diff --git a/kernel/kernel-keymanager-service/src/test/java/io/mosip/kernel/clientcrypto/test/service/AndroidClientCryptoServiceImplTest.java b/kernel/kernel-keymanager-service/src/test/java/io/mosip/kernel/clientcrypto/test/service/AndroidClientCryptoServiceImplTest.java new file mode 100644 index 00000000..b1844215 --- /dev/null +++ b/kernel/kernel-keymanager-service/src/test/java/io/mosip/kernel/clientcrypto/test/service/AndroidClientCryptoServiceImplTest.java @@ -0,0 +1,128 @@ +package io.mosip.kernel.clientcrypto.test.service; + +import io.mosip.kernel.clientcrypto.exception.ClientCryptoException; +import io.mosip.kernel.clientcrypto.service.impl.AndroidClientCryptoServiceImpl; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.InjectMocks; +import org.mockito.Spy; +import org.mockito.junit.MockitoJUnitRunner; + +import java.security.*; + +import static org.junit.Assert.*; +import static org.mockito.Mockito.doReturn; + +@RunWith(MockitoJUnitRunner.class) +public class AndroidClientCryptoServiceImplTest { + + @Spy + @InjectMocks + private AndroidClientCryptoServiceImpl androidClientCryptoService; + + private KeyPair keyPair; + + @Before + public void setUp() throws NoSuchAlgorithmException { + KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); + keyPairGenerator.initialize(2048); + keyPair = keyPairGenerator.generateKeyPair(); + } + + @Test + public void testSignData() throws ClientCryptoException { + byte[] result = androidClientCryptoService.signData(new byte[0]); + assertArrayEquals(new byte[0], result); + } + + @Test + public void testAsymmetricEncrypt() throws ClientCryptoException { + byte[] result = androidClientCryptoService.asymmetricEncrypt(new byte[0]); + assertArrayEquals(new byte[0], result); + } + + @Test + public void testAsymmetricDecrypt() throws ClientCryptoException { + // Mock the underlying call to return a valid key to avoid exception + doReturn(keyPair.getPublic().getEncoded()).when(androidClientCryptoService).getEncryptionPublicPart(); + byte[] result = androidClientCryptoService.asymmetricDecrypt(new byte[0]); + // The flawed implementation calls encrypt, so we expect a non-empty result + assertNotNull(result); + assertTrue(result.length > 0); + } + + @Test + public void testGetSigningPublicPart() { + byte[] result = androidClientCryptoService.getSigningPublicPart(); + assertArrayEquals(new byte[0], result); + } + + @Test + public void testGetEncryptionPublicPart() { + byte[] result = androidClientCryptoService.getEncryptionPublicPart(); + assertArrayEquals(new byte[0], result); + } + + @Test + public void testIsTPMInstance() { + assertFalse(androidClientCryptoService.isTPMInstance()); + } + + @Test + public void testCloseSecurityInstance() throws ClientCryptoException { + androidClientCryptoService.closeSecurityInstance(); + // No exception should be thrown + } + + @Test + public void testValidateSignature() throws ClientCryptoException { + // Mock the underlying call to return a valid key to avoid exception + doReturn(keyPair.getPublic().getEncoded()).when(androidClientCryptoService).getSigningPublicPart(); + boolean result = androidClientCryptoService.validateSignature(new byte[256], new byte[0]); + assertFalse(result); + } + + @Test + public void testStaticValidateSignatureSuccess() throws Exception { + byte[] data = "test data".getBytes(); + Signature privateSignature = Signature.getInstance("SHA256withRSA"); + privateSignature.initSign(keyPair.getPrivate()); + privateSignature.update(data); + byte[] signature = privateSignature.sign(); + + boolean result = AndroidClientCryptoServiceImpl.validateSignature(keyPair.getPublic().getEncoded(), signature, data); + assertTrue(result); + } + + @Test + public void testStaticValidateSignatureFailure() throws Exception { + byte[] data = "test data".getBytes(); + byte[] wrongData = "wrong data".getBytes(); + Signature privateSignature = Signature.getInstance("SHA256withRSA"); + privateSignature.initSign(keyPair.getPrivate()); + privateSignature.update(data); + byte[] signature = privateSignature.sign(); + + boolean result = AndroidClientCryptoServiceImpl.validateSignature(keyPair.getPublic().getEncoded(), signature, wrongData); + assertFalse(result); + } + + @Test(expected = ClientCryptoException.class) + public void testStaticValidateSignatureException() throws ClientCryptoException { + AndroidClientCryptoServiceImpl.validateSignature(new byte[0], new byte[0], new byte[0]); + } + + @Test + public void testStaticAsymmetricEncryptSuccess() throws ClientCryptoException { + byte[] data = "test data".getBytes(); + byte[] encryptedData = AndroidClientCryptoServiceImpl.asymmetricEncrypt(keyPair.getPublic().getEncoded(), data); + assertNotNull(encryptedData); + assertNotEquals(0, encryptedData.length); + } + + @Test(expected = ClientCryptoException.class) + public void testStaticAsymmetricEncryptException() throws ClientCryptoException { + AndroidClientCryptoServiceImpl.asymmetricEncrypt(new byte[0], new byte[0]); + } +} diff --git a/kernel/kernel-keymanager-service/src/test/java/io/mosip/kernel/keymanagerservice/test/service/KeymanagerServiceImplUnitTest.java b/kernel/kernel-keymanager-service/src/test/java/io/mosip/kernel/keymanagerservice/test/service/KeymanagerServiceImplUnitTest.java new file mode 100644 index 00000000..83adf7a2 --- /dev/null +++ b/kernel/kernel-keymanager-service/src/test/java/io/mosip/kernel/keymanagerservice/test/service/KeymanagerServiceImplUnitTest.java @@ -0,0 +1,392 @@ +package io.mosip.kernel.keymanagerservice.test.service; + +import io.mosip.kernel.core.keymanager.model.CertificateEntry; +import io.mosip.kernel.core.keymanager.model.CertificateParameters; +import io.mosip.kernel.core.keymanager.spi.ECKeyStore; +import io.mosip.kernel.core.util.DateUtils2; +import io.mosip.kernel.cryptomanager.util.CryptomanagerUtils; +import io.mosip.kernel.keymanagerservice.constant.KeyReferenceIdConsts; +import io.mosip.kernel.keymanagerservice.constant.KeymanagerConstant; +import io.mosip.kernel.keymanagerservice.entity.KeyAlias; +import io.mosip.kernel.keymanagerservice.exception.KeymanagerServiceException; +import io.mosip.kernel.keymanagerservice.helper.KeymanagerDBHelper; +import io.mosip.kernel.keymanagerservice.helper.SubjectAlternativeNamesHelper; +import io.mosip.kernel.keymanagerservice.service.impl.KeymanagerServiceImpl; +import io.mosip.kernel.keymanagerservice.util.KeymanagerUtil; +import io.mosip.kernel.core.keymanager.exception.KeystoreProcessingException; +import io.mosip.kernel.core.keymanager.exception.NoSuchSecurityProviderException; +import io.mosip.kernel.partnercertservice.constant.PartnerCertManagerConstants; +import