From d61b499faed73a9cb54d60a4a9b1e44c9b869b99 Mon Sep 17 00:00:00 2001 From: Thendo20 Date: Fri, 14 Jun 2024 09:01:33 +0200 Subject: [PATCH 01/13] Added mutable encryption config to SimpleDatasafeServiceImpl --- .../datasafe-simple-adapter-impl/pom.xml | 6 ++++ .../impl/SimpleDatasafeServiceImpl.java | 30 +++++++++++++++++-- .../src/main/resources/config/mutable.yaml | 28 +++++++++++++++++ 3 files changed, 61 insertions(+), 3 deletions(-) create mode 100644 datasafe-simple-adapter/datasafe-simple-adapter-impl/src/main/resources/config/mutable.yaml diff --git a/datasafe-simple-adapter/datasafe-simple-adapter-impl/pom.xml b/datasafe-simple-adapter/datasafe-simple-adapter-impl/pom.xml index af98b24da..cb3dc8b66 100644 --- a/datasafe-simple-adapter/datasafe-simple-adapter-impl/pom.xml +++ b/datasafe-simple-adapter/datasafe-simple-adapter-impl/pom.xml @@ -73,6 +73,12 @@ assertj-core test + + com.fasterxml.jackson.dataformat + jackson-dataformat-yaml + 2.15.4 + compile + diff --git a/datasafe-simple-adapter/datasafe-simple-adapter-impl/src/main/java/de/adorsys/datasafe/simple/adapter/impl/SimpleDatasafeServiceImpl.java b/datasafe-simple-adapter/datasafe-simple-adapter-impl/src/main/java/de/adorsys/datasafe/simple/adapter/impl/SimpleDatasafeServiceImpl.java index 02f9cb024..17ea24fdd 100644 --- a/datasafe-simple-adapter/datasafe-simple-adapter-impl/src/main/java/de/adorsys/datasafe/simple/adapter/impl/SimpleDatasafeServiceImpl.java +++ b/datasafe-simple-adapter/datasafe-simple-adapter-impl/src/main/java/de/adorsys/datasafe/simple/adapter/impl/SimpleDatasafeServiceImpl.java @@ -7,8 +7,13 @@ import com.amazonaws.client.builder.AwsClientBuilder; import com.amazonaws.services.s3.AmazonS3; import com.amazonaws.services.s3.AmazonS3ClientBuilder; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.dataformat.yaml.YAMLFactory; +import com.fasterxml.jackson.dataformat.yaml.YAMLGenerator; import com.google.common.base.CharMatcher; import com.google.common.io.ByteStreams; +import com.google.common.io.Resources; import de.adorsys.datasafe.business.impl.service.DefaultDatasafeServices; import de.adorsys.datasafe.directory.impl.profile.config.DefaultDFSConfig; import de.adorsys.datasafe.encrypiton.api.types.UserID; @@ -50,9 +55,12 @@ import lombok.SneakyThrows; import lombok.extern.slf4j.Slf4j; +import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; +import java.io.Reader; import java.net.URI; +import java.nio.charset.StandardCharsets; import java.nio.file.FileSystems; import java.util.List; import java.util.stream.Collectors; @@ -62,16 +70,18 @@ public class SimpleDatasafeServiceImpl implements SimpleDatasafeService { private static final String AMAZON_URL = "https://.*s3.amazonaws.com"; private static final ReadStorePassword universalReadStorePassword = new ReadStorePassword("secret"); private static final String S3_PREFIX = "s3://"; - + private static final String yamlFixture = "config/mutable.yaml"; + private static ObjectMapper mapper = createMapper(); + private static MutableEncryptionConfig config = readResource(mapper, yamlFixture, MutableEncryptionConfig.class); private SystemRootAndStorageService rootAndStorage; private DefaultDatasafeServices customlyBuiltDatasafeServices; public SimpleDatasafeServiceImpl(PathEncryptionConfig pathEncryptionConfig) { - this(DFSCredentialsFactory.getFromEnvironmnet(), new MutableEncryptionConfig(), pathEncryptionConfig); + this(DFSCredentialsFactory.getFromEnvironmnet(), config, pathEncryptionConfig); } public SimpleDatasafeServiceImpl() { - this(DFSCredentialsFactory.getFromEnvironmnet(), new MutableEncryptionConfig(), new PathEncryptionConfig(true)); + this(DFSCredentialsFactory.getFromEnvironmnet(), config, new PathEncryptionConfig(true)); } public SimpleDatasafeServiceImpl(DFSCredentials dfsCredentials, MutableEncryptionConfig config, PathEncryptionConfig pathEncryptionConfig) { @@ -323,6 +333,20 @@ private static SystemRootAndStorageService useFileSystem(FilesystemDFSCredential log.info("build DFS to FILESYSTEM with root " + filesystemDFSCredentials.getRoot()); return new SystemRootAndStorageService(systemRoot, storageService); } + private static T readResource(ObjectMapper mapper, String path, Class type) { + try (Reader reader = Resources.asCharSource(Resources.getResource(path), StandardCharsets.UTF_8).openStream()) { + return mapper.readValue(reader, type); + } + catch (IOException e) { + throw new RuntimeException(e); + } + } + + private static ObjectMapper createMapper() { + ObjectMapper mapper = new ObjectMapper(new YAMLFactory().enable(YAMLGenerator.Feature.MINIMIZE_QUOTES)); + mapper.setSerializationInclusion(JsonInclude.Include.NON_NULL); + return mapper; + } @AllArgsConstructor diff --git a/datasafe-simple-adapter/datasafe-simple-adapter-impl/src/main/resources/config/mutable.yaml b/datasafe-simple-adapter/datasafe-simple-adapter-impl/src/main/resources/config/mutable.yaml new file mode 100644 index 000000000..097bdf3dd --- /dev/null +++ b/datasafe-simple-adapter/datasafe-simple-adapter-impl/src/main/resources/config/mutable.yaml @@ -0,0 +1,28 @@ +keystore: + type: store-type + encryptionAlgo: store-enc + pbkdf: + pbkdf2: + algo: pbkdf-algo + saltLength: 2 + iterCount: 3 + macAlgo: store-mac + passwordKeysAlgo: store-pwd-keys +keys: + encKeyNumber: 1 + signKeyNumber: 2 + secret: + algo: sec-algo + size: 12 + encrypting: + algo: enc-algo + size: 13 + sigAlgo: srv-sig-algo + curve: curve + signing: + algo: sig-algo + size: 14 + sigAlgo: srv-sig-algo + curve: curve +cms: + algo: cms-algo1 \ No newline at end of file From 4200e5cb6e4c61000823bb961434638f64b87b58 Mon Sep 17 00:00:00 2001 From: Thendo20 Date: Sun, 23 Jun 2024 15:44:53 +0200 Subject: [PATCH 02/13] Added mutable encryption config to BasicFunctionalityIT --- datasafe-business/pom.xml | 6 ++ .../impl/e2e/BasicFunctionalityIT.java | 68 ++++++++++++++++++- .../impl/e2e/DatasafeServicesProvider.java | 9 +++ .../src/test/resources/config/mutable.yaml | 30 ++++++++ .../src/main/resources/config/mutable.yaml | 26 +++---- 5 files changed, 124 insertions(+), 15 deletions(-) create mode 100644 datasafe-business/src/test/resources/config/mutable.yaml diff --git a/datasafe-business/pom.xml b/datasafe-business/pom.xml index 2ea45d796..9a328d146 100644 --- a/datasafe-business/pom.xml +++ b/datasafe-business/pom.xml @@ -184,6 +184,12 @@ javax.xml.bind jaxb-api + + com.fasterxml.jackson.dataformat + jackson-dataformat-yaml + 2.15.4 + test + diff --git a/datasafe-business/src/test/java/de/adorsys/datasafe/business/impl/e2e/BasicFunctionalityIT.java b/datasafe-business/src/test/java/de/adorsys/datasafe/business/impl/e2e/BasicFunctionalityIT.java