summaryrefslogtreecommitdiff
path: root/eaaf_core_utils
diff options
context:
space:
mode:
Diffstat (limited to 'eaaf_core_utils')
-rw-r--r--eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java25
-rw-r--r--eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java143
-rw-r--r--eaaf_core_utils/src/test/resources/data/hsm_facade_trust_root.crt20
3 files changed, 112 insertions, 76 deletions
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java
index 6dbbba3e..970efd22 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java
@@ -4,9 +4,10 @@ import java.util.Map;
import javax.annotation.Nonnull;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+
import org.apache.commons.lang3.StringUtils;
-import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
import lombok.Getter;
import lombok.Setter;
import lombok.extern.slf4j.Slf4j;
@@ -139,7 +140,7 @@ public class KeyStoreConfiguration {
/**
* Validate the internal state of this configuration object.
- *
+ *
* @throws EaafConfigurationException In case of a configuration error
*/
public void validate() throws EaafConfigurationException {
@@ -147,7 +148,7 @@ public class KeyStoreConfiguration {
log.trace("Validate HSM-Facade KeyStore ... ");
checkConfigurationValue(keyStoreName, EaafKeyStoreFactory.ERRORCODE_07,
friendlyName, "Missing 'KeyName' for HSM-Facade");
-
+
} else if (KeyStoreType.PKCS12.equals(keyStoreType)
|| KeyStoreType.JKS.equals(keyStoreType)) {
log.trace("Validate software KeyStore ... ");
@@ -155,13 +156,13 @@ public class KeyStoreConfiguration {
friendlyName, "Missing 'KeyPath' for software keystore");
checkConfigurationValue(softKeyStorePassword, EaafKeyStoreFactory.ERRORCODE_07,
friendlyName, "Missing 'KeyPassword' for software keystore");
-
+
} else {
log.info("Validation of type: {} not supported yet", keyStoreType);
-
+
}
}
-
+
public enum KeyStoreType {
PKCS12("pkcs12"), JKS("jks"), HSMFACADE("hsmfacade"), PKCS11("pkcs11");
@@ -209,16 +210,16 @@ public class KeyStoreConfiguration {
final String configValue = config.get(configParamKey);
checkConfigurationValue(configValue, EaafKeyStoreFactory.ERRORCODE_04, configParamKey);
return configValue;
-
+
}
- private static void checkConfigurationValue(String configValue, String errorCode, String... params)
+ private static void checkConfigurationValue(String configValue, String errorCode, String... params)
throws EaafConfigurationException {
if (StringUtils.isEmpty(configValue)) {
- throw new EaafConfigurationException(errorCode,
- new Object[] { params});
-
+ throw new EaafConfigurationException(errorCode,
+ params);
+
}
-
+
}
}
diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java
index c47805e8..b5727015 100644
--- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java
+++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java
@@ -6,6 +6,17 @@ import java.security.KeyStoreException;
import java.security.cert.X509Certificate;
import java.util.List;
+import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap;
+
import org.apache.commons.lang3.RandomStringUtils;
import org.junit.Assert;
import org.junit.Before;
@@ -23,17 +34,6 @@ import com.google.common.base.Optional;
import com.google.common.base.Predicates;
import com.google.common.base.Throwables;
import com.google.common.collect.FluentIterable;
-
-import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException;
-import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException;
-import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
-import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils;
-import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
