home-cert-assistant/src/test/java/de/mlessmann/certassist/TestOpenSSLCertificateCreator.java

package de.mlessmann.certassist;

import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.Mockito.*;

import de.mlessmann.certassist.openssl.*;
import de.mlessmann.certassist.openssl.CertificateRequest.RequestType;
import java.nio.file.Path;
import java.util.Objects;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;

class TestOpenSSLCertificateCreator {

    public static final String TEST_CERT_PASSPHRASE = "ABC-123";
    public static final Path TEST_CERT_PATH = Path.of("src/test/resources/openssl");
    private CertificatePasswordProvider passwordProvider;

    @BeforeEach
    void setUp() {
        passwordProvider = mock(CertificatePasswordProvider.class);
        when(passwordProvider.generateNewPassword()).thenReturn(TEST_CERT_PASSPHRASE);
        when(passwordProvider.getPasswordFor(anyString())).thenReturn(TEST_CERT_PASSPHRASE);
    }

    @Test
    void testCertificateCreation() throws Exception {
        CertificateProvider certificateProvider = mock(CertificateProvider.class);
        ExecutableResolver executableResolver = new ExecutableResolver();
        var certificateCreator = new OpenSSLCertificateCreator(
            executableResolver,
            passwordProvider,
            certificateProvider
        );

        CertificateRequest certRequest = CertificateRequest
            .builder()
            .type(RequestType.STANDALONE_CERTIFICATE)
            .subject(
                CertificateSubject
                    .builder()
                    .commonName("test.home")
                    .country("DE")
                    .state("SH")
                    .locality("HH")
                    .organization("Crazy-Cats")
            )
            .extension(CertificateRequestExtension.builder().alternativeNames("test2.home", "test3.home"))
            .build();

        try (var cert = certificateCreator.createCertificate(certRequest)) {
            assertThat(certificateCreator.verifyCertificate(cert.certificatePath(), cert.certificatePath()))
                .isEqualTo(true);
            System.out.println("Certificate created: " + cert);

            CertificateRequest childRequest = CertificateRequest
                .builder()
                .type(RequestType.NORMAL_CERTIFICATE)
                .trustingAuthority(cert.fingerprint())
                .subject(
                    CertificateSubject
                        .builder()
                        .commonName("test.local")
                        .country("DE")
                        .state("SH")
                        .locality("HH")
                        .organization("Crazy-Cats")
                )
                    .extension(
                            CertificateRequestExtension.builder()
                                    .alternativeNames("test2.local", "test3.local")
                    )
                .build();

            var spiedCert = spy(cert);
            doNothing().when(spiedCert).close();
            when(certificateProvider.requestCertificateUsage(cert.fingerprint())).thenReturn(spiedCert);
            try (var childCert = certificateCreator.createCertificate(childRequest)) {
                System.out.println("Child certificate created: " + childCert);
                Path fullchain = childCert.fullchainPath();
                assertThat(
                    certificateCreator.verifyCertificate(cert.certificatePath(), Objects.requireNonNull(fullchain))
                )
                    .isEqualTo(true);
            }
        }
    }

    @Test
    void testCertificateImport() throws Exception {
        CertificateProvider certificateProvider = mock(CertificateProvider.class);
        ExecutableResolver executableResolver = new ExecutableResolver();
        var certificateCreator = new OpenSSLCertificateCreator(
                executableResolver,
                passwordProvider,
                certificateProvider
        );

        var request = certificateCreator.getCertificateInfo(TEST_CERT_PATH.resolve("x509forImportCA.pem"));
        assertThat(request).isNotNull();
        assertThat(request.getSubject().getCommonName()).isEqualTo("test.home");
        assertThat(request.getSubject().getCountry()).isEqualTo("DE");
        assertThat(request.getSubject().getState()).isEqualTo("SH");
        assertThat(request.getSubject().getLocality()).isEqualTo("HH");
        assertThat(request.getSubject().getOrganization()).isEqualTo("Crazy-Cats");
        assertThat(request.getExtension()).isNull();

        request = certificateCreator.getCertificateInfo(TEST_CERT_PATH.resolve("x509forImport.pem"));
        assertThat(request).isNotNull();
        assertThat(request.getSubject().getCommonName()).isEqualTo("test.local");
        assertThat(request.getSubject().getCountry()).isEqualTo("DE");
        assertThat(request.getSubject().getState()).isEqualTo("SH");
        assertThat(request.getSubject().getLocality()).isEqualTo("HH");
        assertThat(request.getSubject().getOrganization()).isEqualTo("Crazy-Cats");
        assertThat(request.getExtension().getAlternativeNames()).containsExactly("test2.local", "test3.local");
    }
}