NO_CONTENT)); + + String bodyData = RandomStringUtils.randomAlphanumeric(10); + mockWebServer.enqueue(new MockResponse().setResponseCode(200) + .setBody(bodyData)); + + //request webservice + final HttpUriRequest httpGet1 = new HttpGet(mockServerUrl.url().toString()); + final Triple<StatusLine, ByteArrayInputStream, ContentType> httpResp1 = client.execute(httpGet1, + HttpUtils.bodyStatusCodeResponseHandler()); + Assert.assertEquals("http statusCode", 200, httpResp1.getFirst().getStatusCode()); + Assert.assertEquals("http statusCode", bodyData, new String(StreamUtils.readStream(httpResp1.getSecond()))); + + + } + + @Test + public void testHttpClientRetryTwoTime() throws EaafException, InterruptedException, + ClientProtocolException, IOException { + final HttpClientConfiguration config = + new HttpClientConfiguration("jUnit_retry_" + RandomStringUtils.randomAlphabetic(3)); + config.setHttpErrorRetryCount(2); + + final CloseableHttpClient client = httpClientFactory.getHttpClient(config); + Assert.assertNotNull("No httpClient", client); + + + mockWebServer = new MockWebServer(); + mockServerUrl = mockWebServer.url("/sp/junit"); + mockWebServer.enqueue(new MockResponse() + .setSocketPolicy(SocketPolicy.NO_RESPONSE) + .setResponseCode(HttpURLConnection.HTTP_NO_CONTENT)); + mockWebServer.enqueue(new MockResponse() + .setSocketPolicy(SocketPolicy.NO_RESPONSE) + .setResponseCode(HttpURLConnection.HTTP_NO_CONTENT)); + mockWebServer.enqueue(new MockResponse().setResponseCode(200) + .setBody("GetData")); + + //request webservice + final HttpUriRequest httpGet1 = new HttpGet(mockServerUrl.url().toString()); + final CloseableHttpResponse httpResp1 = client.execute(httpGet1); + Assert.assertEquals("http statusCode", 200, httpResp1.getStatusLine().getStatusCode()); + + } + + @Test + public void testHttpClientRetryMaxReached() throws EaafException, InterruptedException, + ClientProtocolException, IOException { + final HttpClientConfiguration config = + new HttpClientConfiguration("jUnit_retry_" + RandomStringUtils.randomAlphabetic(3)); + config.setHttpErrorRetryCount(2); + + final CloseableHttpClient client = httpClientFactory.getHttpClient(config); + Assert.assertNotNull("No httpClient", client); + + mockWebServer = new MockWebServer(); + mockServerUrl = mockWebServer.url("/sp/junit"); + mockWebServer.enqueue(new MockResponse() + .setSocketPolicy(SocketPolicy.NO_RESPONSE) + .setResponseCode(HttpURLConnection.HTTP_NO_CONTENT)); + mockWebServer.enqueue(new MockResponse() + .setSocketPolicy(SocketPolicy.NO_RESPONSE) + .setResponseCode(HttpURLConnection.HTTP_NO_CONTENT)); + mockWebServer.enqueue(new MockResponse() + .setSocketPolicy(SocketPolicy.NO_RESPONSE) + .setResponseCode(HttpURLConnection.HTTP_NO_CONTENT)); + mockWebServer.enqueue(new MockResponse().setResponseCode(200) + .setBody("GetData")); + + //request webservice + final HttpUriRequest httpGet1 = new HttpGet(mockServerUrl.url().toString()); + try { + client.execute(httpGet1); + Assert.fail("Max retry failed"); + + } catch (final SocketTimeoutException e) { + Assert.assertNotNull("No errorMsg", e.getMessage()); + + } + } + + @Test + public void testHttpClientNoRetry() throws