Skip to content

Commit

Permalink
#108021558 fixed setting ocsp request signing certificate parameters …
Browse files Browse the repository at this point in the history 
…for jDigidoc
  • Loading branch information
Rainer Villido authored and Rainer Villido committed Nov 13, 2015
1 parent e79e7eb commit ec48f73
Show file tree
Hide file tree
Showing 2 changed files with 61 additions and 26 deletions.
32 changes: 25 additions & 7 deletions src/org/digidoc4j/Configuration.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@
import static org.apache.commons.lang.StringUtils.isNotEmpty;

/**
* Possibility to create custom configurations for {@link ContainerFacade} implementations.
* Possibility to create custom configurations for {@link Container} implementations.
* <p/>
* You can specify the configuration mode, either {@link Configuration.Mode#TEST} or {@link Configuration.Mode#PROD}
* configuration. Default is {@link Configuration.Mode#PROD}.
Expand Down Expand Up @@ -145,7 +145,9 @@ public class Configuration implements Serializable {
public static final long CACHE_NO_DATA_FILES = 0;

public static final String TEST_OCSP_URL = "http://demo.sk.ee/ocsp";
public static final String SIGN_OCSP_REQUESTS = "SIGN_OCSP_REQUESTS";
private static final String SIGN_OCSP_REQUESTS = "SIGN_OCSP_REQUESTS";
private static final String OCSP_PKCS_12_CONTAINER = "DIGIDOC_PKCS12_CONTAINER";
private static final String OCSP_PKCS_12_PASSWD = "DIGIDOC_PKCS12_PASSWD";

private final Mode mode;
private LinkedHashMap configurationFromFile;
Expand Down Expand Up @@ -177,6 +179,7 @@ private void initDefaultValues() {
configuration.put("validationPolicy", "conf/test_constraint.xml");
configuration.put("ocspSource", TEST_OCSP_URL);
configuration.put(SIGN_OCSP_REQUESTS, "false");
jDigiDocConfiguration.put(SIGN_OCSP_REQUESTS, "false");
} else {
configuration.put("tspSource", "http://tsa.sk.ee");
configuration.put("tslLocation",
Expand All @@ -185,6 +188,7 @@ private void initDefaultValues() {
configuration.put("validationPolicy", "conf/constraint.xml");
configuration.put("ocspSource", "http://ocsp.sk.ee/");
configuration.put(SIGN_OCSP_REQUESTS, "true");
jDigiDocConfiguration.put(SIGN_OCSP_REQUESTS, "true");
}
logger.debug(mode + "configuration:\n" + configuration);

Expand Down Expand Up @@ -238,6 +242,7 @@ public char[] getOCSPAccessCertificatePassword() {
public void setOCSPAccessCertificateFileName(String fileName) {
logger.debug("Setting OCSPAccessCertificateFileName: " + fileName);
setConfigurationParameter("OCSPAccessCertificateFile", fileName);
jDigiDocConfiguration.put(OCSP_PKCS_12_CONTAINER, fileName);
logger.debug("OCSPAccessCertificateFile is set");
}

Expand All @@ -248,15 +253,17 @@ public void setOCSPAccessCertificateFileName(String fileName) {
*/
public void setOCSPAccessCertificatePassword(char[] password) {
logger.debug("Setting OCSPAccessCertificatePassword: ");
setConfigurationParameter("OCSPAccessCertificatePassword", String.valueOf(password));
String value = String.valueOf(password);
setConfigurationParameter("OCSPAccessCertificatePassword", value);
jDigiDocConfiguration.put(OCSP_PKCS_12_PASSWD, value);
logger.debug("OCSPAccessCertificatePassword is set");
}

public void setSignOCSPRequests(boolean shouldSignOcspRequests) {
logger.debug("Should sign OCSP requests: " + shouldSignOcspRequests);
String valueToSet = String.valueOf(shouldSignOcspRequests);
setConfigurationParameter(SIGN_OCSP_REQUESTS, valueToSet);
setJDigiDocConfigurationValue(SIGN_OCSP_REQUESTS, valueToSet);
jDigiDocConfiguration.put(SIGN_OCSP_REQUESTS, valueToSet);
}

