package at.gv.egovernment.moa.spss.test.integration; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; import static org.junit.Assert.assertThrows; import static org.junit.Assert.assertTrue; import java.io.IOException; import java.lang.reflect.Field; import java.util.Arrays; import java.util.List; import javax.xml.parsers.ParserConfigurationException; import org.apache.commons.io.IOUtils; import org.apache.commons.lang3.RandomStringUtils; import org.junit.AfterClass; import org.junit.Before; import org.junit.BeforeClass; import org.junit.Ignore; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.BlockJUnit4ClassRunner; import org.w3c.dom.Element; import org.xml.sax.SAXException; import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.api.SPSSFactory; import at.gv.egovernment.moa.spss.api.cmssign.CMSSignatureResponse; import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureRequest; import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponse; import at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement; import at.gv.egovernment.moa.spss.api.xmlbind.CreateCMSSignatureRequestParser; import at.gv.egovernment.moa.spss.api.xmlverify.AdESFormResults; import at.gv.egovernment.moa.spss.server.config.ConfigurationException; import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; import at.gv.egovernment.moa.spss.server.init.SystemInitializer; import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureCreationInvoker; import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureVerificationInvoker; import at.gv.egovernment.moa.spss.tsl.TSLServiceFactory; import at.gv.egovernment.moaspss.util.DOMUtils; import iaik.pki.Configurator; import iaik.pki.PKIFactory; @RunWith(BlockJUnit4ClassRunner.class) public class CadesIntegrationTest extends AbstractIntegrationTest { CMSSignatureVerificationInvoker verifyCadesInvoker; private CMSSignatureCreationInvoker signCadesInvoker; @BeforeClass public static void classInitializer() throws IOException, ConfigurationException, NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException { jvmStateReset(); final String current = new java.io.File(".").getCanonicalPath(); System.setProperty("moa.spss.server.configuration", current + "/src/test/resources/moaspss_config/MOASPSSConfiguration.xml"); moaSpssCore = SystemInitializer.init(); } @AfterClass public static void classReset() throws NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException { // reset TSL client final Field field1 = TSLServiceFactory.class.getDeclaredField("tslClient"); field1.setAccessible(true); field1.set(null, null); final Field field2 = ConfigurationProvider.class.getDeclaredField("instance"); field2.setAccessible(true); field2.set(null, null); final Field field3 = PKIFactory.class.getDeclaredField("instance_"); field3.setAccessible(true); field3.set(null, null); final Field field4 = Configurator.class.getDeclaredField("C"); field4.setAccessible(true); field4.set(null, false); } @Before public void initializer() throws ConfigurationException { verifyCadesInvoker = CMSSignatureVerificationInvoker.getInstance(); signCadesInvoker = CMSSignatureCreationInvoker.getInstance(); setUpContexts(RandomStringUtils.randomAlphabetic(10)); } @Test public void missingTrustProfile() throws IOException { final VerifyCMSSignatureRequest request = buildVerfifyCmsRequest( org.apache.commons.codec.binary.Base64.decodeBase64(IOUtils.resourceToByteArray( "/testdata/cades/simpleCadesSig.b64")), RandomStringUtils.randomAlphabetic(5), false, false); // perform test final MOAException error = assertThrows(MOAException.class, () -> verifyCadesInvoker.verifyCMSSignature( request)); assertEquals("wrong errorCode", "2203", error.getMessageId()); } @Ignore @Test public void basicValidationAtrustEidCadesSignature() throws MOAException, IOException { final VerifyCMSSignatureRequest request = buildVerfifyCmsRequest( org.apache.commons.codec.binary.Base64.decodeBase64(IOUtils.resourceToByteArray( "/testdata/cades/ATrust_SigTest1.b64")), "MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten", false, false); // perform test final VerifyCMSSignatureResponse result = verifyCadesInvoker.verifyCMSSignature(request); // verify result assertNotNull("verification result", result); assertEquals("wrong result size", 1, result.getResponseElements().size()); final VerifyCMSSignatureResponseElement cmsResult = (VerifyCMSSignatureResponseElement) result .getResponseElements().get(0); assertEquals("sigCode", 0, cmsResult.getSignatureCheck().getCode()); assertEquals("certCode", 0, cmsResult.getCertificateCheck().getCode()); assertNotNull("signerInfo", cmsResult.getSignerInfo()); assertEquals("issuerCC", "AT", cmsResult.getSignerInfo().getIssuerCountryCode()); assertFalse("publicAuthority", cmsResult.getSignerInfo().isPublicAuthority()); assertTrue("QC", cmsResult.getSignerInfo().isQualifiedCertificate()); assertTrue("SSCD", cmsResult.getSignerInfo().isSSCD()); assertNull("TSL