Java tutorial
/* * HSM Proxy Project. * Copyright (C) 2013 FedICT. * * This is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License version * 3.0 as published by the Free Software Foundation. * * This software is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this software; if not, see * http://www.gnu.org/licenses/. */ package test.integ.be.fedict.hsm.model; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertTrue; import java.io.ByteArrayOutputStream; import java.io.File; import java.io.InputStream; import java.security.MessageDigest; import java.security.Signature; import java.security.cert.Certificate; import java.security.cert.X509Certificate; import java.util.List; import java.util.UUID; import javax.ejb.EJB; import org.apache.commons.io.FileUtils; import org.apache.commons.io.IOUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.jboss.arquillian.container.test.api.Deployment; import org.jboss.arquillian.junit.Arquillian; import org.jboss.shrinkwrap.api.ShrinkWrap; import org.jboss.shrinkwrap.api.spec.JavaArchive; import org.jboss.shrinkwrap.api.spec.WebArchive; import org.jboss.shrinkwrap.resolver.api.maven.Maven; import org.junit.Test; import org.junit.runner.RunWith; import be.fedict.hsm.entity.CredentialEntity; import be.fedict.hsm.entity.KeyStoreEntity; import be.fedict.hsm.entity.KeyStoreState; import be.fedict.hsm.entity.KeyStoreType; import be.fedict.hsm.model.KeyStoreLoader; import be.fedict.hsm.model.KeyStoreLoaderBean; import be.fedict.hsm.model.KeyStoreSingletonBean; @RunWith(Arquillian.class) public class KeyStoreSingletonBeanTest { private static final Log LOG = LogFactory.getLog(KeyStoreSingletonBeanTest.class); @EJB private KeyStoreSingletonBean testedInstance; @EJB private KeyStoreTestBean keyStoreTestBean; @Deployment public static WebArchive createTestArchive() { WebArchive war = ShrinkWrap.create(WebArchive.class, "test.war") .addAsLibraries(Maven .resolver().resolve("commons-io:commons-io:2.4").withTransitivity().as(JavaArchive.class)) .addPackage(CredentialEntity.class.getPackage()) .addClasses(KeyStoreSingletonBean.class, KeyStoreLoader.class, KeyStoreLoaderBean.class, KeyStoreTestBean.class) .addAsResource(KeyStoreSingletonBeanTest.class.getResource("/test-persistence.xml"), "META-INF/persistence.xml") .addAsResource(KeyStoreSingletonBeanTest.class.getResource("/keystore.p12"), "keystore.p12"); return war; } @Test public void testDeployment() { // empty } @Test public void testPKCS12KeyStore() throws Exception { File tmpFile = File.createTempFile("keystore-", ".p12"); try { InputStream keyStoreInputStream = KeyStoreSingletonBeanTest.class.getResourceAsStream("/keystore.p12"); ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(); IOUtils.copy(keyStoreInputStream, byteArrayOutputStream); FileUtils.writeByteArrayToFile(tmpFile, byteArrayOutputStream.toByteArray()); String keyStoreName = UUID.randomUUID().toString(); KeyStoreEntity keyStoreEntity = new KeyStoreEntity(keyStoreName, KeyStoreType.PKCS12, tmpFile.getAbsolutePath(), "secret"); this.keyStoreTestBean.store(keyStoreEntity); long keyStoreId = keyStoreEntity.getId(); this.testedInstance.newKeyStore(keyStoreId); assertEquals(KeyStoreState.ACTIVE, this.keyStoreTestBean.load(keyStoreId).getKeyStoreState()); checkSigning(keyStoreId); this.testedInstance.reload(keyStoreId); this.testedInstance.removeKeyStore(keyStoreId); } finally { tmpFile.delete(); } } private void checkSigning(long keyStoreId) throws Exception { List<String> aliases = this.testedInstance.getKeyStoreAliases(keyStoreId); assertFalse(aliases.isEmpty()); String alias = aliases.get(0); byte[] toBeSigned = "hello world".getBytes(); MessageDigest messageDigest = MessageDigest.getInstance("SHA-1"); messageDigest.update(toBeSigned); byte[] digestValue = messageDigest.digest(); byte[] signatureValue = this.testedInstance.sign(keyStoreId, alias, "SHA-1", digestValue); Signature signature = Signature.getInstance("SHA1withRSA"); Certificate[] certificateChain = this.testedInstance.getCertificateChain(keyStoreId, alias); assertTrue(certificateChain.length > 0); X509Certificate certificate = (X509Certificate) certificateChain[0]; signature.initVerify(certificate.getPublicKey()); signature.update(toBeSigned); assertTrue(signature.verify(signatureValue)); } private void performanceTest(long keyStoreId) throws Exception { List<String> aliases = this.testedInstance.getKeyStoreAliases(keyStoreId); assertFalse(aliases.isEmpty()); String alias = aliases.get(0); byte[] toBeSigned = "hello world".getBytes(); MessageDigest messageDigest = MessageDigest.getInstance("SHA-1"); messageDigest.update(toBeSigned); byte[] digestValue = messageDigest.digest(); final int TOTAL_COUNT = 30; int count = TOTAL_COUNT; long t0 = System.currentTimeMillis(); while (count > 0) { this.testedInstance.sign(keyStoreId, alias, "SHA-1", digestValue); count--; } long t1 = System.currentTimeMillis(); LOG.debug("dt: " + (t1 - t0) / TOTAL_COUNT); } @Test public void testPKCS11KeyStore() throws Exception { String keyStoreName = UUID.randomUUID().toString(); KeyStoreEntity keyStoreEntity = new KeyStoreEntity(keyStoreName, KeyStoreType.PKCS11, "/usr/lib/libeTPkcs11.so", "HSMProxy1234", 0); this.keyStoreTestBean.store(keyStoreEntity); long keyStoreId = keyStoreEntity.getId(); this.testedInstance.newKeyStore(keyStoreId); assertEquals(KeyStoreState.ACTIVE, this.keyStoreTestBean.load(keyStoreId).getKeyStoreState()); checkSigning(keyStoreId); } @Test public void testBeIDKeyStore() throws Exception { String keyStoreName = UUID.randomUUID().toString(); KeyStoreEntity keyStoreEntity = new KeyStoreEntity(keyStoreName, KeyStoreType.PKCS11, "/usr/lib/libbeidpkcs11.so.0", null, 1); this.keyStoreTestBean.store(keyStoreEntity); long keyStoreId = keyStoreEntity.getId(); this.testedInstance.newKeyStore(keyStoreId); assertEquals(KeyStoreState.ACTIVE, this.keyStoreTestBean.load(keyStoreId).getKeyStoreState()); checkSigning(keyStoreId); } @Test public void testeTokenPerformance() throws Exception { String keyStoreName = UUID.randomUUID().toString(); KeyStoreEntity keyStoreEntity = new KeyStoreEntity(keyStoreName, KeyStoreType.PKCS11, "/usr/lib/libeTPkcs11.so", "HSMProxy1234", 0); this.keyStoreTestBean.store(keyStoreEntity); long keyStoreId = keyStoreEntity.getId(); this.testedInstance.newKeyStore(keyStoreId); assertEquals(KeyStoreState.ACTIVE, this.keyStoreTestBean.load(keyStoreId).getKeyStoreState()); performanceTest(keyStoreId); } @Test public void testBeIDPerformance() throws Exception { String keyStoreName = UUID.randomUUID().toString(); KeyStoreEntity keyStoreEntity = new KeyStoreEntity(keyStoreName, KeyStoreType.PKCS11, "/usr/lib/libbeidpkcs11.so.0", null, 1); this.keyStoreTestBean.store(keyStoreEntity); long keyStoreId = keyStoreEntity.getId(); this.testedInstance.newKeyStore(keyStoreId); assertEquals(KeyStoreState.ACTIVE, this.keyStoreTestBean.load(keyStoreId).getKeyStoreState()); performanceTest(keyStoreId); } }