aboutsummaryrefslogtreecommitdiff
path: root/spss.server/src
diff options
context:
space:
mode:
Diffstat (limited to 'spss.server/src')
-rw-r--r--spss.server/src/test/at/gv/egovernment/moa/spss/server/config/ConfigurationProviderTest.java401
1 files changed, 279 insertions, 122 deletions
diff --git a/spss.server/src/test/at/gv/egovernment/moa/spss/server/config/ConfigurationProviderTest.java b/spss.server/src/test/at/gv/egovernment/moa/spss/server/config/ConfigurationProviderTest.java
index d41b8e4b2..68191477e 100644
--- a/spss.server/src/test/at/gv/egovernment/moa/spss/server/config/ConfigurationProviderTest.java
+++ b/spss.server/src/test/at/gv/egovernment/moa/spss/server/config/ConfigurationProviderTest.java
@@ -1,175 +1,332 @@
package test.at.gv.egovernment.moa.spss.server.config;
-import java.io.FileInputStream;
+import iaik.asn1.structures.Name;
+import iaik.utils.RFC2253NameParser;
+import iaik.utils.RFC2253NameParserException;
+import iaik.x509.X509Certificate;
+
import java.math.BigInteger;
-import java.security.KeyStore;
-import java.security.Principal;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-import java.util.Collection;
+import java.util.List;
+import java.util.Map;
import java.util.Set;
-import org.w3c.dom.Element;
-
-import test.at.gv.egovernment.moa.spss.SPSSTestCase;
+import junit.framework.TestCase;
-import iaik.utils.RFC2253NameParser;
+import org.w3c.dom.Element;
-import at.gv.egovernment.moa.spss.server.config.IssuerAndSerial;
-import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.server.config.CRLDistributionPoint;
+import at.gv.egovernment.moa.spss.server.config.HardwareCryptoModule;
+import at.gv.egovernment.moa.spss.server.config.HardwareKeyModule;
+import at.gv.egovernment.moa.spss.server.config.KeyGroup;
+import at.gv.egovernment.moa.spss.server.config.KeyGroupEntry;
+import at.gv.egovernment.moa.spss.server.config.OCSPDistributionPoint;
+import at.gv.egovernment.moa.spss.server.config.SoftwareKeyModule;
import at.gv.egovernment.moa.spss.server.config.TrustProfile;
/**
- * Tests the <code>ConfigurationProvider</code>.
- *
- * @author Patrick Peck
- * @author Sven Aigner
+ * @author Gregor Karlinger
* @version $Id$
*/
-public class ConfigurationProviderTest extends SPSSTestCase {
- private ConfigurationProvider provider;
- private Principal issuer1;
- private Principal issuer2;
- private BigInteger serial1;
- private BigInteger serial2;
- private IssuerAndSerial is1;
- private IssuerAndSerial is2;
- private X509Certificate cert1;
- private X509Certificate cert2;
- private X509Certificate atrustCert;
- private X509Certificate iaikCert;
-
+public class ConfigurationProviderTest extends TestCase
+{
+ private static final String CONFIG_BASE_ =
+ "e:/cio/projekte/basismodule/wartung/projekt/spss.server/res/test/resources/config/";
+
+ at.gv.egovernment.moa.spss.server.config.ConfigurationProvider provider_;
+
/**
- * Constructor for MOAConfigTest.
- * @param name
+ * Constructor for ConfigurationProvider.
