diff --git a/src/main/java/eu/webeid/security/certificate/CertificateData.java b/src/main/java/eu/webeid/security/certificate/CertificateData.java index 6bf65622..5a46f8ef 100644 --- a/src/main/java/eu/webeid/security/certificate/CertificateData.java +++ b/src/main/java/eu/webeid/security/certificate/CertificateData.java @@ -32,43 +32,44 @@ import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; import java.util.Arrays; +import java.util.Optional; import java.util.stream.Collectors; public final class CertificateData { - public static String getSubjectCN(X509Certificate certificate) throws CertificateEncodingException { + public static Optional getSubjectCN(X509Certificate certificate) throws CertificateEncodingException { return getSubjectField(certificate, BCStyle.CN); } - public static String getSubjectSurname(X509Certificate certificate) throws CertificateEncodingException { + public static Optional getSubjectSurname(X509Certificate certificate) throws CertificateEncodingException { return getSubjectField(certificate, BCStyle.SURNAME); } - public static String getSubjectGivenName(X509Certificate certificate) throws CertificateEncodingException { + public static Optional getSubjectGivenName(X509Certificate certificate) throws CertificateEncodingException { return getSubjectField(certificate, BCStyle.GIVENNAME); } - public static String getSubjectIdCode(X509Certificate certificate) throws CertificateEncodingException { + public static Optional getSubjectIdCode(X509Certificate certificate) throws CertificateEncodingException { return getSubjectField(certificate, BCStyle.SERIALNUMBER); } - public static String getSubjectCountryCode(X509Certificate certificate) throws CertificateEncodingException { + public static Optional getSubjectCountryCode(X509Certificate certificate) throws CertificateEncodingException { return getSubjectField(certificate, BCStyle.C); } - private static String getSubjectField(X509Certificate certificate, ASN1ObjectIdentifier fieldId) throws CertificateEncodingException { + private static Optional getSubjectField(X509Certificate certificate, ASN1ObjectIdentifier fieldId) throws CertificateEncodingException { return getField(new JcaX509CertificateHolder(certificate).getSubject(), fieldId); } - private static String getField(X500Name x500Name, ASN1ObjectIdentifier fieldId) throws CertificateEncodingException { + private static Optional getField(X500Name x500Name, ASN1ObjectIdentifier fieldId) { // Example value: [C=EE, CN=JÕEORG\,JAAK-KRISTJAN\,38001085718, 2.5.4.4=#0c074ac395454f5247, 2.5.4.42=#0c0d4a41414b2d4b524953544a414e, 2.5.4.5=#1311504e4f45452d3338303031303835373138] final RDN[] rdns = x500Name.getRDNs(fieldId); if (rdns.length == 0 || rdns[0].getFirst() == null) { - throw new CertificateEncodingException("X500 name RDNs empty or first element is null"); + return Optional.empty(); } - return Arrays.stream(rdns) + return Optional.of(Arrays.stream(rdns) .map(rdn -> IETFUtils.valueToString(rdn.getFirst().getValue())) - .collect(Collectors.joining(", ")); + .collect(Collectors.joining(", "))); } private CertificateData() { diff --git a/src/test/java/eu/webeid/security/certificate/CertificateDataTest.java b/src/test/java/eu/webeid/security/certificate/CertificateDataTest.java index 8375fb21..d71b8e6d 100644 --- a/src/test/java/eu/webeid/security/certificate/CertificateDataTest.java +++ b/src/test/java/eu/webeid/security/certificate/CertificateDataTest.java @@ -2,12 +2,10 @@ import org.junit.jupiter.api.Test; -import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; import static eu.webeid.security.testutil.Certificates.getOrganizationCert; import static org.assertj.core.api.Assertions.assertThat; -import static org.assertj.core.api.Assertions.assertThatThrownBy; class CertificateDataTest { @@ -15,24 +13,22 @@ class CertificateDataTest { void whenOrganizationCertificate_thenSubjectCNAndIdCodeAndCountryCodeExtractionSucceeds() throws Exception { final X509Certificate organizationCert = getOrganizationCert(); - assertThat(CertificateData.getSubjectCN(organizationCert)) + assertThat(CertificateData.getSubjectCN(organizationCert).orElseThrow()) .isEqualTo("Testijad.ee isikutuvastus"); - assertThat(CertificateData.getSubjectIdCode(organizationCert)) + assertThat(CertificateData.getSubjectIdCode(organizationCert).orElseThrow()) .isEqualTo("12276279"); - assertThat(CertificateData.getSubjectCountryCode(organizationCert)) + assertThat(CertificateData.getSubjectCountryCode(organizationCert).orElseThrow()) .isEqualTo("EE"); } @Test - void whenOrganizationCertificate_thenSubjectGivenNameAndSurnameExtractionFails() throws Exception { + void whenOrganizationCertificate_thenSubjectGivenNameAndSurnameAreEmpty() throws Exception { final X509Certificate organizationCert = getOrganizationCert(); - assertThatThrownBy(() -> CertificateData.getSubjectGivenName(organizationCert)) - .isInstanceOf(CertificateEncodingException.class) - .hasMessage("X500 name RDNs empty or first element is null"); - assertThatThrownBy(() -> CertificateData.getSubjectSurname(organizationCert)) - .isInstanceOf(CertificateEncodingException.class) - .hasMessage("X500 name RDNs empty or first element is null"); + assertThat(CertificateData.getSubjectGivenName(organizationCert)) + .isEmpty(); + assertThat(CertificateData.getSubjectSurname(organizationCert)) + .isEmpty(); } } diff --git a/src/test/java/eu/webeid/security/validator/AuthTokenSignatureTest.java b/src/test/java/eu/webeid/security/validator/AuthTokenSignatureTest.java index 7239d1d8..9cfd74bc 100644 --- a/src/test/java/eu/webeid/security/validator/AuthTokenSignatureTest.java +++ b/src/test/java/eu/webeid/security/validator/AuthTokenSignatureTest.java @@ -47,15 +47,15 @@ class AuthTokenSignatureTest extends AbstractTestWithValidator { void whenValidTokenAndNonce_thenValidationSucceeds() throws Exception { final X509Certificate result = validator.validate(validAuthToken, VALID_CHALLENGE_NONCE); - assertThat(CertificateData.getSubjectCN(result)) + assertThat(CertificateData.getSubjectCN(result).orElseThrow()) .isEqualTo("JÕEORG\\,JAAK-KRISTJAN\\,38001085718"); - assertThat(toTitleCase(CertificateData.getSubjectGivenName(result))) + assertThat(toTitleCase(CertificateData.getSubjectGivenName(result).orElseThrow())) .isEqualTo("Jaak-Kristjan"); - assertThat(toTitleCase(CertificateData.getSubjectSurname(result))) + assertThat(toTitleCase(CertificateData.getSubjectSurname(result).orElseThrow())) .isEqualTo("Jõeorg"); - assertThat(CertificateData.getSubjectIdCode(result)) + assertThat(CertificateData.getSubjectIdCode(result).orElseThrow()) .isEqualTo("PNOEE-38001085718"); - assertThat(CertificateData.getSubjectCountryCode(result)) + assertThat(CertificateData.getSubjectCountryCode(result).orElseThrow()) .isEqualTo("EE"); }