diff options
Diffstat (limited to 'certService/src/test/java/org')
25 files changed, 0 insertions, 3403 deletions
diff --git a/certService/src/test/java/org/onap/aaf/certservice/CertServiceApplicationTests.java b/certService/src/test/java/org/onap/aaf/certservice/CertServiceApplicationTests.java deleted file mode 100644 index 0dc60aa5..00000000 --- a/certService/src/test/java/org/onap/aaf/certservice/CertServiceApplicationTests.java +++ /dev/null @@ -1,34 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * PROJECT - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aaf.certservice; - -import org.junit.jupiter.api.Test; -import org.springframework.boot.test.context.SpringBootTest; - -@SpringBootTest -class CertServiceApplicationTests { - - @Test - // We are excluding this line in Sonar due to fact that - // this test checks if Spring context is loaded and does not require assertion - void contextLoads() { // NOSONAR - } -} diff --git a/certService/src/test/java/org/onap/aaf/certservice/api/CertificationControllerTest.java b/certService/src/test/java/org/onap/aaf/certservice/api/CertificationControllerTest.java deleted file mode 100644 index 449670c3..00000000 --- a/certService/src/test/java/org/onap/aaf/certservice/api/CertificationControllerTest.java +++ /dev/null @@ -1,147 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * PROJECT - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aaf.certservice.api; - -import static org.assertj.core.api.Assertions.assertThat; -import static org.junit.jupiter.api.Assertions.assertEquals; -import static org.junit.jupiter.api.Assertions.assertThrows; -import static org.mockito.Mockito.when; - -import java.util.Arrays; - -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; -import org.junit.jupiter.api.extension.ExtendWith; -import org.mockito.Mock; -import org.mockito.junit.jupiter.MockitoExtension; -import org.onap.aaf.certservice.certification.CertificationModelFactory; -import org.onap.aaf.certservice.certification.exception.Cmpv2ClientAdapterException; -import org.onap.aaf.certservice.certification.exception.Cmpv2ServerNotFoundException; -import org.onap.aaf.certservice.certification.exception.CsrDecryptionException; -import org.onap.aaf.certservice.certification.exception.DecryptionException; -import org.onap.aaf.certservice.certification.exception.KeyDecryptionException; -import org.onap.aaf.certservice.certification.model.CertificationModel; -import org.onap.aaf.certservice.cmpv2client.exceptions.CmpClientException; -import org.springframework.http.HttpStatus; -import org.springframework.http.ResponseEntity; - -@ExtendWith(MockitoExtension.class) -class CertificationControllerTest { - - private static final String TEST_CA_NAME = "TestCa"; - private static final String TEST_ENCODED_CSR = "encodedCSR"; - private static final String TEST_ENCODED_PK = "encodedPK"; - private static final String TEST_WRONG_ENCODED_CSR = "wrongEncodedCSR"; - private static final String TEST_WRONG_ENCODED_PK = "wrongEncodedPK"; - private static final String TEST_WRONG_CA_NAME = "wrongTestCa"; - - private CertificationController certificationController; - - @Mock - private CertificationModelFactory certificationModelFactory; - - @BeforeEach - void serUp() { - certificationController = new CertificationController(certificationModelFactory); - } - - @Test - void shouldReturnDataAboutCsrBaseOnEncodedParameters() - throws DecryptionException, CmpClientException, Cmpv2ClientAdapterException { - // Given - CertificationModel testCertificationModel = new CertificationModel( - Arrays.asList("ENTITY_CERT", "INTERMEDIATE_CERT"), - Arrays.asList("CA_CERT", "EXTRA_CA_CERT") - ); - when(certificationModelFactory.createCertificationModel(TEST_ENCODED_CSR, TEST_ENCODED_PK, TEST_CA_NAME)) - .thenReturn(testCertificationModel); - - // When - ResponseEntity<CertificationModel> responseCertificationModel = - certificationController.signCertificate(TEST_CA_NAME, TEST_ENCODED_CSR, TEST_ENCODED_PK); - - // Then - assertEquals(HttpStatus.OK, responseCertificationModel.getStatusCode()); - assertThat(responseCertificationModel.getBody() - ).isEqualToComparingFieldByField(testCertificationModel); - - } - - @Test - void shouldThrowCsrDecryptionExceptionWhenCreatingCsrModelFails() - throws DecryptionException, CmpClientException, Cmpv2ClientAdapterException { - // Given - String expectedMessage = "Incorrect CSR, decryption failed"; - when(certificationModelFactory.createCertificationModel(TEST_WRONG_ENCODED_CSR, TEST_ENCODED_PK, TEST_CA_NAME)) - .thenThrow(new CsrDecryptionException(expectedMessage)); - - // When - Exception exception = assertThrows( - CsrDecryptionException.class, () -> - certificationController.signCertificate(TEST_CA_NAME, TEST_WRONG_ENCODED_CSR, TEST_ENCODED_PK) - ); - - String actualMessage = exception.getMessage(); - - // Then - assertEquals(expectedMessage, actualMessage); - } - - @Test - void shouldThrowPemDecryptionExceptionWhenCreatingPemModelFails() - throws DecryptionException, CmpClientException, Cmpv2ClientAdapterException { - // Given - String expectedMessage = "Incorrect PEM, decryption failed"; - when(certificationModelFactory.createCertificationModel(TEST_ENCODED_CSR, TEST_WRONG_ENCODED_PK, TEST_CA_NAME)) - .thenThrow(new KeyDecryptionException(expectedMessage)); - - // When - Exception exception = assertThrows( - KeyDecryptionException.class, () -> - certificationController.signCertificate(TEST_CA_NAME, TEST_ENCODED_CSR, TEST_WRONG_ENCODED_PK) - ); - - String actualMessage = exception.getMessage(); - - // Then - assertEquals(expectedMessage, actualMessage); - } - - @Test - void shouldThrowCmpv2ServerNotFoundWhenGivenWrongCaName() - throws DecryptionException, CmpClientException, Cmpv2ClientAdapterException { - // Given - String expectedMessage = "No server found for given CA name"; - when(certificationModelFactory.createCertificationModel(TEST_ENCODED_CSR, TEST_ENCODED_PK, TEST_WRONG_CA_NAME)) - .thenThrow(new Cmpv2ServerNotFoundException(expectedMessage)); - - // When - Exception exception = assertThrows( - Cmpv2ServerNotFoundException.class, () -> - certificationController.signCertificate(TEST_WRONG_CA_NAME, TEST_ENCODED_CSR, TEST_ENCODED_PK) - ); - - String actualMessage = exception.getMessage(); - - // Then - assertEquals(expectedMessage, actualMessage); - } -} diff --git a/certService/src/test/java/org/onap/aaf/certservice/api/ReadinessControllerTest.java b/certService/src/test/java/org/onap/aaf/certservice/api/ReadinessControllerTest.java deleted file mode 100644 index d3ed7301..00000000 --- a/certService/src/test/java/org/onap/aaf/certservice/api/ReadinessControllerTest.java +++ /dev/null @@ -1,59 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * PROJECT - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aaf.certservice.api; - -import static org.assertj.core.api.Assertions.assertThat; - -import org.junit.jupiter.api.Test; -import org.junit.jupiter.api.extension.ExtendWith; -import org.mockito.Mock; -import org.mockito.Mockito; -import org.mockito.junit.jupiter.MockitoExtension; -import org.onap.aaf.certservice.certification.configuration.CmpServersConfig; -import org.springframework.http.HttpStatus; - -@ExtendWith(MockitoExtension.class) -public class ReadinessControllerTest { - - @Mock - private CmpServersConfig cmpServersConfig; - - @Test - public void shouldReturnStatusOkWhenConfigIsReady() { - // Given - Mockito.when(cmpServersConfig.isReady()).thenReturn(true); - - // Then - assertThat(new ReadinessController(cmpServersConfig).checkReady().getStatusCode()).isEqualTo(HttpStatus.OK); - ; - } - - @Test - public void shouldReturnStatusServiceUnavailableWhenConfigIsNotReady() { - // Given - Mockito.when(cmpServersConfig.isReady()).thenReturn(false); - - // Then - assertThat(new ReadinessController(cmpServersConfig).checkReady().getStatusCode()).isEqualTo(HttpStatus.SERVICE_UNAVAILABLE); - ; - } - -} diff --git a/certService/src/test/java/org/onap/aaf/certservice/api/ReloadConfigControllerTest.java b/certService/src/test/java/org/onap/aaf/certservice/api/ReloadConfigControllerTest.java deleted file mode 100644 index 92c18e16..00000000 --- a/certService/src/test/java/org/onap/aaf/certservice/api/ReloadConfigControllerTest.java +++ /dev/null @@ -1,77 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * PROJECT - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aaf.certservice.api; - -import static org.assertj.core.api.AssertionsForInterfaceTypes.assertThat; -import static org.junit.jupiter.api.Assertions.assertThrows; -import static org.mockito.Mockito.doThrow; - -import org.assertj.core.api.Assertions; -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; -import org.junit.jupiter.api.extension.ExtendWith; -import org.mockito.Mock; -import org.mockito.junit.jupiter.MockitoExtension; -import org.onap.aaf.certservice.certification.configuration.CmpServersConfig; -import org.onap.aaf.certservice.certification.configuration.CmpServersConfigLoadingException; -import org.springframework.http.HttpStatus; -import org.springframework.http.ResponseEntity; - -@ExtendWith(MockitoExtension.class) -public class ReloadConfigControllerTest { - - private static final String ERROR_MESSAGE = "Exception occurred during CMP Servers configuration loading"; - - private ReloadConfigController reloadConfigController; - - @Mock - public CmpServersConfig cmpServersConfig; - - @BeforeEach - void setUp() { - this.reloadConfigController = new ReloadConfigController(cmpServersConfig); - } - - @Test - void shouldReturnStatusOkWhenSuccessfullyReloaded() throws CmpServersConfigLoadingException { - // When - ResponseEntity<String> response = reloadConfigController.reloadConfiguration(); - - // Then - assertThat(response.getStatusCode()).isEqualTo(HttpStatus.OK); - } - - @Test - void shouldRethrowSameErrorWhenFailedToReload() throws CmpServersConfigLoadingException { - // Given - doThrow(new CmpServersConfigLoadingException(ERROR_MESSAGE)).when(cmpServersConfig).reloadConfiguration(); - - // When - Exception exception = assertThrows( - CmpServersConfigLoadingException.class, - () -> reloadConfigController.reloadConfiguration()); - - // Then - Assertions.assertThat(exception.getMessage()).isEqualTo(ERROR_MESSAGE); - } - - -} diff --git a/certService/src/test/java/org/onap/aaf/certservice/api/advice/CertificationExceptionAdviceTest.java b/certService/src/test/java/org/onap/aaf/certservice/api/advice/CertificationExceptionAdviceTest.java deleted file mode 100644 index f3c4ec7f..00000000 --- a/certService/src/test/java/org/onap/aaf/certservice/api/advice/CertificationExceptionAdviceTest.java +++ /dev/null @@ -1,134 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * PROJECT - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aaf.certservice.api.advice; - -import com.google.gson.Gson; -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; -import org.onap.aaf.certservice.certification.exception.Cmpv2ClientAdapterException; -import org.onap.aaf.certservice.certification.exception.Cmpv2ServerNotFoundException; -import org.onap.aaf.certservice.certification.exception.CsrDecryptionException; -import org.onap.aaf.certservice.certification.exception.ErrorResponseModel; -import org.onap.aaf.certservice.certification.exception.KeyDecryptionException; -import org.onap.aaf.certservice.cmpv2client.exceptions.CmpClientException; -import org.springframework.http.HttpStatus; -import org.springframework.http.ResponseEntity; - -import static org.junit.jupiter.api.Assertions.assertEquals; -import static org.junit.jupiter.api.Assertions.assertThrows; - -class CertificationExceptionAdviceTest { - - private CertificationExceptionAdvice certificationExceptionAdvice; - - @BeforeEach - void setUp() { - certificationExceptionAdvice = - new CertificationExceptionAdvice(); - } - - @Test - void shouldReturnResponseEntityWithAppropriateErrorMessageWhenGivenCsrDecryptionException() { - // Given - String expectedMessage = "Wrong certificate signing request (CSR) format"; - CsrDecryptionException csrDecryptionException = new CsrDecryptionException("test csr exception"); - - // When - ResponseEntity<ErrorResponseModel> response = certificationExceptionAdvice.handle(csrDecryptionException); - - // Then - assertEquals(HttpStatus.BAD_REQUEST, response.getStatusCode()); - assertEquals(expectedMessage, response.getBody().getErrorMessage()); - } - - @Test - void shouldReturnResponseEntityWithAppropriateErrorMessageWhenGivenKeyDecryptionException() { - // Given - String expectedMessage = "Wrong key (PK) format"; - KeyDecryptionException csrDecryptionException = new KeyDecryptionException("test pk exception"); - - // When - ResponseEntity<ErrorResponseModel> response = certificationExceptionAdvice.handle(csrDecryptionException); - - // Then - assertEquals(HttpStatus.BAD_REQUEST, response.getStatusCode()); - assertEquals(expectedMessage, response.getBody().getErrorMessage()); - } - - @Test - void shouldReturnResponseEntityWithAppropriateErrorMessageWhenGivenCaNameIsNotPresentInConfig() { - // Given - String expectedMessage = "Certification authority not found for given CAName"; - Cmpv2ServerNotFoundException csrDecryptionException = new Cmpv2ServerNotFoundException("test Ca exception"); - - // When - ResponseEntity<ErrorResponseModel> response = certificationExceptionAdvice.handle(csrDecryptionException); - - // Then - assertEquals(HttpStatus.NOT_FOUND, response.getStatusCode()); - assertEquals(expectedMessage, response.getBody().getErrorMessage()); - } - - @Test - void shouldReturnResponseEntityWithAppropriateErrorMessageWhenCallingCmpClientFail() { - // Given - String expectedMessage = "Exception occurred during call to cmp client"; - CmpClientException cmpClientException = new CmpClientException("Calling CMPv2 client failed"); - - // When - ResponseEntity<ErrorResponseModel> response = certificationExceptionAdvice.handle(cmpClientException); - - // Then - assertEquals(HttpStatus.INTERNAL_SERVER_ERROR, response.getStatusCode()); - assertEquals(expectedMessage, response.getBody().getErrorMessage()); - } - - @Test - void shouldReturnResponseEntityWithAppropriateErrorMessageWhenModelTransformationInAdapterFail() { - // Given - String expectedMessage = "Exception occurred parsing cmp client response"; - Cmpv2ClientAdapterException cmpv2ClientAdapterException = new Cmpv2ClientAdapterException(new Throwable()); - - // When - ResponseEntity<ErrorResponseModel> response = certificationExceptionAdvice.handle(cmpv2ClientAdapterException); - - // Then - assertEquals(HttpStatus.INTERNAL_SERVER_ERROR, response.getStatusCode()); - assertEquals(expectedMessage, response.getBody().getErrorMessage()); - } - - @Test - void