-import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
-import at.gv.egiz.eaaf.core.impl.data.Pair;
-import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap;
import io.grpc.StatusRuntimeException;
@RunWith(SpringJUnit4ClassRunner.class)
@@ -41,13 +41,20 @@ import io.grpc.StatusRuntimeException;
@DirtiesContext(methodMode = MethodMode.BEFORE_METHOD)
public class EaafKeyStoreFactoryTest {
+ private static final String HSM_FACASE_HOST = "eid.a-sit.at";
+ private static final String HSM_FACASE_PORT = "9000";
+ private static final String HSM_FACASE_SSL_TRUST = "src/test/resources/data/hsm_facade_trust_root.crt";
+ private static final String HSM_FACASE_USERNAME = "authhandler-junit";
+ private static final String HSM_FACASE_PASSWORD = "supersecret123";
+ private static final String HSM_FACASE_HSM_NAME = "software";
+
private static final String PATH_TO_SOFTWARE_KEYSTORE_JKS_WITH_TRUSTED_CERTS =
"src/test/resources/data/junit.jks";
private static final String PATH_TO_SOFTWARE_KEYSTORE_JKS =
"src/test/resources/data/junit_without_trustcerts.jks";
private static final String PATH_TO_SOFTWARE_KEYSTORE_PKCS12 =
"src/test/resources/data/junit_without_trustcerts.p12";
- private static final String PATH_TO_HSM_FACADE_TRUST_CERT = "src/test/resources/data/test.crt";
+ private static final String PATH_TO_HSM_FACADE_TRUST_CERT = "src/test/resources/data/hsm_facade_trust_root.crt";
private static final String SOFTWARE_KEYSTORE_PASSWORD = "password";
@Autowired
@@ -146,7 +153,7 @@ public class EaafKeyStoreFactoryTest {
}
}
-
+
@Test
@DirtiesContext
public void softwareKeyStoreWithoutPassword() {
@@ -177,7 +184,7 @@ public class EaafKeyStoreFactoryTest {
final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration();
keyStoreConfig.setKeyStoreType(KeyStoreType.JKS);
keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD);
-
+
try {
keyStoreFactory.buildNewKeyStore(keyStoreConfig);
@@ -216,7 +223,7 @@ public class EaafKeyStoreFactoryTest {
keyStoreConfig.setKeyStoreType(KeyStoreType.JKS);
keyStoreConfig.setSoftKeyStoreFilePath("src/test/resources/notexist.jks");
keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD);
-
+
try {
keyStoreFactory.buildNewKeyStore(keyStoreConfig);
@@ -239,7 +246,7 @@ public class EaafKeyStoreFactoryTest {
keyStoreConfig.setKeyStoreType(KeyStoreType.JKS);
keyStoreConfig.setSoftKeyStoreFilePath(PATH_TO_SOFTWARE_KEYSTORE_JKS);
keyStoreConfig.setSoftKeyStorePassword("wrong password");
-
+
try {
keyStoreFactory.buildNewKeyStore(keyStoreConfig);
@@ -262,14 +269,14 @@ public class EaafKeyStoreFactoryTest {
keyStoreConfig.setKeyStoreType(KeyStoreType.JKS);
keyStoreConfig.setSoftKeyStoreFilePath(PATH_TO_SOFTWARE_KEYSTORE_JKS);
keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD);
-
+
keyStoreConfig.validate();
final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig);
Assert.assertNotNull("KeyStore is null", keyStore);
}
-
+
@Test
@DirtiesContext
public void softwareKeyStoreAccessOperations() throws EaafException, KeyStoreException {
@@ -280,61 +287,61 @@ public class EaafKeyStoreFactoryTest {
keyStoreConfig.setKeyStoreType(KeyStoreType.JKS);
keyStoreConfig.setSoftKeyStoreFilePath(PATH_TO_SOFTWARE_KEYSTORE_JKS_WITH_TRUSTED_CERTS);
keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD);
-
+
keyStoreConfig.validate();
final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig);
Assert.assertNotNull("KeyStore is null", keyStore);
-
+
//read trusted certs
- List<X509Certificate> trustedCerts = EaafKeyStoreUtils.readCertsFromKeyStore(keyStore);
+ final List<X509Certificate> trustedCerts = EaafKeyStoreUtils.readCertsFromKeyStore(keyStore);
Assert.assertNotNull("Trusted certs", trustedCerts);
