test.integ.be.fedict.hsm.jca.HSMProxySignatureTest.java Source code

Java tutorial

  1. HOME
  2. Java
  3. test.integ.be.fedict.hsm.jca.HSMProxySignatureTest.java

Introduction

Here is the source code for test.integ.be.fedict.hsm.jca.HSMProxySignatureTest.java

Source

/*
 * HSM Proxy Project.
 * Copyright (C) 2013 FedICT.
 *
 * This is free software; you can redistribute it and/or modify it
 * under the terms of the GNU Lesser General Public License version
 * 3.0 as published by the Free Software Foundation.
 *
 * This software is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this software; if not, see 
 * http://www.gnu.org/licenses/.
 */

package test.integ.be.fedict.hsm.jca;

import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;

import java.io.File;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStore.PrivateKeyEntry;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Enumeration;

import org.apache.commons.io.FileUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.bouncycastle.util.encoders.Hex;
import org.junit.Test;

import test.integ.be.fedict.hsm.HSMProxyTestCredential;
import be.fedict.commons.eid.jca.BeIDProvider;
import be.fedict.hsm.jca.HSMProxyAudit;
import be.fedict.hsm.jca.HSMProxyKeyStoreParameter;
import be.fedict.hsm.jca.HSMProxyProvider;

public class HSMProxySignatureTest {

    private static final Log LOG = LogFactory.getLog(HSMProxySignatureTest.class);

    @Test
    public void testWriteAuthCertToFile() throws Exception {
        Security.addProvider(new BeIDProvider());
        KeyStore keyStore = KeyStore.getInstance("BeID");
        keyStore.load(null);
        Certificate authnCert = keyStore.getCertificate("Authentication");
        LOG.debug("authn cert: " + authnCert);
        File tmpFile = File.createTempFile("eid-authn-cert-", ".der");
        FileUtils.writeByteArrayToFile(tmpFile, authnCert.getEncoded());
        LOG.debug("tmp authn cert file: " + tmpFile.getAbsolutePath());
    }

    @Test
    public void testSign() throws Exception {
        LOG.debug("sign");
        // operate
        Security.addProvider(new HSMProxyProvider());
        KeyStore keyStore = KeyStore.getInstance("HSMProxy");

        HSMProxyTestCredential testCredential = new HSMProxyTestCredential();
        HSMProxyKeyStoreParameter keyStoreParameter = new HSMProxyKeyStoreParameter(
                testCredential.getCredentialPrivateKey(), testCredential.getCredentialCertificate(),
                "http://localhost:8080/hsm-proxy-ws/dss", new MyHSMProxyAudit());
        keyStore.load(keyStoreParameter);

        String alias = keyStore.aliases().nextElement();

        PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, null);
        assertNotNull(privateKey);

        X509Certificate certificate = (X509Certificate) keyStore.getCertificate(alias);

        signAndVerify(certificate, privateKey, "SHA1withRSA");
        signAndVerify(certificate, privateKey, "SHA256withRSA");
        signAndVerify(certificate, privateKey, "SHA512withRSA");
    }

    @Test
    public void testSignPerformance() throws Exception {
        LOG.debug("sign");
        // operate
        Security.addProvider(new HSMProxyProvider());
        KeyStore keyStore = KeyStore.getInstance("HSMProxy");

        HSMProxyTestCredential testCredential = new HSMProxyTestCredential();
        HSMProxyKeyStoreParameter keyStoreParameter = new HSMProxyKeyStoreParameter(
                testCredential.getCredentialPrivateKey(), testCredential.getCredentialCertificate(),
                "http://localhost:8080/hsm-proxy-ws/dss", new MyHSMProxyAudit());
        keyStore.load(keyStoreParameter);

        String alias = keyStore.aliases().nextElement();

        PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, null);
        assertNotNull(privateKey);

        X509Certificate certificate = (X509Certificate) keyStore.getCertificate(alias);

        final int TEST_COUNT = 40;
        int count = TEST_COUNT;
        long t0 = System.currentTimeMillis();
        while (count > 0) {
            signAndVerify(certificate, privateKey, "SHA1withRSA");
            count--;
        }
        long t1 = System.currentTimeMillis();
        LOG.debug("dt: " + (t1 - t0) / TEST_COUNT);
    }

    @Test
    public void testSignAuthnCertCredential() throws Exception {
        LOG.debug("sign");
        // operate
        Security.addProvider(new BeIDProvider());
        KeyStore beidKeyStore = KeyStore.getInstance("BeID");
        beidKeyStore.load(null);
        X509Certificate authnCert = (X509Certificate) beidKeyStore.getCertificate("Authentication");
        PrivateKey authnPrivateKey = (PrivateKey) beidKeyStore.getKey("Authentication", null);

        Security.addProvider(new HSMProxyProvider());
        KeyStore hsmProxyKeyStore = KeyStore.getInstance("HSMProxy");

