Stirling-PDF/src/test/java/stirling/software/SPDF/service/CertificateValidationServiceTest.java

package stirling.software.SPDF.service;

import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.mockito.Mockito.doNothing;
import static org.mockito.Mockito.doThrow;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;

import java.security.PublicKey;
import java.security.cert.CertificateExpiredException;
import java.security.cert.X509Certificate;

import javax.security.auth.x500.X500Principal;

import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;

/** Tests for the CertificateValidationService using mocked certificates. */
class CertificateValidationServiceTest {

    private CertificateValidationService validationService;
    private X509Certificate validCertificate;
    private X509Certificate expiredCertificate;

    @BeforeEach
    void setUp() throws Exception {
        validationService = new CertificateValidationService();

        // Create mock certificates
        validCertificate = mock(X509Certificate.class);
        expiredCertificate = mock(X509Certificate.class);

        // Set up behaviors for valid certificate
        doNothing().when(validCertificate).checkValidity(); // No exception means valid

        // Set up behaviors for expired certificate
        doThrow(new CertificateExpiredException("Certificate expired"))
                .when(expiredCertificate)
                .checkValidity();
    }

    @Test
    void testIsRevoked_ValidCertificate() {
        // When certificate is valid (not expired)
        boolean result = validationService.isRevoked(validCertificate);

        // Then it should not be considered revoked
        assertFalse(result, "Valid certificate should not be considered revoked");
    }

    @Test
    void testIsRevoked_ExpiredCertificate() {
        // When certificate is expired
        boolean result = validationService.isRevoked(expiredCertificate);

        // Then it should be considered revoked
        assertTrue(result, "Expired certificate should be considered revoked");
    }

    @Test
    void testValidateTrustWithCustomCert_Match() {
        // Create certificates with matching issuer and subject
        X509Certificate issuingCert = mock(X509Certificate.class);
        X509Certificate signedCert = mock(X509Certificate.class);

        // Create X500Principal objects for issuer and subject
        X500Principal issuerPrincipal = new X500Principal("CN=Test Issuer");

        // Mock the issuer of the signed certificate to match the subject of the issuing certificate
        when(signedCert.getIssuerX500Principal()).thenReturn(issuerPrincipal);
        when(issuingCert.getSubjectX500Principal()).thenReturn(issuerPrincipal);

        // When validating trust with custom cert
        boolean result = validationService.validateTrustWithCustomCert(signedCert, issuingCert);

        // Then validation should succeed
        assertTrue(result, "Certificate with matching issuer and subject should validate");
    }

    @Test
    void testValidateTrustWithCustomCert_NoMatch() {
        // Create certificates with non-matching issuer and subject
        X509Certificate issuingCert = mock(X509Certificate.class);
        X509Certificate signedCert = mock(X509Certificate.class);

        // Create X500Principal objects for issuer and subject
        X500Principal issuerPrincipal = new X500Principal("CN=Test Issuer");
        X500Principal differentPrincipal = new X500Principal("CN=Different Name");

        // Mock the issuer of the signed certificate to NOT match the subject of the issuing
        // certificate
        when(signedCert.getIssuerX500Principal()).thenReturn(issuerPrincipal);
        when(issuingCert.getSubjectX500Principal()).thenReturn(differentPrincipal);

        // When validating trust with custom cert
        boolean result = validationService.validateTrustWithCustomCert(signedCert, issuingCert);

        // Then validation should fail
        assertFalse(result, "Certificate with non-matching issuer and subject should not validate");
    }

    @Test
    void testValidateCertificateChainWithCustomCert_Success() throws Exception {
        // Setup mock certificates
        X509Certificate signedCert = mock(X509Certificate.class);
        X509Certificate signingCert = mock(X509Certificate.class);
        PublicKey publicKey = mock(PublicKey.class);

        when(signingCert.getPublicKey()).thenReturn(publicKey);

        // When verifying the certificate with the signing cert's public key, don't throw exception
        doNothing().when(signedCert).verify(Mockito.any());

        // When validating certificate chain with custom cert
        boolean result =
                validationService.validateCertificateChainWithCustomCert(signedCert, signingCert);

        // Then validation should succeed
        assertTrue(result, "Certificate chain with proper signing should validate");
    }

    @Test
    void testValidateCertificateChainWithCustomCert_Failure() throws Exception {
        // Setup mock certificates
        X509Certificate signedCert = mock(X509Certificate.class);
        X509Certificate signingCert = mock(X509Certificate.class);
        PublicKey publicKey = mock(PublicKey.class);

        when(signingCert.getPublicKey()).thenReturn(publicKey);

        // When verifying the certificate with the signing cert's public key, throw exception
        // Need to use a specific exception that verify() can throw
        doThrow(new java.security.SignatureException("Verification failed"))
                .when(signedCert)
                .verify(Mockito.any());

        // When validating certificate chain with custom cert
        boolean result =
                validationService.validateCertificateChainWithCustomCert(signedCert, signingCert);

        // Then validation should fail
        assertFalse(result, "Certificate chain with failed signing should not validate");
    }
}
JUnits JUnits JUnits, so many JUnits (#3537) # Description of Changes Please provide a summary of the changes, including: - What was changed - Why the change was made - Any challenges encountered Closes #(issue_number) --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md#6-testing) for more details. --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com> 2025-05-19 14:12:06 +01:00			`package stirling.software.SPDF.service;`

			`import static org.junit.jupiter.api.Assertions.assertFalse;`
			`import static org.junit.jupiter.api.Assertions.assertTrue;`
			`import static org.mockito.Mockito.doNothing;`
			`import static org.mockito.Mockito.doThrow;`
			`import static org.mockito.Mockito.mock;`
			`import static org.mockito.Mockito.when;`