index 511e7a50e..5dad99547 100644 --- a/datasafe-business/src/test/java/de/adorsys/datasafe/business/impl/e2e/BasicFunctionalityIT.java +++ b/datasafe-business/src/test/java/de/adorsys/datasafe/business/impl/e2e/BasicFunctionalityIT.java @@ -1,8 +1,14 @@ package de.adorsys.datasafe.business.impl.e2e; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.dataformat.yaml.YAMLFactory; +import com.fasterxml.jackson.dataformat.yaml.YAMLGenerator; +import com.google.common.io.Resources; import de.adorsys.datasafe.business.impl.service.DefaultDatasafeServices; import de.adorsys.datasafe.encrypiton.api.types.UserID; import de.adorsys.datasafe.encrypiton.api.types.UserIDAuth; +import de.adorsys.datasafe.encrypiton.api.types.encryption.MutableEncryptionConfig; import de.adorsys.datasafe.storage.api.StorageService; import de.adorsys.datasafe.teststorage.WithStorageProvider; import de.adorsys.datasafe.types.api.actions.ListRequest; @@ -21,11 +27,11 @@ import lombok.extern.slf4j.Slf4j; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.MethodSource; +import org.junit.jupiter.params.provider.ValueSource; import org.testcontainers.shaded.com.google.common.collect.ImmutableSet; -import java.io.ByteArrayInputStream; -import java.io.InputStream; -import java.io.OutputStream; +import java.io.*; +import java.nio.charset.StandardCharsets; import java.security.UnrecoverableKeyException; import java.util.Arrays; import java.util.List; @@ -54,6 +60,7 @@ class BasicFunctionalityIT extends BaseE2EIT { private StorageService storage; private Uri location; + private static ObjectMapper mapper = createMapper(); /** @@ -277,6 +284,37 @@ void testWriteToPrivateListPrivateReadPrivateAndSendToAndReadFromInbox( removeFromPrivate(jane, privateJane.getResource().asPrivate()); removeFromInbox(john, inboxJohn.getResource().asPrivate()); } + @ParameterizedTest + @MethodSource("allStorages") + void testWriteToPrivateListPrivateReadPrivateAndSendToAndReadFromInboxCustom( WithStorageProvider.StorageDescriptor descriptor) { + String yamlFixture = "config/mutable.yaml"; + customInit(descriptor, yamlFixture); + + registerJohnAndJane(); + + writeDataToPrivate(jane, PRIVATE_FILE_PATH, MESSAGE_ONE); + + AbsoluteLocation privateJane = getFirstFileInPrivate(jane); + + String privateContentJane = readPrivateUsingPrivateKey(jane, privateJane.getResource().asPrivate()); + + sendToInbox(jane, john.getUserID(), SHARED_FILE_PATH, privateContentJane); + + AbsoluteLocation inboxJohn = getFirstFileInInbox(john); + + String result = readInboxUsingPrivateKey(john, inboxJohn.getResource().asPrivate()); + + assertThat(result).isEqualTo(MESSAGE_ONE); + assertThat(privateJane.getResource().asPrivate().decryptedPath()) + .extracting(Uri::toASCIIString).isEqualTo(PRIVATE_FILE_PATH); + assertThat(privateJane.getResource().asPrivate().encryptedPath()) + .extracting(Uri::toASCIIString).isNotEqualTo(PRIVATE_FILE_PATH); + validateInboxStructAndEncryption(inboxJohn); + validatePrivateStructAndEncryption(privateJane); + + removeFromPrivate(jane, privateJane.getResource().asPrivate()); + removeFromInbox(john, inboxJohn.getResource().asPrivate()); + } @ParameterizedTest @MethodSource("allStorages") @@ -387,4 +425,28 @@ private void init(WithStorageProvider.StorageDescriptor descriptor) { this.location = descriptor.getLocation(); this.storage = descriptor.getStorageService().get(); } + private void customInit(WithStorageProvider.StorageDescriptor descriptor, String yamlFixture) { + MutableEncryptionConfig config = readResource(mapper, yamlFixture, MutableEncryptionConfig.class); + DefaultDatasafeServices datasafeServices = DatasafeServicesProvider + .customConfigDatasafeServices(descriptor.getStorageService().get(), descriptor.getLocation(), config); + initialize(DatasafeServicesProvider.dfsConfig(descriptor.getLocation()), datasafeServices); + + this.location = descriptor.getLocation(); + this.storage = descriptor.getStorageService().get(); + } + + private static T readResource(ObjectMapper mapper, String path, Class type) { + try (Reader reader = Resources.asCharSource(Resources.getResource(path), StandardCharsets.UTF_8).openStream()) { + return mapper.readValue(reader, type); + } + catch (IOException e) { + throw new RuntimeException(e); + } + } + + private static ObjectMapper createMapper() { + ObjectMapper mapper = new ObjectMapper(new YAMLFactory().enable(YAMLGenerator.Feature.MINIMIZE_QUOTES)); + mapper.setSerializationInclusion(JsonInclude.Include.NON_NULL); + return mapper; + } } diff --git a/datasafe-business/src/test/java/de/adorsys/datasafe/business/impl/e2e/DatasafeServicesProvider.java b/datasafe-business/src/test/java/de/adorsys/datasafe/business/impl/e2e/DatasafeServicesProvider.java index 2b06b3e91..6353bc7cd 100644 --- a/datasafe-business/src/test/java/de/adorsys/datasafe/business/impl/e2e/DatasafeServicesProvider.java +++ b/datasafe-business/src/test/java/de/adorsys/datasafe/business/impl/e2e/DatasafeServicesProvider.java @@ -6,6 +6,7 @@ import de.adorsys.datasafe.business.impl.service.VersionedDatasafeServices; import de.adorsys.datasafe.directory.api.config.DFSConfig; import de.adorsys.datasafe.directory.impl.profile.config.DefaultDFSConfig; +import de.adorsys.datasafe.encrypiton.api.types.encryption.MutableEncryptionConfig; import de.adorsys.datasafe.storage.api.StorageService; import de.adorsys.datasafe.types.api.resource.Uri; import de.adorsys.datasafe.types.api.types.ReadStorePassword; @@ -26,6 +27,14 @@ public static DefaultDatasafeServices defaultDatasafeServices(StorageService sto .storage(storageService) .build(); } + public static DefaultDatasafeServices customConfigDatasafeServices(StorageService storageService, Uri systemRoot, MutableEncryptionConfig config) { + return DaggerDefaultDatasafeServices + .builder() + .config(dfsConfig(systemRoot)) + .encryption(config.toEncryptionConfig()) + .storage(storageService) + .build(); + } public static VersionedDatasafeServices versionedDatasafeServices(StorageService storageService, Uri systemRoot) { return DaggerVersionedDatasafeServices diff --git a/datasafe-business/src/test/resources/config/mutable.yaml b/datasafe-business/src/test/resources/config/mutable.yaml new file mode 100644 index 000000000..8159e3c64 --- /dev/null +++ b/datasafe-business/src/test/resources/config/mutable.yaml @@ -0,0 +1,30 @@ +--- +keystore: + type: BCFKS + encryptionAlgo: AES256_KWP + pbkdf: + scrypt: + cost: 1 + blockSize: 2 + parallelization: 3 + saltLength: 32 + macAlgo: HmacSHA3_512 + passwordKeysAlgo: PBEWithHmacSHA256AndAES_256 +keys: + encKeyNumber: 1 + signKeyNumber: 