Code Review / oom / platform / cert-service.git / blob
? search:


6686191f313560d5b85a2c931cf021a53e115632
[oom/platform/cert-service.git] / certService / src / test / java / org / onap / oom / certservice / cmpv2client / impl / CmpResponseHelperTest.java
1 /*-
2  * ============LICENSE_START=======================================================
3  * Copyright (C) 2020 Nokia. All rights reserved.
4  * ================================================================================
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at
8  *
9  *      http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  *
17  * SPDX-License-Identifier: Apache-2.0
18  * ============LICENSE_END=========================================================
19  */
20
21 package org.onap.oom.certservice.cmpv2client.impl;
22
23 import org.bouncycastle.asn1.cmp.CMPCertificate;
24 import org.bouncycastle.asn1.cmp.CertRepMessage;
25 import org.bouncycastle.asn1.cmp.PKIMessage;
26 import org.bouncycastle.util.io.pem.PemObject;
27 import org.bouncycastle.util.io.pem.PemReader;
28 import org.junit.jupiter.api.BeforeAll;
29 import org.junit.jupiter.api.Test;
30 import org.onap.oom.certservice.cmpv2client.exceptions.CmpClientException;
31 import org.onap.oom.certservice.cmpv2client.model.Cmpv2CertificationModel;
32
33 import java.io.ByteArrayInputStream;
34 import java.io.IOException;
35 import java.io.StringReader;
36 import java.security.NoSuchProviderException;
37 import java.security.Security;
38 import java.security.cert.Certificate;
39 import java.security.cert.CertificateEncodingException;
40 import java.security.cert.CertificateException;
41 import java.security.cert.CertificateFactory;
42 import java.security.cert.X509Certificate;
43
44 import static org.assertj.core.api.AssertionsForInterfaceTypes.assertThat;
45 import static org.junit.jupiter.api.Assertions.assertThrows;
46 import static org.mockito.Mockito.mock;
47 import static org.mockito.Mockito.when;
48
49 class CmpResponseHelperTest {
50
51
52     private static final String EXPECTED_ERROR_MESSAGE = "Something was wrong with the supplied certificate";
53
54     private static final String TEST_1LAYER_ENTITY_CERT = ""
55             + "-----BEGIN CERTIFICATE-----\n"
56             + "MIIEqDCCAxCgAwIBAgIUFioEkVJsxfZGGDMEyCA8Rin3uhQwDQYJKoZIhvcNAQEL\n"
57             + "BQAwYTEjMCEGCgmSJomT8ixkAQEME2MtMDM1ZDk4NTAwYzhiN2JiMjIxFTATBgNV\n"
58             + "BAMMDE1hbmFnZW1lbnRDQTEjMCEGA1UECgwaRUpCQ0EgQ29udGFpbmVyIFF1aWNr\n"
59             + "c3RhcnQwHhcNMjAwMzI0MTEzNTU0WhcNMjIwMzI0MTEzNTU0WjCBljEgMB4GCSqG\n"
60             + "SIb3DQEJARYRQ29tbW9uTmFtZUBjbi5jb20xDjAMBgNVBAMMBUNsMTIzMQ0wCwYD\n"
61             + "VQQLDARPTkFQMRkwFwYDVQQKDBBMaW51eC1Gb3VuZGF0aW9uMRYwFAYDVQQHDA1T\n"
62             + "YW4tRnJhbmNpc2NvMRMwEQYDVQQIDApDYWxpZm9ybmlhMQswCQYDVQQGEwJVUzCC\n"
63             + "ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL94FcmRn/g9Y9ZrEL+jKiud\n"
64             + "xzDdtVLoF0ijZOGG0rnzyimzzwOjd8LA0jiZlYtpoDef95bbMeZJMKzE3bA8EMFp\n"
65             + "hynqUHs/KdsLBV+o3J6EzlpYHrwypX7kOriw9o4dmPAxvJHXTu3HC2SejJjHHArk\n"
66             + "FyahEJ03ypvCJx3iPvGXkLI9tZetobiVXslBJd5t0hQj+JQxzAlTwS0fV+xMowFT\n"
67             + "css2IlGXfQgd88cdhXBVOE0//qln1ko3G3KeH58iIWLqh9KG660SCeoTCop7bO1N\n"
68             + "abVrcXlgdE06hAvzTj3FoBxqO5KEWDPo2Dr11qRdq8bLP2T0EbTzAw4DPUwE+H8C\n"
69             + "AwEAAaOBoTCBnjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFDPaBc+EX/hCLe5c\n"
70             + "d+oZIxcQZ1tHMB8GA1UdEQQYMBaCBUNsMTIzgg10ZXN0Lm9uYXAub3JnMB0GA1Ud\n"
71             + "JQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAdBgNVHQ4EFgQU4dP1HuV9O+sHInl+\n"
72             + "WuvdDJ63lp8wDgYDVR0PAQH/BAQDAgXgMA0GCSqGSIb3DQEBCwUAA4IBgQBWTF8C\n"
73             + "sH0ir4bj7rTlJMf5o7apkXFeQ/c7+zXnSLCfXqwM6ad0EDh3FixfTC8IpW5CaENt\n"
74             + "zTR7IGJr06ccwLgsigR7FxJKnEkxJiBxzkE3zFOEel3KAnV2b7KvOP7cJAzsCdcS\n"
75             + "iZU475XHOw4Ox3k8fHzhTJJa0Tzw5EjQ3GO99HTiUClGrjJuYDLfen1q7IQSNuTY\n"
76             + "FzxJZjyqzi34pkKeCNSPRj8Z8Q5aZiWqlmzSJmZRT83xzzeW/pQ1JwvIrWwrbEjR\n"
77             + "FPXBlUa1n2HztkDgeBQfRyMAj5ixFV+s1Jj+cEYl3pjbugnuHfgBdSJokXFGBo6N\n"
