fix: add missing tests to test VCertTknClient SDK methods

Author: marcos-albornoz

src/test/java/com/venafi/vcert/sdk/vcertTknClient/VCertTknClientAT.java

@@ -0,0 +1,87 @@
+package com.venafi.vcert.sdk.vcertTknClient;
+
+import static com.venafi.vcert.sdk.TestUtils.getTestIps;
+import static java.lang.String.format;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
+import java.io.IOException;
+import java.io.StringReader;
+import java.net.InetAddress;
+import java.util.Arrays;
+import java.util.Collections;
+
+import org.bouncycastle.openssl.PEMParser;
+import org.bouncycastle.pkcs.PKCS10CertificationRequest;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.RegisterExtension;
+
+import com.venafi.vcert.sdk.TestUtils;
+import com.venafi.vcert.sdk.VCertException;
+import com.venafi.vcert.sdk.certificate.CertificateRequest;
+import com.venafi.vcert.sdk.certificate.KeyType;
+import com.venafi.vcert.sdk.connectors.ZoneConfiguration;
+
+import feign.FeignException;
+
+class VCertTknClientAT {
+	
+	@RegisterExtension
+	public static final VCertTknClientResource clientResource = new VCertTknClientResource();
+
+	@Test
+	void readZoneConfiguration() throws VCertException {
+		try {
+			clientResource.client().readZoneConfiguration(TestUtils.TPP_ZONE);
+		} catch (FeignException fe) {
+			throw VCertException.fromFeignException(fe);
+		}
+	}
+
+	@Test
+	void readZoneConfigurationInLongFormat() throws VCertException {
+		try {
+			clientResource.client().readZoneConfiguration("\\VED\\Policy\\"+TestUtils.TPP_ZONE);
+		} catch (FeignException fe) {
+			throw VCertException.fromFeignException(fe);
+		}
+	}
+
+	@Test
+	void ping() throws VCertException {
+		assertThatCode(() -> clientResource.client().ping()).doesNotThrowAnyException();
+	}
+
+	@Test
+	void generateRequest() throws VCertException, IOException {
+		String commonName = TestUtils.randomCN();
+		ZoneConfiguration zoneConfiguration = clientResource.client().readZoneConfiguration(TestUtils.TPP_ZONE);
+		CertificateRequest certificateRequest = new CertificateRequest()
+				.subject(new CertificateRequest.PKIXName().commonName(commonName)
+						.organization(Collections.singletonList("Venafi, Inc."))
+						.organizationalUnit(Arrays.asList("Engineering", "Automated Tests"))
+						.country(Collections.singletonList("US")).locality(Collections.singletonList("SLC"))
+						.province(Collections.singletonList("Utah")))
+				.dnsNames(Collections.singletonList(InetAddress.getLocalHost().getHostName()))
+				.ipAddresses(getTestIps()).keyType(KeyType.RSA).keyLength(2048);
+
+		certificateRequest = clientResource.client().generateRequest(zoneConfiguration, certificateRequest);
+
+		assertThat(certificateRequest.csr()).isNotEmpty();
+
+		PKCS10CertificationRequest request = (PKCS10CertificationRequest) new PEMParser(
+				new StringReader(new String(certificateRequest.csr()))).readObject();
+
+		// Values overridden by policy which is why they don't match the above values
+		String subject = request.getSubject().toString();
+
+		assertThat(subject).contains(format("CN=%s", commonName));
+	}
+
+	@Test
+	void readPolicyConfiguration() {
+		assertThrows(UnsupportedOperationException.class,
+				() -> clientResource.client().readPolicyConfiguration("zone"));
+	}
+}

