diff options
Diffstat (limited to 'certService/src/test/java/org/onap/aaf/certservice/certification')
7 files changed, 610 insertions, 52 deletions
diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/CertificationExceptionControllerTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/CertificationExceptionControllerTest.java index 1a92c0c8..10a818e4 100644 --- a/certService/src/test/java/org/onap/aaf/certservice/certification/CertificationExceptionControllerTest.java +++ b/certService/src/test/java/org/onap/aaf/certservice/certification/CertificationExceptionControllerTest.java @@ -23,13 +23,17 @@ package org.onap.aaf.certservice.certification; import com.google.gson.Gson; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; +import org.onap.aaf.certservice.certification.exception.Cmpv2ClientAdapterException; import org.onap.aaf.certservice.certification.exception.Cmpv2ServerNotFoundException; import org.onap.aaf.certservice.certification.exception.CsrDecryptionException; import org.onap.aaf.certservice.certification.exception.ErrorResponseModel; import org.onap.aaf.certservice.certification.exception.KeyDecryptionException; +import org.onap.aaf.certservice.cmpv2client.exceptions.CmpClientException; +import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertThrows; class CertificationExceptionControllerTest { @@ -43,46 +47,98 @@ class CertificationExceptionControllerTest { @Test void shouldReturnResponseEntityWithAppropriateErrorMessageWhenGivenCsrDecryptionException() { - // given + // Given String expectedMessage = "Wrong certificate signing request (CSR) format"; CsrDecryptionException csrDecryptionException = new CsrDecryptionException("test csr exception"); - // when + // When ResponseEntity<String> responseEntity = certificationExceptionController.handle(csrDecryptionException); ErrorResponseModel response = new Gson().fromJson(responseEntity.getBody(), ErrorResponseModel.class); - // then + // Then + assertEquals(HttpStatus.BAD_REQUEST, responseEntity.getStatusCode()); assertEquals(expectedMessage, response.getErrorMessage()); } @Test void shouldReturnResponseEntityWithAppropriateErrorMessageWhenGivenKeyDecryptionException() { - // given + // Given String expectedMessage = "Wrong key (PK) format"; KeyDecryptionException csrDecryptionException = new KeyDecryptionException("test pk exception"); - // when + // When ResponseEntity<String> responseEntity = certificationExceptionController.handle(csrDecryptionException); ErrorResponseModel response = new Gson().fromJson(responseEntity.getBody(), ErrorResponseModel.class); - // then + // Then + assertEquals(HttpStatus.BAD_REQUEST, responseEntity.getStatusCode()); assertEquals(expectedMessage, response.getErrorMessage()); } @Test void shouldReturnResponseEntityWithAppropriateErrorMessageWhenGivenCaNameIsNotPresentInConfig() { - // given + // Given String expectedMessage = "Certification authority not found for given CAName"; Cmpv2ServerNotFoundException csrDecryptionException = new Cmpv2ServerNotFoundException("test Ca exception"); - // when + // When ResponseEntity<String> responseEntity = certificationExceptionController.handle(csrDecryptionException); ErrorResponseModel response = new Gson().fromJson(responseEntity.getBody(), ErrorResponseModel.class); - // then + // Then + assertEquals(HttpStatus.NOT_FOUND, responseEntity.getStatusCode()); assertEquals(expectedMessage, response.getErrorMessage()); } + + @Test + void shouldReturnResponseEntityWithAppropriateErrorMessageWhenCallingCmpClientFail() { + // Given + String expectedMessage = "Exception occurred during call to cmp client"; + CmpClientException cmpClientException = new CmpClientException("Calling CMPv2 client failed"); + + // When + ResponseEntity<String> responseEntity = certificationExceptionController.handle(cmpClientException); + + ErrorResponseModel response = new Gson().fromJson(responseEntity.getBody(), ErrorResponseModel.class); + + // Then + assertEquals(HttpStatus.INTERNAL_SERVER_ERROR, responseEntity.getStatusCode()); + assertEquals(expectedMessage, response.getErrorMessage()); + } + + @Test + void shouldReturnResponseEntityWithAppropriateErrorMessageWhenModelTransformationInAdapterFail() { + // Given + String expectedMessage = "Exception occurred parsing cmp client response"; + Cmpv2ClientAdapterException cmpv2ClientAdapterException = new Cmpv2ClientAdapterException(new Throwable()); + + // When + ResponseEntity<String> responseEntity = certificationExceptionController.handle(cmpv2ClientAdapterException); + + ErrorResponseModel response = new Gson().fromJson(responseEntity.getBody(), ErrorResponseModel.class); + + // Then + assertEquals(HttpStatus.INTERNAL_SERVER_ERROR, responseEntity.getStatusCode()); + assertEquals(expectedMessage, response.getErrorMessage()); + } + + @Test + void shouldThrowCmpClientExceptionWhenNotHandledRunTimeExceptionOccur() { + // Given + String expectedMessage = "Runtime exception occurred calling cmp client business logic"; + RuntimeException runtimeException = new RuntimeException("Unknown runtime exception"); + + // When + Exception exception = assertThrows( + CmpClientException.class, () -> + certificationExceptionController.handle(runtimeException) + ); + + // Then + assertEquals(expectedMessage, exception.getMessage()); + } + } diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/CertificationModelFactoryTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/CertificationModelFactoryTest.java index 50e604e2..1b896a4b 100644 --- a/certService/src/test/java/org/onap/aaf/certservice/certification/CertificationModelFactoryTest.java +++ b/certService/src/test/java/org/onap/aaf/certservice/certification/CertificationModelFactoryTest.java @@ -27,49 +27,77 @@ import org.mockito.Mock; import org.mockito.junit.jupiter.MockitoExtension; import org.onap.aaf.certservice.certification.configuration.Cmpv2ServerProvider; import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server; +import org.onap.aaf.certservice.certification.exception.Cmpv2ClientAdapterException; import org.onap.aaf.certservice.certification.exception.Cmpv2ServerNotFoundException; +import org.onap.aaf.certservice.certification.exception.CsrDecryptionException; +import org.onap.aaf.certservice.certification.exception.DecryptionException; import org.onap.aaf.certservice.certification.model.CertificationModel; import org.onap.aaf.certservice.certification.model.CsrModel; +import org.onap.aaf.certservice.cmpv2client.exceptions.CmpClientException; -import java.util.Optional; +import java.util.Arrays; +import java.util.Base64; +import java.util.List; import static org.assertj.core.api.Assertions.assertThat; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; +import static org.mockito.ArgumentMatchers.eq; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; import static org.onap.aaf.certservice.certification.CertificationData.CA_CERT; import static org.onap.aaf.certservice.certification.CertificationData.ENTITY_CERT; import static org.onap.aaf.certservice.certification.CertificationData.INTERMEDIATE_CERT; import static org.onap.aaf.certservice.certification.CertificationData.EXTRA_CA_CERT; +import static org.onap.aaf.certservice.certification.TestData.TEST_CSR; +import static org.onap.aaf.certservice.certification.TestData.TEST_PK; +import static org.onap.aaf.certservice.certification.TestData.TEST_WRONG_CSR; +import static org.onap.aaf.certservice.certification.TestData.TEST_WRONG_PEM; @ExtendWith(MockitoExtension.class) class CertificationModelFactoryTest { private static final String TEST_CA = "testCA"; + private static final String ENCODED_CSR = getEncodedString(TEST_CSR); + private static final String ENCODED_PK = getEncodedString(TEST_PK); + private static final String ENCODED_WRONG_CSR = getEncodedString(TEST_WRONG_CSR); + private static final String ENCODED_WRONG_PK = getEncodedString(TEST_WRONG_PEM); private CertificationModelFactory certificationModelFactory; @Mock - Cmpv2ServerProvider cmpv2ServerProvider; + private Cmpv2ServerProvider cmpv2ServerProvider; + @Mock + private CsrModelFactory csrModelFactory; + @Mock + private CertificationProvider certificationProvider; + + + private