78             + "8PTd1CnMGWcWiMyhbTwNm2UiSr5KhQbjABjiUzDp4C7jFhIzmu/4/tm2uA+y0xPN\n"
79             + "342uEZC0ZSZmpCIbQMhPaBNjSHeHj8NaLHjnt5jppLkMxScayRqMvSW07eNew2+k\n"
80             + "VYJD6z6gfy4y+Y5MSLfvddq1JdPDU86TFprtD1ydcUBS5tduYQG2+1bLgpE="
81             + "\n-----END CERTIFICATE-----\n";
82
83     private static final String TEST_1LAYER_CA_CERT = ""
84             + "-----BEGIN CERTIFICATE-----\n"
85             + "MIIEszCCAxugAwIBAgIUEhkh+zJtXZN3K3kzQYcbp2smyIkwDQYJKoZIhvcNAQEL\n"
86             + "BQAwYTEjMCEGCgmSJomT8ixkAQEME2MtMDM1ZDk4NTAwYzhiN2JiMjIxFTATBgNV\n"
87             + "BAMMDE1hbmFnZW1lbnRDQTEjMCEGA1UECgwaRUpCQ0EgQ29udGFpbmVyIFF1aWNr\n"
88             + "c3RhcnQwHhcNMjAwMzI0MTAyODQyWhcNMzAwMzI0MTAyODQyWjBhMSMwIQYKCZIm\n"
89             + "iZPyLGQBAQwTYy0wMzVkOTg1MDBjOGI3YmIyMjEVMBMGA1UEAwwMTWFuYWdlbWVu\n"
90             + "dENBMSMwIQYDVQQKDBpFSkJDQSBDb250YWluZXIgUXVpY2tzdGFydDCCAaIwDQYJ\n"
91             + "KoZIhvcNAQEBBQADggGPADCCAYoCggGBAJyKZyKIRyW6cbga/I1YFJGCEEgs9JVU\n"
92             + "sV7MD5/yF4SIkJlZqFjJ9kfw8D5thg68zAx2vEWIpNTMroqb1eptIn/XsFoyM//6\n"
93             + "HzKrY3UUYWHx9sQMDZPenTL8LTRx+4szSen7rzrozH2pJat7kfX4EODEtQ6q7RQ2\n"
94             + "hmXoo7heeSgiHoeHsPGZixPGzcB27WBaY00Z/sP/n+f0CFaE04MKLw8WeQmq/RkC\n"
95             + "pj628+eBK0lGtEmUcT7z4CBy4x3hbhn9XHOb0+RlDk7rqFbsc09vHoZK2BfQ/r6e\n"
96             + "HguZjBQ5Ebqf6PiLF3HqkSW73toIdIy/olvQ2dLbOEyI4OnlObc+8xs/1AC7l9xX\n"
97             + "FkXY+NBv24KG1C2POXx14+ufHhWY0k2nIRUUlkUIJ7WGMWbuiNUXc1wSE1VrmY/c\n"
98             + "iXlhsJERqFc6bL/STlhOGuwmkdAD1/K8WS+o/QmIIX6cXlOR0U9bHMbD40F9fur6\n"
99             + "PV8wSKcQQNd0VHRLhmFwo4kkhZpDpuUp4QIDAQABo2MwYTAPBgNVHRMBAf8EBTAD\n"
100             + "AQH/MB8GA1UdIwQYMBaAFDPaBc+EX/hCLe5cd+oZIxcQZ1tHMB0GA1UdDgQWBBQz\n"
101             + "2gXPhF/4Qi3uXHfqGSMXEGdbRzAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQEL\n"
102             + "BQADggGBAFGsyu5nWycdk8iva+uY98QnPQe/M6uaUGUis0vGn9UYxoz5ddtpF3Z+\n"
103             + "MsHgbS51BH9iRYn4ZkQoRoukIjt1iO86d6sgpUS5AStCXsylL4DwAY5G/K5i/Qw5\n"
104             + "x0lP/tRYwqh2tUhmnx1xZLOWbRFZ63A0YHdguj3CqaXQ/cxafYZe0zcNhX3iH3gf\n"
105             + "5kHH8E682RT0x4ibb1JtPioQ48+pweyfMlOJkJ7WmZEfiVQitQSSNOnw1hRORiUz\n"
106             + "oFb0MlYHqe/9lIb9nmzD8QQ9q0H8J6RBCFsntx/Z6oUM8GHr80zAvNjqFfR14lOo\n"
107             + "jp05w2mr7wxIHFpM6h1HGY1QaeGp6W/fi+N7+gSL3nu1LzXVCYNCTcGkBDeasovB\n"
108             + "ma70KHGO4ZyRcEMKFCxxE8y4GZnw/EhMhDDevXAVsHEzr6XsBCJkC8e2l3iW5IKH\n"
109             + "4N/f/k06d4kS5pL290dJ450zx/mBxYGJm+pPHZfDszqVeKn1m1ZhGT80150OePGQ\n"
110             + "Cc2ir84HwQ=="
111             + "\n-----END CERTIFICATE-----\n";
112
113     private static final String TEST_2LAYER_ENTITY_CERT = ""
114             + "-----BEGIN CERTIFICATE-----\n"
115             + "MIIDjDCCAnSgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwgYQxCzAJBgNVBAYTAlVT\n"
116             + "MRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4tRnJhbmNpc2NvMRkw\n"
117             + "FwYDVQQKDBBMaW51eC1Gb3VuZGF0aW9uMQ0wCwYDVQQLDARPTkFQMR4wHAYDVQQD\n"
118             + "DBVpbnRlcm1lZGlhdGUub25hcC5vcmcwHhcNMjAwMjEyMDk1MTI2WhcNMjIxMTA4\n"
119             + "MDk1MTI2WjB7MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG\n"
120             + "A1UEBwwNU2FuLUZyYW5jaXNjbzEZMBcGA1UECgwQTGludXgtRm91bmRhdGlvbjEN\n"
121             + "MAsGA1UECwwET05BUDEVMBMGA1UEAwwMdmlkLm9uYXAub3JnMIIBIjANBgkqhkiG\n"
122             + "9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw+GIRzJzUOh0gtc+wzFJEdTnn+q5F10L0Yhr\n"
123             + "G1xKdjPieHIFGsoiXwcuCU8arNSqlz7ocx62KQRkcA8y6edlOAsYtdOEJvqEI9vc\n"
124             + "eyTB/HYsbzw3URPGch4AmibrQkKU9QvGwouHtHn4R2Ft2Y0tfEqv9hxj9v4njq4A\n"
125             + "EiDLAFLl5FmVyCZu/MtKngSgu1smcaFKTYySPMxytgJZexoa/ALZyyE0gRhsvwHm\n"
126             + "NLGCPt1bmE/PEGZybsCqliyTO0S56ncD55The7+D/UDS4kE1Wg0svlWon/YsE6QW\n"
127             + "B3oeJDX7Kr8ebDTIAErevIAD7Sm4ee5se2zxYrsYlj0MzHZtvwIDAQABoxAwDjAM\n"
128             + "BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCvQ1pTvjON6vSlcJRKSY4r\n"
129             + "8q7L4/9ZaVXWJAjzEYJtPIqsgGiPWz0vGfgklowU6tZxp9zRZFXfMil+mPQSe+yo\n"
130             + "ULrZSQ/z48YHPueE/BNO/nT4aaVBEhPLR5aVwC7uQVX8H+m1V1UGT8lk9vdI9rej\n"
