From 90fde731a43bc00e4ef8a6d8946c0c7bcc410849 Mon Sep 17 00:00:00 2001 From: Hakky54 Date: Sun, 7 Jan 2024 13:58:03 +0100 Subject: [PATCH 1/6] Added option to disable resolving root ca and added client builder --- ....java => CertificateExtractingClient.java} | 83 ++++++---- .../altindag/ssl/util/CertificateUtils.java | 34 +++- ...=> CertificateExtractingClientShould.java} | 37 +++-- .../ssl/util/CertificateUtilsShould.java | 150 +++++++++--------- 4 files changed, 180 insertions(+), 124 deletions(-) rename sslcontext-kickstart/src/main/java/nl/altindag/ssl/util/{CertificateExtractorUtils.java => CertificateExtractingClient.java} (78%) rename sslcontext-kickstart/src/test/java/nl/altindag/ssl/util/{CertificateExtractorUtilsShould.java => CertificateExtractingClientShould.java} (78%) diff --git a/sslcontext-kickstart/src/main/java/nl/altindag/ssl/util/CertificateExtractorUtils.java b/sslcontext-kickstart/src/main/java/nl/altindag/ssl/util/CertificateExtractingClient.java similarity index 78% rename from sslcontext-kickstart/src/main/java/nl/altindag/ssl/util/CertificateExtractorUtils.java rename to sslcontext-kickstart/src/main/java/nl/altindag/ssl/util/CertificateExtractingClient.java index e9158947..40acb3bd 100644 --- a/sslcontext-kickstart/src/main/java/nl/altindag/ssl/util/CertificateExtractorUtils.java +++ b/sslcontext-kickstart/src/main/java/nl/altindag/ssl/util/CertificateExtractingClient.java @@ -44,26 +44,35 @@ import java.util.regex.Pattern; import java.util.stream.Stream; +import static nl.altindag.ssl.util.CertificateUtils.isNotSelfSigned; import static nl.altindag.ssl.util.internal.CollectorsUtils.toUnmodifiableList; /** * @author Hakan Altindag */ -class CertificateExtractorUtils { +public class CertificateExtractingClient { private static final Pattern CA_ISSUERS_AUTHORITY_INFO_ACCESS = Pattern.compile("(?s)^AuthorityInfoAccess\\h+\\[\\R\\s*\\[\\R.*?accessMethod:\\h+caIssuers\\R\\h*accessLocation: URIName:\\h+(https?://\\S+)", Pattern.MULTILINE); - private static CertificateExtractorUtils instance; + private static CertificateExtractingClient instance; + private final boolean shouldResolveRootCa; + private final Proxy proxy; private final SSLFactory sslFactoryForCertificateCapturing; private final SSLFactory unsafeSslFactory; private final SSLSocketFactory unsafeSslSocketFactory; private final SSLSocketFactory certificateCapturingSslSocketFactory; private final List certificatesCollector; - private Proxy proxy; + private CertificateExtractingClient(boolean shouldResolveRootCa, Proxy proxy, PasswordAuthentication passwordAuthentication) { + this.shouldResolveRootCa = shouldResolveRootCa; + this.proxy = proxy; + + if (passwordAuthentication != null) { + Authenticator authenticator = new FelixAuthenticator(passwordAuthentication); + Authenticator.setDefault(authenticator); + } - private CertificateExtractorUtils() { certificatesCollector = new CopyOnWriteArrayList<>(); X509ExtendedTrustManager certificateCapturingTrustManager = TrustManagerUtils.createCertificateCapturingTrustManager(certificatesCollector); @@ -80,20 +89,9 @@ private CertificateExtractorUtils() { unsafeSslSocketFactory = unsafeSslFactory.getSslSocketFactory(); } - protected CertificateExtractorUtils(Proxy proxy) { - this(); - this.proxy = proxy; - } - - protected CertificateExtractorUtils(Proxy proxy, PasswordAuthentication passwordAuthentication) { - this(proxy); - Authenticator authenticator = new FelixAuthenticator(passwordAuthentication); - Authenticator.setDefault(authenticator); - } - - static CertificateExtractorUtils getInstance() { + static CertificateExtractingClient getInstance() { if (instance == null) { - instance = new CertificateExtractorUtils(); + instance = new CertificateExtractingClient(true, null, null); } else { instance.certificatesCollector.clear(); SSLSessionUtils.invalidateCaches(instance.sslFactoryForCertificateCapturing); @@ -101,7 +99,7 @@ static CertificateExtractorUtils getInstance() { return instance; } - List getCertificateFromExternalSource(String url) { + public List get(String url) { try { URL parsedUrl = new URL(url); if ("https".equalsIgnoreCase(parsedUrl.getProtocol())) { @@ -110,10 +108,14 @@ List getCertificateFromExternalSource(String url) { connection.connect(); connection.disconnect(); - List rootCa = getRootCaFromChainIfPossible(certificatesCollector); - return Stream.of(certificatesCollector, rootCa) - .flatMap(Collection::stream) - .collect(toUnmodifiableList()); + if (shouldResolveRootCa) { + List resolvedRootCa = getRootCaFromChainIfPossible(certificatesCollector); + return Stream.of(certificatesCollector, resolvedRootCa) + .flatMap(Collection::stream) + .collect(toUnmodifiableList()); + } + + return Collections.unmodifiableList(certificatesCollector); } else { return Collections.emptyList(); } @@ -131,11 +133,7 @@ private URLConnection createConnection(URL url) throws IOException { List getRootCaFromChainIfPossible(List certificates) { if (!certificates.isEmpty()) { X509Certificate certificate = certificates.get(certificates.size() - 1); - String issuer = certificate.getIssuerX500Principal().getName(); - String subject = certificate.getSubjectX500Principal().getName(); - - boolean isSelfSignedCertificate = issuer.equals(subject); - if (!isSelfSignedCertificate) { + if (isNotSelfSigned(certificate)) { return getRootCaIfPossible(certificate); } } @@ -223,4 +221,35 @@ protected PasswordAuthentication getPasswordAuthentication() { } } + public static Builder builder() { + return new Builder(); + } + + public static class Builder { + + private Proxy proxy = null; + private PasswordAuthentication passwordAuthentication = null; + private boolean shouldResolveRootCa = true; + + public Builder withProxy(Proxy proxy) { + this.proxy = proxy; + return this; + } + + public Builder withProxyPasswordAuthentication(PasswordAuthentication passwordAuthentication) { + this.passwordAuthentication = passwordAuthentication; + return this; + } + + public Builder withResolvedRootCa(boolean shouldResolveRootCa) { + this.shouldResolveRootCa = shouldResolveRootCa; + return this; + } + + public CertificateExtractingClient build() { + return new CertificateExtractingClient(shouldResolveRootCa, proxy, passwordAuthentication); + } + + } + } diff --git a/sslcontext-kickstart/src/main/java/nl/altindag/ssl/util/CertificateUtils.java b/sslcontext-kickstart/src/main/java/nl/altindag/ssl/util/CertificateUtils.java index a9f03ff7..f35ed228 100644 --- a/sslcontext-kickstart/src/main/java/nl/altindag/ssl/util/CertificateUtils.java +++ b/sslcontext-kickstart/src/main/java/nl/altindag/ssl/util/CertificateUtils.java @@ -275,15 +275,24 @@ public static List getSystemTrustedCertificates() { } public static List getCertificatesFromExternalSource(String url) { - return CertificateExtractorUtils.getInstance().getCertificateFromExternalSource(url); + return CertificateExtractingClient.getInstance().get(url); } public static List getCertificatesFromExternalSource(Proxy proxy, String url) { - return new CertificateExtractorUtils(proxy).getCertificateFromExternalSource(url); + return CertificateExtractingClient.builder() + .withResolvedRootCa(true) + .withProxy(proxy) + .build() + .get(url); } public static List getCertificatesFromExternalSource(Proxy proxy, PasswordAuthentication passwordAuthentication, String url) { - return new CertificateExtractorUtils(proxy, passwordAuthentication).getCertificateFromExternalSource(url); + return CertificateExtractingClient.builder() + .withResolvedRootCa(true) + .withProxy(proxy) + .withProxyPasswordAuthentication(passwordAuthentication) + .build() + .get(url); } public static List getCertificatesFromExternalSourceAsPem(String url) { @@ -324,20 +333,27 @@ public static Map> getCertificatesFromExternalSour } public static Map> getCertificatesFromExternalSources(Proxy proxy, List urls) { - CertificateExtractorUtils certificateExtractorUtils = new CertificateExtractorUtils(proxy); + CertificateExtractingClient client = CertificateExtractingClient.builder() + .withResolvedRootCa(true) + .withProxy(proxy) + .build(); return urls.stream() .distinct() - .map(url -> new AbstractMap.SimpleEntry<>(url, certificateExtractorUtils.getCertificateFromExternalSource(url))) + .map(url -> new AbstractMap.SimpleEntry<>(url, client.get(url))) .collect(Collectors.collectingAndThen(Collectors.toMap(AbstractMap.SimpleEntry::getKey, AbstractMap.SimpleEntry::getValue, (key1, key2) -> key1, LinkedHashMap::new), Collections::unmodifiableMap)); } public static Map> getCertificatesFromExternalSources(Proxy proxy, PasswordAuthentication passwordAuthentication, List urls) { - CertificateExtractorUtils certificateExtractorUtils = new CertificateExtractorUtils(proxy, passwordAuthentication); + CertificateExtractingClient client = CertificateExtractingClient.builder() + .withResolvedRootCa(true) + .withProxyPasswordAuthentication(passwordAuthentication) + .withProxy(proxy) + .build(); return urls.stream() .distinct() - .map(url -> new AbstractMap.SimpleEntry<>(url, certificateExtractorUtils.getCertificateFromExternalSource(url))) + .map(url -> new AbstractMap.SimpleEntry<>(url, client.get(url))) .collect(Collectors.collectingAndThen(Collectors.toMap(AbstractMap.SimpleEntry::getKey, AbstractMap.SimpleEntry::getValue, (key1, key2) -> key1, LinkedHashMap::new), Collections::unmodifiableMap)); } @@ -412,4 +428,8 @@ public static boolean isSelfSigned(T certificate) { } } + public static boolean isNotSelfSigned(T certificate) { + return !isSelfSigned(certificate); + } + } diff --git a/sslcontext-kickstart/src/test/java/nl/altindag/ssl/util/CertificateExtractorUtilsShould.java b/sslcontext-kickstart/src/test/java/nl/altindag/ssl/util/CertificateExtractingClientShould.java similarity index 78% rename from sslcontext-kickstart/src/test/java/nl/altindag/ssl/util/CertificateExtractorUtilsShould.java rename to sslcontext-kickstart/src/test/java/nl/altindag/ssl/util/CertificateExtractingClientShould.java index 7fb693a9..54cb6855 100644 --- a/sslcontext-kickstart/src/test/java/nl/altindag/ssl/util/CertificateExtractorUtilsShould.java +++ b/sslcontext-kickstart/src/test/java/nl/altindag/ssl/util/CertificateExtractingClientShould.java @@ -58,13 +58,13 @@ * @author Hakan Altindag */ @ExtendWith(MockitoExtension.class) -class CertificateExtractorUtilsShould { +class CertificateExtractingClientShould { @Test void getRootCaIfPossibleReturnsJdkTrustedCaCertificateWhenNoAuthorityInfoAccessExtensionIsPresent() { List certificates = CertificateUtils.getCertificatesFromExternalSource("https://www.reddit.com/"); - try (MockedStatic mockedStatic = mockStatic(CertificateExtractorUtils.class, invocation -> { + try (MockedStatic mockedStatic = mockStatic(CertificateExtractingClient.class, invocation -> { Method method = invocation.getMethod(); if ("getRootCaFromAuthorityInfoAccessExtensionIfPresent".equals(method.getName())) { return Collections.emptyList(); @@ -72,7 +72,7 @@ void getRootCaIfPossibleReturnsJdkTrustedCaCertificateWhenNoAuthorityInfoAccessE return invocation.callRealMethod(); } })) { - CertificateExtractorUtils victim = spy(CertificateExtractorUtils.getInstance()); + CertificateExtractingClient victim = spy(CertificateExtractingClient.getInstance()); X509Certificate certificate = certificates.get(certificates.size() - 1); List rootCaCertificate = victim.getRootCaIfPossible(certificate); @@ -86,7 +86,7 @@ void getRootCaIfPossibleReturnsJdkTrustedCaCertificateWhenNoAuthorityInfoAccessE void