Package com.microej.crypto.test
Class ExternalKeyStoreTest
- java.lang.Object
-
- com.microej.crypto.test.ExternalKeyStoreTest
-
public class ExternalKeyStoreTest extends java.lang.ObjectThis test class validates a LLSEC-External-KeyStore Abstraction Layer implementation.It requires the external key store to be provisioned with at least a private key, a certificate chain, a secret key and a trusted certificate (not attached to a key, i.e. with the same alias). Such a PKCS12 keystore is provided in resources, it must be configured with the Application option:
-Dej.crypto.mock.externalks.path=${project_loc:/security-testsuite}/src/test/resources/test-keystore.p12To configure the tests, set the following properties:
com.microej.crypto.test.ExternalKeyStoreTest.keystore.type: the type of the KeyStore to test (seeKeyStore.getInstance(String)) (defaults to "EXTERNALKS"),com.microej.crypto.test.ExternalKeyStoreTest.keystore.password: the password of the KeyStore to test (seeKeyStore.load(java.io.InputStream, char[])) (defaults to "changeit"),com.microej.crypto.test.ExternalKeyStoreTest.keystore.size: the expected number of entries in the provisioned KeyStore (defaults to 4),com.microej.crypto.test.ExternalKeyStoreTest.privatekey.extractable: whetherKeyStore.getKey().getEncoded()returns the raw key bytes for a private key imported viasetKeyEntry. Set tofalsefor HSM-backed keystores (e.g. PKCS#11) where the key never leaves the token; set totruefor file-backed keystores like PKCS#12 (defaults to true),com.microej.crypto.test.ExternalKeyStoreTest.privatekey.protected.data: a valid private key in protected (PKCS#8 EncryptedPrivateKeyInfo) format, base64-encoded (defaults to a built-in test key),com.microej.crypto.test.ExternalKeyStoreTest.privatekey.data: a valid private key in PKCS#8 encoded format, base64-encoded (defaults to a built-in test key),com.microej.crypto.test.ExternalKeyStoreTest.privatekey.algorithm: the algorithm of the private key (defaults to "RSA"),com.microej.crypto.test.ExternalKeyStoreTest.privatekey.alias: the alias of a valid private key (defaults to "test-entity"),com.microej.crypto.test.ExternalKeyStoreTest.privatekey.tmp.alias: the alias used by tests that mutate a private-key entry (set/delete) so they don't pollute the production private-key alias (defaults to "test-tmp-private"),com.microej.crypto.test.ExternalKeyStoreTest.privatekey.password: the password for this private key (defaults to "changeit"),com.microej.crypto.test.ExternalKeyStoreTest.privatekey.signature.algorithm: the signature algorithm to use for testing the use of the private key from the KeyStore (defaults to "SHA256withECDSA"),com.microej.crypto.test.ExternalKeyStoreTest.privatekey.signature.data: the payload to sign when testing signature with the private key from the KeyStore; the produced signature is verified against the trusted certificate rather than a fixed expected output (defaults to "Hello World!"),com.microej.crypto.test.ExternalKeyStoreTest.privatekey.keyagreement.algorithm: the key agreement algorithm to use for testing key agreement with the private key from the KeyStore (defaults to "ECDH"),com.microej.crypto.test.ExternalKeyStoreTest.privatekey.keyagreement.secret: the expected shared secret (base64-encoded) computed by key agreement between the private key from the KeyStore and the public key from the trusted certificate (defaults to "Lg7mq+j/QKp8sk+zMK0tPmnKvpQhS7yZEAr4Y/HN7JOMp/ePumCoWCY/hA0llZYO"),com.microej.crypto.test.ExternalKeyStoreTest.secretkey.extractable: whetherKeyStore.getKey().getEncoded()returns the raw key bytes for a secret key imported viasetKeyEntry. Set tofalsefor HSM-backed keystores (e.g. PKCS#11); set totruefor file-backed keystores like PKCS#12 (defaults to true),com.microej.crypto.test.ExternalKeyStoreTest.secretkey.data: the encoded secret key data in base64 (defaults to "L83/flz9vi46b8aX57Trqg=="),com.microej.crypto.test.ExternalKeyStoreTest.secretkey.algorithm: the algorithm of the secret key (defaults to "AES"),com.microej.crypto.test.ExternalKeyStoreTest.secretkey.alias: the alias of a valid secret key (defaults to "test-secret"),com.microej.crypto.test.ExternalKeyStoreTest.secretkey.tmp.alias: the alias used by tests that mutate a secret-key entry (set/delete) so they don't pollute the production secret-key alias (defaults to "test-tmp-secret"),com.microej.crypto.test.ExternalKeyStoreTest.secretkey.password: the password for this secret key (defaults to "changeit"),com.microej.crypto.test.ExternalKeyStoreTest.secretkey.cipher.transformation: the cipher transformation to use for testing the use of the secret key from the KeyStore (defaults to "AES/CBC/NoPadding"),com.microej.crypto.test.ExternalKeyStoreTest.secretkey.cipher.payload: the plaintext payload to encrypt when testing the cipher, as a hex string (defaults to "00112233445566778899AABBCCDDEEFF"),com.microej.crypto.test.ExternalKeyStoreTest.secretkey.cipher.iv: the IV used by the cipher, as a hex string (defaults to "00112233445566778899AABBCCDDEEFF"),com.microej.crypto.test.ExternalKeyStoreTest.secretkey.cipher.encrypted: the expected ciphertext (base64-encoded) produced by the cipher on the configured payload/IV (defaults to "vF23ACh1j3eRnVIkfKq9rb+8FpSYLFE3TcthFDnmOcg="),com.microej.crypto.test.ExternalKeyStoreTest.certificate.data: an X.509 certificate (base64-encoded DER) used by mutation tests when importing a trusted-certificate or certificate-chain entry (defaults to a built-in test certificate),com.microej.crypto.test.ExternalKeyStoreTest.certificate.alias: the alias of a valid trusted certificate, not attached to a key (defaults to "test-trusted-cert"),com.microej.crypto.test.ExternalKeyStoreTest.certificate.tmp.alias: the alias used by tests that mutate a trusted-certificate entry (set/delete) so they don't pollute the production certificate alias (defaults to "test-tmp-cert"),com.microej.crypto.test.ExternalKeyStoreTest.certificatechain.alias: the alias of a valid certificate chain (defaults to "test-entity"),com.microej.crypto.test.ExternalKeyStoreTest.certificatechain.length: the expected length of the certificate chain at the certificatechain alias (defaults to 2),
-
-
Constructor Summary
Constructors Constructor Description ExternalKeyStoreTest()
-
Method Summary
-
-
-
Method Detail
-
testListAliases
public void testListAliases() throws java.lang.Exception- Throws:
java.lang.Exception
-
testListAliasesDoesNotLeakStaleBytes
public void testListAliasesDoesNotLeakStaleBytes() throws java.lang.Exception- Throws:
java.lang.Exception
-
testContainsAlias
public void testContainsAlias() throws java.lang.Exception- Throws:
java.lang.Exception
-
testGetKey
public void testGetKey() throws java.lang.Exception- Throws:
java.lang.Exception
-
testGetKeyForInvalidAliasReturnsNull
public void testGetKeyForInvalidAliasReturnsNull() throws java.lang.Exception- Throws:
java.lang.Exception
-
testGetKeyForNonKeyAliasReturnsNull
public void testGetKeyForNonKeyAliasReturnsNull() throws java.lang.Exception- Throws:
java.lang.Exception
-
testGetCertificate
public void testGetCertificate() throws java.lang.Exception- Throws:
java.lang.Exception
-
testGetCertificateForInvalidAliasReturnsNull
public void testGetCertificateForInvalidAliasReturnsNull() throws java.lang.Exception- Throws:
java.lang.Exception
-
testGetCertificateForNonCertificateAliasReturnsNull
public void testGetCertificateForNonCertificateAliasReturnsNull() throws java.lang.Exception- Throws:
java.lang.Exception
-
testGetCertificateChain
public void testGetCertificateChain() throws java.lang.Exception- Throws:
java.lang.Exception
-
testGetCertificateChainForInvalidAliasReturnsNull
public void testGetCertificateChainForInvalidAliasReturnsNull() throws java.lang.Exception- Throws:
java.lang.Exception
-
testCheckEntryType
public void testCheckEntryType() throws java.lang.Exception- Throws:
java.lang.Exception
-
testSetCertificateAndDeleteEntry
public void testSetCertificateAndDeleteEntry() throws java.lang.Exception- Throws:
java.lang.Exception
-
testSetPrivateKeyProtectedAndDeleteEntry
public void testSetPrivateKeyProtectedAndDeleteEntry() throws java.lang.Exception- Throws:
java.lang.Exception
-
testSetSecretKeyAndDeleteEntry
public void testSetSecretKeyAndDeleteEntry() throws java.lang.Exception- Throws:
java.lang.Exception
-
testDeleteEntryInvalidAlias
public void testDeleteEntryInvalidAlias() throws java.lang.Exception- Throws:
java.lang.Exception
-
testSetCertificateEntry
public void testSetCertificateEntry() throws java.lang.Exception- Throws:
java.lang.Exception
-
testSetKeyEntryPrivateKeyAndCertificateChain
public void testSetKeyEntryPrivateKeyAndCertificateChain() throws java.lang.Exception- Throws:
java.lang.Exception
-
testSetKeyEntryPrivateKeyProtected
public void testSetKeyEntryPrivateKeyProtected() throws java.lang.Exception- Throws:
java.lang.Exception
-
testSetKeyEntrySecretKey
public void testSetKeyEntrySecretKey() throws java.lang.Exception- Throws:
java.lang.Exception
-
testGetCertificateChainForNonCertificateAliasReturnsNull
public void testGetCertificateChainForNonCertificateAliasReturnsNull() throws java.lang.Exception- Throws:
java.lang.Exception
-
testGetCertificateForCertificateChainAliasReturnsFirstCertificate
public void testGetCertificateForCertificateChainAliasReturnsFirstCertificate() throws java.lang.Exception- Throws:
java.lang.Exception
-
testCanUsePrivateKeyFromKeyStoreForSignatureAndVerifyItWithCertificateWithPayload
public void testCanUsePrivateKeyFromKeyStoreForSignatureAndVerifyItWithCertificateWithPayload() throws java.lang.Exception- Throws:
java.lang.Exception
-
testCanUsePrivateKeyFromKeyStoreForSignatureAndVerifyItWithCertificate
public void testCanUsePrivateKeyFromKeyStoreForSignatureAndVerifyItWithCertificate() throws java.lang.Exception- Throws:
java.lang.Exception
-
testCanUseSecretKeyFromKeyStoreForCipher
public void testCanUseSecretKeyFromKeyStoreForCipher() throws java.lang.Exception- Throws:
java.lang.Exception
-
testCanUsePrivateKeyFromKeyStoreForKeyAgreement
public void testCanUsePrivateKeyFromKeyStoreForKeyAgreement() throws java.lang.Exception- Throws:
java.lang.Exception
-
-