Skip to content

Commit 1aa237f

Browse files
author
root
committed
Adding HSM Junit Test and certs for HSM test
1 parent b62028d commit 1aa237f

8 files changed

Lines changed: 163 additions & 33 deletions

File tree

pom.xml

Lines changed: 8 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -49,29 +49,17 @@
4949
<name>New BSD License</name>
5050
<url>http://nhindirect.org/BSDLicense</url>
5151
</license>
52-
</licenses>
52+
</licenses>
5353
<dependencies>
5454
<dependency>
5555
<groupId>org.nhind</groupId>
5656
<artifactId>direct-policy</artifactId>
57-
<version>6.0</version>
58-
<exclusions>
59-
<exclusion>
60-
<groupId>org.bouncycastle</groupId>
61-
<artifactId>bcprov-jdk15on</artifactId>
62-
</exclusion>
63-
</exclusions>
57+
<version>6.0</version>
6458
</dependency>
6559
<dependency>
6660
<groupId>org.nhind</groupId>
67-
<artifactId>direct-common</artifactId>
68-
<version>6.0</version>
69-
<exclusions>
70-
<exclusion>
71-
<groupId>org.bouncycastle</groupId>
72-
<artifactId>bcprov-jdk15on</artifactId>
73-
</exclusion>
74-
</exclusions>
61+
<artifactId>direct-common</artifactId>
62+
<version>6.0</version>
7563
</dependency>
7664
<dependency>
7765
<groupId>org.nhind</groupId>
@@ -111,30 +99,18 @@
11199
</dependency>
112100
<dependency>
113101
<groupId>org.bouncycastle</groupId>
114-
<artifactId>bcprov-debug-jdk15on</artifactId>
102+
<artifactId>bcprov-jdk15on</artifactId>
115103
<version>1.60</version>
116104
</dependency>
117105
<dependency>
118106
<groupId>org.bouncycastle</groupId>
119107
<artifactId>bcmail-jdk15on</artifactId>
120-
<version>1.60</version>
121-
<exclusions>
122-
<exclusion>
123-
<groupId>org.bouncycastle</groupId>
124-
<artifactId>bcprov-jdk15on</artifactId>
125-
</exclusion>
126-
</exclusions>
127-
</dependency>
108+
<version>1.60</version>
109+
</dependency>
128110
<dependency>
129111
<groupId>org.bouncycastle</groupId>
130112
<artifactId>bcpkix-jdk15on</artifactId>
131-
<version>1.60</version>
132-
<exclusions>
133-
<exclusion>
134-
<groupId>org.bouncycastle</groupId>
135-
<artifactId>bcprov-jdk15on</artifactId>
136-
</exclusion>
137-
</exclusions>
113+
<version>1.60</version>
138114
</dependency>
139115
<dependency>
140116
<groupId>dnsjava</groupId>
Lines changed: 152 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,152 @@
1+
package org.nhindirect.stagent.cryptography;
2+
3+
import static org.mockito.Mockito.mock;
4+
import static org.mockito.Mockito.when;
5+
import static org.mockito.ArgumentMatchers.any;
6+
7+
import java.io.File;
8+
import java.io.InputStream;
9+
import java.security.KeyStore;
10+
import java.security.PrivateKey;
11+
import java.security.cert.X509Certificate;
12+
import java.util.Arrays;
13+
import java.util.Enumeration;
14+
15+
import javax.crypto.SecretKey;
16+
import javax.mail.Message.RecipientType;
17+
import javax.mail.Session;
18+
import javax.mail.internet.InternetAddress;
19+
import javax.mail.internet.MimeMessage;
20+
21+
import org.apache.commons.io.FileUtils;
22+
import org.apache.commons.lang3.StringUtils;
23+
import org.junit.After;
24+
import org.junit.Before;
25+
import org.junit.Test;
26+
import org.nhindirect.common.crypto.CryptoExtensions;
27+
import org.nhindirect.common.crypto.impl.AbstractPKCS11TokenKeyStoreProtectionManager;
28+
import org.nhindirect.common.options.OptionsManager;
29+
import org.nhindirect.common.options.OptionsParameter;
30+
import org.nhindirect.stagent.DefaultNHINDAgent;
31+
import org.nhindirect.stagent.OutgoingMessage;
32+
import org.nhindirect.stagent.cert.CertificateResolver;
33+
import org.nhindirect.stagent.cert.WrappedOnDemandX509CertificateEx;
34+
import org.nhindirect.stagent.cert.X509CertificateEx;
35+
import org.nhindirect.stagent.mail.Message;
36+
import org.nhindirect.stagent.trust.TrustAnchorResolver;
37+
import org.nhindirect.stagent.utils.TestUtils;
38+
39+
/**
40+
* These test are designed for testing out an HSM implementation that support key wrapping. It consists of a skeleton
41+
* that is generic for use with a keystore manager.
42+
* @author Greg Meyer
43+
*
44+
*/
45+
public class SMIMECryptographerImpl_wrappableHSMDirectTest
46+
{
47+
static
48+
{
49+
CryptoExtensions.registerJCEProviders();
50+
51+
}
52+
53+
protected String oldSensitiveProvider;
54+
55+
56+
@Before
57+
public void setUp()
58+
{
59+
oldSensitiveProvider = CryptoExtensions.getJCESensitiveProviderName();
60+
61+
}
62+
63+
@After
64+
public void done()
65+
{
66+
OptionsManager.getInstance().setOptionsParameter(
67+
new OptionsParameter(OptionsParameter.JCE_SENTITIVE_PROVIDER, oldSensitiveProvider));
68+
}
69+
70+
protected boolean shouldRunTest()
71+
{
72+
try
73+
{
74+
final String pkcs11ProvName = TestUtils.setupLunaToken();
75+
if (StringUtils.isEmpty(pkcs11ProvName))
76+
{
77+
System.out.println("No HSM detected. Skipping test.");
78+
return false;
79+
}
80+
81+
OptionsManager.getInstance().setOptionsParameter(
82+
new OptionsParameter(OptionsParameter.JCE_SENTITIVE_PROVIDER, pkcs11ProvName));
83+
84+
}
85+
catch (Exception e)
86+
{
87+
System.out.println("No HSM detected. Skipping test.");
88+
return false;
89+
}
90+
91+
92+
93+
return true;
94+
}
95+
96+
protected AbstractPKCS11TokenKeyStoreProtectionManager getKeyStoreMgr() throws Exception
97+
{
98+
AbstractPKCS11TokenKeyStoreProtectionManager mgr = TestUtils.getLunaKeyStoreMgr();
99+
100+
return mgr;
101+
}
102+
103+
@Test
104+
public void testEncryptSingDecryptWithWrappedKey() throws Exception
105+
{
106+
if (shouldRunTest())
107+
{
108+
109+
// Load a certificate and private key and create wrapped representation of it
110+
KeyStore localKeyStore = KeyStore.getInstance("PKCS12", CryptoExtensions.getJCEProviderName());
111+
112+
InputStream inStream = FileUtils.openInputStream(new File("./src/test/resources/certs/hsmtest.p12"));
113+
localKeyStore.load(inStream, "".toCharArray());
114+
Enumeration<String> aliases = localKeyStore.aliases();
115+
116+
String alias = aliases.nextElement();
117+
X509Certificate theCert = (X509Certificate)localKeyStore.getCertificate(alias);
118+
119+
// get the private key
120+
PrivateKey thePrivKey = (PrivateKey)localKeyStore.getKey(alias, "".toCharArray());
121+
122+
// wrap it up
123+
final AbstractPKCS11TokenKeyStoreProtectionManager keyMgr = getKeyStoreMgr();
124+
byte[] wrappedKey = keyMgr.wrapWithSecretKey((SecretKey)keyMgr.getPrivateKeyProtectionKey(), thePrivKey);
125+
126+
// Create an X509CertificateEx with the wrapped key
127+
X509CertificateEx wrappedCert = WrappedOnDemandX509CertificateEx.fromX509Certificate(keyMgr, theCert, wrappedKey);
128+
129+
// now create an agent instance with mocked stores
130+
final CertificateResolver resolver = mock(CertificateResolver.class);
131+
when(resolver.getCertificates(any())).thenReturn(Arrays.asList(wrappedCert));
132+
133+
TrustAnchorResolver trustResolver = mock(TrustAnchorResolver.class);
134+
when(trustResolver.getIncomingAnchors()).thenReturn(resolver);
135+
when(trustResolver.getOutgoingAnchors()).thenReturn(resolver);
136+
137+
DefaultNHINDAgent agent = new DefaultNHINDAgent("messaging.cerner.com",
138+
resolver, resolver, trustResolver);
139+
140+
141+
MimeMessage msg = new MimeMessage((Session)null);
142+
msg.setFrom(new InternetAddress("hsmtest@messaging.cerner.com"));
143+
msg.addRecipient(RecipientType.TO, new InternetAddress("hsmtest@messaging.cerner.com"));
144+
msg.setText("Hello");
145+
msg.saveChanges();
146+
147+
OutgoingMessage encrytpedMsg = agent.processOutgoing(new OutgoingMessage(new Message(msg)));
148+
149+
agent.processIncoming(encrytpedMsg.getMessage());
150+
}
151+
}
152+
}

