From 3b7eb43b0df868e492ccd7ad2daca5e4c0053bb2 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 17 Feb 2020 11:33:09 +0100 Subject: update jUnit tests to operate on HSM Facade from A-Sit+ --- .../impl/credential/KeyStoreConfiguration.java | 25 ++-- .../test/credentials/EaafKeyStoreFactoryTest.java | 143 ++++++++++++--------- .../test/resources/data/hsm_facade_trust_root.crt | 20 +++ .../modules/pvp2/test/CredentialProviderTest.java | 50 ++++--- .../pvp2/test/dummy/DummyCredentialProvider.java | 30 +++-- .../test/resources/data/hsm_facade_trust_root.crt | 20 +++ 6 files changed, 184 insertions(+), 104 deletions(-) create mode 100644 eaaf_core_utils/src/test/resources/data/hsm_facade_trust_root.crt create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/hsm_facade_trust_root.crt diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java index 6dbbba3e..970efd22 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java @@ -4,9 +4,10 @@ import java.util.Map; import javax.annotation.Nonnull; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; + import org.apache.commons.lang3.StringUtils; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; import lombok.Getter; import lombok.Setter; import lombok.extern.slf4j.Slf4j; @@ -139,7 +140,7 @@ public class KeyStoreConfiguration { /** * Validate the internal state of this configuration object. - * + * * @throws EaafConfigurationException In case of a configuration error */ public void validate() throws EaafConfigurationException { @@ -147,7 +148,7 @@ public class KeyStoreConfiguration { log.trace("Validate HSM-Facade KeyStore ... "); checkConfigurationValue(keyStoreName, EaafKeyStoreFactory.ERRORCODE_07, friendlyName, "Missing 'KeyName' for HSM-Facade"); - + } else if (KeyStoreType.PKCS12.equals(keyStoreType) || KeyStoreType.JKS.equals(keyStoreType)) { log.trace("Validate software KeyStore ... "); @@ -155,13 +156,13 @@ public class KeyStoreConfiguration { friendlyName, "Missing 'KeyPath' for software keystore"); checkConfigurationValue(softKeyStorePassword, EaafKeyStoreFactory.ERRORCODE_07, friendlyName, "Missing 'KeyPassword' for software keystore"); - + } else { log.info("Validation of type: {} not supported yet", keyStoreType); - + } } - + public enum KeyStoreType { PKCS12("pkcs12"), JKS("jks"), HSMFACADE("hsmfacade"), PKCS11("pkcs11"); @@ -209,16 +210,16 @@ public class KeyStoreConfiguration { final String configValue = config.get(configParamKey); checkConfigurationValue(configValue, EaafKeyStoreFactory.ERRORCODE_04, configParamKey); return configValue; - + } - private static void checkConfigurationValue(String configValue, String errorCode, String... params) + private static void checkConfigurationValue(String configValue, String errorCode, String... params) throws EaafConfigurationException { if (StringUtils.isEmpty(configValue)) { - throw new EaafConfigurationException(errorCode, - new Object[] { params}); - + throw new EaafConfigurationException(errorCode, + params); + } - + } } diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java index c47805e8..b5727015 100644 --- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java +++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java @@ -6,6 +6,17 @@ import java.security.KeyStoreException; import java.security.cert.X509Certificate; import java.util.List; +import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap; + import org.apache.commons.lang3.RandomStringUtils; import org.junit.Assert; import org.junit.Before; @@ -23,17 +34,6 @@ import com.google.common.base.Optional; import com.google.common.base.Predicates; import com.google.common.base.Throwables; import