Skip to content

Commit

Permalink
v3.0.2
Browse files Browse the repository at this point in the history
  • Loading branch information
@Gematik-Entwicklung @RStaeber
Gematik-Entwicklung authored and RStaeber committed Jun 28, 2024
1 parent 287f1b1 commit 3b33117
Show file tree
Hide file tree
Showing 14 changed files with 97 additions and 49 deletions.
5 changes: 5 additions & 0 deletions ReleaseNotes.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,11 @@

# Release notes PKI Test Suite

## Release 3.0.2

- fix NPE in logging of OCSP response when cert hash is not required
- update dependencies

## Release 3.0.1

- adjust type of cert in defectAlternativeCaWrongSrvInfoExtTsl
Expand Down
4 changes: 2 additions & 2 deletions pkits-common/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,11 @@
<parent>
<groupId>de.gematik.pki.pkits</groupId>
<artifactId>pki-testsuite</artifactId>
<version>3.0.1</version>
<version>3.0.2</version>
</parent>

<artifactId>pkits-common</artifactId>
<version>3.0.1</version>
<version>3.0.2</version>
<name>Common Code</name>
<description>Common code</description>

Expand Down
4 changes: 2 additions & 2 deletions pkits-coverage-reports/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,11 @@
<parent>
<groupId>de.gematik.pki.pkits</groupId>
<artifactId>pki-testsuite</artifactId>
<version>3.0.1</version>
<version>3.0.2</version>
</parent>

<artifactId>pkits-coverage-reports</artifactId>
<version>3.0.1</version>
<version>3.0.2</version>
<packaging>pom</packaging>

<name>Code Coverage Reports</name>
Expand Down
4 changes: 2 additions & 2 deletions pkits-distro-assembly/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,11 @@
<parent>
<groupId>de.gematik.pki.pkits</groupId>
<artifactId>pki-testsuite</artifactId>
<version>3.0.1</version>
<version>3.0.2</version>
</parent>

<artifactId>pkits-distro-assembly</artifactId>
<version>3.0.1</version>
<version>3.0.2</version>
<packaging>pom</packaging>

<name>Distribution</name>
Expand Down
4 changes: 2 additions & 2 deletions pkits-ocsp-responder/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,11 @@
<parent>
<groupId>de.gematik.pki.pkits</groupId>
<artifactId>pki-testsuite</artifactId>
<version>3.0.1</version>
<version>3.0.2</version>
</parent>

<artifactId>pkits-ocsp-responder</artifactId>
<version>3.0.1</version>
<version>3.0.2</version>
<name>OCSP Responder Simulator</name>
<description>Spring Boot OCSP Responder</description>

Expand Down
19 changes: 12 additions & 7 deletions .../src/main/java/de/gematik/pki/pkits/ocsp/responder/controllers/OcspRequestController.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,12 +40,12 @@
import jakarta.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.time.ZonedDateTime;
import java.time.temporal.ChronoUnit;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.bouncycastle.asn1.isismtt.ocsp.CertHash;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.cert.ocsp.OCSPReq;
import org.bouncycastle.cert.ocsp.OCSPResp;
import org.bouncycastle.util.encoders.Hex;
Expand Down Expand Up @@ -178,14 +178,19 @@ private byte[] buildOcspResponseBytes(final OCSPReq ocspReq) {
config.getEeCert(),
config.getIssuerCert(),
config.getOcspCertificateStatus());
final CertHash asn1CertHash =
CertHash.getInstance(
getFirstSingleResp(ocspResponse)
.getExtension(id_isismtt_at_certHash)
.getParsedValue());

final Extension certHashExtension =
getFirstSingleResp(ocspResponse).getExtension(id_isismtt_at_certHash);

byte[] certHash = null;
if (certHashExtension != null) {
certHash = CertHash.getInstance(certHashExtension.getParsedValue()).getCertificateHash();
}

log.debug(
"Building OcspResponse done. CertHash: {}.",
new String(Hex.encode(asn1CertHash.getCertificateHash()), StandardCharsets.UTF_8));
certHash != null ? Hex.toHexString(certHash) : "not included");