Assert.assertEquals("Trusted certs size", 2, trustedCerts.size());
//read priv. key
- Pair<Key, X509Certificate[]> privCred1 = EaafKeyStoreUtils.getPrivateKeyAndCertificates(
+ final Pair<Key, X509Certificate[]> privCred1 = EaafKeyStoreUtils.getPrivateKeyAndCertificates(
keyStore, "meta", "password".toCharArray(), true, "jUnit test");
Assert.assertNotNull("Credential 1", privCred1);
Assert.assertNotNull("Credential 1 priv. key", privCred1.getFirst());
Assert.assertNotNull("Credential 1 certificate", privCred1.getSecond());
-
+
//read priv. key
- Pair<Key, X509Certificate[]> privCred2 = EaafKeyStoreUtils.getPrivateKeyAndCertificates(
+ final Pair<Key, X509Certificate[]> privCred2 = EaafKeyStoreUtils.getPrivateKeyAndCertificates(
keyStore, "sig", "password".toCharArray(), true, "jUnit test");
Assert.assertNotNull("Credential 2", privCred2);
Assert.assertNotNull("Credential 2 priv. key", privCred2.getFirst());
Assert.assertNotNull("Credential 2 certificate", privCred2.getSecond());
-
-
+
+
//read priv. key
- Pair<Key, X509Certificate[]> privCred3 = EaafKeyStoreUtils.getPrivateKeyAndCertificates(
+ final Pair<Key, X509Certificate[]> privCred3 = EaafKeyStoreUtils.getPrivateKeyAndCertificates(
keyStore, "notexist", "password".toCharArray(), false, "jUnit test");
Assert.assertNull("Credential 3", privCred3);
-
+
//read priv. key
- Pair<Key, X509Certificate[]> privCred4 = EaafKeyStoreUtils.getPrivateKeyAndCertificates(
+ final Pair<Key, X509Certificate[]> privCred4 = EaafKeyStoreUtils.getPrivateKeyAndCertificates(
keyStore, "meta", "wrong".toCharArray(), false, "jUnit test");
Assert.assertNull("Credential 3", privCred4);
-
+
try {
EaafKeyStoreUtils.getPrivateKeyAndCertificates(
keyStore, "meta", "wrong".toCharArray(), true, "jUnit test");
Assert.fail("Wrong password not detected");
-
- } catch (EaafKeyAccessException e) {
+
+ } catch (final EaafKeyAccessException e) {
Assert.assertEquals("wrong errorcode", "internal.keystore.09", e.getErrorId());
}
-
+
try {
EaafKeyStoreUtils.getPrivateKeyAndCertificates(
keyStore, "wrong", "password".toCharArray(), true, "jUnit test");
Assert.fail("Wrong alias not detected");
-
- } catch (EaafKeyAccessException e) {
+
+ } catch (final EaafKeyAccessException e) {
Assert.assertEquals("wrong errorcode", "internal.keystore.09", e.getErrorId());
}
-
-
+
+
}
@Test
@@ -349,7 +356,7 @@ public class EaafKeyStoreFactoryTest {
keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD);
keyStoreConfig.validate();
-
+
final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig);
Assert.assertNotNull("KeyStore is null", keyStore);
@@ -550,18 +557,7 @@ public class EaafKeyStoreFactoryTest {
@Test
@DirtiesContext
public void hsmFacadeKeyStoreNoKeyStoreName() {
- mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST,
- RandomStringUtils.randomNumeric(10));
- mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT,
- RandomStringUtils.randomNumeric(4));
- mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME,
- RandomStringUtils.randomNumeric(10));
- mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD,
- RandomStringUtils.randomAlphanumeric(10));
- mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HSM_NAME,
- RandomStringUtils.randomAlphanumeric(10));
- mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST,
- PATH_TO_HSM_FACADE_TRUST_CERT);
+ configureHsmFacade();
final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
@@ -583,28 +579,17 @@ public class EaafKeyStoreFactoryTest {
@Test
@DirtiesContext
public void hsmFacadeKeyStoreSuccess() throws EaafException {
- mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST,