com.google.common.collect.FluentIterable; - -import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException; -import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; -import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; -import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap; import io.grpc.StatusRuntimeException; @RunWith(SpringJUnit4ClassRunner.class) @@ -41,13 +41,20 @@ import io.grpc.StatusRuntimeException; @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public class EaafKeyStoreFactoryTest { + private static final String HSM_FACASE_HOST = "eid.a-sit.at"; + private static final String HSM_FACASE_PORT = "9000"; + private static final String HSM_FACASE_SSL_TRUST = "src/test/resources/data/hsm_facade_trust_root.crt"; + private static final String HSM_FACASE_USERNAME = "authhandler-junit"; + private static final String HSM_FACASE_PASSWORD = "supersecret123"; + private static final String HSM_FACASE_HSM_NAME = "software"; + private static final String PATH_TO_SOFTWARE_KEYSTORE_JKS_WITH_TRUSTED_CERTS = "src/test/resources/data/junit.jks"; private static final String PATH_TO_SOFTWARE_KEYSTORE_JKS = "src/test/resources/data/junit_without_trustcerts.jks"; private static final String PATH_TO_SOFTWARE_KEYSTORE_PKCS12 = "src/test/resources/data/junit_without_trustcerts.p12"; - private static final String PATH_TO_HSM_FACADE_TRUST_CERT = "src/test/resources/data/test.crt"; + private static final String PATH_TO_HSM_FACADE_TRUST_CERT = "src/test/resources/data/hsm_facade_trust_root.crt"; private static final String SOFTWARE_KEYSTORE_PASSWORD = "password"; @Autowired @@ -146,7 +153,7 @@ public class EaafKeyStoreFactoryTest { } } - + @Test @DirtiesContext public void softwareKeyStoreWithoutPassword() { @@ -177,7 +184,7 @@ public class EaafKeyStoreFactoryTest { final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); keyStoreConfig.setKeyStoreType(KeyStoreType.JKS); keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD); - + try { keyStoreFactory.buildNewKeyStore(keyStoreConfig); @@ -216,7 +223,7 @@ public class EaafKeyStoreFactoryTest { keyStoreConfig.setKeyStoreType(KeyStoreType.JKS); keyStoreConfig.setSoftKeyStoreFilePath("src/test/resources/notexist.jks"); keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD); - + try { keyStoreFactory.buildNewKeyStore(keyStoreConfig); @@ -239,7 +246,7 @@ public class EaafKeyStoreFactoryTest { keyStoreConfig.setKeyStoreType(KeyStoreType.JKS); keyStoreConfig.setSoftKeyStoreFilePath(PATH_TO_SOFTWARE_KEYSTORE_JKS); keyStoreConfig.setSoftKeyStorePassword("wrong password"); - + try { keyStoreFactory.buildNewKeyStore(keyStoreConfig); @@ -262,14 +269,14 @@ public class EaafKeyStoreFactoryTest { keyStoreConfig.setKeyStoreType(KeyStoreType.JKS); keyStoreConfig.setSoftKeyStoreFilePath(PATH_TO_SOFTWARE_KEYSTORE_JKS); keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD); - + keyStoreConfig.validate(); final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig); Assert.assertNotNull("KeyStore is null", keyStore); } - + @Test @DirtiesContext public void softwareKeyStoreAccessOperations() throws EaafException, KeyStoreException { @@ -280,61 +287,61 @@ public class EaafKeyStoreFactoryTest { keyStoreConfig.setKeyStoreType(KeyStoreType.JKS); keyStoreConfig.setSoftKeyStoreFilePath(PATH_TO_SOFTWARE_KEYSTORE_JKS_WITH_TRUSTED_CERTS); keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD); - + keyStoreConfig.validate(); final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig); Assert.assertNotNull("KeyStore is null", keyStore); - + //read trusted certs - List trustedCerts = EaafKeyStoreUtils.readCertsFromKeyStore(keyStore); + final List trustedCerts = EaafKeyStoreUtils.readCertsFromKeyStore(keyStore); Assert.assertNotNull("Trusted certs", trustedCerts); Assert.assertEquals("Trusted certs size", 