summaryrefslogtreecommitdiff
path: root/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz
diff options
context:
space:
mode:
Diffstat (limited to 'eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz')
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/AbstractJsonSecurityUtilsTest.java54
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JoseUtilsTest.java83
2 files changed, 125 insertions, 12 deletions
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/AbstractJsonSecurityUtilsTest.java b/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/AbstractJsonSecurityUtilsTest.java
index 917ef1e0..6550b026 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/AbstractJsonSecurityUtilsTest.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/AbstractJsonSecurityUtilsTest.java
@@ -9,15 +9,6 @@ import java.security.Security;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
-import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils;
-import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
-import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
-import at.gv.egiz.eaaf.core.impl.data.Pair;
-import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap;
-import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult;
-
import org.apache.commons.lang3.RandomStringUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.jose4j.base64url.Base64Url;
@@ -28,6 +19,7 @@ import org.jose4j.jwe.ContentEncryptionAlgorithmIdentifiers;
import org.jose4j.jwe.JsonWebEncryption;
import org.jose4j.jwe.KeyManagementAlgorithmIdentifiers;
import org.jose4j.lang.JoseException;
+import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
@@ -38,6 +30,17 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import com.fasterxml.jackson.databind.JsonNode;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap;
+import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult;
+import iaik.security.ec.provider.ECCelerate;
+import iaik.security.provider.IAIK;
+
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration("/spring/test_eaaf_sl20_hsm.beans.xml")
public abstract class AbstractJsonSecurityUtilsTest {
@@ -46,12 +49,27 @@ public abstract class AbstractJsonSecurityUtilsTest {
@Autowired protected IJoseTools joseTools;
@Autowired protected EaafKeyStoreFactory keyStoreFactory;
+ /**
+ *jUnit test class initializer.
+ */
@BeforeClass
public static void classInitializer() {
- Security.addProvider(new BouncyCastleProvider());
+ IAIK.addAsProvider();
+ ECCelerate.addAsProvider();
+ Security.addProvider(new BouncyCastleProvider());
}
+ /**
+ * jUnit test class cleaner.
+ */
+ @AfterClass
+ public static final void classFinisher() {
+ Security.removeProvider(IAIK.getInstance().getName());
+ Security.removeProvider(ECCelerate.getInstance().getName());
+
+ }
+
protected abstract void setRsaSigningKey();
protected abstract void setEcSigningKey();
@@ -78,7 +96,7 @@ public abstract class AbstractJsonSecurityUtilsTest {
final JsonWebEncryption jwe = new JsonWebEncryption();
jwe.setAlgorithmHeaderValue(KeyManagementAlgorithmIdentifiers.ECDH_ES_A256KW);
jwe.setEncryptionMethodHeaderParameter(ContentEncryptionAlgorithmIdentifiers.AES_128_GCM);
- jwe.setKey(joseTools.getEncryptionCertificate().getPublicKey());
+ jwe.setKey(JoseUtils.convertToBcKeyIfRequired(joseTools.getEncryptionCertificate().getPublicKey()));
jwe.setX509CertSha256ThumbprintHeaderValue(joseTools.getEncryptionCertificate());
jwe.setPayload(payLoad);
@@ -88,8 +106,14 @@ public abstract class AbstractJsonSecurityUtilsTest {
final ProviderContext providerCtx = new ProviderContext();
providerCtx.getSuppliedKeyProviderContext().setSignatureProvider(
rsaEncKeyStore.getSecond().getName());
+ providerCtx.getGeneralProviderContext().setGeneralProvider(BouncyCastleProvider.PROVIDER_NAME);
jwe.setProviderContext(providerCtx);
+ } else {
+ final ProviderContext providerCtx = new ProviderContext();
+ providerCtx.getGeneralProviderContext().setGeneralProvider(BouncyCastleProvider.PROVIDER_NAME);
+ jwe.setProviderContext(providerCtx);
+
}
final String encData = jwe.getCompactSerialization();
@@ -141,7 +165,7 @@ public abstract class AbstractJsonSecurityUtilsTest {
final JsonWebEncryption jwe = new JsonWebEncryption();