EaafException, InterruptedException, + ClientProtocolException, IOException { + final HttpClientConfiguration config = + new HttpClientConfiguration("jUnit_retry_" + RandomStringUtils.randomAlphabetic(3)); + config.setHttpErrorRetryCount(0); + + final CloseableHttpClient client = httpClientFactory.getHttpClient(config); + Assert.assertNotNull("No httpClient", client); + + mockWebServer = new MockWebServer(); + mockServerUrl = mockWebServer.url("/sp/junit"); + mockWebServer.enqueue(new MockResponse() + .setSocketPolicy(SocketPolicy.NO_RESPONSE) + .setResponseCode(HttpURLConnection.HTTP_NO_CONTENT)); + mockWebServer.enqueue(new MockResponse().setResponseCode(200) + .setBody("GetData")); + + //request webservice + final HttpUriRequest httpGet1 = new HttpGet(mockServerUrl.url().toString()); + try { + client.execute(httpGet1); + Assert.fail("Max retry failed"); + + } catch (final SocketTimeoutException e) { + Assert.assertNotNull("No errorMsg", e.getMessage()); + + } + } + + @Test public void getCustomClientBasicAuthNoPassword() throws EaafException { final HttpClientConfiguration config = new HttpClientConfiguration("jUnit"); config.setAuthMode("password"); @@ -283,7 +536,7 @@ public class HttpClientFactoryTest { } @Test - public void getCustomClientX509AuthWithWrongAlias() throws EaafException, KeyStoreException, + public void getCustomClientX509AuthWithWrongAlias() throws EaafException, KeyStoreException, ClientProtocolException, IOException { final HttpClientConfiguration config = new HttpClientConfiguration("jUnit"); config.setAuthMode("ssl"); @@ -311,9 +564,120 @@ public class HttpClientFactoryTest { final HandshakeCertificates serverCertificates = new HandshakeCertificates.Builder() .addTrustedCertificate( (X509Certificate) sslClientKeyStore.getFirst().getCertificate("meta")) + .addTrustedCertificate( + (X509Certificate) sslClientKeyStore.getFirst().getCertificate("sig")) + .heldCertificate(localhostCertificate) + .build(); + mockWebServer = new MockWebServer(); + mockWebServer.useHttps(serverCertificates.sslSocketFactory(), false); + mockWebServer.requireClientAuth(); + mockWebServer.enqueue(new MockResponse().setResponseCode(200) + .setBody("Successful auth!")); + mockServerUrl = mockWebServer.url("/sp/junit"); + + //perform test request + final HttpUriRequest httpGet2 = new HttpGet(mockServerUrl.url().toString()); + final CloseableHttpResponse httpResp2 = client.execute(httpGet2); + Assert.assertEquals("http statusCode", 200, httpResp2.getStatusLine().getStatusCode()); + + } + + @Test + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) + public void getCustomClientX509AuthWithHsmFacade() throws EaafException, ClientProtocolException, + IOException, KeyStoreException { + final HttpClientConfiguration clientConfig = new HttpClientConfiguration("jUnit-client"); + clientConfig.setAuthMode("ssl"); + clientConfig.buildKeyStoreConfig("hsmfacade", null, null, "authhandler"); + clientConfig.setSslKeyAlias("authhandler-sign"); + clientConfig.setDisableTlsHostCertificateValidation(true); + + + + final CloseableHttpClient client = httpClientFactory.getHttpClient(clientConfig); + Assert.assertNotNull("httpClient", client); + + //set-up