/**
Expand Down Expand Up @@ -424,7 +431,6 @@ private void reportFileParseErrors() {
private void loadInitialConfigurationValues() {
logger.debug("");
setJDigiDocConfigurationValue("DIGIDOC_LOG4J_CONFIG", DEFAULT_LOG4J_CONFIGURATION);
setJDigiDocConfigurationValue(SIGN_OCSP_REQUESTS, Boolean.toString(hasToBeOCSPRequestSigned()));
setJDigiDocConfigurationValue("DIGIDOC_SECURITY_PROVIDER", DEFAULT_SECURITY_PROVIDER);
setJDigiDocConfigurationValue("DIGIDOC_SECURITY_PROVIDER_NAME", DEFAULT_SECURITY_PROVIDER_NAME);
setJDigiDocConfigurationValue("KEY_USAGE_CHECK", DEFAULT_KEY_USAGE_CHECK);
Expand All @@ -444,12 +450,17 @@ private void loadInitialConfigurationValues() {
setConfigurationValue("VALIDATION_POLICY", "validationPolicy");
setConfigurationValue("PKCS11_MODULE", "pkcs11Module");
setConfigurationValue("OCSP_SOURCE", "ocspSource");
setConfigurationValue("DIGIDOC_PKCS12_CONTAINER", "OCSPAccessCertificateFile");
setConfigurationValue("DIGIDOC_PKCS12_PASSWD", "OCSPAccessCertificatePassword");
setConfigurationValue(OCSP_PKCS_12_CONTAINER, "OCSPAccessCertificateFile");
setConfigurationValue(OCSP_PKCS_12_PASSWD, "OCSPAccessCertificatePassword");
setConfigurationValue("CONNECTION_TIMEOUT", "connectionTimeout");
setConfigurationValue(SIGN_OCSP_REQUESTS, SIGN_OCSP_REQUESTS);
setConfigurationValue("TSL_KEYSTORE_LOCATION", "tslKeyStoreLocation");
setConfigurationValue("TSL_KEYSTORE_PASSWORD", "tslKeyStorePassword");

setJDigiDocConfigurationValue(SIGN_OCSP_REQUESTS, Boolean.toString(hasToBeOCSPRequestSigned()));
setJDigiDocConfigurationValue(OCSP_PKCS_12_CONTAINER, getOCSPAccessCertificateFileName());

initOcspAccessCertPasswordForJDigidoc();
}

private void setConfigurationValue(String fileKey, String configurationKey) {
Expand Down Expand Up @@ -958,5 +969,12 @@ public Configuration copy() {
}
return copyConfiguration;
}

private void initOcspAccessCertPasswordForJDigidoc() {
char[] ocspAccessCertificatePassword = getOCSPAccessCertificatePassword();
if(ocspAccessCertificatePassword != null && ocspAccessCertificatePassword.length > 0) {
setJDigiDocConfigurationValue(OCSP_PKCS_12_PASSWD, String.valueOf(ocspAccessCertificatePassword));
}
}
}

55 changes: 36 additions & 19 deletions test/org/digidoc4j/ConfigurationTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,9 @@
import static org.junit.Assert.*;

public class ConfigurationTest {
private static final String SIGN_OCSP_REQUESTS = "SIGN_OCSP_REQUESTS";
private static final String OCSP_PKCS12_CONTAINER = "DIGIDOC_PKCS12_CONTAINER";
private static final String OCSP_PKCS_12_PASSWD = "DIGIDOC_PKCS12_PASSWD";
private Configuration configuration;

@Rule
Expand Down Expand Up @@ -261,37 +264,43 @@ public void setOcspSource() throws Exception {
@Test
public void defaultOCSPAccessCertificateFile() {
assertNull(configuration.getOCSPAccessCertificateFileName());
assertNull(getJDigiDocConfValue(configuration, OCSP_PKCS12_CONTAINER));
}

