/******************************************************************************* * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. *******************************************************************************/ package test.at.gv.egovernment.moa.id.auth.oauth; import java.security.KeyStore; import java.security.PrivateKey; import java.security.cert.X509Certificate; import org.opensaml.xml.security.x509.BasicX509Credential; import org.testng.Assert; import org.testng.annotations.Test; import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SHA256Signer; import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SHA256Verifier; import at.gv.egovernment.moa.util.KeyStoreUtils; import net.oauth.jsontoken.crypto.Signer; import net.oauth.jsontoken.crypto.Verifier; public class CertTest { /** KeyStore Path */ private String rsaKeyStorePath = "file:/D:/dev/work/exthex/workspace/OAuthTesting/resources/keys/test_keystore.jks"; private String ecdsaKeyStorePath = "file:/D:/dev/work/exthex/workspace/OAuthTesting/resources/keys/ECDSA_keystore.jks"; /** KeyStore Password */ private String keyStorePassword = "test12"; /** Specific Key Name as Credential */ private String keyName = "1"; /** Key password */ private String keyPassword = "test12"; private BasicX509Credential getCredentials(String keyStorePath) { Assert.assertNotNull(keyStorePath); // KeyStorePassword optional // if (StringUtils.isEmpty(this.keyStorePassword)) // throw new SAMLException("No keyStorePassword specified"); Assert.assertNotNull(this.keyName); // KeyStorePassword optional // if (StringUtils.isEmpty(this.keyPassword)) // throw new SAMLException("No keyPassword specified"); KeyStore ks = null; try { ks = KeyStoreUtils.loadKeyStore(keyStorePath, this.keyStorePassword); } catch (Exception e) { e.printStackTrace(); } // return new KeyStoreX509CredentialAdapter(ks, keyName, keyPwd.toCharArray()); BasicX509Credential credential = null; try { X509Certificate certificate = (X509Certificate) ks.getCertificate(this.keyName); PrivateKey privateKey = (PrivateKey) ks.getKey(this.keyName, this.keyPassword.toCharArray()); // System.out.println("KS Provider:" + privateKey.getClass()); credential = new BasicX509Credential(); credential.setEntityCertificate(certificate); credential.setPrivateKey(privateKey); System.out.println("Private Key: " + privateKey); } catch (Exception e) { e.printStackTrace(); } return credential; } private void signAndVerify(BasicX509Credential credential) throws Exception { String data = "someData"; Signer signer = new OAuth20SHA256Signer("signer1", keyName, credential.getPrivateKey()); byte[] signedData = signer.sign(data.getBytes()); Verifier verifier = new OAuth20SHA256Verifier(credential.getPublicKey()); verifier.verifySignature(data.getBytes(), signedData); } @Test // (enabled = false) public void testRSA() throws Exception { BasicX509Credential credential = this.getCredentials(this.rsaKeyStorePath); // System.out.println(credential); this.signAndVerify(credential); } @Test public void testECDSA() throws Exception { //ECCProvider.addAsProvider(); // Security.addProvider(new ECCProvider()); BasicX509Credential credential = this.getCredentials(this.ecdsaKeyStorePath); this.signAndVerify(credential); } }