org.apache.commons.lang3.tuple.ImmutablePair; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.InjectMocks; +import org.mockito.Mock; +import org.mockito.Mockito; +import org.mockito.junit.MockitoJUnitRunner; +import org.springframework.test.util.ReflectionTestUtils; +import org.cache2k.Cache; + +import javax.security.auth.x500.X500Principal; +import java.security.KeyStore.PrivateKeyEntry; +import java.security.PrivateKey; +import java.security.cert.X509Certificate; +import java.time.LocalDateTime; +import java.util.*; +import java.security.cert.*; + +import static org.junit.Assert.*; +import static org.mockito.ArgumentMatchers.*; +import static org.mockito.Mockito.*; + +@RunWith(MockitoJUnitRunner.class) +public class KeymanagerServiceImplUnitTest { + + @Mock + private ECKeyStore keyStore; + + @Mock + private KeymanagerDBHelper dbHelper; + + @Mock + private KeymanagerUtil keymanagerUtil; + + @Mock + private CryptomanagerUtils cryptomanagerUtil; + + @Mock + private SubjectAlternativeNamesHelper sanHelper; + + @Mock + private X509Certificate x509Certificate; + + @InjectMocks + private KeymanagerServiceImpl service; + + private CertificateParameters certificateParameters; + + @Before + public void setUp() { + certificateParameters = Mockito.mock(CertificateParameters.class); + ReflectionTestUtils.setField(service, "ed25519SupportFlag", true); + } + + @Test + public void testGetCertificateEntry_WithPrivateKey() { + String alias = "test-alias"; + PrivateKey privateKey = Mockito.mock(PrivateKey.class); + X509Certificate[] certChain = new X509Certificate[]{x509Certificate}; + + PrivateKeyEntry privateKeyEntry = Mockito.mock(PrivateKeyEntry.class); + when(privateKeyEntry.getCertificateChain()).thenReturn(certChain); + when(privateKeyEntry.getPrivateKey()).thenReturn(privateKey); + when(keyStore.getAsymmetricKey(alias)).thenReturn(privateKeyEntry); + + CertificateEntry result = ReflectionTestUtils.invokeMethod( + service, "getCertificateEntry", alias, true); + + assertNotNull(result); + assertArrayEquals(certChain, result.getChain()); + assertSame(privateKey, result.getPrivateKey()); + } + + @Test + public void testGetCertificateEntry_WithoutPrivateKey_FromDB() { + String alias = "test-alias"; + String certData = "cert-data"; + + when(keyStore.getAsymmetricKey(alias)).thenThrow(new KeystoreProcessingException("", "")); + + io.mosip.kernel.keymanagerservice.entity.KeyStore dbKeyStore = Mockito.mock(io.mosip.kernel.keymanagerservice.entity.KeyStore.class); + when(dbKeyStore.getCertificateData()).thenReturn(certData); + when(dbHelper.getKeyStoreFromDB(alias)).thenReturn(Optional.of(dbKeyStore)); + when(keymanagerUtil.convertToCertificate(certData)).thenReturn(x509Certificate); + + CertificateEntry result = ReflectionTestUtils.invokeMethod( + service, "getCertificateEntry", alias, false); + + assertNotNull(result); + assertEquals(1, result.getChain().length); + assertSame(x509Certificate, result.getChain()[0]); + assertNull(result.getPrivateKey()); + } + + @Test(expected = KeymanagerServiceException.class) + public void testGetCertificateEntry_CertificateNotFound() { + String alias = "missing-alias"; + + when(keyStore.getAsymmetricKey(alias)).thenThrow(new