Skip to content

Commit

Permalink
Merge branch 'RM-3832_revert_usage_of_cdoc2-lib_2.0.1-SNAPSHOT' into …
Browse files Browse the repository at this point in the history
…'master'

RM-3832: revert usage of cdoc2-lib:2.0.1-SNAPSHOT

See merge request cdoc2/cdoc2-capsule-server!55
  • Loading branch information
jann0k committed Sep 18, 2024
2 parents 18aee3d + 4fa08d2 commit fd276a3
Show file tree
Hide file tree
Showing 4 changed files with 22 additions and 22 deletions.
6 changes: 3 additions & 3 deletions get-server/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -185,7 +185,7 @@
<dependency>
<groupId>ee.cyber.cdoc2</groupId>
<artifactId>cdoc2-lib</artifactId>
<version>2.0.1-SNAPSHOT</version>
<version>2.0.0</version>
<scope>test</scope>
</dependency>

Expand Down Expand Up @@ -264,8 +264,8 @@
<dependency>
<groupId>ee.cyber.cdoc2</groupId>
<artifactId>cdoc2-lib</artifactId>
<!-- for successful pkcs11 tests version must be at least 1.5.0-SNAPSHOT-->
<version>2.0.1-SNAPSHOT</version>
<!-- for successful pkcs11 tests version must be at least 2.0.1-SNAPSHOT-->
<version>2.0.0</version>
<type>test-jar</type>
<scope>test</scope>
</dependency>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@
class GetKeyCapsuleApiTests extends KeyCapsuleIntegrationTest {

// read hardware PKCS11 device conf from a properties file
private Pkcs11DeviceConfiguration pkcs11Conf = new Pkcs11DeviceConfiguration();
private Pkcs11DeviceConfiguration pkcs11Conf = Pkcs11DeviceConfiguration.load();

// rest client with client auth using keystore rsa/client-rsa-2048.p12
@Qualifier("trustAllWithClientAuth")
Expand Down Expand Up @@ -202,14 +202,14 @@ void testKeyServerPropertiesClientPKCS11(boolean interactive) throws Exception {
prop += "cdoc2.client.ssl.trust-store.type=JKS\n";
prop += "cdoc2.client.ssl.trust-store=" + TestData.getKeysDirectory().resolve("clienttruststore.jks") + "\n";
prop += "cdoc2.client.ssl.trust-store-password=passwd\n";
prop += "pkcs11-library=" + pkcs11Conf.getPkcs11Library() + "\n";
prop += "pkcs11-library=" + pkcs11Conf.pkcs11Library() + "\n";

prop += "cdoc2.client.ssl.client-store.type=PKCS11\n";

if (interactive) {
prop += "cdoc2.client.ssl.client-store-password.prompt=PIN1\n";
} else {
prop += "cdoc2.client.ssl.client-store-password=" + new String(pkcs11Conf.getPin()) + "\n";
prop += "cdoc2.client.ssl.client-store-password=" + new String(pkcs11Conf.pin()) + "\n";
}

Properties p = new Properties();
Expand All @@ -223,7 +223,7 @@ void testKeyServerPropertiesClientPKCS11(boolean interactive) throws Exception {
// Storing clientKeyStore in KeyServerPropertiesClient is a bit of hack for tests.
// It's required to get recipient pub key
// normally recipient certificate would come from LDAP, but for test-id card certs are not in LDAP
X509Certificate cert = (X509Certificate) client.getClientCertificate(pkcs11Conf.getKeyAlias());
X509Certificate cert = (X509Certificate) client.getClientCertificate(pkcs11Conf.keyAlias());
assertNotNull(cert);
// Client public key TLS encoded binary base64 encoded
PublicKey recipientPubKey = cert.getPublicKey();
Expand Down Expand Up @@ -264,7 +264,7 @@ void testKeyServerPropertiesClientPKCS11(boolean interactive) throws Exception {
void testPKCS11Client() throws Exception {

//PIN1 for 37101010021 test id-kaart
var protectionParameter = new KeyStore.PasswordProtection(pkcs11Conf.getPin());
var protectionParameter = new KeyStore.PasswordProtection(pkcs11Conf.pin());

//Or ask pin interactively
@SuppressWarnings("java:S125")
Expand All @@ -274,8 +274,8 @@ void testPKCS11Client() throws Exception {
KeyStore trustKeyStore = null;
try {
clientKeyStore = Pkcs11Tools.initPKCS11KeysStore(
pkcs11Conf.getPkcs11Library(),
pkcs11Conf.getSlot(),
pkcs11Conf.pkcs11Library(),
pkcs11Conf.slot(),
protectionParameter
);

Expand All @@ -292,7 +292,7 @@ void testPKCS11Client() throws Exception {
log.debug("aliases: {}", Collections.list(clientKeyStore.aliases()));


