package at.gv.egiz.eaaf.core.test.credentials; import java.security.Key; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.Provider; import java.security.cert.X509Certificate; import java.util.List; import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException; import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException; import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils; import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap; import org.apache.commons.lang3.RandomStringUtils; import org.junit.Assert; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.springframework.beans.BeansException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.ApplicationContext; import org.springframework.test.annotation.DirtiesContext; import org.springframework.test.annotation.DirtiesContext.MethodMode; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import com.google.common.base.Optional; import com.google.common.base.Predicates; import com.google.common.base.Throwables; import com.google.common.collect.FluentIterable; import io.grpc.StatusRuntimeException; @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration("/spring/test_eaaf_pvp_lazy.beans.xml") @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public class EaafKeyStoreFactoryTest { private static final String HSM_FACASE_HOST = "eid.a-sit.at"; private static final String HSM_FACASE_PORT = "9050"; private static final String HSM_FACASE_SSL_TRUST = "src/test/resources/data/hsm_facade_trust_root.crt"; private static final String HSM_FACASE_USERNAME = "authhandler-junit"; private static final String HSM_FACASE_PASSWORD = "supersecret123"; private static final String PATH_TO_SOFTWARE_KEYSTORE_JKS_WITH_TRUSTED_CERTS = "src/test/resources/data/junit.jks"; private static final String PATH_TO_SOFTWARE_KEYSTORE_JKS = "src/test/resources/data/junit_without_trustcerts.jks"; private static final String PATH_TO_SOFTWARE_KEYSTORE_PKCS12 = "src/test/resources/data/junit_without_trustcerts.p12"; private static final String PATH_TO_HSM_FACADE_TRUST_CERT = "src/test/resources/data/hsm_facade_trust_root.crt"; private static final String SOFTWARE_KEYSTORE_PASSWORD = "password"; private static final String HSM_FACADE_KEY_ALIAS = "authhandler-sign"; @Autowired private DummyAuthConfigMap mapConfig; @Autowired private ApplicationContext context; /** * jUnit test set-up. */ @Before public void testSetup() { mapConfig.clearAllConfig(); } @Test @DirtiesContext public void startWithoutConfigHsmFacadeConfig() { final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); } @Test @DirtiesContext public void buildyStoreWithOutConfig() { final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); try { keyStoreFactory.buildNewKeyStore(keyStoreConfig); Assert.fail("Wrong config not detected"); } catch (final EaafException e) { org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e, "Wong ExceptionType"); Assert.assertEquals("wrong errorCode", "internal.keystore.01", e.getErrorId()); } } @Test @DirtiesContext public void buildyStoreWithPkcs11() { final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); keyStoreConfig.setKeyStoreType(KeyStoreType.PKCS11); try { keyStoreFactory.buildNewKeyStore(keyStoreConfig); Assert.fail("Wrong config not detected"); } catch (final EaafException e) { org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e, "Wong ExceptionType"); Assert.assertEquals("wrong errorCode", "internal.keystore.02", e.getErrorId()); } } @Test @DirtiesContext public void softwareKeyStoreWithoutConfig() { final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); keyStoreConfig.setKeyStoreType(KeyStoreType.JKS); try { keyStoreFactory.buildNewKeyStore(keyStoreConfig); Assert.fail("Wrong config not detected"); } catch (final EaafException e) { org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e, "Wong ExceptionType"); Assert.assertEquals("wrong errorCode", "internal.keystore.06", e.getErrorId()); } } @Test @DirtiesContext public void softwareKeyStoreWithoutConfigSecond() { final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); keyStoreConfig.setKeyStoreType(KeyStoreType.PKCS12); try { keyStoreFactory.buildNewKeyStore(keyStoreConfig); Assert.fail("Wrong config not detected"); } catch (final EaafException e) { org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e, "Wong ExceptionType"); Assert.assertEquals("wrong errorCode", "internal.keystore.06", e.getErrorId()); } } @Test @DirtiesContext public void softwareKeyStoreWithoutPassword() { final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); keyStoreConfig.setKeyStoreType(KeyStoreType.JKS); keyStoreConfig.setSoftKeyStoreFilePath(PATH_TO_SOFTWARE_KEYSTORE_JKS); try { keyStoreFactory.buildNewKeyStore(keyStoreConfig); Assert.fail("Wrong config not detected"); } catch (final EaafException e) { org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e, "Wong ExceptionType"); Assert.assertEquals("wrong