From e23226c47807be597bbbae3891dbb94069d56836 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 14 Feb 2020 08:46:52 +0100 Subject: Integrate HSM Facade from A-SIT+ The EaafKeyStoreFactory can be used to build KeyStores from differend providers and types --- eaaf_core/src/main/resources/eaaf_core.beans.xml | 2 + .../resources/SpringTest-context_authManager.xml | 2 + .../resources/SpringTest-context_eaaf_core.xml | 2 + .../eaaf/core/exceptions/EaafFactoryException.java | 10 + .../core/impl/credential/EaafKeyStoreFactory.java | 160 +++--- .../impl/credential/KeyStoreConfiguration.java | 140 +++++- .../idp/process/support/SecureRandomHolder.java | 5 +- .../core/impl/logging/EaafUtilsMessageSource.java | 16 + .../core/impl/logging/SimpleStatusMessager.java | 5 +- .../egiz/eaaf/core/impl/utils/DataUrlBuilder.java | 16 +- .../at/gv/egiz/eaaf/core/impl/utils/FileUtils.java | 20 +- .../eaaf/core/impl/utils/HttpClientFactory.java | 122 ++--- .../at/gv/egiz/eaaf/core/impl/utils/HttpUtils.java | 11 +- .../eaaf/core/impl/utils/IHttpClientFactory.java | 6 +- .../egiz/eaaf/core/impl/utils/KeyStoreUtils.java | 36 +- .../egiz/eaaf/core/impl/utils/KeyValueUtils.java | 68 +-- .../eaaf/core/impl/utils/NodeIteratorAdapter.java | 13 +- .../egiz/eaaf/core/impl/utils/NodeListAdapter.java | 5 +- .../at/gv/egiz/eaaf/core/impl/utils/Random.java | 20 +- .../SecurePendingRequestIdGenerationStrategy.java | 30 +- .../SimplePendingRequestIdGenerationStrategy.java | 8 +- .../gv/egiz/eaaf/core/impl/utils/StreamUtils.java | 52 +- .../eaaf/core/impl/utils/TransactionIdUtils.java | 6 +- .../at/gv/egiz/eaaf/core/impl/utils/X509Utils.java | 6 +- .../messages/eaaf_utils_message.properties | 10 + .../src/main/resources/spring/eaaf_utils.beans.xml | 20 + .../impl/logging/EaafUtilsMessageSourceTest.java | 36 ++ .../impl/logging/JUnitTestStatusMessenger.java | 3 +- .../core/impl/utils/test/KeyValueUtilsTest.java | 6 +- .../test/credentials/EaafKeyStoreFactoryTest.java | 555 +++++++++++++++++++++ .../credentials/KeyStoreConfigurationTest.java | 190 +++++++ .../eaaf/core/test/dummy/DummyAuthConfigMap.java | 142 ++++++ .../resources/data/junit_without_trustcerts.jks | Bin 0 -> 2733 bytes .../resources/data/junit_without_trustcerts.p12 | Bin 0 -> 3204 bytes eaaf_core_utils/src/test/resources/data/test.crt | 3 + .../resources/spring/test_eaaf_pvp_lazy.beans.xml | 23 + .../spring/test_eaaf_pvp_not_lazy.beans.xml | 19 + .../metadata/AbstractChainingMetadataProvider.java | 21 +- .../impl/utils/AbstractCredentialProvider.java | 119 ++--- .../modules/pvp2/test/CredentialProviderTest.java | 60 ++- .../pvp2/test/dummy/DummyCredentialProvider.java | 44 +- .../src/test/resources/config/config_1.props | 4 +- .../src/test/resources/config/config_2.props | 12 + .../test/resources/spring/test_eaaf_core.beans.xml | 3 + .../spring/test_eaaf_core_spring_config.beans.xml | 3 + .../src/test/resources/config/config_1.props | 6 +- .../src/test/resources/config/config_2.props | 12 + .../test/resources/spring/test_eaaf_core.beans.xml | 3 + 48 files changed, 1610 insertions(+), 445 deletions(-) create mode 100644 eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/logging/EaafUtilsMessageSource.java create mode 100644 eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties create mode 100644 eaaf_core_utils/src/main/resources/spring/eaaf_utils.beans.xml create mode 100644 eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/logging/EaafUtilsMessageSourceTest.java create mode 100644 eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java create mode 100644 eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/KeyStoreConfigurationTest.java create mode 100644 eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/dummy/DummyAuthConfigMap.java create mode 100644 eaaf_core_utils/src/test/resources/data/junit_without_trustcerts.jks create mode 100644 eaaf_core_utils/src/test/resources/data/junit_without_trustcerts.p12 create mode 100644 eaaf_core_utils/src/test/resources/data/test.crt create mode 100644 eaaf_core_utils/src/test/resources/spring/test_eaaf_pvp_lazy.beans.xml create mode 100644 eaaf_core_utils/src/test/resources/spring/test_eaaf_pvp_not_lazy.beans.xml create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/test/resources/config/config_2.props create mode 100644 eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/config/config_2.props diff --git a/eaaf_core/src/main/resources/eaaf_core.beans.xml b/eaaf_core/src/main/resources/eaaf_core.beans.xml index 2f87275d..9806664c 100644 --- a/eaaf_core/src/main/resources/eaaf_core.beans.xml +++ b/eaaf_core/src/main/resources/eaaf_core.beans.xml @@ -11,6 +11,8 @@ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> + + diff --git a/eaaf_core/src/test/resources/SpringTest-context_authManager.xml b/eaaf_core/src/test/resources/SpringTest-context_authManager.xml index 0d269361..d7b148d0 100644 --- a/eaaf_core/src/test/resources/SpringTest-context_authManager.xml +++ b/eaaf_core/src/test/resources/SpringTest-context_authManager.xml @@ -9,6 +9,8 @@ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> + + diff --git a/eaaf_core/src/test/resources/SpringTest-context_eaaf_core.xml b/eaaf_core/src/test/resources/SpringTest-context_eaaf_core.xml index 77d70740..295bf151 100644 --- a/eaaf_core/src/test/resources/SpringTest-context_eaaf_core.xml +++ b/eaaf_core/src/test/resources/SpringTest-context_eaaf_core.xml @@ -9,6 +9,8 @@ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> + + diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/EaafFactoryException.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/EaafFactoryException.java index f556a781..4e2a0242 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/EaafFactoryException.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/EaafFactoryException.java @@ -15,4 +15,14 @@ public class EaafFactoryException extends EaafException { super(errorId, params, e); } + /** + * In case that a factory can not build an object. + * + * @param errorId ErrorCode + * @param params Message parameters + */ + public EaafFactoryException(String errorId, Object[] params) { + super(errorId, params); + } + } diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java index af184050..f13013f5 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java @@ -1,6 +1,7 @@ package at.gv.egiz.eaaf.core.impl.credential; import java.io.IOException; +import java.io.InputStream; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; @@ -11,8 +12,14 @@ import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import javax.annotation.Nonnull; +import javax.annotation.Nullable; import javax.annotation.PostConstruct; +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.core.io.Resource; +import org.springframework.core.io.ResourceLoader; + import at.asitplus.hsmfacade.provider.HsmFacadeProvider; import at.asitplus.hsmfacade.provider.RemoteKeyStoreLoadParameter; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; @@ -22,12 +29,6 @@ import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException; import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils; - -import org.apache.commons.lang3.StringUtils; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.core.io.Resource; -import org.springframework.core.io.ResourceLoader; - import lombok.extern.slf4j.Slf4j; @Slf4j @@ -48,42 +49,62 @@ public class EaafKeyStoreFactory { public static final String ERRORCODE_05 = "internal.keystore.05"; public static final String ERRORCODE_06 = "internal.keystore.06"; - @Autowired private IConfiguration basicConfig; - @Autowired private ResourceLoader resourceLoader; - - private boolean isHsmFacadeInitialized = false; + private static final String HSM_FACADE_PROVIDER = "HsmFacade"; + private static final String HSM_FACADE_KEYSTORE_TYPE = "RemoteKeyStore"; + @Autowired + private IConfiguration basicConfig; + @Autowired + private ResourceLoader resourceLoader; + private boolean isHsmFacadeInitialized = false; + /** + * Get a new KeyStore based on a KeyStore configuration-object. + * + * @param config KeyStore configuration + * @return new KeyStore instance + * @throws EaafException In case of a KeyStore initialization error + */ public KeyStore buildNewKeyStore(KeyStoreConfiguration config) throws EaafException { log.trace("Starting KeyStore generation based on configuration object ... "); - if (KeyStoreType.SOFTWARE.equals(config.getKeyStoreType())) { + if (KeyStoreType.PKCS12.equals(config.getKeyStoreType()) + || KeyStoreType.JKS.equals(config.getKeyStoreType())) { return getKeyStoreFromFileSystem(config); } else if (KeyStoreType.HSMFACADE.equals(config.getKeyStoreType())) { if (isHsmFacadeInitialized) { - getKeyStoreFromHsmFacade(config); + return getKeyStoreFromHsmFacade(config); } else { log.error("HSMFacade can NOT be used for KeyStore: {} because {} is not initialized", config.getFriendlyName()); throw new EaafConfigurationException(ERRORCODE_00, - new Object[]{config.getFriendlyName()}); + new Object[] { config.getFriendlyName() }); } } else if (KeyStoreType.PKCS11.equals(config.getKeyStoreType())) { log.warn("KeyStoreType: {} is NOT supported", config.getKeyStoreType()); throw new EaafConfigurationException(ERRORCODE_02, - new Object[]{config.getFriendlyName(), config.getKeyStoreType()}); + new Object[] { config.getFriendlyName(), config.getKeyStoreType() }); } else { log.warn("KeyStoreType: {} is unrecognized", config.getKeyStoreType()); throw new EaafConfigurationException(ERRORCODE_01, - new Object[]{config.getFriendlyName()}); + new Object[] { config.getFriendlyName() }); } - return null; + } + + /** + * Get the initialization state of the HSM Facade module. + * + * @return true if HSM Facade is available, otherwise false + */ + public boolean isHsmFacadeInitialized() { + return isHsmFacadeInitialized; + } @PostConstruct @@ -93,7 +114,7 @@ public class EaafKeyStoreFactory { if (StringUtils.isNotEmpty(hsmFacadeHost)) { log.debug("Find host for HSMFacade. Starting crypto provider initialization ... "); try { - final int port = Integer.valueOf( + final int port = Integer.parseUnsignedInt( getConfigurationParameter(CONFIG_PROP_HSM_FACADE_PORT)); final String clientUsername = getConfigurationParameter(CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME); @@ -103,7 +124,8 @@ public class EaafKeyStoreFactory { getConfigurationParameter(CONFIG_PROP_HSM_FACADE_HSM_NAME); final HsmFacadeProvider provider = HsmFacadeProvider.Companion.getInstance(); - provider.init(getHsmFacadeTrustSslCertificate(), clientUsername, clientPassword, hsmFacadeHost, port, hsmName); + provider.init(getHsmFacadeTrustSslCertificate(), clientUsername, clientPassword, hsmFacadeHost, port, + hsmName); Security.addProvider(provider); isHsmFacadeInitialized = true; log.info("HSM Facade is initialized. {} can provide KeyStores based on remote HSM", @@ -114,81 +136,91 @@ public class EaafKeyStoreFactory { } catch (final Exception e) { log.error("HSM Facade initialization FAILED with an generic error.", e); - throw new EaafConfigurationException(ERRORCODE_03, new Object[] {e.getMessage()}, e); + throw new EaafConfigurationException(ERRORCODE_03, new Object[] { e.getMessage() }, e); } } else { - log.info("HSM Facade is not configurated. {} can only provide software keystores", - EaafKeyStoreFactory.class.getSimpleName()); + log.info("HSM Facade is not configurated. {} can only provide software keystores", + EaafKeyStoreFactory.class.getSimpleName()); } } - private KeyStore getKeyStoreFromFileSystem(KeyStoreConfiguration config) throws EaafConfigurationException { + private KeyStore getKeyStoreFromFileSystem(KeyStoreConfiguration config) throws EaafConfigurationException, + EaafFactoryException { try { - final String keyStorePath = config.getKeyStoreFilePath(); - final String keyStorePassword = config.getKeyStorePassword(); + final String keyStorePath = checkConfigurationParameter(config.getSoftKeyStoreFilePath(), + ERRORCODE_06, config.getFriendlyName(), "Software-KeyStore missing filepath to KeyStore"); - //TODO: check config + final String keyStorePassword = checkConfigurationParameter(config.getSoftKeyStorePassword(), + ERRORCODE_06, config.getFriendlyName(), "Software-KeyStore missing Password for KeyStore"); - final String absKeyStorePath = FileUtils.makeAbsoluteUrl(keyStorePath, basicConfig.getConfigurationRootDirectory()); + final String absKeyStorePath = FileUtils.makeAbsoluteUrl(keyStorePath, basicConfig + .getConfigurationRootDirectory()); final Resource ressource = resourceLoader.getResource(absKeyStorePath); if (!ressource.exists()) { throw new EaafConfigurationException(ERRORCODE_05, - new Object[] {CONFIG_PROP_HSM_FACADE_SSLTRUST, - "File not found at: " + absKeyStorePath}); + new Object[] { CONFIG_PROP_HSM_FACADE_SSLTRUST, + "File not found at: " + absKeyStorePath }); } - return KeyStoreUtils.loadKeyStore(ressource.getInputStream(), keyStorePassword); + final InputStream is = ressource.getInputStream(); + final KeyStore keyStore = KeyStoreUtils.loadKeyStore(is, keyStorePassword); + is.close(); + if (keyStore == null) { + throw new EaafFactoryException(ERRORCODE_06, + new Object[] { config.getFriendlyName(), "KeyStore not valid or password wrong" }); + + } + + return keyStore; } catch (KeyStoreException | IOException e) { log.error("Software KeyStore initialization FAILED with an generic error.", e); - throw new EaafConfigurationException(ERRORCODE_03, new Object[] {e.getMessage()}, e); + throw new EaafConfigurationException(ERRORCODE_03, new Object[] { e.getMessage() }, e); } } - private KeyStore getKeyStoreFromHsmFacade(KeyStoreConfiguration config) throws EaafFactoryException, EaafConfigurationException { - final String keyStoreName = config.getKeyStoreName(); - if (StringUtils.isEmpty(keyStoreName)) { - throw new EaafConfigurationException(ERRORCODE_06, - new Object[] {config.getFriendlyName(), "No KeyStore name"}); - - } + private KeyStore getKeyStoreFromHsmFacade(KeyStoreConfiguration config) + throws