X509Certificate cert = (X509Certificate) clientKeyStore.getCertificate(pkcs11Conf.getKeyAlias());
X509Certificate cert = (X509Certificate) clientKeyStore.getCertificate(pkcs11Conf.keyAlias());
log.debug("Certificate issuer is {}. This must be in server truststore "
+ "or SSL handshake will fail with cryptic error", cert.getIssuerDN());

Expand Down
6 changes: 3 additions & 3 deletions put-server/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -194,15 +194,15 @@
<dependency>
<groupId>ee.cyber.cdoc2</groupId>
<artifactId>cdoc2-lib</artifactId>
<version>2.0.1-SNAPSHOT</version>
<version>2.0.0</version>
<scope>test</scope>
</dependency>

<dependency>
<groupId>ee.cyber.cdoc2</groupId>
<artifactId>cdoc2-lib</artifactId>
<!-- for successful pkcs11 tests version must be at least 1.5.0-SNAPSHOT-->
<version>2.0.1-SNAPSHOT</version>
<!-- for successful pkcs11 tests version must be at least 2.0.1-SNAPSHOT-->
<version>2.0.0</version>
<!-- cdoc2-lib src/test compiled classes-->
<type>test-jar</type>
<scope>test</scope>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@
class CreateKeyCapsuleIntegrationTest extends KeyCapsuleIntegrationTest {

// read hardware PKCS11 device conf from a properties file
private Pkcs11DeviceConfiguration pkcs11Conf = new Pkcs11DeviceConfiguration();
private Pkcs11DeviceConfiguration pkcs11Conf = Pkcs11DeviceConfiguration.load();

@Qualifier("trustAllNoClientAuth")
@Autowired
Expand Down Expand Up @@ -203,7 +203,7 @@ void testKeyServerPropertiesClientPKCS11(boolean interactive) throws Exception {

// Storing clientKeyStore in KeyCapsulesClientImpl is a bit of hack for tests.
// normally recipient certificate would come from LDAP, but for test-id card certs are not in LDAP
X509Certificate cert = (X509Certificate) client.getClientCertificate(pkcs11Conf.getKeyAlias());
X509Certificate cert = (X509Certificate) client.getClientCertificate(pkcs11Conf.keyAlias());
assertNotNull(cert);

// Client public key TLS encoded binary base64 encoded
Expand Down Expand Up @@ -248,13 +248,13 @@ private String getProperties(boolean interactive) {
prop += "cdoc2.client.ssl.trust-store.type=JKS\n";
prop += "cdoc2.client.ssl.trust-store=" + TestData.getKeysDirectory().resolve("clienttruststore.jks") + "\n";
prop += "cdoc2.client.ssl.trust-store-password=passwd\n";
prop += "pkcs11-library=" + pkcs11Conf.getPkcs11Library() + "\n";
prop += "pkcs11-library=" + pkcs11Conf.pkcs11Library() + "\n";

prop += "cdoc2.client.ssl.client-store.type=PKCS11\n";
if (interactive) {
prop += "cdoc2.client.ssl.client-store-password.prompt=PIN1\n";
} else {
prop += "cdoc2.client.ssl.client-store-password=" + Arrays.toString(pkcs11Conf.getPin()) + "\n";
prop += "cdoc2.client.ssl.client-store-password=" + Arrays.toString(pkcs11Conf.pin()) + "\n";
}
return prop;
}
Expand All @@ -263,15 +263,15 @@ private String getProperties(boolean interactive) {
@Tag("pkcs11")
void testPKCS11Client() throws Exception {
//PIN from conf file
var protectionParameter = new KeyStore.PasswordProtection(pkcs11Conf.getPin());
var protectionParameter = new KeyStore.PasswordProtection(pkcs11Conf.pin());

KeyStore clientKeyStore = null;
KeyStore trustKeyStore = null;
String pkcs11Library = pkcs11Conf.getPkcs11Library();
String pkcs11Library = pkcs11Conf.pkcs11Library();
log.info("Oleska: library in testPKCS11Client() in integration test: " + pkcs11Library);
try {
clientKeyStore = Pkcs11Tools.initPKCS11KeysStore(
pkcs11Conf.getPkcs11Library(), pkcs11Conf.getSlot(), protectionParameter
pkcs11Conf.pkcs11Library(), pkcs11Conf.slot(), protectionParameter
);

trustKeyStore = KeyStore.getInstance("JKS");
Expand All @@ -285,7 +285,7 @@ void testPKCS11Client() throws Exception {
assert clientKeyStore != null;
log.debug("aliases: {}", Collections.list(clientKeyStore.aliases()));

X509Certificate cert = (X509Certificate) clientKeyStore.getCertificate(pkcs11Conf.getKeyAlias());
X509Certificate cert = (X509Certificate) clientKeyStore.getCertificate(pkcs11Conf.keyAlias());
log.debug("Certificate issuer is {}. This must be in server truststore "
+ "or SSL handshake will fail with cryptic error", cert.getIssuerX500Principal());

Expand Down

0 comments on commit fd276a3

Please sign in to comment.