From 45860b07b44777b1ed2c9e76165da20f2655f92d Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Fri, 26 Mar 2021 22:28:28 +0100 Subject: add jUnit test the loads official TSL and perform a signature validation with TSL result --- .../test/integration/tsl/OfficialEuTslTest.java | 163 +++++++++++++++++++++ .../MOASPSSConfiguration_tsl_eu_official.xml | 108 ++++++++++++++ .../tslworking/trust/eu/tsl_cert_20210325_1.crt | 3 + 3 files changed, 274 insertions(+) create mode 100644 moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/tsl/OfficialEuTslTest.java create mode 100644 moaSig/moa-sig/src/test/resources/moaspss_config/MOASPSSConfiguration_tsl_eu_official.xml create mode 100644 moaSig/moa-sig/src/test/resources/moaspss_config/tslworking/trust/eu/tsl_cert_20210325_1.crt (limited to 'moaSig') diff --git a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/tsl/OfficialEuTslTest.java b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/tsl/OfficialEuTslTest.java new file mode 100644 index 0000000..e12bea3 --- /dev/null +++ b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/tsl/OfficialEuTslTest.java @@ -0,0 +1,163 @@ +package at.gv.egovernment.moa.spss.test.integration.tsl; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertTrue; + +import java.io.IOException; +import java.util.Arrays; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import javax.xml.parsers.ParserConfigurationException; + +import org.apache.commons.io.IOUtils; +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.BlockJUnit4ClassRunner; + +import at.gv.egovernment.moa.sig.tsl.engine.data.TSLProcessingResultElement; +import at.gv.egovernment.moa.spss.MOAException; +import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest; +import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; +import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement; +import at.gv.egovernment.moa.spss.api.xmlverify.AdESFormResults; +import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest; +import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse; +import at.gv.egovernment.moa.spss.server.config.ConfigurationException; +import at.gv.egovernment.moa.spss.server.init.SystemInitializer; +import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureVerificationInvoker; +import at.gv.egovernment.moa.spss.server.invoke.XMLSignatureVerificationInvoker; +import at.gv.egovernment.moa.spss.server.monitoring.ServiceStatusContainer; +import at.gv.egovernment.moa.spss.test.integration.AbstractIntegrationTest; + +@RunWith(BlockJUnit4ClassRunner.class) +public class OfficialEuTslTest extends AbstractIntegrationTest { + + CMSSignatureVerificationInvoker cadesInvoker; + + @BeforeClass + public static void classInitializer() throws IOException, ConfigurationException, + NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException { + jvmStateReset(); + + final String current = new java.io.File(".").getCanonicalPath(); + System.setProperty("moa.spss.server.configuration", + current + "/src/test/resources/moaspss_config/MOASPSSConfiguration_tsl_eu_official.xml"); + System.setProperty("iaik.esi.sva.configuration.location", + current + "/src/test/resources/moaspss_config/svaconfig.example"); + moaSpssCore = SystemInitializer.init(); + + } + + @Before + public void initializer() throws ConfigurationException { + cadesInvoker = CMSSignatureVerificationInvoker.getInstance(); + setUpContexts(RandomStringUtils.randomAlphabetic(10)); + + } + + @Test + public void checkTslState() { + assertTrue("TSL not active", ServiceStatusContainer.getStatus()); + + final List loadedTsl = ServiceStatusContainer.getTslDetailStatus(); + assertFalse("no TSL loaded", loadedTsl.isEmpty()); + assertTrue("wrong TSL size", loadedTsl.size() > 10); + + } + + @Test + public void basicValidationCadesSignature() throws MOAException, IOException { + final VerifyCMSSignatureRequest request = buildVerfifyCmsRequest( + org.apache.commons.codec.binary.Base64.decodeBase64(IOUtils.resourceToByteArray( + "/testdata/pades/testpdf.b64")), + "OnlyTSL", + true, + false); + + // perform test + final VerifyCMSSignatureResponse result = cadesInvoker.verifyCMSSignature(request); + + // verify result + assertNotNull("verification result", result); + assertEquals("wrong result size", 1, result.getResponseElements().size()); + + final VerifyCMSSignatureResponseElement cmsResult = (VerifyCMSSignatureResponseElement) result + .getResponseElements().get(0); + assertEquals("sigCode", 1, cmsResult.getSignatureCheck().getCode()); + assertEquals("certCode", 0, cmsResult.getCertificateCheck().getCode()); + + assertNotNull("signerInfo", cmsResult.getSignerInfo()); + assertEquals("issuerCC", "EE", cmsResult.getSignerInfo().getIssuerCountryCode()); + assertFalse("publicAuthority", cmsResult.getSignerInfo().isPublicAuthority()); + assertTrue("QC", cmsResult.getSignerInfo().isQualifiedCertificate()); + assertTrue("SSCD", cmsResult.getSignerInfo().isSSCD()); + assertNotNull("TSL infos", cmsResult.getSignerInfo().getTslInfos()); + + assertNull("form val. result", cmsResult.getAdESFormResults()); + assertNull("extended val. result", cmsResult.getExtendedCertificateCheck()); + assertNull("byteRange", cmsResult.getByteRangeOfSignature()); + assertNull("used sig alg", cmsResult.getSignatureAlgorithm()); + + } + + @Test + public void extendedValidationCadesSignature() throws MOAException, IOException { + final VerifyCMSSignatureRequest request = buildVerfifyCmsRequest( + org.apache.commons.codec.binary.Base64.decodeBase64(IOUtils.resourceToByteArray( + "/testdata/pades/testpdf.b64")), + "OnlyTSL", + true, + true); + + // perform test + final VerifyCMSSignatureResponse result = cadesInvoker.verifyCMSSignature(request); + + // verify result + assertNotNull("verification result", result); + assertEquals("wrong result size", 1, result.getResponseElements().size()); + + final VerifyCMSSignatureResponseElement cmsResult = (VerifyCMSSignatureResponseElement) result + .getResponseElements().get(0); + assertEquals("sigCode", 1, cmsResult.getSignatureCheck().getCode()); + assertEquals("certCode", 