From 2b4d9dc8fcde4cdd5a13d9524b3a80a59376b4b8 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Mon, 22 Jun 2020 09:00:57 +0200
Subject: fix problem with JOSE encryption in combination with HSM-Facade add
 jUnit test for JoseUtils

---
 .../utils/JsonSecurityUtilsSoftwareKeyTest.java    | 106 +++++++++++++++++----
 1 file changed, 87 insertions(+), 19 deletions(-)

(limited to 'eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtilsSoftwareKeyTest.java')

diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtilsSoftwareKeyTest.java b/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtilsSoftwareKeyTest.java
index 5b8acb16..d78bdbd7 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtilsSoftwareKeyTest.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtilsSoftwareKeyTest.java
@@ -1,42 +1,110 @@
 package at.gv.egiz.eaaf.modules.auth.sl20.utils;
 
-import java.security.Security;
+import java.security.KeyStore;
+import java.security.Provider;
 
 import org.apache.commons.lang3.RandomStringUtils;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.junit.Assert;
-import org.junit.BeforeClass;
 import org.junit.Test;
 import org.junit.runner.RunWith;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.util.Base64Utils;
 
-import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception;
 
+
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration("/spring/test_eaaf_sl20.beans.xml")
-public class JsonSecurityUtilsSoftwareKeyTest {
+public class JsonSecurityUtilsSoftwareKeyTest extends AbstractJsonSecurityUtilsTest {
 
-  @Autowired private IJoseTools joseTools;
-  
-  @BeforeClass
-  public static void classInitializer() {
-    Security.addProvider(new BouncyCastleProvider());
-    
+  @Test
+  public void invalidSignatureRandomString() {
+    try {
+      joseTools.validateSignature(RandomStringUtils.randomAlphabetic(10));
+      Assert.fail("Wrong JOSE Sig not detected");
+      
+    } catch (SL20Exception e) {
+      Assert.assertEquals("Wrong errorCode", "sl20.05", e.getErrorId());
+    }
+      
   }
   
   @Test
-  public void simpleSigningTest() throws SL20Exception {
-    String payLoad = "{\"aac\":\"" + RandomStringUtils.randomAlphanumeric(100) + "\"}";
-        
-    String jws = joseTools.createSignature(payLoad);    
-    Assert.assertNotNull("Signed msg", jws);
+  public void invalidSignatureRandomBase64UrlEncoded() {
+    String testValue = Base64Utils.encodeToUrlSafeString(RandomStringUtils.randomAlphanumeric(10).getBytes())
+        + "."
+        + Base64Utils.encodeToUrlSafeString(RandomStringUtils.randomAlphanumeric(10).getBytes())
+        + "."
+        + Base64Utils.encodeToUrlSafeString(RandomStringUtils.randomAlphanumeric(10).getBytes());
+    
+    try {     
+      joseTools.validateSignature(testValue);
+      Assert.fail("Wrong JOSE Sig not detected");
+      
+    } catch (SL20Exception e) {
+      Assert.assertEquals("Wrong errorCode", "sl20.05", e.getErrorId());
+    }
       
-    VerificationResult verify = joseTools.validateSignature(jws);    
-    Assert.assertTrue("wrong verify state", verify.isValidSigned());
+  }
+    
+  @Override
+  protected void setRsaSigningKey() {
+    config.putConfigValue("modules.sl20.security.sign.alias", "meta");
+    
+  }
+
+  @Override
+  protected void setEcSigningKey() {
+    config.putConfigValue("modules.sl20.security.sign.alias", "sig");
+    
+  }
+  
+  @Override
+  protected void setRsaEncryptionKey() {
+    config.putConfigValue("modules.sl20.security.encryption.alias", "meta");
+    
+  }
+
+  @Override
+  protected void setEcEncryptionKey() {
+    config.putConfigValue("modules.sl20.security.encryption.alias", "sig");
     
   }
+
+  @Override
+  protected Pair<KeyStore, Provider> getEncryptionKeyStore() throws EaafException {    
+    KeyStoreConfiguration keyConfig = new KeyStoreConfiguration();
+    keyConfig.setFriendlyName("Junit Enc Key Rsa");
+    keyConfig.setKeyStoreType(KeyStoreType.JKS);
+    keyConfig.setSoftKeyStoreFilePath("src/test/resources/data/junit.jks");
+    keyConfig.setSoftKeyStorePassword("password");
+    
+    return keyStoreFactory.buildNewKeyStore(keyConfig);
+  }
+
+  @Override
+  protected String getRsaKeyAlias() {
+    return "meta";
+  }
+
+  @Override
+  protected String getRsaKeyPassword() {
+    return "password";
+  }
+
+  @Override
+  protected String getEcKeyAlias() {
+    return "sig";
+  }
+
+  @Override
+  protected String getEcKeyPassword() {
+    return "password";
+  }
   
 }
-- 
cgit v1.2.3