feat: CryptoFilter 프로퍼티 키 규격화 및 HSM 통합 테스트 추가

- CryptoFilter prop 키를 UPPER_UNDERSCORE 형식으로 변경 (CRYPTO_MODULE_NAME 등)
- CRYPTO_DEC_ENABLED / CRYPTO_ENC_ENABLED 옵션 제거 (필터 설정 시 항상 암복호화)
- getProp() 빈 문자열도 기본값으로 처리 (StringUtils.isBlank 적용)
- CryptoFilterHsmIntegrationTest 추가: SoftHSM2 연동 전체 흐름 검증 (7개 케이스)
  - attributes(*, CKO_SECRET_KEY, CKK_AES): 임포트 키도 CKA_SENSITIVE=false 적용
  - HsmKeyDerivationStrategy / HsmContextSha256KeyDerivationStrategy 검증
- HsmKeyRegisterUtil 추가: SoftHSM2 마스터키 등록 유틸리티
- CryptoModuleServiceTest: GCM AAD 관련 테스트 케이스 보강

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
curry772
2026-05-13 13:29:02 +09:00
parent 444b7ad595
commit e208a2d64b
6 changed files with 704 additions and 80 deletions
@@ -6,6 +6,7 @@ import static org.mockito.Mockito.*;
import java.lang.reflect.Constructor;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
@@ -52,6 +53,7 @@ class CryptoModuleServiceTest {
mockHsm = mock(HsmCryptoService.class);
SecretKey masterKey = new SecretKeySpec(KEY_128, "AES");
System.out.println("masterKey:"+new String(KEY_128));
when(mockHsm.getSecretKey(anyString())).thenReturn(masterKey);
CryptoModuleConfig aes = buildStatic("AES_SVC", "AES", "CBC", "PKCS5Padding");
@@ -221,12 +223,22 @@ class CryptoModuleServiceTest {
@Test
@DisplayName("4-2. STATIC AES/GCM — AAD null이면 IV를 AAD로 사용하는 기본 동작")
void testStaticGcm_nullAad_usesIvAsAad() throws Exception {
byte[] plain = "AAD null 기본 동작 테스트".getBytes(StandardCharsets.UTF_8);
byte[] plain = "{\"test\": \"테스트\"}".getBytes(StandardCharsets.UTF_8);
byte[] encrypted = service.encrypt("AES_GCM_SVC", (byte[]) null, plain);
byte[] decrypted = service.decrypt("AES_GCM_SVC", (byte[]) null, encrypted);
assertArrayEquals(plain, decrypted);
String encBase64 = Base64.getEncoder().encodeToString(encrypted);
String decBase64 = Base64.getEncoder().encodeToString(decrypted);
System.out.println("STATIC AES/GCM");
System.out.println("plain:"+new String(plain));
System.out.println("encBase64:"+encBase64);
System.out.println("decBase64:"+decBase64);
System.out.println("plain:"+new String(decrypted));
}
@Test
@@ -266,11 +278,22 @@ class CryptoModuleServiceTest {
runtimeCtx.put("X-Api-Enc-Key", "clientKey0000001");
byte[] aad = "dynamic-gcm-aad-ctx".getBytes(StandardCharsets.UTF_8);
byte[] plain = "DYNAMIC GCM AAD 테스트".getBytes(StandardCharsets.UTF_8);
byte[] plain = "{\"test\": \"테스트\"}".getBytes(StandardCharsets.UTF_8);
byte[] encrypted = service.encrypt("DYN_GCM_SVC", runtimeCtx, aad, plain);
byte[] decrypted = service.decrypt("DYN_GCM_SVC", runtimeCtx, aad, encrypted);
String encBase64 = Base64.getEncoder().encodeToString(encrypted);
String decBase64 = Base64.getEncoder().encodeToString(decrypted);
System.out.println("DYNAMIC AES/GCM");
System.out.println("aad:"+new String(aad));
System.out.println("plain:"+new String(plain));
System.out.println("encBase64:"+encBase64);
System.out.println("decBase64:"+decBase64);
System.out.println("plain:"+new String(decrypted));
assertArrayEquals(plain, decrypted);
}
@@ -280,11 +303,21 @@ class CryptoModuleServiceTest {
Map<String, String> runtimeCtx = new HashMap<>();
runtimeCtx.put("X-Api-Enc-Key", "clientKey0000001");
byte[] plain = "DYNAMIC GCM AAD null 테스트".getBytes(StandardCharsets.UTF_8);
byte[] plain = "{\"test\": \"테스트\"}".getBytes(StandardCharsets.UTF_8);
byte[] encrypted = service.encrypt("DYN_GCM_SVC", runtimeCtx, null, plain);
byte[] decrypted = service.decrypt("DYN_GCM_SVC", runtimeCtx, null, encrypted);
String encBase64 = Base64.getEncoder().encodeToString(encrypted);
String decBase64 = Base64.getEncoder().encodeToString(decrypted);
System.out.println("DYNAMIC AES/GCM");
System.out.println("aad:null");
System.out.println("plain:"+new String(plain));
System.out.println("encBase64:"+encBase64);
System.out.println("decBase64:"+decBase64);
System.out.println("plain:"+new String(decrypted));
assertArrayEquals(plain, decrypted);
}
@@ -366,8 +399,8 @@ class CryptoModuleServiceTest {
c.setPadding(padding);
c.setIvHex(IV_HEX);
c.setKeySourceType("DYNAMIC");
c.setKeyDerivStrategy("com.eactive.eai.common.security.keyderiv.strategy.HsmContextXorKeyDerivationStrategy");
c.setKeyDerivParams("{\"hsmKeyAlias\":\"MASTER_KEY\",\"contextKey\":\"X-Api-Enc-Key\",\"offset\":\"0\",\"length\":\"16\"}");
c.setKeyDerivStrategy("com.eactive.eai.common.security.keyderiv.strategy.HsmKeyDerivationStrategy");
c.setKeyDerivParams("{\"hsmKeyAlias\":\"MASTER_KEY\"}");
c.setCacheYn("Y");
c.setCacheTtlSec(300);
c.setUseYn("Y");