- RandomStringUtils.randomNumeric(10));
- mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT,
- RandomStringUtils.randomNumeric(4));
- mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME,
- RandomStringUtils.randomNumeric(10));
- mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD,
- RandomStringUtils.randomAlphanumeric(10));
- mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HSM_NAME,
- RandomStringUtils.randomAlphanumeric(10));
- mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST,
- PATH_TO_HSM_FACADE_TRUST_CERT);
+ configureHsmFacade();
final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration();
keyStoreConfig.setKeyStoreType(KeyStoreType.HSMFACADE);
- keyStoreConfig.setKeyStoreName("testkeyStore");
+ keyStoreConfig.setKeyStoreName("authhandler");
keyStoreConfig.validate();
-
+
try {
final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig);
Assert.assertNotNull("KeyStore is null", keyStore);
@@ -615,6 +600,36 @@ public class EaafKeyStoreFactoryTest {
// exception"));
}
+ }
+
+ @Test
+ @DirtiesContext
+ public void hsmFacadeKeyStoreSuccessASitTestFacade() throws EaafException {
+ configureHsmFacade();
+
+ final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
+ Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
+
+ final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration();
+ keyStoreConfig.setKeyStoreType(KeyStoreType.HSMFACADE);
+ keyStoreConfig.setKeyStoreName("authhandler");
+
+ keyStoreConfig.validate();
+
+ final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig);
+ Assert.assertNotNull("KeyStore is null", keyStore);
+
+ }
+
+ private void configureHsmFacade() {
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, HSM_FACASE_HOST);
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT, HSM_FACASE_PORT);
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST, HSM_FACASE_SSL_TRUST);
+
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME, HSM_FACASE_USERNAME);
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD, HSM_FACASE_PASSWORD);
+
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HSM_NAME, HSM_FACASE_HSM_NAME);
}
diff --git a/eaaf_core_utils/src/test/resources/data/hsm_facade_trust_root.crt b/eaaf_core_utils/src/test/resources/data/hsm_facade_trust_root.crt
new file mode 100644
index 00000000..37fdc389
--- /dev/null
+++ b/eaaf_core_utils/src/test/resources/data/hsm_facade_trust_root.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDFDCCAfygAwIBAgIEXIjqbjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARy
+b290MB4XDTE5MDMxMzExMzMwMloXDTIwMDMxMjExMzMwMlowDzENMAsGA1UEAwwE
+cm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKijWXfb7bvQ7CIw
+FuyuPUz+aN7uBgSSnpYamtzjagacdtGR2V2OVHfjVHhw+cSoNPaEEV2x0O9A+w8F
+FCatBT30l7/2scuJmrdXYlIhd17NU6HG/HKYvRYROkXrprsbdZobWqdF/zShLIvv
+0bwconAu7AxwlDgNJQz2pL0e94OkCT5rZyA4HFgzJ34XynXaCMbUbVXxVk6EuNaX
+hbyco0qhjOjSn7Rwk3iXp21V4vcYRVq44sG3ieU6jHq6LKmYSGJ1y0yv9ADYJwSp
+jCzRbOEKe/7QVvZIyzzqjhO3SAHONuFNX0V6zPCgMCjUOgHuOIEKLJR9p0YYYocX
+GBLcVuECAwEAAaN4MHYwDAYDVR0TBAUwAwEB/zA6BgNVHSMEMzAxgBQueuDUlVbB
+LBjP+iRFr6lUDBh58qETpBEwDzENMAsGA1UEAwwEcm9vdIIEXIjqbjAdBgNVHQ4E
+FgQULnrg1JVWwSwYz/okRa+pVAwYefIwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEB
+CwUAA4IBAQCEYSVpiKFO7FjCqTlkxNBY7e7891dq43DfX9i/Hb/AIvZDPe/RC46t
+EXd9LN7QYaXe35U5ZD1q7qmK7NoFJ9zp4D4mxA2iiBHz40GnRt+0abNdQiyw913W
+s/VIElAOv0tvCw+3SwzvLRU/AVCM1weW6IUbYv/Ty5zmLBsG3do3MmVF3cqXho2m
+pNaiubuaUsR8Ms1LqIr6R7Yf8MKSrgYWCOw60gj5O64RHnEJli52D+S/8Cue5GvG
+ECckmgLgGsRcWfFwRqqS7+XWt8Dv8xxD5vurvcs547Hn28kSHtF2i+KYLDVH2QjN
+dbO0qgEJlMPi7oGrsNjIkndrWseNrPA4
+-----END CERTIFICATE-----
+ \ No newline at end of file