diff options
Diffstat (limited to 'eaaf_core_utils')
3 files changed, 112 insertions, 76 deletions
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java index 6dbbba3e..970efd22 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java @@ -4,9 +4,10 @@ import java.util.Map; import javax.annotation.Nonnull; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; + import org.apache.commons.lang3.StringUtils; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; import lombok.Getter; import lombok.Setter; import lombok.extern.slf4j.Slf4j; @@ -139,7 +140,7 @@ public class KeyStoreConfiguration { /** * Validate the internal state of this configuration object. - * + * * @throws EaafConfigurationException In case of a configuration error */ public void validate() throws EaafConfigurationException { @@ -147,7 +148,7 @@ public class KeyStoreConfiguration { log.trace("Validate HSM-Facade KeyStore ... "); checkConfigurationValue(keyStoreName, EaafKeyStoreFactory.ERRORCODE_07, friendlyName, "Missing 'KeyName' for HSM-Facade"); - + } else if (KeyStoreType.PKCS12.equals(keyStoreType) || KeyStoreType.JKS.equals(keyStoreType)) { log.trace("Validate software KeyStore ... "); @@ -155,13 +156,13 @@ public class KeyStoreConfiguration { friendlyName, "Missing 'KeyPath' for software keystore"); checkConfigurationValue(softKeyStorePassword, EaafKeyStoreFactory.ERRORCODE_07, friendlyName, "Missing 'KeyPassword' for software keystore"); - + } else { log.info("Validation of type: {} not supported yet", keyStoreType); - + } } - + public enum KeyStoreType { PKCS12("pkcs12"), JKS("jks"), HSMFACADE("hsmfacade"), PKCS11("pkcs11"); @@ -209,16 +210,16 @@ public class KeyStoreConfiguration { final String configValue = config.get(configParamKey); checkConfigurationValue(configValue, EaafKeyStoreFactory.ERRORCODE_04, configParamKey); return configValue; - + } - private static void checkConfigurationValue(String configValue, String errorCode, String... params) + private static void checkConfigurationValue(String configValue, String errorCode, String... params) throws EaafConfigurationException { if (StringUtils.isEmpty(configValue)) { - throw new EaafConfigurationException(errorCode, - new Object[] { params}); - + throw new EaafConfigurationException(errorCode, + params); + } - + } } diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java index c47805e8..b5727015 100644 --- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java +++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java @@ -6,6 +6,17 @@ import java.security.KeyStoreException; import java.security.cert.X509Certificate; import java.util.List; +import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap; + import org.apache.commons.lang3.RandomStringUtils; import org.junit.Assert; import org.junit.Before; @@ -23,17 +34,6 @@ import com.google.common.base.Optional; import com.google.common.base.Predicates; import com.google.common.base.Throwables; import com.google.common.collect.FluentIterable; - -import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException; -import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; -import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; -import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap; import io.grpc.StatusRuntimeException; @RunWith(SpringJUnit4ClassRunner.class) @@ -41,13 +41,20 @@ import io.grpc.StatusRuntimeException; @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public class EaafKeyStoreFactoryTest { + private static final String HSM_FACASE_HOST = "eid.a-sit.at"; + private static final String HSM_FACASE_PORT = "9000"; + private static final String HSM_FACASE_SSL_TRUST = "src/test/resources/data/hsm_facade_trust_root.crt"; + private static final String HSM_FACASE_USERNAME = "authhandler-junit"; + private static final String HSM_FACASE_PASSWORD = "supersecret123"; + private static final String HSM_FACASE_HSM_NAME = "software"; + private static final String PATH_TO_SOFTWARE_KEYSTORE_JKS_WITH_TRUSTED_CERTS = "src/test/resources/data/junit.jks"; private static final String PATH_TO_SOFTWARE_KEYSTORE_JKS = "src/test/resources/data/junit_without_trustcerts.jks"; private static final String PATH_TO_SOFTWARE_KEYSTORE_PKCS12 = "src/test/resources/data/junit_without_trustcerts.p12"; - private static final String PATH_TO_HSM_FACADE_TRUST_CERT = "src/test/resources/data/test.crt"; + private static final String PATH_TO_HSM_FACADE_TRUST_CERT = "src/test/resources/data/hsm_facade_trust_root.crt"; private static final String SOFTWARE_KEYSTORE_PASSWORD = "password"; @Autowired @@ -146,7 +153,7 @@ public class EaafKeyStoreFactoryTest { } } - + @Test @DirtiesContext