+ * @param arg0
*/
- public ConfigurationProviderTest(String name) {
- super(name);
+ public ConfigurationProviderTest() throws MOAException
+ {
+ super("ConfigurationProvider");
+ System.setProperty(
+ at.gv.egovernment.moa.spss.server.config.ConfigurationProvider.CONFIG_PROPERTY_NAME,
+ CONFIG_BASE_ + "moa.spss.complete-config.xml");
+ provider_ = at.gv.egovernment.moa.spss.server.config.ConfigurationProvider.getInstance();
}
- protected void setUp() throws Exception {
- RFC2253NameParser nameParser;
+ public void testGetWarnings()
+ {
+ assertEquals(0, provider_.getWarnings().size());
+ }
- provider =
- new ConfigurationProvider(
- TESTDATA_ROOT + "conf/moa-spss/MOA-SPSSConfiguration.xml");
+ public void testGetDigestMethodAlgorithmName()
+ {
+ assertEquals(
+ "http://a.digest.method",
+ provider_.getDigestMethodAlgorithmName());
+ }
- nameParser = new RFC2253NameParser("CN=TestUser,OU=MOA,O=BRZ,C=AT");
- issuer1 = nameParser.parse();
- serial1 = new BigInteger("12345678");
- is1 = new IssuerAndSerial(issuer1, serial1);
+ public void testGetCanonicalizationAlgorithmName()
+ {
+ assertEquals(
+ "http://an.c14n.alg",
+ provider_.getDigestMethodAlgorithmName());
+ }
- nameParser = new RFC2253NameParser("CN=TestUser,OU=IKT-Board,O=CIO,C=AT");
- issuer2 = nameParser.parse();
- serial2 = new BigInteger("987654321");
- is2 = new IssuerAndSerial(issuer2, serial2);
+ public void testGetHardwareCryptoModules()
+ {
+ List hwcms = provider_.getHardwareCryptoModules();
+ assertEquals(2, hwcms.size());
+
+ HardwareCryptoModule hwc1 = (HardwareCryptoModule) hwcms.get(0);
+ assertEquals("HWC1_Name", hwc1.getName());
+ assertEquals("HWC1_SlotId", hwc1.getSlotID());
+ assertEquals("HWC1_UserPIN", hwc1.getUserPIN());
+
+ HardwareCryptoModule hwc2 = (HardwareCryptoModule) hwcms.get(1);
+ assertEquals("HWC2_Name", hwc2.getName());
+ assertNull(hwc1.getSlotID());
+ assertEquals("HWC2_UserPIN", hwc2.getUserPIN());
+ }
- KeyStore ks = KeyStore.getInstance("JKS", "SUN");
- ks.load(
- new FileInputStream(TESTDATA_ROOT + "security/server.keystore"),
- "changeit".toCharArray());
- cert1 = (X509Certificate) ks.getCertificate("tomcat-server");
- cert2 = (X509Certificate) ks.getCertificate("tomcat-client");
+ public void testGetHardwareKeyModules()
+ {
+ List hwkms = provider_.getHardwareKeyModules();
+ assertEquals(2, hwkms.size());
+
+ HardwareKeyModule hwk1 = (HardwareKeyModule) hwkms.get(0);
+ assertEquals("HWK1_Id", hwk1.getId());
+ assertEquals("HWK1_Name", hwk1.getName());
+ assertEquals("HWK1_SlotId", hwk1.getSlotID());
+ assertEquals("HWK1_UserPIN", hwk1.getUserPIN());
+
+ HardwareKeyModule hwk2 = (HardwareKeyModule) hwkms.get(1);
+ assertEquals("HWK2_Id", hwk2.getId());
+ assertEquals("HWK2_Name", hwk2.getName());
+ assertNull(hwk2.getSlotID());
+ assertEquals("HWK2_UserPIN", hwk2.getUserPIN());
+ }
- CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
- Collection certs =
- certFactory.generateCertificates(
- new FileInputStream(TESTDATA_ROOT + "security/A-Trust-nQual-01.p7b"));
- atrustCert = (X509Certificate) certs.toArray()[0];
+ public void testGetSoftwareKeyModules()
+ {
+ List swkms = provider_.getSoftwareKeyModules();
+ assertEquals(2, swkms.size());
+
+ SoftwareKeyModule swk1 = (SoftwareKeyModule) swkms.get(0);
+ assertEquals("SWK1_Id", swk1.getId());