infos", cmsResult.getSignerInfo().getTslInfos()); assertNull("form val. result", cmsResult.getAdESFormResults()); assertNull("extended val. result", cmsResult.getExtendedCertificateCheck()); assertNull("byteRange", cmsResult.getByteRangeOfSignature()); assertNull("used sig alg", cmsResult.getSignatureAlgorithm()); } @Ignore @Test public void extendedValidationAtrustEidCadesSignature() throws MOAException, IOException { final VerifyCMSSignatureRequest request = buildVerfifyCmsRequest( org.apache.commons.codec.binary.Base64.decodeBase64(IOUtils.resourceToByteArray( "/testdata/cades/ATrust_SigTest1.b64")), "MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten", false, true); // perform test final VerifyCMSSignatureResponse result = verifyCadesInvoker.verifyCMSSignature(request); // verify result assertNotNull("verification result", result); assertEquals("wrong result size", 1, result.getResponseElements().size()); final VerifyCMSSignatureResponseElement cmsResult = (VerifyCMSSignatureResponseElement) result .getResponseElements().get(0); assertEquals("sigCode", 0, cmsResult.getSignatureCheck().getCode()); assertEquals("certCode", 0, cmsResult.getCertificateCheck().getCode()); assertNotNull("signerInfo", cmsResult.getSignerInfo()); assertEquals("issuerCC", "AT", cmsResult.getSignerInfo().getIssuerCountryCode()); assertFalse("publicAuthority", cmsResult.getSignerInfo().isPublicAuthority()); assertTrue("QC", cmsResult.getSignerInfo().isQualifiedCertificate()); assertTrue("SSCD", cmsResult.getSignerInfo().isSSCD()); assertNull("TSL infos", cmsResult.getSignerInfo().getTslInfos()); assertNotNull("form val. result", cmsResult.getAdESFormResults()); assertEquals("form val. result size", 4, cmsResult.getAdESFormResults().size()); for (final Object el : cmsResult.getAdESFormResults()) { final AdESFormResults test = (AdESFormResults) el; if (test.getCode().longValue() == 0) { assertEquals("wrong from name", "B-B", test.getName()); } else { assertEquals("Find wrong form val status", 2, test.getCode().longValue()); } } assertNotNull("extended val. result", cmsResult.getExtendedCertificateCheck()); assertEquals("ext. val major", 2, cmsResult.getExtendedCertificateCheck().getMajorCode()); assertEquals("ext. val major", 24, cmsResult.getExtendedCertificateCheck().getMinorCode()); assertNull("byteRange", cmsResult.getByteRangeOfSignature()); assertEquals("used sig alg", "SHA256withECDSA", cmsResult.getSignatureAlgorithm()); } @Test public void basicValidationCadesSignature() throws MOAException, IOException { final VerifyCMSSignatureRequest request = buildVerfifyCmsRequest( org.apache.commons.codec.binary.Base64.decodeBase64(IOUtils.resourceToByteArray( "/testdata/cades/simpleCadesSig.b64")), "MOAIDBuergerkarteAuthentisierungsDaten", false, false); // perform test final VerifyCMSSignatureResponse result = verifyCadesInvoker.verifyCMSSignature(request); // verify result assertNotNull("verification result", result); assertEquals("wrong result size", 1, result.getResponseElements().size()); final VerifyCMSSignatureResponseElement cmsResult = (VerifyCMSSignatureResponseElement) result .getResponseElements().get(0); assertEquals("sigCode", 0, cmsResult.getSignatureCheck().getCode()); assertEquals("certCode", 1, cmsResult.getCertificateCheck().getCode()); assertNotNull("signerInfo", cmsResult.getSignerInfo()); assertEquals("issuerCC", "AT", cmsResult.getSignerInfo().getIssuerCountryCode()); assertFalse("publicAuthority", cmsResult.getSignerInfo().isPublicAuthority()); assertFalse("QC", cmsResult.getSignerInfo().isQualifiedCertificate()); assertFalse("SSCD", cmsResult.getSignerInfo().isSSCD()); assertNull("TSL infos", cmsResult.getSignerInfo().getTslInfos()); assertNull("form val. result", cmsResult.getAdESFormResults()); assertNull("extended val. result", cmsResult.getExtendedCertificateCheck()); assertNull("byteRange", cmsResult.getByteRangeOfSignature()); assertNull("used sig alg", cmsResult.getSignatureAlgorithm()); } @Test public void extendedValidationCadesSignature() throws MOAException, IOException { final VerifyCMSSignatureRequest request = buildVerfifyCmsRequest( org.apache.commons.codec.binary.Base64.decodeBase64(IOUtils.resourceToByteArray( "/testdata/cades/simpleCadesSig.b64")), "MOAIDBuergerkarteAuthentisierungsDaten", false, true); // perform test final VerifyCMSSignatureResponse result = verifyCadesInvoker.verifyCMSSignature(request); // verify result assertNotNull("verification result", result); assertEquals("wrong result size", 1, result.getResponseElements().size()); final VerifyCMSSignatureResponseElement