public void softwareKeyStoreWithoutPassword() { @@ -177,7 +184,7 @@ public class EaafKeyStoreFactoryTest { final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); keyStoreConfig.setKeyStoreType(KeyStoreType.JKS); keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD); - + try { keyStoreFactory.buildNewKeyStore(keyStoreConfig); @@ -216,7 +223,7 @@ public class EaafKeyStoreFactoryTest { keyStoreConfig.setKeyStoreType(KeyStoreType.JKS); keyStoreConfig.setSoftKeyStoreFilePath("src/test/resources/notexist.jks"); keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD); - + try { keyStoreFactory.buildNewKeyStore(keyStoreConfig); @@ -239,7 +246,7 @@ public class EaafKeyStoreFactoryTest { keyStoreConfig.setKeyStoreType(KeyStoreType.JKS); keyStoreConfig.setSoftKeyStoreFilePath(PATH_TO_SOFTWARE_KEYSTORE_JKS); keyStoreConfig.setSoftKeyStorePassword("wrong password"); - + try { keyStoreFactory.buildNewKeyStore(keyStoreConfig); @@ -262,14 +269,14 @@ public class EaafKeyStoreFactoryTest { keyStoreConfig.setKeyStoreType(KeyStoreType.JKS); keyStoreConfig.setSoftKeyStoreFilePath(PATH_TO_SOFTWARE_KEYSTORE_JKS); keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD); - + keyStoreConfig.validate(); final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig); Assert.assertNotNull("KeyStore is null", keyStore); } - + @Test @DirtiesContext public void softwareKeyStoreAccessOperations() throws EaafException, KeyStoreException { @@ -280,61 +287,61 @@ public class EaafKeyStoreFactoryTest { keyStoreConfig.setKeyStoreType(KeyStoreType.JKS); keyStoreConfig.setSoftKeyStoreFilePath(PATH_TO_SOFTWARE_KEYSTORE_JKS_WITH_TRUSTED_CERTS); keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD); - + keyStoreConfig.validate(); final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig); Assert.assertNotNull("KeyStore is null", keyStore); - + //read trusted certs - List<X509Certificate> trustedCerts = EaafKeyStoreUtils.readCertsFromKeyStore(keyStore); + final List<X509Certificate> trustedCerts = EaafKeyStoreUtils.readCertsFromKeyStore(keyStore); Assert.assertNotNull("Trusted certs", trustedCerts); Assert.assertEquals("Trusted certs size", 2, trustedCerts.size()); //read priv. key - Pair<Key, X509Certificate[]> privCred1 = EaafKeyStoreUtils.getPrivateKeyAndCertificates( + final Pair<Key, X509Certificate[]> privCred1 = EaafKeyStoreUtils.getPrivateKeyAndCertificates( keyStore, "meta", "password".toCharArray(), true, "jUnit test"); Assert.assertNotNull("Credential 1", privCred1); Assert.assertNotNull("Credential 1 priv. key", privCred1.getFirst()); Assert.assertNotNull("Credential 1 certificate", privCred1.getSecond()); - + //read priv. key - Pair<Key, X509Certificate[]> privCred2 = EaafKeyStoreUtils.getPrivateKeyAndCertificates( + final Pair<Key, X509Certificate[]> privCred2 = EaafKeyStoreUtils.getPrivateKeyAndCertificates( keyStore, "sig", "password".toCharArray(), true, "jUnit test"); Assert.assertNotNull("Credential 2", privCred2); Assert.assertNotNull("Credential 2 priv. key", privCred2.getFirst()); Assert.assertNotNull("Credential 2 certificate", privCred2.getSecond()); - - + + //read priv. key - Pair<Key, X509Certificate[]> privCred3 = EaafKeyStoreUtils.getPrivateKeyAndCertificates( + final Pair<Key, X509Certificate[]> privCred3 = EaafKeyStoreUtils.getPrivateKeyAndCertificates( keyStore, "notexist", "password".toCharArray(), false, "jUnit test"); Assert.assertNull("Credential 3", privCred3); - + //read priv. key - Pair<Key, X509Certificate[]> privCred4 = EaafKeyStoreUtils.getPrivateKeyAndCertificates( + final Pair<Key, X509Certificate[]> privCred4 = EaafKeyStoreUtils.getPrivateKeyAndCertificates( keyStore, "meta", "wrong".toCharArray(), false, "jUnit test"); Assert.assertNull("Credential 3", privCred4); - + try { EaafKeyStoreUtils.getPrivateKeyAndCertificates( keyStore, "meta", "wrong".toCharArray(), true, "jUnit test"); Assert.fail("Wrong password not detected"); - - } catch (EaafKeyAccessException e) { + + } catch (final EaafKeyAccessException e) { Assert.assertEquals("wrong errorcode", "internal.keystore.09", e.getErrorId()); } - + try { EaafKeyStoreUtils.getPrivateKeyAndCertificates( keyStore, "wrong", "password".toCharArray(), true, "jUnit test"); Assert.fail("Wrong alias not detected"); - - } catch (EaafKeyAccessException e) { + + } catch (final EaafKeyAccessException e) { Assert.assertEquals("wrong errorcode", "internal.keystore.09", e.getErrorId()); } - - + + } @Test @@ -349,7 +356,7 @@ public class EaafKeyStoreFactoryTest { keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD); keyStoreConfig.validate(); - + final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig); Assert.assertNotNull("KeyStore