package eu.europa.esig.dss.x509.crl;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
import java.io.File;
import java.io.FileInputStream;
import java.security.cert.X509CRL;
import org.junit.Test;
import eu.europa.esig.dss.DSSUtils;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.x509.CertificateToken;
public class CRLUtilsTest {
@Test
public void isValidCRL() throws Exception {
FileInputStream fis = new FileInputStream(new File("src/test/resources/crl/belgium2.crl"));
X509CRL x509CRL = DSSUtils.loadCRL(fis);
CertificateToken certificate = DSSUtils.loadCertificate(new File("src/test/resources/belgiumrs2.crt"));
CRLValidity validCRL = CRLUtils.isValidCRL(x509CRL, certificate);
assertNotNull(validCRL);
assertNotNull(validCRL.getSignatureAlgorithm());
assertNotNull(validCRL.getThisUpdate());
assertNotNull(validCRL.getNextUpdate());
assertTrue(validCRL.isIssuerX509PrincipalMatches());
assertFalse(validCRL.isUnknownCriticalExtension());
assertTrue(validCRL.isSignatureIntact());
assertTrue(validCRL.isCrlSignKeyUsage());
assertTrue(validCRL.isValid());
assertEquals(certificate, validCRL.getIssuerToken());
assertEquals(x509CRL, validCRL.getX509CRL());
assertTrue(Utils.isStringEmpty(validCRL.getSignatureInvalidityReason()));
Utils.closeQuietly(fis);
}
@Test
public void isValidCRLWrongCertificate() throws Exception {
FileInputStream fis = new FileInputStream(new File("src/test/resources/crl/belgium2.crl"));
X509CRL x509CRL = DSSUtils.loadCRL(fis);
CertificateToken certificate = DSSUtils.loadCertificate(new File("src/test/resources/citizen_ca.cer"));
CRLValidity validCRL = CRLUtils.isValidCRL(x509CRL, certificate);
assertNotNull(validCRL);
assertFalse(validCRL.isIssuerX509PrincipalMatches());
assertFalse(validCRL.isSignatureIntact());
assertFalse(validCRL.isValid());
assertFalse(Utils.isStringEmpty(validCRL.getSignatureInvalidityReason()));
Utils.closeQuietly(fis);
}
@Test
public void hasCRLSignKeyUsage() {
CertificateToken certificate = DSSUtils.loadCertificate(new File("src/test/resources/citizen_ca.cer"));
assertTrue(CRLUtils.hasCRLSignKeyUsage(certificate));
certificate = DSSUtils.loadCertificate(new File("src/test/resources/TSP_Certificate_2014.crt"));
assertFalse(CRLUtils.hasCRLSignKeyUsage(certificate));
}
@Test
public void getExpiredCertsOnCRL() throws Exception {
X509CRL x509crl = DSSUtils.loadCRL(new FileInputStream("src/test/resources/crl/crl_with_expiredCertsOnCRL_extension.crl"));
assertNotNull(CRLUtils.getExpiredCertsOnCRL(x509crl));
x509crl = DSSUtils.loadCRL(new FileInputStream("src/test/resources/crl/LTRCA.crl"));
assertNull(CRLUtils.getExpiredCertsOnCRL(x509crl));
}
}