Add unit tests for signatures

8c32f9ca · Joze RIHTARSIC · c3b0d938 · 8c32f9ca · 8c32f9ca · 8c32f9ca
Commit 8c32f9ca authored 1 year ago by Joze RIHTARSIC
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UIKeystoreService.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UIKeystoreService.java
@@ -15,6 +15,7 @@ import org.springframework.stereotype.Service;
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.KeyManagerFactory;
 import java.io.*;
+import java.nio.file.Files;
 import java.security.*;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateException;
@@ -137,7 +138,7 @@ public class UIKeystoreService extends BasicKeystoreService {
        KeyStore keyStore;
-        try (InputStream keystoreInputStream = new FileInputStream(keyStoreFile)) {
+        try (InputStream keystoreInputStream = Files.newInputStream(keyStoreFile.toPath())) {
            String type = StringUtils.defaultIfEmpty(configurationService.getKeystoreType(), "JKS");
            LOG.info("Load keystore [{}] with type [{}].", keyStoreFile, type);
            keyStore = KeyStore.getInstance(type);
@@ -193,7 +194,7 @@ public class UIKeystoreService extends BasicKeystoreService {
        }
        if (keystoreKeys.isEmpty()) {
-            throw new SMPRuntimeException(ErrorCode.CONFIGURATION_ERROR, "Could not retrieve key: " + keyAlias + " from empty keystore!" + configurationService.getKeystoreFile());
+            throw new SMPRuntimeException(ErrorCode.CONFIGURATION_ERROR, "Could not retrieve key: [" + keyAlias + "] from empty keystore: [" + configurationService.getKeystoreFile() +"]!");
        }

--- a/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/services/ServiceMetadataSignerTest.java
+++ b/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/services/ServiceMetadataSignerTest.java
@@ -13,14 +13,20 @@
 package eu.europa.ec.edelivery.smp.services;
+import eu.europa.ec.edelivery.smp.data.dao.AbstractJunit5BaseDao;
 import eu.europa.ec.edelivery.smp.services.spi.SmpXmlSignatureService;
 import eu.europa.ec.edelivery.smp.services.ui.UIKeystoreService;
-import org.junit.Before;
+import eu.europa.ec.edelivery.smp.testutil.SignatureUtil;
-import org.junit.Ignore;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
 import org.mockito.Mockito;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.util.ReflectionTestUtils;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
 import java.io.File;
 import java.nio.file.Path;
@@ -28,11 +34,15 @@ import java.nio.file.Paths;
 /**
- * Created by rodrfla on 20/02/2017.
+ * metadata tests signatures
+ *
+ * @author Flavio Santos
+ * @author Joze Rihtarsic
+ * @since 3.0
 */
-@Ignore
 @ContextConfiguration(classes = { SmpXmlSignatureService.class})
-public class ServiceMetadataSignerTest extends AbstractServiceIntegrationTest{
+public class ServiceMetadataSignerTest extends AbstractJunit5BaseDao{
    Path resourceDirectory = Paths.get("src", "test", "resources",  "keystores");
@@ -44,24 +54,24 @@ public class ServiceMetadataSignerTest extends AbstractServiceIntegrationTest{
    @Autowired
    private SmpXmlSignatureService signer;
-    @Before
+    @BeforeEach
    public void setup(){
        configurationService = Mockito.spy(configurationService);
        ReflectionTestUtils.setField(uiKeystoreService,"configurationService",configurationService);
        ReflectionTestUtils.setField(signer,"uiKeystoreService",uiKeystoreService);
        // set keystore properties
-        File keystoreFile = new File(resourceDirectory.toFile(), "smp-keystore.jks");
+        File keystoreFile = new File(resourceDirectory.toAbsolutePath().toFile(), "smp-keystore-all-keys.p12");
        Mockito.doReturn( keystoreFile).when(configurationService).getKeystoreFile();
        Mockito.doReturn( resourceDirectory.toFile()).when(configurationService).getSecurityFolder();
        Mockito.doReturn("test123").when(configurationService).getKeystoreCredentialToken();
+        Mockito.doReturn("PKCS12").when(configurationService).getKeystoreType();
        uiKeystoreService.refreshData();
    }
-/*
-    private Document loadAndSignDocumentForDefault() throws Exception {
-        Document documentToSign = loadDocument("/input/SignedServiceMetadata_withoutSignature.xml");
-        signer.sign(documentToSign, null, ALGO_ID_SIGNATURE_RSA_SHA256, SHA256);
+    private Document loadAndSignDocumentForDefault(String alias) throws Exception {