jwe.setAlgorithmHeaderValue(KeyManagementAlgorithmIdentifiers.ECDH_ES_A256KW);
jwe.setEncryptionMethodHeaderParameter(ContentEncryptionAlgorithmIdentifiers.AES_128_GCM);
- jwe.setKey(key.getSecond()[0].getPublicKey());
+ jwe.setKey(JoseUtils.convertToBcKeyIfRequired(key.getSecond()[0].getPublicKey()));
jwe.setPayload(payLoad);
// set special provider if required
@@ -149,8 +173,14 @@ public abstract class AbstractJsonSecurityUtilsTest {
final ProviderContext providerCtx = new ProviderContext();
providerCtx.getSuppliedKeyProviderContext().setSignatureProvider(
rsaEncKeyStore.getSecond().getName());
+ providerCtx.getGeneralProviderContext().setGeneralProvider(BouncyCastleProvider.PROVIDER_NAME);
jwe.setProviderContext(providerCtx);
+ } else {
+ final ProviderContext providerCtx = new ProviderContext();
+ providerCtx.getGeneralProviderContext().setGeneralProvider(BouncyCastleProvider.PROVIDER_NAME);
+ jwe.setProviderContext(providerCtx);
+
}
final String encData = jwe.getCompactSerialization();
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JoseUtilsTest.java b/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JoseUtilsTest.java
new file mode 100644
index 00000000..b5a7639e
--- /dev/null
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JoseUtilsTest.java
@@ -0,0 +1,83 @@
+package at.gv.egiz.eaaf.modules.auth.sl20.utils;
+
+import java.io.IOException;
+import java.security.NoSuchProviderException;
+import java.security.Security;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+
+import org.apache.commons.io.IOUtils;
+import org.jose4j.jwa.AlgorithmConstraints;
+import org.jose4j.jwa.AlgorithmConstraints.ConstraintType;
+import org.jose4j.jws.AlgorithmIdentifiers;
+import org.jose4j.lang.JoseException;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.BlockJUnit4ClassRunner;
+
+import at.gv.egiz.eaaf.modules.auth.sl20.utils.JoseUtils.JwsResult;
+import iaik.security.ec.provider.ECCelerate;
+import iaik.security.provider.IAIK;
+
+@RunWith(BlockJUnit4ClassRunner.class)
+public class JoseUtilsTest {
+
+ private static final List<String> BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING = Collections.unmodifiableList(
+ Arrays.asList(
+ AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256,
+ AlgorithmIdentifiers.ECDSA_USING_P521_CURVE_AND_SHA512,
+ AlgorithmIdentifiers.RSA_PSS_USING_SHA256,
+ AlgorithmIdentifiers.RSA_PSS_USING_SHA512));
+
+ /**
+ *jUnit test class initializer.
+ */
+ @BeforeClass
+ public static final void classInitializer() {
+ IAIK.addAsProvider();
+ ECCelerate.addAsProvider();
+
+ }
+
+ /**
+ * jUnit test class cleaner.
+ */
+ @AfterClass
+ public static final void classFinisher() {
+ Security.removeProvider(IAIK.getInstance().getName());
+ Security.removeProvider(ECCelerate.getInstance().getName());
+
+ }
+
+ @Test
+ public void testBindingAuthBlock() throws JoseException, IOException, CertificateException, NoSuchProviderException {
+
+ final String serializedContent = IOUtils.toString(JoseUtils.class.getResourceAsStream(
+ "/data/bindingAuth1.jws"), "UTF-8");
+
+ final iaik.x509.X509Certificate trustedCert = new iaik.x509.X509Certificate(JoseUtils.class
+ .getResourceAsStream("/data/bindingAuth1.crt"));
+
+ final List<X509Certificate> trustedCerts = Arrays.asList(trustedCert);
+ final AlgorithmConstraints constraints = new AlgorithmConstraints(ConstraintType.PERMIT,
+ BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING
+ .toArray(new String[BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING.size()]));
+
+ final JwsResult result = JoseUtils.validateSignature(serializedContent, trustedCerts, constraints);
+
+ Assert.assertNotNull("JWS verify result", result);
+ Assert.assertTrue("JWS not valid", result.isValid());
+ Assert.assertNotNull("JWS payload", result.getPayLoad());
+ Assert.assertNotNull("JWS Headers", result.getFullJoseHeader());
+ Assert.assertNotNull("JWS Signercerts", result.getX5cCerts());
+ Assert.assertEquals("Signercerts size", 1, result.getX5cCerts().size());
+ Assert.assertArrayEquals("Signercerts", trustedCert.getEncoded(), result.getX5cCerts().get(0).getEncoded());
+
+ }
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-21 04:38:30 +0000