From 8863bbcff97c4f7ee86be063a222ec36c15b5546 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Tue, 19 Apr 2022 10:48:47 +0200
Subject: test(http): add second SSL client authentication test

     INFO:
       SSL Client-Authentication with keys from HSM-Facade only works with
       BCJSSE Provider >= 1.70 and SystemD Parameter: -Dorg.bouncycastle.jsse.client.acceptRenegotiation=true
       if HTTP Server requires re-negotiation.
       Hint: do not enable SSL Debugging in BCJSSE Probider, because it throws
             a NullPointerException with HSM-Facade keys!!!!
---
 .../test/http/HttpClientFactoryProdHostTest.java   | 41 +++++++++-------------
 1 file changed, 17 insertions(+), 24 deletions(-)

(limited to 'eaaf_core_utils')

diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryProdHostTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryProdHostTest.java
index 55c17ee8..85fa6129 100644
--- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryProdHostTest.java
+++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryProdHostTest.java
@@ -1,20 +1,20 @@
 package at.gv.egiz.eaaf.core.test.http;
 
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
 import java.io.IOException;
-import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
-import java.security.Provider;
 import java.security.UnrecoverableKeyException;
 import java.security.cert.CertificateEncodingException;
-import java.security.cert.X509Certificate;
-import java.util.Base64;
 
 import org.apache.http.client.ClientProtocolException;
 import org.apache.http.client.methods.CloseableHttpResponse;
 import org.apache.http.client.methods.HttpGet;
 import org.apache.http.client.methods.HttpUriRequest;
 import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.util.EntityUtils;
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.BeforeClass;
@@ -23,13 +23,12 @@ import org.junit.runner.RunWith;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.annotation.DirtiesContext.ClassMode;
 import org.springframework.test.annotation.DirtiesContext.MethodMode;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 
 import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
-import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.core.impl.http.HttpClientConfiguration;
 import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory;
 import ch.qos.logback.classic.Level;
@@ -37,11 +36,10 @@ import ch.qos.logback.classic.Logger;
 
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration("/spring/test_eaaf_pvp_not_lazy.beans.xml")
-@DirtiesContext
+@DirtiesContext(classMode = ClassMode.BEFORE_CLASS)
 public class HttpClientFactoryProdHostTest {
 
   @Autowired private IHttpClientFactory httpClientFactory;
-  @Autowired private EaafKeyStoreFactory keyStoreFactory;
   
   /**
    * Initialize full class.
@@ -51,6 +49,8 @@ public class HttpClientFactoryProdHostTest {
     final Logger logger = (Logger) LoggerFactory.getLogger("org.bouncycastle.jsse");
     logger.setLevel(Level.TRACE);
     
+    System.setProperty("org.bouncycastle.jsse.client.acceptRenegotiation", "true");
+    
   }
   
   /**
@@ -71,28 +71,21 @@ public class HttpClientFactoryProdHostTest {
     
     final HttpClientConfiguration clientConfig = new HttpClientConfiguration("jUnit-client");
     clientConfig.setAuthMode("ssl");
-    //clientConfig.buildKeyStoreConfig("hsmfacade", null, null, "eid-junit");
-    //clientConfig.setSslKeyAlias("rsa-key-1");
     clientConfig.buildKeyStoreConfig("hsmfacade", null, null, "authhandler");
-    clientConfig.setSslKeyAlias("authhandler-sign");
-    clientConfig.setDisableTlsHostCertificateValidation(false);
+    clientConfig.setSslKeyAlias("authhandler-mis");
+    clientConfig.setDisableTlsHostCertificateValidation(true);
 
     final CloseableHttpClient client = httpClientFactory.getHttpClient(clientConfig);
     Assert.assertNotNull("httpClient", client);
-
-    final Pair<KeyStore, Provider> sslClientKeyStore =
-        keyStoreFactory.buildNewKeyStore(clientConfig.getKeyStoreConfig());
-    final X509Certificate clientRootCert = (X509Certificate) sslClientKeyStore.getFirst()
-            .getCertificateChain(clientConfig.getSslKeyAlias())[1];
-    final X509Certificate clientEeCert = (X509Certificate) sslClientKeyStore.getFirst()
-        .getCertificateChain(clientConfig.getSslKeyAlias())[0];
-    Base64.getEncoder().encodeToString(clientEeCert.getEncoded());
     
     //perform test request
-    final HttpUriRequest httpGet2 = new HttpGet("https://apps.egiz.gv.at//sslclientcertdemo/");
-    final CloseableHttpResponse httpResp2 = client.execute(httpGet2);
-    Assert.assertEquals("http statusCode", 200, httpResp2.getStatusLine().getStatusCode());
-
+    final HttpUriRequest httpGet3 = new HttpGet("https://vollmachten.egiz.gv.at/mms-eid-test/services/GetMandatesService?wsdl");
+    final CloseableHttpResponse httpResp3 = client.execute(httpGet3);
+    Assert.assertEquals("http statusCode", 200, httpResp3.getStatusLine().getStatusCode()); 
+    String body = EntityUtils.toString(httpResp3.getEntity());
+    assertFalse("no http body", body.isEmpty());
+    assertTrue("no WSDL", body.contains("name=\"GetMandatesOperation\""));
+    
   }
   
 }
-- 
cgit v1.2.3