From 0d52fe861a46f8ba595bdd34b106c98096c4304b Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 18 Jun 2020 14:39:29 +0200 Subject: add symmetric-key functionality into EaafKeyStoreFactory that supports passphrase based symmetric keys and keys from HSM-Facade --- .../test/credentials/EaafKeyStoreFactoryTest.java | 162 +++++++++++++++++++++ .../credentials/SymmetricKeyConfigurationTest.java | 162 +++++++++++++++++++++ 2 files changed, 324 insertions(+) create mode 100644 eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/SymmetricKeyConfigurationTest.java (limited to 'eaaf_core_utils/src/test') diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java index cefb1e7e..fc945fdd 100644 --- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java +++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java @@ -7,6 +7,8 @@ import java.security.Provider; import java.security.cert.X509Certificate; import java.util.List; +import javax.crypto.SecretKey; + import org.apache.commons.lang3.RandomStringUtils; import org.junit.Assert; import org.junit.Before; @@ -33,6 +35,8 @@ import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils; import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; +import at.gv.egiz.eaaf.core.impl.credential.SymmetricKeyConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.SymmetricKeyConfiguration.SymmetricKeyType; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap; import io.grpc.StatusRuntimeException; @@ -372,6 +376,67 @@ public class EaafKeyStoreFactoryTest { } @Test + @DirtiesContext + public void symmetricSoftwareKeyWithOutConfig() { + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + + SymmetricKeyConfiguration keyConfig = new SymmetricKeyConfiguration(); + keyConfig.setFriendlyName("jUnit test"); + keyConfig.setKeyType(SymmetricKeyType.PASSPHRASE); + try { + keyStoreFactory.buildNewSymmetricKey(keyConfig); + Assert.fail("Wrong config not detected"); + + } catch (final EaafException e) { + org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e, "Wong ExceptionType"); + Assert.assertEquals("wrong errorCode", "internal.key.00", e.getErrorId()); + + } + } + + @Test + @DirtiesContext + public void symmetricSoftwareKeyWithOutSalt() { + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + + SymmetricKeyConfiguration keyConfig = new SymmetricKeyConfiguration(); + keyConfig.setFriendlyName("jUnit test"); + keyConfig.setKeyType(SymmetricKeyType.PASSPHRASE); + keyConfig.setSoftKeyPassphrase(RandomStringUtils.randomAlphanumeric(10)); + try { + keyStoreFactory.buildNewSymmetricKey(keyConfig); + Assert.fail("Wrong config not detected"); + + } catch (final EaafException e) { + org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e, "Wong ExceptionType"); + Assert.assertEquals("wrong errorCode", "internal.key.00", e.getErrorId()); + + } + } + + @Test + @DirtiesContext + public void symmetricSoftwareKeyValid() throws EaafException { + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + + SymmetricKeyConfiguration keyConfig = new SymmetricKeyConfiguration(); + keyConfig.setFriendlyName("jUnit test"); + keyConfig.setKeyType(SymmetricKeyType.PASSPHRASE); + keyConfig.setSoftKeyPassphrase(RandomStringUtils.randomAlphanumeric(10)); + keyConfig.setSoftKeySalt(RandomStringUtils.randomAlphanumeric(10)); + + Pair key = keyStoreFactory.buildNewSymmetricKey(keyConfig); + Assert.assertNotNull("Key container is null", key); + Assert.assertNotNull("Key is null", key.getFirst()); + Assert.assertNull("Provider is not null", key.getSecond()); + + } + + @Test + @DirtiesContext public void hsmFacadeOnlyHostConfig() { mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, RandomStringUtils.randomNumeric(10)); @@ -386,6 +451,7 @@ public class EaafKeyStoreFactoryTest { } @Test + @DirtiesContext public void hsmFacadeMissingPort() { mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, RandomStringUtils.randomNumeric(10)); @@ -405,6 +471,7 @@ public class EaafKeyStoreFactoryTest { } @Test + @DirtiesContext public void hsmFacadeMissingUsername() { mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, RandomStringUtils.randomNumeric(10)); @@ -423,6 +490,7 @@ public class EaafKeyStoreFactoryTest { } @Test + @DirtiesContext public void hsmFacadeMissingPassword() { mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, RandomStringUtils.randomNumeric(10)); @@ -442,6 +510,7 @@ public class EaafKeyStoreFactoryTest { } @Test + @DirtiesContext public void hsmFacadeMissingTrustedCertificate() { mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, RandomStringUtils.randomNumeric(10)); @@ -463,6 +532,7 @@ public class EaafKeyStoreFactoryTest { } @Test + @DirtiesContext public void hsmFacadeMissingTrustedCertificateFile() { mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, RandomStringUtils.randomNumeric(10)); @@ -486,6 +556,7 @@ public class EaafKeyStoreFactoryTest { } @Test + @DirtiesContext public void hsmFacadeMissingWrongTrustedCertificate() { mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, RandomStringUtils.randomNumeric(10)); @@ -577,6 +648,97 @@ public class EaafKeyStoreFactoryTest { } } + @Test + @DirtiesContext + public void symmetricHsmFacadeKeyWithOutConfig() { + configureHsmFacade(); + + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + + SymmetricKeyConfiguration keyConfig = new SymmetricKeyConfiguration(); + keyConfig.setFriendlyName("jUnit test"); + keyConfig.setKeyType(SymmetricKeyType.HSMFACADE); + try { + keyStoreFactory.buildNewSymmetricKey(keyConfig); + Assert.fail("Wrong config not detected"); + + } catch (final EaafException e) { + org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e, "Wong ExceptionType"); + Assert.assertEquals("wrong errorCode", "internal.keystore.06", e.getErrorId()); + + } + } + + @Test + @DirtiesContext + public void symmetricHsmFacadeKeyWithOutKeyAlias() { + configureHsmFacade(); + + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + + SymmetricKeyConfiguration keyConfig = new SymmetricKeyConfiguration(); + keyConfig.setFriendlyName("jUnit test"); + keyConfig.setKeyType(SymmetricKeyType.HSMFACADE); + keyConfig.setKeyStoreName("authhandler"); + try { + keyStoreFactory.buildNewSymmetricKey(keyConfig); + Assert.fail("Wrong config not detected"); + + } catch (final EaafException e) { + org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e, "Wong ExceptionType"); + Assert.assertEquals("wrong errorCode", "internal.key.00", e.getErrorId()); + + } + } + + @Test + @DirtiesContext + public void symmetricHsmFacadeKeyWrongKeyAlias() { + configureHsmFacade(); + + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + + SymmetricKeyConfiguration keyConfig = new SymmetricKeyConfiguration(); + keyConfig.setFriendlyName("jUnit test"); + keyConfig.setKeyType(SymmetricKeyType.HSMFACADE); + keyConfig.setKeyStoreName("authhandler"); + keyConfig.setKeyAlias("notExist"); + + try { + keyStoreFactory.buildNewSymmetricKey(keyConfig); + Assert.fail("Wrong config not detected"); + + } catch (final EaafException e) { + org.springframework.util.Assert.isInstanceOf(EaafKeyAccessException.class, e, "Wong ExceptionType"); + Assert.assertEquals("wrong errorCode", "internal.keystore.09", e.getErrorId()); + + } + } + + @Test + @DirtiesContext + public void symmetricHsmFacadeKeyValid() throws EaafException { + configureHsmFacade(); + + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + + SymmetricKeyConfiguration keyConfig = new SymmetricKeyConfiguration(); + keyConfig.setFriendlyName("jUnit test"); + keyConfig.setKeyType(SymmetricKeyType.HSMFACADE); + keyConfig.setKeyStoreName("authhandler"); + keyConfig.setKeyAlias("aes-key-1"); + + Pair key = keyStoreFactory.buildNewSymmetricKey(keyConfig); + Assert.assertNotNull("Key container is null", key); + Assert.assertNotNull("Key is null", key.getFirst()); + Assert.assertNotNull("Provider is null", key.getFirst()); + + } + @Test @DirtiesContext public void hsmFacadeKeyStoreSuccessASitTestFacade() throws EaafException, KeyStoreException { diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/SymmetricKeyConfigurationTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/SymmetricKeyConfigurationTest.java new file mode 100644 index 00000000..eb4eb212 --- /dev/null +++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/SymmetricKeyConfigurationTest.java @@ -0,0 +1,162 @@ +package at.gv.egiz.eaaf.core.test.credentials; + +import java.util.HashMap; +import java.util.Map; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.BlockJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.impl.credential.SymmetricKeyConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.SymmetricKeyConfiguration.SymmetricKeyType; + +@RunWith(BlockJUnit4ClassRunner.class) +public class SymmetricKeyConfigurationTest { + + private Map config; + + @Before + public void testSetup() { + config = new