zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-08-04 17:01:51 +02:00
Code Issues Projects Releases Packages Wiki Activity

Use enum instead of boolean for TMCH CA mode

Browse source 
Also more narrowly scopes a catch block in TmchCertificateAuthority.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=144744847
This commit is contained in:
mcilwain 2017-01-17 12:57:05 -08:00 committed by Ben McIlwain
parent 0dbaa8e5bc
commit a28e0b3ff7
13 changed files with 90 additions and 73 deletions
Download patch file Download diff file Expand all files Collapse all files

21
javatests/google/registry/tmch/TmchCrlActionTest.java
View file

@ -19,6 +19,7 @@ import static google.registry.util.ResourceUtils.readResourceBytes;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
import google.registry.config.RegistryConfig.ConfigModule.TmchCaMode;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.SignatureException;
@ -30,10 +31,10 @@ import org.junit.Test;
/** Unit tests for {@link TmchCrlAction}. */
public class TmchCrlActionTest extends TmchActionTestCase {
private TmchCrlAction newTmchCrlAction(boolean tmchCaTestingMode) throws MalformedURLException {
private TmchCrlAction newTmchCrlAction(TmchCaMode tmchCaMode) throws MalformedURLException {
TmchCrlAction action = new TmchCrlAction();
action.marksdb = marksdb;
action.tmchCertificateAuthority = new TmchCertificateAuthority(tmchCaTestingMode);
action.tmchCertificateAuthority = new TmchCertificateAuthority(tmchCaMode);
action.tmchCrlUrl = new URL("http://sloth.lol/tmch.crl");
return action;
}
@ -43,7 +44,7 @@ public class TmchCrlActionTest extends TmchActionTestCase {
clock.setTo(DateTime.parse("2013-07-24TZ"));
when(httpResponse.getContent()).thenReturn(
readResourceBytes(TmchCertificateAuthority.class, "icann-tmch.crl").read());
newTmchCrlAction(false).run();
newTmchCrlAction(TmchCaMode.PRODUCTION).run();
verify(httpResponse).getContent();
verify(fetchService).fetch(httpRequest.capture());
assertThat(httpRequest.getValue().getURL().toString()).isEqualTo("http://sloth.lol/tmch.crl");
@ -53,8 +54,12 @@ public class TmchCrlActionTest extends TmchActionTestCase {
public void testFailure_crlTooOld() throws Exception {
clock.setTo(DateTime.parse("2020-01-01TZ"));
when(httpResponse.getContent()).thenReturn(
readResourceBytes(TmchCertificateAuthority.class, "icann-tmch-test.crl").read());
TmchCrlAction action = newTmchCrlAction(false);
readResourceBytes(TmchCertificateAuthority.class, "icann-tmch-pilot.crl").read());
// We use the pilot CRL here only because we know that it was generated more recently than the
// production CRL, and thus attempting to replace it with the production CRL will fail. It
// doesn't matter that the wrong CRT would be used to verify it because that check happens after
// the age check.
TmchCrlAction action = newTmchCrlAction(TmchCaMode.PRODUCTION);
thrown.expectRootCause(CRLException.class, "New CRL is more out of date than our current CRL.");
action.run();
}
@ -65,15 +70,15 @@ public class TmchCrlActionTest extends TmchActionTestCase {
when(httpResponse.getContent()).thenReturn(
readResourceBytes(TmchCertificateAuthority.class, "icann-tmch.crl").read());
thrown.expectRootCause(SignatureException.class, "Signature does not match.");
newTmchCrlAction(true).run();
newTmchCrlAction(TmchCaMode.PILOT).run();
}
@Test
public void testFailure_crlNotYetValid() throws Exception {
clock.setTo(DateTime.parse("1984-01-01TZ"));
when(httpResponse.getContent()).thenReturn(
readResourceBytes(TmchCertificateAuthority.class, "icann-tmch-test.crl").read());
readResourceBytes(TmchCertificateAuthority.class, "icann-tmch-pilot.crl").read());
thrown.expectRootCause(CertificateNotYetValidException.class);
newTmchCrlAction(true).run();
newTmchCrlAction(TmchCaMode.PILOT).run();
}
}