return ocspResponse.getEncoded();
} catch (final IOException e) {
throw new OcspResponderException("Could not create OcspResponse.", e);
Expand Down
46 changes: 46 additions & 0 deletions .../test/java/de/gematik/pki/pkits/ocsp/responder/controllers/OcspRequestControllerTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,12 +21,15 @@
import static de.gematik.pki.pkits.common.PkitsConstants.OCSP_SSP_ENDPOINT;
import static org.apache.http.HttpHeaders.ACCEPT;
import static org.assertj.core.api.Assertions.assertThat;
import static org.bouncycastle.internal.asn1.isismtt.ISISMTTObjectIdentifiers.id_isismtt_at_certHash;
import static org.springframework.http.HttpHeaders.CONTENT_TYPE;

import de.gematik.pki.gemlibpki.ocsp.OcspRequestGenerator;
import de.gematik.pki.gemlibpki.utils.P12Container;
import de.gematik.pki.pkits.ocsp.responder.api.OcspResponderManager;
import de.gematik.pki.pkits.ocsp.responder.data.CustomCertificateStatusDto;
import de.gematik.pki.pkits.ocsp.responder.data.OcspRequestHistory;
import de.gematik.pki.pkits.ocsp.responder.data.OcspResponderConfig;
import java.io.IOException;
import java.security.cert.X509Certificate;
import java.time.Duration;
Expand Down Expand Up @@ -170,6 +173,49 @@ void checkOcspResponseStatusOk() throws IOException {
assertThat(ocspResp.getStatus()).isEqualTo(OCSPResp.SUCCESSFUL);
}

@Test
void checkOcspResponseExtensions() throws IOException, OCSPException {
final HttpResponse<byte[]> response =
Unirest.post(ocspServiceUrlSeqNr31)
.header(CONTENT_TYPE, MEDIA_TYPE_APPLICATION_OCSP_REQUEST)
.header(ACCEPT, MEDIA_TYPE_APPLICATION_OCSP_RESPONSE)
.body(ocspReq.getEncoded())
.asBytes();

final OCSPResp ocspResp = new OCSPResp(response.getBody());
BasicOCSPResp ocspResponse = (BasicOCSPResp) ocspResp.getResponseObject();
assertThat(ocspResponse.hasExtensions()).isTrue();
assertThat(ocspResponse.getExtensionOIDs()).hasSize(1);
assertThat(ocspResponse.getExtensionOIDs()).contains(id_isismtt_at_certHash);
}

@Test
void shouldNotIncludeCertHashExtensionInResponse() throws IOException, OCSPException {
final OcspResponderConfig ocspResponderConfig =
OcspResponderConfig.builder()
.eeCert(VALID_X509_EE_CERT)
.issuerCert(VALID_X509_ISSUER_CERT)
.certificateStatus(CERT_STATUS_GOOD)
.withCertHash(false)
.signer(signer)
.delayMilliseconds(delayMilliseconds)
.build();

OcspResponderManager.configure(getLocalhostEndpoint(""), ocspResponderConfig);

final HttpResponse<byte[]> response =
Unirest.post(ocspServiceUrlSeqNr31)
.header(CONTENT_TYPE, MEDIA_TYPE_APPLICATION_OCSP_REQUEST)
.header(ACCEPT, MEDIA_TYPE_APPLICATION_OCSP_RESPONSE)
.body(ocspReq.getEncoded())
.asBytes();

final OCSPResp ocspResp = new OCSPResp(response.getBody());
BasicOCSPResp ocspResponse = (BasicOCSPResp) ocspResp.getResponseObject();
assertThat(ocspResponse.hasExtensions()).isFalse();
assertThat(ocspResponse.getExtensionOIDs()).isEmpty();
}

@Test
void checkOcspSingleResponseCertStatusGood() throws IOException, OCSPException {
final HttpResponse<byte[]> response =
Expand Down
4 changes: 2 additions & 2 deletions pkits-sut-server-sim/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,11 @@
<parent>
<groupId>de.gematik.pki.pkits</groupId>
<artifactId>pki-testsuite</artifactId>
<version>3.0.1</version>
<version>3.0.2</version>
</parent>

