Merge branch 'RM-3739_dockered_capsule_servers' into 'master'

RM-3739 dockered capsule servers

See merge request cdoc2/cdoc2-java-ref-impl!49

Author: taistotr

test/README.md

@@ -43,3 +43,12 @@ Result has to as follows:
 
 All test vectors within testing will be created in the same temporary folder `/target`. Test 
 results will be deleted after each test case execution automatically.
+
+
+### Running server scenario tests (experimental)
+
+Create DB Docker image, follow https://github.com/open-eid/cdoc2-capsule-server/server-db/README.md
+
+Login to docker (ghcr.io) - [Authenticating with personal access token](https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry#authenticating-with-a-personal-access-token-classic)
+
+Run: `run-server-bats-tests.sh`

test/bats/aliases_server.sh

@@ -21,6 +21,7 @@ then
   cd $TESTING_DIR
 fi
 
+# alias cdoc-cli='java  -Djavax.net.debug=ssl:handshake:verbose:keymanager:trustmanager -Djava.security.debug=access:stack -jar $CDOC2_DIR/cdoc2-cli/target/cdoc2-cli-$CDOC2_CLI_VER.jar'
 alias cdoc-cli='java -jar $CDOC2_DIR/cdoc2-cli/target/cdoc2-cli-$CDOC2_CLI_VER.jar'
 export CDOC2_CMD="java -jar $CDOC2_DIR/cdoc2-cli/target/cdoc2-cli-$CDOC2_CLI_VER.jar"
 

test/bats/cdoc2_server_tests.bats

@@ -25,7 +25,7 @@ mkdir -p $TEST_RESULTS_DIR
 #https://github.com/bats-core/bats-core/issues/259
 run_alias() {
 	shopt -s expand_aliases
-	source "aliases.sh"
+	source "aliases_server.sh"
 	eval "$*"
 }
 
@@ -83,6 +83,10 @@ run_alias() {
   assert_output --partial '/config'
 }
 
+@test "preparing: Waiting server to start" {
+  timeout 15s bash -c 'until curl -k --silent --show-error --connect-timeout 1 https://localhost:18443/actuator/health|grep UP; do echo "# Checking ...">&3; sleep 1;done'
+}
+
 @test "server-test1: successfully encrypt CDOC2 container with server capsule and send capsule to server, then use GET server to decrypt" {
   local cdoc_file="ec_simple_to_server.cdoc"
   echo "# Crypt and send capsule to PUT server for file ${cdoc_file}">&3

test/bats/run-server-bats-tests.sh

@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+
+source variables_server.sh
+
+# set up servers (could use --wait --wait-timeout 60s with latest docker compose healthchecks defined)
+docker compose -f "$TESTING_DIR/../config/server/docker-compose.yml" up -d
+
+# not needed as already in bats dir?
+#cd "$TESTING_DIR"
+
+/usr/bin/env bash test_set_server.sh
+
+docker compose -f "$TESTING_DIR/../config/server/docker-compose.yml" down

test/bats/test_set_server.sh

@@ -5,14 +5,14 @@ mkdir config
 cd config/
 mkdir localhost
 cd localhost/
-cp ../../../../cdoc2-cli/config/localhost/localhost_pkcs12.properties .
-cp ../../../../cdoc2-cli/config/localhost/clienttruststore.jks .
+cp ../../../config/server/clientconf/localhost_pkcs12.properties .
+cp ../../../config/server/clientconf/clienttruststore.jks .
 cd ../../
 mkdir keys
 cd keys/
-cp ../../../cdoc2-cli/keys/cdoc2client.p12 .
-cp ../../../cdoc2-cli/keys/cdoc2client_pub.key .
-cp ../../../cdoc2-cli/keys/cdoc2client_priv.key .
+cp ../../config/server/clientconf/cdoc2client.p12 .
+cp ../../config/server/clientconf/cdoc2client_pub.key .
+cp ../../config/server/clientconf/cdoc2client_priv.key .
 cd ..
 
 source variables_server.sh

test/config/server/clientconf/cdoc2client.p12

@@ -0,0 +1,6 @@
+-----BEGIN EC PRIVATE KEY-----
+MIGkAgEBBDDaHrkmfvP3MVnpwjmYd2HZVIJNs8XZX8uqaDsx2LGYNudRGvImLZ41
+V7QMCd44fhGgBwYFK4EEACKhZANiAAQnVBZQwa2JbFi7Ib3pwZfDH3bALi4Gm9Ju
+hso2tb2d3M5TXPtbyoOBmFRQenMQXjgWE7/vOiQgrG+RZz2MRWqX8vq/feWSeJ9H
+2/87uPEoNKwrJb67Z8pr/GkJZzN+lQw=
+-----END EC PRIVATE KEY-----

test/config/server/clientconf/cdoc2client_priv.key

@@ -0,0 +1,5 @@
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEJ1QWUMGtiWxYuyG96cGXwx92wC4uBpvS
+bobKNrW9ndzOU1z7W8qDgZhUUHpzEF44FhO/7zokIKxvkWc9jEVql/L6v33lknif
+R9v/O7jxKDSsKyW+u2fKa/xpCWczfpUM
+-----END PUBLIC KEY-----

test/config/server/clientconf/cdoc2client_pub.key

@@ -0,0 +1,25 @@
+# key server listening on localhost, mutual TLS with private key/certificate  (P12) read from file
+# See cdoc2-capsule-server/README.md how to start the server
+
+# server.id is written to cdoc header. Must have configuration on recipient side
+cdoc2.client.server.id=localhost
+# capsules can be created over TLS (no client auth required)
+cdoc2.client.server.base-url.post=https://localhost:8443
+# Quering capsules requires mTLS
+cdoc2.client.server.base-url.get=https://localhost:8444
+
+cdoc2.client.server.debug=true
+cdoc2.client.server.connect-timeout=1000
+cdoc2.client.server.read-timeout=1000
+
+# trusted certificates by client
+cdoc2.client.ssl.trust-store.type=JKS
+cdoc2.client.ssl.trust-store=config/localhost/clienttruststore.jks
+cdoc2.client.ssl.trust-store-password=passwd
+
+
+# client private key and certificate for mutual TLS (if required by server)
+# This key should be trusted by server and added to server trusted key store
+cdoc2.client.ssl.client-store.type=PKCS12
+cdoc2.client.ssl.client-store=keys/cdoc2client.p12
+cdoc2.client.ssl.client-store-password=passwd