Merge branch 'RM-3032' into 'master'

RM-3032: replace real ID codes with test person ID code

See merge request cdoc2/cdoc2-java-ref-impl!48

Author: OlesjaAarma

cdoc2-cli/README.md

@@ -43,7 +43,7 @@ To store keys in key server, specify addition `--server` option:
 
 When encrypting for est-eid card, `-r` <id-code> can be used
 ```
-java -jar target/cdoc2-cli-*.jar create --server=config/localhost/localhost.properties -f /tmp/localhost_id-card.cdoc -r 37903130370 README.md
+java -jar target/cdoc2-cli-*.jar create --server=config/localhost/localhost.properties -f /tmp/localhost_id-card.cdoc -r 38001085718 README.md
 ```
 
 Optionally cdoc2-cli also supports encrypting with "soft" key or certificate

cdoc2-cli/config/localhost/localhost.properties

@@ -1,5 +1,5 @@
 # Client configuration where keys and certificates are read from smart-card (PKCS11 configuration)
-# java -jar target/cdoc2-cli-0.0.12-SNAPSHOT.jar create --server=config/localhost/localhost.properties -f /tmp/localhost_id-card.cdoc -r 37903130370 README.md
+# java -jar target/cdoc2-cli-0.0.12-SNAPSHOT.jar create --server=config/localhost/localhost.properties -f /tmp/localhost_id-card.cdoc -r 38001085718 README.md
 
 # java -jar target/cdoc2-cli-0.0.10-SNAPSHOT.jar decrypt --server=config/localhost/localhost.properties -f /tmp/localhost_id-card.cdoc -o /tmp/
 

cdoc2-cli/config/ria-dev/README.md

@@ -12,7 +12,7 @@ Run from cdoc2-cli directory
 
 ### Encrypt for id-card
 ```
-java -jar target/cdoc2-cli-*.jar create --server=config/ria-dev/ria-dev.properties -f /tmp/ria.cdoc -r 37903130370 README.md
+java -jar target/cdoc2-cli-*.jar create --server=config/ria-dev/ria-dev.properties -f /tmp/ria.cdoc -r 38001085718 README.md
 ```
 
 ### Decrypting with id-card

cdoc2-cli/config/ria-test/README.md

@@ -12,7 +12,7 @@ Run from cdoc2-cli directory
 
 ### Encrypt for id-card
 ```
-java -jar target/cdoc2-cli-*.jar create --server=config/ria-test/ria-test.properties -f /tmp/ria.cdoc -r 37903130370 README.md
+java -jar target/cdoc2-cli-*.jar create --server=config/ria-test/ria-test.properties -f /tmp/ria.cdoc -r 38001085718 README.md
 ```
 
 ### Decrypting with id-card

cdoc2-lib/ldap.README

@@ -1,9 +1,12 @@
-ldapsearch -H ldaps://esteid.ldap.sk.ee/ -x -b "c=EE" "(cn=KUSMAN,JANNO,37903130370)"
+# 38001085718 is a test person and his cert is not available in SK Ldap. Use own ID code instead
+# with cn=<your_surname,you_name,you_id_code>
 
-ldapsearch -H ldaps://esteid.ldap.sk.ee/ -x -b "dc=ESTEID,c=EE" "(serialNumber=PNOEE-38207162766)"
+ldapsearch -H ldaps://esteid.ldap.sk.ee/ -x -b "c=EE" "(cn=JÕEORG,JAAK-KRISTJAN,38001085718)"
+
+ldapsearch -H ldaps://esteid.ldap.sk.ee/ -x -b "dc=ESTEID,c=EE" "(serialNumber=PNOEE-38001085718)"
 
 Certificate type (digi-id vs id-kaart)
 https://github.com/open-eid/DigiDoc4-Client/blob/f4298ad9d2fbb40cffc488bed6cf1d3116dff450/client/SslCertificate.cpp#L302
 https://github.com/open-eid/DigiDoc4-Client/blob/master/client/dialogs/AddRecipients.cpp#L474
 
-ldapsearch -H ldaps://esteid.ldap.sk.ee/ -x -b "dc=ESTEID,c=EE" "(serialNumber=PNOEE-38207162766)"
+ldapsearch -H ldaps://esteid.ldap.sk.ee/ -x -b "dc=ESTEID,c=EE" "(serialNumber=PNOEE-38001085718)"

cdoc2-lib/pkcs11.README

@@ -15,13 +15,9 @@ CKA_TOKEN = false
 }
 
 
-
-
-
 pkcs15-tool --dump
 
 
-
 keytool 
 -providerclass sun.security.pkcs11.SunPKCS11 
 -providerarg /etc/opensc/opensc-java.cfg 
@@ -49,10 +45,10 @@ flags: CKF_TOKEN_PRESENT | CKF_REMOVABLE_DEVICE | CKF_HW_SLOT
 hardwareVersion: 0.00
 firmwareVersion: 0.00
 Token info for token in slot 0:
-label: KUSMAN,JANNO,37903130370 (PIN1)
+label: JÕEORG,JAAK-KRISTJAN,38001085718 (PIN1)
 manufacturerID: IDEMIA                          
 model: PKCS#15 emulated
-serialNumber: AB0584325       
+serialNumber: 38001085718
 flags: CKF_WRITE_PROTECTED | CKF_LOGIN_REQUIRED | CKF_USER_PIN_INITIALIZED | CKF_TOKEN_INITIALIZED
 ulMaxSessionCount: CK_EFFECTIVELY_INFINITE
 ulSessionCount: 0
@@ -162,8 +158,3 @@ Your keystore contains 1 entry
 
 Isikutuvastus, PrivateKeyEntry,
 Certificate fingerprint (SHA-256): F2:5F:A3:E8:D0:6C:ED:AE:5D:11:77:C1:35:A2:F3:07:42:9B:4D:3A:3C:E9:B6:EC:7F:3A:E3:F9:6A:76:35:01
-
-
-
-
-

cdoc2-lib/src/test/java/ee/cyber/cdoc2/SkLdapTest.java

@@ -9,24 +9,36 @@
 import java.util.Map;
 import java.util.stream.Collectors;
 import javax.naming.NamingException;
+
+import org.junit.jupiter.api.Disabled;
 import org.junit.jupiter.api.Tag;
 import org.junit.jupiter.api.Test;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertThrows;
 
 
 class SkLdapTest {
     private static final Logger log = LoggerFactory.getLogger(SkLdapTest.class);
 
-    // Igor cert is not available from SKs
-    //private static final String id = "37101010021";//Igor
+    @Test
+    @Tag("ldap")
+    void shouldFailToFindMissingAuthenticationCert() {
+        // JAAK-KRISTJAN JÕEORG 38001085718 cert is not available from SK Ldap as he is a test
+        // person and SK doesn't have test LDAP environment.
+        String[] ids = new String[]{"38001085718"};
+        assertThrows(CertificateException.class, () -> SkLdapUtil.getPublicKeysWithLabels(ids));
+    }
 
     @Test
     @Tag("ldap")
+    @Disabled("Requires real ID code. As 38001085718 code is for test person - its certificate"
+        + " is not available from SK LDAP. Needs to be run separately from other LDAP tests"
+        + " with own ID code")
     void testFindAuthenticationCerts() throws NamingException, CertificateException {
-        String[] ids = new String[]{"37903130370", "38207162766"};
+        String[] ids = new String[]{"38001085718"}; // replace with own ID code for testing
         List<SkLdapUtil.CertificateData> keysWithLabels =  SkLdapUtil.getPublicKeysWithLabels(ids);
 
         // Since testing against external service, then can't be really sure what is returned