2 + secret: + algo: AES + size: 512 + encrypting: + algo: RSA + size: 256 + sigAlgo: SHA256withRSA +# curve: + signing: + algo: RSA + size: 256 + sigAlgo: SHA256withRSA +# curve: curve +cms: + algo: SHA256withRSA \ No newline at end of file diff --git a/datasafe-simple-adapter/datasafe-simple-adapter-impl/src/main/resources/config/mutable.yaml b/datasafe-simple-adapter/datasafe-simple-adapter-impl/src/main/resources/config/mutable.yaml index 097bdf3dd..cff5e2086 100644 --- a/datasafe-simple-adapter/datasafe-simple-adapter-impl/src/main/resources/config/mutable.yaml +++ b/datasafe-simple-adapter/datasafe-simple-adapter-impl/src/main/resources/config/mutable.yaml @@ -1,28 +1,30 @@ +--- keystore: - type: store-type - encryptionAlgo: store-enc + type: BCFKS + encryptionAlgo: AES256_KWP pbkdf: - pbkdf2: - algo: pbkdf-algo - saltLength: 2 - iterCount: 3 - macAlgo: store-mac - passwordKeysAlgo: store-pwd-keys + scrypt: + cost: 1 + blockSize: 2 + parallelization: 3 + saltLength: 4 + macAlgo: HmacSHA3_512 + passwordKeysAlgo: PBEWithHmacSHA256AndAES_256 keys: encKeyNumber: 1 signKeyNumber: 2 secret: - algo: sec-algo + algo: AES size: 12 encrypting: - algo: enc-algo + algo: RSA size: 13 sigAlgo: srv-sig-algo - curve: curve + curve: signing: algo: sig-algo size: 14 - sigAlgo: srv-sig-algo + sigAlgo: SHA256withRSA curve: curve cms: algo: cms-algo1 \ No newline at end of file From 65b7e0893c711c79d5ddf22904eaf8b491f2c7de Mon Sep 17 00:00:00 2001 From: Thendo20 Date: Mon, 24 Jun 2024 10:36:44 +0200 Subject: [PATCH 03/13] Added mutable encryption config to BasicFunctionalityIT --- .../src/test/resources/config/mutable.yaml | 20 +++++++++---------- .../encryption/MutableEncryptionConfig.java | 8 ++++---- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/datasafe-business/src/test/resources/config/mutable.yaml b/datasafe-business/src/test/resources/config/mutable.yaml index 8159e3c64..2be9d8689 100644 --- a/datasafe-business/src/test/resources/config/mutable.yaml +++ b/datasafe-business/src/test/resources/config/mutable.yaml @@ -4,10 +4,10 @@ keystore: encryptionAlgo: AES256_KWP pbkdf: scrypt: - cost: 1 - blockSize: 2 - parallelization: 3 - saltLength: 32 + cost: 16384 + blockSize: 8 + parallelization: 1 + saltLength: 16 macAlgo: HmacSHA3_512 passwordKeysAlgo: PBEWithHmacSHA256AndAES_256 keys: @@ -15,16 +15,16 @@ keys: signKeyNumber: 2 secret: algo: AES - size: 512 + size: 256 encrypting: algo: RSA - size: 256 + size: 2048 sigAlgo: SHA256withRSA -# curve: +# curve: NULL signing: algo: RSA - size: 256 + size: 2048 sigAlgo: SHA256withRSA -# curve: curve +# curve: NULL cms: - algo: SHA256withRSA \ No newline at end of file + algo: AES256_GCM \ No newline at end of file diff --git a/datasafe-encryption/datasafe-encryption-api/src/main/java/de/adorsys/datasafe/encrypiton/api/types/encryption/MutableEncryptionConfig.java b/datasafe-encryption/datasafe-encryption-api/src/main/java/de/adorsys/datasafe/encrypiton/api/types/encryption/MutableEncryptionConfig.java index 37f42ae24..7c13e358c 100644 --- a/datasafe-encryption/datasafe-encryption-api/src/main/java/de/adorsys/datasafe/encrypiton/api/types/encryption/MutableEncryptionConfig.java +++ b/datasafe-encryption/datasafe-encryption-api/src/main/java/de/adorsys/datasafe/encrypiton/api/types/encryption/MutableEncryptionConfig.java @@ -200,9 +200,9 @@ KeyCreationConfig.EncryptingKeyCreationCfg toEncryptingKeyCreationCfg() { builder.sigAlgo(sigAlgo); } - if (null != curve) { + builder.curve(curve); - } + return builder.build(); } @@ -231,9 +231,9 @@ KeyCreationConfig.SigningKeyCreationCfg toSigningKeyCreationCfg() { builder.sigAlgo(sigAlgo); } - if (null != curve) { + builder.curve(curve); - } + return builder.build(); } From 83cac9a92b91afccc5e6e3f6c749a11cdabc90e4 Mon Sep 17 00:00:00 2001 From: Thendo20 Date: Thu, 27 Jun 2024 13:56:03 +0200 Subject: [PATCH 04/13] Added removeKey test for KeyStoreService and made changes to KeyStoreAuthTest noPasswords test --- .../encrypiton/impl/keystore/KeyStoreAuthTest.java | 4 ++-- .../encrypiton/impl/keystore/KeyStoreServiceTest.java | 11 +++++++++++ 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/datasafe-encryption/datasafe-encryption-impl/src/test/java/de/adorsys/datasafe/encrypiton/impl/keystore/KeyStoreAuthTest.java b/datasafe-encryption/datasafe-encryption-impl/src/test/java/de/adorsys/datasafe/encrypiton/impl/keystore/KeyStoreAuthTest.java index 0df5c8412..ba4ed0c55 100644 --- a/datasafe-encryption/datasafe-encryption-impl/src/test/java/de/adorsys/datasafe/encrypiton/impl/keystore/KeyStoreAuthTest.java +++ b/datasafe-encryption/datasafe-encryption-impl/src/test/java/de/adorsys/datasafe/encrypiton/impl/keystore/KeyStoreAuthTest.java @@ -13,8 +13,8 @@ class KeyStoreAuthTest extends BaseMockitoTest { @Test void noPasswords() { KeyStoreAuth keyStoreAuth = new KeyStoreAuth(null, null); - assertThrows(KeyStoreAuthException.class, () -> keyStoreAuth.getReadKeyPassword()); - assertThrows(KeyStoreAuthException.class, () -> keyStoreAuth.getReadKeyPassword()); + assertThrows(KeyStoreAuthException.class, keyStoreAuth::getReadKeyPassword); + assertThrows(KeyStoreAuthException.class, keyStoreAuth::getReadStorePassword); } @Test diff --git a/datasafe-encryption/datasafe-encryption-impl/src/test/java/de/adorsys/datasafe/encrypiton/impl/keystore/KeyStoreServiceTest.java b/datasafe-encryption/datasafe-encryption-impl/src/test/java/de/adorsys/datasafe/encrypiton/impl/keystore/KeyStoreServiceTest.java index f6ac17bed..c003b1e54 100644 --- a/datasafe-encryption/datasafe-encryption-impl/src/test/java/de/adorsys/datasafe/encrypiton/impl/keystore/KeyStoreServiceTest.java +++ b/datasafe-encryption/datasafe-encryption-impl/src/test/java/de/adorsys/datasafe/encrypiton/impl/keystore/KeyStoreServiceTest.java @@ -119,4 +119,15 @@ void getSecretKey() { SecretKey secretKey = keyStoreService.getSecretKey(keyStoreAccess, keyID); Assertions.assertNotNull(secretKey); } + @Test + void removeKey() { + KeyCreationConfig config = KeyCreationConfig.builder().signKeyNumber(1).encKeyNumber(0).build(); + KeyStore keyStore = keyStoreService.createKeyStore(keyStoreAuth, config); + KeyStoreAccess keyStoreAccess = new KeyStoreAccess(keyStore, keyStoreAuth); + + KeyID keyID = KeystoreUtil.keyIdByPrefix(keyStore, DOCUMENT_KEY_ID_PREFIX); + keyStoreService.removeKey(keyStoreAccess, keyID.getValue()); + SecretKey secretKey = keyStoreService.getSecretKey(keyStoreAccess, keyID); + Assertions.assertNull(secretKey); + } } From 19b34082350c895cfead03f6485e56bba934fd70 Mon Sep 17 00:00:00 2001 From: Thendo20 Date: Mon, 1 Jul 2024 14:55:20 +0200 Subject: [PATCH 05/13] Added