src/test/java/org/nhindirect/stagent/utils/TestUtils.java

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -316,7 +316,7 @@ public static String setupLunaToken() throws Exception
316316
*/
317317
public static AbstractPKCS11TokenKeyStoreProtectionManager getLunaKeyStoreMgr() throws Exception
318318
{
319-
final BootstrappedPKCS11Credential cred = new BootstrappedPKCS11Credential("1Kingpuff");
319+
final BootstrappedPKCS11Credential cred = new BootstrappedPKCS11Credential("1kingpuff");
320320
final StaticPKCS11TokenKeyStoreProtectionManager mgr = new StaticPKCS11TokenKeyStoreProtectionManager();
321321
mgr.setCredential(cred);
322322
mgr.setKeyStoreType("Luna");
@@ -325,6 +325,8 @@ public static AbstractPKCS11TokenKeyStoreProtectionManager getLunaKeyStoreMgr()
325325
mgr.setKeyStorePassPhraseAlias("keyStorePassPhrase");
326326
mgr.setPrivateKeyPassPhraseAlias("privateKeyPassPhrase");
327327

328+
mgr.initTokenStore();
329+
328330
return mgr;
329331
}
330332

713 Bytes
Binary file not shown.
1.19 KB
Binary file not shown.
899 Bytes
Binary file not shown.
2.54 KB
Binary file not shown.
1.19 KB
Binary file not shown.

0 commit comments

Comments
 (0)