improve test coverage

Author: Akretsch

src/main/java/com/siemens/pki/cmpracomponent/msgprocessing/RaDownstream.java

@@ -228,7 +228,7 @@ private PKIMessage handleCrmfCertificateRequest(
                 final Extensions newExtensions = new Extensions(Stream.concat(
                                 Arrays.stream(extensions.getExtensionOIDs())
                                         .filter(oid -> !oid.equals(AttestationObjectIdentifiers.id_aa_evidence))
-                                        .map(oid -> extensions.getExtension(oid)),
+                                        .map(extensions::getExtension),
                                 Arrays.asList(ratExtension).stream())
                         .toArray(Extension[]::new));
                 certTemplate = new CertTemplateBuilder()
@@ -935,7 +935,7 @@ private PKIMessage processCertResponse(
 
     private Extension processRatVerification(
             final RatVerifierAdapter verifyAdapter, final byte[] transactionId, Extensions extensions)
-            throws CmpProcessingException, InterruptedException, IOException {
+            throws IOException {
         if (extensions == null) {
             return null;
         }

src/main/java/com/siemens/pki/cmpracomponent/persistency/TransactionStateTracker.java

@@ -148,19 +148,6 @@ private boolean isCertResponse(final PKIMessage msg) {
         }
     }
 
-    private boolean isCertResponseWithWaitingIndication(final PKIMessage msg) {
-        try {
-            return ((CertRepMessage) msg.getBody().getContent())
-                            .getResponse()[0]
-                            .getStatus()
-                            .getStatus()
-                            .intValue()
-                    == PKIStatus.WAITING;
-        } catch (final Exception ex) {
-            return false;
-        }
-    }
-
     private boolean isConfirmConfirm(final PKIMessage msg) {
         return msg.getBody().getType() == PKIBody.TYPE_CONFIRM;
     }
@@ -378,7 +365,7 @@ public void trackMessage(final PKIMessage message) throws BaseCmpException, IOEx
                             PKIFailureInfo.badMessageCheck,
                             "request was not answered by cert response for " + MessageDumper.msgAsShortString(message));
                 }
-                if (isCertResponseWithWaitingIndication(message)) {
+                if (isWaitingIndication(message)) {
                     persistencyContext.setLastTransactionState(LastTransactionState.CERTIFICATE_POLLING);
                     return;
                 }

src/main/java/com/siemens/pki/verifieradapter/asn1/AttestationResultBundle.java

@@ -51,10 +51,6 @@ private AttestationResultBundle(ASN1Sequence sequence) {
         }
     }
 
-    public AttestationResultBundle(AttestationResult[] results) {
-        this(results, null);
-    }
-
     public AttestationResultBundle(AttestationResult[] results, Certificate[] certs) {
         this.results = new ASN1EncodableVector();
         this.results.addAll(results);

src/test/java/com/siemens/pki/cmpclientcomponent/test/TestCrWithRAT.java

@@ -410,8 +410,7 @@ public boolean isRaVerifiedAcceptable(final String certProfile, final int bodyTy
         };
     }
 
-    @Override
-    ClientContext getClientContext(final int enrollmentType, KeyPair keyPair, byte[] certificationRequest) {
+    ClientContext getRatClientContext(final int enrollmentType, KeyPair keyPair, boolean requestImplicitConfirm) {
         return new ClientContext() {
 
             @Override
@@ -480,11 +479,6 @@ public KeyPair getCertificateKeypair() {
                         return keyPair;
                     }
 
-                    @Override
-                    public byte[] getCertificationRequest() {
-                        return certificationRequest;
-                    }
-
                     @Override
                     public VerificationContext getEnrollmentTrust() {
                         return enrollmentCredentials;
@@ -507,7 +501,7 @@ public X509Certificate getOldCert() {
 
                     @Override
                     public boolean getRequestImplictConfirm() {
-                        return false;
+                        return requestImplicitConfirm;
                     }
 