EaafFactoryException, EaafConfigurationException { + final String keyStoreName = checkConfigurationParameter(config.getKeyStoreName(), + ERRORCODE_06, config.getFriendlyName(), "KeyStoreName missing for HSM Facade"); try { - final KeyStore keyStore = KeyStore.getInstance("RemoteKeyStore", "HsmFacade"); + final KeyStore keyStore = KeyStore.getInstance(HSM_FACADE_KEYSTORE_TYPE, HSM_FACADE_PROVIDER); keyStore.load(new RemoteKeyStoreLoadParameter(keyStoreName)); return keyStore; - } catch (NoSuchAlgorithmException | CertificateException | IOException | - KeyStoreException | NoSuchProviderException e) { - log.error("Can not initialize KeyStore: {} with reason: {}", - config.getFriendlyName(), e.getMessage()); - throw new EaafFactoryException(ERRORCODE_06, - new Object[] {config.getFriendlyName(), e.getMessage()}, e); + } catch (NoSuchAlgorithmException | CertificateException | IOException | KeyStoreException + | NoSuchProviderException e) { + log.error("Can not initialize KeyStore: {} with reason: {}", + config.getFriendlyName(), e.getMessage()); + throw new EaafFactoryException(ERRORCODE_06, + new Object[] { config.getFriendlyName(), e.getMessage() }, e); - } + } } private X509Certificate getHsmFacadeTrustSslCertificate() throws EaafConfigurationException { try { final String certFilePath = getConfigurationParameter(CONFIG_PROP_HSM_FACADE_SSLTRUST); - final String absolutCertFilePath = FileUtils.makeAbsoluteUrl( - certFilePath, basicConfig.getConfigurationRootDirectory()); - final Resource certFile = resourceLoader.getResource(absolutCertFilePath); + final String absolutCertFilePath = FileUtils.makeAbsoluteUrl( + certFilePath, basicConfig.getConfigurationRootDirectory()); + final Resource certFile = resourceLoader.getResource(absolutCertFilePath); - if (!certFile.exists()) { - throw new EaafConfigurationException(ERRORCODE_05, - new Object[] {CONFIG_PROP_HSM_FACADE_SSLTRUST, - "File not found at: " + absolutCertFilePath }); + if (!certFile.exists()) { + throw new EaafConfigurationException(ERRORCODE_05, + new Object[] { CONFIG_PROP_HSM_FACADE_SSLTRUST, + "File not found at: " + absolutCertFilePath }); - } + } - return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(certFile.getInputStream()); + return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(certFile + .getInputStream()); } catch (final EaafConfigurationException e) { throw e; @@ -196,21 +228,29 @@ public class EaafKeyStoreFactory { } catch (CertificateException | IOException e) { log.error("Can not load trusted server-certificate for HSM-Facade. Reason: {}", e.getMessage()); throw new EaafConfigurationException(ERRORCODE_05, - new Object[] {CONFIG_PROP_HSM_FACADE_SSLTRUST, e.getMessage()}, e); + new Object[] { CONFIG_PROP_HSM_FACADE_SSLTRUST, e.getMessage() }, e); } } @Nonnull private String getConfigurationParameter(@Nonnull String configParamKey) - throws EaafConfigurationException{ - final String configValue = basicConfig.getBasicConfiguration(configParamKey); - if (StringUtils.isEmpty(configValue)) { - throw new EaafConfigurationException(ERRORCODE_04, new Object[] {configParamKey}); + throws EaafConfigurationException { + return checkConfigurationParameter( + basicConfig.getBasicConfiguration(configParamKey), ERRORCODE_04, configParamKey); + + } + + @Nonnull + private String checkConfigurationParameter(@Nullable String configParam, @Nonnull String errorCode, + @Nonnull String... errorParams) + throws EaafConfigurationException { + if (StringUtils.isEmpty(configParam)) { + throw new EaafConfigurationException(errorCode, new Object[] { errorParams }); } + return configParam; - return configValue; } } diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java index c8489ac0..400b724f 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java @@ -1,23 +1,144 @@ package at.gv.egiz.eaaf.core.impl.credential; +import java.util.Map; + +import javax.annotation.Nonnull; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; import lombok.Getter; +import lombok.Setter; +import lombok.extern.slf4j.Slf4j; +@Slf4j @Getter +@Setter public class KeyStoreConfiguration { + public static final String PROP_CONFIG_KEYSTORE_TYPE = + "keystore.type"; + + public static final String PROP_CONFIG_HSMFACADE_NAME = + "keystore.name"; + + public static final String PROP_CONFIG_SOFTWARE_KEYSTORE_PATH = + "keystore.path"; + public static final String PROP_CONFIG_SOFTWARE_KEYSTORE_PASSORD = + "keystore.password"; + + /** + * FriendlyName for this KeyStore. Mainly used for logging. + */ private String friendlyName; + /** + * General type of the KeyStore that should be generated. + */ private KeyStoreType keyStoreType; + /** + * Name of the KeyStore in HSM Facade. + */ private String keyStoreName; - private String keyStoreFilePath; + /** + * Path to software KeyStore in case of a PKCS12 or JKS KeyStore. + */ + private String softKeyStoreFilePath; + + /** + * Password of a software KeyStore in case of a PKCS12 or JKS KeyStore. + */ + private String softKeyStorePassword; + + /** + * Build a {@link KeyStoreConfiguration} from a configuration map.
+ *

+ * The configuration parameters defined in this class are used to load the + * configuration. + *

+ * + * @param config Configuration + * @param friendlyName FriendlyName for this KeyStore + * @return Configuration object for {@link EaafKeyStoreFactory} + * @throws EaafConfigurationException In case of a configuration error. + */ + public static KeyStoreConfiguration buildFromConfigurationMap(Map config, + String friendlyName) throws EaafConfigurationException { + + final KeyStoreConfiguration internalConfig = new KeyStoreConfiguration(); + internalConfig.setFriendlyName(friendlyName); + + final KeyStoreType internalKeyStoreType = KeyStoreType.fromString( + getConfigurationParameter(config, PROP_CONFIG_KEYSTORE_TYPE)); + if (internalKeyStoreType != null) { + internalConfig.setKeyStoreType(internalKeyStoreType); + + } else { + log.error("KeyStore: {} sets an unknown KeyStore type: {}", + friendlyName, getConfigurationParameter(config, PROP_CONFIG_KEYSTORE_TYPE)); + throw new EaafConfigurationException(EaafKeyStoreFactory.ERRORCODE_01, + new Object[] { friendlyName }); + + } + + if (internalKeyStoreType.equals(KeyStoreType.HSMFACADE)) { + log.trace("Set-up HSM-Facade KeyStore ... "); + internalConfig.setKeyStoreName( + getConfigurationParameter(config, PROP_CONFIG_HSMFACADE_NAME)); + + } else if (internalKeyStoreType.equals(KeyStoreType.PKCS12) + || internalKeyStoreType.equals(KeyStoreType.JKS)) { + log.trace("Set-up software KeyStore ... "); + internalConfig.setSoftKeyStoreFilePath( + getConfigurationParameter(config, PROP_CONFIG_SOFTWARE_KEYSTORE_PATH)); + internalConfig.setSoftKeyStorePassword( + getConfigurationParameter(config, PROP_CONFIG_SOFTWARE_KEYSTORE_PASSORD)); + + } else { + log.info("Configuration of type: {} not supported yet", internalKeyStoreType); + throw new EaafConfigurationException(EaafKeyStoreFactory.ERRORCODE_02, + new Object[] { friendlyName, config.get(PROP_CONFIG_KEYSTORE_TYPE) }); + + } + + return internalConfig; + } - private String keyStorePassword; + /** + * Set the Type of the KeyStore based on String identifier. + * + * @param keyStoreType String based KeyStore type + * @throws EaafConfigurationException In case of an unknown KeyStore type + */ + public void setKeyStoreType(@Nonnull String keyStoreType) throws EaafConfigurationException { + final KeyStoreType internalKeyStoreType = KeyStoreType.fromString(keyStoreType); + if (internalKeyStoreType != null) { + setKeyStoreType(internalKeyStoreType); + + } else { + log.error("KeyStore: {} sets an unknown KeyStore type: {}", + friendlyName, keyStoreType); + throw new EaafConfigurationException(EaafKeyStoreFactory.ERRORCODE_01, + new Object[] { friendlyName }); + } + + } + + /** + * Set the Type of the KeyStore based on String identifier. + * + * @param type String based KeyStore type + */ + public void setKeyStoreType(@Nonnull KeyStoreType type) { + this.keyStoreType = type; + + } public enum KeyStoreType { - SOFTWARE("software"), HSMFACADE("hsmfacade"), PKCS11("pkcs11"); + PKCS12("pkcs12"), JKS("jks"), HSMFACADE("hsmfacade"), PKCS11("pkcs11"); private final String keyStoreType; @@ -54,6 +175,19 @@ public class KeyStoreConfiguration { return getKeyStoreType(); } + } + + @Nonnull + private static String getConfigurationParameter(@Nonnull Map config, + @Nonnull String configParamKey) + throws EaafConfigurationException { + final String configValue = config.get(configParamKey); + if (StringUtils.isEmpty(configValue)) { + throw new EaafConfigurationException(EaafKeyStoreFactory.ERRORCODE_04, new Object[] { configParamKey }); + + } + return configValue; } + } diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/support/SecureRandomHolder.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/support/SecureRandomHolder.java index 8584d63f..67d87b0d 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/support/SecureRandomHolder.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/support/SecureRandomHolder.java @@ -23,8 +23,9 @@ import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; /** - * Holder for a secure random instance following the initialization on demand holder design pattern. - * The secure random instance is a singleton that is initialized on first usage. + * Holder for a secure random instance following the initialization on demand + * holder design pattern. The secure random instance is a singleton that is + * initialized on first usage. * * @author tknall * diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/logging/EaafUtilsMessageSource.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/logging/EaafUtilsMessageSource.java new file mode 100644 index 00000000..5aa5b3b5 --- /dev/null +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/logging/EaafUtilsMessageSource.java @@ -0,0 +1,16 @@ +package at.gv.egiz.eaaf.core.impl.logging; + +import java.util.Arrays; +import java.util.List; + +import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation; + +public class EaafUtilsMessageSource implements IMessageSourceLocation { + + @Override + public List getMessageSourceLocation() { + return Arrays.asList("classpath:messages/eaaf_utils_message"); + + } + +} diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/logging/SimpleStatusMessager.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/logging/SimpleStatusMessager.java index 5715a7b6..0d394d19 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/logging/SimpleStatusMessager.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/logging/SimpleStatusMessager.java @@ -1,11 +1,12 @@ package at.gv.egiz.eaaf.core.impl.logging; import java.text.MessageFormat; + import at.gv.egiz.eaaf.core.api.IStatusMessenger; /** - * Simple {@link IStatusMessenger} implementation that formats messages by using. - * {@link MessageFormat} + * Simple {@link IStatusMessenger} implementation that formats messages by + * using. {@link MessageFormat} * * @author tlenz * diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DataUrlBuilder.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DataUrlBuilder.java index 8090585f..ef1f3fdc 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DataUrlBuilder.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DataUrlBuilder.java @@ -23,7 +23,8 @@ import org.apache.commons.lang3.StringUtils; import at.gv.egiz.eaaf.core.api.data.EaafConstants; /** - * Builds a DataURL parameter meant for the security layer implementation to respond to. + * Builds a DataURL parameter meant for the security layer implementation to + * respond to. * * @author Paul Ivancsics * @version $Id$ @@ -39,12 +40,13 @@ public class DataUrlBuilder { /** * Constructs a data URL for VerifyIdentityLink or - * VerifyAuthenticationBlock, including the MOASessionID as a parameter. + * VerifyAuthenticationBlock, including the + * MOASessionID as a parameter. * - * @param authBaseUrl base URL (context path) of the MOA ID Authentication component, including a - * trailing '/' + * @param authBaseUrl base URL (context path) of the MOA ID Authentication + * component, including a trailing '/' * @param authServletName request part of the data URL - * @param pendingReqId sessionID to be included in the dataURL + * @param pendingReqId sessionID to be included in the dataURL * @return String */ public String buildDataUrl(String authBaseUrl, String authServletName, @@ -70,10 +72,10 @@ public class DataUrlBuilder { /** * Method addParameter. - * + * * @param urlString represents the url * @param paramname is the parameter to be added - * @param value is the value of that parameter + * @param value is the value of that parameter * @return String */ private String addParameter(final String urlString, final String paramname, final String value) { diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/FileUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/FileUtils.java index 943d3dad..7cb551e2 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/FileUtils.