131             + "CI9l524sLCpdE4dFXiWK2XHEZ0Vfylk221u3IYEogVVA+UMX7BFPSsOnI2vtYK/i\n"
132             + "lwZtlri8LtTusNe4oiTkYyq+RSyDhtAswg8ANgvfHolhCHoLFj6w1IkG88UCmbwN\n"
133             + "d7BoGMy06y5MJxyXEZG0vR7eNeLey0TIh+rAszAFPsIQvrOHW+HuA+WLQAj1mhnm\n"
134             + "-----END CERTIFICATE-----";
135
136     private static final String TEST_2LAYER_INTERMEDIATE_CERT = ""
137             + "-----BEGIN CERTIFICATE-----\n"
138             + "MIIDqTCCApGgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZcxCzAJBgNVBAYTAlVT\n"
139             + "MRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4tRnJhbmNpc2NvMRkw\n"
140             + "FwYDVQQKDBBMaW51eC1Gb3VuZGF0aW9uMQ0wCwYDVQQLDARPTkFQMREwDwYDVQQD\n"
141             + "DAhvbmFwLm9yZzEeMBwGCSqGSIb3DQEJARYPdGVzdGVyQG9uYXAub3JnMB4XDTIw\n"
142             + "MDIxMjA5NDAxMloXDTIyMTEwODA5NDAxMlowgYQxCzAJBgNVBAYTAlVTMRMwEQYD\n"
143             + "VQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4tRnJhbmNpc2NvMRkwFwYDVQQK\n"
144             + "DBBMaW51eC1Gb3VuZGF0aW9uMQ0wCwYDVQQLDARPTkFQMR4wHAYDVQQDDBVpbnRl\n"
145             + "cm1lZGlhdGUub25hcC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB\n"
146             + "AQC1oOYMZ6G+2DGDAizYnzdCNiogivlht1s4oqgem7fM1XFPxD2p31ATIibOdqr/\n"
147             + "gv1qemO9Q4r1xn6w1Ufq7T1K7PjnMzdSeTqZefurE2JM/HHx2QvW4TjMlz2ILgaD\n"
148             + "L1LN60kmMQSOi5VxKJpsrCQxbOsxhvefd212gny5AZMcjJe23kUd9OxUrtvpdLEv\n"
149             + "wI3vFEvT7oRUnEUg/XNz7qeg33vf1C39yMR+6O4s6oevgsEebVKjb+yOoS6zzGtz\n"
150             + "72wZjm07C54ZlO+4Uy+QAlMjRiU3mgWkKbkOy+4CvwehjhpTikdBs2DX39ZLGHhn\n"
151             + "L/0a2NYtGulp9XEqmTvRoI+PAgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n"
152             + "hvcNAQELBQADggEBADcitdJ6YswiV8jAD9GK0gf3+zqcGegt4kt+79JXlXYbb1sY\n"
153             + "q3o6prcB7nSUoClgF2xUPCslFGpM0Er9FCSFElQM/ru0l/KVmJS6kSpwEHvsYIH3\n"
154             + "q5anta+Pyk8JSQWAAw+qrind0uBQMnhR8Tn13tgV+Kjvg/xlH/nZIEdN5YtLB1cA\n"
155             + "beVsZRyRfVL9DeZU8s/MZ5wC3kgcEp5A4m5lg7HyBxBdqhzFcDr6xiy6OGqW8Yep\n"
156             + "xrwfc8Fw8a/lOv4U+tBeGNKPQDYaL9hh+oM+qMkNXsHXDqdJsuEGJtU4i3Wcwzoc\n"
157             + "XGN5NWV//4bP+NFmwgcn7AYCdRvz04A8GU/0Cwg=\n"
158             + "-----END CERTIFICATE-----";
159
160     private static final String TEST_2LAYER_CA_CERT = ""
161             + "-----BEGIN CERTIFICATE-----\n"
162             + "MIIDtzCCAp8CFAwqQddh4/iyGfP8UZ3dpXlxfAN8MA0GCSqGSIb3DQEBCwUAMIGX\n"
163             + "MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2Fu\n"
164             + "LUZyYW5jaXNjbzEZMBcGA1UECgwQTGludXgtRm91bmRhdGlvbjENMAsGA1UECwwE\n"
165             + "T05BUDERMA8GA1UEAwwIb25hcC5vcmcxHjAcBgkqhkiG9w0BCQEWD3Rlc3RlckBv\n"
166             + "bmFwLm9yZzAeFw0yMDAyMTIwOTM0MjdaFw0yMTAyMTEwOTM0MjdaMIGXMQswCQYD\n"
167             + "VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuLUZyYW5j\n"
168             + "aXNjbzEZMBcGA1UECgwQTGludXgtRm91bmRhdGlvbjENMAsGA1UECwwET05BUDER\n"
169             + "MA8GA1UEAwwIb25hcC5vcmcxHjAcBgkqhkiG9w0BCQEWD3Rlc3RlckBvbmFwLm9y\n"
170             + "ZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCFrnO7/eT6V+7XkPPd\n"
171             + "eiL/6xXreuegvit/1/jTVjG+3AOVcmTn2WXwXXRcQLvkWQfJVPoltsY8E3FqFRti\n"
172             + "797XjY6cdQJFVDyzNU0+Fb4vJL9FK5wSvnS6EFjBEn3JvXRlENorDCs/mfjkjJoa\n"
173             + "Dl74gXQEJYcg4nsTeNIj7cm3Q7VK3mZt1t7LSJJ+czxv69UJDuNJpmQ/2WOKyLZA\n"
174             + "gTtBJ+Hyol45/OLsrqwq1dAn9ZRWIFPvRt/XQYH9bI/6MtqSreRVUrdYCiTe/XpP\n"
175             + "B/OM6NEi2+p5QLi3Yi70CEbqP3HqUVbkzF+r7bwIb6M5/HxfqzLmGwLvD+6rYnUn\n"
176             + "Bm8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAhXoO65DXth2X/zFRNsCNpLwmDy7r\n"
177             + "PxT9ZAIZAzSxx3/aCYiuTrKP1JnqjkO+F2IbikrI4n6sKO49SKnRf9SWTFhd+5dX\n"
178             + "vxq5y7MaqxHAY9J7+Qzq33+COVFQnaF7ddel2NbyUVb2b9ZINNsaZkkPXui6DtQ7\n"
179             + "/Fb/1tmAGWd3hMp75G2thBSzs816JMKKa9WD+4VGATEs6OSll4sv2fOZEn+0mAD3\n"
180             + "9q9c+WtLGIudOwcHwzPb2njtNntQSCK/tVOqbY+vzhMY3JW+p9oSrLDSdGC+pAKK\n"
181             + "m/wB+2VPIYcsPMtIhHC4tgoSaiCqjXYptaOh4b8ye8CPBUCpX/AYYkN0Ow==\n"
182             + "-----END CERTIFICATE-----";
183
184
185     @BeforeAll