        HSMProxyKeyStoreParameter keyStoreParameter = new HSMProxyKeyStoreParameter(authnPrivateKey, authnCert,
                "https://www.e-contract.be/hsm-proxy-ws/dss",
                // "http://localhost/hsm-proxy-ws/dss",
                new MyHSMProxyAudit());
        keyStoreParameter.setProxy("proxy.yourict.net", 8080);
        hsmProxyKeyStore.load(keyStoreParameter);

        PrivateKey hsmPrivateKey = (PrivateKey) hsmProxyKeyStore.getKey("alias", null);

        Signature signature = Signature.getInstance("SHA1withRSA");
        signature.initSign(hsmPrivateKey);

        byte[] toBeSigned = "hello world".getBytes();
        signature.update(toBeSigned);
        byte[] signatureValue = signature.sign();

        assertNotNull(signatureValue);
    }

    @Test
    public void testAliasesAuthnCertCredential() throws Exception {
        LOG.debug("sign");
        // operate
        Security.addProvider(new BeIDProvider());
        KeyStore beidKeyStore = KeyStore.getInstance("BeID");
        beidKeyStore.load(null);
        X509Certificate authnCert = (X509Certificate) beidKeyStore.getCertificate("Authentication");
        PrivateKey authnPrivateKey = (PrivateKey) beidKeyStore.getKey("Authentication", null);

        Security.addProvider(new HSMProxyProvider());
        KeyStore hsmProxyKeyStore = KeyStore.getInstance("HSMProxy");

        HSMProxyKeyStoreParameter keyStoreParameter = new HSMProxyKeyStoreParameter(authnPrivateKey, authnCert,
                // "https://www.e-contract.be/hsm-proxy-ws/dss",
                "http://localhost/hsm-proxy-ws/dss", new MyHSMProxyAudit());
        hsmProxyKeyStore.load(keyStoreParameter);

        Enumeration<String> aliasesEnum = hsmProxyKeyStore.aliases();
        assertNotNull(aliasesEnum);
        while (aliasesEnum.hasMoreElements()) {
            LOG.debug("alias: " + aliasesEnum.nextElement());
        }
    }

    @Test
    public void testGetCertificateAuthnCertCredential() throws Exception {
        LOG.debug("sign");
        // operate
        Security.addProvider(new BeIDProvider());
        KeyStore beidKeyStore = KeyStore.getInstance("BeID");
        beidKeyStore.load(null);
        X509Certificate authnCert = (X509Certificate) beidKeyStore.getCertificate("Authentication");
        PrivateKey authnPrivateKey = (PrivateKey) beidKeyStore.getKey("Authentication", null);

        Security.addProvider(new HSMProxyProvider());
        KeyStore hsmProxyKeyStore = KeyStore.getInstance("HSMProxy");

        HSMProxyKeyStoreParameter keyStoreParameter = new HSMProxyKeyStoreParameter(authnPrivateKey, authnCert,
                // "https://www.e-contract.be/hsm-proxy-ws/dss",
                "http://localhost/hsm-proxy-ws/dss", new MyHSMProxyAudit());
        hsmProxyKeyStore.load(keyStoreParameter);

        Enumeration<String> aliasesEnum = hsmProxyKeyStore.aliases();
        assertNotNull(aliasesEnum);
        while (aliasesEnum.hasMoreElements()) {
            String alias = aliasesEnum.nextElement();
            LOG.debug("alias: " + alias);
            X509Certificate certificate = (X509Certificate) hsmProxyKeyStore.getCertificate(alias);
            assertNotNull(certificate);
            LOG.debug("certificate: " + certificate);
            assertTrue(hsmProxyKeyStore.containsAlias(alias));
            Certificate[] certificateChain = hsmProxyKeyStore.getCertificateChain(alias);
            assertNotNull(certificateChain);
            PrivateKeyEntry privateKeyEntry = (PrivateKeyEntry) hsmProxyKeyStore.getEntry(alias, null);
            assertNotNull(privateKeyEntry);
        }
    }

    private static class MyHSMProxyAudit implements HSMProxyAudit {

        @Override
        public void record(byte[] digestValue, String digestAlgorithm, String keyAlias,
                X509Certificate credentialCertificate, String endpointAddress) {
            LOG.debug("audit: " + keyAlias + " to " + endpointAddress);
            LOG.debug("digest value: " + new String(Hex.encode(digestValue)));
        }
    }

    private void signAndVerify(X509Certificate certificate, PrivateKey privateKey, String signatureAlgo)
            throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        Signature signature = Signature.getInstance(signatureAlgo);
        signature.initSign(privateKey);

        byte[] toBeSigned = "hello world".getBytes();
        signature.update(toBeSigned);
        byte[] signatureValue = signature.sign();

        assertNotNull(signatureValue);

        signature = Signature.getInstance(signatureAlgo);
        signature.initVerify(certificate.getPublicKey());
        signature.update(toBeSigned);
        assertTrue(signature.verify(signatureValue));
    }
}