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/FileUtils.java @@ -17,8 +17,6 @@ * works that you distribute must include a readable copy of the "NOTICE" text file. */ - - package at.gv.egiz.eaaf.core.impl.utils; import java.io.BufferedInputStream; @@ -31,6 +29,7 @@ import java.io.OutputStream; import java.net.MalformedURLException; import java.net.URI; import java.net.URL; + import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -38,7 +37,6 @@ import org.slf4j.LoggerFactory; public class FileUtils { private static final Logger log = LoggerFactory.getLogger(FileUtils.class); - /** * Reads a file, given by URL, into a byte array. * @@ -72,7 +70,7 @@ public class FileUtils { /** * Reads a file from a resource. * - * @param name filename + * @param name filename * @param encoding character encoding * @return file content * @throws IOException on any exception thrown @@ -82,11 +80,11 @@ public class FileUtils { return new String(content, encoding); } - /** - * Returns the absolute URL of a given url which is relative to the parameter root. + * Returns the absolute URL of a given url which is relative to the parameter + * root. * - * @param url Filepath + * @param url Filepath * @param root configuration root context * @return absolut filepath * @throws MalformedURLException In case of a filepath error @@ -102,9 +100,10 @@ public class FileUtils { } /** - * Returns the absolute URL of a given url which is relative to the parameter root. + * Returns the absolute URL of a given url which is relative to the parameter + * root. * - * @param url Filepath + * @param url Filepath * @param root configuration root context * @return absolut filepath */ @@ -145,7 +144,6 @@ public class FileUtils { } } - private static void copy(final InputStream fis, final OutputStream fos) { try { final byte[] buffer = new byte[0xFFFF]; @@ -161,7 +159,7 @@ public class FileUtils { /** * Copy file from source to destination. * - * @param src File source + * @param src File source * @param dest file destination */ public static void copyFile(final File src, final File dest) { diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java index c60fcd7f..ade0c28d 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java @@ -1,18 +1,15 @@ package at.gv.egiz.eaaf.core.impl.utils; -import java.io.IOException; -import java.io.InputStream; import java.security.KeyManagementException; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.UnrecoverableKeyException; -import java.security.cert.CertificateException; + import javax.annotation.PostConstruct; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.SSLContext; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; + import org.apache.commons.lang3.StringUtils; import org.apache.http.HttpRequest; import org.apache.http.HttpResponse; @@ -38,18 +35,27 @@ import org.apache.http.impl.client.HttpClients; import org.apache.http.impl.conn.PoolingHttpClientConnectionManager; import org.apache.http.protocol.HttpContext; import org.apache.http.ssl.SSLContexts; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.core.io.Resource; import org.springframework.core.io.ResourceLoader; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; +import lombok.extern.slf4j.Slf4j; + +@Slf4j public class HttpClientFactory implements IHttpClientFactory { - private static final Logger log = LoggerFactory.getLogger(HttpClientFactory.class); + @Autowired(required = true) private IConfiguration basicConfig; + @Autowired(required = true) ResourceLoader resourceLoader; + + @Autowired private EaafKeyStoreFactory keyStoreFactory; public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_USE = "client.http.connection.pool.use"; @@ -73,6 +79,8 @@ public class HttpClientFactory implements IHttpClientFactory { "client.auth.ssl.keystore.path"; public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_PASSORD = "client.auth.ssl.keystore.password"; + private static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_NAME = + "client.auth.ssl.keystore.name"; public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_TYPE = "client.auth.ssl.keystore.type"; public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEY_PASSWORD = @@ -127,47 +135,6 @@ public class HttpClientFactory implements IHttpClientFactory { } - public enum KeyStoreType { - PKCS12("pkcs12"), JKS("jks"); - - private final String type; - - KeyStoreType(final String type) { - this.type = type; - } - - /** - * Get the KeyStore type. - * - * @return - */ - public String getType() { - return this.type; - } - - /** - * Get Keystore type from configuration. - * - * @param s String representation for keyStore type - * @return - */ - public static KeyStoreType fromString(final String s) { - try { - return KeyStoreType.valueOf(s.toUpperCase()); - - } catch (IllegalArgumentException | NullPointerException e) { - return null; - } - } - - @Override - public String toString() { - return getType(); - - } - - } - private HttpClientBuilder httpClientBuilder = null; /* @@ -246,7 +213,6 @@ public class HttpClientFactory implements IHttpClientFactory { // set pool connection if required injectConnectionPoolIfRequired(sslConnectionFactory); - } private void injectBasicAuthenticationIfRequired(final ClientAuthMode clientAuthMode) { @@ -286,54 +252,39 @@ public class HttpClientFactory implements IHttpClientFactory { final String keyPasswordString = basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_SSL_KEY_PASSWORD); log.trace("Open SSL Client-Auth keystore with password: {}", keyPasswordString); - final char[] keyPassword = (keyPasswordString == null) ? StringUtils.EMPTY.toCharArray() + final char[] keyPassword = keyPasswordString == null ? StringUtils.EMPTY.toCharArray() : keyPasswordString.toCharArray(); return SSLContexts.custom().loadKeyMaterial(keystore, keyPassword).build(); } private KeyStore getSslAuthKeyStore() throws EaafConfigurationException { - final KeyStoreType keyStoreType = KeyStoreType.fromString(basicConfig.getBasicConfiguration( - PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_TYPE, KeyStoreType.PKCS12.getType())); + final String keyStoreType = basicConfig.getBasicConfiguration( + PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_TYPE, KeyStoreType.PKCS12.getKeyStoreType()); final String localKeyStorePath = basicConfig .getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_PATH, StringUtils.EMPTY); final String keyStorePassword = basicConfig .getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_PASSORD, StringUtils.EMPTY); + final String keyStoreName = basicConfig + .getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_NAME, StringUtils.EMPTY); try { + KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); + keyStoreConfig.setKeyStoreType(keyStoreType); + keyStoreConfig.setFriendlyName("HttpClient Keystore"); + keyStoreConfig.setSoftKeyStoreFilePath(localKeyStorePath); + keyStoreConfig.setSoftKeyStorePassword(keyStorePassword); + keyStoreConfig.setKeyStoreName(keyStoreName); + log.debug("Open keyStore with type: {}", keyStoreType); - KeyStore clientStore; - if (keyStoreType.equals(KeyStoreType.PKCS12)) { - clientStore = KeyStore.getInstance("pkcs12"); - } else { - clientStore = KeyStore.getInstance("JKS"); - } - - - log.debug("Read keyStore path: {} from configuration", localKeyStorePath); - if (StringUtils.isNotEmpty(localKeyStorePath)) { - final String absFilePath = FileUtils.makeAbsoluteUrl(localKeyStorePath, - basicConfig.getConfigurationRootDirectory()); - final Resource ressource = resourceLoader.getResource(absFilePath); - final InputStream is = ressource.getInputStream(); - log.trace("Load keyStore: {} with password: {}", absFilePath, keyStorePassword); - clientStore.load(is, keyStorePassword.toCharArray()); - is.close(); - - return clientStore; - - } else { - log.warn("Path to keyStore for SSL Client-Authentication is empty or null"); - throw new EaafConfigurationException( - "Path to keyStore for SSL Client-Authentication is empty or null", new Object[] {}); - - } - - } catch (final KeyStoreException | NoSuchAlgorithmException | CertificateException - | IOException e) { + KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig); + + return keyStore; + + } catch (final EaafException e) { log.warn("Can NOT read keyStore: {} from filesystem", localKeyStorePath, null, e); throw new EaafConfigurationException("Can NOT read keyStore: {} from filesystem", - new Object[] {localKeyStorePath}, e); + new Object[] { localKeyStorePath }, e); } @@ -413,9 +364,6 @@ public class HttpClientFactory implements IHttpClientFactory { } - } - - } diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpUtils.java index 1f7601d8..66356ba0 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpUtils.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpUtils.java @@ -19,18 +19,17 @@ package at.gv.egiz.eaaf.core.impl.utils; import javax.servlet.http.HttpServletRequest; -import org.apache.commons.lang3.StringUtils; - +import org.apache.commons.lang3.StringUtils; public class HttpUtils { - /** * Helper method to retrieve server URL including context path. * * @param request HttpServletRequest - * @return Server URL including context path (e.g. http://localhost:8443/moa-id-auth + * @return Server URL including context path (e.g. + * http://localhost:8443/moa-id-auth */ public static String getBaseUrl(final HttpServletRequest request) { final StringBuffer buffer = new StringBuffer(getServerUrl(request)); @@ -101,8 +100,8 @@ public class HttpUtils { /** * Add a http GET parameter to URL. * - * @param url URL - * @param paramname Name of the parameter. + * @param url URL + * @param paramname Name of the parameter. * @param paramvalue Value of the parameter. * @return */ diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/IHttpClientFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/IHttpClientFactory.java index 0dc00573..f922e1ac 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/IHttpClientFactory.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/IHttpClientFactory.java @@ -5,7 +5,8 @@ import org.apache.http.impl.client.CloseableHttpClient; public interface IHttpClientFactory { /** - * Return an instance of a Apache HTTP client that follows http redirects automatically. + * Return an instance of a Apache HTTP client that follows http redirects + * automatically. * * @return */ @@ -14,7 +15,8 @@ public interface IHttpClientFactory { /** * Return an instance of a Apache HTTP client. * - * @param followRedirects if false, the client does not flow 30x http redirects + * @param followRedirects if false, the client does not flow 30x + * http redirects * @return */ CloseableHttpClient getHttpClient(boolean followRedirects); diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyStoreUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyStoreUtils.java index 18ddf422..99b87819 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyStoreUtils.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyStoreUtils.java @@ -17,8 +17,6 @@ * works that you distribute must include a readable copy of the "NOTICE" text file. */ - - package at.gv.egiz.eaaf.core.impl.utils; import java.io.BufferedInputStream; @@ -50,16 +48,14 @@ public class KeyStoreUtils { */ private static final String KEYSTORE_TYPE_PKCS12 = "PKCS12"; - - /** * Loads a key store from file. * * @param keystoreType key store type - * @param urlString URL of key store - * @param password password protecting the key store + * @param urlString URL of key store + * @param password password protecting the key store * @return key store loaded - * @throws IOException thrown while reading the key store from file + * @throws IOException thrown while reading the key store from file * @throws GeneralSecurityException thrown while creating the key store */ public static KeyStore loadKeyStore(final String keystoreType, final String urlString, @@ -74,10 +70,10 @@ public class KeyStoreUtils { * Load a KeyStore from Filesystem. * * @param keyStorePath Path to KeyStore - * @param password KeyStore password + * @param password KeyStore password * @return KeyStore * @throws KeyStoreException In case of a keystore error - * @throws IOException In case of a general read error + * @throws IOException In case of a general read error */ public static KeyStore loadKeyStore(final String keyStorePath, final String password) throws KeyStoreException, IOException { @@ -89,13 +85,15 @@ public class KeyStoreUtils { } /** - * Loads a key store from an InputStream, and closes the InputStream. + * Loads a key store from an InputStream, and closes the + * InputStream. * * @param keystoreType key store type - * @param in input stream - * @param password password protecting the key store + * @param in input stream + * @param password password protecting the key store * @return key store loaded - * @throws IOException thrown while reading the key store from the stream + * @throws IOException thrown while reading the key store from the + * stream * @throws GeneralSecurityException thrown while creating the key store */ public static KeyStore loadKeyStore(final String keystoreType, final InputStream in, @@ -114,11 +112,11 @@ public class KeyStoreUtils { /** * Loads a keyStore without knowing the keyStore type. * - * @param is input stream + * @param is input stream * @param password Password protecting the keyStore * @return keyStore loaded * @throws KeyStoreException thrown if keyStore cannot be loaded - * @throws IOException In case of a general error + * @throws IOException In case of a general error */ public static KeyStore loadKeyStore(final InputStream is, final String password) throws KeyStoreException, IOException { @@ -140,10 +138,10 @@ public class KeyStoreUtils { } /** - * Creates a key store from X509 certificate files, aliasing them with the index in the - * String[], starting with "0". + * Creates a key store from X509 certificate files, aliasing them with the index + * in the String[], starting with "0". * - * @param keyStoreType key store type + * @param keyStoreType key store type * @param certFilenames certificate filenames * @return key store created * @throws Exception In case of an error @@ -192,6 +190,4 @@ public class KeyStoreUtils { } } - - } diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyValueUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyValueUtils.java index 929d2994..0c5eeb40 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyValueUtils.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyValueUtils.java @@ -28,8 +28,10 @@ import java.util.Map; import java.util.Map.Entry; import java.util.Properties; import java.util.Set; + import javax.annotation.Nonnull; import javax.annotation.Nullable; + import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -49,8 +51,7 @@ public class KeyValueUtils { public static final String DEFAULT_VALUE = "default"; /** - * Convert Java properties into a Map String/String. - *
+ * Convert Java properties into a Map String/String.
