diff options
Diffstat (limited to 'spss.server/src/test/at/gv')
-rw-r--r-- | spss.server/src/test/at/gv/egovernment/moa/spss/server/config/ConfigurationProviderTest.java | 401 |
1 files changed, 279 insertions, 122 deletions
diff --git a/spss.server/src/test/at/gv/egovernment/moa/spss/server/config/ConfigurationProviderTest.java b/spss.server/src/test/at/gv/egovernment/moa/spss/server/config/ConfigurationProviderTest.java index d41b8e4b2..68191477e 100644 --- a/spss.server/src/test/at/gv/egovernment/moa/spss/server/config/ConfigurationProviderTest.java +++ b/spss.server/src/test/at/gv/egovernment/moa/spss/server/config/ConfigurationProviderTest.java @@ -1,175 +1,332 @@ package test.at.gv.egovernment.moa.spss.server.config; -import java.io.FileInputStream; +import iaik.asn1.structures.Name; +import iaik.utils.RFC2253NameParser; +import iaik.utils.RFC2253NameParserException; +import iaik.x509.X509Certificate; + import java.math.BigInteger; -import java.security.KeyStore; -import java.security.Principal; -import java.security.cert.CertificateFactory; -import java.security.cert.X509Certificate; -import java.util.Collection; +import java.util.List; +import java.util.Map; import java.util.Set; -import org.w3c.dom.Element; - -import test.at.gv.egovernment.moa.spss.SPSSTestCase; +import junit.framework.TestCase; -import iaik.utils.RFC2253NameParser; +import org.w3c.dom.Element; -import at.gv.egovernment.moa.spss.server.config.IssuerAndSerial; -import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; +import at.gv.egovernment.moa.spss.MOAException; +import at.gv.egovernment.moa.spss.server.config.CRLDistributionPoint; +import at.gv.egovernment.moa.spss.server.config.HardwareCryptoModule; +import at.gv.egovernment.moa.spss.server.config.HardwareKeyModule; +import at.gv.egovernment.moa.spss.server.config.KeyGroup; +import at.gv.egovernment.moa.spss.server.config.KeyGroupEntry; +import at.gv.egovernment.moa.spss.server.config.OCSPDistributionPoint; +import at.gv.egovernment.moa.spss.server.config.SoftwareKeyModule; import at.gv.egovernment.moa.spss.server.config.TrustProfile; /** - * Tests the <code>ConfigurationProvider</code>. - * - * @author Patrick Peck - * @author Sven Aigner + * @author Gregor Karlinger * @version $Id$ */ -public class ConfigurationProviderTest extends SPSSTestCase { - private ConfigurationProvider provider; - private Principal issuer1; - private Principal issuer2; - private BigInteger serial1; - private BigInteger serial2; - private IssuerAndSerial is1; - private IssuerAndSerial is2; - private X509Certificate cert1; - private X509Certificate cert2; - private X509Certificate atrustCert; - private X509Certificate iaikCert; - +public class ConfigurationProviderTest extends TestCase +{ + private static final String CONFIG_BASE_ = + "e:/cio/projekte/basismodule/wartung/projekt/spss.server/res/test/resources/config/"; + + at.gv.egovernment.moa.spss.server.config.ConfigurationProvider provider_; + /** - * Constructor for MOAConfigTest. - * @param name + * Constructor for ConfigurationProvider. + * @param arg0 */ - public ConfigurationProviderTest(String name) { - super(name); + public ConfigurationProviderTest() throws MOAException + { + super("ConfigurationProvider"); + System.setProperty( + at.gv.egovernment.moa.spss.server.config.ConfigurationProvider.CONFIG_PROPERTY_NAME, + CONFIG_BASE_ + "moa.spss.complete-config.xml"); + provider_ = at.gv.egovernment.moa.spss.server.config.ConfigurationProvider.getInstance(); } - protected void setUp() throws Exception { - RFC2253NameParser nameParser; + public void testGetWarnings() + { + assertEquals(0, provider_.getWarnings().size()); + } - provider = - new ConfigurationProvider( - TESTDATA_ROOT + "conf/moa-spss/MOA-SPSSConfiguration.xml"); + public void testGetDigestMethodAlgorithmName() + { + assertEquals( + "http://a.digest.method", + provider_.getDigestMethodAlgorithmName()); + } - nameParser = new RFC2253NameParser("CN=TestUser,OU=MOA,O=BRZ,C=AT"); - issuer1 = nameParser.parse(); - serial1 = new BigInteger("12345678"); - is1 = new IssuerAndSerial(issuer1, serial1); + public void testGetCanonicalizationAlgorithmName() + { + assertEquals( + "http://an.c14n.alg", + provider_.getDigestMethodAlgorithmName()); + } - nameParser = new RFC2253NameParser("CN=TestUser,OU=IKT-Board,O=CIO,C=AT"); - issuer2 = nameParser.parse(); - serial2 = new BigInteger("987654321"); - is2 = new IssuerAndSerial(issuer2, serial2); + public void testGetHardwareCryptoModules() + { + List hwcms = provider_.getHardwareCryptoModules(); + assertEquals(2, hwcms.size()); + + HardwareCryptoModule hwc1 = (HardwareCryptoModule) hwcms.get(0); + assertEquals("HWC1_Name", hwc1.getName()); + assertEquals("HWC1_SlotId", hwc1.getSlotID()); + assertEquals("HWC1_UserPIN", hwc1.getUserPIN()); + + HardwareCryptoModule hwc2 = (HardwareCryptoModule) hwcms.get(1); + assertEquals("HWC2_Name", hwc2.getName()); + assertNull(hwc1.getSlotID()); + assertEquals("HWC2_UserPIN", hwc2.getUserPIN()); + } - KeyStore ks = KeyStore.getInstance("JKS", "SUN"); - ks.load( - new FileInputStream(TESTDATA_ROOT + "security/server.keystore"), - "changeit".toCharArray()); - cert1 = (X509Certificate) ks.getCertificate("tomcat-server"); - cert2 = (X509Certificate) ks.getCertificate("tomcat-client"); + public void testGetHardwareKeyModules() + { + List hwkms = provider_.getHardwareKeyModules(); + assertEquals(2, hwkms.size()); + + HardwareKeyModule hwk1 = (HardwareKeyModule) hwkms.get(0); + assertEquals("HWK1_Id", hwk1.getId()); + assertEquals("HWK1_Name", hwk1.getName()); + assertEquals("HWK1_SlotId", hwk1.getSlotID()); + assertEquals("HWK1_UserPIN", hwk1.getUserPIN()); + + HardwareKeyModule hwk2 = (HardwareKeyModule) hwkms.get(1); + assertEquals("HWK2_Id", hwk2.getId()); + assertEquals("HWK2_Name", hwk2.getName()); + assertNull(hwk2.getSlotID()); + assertEquals("HWK2_UserPIN", hwk2.getUserPIN()); + } - CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); - Collection certs = - certFactory.generateCertificates( - new FileInputStream(TESTDATA_ROOT + "security/A-Trust-nQual-01.p7b")); - atrustCert = (X509Certificate) certs.toArray()[0]; + public void testGetSoftwareKeyModules() + { + List swkms = provider_.getSoftwareKeyModules(); + assertEquals(2, swkms.size()); + + SoftwareKeyModule swk1 = (SoftwareKeyModule) swkms.get(0); + assertEquals("SWK1_Id", swk1.getId()); + assertEquals("SWK1_FileName", swk1.getFileName()); + assertEquals("SWK1_Password", swk1.getPassWord()); + + SoftwareKeyModule swk2 = (SoftwareKeyModule) swkms.get(1); + assertEquals("HWK2_Id", swk2.getId()); + assertEquals("SWK1_FileName", swk2.getFileName()); + assertNull(swk2.getPassWord()); + } - certs = - certFactory.generateCertificates( - new FileInputStream( - TESTDATA_ROOT - + "conf/moa-spss/trustprofiles/TrustProfile1/IAIKRoot.cer")); - iaikCert = (X509Certificate) certs.toArray()[0]; + public void testGetKeyGroups() + { + Map keyGroups = provider_.getKeyGroups(); + assertEquals(2, keyGroups.size()); + + KeyGroup kg1 = (KeyGroup) keyGroups.get("KG1_Id"); + assertNotNull(kg1); + assertEquals("KG1_Id", kg1.getId()); + + Set kg1Entries = kg1.getKeyGroupEntries(); + assertEquals(2, kg1Entries.size()); + + KeyGroupEntry kg1Entry1 = (KeyGroupEntry) kg1Entries.toArray()[0]; + assertEquals("HWK1_Id", kg1Entry1.getModuleID()); + assertEquals("HWK1_Issuer", kg1Entry1.getIssuerDN()); + assertEquals(0, kg1Entry1.getSerialNumber().intValue()); + + KeyGroupEntry kg1Entry2 = (KeyGroupEntry) kg1Entries.toArray()[1]; + assertEquals("HWK2_Id", kg1Entry1.getModuleID()); + assertEquals("HWK2_Issuer", kg1Entry1.getIssuerDN()); + assertEquals(1, kg1Entry2.getSerialNumber().intValue()); + + KeyGroup kg2 = (KeyGroup) keyGroups.get("KG2_Id"); + assertNotNull(kg2); + assertEquals("KG2_Id", kg2.getId()); + + Set kg2Entries = kg2.getKeyGroupEntries(); + assertEquals(2, kg2Entries.size()); + + KeyGroupEntry kg2Entry1 = (KeyGroupEntry) kg2Entries.toArray()[0]; + assertEquals("SWK1_Id", kg2Entry1.getModuleID()); + assertEquals("SWK1_Issuer", kg2Entry1.getIssuerDN()); + assertEquals(2, kg2Entry1.getSerialNumber().intValue()); + + KeyGroupEntry kg2Entry2 = (KeyGroupEntry) kg2Entries.toArray()[1]; + assertEquals("SWK2_Id", kg2Entry2.getModuleID()); + assertEquals("SWK2_Issuer", kg2Entry2.getIssuerDN()); + assertEquals(3, kg2Entry2.getSerialNumber().intValue()); } - public void testGetKeySet() { - Set keySet; + public void testGetKeyGroupEntries() throws RFC2253NameParserException + { + RFC2253NameParser parser = new RFC2253NameParser("CN=Customer1_Issuer"); + Name name = parser.parse(); + Set kgEntries = provider_.getKeyGroupEntries(name, BigInteger.valueOf(4), "KG1_Id"); + assertEquals(2, kgEntries.size()); + + KeyGroupEntry kgEntry1 = (KeyGroupEntry) kgEntries.toArray()[0]; + assertEquals("HWK1_Id", kgEntry1.getModuleID()); - keySet = provider.getKeyGroupEntries(null, null, "PKCS12RSAKey1"); - assertEquals(1, keySet.size()); - keySet = provider.getKeyGroupEntries(null, null, "PKCS12RSAKeyExpired"); - assertEquals(1, keySet.size()); - keySet = provider.getKeyGroupEntries(issuer1, serial1, "allKeys"); - assertEquals(6, keySet.size()); - keySet = provider.getKeyGroupEntries(null, null, "allKeys"); - assertNull(keySet); + KeyGroupEntry kgEntry2 = (KeyGroupEntry) kgEntries.toArray()[1]; + assertEquals("HWK2_Id", kgEntry2.getModuleID()); } - public void testGetChainingMode() { - String mode; + public void testGetChainingMode() throws RFC2253NameParserException + { + X509Certificate cert = new X509Certificate(); + RFC2253NameParser parser = new RFC2253NameParser("CN=Unknown"); + Name name = parser.parse(); + cert.setIssuerDN(name); + cert.setSerialNumber(BigInteger.valueOf(0)); + assertEquals("pkix", provider_.getChainingMode(cert)); // Default chaining mode + + parser = new RFC2253NameParser("CN=TA1_Issuer"); + name = parser.parse(); + cert.setIssuerDN(name); + cert.setSerialNumber(BigInteger.valueOf(5)); + assertEquals("chaining", provider_.getChainingMode(cert)); + } + + public void testGetDistributionPoints() throws RFC2253NameParserException + { + X509Certificate cert = new X509Certificate(); + RFC2253NameParser parser = new RFC2253NameParser("CN=DP1_Issuer"); + Name name = parser.parse(); + cert.setIssuerDN(name); + + Set dps = provider_.getDistributionPoints(cert); + assertEquals(2, dps.size()); + + CRLDistributionPoint dp1 = (CRLDistributionPoint) dps.toArray()[0]; + assertEquals("http://crl.myca.org", dp1.getUri()); + int reasonCodes = + iaik.asn1.structures.DistributionPoint.unused | + iaik.asn1.structures.DistributionPoint.keyCompromise | + iaik.asn1.structures.DistributionPoint.cACompromise | + iaik.asn1.structures.DistributionPoint.affiliationChanged | + iaik.asn1.structures.DistributionPoint.superseded | + iaik.asn1.structures.DistributionPoint.cessationOfOperation | + iaik.asn1.structures.DistributionPoint.certificateHold | + iaik.asn1.structures.DistributionPoint.privilegeWithdrawn | + iaik.asn1.structures.DistributionPoint.aACompromise; + assertEquals(reasonCodes, dp1.getReasonCodes()); + + CRLDistributionPoint dp2 = (CRLDistributionPoint) dps.toArray()[1]; + assertEquals("hhttp://crl.myotherca.org", dp2.getUri()); + reasonCodes = + iaik.asn1.structures.DistributionPoint.aACompromise | + iaik.asn1.structures.DistributionPoint.affiliationChanged; + assertEquals(reasonCodes, dp2.getReasonCodes()); + + parser = new RFC2253NameParser("CN=DP2_Issuer"); + name = parser.parse(); + cert.setIssuerDN(name); + + dps = provider_.getDistributionPoints(cert); + assertEquals(1, dps.size()); + + OCSPDistributionPoint dpo = (OCSPDistributionPoint) dps.toArray()[0]; + assertEquals("http://crl.yetanotherca.org", dpo.getUri()); + } - mode = provider.getChainingMode(atrustCert); - assertEquals("chain", mode); - mode = provider.getChainingMode(cert2); - assertEquals("pkix", mode); + public void testGetCRLArchiveDuration() + { + assertEquals(730, provider_.getCRLArchiveDuration()); } - public void testGetCRLDP() { - Set dps; + public void testGetEnableRevocationArchiving() + { + assertFalse(provider_.getEnableRevocationArchiving()); + } - dps = provider.getDistributionPoints(atrustCert); - assertEquals(0, dps.size()); - dps = provider.getDistributionPoints(iaikCert); - assertEquals(3, dps.size()); + public void testGetCertStoreLocation() + { + assertEquals( + CONFIG_BASE_ + "certstore", + provider_.getCertStoreLocation()); } - public void testGetCRLArchiveDuration() { - assertEquals(365, provider.getCRLArchiveDuration()); + public void testGetCreateTransformsInfoProfile() + { + Element ctip1 = provider_.getCreateTransformsInfoProfile("CTIP_1"); + assertEquals("CTIP1", ctip1.getLocalName()); + + Element ctip2 = provider_.getCreateTransformsInfoProfile("CTIP_2"); + assertEquals("CTIP2", ctip2.getLocalName()); } + public void testGetCreateSignatureEnvironmentProfile() + { + Element csep = provider_.getCreateTransformsInfoProfile("CSEP_1"); + assertEquals("CSEP1", csep.getLocalName()); + } - public void testGetCreateTransformsInfoProfile() { - Element profile; + public