src/test/java/com/venafi/vcert/sdk/vcertTknClient/VCertTknClientCertAT.java

@@ -0,0 +1,267 @@
+/**
+ * 
+ */
+package com.venafi.vcert.sdk.vcertTknClient;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.junit.Assert.assertTrue;
+
+import java.io.IOException;
+import java.io.StringReader;
+import java.net.SocketException;
+import java.net.UnknownHostException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.commons.codec.digest.DigestUtils;
+import org.bouncycastle.util.io.pem.PemHeader;
+import org.bouncycastle.util.io.pem.PemObject;
+import org.bouncycastle.util.io.pem.PemReader;
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.RegisterExtension;
+
+import com.venafi.vcert.sdk.TestUtils;
+import com.venafi.vcert.sdk.VCertException;
+import com.venafi.vcert.sdk.VCertTknClient;
+import com.venafi.vcert.sdk.certificate.CertificateRequest;
+import com.venafi.vcert.sdk.certificate.CsrOriginOption;
+import com.venafi.vcert.sdk.certificate.CustomField;
+import com.venafi.vcert.sdk.certificate.DataFormat;
+import com.venafi.vcert.sdk.certificate.ImportRequest;
+import com.venafi.vcert.sdk.certificate.ImportResponse;
+import com.venafi.vcert.sdk.certificate.PEMCollection;
+import com.venafi.vcert.sdk.certificate.RenewalRequest;
+import com.venafi.vcert.sdk.certificate.RevocationRequest;
+import com.venafi.vcert.sdk.connectors.ZoneConfiguration;
+
+/**
+ * @author Marcos E. Albornoz Abud
+ *
+ */
+public class VCertTknClientCertAT {
+	
+	@RegisterExtension
+	public static final VCertTknClientCertResource clientResource = new VCertTknClientCertResource();
+
+	@Test
+	void requestCertificate() throws VCertException, SocketException, UnknownHostException {
+		VCertTknClient client = clientResource.client();
+		ZoneConfiguration zoneConfiguration = clientResource.zoneConfiguration();
+	
+		CertificateRequest certificateRequest = client.generateRequest(zoneConfiguration, clientResource.certificateRequest());
+		CertificateRequest csrRequestOnly = new CertificateRequest().csr(certificateRequest.csr());
+		assertThat(client.requestCertificate(csrRequestOnly, zoneConfiguration)).isNotNull();
+	}
+
+	@Test
+	void retrieveCertificate() throws VCertException, SocketException, UnknownHostException {
+		VCertTknClient client = clientResource.client();
+		ZoneConfiguration zoneConfiguration = clientResource.zoneConfiguration();
+		CertificateRequest certificateRequest = clientResource.certificateRequest()
+				//.keyType(KeyType.ECDSA).keyCurve(EllipticCurve.EllipticCurveP521)
+				//.keyType(KeyType.RSA).keyLength(2048)
+				//.dataFormat(DataFormat.LEGACY)
+				//.keyPassword("newtiran000!")
+				//.csrOrigin(CsrOriginOption.ServiceGeneratedCSR)
+				;
+	
+		certificateRequest = client.generateRequest(zoneConfiguration, certificateRequest);
+		String certificateId = client.requestCertificate(certificateRequest, zoneConfiguration);
+		
+		assertThat(certificateId).isNotNull();
+
+		PEMCollection pemCollection = client.retrieveCertificate(certificateRequest);
+		
+		assertThat(pemCollection.certificate()).isNotNull();
+		assertThat(pemCollection.privateKey()).isNotNull();
+	}
+
+	@Test
+	void renewCertificate() throws VCertException, UnknownHostException, SocketException,
+	CertificateException, NoSuchAlgorithmException {
+		
+		VCertTknClient client = clientResource.client();
