From 49cb8adfd8992dc8d21ff208d8dd93e0592e1be4 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 5 May 2020 12:28:28 +0200 Subject: first tests for SSL Client Auth. with HSM-Facade --- .../eaaf/core/test/http/HttpClientFactoryTest.java | 52 +++++++++++++++++++--- 1 file changed, 45 insertions(+), 7 deletions(-) (limited to 'eaaf_core_utils/src/test/java') diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryTest.java index 84c0b12c..140c74f5 100644 --- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryTest.java +++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryTest.java @@ -28,7 +28,6 @@ import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.http.HttpClientConfiguration; import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory; -import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap; import okhttp3.HttpUrl; import okhttp3.mockwebserver.MockResponse; import okhttp3.mockwebserver.MockWebServer; @@ -42,7 +41,6 @@ public class HttpClientFactoryTest { @Autowired private EaafKeyStoreFactory keyStoreFactory; @Autowired private IHttpClientFactory httpClientFactory; - @Autowired private DummyAuthConfigMap config; private MockWebServer mockWebServer = null; private HttpUrl mockServerUrl; @@ -53,11 +51,6 @@ public class HttpClientFactoryTest { */ @Before public void setup() { - config.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, ""); - config.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT, ""); - config.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST, ""); - config.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME, ""); - config.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD, ""); } @@ -335,4 +328,49 @@ public class HttpClientFactoryTest { Assert.assertEquals("http statusCode", 200, httpResp2.getStatusLine().getStatusCode()); } + + @Test + public void getCustomClientX509AuthWithHsmFacade() throws EaafException, ClientProtocolException, + IOException, KeyStoreException { + final HttpClientConfiguration config = new HttpClientConfiguration("jUnit"); + config.setAuthMode("ssl"); + config.buildKeyStoreConfig( + "hsmfacade", + null, + null, + "authhandler"); + config.setSslKeyPassword("password"); + config.setSslKeyAlias("authhandler-sign"); + config.setDisableTlsHostCertificateValidation(true); + + final CloseableHttpClient client = httpClientFactory.getHttpClient(config); + Assert.assertNotNull("httpClient", client); + + //set-up mock-up web-server with SSL client authentication + final Pair sslClientKeyStore = + keyStoreFactory.buildNewKeyStore(config.getKeyStoreConfig()); + final String localhost = InetAddress.getByName("localhost").getCanonicalHostName(); + final HeldCertificate localhostCertificate = new HeldCertificate.Builder() + .addSubjectAlternativeName(localhost) + .build(); + X509Certificate clientRootCert = (X509Certificate) sslClientKeyStore.getFirst() + .getCertificateChain(config.getSslKeyAlias())[1]; + + final HandshakeCertificates serverCertificates = new HandshakeCertificates.Builder() + .addTrustedCertificate(clientRootCert) + .heldCertificate(localhostCertificate) + .build(); + mockWebServer = new MockWebServer(); + mockWebServer.useHttps(serverCertificates.sslSocketFactory(), false); + mockWebServer.requireClientAuth(); + mockWebServer.enqueue(new MockResponse().setResponseCode(200) + .setBody("Successful auth!")); + mockServerUrl = mockWebServer.url("/sp/junit"); + + //perform test request + final HttpUriRequest httpGet2 = new HttpGet(mockServerUrl.url().toString()); + final CloseableHttpResponse httpResp2 = client.execute(httpGet2); + Assert.assertEquals("http statusCode", 200, httpResp2.getStatusLine().getStatusCode()); + + } } -- cgit v1.2.3