mv com/google/domain/registry google/registry

This change renames directories in preparation for the great package rename. The repository is now in a broken state because the code itself hasn't been updated. However this should ensure that git correctly preserves history for each file.
2025-08-05 09:21:49 +02:00 · 2016-05-13 18:55:08 -04:00 · 2016-05-13 18:55:08 -04:00 · 5012893c1d
commit 5012893c1d
parent a41677aea1
2396 changed files with 0 additions and 0 deletions
--- a/javatests/google/registry/tmch/TmchCertificateAuthorityTest.java
+++ b/javatests/google/registry/tmch/TmchCertificateAuthorityTest.java
@ -0,0 +1,111 @@
+// Copyright 2016 The Domain Registry Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.google.domain.registry.tmch;
+
+import static com.google.domain.registry.tmch.TmchTestData.loadString;
+import static com.google.domain.registry.util.ResourceUtils.readResourceUtf8;
+import static com.google.domain.registry.util.X509Utils.loadCertificate;
+
+import com.google.domain.registry.model.tmch.TmchCrl;
+import com.google.domain.registry.testing.AppEngineRule;
+import com.google.domain.registry.testing.ExceptionRule;
+import com.google.domain.registry.testing.FakeClock;
+import com.google.domain.registry.testing.InjectRule;
+import com.google.domain.registry.testing.RegistryConfigRule;
+
+import org.joda.time.DateTime;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+import java.security.SignatureException;
+import java.security.cert.CertificateExpiredException;
+import java.security.cert.CertificateNotYetValidException;
+import java.security.cert.CertificateRevokedException;
+
+/** Unit tests for {@link TmchCertificateAuthority}. */
+@RunWith(JUnit4.class)
+public class TmchCertificateAuthorityTest {
+
+  public static final String GOOD_TEST_CERTIFICATE = loadString("icann-tmch-test-good.crt");
+  public static final String REVOKED_TEST_CERTIFICATE = loadString("icann-tmch-test-revoked.crt");
+
+  @Rule
+  public final AppEngineRule appEngine = AppEngineRule.builder()
+      .withDatastore()
+      .build();
+
+  @Rule
+  public final ExceptionRule thrown = new ExceptionRule();
+
+  @Rule
+  public final InjectRule inject = new InjectRule();
+
+  @Rule
+  public final RegistryConfigRule configRule = new RegistryConfigRule();
+
+  private FakeClock clock = new FakeClock(DateTime.parse("2014-01-01T00:00:00Z"));
+
+  @Before
+  public void before() throws Exception {
+    inject.setStaticField(TmchCertificateAuthority.class, "clock", clock);
+  }
+
+  @Test
+  public void testFailure_prodRootExpired() throws Exception {
+    thrown.expectRootCause(
+        CertificateExpiredException.class, "NotAfter: Sun Jul 23 23:59:59 UTC 2023");
+    configRule.useTmchProdCert();
+    clock.setTo(DateTime.parse("2024-01-01T00:00:00Z"));
+    TmchCertificateAuthority.getRoot();
+  }
+
+  @Test
+  public void testFailure_prodRootNotYetValid() throws Exception {
+    thrown.expectRootCause(CertificateNotYetValidException.class,
+        "NotBefore: Wed Jul 24 00:00:00 UTC 2013");
+    configRule.useTmchProdCert();
+    clock.setTo(DateTime.parse("2000-01-01T00:00:00Z"));
+    TmchCertificateAuthority.getRoot();
+  }
+
+  @Test
+  public void testFailure_crlDoesntMatchCerts() throws Exception {
+    thrown.expectRootCause(SignatureException.class, "Signature does not match");
+    // Use the prod cl, which won't match our test certificate.
+    TmchCrl.set(readResourceUtf8(TmchCertificateAuthority.class, "icann-tmch.crl"));
+    TmchCertificateAuthority.verify(loadCertificate(GOOD_TEST_CERTIFICATE));
+  }
+
+  @Test
+  public void testSuccess_verify() throws Exception {
+    TmchCertificateAuthority.verify(loadCertificate(GOOD_TEST_CERTIFICATE));
+  }
+
+  @Test
+  public void testFailure_verifySignatureDoesntMatch() throws Exception {
+    thrown.expectRootCause(SignatureException.class, "Signature does not match");
+    configRule.useTmchProdCert();
+    TmchCertificateAuthority.verify(loadCertificate(GOOD_TEST_CERTIFICATE));
+  }
+
+  @Test
+  public void testFailure_verifyRevoked() throws Exception {
+    thrown.expect(CertificateRevokedException.class, "revoked, reason: KEY_COMPROMISE");
+    TmchCertificateAuthority.verify(loadCertificate(REVOKED_TEST_CERTIFICATE));
+  }
+}