two new tests for KeyStoreService and one test for CmsEncryptionServiceImpl --- .../CmsEncryptionServiceImplTest.java | 58 ++++++++++++++++--- .../impl/keystore/KeyStoreServiceTest.java | 17 ++++++ 2 files changed, 66 insertions(+), 9 deletions(-) diff --git a/datasafe-encryption/datasafe-encryption-impl/src/test/java/de/adorsys/datasafe/encrypiton/impl/cmsencryption/CmsEncryptionServiceImplTest.java b/datasafe-encryption/datasafe-encryption-impl/src/test/java/de/adorsys/datasafe/encrypiton/impl/cmsencryption/CmsEncryptionServiceImplTest.java index 3c0168b08..490748a62 100644 --- a/datasafe-encryption/datasafe-encryption-impl/src/test/java/de/adorsys/datasafe/encrypiton/impl/cmsencryption/CmsEncryptionServiceImplTest.java +++ b/datasafe-encryption/datasafe-encryption-impl/src/test/java/de/adorsys/datasafe/encrypiton/impl/cmsencryption/CmsEncryptionServiceImplTest.java @@ -1,6 +1,11 @@ package de.adorsys.datasafe.encrypiton.impl.cmsencryption; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.dataformat.yaml.YAMLFactory; +import com.fasterxml.jackson.dataformat.yaml.YAMLGenerator; import com.google.common.io.ByteStreams; +import com.google.common.io.Resources; import de.adorsys.datasafe.encrypiton.api.cmsencryption.CMSEncryptionService; import de.adorsys.datasafe.encrypiton.api.keystore.KeyStoreService; import de.adorsys.datasafe.encrypiton.api.types.encryption.CmsEncryptionConfig; @@ -28,17 +33,10 @@ import org.junit.jupiter.api.BeforeAll; import org.junit.jupiter.api.Test; -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.File; -import java.io.FileInputStream; -import java.io.FileOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; -import java.io.RandomAccessFile; +import java.io.*; import java.nio.MappedByteBuffer; import java.nio.channels.FileChannel; +import java.nio.charset.StandardCharsets; import java.nio.file.Files; import java.nio.file.Paths; import java.security.Key; @@ -145,6 +143,48 @@ void cmsStreamEnvelopeEncryptAndDecryptTest() { assertThat(TEST_MESSAGE_CONTENT).isEqualTo(new String(actualResult)); } + @Test + @SneakyThrows + void cmsStreamEnvelopeEncryptAndDecryptTestCustom() { + ReadKeyPassword readKeyPassword = ReadKeyPasswordTestFactory.getForString("readkeypassword"); + ReadStorePassword readStorePassword = new ReadStorePassword("readstorepassword"); + + KeyStoreAuth keyStoreAuth = new KeyStoreAuth(readStorePassword, readKeyPassword); + KeyCreationConfig config = KeyCreationConfig.builder() + .signing(KeyCreationConfig.SigningKeyCreationCfg.builder().algo("RSA").size(2048).sigAlgo( "SHA256withRSA").curve("null").build()) + .encrypting(KeyCreationConfig.EncryptingKeyCreationCfg.builder().algo("RSA").size(2048).sigAlgo("SHA256withRSA").curve("null").build()) + .build(); + + KeyStore keyStore = keyStoreService.createKeyStore(keyStoreAuth, config); + KeyStoreAccess keyStoreAccess = new KeyStoreAccess(keyStore, keyStoreAuth); + + PublicKeyIDWithPublicKey publicKeyIDWithPublicKey = keyStoreService.getPublicKeys(keyStoreAccess).get(0); + ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); + + KeyStoreAccess keyStoreAccessSender = getKeyStoreAccess("Sender"); + + OutputStream encryptionStream = cmsEncryptionService.buildEncryptionOutputStream( + outputStream, + Collections.singleton(new PublicKeyIDWithPublicKey( + publicKeyIDWithPublicKey.getKeyID(), + publicKeyIDWithPublicKey.getPublicKey() + )), + getKeyPair(keyStoreAccessSender, "Sender") + ); + + encryptionStream.write(TEST_MESSAGE_CONTENT.getBytes()); + encryptionStream.close(); + + byte[] byteArray = outputStream.toByteArray(); + + ByteArrayInputStream inputStream = new ByteArrayInputStream(byteArray); + InputStream decryptionStream = cmsEncryptionService.buildDecryptionInputStream( + inputStream, keyIds -> getKeys(keyIds, keyStoreAccess) + ); + byte[] actualResult = toByteArray(decryptionStream); + + assertThat(TEST_MESSAGE_CONTENT).isEqualTo(new String(actualResult)); + } @Test @SneakyThrows diff --git a/datasafe-encryption/datasafe-encryption-impl/src/test/java/de/adorsys/datasafe/encrypiton/impl/keystore/KeyStoreServiceTest.java b/datasafe-encryption/datasafe-encryption-impl/src/test/java/de/adorsys/datasafe/encrypiton/impl/keystore/KeyStoreServiceTest.java index c003b1e54..e4718f208 100644 --- a/datasafe-encryption/datasafe-encryption-impl/src/test/java/de/adorsys/datasafe/encrypiton/impl/keystore/KeyStoreServiceTest.java +++ b/datasafe-encryption/datasafe-encryption-impl/src/test/java/de/adorsys/datasafe/encrypiton/impl/keystore/KeyStoreServiceTest.java @@ -69,7 +69,24 @@ void createKeyStoreEmptyConfig() throws Exception { // One additional secret key being generated for path encryption and one for private doc encryption. Assertions.assertEquals(4, list.size()); } + @Test + void updateKeyStoreReadKeyPassword() throws Exception { + KeyCreationConfig config = KeyCreationConfig.builder().signKeyNumber(0).encKeyNumber(1).build(); + KeyStore keyStore = keyStoreService.createKeyStore(keyStoreAuth, config); + KeyStoreAuth newKeystoreAuth = new KeyStoreAuth(new ReadStorePassword("newstorepass"), new ReadKeyPassword("newkeypass".toCharArray())); + KeyStore updatedKeyStore = keyStoreService.updateKeyStoreReadKeyPassword(keyStore, keyStoreAuth, newKeystoreAuth); + Assertions.assertEquals("newkeypass", newKeystoreAuth.getReadKeyPassword().getValue()); + } + @Test + void addPasswordBasedSecretKey() { + KeyStore keyStore = keyStoreService.createKeyStore(keyStoreAuth, KeyCreationConfig.builder().build()); + KeyStoreAccess keyStoreAccess = new KeyStoreAccess(keyStore, keyStoreAuth); + keyStoreService.addPasswordBasedSecretKey(keyStoreAccess, "alias", "secret".toCharArray()); + SecretKey secretKey = keyStoreService.getSecretKey(keyStoreAccess, new KeyID("alias")); + + Assertions.assertEquals("secret", new String(secretKey.getEncoded())); + } @Test void getPublicKeys() { KeyStore keyStore = keyStoreService.createKeyStore(keyStoreAuth, KeyCreationConfig.builder().build()); From d3ced01c77e824814fe28fe2078ded5550f5f8e7 Mon Sep 17 00:00:00 2001 From: Thendo20 Date: Mon, 1 Jul 2024 15:48:10 +0200 Subject: [PATCH 06/13] Added two new tests for KeyStoreService and one test for CmsEncryptionServiceImpl --- .../impl/cmsencryption/CmsEncryptionServiceImplTest.java | 4 ++-- .../encrypiton/impl/keystore/KeyStoreServiceTest.java | 3 ++- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/datasafe-encryption/datasafe-encryption-impl/src/test/java/de/adorsys/datasafe/encrypiton/impl/cmsencryption/CmsEncryptionServiceImplTest.java b/datasafe-encryption/datasafe-encryption-impl/src/test/java/de/adorsys/datasafe/encrypiton/impl/cmsencryption/CmsEncryptionServiceImplTest.java