NoSuchSecurityProviderException("", "")); + when(dbHelper.getKeyStoreFromDB(alias)).thenReturn(Optional.empty()); + + ReflectionTestUtils.invokeMethod(service, "getCertificateEntry", alias, false); + } + + @Test(expected = KeystoreProcessingException.class) + public void testGetCertificateEntry_PrivateKeyRequired_ThrowsException() { + String alias = "test-alias"; + + when(keyStore.getAsymmetricKey(alias)).thenThrow(new KeystoreProcessingException("", "")); + + ReflectionTestUtils.invokeMethod(service, "getCertificateEntry", alias, true); + } + + @Test + public void testGenerateKeyPairInHSMForECCReference() { + String alias = "alias-1"; + String applicationId = "TEST_APP"; + String referenceId = KeyReferenceIdConsts.EC_SECP256R1_SIGN.name(); + LocalDateTime now = DateUtils2.getUTCCurrentDateTime(); + + KeyAlias currentRootAlias = Mockito.mock(KeyAlias.class); + when(currentRootAlias.getAlias()).thenReturn("root-alias"); + Map> rootKeyAliasMap = new HashMap<>(); + rootKeyAliasMap.put(KeymanagerConstant.CURRENTKEYALIAS, Collections.singletonList(currentRootAlias)); + rootKeyAliasMap.put(KeymanagerConstant.KEYALIAS, Collections.singletonList(currentRootAlias)); + ReflectionTestUtils.setField(service, "rootKeyApplicationId", "ROOT"); + when(dbHelper.getKeyAliases("ROOT", KeymanagerConstant.EMPTY, now)).thenReturn(rootKeyAliasMap); + + KeyAlias latestKeyAlias = Mockito.mock(KeyAlias.class); + when(latestKeyAlias.getAlias()).thenReturn("latest-alias"); + List keyAliasList = Collections.singletonList(latestKeyAlias); + + X509Certificate signingCert = Mockito.mock(X509Certificate.class); + X500Principal principal = new X500Principal("CN=Test"); + when(keyStore.getCertificate("latest-alias")).thenReturn(signingCert); + when(signingCert.getSubjectX500Principal()).thenReturn(principal); + + when(dbHelper.getExpiryPolicy(applicationId, now, keyAliasList)).thenReturn(now.plusDays(365)); + when(sanHelper.hasSANappIdAndRefId(applicationId, referenceId)).thenReturn(false); + when(keymanagerUtil.getCertificateParameters(principal, now, now.plusDays(365))).thenReturn(certificateParameters); + when(keymanagerUtil.isValidReferenceId(referenceId)).thenReturn(true); + + when(keyStore.getCertificate(alias)).thenReturn(x509Certificate); + when(cryptomanagerUtil.getCertificateThumbprintInHex(x509Certificate)).thenReturn("thumb"); + when(keymanagerUtil.getUniqueIdentifier(anyString())).thenReturn("unique-id"); + + ImmutablePair result = ReflectionTestUtils.invokeMethod( + service, "generateKeyPairInHSM", alias, applicationId, referenceId, now, keyAliasList); + + assertNotNull(result); + assertSame(x509Certificate, result.getRight()); + } + + @Test + public void testGenerateKeyPairInHSMForEd25519WhenHSMSupported() { + String alias = "alias-2"; + String applicationId = "TEST_APP"; + String referenceId = KeyReferenceIdConsts.ED25519_SIGN.name(); + LocalDateTime now = DateUtils2.getUTCCurrentDateTime(); + + KeyAlias currentRootAlias = Mockito.mock(KeyAlias.class); + when(currentRootAlias.getAlias()).thenReturn("root-alias"); + Map> rootKeyAliasMap = new HashMap<>(); + rootKeyAliasMap.put(KeymanagerConstant.CURRENTKEYALIAS, Collections.singletonList(currentRootAlias)); + rootKeyAliasMap.put(KeymanagerConstant.KEYALIAS, Collections.singletonList(currentRootAlias)); + ReflectionTestUtils.setField(service, "rootKeyApplicationId", "ROOT"); + when(dbHelper.getKeyAliases("ROOT", KeymanagerConstant.EMPTY, now)).thenReturn(rootKeyAliasMap); + + KeyAlias