* Important: The key/values from properties must be of type String! * * @param properties Java {@link Properties} that should be converted @@ -72,7 +73,7 @@ public class KeyValueUtils { /** * Extract the first child of an input key after a the prefix. * - * @param key Full input key + * @param key Full input key * @param prefix Prefix * @return Child key {String} if it exists or null */ @@ -82,11 +83,11 @@ public class KeyValueUtils { final int index = idAfterPrefix.indexOf(KEY_DELIMITER); if (index > 0) { final String adding = idAfterPrefix.substring(0, index); - if (!(adding.isEmpty())) { + if (!adding.isEmpty()) { return adding; } - } else if (!(idAfterPrefix.isEmpty())) { + } else if (!idAfterPrefix.isEmpty()) { return idAfterPrefix; } @@ -98,9 +99,10 @@ public class KeyValueUtils { /** * Extract the prefix from an input key. * - * @param key Full input key + * @param key Full input key * @param suffix Suffix of this key - * @return Prefix {String} of the key or null if input key does not ends with postfix string + * @return Prefix {String} of the key or null if input key does not ends with + * postfix string */ public static String getPrefixFromKey(final String key, final String suffix) { if (key != null && suffix != null && key.endsWith(suffix)) { @@ -118,9 +120,10 @@ public class KeyValueUtils { /** * Remove a prefix string from a key. * - * @param key Full input key + * @param key Full input key * @param prefix Prefix, which should be removed - * @return The suffix of the input key or null if the input does not starts with the prefix + * @return The suffix of the input key or null if the input does not starts with + * the prefix */ public static String removePrefixFromKey(final String key, String prefix) { if (prefix == null) { @@ -145,9 +148,10 @@ public class KeyValueUtils { /** * Remove a prefix string from all keys in Map String/String of key/value pairs. * - * @param keys Input data of key/value pairs + * @param keys Input data of key/value pairs * @param prefix Prefix which should be removed - * @return Map String/String of key/value pairs without prefix in key, but never null + * @return Map String/String of key/value pairs without prefix in key, but never + * null */ public static Map removePrefixFromKeys(final Map keys, final String prefix) { @@ -165,26 +169,29 @@ public class KeyValueUtils { } /** - * Get a subset of key/value pairs which starts with a prefix string The Prefix is removed from - * the key. + * Get a subset of key/value pairs which starts with a prefix string The Prefix + * is removed from the key. * - * @param keys Input data of key/value pairs + * @param keys Input data of key/value pairs * @param prefix Prefix string - * @return Map String/String of key/value pairs without prefix in key, but never null + * @return Map String/String of key/value pairs without prefix in key, but never + * null */ public static Map getSubSetWithPrefix(final Map keys, final String prefix) { return removePrefixFromKeys(keys, prefix); } - /** - * Add a prefix to key/value pairs to make the key absolute according to key namespace convention. + * Add a prefix to key/value pairs to make the key absolute according to key + * namespace convention. * - * @param input Input key/value pairs which should be updated - * @param prefix Key prefix, which should be added if the key is not absolute + * @param input Input key/value pairs which should be updated + * @param prefix Key prefix, which should be added if the key is not + * absolute * @param absolutIdentifier Key identifier, which indicates an absolute key - * @return Map String/String of key/value pairs in which all keys are absolute but never null + * @return Map String/String of key/value pairs in which all keys are absolute + * but never null */ public static Map makeKeysAbsolut(final Map input, final String prefix, final String absolutIdentifier) { @@ -225,7 +232,7 @@ public class KeyValueUtils { /** * Find the highest free list counter. * - * @param input Array of list keys + * @param input Array of list keys * @param listPrefix {String} prefix of the list * @return {int} highest free list counter */ @@ -247,7 +254,7 @@ public class KeyValueUtils { /** * Find the highest free list counter. * - * @param keySet Set of list keys + * @param keySet Set of list keys * @param listPrefix {String} prefix of the list * @return {int} highest free list counter */ @@ -261,13 +268,12 @@ public class KeyValueUtils { return findNextFreeListCounter(array, listPrefix); } - /** * Normalize a CSV encoded list of value of an key/value pair. * *

- * This method removes all whitespace at the begin or the end of CSV values and remove newLine - * signs at the end of value. The ',' is used as list delimiter + * This method removes all whitespace at the begin or the end of CSV values and + * remove newLine signs at the end of value. The ',' is used as list delimiter *

* * @param value CSV encoded input data @@ -289,7 +295,6 @@ public class KeyValueUtils { return normalizedCodes; } - /** * Check a String if it is a comma separated list of values. * @@ -298,7 +303,8 @@ public class KeyValueUtils { *

* * @param value CSV encoded input data - * @return true if the input data contains a ',' and has more then 1 list element, otherwise false + * @return true if the input data contains a ',' and has more then 1 list + * element, otherwise false */ public static boolean isCsvValueString(final String value) { if (StringUtils.isNotEmpty(value)) { @@ -316,8 +322,8 @@ public class KeyValueUtils { /** * Convert a CSV list to a List of CSV values.
*
- * This method removes all whitespace at the begin or the end of CSV values and remove newLine - * signs at the end of value. The ',' is used as list delimiter + * This method removes all whitespace at the begin or the end of CSV values and + * remove newLine signs at the end of value. The ',' is used as list delimiter * * @param csv CSV encoded input data * @return List of CSV normalized values, but never null @@ -338,8 +344,8 @@ public class KeyValueUtils { /** * Convert a List of String elements to a Map of Key/Value pairs.
- * Every List element used as a key/value pair and the '=' sign represents the delimiter between - * key and value + * Every List element used as a key/value pair and the '=' sign represents the + * delimiter between key and value * * @param elements List of key/value elements * @return Map of Key / Value pairs, but never null diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/NodeIteratorAdapter.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/NodeIteratorAdapter.java index 755c4431..5d2a11d0 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/NodeIteratorAdapter.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/NodeIteratorAdapter.java @@ -17,18 +17,18 @@ * works that you distribute must include a readable copy of the "NOTICE" text file. */ - - package at.gv.egiz.eaaf.core.impl.utils; import java.util.ListIterator; + import org.w3c.dom.DOMException; import org.w3c.dom.Node; import org.w3c.dom.traversal.NodeFilter; import org.w3c.dom.traversal.NodeIterator; /** - * A NodeIterator implementation based on a ListIterator. + * A NodeIterator implementation based on a + * ListIterator. * * @see java.util.ListIterator * @see org.w3c.dom.traversal.NodeIterator @@ -48,31 +48,26 @@ public class NodeIteratorAdapter implements NodeIterator { this.nodeIterator = nodeIterator; } - @Override public Node getRoot() { return null; } - @Override public int getWhatToShow() { return NodeFilter.SHOW_ALL; } - @Override public NodeFilter getFilter() { return null; } - @Override public boolean getExpandEntityReferences() { return false; } - @Override public Node nextNode() throws DOMException { if (nodeIterator.hasNext()) { @@ -81,7 +76,6 @@ public class NodeIteratorAdapter implements NodeIterator { return null; } - @Override public Node previousNode() throws DOMException { if (nodeIterator.hasPrevious()) { @@ -90,7 +84,6 @@ public class NodeIteratorAdapter implements NodeIterator { return null; } - @Override public void detach() { diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/NodeListAdapter.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/NodeListAdapter.java index a942f75e..83a6725c 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/NodeListAdapter.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/NodeListAdapter.java @@ -17,11 +17,10 @@ * works that you distribute must include a readable copy of the "NOTICE" text file. */ - - package at.gv.egiz.eaaf.core.impl.utils; import java.util.List; + import org.w3c.dom.Node; import org.w3c.dom.NodeList; @@ -45,13 +44,11 @@ public class NodeListAdapter implements NodeList { this.nodeList = nodeList; } - @Override public Node item(final int index) { return (Node) nodeList.get(index); } - @Override public int getLength() { return nodeList.size(); diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/Random.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/Random.java index 14d54b0b..aedbbb7f 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/Random.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/Random.java @@ -19,7 +19,6 @@ package at.gv.egiz.eaaf.core.impl.utils; - import java.io.UnsupportedEncodingException; import java.nio.ByteBuffer; import java.security.NoSuchAlgorithmException; @@ -27,12 +26,13 @@ import java.security.SecureRandom; import java.text.DateFormat; import java.text.SimpleDateFormat; import java.util.Date; -import at.gv.egiz.eaaf.core.impl.idp.process.support.SecureRandomHolder; + import org.apache.commons.codec.binary.Hex; import org.apache.commons.lang3.ArrayUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import at.gv.egiz.eaaf.core.impl.idp.process.support.SecureRandomHolder; /** * Random number generator used to generate ID's. @@ -44,9 +44,9 @@ public class Random { private static final Logger log = LoggerFactory.getLogger(Random.class); private static final char[] allowedPreFix = - {'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', + { 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', - 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z'}; + 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z' }; /** random number generator used. */ private static SecureRandom random; @@ -63,14 +63,14 @@ public class Random { } - // random = iaik.security.random.SHA256FIPS186Random.getDefault(); } /** - * Generate a unique process reference-value [160bit], which always starts with a letter
- * This unique ID consists of single letter, a 64bit date String[yyyyddMM], and a 88bit random - * value. + * Generate a unique process reference-value [160bit], which always starts with + * a letter
+ * This unique ID consists of single letter, a 64bit date String[yyyyddMM], and + * a 88bit random value. * * @return 160bit ID, which is hex encoded */ @@ -98,12 +98,8 @@ public class Random { } - - } - - /** * Creates a new random number [256bit], and encode it as hex value. * diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java index ee88c4bb..bc770a8c 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java @@ -8,17 +8,13 @@ import java.security.spec.InvalidKeySpecException; import java.security.spec.KeySpec; import java.util.Arrays; import java.util.Base64; + import javax.annotation.PostConstruct; import javax.crypto.Mac; import javax.crypto.SecretKey; import javax.crypto.SecretKeyFactory; import javax.crypto.spec.PBEKeySpec; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.api.utils.IPendingRequestIdGenerationStrategy; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.exceptions.EaafIllegalStateException; -import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException; + import org.apache.commons.lang3.StringUtils; import org.joda.time.DateTime; import org.joda.time.DurationFieldType; @@ -30,9 +26,16 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.lang.NonNull; import org.springframework.lang.Nullable; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.utils.IPendingRequestIdGenerationStrategy; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.EaafIllegalStateException; +import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException; + /** - * PendingRequestId generation strategy based on signed tokens that facilitates extended token - * validation. + * PendingRequestId generation strategy based on signed tokens that facilitates + * extended token validation. * * @author tlenz * @@ -78,7 +81,7 @@ public class SecurePendingRequestIdGenerationStrategy .encodeToString(externalPendingRequestId.toString().getBytes("UTF-8")); } catch (final UnsupportedEncodingException e) { - throw new EaafException("internal.99", new Object[] {e.getMessage()}, e); + throw new EaafException("internal.99", new Object[] { e.getMessage() }, e); } @@ -131,7 +134,6 @@ public class SecurePendingRequestIdGenerationStrategy return internalPendingReqId; - } catch (final IllegalArgumentException | EaafIllegalStateException e) { log.warn("Token is NOT a valid String. Msg: {}", e.getMessage()); log.debug("TokenValue: {}", externalPendingReqId); @@ -177,7 +179,6 @@ public class SecurePendingRequestIdGenerationStrategy } - @PostConstruct private void initialize() throws EaafConfigurationException { log.debug("Initializing " + this.getClass().getName() + " ... "); @@ -186,7 +187,7 @@ public class SecurePendingRequestIdGenerationStrategy baseConfig.getBasicConfiguration(CONFIG_PROP_PENDINGREQUESTID_DIGIST_SECRET); if (StringUtils.isEmpty(pendingReqIdDigistSecret)) { throw new EaafConfigurationException("config.08", - new Object[] {CONFIG_PROP_PENDINGREQUESTID_DIGIST_SECRET}); + new Object[] { CONFIG_PROP_PENDINGREQUESTID_DIGIST_SECRET }); } digistAlgorithm = baseConfig.getBasicConfiguration( @@ -201,11 +202,10 @@ public class SecurePendingRequestIdGenerationStrategy final KeySpec spec = new PBEKeySpec(pendingReqIdDigistSecret.toCharArray(), salt, 10000, 128); key = keyFactory.generateSecret(spec); - } catch (NoSuchAlgorithmException | InvalidKeySpecException e) { log.error("Can NOT initialize TokenService with configuration object", e); throw new EaafConfigurationException("config.09", - new Object[] {CONFIG_PROP_PENDINGREQUESTID_DIGIST_SECRET, "Can NOT generate HMAC key"}, + new Object[] { CONFIG_PROP_PENDINGREQUESTID_DIGIST_SECRET, "Can NOT generate HMAC key" }, e); } @@ -229,7 +229,7 @@ public class SecurePendingRequestIdGenerationStrategy } catch (UnsupportedEncodingException | NoSuchAlgorithmException | InvalidKeyException e) { log.error("Can NOT generate secure pendingRequestId", e); throw new EaafIllegalStateException( - new Object[] {"Can NOT caluclate digist for secure pendingRequestId"}, e); + new Object[] { "Can NOT caluclate digist for secure pendingRequestId" }, e); } diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SimplePendingRequestIdGenerationStrategy.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SimplePendingRequestIdGenerationStrategy.java index 049f7175..78f0cdec 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SimplePendingRequestIdGenerationStrategy.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SimplePendingRequestIdGenerationStrategy.java @@ -1,11 +1,13 @@ package at.gv.egiz.eaaf.core.impl.utils; +import org.apache.commons.lang3.StringUtils; + import at.gv.egiz.eaaf.core.api.utils.IPendingRequestIdGenerationStrategy; import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException; -import org.apache.commons.lang3.StringUtils; /** - * Simple pendingRequestId generation strategy that facilitates no extended validation. + * Simple pendingRequestId generation strategy that facilitates no extended + * validation. * * @author tlenz * @@ -34,8 +36,6 @@ public class SimplePendingRequestIdGenerationStrategy "PendingRequestId is empty or null"); } - - return externalPendingReqId; } diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/StreamUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/StreamUtils.java index 795b71f7..22a6de2b 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/StreamUtils.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/StreamUtils.java @@ -17,8 +17,6 @@ * works that you distribute must include a readable copy of the "NOTICE" text file. */ - - package at.gv.egiz.eaaf.core.impl.utils; import java.io.ByteArrayOutputStream; @@ -39,8 +37,8 @@ public class StreamUtils { * * @param is1 The 1st InputStream to compare. * @param is2 The 2nd InputStream to compare. - * @return boolean true, if both streams contain the exactly the same content, - * false otherwise. + * @return boolean true, if both streams contain the exactly the + * same content, false otherwise. * @throws IOException An error occurred reading one of the streams. */ public static boolean compareStreams(final InputStream is1, final InputStream is2) @@ -83,10 +81,11 @@ public class StreamUtils { /** * Compare two byte arrays, up to a given maximum length. * - * @param b1 1st byte array to compare. - * @param b2 2nd byte array to compare. + * @param b1 1st byte array to compare. + * @param b2 2nd byte array to compare. * @param length The maximum number of bytes to compare. - * @return true, if the byte arrays are equal, false otherwise. + * @return true, if the byte arrays are equal, false + * otherwise. */ private static boolean compareBytes(final byte[] b1, final byte[] b2, final int length) { if (b1.length != b2.length) { @@ -115,8 +114,8 @@ public class StreamUtils { copyStream(in, out, null); /* - * ByteArrayOutputStream out = new ByteArrayOutputStream(); int b; while ((b = in.read()) >= 0) - * out.write(b); + * ByteArrayOutputStream out = new ByteArrayOutputStream(); int b; while ((b = + * in.read()) >= 0) out.write(b); * */ in.close(); @@ -126,10 +125,11 @@ public class StreamUtils { /** * Reads a String from a stream, using given encoding. * - * @param in The InputStream to read. + * @param in The InputStream to read. * @param encoding The character encoding to use for converting the bytes of the - * InputStream into a String. - * @return The content of the given InputStream converted into a String. + * InputStream into a String. + * @return The content of the given InputStream converted into a + * String. * @throws IOException on any exception thrown */ public static String readStream(final InputStream in, final String encoding) throws IOException { @@ -137,23 +137,26 @@ public class StreamUtils { copyStream(in, out, null); /* - * ByteArrayOutputStream out = new ByteArrayOutputStream(); int b; while ((b = in.read()) >= 0) - * out.write(b); + * ByteArrayOutputStream out = new ByteArrayOutputStream(); int b; while ((b = + * in.read()) >= 0) out.write(b); */ in.close(); return out.toString(encoding); } /** - * Reads all data (until EOF is reached) from the given source to the destination stream. If the - * destination stream is null, all data is dropped. It uses the given buffer to read data and - * forward it. If the buffer is null, this method allocates a buffer. + * Reads all data (until EOF is reached) from the given source to the + * destination stream. If the destination stream is null, all data is dropped. + * It uses the given buffer to read data and forward it. If the buffer is null, + * this method allocates a buffer. * - * @param source The stream providing the data. - * @param destination The stream that takes the data. If this is null, all data from source will - * be read and discarded. - * @param buffer The buffer to use for forwarding. If it is null, the method allocates a buffer. - * @exception IOException If reading from the source or writing to the destination fails. + * @param source The stream providing the data. + * @param destination The stream that takes the data. If this is null, all data + * from source will be read and discarded. + * @param buffer The buffer to use for forwarding. If it is null, the + * method allocates a buffer. + * @exception IOException If reading from the source or writing to the + * destination fails. */ private static void copyStream(final InputStream source, final OutputStream destination, byte[] buffer) throws IOException { @@ -169,14 +172,15 @@ public class StreamUtils { while ((bytesRead = source.read(buffer)) >= 0) { destination.write(buffer, 0, bytesRead); } - } + } } // /** // * Gets the stack trace of the Throwable passed in as a string. // * // * @param t The Throwable. - // * @return a String representing the stack trace of the Throwable. + // * @return a String representing the stack trace of the + // Throwable. // */ // public static String getStackTraceAsString(final Throwable t) { // final ByteArrayOutputStream stackTraceBis = new ByteArrayOutputStream(); diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java index 3875e587..d8976548 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java @@ -19,7 +19,6 @@ package at.gv.egiz.eaaf.core.impl.utils; - import at.gv.egiz.eaaf.core.api.IRequest; /** @@ -37,7 +36,8 @@ public class TransactionIdUtils { /** * Set all MDC variables from pending request to this threat context.