186     static void setUpSecurity() {
187         Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
188     }
189
190
191     @Test
192     void returnListOfCertificationWhenGivenCaCertInCaPubsAndEntityCertInLeafCertificate()
193             throws CertificateException, CmpClientException, IOException, NoSuchProviderException {
194         //  given
195         PKIMessage respPkiMessage = mockExtraCerts(null);
196
197         CMPCertificate caCmpCertificate = mockCmpCertificateFromPem(TEST_1LAYER_CA_CERT);
198         CMPCertificate[] cmpCertificates = {caCmpCertificate};
199         CertRepMessage certRepMessage = mockCaPubs(cmpCertificates);
200
201         X509Certificate leafCertificate = getX509CertificateFromPem(TEST_1LAYER_ENTITY_CERT);
202
203         //  when
204         Cmpv2CertificationModel certs = CmpResponseHelper.verifyAndReturnCertChainAndTrustSTore(
205                 respPkiMessage, certRepMessage, leafCertificate);
206
207         // then
208         assertThatChainContainsEntityCertificate(certs, TEST_1LAYER_ENTITY_CERT);
209
210         assertThatRootCaAndTrustedCaAreInSecondList(certs, caCmpCertificate);
211     }
212
213     @Test
214     void returnListOfCertificationWhenGivenCaCertInExtraCertsAndEntityCertInLeafCertificate()
215             throws CertificateException, CmpClientException, IOException, NoSuchProviderException {
216         //  given
217         CMPCertificate caCmpCertificate = mockCmpCertificateFromPem(TEST_1LAYER_CA_CERT);
218         CMPCertificate[] extraCmpCertificates = {caCmpCertificate};
219         PKIMessage respPkiMessage = mockExtraCerts(extraCmpCertificates);
220
221         CertRepMessage certRepMessage = mockCaPubs(null);
222
223         X509Certificate leafCertificate = getX509CertificateFromPem(TEST_1LAYER_ENTITY_CERT);
224
225         //  when
226         Cmpv2CertificationModel certs = CmpResponseHelper.verifyAndReturnCertChainAndTrustSTore(
227                 respPkiMessage, certRepMessage, leafCertificate);
228
229         // then
230         assertThatChainContainsEntityCertificate(certs, TEST_1LAYER_ENTITY_CERT);
231
232         assertThatRootCaAndTrustedCaAreInSecondList(certs, caCmpCertificate);
233     }
234
235     @Test
236     void returnListOfCertificationWhenGivenCaCertInExtraCertsAndExtraTrustAnchorInCaPubsAndEntityCertInLeafCertificate()
237             throws CertificateException, CmpClientException, IOException, NoSuchProviderException {
238         //  given
239         CMPCertificate caCmpCertificate = mockCmpCertificateFromPem(TEST_1LAYER_CA_CERT);
240         CMPCertificate[] extraCmpCertificates = {caCmpCertificate};
241         PKIMessage respPkiMessage = mockExtraCerts(extraCmpCertificates);
242
243         CMPCertificate extraTrustAnchor = mockCmpCertificateFromPem(TEST_2LAYER_CA_CERT);
244         CMPCertificate[] cmpCertificates = {extraTrustAnchor};
245         CertRepMessage certRepMessage = mockCaPubs(cmpCertificates);
246
247         X509Certificate leafCertificate = getX509CertificateFromPem(TEST_1LAYER_ENTITY_CERT);
248
249         //  when
250         Cmpv2CertificationModel certs = CmpResponseHelper.verifyAndReturnCertChainAndTrustSTore(
251                 respPkiMessage, certRepMessage, leafCertificate);
252
253         // then
254         assertThatChainContainsEntityCertificate(certs, TEST_1LAYER_ENTITY_CERT);
255
256         assertThatRootCaAndTrustedCaAreInSecondList(
257                 certs,
258                 caCmpCertificate, extraTrustAnchor
259         );
260     }
261
262     @Test
263     void returnListOfCertificationWhenGivenCaCertInExtraCertsAndExtraTrustAnchorInExtraCertsAndEntityCertInLeafCertificate()
264             throws CertificateException, CmpClientException, IOException, NoSuchProviderException {
265         //  given
266         CMPCertificate trustedCmpCertificate = mockCmpCertificateFromPem(TEST_2LAYER_CA_CERT);
267         CMPCertificate caCmpCertificate = mockCmpCertificateFromPem(TEST_1LAYER_CA_CERT);
268         CMPCertificate[] extraCmpCertificates = {caCmpCertificate, trustedCmpCertificate};
269         PKIMessage respPkiMessage = mockExtraCerts(extraCmpCertificates);
270
271         CertRepMessage certRepMessage = mockCaPubs(null);