<artifactId>pkits-sut-server-sim</artifactId>
<version>3.0.1</version>
<version>3.0.2</version>
<name>Test Object Simulator (Server)</name>
<description>Test object simulator (server)</description>

Expand Down
20 changes: 7 additions & 13 deletions pkits-testsuite/pom.xml
View file
Original file line number Diff line number Diff line change
@@ -1,16 +1,14 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>de.gematik.pki.pkits</groupId>
<artifactId>pki-testsuite</artifactId>
<version>3.0.1</version>
<version>3.0.2</version>
</parent>

<artifactId>pkits-testsuite</artifactId>
<version>3.0.1</version>
<version>3.0.2</version>
<name>PKI Test Suite</name>
<description>PKI test suite</description>

Expand All @@ -23,27 +21,23 @@
**/de/gematik/pki/pkits/testsuite/runner/**,
**/de/gematik/pki/pkits/testsuite/ssh/**,
**/de/gematik/pki/pkits/testsuite/testutils/**,
**/de/gematik/pki/pkits/testsuite/usecases/**
</sonar.coverage.exclusions>
**/de/gematik/pki/pkits/testsuite/usecases/**</sonar.coverage.exclusions>

<testReportDirectory>${project.basedir}/../out/testreport</testReportDirectory>

<!-- dependencies -->
<version.commons-lang3>3.14.0</version.commons-lang3>
<version.apache.sshd>2.12.1</version.apache.sshd>
<version.apache.sshd>2.13.1</version.apache.sshd>
<version.itextpdf.html2pdf>5.0.4</version.itextpdf.html2pdf>
<version.jaxb-runtime>4.0.1</version.jaxb-runtime>
<version.mockito>5.12.0</version.mockito>
<version.picocli>4.7.6</version.picocli>

<!-- plugins -->
<version.build-helper-maven-plugin>3.3.0</version.build-helper-maven-plugin>
<version.maven-surefire-report-plugin>${version.maven-surefire-plugin}
</version.maven-surefire-report-plugin>
<version.maven-surefire-report-plugin>${version.maven-surefire-plugin}</version.maven-surefire-report-plugin>

<tsl-procurer.initialTslPrimaryDownloadUrl>
http://localhost:8084/tsl/tsl.xml?activeTslSeqNr=700000
</tsl-procurer.initialTslPrimaryDownloadUrl>
<tsl-procurer.initialTslPrimaryDownloadUrl>http://localhost:8084/tsl/tsl.xml?activeTslSeqNr=700000</tsl-procurer.initialTslPrimaryDownloadUrl>
</properties>

<dependencies>
Expand Down
4 changes: 2 additions & 2 deletions pkits-tls-client/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,11 @@
<parent>
<groupId>de.gematik.pki.pkits</groupId>
<artifactId>pki-testsuite</artifactId>
<version>3.0.1</version>
<version>3.0.2</version>
</parent>

<artifactId>pkits-tls-client</artifactId>
<version>3.0.1</version>
<version>3.0.2</version>

<name>TLS Client</name>
<description>TLS Client</description>
Expand Down
4 changes: 2 additions & 2 deletions pkits-tsl-generator/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,11 @@
<parent>
<groupId>de.gematik.pki.pkits</groupId>
<artifactId>pki-testsuite</artifactId>
<version>3.0.1</version>
<version>3.0.2</version>
</parent>

<artifactId>pkits-tsl-generator</artifactId>
<version>3.0.1</version>
<version>3.0.2</version>
<name>PKI TSL Generator</name>
<description>PKI TSL Generator</description>

Expand Down
4 changes: 1 addition & 3 deletions ...ava/de/gematik/pki/pkits/testsuite/common/tsl/generation/operation/CreateTslTemplate.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -331,9 +331,7 @@ public static TrustStatusListType defectAlternativeCaWrongSrvInfoExtTsl() {
tspServicesToModify.forEach(
tspService -> {
final ExtensionsListType extensions = new ExtensionsListType();
for (final CertificateType oid :
List.of(
CertificateType.TSL_FIELD_TSL_PLACEHOLDER)) {
for (final CertificateType oid : List.of(CertificateType.TSL_FIELD_TSL_PLACEHOLDER)) {
extensions.getExtension().add(TspServiceGenerator.toExtension(oid));
}
tspService.getServiceInformation().setServiceInformationExtensions(extensions);
Expand Down
4 changes: 2 additions & 2 deletions pkits-tsl-provider/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,11 @@
<parent>
<groupId>de.gematik.pki.pkits</groupId>
<artifactId>pki-testsuite</artifactId>
<version>3.0.1</version>
<version>3.0.2</version>
</parent>