- * These includes SessionID, TransactionID, and unique service-provider identifier + * These includes SessionID, TransactionID, and unique service-provider + * identifier * * @param pendingRequest Http request object */ @@ -59,7 +59,6 @@ public class TransactionIdUtils { } - public static void setServiceProviderId(final String oaUniqueId) { org.slf4j.MDC.put(MDC_SERVICEPROVIDER_ID, oaUniqueId); @@ -90,5 +89,4 @@ public class TransactionIdUtils { } - } diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/X509Utils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/X509Utils.java index 00a31a13..72c183bf 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/X509Utils.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/X509Utils.java @@ -8,9 +8,9 @@ import javax.security.auth.x500.X500Principal; public class X509Utils { /** - * Sorts the Certificate Chain by IssuerDN and SubjectDN. The [0]-Element should be the Hostname, - * the last Element should be the Root Certificate. - * + * Sorts the Certificate Chain by IssuerDN and SubjectDN. The [0]-Element should + * be the Hostname, the last Element should be the Root Certificate. + * * @param certs The first element must be the correct one. * @return sorted Certificate Chain */ diff --git a/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties b/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties new file mode 100644 index 00000000..970b8e5a --- /dev/null +++ b/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties @@ -0,0 +1,10 @@ +internal.keystore.00=HSM-Facade NOT INITIALIZED. KeyStore:{0} initialization failed +internal.keystore.01=KeyStore:{0} configuration has an unsupported type in configuration. +internal.keystore.02=Type:{1} of KeyStore:{0} is NOT SUPPORTED yet. +internal.keystore.03=HSM-Facade initialization failed with a generic error: {0} +internal.keystore.04=HSM-Facade has a wrong configuration. Missing property: {0} +internal.keystore.05=HSM-Facade has a wrong configuration. Property: {0} Reason:{1} +internal.keystore.06=KeyStore: {0} initialization failed. Reason: {1} + + + diff --git a/eaaf_core_utils/src/main/resources/spring/eaaf_utils.beans.xml b/eaaf_core_utils/src/main/resources/spring/eaaf_utils.beans.xml new file mode 100644 index 00000000..7568f423 --- /dev/null +++ b/eaaf_core_utils/src/main/resources/spring/eaaf_utils.beans.xml @@ -0,0 +1,20 @@ + + + + + + + + + + \ No newline at end of file diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/logging/EaafUtilsMessageSourceTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/logging/EaafUtilsMessageSourceTest.java new file mode 100644 index 00000000..f6df60ae --- /dev/null +++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/logging/EaafUtilsMessageSourceTest.java @@ -0,0 +1,36 @@ +package at.gv.egiz.eaaf.core.impl.logging; + +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.core.io.Resource; +import org.springframework.core.io.ResourceLoader; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/spring/test_eaaf_pvp_not_lazy.beans.xml") +public class EaafUtilsMessageSourceTest { + + @Autowired + private ResourceLoader loader; + @Autowired(required = false) + private IMessageSourceLocation messageSource; + + @Test + public void simpleTests() { + Assert.assertNotNull("No messageSource", messageSource); + + Assert.assertNotNull("No sourcePath", messageSource.getMessageSourceLocation()); + + for (final String el : messageSource.getMessageSourceLocation()) { + final Resource messages = loader.getResource(el + ".properties"); + Assert.assertTrue("Source not exist", messages.exists()); + + } + + } +} diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/logging/JUnitTestStatusMessenger.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/logging/JUnitTestStatusMessenger.java index be5d95b1..9c1d0c82 100644 --- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/logging/JUnitTestStatusMessenger.java +++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/logging/JUnitTestStatusMessenger.java @@ -3,6 +3,7 @@ package at.gv.egiz.eaaf.core.impl.logging; import java.text.MessageFormat; import java.util.HashMap; import java.util.Map; + import at.gv.egiz.eaaf.core.api.IStatusMessenger; public class JUnitTestStatusMessenger implements IStatusMessenger { @@ -48,7 +49,7 @@ public class JUnitTestStatusMessenger implements IStatusMessenger { * Add a message into Message-Store. * * @param msgCode message-code - * @param msg message + * @param msg message */ public void addMsg(final String msgCode, final String msg) { if (!msgStore.containsKey(msgCode)) { diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/utils/test/KeyValueUtilsTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/utils/test/KeyValueUtilsTest.java index 258c3210..58788392 100644 --- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/utils/test/KeyValueUtilsTest.java +++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/utils/test/KeyValueUtilsTest.java @@ -6,14 +6,17 @@ import java.util.Iterator; import java.util.List; import java.util.Map; import java.util.Map.Entry; -import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; + import org.apache.commons.lang3.RandomStringUtils; import org.junit.Assert; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.BlockJUnit4ClassRunner; + import com.google.common.collect.Sets; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; + @RunWith(BlockJUnit4ClassRunner.class) public class KeyValueUtilsTest { @@ -442,5 +445,4 @@ public class KeyValueUtilsTest { } - } diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java new file mode 100644 index 00000000..805000cb --- /dev/null +++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java @@ -0,0 +1,555 @@ +package at.gv.egiz.eaaf.core.test.credentials; + +import java.security.KeyStore; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.BeansException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.MethodMode; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import com.google.common.base.Optional; +import com.google.common.base.Predicates; +import com.google.common.base.Throwables; +import com.google.common.collect.FluentIterable; + +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; +import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap; +import io.grpc.StatusRuntimeException; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/spring/test_eaaf_pvp_lazy.beans.xml") +@DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) +public class EaafKeyStoreFactoryTest { + + private static final String PATH_TO_SOFTWARE_KEYSTORE_JKS = + "src/test/resources/data/junit_without_trustcerts.jks"; + private static final String PATH_TO_SOFTWARE_KEYSTORE_PKCS12 = + "src/test/resources/data/junit_without_trustcerts.p12"; + private static final String PATH_TO_HSM_FACADE_TRUST_CERT = "src/test/resources/data/test.crt"; + private static final String SOFTWARE_KEYSTORE_PASSWORD = "password"; + + @Autowired + private DummyAuthConfigMap mapConfig; + @Autowired + private ApplicationContext context; + + /** + * jUnit test set-up. + */ + @Before + public void testSetup() { + mapConfig.clearAllConfig(); + + } + + @Test + @DirtiesContext + public void startWithoutConfigHsmFacadeConfig() { + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + + } + + @Test + @DirtiesContext + public void buildyStoreWithOutConfig() { + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + + final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); + try { + keyStoreFactory.buildNewKeyStore(keyStoreConfig); + Assert.fail("Wrong config not detected"); + + } catch (final EaafException e) { + org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e, "Wong ExceptionType"); + Assert.assertEquals("wrong errorCode", "internal.keystore.01", e.getErrorId()); + + } + } + + @Test + @DirtiesContext + public void buildyStoreWithPkcs11() { + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + + final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); + keyStoreConfig.setKeyStoreType(KeyStoreType.PKCS11); + try { + keyStoreFactory.buildNewKeyStore(keyStoreConfig); + Assert.fail("Wrong config not detected"); + + } catch (final EaafException e) { + org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e, "Wong ExceptionType"); + Assert.assertEquals("wrong errorCode", "internal.keystore.02", e.getErrorId()); + + } + } + + @Test + @DirtiesContext + public void softwareKeyStoreWithoutConfig() { + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + + final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); + keyStoreConfig.setKeyStoreType(KeyStoreType.JKS); + try { + keyStoreFactory.buildNewKeyStore(keyStoreConfig); + Assert.fail("Wrong config not detected"); + + } catch (final EaafException e) { + org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e, "Wong ExceptionType"); + Assert.assertEquals("wrong errorCode", "internal.keystore.06", e.getErrorId()); + + } + } + + @Test + @DirtiesContext + public void softwareKeyStoreWithoutConfigSecond() { + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + + final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); + keyStoreConfig.setKeyStoreType(KeyStoreType.PKCS12); + try { + keyStoreFactory.buildNewKeyStore(keyStoreConfig); + Assert.fail("Wrong config not detected"); + + } catch (final EaafException e) { + org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e, "Wong ExceptionType"); + Assert.assertEquals("wrong errorCode", "internal.keystore.06", e.getErrorId()); + + } + } + + @Test + @DirtiesContext + public void softwareKeyStoreWithoutPassword() { + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + + final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); + keyStoreConfig.setKeyStoreType(KeyStoreType.JKS); + keyStoreConfig.setSoftKeyStoreFilePath(PATH_TO_SOFTWARE_KEYSTORE_JKS); + + try { + keyStoreFactory.buildNewKeyStore(keyStoreConfig); + Assert.fail("Wrong config not detected"); + + } catch (final EaafException e) { + org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e, "Wong ExceptionType"); + Assert.assertEquals("wrong errorCode", "internal.keystore.06", e.getErrorId()); + + } + } + + @Test + @DirtiesContext + public void softwareKeyStoreWithoutPath() { + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + + final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); + keyStoreConfig.setKeyStoreType(KeyStoreType.JKS); + keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD); + + + try { + keyStoreFactory.buildNewKeyStore(keyStoreConfig); + Assert.fail("Wrong config not detected"); + + } catch (final EaafException e) { + org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e, "Wong ExceptionType"); + Assert.assertEquals("wrong errorCode", "internal.keystore.06", e.getErrorId()); + + } + } + + @Test + @DirtiesContext + public void softwareKeyStoreWithoutType() throws EaafException { + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + + final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); + keyStoreConfig.setKeyStoreType(KeyStoreType.JKS); + keyStoreConfig.setSoftKeyStoreFilePath(PATH_TO_SOFTWARE_KEYSTORE_JKS); + keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD); + + final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig); + Assert.assertNotNull("KeyStore is null", keyStore); + + } + + @Test + @DirtiesContext + public void softwareKeyStoreWithWrongPath() { + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + + final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); + keyStoreConfig.setKeyStoreType(KeyStoreType.JKS); + keyStoreConfig.setSoftKeyStoreFilePath("src/test/resources/notexist.jks"); + keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD); + + + try { + keyStoreFactory.buildNewKeyStore(keyStoreConfig); + Assert.fail("Wrong config not detected"); + + } catch (final EaafException e) { + org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e, "Wong ExceptionType"); + Assert.assertEquals("wrong errorCode", "internal.keystore.05", e.getErrorId()); + + } + } + + @Test + @DirtiesContext + public void softwareKeyStoreWithWrongPassword() { + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + + final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); + keyStoreConfig.setKeyStoreType(KeyStoreType.JKS); + keyStoreConfig.setSoftKeyStoreFilePath(PATH_TO_SOFTWARE_KEYSTORE_JKS); + keyStoreConfig.setSoftKeyStorePassword("wrong password"); + + + try { + keyStoreFactory.buildNewKeyStore(keyStoreConfig); + Assert.fail("Wrong config not detected"); + + } catch (final EaafException e) { + org.springframework.util.Assert.isInstanceOf(EaafFactoryException.class, e, "Wong ExceptionType"); + Assert.assertEquals("wrong errorCode", "internal.keystore.06", e.getErrorId()); + + } + } + + @Test + @DirtiesContext + public void softwareKeyStoreSuccessJks() throws EaafException { + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + + final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); + keyStoreConfig.setKeyStoreType(KeyStoreType.JKS); + keyStoreConfig.setSoftKeyStoreFilePath(PATH_TO_SOFTWARE_KEYSTORE_JKS); + keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD); + + + final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig); + Assert.assertNotNull("KeyStore is null", keyStore); + + } + + @Test + @DirtiesContext + public void softwareKeyStoreSuccessPkcs12() throws EaafException { + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + + final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); + keyStoreConfig.setKeyStoreType(KeyStoreType.PKCS12); + keyStoreConfig.setSoftKeyStoreFilePath(PATH_TO_SOFTWARE_KEYSTORE_PKCS12); + keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD); + + final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig); + Assert.assertNotNull("KeyStore is