feat: Implement method for checking pKey encryption passphrase

2024-11-23 12:15:14 +01:00 · 2024-11-23 12:15:14 +01:00 · 693f6c7778
commit 693f6c7778
parent 8d83cba2cd
2 changed files with 51 additions and 5 deletions
--- a/src/test/java/de/mlessmann/certassist/TestOpenSSLCertificateCreator.java
+++ b/src/test/java/de/mlessmann/certassist/TestOpenSSLCertificateCreator.java
@ -14,6 +14,8 @@ class TestOpenSSLCertificateCreator {

    public static final String TEST_CERT_PASSPHRASE = "ABC-123";
    public static final Path TEST_CERT_PATH = Path.of("src/test/resources/openssl");
+    public static final String ERR_NOT_ENCRYPTED = "Private key not encrypted";
+    public static final String ERR_VERIFY_FAILED = "Certificate verification failed";
    private CertificatePasswordProvider passwordProvider;

    @BeforeEach
@ -50,8 +52,11 @@ class TestOpenSSLCertificateCreator {

        try (var cert = certificateCreator.createCertificate(certRequest)) {
            assertThat(certificateCreator.verifyCertificate(cert.certificatePath(), cert.certificatePath()))
-                .isEqualTo(true);
-            System.out.println("Certificate created: " + cert);
+                .withFailMessage(ERR_VERIFY_FAILED)
+                .isTrue();
+            assertThat(certificateCreator.isKeyEncrypted(cert.certificateKeyPath()))
+                .withFailMessage(ERR_NOT_ENCRYPTED)
+                .isTrue();

            CertificateRequest childRequest = CertificateRequest
                .builder()
@ -73,12 +78,15 @@ class TestOpenSSLCertificateCreator {
            doNothing().when(spiedCert).close();
            when(certificateProvider.requestCertificateUsage(cert.fingerprint())).thenReturn(spiedCert);
            try (var childCert = certificateCreator.createCertificate(childRequest)) {
-                System.out.println("Child certificate created: " + childCert);
                Path fullchain = childCert.fullchainPath();
                assertThat(
-                    certificateCreator.verifyCertificate(cert.certificatePath(), Objects.requireNonNull(fullchain))
+                    certificateCreator.verifyCertificate(Objects.requireNonNull(fullchain), cert.certificatePath())
                )
-                    .isEqualTo(true);
+                    .withFailMessage(ERR_VERIFY_FAILED)
+                    .isTrue();
+                assertThat(certificateCreator.isKeyEncrypted(childCert.certificateKeyPath()))
+                    .withFailMessage(ERR_NOT_ENCRYPTED)
+                    .isTrue();
            }
        }
    }