summaryrefslogtreecommitdiffstats
path: root/certServiceClient/src/test
diff options
context:
space:
mode:
authorBogumil Zebek <bogumil.zebek@nokia.com>2020-03-04 06:32:07 +0000
committerGerrit Code Review <gerrit@onap.org>2020-03-04 06:32:07 +0000
commit1d535a1b38e26c7035db2bde7405261d97bf7261 (patch)
treec3ac0775944da36b64523ec7480bae3bd4bd0b03 /certServiceClient/src/test
parent552f87238fbc04b63a992645217dcfded40cb122 (diff)
parentee672c3672924ca54b89a7c429ee06f01b9f6caa (diff)
Merge "Transform pem files into pkcs12"
Diffstat (limited to 'certServiceClient/src/test')
-rw-r--r--certServiceClient/src/test/java/org/onap/aaf/certservice/client/certification/conversion/KeystoreTruststoreCreatorTest.java80
-rw-r--r--certServiceClient/src/test/java/org/onap/aaf/certservice/client/certification/conversion/PKCS12FilesCreatorTest.java111
-rw-r--r--certServiceClient/src/test/java/org/onap/aaf/certservice/client/certification/conversion/PemToPKCS12ConverterTest.java197
-rw-r--r--certServiceClient/src/test/java/org/onap/aaf/certservice/client/certification/conversion/RandomPasswordGeneratorTest.java32
-rw-r--r--certServiceClient/src/test/resources/cert1.pem21
-rw-r--r--certServiceClient/src/test/resources/cert2.pem22
-rw-r--r--certServiceClient/src/test/resources/expectedKeystore.jksbin0 -> 3823 bytes
-rw-r--r--certServiceClient/src/test/resources/expectedTruststore.jksbin0 -> 2306 bytes
-rw-r--r--certServiceClient/src/test/resources/privateKeybin0 -> 1217 bytes
9 files changed, 463 insertions, 0 deletions
diff --git a/certServiceClient/src/test/java/org/onap/aaf/certservice/client/certification/conversion/KeystoreTruststoreCreatorTest.java b/certServiceClient/src/test/java/org/onap/aaf/certservice/client/certification/conversion/KeystoreTruststoreCreatorTest.java
new file mode 100644
index 00000000..04bccf0b
--- /dev/null
+++ b/certServiceClient/src/test/java/org/onap/aaf/certservice/client/certification/conversion/KeystoreTruststoreCreatorTest.java
@@ -0,0 +1,80 @@
+/*============LICENSE_START=======================================================
+ * aaf-certservice-client
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.aaf.certservice.client.certification.conversion;
+
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+import java.security.PrivateKey;
+import java.util.List;
+import org.junit.jupiter.api.Test;
+import org.onap.aaf.certservice.client.certification.exception.PemToPKCS12ConverterException;
+
+class KeystoreTruststoreCreatorTest {
+
+ private PKCS12FilesCreator filesCreator = mock(PKCS12FilesCreator.class);
+ private RandomPasswordGenerator passwordGenerator = mock(RandomPasswordGenerator.class);
+ private PemToPKCS12Converter converter = mock(PemToPKCS12Converter.class);
+ private PrivateKey privateKey = mock(PrivateKey.class);
+
+ @Test
+ void createKeystoreShouldCallRequiredMethods() throws PemToPKCS12ConverterException {
+ // given
+ final Password password = new Password("d9D_u8LooYaXH4G48DtN#vw0");
+ final List<String> certificates = List.of("a", "b");
+ final int passwordLength = 24;
+ final String alias = "certificate";
+ final byte[] keystoreBytes = "this is a keystore test".getBytes();
+ KeystoreTruststoreCreator creator = new KeystoreTruststoreCreator(filesCreator, passwordGenerator, converter);
+
+ // when
+ when(passwordGenerator.generate(passwordLength)).thenReturn(password);
+ when(converter.convertKeystore(certificates, password, alias, privateKey)).thenReturn(keystoreBytes);
+ creator.createKeystore(certificates, privateKey);
+
+ // then
+ verify(passwordGenerator, times(1)).generate(passwordLength);
