diff options
3 files changed, 279 insertions, 0 deletions
diff --git a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/CadesIntegrationHsmTest.java b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/CadesIntegrationHsmTest.java new file mode 100644 index 0000000..4777c59 --- /dev/null +++ b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/CadesIntegrationHsmTest.java @@ -0,0 +1,131 @@ +package at.gv.egovernment.moa.spss.test.integration; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; + +import java.io.IOException; +import java.lang.reflect.Field; + +import javax.xml.parsers.ParserConfigurationException; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.AfterClass; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Ignore; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.BlockJUnit4ClassRunner; +import org.w3c.dom.Element; +import org.xml.sax.SAXException; + +import at.gv.egovernment.moa.spss.MOAException; +import at.gv.egovernment.moa.spss.api.cmssign.CMSSignatureResponse; +import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureRequest; +import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponse; +import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest; +import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; +import at.gv.egovernment.moa.spss.api.xmlbind.CreateCMSSignatureRequestParser; +import at.gv.egovernment.moa.spss.server.config.ConfigurationException; +import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; +import at.gv.egovernment.moa.spss.server.init.SystemInitializer; +import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureCreationInvoker; +import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureVerificationInvoker; +import at.gv.egovernment.moa.spss.tsl.TSLServiceFactory; +import at.gv.egovernment.moaspss.util.DOMUtils; +import iaik.pki.Configurator; +import iaik.pki.PKIFactory; + +@RunWith(BlockJUnit4ClassRunner.class) +@Ignore +public class CadesIntegrationHsmTest extends AbstractIntegrationTest { + + CMSSignatureVerificationInvoker verifyCadesInvoker; + private CMSSignatureCreationInvoker signCadesInvoker; + + @BeforeClass + public static void classInitializer() throws IOException, ConfigurationException, + NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException { + jvmStateReset(); + + // System.setProperty("java.library.path", + // "/home/tlenz/Projekte/moa-id/release/moa-id-auth-3.0.0/pkcs11/linux"); + // System.setProperty("java.library.path", + // "/usr/lib/x86_64-linux-gnu/libykcs11.so"); + + final String current = new java.io.File(".").getCanonicalPath(); + System.setProperty("moa.spss.server.configuration", + current + "/src/test/resources/moaspss_config/MOASPSSConfiguration_HSM.xml"); + moaSpssCore = SystemInitializer.init(); + + } + + @AfterClass + public static void classReset() throws NoSuchFieldException, + SecurityException, IllegalArgumentException, IllegalAccessException { + + // reset TSL client + final Field field1 = TSLServiceFactory.class.getDeclaredField("tslClient"); + field1.setAccessible(true); + field1.set(null, null); + + final Field field2 = ConfigurationProvider.class.getDeclaredField("instance"); + field2.setAccessible(true); + field2.set(null, null); + + final Field field3 = PKIFactory.class.getDeclaredField("instance_"); + field3.setAccessible(true); + field3.set(null, null); + + final Field field4 = Configurator.class.getDeclaredField("C"); + field4.setAccessible(true); + field4.set(null, false); + + } + + @Before + public void initializer() throws ConfigurationException { + verifyCadesInvoker = CMSSignatureVerificationInvoker.getInstance(); + signCadesInvoker = CMSSignatureCreationInvoker.getInstance(); + + setUpContexts(RandomStringUtils.randomAlphabetic(10)); + + } + + @Test + public void simpleCadesCreationHW() throws MOAException, ParserConfigurationException, SAXException, + IOException { + // build request + final Element cadesReqXml = DOMUtils.parseXmlNonValidating( + CadesIntegrationHsmTest.class.getResourceAsStream("/testdata/cades/createCades_1_hw.xml")); + final CreateCMSSignatureRequest