latestKeyAlias = Mockito.mock(KeyAlias.class); + when(latestKeyAlias.getAlias()).thenReturn("latest-alias"); + List keyAliasList = Collections.singletonList(latestKeyAlias); + + X509Certificate signingCert = Mockito.mock(X509Certificate.class); + X500Principal principal = new X500Principal("CN=Ed25519"); + when(keyStore.getCertificate("latest-alias")).thenReturn(signingCert); + when(signingCert.getSubjectX500Principal()).thenReturn(principal); + + when(dbHelper.getExpiryPolicy(applicationId, now, keyAliasList)).thenReturn(now.plusDays(365)); + when(sanHelper.hasSANappIdAndRefId(applicationId, referenceId)).thenReturn(false); + when(keymanagerUtil.getCertificateParameters(principal, now, now.plusDays(365))).thenReturn(certificateParameters); + + when(keymanagerUtil.isValidReferenceId(referenceId)).thenReturn(true); + + when(keyStore.getCertificate(alias)).thenReturn(x509Certificate); + when(cryptomanagerUtil.getCertificateThumbprintInHex(x509Certificate)).thenReturn("thumb-ed"); + when(keymanagerUtil.getUniqueIdentifier(anyString())).thenReturn("unique-ed"); + + ImmutablePair result = ReflectionTestUtils.invokeMethod( + service, "generateKeyPairInHSM", alias, applicationId, referenceId, now, keyAliasList); + + assertNotNull(result); + assertSame(x509Certificate, result.getRight()); + } + + @Test + public void testGetLatestCertPrincipal() { + KeyAlias keyAlias = Mockito.mock(KeyAlias.class); + + when(keyAlias.getAlias()).thenReturn("alias-3"); + when(keyStore.getCertificate("alias-3")).thenReturn(x509Certificate); + + X500Principal principal = new X500Principal("CN=PrincipalTest"); + when(x509Certificate.getSubjectX500Principal()).thenReturn(principal); + + List keyAliasList = Arrays.asList(keyAlias); + X500Principal result = ReflectionTestUtils.invokeMethod(service, "getLatestCertPrincipal", keyAliasList); + + assertSame(principal, result); + verify(keyStore).getCertificate("alias-3"); + } + + @Test + public void testGenerateKeyPairInHSMWithSAN() { + String alias = "alias-san"; + String applicationId = "TEST_APP"; + String referenceId = KeyReferenceIdConsts.EC_SECP256R1_SIGN.name(); + LocalDateTime now = DateUtils2.getUTCCurrentDateTime(); + + KeyAlias currentRootAlias = Mockito.mock(KeyAlias.class); + when(currentRootAlias.getAlias()).thenReturn("root-alias"); + Map> rootKeyAliasMap = new HashMap<>(); + rootKeyAliasMap.put(KeymanagerConstant.CURRENTKEYALIAS, Collections.singletonList(currentRootAlias)); + rootKeyAliasMap.put(KeymanagerConstant.KEYALIAS, Collections.singletonList(currentRootAlias)); + ReflectionTestUtils.setField(service, "rootKeyApplicationId", "ROOT"); + when(dbHelper.getKeyAliases("ROOT", KeymanagerConstant.EMPTY, now)).thenReturn(rootKeyAliasMap); + + + KeyAlias latestKeyAlias = Mockito.mock(KeyAlias.class); + when(latestKeyAlias.getAlias()).thenReturn("latest-alias"); + List keyAliasList = Collections.singletonList(latestKeyAlias); + + X509Certificate signingCert = Mockito.mock(X509Certificate.class); + X500Principal principal = new