cmsResult = (VerifyCMSSignatureResponseElement) result .getResponseElements().get(0); assertEquals("sigCode", 0, cmsResult.getSignatureCheck().getCode()); assertEquals("certCode", 1, cmsResult.getCertificateCheck().getCode()); assertNotNull("signerInfo", cmsResult.getSignerInfo()); assertEquals("issuerCC", "AT", cmsResult.getSignerInfo().getIssuerCountryCode()); assertFalse("publicAuthority", cmsResult.getSignerInfo().isPublicAuthority()); assertFalse("QC", cmsResult.getSignerInfo().isQualifiedCertificate()); assertFalse("SSCD", cmsResult.getSignerInfo().isSSCD()); assertNull("TSL infos", cmsResult.getSignerInfo().getTslInfos()); assertNotNull("form val. result", cmsResult.getAdESFormResults()); assertEquals("form val. result size", 4, cmsResult.getAdESFormResults().size()); for (final Object el : cmsResult.getAdESFormResults()) { final AdESFormResults test = (AdESFormResults) el; assertEquals("Find wrong form val status", 1, test.getCode().longValue()); } assertNotNull("extended val. result", cmsResult.getExtendedCertificateCheck()); assertEquals("ext. val major", 2, cmsResult.getExtendedCertificateCheck().getMajorCode()); assertEquals("ext. val major", 24, cmsResult.getExtendedCertificateCheck().getMinorCode()); assertNull("byteRange", cmsResult.getByteRangeOfSignature()); assertEquals("used sig alg", "SHA256withRSA", cmsResult.getSignatureAlgorithm()); } @Test public void simpleCmsCreation() throws MOAException, ParserConfigurationException, SAXException, IOException { // build request Element cadesReqXml = DOMUtils.parseXmlNonValidating( CadesIntegrationTest.class.getResourceAsStream("/testdata/cades/createCades_1.xml")); CreateCMSSignatureRequest cadesReq = new CreateCMSSignatureRequestParser().parse(cadesReqXml); // perform test CreateCMSSignatureResponse cadesResp = signCadesInvoker.createCMSSignature(cadesReq, null); // validate response assertNotNull("cadesResp", cadesResp); assertNotNull("cadesResp elements", cadesResp.getResponseElements()); assertFalse("cadesResp elements", cadesResp.getResponseElements().isEmpty()); CMSSignatureResponse cades = (CMSSignatureResponse) cadesResp.getResponseElements().get(0); assertNotNull("cades Sig.", cades.getCMSSignature()); // signature final VerifyCMSSignatureRequest request = buildVerfifyCmsRequest( org.apache.commons.codec.binary.Base64.decodeBase64(cades.getCMSSignature()), "jUnitSigning", false, false); // perform test final VerifyCMSSignatureResponse result = verifyCadesInvoker.verifyCMSSignature(request); // verify result assertNotNull("verification result", result); assertEquals("wrong result size", 1, result.getResponseElements().size()); final VerifyCMSSignatureResponseElement cmsResult = (VerifyCMSSignatureResponseElement) result .getResponseElements().get(0); assertEquals("sigCode", 0, cmsResult.getSignatureCheck().getCode()); assertEquals("certCode", 0, cmsResult.getCertificateCheck().getCode()); } @Test public void simpleCadesCreation() throws MOAException, ParserConfigurationException, SAXException, IOException { // build request Element cadesReqXml = DOMUtils.parseXmlNonValidating( CadesIntegrationTest.class.getResourceAsStream("/testdata/cades/createCades_2.xml")); CreateCMSSignatureRequest cadesReq = new CreateCMSSignatureRequestParser().parse(cadesReqXml); // perform test CreateCMSSignatureResponse cadesResp = signCadesInvoker.createCMSSignature(cadesReq, null); // validate response assertNotNull("cadesResp", cadesResp); assertNotNull("cadesResp elements", cadesResp.getResponseElements()); assertFalse("cadesResp elements", cadesResp.getResponseElements().isEmpty()); CMSSignatureResponse cades = (CMSSignatureResponse) cadesResp.getResponseElements().get(0); assertNotNull("cades Sig.", cades.getCMSSignature()); // signature final VerifyCMSSignatureRequest request = buildVerfifyCmsRequest( org.apache.commons.codec.binary.Base64.decodeBase64(cades.getCMSSignature()), "jUnitSigning", false, true); // perform test final VerifyCMSSignatureResponse result = verifyCadesInvoker.verifyCMSSignature(request); // verify result assertNotNull("verification result", result); assertEquals("wrong result size", 1, result.getResponseElements().size()); final VerifyCMSSignatureResponseElement cmsResult = (VerifyCMSSignatureResponseElement) result .getResponseElements().get(0); assertEquals("sigCode", 0, cmsResult.getSignatureCheck().getCode()); assertEquals("certCode", 0, cmsResult.getCertificateCheck().getCode()); assertNotNull("form val. result", cmsResult.getAdESFormResults()); assertEquals("form val. result size", 4, cmsResult.getAdESFormResults().size()); for (final Object el : cmsResult.getAdESFormResults()) { final AdESFormResults test = (AdESFormResults) el; assertEquals("Find wrong form val status", 1, test.getCode().longValue()); } } }