Added Tests and documentation for PEM Signing

Author: JohannesRabauer

README.md

@@ -64,7 +64,20 @@ OpenSSL can be downloaded from the [website](https://www.openssl.org/).
 openssl req -newkey rsa-pss -new -nodes -x509 -days 3650 -pkeyopt rsa_keygen_bits:4096 -sigopt rsa_pss_saltlen:32 -keyout key.pem -out cert.pem
 ```
 
-Next you have to convert that file to a **PKCS12** file.
+You also have to set the public key in the [BZST online.portal](https://online.portal.bzst.de/).
+Exporting the public key with OpenSSL is easy:
+
+```
+openssl rsa -in key.pem -pubout > publicKey.pub
+```
+
+Now you can already use these two files to sign your requests. See
+the [example with PEM signing](./bzst-dip-java-client-demo\src\main\java\software\xdev\ApplicationWithPem.java).
+
+### Create Java KeyStore (JKS)
+
+If you want to go one step further you can use the Java KeyStore. Then you have to convert the `cert.pem` file to a *
+*PKCS12** file.
 
 ```
 openssl pkcs12 -export -in cert.pem -inkey key.pem -out certificate.p12 -name "certificate"
@@ -85,13 +98,6 @@ certificate.keystore.password=SECRET_PASSWORD
 certificate.keystore.file=cert.jks
 ```
 
-You also have to set the public key in the [BZST online.portal](https://online.portal.bzst.de/).
-Exporting the public key with OpenSSL is easy:
-
-```
-openssl rsa -in key.pem -pubout > publicKey.pub
-```
-
 ### Client ID
 
 It's also important to use the client id provided by [BZST online.portal](https://online.portal.bzst.de/)
@@ -117,9 +123,7 @@ public static BzstDipConfiguration createConfiguration()
 		.setClientId("abcd1234-ab12-ab12-ab12-abcdef123456")
 		.setTaxID("123")
 		.setTaxNumber("123")
-		.setCertificateKeystoreInputStream(() -> ClassLoader.getSystemClassLoader()
-			.getResourceAsStream("DemoKeystore.jks"))
-		.setCertificateKeystorePassword("test123")
+		.setSigningProvider(new SigningProviderByJks("DemoKeystore.jks", "test123"))
 		.setRealmEnvironmentBaseUrl(BzstDipConfiguration.ENDPOINT_URL_TEST)
 		.setMessageTypeIndic(BzstDipDpiMessageType.DPI_401)
 		.setReportingPeriod(LocalDate.now())

bzst-dip-java-client/pom.xml

@@ -57,6 +57,7 @@
 		<sonar.exclusions>
 			src/generated/**
 		</sonar.exclusions>
+		<junit-jupiter.version>5.10.2</junit-jupiter.version>
 	</properties>
 
 	<repositories>
@@ -144,7 +145,13 @@
 		<dependency>
 			<groupId>org.junit.jupiter</groupId>
 			<artifactId>junit-jupiter-api</artifactId>
-			<version>5.10.2</version>
+			<version>${junit-jupiter.version}</version>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.junit.jupiter</groupId>
+			<artifactId>junit-jupiter-params</artifactId>
+			<version>${junit-jupiter.version}</version>
 			<scope>test</scope>
 		</dependency>
 		<dependency>

bzst-dip-java-client/src/main/java/software/xdev/bzst/dip/client/exception/EncryptionException.java

@@ -19,6 +19,9 @@
 import java.security.cert.X509Certificate;
 
 
+/**
+ * Provides a certificate and a private key to use in the {@link XmlSigner}.
+ */
 public interface SigningProvider
 {
 	X509Certificate getCertificate();

bzst-dip-java-client/src/main/java/software/xdev/bzst/dip/client/signing/SigningProvider.java

@@ -28,6 +28,9 @@
 import software.xdev.bzst.dip.client.exception.SigningException;
 
 
+/**
+ * Provides a certificate and a private key to use in the {@link XmlSigner} by reading the JKS-Keystore and a password.
+ */
 public class SigningProviderByJks implements SigningProvider
 {
 	private static final Logger LOGGER = LoggerFactory.getLogger(SigningProviderByJks.class);

bzst-dip-java-client/src/main/java/software/xdev/bzst/dip/client/signing/SigningProviderByJks.java

@@ -17,7 +17,7 @@
 
 import java.io.IOException;
 import java.io.InputStream;
-import java.nio.charset.Charset;
+import java.nio.charset.StandardCharsets;
 import java.security.KeyFactory;
 import java.security.PrivateKey;
 import java.security.cert.CertificateException;
@@ -31,6 +31,12 @@
 import software.xdev.bzst.dip.client.exception.SigningException;
 
 
+/**
+ * Provides a certificate and a private key to use in the {@link XmlSigner} by reading two PEM files.