+        Document documentToSign = SignatureUtil.loadDocument("/input/SignedServiceMetadata_withoutSignature.xml");
+        signer.sign(documentToSign, alias, null, null);
        return documentToSign;
    }
@@ -70,43 +80,25 @@ public class ServiceMetadataSignerTest extends AbstractServiceIntegrationTest{
        SignatureUtil.validateSignature(smpSigPointer);
    }
    private Element loadAndSignDocumentForAdmin(String filePath) throws Exception {
-        Document response = loadDocument(filePath);
+        Document response = SignatureUtil.loadDocument(filePath);
-        Element smNode = SignatureUtil.findFirstElementByName(response, "ServiceMetadata");
+        Element adminSignature = SignatureUtil.findServiceInfoSig(response);
-        Document docUnwrapped = SignatureUtil.buildDocWithGivenRoot(smNode);
-        Element adminSignature = SignatureUtil.findServiceInfoSig(docUnwrapped);
        return adminSignature;
    }
-    @Test
+    @ParameterizedTest
-    public void testDefaultSignatureOk() throws Exception {
+    @ValueSource(strings = {"sample_key",
-        Document document = loadAndSignDocumentForDefault();
+            "smp_ecdsa_nist-b409",
+            "smp_eddsa_25519",
+            "smp_eddsa_448"})
+    public void testSignatureAndDefaultAlgorithmeDefinitionOk(String alias) throws Exception {
+        Document document = loadAndSignDocumentForDefault(alias);
        validateSignatureForDefault(document);
    }
-    @Test(expected = Exception.class)
-    public void testDefaultSignatureNotOk() throws Exception {
-        Document document = loadAndSignDocumentForDefault();
-        String documentStr = SignatureUtil.marshall(document);
-        documentStr = documentStr.replace("<Process>", "<Process><DummyElement></DummyElement>");
-        validateSignatureForDefault(SignatureUtil.parseDocument(documentStr));
-    }
    @Test
    public void testAdminSignatureOk() throws Exception {
        Element adminSignature = loadAndSignDocumentForAdmin("/expected_output/PUT_ServiceMetadata_request.xml");
        SignatureUtil.validateSignature(adminSignature);
    }
-    @Test(expected = Exception.class)
-    public void testAdminSignatureNotOk() throws Exception {
-        Element adminSignature = loadAndSignDocumentForAdmin("/expected_output/PUT_ServiceMetadata_request_not_valid.xml");
-        SignatureUtil.validateSignature(adminSignature);
-    }
-*/
 }
--- a/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/testutil/SignatureUtil.java
+++ b/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/testutil/SignatureUtil.java
@@ -29,6 +29,8 @@ import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
 import javax.xml.crypto.dsig.keyinfo.X509Data;
 import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
 import javax.xml.crypto.dsig.spec.TransformParameterSpec;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.transform.Transformer;
 import javax.xml.transform.TransformerException;
@@ -61,9 +63,16 @@ public class SignatureUtil {
    private static KeyStore.PrivateKeyEntry privateKeyEntry;
    private static KeyInfo keyInfo;
+    private static XMLSignatureFactory getDomSigFactory() {
+        // According to Javadoc, only static methods of this factory are thread-safe
+        // We cannot share and re-use the same instance in every place
+        // set apache santuario xmlsec signature factory
+        return XMLSignatureFactory.getInstance("DOM", new org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI());
+    }
    private static void setupSigner(String keystoreResPath, String keystorePass, String keyPairAlias, String keyPairPass) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, UnrecoverableEntryException, IOException {
        // Initialize all stuff needed for signing: Load keys from keystore and prepare signature factory
-        sigFactory = XMLSignatureFactory.getInstance("DOM");
+        sigFactory = getDomSigFactory();
        KeyStore ks = KeyStore.getInstance("JKS");
        InputStream keystoreStream = SignatureUtil.class.getResourceAsStream(keystoreResPath);
        ks.load(keystoreStream, keystorePass.toCharArray());
@@ -102,7 +111,7 @@ public class SignatureUtil {
    }
    public static void validateSignature(Element sigPointer) throws Exception {
-        XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
+        XMLSignatureFactory fac = getDomSigFactory();
        // Create a DOMValidateContext and specify a KeySelector and document context.