X500Principal("CN=Test"); + when(keyStore.getCertificate("latest-alias")).thenReturn(signingCert); + when(signingCert.getSubjectX500Principal()).thenReturn(principal); + + when(dbHelper.getExpiryPolicy(applicationId, now, keyAliasList)).thenReturn(now.plusDays(365)); + when(sanHelper.hasSANappIdAndRefId(applicationId, referenceId)).thenReturn(true); + + when(keymanagerUtil.isValidReferenceId(referenceId)).thenReturn(true); + + when(keyStore.getCertificate(alias)).thenReturn(x509Certificate); + when(cryptomanagerUtil.getCertificateThumbprintInHex(x509Certificate)).thenReturn("thumb-san"); + when(keymanagerUtil.getUniqueIdentifier(anyString())).thenReturn("unique-san"); + + ImmutablePair result = ReflectionTestUtils.invokeMethod( + service, "generateKeyPairInHSM", alias, applicationId, referenceId, now, + keyAliasList); + + assertNotNull(result); + assertSame(x509Certificate, result.getRight()); + } + + @Test + public void testGenerateKeyPairInHSMForRSAReference() { + String alias = "alias-rsa"; + String applicationId = "TEST_APP"; + String referenceId = "SIGN"; + LocalDateTime now = DateUtils2.getUTCCurrentDateTime(); + + KeyAlias currentRootAlias = Mockito.mock(KeyAlias.class); + when(currentRootAlias.getAlias()).thenReturn("root-alias"); + Map> rootKeyAliasMap = new HashMap<>(); + rootKeyAliasMap.put(KeymanagerConstant.CURRENTKEYALIAS, Collections.singletonList(currentRootAlias)); + rootKeyAliasMap.put(KeymanagerConstant.KEYALIAS, Collections.singletonList(currentRootAlias)); + ReflectionTestUtils.setField(service, "rootKeyApplicationId", "ROOT"); + + when(dbHelper.getKeyAliases("ROOT", KeymanagerConstant.EMPTY, now)).thenReturn(rootKeyAliasMap); + + KeyAlias latestKeyAlias = Mockito.mock(KeyAlias.class); + when(latestKeyAlias.getAlias()).thenReturn("latest-alias"); + List keyAliasList = Collections.singletonList(latestKeyAlias); + + X509Certificate signingCert = Mockito.mock(X509Certificate.class); + X500Principal principal = new X500Principal("CN=RSA"); + when(keyStore.getCertificate("latest-alias")).thenReturn(signingCert); + when(signingCert.getSubjectX500Principal()).thenReturn(principal); + + when(dbHelper.getExpiryPolicy(applicationId, now, keyAliasList)).thenReturn(now.plusDays(365)); + when(sanHelper.hasSANappIdAndRefId(applicationId, referenceId)).thenReturn(false); + when(keymanagerUtil.getCertificateParameters(principal, now, now.plusDays(365))).thenReturn(certificateParameters); + + when(keymanagerUtil.isValidReferenceId(referenceId)).thenReturn(false); + + when(keyStore.getCertificate(alias)).thenReturn(x509Certificate); + when(cryptomanagerUtil.getCertificateThumbprintInHex(x509Certificate)).thenReturn("thumb-rsa"); + when(keymanagerUtil.getUniqueIdentifier(anyString())).thenReturn("unique-rsa"); + + ImmutablePair result = ReflectionTestUtils.invokeMethod( + service, "generateKeyPairInHSM", alias, applicationId, referenceId, now, keyAliasList); + + assertNotNull(result); + assertSame(x509Certificate, result.getRight()); + } + + @Test + public void testGetCertificateTrustPath_Exception() throws Exception { + // Use a spy to test the real method on KeymanagerUtil + KeymanagerUtil keymanagerUtilSpy = Mockito.spy(new KeymanagerUtil()); + + // Mock the cache dependency within the spy + @SuppressWarnings("unchecked") + Cache cache = Mockito.mock(Cache.class); + ReflectionTestUtils.setField(keymanagerUtilSpy, "keyAliasTrustAnchorsCache", cache); + + X509Certificate mockX509Certificate = Mockito.mock(X509Certificate.class); + + // Setup the