index 490748a62..a46bd2a37 100644 --- a/datasafe-encryption/datasafe-encryption-impl/src/test/java/de/adorsys/datasafe/encrypiton/impl/cmsencryption/CmsEncryptionServiceImplTest.java +++ b/datasafe-encryption/datasafe-encryption-impl/src/test/java/de/adorsys/datasafe/encrypiton/impl/cmsencryption/CmsEncryptionServiceImplTest.java @@ -151,8 +151,8 @@ void cmsStreamEnvelopeEncryptAndDecryptTestCustom() { KeyStoreAuth keyStoreAuth = new KeyStoreAuth(readStorePassword, readKeyPassword); KeyCreationConfig config = KeyCreationConfig.builder() - .signing(KeyCreationConfig.SigningKeyCreationCfg.builder().algo("RSA").size(2048).sigAlgo( "SHA256withRSA").curve("null").build()) - .encrypting(KeyCreationConfig.EncryptingKeyCreationCfg.builder().algo("RSA").size(2048).sigAlgo("SHA256withRSA").curve("null").build()) + .signing(KeyCreationConfig.SigningKeyCreationCfg.builder().algo("RSA").size(2048).sigAlgo( "SHA256withRSA").curve(null).build()) + .encrypting(KeyCreationConfig.EncryptingKeyCreationCfg.builder().algo("RSA").size(2048).sigAlgo("SHA256withRSA").curve(null).build()) .build(); KeyStore keyStore = keyStoreService.createKeyStore(keyStoreAuth, config); diff --git a/datasafe-encryption/datasafe-encryption-impl/src/test/java/de/adorsys/datasafe/encrypiton/impl/keystore/KeyStoreServiceTest.java b/datasafe-encryption/datasafe-encryption-impl/src/test/java/de/adorsys/datasafe/encrypiton/impl/keystore/KeyStoreServiceTest.java index e4718f208..921120e65 100644 --- a/datasafe-encryption/datasafe-encryption-impl/src/test/java/de/adorsys/datasafe/encrypiton/impl/keystore/KeyStoreServiceTest.java +++ b/datasafe-encryption/datasafe-encryption-impl/src/test/java/de/adorsys/datasafe/encrypiton/impl/keystore/KeyStoreServiceTest.java @@ -26,6 +26,7 @@ import javax.crypto.SecretKey; import java.security.KeyStore; import java.security.PrivateKey; +import java.util.Arrays; import java.util.Collections; import java.util.List; @@ -75,7 +76,7 @@ void updateKeyStoreReadKeyPassword() throws Exception { KeyStore keyStore = keyStoreService.createKeyStore(keyStoreAuth, config); KeyStoreAuth newKeystoreAuth = new KeyStoreAuth(new ReadStorePassword("newstorepass"), new ReadKeyPassword("newkeypass".toCharArray())); KeyStore updatedKeyStore = keyStoreService.updateKeyStoreReadKeyPassword(keyStore, keyStoreAuth, newKeystoreAuth); - Assertions.assertEquals("newkeypass", newKeystoreAuth.getReadKeyPassword().getValue()); + Assertions.assertTrue(Arrays.equals("newkeypass".toCharArray(), newKeystoreAuth.getReadKeyPassword().getValue())); } @Test void addPasswordBasedSecretKey() { From a131c8622f3ee4ccc6fba49c164998a772e719eb Mon Sep 17 00:00:00 2001 From: Thendo20 Date: Tue, 2 Jul 2024 16:26:35 +0200 Subject: [PATCH 07/13] Added new test to KeyStoreServiceTest and change made to pom.xml --- datasafe-business/pom.xml | 6 ++-- .../impl/keystore/KeyStoreServiceTest.java | 27 +++++++++++++---- .../impl/SimpleDatasafeServiceImpl.java | 30 ++----------------- 3 files changed, 28 insertions(+), 35 deletions(-) diff --git a/datasafe-business/pom.xml b/datasafe-business/pom.xml index 9a328d146..315a0f278 100644 --- a/datasafe-business/pom.xml +++ b/datasafe-business/pom.xml @@ -187,11 +187,10 @@ com.fasterxml.jackson.dataformat jackson-dataformat-yaml - 2.15.4 + ${jackson.version} test - @@ -232,6 +231,9 @@ javax.xml.bind:jaxb-api:jar + com.fasterxml.jackson.core:jackson-annotations + com.fasterxml.jackson.core:jackson-core + com.fasterxml.jackson.core:jackson-databind javax.inject:javax.inject com.amazonaws org.bouncycastle diff --git a/datasafe-encryption/datasafe-encryption-impl/src/test/java/de/adorsys/datasafe/encrypiton/impl/keystore/KeyStoreServiceTest.java b/datasafe-encryption/datasafe-encryption-impl/src/test/java/de/adorsys/datasafe/encrypiton/impl/keystore/KeyStoreServiceTest.java index 921120e65..4e40cdcf9 100644 --- a/datasafe-encryption/datasafe-encryption-impl/src/test/java/de/adorsys/datasafe/encrypiton/impl/keystore/KeyStoreServiceTest.java +++ b/datasafe-encryption/datasafe-encryption-impl/src/test/java/de/adorsys/datasafe/encrypiton/impl/keystore/KeyStoreServiceTest.java @@ -71,13 +71,28 @@ void createKeyStoreEmptyConfig() throws Exception { Assertions.assertEquals(4, list.size()); } @Test - void updateKeyStoreReadKeyPassword() throws Exception { - KeyCreationConfig config = KeyCreationConfig.builder().signKeyNumber(0).encKeyNumber(1).build(); - KeyStore keyStore = keyStoreService.createKeyStore(keyStoreAuth, config); - KeyStoreAuth newKeystoreAuth = new KeyStoreAuth(new ReadStorePassword("newstorepass"), new ReadKeyPassword("newkeypass".toCharArray())); - KeyStore updatedKeyStore = keyStoreService.updateKeyStoreReadKeyPassword(keyStore, keyStoreAuth, newKeystoreAuth); - Assertions.assertTrue(Arrays.equals("newkeypass".toCharArray(), newKeystoreAuth.getReadKeyPassword().getValue())); + void serializeAndDeserializeKeyStore() { + KeyStore keyStore = keyStoreService.createKeyStore(keyStoreAuth, KeyCreationConfig.builder().build()); + ReadStorePassword password = new ReadStorePassword("storepass"); + + byte[] serializedKeyStore = keyStoreService.serialize(keyStore, password); + KeyStore deserializedKeyStore = keyStoreService.deserialize(serializedKeyStore, password); + + Assertions.assertEquals(keyStore.getType(), deserializedKeyStore.getType()); + Assertions.assertEquals(keyStore.getProvider(), deserializedKeyStore.getProvider()); } +// @Test +// void updateKeyStoreReadKeyPassword() { +// KeyCreationConfig config = KeyCreationConfig.builder().signKeyNumber(0).encKeyNumber(1).build(); +// KeyStore keyStore = keyStoreService.createKeyStore(keyStoreAuth, config); +// KeyStoreAuth newKeystoreAuth = new KeyStoreAuth(new ReadStorePassword("newstorepass"), new ReadKeyPassword("newkeypass".toCharArray())); +// KeyStore updatedKeyStore = keyStoreService.updateKeyStoreReadKeyPassword(keyStore, keyStoreAuth, newKeystoreAuth); +// +//// keyStoreService. +//// updatedKeyStore. +// updatedKeyStore.getKey("newkeypass", newKeystoreAuth.getReadKeyPassword().getValue()); +// Assertions.assertTrue(Arrays.equals("newkeypass".toCharArray(), keyStoreAuth.getReadKeyPassword().getValue())); +// } @Test void addPasswordBasedSecretKey() { KeyStore keyStore = keyStoreService.createKeyStore(keyStoreAuth, KeyCreationConfig.builder().build()); diff --git a/datasafe-simple-adapter/datasafe-simple-adapter-impl/src/main/java/de/adorsys/datasafe/simple/adapter/impl/SimpleDatasafeServiceImpl.java b/datasafe-simple-adapter/datasafe-simple-adapter-impl/src/main/java/de/adorsys/datasafe/simple/adapter/impl/SimpleDatasafeServiceImpl.java