2, trustedCerts.size()); //read priv. key - Pair privCred1 = EaafKeyStoreUtils.getPrivateKeyAndCertificates( + final Pair privCred1 = EaafKeyStoreUtils.getPrivateKeyAndCertificates( keyStore, "meta", "password".toCharArray(), true, "jUnit test"); Assert.assertNotNull("Credential 1", privCred1); Assert.assertNotNull("Credential 1 priv. key", privCred1.getFirst()); Assert.assertNotNull("Credential 1 certificate", privCred1.getSecond()); - + //read priv. key - Pair privCred2 = EaafKeyStoreUtils.getPrivateKeyAndCertificates( + final Pair privCred2 = EaafKeyStoreUtils.getPrivateKeyAndCertificates( keyStore, "sig", "password".toCharArray(), true, "jUnit test"); Assert.assertNotNull("Credential 2", privCred2); Assert.assertNotNull("Credential 2 priv. key", privCred2.getFirst()); Assert.assertNotNull("Credential 2 certificate", privCred2.getSecond()); - - + + //read priv. key - Pair privCred3 = EaafKeyStoreUtils.getPrivateKeyAndCertificates( + final Pair privCred3 = EaafKeyStoreUtils.getPrivateKeyAndCertificates( keyStore, "notexist", "password".toCharArray(), false, "jUnit test"); Assert.assertNull("Credential 3", privCred3); - + //read priv. key - Pair privCred4 = EaafKeyStoreUtils.getPrivateKeyAndCertificates( + final Pair privCred4 = EaafKeyStoreUtils.getPrivateKeyAndCertificates( keyStore, "meta", "wrong".toCharArray(), false, "jUnit test"); Assert.assertNull("Credential 3", privCred4); - + try { EaafKeyStoreUtils.getPrivateKeyAndCertificates( keyStore, "meta", "wrong".toCharArray(), true, "jUnit test"); Assert.fail("Wrong password not detected"); - - } catch (EaafKeyAccessException e) { + + } catch (final EaafKeyAccessException e) { Assert.assertEquals("wrong errorcode", "internal.keystore.09", e.getErrorId()); } - + try { EaafKeyStoreUtils.getPrivateKeyAndCertificates( keyStore, "wrong", "password".toCharArray(), true, "jUnit test"); Assert.fail("Wrong alias not detected"); - - } catch (EaafKeyAccessException e) { + + } catch (final EaafKeyAccessException e) { Assert.assertEquals("wrong errorcode", "internal.keystore.09", e.getErrorId()); } - - + + } @Test @@ -349,7 +356,7 @@ public class EaafKeyStoreFactoryTest { keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD); keyStoreConfig.validate(); - + final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig); Assert.assertNotNull("KeyStore is null", keyStore); @@ -550,18 +557,7 @@ public class EaafKeyStoreFactoryTest { @Test @DirtiesContext public void hsmFacadeKeyStoreNoKeyStoreName() { - mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, - RandomStringUtils.randomNumeric(10)); - mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT, - RandomStringUtils.randomNumeric(4)); - mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME, - RandomStringUtils.randomNumeric(10)); - mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD, - RandomStringUtils.randomAlphanumeric(10)); - mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HSM_NAME, - RandomStringUtils.randomAlphanumeric(10)); - mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST, - PATH_TO_HSM_FACADE_TRUST_CERT); + configureHsmFacade(); final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); @@ -583,28 +579,17 @@ public class EaafKeyStoreFactoryTest { @Test @DirtiesContext public void hsmFacadeKeyStoreSuccess() throws EaafException { - mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, - RandomStringUtils.randomNumeric(10)); - mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT, - RandomStringUtils.randomNumeric(4)); - mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME, - RandomStringUtils.randomNumeric(10)); - mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD, - RandomStringUtils.randomAlphanumeric(10)); - mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HSM_NAME, - RandomStringUtils.randomAlphanumeric(10)); - mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST, - PATH_TO_HSM_FACADE_TRUST_CERT); + configureHsmFacade(); final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); keyStoreConfig.setKeyStoreType(KeyStoreType.HSMFACADE); - keyStoreConfig.setKeyStoreName("testkeyStore"); + keyStoreConfig.setKeyStoreName("authhandler"); keyStoreConfig.validate(); - + try { final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig); Assert.assertNotNull("KeyStore is null", keyStore); @@ -615,6 +600,36 @@ public class EaafKeyStoreFactoryTest { // exception")); } + } + + @Test + @DirtiesContext + public void hsmFacadeKeyStoreSuccessASitTestFacade() throws EaafException { + configureHsmFacade(); + + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + + final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); + keyStoreConfig.setKeyStoreType(KeyStoreType.HSMFACADE); + keyStoreConfig.setKeyStoreName("authhandler"); + + keyStoreConfig.validate(); + + final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig); + Assert.assertNotNull("KeyStore is null", keyStore); + + } + + private void configureHsmFacade() { + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, HSM_FACASE_HOST); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT, HSM_FACASE_PORT); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST, HSM_FACASE_SSL_TRUST); + + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME, HSM_FACASE_USERNAME); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD, HSM_FACASE_PASSWORD); + + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HSM_NAME, HSM_FACASE_HSM_NAME); } diff --git a/eaaf_core_utils/src/test/resources/data/hsm_facade_trust_root.crt b/eaaf_core_utils/src/test/resources/data/hsm_facade_trust_root.crt new file mode 100644 index 00000000..37fdc389 --- /dev/null +++ b/eaaf_core_utils/src/test/resources/data/hsm_facade_trust_root.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDFDCCAfygAwIBAgIEXIjqbjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARy +b290MB4XDTE5MDMxMzExMzMwMloXDTIwMDMxMjExMzMwMlowDzENMAsGA1UEAwwE +cm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKijWXfb7bvQ7CIw +FuyuPUz+aN7uBgSSnpYamtzjagacdtGR2V2OVHfjVHhw+cSoNPaEEV2x0O9A+w8F +FCatBT30l7/2scuJmrdXYlIhd17NU6HG/HKYvRYROkXrprsbdZobWqdF/zShLIvv +0bwconAu7AxwlDgNJQz2pL0e94OkCT5rZyA4HFgzJ34XynXaCMbUbVXxVk6EuNaX +hbyco0qhjOjSn7Rwk3iXp21V4vcYRVq44sG3ieU6jHq6LKmYSGJ1y0yv9ADYJwSp +jCzRbOEKe/7QVvZIyzzqjhO3SAHONuFNX0V6zPCgMCjUOgHuOIEKLJR9p0YYYocX +GBLcVuECAwEAAaN4MHYwDAYDVR0TBAUwAwEB/zA6BgNVHSMEMzAxgBQueuDUlVbB +LBjP+iRFr6lUDBh58qETpBEwDzENMAsGA1UEAwwEcm9vdIIEXIjqbjAdBgNVHQ4E +FgQULnrg1JVWwSwYz/okRa+pVAwYefIwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEB +CwUAA4IBAQCEYSVpiKFO7FjCqTlkxNBY7e7891dq43DfX9i/Hb/AIvZDPe/RC46t +EXd9LN7QYaXe35U5ZD1q7qmK7NoFJ9zp4D4mxA2iiBHz40GnRt+0abNdQiyw913W +s/VIElAOv0tvCw+3SwzvLRU/AVCM1weW6IUbYv/Ty5zmLBsG3do3MmVF3cqXho2m +pNaiubuaUsR8Ms1LqIr6R7Yf8MKSrgYWCOw60gj5O64RHnEJli52D+S/8Cue5GvG +ECckmgLgGsRcWfFwRqqS7+XWt8Dv8xxD5vurvcs547Hn28kSHtF2i+KYLDVH2QjN +dbO0qgEJlMPi7oGrsNjIkndrWseNrPA4 +-----END CERTIFICATE----- + \ No newline at end of file diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/CredentialProviderTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/CredentialProviderTest.java index 22ee389f..be3f9a8f 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/CredentialProviderTest.