/*
* Licensed to Jasig under one or more contributor license
* agreements. See the NOTICE file distributed with this work
* for additional information regarding copyright ownership.
* Jasig licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a
* copy of the License at the following location:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.jasig.cas.adaptors.x509.authentication.handler.support;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.cert.X509CRL;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import org.junit.runners.Parameterized.Parameters;
import org.springframework.core.io.ClassPathResource;
/**
* Unit tests for {@link ResourceCRLRevocationChecker} class.
*
* @author Marvin S. Addison
* @since 3.4.6
*
*/
@RunWith(Parameterized.class)
public class ResourceCRLRevocationCheckerTests extends AbstractCRLRevocationCheckerTests {
/** Instance under test. */
private final ResourceCRLRevocationChecker checker;
/**
* Creates a new test instance with given parameters.
*
* @param checker Revocation checker instance.
* @param expiredCRLPolicy Policy instance for handling expired CRL data.
* @param certFiles File names of certificates to check.
* @param expected Expected result of check; null to indicate expected success.
*/
public ResourceCRLRevocationCheckerTests(
final ResourceCRLRevocationChecker checker,
final RevocationPolicy<X509CRL> expiredCRLPolicy,
final String[] certFiles,
final GeneralSecurityException expected) {
super(certFiles, expected);
this.checker = checker;
this.checker.setExpiredCRLPolicy(expiredCRLPolicy);
try {
this.checker.afterPropertiesSet();
} catch (final Exception e) {
throw new RuntimeException("ResourceCRLRevocationChecker initialization failed", e);
}
}
/**
* Gets the unit test parameters.
*
* @return Test parameter data.
*/
@Parameters
public static Collection<Object[]> getTestParameters() {
final Collection<Object[]> params = new ArrayList<Object[]>();
final ThresholdExpiredCRLRevocationPolicy zeroThresholdPolicy = new ThresholdExpiredCRLRevocationPolicy();
zeroThresholdPolicy.setThreshold(0);
// Test case #1
// Valid certificate on valid CRL data
params.add(new Object[] {
new ResourceCRLRevocationChecker(new ClassPathResource[] {
new ClassPathResource("userCA-valid.crl"),
}),
zeroThresholdPolicy,
new String[] {"user-valid.crt"},
null,
});
// Test case #2
// Revoked certificate on valid CRL data
params.add(new Object[] {
new ResourceCRLRevocationChecker(new ClassPathResource[] {
new ClassPathResource("userCA-valid.crl"),
new ClassPathResource("intermediateCA-valid.crl"),
new ClassPathResource("rootCA-valid.crl"),
}),
zeroThresholdPolicy,
new String[] {"user-revoked.crt", "userCA.crt", "intermediateCA.crt", "rootCA.crt" },
new RevokedCertificateException(new Date(), new BigInteger("1")),
});
// Test case #3
// Valid certificate on expired CRL data for head cert
params.add(new Object[] {
new ResourceCRLRevocationChecker(new ClassPathResource[] {
new ClassPathResource("userCA-expired.crl"),
new ClassPathResource("intermediateCA-valid.crl"),
new ClassPathResource("rootCA-valid.crl"),
}),
zeroThresholdPolicy,
new String[] {"user-valid.crt", "userCA.crt", "intermediateCA.crt", "rootCA.crt" },
new ExpiredCRLException("test", new Date()),
});
// Test case #4
// Valid certificate on expired CRL data for intermediate cert
params.add(new Object[] {
new ResourceCRLRevocationChecker(new ClassPathResource[] {
new ClassPathResource("userCA-valid.crl"),
new ClassPathResource("intermediateCA-expired.crl"),
new ClassPathResource("rootCA-valid.crl"),
}),
zeroThresholdPolicy,
new String[] {"user-valid.crt", "userCA.crt", "intermediateCA.crt", "rootCA.crt" },
new ExpiredCRLException("test", new Date()),
});
// Test case #5
// Valid certificate on expired CRL data with custom expiration
// policy to always allow expired CRL data
params.add(new Object[] {
new ResourceCRLRevocationChecker(new ClassPathResource[] {
new ClassPathResource("userCA-expired.crl"),
}),
new RevocationPolicy<X509CRL>() {
@Override
public void apply(final X509CRL crl) {/* Do nothing to allow unconditionally */}
},
new String[] {"user-valid.crt"},
null,
});
return params;
}
@Override
protected RevocationChecker getChecker() {
return this.checker;
}
}