mock-up web-server with SSL client authentication + final Pair<KeyStore, Provider> sslClientKeyStore = + keyStoreFactory.buildNewKeyStore(clientConfig.getKeyStoreConfig()); + final X509Certificate clientRootCert = (X509Certificate) sslClientKeyStore.getFirst() + .getCertificateChain(clientConfig.getSslKeyAlias())[1]; + final X509Certificate clientEeCert = (X509Certificate) sslClientKeyStore.getFirst() + .getCertificateChain(clientConfig.getSslKeyAlias())[0]; + + final String localhost = InetAddress.getByName("localhost").getCanonicalHostName(); + final HeldCertificate localhostCertificate = new HeldCertificate.Builder() + .addSubjectAlternativeName(localhost) + .build(); + final HandshakeCertificates serverCertificates = new HandshakeCertificates.Builder() + .addTrustedCertificate(clientEeCert) + .addTrustedCertificate(clientRootCert) + .heldCertificate(localhostCertificate) + .build(); + mockWebServer = new MockWebServer(); + mockWebServer.useHttps(serverCertificates.sslSocketFactory(), false); + mockWebServer.requireClientAuth(); + mockWebServer.enqueue(new MockResponse().setResponseCode(200) + .setBody("Successful auth!")); + mockServerUrl = mockWebServer.url("/sp/junit"); + + //perform test request + final HttpUriRequest httpGet2 = new HttpGet(mockServerUrl.url().toString()); + final CloseableHttpResponse httpResp2 = client.execute(httpGet2); + Assert.assertEquals("http statusCode", 200, httpResp2.getStatusLine().getStatusCode()); + + } + + @Test + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) + public void getCustomClientX509AuthWithHsmFacadeTrustStore() throws EaafException, ClientProtocolException, + IOException, KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException { + + final String current = new java.io.File(".").getCanonicalPath(); + System.setProperty("javax.net.ssl.trustStoreType", "jks"); + System.setProperty("javax.net.ssl.trustStore", + current + "/src/test/resources/data/ssL_truststore.jks"); + System.setProperty("javax.net.ssl.trustStorePassword", + "password"); + + final KeyStoreConfiguration sslServerCertConfig = new KeyStoreConfiguration(); + sslServerCertConfig.setKeyStoreType(KeyStoreType.JKS); + sslServerCertConfig.setFriendlyName("SSL host cert"); + sslServerCertConfig.setSoftKeyStoreFilePath("src/test/resources/data/ssl_host.jks"); + sslServerCertConfig.setSoftKeyStorePassword("password"); + + Pair<KeyStore, Provider> sslServerHostKeyStore = + keyStoreFactory.buildNewKeyStore(sslServerCertConfig); + + + final HttpClientConfiguration clientConfig = new HttpClientConfiguration("jUnit-client"); + clientConfig.setAuthMode("ssl"); + clientConfig.buildKeyStoreConfig("hsmfacade", null, null, "authhandler"); + clientConfig.setSslKeyAlias("authhandler-sign"); + clientConfig.setDisableTlsHostCertificateValidation(false); + + final CloseableHttpClient client = httpClientFactory.getHttpClient(clientConfig); + Assert.assertNotNull("httpClient", client); + + //set-up mock-up web-server with SSL client authentication + final Pair<KeyStore, Provider> sslClientKeyStore = + keyStoreFactory.buildNewKeyStore(clientConfig.getKeyStoreConfig()); + final X509Certificate clientRootCert = (X509Certificate) sslClientKeyStore.getFirst() + .getCertificateChain(clientConfig.getSslKeyAlias())[1]; + final X509Certificate clientEeCert = (X509Certificate) sslClientKeyStore.getFirst() + .getCertificateChain(clientConfig.getSslKeyAlias())[0]; + + Key sslKey = sslServerHostKeyStore.getFirst().getKey("ssl", "password".toCharArray()); + X509Certificate sslCert = (X509Certificate) sslServerHostKeyStore.getFirst().getCertificate("ssl"); + KeyPair keyPair = new KeyPair(sslCert.getPublicKey(), (PrivateKey) sslKey); + HeldCertificate localhostCertificate = new HeldCertificate(keyPair, sslCert); + final HandshakeCertificates serverCertificates = new HandshakeCertificates.Builder() + .addTrustedCertificate(clientEeCert) + .addTrustedCertificate(clientRootCert) .heldCertificate(localhostCertificate) .build(); mockWebServer = new MockWebServer(); + mockWebServer.useHttps(serverCertificates.sslSocketFactory(), false); mockWebServer.requireClientAuth(); mockWebServer.enqueue(new MockResponse().setResponseCode(200) @@ -326,4 +690,5 @@ public class HttpClientFactoryTest { Assert.assertEquals("http statusCode", 200, httpResp2.getStatusLine().getStatusCode()); } + } diff --git a/eaaf_core_utils/src/test/resources/data/config1.properties b/eaaf_core_utils/src/test/resources/data/config1.properties new file mode 100644 index 00000000..12209d21 --- /dev/null +++ b/eaaf_core_utils/src/test/resources/data/config1.properties @@ -0,0 +1,15 @@ +security.hsmfacade.host=eid.a-sit.at +security.hsmfacade.port=9050 +security.hsmfacade.trustedsslcert=src/test/resources/data/hsm_facade_trust_root.crt +security.hsmfacade.username=authhandler-junit +security.hsmfacade.password=supersecret123 + +client.http.connection.timeout.socket=2 +client.http.connection.timeout.connection=2 +client.http.connection.timeout.request=2 + +core.pendingrequestid.maxlifetime=180 +core.pendingrequestid.digist.type=passphrase +core.pendingrequestid.digist.secret=pendingReqIdSecret +core.pendingrequestid.digist.keystore.name= +core.pendingrequestid.digist.key.alias=
\ No newline at end of file diff --git a/eaaf_core_utils/src/test/resources/data/config2.properties b/eaaf_core_utils/src/test/resources/data/config2.properties new file mode 100644 index 00000000..3a1194b4 --- /dev/null +++ b/eaaf_core_utils/src/test/resources/data/config2.properties @@ -0,0 +1,15 @@ +security.hsmfacade.host=eid.a-sit.at +security.hsmfacade.port=9050 +security.hsmfacade.trustedsslcert=src/test/resources/data/hsm_facade_trust_root.crt +security.hsmfacade.username=authhandler-junit +security.hsmfacade.password=supersecret123 + +client.http.connection.timeout.socket=2 +client.http.connection.timeout.connection=2 +client.http.connection.timeout.request=2 + +core.pendingrequestid.maxlifetime=180 +core.pendingrequestid.digist.type=hsmfacade +core.pendingrequestid.digist.secret=pendingReqIdSecret +core.pendingrequestid.digist.keystore.name=authhandler +core.pendingrequestid.digist.key.alias=aes-key-1