+ * <p>
+ * Default algorithm while reading the private key is {@link DEFAULT_PRIVATE_KEY_ALGORITHM}.
+ * </p>
+ */
 public class SigningProviderByPem implements SigningProvider
 {
 	public static final String DEFAULT_PRIVATE_KEY_ALGORITHM = "RSASSA-PSS";
@@ -40,6 +46,9 @@ public class SigningProviderByPem implements SigningProvider
 	private X509Certificate certificate;
 	private PrivateKey privateKey;
 
+	/**
+	 * Uses the default algorithm while reading the private key: {@link DEFAULT_PRIVATE_KEY_ALGORITHM}.
+	 */
 	public SigningProviderByPem(
 		final String certificatePemFilePath,
 		final String privateKeyPemFilePath
@@ -65,6 +74,9 @@ public SigningProviderByPem(
 		);
 	}
 
+	/**
+	 * Uses the default algorithm while reading the private key: {@link DEFAULT_PRIVATE_KEY_ALGORITHM}.
+	 */
 	public SigningProviderByPem(
 		final Supplier<InputStream> certificatePemInputStream,
 		final Supplier<InputStream> privateKeyPemInputStream
@@ -139,7 +151,7 @@ private X509Certificate readCertificate(final InputStream certificateInputStream
 
 	private PrivateKey readPrivateKey(final InputStream privateKeyInputStream) throws Exception
 	{
-		final String key = new String(privateKeyInputStream.readAllBytes(), Charset.defaultCharset());
+		final String key = new String(privateKeyInputStream.readAllBytes(), StandardCharsets.UTF_8);
 
 		final String privateKeyPEM = key
 			.replace("-----BEGIN PRIVATE KEY-----", "")

bzst-dip-java-client/src/main/java/software/xdev/bzst/dip/client/signing/SigningProviderByPem.java

@@ -0,0 +1,66 @@
+/*
+ * Copyright © 2024 XDEV Software (https://xdev.software)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package software.xdev.bzst.dip.client;
+
+import java.time.LocalDate;
+
+import software.xdev.bzst.dip.client.model.configuration.BzstDipConfiguration;
+import software.xdev.bzst.dip.client.model.configuration.BzstDipConfigurationBuilder;
+import software.xdev.bzst.dip.client.model.configuration.BzstDipDpiMessageType;
+import software.xdev.bzst.dip.client.model.configuration.BzstDipOecdDocType;
+import software.xdev.bzst.dip.client.model.message.BzstDipAddressFix;
+import software.xdev.bzst.dip.client.signing.SigningProviderByJks;
+import software.xdev.bzst.dip.client.signing.SigningProviderByPem;
+
+
+public class ConfigurationTestUtil
+{
+	private ConfigurationTestUtil()
+	{
+	}
+	
+	public static BzstDipConfiguration getConfigurationWithJksSigning()
+	{
+		return createBuilderWithoutSigning()
+			.setSigningProvider(new SigningProviderByJks("DemoKeystore.jks", "test123"))
+			.buildAndValidate();
+	}
+	
+	public static BzstDipConfiguration getConfigurationWithPemSigning()
+	{
+		return createBuilderWithoutSigning()
+			.setSigningProvider(new SigningProviderByPem("DemoCert.pem", "DemoKey.pem"))
+			.buildAndValidate();
+	}
+	
+	private static BzstDipConfigurationBuilder createBuilderWithoutSigning()
+	{
+		return new BzstDipConfigurationBuilder()
+			.setClientId("TestClient")
+			.setTaxID("123")
+			.setTaxNumber("123")
+			.setSigningProvider(new SigningProviderByPem("DemoKey.pem", "DemoCert.pem"))
+			.setRealmEnvironmentBaseUrl(BzstDipConfiguration.ENDPOINT_URL_TEST)
+			.setMessageTypeIndic(BzstDipDpiMessageType.DPI_401)
+			.setReportingPeriod(LocalDate.now())
+			.setDocTypeIndic(BzstDipOecdDocType.OECD_1)
+			.setPlatformOperatorOrganizationName("TestOrg")
+			.setPlatformOperatorPlatformName("TestApp")
+			.setPlatformOperatorAddress(
+				new BzstDipAddressFix("TestCity")
+			);
+	}
+}

bzst-dip-java-client/src/test/java/software/xdev/bzst/dip/client/ConfigurationTestUtil.java

@@ -16,50 +16,31 @@
 package software.xdev.bzst.dip.client;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
+import static software.xdev.bzst.dip.client.ConfigurationTestUtil.getConfigurationWithJksSigning;
 
 import java.io.IOException;
 import java.nio.file.Files;
 import java.nio.file.Path;
-import java.time.LocalDate;
 import java.util.List;
 