272
273         X509Certificate leafCertificate = getX509CertificateFromPem(TEST_1LAYER_ENTITY_CERT);
274
275         //  when
276         Cmpv2CertificationModel certs = CmpResponseHelper.verifyAndReturnCertChainAndTrustSTore(
277                 respPkiMessage, certRepMessage, leafCertificate);
278
279         // then
280         assertThatChainContainsEntityCertificate(certs, TEST_1LAYER_ENTITY_CERT);
281
282         assertThatRootCaAndTrustedCaAreInSecondList(
283                 certs,
284                 caCmpCertificate, trustedCmpCertificate
285         );
286     }
287
288     @Test
289     void returnListOfCertificationWhenGivenCaCertAndIntermediateCertInExtraCertsAndEntityCertInLeafCertificate()
290             throws CertificateException, CmpClientException, IOException, NoSuchProviderException {
291         //  given
292         CMPCertificate caCmpCertificate = mockCmpCertificateFromPem(TEST_2LAYER_CA_CERT);
293         CMPCertificate intermediateCmpCertificate = mockCmpCertificateFromPem(TEST_2LAYER_INTERMEDIATE_CERT);
294         CMPCertificate[] extraCmpCertificates = {caCmpCertificate, intermediateCmpCertificate};
295         PKIMessage respPkiMessage = mockExtraCerts(extraCmpCertificates);
296
297         CertRepMessage certRepMessage = mockCaPubs(null);
298
299         X509Certificate leafCertificate = getX509CertificateFromPem(TEST_2LAYER_ENTITY_CERT);
300
301         //  when
302         Cmpv2CertificationModel certs = CmpResponseHelper.verifyAndReturnCertChainAndTrustSTore(
303                 respPkiMessage, certRepMessage, leafCertificate);
304
305         // then
306         assertThatChainContainsEntityAndIntermediateCertificate(certs, TEST_2LAYER_ENTITY_CERT, TEST_2LAYER_INTERMEDIATE_CERT);
307
308         assertThatRootCaAndTrustedCaAreInSecondList(
309                 certs,
310                 caCmpCertificate
311         );
312     }
313
314     @Test
315     void returnListOfCertificationWhenGivenCaCertAndIntermediateCertInCmpCertificatesAndEntityCertInLeafCertificate()
316             throws CertificateException, CmpClientException, IOException, NoSuchProviderException {
317         //  given
318         PKIMessage respPkiMessage = mockExtraCerts(null);
319
320         CMPCertificate caCmpCertificate = mockCmpCertificateFromPem(TEST_2LAYER_CA_CERT);
321         CMPCertificate intermediateCmpCertificate = mockCmpCertificateFromPem(TEST_2LAYER_INTERMEDIATE_CERT);
322         CMPCertificate[] cmpCertificates = {caCmpCertificate, intermediateCmpCertificate};
323         CertRepMessage certRepMessage = mockCaPubs(cmpCertificates);
324
325         X509Certificate leafCertificate = getX509CertificateFromPem(TEST_2LAYER_ENTITY_CERT);
326
327         //  when
328         Cmpv2CertificationModel certs = CmpResponseHelper.verifyAndReturnCertChainAndTrustSTore(
329                 respPkiMessage, certRepMessage, leafCertificate);
330
331         // then
332         assertThatChainContainsEntityAndIntermediateCertificate(certs, TEST_2LAYER_ENTITY_CERT, TEST_2LAYER_INTERMEDIATE_CERT);
333
334         assertThatRootCaAndTrustedCaAreInSecondList(
335                 certs,
336                 caCmpCertificate
337         );
338     }
339
340     @Test
341     void returnListOfCertificationWhenGivenCaCertInCaPubsAndIntermediateCertInExtraCertsAndEntityCertInLeafCertificate()
342             throws CertificateException, CmpClientException, IOException, NoSuchProviderException {
343         //  given
344         CMPCertificate intermediateCmpCertificate = mockCmpCertificateFromPem(TEST_2LAYER_INTERMEDIATE_CERT);
345         CMPCertificate[] extraCmpCertificates = {intermediateCmpCertificate};
346         PKIMessage respPkiMessage = mockExtraCerts(extraCmpCertificates);
347
348         CMPCertificate caCmpCertificate = mockCmpCertificateFromPem(TEST_2LAYER_CA_CERT);
349         CMPCertificate[] cmpCertificates = {caCmpCertificate};
350         CertRepMessage certRepMessage = mockCaPubs(cmpCertificates);
351
352         X509Certificate leafCertificate = getX509CertificateFromPem(TEST_2LAYER_ENTITY_CERT);
353
354         //  when
355         Cmpv2CertificationModel certs = CmpResponseHelper.verifyAndReturnCertChainAndTrustSTore(