@Test
public void getOCSPAccessCertificateFileFromConfigurationFile() {
configuration.loadConfiguration("testFiles/digidoc_test_conf.yaml");
assertEquals("conf/OCSP_access_certificate_test_file_name", configuration.getOCSPAccessCertificateFileName());
assertEquals("conf/OCSP_access_certificate_test_file_name", getJDigiDocConfValue(configuration, OCSP_PKCS12_CONTAINER));
}

@Test
public void getOCSPAccessCertificateFileFromStream() throws FileNotFoundException {
FileInputStream stream = new FileInputStream("testFiles/digidoc_test_conf.yaml");
configuration.loadConfiguration(stream);
assertEquals("conf/OCSP_access_certificate_test_file_name", configuration.getOCSPAccessCertificateFileName());
assertEquals("conf/OCSP_access_certificate_test_file_name", getJDigiDocConfValue(configuration, OCSP_PKCS12_CONTAINER));
}

@Test
public void setOCSPAccessCertificateFileNameOverwritesConfigurationFile() {
configuration.loadConfiguration("testFiles/digidoc_test_conf.yaml");
configuration.setOCSPAccessCertificateFileName("New File");
assertEquals("New File", configuration.getOCSPAccessCertificateFileName());
assertEquals("New File", getJDigiDocConfValue(configuration, OCSP_PKCS12_CONTAINER));
}

@Test
public void defaultOCSPAccessCertificatePassword() {
assertEquals(0, configuration.getOCSPAccessCertificatePassword().length);
assertNull(getJDigiDocConfValue(configuration, OCSP_PKCS_12_PASSWD));
}

@Test
public void getOCSPAccessCertificatePasswordFromConfigurationFile() throws Exception {
configuration.loadConfiguration("testFiles/digidoc_test_conf.yaml");
assertArrayEquals("OCSP_test_password".toCharArray(), configuration.getOCSPAccessCertificatePassword());
assertEquals("OCSP_test_password", getJDigiDocConfValue(configuration, OCSP_PKCS_12_PASSWD));
}

@Test
Expand All @@ -300,39 +309,45 @@ public void setOCSPAccessCertificatePasswordOverwritesConfigurationFile() {
char[] newPassword = "New password".toCharArray();
configuration.setOCSPAccessCertificatePassword(newPassword);
assertArrayEquals(newPassword, configuration.getOCSPAccessCertificatePassword());
assertEquals("New password", getJDigiDocConfValue(configuration, OCSP_PKCS_12_PASSWD));
}

@Test
public void signingOcspRequest_ShouldBeEnabled_InProdByDefault() throws Exception {
Configuration configuration = new Configuration(Mode.PROD);
assertTrue(configuration.hasToBeOCSPRequestSigned());
assertEquals("true", getJDigiDocConfValue(configuration, SIGN_OCSP_REQUESTS));
}

@Test
public void signingOcspRequest_ShouldBeDisabled_InTestByDefault() throws Exception {
Configuration configuration = new Configuration(Mode.TEST);
assertFalse(configuration.hasToBeOCSPRequestSigned());
assertEquals("false", getJDigiDocConfValue(configuration, SIGN_OCSP_REQUESTS));
}

@Test
public void disableSigningOcspRequestsInProd() throws Exception {
Configuration configuration = new Configuration(Mode.PROD);
configuration.setSignOCSPRequests(false);
assertFalse(configuration.hasToBeOCSPRequestSigned());
assertEquals("false", getJDigiDocConfValue(configuration, SIGN_OCSP_REQUESTS));
}

@Test
public void enableSigningOcspRequestsInTest() throws Exception {
Configuration configuration = new Configuration(Mode.TEST);
configuration.setSignOCSPRequests(true);
assertTrue(configuration.hasToBeOCSPRequestSigned());
assertEquals("true", getJDigiDocConfValue(configuration, SIGN_OCSP_REQUESTS));
}