cadesReq = new CreateCMSSignatureRequestParser().parse(cadesReqXml); + + // perform test + final CreateCMSSignatureResponse cadesResp = signCadesInvoker.createCMSSignature(cadesReq, null); + + // validate response + assertNotNull("cadesResp", cadesResp); + assertNotNull("cadesResp elements", cadesResp.getResponseElements()); + assertFalse("cadesResp elements", cadesResp.getResponseElements().isEmpty()); + + final CMSSignatureResponse cades = (CMSSignatureResponse) cadesResp.getResponseElements().get(0); + assertNotNull("cades Sig.", cades.getCMSSignature()); + + // signature + final VerifyCMSSignatureRequest request = buildVerfifyCmsRequest( + org.apache.commons.codec.binary.Base64.decodeBase64(cades.getCMSSignature()), + "jUnitSigning", + false, + true); + + // perform test + final VerifyCMSSignatureResponse result = verifyCadesInvoker.verifyCMSSignature(request); + + // verify result + assertNotNull("verification result", result); + assertEquals("wrong result size", 1, result.getResponseElements().size()); + + } + +} diff --git a/moaSig/moa-sig/src/test/resources/moaspss_config/MOASPSSConfiguration_HSM.xml b/moaSig/moa-sig/src/test/resources/moaspss_config/MOASPSSConfiguration_HSM.xml new file mode 100644 index 0000000..f36ed6a --- /dev/null +++ b/moaSig/moa-sig/src/test/resources/moaspss_config/MOASPSSConfiguration_HSM.xml @@ -0,0 +1,133 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!--MOA SPSS 1.3 Configuration File created by MOA SPSS Configuration Mapper--> +<cfg:MOAConfiguration xmlns:cfg="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> +<cfg:Common> + <cfg:PermitExternalUris> + <cfg:BlackListUri> + <cfg:IP>192.168</cfg:IP> + </cfg:BlackListUri> + </cfg:PermitExternalUris> + </cfg:Common> + + <cfg:SignatureCreation> + <cfg:KeyModules> + <cfg:SoftwareKeyModule> + <cfg:Id>SKM_junit</cfg:Id> + <cfg:FileName>keys/junit_signing.p12</cfg:FileName> + <cfg:Password>nichts</cfg:Password> + </cfg:SoftwareKeyModule> + <cfg:HardwareKeyModule> + <cfg:Id>SKM_junit_HW</cfg:Id> + <cfg:Name>/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so</cfg:Name> + <cfg:SlotId>4</cfg:SlotId> + <cfg:UserPIN>149625</cfg:UserPIN> + </cfg:HardwareKeyModule> + </cfg:KeyModules> + <cfg:KeyGroup> + <cfg:Id>KG_junit</cfg:Id> + <cfg:Key> + <cfg:KeyModuleId>SKM_junit</cfg:KeyModuleId> + <cfg:KeyCertIssuerSerial> + <dsig:X509IssuerName>CN=MOA-SPSS signing,OU=jUnit Tests,O=EGIZ,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>1619541256</dsig:X509SerialNumber> + </cfg:KeyCertIssuerSerial> + </cfg:Key> + </cfg:KeyGroup> + <cfg:KeyGroup> + <cfg:Id>KG_junit_HW</cfg:Id> + <cfg:Key> + <cfg:KeyModuleId>SKM_junit_HW</cfg:KeyModuleId> + <cfg:KeyCertIssuerSerial> + <dsig:X509IssuerName>CN=tlenz</dsig:X509IssuerName> + <dsig:X509SerialNumber>617051910742288176146451931650085354803420689033</dsig:X509SerialNumber> + </cfg:KeyCertIssuerSerial> + </cfg:Key> + </cfg:KeyGroup> + <cfg:KeyGroupMapping> + <cfg:KeyGroupId>KG_junit</cfg:KeyGroupId> + <cfg:KeyGroupId>KG_junit_HW</cfg:KeyGroupId> + </cfg:KeyGroupMapping> + <cfg:XMLDSig> + <cfg:CanonicalizationAlgorithm>http://www.w3.org/2001/10/xml-exc-c14n#</cfg:CanonicalizationAlgorithm> + <cfg:DigestMethodAlgorithm>http://www.w3.org/2000/09/xmldsig#sha256</cfg:DigestMethodAlgorithm> + </cfg:XMLDSig> + </cfg:SignatureCreation> + + <cfg:SignatureVerification> + <cfg:CertificateValidation> + <cfg:ConnectionTimeout>10</cfg:ConnectionTimeout> + <cfg:ReadTimeout>10</cfg:ReadTimeout> + <cfg:PathConstruction> + <cfg:AutoAddCertificates>true</cfg:AutoAddCertificates> + <cfg:AutoAddEECertificates>false</cfg:AutoAddEECertificates> + <cfg:UseAuthorityInformationAccess>true</cfg:UseAuthorityInformationAccess> + <cfg:CertificateStore> + <cfg:DirectoryStore> + <cfg:Location>certstore</cfg:Location> + </cfg:DirectoryStore> + </cfg:CertificateStore> + </cfg:PathConstruction> + <cfg:PathValidation> + <cfg:ChainingMode> + <cfg:DefaultMode>pkix</cfg:DefaultMode> + <cfg:TrustAnchor> + <cfg:Identification> + <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>536</dsig:X509SerialNumber> + </cfg:Identification> + <cfg:Mode>chaining</cfg:Mode> + </cfg:TrustAnchor> + <cfg:TrustAnchor> + <cfg:Identification> + <dsig:X509IssuerName>C=AT,O=Hauptverband