356                 respPkiMessage, certRepMessage, leafCertificate);
357
358         // then
359         assertThatChainContainsEntityAndIntermediateCertificate(certs, TEST_2LAYER_ENTITY_CERT, TEST_2LAYER_INTERMEDIATE_CERT);
360
361         assertThatRootCaAndTrustedCaAreInSecondList(
362                 certs,
363                 caCmpCertificate
364         );
365     }
366
367     @Test
368     void returnListOfCertificationWhenGivenCaCertInCaPubsAndExtraCertsAndEntityCertInLeafCertificate()
369             throws CertificateException, CmpClientException, IOException, NoSuchProviderException {
370         //  given
371         CMPCertificate caCmpCertificate = mockCmpCertificateFromPem(TEST_1LAYER_CA_CERT);
372         CMPCertificate[] extraCmpCertificates = {caCmpCertificate};
373         PKIMessage respPkiMessage = mockExtraCerts(extraCmpCertificates);
374         CMPCertificate[] cmpCertificates = {mockCmpCertificateFromPem(TEST_1LAYER_CA_CERT)};
375         CertRepMessage certRepMessage = mockCaPubs(cmpCertificates);
376         X509Certificate leafCertificate = getX509CertificateFromPem(TEST_1LAYER_ENTITY_CERT);
377
378         //  when
379         Cmpv2CertificationModel certs = CmpResponseHelper.verifyAndReturnCertChainAndTrustSTore(
380                 respPkiMessage, certRepMessage, leafCertificate);
381
382         // then
383         assertThatChainContainsEntityCertificate(certs, TEST_1LAYER_ENTITY_CERT);
384         assertThatRootCaAndTrustedCaAreInSecondList(certs, mockCmpCertificateFromPem(TEST_1LAYER_CA_CERT));
385
386     }
387
388     @Test
389     void returnListOfCertificationWhenGivenCaCertAndIntermediateCertInExtraCertsAndIntermediateCertInCaPubsAndEntityCertInLeafCertificate()
390             throws CertificateException, CmpClientException, IOException, NoSuchProviderException {
391         //  given
392         CMPCertificate caCmpCertificate = mockCmpCertificateFromPem(TEST_2LAYER_CA_CERT);
393         CMPCertificate intermediateCmpCertificate = mockCmpCertificateFromPem(TEST_2LAYER_INTERMEDIATE_CERT);
394         CMPCertificate[] extraCmpCertificates = {caCmpCertificate, intermediateCmpCertificate};
395         PKIMessage respPkiMessage = mockExtraCerts(extraCmpCertificates);
396         CMPCertificate[] cmpCertificates = {intermediateCmpCertificate};
397         CertRepMessage certRepMessage = mockCaPubs(cmpCertificates);
398         X509Certificate leafCertificate = getX509CertificateFromPem(TEST_2LAYER_ENTITY_CERT);
399
400         //  when
401         Cmpv2CertificationModel certs = CmpResponseHelper.verifyAndReturnCertChainAndTrustSTore(
402                 respPkiMessage, certRepMessage, leafCertificate);
403
404         // then
405         assertThatChainContainsEntityAndIntermediateCertificate(certs, TEST_2LAYER_ENTITY_CERT, TEST_2LAYER_INTERMEDIATE_CERT);
406         assertThatRootCaAndTrustedCaAreInSecondList(
407                 certs,
408                 caCmpCertificate
409         );
410     }
411
412     @Test
413     void returnListOfCertificationWhenGivenCaCertAndExtraTrustAnchorInCaPubsAndIntermediateCertInExtraCertsAndEntityCertInLeafCertificate()
414             throws CertificateException, CmpClientException, IOException, NoSuchProviderException {
415         //  given
416         CMPCertificate intermediateCmpCertificate = mockCmpCertificateFromPem(TEST_2LAYER_INTERMEDIATE_CERT);
417         CMPCertificate[] extraCmpCertificates = {intermediateCmpCertificate};
418         PKIMessage respPkiMessage = mockExtraCerts(extraCmpCertificates);
419
420         CMPCertificate caCmpCertificate = mockCmpCertificateFromPem(TEST_2LAYER_CA_CERT);
421         CMPCertificate extraTrustAnchor = mockCmpCertificateFromPem(TEST_1LAYER_CA_CERT);
422         CMPCertificate[] cmpCertificates = {caCmpCertificate, extraTrustAnchor};
423         CertRepMessage certRepMessage = mockCaPubs(cmpCertificates);
424
425         X509Certificate leafCertificate = getX509CertificateFromPem(TEST_2LAYER_ENTITY_CERT);
426
427         //  when
428         Cmpv2CertificationModel certs = CmpResponseHelper.verifyAndReturnCertChainAndTrustSTore(
429                 respPkiMessage, certRepMessage, leafCertificate);
430
431         // then