<artifactId>pkits-tsl-provider</artifactId>
<version>3.0.1</version>
<version>3.0.2</version>
<name>TSL Server Simulator</name>
<description>Spring Boot TSL Provider</description>

Expand Down
20 changes: 10 additions & 10 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,12 @@
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>3.2.5</version>
<version>3.3.1</version>
</parent>

<groupId>de.gematik.pki.pkits</groupId>
<artifactId>pki-testsuite</artifactId>
<version>3.0.1</version>
<version>3.0.2</version>
<packaging>pom</packaging>
<name>PKI Testsuite</name>
<description>PKI Testsuite to test products of the telematic infrastructure to fulfill the
Expand Down Expand Up @@ -85,10 +85,10 @@

<!-- dependencies -->
<version.ardikars.pcap>1.5.1</version.ardikars.pcap>
<version.assertj-core>3.25.3</version.assertj-core>
<version.assertj-core>3.26.0</version.assertj-core>
<version.awaitility>4.2.0</version.awaitility>
<version.bouncycastle>1.78.1</version.bouncycastle>
<version.commons-compress>1.26.1</version.commons-compress>
<version.commons-compress>1.26.2</version.commons-compress>
<version.commons-io>2.16.1</version.commons-io>
<version.commons-text>1.12.0</version.commons-text>
<version.jfiglet>1.0.1</version.jfiglet>
Expand All @@ -106,20 +106,20 @@
<!-- plugins -->
<version.dependency-check-maven>7.2.1</version.dependency-check-maven>
<version.docker-maven-plugin>0.44.0</version.docker-maven-plugin>
<version.git-commit-id-maven-plugin>8.0.2</version.git-commit-id-maven-plugin>
<version.git-commit-id-maven-plugin>9.0.0</version.git-commit-id-maven-plugin>
<version.jacoco-maven-plugin>0.8.12</version.jacoco-maven-plugin>
<version.maven-assembly-plugin>3.6.0</version.maven-assembly-plugin>
<version.maven-clean-plugin>3.3.2</version.maven-clean-plugin>
<version.maven-clean-plugin>3.4.0</version.maven-clean-plugin>
<version.maven-compiler-plugin>3.13.0</version.maven-compiler-plugin>
<version.maven-deploy-plugin>3.1.2</version.maven-deploy-plugin>
<version.maven-enforcer-plugin>3.4.1</version.maven-enforcer-plugin>
<version.maven-enforcer-plugin>3.5.0</version.maven-enforcer-plugin>
<version.maven-failsafe-plugin>${version.maven-surefire-plugin}</version.maven-failsafe-plugin>
<version.maven-project-info-reports-plugin>3.5.0</version.maven-project-info-reports-plugin>
<version.maven-project-info-reports-plugin>3.6.1</version.maven-project-info-reports-plugin>
<version.maven-resources-plugin>3.3.0</version.maven-resources-plugin>
<version.maven-site-plugin>3.12.1</version.maven-site-plugin>
<version.maven-source-plugin>3.3.1</version.maven-source-plugin>
<version.maven-surefire-plugin>3.2.5</version.maven-surefire-plugin>
<version.sonar-maven-plugin>3.11.0.3922</version.sonar-maven-plugin>
<version.maven-surefire-plugin>3.3.0</version.maven-surefire-plugin>
<version.sonar-maven-plugin>4.0.0.4121</version.sonar-maven-plugin>
<version.spotless-maven-plugin>2.43.0</version.spotless-maven-plugin>
<version.spotless.google-java-format>1.17.0</version.spotless.google-java-format>

Expand Down

0 comments on commit 3b33117

Please sign in to comment.