aboutsummaryrefslogtreecommitdiff
path: root/moaSig
diff options
context:
space:
mode:
authorThomas <>2021-03-26 22:28:28 +0100
committerThomas <>2021-03-26 22:28:28 +0100
commit45860b07b44777b1ed2c9e76165da20f2655f92d (patch)
tree988952f8d72f4bfa6b022fd7da1fb01358838460 /moaSig
parenta33c26a642aba6eac1f7f3a3ca5b0169d950063d (diff)
downloadmoa-sig-45860b07b44777b1ed2c9e76165da20f2655f92d.tar.gz
moa-sig-45860b07b44777b1ed2c9e76165da20f2655f92d.tar.bz2
moa-sig-45860b07b44777b1ed2c9e76165da20f2655f92d.zip
add jUnit test the loads official TSL and perform a signature validation with TSL result
Diffstat (limited to 'moaSig')
-rw-r--r--moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/tsl/OfficialEuTslTest.java163
-rw-r--r--moaSig/moa-sig/src/test/resources/moaspss_config/MOASPSSConfiguration_tsl_eu_official.xml108
-rw-r--r--moaSig/moa-sig/src/test/resources/moaspss_config/tslworking/trust/eu/tsl_cert_20210325_1.crt3
3 files changed, 274 insertions, 0 deletions
diff --git a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/tsl/OfficialEuTslTest.java b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/tsl/OfficialEuTslTest.java
new file mode 100644
index 0000000..e12bea3
--- /dev/null
+++ b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/tsl/OfficialEuTslTest.java
@@ -0,0 +1,163 @@
+package at.gv.egovernment.moa.spss.test.integration.tsl;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.BlockJUnit4ClassRunner;
+
+import at.gv.egovernment.moa.sig.tsl.engine.data.TSLProcessingResultElement;
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
+import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement;
+import at.gv.egovernment.moa.spss.api.xmlverify.AdESFormResults;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationException;
+import at.gv.egovernment.moa.spss.server.init.SystemInitializer;
+import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureVerificationInvoker;
+import at.gv.egovernment.moa.spss.server.invoke.XMLSignatureVerificationInvoker;
+import at.gv.egovernment.moa.spss.server.monitoring.ServiceStatusContainer;
+import at.gv.egovernment.moa.spss.test.integration.AbstractIntegrationTest;
+
+@RunWith(BlockJUnit4ClassRunner.class)
+public class OfficialEuTslTest extends AbstractIntegrationTest {
+
+ CMSSignatureVerificationInvoker cadesInvoker;
+
+ @BeforeClass
+ public static void classInitializer() throws IOException, ConfigurationException,
+ NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException {
+ jvmStateReset();
+
+ final String current = new java.io.File(".").getCanonicalPath();
+ System.setProperty("moa.spss.server.configuration",
+ current + "/src/test/resources/moaspss_config/MOASPSSConfiguration_tsl_eu_official.xml");
+ System.setProperty("iaik.esi.sva.configuration.location",
+ current + "/src/test/resources/moaspss_config/svaconfig.example");
+ moaSpssCore = SystemInitializer.init();
+
+ }
+
+ @Before
+ public void initializer() throws ConfigurationException {
+ cadesInvoker = CMSSignatureVerificationInvoker.getInstance();