HashMap<>(); + + } + + @Test + public void emptyConfigMap() { + try { + SymmetricKeyConfiguration.buildFromConfigurationMap(config, "jUnitTest"); + Assert.fail("Wrong config not detected"); + + } catch (final EaafConfigurationException e) { + Assert.assertEquals("wrong errorCode", "internal.keystore.04", e.getErrorId()); + } + } + + @Test + public void emptyKeyType() { + try { + config.put("key.type", ""); + + SymmetricKeyConfiguration.buildFromConfigurationMap(config, "jUnitTest"); + Assert.fail("Wrong config not detected"); + + } catch (final EaafConfigurationException e) { + Assert.assertEquals("wrong errorCode", "internal.keystore.04", e.getErrorId()); + } + } + + @Test + public void unknownKeyType() { + try { + config.put("key.type", "test"); + + SymmetricKeyConfiguration.buildFromConfigurationMap(config, "jUnitTest"); + Assert.fail("Wrong config not detected"); + + } catch (final EaafConfigurationException e) { + Assert.assertEquals("wrong errorCode", "internal.keystore.01", e.getErrorId()); + } + } + + @Test + public void hsmFacadeKeyTypeMissingName() { + try { + config.put("key.type", "hsmfacade"); + + SymmetricKeyConfiguration.buildFromConfigurationMap(config, "jUnitTest"); + Assert.fail("Wrong config not detected"); + + } catch (final EaafConfigurationException e) { + Assert.assertEquals("wrong errorCode", "internal.keystore.04", e.getErrorId()); + } + } + + @Test + public void hsmFacadeKeyTypeMissingAlias() { + try { + final String keyStoreName = RandomStringUtils.randomAlphabetic(5); + config.put("key.type", "hsmfacade"); + config.put("keystore.name", keyStoreName); + + SymmetricKeyConfiguration.buildFromConfigurationMap(config, "jUnitTest"); + Assert.fail("Wrong config not detected"); + + } catch (final EaafConfigurationException e) { + Assert.assertEquals("wrong errorCode", "internal.keystore.04", e.getErrorId()); + } + } + + @Test + public void hsmFacadeKeyTypeSucces() throws EaafConfigurationException { + final String keyStoreName = RandomStringUtils.randomAlphabetic(5); + final String keyAlias = RandomStringUtils.randomAlphabetic(5); + config.put("key.type", "hsmfacade"); + config.put("keystore.name", keyStoreName); + config.put("key.alias", keyAlias); + + final SymmetricKeyConfiguration keyStoreConfig = SymmetricKeyConfiguration.buildFromConfigurationMap(config, + "jUnitTest"); + + Assert.assertNotNull("KeyStore config object", keyStoreConfig); + Assert.assertEquals("Wrong Type", SymmetricKeyType.HSMFACADE, keyStoreConfig.getKeyType()); + Assert.assertEquals("Wrong KeyStoreName", keyStoreName, keyStoreConfig.getKeyStoreName()); + Assert.assertEquals("Wrong KeyStoreName", keyAlias, keyStoreConfig.getKeyAlias()); + + + keyStoreConfig.validate(); + + } + + @Test + public void passphraseKeyTypeMissingPassphrase() { + try { + config.put("key.type", "passphrase"); + + SymmetricKeyConfiguration.buildFromConfigurationMap(config, "jUnitTest"); + Assert.fail("Wrong config not detected"); + + } catch (final EaafConfigurationException e) { + Assert.assertEquals("wrong errorCode", "internal.keystore.04", e.getErrorId()); + } + } + + @Test + public void passphraseKeyTypeMissingSalt() { + try { + final String passphrase = RandomStringUtils.randomAlphabetic(5); + config.put("key.type", "passphrase"); + config.put("key.passphrase", passphrase); + + SymmetricKeyConfiguration.buildFromConfigurationMap(config, "jUnitTest"); + Assert.fail("Wrong config not detected"); + + } catch (final EaafConfigurationException e) { + Assert.assertEquals("wrong errorCode", "internal.keystore.04", e.getErrorId()); + } + } + + @Test + public void passphraseKeyTypeSucces() throws EaafConfigurationException { + final String passphrase = RandomStringUtils.randomAlphabetic(5); + final String salt = RandomStringUtils.randomAlphabetic(5); + config.put("key.type", "passphrase"); + config.put("key.passphrase", passphrase); + config.put("key.salt", salt); + + final SymmetricKeyConfiguration keyStoreConfig = SymmetricKeyConfiguration.buildFromConfigurationMap(config, + "jUnitTest"); + + Assert.assertNotNull("KeyStore config object", keyStoreConfig); + Assert.assertEquals("Wrong Type", SymmetricKeyType.PASSPHRASE, keyStoreConfig.getKeyType()); + Assert.assertEquals("Wrong KeyStoreName", passphrase, keyStoreConfig.getSoftKeyPassphrase()); + Assert.assertEquals("Wrong KeyStoreName", salt, keyStoreConfig.getSoftKeySalt()); + + keyStoreConfig.validate(); + + } +} + -- cgit v1.2.3