			`import java.security.PublicKey;`
			`import java.security.cert.CertificateExpiredException;`
			`import java.security.cert.X509Certificate;`

			`import javax.security.auth.x500.X500Principal;`

			`import org.junit.jupiter.api.BeforeEach;`
			`import org.junit.jupiter.api.Test;`
			`import org.mockito.Mockito;`

			`/** Tests for the CertificateValidationService using mocked certificates. */`
			`class CertificateValidationServiceTest {`

			`private CertificateValidationService validationService;`
			`private X509Certificate validCertificate;`
			`private X509Certificate expiredCertificate;`

			`@BeforeEach`
			`void setUp() throws Exception {`
			`validationService = new CertificateValidationService();`

			`// Create mock certificates`
			`validCertificate = mock(X509Certificate.class);`
			`expiredCertificate = mock(X509Certificate.class);`

			`// Set up behaviors for valid certificate`
			`doNothing().when(validCertificate).checkValidity(); // No exception means valid`

			`// Set up behaviors for expired certificate`
			`doThrow(new CertificateExpiredException("Certificate expired"))`
			`.when(expiredCertificate)`
			`.checkValidity();`
			`}`

			`@Test`
			`void testIsRevoked_ValidCertificate() {`
			`// When certificate is valid (not expired)`
			`boolean result = validationService.isRevoked(validCertificate);`

			`// Then it should not be considered revoked`
			`assertFalse(result, "Valid certificate should not be considered revoked");`
			`}`

			`@Test`
			`void testIsRevoked_ExpiredCertificate() {`
			`// When certificate is expired`
			`boolean result = validationService.isRevoked(expiredCertificate);`

			`// Then it should be considered revoked`
			`assertTrue(result, "Expired certificate should be considered revoked");`
			`}`

			`@Test`
			`void testValidateTrustWithCustomCert_Match() {`
			`// Create certificates with matching issuer and subject`
			`X509Certificate issuingCert = mock(X509Certificate.class);`
			`X509Certificate signedCert = mock(X509Certificate.class);`

			`// Create X500Principal objects for issuer and subject`
			`X500Principal issuerPrincipal = new X500Principal("CN=Test Issuer");`

			`// Mock the issuer of the signed certificate to match the subject of the issuing certificate`
			`when(signedCert.getIssuerX500Principal()).thenReturn(issuerPrincipal);`
			`when(issuingCert.getSubjectX500Principal()).thenReturn(issuerPrincipal);`

			`// When validating trust with custom cert`
			`boolean result = validationService.validateTrustWithCustomCert(signedCert, issuingCert);`

			`// Then validation should succeed`
			`assertTrue(result, "Certificate with matching issuer and subject should validate");`
			`}`

			`@Test`
			`void testValidateTrustWithCustomCert_NoMatch() {`
			`// Create certificates with non-matching issuer and subject`
			`X509Certificate issuingCert = mock(X509Certificate.class);`
			`X509Certificate signedCert = mock(X509Certificate.class);`

			`// Create X500Principal objects for issuer and subject`
			`X500Principal issuerPrincipal = new X500Principal("CN=Test Issuer");`
			`X500Principal differentPrincipal = new X500Principal("CN=Different Name");`

			`// Mock the issuer of the signed certificate to NOT match the subject of the issuing`
			`// certificate`
			`when(signedCert.getIssuerX500Principal()).thenReturn(issuerPrincipal);`
			`when(issuingCert.getSubjectX500Principal()).thenReturn(differentPrincipal);`

			`// When validating trust with custom cert`
			`boolean result = validationService.validateTrustWithCustomCert(signedCert, issuingCert);`

			`// Then validation should fail`
			`assertFalse(result, "Certificate with non-matching issuer and subject should not validate");`
			`}`

			`@Test`
			`void testValidateCertificateChainWithCustomCert_Success() throws Exception {`
			`// Setup mock certificates`
			`X509Certificate signedCert = mock(X509Certificate.class);`
			`X509Certificate signingCert = mock(X509Certificate.class);`
			`PublicKey publicKey = mock(PublicKey.class);`

			`when(signingCert.getPublicKey()).thenReturn(publicKey);`

			`// When verifying the certificate with the signing cert's public key, don't throw exception`
			`doNothing().when(signedCert).verify(Mockito.any());`

			`// When validating certificate chain with custom cert`
			`boolean result =`
			`validationService.validateCertificateChainWithCustomCert(signedCert, signingCert);`

			`// Then validation should succeed`
			`assertTrue(result, "Certificate chain with proper signing should validate");`
			`}`

			`@Test`
			`void testValidateCertificateChainWithCustomCert_Failure() throws Exception {`
			`// Setup mock certificates`
			`X509Certificate signedCert = mock(X509Certificate.class);`
			`X509Certificate signingCert = mock(X509Certificate.class);`
			`PublicKey publicKey = mock(PublicKey.class);`

			`when(signingCert.getPublicKey()).thenReturn(publicKey);`

			`// When verifying the certificate with the signing cert's public key, throw exception`
			`// Need to use a specific exception that verify() can throw`
			`doThrow(new java.security.SignatureException("Verification failed"))`
			`.when(signedCert)`
			`.verify(Mockito.any());`

			`// When validating certificate chain with custom cert`
			`boolean result =`
			`validationService.validateCertificateChainWithCustomCert(signedCert, signingCert);`

			`// Then validation should fail`
			`assertFalse(result, "Certificate chain with failed signing should not validate");`
			`}`
			`}`