0, cmsResult.getCertificateCheck().getCode()); + + assertNotNull("signerInfo", cmsResult.getSignerInfo()); + assertEquals("issuerCC", "EE", cmsResult.getSignerInfo().getIssuerCountryCode()); + assertFalse("publicAuthority", cmsResult.getSignerInfo().isPublicAuthority()); + assertTrue("QC", cmsResult.getSignerInfo().isQualifiedCertificate()); + assertTrue("SSCD", cmsResult.getSignerInfo().isSSCD()); + assertNotNull("TSL infos", cmsResult.getSignerInfo().getTslInfos()); + + assertNotNull("form val. result", cmsResult.getAdESFormResults()); + assertEquals("form val. result size", 4, cmsResult.getAdESFormResults().size()); + for (final Object el : cmsResult.getAdESFormResults()) { + final AdESFormResults test = (AdESFormResults) el; + if (Arrays.asList("B-B","B-T").contains(test.getName())) { + assertEquals("Find wrong form val status", 0, test.getCode().longValue()); + + } else { + assertEquals("Find wrong form val status", 2, test.getCode().longValue()); + + } + + } + + assertNotNull("extended val. result", cmsResult.getExtendedCertificateCheck()); + assertEquals("ext. val major", 1, cmsResult.getExtendedCertificateCheck().getMajorCode()); + assertEquals("ext. val major", 2, cmsResult.getExtendedCertificateCheck().getMinorCode()); + + assertNotNull("byteRange", cmsResult.getByteRangeOfSignature()); + assertEquals("used sig alg", "SHA1withRSA", cmsResult.getSignatureAlgorithm()); + + } + +} diff --git a/moaSig/moa-sig/src/test/resources/moaspss_config/MOASPSSConfiguration_tsl_eu_official.xml b/moaSig/moa-sig/src/test/resources/moaspss_config/MOASPSSConfiguration_tsl_eu_official.xml new file mode 100644 index 0000000..972cc4e --- /dev/null +++ b/moaSig/moa-sig/src/test/resources/moaspss_config/MOASPSSConfiguration_tsl_eu_official.xml @@ -0,0 +1,108 @@ + + + + + + + 192.168 + + + + + + + true + true + + + certstore + + + + + + pkix + + + CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT + 536 + + chaining + + + + C=AT,O=Hauptverband österr. Sozialvers.,CN=Root-CA 1 + 376503867878755617282523408360935024869 + + chaining + + + + MOAIDBuergerkarteAuthentisierungsDaten + trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten + + + MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten + trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten + + + OnlyTSL + trustProfiles/testTSL + + + + + + + + + + false + 0 + + CRL + OCSP + + + false + 365 + + + jdbc:url + fully.qualified.classname + + + + + + + + + 02:00:00 + 86400000 + + tslworking + + http://uri.etsi.org/TrstSvc/Svctype/CA/QC,http://uri.etsi.org/TrstSvc/Svctype/TSA/QTST + http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCWithSSCD,http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCWithQSCD + + + + + + SL20Authblock_v1.0 + profiles/SL20_authblock_v1.0.xml + + + SL20Authblock_v1.0_SIC + profiles/SL20_authblock_v1.0_SIC.xml + + + SL20Authblock_v1.0_OWN + profiles/SL20_authblock_v1.0_own.xml + + + + diff --git a/moaSig/moa-sig/src/test/resources/moaspss_config/tslworking/trust/eu/tsl_cert_20210325_1.crt b/moaSig/moa-sig/src/test/resources/moaspss_config/tslworking/trust/eu/tsl_cert_20210325_1.crt