null", keyStore); + + } + + @Test + public void hsmFacadeOnlyHostConfig() { + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, + RandomStringUtils.randomNumeric(10)); + try { + context.getBean(EaafKeyStoreFactory.class); + Assert.fail("Missing HSM Facade not detected"); + + } catch (final BeansException e) { + checkMissingConfigException(e); + + } + } + + @Test + public void hsmFacadeMissingPort() { + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, + RandomStringUtils.randomNumeric(10)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME, + RandomStringUtils.randomAlphanumeric(10)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD, + RandomStringUtils.randomNumeric(10)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HSM_NAME, + RandomStringUtils.randomAlphanumeric(10)); + + try { + context.getBean(EaafKeyStoreFactory.class); + Assert.fail("Missing HSM Facade not detected"); + + } catch (final BeansException e) { + checkMissingConfigException(e); + + } + } + + @Test + public void hsmFacadeMissingUsername() { + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, + RandomStringUtils.randomNumeric(10)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT, + RandomStringUtils.randomNumeric(4)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD, + RandomStringUtils.randomNumeric(10)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HSM_NAME, + RandomStringUtils.randomAlphanumeric(10)); + + try { + context.getBean(EaafKeyStoreFactory.class); + Assert.fail("Missing HSM Facade not detected"); + + } catch (final BeansException e) { + checkMissingConfigException(e); + + } + } + + @Test + public void hsmFacadeMissingPassword() { + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, + RandomStringUtils.randomNumeric(10)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT, + RandomStringUtils.randomNumeric(4)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME, + RandomStringUtils.randomAlphanumeric(10)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HSM_NAME, + RandomStringUtils.randomAlphanumeric(10)); + + try { + context.getBean(EaafKeyStoreFactory.class); + Assert.fail("Missing HSM Facade not detected"); + + } catch (final BeansException e) { + checkMissingConfigException(e); + + } + } + + @Test + public void hsmFacadeMissingKeyStoreName() { + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, + RandomStringUtils.randomNumeric(10)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT, + RandomStringUtils.randomNumeric(4)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME, + RandomStringUtils.randomAlphanumeric(10)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD, + RandomStringUtils.randomAlphanumeric(10)); + + try { + context.getBean(EaafKeyStoreFactory.class); + Assert.fail("Missing HSM Facade not detected"); + + } catch (final BeansException e) { + checkMissingConfigException(e); + + } + } + + @Test + public void hsmFacadeMissingTrustedCertificate() { + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, + RandomStringUtils.randomNumeric(10)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT, + RandomStringUtils.randomNumeric(4)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME, + RandomStringUtils.randomNumeric(10)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD, + RandomStringUtils.randomAlphanumeric(10)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HSM_NAME, + RandomStringUtils.randomAlphanumeric(10)); + + try { + context.getBean(EaafKeyStoreFactory.class); + Assert.fail("Missing HSM Facade not detected"); + + } catch (final BeansException e) { + checkMissingConfigException(e); + + } + } + + @Test + public void hsmFacadeMissingTrustedCertificateFile() { + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, + RandomStringUtils.randomNumeric(10)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT, + RandomStringUtils.randomNumeric(4)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME, + RandomStringUtils.randomNumeric(10)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD, + RandomStringUtils.randomAlphanumeric(10)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HSM_NAME, + RandomStringUtils.randomAlphanumeric(10)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST, + "src/test/resources/data/notexist.crt"); + + try { + context.getBean(EaafKeyStoreFactory.class); + Assert.fail("Missing HSM Facade not detected"); + + } catch (final BeansException e) { + checkMissingConfigException(e, "internal.keystore.05"); + + } + } + + @Test + public void hsmFacadeMissingWrongTrustedCertificate() { + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, + RandomStringUtils.randomNumeric(10)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT, + RandomStringUtils.randomNumeric(4)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME, + RandomStringUtils.randomNumeric(10)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD, + RandomStringUtils.randomAlphanumeric(10)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HSM_NAME, + RandomStringUtils.randomAlphanumeric(10)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST, + "src/test/resources/spring/test_eaaf_pvp_lazy.beans.xml"); + + try { + context.getBean(EaafKeyStoreFactory.class); + Assert.fail("Missing HSM Facade not detected"); + + } catch (final BeansException e) { + checkMissingConfigException(e, "internal.keystore.05"); + + } + } + + @Test + @DirtiesContext + public void hsmFacadeInitialized() { + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, + RandomStringUtils.randomNumeric(10)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT, + RandomStringUtils.randomNumeric(4)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME, + RandomStringUtils.randomNumeric(10)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD, + RandomStringUtils.randomAlphanumeric(10)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HSM_NAME, + RandomStringUtils.randomAlphanumeric(10)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST, + PATH_TO_HSM_FACADE_TRUST_CERT); + + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + + } + + @Test + @DirtiesContext + public void hsmFacadeKeyStoreNoKeyStoreName() { + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, + RandomStringUtils.randomNumeric(10)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT, + RandomStringUtils.randomNumeric(4)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME, + RandomStringUtils.randomNumeric(10)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD, + RandomStringUtils.randomAlphanumeric(10)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HSM_NAME, + RandomStringUtils.randomAlphanumeric(10)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST, + PATH_TO_HSM_FACADE_TRUST_CERT); + + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + + final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); + keyStoreConfig.setKeyStoreType(KeyStoreType.HSMFACADE); + + try { + keyStoreFactory.buildNewKeyStore(keyStoreConfig); + Assert.fail("Wrong config not detected"); + + } catch (final EaafException e) { + org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e, "Wong ExceptionType"); + Assert.assertEquals("wrong errorCode", "internal.keystore.06", e.getErrorId()); + } + + } + + @Test + @DirtiesContext + public void hsmFacadeKeyStoreSuccess() throws EaafException { + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, + RandomStringUtils.randomNumeric(10)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT, + RandomStringUtils.randomNumeric(4)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME, + RandomStringUtils.randomNumeric(10)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD, + RandomStringUtils.randomAlphanumeric(10)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HSM_NAME, + RandomStringUtils.randomAlphanumeric(10)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST, + PATH_TO_HSM_FACADE_TRUST_CERT); + + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + + final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); + keyStoreConfig.setKeyStoreType(KeyStoreType.HSMFACADE); + keyStoreConfig.setKeyStoreName("testkeyStore"); + + try { + final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig); + Assert.assertNotNull("KeyStore is null", keyStore); + + } catch (final StatusRuntimeException e) { + // because there is no mockup of HSM facade available + // Assert.assertTrue("Wrong exception", e.getMessage().contains("io + // exception")); + + } + + } + + private void checkMissingConfigException(Exception e) { + checkMissingConfigException(e, "internal.keystore.04"); + + } + + private void checkMissingConfigException(Exception e, String errorCode) { + final Optional eaafException = FluentIterable.from( + Throwables.getCausalChain(e)).filter( + Predicates.instanceOf(EaafConfigurationException.class)).first(); + Assert.assertTrue("Wrong exception", eaafException.isPresent()); + Assert.assertEquals("Wrong errorCode", + errorCode, ((EaafException) eaafException.get()).getErrorId()); + + } + +} diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/KeyStoreConfigurationTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/KeyStoreConfigurationTest.java new file mode 100644 index 00000000..8cb81107 --- /dev/null +++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/KeyStoreConfigurationTest.java @@ -0,0 +1,190 @@ +package at.gv.egiz.eaaf.core.test.credentials; + +import java.util.HashMap; +import java.util.Map; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.BlockJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; + +@RunWith(BlockJUnit4ClassRunner.class) +public class KeyStoreConfigurationTest { + + private Map config; + + @Before + public void testSetup() { + config = new HashMap<>(); + + } + + @Test + public void emptyConfigMap() { + try { + KeyStoreConfiguration.buildFromConfigurationMap(config, "jUnitTest"); + Assert.fail("Wrong config not detected"); + + } catch (final EaafConfigurationException e) { + Assert.assertEquals("wrong errorCode", "internal.keystore.04", e.getErrorId()); + } + } + + @Test + public void emptyKeyStoreType() { + try { + config.put("keystore.type", ""); + + KeyStoreConfiguration.buildFromConfigurationMap(config, "jUnitTest"); + Assert.fail("Wrong config not detected"); + + } catch (final EaafConfigurationException e) { + Assert.assertEquals("wrong errorCode", "internal.keystore.04", e.getErrorId()); + } + } + + @Test + public void unknownKeyStoreType() { + try { + config.put("keystore.type", "test"); + + KeyStoreConfiguration.buildFromConfigurationMap(config, "jUnitTest"); + Assert.fail("Wrong config not detected"); + + } catch (final EaafConfigurationException e) { + Assert.assertEquals("wrong errorCode", "internal.keystore.01", e.getErrorId()); + } + } + + @Test + public void pkcs11KeyStoreType() throws EaafConfigurationException { + config.put("keystore.type", "pkcs11"); + try { + final KeyStoreConfiguration keyStoreConfig = KeyStoreConfiguration.buildFromConfigurationMap(config, + "jUnitTest"); + Assert.fail("Wrong config not detected"); + + } catch (final EaafConfigurationException e) { + Assert.assertEquals("wrong errorCode", "internal.keystore.02", e.getErrorId()); + } + } + + @Test + public void hsmFacadeKeyStoreTypeMissingName() { + try { + config.put("keystore.type", "hsmfacade"); + + KeyStoreConfiguration.buildFromConfigurationMap(config, "jUnitTest"); + Assert.fail("Wrong config not detected"); + + } catch (final EaafConfigurationException e) { + Assert.assertEquals("wrong errorCode", "internal.keystore.04", e.getErrorId()); + } + } + + @Test + public void hsmFacadeKeyStoreTypeSucces() throws EaafConfigurationException { + final String keyStoreName = RandomStringUtils.randomAlphabetic(5); + config.put("keystore.type", "hsmfacade"); + config.put("keystore.name", keyStoreName); + + final KeyStoreConfiguration keyStoreConfig = KeyStoreConfiguration.buildFromConfigurationMap(config, + "jUnitTest"); + + Assert.assertNotNull("KeyStore config object", keyStoreConfig); + Assert.assertEquals("Wrong Type", KeyStoreType.HSMFACADE, keyStoreConfig.getKeyStoreType()); + Assert.assertEquals("Wrong KeyStoreName", keyStoreName, keyStoreConfig.getKeyStoreName()); + + } + + @Test + public void softwareKeyStoreTypeMissingPath() { + try { + final String keyStorePass = RandomStringUtils.randomAlphabetic(5); + config.put("keystore.type", "software"); + config.put("keystore.password", keyStorePass); + config.put("keystore.type", "jks"); + + KeyStoreConfiguration.buildFromConfigurationMap(config, "jUnitTest"); + Assert.fail("Wrong config not detected"); + + } catch (final EaafConfigurationException e) { + Assert.assertEquals("wrong errorCode", "internal.keystore.04", e.getErrorId()); + } + } + + @Test + public void softwareKeyStoreTypeMissingPassword() { + try { + final String keyStorePath = RandomStringUtils.randomAlphabetic(5); + config.put("keystore.type", "software"); + config.put("keystore.software.path", keyStorePath); + config.put("keystore.type", "jks"); + + KeyStoreConfiguration.buildFromConfigurationMap(config, "jUnitTest"); + Assert.fail("Wrong config not detected"); + + } catch (final EaafConfigurationException e) { + Assert.assertEquals("wrong errorCode", "internal.keystore.04", e.getErrorId()); + } + } + + @Test + public void softwareKeyStoreTypeUnknownType() { + try { + final String keyStorePath = RandomStringUtils.randomAlphabetic(5); + final String keyStorePass = RandomStringUtils.randomAlphabetic(5); + config.put("keystore.path", keyStorePath); + config.put("keystore.password", keyStorePass); + config.put("keystore.type", RandomStringUtils.randomAlphabetic(4)); + + KeyStoreConfiguration.buildFromConfigurationMap(config, "jUnitTest"); + Assert.fail("Wrong config not detected"); + + } catch (final EaafConfigurationException e) { + Assert.assertEquals("wrong errorCode", "internal.keystore.01", e.getErrorId()); + } + } + + @Test + public void softwareKeyStoreTypeSuccesJks() throws EaafConfigurationException { + final String keyStorePath = RandomStringUtils.randomAlphabetic(5); + final String keyStorePass = RandomStringUtils.randomAlphabetic(5); + config.put("keystore.type", "jks"); + config.put("keystore.path", keyStorePath); + config.put("keystore.password", keyStorePass); + + final KeyStoreConfiguration keyStoreConfig = KeyStoreConfiguration.buildFromConfigurationMap(config, + "jUnitTest"); + + Assert.assertNotNull("KeyStore config object", keyStoreConfig); + Assert.assertEquals("Wrong Type", KeyStoreType.JKS, keyStoreConfig.getKeyStoreType()); + Assert.assertEquals("Wrong KeyStoreName", keyStorePath, keyStoreConfig.getSoftKeyStoreFilePath()); + Assert.assertEquals("Wrong KeyStoreName", keyStorePass, keyStoreConfig.getSoftKeyStorePassword()); + + } + + @Test + public void softwareKeyStoreTypeSuccesPkcs12() throws EaafConfigurationException { + final String keyStorePath = RandomStringUtils.randomAlphabetic(5); + final String keyStorePass = RandomStringUtils.randomAlphabetic(5); + config.put("keystore.type", "pkcs12"); + config.put("keystore.path", keyStorePath); + config.put("keystore.password", keyStorePass); + + final KeyStoreConfiguration keyStoreConfig = KeyStoreConfiguration.buildFromConfigurationMap(config, + "jUnitTest"); + + Assert.assertNotNull("KeyStore config object", keyStoreConfig); + Assert.assertEquals("Wrong Type", KeyStoreType.PKCS12, keyStoreConfig.getKeyStoreType()); + Assert.assertEquals("Wrong KeyStoreName", keyStorePath, keyStoreConfig.getSoftKeyStoreFilePath()); + Assert.assertEquals("Wrong KeyStoreName", keyStorePass, keyStoreConfig.getSoftKeyStorePassword()); + + } +} diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/dummy/DummyAuthConfigMap.