@Test
public void loadDisableSigningOcspRequestFromConfFileInProd() throws Exception {
Configuration configuration = new Configuration(Mode.PROD);
configuration.loadConfiguration("testFiles/digidoc_test_all_optional_settings.yaml");
assertFalse(configuration.hasToBeOCSPRequestSigned());
assertEquals("false", getJDigiDocConfValue(configuration, SIGN_OCSP_REQUESTS));
}

@Test
Expand All @@ -341,6 +356,7 @@ public void loadDisableSigningOcspRequestFromConfFile() throws Exception {
Configuration configuration = new Configuration();
configuration.loadConfiguration(confFile.getPath());
assertFalse(configuration.hasToBeOCSPRequestSigned());
assertEquals("false", getJDigiDocConfValue(configuration, SIGN_OCSP_REQUESTS));
}

@Test
Expand All @@ -349,6 +365,7 @@ public void loadEnableSigningOcspRequestFromConfFile() throws Exception {
Configuration configuration = new Configuration();
configuration.loadConfiguration(confFile.getPath());
assertTrue(configuration.hasToBeOCSPRequestSigned());
assertEquals("true", getJDigiDocConfValue(configuration, SIGN_OCSP_REQUESTS));
}

@Test
Expand Down Expand Up @@ -444,7 +461,7 @@ public void generateJDigiDocConfig() throws Exception {
assertEquals("false", jDigiDocConf.get("DATAFILE_HASHCODE_MODE"));
assertEquals(DEFAULT_CANONICALIZATION_FACTORY_IMPLEMENTATION, jDigiDocConf.get("CANONICALIZATION_FACTORY_IMPL"));
assertEquals("-1", jDigiDocConf.get("DIGIDOC_MAX_DATAFILE_CACHED"));
assertEquals("false", jDigiDocConf.get("SIGN_OCSP_REQUESTS"));
assertEquals("false", jDigiDocConf.get(SIGN_OCSP_REQUESTS));
assertEquals("jar://certs/KLASS3-SK OCSP.crt", jDigiDocConf.get("DIGIDOC_CA_1_OCSP2_CERT"));
}

Expand Down Expand Up @@ -798,24 +815,20 @@ public void verifyAllOptionalConfigurationSettingsAreLoadedFromFile() throws Exc

configuration.loadConfiguration("testFiles/digidoc_test_all_optional_settings.yaml");