                     @Override
@@ -534,10 +528,32 @@ public void setUp() throws Exception {
     public void testCr() throws Exception {
         final EnrollmentResult ret = getSignatureBasedCmpClient(
                         "theCertProfileForOnlineEnrollment",
-                        getClientContext(
+                        getRatClientContext(
+                                PKIBody.TYPE_CERT_REQ,
+                                ConfigurationFactory.getKeyGenerator().generateKeyPair(),
+                                false),
+                        UPSTREAM_TRUST_PATH)
+                .invokeEnrollment();
+        final ASN1OctetString extValue = ASN1OctetString.getInstance(
+                ret.getEnrolledCertificate().getExtensionValue(AttestationObjectIdentifiers.id_aa_ar.getId()));
+        final AttestationResultBundle attestationResultBundle =
+                AttestationResultBundle.getInstance(extValue.getOctets());
+        assertNotNull(attestationResultBundle);
+        assertNotNull(attestationResultBundle.getCerts());
+        for (AttestationResult result : attestationResultBundle.getResults()) {
+            assertNotNull(result.getType());
+            assertNotNull(result.getStmt());
+        }
+    }
+
+    @Test
+    public void testCrWithImplicitConfirm() throws Exception {
+        final EnrollmentResult ret = getSignatureBasedCmpClient(
+                        "theCertProfileForOnlineEnrollment",
+                        getRatClientContext(
                                 PKIBody.TYPE_CERT_REQ,
                                 ConfigurationFactory.getKeyGenerator().generateKeyPair(),
-                                null),
+                                true),
                         UPSTREAM_TRUST_PATH)
                 .invokeEnrollment();
         final ASN1OctetString extValue = ASN1OctetString.getInstance(

src/test/java/com/siemens/pki/verifieradapter/asn1/TestRatAsn1.java

@@ -0,0 +1,92 @@
+/*
+ *  Copyright (c) 2025 Siemens AG
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ */
+package com.siemens.pki.verifieradapter.asn1;
+
+import static org.junit.Assert.*;
+
+import com.siemens.pki.verifieradapter.asn1.NonceRequestValue.NonceRequest;
+import com.siemens.pki.verifieradapter.asn1.NonceResponseValue.NonceResponse;
+import java.io.IOException;
+import java.math.BigInteger;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.DERUTF8String;
+import org.junit.Test;
+
+/**
+ * test some unusual parameter combinations to improve test coverage
+ */
+public class TestRatAsn1 {
+
+    @Test
+    public void testAttestationResultBundle() throws IOException {
+        byte[] encoded = new AttestationResultBundle(
+                        new AttestationResult[] {
+                            new AttestationResult(new ASN1ObjectIdentifier("1.2.3"), new DERUTF8String("hallo"))
+                        },
+                        null)
+                .getEncoded();
+        AttestationResultBundle decoded = AttestationResultBundle.getInstance(encoded);
+        assertEquals(1, decoded.getResults().length);
+        final AttestationResult attestationResult = decoded.getResults()[0];
+        assertEquals(new ASN1ObjectIdentifier("1.2.3"), attestationResult.getType());
+        assertEquals(new DERUTF8String("hallo"), attestationResult.getStmt());
+        assertNull(decoded.getCerts());
+    }
+
+    @Test
+    public void testEvidenceBundle() throws IOException {
+        byte[] encoded = new EvidenceBundle(
+                        new EvidenceStatement[] {
+                            new EvidenceStatement(new ASN1ObjectIdentifier("1.2.3"), new DERUTF8String("hallo"), null)
+                        },
+                        null)
+                .getEncoded();
+        EvidenceBundle decoded = EvidenceBundle.getInstance(encoded);
+        assertEquals(1, decoded.getEvidences().length);
+        final EvidenceStatement evidenceStatement = decoded.getEvidences()[0];
+        assertEquals(new ASN1ObjectIdentifier("1.2.3"), evidenceStatement.getType());
+        assertEquals(new DERUTF8String("hallo"), evidenceStatement.getStmt());
+        assertNull(evidenceStatement.getHint());
+        assertNull(decoded.getCerts());
+    }
+
+    @Test
+    public void testNonceRequestValue() throws IOException {
+        byte[] encoded = new NonceRequestValue(new NonceRequest[] {new NonceRequest((BigInteger) null, null, null)})
+                .getEncoded();
+        NonceRequestValue decoded = NonceRequestValue.getInstance(encoded);
+        assertEquals(1, decoded.getNonceRequests().length);
+        final NonceRequest nonceRequest = decoded.getNonceRequests()[0];
+        assertNull(nonceRequest.getLen());
+        assertNull(nonceRequest.getType());
+        assertNull(nonceRequest.getHint());
+    }
+
+    @Test
+    public void testNonceResponseValue() throws IOException {
+        byte[] encoded = new NonceResponseValue(new NonceResponse[] {new NonceResponse(new byte[10], null, null, null)})
+                .getEncoded();
+        NonceResponseValue decoded = NonceResponseValue.getInstance(encoded);
+        assertEquals(1, decoded.getNonceResponse().length);
+        final NonceResponse nonceRequest = decoded.getNonceResponse()[0];
+        assertNotNull(nonceRequest.getNonce());
+        assertNull(nonceRequest.getExpiry());
+        assertNull(nonceRequest.getType());
+        assertNull(nonceRequest.getHint());
+    }
+}

src/test/java/com/siemens/pki/verifieradapter/asn1/package-info.java

@@ -0,0 +1 @@
+package com.siemens.pki.verifieradapter.asn1;