shouldThrowCmpClientExceptionWhenNotHandledRunTimeExceptionOccur() { - // Given - String expectedMessage = "Runtime exception occurred calling cmp client business logic"; - RuntimeException runtimeException = new RuntimeException("Unknown runtime exception"); - - // When - Exception exception = assertThrows( - CmpClientException.class, () -> - certificationExceptionAdvice.handle(runtimeException) - ); - - // Then - assertEquals(expectedMessage, exception.getMessage()); - } - -} diff --git a/certService/src/test/java/org/onap/aaf/certservice/api/advice/ReloadConfigExceptionAdviceTest.java b/certService/src/test/java/org/onap/aaf/certservice/api/advice/ReloadConfigExceptionAdviceTest.java deleted file mode 100644 index 9abecec9..00000000 --- a/certService/src/test/java/org/onap/aaf/certservice/api/advice/ReloadConfigExceptionAdviceTest.java +++ /dev/null @@ -1,56 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * PROJECT - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aaf.certservice.api.advice; - -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; -import org.onap.aaf.certservice.certification.configuration.CmpServersConfigLoadingException; -import org.springframework.http.HttpStatus; -import org.springframework.http.ResponseEntity; - -import static org.junit.jupiter.api.Assertions.assertEquals; - -class ReloadConfigExceptionAdviceTest { - - private static final String ERROR_MESSAGE = "Exception occurred during CMP Servers configuration loading"; - - private ReloadConfigExceptionAdvice reloadConfigExceptionAdvice; - - @BeforeEach - void setUp() { - reloadConfigExceptionAdvice = - new ReloadConfigExceptionAdvice(); - } - - @Test - void shouldReturnErrorStatusAndMessageWhenExceptionOccurred() { - // Given - CmpServersConfigLoadingException exception = new CmpServersConfigLoadingException(ERROR_MESSAGE); - - // When - ResponseEntity<String> response = reloadConfigExceptionAdvice.handle(exception); - - // Then - assertEquals(ERROR_MESSAGE, response.getBody()); - assertEquals(HttpStatus.INTERNAL_SERVER_ERROR, response.getStatusCode()); - } - -} diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/CertificationModelFactoryTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/CertificationModelFactoryTest.java deleted file mode 100644 index a63c8e0e..00000000 --- a/certService/src/test/java/org/onap/aaf/certservice/certification/CertificationModelFactoryTest.java +++ /dev/null @@ -1,220 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * PROJECT - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aaf.certservice.certification; - -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; -import org.junit.jupiter.api.extension.ExtendWith; -import org.mockito.Mock; -import org.mockito.junit.jupiter.MockitoExtension; -import org.onap.aaf.certservice.certification.configuration.Cmpv2ServerProvider; -import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server; -import org.onap.aaf.certservice.certification.exception.Cmpv2ClientAdapterException; -import org.onap.aaf.certservice.certification.exception.Cmpv2ServerNotFoundException; -import org.onap.aaf.certservice.certification.exception.CsrDecryptionException; -import org.onap.aaf.certservice.certification.exception.DecryptionException; -import org.onap.aaf.certservice.certification.model.CertificationModel; -import org.onap.aaf.certservice.certification.model.CsrModel; -import org.onap.aaf.certservice.cmpv2client.exceptions.CmpClientException; - -import java.util.Arrays; -import java.util.Base64; -import java.util.List; - -import static org.assertj.core.api.Assertions.assertThat; -import static org.junit.jupiter.api.Assertions.assertEquals; -import static org.junit.jupiter.api.Assertions.assertThrows; -import static org.junit.jupiter.api.Assertions.assertTrue; -import static org.mockito.ArgumentMatchers.eq; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.when; -import static org.onap.aaf.certservice.certification.CertificationData.CA_CERT; -import static org.onap.aaf.certservice.certification.CertificationData.ENTITY_CERT; -import static org.onap.aaf.certservice.certification.CertificationData.INTERMEDIATE_CERT; -import static org.onap.aaf.certservice.certification.CertificationData.EXTRA_CA_CERT; -import static org.onap.aaf.certservice.certification.TestData.TEST_CSR; -import static org.onap.aaf.certservice.certification.TestData.TEST_PK; -import static org.onap.aaf.certservice.certification.TestData.TEST_WRONG_CSR; -import static org.onap.aaf.certservice.certification.TestData.TEST_WRONG_PEM; - -@ExtendWith(MockitoExtension.class) -class CertificationModelFactoryTest { - - private static final String TEST_CA = "testCA"; - private static final String ENCODED_CSR = getEncodedString(TEST_CSR); - private static final String ENCODED_PK = getEncodedString(TEST_PK); - private static final String ENCODED_WRONG_CSR = getEncodedString(TEST_WRONG_CSR); - private static final String ENCODED_WRONG_PK = getEncodedString(TEST_WRONG_PEM); - - private CertificationModelFactory certificationModelFactory; - - @Mock - private Cmpv2ServerProvider cmpv2ServerProvider; - @Mock - private CsrModelFactory csrModelFactory; - @Mock - private CertificationProvider certificationProvider; - - - private static String getEncodedString(String testCsr) { - return Base64.getEncoder().encodeToString(testCsr.getBytes()); - } - - @BeforeEach - void setUp() { - certificationModelFactory = - new CertificationModelFactory(csrModelFactory, cmpv2ServerProvider, certificationProvider); - } - - @Test - void shouldCreateProperCertificationModelWhenGivenProperCsrModelAndCaName() - throws CmpClientException, DecryptionException, Cmpv2ClientAdapterException { - - // Given - CsrModel csrModel = mockCsrFactoryModelCreation(); - Cmpv2Server testServer = mockCmpv2ProviderServerSelection(); - mockCertificateProviderCertificateSigning(csrModel, testServer); - - // When - CertificationModel certificationModel = - certificationModelFactory.createCertificationModel(ENCODED_CSR, ENCODED_PK, TEST_CA); - - // Then - assertEquals(2, certificationModel.getCertificateChain().size()); - assertThat(certificationModel.getCertificateChain()).contains(INTERMEDIATE_CERT, ENTITY_CERT); - assertEquals(2, certificationModel.getTrustedCertificates().size()); - assertThat(certificationModel.getTrustedCertificates()).contains(CA_CERT, EXTRA_CA_CERT); - } - - @Test - void shouldThrowDecryptionExceptionWhenGivenWrongEncodedCsr() - throws DecryptionException { - // Given - String expectedMessage = "Incorrect CSR, decryption failed"; - when( - csrModelFactory.createCsrModel( - eq(new CsrModelFactory.StringBase64(ENCODED_WRONG_CSR)), - eq(new CsrModelFactory.StringBase64(ENCODED_WRONG_PK)) - ) - ).thenThrow( - new CsrDecryptionException(expectedMessage) - ); - - // When - Exception exception = assertThrows( - DecryptionException.class, () -> - certificationModelFactory.createCertificationModel(ENCODED_WRONG_CSR, ENCODED_WRONG_PK, TEST_CA) - ); - - // Then - assertTrue(exception.getMessage().contains(expectedMessage)); - } - - @Test - void shouldThrowCmpv2ServerNotFoundExceptionWhenGivenWrongCaName() - throws DecryptionException { - // Given - String expectedMessage = "CA not found"; - mockCsrFactoryModelCreation(); - when( - cmpv2ServerProvider.getCmpv2Server(TEST_CA) - ).thenThrow( - new Cmpv2ServerNotFoundException(expectedMessage) - ); - - // When - Exception exception = assertThrows( - Cmpv2ServerNotFoundException.class, () -> - certificationModelFactory.createCertificationModel(ENCODED_CSR, ENCODED_PK, TEST_CA) - ); - - // Then - assertTrue(exception.getMessage().contains(expectedMessage)); - } - - @Test - void shouldThrowCmpClientExceptionWhenSigningCsrFailed() - throws DecryptionException, CmpClientException, Cmpv2ClientAdapterException { - // Given - String expectedMessage = "failed to sign certificate"; - CsrModel csrModel = mockCsrFactoryModelCreation(); - Cmpv2Server testServer = mockCmpv2ProviderServerSelection(); - when( - certificationProvider.signCsr(eq(csrModel), eq(testServer)) - ).thenThrow( - new CmpClientException(expectedMessage) - ); - - // When - Exception exception = assertThrows( - CmpClientException.class, () -> - certificationModelFactory.createCertificationModel(ENCODED_CSR, ENCODED_PK, TEST_CA) - ); - - // Then - assertTrue(exception.getMessage().contains(expectedMessage)); - } - - - private void mockCertificateProviderCertificateSigning(CsrModel csrModel, Cmpv2Server testServer) - throws CmpClientException, Cmpv2ClientAdapterException { - CertificationModel expectedCertificationModel = getCertificationModel(); - when( - certificationProvider.signCsr(eq(csrModel), eq(testServer)) - ).thenReturn(expectedCertificationModel); - } - - private Cmpv2Server mockCmpv2ProviderServerSelection() { - Cmpv2Server testServer = getCmpv2Server(); - when( - cmpv2ServerProvider.getCmpv2Server(eq(TEST_CA)) - ).thenReturn(testServer); - return testServer; - } - - private CsrModel mockCsrFactoryModelCreation() - throws DecryptionException { - CsrModel csrModel = getCsrModel(); - when( - csrModelFactory.createCsrModel( - eq(new CsrModelFactory.StringBase64(ENCODED_CSR)), - eq(new CsrModelFactory.StringBase64(ENCODED_PK)) - ) - ).thenReturn(csrModel); - return csrModel; - } - - private Cmpv2Server getCmpv2Server() { - return new Cmpv2Server(); - } - - private CsrModel getCsrModel() { - return mock(CsrModel.class); - } - - private CertificationModel getCertificationModel() { - List<String> testTrustedCertificates = Arrays.asList(CA_CERT, EXTRA_CA_CERT); - List<String> testCertificationChain = Arrays.asList(INTERMEDIATE_CERT, ENTITY_CERT); - return new CertificationModel(testCertificationChain, testTrustedCertificates); - } - - -} diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/CertificationProviderTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/CertificationProviderTest.java deleted file mode 100644 index a590c5ea..00000000 --- a/certService/src/test/java/org/onap/aaf/certservice/certification/CertificationProviderTest.java +++ /dev/null @@ -1,132 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * AAF Certification Service - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aaf.certservice.certification; - -import org.apache.commons.io.IOUtils; -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; -import org.junit.jupiter.api.extension.ExtendWith; -import org.mockito.Mock; -import org.mockito.junit.jupiter.MockitoExtension; -import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server; -import org.onap.aaf.certservice.certification.model.CertificationModel; -import org.onap.aaf.certservice.certification.model.CsrModel; -import org.onap.aaf.certservice.cmpv2client.api.CmpClient; -import org.onap.aaf.certservice.cmpv2client.exceptions.CmpClientException; -import org.onap.aaf.certservice.cmpv2client.model.Cmpv2CertificationModel; - -import java.io.IOException; -import java.io.InputStream; -import java.nio.charset.StandardCharsets; -import java.security.NoSuchProviderException; -import java.security.cert.CertificateException; -import java.security.cert.X509Certificate; -import java.util.Collections; -import java.util.Objects; - -import static org.assertj.core.api.Assertions.assertThat; -import static org.junit.jupiter.api.Assertions.assertThrows; -import static org.mockito.ArgumentMatchers.any; -import static org.mockito.Mockito.when; - -@ExtendWith(MockitoExtension.class) -class CertificationProviderTest { - - @Mock - private CsrModel csrModel; - @Mock - private Cmpv2Server server; - @Mock - private CsrModel testCsrModel; - @Mock - private Cmpv2Server testServer; - @Mock - private CmpClient cmpClient; - - private CertificationProvider certificationProvider; - - @BeforeEach - public void init() { - certificationProvider = new CertificationProvider(cmpClient); - } - - @Test - void shouldConvertToCertificationModel() - throws CertificateException, NoSuchProviderException, IOException, CmpClientException { - // When - when( - cmpClient.createCertificate(any(CsrModel.class), any(Cmpv2Server.class)) - ).thenReturn(createCorrectClientResponse()); - - CertificationModel certificationModel = certificationProvider.signCsr(csrModel, server); - - // Then - InputStream certificate = getClass().getClassLoader().getResourceAsStream("certificateModelChain.first"); - InputStream trustedCertificate = - getClass().getClassLoader().getResourceAsStream("trustedCertificatesModel.first"); - String certificateModel = removeLineEndings(certificationModel.getCertificateChain().get(0)); - String expectedCertificate = - removeLineEndings(IOUtils.toString(Objects.requireNonNull(certificate), StandardCharsets.UTF_8)); - String trustedCertificateModel = removeLineEndings(certificationModel.getTrustedCertificates().get(0)); - String expectedTrustedCertificate = - removeLineEndings(IOUtils.toString(Objects.requireNonNull(trustedCertificate), StandardCharsets.UTF_8)); - - assertThat(certificateModel).isEqualTo(expectedCertificate); - assertThat(trustedCertificateModel).isEqualTo(expectedTrustedCertificate); - } - - - @Test - void certificationProviderThrowCmpClientWhenCallingClientFails() - throws CmpClientException { - // Given - String expectedErrorMessage = "connecting to CMP client failed"; - - when( - cmpClient.createCertificate(any(CsrModel.class), any(Cmpv2Server.class)) - ).thenThrow(new CmpClientException(expectedErrorMessage)); - - // When - Exception exception = assertThrows( - CmpClientException.class, () -> - certificationProvider.signCsr(testCsrModel, testServer) - ); - - // Then - assertThat(exception.getMessage()).isEqualTo(expectedErrorMessage); - } - - private Cmpv2CertificationModel createCorrectClientResponse() - throws CertificateException, NoSuchProviderException { - InputStream certificateChain = getClass().getClassLoader().getResourceAsStream("certificateChain.first"); - InputStream trustedCertificate = getClass().getClassLoader().getResourceAsStream("trustedCertificates.first"); - X509Certificate x509Certificate = new CertificateFactoryProvider().generateCertificate(certificateChain); - X509Certificate x509TrustedCertificate = - new CertificateFactoryProvider().generateCertificate(trustedCertificate); - return new Cmpv2CertificationModel( - Collections.singletonList(x509Certificate), - Collections.singletonList(x509TrustedCertificate)); - } - - private String removeLineEndings(String string) { - return string.replace("\n", "").replace("\r", ""); - } -} diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/CsrModelFactoryTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/CsrModelFactoryTest.java deleted file mode 100644 index d2c3c54c..00000000 --- a/certService/src/test/java/org/onap/aaf/certservice/certification/CsrModelFactoryTest.java +++ /dev/null @@ -1,147 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * PROJECT - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aaf.certservice.certification; - -import org.bouncycastle.util.encoders.Base64; -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; -import org.onap.aaf.certservice.certification.CsrModelFactory.StringBase64; -import org.onap.aaf.certservice.certification.exception.CsrDecryptionException; -import org.onap.aaf.certservice.certification.exception.DecryptionException; -import org.onap.aaf.certservice.certification.exception.KeyDecryptionException; -import org.onap.aaf.certservice.certification.model.CsrModel; - -import static org.junit.jupiter.api.Assertions.assertThrows; -import static org.junit.jupiter.api.Assertions.assertTrue; -import static org.onap.aaf.certservice.certification.TestData.TEST_CSR; -import static org.onap.aaf.certservice.certification.TestData.TEST_PK; -import static org.onap.aaf.certservice.certification.TestData.TEST_WRONG_CSR; -import static org.onap.aaf.certservice.certification.TestData.TEST_WRONG_PEM; - - -class CsrModelFactoryTest { - - private CsrModelFactory csrModelFactory; - - @BeforeEach - void setUp() { - csrModelFactory = new CsrModelFactory(); - } - - @Test - void shouldDecryptCsrAndReturnStringWithDataAboutIt() throws DecryptionException { - // given - String encoderCsr = new String(Base64.encode(TEST_CSR.getBytes())); - String encoderPK = new String(Base64.encode(TEST_PK.getBytes())); - - // when - CsrModel decryptedCsr = csrModelFactory - .createCsrModel(new StringBase64(encoderCsr), new StringBase64(encoderPK)); - - // then - assertTrue( - decryptedCsr.toString() - .contains( - "C=US,ST=California,L=San-Francisco,O=Linux-Foundation," - + "OU=ONAP,CN=onap.org,E=tester@onap.org") - && - decryptedCsr.toString() - .contains("SANs: [gerrit.onap.org, test.onap.org, onap.com]") - ); - } - - @Test - void shouldThrowCsrDecryptionExceptionWhenCsrIsIncorrect() { - // given - String encoderPK = new String(Base64.encode(TEST_PK.getBytes())); - String wrongCsr = new String(Base64.encode(TEST_WRONG_CSR.getBytes())); - - // when - Exception exception = assertThrows( - CsrDecryptionException.class, () -> csrModelFactory - .createCsrModel(new StringBase64(wrongCsr), new StringBase64(encoderPK)) - ); - - String expectedMessage = "Incorrect CSR, decryption failed"; - String actualMessage = exception.getMessage(); - - // then - assertTrue(actualMessage.contains(expectedMessage)); - } - - @Test - void shouldThrowKeyDecryptionExceptionWhenKeyIsIncorrect() { - // given - String encoderPK = new String(Base64.encode(TEST_WRONG_PEM.getBytes())); - String wrongCsr = new String(Base64.encode(TEST_CSR.getBytes())); - - // when - Exception exception = assertThrows( - KeyDecryptionException.class, () -> csrModelFactory - .createCsrModel(new StringBase64(wrongCsr), new StringBase64(encoderPK)) - ); - - String expectedMessage = "Incorrect Key, decryption failed"; - String actualMessage = exception.getMessage(); - - // then - assertTrue(actualMessage.contains(expectedMessage)); - } - - - @Test - void shouldThrowCsrDecryptionExceptionWhenCsrIsNotInBase64Encoding() { - // given - String encoderPK = new String(Base64.encode(TEST_PK.getBytes())); - String wrongCsr = "Not Base 64 Csr"; - - // when - Exception exception = assertThrows( - CsrDecryptionException.class, () -> csrModelFactory - .createCsrModel(new StringBase64(wrongCsr), new StringBase64(encoderPK)) - ); - - String expectedMessage = "Incorrect CSR, decryption failed"; - String actualMessage = exception.getMessage(); - - // then - assertTrue(actualMessage.contains(expectedMessage)); - } - - @Test - void shouldThrowKeyDecryptionExceptionWhenPkIsNotInBase64Encoding() { - // given - String encoderPK = "Not Base64 Key"; - String wrongCsr = new String(Base64.encode(TEST_CSR.getBytes())); - - // when - Exception exception = assertThrows( - KeyDecryptionException.class, () -> csrModelFactory - .createCsrModel(new StringBase64(wrongCsr), new StringBase64(encoderPK)) - ); - - String expectedMessage = "Incorrect Key, decryption failed"; - String actualMessage = exception.getMessage(); - - // then - assertTrue(actualMessage.contains(expectedMessage)); - } -} diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/PemObjectFactoryTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/PemObjectFactoryTest.java deleted file mode 100644 index 90151b6d..00000000 --- a/certService/src/test/java/org/onap/aaf/certservice/certification/PemObjectFactoryTest.java +++ /dev/null @@ -1,76 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * PROJECT - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aaf.certservice.certification; - -import org.bouncycastle.util.io.pem.PemObject; -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; -import org.onap.aaf.certservice.certification.exception.DecryptionException; - -import static org.junit.jupiter.api.Assertions.assertEquals; -import static org.junit.jupiter.api.Assertions.assertThrows; -import static org.junit.jupiter.api.Assertions.assertTrue; -import static org.onap.aaf.certservice.certification.TestData.TEST_PEM; -import static org.onap.aaf.certservice.certification.TestData.TEST_WRONG_PEM; -import static org.onap.aaf.certservice.certification.TestUtils.pemObjectToString; - - -class PemObjectFactoryTest { - - - private PemObjectFactory pemObjectFactory; - - @BeforeEach - void setUp() { - pemObjectFactory = new PemObjectFactory(); - } - - @Test - void shouldTransformStringInToPemObjectAndBackToString() throws DecryptionException { - // when - PemObject pemObject = pemObjectFactory.createPemObject(TEST_PEM).orElseThrow( - () -> new DecryptionException("Pem decryption failed") - ); - String parsedPemObject = pemObjectToString(pemObject); - - // then - assertEquals(TEST_PEM, parsedPemObject); - } - - @Test - void shouldThrowExceptionWhenParsingPemFailed() { - // given - String expectedMessage = "Unable to create PEM"; - - // when - Exception exception = assertThrows( - DecryptionException.class, () -> pemObjectFactory.createPemObject(TEST_WRONG_PEM).orElseThrow( - () -> new DecryptionException(expectedMessage) - ) - ); - - String actualMessage = exception.getMessage(); - - // then - assertTrue(actualMessage.contains(expectedMessage)); - } - -} diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/RsaContentSignerBuilderTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/RsaContentSignerBuilderTest.java deleted file mode 100644 index 0083968d..00000000 --- a/certService/src/test/java/org/onap/aaf/certservice/certification/RsaContentSignerBuilderTest.java +++ /dev/null @@ -1,63 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * PROJECT - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aaf.certservice.certification; - -import org.bouncycastle.operator.ContentSigner; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.pkcs.PKCS10CertificationRequest; -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; -import org.onap.aaf.certservice.certification.RsaContentSignerBuilder; -import org.onap.aaf.certservice.certification.exception.DecryptionException; -import org.onap.aaf.certservice.certification.model.CsrModel; - -import java.io.IOException; -import java.security.PrivateKey; - -import static org.assertj.core.api.Assertions.assertThat; -import static org.onap.aaf.certservice.certification.TestUtils.createCsrModel; - -class RsaContentSignerBuilderTest { - - private RsaContentSignerBuilder rsaContentSignerBuilder; - - @BeforeEach - void setUp() { - rsaContentSignerBuilder = new RsaContentSignerBuilder(); - } - - @Test - void shouldBuildProperContentSignerWhenProvidedCertificationRequestAndPrivateKey() - throws IOException, OperatorCreationException, DecryptionException { - // Given - CsrModel testCsrModel = createCsrModel(); - PKCS10CertificationRequest testCertificationRequest = testCsrModel.getCsr(); - PrivateKey testPrivateKey = testCsrModel.getPrivateKey(); - - // When - ContentSigner createdContentSigner = rsaContentSignerBuilder.build(testCertificationRequest, testPrivateKey); - - // Then - assertThat(createdContentSigner.getAlgorithmIdentifier()) - .isEqualTo(testCertificationRequest.getSignatureAlgorithm()); - } - -} diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/TestData.java b/certService/src/test/java/org/onap/aaf/certservice/certification/TestData.java deleted file mode 100644 index 6fea5b5a..00000000 --- a/certService/src/test/java/org/onap/aaf/certservice/certification/TestData.java +++ /dev/null @@ -1,95 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * PROJECT - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aaf.certservice.certification; - -public final class TestData { - - private TestData() { - } - - public static final String TEST_CSR = "" - + "-----BEGIN CERTIFICATE REQUEST-----\n" - + "MIIDIzCCAgsCAQAwgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh\n" - + "MRYwFAYDVQQHDA1TYW4tRnJhbmNpc2NvMRkwFwYDVQQKDBBMaW51eC1Gb3VuZGF0\n" - + "aW9uMQ0wCwYDVQQLDARPTkFQMREwDwYDVQQDDAhvbmFwLm9yZzEeMBwGCSqGSIb3\n" - + "DQEJARYPdGVzdGVyQG9uYXAub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" - + "CgKCAQEA13K1LrQ1L6eL7B8K4kucNct0sSjZe7Ww91V40s6mjcWajeFJk+pObZKz\n" - + "BfnImkVJwxdNMDD6tX16wykbGfQPyh4BBiAjLVk9XSeoPHFRBQ4LKTuyPtXhEXyr\n" - + "qwatYXGWZE554qq64pbReddOUJHgMc38SrOk/eMAKxB0uRrXpA0mPH7zwIZ4X8g2\n" - + "PoxJKI1BSYc8kOvvujsGSMw3e5nS8A+doFUwVi3jJMnaVCoZrvJbtREfXHZqBLQ5\n" - + "XQ8mNpIFfmGYF/tvW/O6LBdlZkuAQ9i4FBgf5+HdIVZOXrn09ksIZxW6vxIvAVi0\n" - + "5AOSgXictyphcNP2i/erBeCQCVB7MwIDAQABoEYwRAYJKoZIhvcNAQkOMTcwNTAz\n" - + "BgNVHREELDAqgg9nZXJyaXQub25hcC5vcmeCDXRlc3Qub25hcC5vcmeCCG9uYXAu\n" - + "Y29tMA0GCSqGSIb3DQEBCwUAA4IBAQBXH2nRwodQRJTuyrLe/VSg3PUdcPyAx2Ew\n" - + "63tWiGO+qWo8rK2a9Rr/t/zkQe2lx6NHqcMc2Rt6NeKGbrAvHGxTiYM35gktBdxG\n" - + "UaQS1ymrBWHAwbC+kv78r+5lCfafNm/EVdhUZbEw+crsw2wx4iKEW0byS4Ln0o5g\n" - + "aXVUW3i4G5FaYiYBUIDsujDdnH1IoxunEA6pDzDv1h6R9/TYu6Se8HToREIjOPBZ\n" - + "pDI5lDRu0YmI8r+TmAU3tTT1sY2WVxYDnhJut9ofegfMPQV4FIohxtPcCfoLSWti\n" - + "ml6jbcFqDvlzq3B3CXH9HU3jdJt33iSjCQGsSqy6bmCOdMS6XTPU\n" - + "-----END CERTIFICATE REQUEST-----\n"; - - public static final String TEST_WRONG_CSR = "" - + "-----BEGIN CERTIFICATE REQUEST-----\n" - + "MIIDIzCCAgsCAQAwgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh\n" - + "MRYwFAYDVQQHDA1TYW4tRnJhbmNpc2NvMRkwFwYDVQQKDBBMaW51eC1Gb3VuZGF0\n" - + "aW9uMQ0wCwYDVQQLDARPTkFQMREwDwYDVQQDDAhvbmFwLm9yZzEeMBwGCSqGSIb3\n" - + "-----END CERTIFICATE REQUEST-----\n"; - - public static final String TEST_PK = "-----BEGIN PRIVATE KEY-----\n" - + "MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDXcrUutDUvp4vs\n" - + "HwriS5w1y3SxKNl7tbD3VXjSzqaNxZqN4UmT6k5tkrMF+ciaRUnDF00wMPq1fXrD\n" - + "KRsZ9A/KHgEGICMtWT1dJ6g8cVEFDgspO7I+1eERfKurBq1hcZZkTnniqrriltF5\n" - + "105QkeAxzfxKs6T94wArEHS5GtekDSY8fvPAhnhfyDY+jEkojUFJhzyQ6++6OwZI\n" - + "zDd7mdLwD52gVTBWLeMkydpUKhmu8lu1ER9cdmoEtDldDyY2kgV+YZgX+29b87os\n" - + "F2VmS4BD2LgUGB/n4d0hVk5eufT2SwhnFbq/Ei8BWLTkA5KBeJy3KmFw0/aL96sF\n" - + "4JAJUHszAgMBAAECggEAJ1StdsU3IGf5xzUzi3Q6JCfsOZs3eLoGgGB+Gh3XkfIM\n" - + "8PG7uOEBSEeLnv+me2NCv/a1BKMsYY1yp8YNSIOhjkhD75ZWVaUA6syejcox/DZA\n" - + "G1rmg0oQOF0GCcbCSBOwXMdmwNZiH5Ng0llX1qWKxAzSjeCVsjOKiFIMvO4Fh9D4\n" - + "9Io6/dRRNCxB6MEs1GT5IDfCV2PGDIalJ3znFqDnfdu9RDEDfNVHSUr6Jdu3Hrf5\n" - + "3qCcSEkMGuXYLotCNtTP1x0H0wW5gVpcbQEb29qdmHL1qkp3UiA3afsHnO/3k0gv\n" - + "gV5FxaldugyZAjqUGERdKaY6BMDJkDuu0qD0tPQK4QKBgQDuP5X5BcQ4iHNej+il\n" - + "xxT8QaEcZj0YEzcXzfm3ztZP7g+Jc1MbQXh6BuHLkXG5LeCwdnmk+LUD0MLoUSm3\n" - + "N2ZdtVuOHX7VEBrhrTwK/kMDpC7ganQzfvgOr9WQGmgGMRiUYAyK1J/x78yX967Z\n" - + "IAzdVZ/JSDdsyA983JckLL7CPQKBgQDngDkEJKYGfDt2mfItD8c8nhczGbDdoyYh\n" - + "s93ppTtgzFoNgFL4y/DOvisWMGgoeeYXSgH5uoPv6yY7IIkQzYySY6qQ3gmk1/X+\n" - + "bO+IsKVtlHBzqqojFteg3MfVojisMoAx6y5aBw1BXE2nAU8yWBTtuk+3KgGn9Oxk\n" - + "+Z4rdP06LwKBgA4b09zIW6NhaTubWBKhJHv/wvO0lj+bu7J8LyKUbBqVpXPlUXGW\n" - + "wfSv/aUZetuVfO3WRkPfupB8R16Ml+TSsgwwljhnRMCHUKA2qwyXnA5WJbSCeVkn\n" - + "Vrc/8Gy1M53SQHtg6L079DDWm44QS9ltzXU6Adlgnm+htVEWmxi4UZ+dAoGAfr6z\n" - + "+LG7+GcCA2AruEIgOe7wErkpHV+am+8nOymMxeV8FFJCmxbFQ9vYKTDdhfOfZvbM\n" - + "+BYG8E8VQmAAyyNOqENK+j+mlgrrEp4/0t2r5L/VhW5V8hoqelcGTc+gKZ8IkswJ\n" - + "N58Owc8wcJQF8TFKXBGaXVTxTSyKVIpZ778AeV8CgYAAvuicDkdwWv5EhDFf3aTI\n" - + "wfRFYflA6oiygnI63HzVyY4a+SyZs+nQpB5HBDo+Lyz8RaVRC5E7jQ8kiXJpxAu7\n" - + "1wnspz+pa3q61yR32N+zGuub71FXdLWSOlys6rzJqvqYihKxY22C2TyDyBCR2tMj\n" - + "mdnshXNAJfKkfghkJhFHrg==\n" - + "-----END PRIVATE KEY-----"; - - public static final String TEST_PEM = "" - + "-----BEGIN CERTIFICATE REQUEST-----\n" - + "MIIDIzCCAgsCAQAwgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh\n" - + "-----END CERTIFICATE REQUEST-----\n"; - - public static final String TEST_WRONG_PEM = "" - + "-----BEGIN WRONG REQUEST-----" - + "MIIDIzCCAgsCAQAwgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh" - + "-----END WRONG REQUEST-----"; - -} diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/TestUtils.java b/certService/src/test/java/org/onap/aaf/certservice/certification/TestUtils.java deleted file mode 100644 index a6e55c57..00000000 --- a/certService/src/test/java/org/onap/aaf/certservice/certification/TestUtils.java +++ /dev/null @@ -1,61 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * PROJECT - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aaf.certservice.certification; - -import org.bouncycastle.util.encoders.Base64; -import org.bouncycastle.util.io.pem.PemObject; -import org.bouncycastle.util.io.pem.PemWriter; -import org.onap.aaf.certservice.certification.exception.DecryptionException; -import org.onap.aaf.certservice.certification.exception.KeyDecryptionException; -import org.onap.aaf.certservice.certification.model.CsrModel; - -import java.io.IOException; -import java.io.StringWriter; - -import static org.onap.aaf.certservice.certification.TestData.TEST_CSR; -import static org.onap.aaf.certservice.certification.TestData.TEST_PK; - - -public final class TestUtils { - - private TestUtils() { - } - - public static String pemObjectToString(PemObject pemObject) throws KeyDecryptionException { - try (StringWriter output = new StringWriter()) { - PemWriter pemWriter = new PemWriter(output); - pemWriter.writeObject(pemObject); - pemWriter.close(); - return output.getBuffer().toString(); - - } catch (IOException e) { - throw new KeyDecryptionException("Writing PAM Object to string failed", e); - } - } - - public static CsrModel createCsrModel() throws DecryptionException { - CsrModelFactory csrModelFactory = new CsrModelFactory(); - String encoderCsr = new String(Base64.encode(TEST_CSR.getBytes())); - String encoderPK = new String(Base64.encode(TEST_PK.getBytes())); - return csrModelFactory - .createCsrModel(new CsrModelFactory.StringBase64(encoderCsr), new CsrModelFactory.StringBase64(encoderPK)); - } -} diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/X509CertificateBuilderTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/X509CertificateBuilderTest.java deleted file mode 100644 index 067f2f5f..00000000 --- a/certService/src/test/java/org/onap/aaf/certservice/certification/X509CertificateBuilderTest.java +++ /dev/null @@ -1,69 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * PROJECT - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aaf.certservice.certification; - -import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.cert.X509v3CertificateBuilder; -import org.bouncycastle.operator.ContentSigner; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.pkcs.PKCS10CertificationRequest; -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; -import org.onap.aaf.certservice.certification.exception.DecryptionException; -import org.onap.aaf.certservice.certification.model.CsrModel; - -import java.io.IOException; -import java.security.PrivateKey; - -import static org.assertj.core.api.Assertions.assertThat; -import static org.onap.aaf.certservice.certification.TestUtils.createCsrModel; - -public class X509CertificateBuilderTest { - - private X509CertificateBuilder certificateBuilder; - - - @BeforeEach - void setUp() { - certificateBuilder = new X509CertificateBuilder(); - } - - @Test - void shouldBuildCertificateBuilderWhenGivenProperCertificationRequest() - throws DecryptionException, IOException, OperatorCreationException { - // Given - CsrModel testCsrModel = createCsrModel(); - PKCS10CertificationRequest testCertificationRequest = testCsrModel.getCsr(); - PrivateKey testPrivateKey = testCsrModel.getPrivateKey(); - RsaContentSignerBuilder rsaContentSignerBuilder = new RsaContentSignerBuilder(); - ContentSigner createdContentSigner = rsaContentSignerBuilder.build(testCertificationRequest, testPrivateKey); - - // When - X509v3CertificateBuilder certificateBuilder = this.certificateBuilder.build(testCertificationRequest); - X509CertificateHolder certificateHolder = certificateBuilder.build(createdContentSigner); - - // Then - assertThat(certificateHolder.getIssuer()) - .isEqualToComparingFieldByField(testCsrModel.getSubjectData()); - assertThat(certificateHolder.getSubjectPublicKeyInfo()) - .isEqualToComparingFieldByField(testCertificationRequest.getSubjectPublicKeyInfo()); - } -} diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/CmpServersConfigLoaderTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/CmpServersConfigLoaderTest.java deleted file mode 100644 index 87964295..00000000 --- a/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/CmpServersConfigLoaderTest.java +++ /dev/null @@ -1,117 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * PROJECT - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aaf.certservice.certification.configuration; - -import static org.assertj.core.api.Assertions.assertThat; -import static org.junit.jupiter.api.Assertions.assertThrows; - -import java.util.List; -import java.util.Map; - -import org.junit.jupiter.api.Test; -import org.junit.jupiter.api.extension.ExtendWith; -import org.onap.aaf.certservice.CertServiceApplication; -import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit.jupiter.SpringExtension; - -@ExtendWith(SpringExtension.class) -@ContextConfiguration(classes = CertServiceApplication.class) -class CmpServersConfigLoaderTest { - private static final String EXISTING_CONFIG_FILENAME = "cmpServers.json"; - private static final String INVALID_CONFIG_FILENAME = "invalidCmpServers.json"; - private static final String NONEXISTENT_CONFIG_FILENAME = "nonExistingCmpServers.json"; - - private static final Map<String, String> EXPECTED_FIRST_CMP_SERVER = Map.of( - "CA_NAME", "TEST", - "URL", "http://127.0.0.1/ejbca/publicweb/cmp/cmp", - "ISSUER_DN", "CN=ManagementCA", - "CA_MODE", "CLIENT", - "IAK", "xxx", - "RV", "yyy" - ); - private static final Map<String, String> EXPECTED_SECOND_CMP_SERVER = Map.of( - "CA_NAME", "TEST2", - "URL", "http://127.0.0.1/ejbca/publicweb/cmp/cmpRA", - "ISSUER_DN", "CN=ManagementCA2", - "CA_MODE", "RA", - "IAK", "xxx", - "RV", "yyy" - ); - - @Autowired - private CmpServersConfigLoader configLoader; - - @Test - void shouldLoadCmpServersConfigWhenFileAvailable() throws CmpServersConfigLoadingException { - // Given - String path = getResourcePath(EXISTING_CONFIG_FILENAME); - - // When - List<Cmpv2Server> cmpServers = configLoader.load(path); - - // Then - assertThat(cmpServers).isNotNull(); - assertThat(cmpServers).hasSize(2); - verifyThatCmpServerEquals(cmpServers.get(0), EXPECTED_FIRST_CMP_SERVER); - verifyThatCmpServerEquals(cmpServers.get(1), EXPECTED_SECOND_CMP_SERVER); - } - - @Test - void shouldThrowExceptionWhenFileMissing() { - // When - Exception exception = assertThrows( - CmpServersConfigLoadingException.class, - () -> configLoader.load(NONEXISTENT_CONFIG_FILENAME)); - - // Then - assertThat(exception.getMessage()).contains("Exception occurred during CMP Servers configuration loading"); - } - - @Test - void shouldThrowExceptionWhenConfigurationIsInvalid() { - // Given - String path = getResourcePath(INVALID_CONFIG_FILENAME); - - // When - Exception exception = assertThrows( - CmpServersConfigLoadingException.class, - () -> configLoader.load(path)); - - // Then - assertThat(exception.getMessage()).contains("Validation of CMPv2 servers configuration failed"); - assertThat(exception.getCause().getMessage()).contains("authentication"); - } - - private String getResourcePath(String configFilename) { - return getClass().getClassLoader().getResource(configFilename).getFile(); - } - - private void verifyThatCmpServerEquals(Cmpv2Server cmpv2Server, Map<String, String> expected) { - assertThat(cmpv2Server.getCaName()).isEqualTo(expected.get("CA_NAME")); - assertThat(cmpv2Server.getUrl()).isEqualTo(expected.get("URL")); - assertThat(cmpv2Server.getIssuerDN().toString()).isEqualTo(expected.get("ISSUER_DN")); - assertThat(cmpv2Server.getCaMode().name()).isEqualTo(expected.get("CA_MODE")); - assertThat(cmpv2Server.getAuthentication().getIak()).isEqualTo(expected.get("IAK")); - assertThat(cmpv2Server.getAuthentication().getRv()).isEqualTo(expected.get("RV")); - } -} diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/CmpServersConfigTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/CmpServersConfigTest.java deleted file mode 100644 index 511c3966..00000000 --- a/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/CmpServersConfigTest.java +++ /dev/null @@ -1,236 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * PROJECT - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aaf.certservice.certification.configuration; - -import static org.assertj.core.api.Assertions.assertThat; -import static org.junit.jupiter.api.Assertions.assertThrows; -import static org.mockito.ArgumentMatchers.any; -import static org.mockito.ArgumentMatchers.startsWith; - -import java.util.List; - -import org.bouncycastle.asn1.x500.X500Name; -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; -import org.junit.jupiter.api.extension.ExtendWith; -import org.mockito.Mock; -import org.mockito.Mockito; -import org.mockito.junit.jupiter.MockitoExtension; -import org.onap.aaf.certservice.certification.configuration.model.Authentication; -import org.onap.aaf.certservice.certification.configuration.model.CaMode; -import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server; - -@ExtendWith(MockitoExtension.class) -class CmpServersConfigTest { - - private static final String ERROR_MESSAGE = "Exception occurred during CMP Servers configuration loading"; - private static final String APP_CONFIG_PATH = "/fake/path/to/config"; - private static final List<Cmpv2Server> SAMPLE_CMP_SERVERS = generateTestConfiguration(); - - @Mock - private CmpServersConfigLoader cmpServersConfigLoader; - - private CmpServersConfig cmpServersConfig; - - @BeforeEach - void setUp() { - cmpServersConfig = new CmpServersConfig(APP_CONFIG_PATH, cmpServersConfigLoader); - } - - @Test - void shouldCallLoaderWithPathFromPropertiesWhenCreated() throws CmpServersConfigLoadingException { - // When - this.cmpServersConfig.init(); // Manual PostConstruct call - - // Then - Mockito.verify(cmpServersConfigLoader).load(startsWith(APP_CONFIG_PATH)); - } - - @Test - void shouldReturnLoadedServersWhenGetCalled() throws CmpServersConfigLoadingException { - // Given - Mockito.when(cmpServersConfigLoader.load(any())).thenReturn(SAMPLE_CMP_SERVERS); - this.cmpServersConfig.init(); // Manual PostConstruct call - - // When - List<Cmpv2Server> receivedCmpServers = this.cmpServersConfig.getCmpServers(); - - // Then - assertThat(receivedCmpServers).containsAll(SAMPLE_CMP_SERVERS); - } - - @Test - void shouldReturnLoadedServersAfterReloadWhenGetCalled() throws CmpServersConfigLoadingException { - // Given - Mockito.when(cmpServersConfigLoader.load(any())).thenReturn(SAMPLE_CMP_SERVERS); - List<Cmpv2Server> receivedCmpServers = this.cmpServersConfig.getCmpServers(); - assertThat(receivedCmpServers).isNull(); - - // When - this.cmpServersConfig.reloadConfiguration(); - receivedCmpServers = this.cmpServersConfig.getCmpServers(); - - // Then - assertThat(receivedCmpServers).containsAll(SAMPLE_CMP_SERVERS); - } - - @Test - void shouldRethrowExceptionWhenReloaded() throws CmpServersConfigLoadingException { - // Given - Mockito.when(cmpServersConfigLoader.load(any())).thenThrow(new CmpServersConfigLoadingException( - ERROR_MESSAGE)); - - // Then - assertThrows( - CmpServersConfigLoadingException.class, - () -> cmpServersConfig.reloadConfiguration()); - } - - @Test - void shouldPassMessageToRethrownErrorWhenReloadingFails() throws CmpServersConfigLoadingException { - // Given - Mockito.when(cmpServersConfigLoader.load(any())).thenThrow(new CmpServersConfigLoadingException(ERROR_MESSAGE)); - - // When - Exception exception = assertThrows( - CmpServersConfigLoadingException.class, - () -> cmpServersConfig.reloadConfiguration()); - - // Then - assertThat(exception.getMessage()).isEqualTo(ERROR_MESSAGE); - } - - @Test - void shouldNotReturnIakAndRvWhenToStringMethodIsUsed() throws CmpServersConfigLoadingException { - // Given - Mockito.when(cmpServersConfigLoader.load(any())).thenReturn(SAMPLE_CMP_SERVERS); - this.cmpServersConfig.init(); // Manual PostConstruct call - - // When - List<Cmpv2Server> receivedCmpServers = this.cmpServersConfig.getCmpServers(); - - // Then - receivedCmpServers.forEach((server) -> assertThat(server.toString()) - .doesNotContain( - server.getAuthentication().getIak(), - server.getAuthentication().getRv() - )); - } - - @Test - void shouldRethrowErrorWhenLoadingFails() throws CmpServersConfigLoadingException { - // Given - Mockito.when(cmpServersConfigLoader.load(any())).thenThrow(new CmpServersConfigLoadingException(ERROR_MESSAGE)); - - // Then - assertThrows( - CmpServersConfigLoadingException.class, - () -> cmpServersConfig.loadConfiguration()); - } - - @Test - void shouldPassMessageToRethrownErrorWhenLoadingFails() throws CmpServersConfigLoadingException { - // Given - Mockito.when(cmpServersConfigLoader.load(any())).thenThrow(new CmpServersConfigLoadingException(ERROR_MESSAGE)); - - // When - Exception exception = assertThrows( - CmpServersConfigLoadingException.class, - () -> cmpServersConfig.loadConfiguration()); - - // Then - assertThat(exception.getMessage()).isEqualTo(ERROR_MESSAGE); - } - - @Test - void shouldBeNotReadyWhenCreated() { - assertThat(cmpServersConfig.isReady()).isFalse(); - } - - @Test - void shouldBeReadyWhenSuccessfullyInitialized() { - // When - this.cmpServersConfig.init(); // Manual PostConstruct call - - // Then - assertThat(cmpServersConfig.isReady()).isTrue(); - } - - @Test - void shouldNotBeReadyWhenFailedToInitialize() throws CmpServersConfigLoadingException { - // Given - Mockito.when(cmpServersConfigLoader.load(any())).thenThrow(new CmpServersConfigLoadingException(ERROR_MESSAGE)); - - // When - this.cmpServersConfig.init(); // Manual PostConstruct call - - // Then - assertThat(cmpServersConfig.isReady()).isFalse(); - } - - @Test - void shouldBeReadyWhenSuccessfullyReloaded() throws CmpServersConfigLoadingException { - // When - this.cmpServersConfig.reloadConfiguration(); - - // Then - assertThat(cmpServersConfig.isReady()).isTrue(); - } - - @Test - void shouldNotBeReadyWhenFailedToReload() throws CmpServersConfigLoadingException { - // Given - Mockito.when(cmpServersConfigLoader.load(any())).thenThrow(new CmpServersConfigLoadingException(ERROR_MESSAGE)); - - // When - assertThrows( - CmpServersConfigLoadingException.class, - () -> cmpServersConfig.loadConfiguration()); - - // Then - assertThat(cmpServersConfig.isReady()).isFalse(); - } - - private static List<Cmpv2Server> generateTestConfiguration() { - Cmpv2Server testServer1 = new Cmpv2Server(); - testServer1.setCaName("TEST_CA1"); - testServer1.setIssuerDN(new X500Name("CN=testIssuer")); - testServer1.setUrl("http://test.ca.server"); - Authentication testAuthentication1 = new Authentication(); - testAuthentication1.setIak("testIak"); - testAuthentication1.setRv("testRv"); - testServer1.setAuthentication(testAuthentication1); - testServer1.setCaMode(CaMode.RA); - - Cmpv2Server testServer2 = new Cmpv2Server(); - testServer2.setCaName("TEST_CA2"); - testServer2.setIssuerDN(new X500Name("CN=testIssuer2")); - testServer2.setUrl("http://test.ca.server"); - Authentication testAuthentication2 = new Authentication(); - testAuthentication2.setIak("test2Iak"); - testAuthentication2.setRv("test2Rv"); - testServer2.setAuthentication(testAuthentication2); - testServer2.setCaMode(CaMode.CLIENT); - - return List.of(testServer1, testServer2); - } - -} diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/Cmpv2ServerProviderTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/Cmpv2ServerProviderTest.java deleted file mode 100644 index b83fb9aa..00000000 --- a/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/Cmpv2ServerProviderTest.java +++ /dev/null @@ -1,100 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * PROJECT - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aaf.certservice.certification.configuration; - -import org.bouncycastle.asn1.x500.X500Name; -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; -import org.junit.jupiter.api.extension.ExtendWith; -import org.mockito.Mock; -import org.mockito.junit.jupiter.MockitoExtension; -import org.onap.aaf.certservice.certification.configuration.model.Authentication; -import org.onap.aaf.certservice.certification.configuration.model.CaMode; -import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server; -import