index 17ea24fdd..02f9cb024 100644 --- a/datasafe-simple-adapter/datasafe-simple-adapter-impl/src/main/java/de/adorsys/datasafe/simple/adapter/impl/SimpleDatasafeServiceImpl.java +++ b/datasafe-simple-adapter/datasafe-simple-adapter-impl/src/main/java/de/adorsys/datasafe/simple/adapter/impl/SimpleDatasafeServiceImpl.java @@ -7,13 +7,8 @@ import com.amazonaws.client.builder.AwsClientBuilder; import com.amazonaws.services.s3.AmazonS3; import com.amazonaws.services.s3.AmazonS3ClientBuilder; -import com.fasterxml.jackson.annotation.JsonInclude; -import com.fasterxml.jackson.databind.ObjectMapper; -import com.fasterxml.jackson.dataformat.yaml.YAMLFactory; -import com.fasterxml.jackson.dataformat.yaml.YAMLGenerator; import com.google.common.base.CharMatcher; import com.google.common.io.ByteStreams; -import com.google.common.io.Resources; import de.adorsys.datasafe.business.impl.service.DefaultDatasafeServices; import de.adorsys.datasafe.directory.impl.profile.config.DefaultDFSConfig; import de.adorsys.datasafe.encrypiton.api.types.UserID; @@ -55,12 +50,9 @@ import lombok.SneakyThrows; import lombok.extern.slf4j.Slf4j; -import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; -import java.io.Reader; import java.net.URI; -import java.nio.charset.StandardCharsets; import java.nio.file.FileSystems; import java.util.List; import java.util.stream.Collectors; @@ -70,18 +62,16 @@ public class SimpleDatasafeServiceImpl implements SimpleDatasafeService { private static final String AMAZON_URL = "https://.*s3.amazonaws.com"; private static final ReadStorePassword universalReadStorePassword = new ReadStorePassword("secret"); private static final String S3_PREFIX = "s3://"; - private static final String yamlFixture = "config/mutable.yaml"; - private static ObjectMapper mapper = createMapper(); - private static MutableEncryptionConfig config = readResource(mapper, yamlFixture, MutableEncryptionConfig.class); + private SystemRootAndStorageService rootAndStorage; private DefaultDatasafeServices customlyBuiltDatasafeServices; public SimpleDatasafeServiceImpl(PathEncryptionConfig pathEncryptionConfig) { - this(DFSCredentialsFactory.getFromEnvironmnet(), config, pathEncryptionConfig); + this(DFSCredentialsFactory.getFromEnvironmnet(), new MutableEncryptionConfig(), pathEncryptionConfig); } public SimpleDatasafeServiceImpl() { - this(DFSCredentialsFactory.getFromEnvironmnet(), config, new PathEncryptionConfig(true)); + this(DFSCredentialsFactory.getFromEnvironmnet(), new MutableEncryptionConfig(), new PathEncryptionConfig(true)); } public SimpleDatasafeServiceImpl(DFSCredentials dfsCredentials, MutableEncryptionConfig config, PathEncryptionConfig pathEncryptionConfig) { @@ -333,20 +323,6 @@ private static SystemRootAndStorageService useFileSystem(FilesystemDFSCredential log.info("build DFS to FILESYSTEM with root " + filesystemDFSCredentials.getRoot()); return new SystemRootAndStorageService(systemRoot, storageService); } - private static T readResource(ObjectMapper mapper, String path, Class type) { - try (Reader reader = Resources.asCharSource(Resources.getResource(path), StandardCharsets.UTF_8).openStream()) { - return mapper.readValue(reader, type); - } - catch (IOException e) { - throw new RuntimeException(e); - } - } - - private static ObjectMapper createMapper() { - ObjectMapper mapper = new ObjectMapper(new YAMLFactory().enable(YAMLGenerator.Feature.MINIMIZE_QUOTES)); - mapper.setSerializationInclusion(JsonInclude.Include.NON_NULL); - return mapper; - } @AllArgsConstructor From f95d74c4c9842e7daa2fa52408638bcdd165688a Mon Sep 17 00:00:00 2001 From: Thendo20 Date: Thu, 4 Jul 2024 14:26:22 +0200 Subject: [PATCH 08/13] Added test for PublicKeySerdeImpl class and tests for BucketAccessServiceImpl and DefaultDFSConfig --- .../dfs/BucketAccessServiceImplTest.java | 8 +++ .../profile/dfs/DefaultDFSConfigTest.java | 12 ++++ .../impl/keystore/PublicKeySerdeImplTest.java | 56 +++++++++++++++++++ 3 files changed, 76 insertions(+) create mode 100644 datasafe-encryption/datasafe-encryption-impl/src/test/java/de/adorsys/datasafe/encrypiton/impl/keystore/PublicKeySerdeImplTest.java diff --git a/datasafe-directory/datasafe-directory-impl/src/test/java/de/adorsys/datasafe/directory/impl/profile/dfs/BucketAccessServiceImplTest.java b/datasafe-directory/datasafe-directory-impl/src/test/java/de/adorsys/datasafe/directory/impl/profile/dfs/BucketAccessServiceImplTest.java index 2aa1091de..ed9ca5837 100644 --- a/datasafe-directory/datasafe-directory-impl/src/test/java/de/adorsys/datasafe/directory/impl/profile/dfs/BucketAccessServiceImplTest.java +++ b/datasafe-directory/datasafe-directory-impl/src/test/java/de/adorsys/datasafe/directory/impl/profile/dfs/BucketAccessServiceImplTest.java @@ -4,6 +4,7 @@ import de.adorsys.datasafe.encrypiton.api.types.UserIDAuth; import de.adorsys.datasafe.types.api.resource.BasePrivateResource; import de.adorsys.datasafe.types.api.resource.BasePublicResource; +import de.adorsys.datasafe.types.api.resource.Uri; import de.adorsys.datasafe.types.api.shared.BaseMockitoTest; import de.adorsys.datasafe.types.api.utils.ReadKeyPasswordTestFactory; import org.junit.jupiter.api.Test; @@ -14,6 +15,7 @@ class BucketAccessServiceImplTest extends BaseMockitoTest { private static final String ABSOLUTE_BUCKET = "s3://bucket"; + private final Uri uri = new Uri(ABSOLUTE_BUCKET); private UserIDAuth auth = new UserIDAuth(new UserID(""), ReadKeyPasswordTestFactory.getForString("")); @@ -35,4 +37,10 @@ void publicAccessFor() { BasePublicResource.forAbsolutePublic(ABSOLUTE_BUCKET).getResource()).location().asURI() ).asString().isEqualTo(ABSOLUTE_BUCKET); } + @Test + void withSystemAccess() { + assertThat(bucketAccessService.withSystemAccess( + BasePublicResource.forAbsolutePublic(ABSOLUTE_BUCKET)).location().asURI() + ).asString().isEqualTo(ABSOLUTE_BUCKET); + } } diff --git a/datasafe-directory/datasafe-directory-impl/src/test/java/de/adorsys/datasafe/directory/impl/profile/dfs/DefaultDFSConfigTest.java b/datasafe-directory/datasafe-directory-impl/src/test/java/de/adorsys/datasafe/directory/impl/profile/dfs/DefaultDFSConfigTest.java index 95c9a57e1..d5916117a 100644 --- a/datasafe-directory/datasafe-directory-impl/src/test/java/de/adorsys/datasafe/directory/impl/profile/dfs/DefaultDFSConfigTest.java +++ b/datasafe-directory/datasafe-directory-impl/src/test/java/de/adorsys/datasafe/directory/impl/profile/dfs/DefaultDFSConfigTest.java @@ -1,7 +1,10 @@ package de.adorsys.datasafe.directory.impl.profile.dfs; +import de.adorsys.datasafe.directory.api.types.CreateUserPublicProfile; import