+ assertEquals("SWK1_FileName", swk1.getFileName());
+ assertEquals("SWK1_Password", swk1.getPassWord());
+
+ SoftwareKeyModule swk2 = (SoftwareKeyModule) swkms.get(1);
+ assertEquals("HWK2_Id", swk2.getId());
+ assertEquals("SWK1_FileName", swk2.getFileName());
+ assertNull(swk2.getPassWord());
+ }
- certs =
- certFactory.generateCertificates(
- new FileInputStream(
- TESTDATA_ROOT
- + "conf/moa-spss/trustprofiles/TrustProfile1/IAIKRoot.cer"));
- iaikCert = (X509Certificate) certs.toArray()[0];
+ public void testGetKeyGroups()
+ {
+ Map keyGroups = provider_.getKeyGroups();
+ assertEquals(2, keyGroups.size());
+
+ KeyGroup kg1 = (KeyGroup) keyGroups.get("KG1_Id");
+ assertNotNull(kg1);
+ assertEquals("KG1_Id", kg1.getId());
+
+ Set kg1Entries = kg1.getKeyGroupEntries();
+ assertEquals(2, kg1Entries.size());
+
+ KeyGroupEntry kg1Entry1 = (KeyGroupEntry) kg1Entries.toArray()[0];
+ assertEquals("HWK1_Id", kg1Entry1.getModuleID());
+ assertEquals("HWK1_Issuer", kg1Entry1.getIssuerDN());
+ assertEquals(0, kg1Entry1.getSerialNumber().intValue());
+
+ KeyGroupEntry kg1Entry2 = (KeyGroupEntry) kg1Entries.toArray()[1];
+ assertEquals("HWK2_Id", kg1Entry1.getModuleID());
+ assertEquals("HWK2_Issuer", kg1Entry1.getIssuerDN());
+ assertEquals(1, kg1Entry2.getSerialNumber().intValue());
+
+ KeyGroup kg2 = (KeyGroup) keyGroups.get("KG2_Id");
+ assertNotNull(kg2);
+ assertEquals("KG2_Id", kg2.getId());
+
+ Set kg2Entries = kg2.getKeyGroupEntries();
+ assertEquals(2, kg2Entries.size());
+
+ KeyGroupEntry kg2Entry1 = (KeyGroupEntry) kg2Entries.toArray()[0];
+ assertEquals("SWK1_Id", kg2Entry1.getModuleID());
+ assertEquals("SWK1_Issuer", kg2Entry1.getIssuerDN());
+ assertEquals(2, kg2Entry1.getSerialNumber().intValue());
+
+ KeyGroupEntry kg2Entry2 = (KeyGroupEntry) kg2Entries.toArray()[1];
+ assertEquals("SWK2_Id", kg2Entry2.getModuleID());
+ assertEquals("SWK2_Issuer", kg2Entry2.getIssuerDN());
+ assertEquals(3, kg2Entry2.getSerialNumber().intValue());
}
- public void testGetKeySet() {
- Set keySet;
+ public void testGetKeyGroupEntries() throws RFC2253NameParserException
+ {
+ RFC2253NameParser parser = new RFC2253NameParser("CN=Customer1_Issuer");
+ Name name = parser.parse();
+ Set kgEntries = provider_.getKeyGroupEntries(name, BigInteger.valueOf(4), "KG1_Id");
+ assertEquals(2, kgEntries.size());
+
+ KeyGroupEntry kgEntry1 = (KeyGroupEntry) kgEntries.toArray()[0];
+ assertEquals("HWK1_Id", kgEntry1.getModuleID());
- keySet = provider.getKeyGroupEntries(null, null, "PKCS12RSAKey1");
- assertEquals(1, keySet.size());
- keySet = provider.getKeyGroupEntries(null, null, "PKCS12RSAKeyExpired");
- assertEquals(1, keySet.size());
- keySet = provider.getKeyGroupEntries(issuer1, serial1, "allKeys");
- assertEquals(6, keySet.size());
- keySet = provider.getKeyGroupEntries(null, null, "allKeys");
- assertNull(keySet);
+ KeyGroupEntry kgEntry2 = (KeyGroupEntry) kgEntries.toArray()[1];
+ assertEquals("HWK2_Id", kgEntry2.getModuleID());
}
- public void testGetChainingMode() {
- String mode;
+ public void testGetChainingMode() throws RFC2253NameParserException
+ {
+ X509Certificate cert = new X509Certificate();
+ RFC2253NameParser parser = new RFC2253NameParser("CN=Unknown");
+ Name name = parser.parse();
+ cert.setIssuerDN(name);
+ cert.setSerialNumber(BigInteger.valueOf(0));