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/CredentialProviderTest.java @@ -3,6 +3,15 @@ package at.gv.egiz.eaaf.modules.pvp2.test; import java.security.cert.X509Certificate; import java.util.List; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummyAuthConfigMap; +import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; +import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider; + import org.apache.commons.lang3.RandomStringUtils; import org.apache.xml.security.algorithms.JCEMapper; import org.junit.Assert; @@ -14,36 +23,31 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.ApplicationContext; import org.springframework.test.annotation.DirtiesContext; import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.TestPropertySource; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException; -import at.gv.egiz.eaaf.core.impl.idp.module.test.DummyAuthConfigMap; -import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; -import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; -import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; -import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider; - @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration({ "/spring/test_eaaf_core_map_config.beans.xml", "/spring/SpringTest-context_lazy.xml" }) -@TestPropertySource(locations = {"/config/config_1.props"}) public class CredentialProviderTest { + private static final String HSM_FACASE_HOST = "eid.a-sit.at"; + private static final String HSM_FACASE_PORT = "9000"; + private static final String HSM_FACASE_USERNAME = "authhandler-junit"; + private static final String HSM_FACASE_PASSWORD = "supersecret123"; + private static final String HSM_FACASE_SSL_TRUST = "src/test/resources/data/hsm_facade_trust_root.crt"; + private static final String PATH_JKS_WITH_TRUST_CERTS = "src/test/resources/data/junit.jks"; private static final String PATH_JKS_WITHOUT_TRUST_CERTS = "src/test/resources/data/junit_without_trustcerts.jks"; - //private static final String HSMF_ALIAS_METADATA = "shibboleth-sign"; - //private static final String HSMF_ALIAS_SIGN = "shibboleth-sign"; - //private static final String HSMF_ALIAS_ENC = "shibboleth-sign"; - + + private static final String HSM_FACASE_KEYSTORE_NAME = "authhandler"; + private static final String ALIAS_METADATA = "meta"; private static final String ALIAS_SIGN = "sig"; private static final String ALIAS_ENC = "meta"; - + private static final String PASSWORD = "password"; @@ -55,6 +59,14 @@ public class CredentialProviderTest { */ @Before public void initialize() { + config.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, HSM_FACASE_HOST); + config.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT, HSM_FACASE_PORT); + config.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME, HSM_FACASE_USERNAME); + config.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD, HSM_FACASE_PASSWORD); + config.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST, HSM_FACASE_SSL_TRUST); + + config.putConfigValue(DummyCredentialProvider.KEYSTORE_NAME, HSM_FACASE_KEYSTORE_NAME); + config.putConfigValue(DummyCredentialProvider.KEYSTORE_PATH, PATH_JKS_WITH_TRUST_CERTS); config.putConfigValue(DummyCredentialProvider.KEYSTORE_PASSWORD, PASSWORD); @@ -66,7 +78,7 @@ public class CredentialProviderTest { config.removeConfigValue(DummyCredentialProvider.KEY_ENCRYPTION_ALIAS); config.removeConfigValue(DummyCredentialProvider.KEY_ENCRYPTION_PASSWORD); - + JCEMapper.setProviderId(null); } @@ -404,10 +416,10 @@ public class CredentialProviderTest { "RSA_ENC_" + RandomStringUtils.randomAlphabetic(10)); config.putConfigValue(PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_EC_ALG, "EC-ENC_" + RandomStringUtils.randomAlphabetic(10)); - + try { JCEMapper.setProviderId(RandomStringUtils.randomAlphabetic(5)); - + context.getBean(DummyCredentialProvider.class); } catch (final BeansException e) { @@ -417,7 +429,7 @@ public class CredentialProviderTest { } } - + @Test @DirtiesContext public void notKeyConfiguration() { diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java index 0f8eff72..7418e1b3 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java @@ -1,18 +1,22 @@ package at.gv.egiz.eaaf.modules.pvp2.test.dummy; -import org.springframework.beans.factory.annotation.Autowired; - import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; +import org.springframework.beans.factory.annotation.Autowired; + public class DummyCredentialProvider extends AbstractCredentialProvider { @Autowired IConfiguration basicConfig; + public static final String KEYSTORE_TYPE = "keystore.type"; public static final String KEYSTORE_PATH = "keystore.path"; public static final String KEYSTORE_PASSWORD = "keystore.pass"; + public static final String KEYSTORE_NAME = "keystore.name"; + public static final String KEY_METADATA_ALIAS = "key.metadata.alias"; public static final String KEY_METADATA_PASSWORD = "key.metadata.pass"; @@ -24,23 +28,31 @@ public class DummyCredentialProvider extends AbstractCredentialProvider { public static final String KEY_ENCRYPTION_PASSWORD = "key.enc.pass"; private static final String KEYSTORENAME = "jUnit test credential provider"; - + @Override - public KeyStoreConfiguration getBasicKeyStoreConfig() { - KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); - keyStoreConfig.setKeyStoreType(KeyStoreType.JKS); + public KeyStoreConfiguration getBasicKeyStoreConfig() throws EaafConfigurationException { + final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); keyStoreConfig.setFriendlyName(KEYSTORENAME); - + keyStoreConfig.setKeyStoreType(getKeyStoreType()); + + keyStoreConfig.setKeyStoreName( + basicConfig.getBasicConfiguration(KEYSTORE_NAME)); + keyStoreConfig.setSoftKeyStoreFilePath(getKeyStoreFilePath()); keyStoreConfig.setSoftKeyStorePassword(getKeyStorePassword()); - + return keyStoreConfig; } + public String getKeyStoreType() { + return basicConfig.getBasicConfiguration(KEYSTORE_TYPE, KeyStoreType.JKS.getKeyStoreType()); + + } + public String getKeyStoreFilePath() { final String path = basicConfig.getBasicConfiguration(KEYSTORE_PATH); return path; - + } public String getKeyStorePassword() { diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/hsm_facade_trust_root.crt b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/hsm_facade_trust_root.crt new file mode 100644 index 00000000..37fdc389 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/hsm_facade_trust_root.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDFDCCAfygAwIBAgIEXIjqbjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARy +b290MB4XDTE5MDMxMzExMzMwMloXDTIwMDMxMjExMzMwMlowDzENMAsGA1UEAwwE +cm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKijWXfb7bvQ7CIw +FuyuPUz+aN7uBgSSnpYamtzjagacdtGR2V2OVHfjVHhw+cSoNPaEEV2x0O9A+w8F +FCatBT30l7/2scuJmrdXYlIhd17NU6HG/HKYvRYROkXrprsbdZobWqdF/zShLIvv +0bwconAu7AxwlDgNJQz2pL0e94OkCT5rZyA4HFgzJ34XynXaCMbUbVXxVk6EuNaX +hbyco0qhjOjSn7Rwk3iXp21V4vcYRVq44sG3ieU6jHq6LKmYSGJ1y0yv9ADYJwSp +jCzRbOEKe/7QVvZIyzzqjhO3SAHONuFNX0V6zPCgMCjUOgHuOIEKLJR9p0YYYocX +GBLcVuECAwEAAaN4MHYwDAYDVR0TBAUwAwEB/zA6BgNVHSMEMzAxgBQueuDUlVbB +LBjP+iRFr6lUDBh58qETpBEwDzENMAsGA1UEAwwEcm9vdIIEXIjqbjAdBgNVHQ4E +FgQULnrg1JVWwSwYz/okRa+pVAwYefIwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEB +CwUAA4IBAQCEYSVpiKFO7FjCqTlkxNBY7e7891dq43DfX9i/Hb/AIvZDPe/RC46t +EXd9LN7QYaXe35U5ZD1q7qmK7NoFJ9zp4D4mxA2iiBHz40GnRt+0abNdQiyw913W +s/VIElAOv0tvCw+3SwzvLRU/AVCM1weW6IUbYv/Ty5zmLBsG3do3MmVF3cqXho2m +pNaiubuaUsR8Ms1LqIr6R7Yf8MKSrgYWCOw60gj5O64RHnEJli52D+S/8Cue5GvG +ECckmgLgGsRcWfFwRqqS7+XWt8Dv8xxD5vurvcs547Hn28kSHtF2i+KYLDVH2QjN +dbO0qgEJlMPi7oGrsNjIkndrWseNrPA4 +-----END CERTIFICATE----- + \ No newline at end of file -- cgit v1.2.3