de.adorsys.datasafe.directory.impl.profile.config.DefaultDFSConfig; +import de.adorsys.datasafe.encrypiton.api.types.UserID; import de.adorsys.datasafe.types.api.resource.Uri; +import de.adorsys.datasafe.types.api.types.ReadStorePassword; import lombok.SneakyThrows; import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.Test; @@ -38,5 +41,14 @@ public void checkUriWithSlash() { Uri result2 = DefaultDFSConfig.addTrailingSlashIfNeeded(result1); Assertions.assertEquals(new Uri(uriString + "/"), result2); } + @Test + @SneakyThrows + public void createDefaultPublicTemplate() { + ReadStorePassword systemPassword = new ReadStorePassword("storePassword"); + DefaultDFSConfig config = new DefaultDFSConfig(new URI(uriString), systemPassword); + CreateUserPublicProfile template = config.defaultPublicTemplate(new UserID("user1")); + Assertions.assertEquals(new UserID("user1"), template.getId()); + + } } diff --git a/datasafe-encryption/datasafe-encryption-impl/src/test/java/de/adorsys/datasafe/encrypiton/impl/keystore/PublicKeySerdeImplTest.java b/datasafe-encryption/datasafe-encryption-impl/src/test/java/de/adorsys/datasafe/encrypiton/impl/keystore/PublicKeySerdeImplTest.java new file mode 100644 index 000000000..cfdd401f8 --- /dev/null +++ b/datasafe-encryption/datasafe-encryption-impl/src/test/java/de/adorsys/datasafe/encrypiton/impl/keystore/PublicKeySerdeImplTest.java @@ -0,0 +1,56 @@ +package de.adorsys.datasafe.encrypiton.impl.keystore; + +import de.adorsys.datasafe.encrypiton.api.keystore.KeyStoreService; +import de.adorsys.datasafe.encrypiton.api.types.encryption.EncryptionConfig; +import de.adorsys.datasafe.encrypiton.api.types.encryption.KeyCreationConfig; +import de.adorsys.datasafe.encrypiton.api.types.keystore.KeyStoreAccess; +import de.adorsys.datasafe.encrypiton.api.types.keystore.KeyStoreAuth; +import de.adorsys.datasafe.encrypiton.api.types.keystore.PublicKeyIDWithPublicKey; +import de.adorsys.datasafe.types.api.shared.BaseMockitoTest; +import de.adorsys.datasafe.types.api.types.ReadKeyPassword; +import de.adorsys.datasafe.types.api.types.ReadStorePassword; +import de.adorsys.datasafe.types.api.utils.ReadKeyPasswordTestFactory; +import de.adorsys.keymanagement.juggler.services.DaggerBCJuggler; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.mockito.InjectMocks; + +import javax.inject.Inject; +import java.security.KeyStore; +import java.security.PublicKey; +import java.util.Base64; +import java.util.List; + +import static org.assertj.core.api.AssertionsForClassTypes.assertThat; +import static org.mockito.Mockito.mock; + +public class PublicKeySerdeImplTest extends BaseMockitoTest { + private KeyStoreService keyStoreService = new KeyStoreServiceImpl( + EncryptionConfig.builder().build().getKeystore(), + DaggerBCJuggler.builder().build() + ); + + @Test + public void writeAndReadPubKey(){ + ReadStorePassword readStorePassword = new ReadStorePassword("storepass"); + ReadKeyPassword readKeyPassword = ReadKeyPasswordTestFactory.getForString("keypass"); + + KeyStoreAuth keyStoreAuth = new KeyStoreAuth(readStorePassword, readKeyPassword); + KeyCreationConfig config = KeyCreationConfig.builder().signKeyNumber(0).encKeyNumber(1).build(); + KeyStore keyStore = keyStoreService.createKeyStore(keyStoreAuth, config); + + KeyStoreAccess keyStoreAccess = new KeyStoreAccess(keyStore, keyStoreAuth); + PublicKeySerdeImpl publicKeySerde = mock(PublicKeySerdeImpl.class); + + List publicKeys = keyStoreService.getPublicKeys(keyStoreAccess); + + PublicKey publicKey = publicKeys.get(0).getPublicKey(); + String encodedKey = publicKeySerde.writePubKey(publicKey); + + assertThat(encodedKey).isEqualTo(Base64.getEncoder().encodeToString(publicKey.getEncoded())); + + PublicKey readPublicKey = publicKeySerde.readPubKey(encodedKey); + + assertThat(readPublicKey).isEqualTo(publicKey); + } +} From 4cc06a4d039c0e07ae9ec8c206c8fe52bcd75328 Mon Sep 17 00:00:00 2001 From: Thendo20 Date: Thu, 4 Jul 2024 16:03:15 +0200 Subject: [PATCH 09/13] fix for PublicKeySerdeImpl test --- .../encrypiton/impl/keystore/PublicKeySerdeImplTest.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/datasafe-encryption/datasafe-encryption-impl/src/test/java/de/adorsys/datasafe/encrypiton/impl/keystore/PublicKeySerdeImplTest.java b/datasafe-encryption/datasafe-encryption-impl/src/test/java/de/adorsys/datasafe/encrypiton/impl/keystore/PublicKeySerdeImplTest.java index cfdd401f8..3d761cbdb 100644 --- a/datasafe-encryption/datasafe-encryption-impl/src/test/java/de/adorsys/datasafe/encrypiton/impl/keystore/PublicKeySerdeImplTest.java +++ b/datasafe-encryption/datasafe-encryption-impl/src/test/java/de/adorsys/datasafe/encrypiton/impl/keystore/PublicKeySerdeImplTest.java @@ -25,7 +25,7 @@ import static org.mockito.Mockito.mock; public class PublicKeySerdeImplTest extends BaseMockitoTest { - private KeyStoreService keyStoreService = new KeyStoreServiceImpl( + private final KeyStoreService keyStoreService = new KeyStoreServiceImpl( EncryptionConfig.builder().build().getKeystore(), DaggerBCJuggler.builder().build() ); @@ -40,7 +40,7 @@ public void writeAndReadPubKey(){ KeyStore keyStore = keyStoreService.createKeyStore(keyStoreAuth, config); KeyStoreAccess keyStoreAccess = new KeyStoreAccess(keyStore, keyStoreAuth); - PublicKeySerdeImpl publicKeySerde = mock(PublicKeySerdeImpl.class); + PublicKeySerdeImpl publicKeySerde = new PublicKeySerdeImpl(); List publicKeys = keyStoreService.getPublicKeys(keyStoreAccess); From e3dafc574d6352bd000dafe50240b0810b4976e9 Mon Sep 17 00:00:00 2001 From: Thendo20 Date: Fri, 5 Jul 2024 15:54:16 +0200 Subject: [PATCH 10/13] Removed updateKeyStoreReadKeyPassword test --- .../impl/keystore/KeyStoreServiceTest.java | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/datasafe-encryption/datasafe-encryption-impl/src/test/java/de/adorsys/datasafe/encrypiton/impl/keystore/KeyStoreServiceTest.java b/datasafe-encryption/datasafe-encryption-impl/src/test/java/de/adorsys/datasafe/encrypiton/impl/keystore/KeyStoreServiceTest.java index 4e40cdcf9..f61faf415 100644 --- a/datasafe-encryption/datasafe-encryption-impl/src/test/java/de/adorsys/datasafe/encrypiton/impl/keystore/KeyStoreServiceTest.java +++ b/datasafe-encryption/datasafe-encryption-impl/src/test/java/de/adorsys/datasafe/encrypiton/impl/keystore/KeyStoreServiceTest.java @@ -81,18 +81,7 @@ void serializeAndDeserializeKeyStore() { Assertions.assertEquals(keyStore.getType(), deserializedKeyStore.getType()); Assertions.assertEquals(keyStore.getProvider(), deserializedKeyStore.getProvider()); } -// @Test -// void updateKeyStoreReadKeyPassword() { -// KeyCreationConfig config = KeyCreationConfig.builder().signKeyNumber(0).encKeyNumber(1).build(); -// KeyStore keyStore = keyStoreService.createKeyStore(keyStoreAuth, config); -// KeyStoreAuth newKeystoreAuth = new KeyStoreAuth(new ReadStorePassword("newstorepass"), new ReadKeyPassword("newkeypass".toCharArray())); -// KeyStore updatedKeyStore = keyStoreService.updateKeyStoreReadKeyPassword(keyStore, keyStoreAuth, newKeystoreAuth); -// -//// keyStoreService. -//// updatedKeyStore. -// updatedKeyStore.getKey("newkeypass", newKeystoreAuth.getReadKeyPassword().getValue()); -// Assertions.assertTrue(Arrays.equals("newkeypass".toCharArray(), keyStoreAuth.getReadKeyPassword().getValue())); -// } + @Test void addPasswordBasedSecretKey() { KeyStore keyStore = keyStoreService.createKeyStore(keyStoreAuth, KeyCreationConfig.builder().build()); From 1da92900a0a397a1630d1f989c4e77b3f0109fa6 Mon Sep 17 00:00:00 2001 From: Thendo20 Date: Tue, 9 Jul 2024 10:13:18 +0200 Subject: [PATCH 11/13] fixes made --- .../impl/profile/dfs/BucketAccessServiceImplTest.java | 1 - .../api/types/encryption/MutableEncryptionConfig.java | 8 ++++---- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/datasafe-directory/datasafe-directory-impl/src/test/java/de/adorsys/datasafe/directory/impl/profile/dfs/BucketAccessServiceImplTest.java b/datasafe-directory/datasafe-directory-impl/src/test/java/de/adorsys/datasafe/directory/impl/profile/dfs/BucketAccessServiceImplTest.java index ed9ca5837..88c5d369f 100644 --- a/datasafe-directory/datasafe-directory-impl/src/test/java/de/adorsys/datasafe/directory/impl/profile/dfs/BucketAccessServiceImplTest.java +++ b/datasafe-directory/datasafe-directory-impl/src/test/java/de/adorsys/datasafe/directory/impl/profile/dfs/BucketAccessServiceImplTest.java @@ -15,7 +15,6 @@ class BucketAccessServiceImplTest extends BaseMockitoTest { private static final String ABSOLUTE_BUCKET = "s3://bucket"; - private final Uri uri = new Uri(ABSOLUTE_BUCKET); private UserIDAuth auth = new UserIDAuth(new UserID(""), ReadKeyPasswordTestFactory.getForString("")); diff --git a/datasafe-encryption/datasafe-encryption-api/src/main/java/de/adorsys/datasafe/encrypiton/api/types/encryption/MutableEncryptionConfig.java b/datasafe-encryption/datasafe-encryption-api/src/main/java/de/adorsys/datasafe/encrypiton/api/types/encryption/MutableEncryptionConfig.java index 7c13e358c..36b4cbdb9 100644 --- a/datasafe-encryption/datasafe-encryption-api/src/main/java/de/adorsys/datasafe/encrypiton/api/types/encryption/MutableEncryptionConfig.java +++ b/datasafe-encryption/datasafe-encryption-api/src/main/java/de/adorsys/datasafe/encrypiton/api/types/encryption/MutableEncryptionConfig.java @@ -200,9 +200,9 @@ KeyCreationConfig.EncryptingKeyCreationCfg toEncryptingKeyCreationCfg() { builder.sigAlgo(sigAlgo); } - + if(null != curve) { builder.curve(curve); - + } return builder.build(); } @@ -231,9 +231,9 @@ KeyCreationConfig.SigningKeyCreationCfg toSigningKeyCreationCfg() { builder.sigAlgo(sigAlgo); } - + if (null != curve) { builder.curve(curve); - + } return builder.build(); } From 1f66c6d01ae8d22f7449fd9e4f608d6589a5420a Mon Sep 17 00:00:00 2001 From: Thendo20 Date: Tue, 9 Jul 2024 10:18:41 +0200 Subject: [PATCH 12/13] fixes made --- .../datasafe-simple-adapter-impl/pom.xml | 6 ---- .../src/main/resources/config/mutable.yaml | 30 ------------------- 2 files changed, 36 deletions(-) delete mode 100644 datasafe-simple-adapter/datasafe-simple-adapter-impl/src/main/resources/config/mutable.yaml diff --git a/datasafe-simple-adapter/datasafe-simple-adapter-impl/pom.xml b/datasafe-simple-adapter/datasafe-simple-adapter-impl/pom.xml index cb3dc8b66..af98b24da 100644 --- a/datasafe-simple-adapter/datasafe-simple-adapter-impl/pom.xml +++ b/datasafe-simple-adapter/datasafe-simple-adapter-impl/pom.xml @@ -73,12 +73,6 @@ assertj-core test - - com.fasterxml.jackson.dataformat - jackson-dataformat-yaml - 2.15.4 - compile - diff --git a/datasafe-simple-adapter/datasafe-simple-adapter-impl/src/main/resources/config/mutable.yaml b/datasafe-simple-adapter/datasafe-simple-adapter-impl/src/main/resources/config/mutable.yaml deleted file mode 100644 index cff5e2086..000000000 --- a/datasafe-simple-adapter/datasafe-simple-adapter-impl/src/main/resources/config/mutable.yaml +++ /dev/null @@ -1,30 +0,0 @@ ---- -keystore: - type: BCFKS - encryptionAlgo: AES256_KWP - pbkdf: - scrypt: - cost: 1 - blockSize: 2 - parallelization: 3 - saltLength: 4 - macAlgo: HmacSHA3_512 - passwordKeysAlgo: PBEWithHmacSHA256AndAES_256 -keys: - encKeyNumber: 1 - signKeyNumber: 2 - secret: - algo: AES - size: 12 - encrypting: - algo: RSA - size: 13 - sigAlgo: srv-sig-algo - curve: - signing: - algo: sig-algo - size: 14 - sigAlgo: SHA256withRSA - curve: curve -cms: - algo: cms-algo1 \ No newline at end of file From 3a56735914970bcc9f28431b563f2fbbc44d03ce Mon Sep 17 00:00:00 2001 From: Thendo20 Date: Tue, 9 Jul 2024 15:49:16 +0200 Subject: [PATCH 13/13] fixes made --- datasafe-business/src/test/resources/config/mutable.yaml | 4 ++-- .../api/types/encryption/MutableEncryptionConfig.java | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/datasafe-business/src/test/resources/config/mutable.yaml b/datasafe-business/src/test/resources/config/mutable.yaml index 2be9d8689..61460e89b 100644 --- a/datasafe-business/src/test/resources/config/mutable.yaml +++ b/datasafe-business/src/test/resources/config/mutable.yaml @@ -20,11 +20,11 @@ keys: algo: RSA size: 2048 sigAlgo: SHA256withRSA -# curve: NULL +# curve: signing: algo: RSA size: 2048 sigAlgo: SHA256withRSA -# curve: NULL +# curve: cms: algo: AES256_GCM \ No newline at end of file diff --git a/datasafe-encryption/datasafe-encryption-api/src/main/java/de/adorsys/datasafe/encrypiton/api/types/encryption/MutableEncryptionConfig.java b/datasafe-encryption/datasafe-encryption-api/src/main/java/de/adorsys/datasafe/encrypiton/api/types/encryption/MutableEncryptionConfig.java index 36b4cbdb9..7c13e358c 100644 --- a/datasafe-encryption/datasafe-encryption-api/src/main/java/de/adorsys/datasafe/encrypiton/api/types/encryption/MutableEncryptionConfig.java +++ b/datasafe-encryption/datasafe-encryption-api/src/main/java/de/adorsys/datasafe/encrypiton/api/types/encryption/MutableEncryptionConfig.java @@ -200,9 +200,9 @@ KeyCreationConfig.EncryptingKeyCreationCfg toEncryptingKeyCreationCfg() { builder.sigAlgo(sigAlgo); } - if(null != curve) { + builder.curve(curve); - } + return builder.build(); } @@ -231,9 +231,9 @@ KeyCreationConfig.SigningKeyCreationCfg toSigningKeyCreationCfg() { builder.sigAlgo(sigAlgo); } - if (null != curve) { + builder.curve(curve); - } + return builder.build(); }