+ verify(converter, times(1)).convertKeystore(certificates, password, alias, privateKey);
+ verify(filesCreator, times(1)).saveKeystoreData(keystoreBytes, password.getPassword());
+ }
+
+ @Test
+ void createTruststoreShouldCallRequiredMethods() throws PemToPKCS12ConverterException {
+ // given
+ final Password password = new Password("d9D_u8LooYaXH4G48DtN#vw0");
+ final List<String> certificates = List.of("a", "b");
+ final int passwordLength = 24;
+ final String alias = "trusted-certificate-";
+ final byte[] truststoreBytes = "this is a truststore test".getBytes();
+ KeystoreTruststoreCreator creator = new KeystoreTruststoreCreator(filesCreator, passwordGenerator, converter);
+
+ // when
+ when(passwordGenerator.generate(passwordLength)).thenReturn(password);
+ when(converter.convertTruststore(certificates, password, alias)).thenReturn(truststoreBytes);
+ creator.createTruststore(certificates);
+
+ // then
+ verify(passwordGenerator, times(1)).generate(passwordLength);
+ verify(converter, times(1)).convertTruststore(certificates, password, alias);
+ verify(filesCreator, times(1)).saveTruststoreData(truststoreBytes, password.getPassword());
+ }
+} \ No newline at end of file
diff --git a/certServiceClient/src/test/java/org/onap/aaf/certservice/client/certification/conversion/PKCS12FilesCreatorTest.java b/certServiceClient/src/test/java/org/onap/aaf/certservice/client/certification/conversion/PKCS12FilesCreatorTest.java
new file mode 100644
index 00000000..8e6e03c6
--- /dev/null
+++ b/certServiceClient/src/test/java/org/onap/aaf/certservice/client/certification/conversion/PKCS12FilesCreatorTest.java
@@ -0,0 +1,111 @@
+/*============LICENSE_START=======================================================
+ * aaf-certservice-client
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.aaf.certservice.client.certification.conversion;
+
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.junit.jupiter.api.Assertions.assertArrayEquals;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.io.File;
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.List;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.onap.aaf.certservice.client.certification.exception.PemToPKCS12ConverterException;
+
+class PKCS12FilesCreatorTest {
+
+ private static final String RESOURCES_PATH = "src/test/resources";
+ private static final String OUTPUT_PATH = RESOURCES_PATH + "/generatedFiles/";
+ private static final String KEYSTORE_PATH = OUTPUT_PATH + "keystore.jks";
+ private static final String KEYSTORE_PASS_PATH = OUTPUT_PATH + "keystore.pass";
+ private static final String TRUSTSTORE_PATH = OUTPUT_PATH + "truststore.jks";
+ private static final String TRUSTSTORE_PASS_PATH = OUTPUT_PATH + "truststore.pass";
+ private static final String ERROR_MESSAGE = "java.io.FileNotFoundException: src/test/resources/generatedFiles/thisPathDoesNotExist/keystore.jks (No such file or directory)";
+
+ private File outputDirectory = new File(OUTPUT_PATH);
+
+ @BeforeEach
+ void createDirectory() {
+ outputDirectory.mkdir();
+ }
+
+ @AfterEach
+ void cleanUpFiles() {
+ List.of(outputDirectory.listFiles()).forEach(f -> f.delete());
+ outputDirectory.delete();
+ }
+
+ @Test
+ void saveKeystoreDataShouldCreateFilesWithDataInGivenLocation() throws PemToPKCS12ConverterException, IOException {
+ // given
+ final byte[] data = new byte[]{-128, 1, 127};
+ final String password = "onap123";
+ File keystore = new File(KEYSTORE_PATH);
+ File keystorePass = new File(KEYSTORE_PASS_PATH);
+ PKCS12FilesCreator filesCreator = new PKCS12FilesCreator(OUTPUT_PATH);
+
+ // when
+ filesCreator.saveKeystoreData(data, password);