org.onap.aaf.certservice.certification.exception.Cmpv2ServerNotFoundException; - -import java.util.Collections; - -import static org.assertj.core.api.Assertions.assertThat; -import static org.junit.jupiter.api.Assertions.assertThrows; -import static org.junit.jupiter.api.Assertions.assertTrue; -import static org.mockito.Mockito.when; - -@ExtendWith(MockitoExtension.class) -class Cmpv2ServerProviderTest { - - private static final String TEST_CA = "testCA"; - - private Cmpv2ServerProvider cmpv2ServerProvider; - - @Mock - private CmpServersConfig cmpServersConfig; - - @BeforeEach - void setUp() { - cmpv2ServerProvider = - new Cmpv2ServerProvider(cmpServersConfig); - } - - @Test - void shouldReturnOptionalWithServerWhenServerWithGivenCaNameIsPresentInConfig() { - // Given - Cmpv2Server testServer = createTestServer(); - when(cmpServersConfig.getCmpServers()).thenReturn(Collections.singletonList(testServer)); - - // When - Cmpv2Server receivedServer = cmpv2ServerProvider - .getCmpv2Server(TEST_CA); - - // Then - assertThat(receivedServer).isEqualToComparingFieldByField(testServer); - } - - @Test - void shouldReturnEmptyOptionalWhenServerWithGivenCaNameIsNotPresentInConfig() { - // Given - String expectedMessage = "No server found for given CA name"; - when(cmpServersConfig.getCmpServers()).thenReturn(Collections.emptyList()); - - // When - Exception exception = assertThrows( - Cmpv2ServerNotFoundException.class, () -> - cmpv2ServerProvider.getCmpv2Server(TEST_CA) - ); - - // Then - assertTrue(exception.getMessage().contains(expectedMessage)); - } - - private Cmpv2Server createTestServer() { - Cmpv2Server testServer = new Cmpv2Server(); - testServer.setCaName(TEST_CA); - testServer.setIssuerDN(new X500Name("CN=testIssuer")); - testServer.setUrl("http://test.ca.server"); - Authentication testAuthentication = new Authentication(); - testAuthentication.setIak("testIak"); - testAuthentication.setRv("testRv"); - testServer.setAuthentication(testAuthentication); - testServer.setCaMode(CaMode.RA); - - return testServer; - } -} diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/validation/Cmpv2ServersConfigurationValidatorTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/validation/Cmpv2ServersConfigurationValidatorTest.java deleted file mode 100644 index 6db77753..00000000 --- a/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/validation/Cmpv2ServersConfigurationValidatorTest.java +++ /dev/null @@ -1,213 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * PROJECT - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aaf.certservice.certification.configuration.validation; - - -import org.bouncycastle.asn1.x500.X500Name; -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; -import org.junit.jupiter.api.extension.ExtendWith; -import org.onap.aaf.certservice.CertServiceApplication; -import org.onap.aaf.certservice.certification.configuration.model.Authentication; -import org.onap.aaf.certservice.certification.configuration.model.CaMode; -import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit.jupiter.SpringExtension; - -import java.security.InvalidParameterException; -import java.util.ArrayList; -import java.util.List; - -import static org.assertj.core.api.Assertions.assertThat; -import static org.junit.jupiter.api.Assertions.assertDoesNotThrow; -import static org.junit.jupiter.api.Assertions.assertThrows; - -@ExtendWith(SpringExtension.class) -@ContextConfiguration(classes = CertServiceApplication.class) -class Cmpv2ServersConfigurationValidatorTest { - - private static final String EMPTY_STRING = ""; - - @Autowired - private Cmpv2ServersConfigurationValidator validator; - - private Authentication authentication; - private Cmpv2Server server; - private List<Cmpv2Server> servers; - - @BeforeEach - private void init() { - setAuthentication(); - setServerConfiguration(); - servers = new ArrayList<>(); - servers.add(server); - } - - @Test - void shouldThrowExceptionWhenCaNamesAreNotUnique() { - // Given - servers.add(server); - - // When - Exception exception = assertThrows( - InvalidParameterException.class, - () -> validator.validate(servers)); - - // Then - assertThat(exception.getMessage()).contains("CA names are not unique within given CMPv2 servers"); - } - - @Test - void shouldThrowExceptionWhenWrongProtocolInUrl() { - // Given - server.setUrl("https://test.test.test:60000/"); - - // Then - assertExceptionIsThrown(); - } - - @Test - void shouldThrowExceptionWhenWrongPortInUrl() { - // Given - server.setUrl("http://test.test.test:70000/"); - - // Then - assertExceptionIsThrown(); - } - - @Test - void shouldThrowExceptionWhenWrongCaNameLength() { - // Given - server.setCaName(EMPTY_STRING); - - // Then - assertExceptionIsThrown(); - } - - @Test - void shouldThrowExceptionWhenWrongRvLength() { - // Given - authentication.setRv(EMPTY_STRING); - - // Then - assertExceptionIsThrown(); - } - - - @Test - void shouldThrowExceptionWhenWrongIakLength() { - // Given - authentication.setIak(EMPTY_STRING); - - // Then - assertExceptionIsThrown(); - } - - @Test - void shouldThrowExceptionWhenCaNameIsNull() { - // Given - server.setCaName(null); - - // Then - assertExceptionIsThrown(); - } - - @Test - void shouldThrowExceptionWhenIssuerDnIsNull() { - // Given - server.setIssuerDN(null); - - // Then - assertExceptionIsThrown(); - } - - @Test - void shouldThrowExceptionWhenCaModeIsNull() { - // Given - server.setCaMode(null); - - // Then - assertExceptionIsThrown(); - } - - @Test - void shouldThrowExceptionWhenUrlIsNull() { - // Given - server.setUrl(null); - - // Then - assertExceptionIsThrown(); - } - - @Test - void shouldThrowExceptionWhenAuthenticationIsNull() { - // Given - server.setAuthentication(null); - - // Then - assertExceptionIsThrown(); - } - - @Test - void shouldThrowExceptionWhenIakIsNull() { - // Given - authentication.setIak(null); - - // Then - assertExceptionIsThrown(); - } - - @Test - void shouldThrowExceptionWhenRvIsNull() { - // Given - authentication.setRv(null); - - // Then - assertExceptionIsThrown(); - } - - @Test - void shouldNotThrowExceptionWhenServerConfigurationIsValid() { - // Then - assertDoesNotThrow(() -> validator.validate(servers)); - } - - private void assertExceptionIsThrown() { - assertThrows(IllegalArgumentException.class, () -> validator.validate(servers)); - } - - private void setServerConfiguration() { - server = new Cmpv2Server(); - server.setCaMode(CaMode.CLIENT); - server.setCaName("TEST"); - server.setIssuerDN(new X500Name("CN=ManagementCA")); - server.setUrl("http://127.0.0.1/ejbca/publicweb/cmp/cmp"); - server.setAuthentication(authentication); - } - - private void setAuthentication() { - authentication = new Authentication(); - authentication.setRv("testRV"); - authentication.setIak("testIAK"); - } - -}
\ No newline at end of file diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/validation/constraints/Cmpv2UrlValidatorTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/validation/constraints/Cmpv2UrlValidatorTest.java deleted file mode 100644 index 7082626f..00000000 --- a/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/validation/constraints/Cmpv2UrlValidatorTest.java +++ /dev/null @@ -1,57 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * PROJECT - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - - -package org.onap.aaf.certservice.certification.configuration.validation.constraints; - -import org.junit.jupiter.api.Test; - -import static org.junit.jupiter.api.Assertions.assertFalse; -import static org.junit.jupiter.api.Assertions.assertTrue; - - -class Cmpv2UrlValidatorTest { - - private final Cmpv2UrlValidator validator = new Cmpv2UrlValidator(); - - @Test - void givenCorrectUrlWhenValidatingShouldReturnTrue() { - //given - String url = "http://127.0.0.1/ejbca/publicweb/cmp/cmp"; - - //when - boolean result = validator.isValid(url, null); - - //then - assertTrue(result); - } - - @Test - void givenIncorrectUrlWhenValidatingShouldReturnFalse() { - //given - String url = "httttp://127.0.0.1:80000/ejbca/publicweb/cmp/cmp"; - - //when - boolean result = validator.isValid(url, null); - - //then - assertFalse(result); - } -} diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/validation/constraints/violations/PortNumberViolationTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/validation/constraints/violations/PortNumberViolationTest.java deleted file mode 100644 index e729c738..00000000 --- a/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/validation/constraints/violations/PortNumberViolationTest.java +++ /dev/null @@ -1,76 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * PROJECT - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aaf.certservice.certification.configuration.validation.constraints.violations; - -import org.junit.jupiter.api.Test; - -import static org.junit.jupiter.api.Assertions.assertFalse; -import static org.junit.jupiter.api.Assertions.assertTrue; - -class PortNumberViolationTest { - - private final PortNumberViolation violation = new PortNumberViolation(); - - @Test - void givenValidPortShouldReturnTrue() { - //given - String validUrl1 = "http://127.0.0.1:8080/ejbca/publicweb/cmp/cmp"; - String validUrl2 = "http://127.0.0.1:1/ejbca/publicweb/cmp/cmp"; - String validUrl3 = "http://127.0.0.1:65535/ejbca/publicweb/cmp/cmp"; - - //when - boolean result1 = violation.validate(validUrl1); - boolean result2 = violation.validate(validUrl2); - boolean result3 = violation.validate(validUrl3); - - //then - assertTrue(result1); - assertTrue(result2); - assertTrue(result3); - } - - @Test - void givenEmptyPortShouldReturnTrue() { - //given - String validUrl = "http://127.0.0.1/ejbca/publicweb/cmp/cmp"; - - //when - boolean result = violation.validate(validUrl); - - //then - assertTrue(result); - } - - @Test - void givenInvalidPortShouldReturnFalse() { - //given - String invalidUrl1 = "http://127.0.0.1:0/ejbca/publicweb/cmp/cmp"; - String invalidUrl2 = "http://127.0.0.1:65536/ejbca/publicweb/cmp/cmp"; - - //when - boolean result1 = violation.validate(invalidUrl1); - boolean result2 = violation.validate(invalidUrl2); - - //then - assertFalse(result1); - assertFalse(result2); - } -} diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/validation/constraints/violations/RequestTypeViolationTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/validation/constraints/violations/RequestTypeViolationTest.java deleted file mode 100644 index dce66d52..00000000 --- a/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/validation/constraints/violations/RequestTypeViolationTest.java +++ /dev/null @@ -1,56 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * PROJECT - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aaf.certservice.certification.configuration.validation.constraints.violations; - -import org.junit.jupiter.api.Test; - -import static org.junit.jupiter.api.Assertions.assertFalse; -import static org.junit.jupiter.api.Assertions.assertTrue; - - -class RequestTypeViolationTest { - - private final RequestTypeViolation violation = new RequestTypeViolation(); - - @Test - void givenValidRequestTypeShouldReturnTrue() { - //given - String validUrl = "http://127.0.0.1/ejbca/publicweb/cmp/cmp"; - - //when - boolean result = violation.validate(validUrl); - - //then - assertTrue(result); - } - - @Test - void givenInvalidRequestTypeShouldReturnFalse() { - //given - String invalidUrl = "htestps://127.0.0.1/ejbca/publicweb/cmp/cmp"; - - //when - boolean result = violation.validate(invalidUrl); - - //then - assertFalse(result); - } -} diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/model/CsrModelTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/model/CsrModelTest.java deleted file mode 100644 index 08bc3368..00000000 --- a/certService/src/test/java/org/onap/aaf/certservice/certification/model/CsrModelTest.java +++ /dev/null @@ -1,185 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * PROJECT - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aaf.certservice.certification.model; - -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.pkcs.PKCS10CertificationRequest; -import org.bouncycastle.util.io.pem.PemObject; -import org.junit.jupiter.api.Test; -import org.onap.aaf.certservice.certification.Pkcs10CertificationRequestFactory; -import org.onap.aaf.certservice.certification.PemObjectFactory; -import org.onap.aaf.certservice.certification.exception.CsrDecryptionException; -import org.onap.aaf.certservice.certification.exception.DecryptionException; -import org.onap.aaf.certservice.certification.exception.KeyDecryptionException; - -import java.io.IOException; - -import static org.assertj.core.api.Assertions.assertThat; -import static org.junit.jupiter.api.Assertions.assertThrows; -import static org.junit.jupiter.api.Assertions.assertTrue; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.when; -import static org.onap.aaf.certservice.certification.TestData.TEST_CSR; -import static org.onap.aaf.certservice.certification.TestData.TEST_PEM; -import static org.onap.aaf.certservice.certification.TestData.TEST_PK; - - -class CsrModelTest { - - private final Pkcs10CertificationRequestFactory certificationRequestFactory - = new Pkcs10CertificationRequestFactory(); - private final PemObjectFactory pemObjectFactory - = new PemObjectFactory(); - - @Test - void shouldByConstructedAndReturnProperFields() throws DecryptionException, IOException { - // Given - PemObject testPrivateKey = getPemPrivateKey(); - PemObject testPublicKey = generateTestPublicKey(); - PKCS10CertificationRequest testCsr = generateTestCertificationRequest(); - - // When - CsrModel csrModel = generateTestCsrModel(testCsr); - - // Then - assertThat(csrModel.getCsr()) - .isEqualTo(testCsr); - assertThat(csrModel.getPrivateKey().getEncoded()) - .contains(testPrivateKey.getContent()); - assertThat(csrModel.getPublicKey().getEncoded()) - .contains(testPublicKey.getContent()); - assertThat(csrModel.getSans()) - .contains( - "gerrit.onap.org", "test.onap.org", "onap.com"); - assertThat(csrModel.getSubjectData().toString()) - .contains( - "C=US,ST=California,L=San-Francisco,O=Linux-Foundation,OU=ONAP,CN=onap.org,E=tester@onap.org"); - } - - @Test - void shouldThrowExceptionWhenPublicKeyIsNotCorrect() throws DecryptionException, IOException { - // Given - PemObject testPrivateKey = getPemPrivateKey(); - PKCS10CertificationRequest testCsr = mock(PKCS10CertificationRequest.class); - SubjectPublicKeyInfo wrongKryInfo = mock(SubjectPublicKeyInfo.class); - when(testCsr.getSubjectPublicKeyInfo()) - .thenReturn(wrongKryInfo); - when(wrongKryInfo.getEncoded()) - .thenThrow(new IOException()); - - // When - Exception exception = assertThrows( - CsrDecryptionException.class, - () -> new