From c4e1a45e7958cab402d83f6f4ae208df1bb2ab58 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Fri, 14 Feb 2020 15:22:13 +0100
Subject: add common-code for KeyStore and Credential handling

---
 .../test/credentials/EaafKeyStoreFactoryTest.java  |  81 +++++++++++++++++++++
 eaaf_core_utils/src/test/resources/data/junit.jks  | Bin 0 -> 3980 bytes
 2 files changed, 81 insertions(+)
 create mode 100644 eaaf_core_utils/src/test/resources/data/junit.jks

(limited to 'eaaf_core_utils/src/test')

diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java
index 805000cb..c47805e8 100644
--- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java
+++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java
@@ -1,6 +1,10 @@
 package at.gv.egiz.eaaf.core.test.credentials;
 
+import java.security.Key;
 import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.cert.X509Certificate;
+import java.util.List;
 
 import org.apache.commons.lang3.RandomStringUtils;
 import org.junit.Assert;
@@ -20,12 +24,15 @@ import com.google.common.base.Predicates;
 import com.google.common.base.Throwables;
 import com.google.common.collect.FluentIterable;
 
+import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException;
 import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
 import at.gv.egiz.eaaf.core.exceptions.EaafException;
 import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException;
 import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils;
 import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
 import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap;
 import io.grpc.StatusRuntimeException;
 
@@ -34,6 +41,8 @@ import io.grpc.StatusRuntimeException;
 @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD)
 public class EaafKeyStoreFactoryTest {
 
+  private static final String PATH_TO_SOFTWARE_KEYSTORE_JKS_WITH_TRUSTED_CERTS =
+      "src/test/resources/data/junit.jks";
   private static final String PATH_TO_SOFTWARE_KEYSTORE_JKS =
       "src/test/resources/data/junit_without_trustcerts.jks";
   private static final String PATH_TO_SOFTWARE_KEYSTORE_PKCS12 =
@@ -254,10 +263,78 @@ public class EaafKeyStoreFactoryTest {
     keyStoreConfig.setSoftKeyStoreFilePath(PATH_TO_SOFTWARE_KEYSTORE_JKS);
     keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD);
     
+    keyStoreConfig.validate();
 
     final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig);
     Assert.assertNotNull("KeyStore is null", keyStore);
 
+  }
+  
+  @Test
+  @DirtiesContext
+  public void softwareKeyStoreAccessOperations() throws EaafException, KeyStoreException {
+    final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
+    Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
+
+    final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration();
+    keyStoreConfig.setKeyStoreType(KeyStoreType.JKS);
+    keyStoreConfig.setSoftKeyStoreFilePath(PATH_TO_SOFTWARE_KEYSTORE_JKS_WITH_TRUSTED_CERTS);
+    keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD);
+    
+    keyStoreConfig.validate();
+
+    final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig);
+    Assert.assertNotNull("KeyStore is null", keyStore);
+    
+    //read trusted certs
+    List<X509Certificate> trustedCerts = EaafKeyStoreUtils.readCertsFromKeyStore(keyStore);
+    Assert.assertNotNull("Trusted certs", trustedCerts);
+    Assert.assertEquals("Trusted certs size", 2, trustedCerts.size());
+
+    //read priv. key
+    Pair<Key, X509Certificate[]> privCred1 = EaafKeyStoreUtils.getPrivateKeyAndCertificates(
+        keyStore, "meta", "password".toCharArray(), true, "jUnit test");
+    Assert.assertNotNull("Credential 1", privCred1);
+    Assert.assertNotNull("Credential 1 priv. key", privCred1.getFirst());
+    Assert.assertNotNull("Credential 1 certificate", privCred1.getSecond());
+    
+    //read priv. key
+    Pair<Key, X509Certificate[]> privCred2 = EaafKeyStoreUtils.getPrivateKeyAndCertificates(
+        keyStore, "sig", "password".toCharArray(), true, "jUnit test");
+    Assert.assertNotNull("Credential 2", privCred2);
+    Assert.assertNotNull("Credential 2 priv. key", privCred2.getFirst());
+    Assert.assertNotNull("Credential 2 certificate", privCred2.getSecond());
+    
+    
+    //read priv. key
+    Pair<Key, X509Certificate[]> privCred3 = EaafKeyStoreUtils.getPrivateKeyAndCertificates(
+        keyStore, "notexist", "password".toCharArray(), false, "jUnit test");
+    Assert.assertNull("Credential 3", privCred3);
+    
+  //read priv. key
+    Pair<Key, X509Certificate[]> privCred4 = EaafKeyStoreUtils.getPrivateKeyAndCertificates(
+        keyStore, "meta", "wrong".toCharArray(), false, "jUnit test");
+    Assert.assertNull("Credential 3", privCred4);
+    
+    try {
+      EaafKeyStoreUtils.getPrivateKeyAndCertificates(
+          keyStore, "meta", "wrong".toCharArray(), true, "jUnit test");
+      Assert.fail("Wrong password not detected");
+      
+    } catch (EaafKeyAccessException e) {
+      Assert.assertEquals("wrong errorcode", "internal.keystore.09", e.getErrorId());
+    }
+    
+    try {
+      EaafKeyStoreUtils.getPrivateKeyAndCertificates(
+          keyStore, "wrong", "password".toCharArray(), true, "jUnit test");
+      Assert.fail("Wrong alias not detected");
+      
+    } catch (EaafKeyAccessException e) {
+      Assert.assertEquals("wrong errorcode", "internal.keystore.09", e.getErrorId());
+    }
+        
+    
   }
 
   @Test
@@ -271,6 +348,8 @@ public class EaafKeyStoreFactoryTest {
     keyStoreConfig.setSoftKeyStoreFilePath(PATH_TO_SOFTWARE_KEYSTORE_PKCS12);
     keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD);
 
+    keyStoreConfig.validate();
+    
     final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig);
     Assert.assertNotNull("KeyStore is null", keyStore);
 
@@ -524,6 +603,8 @@ public class EaafKeyStoreFactoryTest {
     keyStoreConfig.setKeyStoreType(KeyStoreType.HSMFACADE);
     keyStoreConfig.setKeyStoreName("testkeyStore");
 
+    keyStoreConfig.validate();
+    
     try {
       final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig);
       Assert.assertNotNull("KeyStore is null", keyStore);
diff --git a/eaaf_core_utils/src/test/resources/data/junit.jks b/eaaf_core_utils/src/test/resources/data/junit.jks
new file mode 100644
index 00000000..59e6ad13
Binary files /dev/null and b/eaaf_core_utils/src/test/resources/data/junit.jks differ
-- 
cgit v1.2.3