        DOMValidateContext valContext = new DOMValidateContext(new X509KeySelector(), sigPointer);
@@ -164,7 +173,6 @@ public class SignatureUtil {
    }
    public static Element findServiceInfoSig(Document doc) throws ParserConfigurationException, SAXException, IOException {
        Element extension = findExtensionInServiceInformation(doc);
        return findSignatureByParentNode(extension);
@@ -180,7 +188,6 @@ public class SignatureUtil {
    }
    public static Element findExtensionInServiceInformation(Document doc) throws ParserConfigurationException, SAXException, IOException {
        Element serviceInformation = findFirstElementByName(doc, "ServiceInformation");
@@ -198,6 +205,19 @@ public class SignatureUtil {
        return extension;
    }
+    public static Document loadDocument(String docResourcePath) throws ParserConfigurationException, SAXException, IOException {
+        InputStream inputStreamm = SignatureUtil.class.getResourceAsStream(docResourcePath);
+        return getDocumentBuilder().parse(inputStreamm);
+    }
+    public static DocumentBuilder getDocumentBuilder() throws ParserConfigurationException {
+        DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+        dbf.setNamespaceAware(true);
+        return dbf.newDocumentBuilder();
+    }
    public static Element findFirstElementByName(Document doc, String elementName) {
        NodeList elements = doc.getElementsByTagNameNS(OASIS_NS, elementName);
        return (Element) elements.item(0);

--- a/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/testutil/X509KeySelector.java
+++ b/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/testutil/X509KeySelector.java
@@ -14,14 +14,16 @@
 package eu.europa.ec.edelivery.smp.testutil;
 import javax.xml.crypto.*;
-import javax.xml.crypto.dsig.SignatureMethod;
 import javax.xml.crypto.dsig.keyinfo.KeyInfo;
 import javax.xml.crypto.dsig.keyinfo.X509Data;
-import java.security.Key;
 import java.security.PublicKey;
 import java.security.cert.X509Certificate;
 import java.util.Iterator;
+/**
+ * This test class is used to extract the public key from an X509 certificate.
+ * It is used in the test cases to verify the signature of the SML response.
+ */
 public class X509KeySelector extends KeySelector {
    private X509Certificate certificate;
@@ -50,26 +52,12 @@ public class X509KeySelector extends KeySelector {
                final PublicKey key = this.certificate.getPublicKey();
                // Make sure the algorithm is compatible
                // with the method.
-                if (algEquals(method.getAlgorithm(), key.getAlgorithm())) {
+                return () -> key;
-                    return new KeySelectorResult() {
-                        public Key getKey() {
-                            return key;
-                        }
-                    };
-                }
            }
        }
        throw new KeySelectorException("No key found!");
    }
-    static boolean algEquals(String algorithmURI, String algorithmName) {
-        return (algorithmName.equalsIgnoreCase("DSA") &&
-                algorithmURI.equalsIgnoreCase(SignatureMethod.DSA_SHA1))
-                || (algorithmName.equalsIgnoreCase("RSA") &&
-                algorithmURI.equalsIgnoreCase(SignatureMethod.RSA_SHA1))
-                || (algorithmName.equalsIgnoreCase("RSA")
-                && algorithmURI.equalsIgnoreCase("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"));
-    }
    public X509Certificate getCertificate() {
        return this.certificate;

--- a/smp-server-library/src/test/resources/keystores/smp-keystore-all-keys.p12
+++ b/smp-server-library/src/test/resources/keystores/smp-keystore-all-keys.p12
--- a/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/server/security/SignatureValidatorTest.java
+++ b/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/server/security/SignatureValidatorTest.java
@@ -83,7 +83,6 @@ public class SignatureValidatorTest {
    @Autowired
    private WebApplicationContext webAppContext;
    private MockMvc mvc;
    @Before