From 8f11c629af9993b25b900c969713d76940462381 Mon Sep 17 00:00:00 2001 From: Davide Vacca Date: Fri, 7 Nov 2025 17:17:07 +0100 Subject: [PATCH 1/2] Add tests for setSslCaCert --- src/test/java/com/onfido/OnfidoTest.java | 78 ++++++++++++++++++++++++ 1 file changed, 78 insertions(+) diff --git a/src/test/java/com/onfido/OnfidoTest.java b/src/test/java/com/onfido/OnfidoTest.java index 963b585..fb4f7b1 100644 --- a/src/test/java/com/onfido/OnfidoTest.java +++ b/src/test/java/com/onfido/OnfidoTest.java @@ -5,9 +5,17 @@ import com.onfido.ApiClient.Region; import com.onfido.api.DefaultApi; +import java.io.ByteArrayInputStream; +import java.io.InputStream; +import java.math.BigInteger; import java.net.InetSocketAddress; import java.net.Proxy; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.cert.X509Certificate; +import java.util.Date; import java.util.UUID; +import javax.security.auth.x500.X500Principal; import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; @@ -83,4 +91,74 @@ public void usesProxy() { Assertions.assertEquals(proxy, onfido.getApiClient().getProxy()); } + + @Test + public void throwsExceptionWhenDisablingSslVerification() { + IllegalStateException thrown = + assertThrows( + IllegalStateException.class, + () -> apiClient.setVerifyingSsl(false), + "Expected IllegalStateException when disabling SSL verification"); + + assertTrue(thrown.getMessage().contains("SSL verification cannot be disabled for security reasons")); + assertTrue(thrown.getMessage().contains("man-in-the-middle attacks")); + assertTrue(thrown.getMessage().contains("setSslCaCert")); + } + + @Test + public void allowsEnablingSslVerification() { + // This should not throw any exception + apiClient.setVerifyingSsl(true); + assertTrue(apiClient.isVerifyingSsl()); + } + + @Test + public void allowsSettingCustomSslCaCert() throws Exception { + // Test setting SSL CA cert to null (reset to default) + apiClient.setSslCaCert(null); + Assertions.assertNull(apiClient.getSslCaCert()); + + // Use a real valid self-signed certificate generated with OpenSSL + String validSelfSignedCert = "-----BEGIN CERTIFICATE-----\n" + + "MIIDFzCCAf+gAwIBAgIURIF4y3TLRDiHV1hMeGbUsr1/VUgwDQYJKoZIhvcNAQEL\n" + + "BQAwGzEZMBcGA1UEAwwQdGVzdC5leGFtcGxlLmNvbTAeFw0yNTA4MjExMjI5NTFa\n" + + "Fw0yNjA4MjExMjI5NTFaMBsxGTAXBgNVBAMMEHRlc3QuZXhhbXBsZS5jb20wggEi\n" + + "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC67oWn1WnTjWL9QUekOU/qu1O3\n" + + "Zop0pmJiCW5JnA1RpwULyQlEyFIrlGfZvL3Jiysla2rjkQrLfz+zIg79mK9gaszq\n" + + "8rdt7toLwGxAevYkZBPO0kAo1TSVNNbQsAGJedtcAQunsbWib1ARXp5yEKhjll0t\n" + + "pIOeGcbC9OfuCfx8FMEx92qKEhdDvjiUBVb4hIFqbpPIPHA8tdBiWIYtRrahdcyO\n" + + "ZNIGL2fzqUQQDVmIfaQP7i3g4FV0xljqcH9TehwrrQJNBnr52d2Rz3RYfgkEF1uY\n" + + "22Vizi98c7/0Tm8mFZY+adH6QObwd7YMoLmDFSGJ7g3caMpUgj98rTvsLWU3AgMB\n" + + "AAGjUzBRMB0GA1UdDgQWBBQYNjWfqrH6+mTK0BLMzs9hg0AUrTAfBgNVHSMEGDAW\n" + + "gBQYNjWfqrH6+mTK0BLMzs9hg0AUrTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3\n" + + "DQEBCwUAA4IBAQBzJePL3aXomAy09RlQUIpKLPl0/NbB8QKPGYgGVNA6ARFLUoFF\n" + + "wptxWqnnwspBec2Va4bIxBuv3D+hI2PFyGsnTvzDGKdBPOqHfuOUBCjfqe46Ylkm\n" + + "KvO6BJMrX5CNREh5E9S8kz7k6NG5IzBI8TJFUrLi7akr2RqsYPYVmSFnQzQ9lAHo\n" + + "BuEN5hUzqIRAk9iBMTM017jqRDATvxON4txBfn6kW8jT0QRURQ6L0k1d2ys6btjx\n" + + "tRIWBC/t8VoGoD6ToruBqx2v2mnrOtGqaDg5DYUqnG43feKgnk0Vtm/IrR2/sTkE\n" + + "Tnd76Tj7k8hP6sbcRKBSzlcysF+zsokYXVlU\n" + + "-----END