CsrModel.CsrModelBuilder(testCsr, testPrivateKey).build() - ); - - String expectedMessage = "Reading Public Key from CSR failed"; - String actualMessage = exception.getMessage(); - - // Then - assertTrue(actualMessage.contains(expectedMessage)); - } - - @Test - void shouldThrowExceptionWhenPrivateKeyPemIsNotProperPrivateKey() throws KeyDecryptionException, IOException { - // Given - PemObject testPrivateKey = getPemWrongKey(); - PKCS10CertificationRequest testCsr = mock(PKCS10CertificationRequest.class); - SubjectPublicKeyInfo wrongKryInfo = mock(SubjectPublicKeyInfo.class); - when(testCsr.getSubjectPublicKeyInfo()) - .thenReturn(wrongKryInfo); - when(wrongKryInfo.getEncoded()) - .thenThrow(new IOException()); - - // When - Exception exception = assertThrows( - KeyDecryptionException.class, - () -> new CsrModel.CsrModelBuilder(testCsr, testPrivateKey).build() - ); - - String expectedMessage = "Converting Private Key failed"; - String actualMessage = exception.getMessage(); - - // Then - assertTrue(actualMessage.contains(expectedMessage)); - } - - @Test - void shouldThrowExceptionWhenPublicKeyPemIsNotProperPublicKey() throws KeyDecryptionException, IOException { - // Given - PemObject testPrivateKey = getPemPrivateKey(); - PemObject testPublicKey = getPemWrongKey(); - PKCS10CertificationRequest testCsr = mock(PKCS10CertificationRequest.class); - SubjectPublicKeyInfo wrongKryInfo = mock(SubjectPublicKeyInfo.class); - when(testCsr.getSubjectPublicKeyInfo()) - .thenReturn(wrongKryInfo); - when(wrongKryInfo.getEncoded()) - .thenReturn(testPublicKey.getContent()); - - // When - Exception exception = assertThrows( - KeyDecryptionException.class, - () -> new CsrModel.CsrModelBuilder(testCsr, testPrivateKey).build() - ); - - String expectedMessage = "Converting Public Key from CSR failed"; - String actualMessage = exception.getMessage(); - - // Then - assertTrue(actualMessage.contains(expectedMessage)); - } - - private PemObject getPemPrivateKey() throws KeyDecryptionException { - PemObjectFactory pemObjectFactory = new PemObjectFactory(); - return pemObjectFactory.createPemObject(TEST_PK).orElseThrow( - () -> new KeyDecryptionException("Private key decoding fail") - ); - } - - private PemObject getPemWrongKey() throws KeyDecryptionException { - PemObjectFactory pemObjectFactory = new PemObjectFactory(); - return pemObjectFactory.createPemObject(TEST_PEM).orElseThrow( - () -> new KeyDecryptionException("Private key decoding fail") - ); - } - - private CsrModel generateTestCsrModel(PKCS10CertificationRequest testCsr) throws DecryptionException { - PemObject testPrivateKey = pemObjectFactory.createPemObject(TEST_PK).orElseThrow( - () -> new DecryptionException("Incorrect Private Key, decryption failed") - ); - return new CsrModel.CsrModelBuilder(testCsr, testPrivateKey).build(); - } - - private PemObject generateTestPublicKey() throws DecryptionException, IOException { - PKCS10CertificationRequest testCsr = generateTestCertificationRequest(); - return new PemObject("PUBLIC KEY", testCsr.getSubjectPublicKeyInfo().getEncoded()); - } - - private PKCS10CertificationRequest generateTestCertificationRequest() throws DecryptionException { - return pemObjectFactory.createPemObject(TEST_CSR) - .flatMap( - certificationRequestFactory::createPkcs10CertificationRequest - ).orElseThrow( - () -> new DecryptionException("Incorrect CSR, decryption failed") - ); - } - -} diff --git a/certService/src/test/java/org/onap/aaf/certservice/cmpv2client/Cmpv2ClientTest.java b/certService/src/test/java/org/onap/aaf/certservice/cmpv2client/Cmpv2ClientTest.java deleted file mode 100644 index 05bda54b..00000000 --- a/certService/src/test/java/org/onap/aaf/certservice/cmpv2client/Cmpv2ClientTest.java +++ /dev/null @@ -1,288 +0,0 @@ -/* - * Copyright (C) 2019 Ericsson Software Technology AB. All rights reserved. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ - -package org.onap.aaf.certservice.cmpv2client; - -import static org.junit.jupiter.api.Assertions.assertNotNull; -import static org.mockito.ArgumentMatchers.any; -import static org.mockito.Mockito.doAnswer; -import static org.mockito.Mockito.spy; -import static org.mockito.Mockito.when; -import static org.mockito.MockitoAnnotations.initMocks; - -import java.io.BufferedInputStream; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; -import java.security.KeyFactory; -import java.security.KeyPair; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.Security; -import java.security.cert.X509Certificate; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.PKCS8EncodedKeySpec; -import java.security.spec.X509EncodedKeySpec; -import java.text.ParseException; -import java.text.SimpleDateFormat; -import java.util.Collections; -import java.util.Date; -import java.util.List; - -import org.apache.commons.io.IOUtils; -import org.apache.http.HttpEntity; -import org.apache.http.client.methods.CloseableHttpResponse; -import org.apache.http.impl.client.CloseableHttpClient; -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.asn1.x500.X500NameBuilder; -import org.bouncycastle.asn1.x500.style.BCStyle; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.junit.jupiter.api.Assertions; -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; -import org.mockito.Mock; -import org.onap.aaf.certservice.certification.configuration.model.Authentication; -import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server; -import org.onap.aaf.certservice.certification.model.CsrModel; -import org.onap.aaf.certservice.cmpv2client.exceptions.CmpClientException; -import org.onap.aaf.certservice.cmpv2client.impl.CmpClientImpl; -import org.onap.aaf.certservice.cmpv2client.model.Cmpv2CertificationModel; - -class Cmpv2ClientTest { - - static { - Security.addProvider(new BouncyCastleProvider()); - } - - private CsrModel csrModel; - private Cmpv2Server server; - private Date notBefore; - private Date notAfter; - private X500Name dn; - - @Mock - X509Certificate cert; - - @Mock - CloseableHttpClient httpClient; - - @Mock - CloseableHttpResponse httpResponse; - - @Mock - HttpEntity httpEntity; - - private static KeyPair keyPair; - - @BeforeEach - void setUp() - throws NoSuchProviderException, NoSuchAlgorithmException, IOException, - InvalidKeySpecException { - keyPair = loadKeyPair(); - dn = new X500NameBuilder() - .addRDN(BCStyle.O, "TestOrganization") - .build(); - initMocks(this); - } - - public KeyPair loadKeyPair() - throws IOException, NoSuchAlgorithmException, InvalidKeySpecException, - NoSuchProviderException { - - final InputStream privateInputStream = this.getClass().getResourceAsStream("/privateKey"); - final InputStream publicInputStream = this.getClass().getResourceAsStream("/publicKey"); - BufferedInputStream bis = new BufferedInputStream(privateInputStream); - byte[] privateBytes = IOUtils.toByteArray(bis); - bis = new BufferedInputStream(publicInputStream); - byte[] publicBytes = IOUtils.toByteArray(bis); - - KeyFactory keyFactory = KeyFactory.getInstance("RSA", BouncyCastleProvider.PROVIDER_NAME); - X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(publicBytes); - PublicKey publicKey = keyFactory.generatePublic(publicKeySpec); - - PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec(privateBytes); - PrivateKey privateKey = keyFactory.generatePrivate(privateKeySpec); - - return new KeyPair(publicKey, privateKey); - } - - @Test - void shouldReturnValidPkiMessageWhenCreateCertificateRequestMessageMethodCalledWithValidCsr() - throws Exception { - // given - Date beforeDate = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss").parse("2019/11/11 12:00:00"); - Date afterDate = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss").parse("2020/11/11 12:00:00"); - setCsrModelAndServerValues( - "mypassword", - "senderKID", - "http://127.0.0.1/ejbca/publicweb/cmp/cmp", - beforeDate, - afterDate); - when(httpClient.execute(any())).thenReturn(httpResponse); - when(httpResponse.getEntity()).thenReturn(httpEntity); - - try (final InputStream is = - this.getClass().getResourceAsStream("/ReturnedSuccessPKIMessageWithCertificateFile"); - BufferedInputStream bis = new BufferedInputStream(is)) { - - byte[] ba = IOUtils.toByteArray(bis); - doAnswer( - invocation -> { - OutputStream os = (ByteArrayOutputStream) invocation.getArguments()[0]; - os.write(ba); - return null; - }) - .when(httpEntity) - .writeTo(any(OutputStream.class)); - } - CmpClientImpl cmpClient = spy(new CmpClientImpl(httpClient)); - // when - Cmpv2CertificationModel cmpClientResult = - cmpClient.createCertificate(csrModel, server, notBefore, notAfter); - // then - assertNotNull(cmpClientResult); - } - - @Test - void - shouldThrowCmpClientExceptionWhenCreateCertificateRequestMessageMethodCalledWithWrongProtectedBytesInResponse() - throws Exception { - // given - Date beforeDate = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss").parse("2019/11/11 12:00:00"); - Date afterDate = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss").parse("2020/11/11 12:00:00"); - setCsrModelAndServerValues( - "password", - "senderKID", - "http://127.0.0.1/ejbca/publicweb/cmp/cmp", - beforeDate, - afterDate); - when(httpClient.execute(any())).thenReturn(httpResponse); - when(httpResponse.getEntity()).thenReturn(httpEntity); - - try (final InputStream is = - this.getClass().getResourceAsStream("/ReturnedSuccessPKIMessageWithCertificateFile"); - BufferedInputStream bis = new BufferedInputStream(is)) { - - byte[] ba = IOUtils.toByteArray(bis); - doAnswer( - invocation -> { - OutputStream os = (ByteArrayOutputStream) invocation.getArguments()[0]; - os.write(ba); - return null; - }) - .when(httpEntity) - .writeTo(any(OutputStream.class)); - } - CmpClientImpl cmpClient = spy(new CmpClientImpl(httpClient)); - // then - Assertions.assertThrows( - CmpClientException.class, - () -> cmpClient.createCertificate(csrModel, server, notBefore, notAfter)); - } - - @Test - void shouldThrowCmpClientExceptionWithPkiErrorExceptionWhenCmpClientCalledWithBadPassword() - throws Exception { - // given - Date beforeDate = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss").parse("2019/11/11 12:00:00"); - Date afterDate = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss").parse("2020/11/11 12:00:00"); - setCsrModelAndServerValues( - "password", - "senderKID", - "http://127.0.0.1/ejbca/publicweb/cmp/cmp", - beforeDate, - afterDate); - when(httpClient.execute(any())).thenReturn(httpResponse); - when(httpResponse.getEntity()).thenReturn(httpEntity); - - try (final InputStream is = - this.getClass().getResourceAsStream("/ReturnedFailurePKIMessageBadPassword"); - BufferedInputStream bis = new BufferedInputStream(is)) { - - byte[] ba = IOUtils.toByteArray(bis); - doAnswer( - invocation -> { - OutputStream os = (ByteArrayOutputStream) invocation.getArguments()[0]; - os.write(ba); - return null; - }) - .when(httpEntity) - .writeTo(any(OutputStream.class)); - } - CmpClientImpl cmpClient = spy(new CmpClientImpl(httpClient)); - - // then - Assertions.assertThrows( - CmpClientException.class, - () -> cmpClient.createCertificate(csrModel, server, notBefore, notAfter)); - } - - @Test - void shouldThrowIllegalArgumentExceptionWhencreateCertificateCalledWithInvalidCsr() - throws ParseException { - // given - Date beforeDate = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss").parse("2020/11/11 12:00:00"); - Date afterDate = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss").parse("2019/11/11 12:00:00"); - setCsrModelAndServerValues( - "password", - "senderKID", - "http://127.0.0.1/ejbca/publicweb/cmp/cmp", - beforeDate, - afterDate); - CmpClientImpl cmpClient = new CmpClientImpl(httpClient); - // then - Assertions.assertThrows( - IllegalArgumentException.class, - () -> cmpClient.createCertificate(csrModel, server, notBefore, notAfter)); - } - - @Test - void shouldThrowIoExceptionWhenCreateCertificateCalledWithNoServerAvailable() - throws IOException, ParseException { - // given - Date beforeDate = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss").parse("2019/11/11 12:00:00"); - Date afterDate = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss").parse("2020/11/11 12:00:00"); - setCsrModelAndServerValues( - "myPassword", - "sender", - "http://127.0.0.1/ejbca/publicweb/cmp/cmpTest", - beforeDate, - afterDate); - when(httpClient.execute(any())).thenThrow(IOException.class); - CmpClientImpl cmpClient = spy(new CmpClientImpl(httpClient)); - // then - Assertions.assertThrows( - CmpClientException.class, - () -> cmpClient.createCertificate(csrModel, server, notBefore, notAfter)); - } - - private void setCsrModelAndServerValues(String iak, String rv, String externalCaUrl, Date notBefore, Date notAfter) { - csrModel = new CsrModel(null, dn, keyPair.getPrivate(), keyPair.getPublic(), Collections.emptyList()); - - Authentication authentication = new Authentication(); - authentication.setIak(iak); - authentication.setRv(rv); - server = new Cmpv2Server(); - server.setAuthentication(authentication); - server.setUrl(externalCaUrl); - server.setIssuerDN(dn); - this.notBefore = notBefore; - this.notAfter = notAfter; - } -} diff --git a/certService/src/test/java/org/onap/aaf/certservice/cmpv2client/external/RdnTest.java b/certService/src/test/java/org/onap/aaf/certservice/cmpv2client/external/RdnTest.java deleted file mode 100644 index 6e42afe8..00000000 --- a/certService/src/test/java/org/onap/aaf/certservice/cmpv2client/external/RdnTest.java +++ /dev/null @@ -1,96 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * PROJECT - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aaf.certservice.cmpv2client.external; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.x500.style.BCStyle; -import org.bouncycastle.cert.CertException; -import org.junit.jupiter.api.Test; - -import java.util.Arrays; -import java.util.List; - -import static org.junit.jupiter.api.Assertions.assertEquals; -import static org.junit.jupiter.api.Assertions.assertThrows; - -class RdnTest { - - @Test - void shouldCreateCorrectRdn() throws CertException { - // given - final String expectedValue = "ManagmentCA"; - final ASN1ObjectIdentifier expectedAoi = BCStyle.CN; - - //when - Rdn rdn1 = new Rdn("CN=ManagmentCA"); - Rdn rdn2 = new Rdn("CN = ManagmentCA "); - Rdn rdn3 = new Rdn("CN", "ManagmentCA"); - - //then - assertEquals(expectedValue, rdn1.getValue()); - assertEquals(expectedValue, rdn2.getValue()); - assertEquals(expectedValue, rdn3.getValue()); - assertEquals(expectedAoi, rdn1.getAoi()); - assertEquals(expectedAoi, rdn2.getAoi()); - assertEquals(expectedAoi, rdn3.getAoi()); - } - - @Test - void shouldCorrectlySplitAndTrimString() { - //given - String value1 = " T = Test"; - List<String> expected1 = Arrays.asList("T", "Test"); - - String value2 = "This 123 is 99 tested 12345 string"; - List<String> expected2 = Arrays.asList("This", "is 99 tested", "string"); - - //when - List<String> actual1 = Rdn.parseRdn("=", value1); - List<String> actual2 = Rdn.parseRdn("[0-9]{3,}", value2); - - //then - assertEquals(expected1, actual1); - assertEquals(expected2, actual2); - } - - @Test - void shouldConvertAoiStringToEnum() throws CertException { - Rdn rdn = new Rdn("CN", "ManagmentCA"); - - assertEquals(BCStyle.CN, rdn.getAoi("CN")); - assertEquals(BCStyle.C, rdn.getAoi("C")); - assertEquals(BCStyle.ST, rdn.getAoi("ST")); - assertEquals(BCStyle.L, rdn.getAoi("L")); - assertEquals(BCStyle.O, rdn.getAoi("O")); - assertEquals(BCStyle.OU, rdn.getAoi("OU")); - assertEquals(BCStyle.DC, rdn.getAoi("DC")); - assertEquals(BCStyle.GIVENNAME, rdn.getAoi("GN")); - assertEquals(BCStyle.SN, rdn.getAoi("SN")); - assertEquals(BCStyle.E, rdn.getAoi("E")); - assertEquals(BCStyle.E, rdn.getAoi("EMAIL")); - assertEquals(BCStyle.E, rdn.getAoi("EMAILADDRESS")); - assertEquals(BCStyle.INITIALS, rdn.getAoi("INITIALS")); - assertEquals(BCStyle.PSEUDONYM, rdn.getAoi("PSEUDONYM")); - assertEquals(BCStyle.GENERATION, rdn.getAoi("GENERATIONQUALIFIER")); - assertEquals(BCStyle.SERIALNUMBER, rdn.getAoi("SERIALNUMBER")); - assertThrows(CertException.class, () -> rdn.getAoi("INVALIDTAG")); - } -} diff --git a/certService/src/test/java/org/onap/aaf/certservice/cmpv2client/impl/CmpResponseHelperTest.java b/certService/src/test/java/org/onap/aaf/certservice/cmpv2client/impl/CmpResponseHelperTest.java deleted file mode 100644 index c41d6364..00000000 --- a/certService/src/test/java/org/onap/aaf/certservice/cmpv2client/impl/CmpResponseHelperTest.java +++ /dev/null @@ -1,609 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * SPDX-License-Identifier: Apache-2.0 - * ============LICENSE_END========================================================= - */ - -package org.onap.aaf.certservice.cmpv2client.impl; - -import org.bouncycastle.asn1.cmp.CMPCertificate; -import org.bouncycastle.asn1.cmp.CertRepMessage; -import org.bouncycastle.asn1.cmp.PKIMessage; -import org.bouncycastle.util.io.pem.PemObject; -import org.bouncycastle.util.io.pem.PemReader; -import org.junit.jupiter.api.BeforeAll; -import org.junit.jupiter.api.Test; -import org.onap.aaf.certservice.cmpv2client.exceptions.CmpClientException; -import org.onap.aaf.certservice.cmpv2client.model.Cmpv2CertificationModel; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.io.StringReader; -import java.security.NoSuchProviderException; -import java.security.Security; -import java.security.cert.Certificate; -import java.security.cert.CertificateEncodingException; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; -import java.security.cert.X509Certificate; - -import static org.assertj.core.api.AssertionsForInterfaceTypes.assertThat; -import static org.junit.jupiter.api.Assertions.assertThrows; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.when; - -class CmpResponseHelperTest { - - - private static final String EXPECTED_ERROR_MESSAGE = "Something was wrong with the supplied certificate"; - - private static final String TEST_1LAYER_ENTITY_CERT = "" - + "-----BEGIN CERTIFICATE-----\n" - + "MIIEqDCCAxCgAwIBAgIUFioEkVJsxfZGGDMEyCA8Rin3uhQwDQYJKoZIhvcNAQEL\n" - + "BQAwYTEjMCEGCgmSJomT8ixkAQEME2MtMDM1ZDk4NTAwYzhiN2JiMjIxFTATBgNV\n" - + "BAMMDE1hbmFnZW1lbnRDQTEjMCEGA1UECgwaRUpCQ0EgQ29udGFpbmVyIFF1aWNr\n" - + "c3RhcnQwHhcNMjAwMzI0MTEzNTU0WhcNMjIwMzI0MTEzNTU0WjCBljEgMB4GCSqG\n" - + "SIb3DQEJARYRQ29tbW9uTmFtZUBjbi5jb20xDjAMBgNVBAMMBUNsMTIzMQ0wCwYD\n" - + "VQQLDARPTkFQMRkwFwYDVQQKDBBMaW51eC1Gb3VuZGF0aW9uMRYwFAYDVQQHDA1T\n" - + "YW4tRnJhbmNpc2NvMRMwEQYDVQQIDApDYWxpZm9ybmlhMQswCQYDVQQGEwJVUzCC\n" - + "ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL94FcmRn/g9Y9ZrEL+jKiud\n" - + "xzDdtVLoF0ijZOGG0rnzyimzzwOjd8LA0jiZlYtpoDef95bbMeZJMKzE3bA8EMFp\n" - + "hynqUHs/KdsLBV+o3J6EzlpYHrwypX7kOriw9o4dmPAxvJHXTu3HC2SejJjHHArk\n" - + "FyahEJ03ypvCJx3iPvGXkLI9tZetobiVXslBJd5t0hQj+JQxzAlTwS0fV+xMowFT\n" - + "css2IlGXfQgd88cdhXBVOE0//qln1ko3G3KeH58iIWLqh9KG660SCeoTCop7bO1N\n" - + "abVrcXlgdE06hAvzTj3FoBxqO5KEWDPo2Dr11qRdq8bLP2T0EbTzAw4DPUwE+H8C\n" - + "AwEAAaOBoTCBnjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFDPaBc+EX/hCLe5c\n" - + "d+oZIxcQZ1tHMB8GA1UdEQQYMBaCBUNsMTIzgg10ZXN0Lm9uYXAub3JnMB0GA1Ud\n" - + "JQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAdBgNVHQ4EFgQU4dP1HuV9O+sHInl+\n" - + "WuvdDJ63lp8wDgYDVR0PAQH/BAQDAgXgMA0GCSqGSIb3DQEBCwUAA4IBgQBWTF8C\n" - + "sH0ir4bj7rTlJMf5o7apkXFeQ/c7+zXnSLCfXqwM6ad0EDh3FixfTC8IpW5CaENt\n" - + "zTR7IGJr06ccwLgsigR7FxJKnEkxJiBxzkE3zFOEel3KAnV2b7KvOP7cJAzsCdcS\n" - + "iZU475XHOw4Ox3k8fHzhTJJa0Tzw5EjQ3GO99HTiUClGrjJuYDLfen1q7IQSNuTY\n" - + "FzxJZjyqzi34pkKeCNSPRj8Z8Q5aZiWqlmzSJmZRT83xzzeW/pQ1JwvIrWwrbEjR\n" - + "FPXBlUa1n2HztkDgeBQfRyMAj5ixFV+s1Jj+cEYl3pjbugnuHfgBdSJokXFGBo6N\n" - + "8PTd1CnMGWcWiMyhbTwNm2UiSr5KhQbjABjiUzDp4C7jFhIzmu/4/tm2uA+y0xPN\n" - + "342uEZC0ZSZmpCIbQMhPaBNjSHeHj8NaLHjnt5jppLkMxScayRqMvSW07eNew2+k\n" - + "VYJD6z6gfy4y+Y5MSLfvddq1JdPDU86TFprtD1ydcUBS5tduYQG2+1bLgpE=" - + "\n-----END CERTIFICATE-----\n"; - - private static final String TEST_1LAYER_CA_CERT = "" - + "-----BEGIN CERTIFICATE-----\n" - + "MIIEszCCAxugAwIBAgIUEhkh+zJtXZN3K3kzQYcbp2smyIkwDQYJKoZIhvcNAQEL\n" - + "BQAwYTEjMCEGCgmSJomT8ixkAQEME2MtMDM1ZDk4NTAwYzhiN2JiMjIxFTATBgNV\n" - + "BAMMDE1hbmFnZW1lbnRDQTEjMCEGA1UECgwaRUpCQ0EgQ29udGFpbmVyIFF1aWNr\n" - + "c3RhcnQwHhcNMjAwMzI0MTAyODQyWhcNMzAwMzI0MTAyODQyWjBhMSMwIQYKCZIm\n" - + "iZPyLGQBAQwTYy0wMzVkOTg1MDBjOGI3YmIyMjEVMBMGA1UEAwwMTWFuYWdlbWVu\n" - + "dENBMSMwIQYDVQQKDBpFSkJDQSBDb250YWluZXIgUXVpY2tzdGFydDCCAaIwDQYJ\n" - + "KoZIhvcNAQEBBQADggGPADCCAYoCggGBAJyKZyKIRyW6cbga/I1YFJGCEEgs9JVU\n" - + "sV7MD5/yF4SIkJlZqFjJ9kfw8D5thg68zAx2vEWIpNTMroqb1eptIn/XsFoyM//6\n" - + "HzKrY3UUYWHx9sQMDZPenTL8LTRx+4szSen7rzrozH2pJat7kfX4EODEtQ6q7RQ2\n" - + "hmXoo7heeSgiHoeHsPGZixPGzcB27WBaY00Z/sP/n+f0CFaE04MKLw8WeQmq/RkC\n" - + "pj628+eBK0lGtEmUcT7z4CBy4x3hbhn9XHOb0+RlDk7rqFbsc09vHoZK2BfQ/r6e\n" - + "HguZjBQ5Ebqf6PiLF3HqkSW73toIdIy/olvQ2dLbOEyI4OnlObc+8xs/1AC7l9xX\n" - + "FkXY+NBv24KG1C2POXx14+ufHhWY0k2nIRUUlkUIJ7WGMWbuiNUXc1wSE1VrmY/c\n" - + "iXlhsJERqFc6bL/STlhOGuwmkdAD1/K8WS+o/QmIIX6cXlOR0U9bHMbD40F9fur6\n" - + "PV8wSKcQQNd0VHRLhmFwo4kkhZpDpuUp4QIDAQABo2MwYTAPBgNVHRMBAf8EBTAD\n" - + "AQH/MB8GA1UdIwQYMBaAFDPaBc+EX/hCLe5cd+oZIxcQZ1tHMB0GA1UdDgQWBBQz\n" - + "2gXPhF/4Qi3uXHfqGSMXEGdbRzAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQEL\n" - + "BQADggGBAFGsyu5nWycdk8iva+uY98QnPQe/M6uaUGUis0vGn9UYxoz5ddtpF3Z+\n" - + "MsHgbS51BH9iRYn4ZkQoRoukIjt1iO86d6sgpUS5AStCXsylL4DwAY5G/K5i/Qw5\n" - + "x0lP/tRYwqh2tUhmnx1xZLOWbRFZ63A0YHdguj3CqaXQ/cxafYZe0zcNhX3iH3gf\n" - + "5kHH8E682RT0x4ibb1JtPioQ48+pweyfMlOJkJ7WmZEfiVQitQSSNOnw1hRORiUz\n" - + "oFb0MlYHqe/9lIb9nmzD8QQ9q0H8J6RBCFsntx/Z6oUM8GHr80zAvNjqFfR14lOo\n" - + "jp05w2mr7wxIHFpM6h1HGY1QaeGp6W/fi+N7+gSL3nu1LzXVCYNCTcGkBDeasovB\n" - + "ma70KHGO4ZyRcEMKFCxxE8y4GZnw/EhMhDDevXAVsHEzr6XsBCJkC8e2l3iW5IKH\n" - + "4N/f/k06d4kS5pL290dJ450zx/mBxYGJm+pPHZfDszqVeKn1m1ZhGT80150OePGQ\n" - + "Cc2ir84HwQ==" - + "\n-----END CERTIFICATE-----\n"; - - private static final String TEST_2LAYER_ENTITY_CERT = "" - + "-----BEGIN CERTIFICATE-----\n" - + "MIIDjDCCAnSgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwgYQxCzAJBgNVBAYTAlVT\n" - + "MRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4tRnJhbmNpc2NvMRkw\n" - + "FwYDVQQKDBBMaW51eC1Gb3VuZGF0aW9uMQ0wCwYDVQQLDARPTkFQMR4wHAYDVQQD\n" - + "DBVpbnRlcm1lZGlhdGUub25hcC5vcmcwHhcNMjAwMjEyMDk1MTI2WhcNMjIxMTA4\n" - + "MDk1MTI2WjB7MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG\n" - + "A1UEBwwNU2FuLUZyYW5jaXNjbzEZMBcGA1UECgwQTGludXgtRm91bmRhdGlvbjEN\n" - + "MAsGA1UECwwET05BUDEVMBMGA1UEAwwMdmlkLm9uYXAub3JnMIIBIjANBgkqhkiG\n" - + "9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw+GIRzJzUOh0gtc+wzFJEdTnn+q5F10L0Yhr\n" - + "G1xKdjPieHIFGsoiXwcuCU8arNSqlz7ocx62KQRkcA8y6edlOAsYtdOEJvqEI9vc\n" - + "eyTB/HYsbzw3URPGch4AmibrQkKU9QvGwouHtHn4R2Ft2Y0tfEqv9hxj9v4njq4A\n" - + "EiDLAFLl5FmVyCZu/MtKngSgu1smcaFKTYySPMxytgJZexoa/ALZyyE0gRhsvwHm\n" - + "NLGCPt1bmE/PEGZybsCqliyTO0S56ncD55The7+D/UDS4kE1Wg0svlWon/YsE6QW\n" - + "B3oeJDX7Kr8ebDTIAErevIAD7Sm4ee5se2zxYrsYlj0MzHZtvwIDAQABoxAwDjAM\n" - + "BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCvQ1pTvjON6vSlcJRKSY4r\n" - + "8q7L4/9ZaVXWJAjzEYJtPIqsgGiPWz0vGfgklowU6tZxp9zRZFXfMil+mPQSe+yo\n" - + "ULrZSQ/z48YHPueE/BNO/nT4aaVBEhPLR5aVwC7uQVX8H+m1V1UGT8lk9vdI9rej\n" - + "CI9l524sLCpdE4dFXiWK2XHEZ0Vfylk221u3IYEogVVA+UMX7BFPSsOnI2vtYK/i\n" - + "lwZtlri8LtTusNe4oiTkYyq+RSyDhtAswg8ANgvfHolhCHoLFj6w1IkG88UCmbwN\n" - + "d7BoGMy06y5MJxyXEZG0vR7eNeLey0TIh+rAszAFPsIQvrOHW+HuA+WLQAj1mhnm\n" - + "-----END CERTIFICATE-----"; - - private static final String TEST_2LAYER_INTERMEDIATE_CERT = "" - + "-----BEGIN CERTIFICATE-----\n" - + "MIIDqTCCApGgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZcxCzAJBgNVBAYTAlVT\n" - + "MRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4tRnJhbmNpc2NvMRkw\n" - + "FwYDVQQKDBBMaW51eC1Gb3VuZGF0aW9uMQ0wCwYDVQQLDARPTkFQMREwDwYDVQQD\n" - + "DAhvbmFwLm9yZzEeMBwGCSqGSIb3DQEJARYPdGVzdGVyQG9uYXAub3JnMB4XDTIw\n" - + "MDIxMjA5NDAxMloXDTIyMTEwODA5NDAxMlowgYQxCzAJBgNVBAYTAlVTMRMwEQYD\n" - + "VQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4tRnJhbmNpc2NvMRkwFwYDVQQK\n" - + "DBBMaW51eC1Gb3VuZGF0aW9uMQ0wCwYDVQQLDARPTkFQMR4wHAYDVQQDDBVpbnRl\n" - + "cm1lZGlhdGUub25hcC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB\n" - + "AQC1oOYMZ6G+2DGDAizYnzdCNiogivlht1s4oqgem7fM1XFPxD2p31ATIibOdqr/\n" - + "gv1qemO9Q4r1xn6w1Ufq7T1K7PjnMzdSeTqZefurE2JM/HHx2QvW4TjMlz2ILgaD\n" - + "L1LN60kmMQSOi5VxKJpsrCQxbOsxhvefd212gny5AZMcjJe23kUd9OxUrtvpdLEv\n" - + "wI3vFEvT7oRUnEUg/XNz7qeg33vf1C39yMR+6O4s6oevgsEebVKjb+yOoS6zzGtz\n" - + "72wZjm07C54ZlO+4Uy+QAlMjRiU3mgWkKbkOy+4CvwehjhpTikdBs2DX39ZLGHhn\n" - + "L/0a2NYtGulp9XEqmTvRoI+PAgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n" - + "hvcNAQELBQADggEBADcitdJ6YswiV8jAD9GK0gf3+zqcGegt4kt+79JXlXYbb1sY\n" - + "q3o6prcB7nSUoClgF2xUPCslFGpM0Er9FCSFElQM/ru0l/KVmJS6kSpwEHvsYIH3\n" - + "q5anta+Pyk8JSQWAAw+qrind0uBQMnhR8Tn13tgV+Kjvg/xlH/nZIEdN5YtLB1cA\n" - + "beVsZRyRfVL9DeZU8s/MZ5wC3kgcEp5A4m5lg7HyBxBdqhzFcDr6xiy6OGqW8Yep\n" - + "xrwfc8Fw8a/lOv4U+tBeGNKPQDYaL9hh+oM+qMkNXsHXDqdJsuEGJtU4i3Wcwzoc\n" - + "XGN5NWV//4bP+NFmwgcn7AYCdRvz04A8GU/0Cwg=\n" - + "-----END CERTIFICATE-----"; - - private static final String TEST_2LAYER_CA_CERT = "" - + "-----BEGIN CERTIFICATE-----\n" - + "MIIDtzCCAp8CFAwqQddh4/iyGfP8UZ3dpXlxfAN8MA0GCSqGSIb3DQEBCwUAMIGX\n" - + "MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2Fu\n" - + "LUZyYW5jaXNjbzEZMBcGA1UECgwQTGludXgtRm91bmRhdGlvbjENMAsGA1UECwwE\n" - + "T05BUDERMA8GA1UEAwwIb25hcC5vcmcxHjAcBgkqhkiG9w0BCQEWD3Rlc3RlckBv\n" - + "bmFwLm9yZzAeFw0yMDAyMTIwOTM0MjdaFw0yMTAyMTEwOTM0MjdaMIGXMQswCQYD\n" - + "VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuLUZyYW5j\n" - + "aXNjbzEZMBcGA1UECgwQTGludXgtRm91bmRhdGlvbjENMAsGA1UECwwET05BUDER\n" - + "MA8GA1UEAwwIb25hcC5vcmcxHjAcBgkqhkiG9w0BCQEWD3Rlc3RlckBvbmFwLm9y\n" - + "ZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCFrnO7/eT6V+7XkPPd\n" - + "eiL/6xXreuegvit/1/jTVjG+3AOVcmTn2WXwXXRcQLvkWQfJVPoltsY8E3FqFRti\n" - + "797XjY6cdQJFVDyzNU0+Fb4vJL9FK5wSvnS6EFjBEn3JvXRlENorDCs/mfjkjJoa\n" - + "Dl74gXQEJYcg4nsTeNIj7cm3Q7VK3mZt1t7LSJJ+czxv69UJDuNJpmQ/2WOKyLZA\n" - + "gTtBJ+Hyol45/OLsrqwq1dAn9ZRWIFPvRt/XQYH9bI/6MtqSreRVUrdYCiTe/XpP\n" - + "B/OM6NEi2+p5QLi3Yi70CEbqP3HqUVbkzF+r7bwIb6M5/HxfqzLmGwLvD+6rYnUn\n" - + "Bm8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAhXoO65DXth2X/zFRNsCNpLwmDy7r\n" - + "PxT9ZAIZAzSxx3/aCYiuTrKP1JnqjkO+F2IbikrI4n6sKO49SKnRf9SWTFhd+5dX\n" - + "vxq5y7MaqxHAY9J7+Qzq33+COVFQnaF7ddel2NbyUVb2b9ZINNsaZkkPXui6DtQ7\n" - + "/Fb/1tmAGWd3hMp75G2thBSzs816JMKKa9WD+4VGATEs6OSll4sv2fOZEn+0mAD3\n" - + "9q9c+WtLGIudOwcHwzPb2njtNntQSCK/tVOqbY+vzhMY3JW+p9oSrLDSdGC+pAKK\n" - + "m/wB+2VPIYcsPMtIhHC4tgoSaiCqjXYptaOh4b8ye8CPBUCpX/AYYkN0Ow==\n" - + "-----END CERTIFICATE-----"; - - - @BeforeAll - static void setUpSecurity() { - Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); - } - - - @Test - void returnListOfCertificationWhenGivenCaCertInCaPubsAndEntityCertInLeafCertificate() - throws CertificateException, CmpClientException, IOException, NoSuchProviderException { - // given - PKIMessage respPkiMessage = mockExtraCerts(null); - - CMPCertificate caCmpCertificate = mockCmpCertificateFromPem(TEST_1LAYER_CA_CERT); - CMPCertificate[] cmpCertificates = {caCmpCertificate}; - CertRepMessage certRepMessage = mockCaPubs(cmpCertificates); - - X509Certificate leafCertificate = getX509CertificateFromPem(TEST_1LAYER_ENTITY_CERT); - - // when - Cmpv2CertificationModel certs = CmpResponseHelper.verifyAndReturnCertChainAndTrustSTore( - respPkiMessage, certRepMessage, leafCertificate); - - // then - assertThatChainContainsEntityCertificate(certs, TEST_1LAYER_ENTITY_CERT); - - assertThatRootCaAndTrustedCaAreInSecondList(certs, caCmpCertificate); - } - - @Test - void returnListOfCertificationWhenGivenCaCertInExtraCertsAndEntityCertInLeafCertificate() - throws CertificateException, CmpClientException, IOException, NoSuchProviderException { - // given - CMPCertificate caCmpCertificate = mockCmpCertificateFromPem(TEST_1LAYER_CA_CERT); - CMPCertificate[] extraCmpCertificates = {caCmpCertificate}; - PKIMessage respPkiMessage = mockExtraCerts(extraCmpCertificates); - - CertRepMessage certRepMessage = mockCaPubs(null); - - X509Certificate leafCertificate = getX509CertificateFromPem(TEST_1LAYER_ENTITY_CERT); - - // when - Cmpv2CertificationModel certs = CmpResponseHelper.verifyAndReturnCertChainAndTrustSTore( - respPkiMessage, certRepMessage, leafCertificate); - - // then - assertThatChainContainsEntityCertificate(certs, TEST_1LAYER_ENTITY_CERT); - - assertThatRootCaAndTrustedCaAreInSecondList(certs, caCmpCertificate); - } - - @Test - void returnListOfCertificationWhenGivenCaCertInExtraCertsAndExtraTrustAnchorInCaPubsAndEntityCertInLeafCertificate() - throws CertificateException, CmpClientException, IOException, NoSuchProviderException { - // given - CMPCertificate caCmpCertificate = mockCmpCertificateFromPem(TEST_1LAYER_CA_CERT); - CMPCertificate[] extraCmpCertificates = {caCmpCertificate}; - PKIMessage respPkiMessage = mockExtraCerts(extraCmpCertificates); - - CMPCertificate extraTrustAnchor = mockCmpCertificateFromPem(TEST_2LAYER_CA_CERT); - CMPCertificate[] cmpCertificates = {extraTrustAnchor}; - CertRepMessage certRepMessage = mockCaPubs(cmpCertificates); - - X509Certificate leafCertificate = getX509CertificateFromPem(TEST_1LAYER_ENTITY_CERT); - - // when - Cmpv2CertificationModel certs = CmpResponseHelper.verifyAndReturnCertChainAndTrustSTore( - respPkiMessage, certRepMessage, leafCertificate); - - // then - assertThatChainContainsEntityCertificate(certs, TEST_1LAYER_ENTITY_CERT); - - assertThatRootCaAndTrustedCaAreInSecondList( - certs, - caCmpCertificate, extraTrustAnchor - ); - } - - @Test - void returnListOfCertificationWhenGivenCaCertInExtraCertsAndExtraTrustAnchorInExtraCertsAndEntityCertInLeafCertificate() - throws CertificateException, CmpClientException, IOException, NoSuchProviderException { - // given - CMPCertificate trustedCmpCertificate = mockCmpCertificateFromPem(TEST_2LAYER_CA_CERT); - CMPCertificate caCmpCertificate = mockCmpCertificateFromPem(TEST_1LAYER_CA_CERT); - CMPCertificate[] extraCmpCertificates = {caCmpCertificate, trustedCmpCertificate}; - PKIMessage respPkiMessage = mockExtraCerts(extraCmpCertificates); - - CertRepMessage certRepMessage = mockCaPubs(null); - - X509Certificate leafCertificate = getX509CertificateFromPem(TEST_1LAYER_ENTITY_CERT); - - // when - Cmpv2CertificationModel certs = CmpResponseHelper.verifyAndReturnCertChainAndTrustSTore( - respPkiMessage, certRepMessage, leafCertificate); - - // then - assertThatChainContainsEntityCertificate(certs, TEST_1LAYER_ENTITY_CERT); - - assertThatRootCaAndTrustedCaAreInSecondList( - certs, - caCmpCertificate, trustedCmpCertificate - ); - } - - @Test - void returnListOfCertificationWhenGivenCaCertAndIntermediateCertInExtraCertsAndEntityCertInLeafCertificate() - throws CertificateException, CmpClientException, IOException, NoSuchProviderException { - // given - CMPCertificate caCmpCertificate = mockCmpCertificateFromPem(TEST_2LAYER_CA_CERT); - CMPCertificate intermediateCmpCertificate = mockCmpCertificateFromPem(TEST_2LAYER_INTERMEDIATE_CERT); - CMPCertificate[] extraCmpCertificates = {caCmpCertificate, intermediateCmpCertificate}; - PKIMessage respPkiMessage = mockExtraCerts(extraCmpCertificates); - - CertRepMessage certRepMessage = mockCaPubs(null); - - X509Certificate leafCertificate = getX509CertificateFromPem(TEST_2LAYER_ENTITY_CERT); - - // when - Cmpv2CertificationModel certs = CmpResponseHelper.verifyAndReturnCertChainAndTrustSTore( - respPkiMessage, certRepMessage, leafCertificate); - - // then - assertThatChainContainsEntityAndIntermediateCertificate(certs, TEST_2LAYER_ENTITY_CERT, TEST_2LAYER_INTERMEDIATE_CERT); - - assertThatRootCaAndTrustedCaAreInSecondList( - certs, - caCmpCertificate - ); - } - - @Test - void returnListOfCertificationWhenGivenCaCertAndIntermediateCertInCmpCertificatesAndEntityCertInLeafCertificate() - throws CertificateException, CmpClientException, IOException, NoSuchProviderException { - // given - PKIMessage respPkiMessage = mockExtraCerts(null); - - CMPCertificate caCmpCertificate = mockCmpCertificateFromPem(TEST_2LAYER_CA_CERT); - CMPCertificate intermediateCmpCertificate = mockCmpCertificateFromPem(TEST_2LAYER_INTERMEDIATE_CERT); - CMPCertificate[] cmpCertificates = {caCmpCertificate, intermediateCmpCertificate}; - CertRepMessage certRepMessage = mockCaPubs(cmpCertificates); - - X509Certificate leafCertificate = getX509CertificateFromPem(TEST_2LAYER_ENTITY_CERT); - - // when - Cmpv2CertificationModel certs = CmpResponseHelper.verifyAndReturnCertChainAndTrustSTore( - respPkiMessage, certRepMessage, leafCertificate); - - // then - assertThatChainContainsEntityAndIntermediateCertificate(certs, TEST_2LAYER_ENTITY_CERT, TEST_2LAYER_INTERMEDIATE_CERT); - - assertThatRootCaAndTrustedCaAreInSecondList( - certs, - caCmpCertificate - ); - } - - @Test - void returnListOfCertificationWhenGivenCaCertInCaPubsAndIntermediateCertInExtraCertsAndEntityCertInLeafCertificate() - throws CertificateException, CmpClientException, IOException, NoSuchProviderException { - // given - CMPCertificate intermediateCmpCertificate = mockCmpCertificateFromPem(TEST_2LAYER_INTERMEDIATE_CERT); - CMPCertificate[] extraCmpCertificates = {intermediateCmpCertificate}; - PKIMessage respPkiMessage = mockExtraCerts(extraCmpCertificates); - - CMPCertificate caCmpCertificate = mockCmpCertificateFromPem(TEST_2LAYER_CA_CERT); - CMPCertificate[] cmpCertificates = {caCmpCertificate}; - CertRepMessage certRepMessage = mockCaPubs(cmpCertificates); - - X509Certificate leafCertificate = getX509CertificateFromPem(TEST_2LAYER_ENTITY_CERT); - - // when - Cmpv2CertificationModel certs = CmpResponseHelper.verifyAndReturnCertChainAndTrustSTore( - respPkiMessage, certRepMessage, leafCertificate); - - // then - assertThatChainContainsEntityAndIntermediateCertificate(certs, TEST_2LAYER_ENTITY_CERT, TEST_2LAYER_INTERMEDIATE_CERT); - - assertThatRootCaAndTrustedCaAreInSecondList( - certs, - caCmpCertificate - ); - } - - @Test - void returnListOfCertificationWhenGivenCaCertInCaPubsAndExtraCertsAndEntityCertInLeafCertificate() - throws CertificateException, CmpClientException, IOException, NoSuchProviderException { - // given - CMPCertificate caCmpCertificate = mockCmpCertificateFromPem(TEST_1LAYER_CA_CERT); - CMPCertificate[] extraCmpCertificates = {caCmpCertificate}; - PKIMessage respPkiMessage = mockExtraCerts(extraCmpCertificates); - CMPCertificate[] cmpCertificates = {mockCmpCertificateFromPem(TEST_1LAYER_CA_CERT)}; - CertRepMessage certRepMessage = mockCaPubs(cmpCertificates); - X509Certificate leafCertificate = getX509CertificateFromPem(TEST_1LAYER_ENTITY_CERT); - - // when - Cmpv2CertificationModel certs = CmpResponseHelper.verifyAndReturnCertChainAndTrustSTore( - respPkiMessage, certRepMessage, leafCertificate); - - // then - assertThatChainContainsEntityCertificate(certs, TEST_1LAYER_ENTITY_CERT); - assertThatRootCaAndTrustedCaAreInSecondList(certs, mockCmpCertificateFromPem(TEST_1LAYER_CA_CERT)); - - } - - @Test - void returnListOfCertificationWhenGivenCaCertAndIntermediateCertInExtraCertsAndIntermediateCertInCaPubsAndEntityCertInLeafCertificate() - throws CertificateException, CmpClientException, IOException, NoSuchProviderException { - // given - CMPCertificate caCmpCertificate = mockCmpCertificateFromPem(TEST_2LAYER_CA_CERT); - CMPCertificate intermediateCmpCertificate = mockCmpCertificateFromPem(TEST_2LAYER_INTERMEDIATE_CERT); - CMPCertificate[] extraCmpCertificates = {caCmpCertificate, intermediateCmpCertificate}; - PKIMessage respPkiMessage = mockExtraCerts(extraCmpCertificates); - CMPCertificate[] cmpCertificates = {intermediateCmpCertificate}; - CertRepMessage certRepMessage = mockCaPubs(cmpCertificates); - X509Certificate leafCertificate = getX509CertificateFromPem(TEST_2LAYER_ENTITY_CERT); - - // when - Cmpv2CertificationModel certs = CmpResponseHelper.verifyAndReturnCertChainAndTrustSTore( - respPkiMessage, certRepMessage, leafCertificate); - - // then - assertThatChainContainsEntityAndIntermediateCertificate(certs, TEST_2LAYER_ENTITY_CERT, TEST_2LAYER_INTERMEDIATE_CERT); - assertThatRootCaAndTrustedCaAreInSecondList( - certs, - caCmpCertificate - ); - } - - @Test - void returnListOfCertificationWhenGivenCaCertAndExtraTrustAnchorInCaPubsAndIntermediateCertInExtraCertsAndEntityCertInLeafCertificate() - throws CertificateException, CmpClientException, IOException, NoSuchProviderException { - // given - CMPCertificate intermediateCmpCertificate = mockCmpCertificateFromPem(TEST_2LAYER_INTERMEDIATE_CERT); - CMPCertificate[] extraCmpCertificates = {intermediateCmpCertificate}; - PKIMessage respPkiMessage = mockExtraCerts(extraCmpCertificates); - - CMPCertificate caCmpCertificate = mockCmpCertificateFromPem(TEST_2LAYER_CA_CERT); - CMPCertificate extraTrustAnchor = mockCmpCertificateFromPem(TEST_1LAYER_CA_CERT); - CMPCertificate[] cmpCertificates = {caCmpCertificate, extraTrustAnchor}; - CertRepMessage certRepMessage = mockCaPubs(cmpCertificates); - - X509Certificate leafCertificate = getX509CertificateFromPem(TEST_2LAYER_ENTITY_CERT); - - // when - Cmpv2CertificationModel certs = CmpResponseHelper.verifyAndReturnCertChainAndTrustSTore( - respPkiMessage, certRepMessage, leafCertificate); - - // then - assertThatChainContainsEntityAndIntermediateCertificate(certs, TEST_2LAYER_ENTITY_CERT, TEST_2LAYER_INTERMEDIATE_CERT); - - assertThatRootCaAndTrustedCaAreInSecondList( - certs, - caCmpCertificate, extraTrustAnchor - ); - } - - @Test - void returnListOfCertificationWhenGivenCaCertAndFirstExtraTrustAnchorInCaPubsAndIntermediateCertAndSecondExtraTrustAnchorInExtraCertsAndEntityCertInLeafCertificate() - throws CertificateException, CmpClientException, IOException, NoSuchProviderException { - // given - CMPCertificate intermediateCmpCertificate = mockCmpCertificateFromPem(TEST_2LAYER_INTERMEDIATE_CERT); - CMPCertificate extraTrustAnchor01 = mockCmpCertificateFromPem(TEST_1LAYER_ENTITY_CERT); - CMPCertificate[] extraCmpCertificates = {intermediateCmpCertificate, extraTrustAnchor01}; - PKIMessage respPkiMessage = mockExtraCerts(extraCmpCertificates); - - CMPCertificate caCmpCertificate = mockCmpCertificateFromPem(TEST_2LAYER_CA_CERT); - CMPCertificate extraTrustAnchor02 = mockCmpCertificateFromPem(TEST_1LAYER_CA_CERT); - CMPCertificate[] cmpCertificates = {caCmpCertificate, extraTrustAnchor02}; - CertRepMessage certRepMessage = mockCaPubs(cmpCertificates); - - X509Certificate leafCertificate = getX509CertificateFromPem(TEST_2LAYER_ENTITY_CERT); - - // when - Cmpv2CertificationModel certs = CmpResponseHelper.verifyAndReturnCertChainAndTrustSTore( - respPkiMessage, certRepMessage, leafCertificate); - - // then - assertThatChainContainsEntityAndIntermediateCertificate(certs, TEST_2LAYER_ENTITY_CERT, TEST_2LAYER_INTERMEDIATE_CERT); - - assertThatRootCaAndTrustedCaAreInSecondList( - certs, - caCmpCertificate, extraTrustAnchor01, extraTrustAnchor02 - ); - } - - @Test - void throwsExceptionWhenNoCaCertForEntityCertIsGivenAndOnlyExtraTrustAnchorIsReturned() - throws CertificateException, IOException, NoSuchProviderException { - // given - - PKIMessage respPkiMessage = mockExtraCerts(null); - - CMPCertificate trustedCmpCertificate = mockCmpCertificateFromPem(TEST_2LAYER_CA_CERT); - CMPCertificate[] cmpCertificates = {trustedCmpCertificate}; - CertRepMessage certRepMessage = mockCaPubs(cmpCertificates); - - X509Certificate leafCertificate = getX509CertificateFromPem(TEST_1LAYER_ENTITY_CERT); - - // when - Exception exception = assertThrows( - CmpClientException.class, - () -> CmpResponseHelper.verifyAndReturnCertChainAndTrustSTore( - respPkiMessage, certRepMessage, leafCertificate - ) - ); - - String actualMessage = exception.getMessage(); - - // then - assertThat(actualMessage).isEqualTo(EXPECTED_ERROR_MESSAGE); - } - - @Test - void throwsExceptionWhenBothExtraCertsAndCaPubsAreEmpty() - throws CertificateException, IOException, NoSuchProviderException { - // given - - PKIMessage respPkiMessage = mockExtraCerts(null); - CertRepMessage certRepMessage = mockCaPubs(null); - - X509Certificate leafCertificate = getX509CertificateFromPem(TEST_1LAYER_ENTITY_CERT); - - // when - Exception exception = assertThrows( - CmpClientException.class, - () -> CmpResponseHelper.verifyAndReturnCertChainAndTrustSTore( - respPkiMessage, certRepMessage, leafCertificate - ) - ); - - String actualMessage = exception.getMessage(); - - // then - assertThat(actualMessage).isEqualTo(EXPECTED_ERROR_MESSAGE); - } - - @Test - void throwsExceptionWhenNoIntermediateCertForEntityCertIsGiven() - throws CertificateException, IOException, NoSuchProviderException { - // given - - PKIMessage respPkiMessage = mockExtraCerts(null); - - CMPCertificate caCmpCertificate = mockCmpCertificateFromPem(TEST_2LAYER_CA_CERT); - CMPCertificate[] cmpCertificates = {caCmpCertificate}; - CertRepMessage certRepMessage = mockCaPubs(cmpCertificates); - - X509Certificate leafCertificate = getX509CertificateFromPem(TEST_2LAYER_ENTITY_CERT); - - // when - Exception exception = assertThrows( - CmpClientException.class, - () -> CmpResponseHelper.verifyAndReturnCertChainAndTrustSTore( - respPkiMessage, certRepMessage, leafCertificate - ) - ); - - String actualMessage = exception.getMessage(); - - // then - assertThat(actualMessage).isEqualTo(EXPECTED_ERROR_MESSAGE); - } - - - private void assertThatRootCaAndTrustedCaAreInSecondList( - Cmpv2CertificationModel certs, CMPCertificate... rootAndTrustedCerts - ) throws IOException { - assertThat(certs.getTrustedCertificates().size()).isEqualTo(rootAndTrustedCerts.length); - for (CMPCertificate certificate : rootAndTrustedCerts) { - assertThat(certs.getTrustedCertificates()) - .extracting(Certificate::getEncoded) - .contains(certificate.getEncoded()); - } - } - - private void assertThatChainContainsEntityCertificate( - Cmpv2CertificationModel certs, String entityCertificate - ) throws CertificateEncodingException, IOException { - assertThat(certs.getCertificateChain().size()).isEqualTo(1); - assertThat(certs.getCertificateChain().get(0).getEncoded()).isEqualTo(createPemObject(entityCertificate).getContent()); - } - - private void assertThatChainContainsEntityAndIntermediateCertificate( - Cmpv2CertificationModel certs, String entityCertificate, String intermediateCertificate - ) throws CertificateEncodingException, IOException { - assertThat(certs.getCertificateChain().size()).isEqualTo(2); - assertThat(certs.getCertificateChain().get(0).getEncoded()).isEqualTo(createPemObject(entityCertificate).getContent()); - assertThat(certs.getCertificateChain().get(1).getEncoded()).isEqualTo(createPemObject(intermediateCertificate).getContent()); - } - - private X509Certificate getX509CertificateFromPem(String pem) throws CertificateException, NoSuchProviderException, IOException { - return (X509Certificate) - CertificateFactory.getInstance("X.509", "BC").generateCertificate( - new ByteArrayInputStream(createPemObject(pem).getContent()) - ); - } - - private PKIMessage mockExtraCerts(CMPCertificate[] cmpCertificates) { - PKIMessage respPkiMessage = mock(PKIMessage.class); - when(respPkiMessage.getExtraCerts()).thenReturn(cmpCertificates); - return respPkiMessage; - } - - private CertRepMessage mockCaPubs(CMPCertificate[] cmpCertificates) { - CertRepMessage certRepMessage = mock(CertRepMessage.class); - when(certRepMessage.getCaPubs()).thenReturn(cmpCertificates); - return certRepMessage; - } - - private CMPCertificate mockCmpCertificateFromPem(String pem) throws IOException { - return mockCmpCertificate(createPemObject(pem).getContent()); - } - - private CMPCertificate mockCmpCertificate(byte[] encodedCertificate) throws IOException { - CMPCertificate cmpCertificate01 = mock(CMPCertificate.class); - when(cmpCertificate01.getEncoded()).thenReturn(encodedCertificate); - return cmpCertificate01; - } - - private PemObject createPemObject(String pem) throws IOException { - try (StringReader stringReader = new StringReader(pem); - PemReader pemReader = new PemReader(stringReader)) { - return pemReader.readPemObject(); - } - } -} |