+ assertEquals("pkix", provider_.getChainingMode(cert)); // Default chaining mode
+
+ parser = new RFC2253NameParser("CN=TA1_Issuer");
+ name = parser.parse();
+ cert.setIssuerDN(name);
+ cert.setSerialNumber(BigInteger.valueOf(5));
+ assertEquals("chaining", provider_.getChainingMode(cert));
+ }
+
+ public void testGetDistributionPoints() throws RFC2253NameParserException
+ {
+ X509Certificate cert = new X509Certificate();
+ RFC2253NameParser parser = new RFC2253NameParser("CN=DP1_Issuer");
+ Name name = parser.parse();
+ cert.setIssuerDN(name);
+
+ Set dps = provider_.getDistributionPoints(cert);
+ assertEquals(2, dps.size());
+
+ CRLDistributionPoint dp1 = (CRLDistributionPoint) dps.toArray()[0];
+ assertEquals("http://crl.myca.org", dp1.getUri());
+ int reasonCodes =
+ iaik.asn1.structures.DistributionPoint.unused |
+ iaik.asn1.structures.DistributionPoint.keyCompromise |
+ iaik.asn1.structures.DistributionPoint.cACompromise |
+ iaik.asn1.structures.DistributionPoint.affiliationChanged |
+ iaik.asn1.structures.DistributionPoint.superseded |
+ iaik.asn1.structures.DistributionPoint.cessationOfOperation |
+ iaik.asn1.structures.DistributionPoint.certificateHold |
+ iaik.asn1.structures.DistributionPoint.privilegeWithdrawn |
+ iaik.asn1.structures.DistributionPoint.aACompromise;
+ assertEquals(reasonCodes, dp1.getReasonCodes());
+
+ CRLDistributionPoint dp2 = (CRLDistributionPoint) dps.toArray()[1];
+ assertEquals("hhttp://crl.myotherca.org", dp2.getUri());
+ reasonCodes =
+ iaik.asn1.structures.DistributionPoint.aACompromise |
+ iaik.asn1.structures.DistributionPoint.affiliationChanged;
+ assertEquals(reasonCodes, dp2.getReasonCodes());
+
+ parser = new RFC2253NameParser("CN=DP2_Issuer");
+ name = parser.parse();
+ cert.setIssuerDN(name);
+
+ dps = provider_.getDistributionPoints(cert);
+ assertEquals(1, dps.size());
+
+ OCSPDistributionPoint dpo = (OCSPDistributionPoint) dps.toArray()[0];
+ assertEquals("http://crl.yetanotherca.org", dpo.getUri());
+ }
- mode = provider.getChainingMode(atrustCert);
- assertEquals("chain", mode);
- mode = provider.getChainingMode(cert2);
- assertEquals("pkix", mode);
+ public void testGetCRLArchiveDuration()
+ {
+ assertEquals(730, provider_.getCRLArchiveDuration());
}
- public void testGetCRLDP() {
- Set dps;
+ public void testGetEnableRevocationArchiving()
+ {
+ assertFalse(provider_.getEnableRevocationArchiving());
+ }
- dps = provider.getDistributionPoints(atrustCert);
- assertEquals(0, dps.size());
- dps = provider.getDistributionPoints(iaikCert);
- assertEquals(3, dps.size());
+ public void testGetCertStoreLocation()
+ {
+ assertEquals(
+ CONFIG_BASE_ + "certstore",
+ provider_.getCertStoreLocation());
}
- public void testGetCRLArchiveDuration() {
- assertEquals(365, provider.getCRLArchiveDuration());
+ public void testGetCreateTransformsInfoProfile()
+ {
+ Element ctip1 = provider_.getCreateTransformsInfoProfile("CTIP_1");
+ assertEquals("CTIP1", ctip1.getLocalName());
+
+ Element ctip2 = provider_.getCreateTransformsInfoProfile("CTIP_2");
+ assertEquals("CTIP2", ctip2.getLocalName());
}
+ public void testGetCreateSignatureEnvironmentProfile()
+ {
+ Element csep = provider_.getCreateTransformsInfoProfile("CSEP_1");
+ assertEquals("CSEP1", csep.getLocalName());
+ }
- public void testGetCreateTransformsInfoProfile() {