new file mode 100644 index 0000000..0872d4c --- /dev/null +++ b/moaSig/moa-sig/src/test/resources/moaspss_config/tslworking/trust/eu/tsl_cert_20210325_1.crt @@ -0,0 +1,3 @@ +-----BEGIN CERTIFICATE----- +MIIH9jCCBt6gAwIBAgIQevrCNQpIXiCh355eXjwtpjANBgkqhkiG9w0BAQsFADCBuzELMAkGA1UEBhMCUFQxLDAqBgNVBAoTI0RpZ2l0YWxTaWduIC0gQ2VydGlmaWNhZG9yYSBEaWdpdGFsMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMTUwMwYDVQQLEyxDbGFzcyAyIE1hbmFnZWQgUEtJIEluZGl2aWR1YWwgU3Vic2NyaWJlciBDQTEmMCQGA1UEAxMdRGlnaXRhbFNpZ24gUXVhbGlmaWVkIENBIC0gRzMwHhcNMjAwOTI1MDAwMDAwWhcNMjMwOTI1MjM1OTU5WjCCAZAxCzAJBgNVBAYTAlJPMRwwGgYDVQQKFBNFVVJPUEVBTiBDT01NSVNTSU9OMRkwFwYDVQRhFBBWQVRCRS0wOTQ5MzgzMzQyMT0wOwYDVQQLEzRDZXJ0aWZpY2F0ZSBQcm9maWxlIC0gUXVhbGlmaWVkIENlcnRpZmljYXRlIC0gTWVtYmVyMUUwQwYDVQQLEzxUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cuZGlnaXRhbHNpZ24ucHQvRUNESUdJVEFMU0lHTi9ycGExIjAgBgNVBAsUGUVudGl0bGVtZW50IC0gRUMgT0ZGSUNJQUwxKzApBgkqhkiG9w0BCQEWHGFkcmlhbi5jcm9pdG9ydUBlYy5ldXJvcGEuZXUxETAPBgNVBAQUCENST0lUT1JVMRowGAYDVQQqFBFDT05TVEFOVElOLUFEUklBTjEdMBsGA1UECxQUUmVtb3RlUVNDRE1hbmFnZW1lbnQxIzAhBgNVBAMUGkNPTlNUQU5USU4tQURSSUFOIENST0lUT1JVMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAutg6RcTrmbtcPoxGSoMC1O5+151zAdaw21AklQOnkEMKC8aa5d4utJ3nfiQVIGRd6tFGu8hb8osuxzYEb6ycz5y/OiRVUkr96Gi7LzEv/lIFduIAQMmr+FATvolw+QBuId8WJJaVW04/h+DrEPmbXmx8AoNrrSTeJcQanm5gZy5jaDT/fD3cJYpedkAE9XaiLmfv4LnvOvnAHuIVeY+LXvrdLVFtSCn7Y37b0GwVWTUCkvhwY1xoJm1fgM/OLxfN0SFBHFihRPD2qPHdnu/CxH4/CLvEZM2IjJAPgUxIwbJy32IuiIfadTAeHavzNM1ND/sQnKypeDH1WiaeMPsw4QIDAQABo4IDHDCCAxgwCQYDVR0TBAIwADBzBgNVHR8EbDBqMGigZqBkhmJodHRwOi8vb25zaXRlY3JsLnRydXN0d2lzZS5jb20vRGlnaXRhbFNpZ25DZXJ0aWZpY2Fkb3JhRGlnaXRhbFF1YWxpZmllZENlcnRpZmljYXRlRzMvTGF0ZXN0Q1JMLmNybDAOBgNVHQ8BAf8EBAMCBkAwbgYDVR0gBGcwZTBJBgtghkgBhvhFAQcXAjA6MDgGCCsGAQUFBwIBFixodHRwczovL3d3dy5kaWdpdGFsc2lnbi5wdC9FQ0RJR0lUQUxTSUdOL2NwczANBgtghkgBhvhFAQcsAjAJBgcEAIvsQAECMB0GA1UdDgQWBBRF9Lg2cLhB8QApjl2qjMeSz7Q3JDAfBgNVHSMEGDAWgBT7Xo5CnCOoffQbjFx8Oxir2dn3QDAnBgNVHREEIDAegRxhZHJpYW4uY3JvaXRvcnVAZWMuZXVyb3BhLmV1MIHmBggrBgEFBQcBAwSB2TCB1jAVBggrBgEFBQcLAjAJBgcEAIvsSQEBMBUGCCsGAQUFBwsCMAkGBwQAi+xJAQIwCAYGBACORgEBMAgGBgQAjkYBBDATBgYEAI5GAQYwCQYHBACORgEGATB9BgYEAI5GAQUwczA2FjBodHRwczovL3d3dy5kaWdpdGFsc2lnbi5wdC9FQ0RJR0lUQUxTSUdOL2Nwcy9kZHATAlBUMDkWM2h0dHBzOi8vd3d3LmRpZ2l0YWxzaWduLnB0L0VDRElHSVRBTFNJR04vY3BzL2RkcF9lbhMCRU4wHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMIGkBggrBgEFBQcBAQSBlzCBlDApBggrBgEFBQcwAYYdaHR0cDovL3N0ZC1vY3NwLnRydXN0d2lzZS5jb20wZwYIKwYBBQUHMAKGW2h0dHA6Ly9vbnNpdGVjcmwudHJ1c3R3aXNlLmNvbS9EaWdpdGFsU2lnbkNlcnRpZmljYWRvcmFEaWdpdGFsUXVhbGlmaWVkQ2VydGlmaWNhdGVHMy9jYS5jcnQwDQYJKoZIhvcNAQELBQADggEBAF36+WqrFO9d+DnaWN6u+3I+L5GzNZszQ7ojgJBgECIuuM52D1Yiu6a8GlUvnwVFQVJ3jahn7wF0NtKsl4gx43xcuWL4npatQ6Lptt5Zhx9r7e8/gxCwTqSf3wM3obzj0VS2oXNqsbkt4yho+tmdyrbUv43vmrFzV0e95ULtdPV/z9illmd6fBPkMA2ZPZJlufa63loSOK54By40FNX3NIUvsrd9Qp8BN5kgeFzuLTibZA5GSF/hfgbECyDlNOcSRDRNc8qN58S91VgGfLRBvZRgWIyNqZl9fpzc+8qM+iiHkocQl7mFuhKcENmN+EE+VXKIqPjovE5z7QKq0GOmPZw= +-----END CERTIFICATE----- -- cgit v1.2.3