OcspClientTest Class — netty Architecture

Architecture documentation for the OcspClientTest class in OcspClientTest.java from the netty codebase.

Class java

Entity Profile

Dependency Diagram

graph TD
  3370da49_7453_ab40_8426_84084353f364["OcspClientTest"]
  f3e58ad1_f25d_f862_e24a_936b64525196["OcspClientTest.java"]
  3370da49_7453_ab40_8426_84084353f364 -->|defined in| f3e58ad1_f25d_f862_e24a_936b64525196
  310dc5fe_7e3e_a952_ecb6_941e2ca99969["simpleOcspQueryTest()"]
  3370da49_7453_ab40_8426_84084353f364 -->|method| 310dc5fe_7e3e_a952_ecb6_941e2ca99969
  3cd9e93b_d43f_18f9_748e_083f34552760["validateSignatureWithIncludedChainSucceeds()"]
  3370da49_7453_ab40_8426_84084353f364 -->|method| 3cd9e93b_d43f_18f9_748e_083f34552760
  a9350351_33dc_df12_238c_0a50d6db0b7a["validateSignatureWithInvalidChainThrows()"]
  3370da49_7453_ab40_8426_84084353f364 -->|method| a9350351_33dc_df12_238c_0a50d6db0b7a
  a37e0678_125c_b96e_308b_160c32da811c["BasicOCSPResp()"]
  3370da49_7453_ab40_8426_84084353f364 -->|method| a37e0678_125c_b96e_308b_160c32da811c

Relationship Graph

Source Code

handler-ssl-ocsp/src/test/java/io/netty/handler/ssl/ocsp/OcspClientTest.java lines 48–180

class OcspClientTest extends AbstractOcspTest {

    @ParameterizedTest
    @ValueSource(strings = {"https://netty.io", "https://apple.com"})
    void simpleOcspQueryTest(String urlString) throws IOException, ExecutionException, InterruptedException {
        HttpsURLConnection httpsConnection = null;
        try {
            URL url = new URL(urlString);
            httpsConnection = (HttpsURLConnection) url.openConnection();
            httpsConnection.connect();

            // Pull server certificates for validation
            X509Certificate[] certs = (X509Certificate[]) httpsConnection.getServerCertificates();
            X509Certificate serverCert = certs[0];
            X509Certificate certIssuer = certs[1];

            Promise<BasicOCSPResp> promise = OcspClient.query(serverCert, certIssuer, false,
                    createDefaultTransport(), createDefaultResolver(createDefaultTransport()));
            BasicOCSPResp basicOCSPResp = promise.get();

            // 'null' means certificate is valid
            assertNull(basicOCSPResp.getResponses()[0].getCertStatus());
        } finally {
            if (httpsConnection != null) {
                httpsConnection.disconnect();
            }
        }
    }

    @Test
    void validateSignatureWithIncludedChainSucceeds() throws Exception {
        X509Bundle rootIssuer = new CertificateBuilder()
                .algorithm(CertificateBuilder.Algorithm.rsa2048)
                .subject("CN=SomeRootCA")
                .setIsCertificateAuthority(true)
                .buildSelfSigned();

        X509Bundle intermediateIssuer = new CertificateBuilder()
                .algorithm(CertificateBuilder.Algorithm.rsa2048)
                .subject("CN=SomeIntermediateCA")
                .setIsCertificateAuthority(true)
                .buildIssuedBy(rootIssuer);

        X509Bundle ocspResponder = new CertificateBuilder()
                .algorithm(CertificateBuilder.Algorithm.rsa2048)
                .subject("CN=SomeOCSPResponder")
                .buildIssuedBy(intermediateIssuer);

        // Create actual OCSP response with the responder's certificate
        X509CertificateHolder responderHolder = new JcaX509CertificateHolder(ocspResponder.getCertificate());
        X509CertificateHolder intermediateHolder = new JcaX509CertificateHolder(intermediateIssuer.getCertificate());

        // Create a minimal BasicOCSPResp that contains the certificate chain
        BasicOCSPResp resp = createBasicOcspResponse(
                ocspResponder,
                new X509CertificateHolder[]{responderHolder, intermediateHolder}
        );

        assertDoesNotThrow(() -> OcspClient.validateSignature(resp, rootIssuer.getCertificate()));
    }

    @Test
    void validateSignatureWithInvalidChainThrows() throws Exception {
        // Build an unrelated responder chain so nothing is signed by the provided issuer (using RSA)
        X509Bundle issuerBundle = new CertificateBuilder()
                .algorithm(CertificateBuilder.Algorithm.rsa2048)
                .subject("CN=Issuer")
                .setIsCertificateAuthority(true)
                .buildSelfSigned();

        // Different CA
        X509Bundle otherRoot = new CertificateBuilder()
                .algorithm(CertificateBuilder.Algorithm.rsa2048)
                .subject("CN=SomeRootCA")
                .setIsCertificateAuthority(true)
                .buildSelfSigned();

        X509Bundle otherIntermediate = new CertificateBuilder()
                .algorithm(CertificateBuilder.Algorithm.rsa2048)
                .subject("CN=SomeIntermediateCA")
                .setIsCertificateAuthority(true)

Defined In

handler-ssl-ocsp/src/test/java/io/netty/handler/ssl/ocsp/OcspClientTest.java

Source

View on GitHub

Frequently Asked Questions

What is the OcspClientTest class?

OcspClientTest is a class in the netty codebase, defined in handler-ssl-ocsp/src/test/java/io/netty/handler/ssl/ocsp/OcspClientTest.java.

Where is OcspClientTest defined?

OcspClientTest is defined in handler-ssl-ocsp/src/test/java/io/netty/handler/ssl/ocsp/OcspClientTest.java at line 48.

Analyze Your Own Codebase

Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.

Try Supermodel Free