is null", keyStore); @@ -550,18 +557,7 @@ public class EaafKeyStoreFactoryTest { @Test @DirtiesContext public void hsmFacadeKeyStoreNoKeyStoreName() { - mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, - RandomStringUtils.randomNumeric(10)); - mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT, - RandomStringUtils.randomNumeric(4)); - mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME, - RandomStringUtils.randomNumeric(10)); - mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD, - RandomStringUtils.randomAlphanumeric(10)); - mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HSM_NAME, - RandomStringUtils.randomAlphanumeric(10)); - mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST, - PATH_TO_HSM_FACADE_TRUST_CERT); + configureHsmFacade(); final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); @@ -583,28 +579,17 @@ public class EaafKeyStoreFactoryTest { @Test @DirtiesContext public void hsmFacadeKeyStoreSuccess() throws EaafException { - mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, - RandomStringUtils.randomNumeric(10)); - mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT, - RandomStringUtils.randomNumeric(4)); - mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME, - RandomStringUtils.randomNumeric(10)); - mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD, - RandomStringUtils.randomAlphanumeric(10)); - mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HSM_NAME, - RandomStringUtils.randomAlphanumeric(10)); - mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST, - PATH_TO_HSM_FACADE_TRUST_CERT); + configureHsmFacade(); final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); keyStoreConfig.setKeyStoreType(KeyStoreType.HSMFACADE); - keyStoreConfig.setKeyStoreName("testkeyStore"); + keyStoreConfig.setKeyStoreName("authhandler"); keyStoreConfig.validate(); - + try { final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig); Assert.assertNotNull("KeyStore is null", keyStore); @@ -615,6 +600,36 @@ public class EaafKeyStoreFactoryTest { // exception")); } + } + + @Test + @DirtiesContext + public void hsmFacadeKeyStoreSuccessASitTestFacade() throws EaafException { + configureHsmFacade(); + + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + + final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); + keyStoreConfig.setKeyStoreType(KeyStoreType.HSMFACADE); + keyStoreConfig.setKeyStoreName("authhandler"); + + keyStoreConfig.validate(); + + final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig); + Assert.assertNotNull("KeyStore is null", keyStore); + + } + + private void configureHsmFacade() { + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, HSM_FACASE_HOST); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT, HSM_FACASE_PORT); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST, HSM_FACASE_SSL_TRUST); + + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME, HSM_FACASE_USERNAME); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD, HSM_FACASE_PASSWORD); + + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HSM_NAME, HSM_FACASE_HSM_NAME); } diff --git a/eaaf_core_utils/src/test/resources/data/hsm_facade_trust_root.crt b/eaaf_core_utils/src/test/resources/data/hsm_facade_trust_root.crt new file mode 100644 index 00000000..37fdc389 --- /dev/null +++ b/eaaf_core_utils/src/test/resources/data/hsm_facade_trust_root.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDFDCCAfygAwIBAgIEXIjqbjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARy +b290MB4XDTE5MDMxMzExMzMwMloXDTIwMDMxMjExMzMwMlowDzENMAsGA1UEAwwE +cm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKijWXfb7bvQ7CIw +FuyuPUz+aN7uBgSSnpYamtzjagacdtGR2V2OVHfjVHhw+cSoNPaEEV2x0O9A+w8F +FCatBT30l7/2scuJmrdXYlIhd17NU6HG/HKYvRYROkXrprsbdZobWqdF/zShLIvv +0bwconAu7AxwlDgNJQz2pL0e94OkCT5rZyA4HFgzJ34XynXaCMbUbVXxVk6EuNaX +hbyco0qhjOjSn7Rwk3iXp21V4vcYRVq44sG3ieU6jHq6LKmYSGJ1y0yv9ADYJwSp +jCzRbOEKe/7QVvZIyzzqjhO3SAHONuFNX0V6zPCgMCjUOgHuOIEKLJR9p0YYYocX +GBLcVuECAwEAAaN4MHYwDAYDVR0TBAUwAwEB/zA6BgNVHSMEMzAxgBQueuDUlVbB +LBjP+iRFr6lUDBh58qETpBEwDzENMAsGA1UEAwwEcm9vdIIEXIjqbjAdBgNVHQ4E +FgQULnrg1JVWwSwYz/okRa+pVAwYefIwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEB +CwUAA4IBAQCEYSVpiKFO7FjCqTlkxNBY7e7891dq43DfX9i/Hb/AIvZDPe/RC46t +EXd9LN7QYaXe35U5ZD1q7qmK7NoFJ9zp4D4mxA2iiBHz40GnRt+0abNdQiyw913W +s/VIElAOv0tvCw+3SwzvLRU/AVCM1weW6IUbYv/Ty5zmLBsG3do3MmVF3cqXho2m +pNaiubuaUsR8Ms1LqIr6R7Yf8MKSrgYWCOw60gj5O64RHnEJli52D+S/8Cue5GvG +ECckmgLgGsRcWfFwRqqS7+XWt8Dv8xxD5vurvcs547Hn28kSHtF2i+KYLDVH2QjN +dbO0qgEJlMPi7oGrsNjIkndrWseNrPA4 +-----END CERTIFICATE----- +
\ No newline at end of file |