432         assertThatChainContainsEntityAndIntermediateCertificate(certs, TEST_2LAYER_ENTITY_CERT, TEST_2LAYER_INTERMEDIATE_CERT);
433
434         assertThatRootCaAndTrustedCaAreInSecondList(
435                 certs,
436                 caCmpCertificate, extraTrustAnchor
437         );
438     }
439
440     @Test
441     void returnListOfCertificationWhenGivenCaCertAndFirstExtraTrustAnchorInCaPubsAndIntermediateCertAndSecondExtraTrustAnchorInExtraCertsAndEntityCertInLeafCertificate()
442             throws CertificateException, CmpClientException, IOException, NoSuchProviderException {
443         //  given
444         CMPCertificate intermediateCmpCertificate = mockCmpCertificateFromPem(TEST_2LAYER_INTERMEDIATE_CERT);
445         CMPCertificate extraTrustAnchor01 = mockCmpCertificateFromPem(TEST_1LAYER_ENTITY_CERT);
446         CMPCertificate[] extraCmpCertificates = {intermediateCmpCertificate, extraTrustAnchor01};
447         PKIMessage respPkiMessage = mockExtraCerts(extraCmpCertificates);
448
449         CMPCertificate caCmpCertificate = mockCmpCertificateFromPem(TEST_2LAYER_CA_CERT);
450         CMPCertificate extraTrustAnchor02 = mockCmpCertificateFromPem(TEST_1LAYER_CA_CERT);
451         CMPCertificate[] cmpCertificates = {caCmpCertificate, extraTrustAnchor02};
452         CertRepMessage certRepMessage = mockCaPubs(cmpCertificates);
453
454         X509Certificate leafCertificate = getX509CertificateFromPem(TEST_2LAYER_ENTITY_CERT);
455
456         //  when
457         Cmpv2CertificationModel certs = CmpResponseHelper.verifyAndReturnCertChainAndTrustSTore(
458                 respPkiMessage, certRepMessage, leafCertificate);
459
460         // then
461         assertThatChainContainsEntityAndIntermediateCertificate(certs, TEST_2LAYER_ENTITY_CERT, TEST_2LAYER_INTERMEDIATE_CERT);
462
463         assertThatRootCaAndTrustedCaAreInSecondList(
464                 certs,
465                 caCmpCertificate, extraTrustAnchor01, extraTrustAnchor02
466         );
467     }
468
469     @Test
470     void throwsExceptionWhenNoCaCertForEntityCertIsGivenAndOnlyExtraTrustAnchorIsReturned()
471             throws CertificateException, IOException, NoSuchProviderException {
472         //  given
473
474         PKIMessage respPkiMessage = mockExtraCerts(null);
475
476         CMPCertificate trustedCmpCertificate = mockCmpCertificateFromPem(TEST_2LAYER_CA_CERT);
477         CMPCertificate[] cmpCertificates = {trustedCmpCertificate};
478         CertRepMessage certRepMessage = mockCaPubs(cmpCertificates);
479
480         X509Certificate leafCertificate = getX509CertificateFromPem(TEST_1LAYER_ENTITY_CERT);
481
482         //  when
483         Exception exception = assertThrows(
484                 CmpClientException.class,
485                 () -> CmpResponseHelper.verifyAndReturnCertChainAndTrustSTore(
486                         respPkiMessage, certRepMessage, leafCertificate
487                 )
488         );
489
490         String actualMessage = exception.getMessage();
491
492         // then
493         assertThat(actualMessage).isEqualTo(EXPECTED_ERROR_MESSAGE);
494     }
495
496     @Test
497     void throwsExceptionWhenBothExtraCertsAndCaPubsAreEmpty()
498             throws CertificateException, IOException, NoSuchProviderException {
499         //  given
500
501         PKIMessage respPkiMessage = mockExtraCerts(null);
502         CertRepMessage certRepMessage = mockCaPubs(null);
503
504         X509Certificate leafCertificate = getX509CertificateFromPem(TEST_1LAYER_ENTITY_CERT);
505
506         //  when
507         Exception exception = assertThrows(
508                 CmpClientException.class,
509                 () -> CmpResponseHelper.verifyAndReturnCertChainAndTrustSTore(
510                         respPkiMessage, certRepMessage, leafCertificate
511                 )
512         );
513
514         String actualMessage = exception.getMessage();
515
516         // then
517         assertThat(actualMessage).isEqualTo(EXPECTED_ERROR_MESSAGE);
518     }
519
520     @Test
521     void throwsExceptionWhenNoIntermediateCertForEntityCertIsGiven()
522             throws CertificateException, IOException, NoSuchProviderException {