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/dummy/DummyAuthConfigMap.java new file mode 100644 index 00000000..bf1dfd03 --- /dev/null +++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/dummy/DummyAuthConfigMap.java @@ -0,0 +1,142 @@ +package at.gv.egiz.eaaf.core.test.dummy; + +import java.io.IOException; +import java.io.InputStream; +import java.net.URI; +import java.net.URL; +import java.util.HashMap; +import java.util.Map; +import java.util.Properties; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; + +/** + * Dummy Application-configuration implementation for jUnit tests. + * + * @author tlenz + * + */ +public class DummyAuthConfigMap implements IConfigurationWithSP { + + private Map config = new HashMap<>(); + + /** + * Creates an emptry configuration. + * + */ + public DummyAuthConfigMap() { + + } + + /** + * Dummy Application-configuration. + * + * @param configIs Property based configuration + * @throws IOException In case of an configuration read error + */ + public DummyAuthConfigMap(final InputStream configIs) throws IOException { + + final Properties props = new Properties(); + props.load(configIs); + + config = KeyValueUtils.convertPropertiesToMap(props); + + } + + /** + * Dummy Application-configuration. + * + * @param path Path to property based configuration + * @throws IOException In case of an configuration read error + */ + public DummyAuthConfigMap(final String path) throws IOException { + + final Properties props = new Properties(); + props.load(this.getClass().getResourceAsStream(path)); + + config = KeyValueUtils.convertPropertiesToMap(props); + + } + + @Override + public String getBasicConfiguration(final String key) { + return config.get(key); + + } + + @Override + public String getBasicConfiguration(final String key, final String defaultValue) { + final String value = getBasicConfiguration(key); + if (StringUtils.isEmpty(value)) { + return defaultValue; + } else { + return value; + } + + } + + @Override + public boolean getBasicConfigurationBoolean(final String key) { + final String value = getBasicConfiguration(key); + if (StringUtils.isEmpty(value)) { + return false; + } else { + return Boolean.valueOf(value); + } + } + + @Override + public boolean getBasicConfigurationBoolean(final String key, final boolean defaultValue) { + return Boolean.parseBoolean(getBasicConfiguration(key, String.valueOf(defaultValue))); + + } + + @Override + public Map getBasicConfigurationWithPrefix(final String prefix) { + return KeyValueUtils.getSubSetWithPrefix(config, prefix); + + } + + @Override + public ISpConfiguration getServiceProviderConfiguration(final String uniqueID) + throws EaafConfigurationException { + return null; + } + + @Override + public T getServiceProviderConfiguration(final String spIdentifier, final Class decorator) + throws EaafConfigurationException { + return null; + } + + @Override + public URI getConfigurationRootDirectory() { + return new java.io.File(".").toURI(); + + } + + @Override + public String validateIdpUrl(final URL authReqUrl) throws EaafException { + return null; + } + + public void putConfigValue(final String key, final String value) { + config.put(key, value); + } + + public void removeConfigValue(final String key) { + config.remove(key); + + } + + public void clearAllConfig() { + config.clear(); + } + +} diff --git a/eaaf_core_utils/src/test/resources/data/junit_without_trustcerts.jks b/eaaf_core_utils/src/test/resources/data/junit_without_trustcerts.jks new file mode 100644 index 00000000..b5262cb8 Binary files /dev/null and b/eaaf_core_utils/src/test/resources/data/junit_without_trustcerts.jks differ diff --git a/eaaf_core_utils/src/test/resources/data/junit_without_trustcerts.p12 b/eaaf_core_utils/src/test/resources/data/junit_without_trustcerts.p12 new file mode 100644 index 00000000..c3fe2681 Binary files /dev/null and b/eaaf_core_utils/src/test/resources/data/junit_without_trustcerts.p12 differ diff --git a/eaaf_core_utils/src/test/resources/data/test.crt b/eaaf_core_utils/src/test/resources/data/test.crt new file mode 100644 index 00000000..76c18361 --- /dev/null +++ b/eaaf_core_utils/src/test/resources/data/test.crt @@ -0,0 +1,3 @@ +-----BEGIN CERTIFICATE----- +MIIEXDCCA0SgAwIBAgIEY4Qn3zANBgkqhkiG9w0BAQsFADCBpzELMAkGA1UEBhMCQVQxSDBGBgNVBAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3RyLiBEYXRlbnZlcmtlaHIgR21iSDEmMCQGA1UECwwdYS1zaWduLVRlc3QtUHJlbWl1bS1Nb2JpbGUtMDUxJjAkBgNVBAMMHWEtc2lnbi1UZXN0LVByZW1pdW0tTW9iaWxlLTA1MB4XDTE5MTIxMzEzNDg0N1oXDTI0MTIxMzEzNDg0N1owYDELMAkGA1UEBhMCQVQxFzAVBgNVBAMMDk1heCBNdXN0ZXJtYW5uMRMwEQYDVQQEDApNdXN0ZXJtYW5uMQwwCgYDVQQqDANNYXgxFTATBgNVBAUTDDgxNjkyMjY1ODM0ODBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAUAVvbow4O/DMA5ZZoPHQXe0rtf86lvH8GLM/Crz1vvRYyQ5D4ESYRFy+s3zHdLqhE4l8I95i9jz2qTvof46mqjggGfMIIBmzCBggYIKwYBBQUHAQEEdjB0MEkGCCsGAQUFBzAChj1odHRwOi8vd3d3LmEtdHJ1c3QuYXQvY2VydHMvYS1zaWduLXRlc3QtcHJlbWl1bS1tb2JpbGUtMDUuY3J0MCcGCCsGAQUFBzABhhtodHRwOi8vb2NzcC5hLXRydXN0LmF0L29jc3AwEwYDVR0jBAwwCoAITuhoD/7N29AwEQYDVR0OBAoECEyqhgBwLul2MA4GA1UdDwEB/wQEAwIGwDAJBgNVHRMEAjAAMIGGBgNVHSAEfzB9MHsGBiooABEBBDBxMDgGCCsGAQUFBwICMCwaKkRpZXNlcyBaZXJ0aWZpa2F0IGRpZW50IG51ciB6dSBUZXN0endlY2tlbjA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3MvY3AvYS1zaWduLVRFU1QwSAYDVR0fBEEwPzA9oDugOYY3aHR0cDovL2NybC5hLXRydXN0LmF0L2NybC9hLXNpZ24tdGVzdC1wcmVtaXVtLW1vYmlsZS0wNTANBgkqhkiG9w0BAQsFAAOCAQEATD4ZnrEV+xeT7PFI/idqHdElLZ1BVUO9G9qfQQn4oKNCWWHxMo/ZXSlvsOtTjFezCQFkcFO1eJtXNHCyqfr69jorzhZcicscNRMrDlJoB/sJr0l/Ekjlt/dgRaTuZ7NzWE/oTefI3M3xkkLd0ydAMrhrZx+9f82VE3k63I1fmT90kQ8PfDzAMMRmlwbZDA+2TB8iF7SQkOOL6H1j2L9qrhjlG2ekU4cyx6KMkRjLLbr1JVgS07qOzUkeQPR2KTJcWWR+/NQZWDKdOz97eVOulxeI+Y3y96arraGM7lIbV9ZrpkbUn/IxQ9TQTE5X02EipgnZdR7bZrwJ7hJ27vwnfQ== +-----END CERTIFICATE----- diff --git a/eaaf_core_utils/src/test/resources/spring/test_eaaf_pvp_lazy.beans.xml b/eaaf_core_utils/src/test/resources/spring/test_eaaf_pvp_lazy.beans.xml new file mode 100644 index 00000000..210b88be --- /dev/null +++ b/eaaf_core_utils/src/test/resources/spring/test_eaaf_pvp_lazy.beans.xml @@ -0,0 +1,23 @@ + + + + + + + + + + + \ No newline at end of file diff --git a/eaaf_core_utils/src/test/resources/spring/test_eaaf_pvp_not_lazy.beans.xml b/eaaf_core_utils/src/test/resources/spring/test_eaaf_pvp_not_lazy.beans.xml new file mode 100644 index 00000000..402e07f9 --- /dev/null +++ b/eaaf_core_utils/src/test/resources/spring/test_eaaf_pvp_not_lazy.beans.xml @@ -0,0 +1,19 @@ + + + + + + + + + \ No newline at end of file diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java index 1b14c92d..b9d0161f 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java @@ -33,13 +33,6 @@ import javax.annotation.Nonnull; import javax.annotation.Nullable; import javax.naming.ConfigurationException; -import at.gv.egiz.components.spring.api.IDestroyableObject; -import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpAddableChainingMetadataProvider; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider; - import org.apache.commons.lang3.StringUtils; import org.joda.time.DateTime; import org.opensaml.core.criterion.EntityIdCriterion; @@ -50,6 +43,12 @@ import org.opensaml.saml.metadata.resolver.filter.MetadataFilter; import org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver; import org.opensaml.saml.saml2.metadata.EntityDescriptor; +import at.gv.egiz.components.spring.api.IDestroyableObject; +import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpAddableChainingMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider; import lombok.extern.slf4j.Slf4j; import net.shibboleth.utilities.java.support.annotation.constraint.NonnullElements; import net.shibboleth.utilities.java.support.component.IdentifiedComponent; @@ -408,13 +407,6 @@ public abstract class AbstractChainingMetadataProvider implements IGarbageCollec private void addAndRemoveMetadataProvider() throws EaafConfigurationException { log.info("EAAF chaining metadata resolver starting internal managment task .... "); - /* - * OpenSAML ChainingMetadataProvider can not remove a MetadataProvider - * (UnsupportedOperationException) The ChainingMetadataProvider use internal a - * unmodifiableList to hold all registrated MetadataProviders. - */ - final Map providersinuse = new HashMap<>(); - // get all actually loaded metadata providers final Map loadedproviders = getAllActuallyLoadedResolvers(); @@ -438,7 +430,6 @@ public abstract class AbstractChainingMetadataProvider implements IGarbageCollec if (StringUtils.isNotEmpty(metadataurl) && loadedproviders.containsKey(metadataurl)) { // SAML2 SP is actually loaded, to nothing - providersinuse.put(metadataurl, loadedproviders.get(metadataurl)); loadedproviders.remove(metadataurl); } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java index bf551c0e..6477d8ff 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java @@ -19,15 +19,9 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.utils; -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.io.InputStream; import java.security.KeyStore; import java.security.KeyStoreException; -import java.security.Security; import java.security.cert.Certificate; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Collections; @@ -37,27 +31,24 @@ import java.util.List; import javax.annotation.Nonnull; import javax.annotation.PostConstruct; -import at.asitplus.hsmfacade.provider.HsmFacadeProvider; -import at.asitplus.hsmfacade.provider.RemoteKeyStoreLoadParameter; +import org.apache.commons.lang3.StringUtils; +import org.apache.xml.security.algorithms.JCEMapper; +import org.opensaml.security.credential.UsageType; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.core.io.ResourceLoader; + import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider; import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.EaafKeyStoreX509CredentialAdapter; - -import org.apache.commons.lang3.StringUtils; -import org.apache.xml.security.algorithms.JCEMapper; -import org.opensaml.security.credential.UsageType; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.annotation.Lazy; -import org.springframework.core.io.Resource; -import org.springframework.core.io.ResourceLoader; - import lombok.extern.slf4j.Slf4j; @Slf4j @@ -70,6 +61,9 @@ public abstract class AbstractCredentialProvider implements IPvp2CredentialProvi @Autowired protected IConfiguration basicConfig; + @Autowired + private EaafKeyStoreFactory keyStoreFactory; + private KeyStore keyStore = null; /** @@ -78,23 +72,18 @@ public abstract class AbstractCredentialProvider implements IPvp2CredentialProvi * * @return keyStore friendlyName */ - public abstract String getFriendlyName(); + public final String getFriendlyName() { + return getBasicKeyStoreConfig().getFriendlyName(); - /** - * Get KeyStore. - * - * @return URL to the keyStore - * @throws EaafException In case of an invalid filepath - */ - @Nonnull - public abstract String getKeyStoreFilePath() throws EaafException; + } /** - * Get keyStore password. + * Get the basic KeyStore configuration object for this SAML2 credential. * - * @return Password of the keyStore + * @return KeyStore configuration object */ - public abstract String getKeyStorePassword(); + @Nonnull + public abstract KeyStoreConfiguration getBasicKeyStoreConfig(); /** * Get alias of key for metadata signing. @@ -161,8 +150,6 @@ public abstract class AbstractCredentialProvider implements IPvp2CredentialProvi } } - - /** * Get Credentials to sign SAML2 messages, like AuthnRequest, Response, * Assertions as some examples. @@ -257,56 +244,36 @@ public abstract class AbstractCredentialProvider implements IPvp2CredentialProvi } - private X509Certificate getRootCertificate() throws CertificateException { - String pem = "-----BEGIN