diff --git a/core-java-modules/core-java-security-2/src/test/java/certificates/CertificatesUnitTest.java b/core-java-modules/core-java-security-2/src/test/java/certificates/CertificatesUnitTest.java new file mode 100644 index 0000000000..a631df086b --- /dev/null +++ b/core-java-modules/core-java-security-2/src/test/java/certificates/CertificatesUnitTest.java @@ -0,0 +1,94 @@ +package certificates; + +import org.junit.jupiter.api.Test; + +import javax.net.ssl.TrustManager; +import javax.net.ssl.TrustManagerFactory; +import javax.net.ssl.X509TrustManager; +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.cert.Certificate; +import java.security.cert.CertificateException; +import java.security.cert.PKIXParameters; +import java.security.cert.TrustAnchor; +import java.security.cert.X509Certificate; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.Enumeration; +import java.util.List; +import java.util.Set; +import java.util.stream.Collectors; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertTrue; + +public class CertificatesUnitTest { + + private static final String GODADDY_CA_ALIAS = "godaddyrootg2ca [jdk]"; + + @Test + public void whenLoadingCacertsKeyStore_thenCertificatesArePresent() throws Exception { + KeyStore keyStore = loadKeyStore(); + PKIXParameters params = new PKIXParameters(keyStore); + + Set trustAnchors = params.getTrustAnchors(); + List certificates = trustAnchors.stream() + .map(TrustAnchor::getTrustedCert) + .collect(Collectors.toList()); + + assertFalse(certificates.isEmpty()); + } + + @Test + public void whenLoadingDefaultKeyStore_thenCertificatesArePresent() throws Exception { + TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); + trustManagerFactory.init((KeyStore)null); + + List trustManagers = Arrays.asList(trustManagerFactory.getTrustManagers()); + List certificates = trustManagers.stream() + .filter(X509TrustManager.class::isInstance) + .map(X509TrustManager.class::cast) + .map(trustManager -> Arrays.asList(trustManager.getAcceptedIssuers())) + .flatMap(Collection::stream) + .collect(Collectors.toList()); + + assertFalse(certificates.isEmpty()); + } + + @Test + public void whenLoadingKeyStore_thenGoDaddyCALabelIsPresent() throws Exception { + KeyStore keyStore = loadKeyStore(); + + Enumeration aliasEnumeration = keyStore.aliases(); + List aliases = Collections.list(aliasEnumeration); + + assertTrue(aliases.contains(GODADDY_CA_ALIAS)); + } + + @Test + public void whenLoadingKeyStore_thenGoDaddyCertificateIsPresent() throws Exception { + KeyStore keyStore = loadKeyStore(); + + Certificate goDaddyCertificate = keyStore.getCertificate(GODADDY_CA_ALIAS); + + assertNotNull(goDaddyCertificate); + } + + private KeyStore loadKeyStore() throws CertificateException, NoSuchAlgorithmException, IOException, KeyStoreException { + String relativeCacertsPath = "/lib/security/cacerts".replace("/", File.separator); + String filename = System.getProperty("java.home") + relativeCacertsPath; + FileInputStream is = new FileInputStream(filename); + + KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); + String password = "changeit"; + keystore.load(is, password.toCharArray()); + + return keystore; + } +}