001package ca.uhn.hl7v2.hoh.sign; 002 003import static org.junit.Assert.*; 004 005import java.io.IOException; 006import java.io.InputStream; 007import java.security.KeyStore; 008import java.security.KeyStoreException; 009import java.security.NoSuchAlgorithmException; 010import java.security.cert.CertificateException; 011 012import org.junit.Test; 013 014public class BouncyCastleCmsMessageSignerTest { 015 016 private static final String HELLO_WORLD = "HELLO WORLD!!!!!aa"; 017 018 private static final org.slf4j.Logger ourLog = org.slf4j.LoggerFactory.getLogger(BouncyCastleCmsMessageSignerTest.class); 019 020 @Test 021 public void testSignAndVerify() throws Exception { 022 023 BouncyCastleCmsMessageSigner signer = createSigner(); 024 String signed = signer.sign(HELLO_WORLD.getBytes("US-ASCII")); 025 026 ourLog.info("Signed ({} bytes): {}", signed.length(), signed); 027 028 // Now verify 029 signer = createVerifier(); 030 signer.verify(HELLO_WORLD.getBytes("US-ASCII"), signed); 031 032 } 033 034 public static BouncyCastleCmsMessageSigner createVerifier() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException { 035 BouncyCastleCmsMessageSigner signer; 036 signer = new BouncyCastleCmsMessageSigner(); 037 signer.setKeyStore(loadTrustStore()); 038 signer.setKeyAlias(getKeystoreKeyAlias()); 039 signer.setAliasPassword(getKeystoreKeyAliasPassword()); 040 return signer; 041 } 042 043 public static BouncyCastleCmsMessageSigner createSigner() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException { 044 BouncyCastleCmsMessageSigner signer = new BouncyCastleCmsMessageSigner(); 045 signer.setKeyStore(getKeystore()); 046 signer.setKeyAlias(getKeystoreKeyAlias()); 047 signer.setAliasPassword(getKeystoreKeyAliasPassword()); 048 return signer; 049 } 050 051 private static KeyStore loadTrustStore() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException { 052 KeyStore trustStore = KeyStore.getInstance("JKS"); 053 InputStream trustStream = BouncyCastleCmsMessageSignerTest.class.getResourceAsStream("/truststore.jks"); 054 trustStore.load(trustStream, getKeystoreKeyAliasPassword().toCharArray()); 055 return trustStore; 056 } 057 058 private static String getKeystoreKeyAliasPassword() { 059 return "changeit"; 060 } 061 062 private static String getKeystoreKeyAlias() { 063 return "testcert"; 064 } 065 066 private static KeyStore getKeystore() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException { 067 KeyStore keyStore = KeyStore.getInstance("JKS"); 068 InputStream ksStream = BouncyCastleCmsMessageSignerTest.class.getResourceAsStream("/keystore.jks"); 069 keyStore.load(ksStream, getKeystoreKeyAliasPassword().toCharArray()); 070 return keyStore; 071 } 072 073 @Test 074 public void testTryToSignWithPublicKey() throws Exception { 075 BouncyCastleCmsMessageSigner signer = createSigner(); 076 signer.setKeyStore(loadTrustStore()); 077 078 try { 079 signer.sign(HELLO_WORLD.getBytes("US-ASCII")); 080 fail(); 081 } catch (SignatureFailureException e) { 082 assertTrue(e.toString(), e.getMessage().contains(BouncyCastleCmsMessageSigner.MSG_KEY_IS_NOT_A_PRIVATE_KEY)); 083 } 084 } 085 086 @Test 087 public void testSignAndVerifyStringChanged() throws Exception { 088 BouncyCastleCmsMessageSigner signer = createSigner(); 089 String signed = signer.sign(HELLO_WORLD.getBytes("US-ASCII")); 090 091 ourLog.info("Signed ({} bytes): {}", signed.length(), signed); 092 093 // Now verify that non-matching fails 094 signer = createVerifier(); 095 096 try { 097 signer.verify("HELLO WORLD....".getBytes("US-ASCII"), signed); 098 fail(); 099 } catch (SignatureVerificationException e) { 100 101 } 102 103 } 104 105}