523         //  given
524
525         PKIMessage respPkiMessage = mockExtraCerts(null);
526
527         CMPCertificate caCmpCertificate = mockCmpCertificateFromPem(TEST_2LAYER_CA_CERT);
528         CMPCertificate[] cmpCertificates = {caCmpCertificate};
529         CertRepMessage certRepMessage = mockCaPubs(cmpCertificates);
530
531         X509Certificate leafCertificate = getX509CertificateFromPem(TEST_2LAYER_ENTITY_CERT);
532
533         //  when
534         Exception exception = assertThrows(
535                 CmpClientException.class,
536                 () -> CmpResponseHelper.verifyAndReturnCertChainAndTrustSTore(
537                         respPkiMessage, certRepMessage, leafCertificate
538                 )
539         );
540
541         String actualMessage = exception.getMessage();
542
543         // then
544         assertThat(actualMessage).isEqualTo(EXPECTED_ERROR_MESSAGE);
545     }
546
547
548     private void assertThatRootCaAndTrustedCaAreInSecondList(
549             Cmpv2CertificationModel certs, CMPCertificate... rootAndTrustedCerts
550     ) throws IOException {
551         assertThat(certs.getTrustedCertificates().size()).isEqualTo(rootAndTrustedCerts.length);
552         for (CMPCertificate certificate : rootAndTrustedCerts) {
553             assertThat(certs.getTrustedCertificates())
554                     .extracting(Certificate::getEncoded)
555                     .contains(certificate.getEncoded());
556         }
557     }
558
559     private void assertThatChainContainsEntityCertificate(
560             Cmpv2CertificationModel certs, String entityCertificate
561     ) throws CertificateEncodingException, IOException {
562         assertThat(certs.getCertificateChain().size()).isEqualTo(1);
563         assertThat(certs.getCertificateChain().get(0).getEncoded()).isEqualTo(createPemObject(entityCertificate).getContent());
564     }
565
566     private void assertThatChainContainsEntityAndIntermediateCertificate(
567             Cmpv2CertificationModel certs, String entityCertificate, String intermediateCertificate
568     ) throws CertificateEncodingException, IOException {
569         assertThat(certs.getCertificateChain().size()).isEqualTo(2);
570         assertThat(certs.getCertificateChain().get(0).getEncoded()).isEqualTo(createPemObject(entityCertificate).getContent());
571         assertThat(certs.getCertificateChain().get(1).getEncoded()).isEqualTo(createPemObject(intermediateCertificate).getContent());
572     }
573
574     private X509Certificate getX509CertificateFromPem(String pem) throws CertificateException, NoSuchProviderException, IOException {
575         return (X509Certificate)
576                 CertificateFactory.getInstance("X.509", "BC").generateCertificate(
577                         new ByteArrayInputStream(createPemObject(pem).getContent())
578                 );
579     }
580
581     private PKIMessage mockExtraCerts(CMPCertificate[] cmpCertificates) {
582         PKIMessage respPkiMessage = mock(PKIMessage.class);
583         when(respPkiMessage.getExtraCerts()).thenReturn(cmpCertificates);
584         return respPkiMessage;
585     }
586
587     private CertRepMessage mockCaPubs(CMPCertificate[] cmpCertificates) {
588         CertRepMessage certRepMessage = mock(CertRepMessage.class);
589         when(certRepMessage.getCaPubs()).thenReturn(cmpCertificates);
590         return certRepMessage;
591     }
592
593     private CMPCertificate mockCmpCertificateFromPem(String pem) throws IOException {
594         return mockCmpCertificate(createPemObject(pem).getContent());
595     }
596
597     private CMPCertificate mockCmpCertificate(byte[] encodedCertificate) throws IOException {
598         CMPCertificate cmpCertificate01 = mock(CMPCertificate.class);
599         when(cmpCertificate01.getEncoded()).thenReturn(encodedCertificate);
600         return cmpCertificate01;
601     }
602
603     private PemObject createPemObject(String pem) throws IOException {
604         try (StringReader stringReader = new StringReader(pem);
605              PemReader pemReader = new PemReader(stringReader)) {
606             return pemReader.readPemObject();
607         }
608     }
609 }
"oom/platform/cert-service"