+		ZoneConfiguration zoneConfiguration = clientResource.zoneConfiguration();
+		CertificateRequest certificateRequest = client.generateRequest(zoneConfiguration, clientResource.certificateRequest());
+		String certificateId = client.requestCertificate(certificateRequest, zoneConfiguration);
+		assertThat(certificateId).isNotNull();
+	
+		PEMCollection pemCollection = client.retrieveCertificate(certificateRequest);
+		X509Certificate cert = (X509Certificate) pemCollection.certificate();
+	
+		String thumbprint = DigestUtils.sha1Hex(cert.getEncoded()).toUpperCase();
+	
+		CertificateRequest certificateRequestToRenew = new CertificateRequest()
+				.subject(certificateRequest.subject())
+				.dnsNames(certificateRequest.dnsNames())
+				.ipAddresses(certificateRequest.ipAddresses())
+				.keyType(certificateRequest.keyType())
+				.keyLength(certificateRequest.keyLength());
+		client.generateRequest(zoneConfiguration, certificateRequestToRenew);
+	
+		String renewRequestId = client.renewCertificate(
+				new RenewalRequest().request(certificateRequestToRenew).thumbprint(thumbprint));
+	
+		assertThat(renewRequestId).isNotNull();
+	}
+
+	@Test
+	void revokeCertificate() throws VCertException, SocketException, UnknownHostException {
+		VCertTknClient client = clientResource.client();
+		ZoneConfiguration zoneConfiguration = clientResource.zoneConfiguration();
+	
+		CertificateRequest certificateRequest = client.generateRequest(zoneConfiguration, clientResource.certificateRequest());
+		String certificateId = client.requestCertificate(certificateRequest, zoneConfiguration);
+		assertThat(certificateId).isNotNull();
+	
+		// just wait for the certificate issuance
+		client.retrieveCertificate(certificateRequest);
+	
+		RevocationRequest revocationRequest = new RevocationRequest();
+		revocationRequest.reason("key-compromise");
+		revocationRequest.certificateDN(certificateRequest.pickupId());
+	
+		client.revokeCertificate(revocationRequest);
+	}
+
+	@Test
+	@DisplayName("VCertTknClient - Create a cerfiticate that contais custom fields and validate if certifcate were created correctly")
+	void createCertificateValidateValidityHours() throws UnknownHostException, VCertException {
+	
+		//Custom fields
+		List<CustomField> customFields = new ArrayList<CustomField>();
+		customFields.add(new CustomField("custom", "java-test"));
+		customFields.add(new CustomField("cfList", "item2"));
+		customFields.add(new CustomField("cfListMulti", "tier1"));
+		customFields.add(new CustomField("cfListMulti", "tier2"));
+	
+		VCertTknClient client = clientResource.client();
+		ZoneConfiguration zoneConfiguration = clientResource.zoneConfiguration();
+		CertificateRequest certificateRequest = clientResource.certificateRequest().customFields(customFields);
+	
+		certificateRequest = client.generateRequest(zoneConfiguration, clientResource.certificateRequest());
+	
+		// Submit the certificate request
+		client.requestCertificate(certificateRequest, zoneConfiguration);
+	
+		// Retrieve PEM collection from Venafi
+		PEMCollection pemCollection = client.retrieveCertificate(certificateRequest);
+	
+	
+		//At this moment certificate, must be created, it will fail if some custom fields aren't supported or specified on tpp
