ELY-2756 Add tests to the elytron test suite to test to test OCSP wit…

…h revoked and unknown certificates
wildfly-security · May 9, 2024 · 0289980 · 0289980
1 parent 6522e83
commit 0289980
Showing 1 changed file with 34 additions and 0 deletions.
diff --git a/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java b/tests/base/src/test/java/org/wildfly/security/ssl/SSLAuthenticationTest.java
@@ -729,6 +729,40 @@ public void testOcspGood() throws Throwable {
                 "OU=Elytron,O=Elytron,C=UK,ST=Elytron,CN=ocspCheckedGood", false);
     }
 
+    @Test
+    public void testOcspRevoked() throws Throwable {
+        SSLContext serverContext = new SSLContextBuilder()
+                .setSecurityDomain(getKeyStoreBackedSecurityDomain("/jks/beetles.keystore"))
+                .setKeyManager(getKeyManager("/jks/scarab.keystore"))
+                .setTrustManager(X509RevocationTrustManager.builder()
+                        .setTrustManagerFactory(getTrustManagerFactory())
+                        .setTrustStore(createKeyStore("/jks/ca.truststore"))
+                        .setOcspResponderCert(ocspResponderCertificate)
+                        .build())
+                .setNeedClientAuth(true)
+                .build().create();
+
+        performConnectionTest(serverContext, "protocol://test-two-way-ocsp-revoked.org", false, "OU=Elytron,O=Elytron,C=UK,ST=Elytron,CN=Scarab",
+                "OU=Elytron,O=Elytron,C=UK,ST=Elytron,CN=ocspCheckedRevoked", false);
+    }
+
+    @Test
+    public void testOcspUnknown() throws Throwable {
+        SSLContext serverContext = new SSLContextBuilder()
+                .setSecurityDomain(getKeyStoreBackedSecurityDomain("/jks/beetles.keystore"))
+                .setKeyManager(getKeyManager("/jks/scarab.keystore"))
+                .setTrustManager(X509RevocationTrustManager.builder()
+                        .setTrustManagerFactory(getTrustManagerFactory())
+                        .setTrustStore(createKeyStore("/jks/ca.truststore"))
+                        .setOcspResponderCert(ocspResponderCertificate)
+                        .build())
+                .setNeedClientAuth(true)
+                .build().create();
+
+        performConnectionTest(serverContext, "protocol://test-two-way-ocsp-unknown.org", false, "OU=Elytron,O=Elytron,C=UK,ST=Elytron,CN=Scarab",
+                "OU=Elytron,O=Elytron,C=UK,ST=Elytron,CN=ocspCheckedUnknown", false);
+    }
+
     @Test
     public void testOcspMaxCertPathNeg1() throws Throwable {
         ocspMaxCertPathCommon(-1, false);