Java tutorial
/* * HSM Proxy Project. * Copyright (C) 2013 FedICT. * * This is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License version * 3.0 as published by the Free Software Foundation. * * This software is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this software; if not, see * http://www.gnu.org/licenses/. */ package test.integ.be.fedict.hsm.client; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; import java.security.KeyPair; import java.security.KeyStore; import java.security.MessageDigest; import java.security.PrivateKey; import java.security.Security; import java.security.Signature; import java.security.cert.X509Certificate; import java.util.List; import java.util.Set; import javax.xml.ws.BindingProvider; import javax.xml.ws.soap.SOAPFaultException; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.junit.Test; import test.integ.be.fedict.hsm.HSMProxyTestCredential; import be.fedict.commons.eid.jca.BeIDProvider; import be.fedict.hsm.client.HSMProxyClient; import be.fedict.hsm.ws.DigitalSignatureServiceFactory; import be.fedict.hsm.ws.jaxb.dss.ObjectFactory; import be.fedict.hsm.ws.jaxb.dss.SignRequest; import be.fedict.hsm.ws.jaxws.DigitalSignatureService; import be.fedict.hsm.ws.jaxws.DigitalSignatureServicePortType; public class HSMProxyClientTest { private static final Log LOG = LogFactory.getLog(HSMProxyClientTest.class); @Test public void testSecurityAuditGenerationByJAAS() throws Exception { KeyPair keyPair = HSMProxyTestCredential.generateKeyPair(); X509Certificate certificate = HSMProxyTestCredential.generateSelfSignedCertificate(keyPair); HSMProxyClient client = new HSMProxyClient("http://localhost:8080/hsm-proxy-ws/dss", keyPair.getPrivate(), certificate); try { client.getAliases(); fail(); } catch (SOAPFaultException e) { // expected } } @Test public void testSecurityAuditGenerationByWSSecurity() throws Exception { DigitalSignatureService digitalSignatureService = DigitalSignatureServiceFactory.getInstance(); DigitalSignatureServicePortType dssPort = digitalSignatureService.getDigitalSignatureServicePort(); BindingProvider bindingProvider = (BindingProvider) dssPort; String location = "http://localhost:8080/hsm-proxy-ws/dss"; bindingProvider.getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, location); ObjectFactory objectFactory = new ObjectFactory(); SignRequest signRequest = objectFactory.createSignRequest(); try { dssPort.sign(signRequest); fail(); } catch (SOAPFaultException e) { LOG.debug("expected exception: " + e.getMessage()); // expected } } @Test public void testGetAliases() throws Exception { Security.addProvider(new BeIDProvider()); KeyStore beidKeyStore = KeyStore.getInstance("BeID"); beidKeyStore.load(null); X509Certificate authnCert = (X509Certificate) beidKeyStore.getCertificate("Authentication"); PrivateKey authnPrivateKey = (PrivateKey) beidKeyStore.getKey("Authentication", null); HSMProxyClient client = new HSMProxyClient("http://localhost:8080/hsm-proxy-ws/dss", authnPrivateKey, authnCert); Set<String> aliases = client.getAliases(); assertNotNull(aliases); LOG.debug("aliases: " + aliases); assertFalse(aliases.isEmpty()); } @Test public void testGetCertificateChain() throws Exception { Security.addProvider(new BeIDProvider()); KeyStore beidKeyStore = KeyStore.getInstance("BeID"); beidKeyStore.load(null); X509Certificate authnCert = (X509Certificate) beidKeyStore.getCertificate("Authentication"); PrivateKey authnPrivateKey = (PrivateKey) beidKeyStore.getKey("Authentication", null); HSMProxyClient client = new HSMProxyClient("http://localhost:8080/hsm-proxy-ws/dss", authnPrivateKey, authnCert); Set<String> aliases = client.getAliases(); assertNotNull(aliases); LOG.debug("aliases: " + aliases); String alias = aliases.iterator().next(); List<X509Certificate> certificateChain = client.getCertificateChain(alias); assertNotNull(certificateChain); for (X509Certificate certificate : certificateChain) { LOG.debug("certificate: " + certificate); } assertFalse(certificateChain.isEmpty()); } @Test public void testSign() throws Exception { Security.addProvider(new BeIDProvider()); KeyStore beidKeyStore = KeyStore.getInstance("BeID"); beidKeyStore.load(null); X509Certificate authnCert = (X509Certificate) beidKeyStore.getCertificate("Authentication"); PrivateKey authnPrivateKey = (PrivateKey) beidKeyStore.getKey("Authentication", null); String location = "http://localhost:8080/hsm-proxy-ws/dss"; // String location = "https://www.e-contract.be/hsm-proxy-ws/dss"; HSMProxyClient client = new HSMProxyClient(location, authnPrivateKey, authnCert); // client.setProxy("proxy.yourict.net", 8080); byte[] toBeSigned = "hello world".getBytes(); MessageDigest messageDigest = MessageDigest.getInstance("SHA1"); messageDigest.update(toBeSigned); byte[] digestValue = messageDigest.digest(); String keyAlias = "alias"; byte[] signatureValue = client.sign(digestValue, "SHA1", keyAlias); assertNotNull(signatureValue); LOG.debug("signature value length: " + signatureValue.length); X509Certificate certificate = client.getCertificateChain(keyAlias).get(0); Signature signature = Signature.getInstance("SHA1withRSA"); signature.initVerify(certificate.getPublicKey()); signature.update(toBeSigned); assertTrue(signature.verify(signatureValue)); } }