\ No newline at end of file diff --git a/eaaf_core_utils/src/test/resources/data/hsm_ee-RSA_rootcert.crt b/eaaf_core_utils/src/test/resources/data/hsm_ee-RSA_rootcert.crt new file mode 100644 index 00000000..aa83c8d9 --- /dev/null +++ b/eaaf_core_utils/src/test/resources/data/hsm_ee-RSA_rootcert.crt @@ -0,0 +1,3 @@ +-----BEGIN CERTIFICATE----- +MIICDTCCAbOgAwIBAgIIVLxIFI8kRpkwCgYIKoZIzj0EAwIwEjEQMA4GA1UEAwwHRUMtUm9vdDAeFw0yMDA2MTgwNzM2MTBaFw0yNTA2MTgwNzM2MTBaMDwxGzAZBgNVBAMMEmludC1yc2Eta2V5LTEtMDAwMTERMA8GA1UECgwIc29mdHdhcmUxCjAIBgNVBAUTATEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDrM1ocQqtch95Dm21JHi0V35nlWZibsjLqR+g8ERdD1qFgun/X0I/Rbft+KxB8QsDX7UmIjXGdavNcEjY/XcbiJxUcpv7vn/2+x3JxZO6Iye/ut001okICt3OGIqP93ZEnIaTTNhDsK7OnvD/eUjlmuHiTaFq1dZLKYDQlz9jl/9F4axfrz1V7oo60iqFIW+7tlUeh8VGDUPjQpHghzjHXTJv/OIAt752K31Tn8KR3kvkn6WTPo8eOWVaPQ480Dik0e2afTPPJNZJ7BW111IwqBAOKp586yVsQ4XVEF8H64Cq+s+b4/HBboo9TDJKTJvo2yQmcTsahbH+Rlm20ifUTAgMBAAEwCgYIKoZIzj0EAwIDSAAwRQIhANKN/N2Atb5fbeHSB2Myv/JcNf9JonxFe92AOu4f62NNAiBjOEeg4OyJZKPiDl6aqYVtz1Qroo6xzUC9UVA4qNe4LA== +-----END CERTIFICATE----- diff --git a/eaaf_core_utils/src/test/resources/data/hsm_ee_eecert.crt b/eaaf_core_utils/src/test/resources/data/hsm_ee_eecert.crt new file mode 100644 index 00000000..b4c47c78 --- /dev/null +++ b/eaaf_core_utils/src/test/resources/data/hsm_ee_eecert.crt @@ -0,0 +1,3 @@ +-----BEGIN CERTIFICATE----- +MIIDEzCCArqgAwIBAgIIMrAOP6EqywMwCgYIKoZIzj0EAwIwEjEQMA4GA1UEAwwHRUMtUm9vdDAeFw0yMDA2MTgwNzM2MDlaFw0yNTA2MTgwNzM2MDlaMEMxIjAgBgNVBAMMGWludC1hdXRoaGFuZGxlci1zaWduLTAwMDExETAPBgNVBAoMCHNvZnR3YXJlMQowCAYDVQQFEwExMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5j2vR8ZV88fOJzFHmLuPizHXk+aiE0fX8Bu63FqCNa2Vy343u2k+4HVQBWpAtyRej8nL7JQuhFa11YRtVF+Vos9cyUDk482sUlYA2LdAFIuHJP6iTRrrHYdiTskc3FQUm9m9KorVFwnfzqJ40wjn9hD0xKCE0odk9IHA5aLTul0mSMcHQ+MMu2cbelK2TWTEC0wcGum2NrTWukhf0E4/e4SuqMgEUPdHSEaNZLGKZU0kyVtXKK0HCtWF8OKGay4V504dk3qnmRHHO8ik3oyPk2yLipQAPL0bUGMZ7tlRLo5VxJvkZSsJfAzvYn1JzcQIt6bXszQGU/JS6dw7Jq99Ckzox/vk8p1YUPd4tCuUJPXzhFhI7CedHKGItwk7mQf5llgeVJy40sVrFwHLDPufY5mlm9C+gVBs71+ibT/sJ96gCueWqduzDX8fHzeaNVj2NFEx2pT46D5cbRWZBow3+Rx+hpge6SDMzaebpbkgLPX+35D952bMLjm+9T0DulGk1tLL2k4YK+1WWUprlo+rm65OA5FxnO5YxNmGk2Uizu3tSoZMxmXwEWoFfYaMsTt5Not3+CLPjfs6pE4ML9ifAOxW+pPsmanDiNaMiL0/aSddvvkv3lSMRiU9nYh3DuOu6sGIMaPdyYF0V/9Fua2SDZV3QKIbzPbJfEsXFKtjtzUCAwEAATAKBggqhkjOPQQDAgNHADBEAiBHsK819KfxVn91KAmjRjb7zx8TLLBApyaZHXi5HVrYUwIgQbF6u6bXziAWdijlJC0IOWdBuTLWmTvFqBH7uX1HL9c= +-----END CERTIFICATE----- diff --git a/eaaf_core_utils/src/test/resources/data/hsm_ee_rootcert.crt b/eaaf_core_utils/src/test/resources/data/hsm_ee_rootcert.crt new file mode 100644 index 00000000..fa7b132f --- /dev/null +++ b/eaaf_core_utils/src/test/resources/data/hsm_ee_rootcert.crt @@ -0,0 +1,3 @@ +-----BEGIN CERTIFICATE----- +MIIBPDCB46ADAgECAghZ0/gtbA6FrjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdFQy1Sb290MB4XDTIwMDYxODA3MzU1M1oXDTMwMDYxODA3MzU1M1owEjEQMA4GA1UEAwwHRUMtUm9vdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABIjgL+6qiE9oj2yWCkVm6s7AaYkbDhTptYXTW92MhASiTqxL6g8tr28MlRA2P8HPrNSK9payeMe5QW9Kxn+EMPejIzAhMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgWgMAoGCCqGSM49BAMCA0gAMEUCIDq2f4xjYD8pzr+mdzuT8wzePRnj/EatjmimGnvNt3FjAiEArezudh6G+wE+ds6S0dnFxG0o/BrbR0fiRNTQwiZA9ec= +-----END CERTIFICATE----- diff --git a/eaaf_core_utils/src/test/resources/data/hsm_facade_trust_root.crt