+		//so is enough to validate if certificate is created.
+		assertTrue(pemCollection.certificate() != null);
+	
+	}
+
+	@Test
+	void importCertificate() throws VCertException {
+		final String cert = "-----BEGIN CERTIFICATE-----\n"
+				+ "MIIDdjCCAl6gAwIBAgIRAPqSZQ04IjWgO2rwIDRcOY8wDQYJKoZIhvcNAQENBQAw\n"
+				+ "gYAxCzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARVdGFoMRcwFQYDVQQHDA5TYWx0IExh\n"
+				+ "a2UgQ2l0eTEPMA0GA1UECgwGVmVuYWZpMRswGQYDVQQLDBJOT1QgRk9SIFBST0RV\n"
+				+ "Q1RJT04xGzAZBgNVBAMMElZDZXJ0IFRlc3QgTW9kZSBDQTAeFw0xODA5MTIxMzUw\n"
+				+ "MzNaFw0xODEyMTExMzUwMzNaMCQxIjAgBgNVBAMTGWltcG9ydC52ZW5hZmkuZXhh\n"
+				+ "bXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChjQk0jSE5\n"
+				+ "ktVdH8bAM0QCpGs1rOOVMmRkMc7d4hQ6bTlFlIypMq9t+1O2Z8i4fiKDS7vSBmBo\n"
+				+ "WBgN9e0fbAnKEvBIcNLBS4lmwzRDxDCrNV3Dr5s+yJtUw9V2XBwiXbtW7qs5+c0O\n"
+				+ "y7a2S/5HudXUlAuXf7SF4MboMMpHRg+UkyA4j0peir8PtmlJjlYBt3lZdaeLlD6F\n"
+				+ "EIlIVQFZ6ulUF/kULhxhTUl2yNUUzJ/bqJlhFU6pkL+GoW1lnaZ8FYXwA1EKYyRk\n"
+				+ "DYL581eqvIBJY9tCNWbOdU1r+5wR4OOKe/WWWhcDC6nL/M8ZYhfQg1nHoD58A8Dk\n"
+				+ "H4AAt8A3EZpdAgMBAAGjRjBEMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB\n"
+				+ "/wQCMAAwHwYDVR0jBBgwFoAUzqRFDvLX0mz4AjPb45tLGavm8AcwDQYJKoZIhvcN\n"
+				+ "AQENBQADggEBABa4wqh+A63O5PHrdUCBSmQs9ve/oIXj561VBmqXkTHLrtKtbtcA\n"
+				+ "yvsMi8RD8BibBAsUCljkCmLoQD/XeQFtsPlMAxisSMYhChh58008CIYDR8Nf/qoe\n"
+				+ "YfzdMB/3VWCqTn9KGF8aMKeQvbFvuqmbtdCv//eYe6mNe2fa/x6PSdGMi4BPmjUC\n"
+				+ "PmBT4p1iwMtu8LnL4UM4awjmmExR4X4rafcyGEbf0D/CRfhDLSwxvrrVcWd6TMMY\n"
+				+ "HPZ/pw//+UrVLgEEsyM2zwf+LokbszPBvPAtHMJtr7Pnq2MQtEEkLfPqOWG3ol1H\n"
+				+ "t+4v2LIW1q4GkwOUjPqgyIaJC5jj5pH9/g8=\n" + "-----END CERTIFICATE-----";
+	
+		final String pk = "-----BEGIN RSA PRIVATE KEY-----\n"
+				+ "MIIEpAIBAAKCAQEAoY0JNI0hOZLVXR/GwDNEAqRrNazjlTJkZDHO3eIUOm05RZSM\n"
+				+ "qTKvbftTtmfIuH4ig0u70gZgaFgYDfXtH2wJyhLwSHDSwUuJZsM0Q8QwqzVdw6+b\n"
+				+ "PsibVMPVdlwcIl27Vu6rOfnNDsu2tkv+R7nV1JQLl3+0heDG6DDKR0YPlJMgOI9K\n"
+				+ "Xoq/D7ZpSY5WAbd5WXWni5Q+hRCJSFUBWerpVBf5FC4cYU1JdsjVFMyf26iZYRVO\n"
+				+ "qZC/hqFtZZ2mfBWF8ANRCmMkZA2C+fNXqryASWPbQjVmznVNa/ucEeDjinv1lloX\n"
+				+ "Awupy/zPGWIX0INZx6A+fAPA5B+AALfANxGaXQIDAQABAoIBAE7of6WOhbsEcHkz\n"
+				+ "CzZYFBEiVEd8chEu8wBJn9ybD/xV21KUM3x1iGC1EPeYi98ppRvygwQcHzz4Qo+X\n"
+				+ "HsJpWAK+62TGzvqhNbTfBglPq+IEiA8MGE07WTu3B+3vIcLbe6UDoNkJndJrSIyU\n"
+				+ "Y9iO+dYClgLi2r9FwoIpSrQzkWqlB3edle4Nq1WABtWTOSDYysz1gk0KrLmQQfXP\n"
+				+ "CPiwkL0SjB+sfbOiVX0B2liV2oxJ5VZWNo/250wFcvrcYrgTNtEVNMXtpN0tnRMH\n"
+				+ "NPwnY+B9WGu/NVhtvOcOTPHq9xQhbmBCS1axikizCaIqEOyegdeDJ4ASJnVybfCA\n"
+				+ "KzjoCpUCgYEAwOmeEvzSP8hCKtLPU8QDBA1y+mEvZMwBY4qr3hfqv3qa0QmFvxkk\n"
+				+ "7Ubmy2oFOoUnVgnhRzAf/bajbkz4ScUgd2JrUdIEhNNVwDn/llnS/UHBlZY++BtW\n"
+				+ "mvyon9ObXgPNPoHcJqzrqARu8PPJQEsZ+xjxM/gyif3prn6Uct6R8B8CgYEA1mHd\n"
+				+ "Astwht39z16FoX9rQRGgx64Z0nesfTjl+4mkypz6ukkcfU1GjobqEG3k666+OJk1\n"
+				+ "SRs8s20Pahrh21LO5x/QtvChhZ+nIedqlhBlNH9uUJI9ChbUN0luetiSPT8F5aqg\n"
+				+ "gZMY13K5icAQ+98EcNwl7ZhVPq0BvLlbqTWi9gMCgYEAjtVqoQxob6lKtIJZ19+t\n"
+				+ "i/aZRyFmAe+6p4UpM8vpl9SjhFrUmGV5neV9ROc+79FfCqlOD3NmfGgaIbUDsTsv\n"
+				+ "irVoWLBzgBUpzKYkw6HGQpXJS4RvIyy6tw6Tm6MFylpuQPXNlyU5ZrHBos4eGGiC\n"
+				+ "2BPjo2MFqH5D41r9dv+sdmkCgYEAtSJYx3y2pe04/xYhGFP9fivzyeMrRC4DWoZR\n"