void testGetVerifyTransformsInfoProfile() + { + Element vtip = provider_.getCreateTransformsInfoProfile("VTIP_1"); + assertEquals("VTIP1", vtip.getLocalName()); + } - profile = provider.getCreateTransformsInfoProfile("NotExisting"); - assertNull(profile); - profile = - provider.getCreateTransformsInfoProfile("CreateTransformsInfoProfile1"); - assertNotNull(profile); + public void testGetSupplementProfile() + { + Element sp = provider_.getCreateTransformsInfoProfile("SP_1"); + assertEquals("SP1", sp.getLocalName()); } - public void testGetCreateSignatureEnvironmentProfile() { - Element profile = - provider.getCreateSignatureEnvironmentProfile( - "CreateSignatureEnvironmentProfile1"); - assertNotNull(profile); + public void testGetTrustProfile() + { + TrustProfile tp1 = provider_.getTrustProfile("TP1_Id"); + assertEquals( + "file:" + CONFIG_BASE_ + "trustprofiles/tp1/anchors", + tp1.getUri()); + assertEquals( + "file:" + CONFIG_BASE_ + "trustprofiles/tp1/signercerts", + tp1.getSignerCertsUri()); + + TrustProfile tp2 = provider_.getTrustProfile("TP2_Id"); + assertEquals( + "file:" + CONFIG_BASE_ + "trustprofiles/tp2/anchors", + tp2.getUri()); + assertEquals( + "file:" + CONFIG_BASE_ + "trustprofiles/tp2/signercerts", + tp2.getSignerCertsUri()); } - public void testGetVerifyTransformsInfoProfile() { - Element profile; + public void testGetRevocationArchiveJDBCURL() + { + assertEquals("jdbc://dummy", provider_.getRevocationArchiveJDBCURL()); + } - profile = provider.getVerifyTransformsInfoProfile("TransformsInfoProfile1"); - assertNotNull(profile); - profile = provider.getVerifyTransformsInfoProfile("TransformsInfoProfile2"); - assertNotNull(profile); - profile = provider.getVerifyTransformsInfoProfile("NotExisting"); - assertNull(profile); + public void testGetRevocationArchiveJDBCDriverClass() + { + assertEquals("fully.qualified.classname", provider_.getRevocationArchiveJDBCDriverClass()); } - public void testGetSupplementProfile() { - Element profile = provider.getSupplementProfile("SupplementProfile1"); - assertNotNull(profile); + public void testGetEnableRevocationChecking() + { + assertFalse(provider_.getEnableRevocationChecking()); } - public void testGetTrustProfile() { - TrustProfile tp = provider.getTrustProfile("TrustProfile1"); - assertEquals("d:/patrick/tmp/TrustProfile1", tp.getUri()); - assertNull(provider.getTrustProfile("TrustProfile2")); + public void testGetMaxRevocationAge() + { + assertEquals(10000, provider_.getMaxRevocationAge()); } - public void testGetDigestMethodAlgorithmName() { - assertEquals( - "http://www.w3.org/2000/09/xmldsig#sha1", - provider.getDigestMethodAlgorithmName()); + public void testGetServiceOrder() + { + String[] serviceOrder = provider_.getServiceOrder(); + assertEquals(2, serviceOrder.length); + assertEquals("CRL", serviceOrder[0]); + assertEquals("OCSP", serviceOrder[1]); } - public void testGetCanonicalizationAlgorithmName() { - assertEquals( - "http://www.w3.org/TR/2001/REC-xml-c14n-20010315", - provider.getCanonicalizationAlgorithmName()); + public void testGetAutoAddCertificates() + { + assertFalse(provider_.getAutoAddCertificates()); } + public void testGetUseAuthorityInfoAccess() + { + assertFalse(provider_.getUseAuthorityInfoAccess()); + } } |