errorCode", "internal.keystore.06", e.getErrorId()); } } @Test @DirtiesContext public void softwareKeyStoreWithoutPath() { final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); keyStoreConfig.setKeyStoreType(KeyStoreType.JKS); keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD); try { keyStoreFactory.buildNewKeyStore(keyStoreConfig); Assert.fail("Wrong config not detected"); } catch (final EaafException e) { org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e, "Wong ExceptionType"); Assert.assertEquals("wrong errorCode", "internal.keystore.06", e.getErrorId()); } } @Test @DirtiesContext public void softwareKeyStoreWithoutType() throws EaafException { final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); keyStoreConfig.setKeyStoreType(KeyStoreType.JKS); keyStoreConfig.setSoftKeyStoreFilePath(PATH_TO_SOFTWARE_KEYSTORE_JKS); keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD); final Pair keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig); Assert.assertNotNull("KeyStore is null", keyStore); Assert.assertNotNull("KeyStore is null", keyStore.getFirst()); Assert.assertNull("KeyStore is null", keyStore.getSecond()); } @Test @DirtiesContext public void softwareKeyStoreWithWrongPath() { final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); keyStoreConfig.setKeyStoreType(KeyStoreType.JKS); keyStoreConfig.setSoftKeyStoreFilePath("src/test/resources/notexist.jks"); keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD); try { keyStoreFactory.buildNewKeyStore(keyStoreConfig); Assert.fail("Wrong config not detected"); } catch (final EaafException e) { org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e, "Wong ExceptionType"); Assert.assertEquals("wrong errorCode", "internal.keystore.05", e.getErrorId()); } } @Test @DirtiesContext public void softwareKeyStoreWithWrongPassword() { final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); keyStoreConfig.setKeyStoreType(KeyStoreType.JKS); keyStoreConfig.setSoftKeyStoreFilePath(PATH_TO_SOFTWARE_KEYSTORE_JKS); keyStoreConfig.setSoftKeyStorePassword("wrong password"); try { keyStoreFactory.buildNewKeyStore(keyStoreConfig); Assert.fail("Wrong config not detected"); } catch (final EaafException e) { org.springframework.util.Assert.isInstanceOf(EaafFactoryException.class, e, "Wong ExceptionType"); Assert.assertEquals("wrong errorCode", "internal.keystore.06", e.getErrorId()); } } @Test @DirtiesContext public void softwareKeyStoreSuccessJks() throws EaafException { final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); keyStoreConfig.setKeyStoreType(KeyStoreType.JKS); keyStoreConfig.setSoftKeyStoreFilePath(PATH_TO_SOFTWARE_KEYSTORE_JKS); keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD); keyStoreConfig.validate(); final Pair keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig); Assert.assertNotNull("KeyStore is null", keyStore); Assert.assertNotNull("KeyStore is null", keyStore.getFirst()); Assert.assertNull("KeyStore is null", keyStore.getSecond()); } @Test @DirtiesContext public void softwareKeyStoreAccessOperations() throws EaafException, KeyStoreException { final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); keyStoreConfig.setKeyStoreType(KeyStoreType.JKS); keyStoreConfig.setSoftKeyStoreFilePath(PATH_TO_SOFTWARE_KEYSTORE_JKS_WITH_TRUSTED_CERTS); keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD); keyStoreConfig.validate(); final Pair keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig); Assert.assertNotNull("KeyStore is null", keyStore); Assert.assertNotNull("KeyStore is null", keyStore.getFirst()); Assert.assertNull("KeyStore is null", keyStore.getSecond()); //read trusted certs final List trustedCerts = EaafKeyStoreUtils.readCertsFromKeyStore(keyStore.getFirst()); Assert.assertNotNull("Trusted certs", trustedCerts); Assert.assertEquals("Trusted certs size", 2, trustedCerts.size()); //read priv. key final Pair privCred1 = EaafKeyStoreUtils.getPrivateKeyAndCertificates( keyStore.getFirst(), "meta", "password".toCharArray(), true, "jUnit test"); Assert.assertNotNull("Credential 1", privCred1); Assert.assertNotNull("Credential 1 priv. key", privCred1.getFirst()); Assert.assertNotNull("Credential 1 certificate", privCred1.getSecond()); //read priv. key final Pair privCred2 = EaafKeyStoreUtils.getPrivateKeyAndCertificates( keyStore.getFirst(), "sig", "password".toCharArray(), true, "jUnit test"); Assert.assertNotNull("Credential 2", privCred2); Assert.assertNotNull("Credential 2 priv. key", privCred2.getFirst()); Assert.assertNotNull("Credential 2 certificate", privCred2.getSecond()); //read priv. key final Pair privCred3 = EaafKeyStoreUtils.getPrivateKeyAndCertificates( keyStore.getFirst(), "notexist", "password".toCharArray(), false, "jUnit test"); Assert.assertNull("Credential 3", privCred3); //read priv. key final Pair privCred4 = EaafKeyStoreUtils.getPrivateKeyAndCertificates( keyStore.getFirst(), "meta", "wrong".toCharArray(), false, "jUnit