+				+ "oxcoWl0KZ41QefppzBDoAVuo2Q17AX1JjWxq/DsAlCkEffhYguXZxkhIYQuE/lt2\n"
+				+ "LjbKG/IzdfYphrXFNrVfmIIWBZOTWvqwxOpRSfBQHbhfYUCMkwMfNMHJ/LvWxOtk\n"
+				+ "K/L6rpsCgYB6p9RU2kXexAh9kUpbGqVeJBoIh6ArXHgepESE/7dPw26D0DM0mef0\n"
+				+ "X1MasxN3JF7ZsSGfcCLXnICSJHuNTy9WztqF3hUbQwYd9vmZxtzAo5/fK4DVAaXS\n"
+				+ "ZtIVl/CH/az0xqLKWIlmWOip9SfUVlZdgege+PlQtRqoFVOsH8+MEg==\n"
+				+ "-----END RSA PRIVATE KEY-----";
+		
+		ImportRequest importRequest = new ImportRequest();
+		importRequest.certificateData(cert);
+		importRequest.privateKeyData(pk);
+		importRequest.policyDN(clientResource.zoneConfiguration().zoneId());
+	
+	
+		ImportResponse response = clientResource.client().importCertificate(importRequest);
+		assertThat(response).isNotNull();
+		assertThat(response.certificateDN()).isNotNull();
+		assertThat(response.certificateVaultId()).isGreaterThan(0);
+		assertThat(response.privateKeyVaultId()).isGreaterThan(0);
+	}
+	
+	@Test
+	void privateKeyPKCSTest() throws VCertException, UnknownHostException, IOException {
+		VCertTknClient client = clientResource.client();
+	    ZoneConfiguration zoneConfiguration = clientResource.zoneConfiguration();
+	    
+	    //By default the DataFormat of the CertificateRequest is PKCS8
+	    CertificateRequest certificateRequest = clientResource.certificateRequest()
+	            .csrOrigin(CsrOriginOption.ServiceGeneratedCSR)
+	            .keyPassword(TestUtils.KEY_PASSWORD);
+	    
+	    certificateRequest = client.generateRequest(zoneConfiguration, certificateRequest);
+	    String pickupId = client.requestCertificate(certificateRequest, zoneConfiguration);
+	    assertThat(pickupId).isNotNull();
+	    
+	    //Retrieving the PemCollection
+	    PEMCollection pemCollectionRSAPrivateKeyPKCS8 = client.retrieveCertificate(certificateRequest);
+	    
+	    //getting the PrivateKey as PEM which should be a RSA Private Key in PKCS8 Encrypted
+	    String privateKeyPKCS8AsEncryptedPem = pemCollectionRSAPrivateKeyPKCS8.pemPrivateKey();
+	    
+	    PemObject privateKeyPKCS8AsPemObject = new PemReader(new StringReader(privateKeyPKCS8AsEncryptedPem)).readPemObject();
+	    
+	    //evaluating that the private Key is in PKCS8 Encrypted
+	    assertThat(pemCollectionRSAPrivateKeyPKCS8.privateKey()).isNotNull();
+	    assertTrue(privateKeyPKCS8AsPemObject.getType().equals(TestUtils.PEM_HEADER_PKCS8_ENCRYPTED));
+	    
+	    //changing to data format Legacy in order to get the PrivateKey in PKCS1
+	    certificateRequest.dataFormat(DataFormat.LEGACY);
+	    
+	    //Retrieving the PemCollection
+	    PEMCollection pemCollectionRSAPrivateKey = client.retrieveCertificate(certificateRequest);
+	    
+	    //getting the PrivateKey as PEM which should be a RSA Private Key Encrypted
+	    String privateKeyRSAAsEncryptedPem = pemCollectionRSAPrivateKey.pemPrivateKey();
+	    
+	    PemObject privateKeyRSAAsPemObject = new PemReader(new StringReader(privateKeyRSAAsEncryptedPem)).readPemObject();
+	    
+	    //evaluating that the private Key is in PKCS1 Encrypted
+	    assertThat(pemCollectionRSAPrivateKey.privateKey()).isNotNull();
+	    assertTrue(privateKeyRSAAsPemObject.getHeaders().stream().anyMatch(header -> TestUtils.PEM_RSA_PRIVATE_KEY_ENCRYPTED_HEADER_VALUE.equals(((PemHeader)header).getValue())));
+	}
+
+}