+ setUpContexts(RandomStringUtils.randomAlphabetic(10));
+
+ }
+
+ @Test
+ public void checkTslState() {
+ assertTrue("TSL not active", ServiceStatusContainer.getStatus());
+
+ final List<TSLProcessingResultElement> loadedTsl = ServiceStatusContainer.getTslDetailStatus();
+ assertFalse("no TSL loaded", loadedTsl.isEmpty());
+ assertTrue("wrong TSL size", loadedTsl.size() > 10);
+
+ }
+
+ @Test
+ public void basicValidationCadesSignature() throws MOAException, IOException {
+ final VerifyCMSSignatureRequest request = buildVerfifyCmsRequest(
+ org.apache.commons.codec.binary.Base64.decodeBase64(IOUtils.resourceToByteArray(
+ "/testdata/pades/testpdf.b64")),
+ "OnlyTSL",
+ true,
+ false);
+
+ // perform test
+ final VerifyCMSSignatureResponse result = cadesInvoker.verifyCMSSignature(request);
+
+ // verify result
+ assertNotNull("verification result", result);
+ assertEquals("wrong result size", 1, result.getResponseElements().size());
+
+ final VerifyCMSSignatureResponseElement cmsResult = (VerifyCMSSignatureResponseElement) result
+ .getResponseElements().get(0);
+ assertEquals("sigCode", 1, cmsResult.getSignatureCheck().getCode());
+ assertEquals("certCode", 0, cmsResult.getCertificateCheck().getCode());
+
+ assertNotNull("signerInfo", cmsResult.getSignerInfo());
+ assertEquals("issuerCC", "EE", cmsResult.getSignerInfo().getIssuerCountryCode());
+ assertFalse("publicAuthority", cmsResult.getSignerInfo().isPublicAuthority());
+ assertTrue("QC", cmsResult.getSignerInfo().isQualifiedCertificate());
+ assertTrue("SSCD", cmsResult.getSignerInfo().isSSCD());
+ assertNotNull("TSL infos", cmsResult.getSignerInfo().getTslInfos());
+
+ assertNull("form val. result", cmsResult.getAdESFormResults());
+ assertNull("extended val. result", cmsResult.getExtendedCertificateCheck());
+ assertNull("byteRange", cmsResult.getByteRangeOfSignature());
+ assertNull("used sig alg", cmsResult.getSignatureAlgorithm());
+
+ }
+
+ @Test
+ public void extendedValidationCadesSignature() throws MOAException, IOException {
+ final VerifyCMSSignatureRequest request = buildVerfifyCmsRequest(
+ org.apache.commons.codec.binary.Base64.decodeBase64(IOUtils.resourceToByteArray(
+ "/testdata/pades/testpdf.b64")),
+ "OnlyTSL",
+ true,
+ true);
+
+ // perform test
+ final VerifyCMSSignatureResponse result = cadesInvoker.verifyCMSSignature(request);
+
+ // verify result
+ assertNotNull("verification result", result);
+ assertEquals("wrong result size", 1, result.getResponseElements().size());
+
+ final VerifyCMSSignatureResponseElement cmsResult = (VerifyCMSSignatureResponseElement) result
+ .getResponseElements().get(0);
+ assertEquals("sigCode", 1, cmsResult.getSignatureCheck().getCode());
+ assertEquals("certCode", 0, cmsResult.getCertificateCheck().getCode());
+
+ assertNotNull("signerInfo", cmsResult.getSignerInfo());
+ assertEquals("issuerCC", "EE", cmsResult.getSignerInfo().getIssuerCountryCode());
+ assertFalse("publicAuthority", cmsResult.getSignerInfo().isPublicAuthority());
