aboutsummaryrefslogtreecommitdiff
path: root/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/utils/JoseUtilsTest.java
diff options
context:
space:
mode:
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/utils/JoseUtilsTest.java')
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/utils/JoseUtilsTest.java139
1 files changed, 139 insertions, 0 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/utils/JoseUtilsTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/utils/JoseUtilsTest.java
new file mode 100644
index 00000000..ad38e371
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/utils/JoseUtilsTest.java
@@ -0,0 +1,139 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.utils;
+
+import java.io.IOException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.Provider;
+import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.jose4j.jwa.AlgorithmConstraints;
+import org.jose4j.jwa.AlgorithmConstraints.ConstraintType;
+import org.jose4j.jws.AlgorithmIdentifiers;
+import org.jose4j.lang.JoseException;
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.JoseUtils;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.JoseUtils.JwsResult;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@PrepareForTest(CreateIdentityLinkTask.class)
+@DirtiesContext(classMode = DirtiesContext.ClassMode.BEFORE_CLASS)
+@ContextConfiguration(locations = {
+ "/SpringTest-context_tasks_test.xml",
+ "/SpringTest-context_basic_mapConfig.xml"})
+public class JoseUtilsTest {
+
+ @Autowired private EaafKeyStoreFactory keyStoreFactory;
+
+ private static final List<String> AUTH_ALGORITHM_WHITELIST_SIGNING = Collections.unmodifiableList(
+ Arrays.asList(
+ AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256,
+ AlgorithmIdentifiers.ECDSA_USING_P521_CURVE_AND_SHA512,
+ AlgorithmIdentifiers.RSA_PSS_USING_SHA256,
+ AlgorithmIdentifiers.RSA_PSS_USING_SHA512));
+
+
+ @Test
+ public void missingKey() throws EaafException, JoseException, KeyStoreException, IOException {
+
+ KeyStoreConfiguration config = new KeyStoreConfiguration();
+ config.setFriendlyName("jUnittest");
+ config.setKeyStoreType(KeyStoreType.JKS);
+ config.setSoftKeyStoreFilePath("../data/junit.jks");
+ config.setSoftKeyStorePassword("password");
+
+ Pair<KeyStore, Provider> keyStore = keyStoreFactory.buildNewKeyStore(config);
+ String payLoad = RandomStringUtils.randomAlphanumeric(100);
+
+ //check signing
+ try {
+ JoseUtils.createSignature(keyStore, "notExist", "password".toCharArray(), payLoad , true, "jUnitTest");
+ Assert.fail("missing Key not detected");
+
+ } catch (EaafException e) {
+ Assert.assertEquals("ErrorId", "internal.keystore.09", e.getErrorId());
+
+ }
+ }
+
+ @Test
+ public void createRsaSignature() throws EaafException, JoseException, KeyStoreException, IOException {
+
+ KeyStoreConfiguration config = new KeyStoreConfiguration();
+ config.setFriendlyName("jUnittest");
+ config.setKeyStoreType(KeyStoreType.JKS);
+ config.setSoftKeyStoreFilePath("../data/junit.jks");
+ config.setSoftKeyStorePassword("password");
+
+ Pair<KeyStore, Provider> keyStore = keyStoreFactory.buildNewKeyStore(config);
+ String payLoad = RandomStringUtils.randomAlphanumeric(100);
+
+ //check signing
+ String result = JoseUtils.createSignature(keyStore, "meta", "password".toCharArray(), payLoad , true, "jUnitTest");
+
+ Assert.assertNotNull("signed message", result);
+ Assert.assertFalse("signed msg empty", result.isEmpty());
+
+
+ //validate
+ List<X509Certificate> trustedCerts = EaafKeyStoreUtils.readCertsFromKeyStore(keyStore.getFirst());
+ final AlgorithmConstraints constraints = new AlgorithmConstraints(ConstraintType.PERMIT,
+ AUTH_ALGORITHM_WHITELIST_SIGNING
+ .toArray(new String[AUTH_ALGORITHM_WHITELIST_SIGNING.size()]));
+ JwsResult verify = JoseUtils.validateSignature(result, trustedCerts, constraints);
+
+ Assert.assertTrue("sig. verify", verify.isValid());
+ Assert.assertEquals("payload", payLoad, verify.getPayLoad());
+
+ }
+
+ @Test
+ public void createEccSignature() throws EaafException, JoseException, KeyStoreException, IOException {
+
+ KeyStoreConfiguration config = new KeyStoreConfiguration();
+ config.setFriendlyName("jUnittest");
+ config.setKeyStoreType(KeyStoreType.JKS);
+ config.setSoftKeyStoreFilePath("../data/junit.jks");
+ config.setSoftKeyStorePassword("password");
+
+ Pair<KeyStore, Provider> keyStore = keyStoreFactory.buildNewKeyStore(config);
+ String payLoad = RandomStringUtils.randomAlphanumeric(100);
+
+ //check signing
+ String result = JoseUtils.createSignature(keyStore, "sig", "password".toCharArray(), payLoad , true, "jUnitTest");
+
+ Assert.assertNotNull("signed message", result);
+ Assert.assertFalse("signed msg empty", result.isEmpty());
+
+
+ //validate
+ List<X509Certificate> trustedCerts = EaafKeyStoreUtils.readCertsFromKeyStore(keyStore.getFirst());
+ final AlgorithmConstraints constraints = new AlgorithmConstraints(ConstraintType.PERMIT,
+ AUTH_ALGORITHM_WHITELIST_SIGNING
+ .toArray(new String[AUTH_ALGORITHM_WHITELIST_SIGNING.size()]));
+ JwsResult verify = JoseUtils.validateSignature(result, trustedCerts, constraints);
+
+ Assert.assertTrue("sig. verify", verify.isValid());
+ Assert.assertEquals("payload", payLoad, verify.getPayLoad());
+
+ }
+
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-19 15:05:12 +0000