+
+ // then
+ assertTrue(keystore.exists());
+ assertTrue(keystorePass.exists());
+ assertArrayEquals(data, Files.readAllBytes(Path.of(KEYSTORE_PATH)));
+ assertEquals(password, Files.readString(Path.of(KEYSTORE_PASS_PATH), StandardCharsets.UTF_8));
+ }
+
+ @Test
+ void saveTruststoreDataShouldCreateFilesWithDataInGivenLocation()
+ throws PemToPKCS12ConverterException, IOException {
+ // given
+ final byte[] data = new byte[]{-128, 1, 2, 3, 127};
+ final String password = "nokia321";
+ File truststore = new File(TRUSTSTORE_PATH);
+ File truststorePass = new File(TRUSTSTORE_PASS_PATH);
+ PKCS12FilesCreator filesCreator = new PKCS12FilesCreator(OUTPUT_PATH);
+
+ // when
+ filesCreator.saveTruststoreData(data, password);
+
+ // then
+ assertTrue(truststore.exists());
+ assertTrue(truststorePass.exists());
+ assertArrayEquals(data, Files.readAllBytes(Path.of(TRUSTSTORE_PATH)));
+ assertEquals(password, Files.readString(Path.of(TRUSTSTORE_PASS_PATH), StandardCharsets.UTF_8));
+ }
+
+ @Test
+ void saveKeystoreDataShouldThrowPemToPKCS12ConverterExceptionWhenOutputDirectoryDoesNotExist() {
+ // given
+ final byte[] data = new byte[]{-128, 1, 2, 3, 0};
+ final String password = "123aikon";
+ PKCS12FilesCreator filesCreator = new PKCS12FilesCreator(OUTPUT_PATH + "thisPathDoesNotExist/");
+
+ // when then
+ assertThatThrownBy(() -> filesCreator.saveKeystoreData(data, password))
+ .isInstanceOf(PemToPKCS12ConverterException.class).hasMessage(ERROR_MESSAGE);
+ }
+} \ No newline at end of file
diff --git a/certServiceClient/src/test/java/org/onap/aaf/certservice/client/certification/conversion/PemToPKCS12ConverterTest.java b/certServiceClient/src/test/java/org/onap/aaf/certservice/client/certification/conversion/PemToPKCS12ConverterTest.java
new file mode 100644
index 00000000..35043409
--- /dev/null
+++ b/certServiceClient/src/test/java/org/onap/aaf/certservice/client/certification/conversion/PemToPKCS12ConverterTest.java
@@ -0,0 +1,197 @@
+/*============LICENSE_START=======================================================
+ * aaf-certservice-client
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.aaf.certservice.client.certification.conversion;
+
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.junit.jupiter.api.Assertions.assertArrayEquals;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.util.List;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Test;
+import org.onap.aaf.certservice.client.certification.EncryptionAlgorithmConstants;
+import org.onap.aaf.certservice.client.certification.exception.PemToPKCS12ConverterException;
+
+class PemToPKCS12ConverterTest {
+
+ private static final String RESOURCES_PATH = "src/test/resources";
+ private static final String CERT1_PATH = RESOURCES_PATH + "/cert1.pem";
+ private static final String CERT2_PATH = RESOURCES_PATH + "/cert2.pem";
+ private static final String KEY_PATH = RESOURCES_PATH + "/privateKey";
+ private static final String EXPECTED_KEYSTORE_PATH = RESOURCES_PATH + "/expectedKeystore.jks";
+ private static final String EXPECTED_TRUSTSTORE_PATH = RESOURCES_PATH + "/expectedTruststore.jks";
+ private static final String PKCS12 = "PKCS12";
+ private static final String PKCS8 = "PKCS#8";
+ private static final String KEY_ERROR_MSG = "java.security.KeyStoreException: Key protection algorithm not found: java.lang.NullPointerException";
+ private static final String CERTIFICATES_ERROR_MSG = "The certificate couldn't be parsed correctly. certificate1";
+ private static final String PASSWORD_ERROR_MSG = "Password should be min. 16 chars long and should contain only alphanumeric characters and special characters like Underscore (_), Dollar ($) and Pound (#)";