CERTIFICATE-----\n" + - "MIIDFDCCAfygAwIBAgIEXIjqbjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARy\n" + - "b290MB4XDTE5MDMxMzExMzMwMloXDTIwMDMxMjExMzMwMlowDzENMAsGA1UEAwwE\n" + - "cm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKijWXfb7bvQ7CIw\n" + - "FuyuPUz+aN7uBgSSnpYamtzjagacdtGR2V2OVHfjVHhw+cSoNPaEEV2x0O9A+w8F\n" + - "FCatBT30l7/2scuJmrdXYlIhd17NU6HG/HKYvRYROkXrprsbdZobWqdF/zShLIvv\n" + - "0bwconAu7AxwlDgNJQz2pL0e94OkCT5rZyA4HFgzJ34XynXaCMbUbVXxVk6EuNaX\n" + - "hbyco0qhjOjSn7Rwk3iXp21V4vcYRVq44sG3ieU6jHq6LKmYSGJ1y0yv9ADYJwSp\n" + - "jCzRbOEKe/7QVvZIyzzqjhO3SAHONuFNX0V6zPCgMCjUOgHuOIEKLJR9p0YYYocX\n" + - "GBLcVuECAwEAAaN4MHYwDAYDVR0TBAUwAwEB/zA6BgNVHSMEMzAxgBQueuDUlVbB\n" + - "LBjP+iRFr6lUDBh58qETpBEwDzENMAsGA1UEAwwEcm9vdIIEXIjqbjAdBgNVHQ4E\n" + - "FgQULnrg1JVWwSwYz/okRa+pVAwYefIwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEB\n" + - "CwUAA4IBAQCEYSVpiKFO7FjCqTlkxNBY7e7891dq43DfX9i/Hb/AIvZDPe/RC46t\n" + - "EXd9LN7QYaXe35U5ZD1q7qmK7NoFJ9zp4D4mxA2iiBHz40GnRt+0abNdQiyw913W\n" + - "s/VIElAOv0tvCw+3SwzvLRU/AVCM1weW6IUbYv/Ty5zmLBsG3do3MmVF3cqXho2m\n" + - "pNaiubuaUsR8Ms1LqIr6R7Yf8MKSrgYWCOw60gj5O64RHnEJli52D+S/8Cue5GvG\n" + - "ECckmgLgGsRcWfFwRqqS7+XWt8Dv8xxD5vurvcs547Hn28kSHtF2i+KYLDVH2QjN\n" + - "dbO0qgEJlMPi7oGrsNjIkndrWseNrPA4\n" + - "-----END CERTIFICATE-----\n"; - return (java.security.cert.X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(pem.getBytes())); - } - - @Lazy @PostConstruct private void initialize() throws Exception { try { - final HsmFacadeProvider provider = HsmFacadeProvider.Companion.getInstance(); - String clientUsername = "shibboleth-idp"; - String clientPassword = "supersecret123"; - String host = "localhost"; - int port = 9000; - String hsmName = "software"; - String keyStoreName = "shibboleth"; - String keyStoreAlias = "shibboleth-sign"; - - provider.init(getRootCertificate(), clientUsername, clientPassword, host, port, hsmName); - Security.addProvider(provider); - //Security.insertProviderAt(provider, 1); - JCEMapper.setProviderId(provider.getName()); - keyStore = KeyStore.getInstance("RemoteKeyStore", "HsmFacade"); - keyStore.load(new RemoteKeyStoreLoadParameter(keyStoreName)); - - if (keyStore == null) { - throw new EaafConfigurationException("module.00", - new Object[] { getFriendlyName(), "KeyStore initialization failed. Maybe wrong password" }); + final KeyStoreConfiguration keyStoreConfig = getBasicKeyStoreConfig(); + keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig); + + if (JCEMapper.getProviderId() != null + && !JCEMapper.getProviderId().equals(keyStore.getProvider().getName())) { + log.error("OpenSAML3.x can ONLY use a single type of CryptoProvider in an application. " + + "Can NOT set: {}, because {} was already set", keyStore.getProvider().getName(), + JCEMapper.getProviderId()); + throw new EaafConfigurationException(EaafKeyStoreFactory.ERRORCODE_06, + new Object[] { keyStoreConfig.getFriendlyName(), + "OpenSAML3.x can ONLY use a single type of CryptoProvider" }); + + } + + // Set JCEMapper only in case of HSM based KeyStores because Software KeyStores + // can use + // the default SecurityProvider system in OpenSAML3.x signing engine + if (!KeyStoreType.JKS.equals(keyStoreConfig.getKeyStoreType()) + && !KeyStoreType.PKCS12.equals(keyStoreConfig.getKeyStoreType()) + && JCEMapper.getProviderId() == null) { + log.info("Register CryptoProvider: {} as defaut for OpenSAML3.x", + keyStore.getProvider().getName()); + JCEMapper.setProviderId(keyStore.getProvider().getName()); } - } catch (IOException | KeyStoreException | EaafException e) { + } catch (final EaafException e) { log.error("Can not initialize KeyStore for eIDAS authentication client.", e); throw e; diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/CredentialProviderTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/CredentialProviderTest.java index 7d95204b..3ba4629e 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/CredentialProviderTest.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/CredentialProviderTest.java @@ -3,14 +3,8 @@ package at.gv.egiz.eaaf.modules.pvp2.test; import java.security.cert.X509Certificate; import java.util.List; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.impl.idp.module.test.DummyAuthConfigMap; -import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; -import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; -import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; -import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider; - import org.apache.commons.lang3.RandomStringUtils; +import org.apache.xml.security.algorithms.JCEMapper; import org.junit.Assert; import org.junit.Before; import org.junit.Test; @@ -23,6 +17,14 @@ import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.TestPropertySource; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummyAuthConfigMap; +import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; +import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider; + @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration({ @@ -34,9 +36,14 @@ public class CredentialProviderTest { private static final String PATH_JKS_WITH_TRUST_CERTS = "src/test/resources/data/junit.jks"; private static final String PATH_JKS_WITHOUT_TRUST_CERTS = "src/test/resources/data/junit_without_trustcerts.jks"; - private static final String ALIAS_METADATA = "shibboleth-sign"; - private static final String ALIAS_SIGN = "shibboleth-sign"; - private static final String ALIAS_ENC = "shibboleth-sign"; + //private static final String HSMF_ALIAS_METADATA = "shibboleth-sign"; + //private static final String HSMF_ALIAS_SIGN = "shibboleth-sign"; + //private static final String HSMF_ALIAS_ENC = "shibboleth-sign"; + + private static final String ALIAS_METADATA = "meta"; + private static final String ALIAS_SIGN = "sig"; + private static final String ALIAS_ENC = "meta"; + private static final String PASSWORD = "password"; @@ -59,6 +66,8 @@ public class CredentialProviderTest { config.removeConfigValue(DummyCredentialProvider.KEY_ENCRYPTION_ALIAS); config.removeConfigValue(DummyCredentialProvider.KEY_ENCRYPTION_PASSWORD); + + JCEMapper.setProviderId(null); } @@ -86,7 +95,7 @@ public class CredentialProviderTest { Assert.fail("No KeyStore not detected"); } catch (final BeansException e) { - org.springframework.util.Assert.isInstanceOf(java.io.FileNotFoundException.class, + org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e.getCause(), "Wrong exception"); } @@ -101,7 +110,7 @@ public class CredentialProviderTest { Assert.fail("No KeyStore not detected"); } catch (final BeansException e) { - org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, + org.springframework.util.Assert.isInstanceOf(EaafFactoryException.class, e.getCause(), "Wrong exception"); } @@ -382,6 +391,33 @@ public class CredentialProviderTest { } + @Test + @DirtiesContext + public void otherKeyStoreTypeAlreadyLoaded() throws CredentialsNotAvailableException { + config.putConfigValue(DummyCredentialProvider.KEYSTORE_PATH, PATH_JKS_WITHOUT_TRUST_CERTS); + + config.putConfigValue(PvpConstants.CONFIG_PROP_SEC_SIGNING_RSA_ALG, + "RSA-SIG_" + RandomStringUtils.randomAlphabetic(10)); + config.putConfigValue(PvpConstants.CONFIG_PROP_SEC_SIGNING_EC_ALG, + "EC-SIG_" + RandomStringUtils.randomAlphabetic(10)); + config.putConfigValue(PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_RSA_ALG, + "RSA_ENC_" + RandomStringUtils.randomAlphabetic(10)); + config.putConfigValue(PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_EC_ALG, + "EC-ENC_" + RandomStringUtils.randomAlphabetic(10)); + + try { + JCEMapper.setProviderId(RandomStringUtils.randomAlphabetic(5)); + + context.getBean(DummyCredentialProvider.class); + + } catch (final BeansException e) { + org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, + e.getCause(), "Wrong exception"); + + } + + } + @Test @DirtiesContext public void notKeyConfiguration() { diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java index b9f1326d..0f8eff72 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java @@ -1,15 +1,12 @@ package at.gv.egiz.eaaf.modules.pvp2.test.dummy; -import java.net.MalformedURLException; +import org.springframework.beans.factory.annotation.Autowired; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.impl.utils.FileUtils; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; -import org.springframework.beans.factory.annotation.Autowired; - public class DummyCredentialProvider extends AbstractCredentialProvider { @Autowired IConfiguration basicConfig; @@ -26,32 +23,26 @@ public class DummyCredentialProvider extends AbstractCredentialProvider { public static final String KEY_ENCRYPTION_ALIAS = "key.enc.alias"; public static final String KEY_ENCRYPTION_PASSWORD = "key.enc.pass"; + private static final String KEYSTORENAME = "jUnit test credential provider"; + @Override - public String getFriendlyName() { - return "jUnit test credential provider"; + public KeyStoreConfiguration getBasicKeyStoreConfig() { + KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); + keyStoreConfig.setKeyStoreType(KeyStoreType.JKS); + keyStoreConfig.setFriendlyName(KEYSTORENAME); + + keyStoreConfig.setSoftKeyStoreFilePath(getKeyStoreFilePath()); + keyStoreConfig.setSoftKeyStorePassword(getKeyStorePassword()); + + return keyStoreConfig; } - @Override - public String getKeyStoreFilePath() throws EaafException { + public String getKeyStoreFilePath() { final String path = basicConfig.getBasicConfiguration(KEYSTORE_PATH); - - if (path != null) { - try { - return FileUtils.makeAbsoluteUrl( - path, - basicConfig.getConfigurationRootDirectory()); - - } catch (final MalformedURLException e) { - throw new EaafConfigurationException("internel test error", null, e); - - } - } - - throw new EaafConfigurationException("No keyStore path", null); - + return path; + } - @Override public String getKeyStorePassword() { return basicConfig.getBasicConfiguration(KEYSTORE_PASSWORD); } @@ -86,4 +77,5 @@ public class DummyCredentialProvider extends AbstractCredentialProvider { return basicConfig.getBasicConfiguration(KEY_ENCRYPTION_PASSWORD); } + } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/config/config_1.props b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/config/config_1.props index 60cecebb..164b8807 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/config/config_1.props +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/config/config_1.props @@ -1,8 +1,8 @@ keystore.path=classpath:/data/junit.jks keystore.pass=password -key.metadata.alias=shibboleth-sign +key.metadata.alias=meta key.metadata.pass=password -key.sig.alias=shibboleth-sign +key.sig.alias=sig key.sig.pass=password key.enc.alias= key.enc.pass= diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/config/config_2.props b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/config/config_2.props new file mode 100644 index 00000000..60cecebb --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/config/config_2.props @@ -0,0 +1,12 @@ +keystore.path=classpath:/data/junit.jks +keystore.pass=password +key.metadata.alias=shibboleth-sign +key.metadata.pass=password +key.sig.alias=shibboleth-sign +key.sig.pass=password +key.enc.alias= +key.enc.pass= + +client.http.connection.timeout.socket=2 +client.http.connection.timeout.connection=2 +client.http.connection.timeout.request=2 \ No newline at end of file diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core.beans.xml b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core.beans.xml index 3b2d0a28..5e3f0b9b 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core.beans.xml +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core.beans.xml @@ -19,4 +19,7 @@ + + \ No newline at end of file diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core_spring_config.beans.xml b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core_spring_config.beans.xml index c1660a70..5aef9544 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core_spring_config.beans.xml +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/spring/test_eaaf_core_spring_config.beans.xml @@ -15,4 +15,7 @@ + + \ No newline at end of file diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/config/config_1.props b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/config/config_1.props index 5dea3d51..164b8807 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/config/config_1.props +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/config/config_1.props @@ -1,14 +1,12 @@ keystore.path=classpath:/data/junit.jks keystore.pass=password -key.metadata.alias=shibboleth-sign +key.metadata.alias=meta key.metadata.pass=password -key.sig.alias=shibboleth-sign +key.sig.alias=sig key.sig.pass=password key.enc.alias= key.enc.pass= -pvp2.assertion.encryption.active=true - client.http.connection.timeout.socket=2 client.http.connection.timeout.connection=2 client.http.connection.timeout.request=2 \ No newline at end of file diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/config/config_2.props b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/config/config_2.props new file mode 100644 index 00000000..60cecebb --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/config/config_2.props @@ -0,0 +1,12 @@ +keystore.path=classpath:/data/junit.jks +keystore.pass=password +key.metadata.alias=shibboleth-sign +key.metadata.pass=password +key.sig.alias=shibboleth-sign +key.sig.pass=password +key.enc.alias= +key.enc.pass= + +client.http.connection.timeout.socket=2 +client.http.connection.timeout.connection=2 +client.http.connection.timeout.request=2 \ No newline at end of file diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_core.beans.xml b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_core.beans.xml index 375224bb..8c0b8596 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_core.beans.xml +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_core.beans.xml @@ -21,5 +21,8 @@ + + \ No newline at end of file -- cgit v1.2.3