getRootCaIfPossibleReturnsEmptyListWhenNoAuthorityInfoAccessExtensionIsPresentAndNoMatching() { List certificates = CertificateUtils.getCertificatesFromExternalSource("https://www.reddit.com/"); - try (MockedStatic mockedStatic = mockStatic(CertificateExtractorUtils.class, invocation -> { + try (MockedStatic mockedStatic = mockStatic(CertificateExtractingClient.class, invocation -> { Method method = invocation.getMethod(); if ("getRootCaFromAuthorityInfoAccessExtensionIfPresent".equals(method.getName()) || "getRootCaFromJdkTrustedCertificates".equals(method.getName())) { return Collections.emptyList(); @@ -94,7 +94,7 @@ void getRootCaIfPossibleReturnsEmptyListWhenNoAuthorityInfoAccessExtensionIsPres return invocation.callRealMethod(); } })) { - CertificateExtractorUtils victim = spy(CertificateExtractorUtils.getInstance()); + CertificateExtractingClient victim = spy(CertificateExtractingClient.getInstance()); doReturn(Collections.emptyList()) .when(victim) @@ -111,19 +111,19 @@ void getRootCaIfPossibleReturnsEmptyListWhenNoAuthorityInfoAccessExtensionIsPres @Test void getRootCaFromChainIfPossibleReturnsEmptyListWhenNoCertificatesHaveBeenProvided() { - List rootCa = CertificateExtractorUtils.getInstance().getRootCaFromChainIfPossible(Collections.emptyList()); + List rootCa = CertificateExtractingClient.getInstance().getRootCaFromChainIfPossible(Collections.emptyList()); assertThat(rootCa).isEmpty(); } @Test void getRootCaFromAuthorityInfoAccessExtensionIfPresentReturnsEmptyListWhenCertificateIsNotInstanceOfX509CertImpl() { - List rootCa = CertificateExtractorUtils.getInstance().getRootCaFromAuthorityInfoAccessExtensionIfPresent(mock(X509Certificate.class)); + List rootCa = CertificateExtractingClient.getInstance().getRootCaFromAuthorityInfoAccessExtensionIfPresent(mock(X509Certificate.class)); assertThat(rootCa).isEmpty(); } @Test void throwsGenericCertificateExceptionWhenGetCertificatesFromRemoteFileFails() throws MalformedURLException { - CertificateExtractorUtils victim = CertificateExtractorUtils.getInstance(); + CertificateExtractingClient victim = CertificateExtractingClient.getInstance(); URI uri = mock(URI.class); doThrow(new MalformedURLException("KABOOM!!!")) @@ -140,20 +140,23 @@ void reUseExistingUnsafeSslSocketFactory() throws CertificateException, NoSuchAl X509Certificate intermediateCertificate = mock(X509Certificate.class); doNothing().when(intermediateCertificate).verify(any()); - List certificatesFromRemoteFile = CertificateExtractorUtils.getInstance().getCertificatesFromRemoteFile(uri, intermediateCertificate); + List certificatesFromRemoteFile = CertificateExtractingClient.getInstance().getCertificatesFromRemoteFile(uri, intermediateCertificate); assertThat(certificatesFromRemoteFile).isNotEmpty(); } @Test void extractCertificatesWithProxyAndAuthentication() throws NoSuchMethodException, InvocationTargetException, IllegalAccessException { - CertificateExtractorUtils certificateExtractorUtilsWithoutProxy = CertificateExtractorUtils.getInstance(); - List certificates = certificateExtractorUtilsWithoutProxy.getCertificateFromExternalSource("https://google.com"); + CertificateExtractingClient certificateExtractingClientWithoutProxy = CertificateExtractingClient.getInstance(); + List certificates = certificateExtractingClientWithoutProxy.get("https://google.com"); assertThat(certificates).isNotEmpty(); Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress("my-custom-host", 8081)); - CertificateExtractorUtils certificateExtractorUtilsWithProxy = new CertificateExtractorUtils(proxy); + CertificateExtractingClient certificateExtractingClientWithProxy = CertificateExtractingClient.builder() + .withProxy(proxy) + .withResolvedRootCa(true) + .build(); - assertThatThrownBy(() -> certificateExtractorUtilsWithProxy.getCertificateFromExternalSource("https://google.com")) + assertThatThrownBy(() -> certificateExtractingClientWithProxy.get("https://google.com")) .isInstanceOf(GenericIOException.class) .hasMessage("Failed getting certificate from: [https://google.com]") .hasRootCauseInstanceOf(UnknownHostException.class) @@ -163,9 +166,13 @@ void extractCertificatesWithProxyAndAuthentication() throws NoSuchMethodExceptio ArgumentCaptor authenticatorCaptor = ArgumentCaptor.forClass(Authenticator.class); PasswordAuthentication passwordAuthentication = new PasswordAuthentication("foo", "bar".toCharArray()); - CertificateExtractorUtils certificateExtractorUtilsWithProxyAndAuthentication = new CertificateExtractorUtils(proxy, passwordAuthentication); + CertificateExtractingClient certificateExtractingClientWithProxyAndAuthentication = CertificateExtractingClient.builder() + .withProxy(proxy) + .withProxyPasswordAuthentication(passwordAuthentication) + .withResolvedRootCa(true) + .build(); - assertThatThrownBy(() -> certificateExtractorUtilsWithProxyAndAuthentication.getCertificateFromExternalSource("https://google.com")) + assertThatThrownBy(() -> certificateExtractingClientWithProxyAndAuthentication.get("https://google.com")) .isInstanceOf(GenericIOException.class) .hasMessage("Failed getting certificate from: [https://google.com]") .hasRootCauseInstanceOf(UnknownHostException.class) diff --git a/sslcontext-kickstart/src/test/java/nl/altindag/ssl/util/CertificateUtilsShould.java b/sslcontext-kickstart/src/test/java/nl/altindag/ssl/util/CertificateUtilsShould.java index 88e23413..af3cc8ac 100644 --- a/sslcontext-kickstart/src/test/java/nl/altindag/ssl/util/CertificateUtilsShould.java +++ b/sslcontext-kickstart/src/test/java/nl/altindag/ssl/util/CertificateUtilsShould.java @@ -195,213 +195,213 @@ void loadOneLinerContainingMultipleCertificate() { @Test void useExistingInstanceOfCertificateExtractorUtilsWhenOnlyUsingUrl() { - CertificateExtractorUtils certificateExtractorUtils = mock(CertificateExtractorUtils.class); - when(certificateExtractorUtils.getCertificateFromExternalSource(anyString())).thenReturn(Collections.emptyList()); + CertificateExtractingClient certificateExtractingClient = mock(CertificateExtractingClient.class); + when(certificateExtractingClient.get(anyString())).thenReturn(Collections.emptyList()); - try (MockedStatic mockedStatic = mockStatic(CertificateExtractorUtils.class, invocationOnMock -> { + try (MockedStatic mockedStatic = mockStatic(CertificateExtractingClient.class, invocationOnMock -> { if ("getInstance".equals(invocationOnMock.getMethod().getName())) { - return certificateExtractorUtils; + return certificateExtractingClient; } else { return invocationOnMock.callRealMethod(); } })) { CertificateUtils.getCertificatesFromExternalSourceAsPem("https://github.com"); - mockedStatic.verify(CertificateExtractorUtils::getInstance, times(1)); + mockedStatic.verify(CertificateExtractingClient::getInstance, times(1)); } } @Test void createAnInstanceOfCertificateExtractorUtilsWithProxyDetailsWhenGetCertificatesFromExternalSource() { - Map> constructorArgs = new HashMap<>(); - try (MockedStatic mockedStatic = mockStatic(CertificateExtractorUtils.class, InvocationOnMock::callRealMethod); - MockedConstruction mockedConstruction = mockConstruction(CertificateExtractorUtils.class, + Map> constructorArgs = new HashMap<>(); + try (MockedStatic mockedStatic = mockStatic(CertificateExtractingClient.class, InvocationOnMock::callRealMethod); + MockedConstruction mockedConstruction = mockConstruction(CertificateExtractingClient.class, (mock, context) -> constructorArgs.put(mock, new ArrayList<>(context.arguments())))) { Proxy proxy = mock(Proxy.class); CertificateUtils.getCertificatesFromExternalSource(proxy, "https://github.com"); - List constructed = mockedConstruction.constructed(); + List constructed = mockedConstruction.constructed(); assertThat(constructed).hasSize(1); - CertificateExtractorUtils certificateExtractorUtils = constructed.get(0); - assertThat(constructorArgs.get(certificateExtractorUtils)).containsExactly(proxy); - mockedStatic.verify(CertificateExtractorUtils::getInstance, times(0)); + CertificateExtractingClient certificateExtractingClient = constructed.get(0); + assertThat(constructorArgs.get(certificateExtractingClient)).containsExactly(true, proxy, null); + mockedStatic.verify(CertificateExtractingClient::getInstance, times(0)); } } @Test void createAnInstanceOfCertificateExtractorUtilsWithProxyDetailsAndPasswordAuthenticationWhenGetCertificatesFromExternalSource() { - Map> constructorArgs = new HashMap<>(); - try (MockedStatic mockedStatic = mockStatic(CertificateExtractorUtils.class, InvocationOnMock::callRealMethod); - MockedConstruction mockedConstruction = mockConstruction(CertificateExtractorUtils.class, + Map> constructorArgs = new HashMap<>(); + try (MockedStatic mockedStatic = mockStatic(CertificateExtractingClient.class, InvocationOnMock::callRealMethod); + MockedConstruction mockedConstruction = mockConstruction(CertificateExtractingClient.class, (mock, context) -> constructorArgs.put(mock, new ArrayList<>(context.arguments())))) { Proxy proxy = mock(Proxy.class); PasswordAuthentication passwordAuthentication = mock(PasswordAuthentication.class); CertificateUtils.getCertificatesFromExternalSource(proxy, passwordAuthentication, "https://github.com"); - List constructed = mockedConstruction.constructed(); + List constructed = mockedConstruction.constructed(); assertThat(constructed).hasSize(1); - CertificateExtractorUtils certificateExtractorUtils = constructed.get(0); - assertThat(constructorArgs.get(certificateExtractorUtils)).containsExactly(proxy, passwordAuthentication); - mockedStatic.verify(CertificateExtractorUtils::getInstance, times(0)); + CertificateExtractingClient certificateExtractingClient = constructed.get(0); + assertThat(constructorArgs.get(certificateExtractingClient)).containsExactly(true, proxy, passwordAuthentication); + mockedStatic.verify(CertificateExtractingClient::getInstance, times(0)); } } @Test void createAnInstanceOfCertificateExtractorUtilsWithProxyDetailsWhenGetCertificatesFromExternalSourceAsPem() { - Map> constructorArgs = new HashMap<>(); - try (MockedStatic mockedStatic = mockStatic(CertificateExtractorUtils.class, InvocationOnMock::callRealMethod); - MockedConstruction mockedConstruction = mockConstruction(CertificateExtractorUtils.class, + Map> constructorArgs = new HashMap<>(); + try (MockedStatic mockedStatic = mockStatic(CertificateExtractingClient.class, InvocationOnMock::callRealMethod); + MockedConstruction mockedConstruction = mockConstruction(CertificateExtractingClient.class, (mock, context) -> constructorArgs.put(mock, new ArrayList<>(context.arguments())))) { Proxy proxy = mock(Proxy.class); CertificateUtils.getCertificatesFromExternalSourceAsPem(proxy, "https://github.com"); - List constructed = mockedConstruction.constructed(); + List constructed = mockedConstruction.constructed(); assertThat(constructed).hasSize(1); - CertificateExtractorUtils certificateExtractorUtils = constructed.get(0); - assertThat(constructorArgs.get(certificateExtractorUtils)).containsExactly(proxy); - mockedStatic.verify(CertificateExtractorUtils::getInstance, times(0)); + CertificateExtractingClient certificateExtractingClient = constructed.get(0); + assertThat(constructorArgs.get(certificateExtractingClient)).containsExactly(true, proxy, null); + mockedStatic.verify(CertificateExtractingClient::getInstance, times(0)); } } @Test void createAnInstanceOfCertificateExtractorUtilsWithProxyDetailsAndPasswordAuthenticationWhenGetCertificatesFromExternalSourceAsPem() { - Map> constructorArgs = new HashMap<>(); - try (MockedStatic mockedStatic = mockStatic(CertificateExtractorUtils.class, InvocationOnMock::callRealMethod); - MockedConstruction mockedConstruction = mockConstruction(CertificateExtractorUtils.class, + Map> constructorArgs = new HashMap<>(); + try (MockedStatic mockedStatic = mockStatic(CertificateExtractingClient.class, InvocationOnMock::callRealMethod); + MockedConstruction mockedConstruction = mockConstruction(CertificateExtractingClient.class, (mock, context) -> constructorArgs.put(mock, new ArrayList<>(context.arguments())))) { Proxy proxy = mock(Proxy.class); PasswordAuthentication passwordAuthentication = mock(PasswordAuthentication.class); CertificateUtils.getCertificatesFromExternalSourceAsPem(proxy, passwordAuthentication, "https://github.com"); - List constructed = mockedConstruction.constructed(); + List constructed = mockedConstruction.constructed(); assertThat(constructed).hasSize(1); - CertificateExtractorUtils certificateExtractorUtils = constructed.get(0); - assertThat(constructorArgs.get(certificateExtractorUtils)).containsExactly(proxy, passwordAuthentication); - mockedStatic.verify(CertificateExtractorUtils::getInstance, times(0)); + CertificateExtractingClient certificateExtractingClient = constructed.get(0); + assertThat(constructorArgs.get(certificateExtractingClient)).containsExactly(true, proxy, passwordAuthentication); + mockedStatic.verify(CertificateExtractingClient::getInstance, times(0)); } } @Test void createAnInstanceOfCertificateExtractorUtilsWithProxyDetailsWhenGetCertificatesFromExternalSources() { - Map> constructorArgs = new HashMap<>(); - try (MockedStatic mockedStatic = mockStatic(CertificateExtractorUtils.class, InvocationOnMock::callRealMethod); - MockedConstruction mockedConstruction = mockConstruction(CertificateExtractorUtils.class, + Map> constructorArgs = new HashMap<>(); + try (MockedStatic mockedStatic = mockStatic(CertificateExtractingClient.class, InvocationOnMock::callRealMethod); + MockedConstruction mockedConstruction = mockConstruction(CertificateExtractingClient.class, (mock, context) -> constructorArgs.put(mock, new ArrayList<>(context.arguments())))) { Proxy proxy = mock(Proxy.class); CertificateUtils.getCertificatesFromExternalSources(proxy, "https://github.com", "https://stackoverflow.com"); - List constructed = mockedConstruction.constructed(); + List constructed = mockedConstruction.constructed(); assertThat(constructed).hasSize(1); - CertificateExtractorUtils certificateExtractorUtils = constructed.get(0); - assertThat(constructorArgs.get(certificateExtractorUtils)).containsExactly(proxy); - mockedStatic.verify(CertificateExtractorUtils::getInstance, times(0)); + CertificateExtractingClient certificateExtractingClient = constructed.get(0); + assertThat(constructorArgs.get(certificateExtractingClient)).containsExactly(true, proxy, null); + mockedStatic.verify(CertificateExtractingClient::getInstance, times(0)); } } @Test void createAnInstanceOfCertificateExtractorUtilsWithProxyDetailsAndPasswordAuthenticationWhenGetCertificatesFromExternalSources() { - Map> constructorArgs = new HashMap<>(); - try (MockedStatic mockedStatic = mockStatic(CertificateExtractorUtils.class, InvocationOnMock::callRealMethod); - MockedConstruction mockedConstruction = mockConstruction(CertificateExtractorUtils.class, + Map> constructorArgs = new HashMap<>(); + try (MockedStatic mockedStatic = mockStatic(CertificateExtractingClient.class, InvocationOnMock::callRealMethod); + MockedConstruction mockedConstruction = mockConstruction(CertificateExtractingClient.class, (mock, context) -> constructorArgs.put(mock, new ArrayList<>(context.arguments())))) { Proxy proxy = mock(Proxy.class); PasswordAuthentication passwordAuthentication = mock(PasswordAuthentication.class); CertificateUtils.getCertificatesFromExternalSources(proxy, passwordAuthentication, "https://github.com", "https://stackoverflow.com"); - List constructed = mockedConstruction.constructed(); + List constructed = mockedConstruction.constructed(); assertThat(constructed).hasSize(1); - CertificateExtractorUtils certificateExtractorUtils = constructed.get(0); - assertThat(constructorArgs.get(certificateExtractorUtils)).containsExactly(proxy, passwordAuthentication); - mockedStatic.verify(CertificateExtractorUtils::getInstance, times(0)); + CertificateExtractingClient certificateExtractingClient = constructed.get(0); + assertThat(constructorArgs.get(certificateExtractingClient)).containsExactly(true, proxy, passwordAuthentication); + mockedStatic.verify(CertificateExtractingClient::getInstance, times(0)); } } @Test void createAnInstanceOfCertificateExtractorUtilsWithProxyDetailsWhenGetCertificatesFromExternalSourcesAsPem() { - Map> constructorArgs = new HashMap<>(); - try (MockedStatic mockedStatic = mockStatic(CertificateExtractorUtils.class, InvocationOnMock::callRealMethod); - MockedConstruction mockedConstruction = mockConstruction(CertificateExtractorUtils.class, + Map> constructorArgs = new HashMap<>(); + try (MockedStatic mockedStatic = mockStatic(CertificateExtractingClient.class, InvocationOnMock::callRealMethod); + MockedConstruction mockedConstruction = mockConstruction(CertificateExtractingClient.class, (mock, context) -> constructorArgs.put(mock, new ArrayList<>(context.arguments())))) { Proxy proxy = mock(Proxy.class); CertificateUtils.getCertificatesFromExternalSourcesAsPem(proxy, "https://github.com", "https://stackoverflow.com"); - List constructed = mockedConstruction.constructed(); + List constructed = mockedConstruction.constructed(); assertThat(constructed).hasSize(1); - CertificateExtractorUtils certificateExtractorUtils = constructed.get(0); - assertThat(constructorArgs.get(certificateExtractorUtils)).containsExactly(proxy); - mockedStatic.verify(CertificateExtractorUtils::getInstance, times(0)); + CertificateExtractingClient