cache to return a map with an empty set of trust anchors + // This will cause an InvalidAlgorithmParameterException from PKIXBuilderParameters constructor + Map> trustStoreMap = new HashMap<>(); + trustStoreMap.put(PartnerCertManagerConstants.TRUST_ROOT, Collections.emptySet()); + trustStoreMap.put(PartnerCertManagerConstants.TRUST_INTER, Collections.emptySet()); + + when(cache.get(anyString())).thenReturn(trustStoreMap); + + List result = keymanagerUtilSpy.getCertificateTrustPath(mockX509Certificate); + + assertNull(result); + } + + @Test + public void testGetCertificateTrustPath_Success() throws Exception { + // Use a spy to test the real method on KeymanagerUtil + KeymanagerUtil keymanagerUtilSpy = Mockito.spy(new KeymanagerUtil()); + + // Mock the cache dependency within the spy + @SuppressWarnings("unchecked") + Cache cache = Mockito.mock(Cache.class); + ReflectionTestUtils.setField(keymanagerUtilSpy, "keyAliasTrustAnchorsCache", cache); + + // Mock certificates + X509Certificate mockReqCert = Mockito.mock(X509Certificate.class); + X509Certificate mockRootCert = Mockito.mock(X509Certificate.class); + X509Certificate mockInterCert = Mockito.mock(X509Certificate.class); + + // Setup the cache to return a map with mock root and intermediate certificates + Set rootTrustAnchors = new HashSet<>(); + rootTrustAnchors.add(new TrustAnchor(mockRootCert, null)); + Set interCerts = new HashSet<>(); + interCerts.add(mockInterCert); + + Map> trustStoreMap = new HashMap<>(); + trustStoreMap.put(PartnerCertManagerConstants.TRUST_ROOT, rootTrustAnchors); + trustStoreMap.put(PartnerCertManagerConstants.TRUST_INTER, interCerts); + + when(cache.get(anyString())).thenReturn(trustStoreMap); + + // Mock CertPathBuilder and PKIXCertPathBuilderResult for success + CertPathBuilder mockCertPathBuilder = Mockito.mock(CertPathBuilder.class); + PKIXCertPathBuilderResult mockResult = Mockito.mock(PKIXCertPathBuilderResult.class); + TrustAnchor mockTrustAnchor = Mockito.mock(TrustAnchor.class); + CertPath mockCertPath = Mockito.mock(CertPath.class); + + when(mockCertPathBuilder.build(any(PKIXBuilderParameters.class))).thenReturn(mockResult); + when(mockResult.getTrustAnchor()).thenReturn(mockTrustAnchor); + when(mockTrustAnchor.getTrustedCert()).thenReturn(mockRootCert); + when(mockResult.getCertPath()).thenReturn(mockCertPath); + + List certList = Collections.singletonList(mockInterCert); + doReturn(certList).when(mockCertPath).getCertificates(); + + try (var mockedStaticCertPathBuilder = mockStatic(CertPathBuilder.class)) { + mockedStaticCertPathBuilder.when(() -> CertPathBuilder.getInstance("PKIX")).thenReturn(mockCertPathBuilder); + + List result = keymanagerUtilSpy.getCertificateTrustPath(mockReqCert); + + assertNotNull(result); + assertEquals(2, result.size()); // Intermediate + Root + assertTrue(result.contains(mockInterCert)); + assertTrue(result.contains(mockRootCert)); + } + } +} diff --git a/kernel/kernel-keymanager-service/src/test/java/io/mosip/kernel/signature/test/service/SignatureServiceTest.java b/kernel/kernel-keymanager-service/src/test/java/io/mosip/kernel/signature/test/service/SignatureServiceTest.java index 85253697..1450974c 100644 --- a/kernel/kernel-keymanager-service/src/test/java/io/mosip/kernel/signature/test/service/SignatureServiceTest.java +++ b/kernel/kernel-keymanager-service/src/test/java/io/mosip/kernel/signature/test/service/SignatureServiceTest.java @@ -683,6 +683,7 @@ public void testJwsSignV2() { jwsSignRequestDtoV2.setIncludePayload(false); jwsSignRequestDtoV2.setIncludeCertificateChain(false); jwsSignRequestDtoV2.setB64JWSHeaderParam(true); + jwsSignRequestDtoV2.setIncludeCertHash(true); jwsSignRequestDtoV2.setCertificateUrl("https:://test/certificate.com"); response = signatureService.jwsSignV2(jwsSignRequestDtoV2); Assert.assertNotNull(response); @@ -699,6 +700,14 @@ public void testJwsSignV2() { jwsSignRequestDtoV2.setReferenceId("ED25519_SIGN"); response = signatureService.jwsSignV2(jwsSignRequestDtoV2); Assert.assertNotNull(response); + + addtionalHeader.put("typ", "jws"); + addtionalHeader.put("jku", "https://test.com/jwks.json"); + addtionalHeader.put("cty", "application/json"); + addtionalHeader.put("crit", "alg, x5c"); + jwsSignRequestDtoV2.setAdditionalHeaders(addtionalHeader); + response = signatureService.jwsSignV2(jwsSignRequestDtoV2); + Assert.assertNotNull(response); } @Test diff --git a/kernel/kernel-keymanager-service/src/test/java/io/mosip/kernel/signature/test/util/SignatureUtilTest.java b/kernel/kernel-keymanager-service/src/test/java/io/mosip/kernel/signature/test/util/SignatureUtilTest.java index 0a72ec30..69bbc4c9 100644 --- a/kernel/kernel-keymanager-service/src/test/java/io/mosip/kernel/signature/test/util/SignatureUtilTest.java +++ b/kernel/kernel-keymanager-service/src/test/java/io/mosip/kernel/signature/test/util/SignatureUtilTest.java @@ -37,6 +37,26 @@ public class SignatureUtilTest { private String testUniqueId = "1234567890ABCDEF"; + private String expiredCertificate = """ + -----BEGIN CERTIFICATE----- + MIICtjCCAZ6gAwIBAgIUZm9Jj2wIadCiDIB2TW4Bmv4KpZgwDQYJKoZIhvcNAQEL + BQAwFTETMBEGA1UEAwwKY2EtZXhwaXJlZDAeFw0yMjEyMDgxMjU4MjFaFw0yNDEy + MDgxMjU4MjFaMBUxEzARBgNVBAMMCmNhLWV4cGlyZWQwggEiMA0GCSqGSIb3DQEB + AQUAA4IBDwAwggEKAoIBAQCs9s18I+s77QlzfWN0+RRhyQ29orYBSbHBp8dRyz1x + Tl9z699Bj/uzwIHPt18Qc0+9eFhtGzhPquCAsJTUeLkR1jGzvVVuAyhO1EeOvxeI + BVT45vBG+Qtm7cqMSkyE//eint3BhKyp2ySK4MUGPLSUkmNQ6GGuIaRyV2efwsZe + 2EVJsK4JkT5gzhlwW++7R8Aei1+UDdCADqJorDsPQTam8VVFZKlqm6U4SyPnicgh + /Q4ODHWeoM5LjoLYdGPp7EluGHY+4Zoyay7frMBM8zCWf+qJUwXS/EtBRNMI9Pzy + CJHK5FWQ/BwDpFN2HbHolgH+busVr13vTiMx8O6zuMxVAgMBAAEwDQYJKoZIhvcN + AQELBQADggEBAKQv7+m1lfNwkeocMKCvxB1dppM+80aEle12YuWi7WkfZ1TJGwXo + RqbYdRa6szURARUNolFvRlbQxEJzkXtgElEw7/BFHWejFGMU6MT+191exQQWpXsf + kAjUhSlPLKD45aN6OguL//XF673Ripi2d3Nz+0PjFGjvth+oH7HyE2/6/8GoNvfz + +GI0+J35nBEt/2O36FIcxTjVq7GqJudVEE1w4j2o7iW9tBRlPeLZMvhsIjiCCiBK + dIGptqfav9V3Hqai+p0m8BxEUMINCgciPRCzdSybSnFLrkZCSKmhK18B+z/1xt5b + 1QWPHILmhDQuLCfY/f6Ztvs+0PBC2ADGlRo= + -----END CERTIFICATE----- + """; + @Before public void setUp() { KeyPairGenerateRequestDto keyPairGenRequestDto = new KeyPairGenerateRequestDto(); @@ -172,4 +192,10 @@ public void testGetJWSHeaderV2WithNullHeaders() { "https://test.com/cert", x509Certificate, testUniqueId, false, "", null); Assert.assertNotNull(header); } + + @Test + public void testIsCertificateDatesValidFalse() { + X509Certificate expiredCert = (X509Certificate) keymanagerUtil.convertToCertificate(expiredCertificate); + Assert.assertFalse(SignatureUtil.isCertificateDatesValid(expiredCert)); + } } \ No newline at end of file