+ private static byte[] key;
+ private PrivateKey privateKey = mock(PrivateKey.class);
+
+ @BeforeAll
+ static void setUpForAll() throws IOException {
+ key = Files.readAllBytes(Path.of(KEY_PATH));
+ }
+
+ @Test
+ void convertKeystoreShouldReturnKeystoreWithGivenPrivateKeyAndCertificateChain()
+ throws IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException, PemToPKCS12ConverterException {
+ // given
+ final String alias = "keystore-entry";
+ final Password password = new Password("d9D_u8LooYaXH4G48DtN#vw0");
+ final List<String> certificateChain = getCertificates();
+ final PemToPKCS12Converter converter = new PemToPKCS12Converter();
+ final KeyStore expectedKeyStore = KeyStore.getInstance(PKCS12);
+ expectedKeyStore.load(new ByteArrayInputStream(Files.readAllBytes(Path.of(EXPECTED_KEYSTORE_PATH))),
+ password.toCharArray());
+ final Certificate[] expectedChain = expectedKeyStore.getCertificateChain(alias);
+ privateKeyMockSetup();
+
+ // when
+ final byte[] result = converter.convertKeystore(certificateChain, password, alias, privateKey);
+
+ // then
+ final KeyStore actualKeyStore = KeyStore.getInstance(PKCS12);
+ actualKeyStore.load(new ByteArrayInputStream(result), password.toCharArray());
+ final Certificate[] actualChain = actualKeyStore.getCertificateChain(alias);
+
+ assertArrayEquals(key, actualKeyStore.getKey(alias, password.toCharArray()).getEncoded());
+ assertEquals(2, expectedChain.length);
+ assertArrayEquals(expectedChain, actualChain);
+ }
+
+ @Test
+ void convertKeystoreShouldThrowPemToPKCS12ConverterExceptionBecauseOfWrongPassword() throws IOException {
+ // given
+ final String alias = "keystore-entry";
+ final Password password = new Password("apple");
+ final List<String> certificateChain = getCertificates();
+ final PemToPKCS12Converter converter = new PemToPKCS12Converter();
+ privateKeyMockSetup();
+
+ // when
+ Exception exception = assertThrows(PemToPKCS12ConverterException.class, () ->
+ converter.convertKeystore(certificateChain, password, alias, privateKey)
+ );
+
+ // then
+ assertEquals(PASSWORD_ERROR_MSG, exception.getMessage());
+ }
+
+ @Test
+ void convertTruststoreShouldReturnTruststoreWithGivenCertificatesArray()
+ throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException, PemToPKCS12ConverterException {
+
+ // given
+ final PemToPKCS12Converter converter = new PemToPKCS12Converter();
+ final String alias = "trusted-certificate-";
+ final String alias1 = alias + 1;
+ final String alias2 = alias + 2;
+ final Password password = new Password("9z6oFx1epRSCuBWU4Er8i_0y");
+ final List<String> trustedCertificates = getCertificates();
+ final KeyStore expectedTrustStore = KeyStore.getInstance(PKCS12);
+ expectedTrustStore.load(new ByteArrayInputStream(Files.readAllBytes(Path.of(EXPECTED_TRUSTSTORE_PATH))),
+ password.toCharArray());
+
+ // when
+ final byte[] result = converter.convertTruststore(trustedCertificates, password, alias);
+
+ // then
+ final KeyStore actualKeyStore = KeyStore.getInstance(PKCS12);
+ actualKeyStore.load(new ByteArrayInputStream(result), password.toCharArray());
+
+ assertTrue(actualKeyStore.containsAlias(alias1));
+ assertTrue(actualKeyStore.containsAlias(alias2));
+ assertEquals(expectedTrustStore.getCertificate(alias1), actualKeyStore.getCertificate(alias1));
+ assertEquals(expectedTrustStore.getCertificate(alias2), actualKeyStore.getCertificate(alias2));
+ }
+
+ @Test
+ void convertTruststoreShouldThrowPemToPKCS12ConverterExceptionBecauseOfWrongPassword() throws IOException {
+ // given