static String getEncodedString(String testCsr) { + return Base64.getEncoder().encodeToString(testCsr.getBytes()); + } @BeforeEach void setUp() { - certificationModelFactory = new CertificationModelFactory(cmpv2ServerProvider); + certificationModelFactory = + new CertificationModelFactory(csrModelFactory, cmpv2ServerProvider, certificationProvider); } @Test - void shouldCreateProperCertificationModelWhenGivenProperCsrModelAndCaName() { - // given - CsrModel mockedCsrModel = mock(CsrModel.class); - when(cmpv2ServerProvider.getCmpv2Server(TEST_CA)).thenReturn(Optional.of(createTestCmpv2Server())); + void shouldCreateProperCertificationModelWhenGivenProperCsrModelAndCaName() + throws CmpClientException, DecryptionException, Cmpv2ClientAdapterException { - // when + // Given + CsrModel csrModel = mockCsrFactoryModelCreation(); + Cmpv2Server testServer = mockCmpv2ProviderServerSelection(); + mockCertificateProviderCertificateSigning(csrModel, testServer); + + // When CertificationModel certificationModel = - certificationModelFactory.createCertificationModel(mockedCsrModel ,TEST_CA); + certificationModelFactory.createCertificationModel(ENCODED_CSR, ENCODED_PK,TEST_CA); - //then + // Then assertEquals(2, certificationModel.getCertificateChain().size()); assertThat(certificationModel.getCertificateChain()).contains(INTERMEDIATE_CERT, ENTITY_CERT); assertEquals(2, certificationModel.getTrustedCertificates().size()); @@ -77,23 +105,116 @@ class CertificationModelFactoryTest { } @Test - void shouldThrowCmpv2ServerNotFoundExceptionWhenGivenWrongCaName() { - // given + void shouldThrowDecryptionExceptionWhenGivenWrongEncodedCSR() + throws DecryptionException { + // Given + String expectedMessage = "Incorrect CSR, decryption failed"; + when( + csrModelFactory.createCsrModel( + eq(new CsrModelFactory.StringBase64(ENCODED_WRONG_CSR)), + eq(new CsrModelFactory.StringBase64(ENCODED_WRONG_PK)) + ) + ).thenThrow( + new CsrDecryptionException(expectedMessage) + ); + + // When + Exception exception = assertThrows( + DecryptionException.class, () -> + certificationModelFactory.createCertificationModel(ENCODED_WRONG_CSR, ENCODED_WRONG_PK, TEST_CA) + ); + + // Then + assertTrue(exception.getMessage().contains(expectedMessage)); + } + + @Test + void shouldThrowCmpv2ServerNotFoundExceptionWhenGivenWrongCaName() + throws DecryptionException { + // Given String expectedMessage = "CA not found"; - CsrModel mockedCsrModel = mock(CsrModel.class); - when(cmpv2ServerProvider.getCmpv2Server(TEST_CA)).thenThrow(new Cmpv2ServerNotFoundException(expectedMessage)); + mockCsrFactoryModelCreation(); + when( + cmpv2ServerProvider.getCmpv2Server(TEST_CA) + ).thenThrow( + new Cmpv2ServerNotFoundException(expectedMessage) + ); - // when + // When Exception exception = assertThrows( Cmpv2ServerNotFoundException.class, () -> - certificationModelFactory.createCertificationModel(mockedCsrModel ,TEST_CA) + certificationModelFactory.createCertificationModel(ENCODED_CSR, ENCODED_PK, TEST_CA) + ); + + // Then + assertTrue(exception.getMessage().contains(expectedMessage)); + } + + @Test + void shouldThrowCmpClientExceptionWhenSigningCsrFailed() + throws DecryptionException, CmpClientException, Cmpv2ClientAdapterException { + // Given + String expectedMessage = "failed to sign certificate"; + CsrModel csrModel = mockCsrFactoryModelCreation(); + Cmpv2Server testServer = mockCmpv2ProviderServerSelection(); + when( + certificationProvider.signCsr(eq(csrModel), eq(testServer)) + ).thenThrow( + new CmpClientException(expectedMessage) + ); + + // When + Exception exception = assertThrows( + CmpClientException.class, () -> + certificationModelFactory.createCertificationModel(ENCODED_CSR, ENCODED_PK, TEST_CA) ); - // then + // Then assertTrue(exception.getMessage().contains(expectedMessage)); } - private Cmpv2Server createTestCmpv2Server() { + + private void mockCertificateProviderCertificateSigning(CsrModel csrModel, Cmpv2Server testServer) + throws CmpClientException, Cmpv2ClientAdapterException { + CertificationModel expectedCertificationModel = getCertificationModel(); + when( + certificationProvider.signCsr(eq(csrModel), eq(testServer)) + ).thenReturn(expectedCertificationModel); + } + + private Cmpv2Server mockCmpv2ProviderServerSelection() { + Cmpv2Server testServer = getCmpv2Server(); + when( + cmpv2ServerProvider.getCmpv2Server(eq(TEST_CA)) + ).thenReturn(testServer); + return testServer; + } + + private CsrModel mockCsrFactoryModelCreation() + throws DecryptionException { + CsrModel csrModel = getCsrModel(); + when( + csrModelFactory.createCsrModel( + eq(new CsrModelFactory.StringBase64(ENCODED_CSR)), + eq(new CsrModelFactory.StringBase64(ENCODED_PK)) + ) + ).thenReturn(csrModel); + return csrModel; + } + + private Cmpv2Server getCmpv2Server() { return new Cmpv2Server(); } + + private CsrModel getCsrModel() { + return mock(CsrModel.class); + } + + private CertificationModel getCertificationModel() { + List<String> testTrustedCertificates = Arrays.asList(CA_CERT, EXTRA_CA_CERT); + List<String> testCertificationChain = Arrays.asList(INTERMEDIATE_CERT, ENTITY_CERT); + return new CertificationModel(testCertificationChain, testTrustedCertificates); + } + + } diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/CertificationProviderTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/CertificationProviderTest.java new file mode 100644 index 00000000..aa6f1d08 --- /dev/null +++ b/certService/src/test/java/org/onap/aaf/certservice/certification/CertificationProviderTest.java @@ -0,0 +1,93 @@ +/* + * ============LICENSE_START======================================================= + * AAF Certification Service + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aaf.certservice.certification; + +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; +import org.mockito.Mock; +import org.mockito.junit.jupiter.MockitoExtension; +import org.onap.aaf.certservice.certification.adapter.Cmpv2ClientAdapter; +import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server; +import org.onap.aaf.certservice.certification.exception.Cmpv2ClientAdapterException; +import org.onap.aaf.certservice.certification.exception.DecryptionException; +import org.onap.aaf.certservice.certification.model.CertificationModel; +import org.onap.aaf.certservice.certification.model.CsrModel; +import org.onap.aaf.certservice.cmpv2client.exceptions.CmpClientException; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.junit.jupiter.api.Assertions.assertThrows; +import static org.mockito.ArgumentMatchers.eq; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; + +@ExtendWith(MockitoExtension.class) +class CertificationProviderTest { + + private CertificationProvider certificationProvider; + + @Mock + private Cmpv2ClientAdapter cmpv2ClientAdapter; + + @BeforeEach + void setUp() { + certificationProvider = new CertificationProvider(cmpv2ClientAdapter); + } + + @Test + void certificationProviderShouldReturnCertificationModelWhenProvidedProperCsrModelAndCmpv2Server() + throws CmpClientException, Cmpv2ClientAdapterException { + // Given + CsrModel testCsrModel = mock(CsrModel.class); + Cmpv2Server testServer = mock(Cmpv2Server.class); + CertificationModel expectedCertificationModel = mock(CertificationModel.class); + when( + cmpv2ClientAdapter.callCmpClient(eq(testCsrModel), eq(testServer)) + ).thenReturn(expectedCertificationModel); + + // When + CertificationModel receivedCertificationModel = certificationProvider.signCsr(testCsrModel, testServer); + + // Then + assertThat(receivedCertificationModel).isEqualTo(expectedCertificationModel); + } + + @Test + void certificationProviderThrowCmpClientWhenCallingClientFails() + throws CmpClientException, Cmpv2ClientAdapterException { + // Given + CsrModel testCsrModel = mock(CsrModel.class); + Cmpv2Server testServer = mock(Cmpv2Server.class); + String expectedErrorMessage = "connecting to CMP client failed"; + when( + cmpv2ClientAdapter.callCmpClient(eq(testCsrModel), eq(testServer)) + ).thenThrow(new CmpClientException(expectedErrorMessage)); + + // When + Exception exception = assertThrows( + CmpClientException.class, () -> + certificationProvider.signCsr(testCsrModel, testServer) + ); + + // Then + assertThat(exception.getMessage()).isEqualTo(expectedErrorMessage); + } + +} diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/CSRMetaBuilderTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/CSRMetaBuilderTest.java new file mode 100644 index 00000000..165c9ec1 --- /dev/null +++ b/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/CSRMetaBuilderTest.java @@ -0,0 +1,100 @@ +/* + * ============LICENSE_START======================================================= + * AAF Certification Service + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.certification.adapter; + +import org.bouncycastle.asn1.x500.X500Name; +import org.bouncycastle.pkcs.PKCS10CertificationRequest; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.onap.aaf.certservice.certification.configuration.model.Authentication; +import org.onap.aaf.certservice.certification.configuration.model.CaMode; +import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server; +import org.onap.aaf.certservice.certification.model.CsrModel; +import org.onap.aaf.certservice.cmpv2client.external.CSRMeta; + +import java.security.PrivateKey; +import java.security.PublicKey; +import java.util.Arrays; +import java.util.Collections; +import java.util.List; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; + +public class CSRMetaBuilderTest { + + private CSRMetaBuilder csrMetaBuilder; + + private static final String TEST_CA = "testCA"; + private static final X500Name TEST_SUBJECT_DATA = new X500Name("CN=testIssuer"); + + @BeforeEach + void setUp() { + csrMetaBuilder = new CSRMetaBuilder(); + } + + @Test + void shouldBuildCsrMetaWhenGivenCsrModelAndCmpv2ServerAreCorrect() { + // Given + CsrModel testCsrModel = mock(CsrModel.class); + Cmpv2Server testServer = createTestServer(); + + PKCS10CertificationRequest certificationRequest = mock(PKCS10CertificationRequest.class); + when(testCsrModel.getCsr()).thenReturn(certificationRequest); + PrivateKey mockPrivateKey = mock(PrivateKey.class); + when(testCsrModel.getPrivateKey()).thenReturn(mockPrivateKey); + PublicKey mockPublicKey = mock(PublicKey.class); + when(testCsrModel.getPublicKey()).thenReturn(mockPublicKey); + List<String> testSans = Arrays.asList("SAN01","SAN02"); + when(testCsrModel.getSans()).thenReturn(testSans); + + when(testCsrModel.getSubjectData()).thenReturn(TEST_SUBJECT_DATA); + + // When + CSRMeta createdCSRMeta = csrMetaBuilder.build(testCsrModel, testServer); + + // Then + assertThat(createdCSRMeta.password()).isEqualTo(testServer.getAuthentication().getIak()); + assertThat(createdCSRMeta.senderKid()).isEqualTo(testServer.getAuthentication().getRv()); + assertThat(createdCSRMeta.caUrl()).isEqualTo(testServer.getUrl()); + assertThat(createdCSRMeta.sans()).containsAll(testSans); + assertThat(createdCSRMeta.keyPair().getPrivate()).isEqualTo(mockPrivateKey); + assertThat(createdCSRMeta.keyPair().getPublic()).isEqualTo(mockPublicKey); + assertThat(createdCSRMeta.x500Name()).isEqualTo(TEST_SUBJECT_DATA); + assertThat(createdCSRMeta.issuerx500Name()).isEqualTo(TEST_SUBJECT_DATA); + } + + private Cmpv2Server createTestServer() { + Cmpv2Server testServer = new Cmpv2Server(); + testServer.setCaName(TEST_CA); + testServer.setIssuerDN(TEST_SUBJECT_DATA); + testServer.setUrl("http://test.ca.server"); + Authentication testAuthentication = new Authentication(); + testAuthentication.setIak("testIak"); + testAuthentication.setRv("testRv"); + testServer.setAuthentication(testAuthentication); + testServer.setCaMode(CaMode.RA); + + return testServer; + } + +} diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapterTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapterTest.java new file mode 100644 index 00000000..296f63cd --- /dev/null +++ b/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapterTest.java @@ -0,0 +1,185 @@ +/* + * ============LICENSE_START======================================================= + * Cert Service + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.certification.adapter; + +import java.io.IOException; +import