b/eaaf_core_utils/src/test/resources/data/hsm_facade_trust_root.crt index 01be3821..204ddccf 100644 --- a/eaaf_core_utils/src/test/resources/data/hsm_facade_trust_root.crt +++ b/eaaf_core_utils/src/test/resources/data/hsm_facade_trust_root.crt @@ -1,10 +1,12 @@ -----BEGIN CERTIFICATE----- -MIIBdDCCARqgAwIBAgIEXkz1yjAKBggqhkjOPQQDAjARMQ8wDQYDVQQDDAZlY3Jv -b3QwHhcNMjAwMjE5MDg0NjAyWhcNMjEwMjE4MDg0NjAyWjARMQ8wDQYDVQQDDAZl -Y3Jvb3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS8yvpVIWbPj4E7Lr87hwQR -T9DZf9WY5LMV7gF6NKpnJ5JkEql/s7fqBVbrh8aSNo6gmfmSk4VYGhPJ+DCMzzQj -o2AwXjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFOXafzYpIOlu6BgNU+Ee -JWuJobgWMB0GA1UdDgQWBBTl2n82KSDpbugYDVPhHiVriaG4FjALBgNVHQ8EBAMC -AQYwCgYIKoZIzj0EAwIDSAAwRQIgRt/51PKL/bATuLCdib95Ika+h845Jo0G+Sbn -bzNwJAcCIQCVD1cxEBuUkKaiaLbTiNVsEjvQb6ti0TFbbQUH66jCGA== +MIIByzCCAXGgAwIBAgIEYC5cIjAKBggqhkjOPQQDAjA7MRMwEQYDVQQKDApBLVNJ +VCBQbHVzMRIwEAYDVQQLDAlIc21GYWNhZGUxEDAOBgNVBAMMB0VDIFJvb3QwHhcN +MjEwMjE4MTIyMjU4WhcNMzEwMjE4MTIyMjU4WjA7MRMwEQYDVQQKDApBLVNJVCBQ +bHVzMRIwEAYDVQQLDAlIc21GYWNhZGUxEDAOBgNVBAMMB0VDIFJvb3QwWTATBgcq +hkjOPQIBBggqhkjOPQMBBwNCAARK1UAE+T3xYsoI0VkRcP20jPwTd2MePMkXRsSR +lpqPMQ6dPMlxPmAzWK33DWPFAFMY8+ecF0J8t2D+5RiJSSB+o2MwYTAPBgNVHRMB +Af8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBT1v6FCAwJIM8kv +JD7gVjdGXqhcYjAdBgNVHQ4EFgQU9b+hQgMCSDPJLyQ+4FY3Rl6oXGIwCgYIKoZI +zj0EAwIDSAAwRQIhAI+5lHyNCQfyj8c0pdBDVWY3fkCOj9ZTJ/hqgW+6TIQBAiBS +jn7uIj7tGm+f0RgXMbhcgtQhYgVwf0x8OnRwmDOwaw== -----END CERTIFICATE----- diff --git a/eaaf_core_utils/src/test/resources/data/server_host.crt b/eaaf_core_utils/src/test/resources/data/server_host.crt new file mode 100644 index 00000000..21d3a1e4 --- /dev/null +++ b/eaaf_core_utils/src/test/resources/data/server_host.crt @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC2TCCAcECBGB5WpEwDQYJKoZIhvcNAQELBQAwMTELMAkGA1UEBhMCQVQxDjAM +BgNVBAsMBWpVbml0MRIwEAYDVQQDDAlsb2NhbGhvc3QwHhcNMjEwNDE2MDkzNjE3 +WhcNMjQwMTEwMDkzNjE3WjAxMQswCQYDVQQGEwJBVDEOMAwGA1UECwwFalVuaXQx +EjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAJVYLzPzq7oBGS5Wer0++rHbp+DWI7srAV1lGHdq8ST6APh/7fEVWpdZDpMY +bOXl6uIiVmMsx/jUhQwOu4rFXThiQlwyQOv57SO7WHqNPqbRs/EUVnzW35aXU/DB +CmkqKyjK/+vuq7tIahlpqrppCzBVC9/Z15U+RMTdnATrohALNJovydH3VSkdkKX0 +5BDx779/8malTgyWTUgl+p3F/91iIIl4ZvIngo2ZYQCFm1nV6jmpErGFkG6YVrO7 +oe3OlGKFiXtqCmq+NSFeXsv/SaXWNUw82pYKuK/5EFSLX49HLBBDI14eOCuVLnGA +H/kG3tGteYMBNzSMmC/kcKgRDnUCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAAJn2 +a/VbtXGmHe9wmtu8K3noyECfG5fbu9URUjXhCBlXGcdjfz1gzrOHcmaBndk0a566 +R2W0fLvjLpjWChrj7r34EpNYGPMLV2gp3ZkiSGl9kv8mf9iChK6+ga3SlyHJuXXu +gw6eOIAxBrE/vLw+pZtCEV9yPrIydkt19jjejf1wjs5y2G7m5r5pBIh6Wlmmc4f2 +3M6l6Dge78WVdUaU5AeAHjgGgXwULxmLGxi6yiS5HsSeb79oGz9psHbq1EAvwOVY +sLepTbDQvX/VAAG7HOJXhdGM0fRIkM7HFA5+6joTHvAKhuMlFIJ8Y4QIG2QaIBAh +eBBh91x/aB2xOKs+Kg== +-----END CERTIFICATE----- diff --git a/eaaf_core_utils/src/test/resources/data/ssL_truststore.jks b/eaaf_core_utils/src/test/resources/data/ssL_truststore.jks Binary files differnew file mode 100644 index 00000000..4d7bc2f3 --- /dev/null +++ b/eaaf_core_utils/src/test/resources/data/ssL_truststore.jks diff --git