+ final String alias = "trusted-certificate-";
+ final Password password = new Password("nokia");
+ final List<String> trustedCertificates = getCertificates();
+ final PemToPKCS12Converter converter = new PemToPKCS12Converter();
+
+ // when then
+ assertThatThrownBy(() ->
+ converter.convertTruststore(trustedCertificates, password, alias))
+ .isInstanceOf(PemToPKCS12ConverterException.class).hasMessage(PASSWORD_ERROR_MSG);
+ }
+
+ @Test
+ void convertKeystoreShouldThrowPemToPKCS12ConverterExceptionBecauseOfWrongPrivateKey() throws IOException {
+ // given
+ final String alias = "keystore-entry";
+ final Password password = new Password("d9D_u8LooYaXH4G48DtN#vw0");
+ final List<String> certificateChain = getCertificates();
+ final PemToPKCS12Converter converter = new PemToPKCS12Converter();
+
+ // when then
+ assertThatThrownBy(() -> converter.convertKeystore(certificateChain, password, alias, privateKey))
+ .isInstanceOf(PemToPKCS12ConverterException.class).hasMessage(KEY_ERROR_MSG);
+ }
+
+ @Test
+ void convertKeystoreShouldThrowPemToPKCS12ConverterExceptionBecauseOfWrongCertificates() {
+ // given
+ final String alias = "keystore-entry";
+ final Password password = new Password("d9D_u8LooYaXH4G48DtN#vw0");
+ final List<String> certificateChain = List.of("certificate1", "certificate2");
+ final PemToPKCS12Converter converter = new PemToPKCS12Converter();
+ privateKeyMockSetup();
+
+ // when then
+ assertThatThrownBy(() -> converter.convertKeystore(certificateChain, password, alias, privateKey))
+ .isInstanceOf(PemToPKCS12ConverterException.class).hasMessage(CERTIFICATES_ERROR_MSG);
+ }
+
+ private void privateKeyMockSetup() {
+ when(privateKey.getEncoded()).thenReturn(key);
+ when(privateKey.getAlgorithm()).thenReturn(EncryptionAlgorithmConstants.RSA_ENCRYPTION_ALGORITHM);
+ when(privateKey.getFormat()).thenReturn(PKCS8);
+ }
+
+ private List<String> getCertificates() throws IOException {
+ return List.of(
+ Files.readString(
+ Path.of(CERT1_PATH), StandardCharsets.UTF_8),
+ Files.readString(
+ Path.of(CERT2_PATH), StandardCharsets.UTF_8)
+ );
+ }
+} \ No newline at end of file
diff --git a/certServiceClient/src/test/java/org/onap/aaf/certservice/client/certification/conversion/RandomPasswordGeneratorTest.java b/certServiceClient/src/test/java/org/onap/aaf/certservice/client/certification/conversion/RandomPasswordGeneratorTest.java
new file mode 100644
index 00000000..169ce98a
--- /dev/null
+++ b/certServiceClient/src/test/java/org/onap/aaf/certservice/client/certification/conversion/RandomPasswordGeneratorTest.java
@@ -0,0 +1,32 @@
+/*============LICENSE_START=======================================================
+ * aaf-certservice-client
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.aaf.certservice.client.certification.conversion;
+
+import static org.junit.jupiter.api.Assertions.assertTrue;
+import org.junit.jupiter.api.Test;
+
+class RandomPasswordGeneratorTest {
+
+ @Test
+ void shouldGenerateRandomPasswordOfGivenLengthMatchingThePattern() {
+ Password password = new RandomPasswordGenerator().generate(24);
+ assertTrue(password.isCorrectPasswordPattern());
+ }
+} \ No newline at end of file
diff --git a/certServiceClient/src/test/resources/cert1.pem b/certServiceClient/src/test/resources/cert1.pem
new file mode 100644
index 00000000..cd5f3841
--- /dev/null
+++ b/certServiceClient/src/test/resources/cert1.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDjDCCAnSgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwgYQxCzAJBgNVBAYTAlVT
+MRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4tRnJhbmNpc2NvMRkw