CERTIFICATE-----"; + + InputStream testCertStream = new ByteArrayInputStream(validSelfSignedCert.getBytes()); + + // This should not throw any exception with a valid certificate + apiClient.setSslCaCert(testCertStream); + + // Verify the cert was set + Assertions.assertNotNull(apiClient.getSslCaCert()); + + // Verify SSL is still enabled after setting custom cert + assertTrue(apiClient.isVerifyingSsl()); + } + + @Test + public void sslCaCertMethodsWorkTogether() { + // Test that setting SSL CA cert and enabling SSL verification work together + apiClient.setSslCaCert(null); // Reset to default + apiClient.setVerifyingSsl(true); // Should work fine + + // Both should complete without throwing exceptions + assertTrue(apiClient.isVerifyingSsl()); + Assertions.assertNull(apiClient.getSslCaCert()); + } } From 7f1c2c81b15b2a02ea7110a5e1c0d140f1dd275c Mon Sep 17 00:00:00 2001 From: Davide Vacca Date: Fri, 7 Nov 2025 17:19:00 +0100 Subject: [PATCH 2/2] Make linter happy --- src/test/java/com/onfido/OnfidoTest.java | 48 +++++++++---------- .../com/onfido/integration/ReportTest.java | 8 ++++ 2 files changed, 30 insertions(+), 26 deletions(-) diff --git a/src/test/java/com/onfido/OnfidoTest.java b/src/test/java/com/onfido/OnfidoTest.java index fb4f7b1..2bc3b2f 100644 --- a/src/test/java/com/onfido/OnfidoTest.java +++ b/src/test/java/com/onfido/OnfidoTest.java @@ -7,15 +7,9 @@ import com.onfido.api.DefaultApi; import java.io.ByteArrayInputStream; import java.io.InputStream; -import java.math.BigInteger; import java.net.InetSocketAddress; import java.net.Proxy; -import java.security.KeyPair; -import java.security.KeyPairGenerator; -import java.security.cert.X509Certificate; -import java.util.Date; import java.util.UUID; -import javax.security.auth.x500.X500Principal; import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; @@ -100,7 +94,8 @@ public void throwsExceptionWhenDisablingSslVerification() { () -> apiClient.setVerifyingSsl(false), "Expected IllegalStateException when disabling SSL verification"); - assertTrue(thrown.getMessage().contains("SSL verification cannot be disabled for security reasons")); + assertTrue( + thrown.getMessage().contains("SSL verification cannot be disabled for security reasons")); assertTrue(thrown.getMessage().contains("man-in-the-middle attacks")); assertTrue(thrown.getMessage().contains("setSslCaCert")); } @@ -119,25 +114,26 @@ public void allowsSettingCustomSslCaCert() throws Exception { Assertions.assertNull(apiClient.getSslCaCert()); // Use a real valid self-signed certificate generated with OpenSSL - String validSelfSignedCert = "-----BEGIN CERTIFICATE-----\n" + - "MIIDFzCCAf+gAwIBAgIURIF4y3TLRDiHV1hMeGbUsr1/VUgwDQYJKoZIhvcNAQEL\n" + - "BQAwGzEZMBcGA1UEAwwQdGVzdC5leGFtcGxlLmNvbTAeFw0yNTA4MjExMjI5NTFa\n" + - "Fw0yNjA4MjExMjI5NTFaMBsxGTAXBgNVBAMMEHRlc3QuZXhhbXBsZS5jb20wggEi\n" + - "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC67oWn1WnTjWL9QUekOU/qu1O3\n" + - "Zop0pmJiCW5JnA1RpwULyQlEyFIrlGfZvL3Jiysla2rjkQrLfz+zIg79mK9gaszq\n" + - "8rdt7toLwGxAevYkZBPO0kAo1TSVNNbQsAGJedtcAQunsbWib1ARXp5yEKhjll0t\n" + - "pIOeGcbC9OfuCfx8FMEx92qKEhdDvjiUBVb4hIFqbpPIPHA8tdBiWIYtRrahdcyO\n" + - "ZNIGL2fzqUQQDVmIfaQP7i3g4FV0xljqcH9TehwrrQJNBnr52d2Rz3RYfgkEF1uY\n" + - "22Vizi98c7/0Tm8mFZY+adH6QObwd7YMoLmDFSGJ7g3caMpUgj98rTvsLWU3AgMB\n" + - "AAGjUzBRMB0GA1UdDgQWBBQYNjWfqrH6+mTK0BLMzs9hg0AUrTAfBgNVHSMEGDAW\n" + - "gBQYNjWfqrH6+mTK0BLMzs9hg0AUrTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3\n" + - "DQEBCwUAA4IBAQBzJePL3aXomAy09RlQUIpKLPl0/NbB8QKPGYgGVNA6ARFLUoFF\n" + - "wptxWqnnwspBec2Va4bIxBuv3D+hI2PFyGsnTvzDGKdBPOqHfuOUBCjfqe46Ylkm\n" + - "KvO6BJMrX5CNREh5E9S8kz7k6NG5IzBI8TJFUrLi7akr2RqsYPYVmSFnQzQ9lAHo\n" + - "BuEN5hUzqIRAk9iBMTM017jqRDATvxON4txBfn6kW8jT0QRURQ6L0k1d2ys6btjx\n" + - "tRIWBC/t8VoGoD6ToruBqx2v2mnrOtGqaDg5DYUqnG43feKgnk0Vtm/IrR2/sTkE\n" + - "Tnd76Tj7k8hP6sbcRKBSzlcysF+zsokYXVlU\n" + - "-----END CERTIFICATE-----"; + String validSelfSignedCert = + "-----BEGIN CERTIFICATE-----\n" + + "MIIDFzCCAf+gAwIBAgIURIF4y3TLRDiHV1hMeGbUsr1/VUgwDQYJKoZIhvcNAQEL\n" + + "BQAwGzEZMBcGA1UEAwwQdGVzdC5leGFtcGxlLmNvbTAeFw0yNTA4MjExMjI5NTFa\n" + + "Fw0yNjA4MjExMjI5NTFaMBsxGTAXBgNVBAMMEHRlc3QuZXhhbXBsZS5jb20wggEi\n" + + "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC67oWn1WnTjWL9QUekOU/qu1O3\n" + + "Zop0pmJiCW5JnA1RpwULyQlEyFIrlGfZvL3Jiysla2rjkQrLfz+zIg79mK9gaszq\n" + + "8rdt7toLwGxAevYkZBPO0kAo1TSVNNbQsAGJedtcAQunsbWib1ARXp5yEKhjll0t\n" + + "pIOeGcbC9OfuCfx8FMEx92qKEhdDvjiUBVb4hIFqbpPIPHA8tdBiWIYtRrahdcyO\n" + + "ZNIGL2fzqUQQDVmIfaQP7i3g4FV0xljqcH9TehwrrQJNBnr52d2Rz3RYfgkEF1uY\n" + + "22Vizi98c7/0Tm8mFZY+adH6QObwd7YMoLmDFSGJ7g3caMpUgj98rTvsLWU3AgMB\n" + + "AAGjUzBRMB0GA1UdDgQWBBQYNjWfqrH6+mTK0BLMzs9hg0AUrTAfBgNVHSMEGDAW\n" + + "gBQYNjWfqrH6+mTK0BLMzs9hg0AUrTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3\n" + + "DQEBCwUAA4IBAQBzJePL3aXomAy09RlQUIpKLPl0/NbB8QKPGYgGVNA6ARFLUoFF\n" + + "wptxWqnnwspBec2Va4bIxBuv3D+hI2PFyGsnTvzDGKdBPOqHfuOUBCjfqe46Ylkm\n" + + "KvO6BJMrX5CNREh5E9S8kz7k6NG5IzBI8TJFUrLi7akr2RqsYPYVmSFnQzQ9lAHo\n" + + "BuEN5hUzqIRAk9iBMTM017jqRDATvxON4txBfn6kW8jT0QRURQ6L0k1d2ys6btjx\n" + + "tRIWBC/t8VoGoD6ToruBqx2v2mnrOtGqaDg5DYUqnG43feKgnk0Vtm/IrR2/sTkE\n" + + "Tnd76Tj7k8hP6sbcRKBSzlcysF+zsokYXVlU\n" + + "-----END CERTIFICATE-----"; InputStream testCertStream = new ByteArrayInputStream(validSelfSignedCert.getBytes()); diff --git a/src/test/java/com/onfido/integration/ReportTest.java b/src/test/java/com/onfido/integration/ReportTest.java index 656cf85..682715e 100644 --- a/src/test/java/com/onfido/integration/ReportTest.java +++ b/src/test/java/com/onfido/integration/ReportTest.java @@ -6,8 +6,10 @@ import com.onfido.model.Document; import com.onfido.model.DocumentReport; import com.onfido.model.DocumentTypes; +import com.onfido.model.IdentityEnhancedBreakdown; import com.onfido.model.IdentityEnhancedProperties; import com.onfido.model.IdentityEnhancedReport; +import com.onfido.model.IdrSsnBreakdown; import com.onfido.model.Report; import com.onfido.model.ReportDocument; import com.onfido.model.ReportName; @@ -83,6 +85,12 @@ public void findReportTest() throws Exception { Assertions.assertEquals( new IdentityEnhancedProperties(), identityEnhancedReport.getProperties()); + + IdentityEnhancedBreakdown breakdown = identityEnhancedReport.getBreakdown(); + + Assertions.assertNotNull(breakdown); + Assertions.assertNull(breakdown.getSsn()); + Assertions.assertNull(breakdown.getSsn1()); } else { Assertions.fail(); return;