package de.mlessmann.certassist; import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.Mockito.*; import de.mlessmann.certassist.openssl.*; import de.mlessmann.certassist.openssl.CertificateRequest.RequestType; import java.nio.file.Path; import java.util.Objects; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; class TestOpenSSLCertificateCreator { public static final String TEST_CERT_PASSPHRASE = "ABC-123"; public static final Path TEST_CERT_PATH = Path.of("src/test/resources/openssl"); private CertificatePasswordProvider passwordProvider; @BeforeEach void setUp() { passwordProvider = mock(CertificatePasswordProvider.class); when(passwordProvider.generateNewPassword()).thenReturn(TEST_CERT_PASSPHRASE); when(passwordProvider.getPasswordFor(anyString())).thenReturn(TEST_CERT_PASSPHRASE); } @Test void testCertificateCreation() throws Exception { CertificateProvider certificateProvider = mock(CertificateProvider.class); ExecutableResolver executableResolver = new ExecutableResolver(); var certificateCreator = new OpenSSLCertificateCreator( executableResolver, passwordProvider, certificateProvider ); CertificateRequest certRequest = CertificateRequest .builder() .type(RequestType.STANDALONE_CERTIFICATE) .subject( CertificateSubject .builder() .commonName("test.home") .country("DE") .state("SH") .locality("HH") .organization("Crazy-Cats") ) .extension(CertificateRequestExtension.builder().alternativeNames("test2.home", "test3.home")) .build(); try (var cert = certificateCreator.createCertificate(certRequest)) { assertThat(certificateCreator.verifyCertificate(cert.certificatePath(), cert.certificatePath())) .isEqualTo(true); System.out.println("Certificate created: " + cert); CertificateRequest childRequest = CertificateRequest .builder() .type(RequestType.NORMAL_CERTIFICATE) .trustingAuthority(cert.fingerprint()) .subject( CertificateSubject .builder() .commonName("test.local") .country("DE") .state("SH") .locality("HH") .organization("Crazy-Cats") ) .extension( CertificateRequestExtension.builder() .alternativeNames("test2.local", "test3.local") ) .build(); var spiedCert = spy(cert); doNothing().when(spiedCert).close(); when(certificateProvider.requestCertificateUsage(cert.fingerprint())).thenReturn(spiedCert); try (var childCert = certificateCreator.createCertificate(childRequest)) { System.out.println("Child certificate created: " + childCert); Path fullchain = childCert.fullchainPath(); assertThat( certificateCreator.verifyCertificate(cert.certificatePath(), Objects.requireNonNull(fullchain)) ) .isEqualTo(true); } } } @Test void testCertificateImport() throws Exception { CertificateProvider certificateProvider = mock(CertificateProvider.class); ExecutableResolver executableResolver = new ExecutableResolver(); var certificateCreator = new OpenSSLCertificateCreator( executableResolver, passwordProvider, certificateProvider ); var request = certificateCreator.getCertificateInfo(TEST_CERT_PATH.resolve("x509forImportCA.pem")); assertThat(request).isNotNull(); assertThat(request.getSubject().getCommonName()).isEqualTo("test.home"); assertThat(request.getSubject().getCountry()).isEqualTo("DE"); assertThat(request.getSubject().getState()).isEqualTo("SH"); assertThat(request.getSubject().getLocality()).isEqualTo("HH"); assertThat(request.getSubject().getOrganization()).isEqualTo("Crazy-Cats"); assertThat(request.getExtension()).isNull(); request = certificateCreator.getCertificateInfo(TEST_CERT_PATH.resolve("x509forImport.pem")); assertThat(request).isNotNull(); assertThat(request.getSubject().getCommonName()).isEqualTo("test.local"); assertThat(request.getSubject().getCountry()).isEqualTo("DE"); assertThat(request.getSubject().getState()).isEqualTo("SH"); assertThat(request.getSubject().getLocality()).isEqualTo("HH"); assertThat(request.getSubject().getOrganization()).isEqualTo("Crazy-Cats"); assertThat(request.getExtension().getAlternativeNames()).containsExactly("test2.local", "test3.local"); } }