 import org.junit.jupiter.api.Test;
 
-import software.xdev.bzst.dip.client.model.configuration.BzstDipConfiguration;
-import software.xdev.bzst.dip.client.model.configuration.BzstDipConfigurationBuilder;
-import software.xdev.bzst.dip.client.model.configuration.BzstDipDpiMessageType;
-import software.xdev.bzst.dip.client.model.configuration.BzstDipOecdDocType;
-import software.xdev.bzst.dip.client.model.message.BzstDipAddressFix;
 import software.xdev.bzst.dip.client.parser.ReportableSellerCsvFileParser;
-import software.xdev.bzst.dip.client.signing.SigningProviderByJks;
 import software.xdev.bzst.dip.client.xmldocument.model.CorrectableReportableSellerType;
 
 
 class ReportableSellerCsvFileParserTest
 {
-	private final BzstDipConfiguration configuration = new BzstDipConfigurationBuilder()
-		.setClientId("TestClient")
-		.setTaxID("123")
-		.setTaxNumber("123")
-		.setSigningProvider(new SigningProviderByJks("DemoKeystore.jks", "test123"))
-		.setRealmEnvironmentBaseUrl(BzstDipConfiguration.ENDPOINT_URL_TEST)
-		.setMessageTypeIndic(BzstDipDpiMessageType.DPI_401)
-		.setReportingPeriod(LocalDate.now())
-		.setDocTypeIndic(BzstDipOecdDocType.OECD_1)
-		.setPlatformOperatorOrganizationName("TestOrg")
-		.setPlatformOperatorPlatformName("TestApp")
-		.setPlatformOperatorAddress(
-			new BzstDipAddressFix("TestCity")
-		)
-		.buildAndValidate();
 
 	@Test
 	void shouldParseSuccessfullyTest() throws IOException
 	{
 		final String resourceName = "src/test/resources/TestCsvData.csv";
 
 		final List<CorrectableReportableSellerType> reportableSeller =
-			ReportableSellerCsvFileParser.parseCsvData(Files.readString(Path.of(resourceName)), this.configuration);
+			ReportableSellerCsvFileParser.parseCsvData(
+				Files.readString(Path.of(resourceName)),
+				getConfigurationWithJksSigning());
 
 		// Check size
 		assertEquals(2, reportableSeller.size());

bzst-dip-java-client/src/test/java/software/xdev/bzst/dip/client/ReportableSellerCsvFileParserTest.java

@@ -1,14 +1,62 @@
+/*
+ * Copyright © 2024 XDEV Software (https://xdev.software)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package software.xdev.bzst.dip.client.signing;
 
-import org.junit.jupiter.api.Test;
+import java.util.List;
+import java.util.stream.Stream;
+
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.Arguments;
+import org.junit.jupiter.params.provider.MethodSource;
+
+import software.xdev.bzst.dip.client.ConfigurationTestUtil;
+import software.xdev.bzst.dip.client.model.configuration.BzstDipConfiguration;
+import software.xdev.bzst.dip.client.xmldocument.XMLDocumentBodyCreator;
+import software.xdev.bzst.dip.client.xmldocument.XMLDocumentCreator;
 
 
 class XmlSignerTest
 {
+	private static Stream<Arguments> provideConfigurations()
+	{
+		return Stream.of(
+			Arguments.of(ConfigurationTestUtil.getConfigurationWithJksSigning()),
+			Arguments.of(ConfigurationTestUtil.getConfigurationWithPemSigning())
+		);
+	}
 
-	@Test
-	void signXMLDocument()
+	@ParameterizedTest
+	@MethodSource("provideConfigurations")
+	void signXMLDocument(final BzstDipConfiguration configuration)
 	{
-		// TODO
+		final XMLDocumentCreator xmlDocumentCreator = new XMLDocumentCreator(configuration);
+		final String unsignedXml = xmlDocumentCreator.buildXMLDocument(
+			List.of(),
+			XMLDocumentBodyCreator.createPlatformOperatorFromConfiguration(configuration)
+		);
+		
+		final XmlSigner xmlSigner = new XmlSigner(configuration.getSigningProvider());
+		final String signedXml = xmlSigner.signXMLDocument(unsignedXml);
+		
+		Assertions.assertNotNull(signedXml);
+		Assertions.assertTrue(signedXml.contains("SignedInfo"));
+		Assertions.assertTrue(signedXml.contains("SignatureValue"));
+		Assertions.assertTrue(signedXml.contains(
+			"<ds:X509SubjectName>CN=xdev.software,O=XDEV Software GmbH,L=city,ST=Bavaria,C=DE</ds:X509SubjectName>"));
+		Assertions.assertTrue(signedXml.contains("X509Certificate"));
 	}
 }