java.io.InputStream; +import java.io.StringWriter; +import java.nio.charset.StandardCharsets; +import java.security.NoSuchProviderException; +import java.security.PrivateKey; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; +import java.util.Arrays; +import java.util.Collections; +import java.util.List; +import java.util.Objects; +import org.apache.commons.io.IOUtils; +import org.bouncycastle.asn1.x509.Certificate; +import org.bouncycastle.cert.X509CertificateHolder; +import org.bouncycastle.cert.X509v3CertificateBuilder; +import org.bouncycastle.operator.ContentSigner; +import org.bouncycastle.operator.OperatorCreationException; +import org.bouncycastle.pkcs.PKCS10CertificationRequest; +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.Test; +import org.mockito.InjectMocks; +import org.mockito.Mock; +import org.mockito.Mockito; +import org.onap.aaf.certservice.certification.configuration.model.CaMode; +import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server; +import org.onap.aaf.certservice.certification.exception.Cmpv2ClientAdapterException; +import org.onap.aaf.certservice.certification.model.CertificationModel; +import org.onap.aaf.certservice.certification.model.CsrModel; +import org.onap.aaf.certservice.cmpv2client.api.CmpClient; +import org.onap.aaf.certservice.cmpv2client.exceptions.CmpClientException; +import org.onap.aaf.certservice.cmpv2client.external.CSRMeta; +import org.springframework.boot.test.context.SpringBootTest; + +@SpringBootTest +class Cmpv2ClientAdapterTest { + + @Mock + private CmpClient cmpClient; + @Mock + private CsrModel csrModel; + @Mock + private Cmpv2Server server; + @Mock + private RSAContentSignerBuilder rsaContentSignerBuilder; + @Mock + private X509CertificateBuilder x509CertificateBuilder; + @Mock + private PKCS10CertificationRequest csr; + @Mock + private PrivateKey privateKey; + @Mock + private X509v3CertificateBuilder x509V3CertificateBuilder; + @Mock + private ContentSigner contentSigner; + @Mock + private X509CertificateHolder holder; + @Mock + private Certificate asn1Certificate; + @Mock + private X509Certificate certificate; + @Mock + private CertificateFactoryProvider certificateFactoryProvider; + @Mock + private CSRMetaBuilder csrMetaBuilder; + @Mock + private CSRMeta csrMeta; + + @InjectMocks + private Cmpv2ClientAdapter adapter; + + private static final CaMode CA_MODEL = CaMode.CLIENT; + private static final String TEST_MSG = "Test"; + + @Test + void adapterShouldRethrowClientExceptionOnFailure() + throws CmpClientException, IOException, OperatorCreationException, CertificateException, + NoSuchProviderException { + // Given + stubInternalProperties(); + + // When + Mockito.when(cmpClient.createCertificate(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any())) + .thenThrow(new CmpClientException(TEST_MSG)); + + // Then + Assertions.assertThrows(CmpClientException.class, () -> adapter.callCmpClient(csrModel, server)); + } + + @Test + void shouldConvertToCertificationModel() + throws OperatorCreationException, CertificateException, NoSuchProviderException, IOException, + CmpClientException, Cmpv2ClientAdapterException { + // Given + stubInternalProperties(); + + // When + Mockito.when(cmpClient.createCertificate(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any())) + .thenReturn(createCorrectClientResponse()); + CertificationModel certificationModel = adapter.callCmpClient(csrModel, server); + + // Then + InputStream certificate = getClass().getClassLoader().getResourceAsStream("certificateModelChain.first"); + InputStream trustedCertificate = + getClass().getClassLoader().getResourceAsStream("trustedCertificatesModel.first"); + String certificateModel = removeLineEndings(certificationModel.getCertificateChain().get(0)); + String expectedCertificate = + removeLineEndings(IOUtils.toString(Objects.requireNonNull(certificate), StandardCharsets.UTF_8)); + String trustedCertificateModel = removeLineEndings(certificationModel.getTrustedCertificates().get(0)); + String expectedTrustedCertificate = + removeLineEndings(IOUtils.toString(Objects.requireNonNull(trustedCertificate), StandardCharsets.UTF_8)); + + Assertions.assertEquals(certificateModel, expectedCertificate); + Assertions.assertEquals(trustedCertificateModel, expectedTrustedCertificate); + } + + @Test + void adapterShouldThrowClientAdapterExceptionOnFailure() + throws OperatorCreationException, CertificateException, NoSuchProviderException, IOException, + CmpClientException { + // Given + stubInternalProperties(); + + // When + Mockito.when(cmpClient.createCertificate(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any())) + .thenReturn(createCorrectClientResponse()); + Mockito.when(certificateFactoryProvider.generateCertificate(Mockito.any())) + .thenThrow(new CertificateException(TEST_MSG)); + + // Then + Assertions.assertThrows(Cmpv2ClientAdapterException.class, () -> adapter.callCmpClient(csrModel, server)); + } + + private List<List<X509Certificate>> createCorrectClientResponse() + throws CertificateException, NoSuchProviderException { + InputStream certificateChain = getClass().getClassLoader().getResourceAsStream("certificateChain.first"); + InputStream trustedCertificate = getClass().getClassLoader().getResourceAsStream("trustedCertificates.first"); + X509Certificate x509Certificate = new CertificateFactoryProvider().generateCertificate(certificateChain); + X509Certificate x509TrustedCertificate = + new CertificateFactoryProvider().generateCertificate(trustedCertificate); + return Arrays.asList(Collections.singletonList(x509Certificate), + Collections.singletonList(x509TrustedCertificate)); + } + + private String removeLineEndings(String string) { + return string.replace("\n", "").replace("\r", ""); + } + + private void stubInternalProperties() + throws IOException, OperatorCreationException, CertificateException, NoSuchProviderException { + Mockito.when(server.getCaMode()).thenReturn(CA_MODEL); + Mockito.when(csrModel.getCsr()).thenReturn(csr); + Mockito.when(csrModel.getPrivateKey()).thenReturn(privateKey); + Mockito.when(x509CertificateBuilder.build(csr)).thenReturn(x509V3CertificateBuilder); + Mockito.when(rsaContentSignerBuilder.build(csr, privateKey)).thenReturn(contentSigner); + Mockito.when(x509V3CertificateBuilder.build(contentSigner)).thenReturn(holder); + Mockito.when(holder.toASN1Structure()).thenReturn(asn1Certificate); + Mockito.when(certificateFactoryProvider.generateCertificate(Mockito.any())).thenReturn(certificate); + Mockito.when(holder.toASN1Structure().getEncoded()).thenReturn("".getBytes()); + Mockito.when(csrMetaBuilder.build(csrModel, server)).thenReturn(csrMeta); + } + +} diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/Cmpv2ServerProviderTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/Cmpv2ServerProviderTest.java index 20a85783..7e14e470 100644 --- a/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/Cmpv2ServerProviderTest.java +++ b/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/Cmpv2ServerProviderTest.java @@ -29,10 +29,13 @@ import org.mockito.junit.jupiter.MockitoExtension; import org.onap.aaf.certservice.certification.configuration.model.Authentication; import org.onap.aaf.certservice.certification.configuration.model.CaMode; import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server; +import org.onap.aaf.certservice.certification.exception.Cmpv2ServerNotFoundException; import java.util.Collections; import static org.assertj.core.api.Assertions.assertThat; +import static org.junit.jupiter.api.Assertions.assertThrows; +import static org.junit.jupiter.api.Assertions.assertTrue; import static org.mockito.Mockito.when; @ExtendWith(MockitoExtension.class) @@ -53,32 +56,32 @@ class Cmpv2ServerProviderTest { @Test void shouldReturnOptionalWithServerWhenServerWithGivenCaNameIsPresentInConfig() { - // given + // Given Cmpv2Server testServer = createTestServer(); when(cmpServersConfig.getCmpServers()).thenReturn(Collections.singletonList(testServer)); - // when + // When Cmpv2Server receivedServer = cmpv2ServerProvider - .getCmpv2Server(TEST_CA) - .get(); + .getCmpv2Server(TEST_CA); - // then + // Then