- Element profile;
+ public void testGetVerifyTransformsInfoProfile()
+ {
+ Element vtip = provider_.getCreateTransformsInfoProfile("VTIP_1");
+ assertEquals("VTIP1", vtip.getLocalName());
+ }
- profile = provider.getCreateTransformsInfoProfile("NotExisting");
- assertNull(profile);
- profile =
- provider.getCreateTransformsInfoProfile("CreateTransformsInfoProfile1");
- assertNotNull(profile);
+ public void testGetSupplementProfile()
+ {
+ Element sp = provider_.getCreateTransformsInfoProfile("SP_1");
+ assertEquals("SP1", sp.getLocalName());
}
- public void testGetCreateSignatureEnvironmentProfile() {
- Element profile =
- provider.getCreateSignatureEnvironmentProfile(
- "CreateSignatureEnvironmentProfile1");
- assertNotNull(profile);
+ public void testGetTrustProfile()
+ {
+ TrustProfile tp1 = provider_.getTrustProfile("TP1_Id");
+ assertEquals(
+ "file:" + CONFIG_BASE_ + "trustprofiles/tp1/anchors",
+ tp1.getUri());
+ assertEquals(
+ "file:" + CONFIG_BASE_ + "trustprofiles/tp1/signercerts",
+ tp1.getSignerCertsUri());
+
+ TrustProfile tp2 = provider_.getTrustProfile("TP2_Id");
+ assertEquals(
+ "file:" + CONFIG_BASE_ + "trustprofiles/tp2/anchors",
+ tp2.getUri());
+ assertEquals(
+ "file:" + CONFIG_BASE_ + "trustprofiles/tp2/signercerts",
+ tp2.getSignerCertsUri());
}
- public void testGetVerifyTransformsInfoProfile() {
- Element profile;
+ public void testGetRevocationArchiveJDBCURL()
+ {
+ assertEquals("jdbc://dummy", provider_.getRevocationArchiveJDBCURL());
+ }
- profile = provider.getVerifyTransformsInfoProfile("TransformsInfoProfile1");
- assertNotNull(profile);
- profile = provider.getVerifyTransformsInfoProfile("TransformsInfoProfile2");
- assertNotNull(profile);
- profile = provider.getVerifyTransformsInfoProfile("NotExisting");
- assertNull(profile);
+ public void testGetRevocationArchiveJDBCDriverClass()
+ {
+ assertEquals("fully.qualified.classname", provider_.getRevocationArchiveJDBCDriverClass());
}
- public void testGetSupplementProfile() {
- Element profile = provider.getSupplementProfile("SupplementProfile1");
- assertNotNull(profile);
+ public void testGetEnableRevocationChecking()
+ {
+ assertFalse(provider_.getEnableRevocationChecking());
}
- public void testGetTrustProfile() {
- TrustProfile tp = provider.getTrustProfile("TrustProfile1");
- assertEquals("d:/patrick/tmp/TrustProfile1", tp.getUri());
- assertNull(provider.getTrustProfile("TrustProfile2"));
+ public void testGetMaxRevocationAge()
+ {
+ assertEquals(10000, provider_.getMaxRevocationAge());
}
- public void testGetDigestMethodAlgorithmName() {
- assertEquals(
- "http://www.w3.org/2000/09/xmldsig#sha1",
- provider.getDigestMethodAlgorithmName());
+ public void testGetServiceOrder()
+ {
+ String[] serviceOrder = provider_.getServiceOrder();
+ assertEquals(2, serviceOrder.length);
+ assertEquals("CRL", serviceOrder[0]);
+ assertEquals("OCSP", serviceOrder[1]);
}
- public void testGetCanonicalizationAlgorithmName() {
- assertEquals(
- "http://www.w3.org/TR/2001/REC-xml-c14n-20010315",
- provider.getCanonicalizationAlgorithmName());
+ public void testGetAutoAddCertificates()
+ {
+ assertFalse(provider_.getAutoAddCertificates());
}
+ public void testGetUseAuthorityInfoAccess()
+ {
+ assertFalse(provider_.getUseAuthorityInfoAccess());
+ }
}