+ assertTrue("QC", cmsResult.getSignerInfo().isQualifiedCertificate());
+ assertTrue("SSCD", cmsResult.getSignerInfo().isSSCD());
+ assertNotNull("TSL infos", cmsResult.getSignerInfo().getTslInfos());
+
+ assertNotNull("form val. result", cmsResult.getAdESFormResults());
+ assertEquals("form val. result size", 4, cmsResult.getAdESFormResults().size());
+ for (final Object el : cmsResult.getAdESFormResults()) {
+ final AdESFormResults test = (AdESFormResults) el;
+ if (Arrays.asList("B-B","B-T").contains(test.getName())) {
+ assertEquals("Find wrong form val status", 0, test.getCode().longValue());
+
+ } else {
+ assertEquals("Find wrong form val status", 2, test.getCode().longValue());
+
+ }
+
+ }
+
+ assertNotNull("extended val. result", cmsResult.getExtendedCertificateCheck());
+ assertEquals("ext. val major", 1, cmsResult.getExtendedCertificateCheck().getMajorCode());
+ assertEquals("ext. val major", 2, cmsResult.getExtendedCertificateCheck().getMinorCode());
+
+ assertNotNull("byteRange", cmsResult.getByteRangeOfSignature());
+ assertEquals("used sig alg", "SHA1withRSA", cmsResult.getSignatureAlgorithm());
+
+ }
+
+}
diff --git a/moaSig/moa-sig/src/test/resources/moaspss_config/MOASPSSConfiguration_tsl_eu_official.xml b/moaSig/moa-sig/src/test/resources/moaspss_config/MOASPSSConfiguration_tsl_eu_official.xml
new file mode 100644
index 0000000..972cc4e
--- /dev/null
+++ b/moaSig/moa-sig/src/test/resources/moaspss_config/MOASPSSConfiguration_tsl_eu_official.xml
@@ -0,0 +1,108 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--MOA SPSS 1.3 Configuration File created by MOA SPSS Configuration Mapper-->
+<cfg:MOAConfiguration xmlns:cfg="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+<cfg:Common>
+ <cfg:PermitExternalUris>
+ <cfg:BlackListUri>
+ <cfg:IP>192.168</cfg:IP>
+ </cfg:BlackListUri>
+ </cfg:PermitExternalUris>
+ </cfg:Common>
+ <cfg:SignatureVerification>
+ <cfg:CertificateValidation>
+ <cfg:PathConstruction>
+ <cfg:AutoAddCertificates>true</cfg:AutoAddCertificates>
+ <cfg:UseAuthorityInformationAccess>true</cfg:UseAuthorityInformationAccess>
+ <cfg:CertificateStore>
+ <cfg:DirectoryStore>
+ <cfg:Location>certstore</cfg:Location>
+ </cfg:DirectoryStore>
+ </cfg:CertificateStore>
+ </cfg:PathConstruction>
+ <cfg:PathValidation>
+ <cfg:ChainingMode>
+ <cfg:DefaultMode>pkix</cfg:DefaultMode>
+ <cfg:TrustAnchor>
+ <cfg:Identification>
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </cfg:Identification>
+ <cfg:Mode>chaining</cfg:Mode>
+ </cfg:TrustAnchor>
+ <cfg:TrustAnchor>
+ <cfg:Identification>
+ <dsig:X509IssuerName>C=AT,O=Hauptverband österr. Sozialvers.,CN=Root-CA 1</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>376503867878755617282523408360935024869</dsig:X509SerialNumber>
+ </cfg:Identification>
+ <cfg:Mode>chaining</cfg:Mode>
+ </cfg:TrustAnchor>
+ </cfg:ChainingMode>
+ <cfg:TrustProfile>
+ <cfg:Id>MOAIDBuergerkarteAuthentisierungsDaten</cfg:Id>
+ <cfg:TrustAnchorsLocation>trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten</cfg:TrustAnchorsLocation>