österr. Sozialvers.,CN=Root-CA 1</dsig:X509IssuerName> + <dsig:X509SerialNumber>376503867878755617282523408360935024869</dsig:X509SerialNumber> + </cfg:Identification> + <cfg:Mode>chaining</cfg:Mode> + </cfg:TrustAnchor> + </cfg:ChainingMode> + <cfg:TrustProfile> + <cfg:Id>MOAIDBuergerkarteAuthentisierungsDaten</cfg:Id> + <cfg:TrustAnchorsLocation>trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten</cfg:TrustAnchorsLocation> + </cfg:TrustProfile> + <cfg:TrustProfile> + <cfg:Id>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</cfg:Id> + <cfg:TrustAnchorsLocation>trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</cfg:TrustAnchorsLocation> + </cfg:TrustProfile> + <cfg:TrustProfile> + <cfg:Id>jUnitSigning</cfg:Id> + <cfg:TrustAnchorsLocation>trustProfiles/jUnitSigning</cfg:TrustAnchorsLocation> + </cfg:TrustProfile> + </cfg:PathValidation> + <cfg:RevocationChecking> + <cfg:EnableChecking>false</cfg:EnableChecking> + <cfg:MaxRevocationAge>0</cfg:MaxRevocationAge> + <cfg:ServiceOrder> + <cfg:Service>CRL</cfg:Service> + <cfg:Service>OCSP</cfg:Service> + </cfg:ServiceOrder> + <cfg:Archiving> + <cfg:EnableArchiving>false</cfg:EnableArchiving> + <cfg:ArchiveDuration>365</cfg:ArchiveDuration> + <cfg:Archive> + <cfg:DatabaseArchive> + <cfg:JDBCURL>jdbc:url</cfg:JDBCURL> + <cfg:JDBCDriverClassName>fully.qualified.classname</cfg:JDBCDriverClassName> + </cfg:DatabaseArchive> + </cfg:Archive> + </cfg:Archiving> + </cfg:RevocationChecking> + </cfg:CertificateValidation> + <cfg:VerifyTransformsInfoProfile> + <cfg:Id>SL20Authblock_v1.0</cfg:Id> + <cfg:Location>profiles/SL20_authblock_v1.0.xml</cfg:Location> + </cfg:VerifyTransformsInfoProfile> + <cfg:VerifyTransformsInfoProfile> + <cfg:Id>SL20Authblock_v1.0_SIC</cfg:Id> + <cfg:Location>profiles/SL20_authblock_v1.0_SIC.xml</cfg:Location> + </cfg:VerifyTransformsInfoProfile> + <cfg:VerifyTransformsInfoProfile> + <cfg:Id>SL20Authblock_v1.0_OWN</cfg:Id> + <cfg:Location>profiles/SL20_authblock_v1.0_own.xml</cfg:Location> + </cfg:VerifyTransformsInfoProfile> + </cfg:SignatureVerification> +</cfg:MOAConfiguration> diff --git a/moaSig/moa-sig/src/test/resources/testdata/cades/createCades_1_hw.xml b/moaSig/moa-sig/src/test/resources/testdata/cades/createCades_1_hw.xml new file mode 100644 index 0000000..08234fb --- /dev/null +++ b/moaSig/moa-sig/src/test/resources/testdata/cades/createCades_1_hw.xml @@ -0,0 +1,15 @@ +<ns:CreateCMSSignatureRequest xmlns:ns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <ns:KeyIdentifier>KG_junit_HW</ns:KeyIdentifier> + <ns:SingleSignatureInfo SecurityLayerConformity="false" PAdESConformity="false"> + <ns:DataObjectInfo Structure="enveloping"> + <ns:DataObject> + <ns:MetaInfo> + <ns:MimeType>application/securitylayer2+json</ns:MimeType> + </ns:MetaInfo> + <ns:Content> + <ns:Base64Content>ew0KICAiYXBwSWQiOiAiaHR0cHM6Ly9kZW1vU1AiLA0KICAiZnJpZW5kbHlOYW1lIjogIkZpcnN0IERlbW8gU1AiLA0KICAiY291bnRyeUNvZGUiOiAiQVQiLA0KICAiYXV0aCI6IHsNCiAgICAicHJvY2Vzc0lkIjogImFhYmJjY2RkZWVmZjEyMzQiLA0KICAgICJ1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS45MCI6ICIxMWFhMjJiYjMzY2M0NGVlIg0KICB9LA0KICAiYXR0cmlidXRlcyI6IHsNCiAgICAidXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuMjAiOiAiTmFjaG5hbWUiLA0KICAgICJ1cm46b2lkOjIuNS40LjQyIjogIlZvcm5hbWUiLA0KICAgICJ1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjU1IjogIkdlYnVydHNkYXR1bSIsDQogICAgInVybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuMTQ5IjogIkJlcmVpY2hzc3BlemlmaXNjaGVzIFBlcnNvbmVua2VubnplaWNoZW4iDQogIH0sDQogICJjb25zdHJhaW5zIjogew0KICAgICJ2YWxpZEZyb20iOiAiMjAxOS0wNC0yOVQwODo1MDo1Ni40NTBaIiwNCiAgICAidmFsaWRUbyI6ICIyMDE5LTA0LTI5VDA5OjUwOjU2LjQ1MFoiDQogIH0sDQogICJ2aWV3Ijogew0KICAgICJ0ZW1wbGF0ZVVSSSI6ICJ3d3cuaGFuZHktc2lnbmF0dXIuYXQvc2VjdXJpdHlsYXllcjIvdGVtcGxhdGUvMjM3NCIsDQogICAgImhhc2hUZW1wbGF0ZSI6ICJBZDkxMmphaGdsYXNkPSINCiAgfQ0KfQ==</ns:Base64Content> + </ns:Content> + </ns:DataObject> + </ns:DataObjectInfo> + </ns:SingleSignatureInfo> + </ns:CreateCMSSignatureRequest> |