assertThat(receivedServer).isEqualToComparingFieldByField(testServer); } - @Test void shouldReturnEmptyOptionalWhenServerWithGivenCaNameIsNotPresentInConfig() { - // given + // Given + String expectedMessage = "No server found for given CA name"; when(cmpServersConfig.getCmpServers()).thenReturn(Collections.emptyList()); - // when - Boolean isEmpty = cmpv2ServerProvider - .getCmpv2Server(TEST_CA) - .isEmpty(); + // When + Exception exception = assertThrows( + Cmpv2ServerNotFoundException.class, () -> + cmpv2ServerProvider.getCmpv2Server(TEST_CA) + ); - // then - assertThat(isEmpty).isTrue(); + // Then + assertTrue(exception.getMessage().contains(expectedMessage)); } private Cmpv2Server createTestServer() { diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/model/CsrModelTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/model/CsrModelTest.java index f47f495f..45bd9664 100644 --- a/certService/src/test/java/org/onap/aaf/certservice/certification/model/CsrModelTest.java +++ b/certService/src/test/java/org/onap/aaf/certservice/certification/model/CsrModelTest.java @@ -50,15 +50,15 @@ class CsrModelTest { = new PemObjectFactory(); @Test void shouldByConstructedAndReturnProperFields() throws DecryptionException, IOException { - // given + // Given PemObject testPrivateKey = getPemPrivateKey(); PemObject testPublicKey = generateTestPublicKey(); PKCS10CertificationRequest testCsr = generateTestCertificationRequest(); - // when + // When CsrModel csrModel = generateTestCsrModel(testCsr); - // then + // Then assertThat(csrModel.getCsr()) .isEqualTo(testCsr); assertThat(csrModel.getPrivateKey().getEncoded()) @@ -75,7 +75,7 @@ class CsrModelTest { @Test void shouldThrowExceptionWhenPublicKeyIsNotCorrect() throws DecryptionException, IOException { - // given + // Given PemObject testPrivateKey = getPemPrivateKey(); PKCS10CertificationRequest testCsr = mock(PKCS10CertificationRequest.class); SubjectPublicKeyInfo wrongKryInfo = mock(SubjectPublicKeyInfo.class); @@ -84,7 +84,7 @@ class CsrModelTest { when(wrongKryInfo.getEncoded()) .thenThrow(new IOException()); - // when + // When Exception exception = assertThrows( CsrDecryptionException.class, () -> new CsrModel.CsrModelBuilder(testCsr, testPrivateKey).build() @@ -93,13 +93,13 @@ class CsrModelTest { String expectedMessage = "Reading Public Key from CSR failed"; String actualMessage = exception.getMessage(); - // then + // Then assertTrue(actualMessage.contains(expectedMessage)); } @Test void shouldThrowExceptionWhenPrivateKeyPemIsNotProperPrivateKey() throws KeyDecryptionException, IOException { - // given + // Given PemObject testPrivateKey = getPemWrongKey(); PKCS10CertificationRequest testCsr = mock(PKCS10CertificationRequest.class); SubjectPublicKeyInfo wrongKryInfo = mock(SubjectPublicKeyInfo.class); @@ -108,7 +108,7 @@ class CsrModelTest { when(wrongKryInfo.getEncoded()) .thenThrow(new IOException()); - // when + // When Exception exception = assertThrows( KeyDecryptionException.class, () -> new CsrModel.CsrModelBuilder(testCsr, testPrivateKey).build() @@ -117,13 +117,13 @@ class CsrModelTest { String expectedMessage = "Converting Private Key failed"; String actualMessage = exception.getMessage(); - // then + // Then assertTrue(actualMessage.contains(expectedMessage)); } @Test void shouldThrowExceptionWhenPublicKeyPemIsNotProperPublicKey() throws KeyDecryptionException, IOException { - // given + // Given PemObject testPrivateKey = getPemPrivateKey(); PemObject testPublicKey = getPemWrongKey(); PKCS10CertificationRequest testCsr = mock(PKCS10CertificationRequest.class); @@ -133,7 +133,7 @@ class CsrModelTest { when(wrongKryInfo.getEncoded()) .thenReturn(testPublicKey.getContent()); - // when + // When Exception exception = assertThrows( KeyDecryptionException.class, () -> new CsrModel.CsrModelBuilder(testCsr, testPrivateKey).build() @@ -142,7 +142,7 @@ class CsrModelTest { String expectedMessage = "Converting Public Key from CSR failed"; String actualMessage = exception.getMessage(); - // then + // Then assertTrue(actualMessage.contains(expectedMessage)); } |