+ </cfg:TrustProfile>
+ <cfg:TrustProfile>
+ <cfg:Id>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</cfg:Id>
+ <cfg:TrustAnchorsLocation>trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</cfg:TrustAnchorsLocation>
+ </cfg:TrustProfile>
+ <cfg:TrustProfile>
+ <cfg:Id>OnlyTSL</cfg:Id>
+ <cfg:TrustAnchorsLocation>trustProfiles/testTSL</cfg:TrustAnchorsLocation>
+ <!-- aktiviere TSL-Unterstützung für dieses Vertrauensprofil -->
+ <cfg:EUTSL>
+ <!-- Optional kann eine Länderliste mit zweistelligen Länderkürzeln angegeben werden (d.h. nur die -->
+ <!-- Vertrauensanker der angegeben Länder werden importiert) -->
+ <!-- cfg:CountrySelection>AT,BE</cfg:CountrySelection>
+ <cfg:AllowedTSPStatus></cfg:AllowedTSPStatus>
+ <cfg:AllowedTSPServiceTypes></cfg:AllowedTSPServiceTypes> -->
+ </cfg:EUTSL>
+ </cfg:TrustProfile>
+ </cfg:PathValidation>
+ <cfg:RevocationChecking>
+ <cfg:EnableChecking>false</cfg:EnableChecking>
+ <cfg:MaxRevocationAge>0</cfg:MaxRevocationAge>
+ <cfg:ServiceOrder>
+ <cfg:Service>CRL</cfg:Service>
+ <cfg:Service>OCSP</cfg:Service>
+ </cfg:ServiceOrder>
+ <cfg:Archiving>
+ <cfg:EnableArchiving>false</cfg:EnableArchiving>
+ <cfg:ArchiveDuration>365</cfg:ArchiveDuration>
+ <cfg:Archive>
+ <cfg:DatabaseArchive>
+ <cfg:JDBCURL>jdbc:url</cfg:JDBCURL>
+ <cfg:JDBCDriverClassName>fully.qualified.classname</cfg:JDBCDriverClassName>
+ </cfg:DatabaseArchive>
+ </cfg:Archive>
+ </cfg:Archiving>
+ </cfg:RevocationChecking>
+ <!-- Optionale Angabe einer TSL Konfiguration-->
+ <!-- Wichtig: Das WorkingDirectory muss jedenfalls den Unterordner „trust“ aus der Beispielkonfiguration beinhalten. -->
+ <cfg:TSLConfiguration>
+ <cfg:UpdateSchedule>
+ <cfg:StartTime>02:00:00</cfg:StartTime>
+ <cfg:Period>86400000</cfg:Period>
+ </cfg:UpdateSchedule>
+ <cfg:WorkingDirectory>tslworking</cfg:WorkingDirectory>
+ <cfg:Evaluation>
+ <cfg:QCQualifier>http://uri.etsi.org/TrstSvc/Svctype/CA/QC,http://uri.etsi.org/TrstSvc/Svctype/TSA/QTST</cfg:QCQualifier>
+ <cfg:SSCDQualifier>http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCWithSSCD,http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCWithQSCD</cfg:SSCDQualifier>
+ </cfg:Evaluation>
+ </cfg:TSLConfiguration>
+
+ </cfg:CertificateValidation>
+ <cfg:VerifyTransformsInfoProfile>
+ <cfg:Id>SL20Authblock_v1.0</cfg:Id>
+ <cfg:Location>profiles/SL20_authblock_v1.0.xml</cfg:Location>
+ </cfg:VerifyTransformsInfoProfile>
+ <cfg:VerifyTransformsInfoProfile>
+ <cfg:Id>SL20Authblock_v1.0_SIC</cfg:Id>
+ <cfg:Location>profiles/SL20_authblock_v1.0_SIC.xml</cfg:Location>
+ </cfg:VerifyTransformsInfoProfile>
+ <cfg:VerifyTransformsInfoProfile>
+ <cfg:Id>SL20Authblock_v1.0_OWN</cfg:Id>
+ <cfg:Location>profiles/SL20_authblock_v1.0_own.xml</cfg:Location>
+ </cfg:VerifyTransformsInfoProfile>
+ </cfg:SignatureVerification>
+
+</cfg:MOAConfiguration>
diff --git a/moaSig/moa-sig/src/test/resources/moaspss_config/tslworking/trust/eu/tsl_cert_20210325_1.crt b/moaSig/moa-sig/src/test/resources/moaspss_config/tslworking/trust/eu/tsl_cert_20210325_1.crt