test"); Assert.assertNull("Credential 3", privCred4); try { EaafKeyStoreUtils.getPrivateKeyAndCertificates( keyStore.getFirst(), "meta", "wrong".toCharArray(), true, "jUnit test"); Assert.fail("Wrong password not detected"); } catch (final EaafKeyAccessException e) { Assert.assertEquals("wrong errorcode", "internal.keystore.09", e.getErrorId()); } try { EaafKeyStoreUtils.getPrivateKeyAndCertificates( keyStore.getFirst(), "wrong", "password".toCharArray(), true, "jUnit test"); Assert.fail("Wrong alias not detected"); } catch (final EaafKeyAccessException e) { Assert.assertEquals("wrong errorcode", "internal.keystore.09", e.getErrorId()); } } @Test @DirtiesContext public void softwareKeyStoreSuccessPkcs12() throws EaafException { final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); keyStoreConfig.setKeyStoreType(KeyStoreType.PKCS12); keyStoreConfig.setSoftKeyStoreFilePath(PATH_TO_SOFTWARE_KEYSTORE_PKCS12); keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD); keyStoreConfig.validate(); final Pair keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig); Assert.assertNotNull("KeyStore is null", keyStore); Assert.assertNotNull("KeyStore is null", keyStore.getFirst()); Assert.assertNull("KeyStore is null", keyStore.getSecond()); } @Test public void hsmFacadeOnlyHostConfig() { mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, RandomStringUtils.randomNumeric(10)); try { context.getBean(EaafKeyStoreFactory.class); Assert.fail("Missing HSM Facade not detected"); } catch (final BeansException e) { checkMissingConfigException(e); } } @Test public void hsmFacadeMissingPort() { mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, RandomStringUtils.randomNumeric(10)); mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME, RandomStringUtils.randomAlphanumeric(10)); mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD, RandomStringUtils.randomNumeric(10)); try { context.getBean(EaafKeyStoreFactory.class); Assert.fail("Missing HSM Facade not detected"); } catch (final BeansException e) { checkMissingConfigException(e); } } @Test public void hsmFacadeMissingUsername() { mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, RandomStringUtils.randomNumeric(10)); mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT, RandomStringUtils.randomNumeric(4)); mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD, RandomStringUtils.randomNumeric(10)); try { context.getBean(EaafKeyStoreFactory.class); Assert.fail("Missing HSM Facade not detected"); } catch (final BeansException e) { checkMissingConfigException(e); } } @Test public void hsmFacadeMissingPassword() { mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, RandomStringUtils.randomNumeric(10)); mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT, RandomStringUtils.randomNumeric(4)); mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME, RandomStringUtils.randomAlphanumeric(10)); try { context.getBean(EaafKeyStoreFactory.class); Assert.fail("Missing HSM Facade not detected"); } catch (final BeansException e) { checkMissingConfigException(e); } } @Test public void hsmFacadeMissingTrustedCertificate() { mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, RandomStringUtils.randomNumeric(10)); mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT, RandomStringUtils.randomNumeric(4)); mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME, RandomStringUtils.randomNumeric(10)); mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD, RandomStringUtils.randomAlphanumeric(10)); try { context.getBean(EaafKeyStoreFactory.class); Assert.fail("Missing HSM Facade not detected"); } catch (final BeansException e) { checkMissingConfigException(e); } } @Test public void hsmFacadeMissingTrustedCertificateFile() { mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, RandomStringUtils.randomNumeric(10)); mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT, RandomStringUtils.randomNumeric(4)); mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME, RandomStringUtils.randomNumeric(10)); mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD, RandomStringUtils.randomAlphanumeric(10)); mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST, "src/test/resources/data/notexist.crt"); try { context.getBean(EaafKeyStoreFactory.class); Assert.fail("Missing HSM Facade not detected"); } catch (final BeansException e) { checkMissingConfigException(e, "internal.keystore.05"); } } @Test public void hsmFacadeMissingWrongTrustedCertificate() { mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, RandomStringUtils.randomNumeric(10)); mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT, RandomStringUtils.randomNumeric(4)); mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME, RandomStringUtils.randomNumeric(10)); mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD, RandomStringUtils.randomAlphanumeric(10)); mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST, "src/test/resources/spring/test_eaaf_pvp_lazy.beans.xml"); try { context.getBean(EaafKeyStoreFactory.class); Assert.fail("Missing HSM Facade not detected"); } catch (final BeansException e) { checkMissingConfigException(e, "internal.keystore.05"); } } @Test @DirtiesContext public void hsmFacadeInitialized() { mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, RandomStringUtils.randomNumeric(10)); mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT, RandomStringUtils.randomNumeric(4)); mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME, RandomStringUtils.randomNumeric(10)); mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD, RandomStringUtils.randomAlphanumeric(10)); mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST, PATH_TO_HSM_FACADE_TRUST_CERT); final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); } @Test @DirtiesContext public void hsmFacadeKeyStoreNoKeyStoreName() { configureHsmFacade(); final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); keyStoreConfig.setKeyStoreType(KeyStoreType.HSMFACADE); try { keyStoreFactory.buildNewKeyStore(keyStoreConfig); Assert.fail("Wrong config not detected"); } catch (final EaafException e) { org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e, "Wong ExceptionType"); Assert.assertEquals("wrong errorCode", "internal.keystore.06", e.getErrorId()); } } @Test @DirtiesContext public void hsmFacadeKeyStoreSuccess() throws EaafException { configureHsmFacade(); final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); keyStoreConfig.setKeyStoreType(KeyStoreType.HSMFACADE); keyStoreConfig.setKeyStoreName("authhandler"); keyStoreConfig.validate(); try { final Pair keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig); Assert.assertNotNull("KeyStore is null", keyStore); Assert.assertNotNull("KeyStore is null", keyStore.getFirst()); Assert.assertNotNull("KeyStore is null", keyStore.getSecond()); } catch (final StatusRuntimeException e) { // because there is no mockup of HSM facade available // Assert.assertTrue("Wrong exception", e.getMessage().contains("io // exception")); } } @Test @DirtiesContext public void hsmFacadeKeyStoreSuccessASitTestFacade() throws EaafException, KeyStoreException { configureHsmFacade(); final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); keyStoreConfig.setKeyStoreType(KeyStoreType.HSMFACADE); keyStoreConfig.setKeyStoreName("authhandler"); keyStoreConfig.validate(); final Pair keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig); Assert.assertNotNull("KeyStore is null", keyStore); Assert.assertNotNull("KeyStore is null", keyStore.getFirst()); Assert.assertNotNull("KeyStore is null", keyStore.getSecond()); //read trusted certs final List trustedCerts = EaafKeyStoreUtils.readCertsFromKeyStore( keyStore.getFirst()); Assert.assertNotNull("Trusted certs", trustedCerts); Assert.assertEquals("Trusted certs size", 0, trustedCerts.size()); //read priv. key final Pair privCred1 = EaafKeyStoreUtils.getPrivateKeyAndCertificates( keyStore.getFirst(), HSM_FACADE_KEY_ALIAS, null, true, "jUnit test"); Assert.assertNotNull("Credential 1", privCred1); Assert.assertNotNull("Credential 1 priv. key", privCred1.getFirst()); Assert.assertNotNull("Credential 1 certificate", privCred1.getSecond()); //read priv. key final Pair privCred2 = EaafKeyStoreUtils.getPrivateKeyAndCertificates( keyStore.getFirst(), HSM_FACADE_KEY_ALIAS, "shouldBeIgnord".toCharArray(), true, "jUnit test"); Assert.assertNotNull("Credential 2", privCred2); Assert.assertNotNull("Credential 2 priv. key", privCred2.getFirst()); Assert.assertNotNull("Credential 2 certificate", privCred2.getSecond()); try { EaafKeyStoreUtils.getPrivateKeyAndCertificates( keyStore.getFirst(), "notExist", "wrong".toCharArray(), true, "jUnit test"); Assert.fail("Wrong password not detected"); } catch (final EaafKeyAccessException e) { Assert.assertEquals("wrong errorcode", "internal.keystore.09", e.getErrorId()); } } private void configureHsmFacade() { mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, HSM_FACASE_HOST); mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT, HSM_FACASE_PORT); mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST, HSM_FACASE_SSL_TRUST); mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME, HSM_FACASE_USERNAME); mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD, HSM_FACASE_PASSWORD); } private void checkMissingConfigException(Exception e) { checkMissingConfigException(e, "internal.keystore.04"); } private void checkMissingConfigException(Exception e, String errorCode) { final Optional eaafException = FluentIterable.from( Throwables.getCausalChain(e)).filter( Predicates.instanceOf(EaafConfigurationException.class)).first(); Assert.assertTrue("Wrong exception", eaafException.isPresent()); Assert.assertEquals("Wrong errorCode", errorCode, ((EaafException) eaafException.get()).getErrorId()); } }