+FwYDVQQKDBBMaW51eC1Gb3VuZGF0aW9uMQ0wCwYDVQQLDARPTkFQMR4wHAYDVQQD
+DBVpbnRlcm1lZGlhdGUub25hcC5vcmcwHhcNMjAwMjEyMDk1MTI2WhcNMjIxMTA4
+MDk1MTI2WjB7MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG
+A1UEBwwNU2FuLUZyYW5jaXNjbzEZMBcGA1UECgwQTGludXgtRm91bmRhdGlvbjEN
+MAsGA1UECwwET05BUDEVMBMGA1UEAwwMdmlkLm9uYXAub3JnMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw+GIRzJzUOh0gtc+wzFJEdTnn+q5F10L0Yhr
+G1xKdjPieHIFGsoiXwcuCU8arNSqlz7ocx62KQRkcA8y6edlOAsYtdOEJvqEI9vc
+eyTB/HYsbzw3URPGch4AmibrQkKU9QvGwouHtHn4R2Ft2Y0tfEqv9hxj9v4njq4A
+EiDLAFLl5FmVyCZu/MtKngSgu1smcaFKTYySPMxytgJZexoa/ALZyyE0gRhsvwHm
+NLGCPt1bmE/PEGZybsCqliyTO0S56ncD55The7+D/UDS4kE1Wg0svlWon/YsE6QW
+B3oeJDX7Kr8ebDTIAErevIAD7Sm4ee5se2zxYrsYlj0MzHZtvwIDAQABoxAwDjAM
+BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCvQ1pTvjON6vSlcJRKSY4r
+8q7L4/9ZaVXWJAjzEYJtPIqsgGiPWz0vGfgklowU6tZxp9zRZFXfMil+mPQSe+yo
+ULrZSQ/z48YHPueE/BNO/nT4aaVBEhPLR5aVwC7uQVX8H+m1V1UGT8lk9vdI9rej
+CI9l524sLCpdE4dFXiWK2XHEZ0Vfylk221u3IYEogVVA+UMX7BFPSsOnI2vtYK/i
+lwZtlri8LtTusNe4oiTkYyq+RSyDhtAswg8ANgvfHolhCHoLFj6w1IkG88UCmbwN
+d7BoGMy06y5MJxyXEZG0vR7eNeLey0TIh+rAszAFPsIQvrOHW+HuA+WLQAj1mhnm
+-----END CERTIFICATE-----
diff --git a/certServiceClient/src/test/resources/cert2.pem b/certServiceClient/src/test/resources/cert2.pem
new file mode 100644
index 00000000..92ebc821
--- /dev/null
+++ b/certServiceClient/src/test/resources/cert2.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDqTCCApGgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZcxCzAJBgNVBAYTAlVT
+MRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4tRnJhbmNpc2NvMRkw
+FwYDVQQKDBBMaW51eC1Gb3VuZGF0aW9uMQ0wCwYDVQQLDARPTkFQMREwDwYDVQQD
+DAhvbmFwLm9yZzEeMBwGCSqGSIb3DQEJARYPdGVzdGVyQG9uYXAub3JnMB4XDTIw
+MDIxMjA5NDAxMloXDTIyMTEwODA5NDAxMlowgYQxCzAJBgNVBAYTAlVTMRMwEQYD
+VQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4tRnJhbmNpc2NvMRkwFwYDVQQK
+DBBMaW51eC1Gb3VuZGF0aW9uMQ0wCwYDVQQLDARPTkFQMR4wHAYDVQQDDBVpbnRl
+cm1lZGlhdGUub25hcC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQC1oOYMZ6G+2DGDAizYnzdCNiogivlht1s4oqgem7fM1XFPxD2p31ATIibOdqr/
+gv1qemO9Q4r1xn6w1Ufq7T1K7PjnMzdSeTqZefurE2JM/HHx2QvW4TjMlz2ILgaD
+L1LN60kmMQSOi5VxKJpsrCQxbOsxhvefd212gny5AZMcjJe23kUd9OxUrtvpdLEv
+wI3vFEvT7oRUnEUg/XNz7qeg33vf1C39yMR+6O4s6oevgsEebVKjb+yOoS6zzGtz
+72wZjm07C54ZlO+4Uy+QAlMjRiU3mgWkKbkOy+4CvwehjhpTikdBs2DX39ZLGHhn
+L/0a2NYtGulp9XEqmTvRoI+PAgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZI
+hvcNAQELBQADggEBADcitdJ6YswiV8jAD9GK0gf3+zqcGegt4kt+79JXlXYbb1sY
+q3o6prcB7nSUoClgF2xUPCslFGpM0Er9FCSFElQM/ru0l/KVmJS6kSpwEHvsYIH3
+q5anta+Pyk8JSQWAAw+qrind0uBQMnhR8Tn13tgV+Kjvg/xlH/nZIEdN5YtLB1cA
+beVsZRyRfVL9DeZU8s/MZ5wC3kgcEp5A4m5lg7HyBxBdqhzFcDr6xiy6OGqW8Yep
+xrwfc8Fw8a/lOv4U+tBeGNKPQDYaL9hh+oM+qMkNXsHXDqdJsuEGJtU4i3Wcwzoc
+XGN5NWV//4bP+NFmwgcn7AYCdRvz04A8GU/0Cwg=
+-----END CERTIFICATE-----
diff --git a/certServiceClient/src/test/resources/expectedKeystore.jks b/certServiceClient/src/test/resources/expectedKeystore.jks
new file mode 100644
index 00000000..95359b0e
--- /dev/null
+++ b/certServiceClient/src/test/resources/expectedKeystore.jks
Binary files differ
diff --git a/certServiceClient/src/test/resources/expectedTruststore.jks b/certServiceClient/src/test/resources/expectedTruststore.jks
new file mode 100644
index 00000000..ab7d93d9
--- /dev/null
+++ b/certServiceClient/src/test/resources/expectedTruststore.jks
Binary files differ
diff --git a/certServiceClient/src/test/resources/privateKey b/certServiceClient/src/test/resources/privateKey
new file mode 100644
index 00000000..463a27d3
--- /dev/null
+++ b/certServiceClient/src/test/resources/privateKey
Binary files differ