new file mode 100644
index 0000000..0872d4c
--- /dev/null
+++ b/moaSig/moa-sig/src/test/resources/moaspss_config/tslworking/trust/eu/tsl_cert_20210325_1.crt
@@ -0,0 +1,3 @@
+-----BEGIN CERTIFICATE-----
+MIIH9jCCBt6gAwIBAgIQevrCNQpIXiCh355eXjwtpjANBgkqhkiG9w0BAQsFADCBuzELMAkGA1UEBhMCUFQxLDAqBgNVBAoTI0RpZ2l0YWxTaWduIC0gQ2VydGlmaWNhZG9yYSBEaWdpdGFsMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMTUwMwYDVQQLEyxDbGFzcyAyIE1hbmFnZWQgUEtJIEluZGl2aWR1YWwgU3Vic2NyaWJlciBDQTEmMCQGA1UEAxMdRGlnaXRhbFNpZ24gUXVhbGlmaWVkIENBIC0gRzMwHhcNMjAwOTI1MDAwMDAwWhcNMjMwOTI1MjM1OTU5WjCCAZAxCzAJBgNVBAYTAlJPMRwwGgYDVQQKFBNFVVJPUEVBTiBDT01NSVNTSU9OMRkwFwYDVQRhFBBWQVRCRS0wOTQ5MzgzMzQyMT0wOwYDVQQLEzRDZXJ0aWZpY2F0ZSBQcm9maWxlIC0gUXVhbGlmaWVkIENlcnRpZmljYXRlIC0gTWVtYmVyMUUwQwYDVQQLEzxUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cuZGlnaXRhbHNpZ24ucHQvRUNESUdJVEFMU0lHTi9ycGExIjAgBgNVBAsUGUVudGl0bGVtZW50IC0gRUMgT0ZGSUNJQUwxKzApBgkqhkiG9w0BCQEWHGFkcmlhbi5jcm9pdG9ydUBlYy5ldXJvcGEuZXUxETAPBgNVBAQUCENST0lUT1JVMRowGAYDVQQqFBFDT05TVEFOVElOLUFEUklBTjEdMBsGA1UECxQUUmVtb3RlUVNDRE1hbmFnZW1lbnQxIzAhBgNVBAMUGkNPTlNUQU5USU4tQURSSUFOIENST0lUT1JVMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAutg6RcTrmbtcPoxGSoMC1O5+151zAdaw21AklQOnkEMKC8aa5d4utJ3nfiQVIGRd6tFGu8hb8osuxzYEb6ycz5y/OiRVUkr96Gi7LzEv/lIFduIAQMmr+FATvolw+QBuId8WJJaVW04/h+DrEPmbXmx8AoNrrSTeJcQanm5gZy5jaDT/fD3cJYpedkAE9XaiLmfv4LnvOvnAHuIVeY+LXvrdLVFtSCn7Y37b0GwVWTUCkvhwY1xoJm1fgM/OLxfN0SFBHFihRPD2qPHdnu/CxH4/CLvEZM2IjJAPgUxIwbJy32IuiIfadTAeHavzNM1ND/sQnKypeDH1WiaeMPsw4QIDAQABo4IDHDCCAxgwCQYDVR0TBAIwADBzBgNVHR8EbDBqMGigZqBkhmJodHRwOi8vb25zaXRlY3JsLnRydXN0d2lzZS5jb20vRGlnaXRhbFNpZ25DZXJ0aWZpY2Fkb3JhRGlnaXRhbFF1YWxpZmllZENlcnRpZmljYXRlRzMvTGF0ZXN0Q1JMLmNybDAOBgNVHQ8BAf8EBAMCBkAwbgYDVR0gBGcwZTBJBgtghkgBhvhFAQcXAjA6MDgGCCsGAQUFBwIBFixodHRwczovL3d3dy5kaWdpdGFsc2lnbi5wdC9FQ0RJR0lUQUxTSUdOL2NwczANBgtghkgBhvhFAQcsAjAJBgcEAIvsQAECMB0GA1UdDgQWBBRF9Lg2cLhB8QApjl2qjMeSz7Q3JDAfBgNVHSMEGDAWgBT7Xo5CnCOoffQbjFx8Oxir2dn3QDAnBgNVHREEIDAegRxhZHJpYW4uY3JvaXRvcnVAZWMuZXVyb3BhLmV1MIHmBggrBgEFBQcBAwSB2TCB1jAVBggrBgEFBQcLAjAJBgcEAIvsSQEBMBUGCCsGAQUFBwsCMAkGBwQAi+xJAQIwCAYGBACORgEBMAgGBgQAjkYBBDATBgYEAI5GAQYwCQYHBACORgEGATB9BgYEAI5GAQUwczA2FjBodHRwczovL3d3dy5kaWdpdGFsc2lnbi5wdC9FQ0RJR0lUQUxTSUdOL2Nwcy9kZHATAlBUMDkWM2h0dHBzOi8vd3d3LmRpZ2l0YWxzaWduLnB0L0VDRElHSVRBTFNJR04vY3BzL2RkcF9lbhMCRU4wHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMIGkBggrBgEFBQcBAQSBlzCBlDApBggrBgEFBQcwAYYdaHR0cDovL3N0ZC1vY3NwLnRydXN0d2lzZS5jb20wZwYIKwYBBQUHMAKGW2h0dHA6Ly9vbnNpdGVjcmwudHJ1c3R3aXNlLmNvbS9EaWdpdGFsU2lnbkNlcnRpZmljYWRvcmFEaWdpdGFsUXVhbGlmaWVkQ2VydGlmaWNhdGVHMy9jYS5jcnQwDQYJKoZIhvcNAQELBQADggEBAF36+WqrFO9d+DnaWN6u+3I+L5GzNZszQ7ojgJBgECIuuM52D1Yiu6a8GlUvnwVFQVJ3jahn7wF0NtKsl4gx43xcuWL4npatQ6Lptt5Zhx9r7e8/gxCwTqSf3wM3obzj0VS2oXNqsbkt4yho+tmdyrbUv43vmrFzV0e95ULtdPV/z9illmd6fBPkMA2ZPZJlufa63loSOK54By40FNX3NIUvsrd9Qp8BN5kgeFzuLTibZA5GSF/hfgbECyDlNOcSRDRNc8qN58S91VgGfLRBvZRgWIyNqZl9fpzc+8qM+iiHkocQl7mFuhKcENmN+EE+VXKIqPjovE5z7QKq0GOmPZw=
+-----END CERTIFICATE-----