certificateExtractingClient = constructed.get(0); + assertThat(constructorArgs.get(certificateExtractingClient)).containsExactly(true, proxy, null); + mockedStatic.verify(CertificateExtractingClient::getInstance, times(0)); } } @Test void createAnInstanceOfCertificateExtractorUtilsWithProxyDetailsWhenGetCertificatesFromExternalSourcesAsPemAndUrlsAsList() { - Map> constructorArgs = new HashMap<>(); - try (MockedStatic mockedStatic = mockStatic(CertificateExtractorUtils.class, InvocationOnMock::callRealMethod); - MockedConstruction mockedConstruction = mockConstruction(CertificateExtractorUtils.class, + Map> constructorArgs = new HashMap<>(); + try (MockedStatic mockedStatic = mockStatic(CertificateExtractingClient.class, InvocationOnMock::callRealMethod); + MockedConstruction mockedConstruction = mockConstruction(CertificateExtractingClient.class, (mock, context) -> constructorArgs.put(mock, new ArrayList<>(context.arguments())))) { Proxy proxy = mock(Proxy.class); CertificateUtils.getCertificatesFromExternalSourcesAsPem(proxy, Arrays.asList("https://github.com", "https://stackoverflow.com")); - List constructed = mockedConstruction.constructed(); + List constructed = mockedConstruction.constructed(); assertThat(constructed).hasSize(1); - CertificateExtractorUtils certificateExtractorUtils = constructed.get(0); - assertThat(constructorArgs.get(certificateExtractorUtils)).containsExactly(proxy); - mockedStatic.verify(CertificateExtractorUtils::getInstance, times(0)); + CertificateExtractingClient certificateExtractingClient = constructed.get(0); + assertThat(constructorArgs.get(certificateExtractingClient)).containsExactly(true, proxy, null); + mockedStatic.verify(CertificateExtractingClient::getInstance, times(0)); } } @Test void createAnInstanceOfCertificateExtractorUtilsWithProxyDetailsAndPasswordAuthenticationWhenGetCertificatesFromExternalSourcesAsPem() { - Map> constructorArgs = new HashMap<>(); - try (MockedStatic mockedStatic = mockStatic(CertificateExtractorUtils.class, InvocationOnMock::callRealMethod); - MockedConstruction mockedConstruction = mockConstruction(CertificateExtractorUtils.class, + Map> constructorArgs = new HashMap<>(); + try (MockedStatic mockedStatic = mockStatic(CertificateExtractingClient.class, InvocationOnMock::callRealMethod); + MockedConstruction mockedConstruction = mockConstruction(CertificateExtractingClient.class, (mock, context) -> constructorArgs.put(mock, new ArrayList<>(context.arguments())))) { Proxy proxy = mock(Proxy.class); PasswordAuthentication passwordAuthentication = mock(PasswordAuthentication.class); CertificateUtils.getCertificatesFromExternalSourcesAsPem(proxy, passwordAuthentication, "https://github.com", "https://stackoverflow.com"); - List constructed = mockedConstruction.constructed(); + List constructed = mockedConstruction.constructed(); assertThat(constructed).hasSize(1); - CertificateExtractorUtils certificateExtractorUtils = constructed.get(0); - assertThat(constructorArgs.get(certificateExtractorUtils)).containsExactly(proxy, passwordAuthentication); - mockedStatic.verify(CertificateExtractorUtils::getInstance, times(0)); + CertificateExtractingClient certificateExtractingClient = constructed.get(0); + assertThat(constructorArgs.get(certificateExtractingClient)).containsExactly(true, proxy, passwordAuthentication); + mockedStatic.verify(CertificateExtractingClient::getInstance, times(0)); } } @Test void createAnInstanceOfCertificateExtractorUtilsWithProxyDetailsAndPasswordAuthenticationWhenGetCertificatesFromExternalSourcesAsPemAndUrlsAsList() { - Map> constructorArgs = new HashMap<>(); - try (MockedStatic mockedStatic = mockStatic(CertificateExtractorUtils.class, InvocationOnMock::callRealMethod); - MockedConstruction mockedConstruction = mockConstruction(CertificateExtractorUtils.class, + Map> constructorArgs = new HashMap<>(); + try (MockedStatic mockedStatic = mockStatic(CertificateExtractingClient.class, InvocationOnMock::callRealMethod); + MockedConstruction mockedConstruction = mockConstruction(CertificateExtractingClient.class, (mock, context) -> constructorArgs.put(mock, new ArrayList<>(context.arguments())))) { Proxy proxy = mock(Proxy.class); PasswordAuthentication passwordAuthentication = mock(PasswordAuthentication.class); CertificateUtils.getCertificatesFromExternalSourcesAsPem(proxy, passwordAuthentication, Arrays.asList("https://github.com", "https://stackoverflow.com")); - List constructed = mockedConstruction.constructed(); + List constructed = mockedConstruction.constructed(); assertThat(constructed).hasSize(1); - CertificateExtractorUtils certificateExtractorUtils = constructed.get(0); - assertThat(constructorArgs.get(certificateExtractorUtils)).containsExactly(proxy, passwordAuthentication); - mockedStatic.verify(CertificateExtractorUtils::getInstance, times(0)); + CertificateExtractingClient certificateExtractingClient = constructed.get(0); + assertThat(constructorArgs.get(certificateExtractingClient)).containsExactly(true, proxy, passwordAuthentication); + mockedStatic.verify(CertificateExtractingClient::getInstance, times(0)); } } From 5585a9f164c9a5c9328325dd8403c2daa1a442ab Mon Sep 17 00:00:00 2001 From: Hakky54 Date: Sun, 7 Jan 2024 14:08:56 +0100 Subject: [PATCH 2/6] Fixed tests --- .../ssl/util/CertificateUtilsShould.java | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/sslcontext-kickstart/src/test/java/nl/altindag/ssl/util/CertificateUtilsShould.java b/sslcontext-kickstart/src/test/java/nl/altindag/ssl/util/CertificateUtilsShould.java index af3cc8ac..cd09b53f 100644 --- a/sslcontext-kickstart/src/test/java/nl/altindag/ssl/util/CertificateUtilsShould.java +++ b/sslcontext-kickstart/src/test/java/nl/altindag/ssl/util/CertificateUtilsShould.java @@ -224,7 +224,7 @@ void createAnInstanceOfCertificateExtractorUtilsWithProxyDetailsWhenGetCertifica assertThat(constructed).hasSize(1); CertificateExtractingClient certificateExtractingClient = constructed.get(0); - assertThat(constructorArgs.get(certificateExtractingClient)).containsExactly(true, proxy, null); + assertThat(constructorArgs.get(certificateExtractingClient)).contains(true, proxy, null); mockedStatic.verify(CertificateExtractingClient::getInstance, times(0)); } } @@ -244,7 +244,7 @@ void createAnInstanceOfCertificateExtractorUtilsWithProxyDetailsAndPasswordAuthe assertThat(constructed).hasSize(1); CertificateExtractingClient certificateExtractingClient = constructed.get(0); - assertThat(constructorArgs.get(certificateExtractingClient)).containsExactly(true, proxy, passwordAuthentication); + assertThat(constructorArgs.get(certificateExtractingClient)).contains(true, proxy, passwordAuthentication); mockedStatic.verify(CertificateExtractingClient::getInstance, times(0)); } } @@ -263,7 +263,7 @@ void createAnInstanceOfCertificateExtractorUtilsWithProxyDetailsWhenGetCertifica assertThat(constructed).hasSize(1); CertificateExtractingClient certificateExtractingClient = constructed.get(0); - assertThat(constructorArgs.get(certificateExtractingClient)).containsExactly(true, proxy, null); + assertThat(constructorArgs.get(certificateExtractingClient)).contains(true, proxy, null); mockedStatic.verify(CertificateExtractingClient::getInstance, times(0)); } } @@ -283,7 +283,7 @@ void createAnInstanceOfCertificateExtractorUtilsWithProxyDetailsAndPasswordAuthe assertThat(constructed).hasSize(1); CertificateExtractingClient certificateExtractingClient = constructed.get(0); - assertThat(constructorArgs.get(certificateExtractingClient)).containsExactly(true, proxy, passwordAuthentication); + assertThat(constructorArgs.get(certificateExtractingClient)).contains(true, proxy, passwordAuthentication); mockedStatic.verify(CertificateExtractingClient::getInstance, times(0)); } } @@ -302,7 +302,7 @@ void createAnInstanceOfCertificateExtractorUtilsWithProxyDetailsWhenGetCertifica assertThat(constructed).hasSize(1); CertificateExtractingClient certificateExtractingClient = constructed.get(0); - assertThat(constructorArgs.get(certificateExtractingClient)).containsExactly(true, proxy, null); + assertThat(constructorArgs.get(certificateExtractingClient)).contains(true, proxy, null); mockedStatic.verify(CertificateExtractingClient::getInstance, times(0)); } } @@ -322,7 +322,7 @@ void createAnInstanceOfCertificateExtractorUtilsWithProxyDetailsAndPasswordAuthe assertThat(constructed).hasSize(1); CertificateExtractingClient certificateExtractingClient = constructed.get(0); - assertThat(constructorArgs.get(certificateExtractingClient)).containsExactly(true, proxy, passwordAuthentication); + assertThat(constructorArgs.get(certificateExtractingClient)).contains(true, proxy, passwordAuthentication); mockedStatic.verify(CertificateExtractingClient::getInstance, times(0)); } } @@ -341,7 +341,7 @@ void createAnInstanceOfCertificateExtractorUtilsWithProxyDetailsWhenGetCertifica assertThat(constructed).hasSize(1); CertificateExtractingClient certificateExtractingClient = constructed.get(0); - assertThat(constructorArgs.get(certificateExtractingClient)).containsExactly(true, proxy, null); + assertThat(constructorArgs.get(certificateExtractingClient)).contains(true, proxy, null); mockedStatic.verify(CertificateExtractingClient::getInstance, times(0)); } } @@ -360,7 +360,7 @@ void createAnInstanceOfCertificateExtractorUtilsWithProxyDetailsWhenGetCertifica assertThat(constructed).hasSize(1); CertificateExtractingClient certificateExtractingClient = constructed.get(0); - assertThat(constructorArgs.get(certificateExtractingClient)).containsExactly(true, proxy, null); + assertThat(constructorArgs.get(certificateExtractingClient)).contains(true, proxy, null); mockedStatic.verify(CertificateExtractingClient::getInstance, times(0)); } } @@ -380,7 +380,7 @@ void createAnInstanceOfCertificateExtractorUtilsWithProxyDetailsAndPasswordAuthe assertThat(constructed).hasSize(1); CertificateExtractingClient certificateExtractingClient = constructed.get(0); - assertThat(constructorArgs.get(certificateExtractingClient)).containsExactly(true, proxy, passwordAuthentication); + assertThat(constructorArgs.get(certificateExtractingClient)).contains(true, proxy, passwordAuthentication); mockedStatic.verify(CertificateExtractingClient::getInstance, times(0)); } } @@ -400,7 +400,7 @@ void createAnInstanceOfCertificateExtractorUtilsWithProxyDetailsAndPasswordAuthe assertThat(constructed).hasSize(1); CertificateExtractingClient certificateExtractingClient = constructed.get(0); - assertThat(constructorArgs.get(certificateExtractingClient)).containsExactly(true, proxy, passwordAuthentication); + assertThat(constructorArgs.get(certificateExtractingClient)).contains(true, proxy, passwordAuthentication); mockedStatic.verify(CertificateExtractingClient::getInstance, times(0)); } } From 51e861e95cbfd5ab636f705ca0934dbfb6b52f5a Mon Sep 17 00:00:00 2001 From: Hakky54 Date: Sun, 7 Jan 2024 14:23:22 +0100 Subject: [PATCH 3/6] Switched back to old verification for checking self-signed certificate --- .../nl/altindag/ssl/util/CertificateExtractingClient.java | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/sslcontext-kickstart/src/main/java/nl/altindag/ssl/util/CertificateExtractingClient.java b/sslcontext-kickstart/src/main/java/nl/altindag/ssl/util/CertificateExtractingClient.java index 40acb3bd..33049bc0 100644 --- a/sslcontext-kickstart/src/main/java/nl/altindag/ssl/util/CertificateExtractingClient.java +++ b/sslcontext-kickstart/src/main/java/nl/altindag/ssl/util/CertificateExtractingClient.java @@ -44,7 +44,6 @@ import java.util.regex.Pattern; import java.util.stream.Stream; -import static nl.altindag.ssl.util.CertificateUtils.isNotSelfSigned; import static nl.altindag.ssl.util.internal.CollectorsUtils.toUnmodifiableList; /** @@ -133,7 +132,11 @@ private URLConnection createConnection(URL url) throws IOException { List getRootCaFromChainIfPossible(List certificates) { if (!certificates.isEmpty()) { X509Certificate certificate = certificates.get(certificates.size() - 1); - if (isNotSelfSigned(certificate)) { + String issuer = certificate.getIssuerX500Principal().getName(); + String subject = certificate.getSubjectX500Principal().getName(); + + boolean isSelfSignedCertificate = issuer.equals(subject); + if (!isSelfSignedCertificate) { return getRootCaIfPossible(certificate); } } From 7091e0c830f5e663a45f4ba3d5d6a629c868a6a9 Mon Sep 17 00:00:00 2001 From: Hakky54 Date: Sun, 7 Jan 2024 16:14:02 +0100 Subject: [PATCH 4/6] Added tests --- .../ssl/util/CertificateExtractingClientShould.java | 12 ++++++++++++ .../nl/altindag/ssl/util/CertificateUtilsShould.java | 2 +- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/sslcontext-kickstart/src/test/java/nl/altindag/ssl/util/CertificateExtractingClientShould.java b/sslcontext-kickstart/src/test/java/nl/altindag/ssl/util/CertificateExtractingClientShould.java index 54cb6855..4d1bd9af 100644 --- a/sslcontext-kickstart/src/test/java/nl/altindag/ssl/util/CertificateExtractingClientShould.java +++ b/sslcontext-kickstart/src/test/java/nl/altindag/ssl/util/CertificateExtractingClientShould.java @@ -45,6 +45,7 @@ import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatThrownBy; import static org.mockito.ArgumentMatchers.any; +import static org.mockito.ArgumentMatchers.anyList; import static org.mockito.Mockito.doNothing; import static org.mockito.Mockito.doReturn; import static org.mockito.Mockito.doThrow; @@ -109,6 +110,17 @@ void getRootCaIfPossibleReturnsEmptyListWhenNoAuthorityInfoAccessExtensionIsPres } } + @Test + void rootCaIsNotResolvedWhenDisabled() { + CertificateExtractingClient client = spy(CertificateExtractingClient.builder() + .withResolvedRootCa(false) + .build()); + + client.get("https://www.reddit.com/"); + + verify(client, times(0)).getRootCaFromChainIfPossible(anyList()); + } + @Test void getRootCaFromChainIfPossibleReturnsEmptyListWhenNoCertificatesHaveBeenProvided() { List rootCa = CertificateExtractingClient.getInstance().getRootCaFromChainIfPossible(Collections.emptyList()); diff --git a/sslcontext-kickstart/src/test/java/nl/altindag/ssl/util/CertificateUtilsShould.java b/sslcontext-kickstart/src/test/java/nl/altindag/ssl/util/CertificateUtilsShould.java index cd09b53f..0a492b06 100644 --- a/sslcontext-kickstart/src/test/java/nl/altindag/ssl/util/CertificateUtilsShould.java +++ b/sslcontext-kickstart/src/test/java/nl/altindag/ssl/util/CertificateUtilsShould.java @@ -531,7 +531,7 @@ void isNotSelfSigned() { assertThat(certificates).hasSize(1); Certificate certificate = certificates.get(0); - boolean selfSigned = CertificateUtils.isSelfSigned(certificate); + boolean selfSigned = CertificateUtils.isNotSelfSigned(certificate); assertThat(selfSigned).isFalse(); } From 446ce1b479bc59b6b7fbc68ed79738bc5fe1764d Mon Sep 17 00:00:00 2001 From: Hakky54 Date: Sun, 7 Jan 2024 16:41:44 +0100 Subject: [PATCH 5/6] Added tests --- .../test/java/nl/altindag/ssl/util/CertificateUtilsShould.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sslcontext-kickstart/src/test/java/nl/altindag/ssl/util/CertificateUtilsShould.java b/sslcontext-kickstart/src/test/java/nl/altindag/ssl/util/CertificateUtilsShould.java index 0a492b06..e95f2e38 100644 --- a/sslcontext-kickstart/src/test/java/nl/altindag/ssl/util/CertificateUtilsShould.java +++ b/sslcontext-kickstart/src/test/java/nl/altindag/ssl/util/CertificateUtilsShould.java @@ -532,7 +532,7 @@ void isNotSelfSigned() { Certificate certificate = certificates.get(0); boolean selfSigned = CertificateUtils.isNotSelfSigned(certificate); - assertThat(selfSigned).isFalse(); + assertThat(selfSigned).isTrue(); } @Test From e45330463fb0998f88a6a6ee2a1abe69a9d3ebab Mon Sep 17 00:00:00 2001 From: Hakky54 Date: Sun, 7 Jan 2024 22:58:11 +0100 Subject: [PATCH 6/6] Reverted new method --- .../src/main/java/nl/altindag/ssl/util/CertificateUtils.java | 4 ---- .../java/nl/altindag/ssl/util/CertificateUtilsShould.java | 4 ++-- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/sslcontext-kickstart/src/main/java/nl/altindag/ssl/util/CertificateUtils.java b/sslcontext-kickstart/src/main/java/nl/altindag/ssl/util/CertificateUtils.java index f35ed228..c7750b3b 100644 --- a/sslcontext-kickstart/src/main/java/nl/altindag/ssl/util/CertificateUtils.java +++ b/sslcontext-kickstart/src/main/java/nl/altindag/ssl/util/CertificateUtils.java @@ -428,8 +428,4 @@ public static boolean isSelfSigned(T certificate) { } } - public static boolean isNotSelfSigned(T certificate) { - return !isSelfSigned(certificate); - } - } diff --git a/sslcontext-kickstart/src/test/java/nl/altindag/ssl/util/CertificateUtilsShould.java b/sslcontext-kickstart/src/test/java/nl/altindag/ssl/util/CertificateUtilsShould.java index e95f2e38..cd09b53f 100644 --- a/sslcontext-kickstart/src/test/java/nl/altindag/ssl/util/CertificateUtilsShould.java +++ b/sslcontext-kickstart/src/test/java/nl/altindag/ssl/util/CertificateUtilsShould.java @@ -531,8 +531,8 @@ void isNotSelfSigned() { assertThat(certificates).hasSize(1); Certificate certificate = certificates.get(0); - boolean selfSigned = CertificateUtils.isNotSelfSigned(certificate); - assertThat(selfSigned).isTrue(); + boolean selfSigned = CertificateUtils.isSelfSigned(certificate); + assertThat(selfSigned).isFalse(); } @Test