a/eaaf_core_utils/src/test/resources/data/ssl_host.jks b/eaaf_core_utils/src/test/resources/data/ssl_host.jks Binary files differnew file mode 100644 index 00000000..4ca07595 --- /dev/null +++ b/eaaf_core_utils/src/test/resources/data/ssl_host.jks diff --git a/eaaf_core_utils/src/test/resources/spring/test_eaaf_pvp_lazy.beans.xml b/eaaf_core_utils/src/test/resources/spring/test_eaaf_pvp_lazy.beans.xml index 210b88be..672efe5d 100644 --- a/eaaf_core_utils/src/test/resources/spring/test_eaaf_pvp_lazy.beans.xml +++ b/eaaf_core_utils/src/test/resources/spring/test_eaaf_pvp_lazy.beans.xml @@ -13,11 +13,20 @@ <bean id="dummyAuthConfigMap" class="at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap" /> - + <bean id="eaafKeyStoreFactory" class="at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory" /> <bean id="eaafUtilsMessageSource" class="at.gv.egiz.eaaf.core.impl.logging.EaafUtilsMessageSource" /> + <bean class="org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor"> + <property name="corePoolSize" value="5" /> + <property name="maxPoolSize" value="25" /> + <property name="queueCapacity" value="100" /> + </bean> + + <bean class="at.gv.egiz.eaaf.core.test.credentials.EncryptionTask" + scope="prototype"/> + </beans>
\ No newline at end of file diff --git a/eaaf_core_utils/src/test/resources/spring/test_eaaf_pvp_not_lazy.beans.xml b/eaaf_core_utils/src/test/resources/spring/test_eaaf_pvp_not_lazy.beans.xml index 402e07f9..92dd5928 100644 --- a/eaaf_core_utils/src/test/resources/spring/test_eaaf_pvp_not_lazy.beans.xml +++ b/eaaf_core_utils/src/test/resources/spring/test_eaaf_pvp_not_lazy.beans.xml @@ -12,7 +12,14 @@ default-lazy-init="true"> <bean id="dummyAuthConfigMap" - class="at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap" /> + class="at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap"> + <constructor-arg value="/data/config1.properties" /> + </bean> + + <bean id="encrytedTokenGenerationStrategy" + class="at.gv.egiz.eaaf.core.impl.utils.AuthenticatedEncryptionPendingRequestIdGenerationStrategy" /> + + <import resource="classpath:/spring/eaaf_utils.beans.xml"/> diff --git a/eaaf_core_utils/src/test/resources/spring/test_eaaf_pvp_not_lazy_with_hsm.beans.xml b/eaaf_core_utils/src/test/resources/spring/test_eaaf_pvp_not_lazy_with_hsm.beans.xml new file mode 100644 index 00000000..0f235e29 --- /dev/null +++ b/eaaf_core_utils/src/test/resources/spring/test_eaaf_pvp_not_lazy_with_hsm.beans.xml @@ -0,0 +1,26 @@ +<?xml version="1.0" encoding="UTF-8"?> + +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:tx="http://www.springframework.org/schema/tx" + xmlns:aop="http://www.springframework.org/schema/aop" + xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd" + default-lazy-init="true"> + + <bean id="dummyAuthConfigMap" + class="at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap"> + <constructor-arg value="/data/config2.properties" /> + </bean> + + <bean id="encrytedTokenGenerationStrategy" + class="at.gv.egiz.eaaf.core.impl.utils.AuthenticatedEncryptionPendingRequestIdGenerationStrategy" /> + + + + <import resource="classpath:/spring/eaaf_utils.beans.xml"/> + +</beans>
\ No newline at end of file |