assertEquals("TEST_DIGIDOC_LOG4J_CONFIG", configuration.getJDigiDocConfiguration().get("DIGIDOC_LOG4J_CONFIG"));
assertEquals("123876", configuration.getJDigiDocConfiguration().get("DIGIDOC_MAX_DATAFILE_CACHED"));
assertEquals("TEST_DIGIDOC_NOTARY_IMPL", configuration.getJDigiDocConfiguration().get("DIGIDOC_NOTARY_IMPL"));
assertEquals("TEST_DIGIDOC_OCSP_SIGN_CERT_SERIAL", configuration.getJDigiDocConfiguration().get
("DIGIDOC_OCSP_SIGN_CERT_SERIAL"));
assertEquals("TEST_DIGIDOC_SECURITY_PROVIDER", configuration.getJDigiDocConfiguration().get
("DIGIDOC_SECURITY_PROVIDER"));
assertEquals("TEST_DIGIDOC_SECURITY_PROVIDER_NAME", configuration.getJDigiDocConfiguration().get
("DIGIDOC_SECURITY_PROVIDER_NAME"));
assertEquals("TEST_DIGIDOC_TSLFAC_IMPL", configuration.getJDigiDocConfiguration().get("DIGIDOC_TSLFAC_IMPL"));
assertEquals("false", configuration.getJDigiDocConfiguration().get("DIGIDOC_USE_LOCAL_TSL"));
assertEquals("false", configuration.getJDigiDocConfiguration().get("KEY_USAGE_CHECK"));
assertEquals("false", configuration.getJDigiDocConfiguration().get("SIGN_OCSP_REQUESTS"));
assertEquals("TEST_DIGIDOC_DF_CACHE_DIR", configuration.getJDigiDocConfiguration().get("DIGIDOC_DF_CACHE_DIR"));
assertEquals("TEST_DIGIDOC_FACTORY_IMPL", configuration.getJDigiDocConfiguration().get("DIGIDOC_FACTORY_IMPL"));
assertEquals("TEST_CANONICALIZATION_FACTORY_IMPL", configuration.getJDigiDocConfiguration().get
("CANONICALIZATION_FACTORY_IMPL"));
assertEquals("false", configuration.getJDigiDocConfiguration().get("DATAFILE_HASHCODE_MODE"));
assertEquals("TEST_DIGIDOC_LOG4J_CONFIG", getJDigiDocConfValue(configuration, "DIGIDOC_LOG4J_CONFIG"));
assertEquals("123876", getJDigiDocConfValue(configuration, "DIGIDOC_MAX_DATAFILE_CACHED"));
assertEquals("TEST_DIGIDOC_NOTARY_IMPL", getJDigiDocConfValue(configuration, "DIGIDOC_NOTARY_IMPL"));
assertEquals("TEST_DIGIDOC_OCSP_SIGN_CERT_SERIAL", getJDigiDocConfValue(configuration, "DIGIDOC_OCSP_SIGN_CERT_SERIAL"));
assertEquals("TEST_DIGIDOC_SECURITY_PROVIDER", getJDigiDocConfValue(configuration, "DIGIDOC_SECURITY_PROVIDER"));
assertEquals("TEST_DIGIDOC_SECURITY_PROVIDER_NAME", getJDigiDocConfValue(configuration, "DIGIDOC_SECURITY_PROVIDER_NAME"));
assertEquals("TEST_DIGIDOC_TSLFAC_IMPL", getJDigiDocConfValue(configuration, "DIGIDOC_TSLFAC_IMPL"));
assertEquals("false", getJDigiDocConfValue(configuration, "DIGIDOC_USE_LOCAL_TSL"));
assertEquals("false", getJDigiDocConfValue(configuration, "KEY_USAGE_CHECK"));
assertEquals("false", getJDigiDocConfValue(configuration, SIGN_OCSP_REQUESTS));
assertEquals("TEST_DIGIDOC_DF_CACHE_DIR", getJDigiDocConfValue(configuration, "DIGIDOC_DF_CACHE_DIR"));
assertEquals("TEST_DIGIDOC_FACTORY_IMPL", getJDigiDocConfValue(configuration, "DIGIDOC_FACTORY_IMPL"));
assertEquals("TEST_CANONICALIZATION_FACTORY_IMPL", getJDigiDocConfValue(configuration, "CANONICALIZATION_FACTORY_IMPL"));
assertEquals("false", getJDigiDocConfValue(configuration, "DATAFILE_HASHCODE_MODE"));
assertEquals("TEST_DIGIDOC_PKCS12_CONTAINER", configuration.configuration.get("OCSPAccessCertificateFile"));
assertEquals("TEST_DIGIDOC_PKCS12_PASSWD", configuration.configuration.get("OCSPAccessCertificatePassword"));
assertEquals("TEST_OCSP_SOURCE", configuration.configuration.get("ocspSource"));
Expand Down Expand Up @@ -880,6 +893,10 @@ private File createConfFileWithParameter(String parameter) throws IOException {
return confFile;
}

private String getJDigiDocConfValue(Configuration configuration, String key) {
return configuration.getJDigiDocConfiguration().get(key);
}

// // getCACerts is currently only used for testing purposes and not yet updated for multiple CA's
// @Test
// public void readConfigurationFromPropertiesFile() throws Exception {
Expand Down

0 comments on commit ec48f73

Please sign in to comment.