diff --git a/core/src/main/java/dev/fitko/fitconnect/core/validation/DefaultValidationService.java b/core/src/main/java/dev/fitko/fitconnect/core/validation/DefaultValidationService.java
index fa75c8e580ecd3cedfb5aaaf7f82a074c4a32585..a8f33063cc5b61dfdf707ed3353ee11cc7e56c4d 100644
--- a/core/src/main/java/dev/fitko/fitconnect/core/validation/DefaultValidationService.java
+++ b/core/src/main/java/dev/fitko/fitconnect/core/validation/DefaultValidationService.java
@@ -42,7 +42,6 @@ import java.net.Proxy;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.security.cert.CertificateEncodingException;
-import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.time.Instant;
import java.time.ZoneId;
diff --git a/core/src/test/java/dev/fitko/fitconnect/core/validation/DefaultValidationServiceTest.java b/core/src/test/java/dev/fitko/fitconnect/core/validation/DefaultValidationServiceTest.java
index 50dda2ebedf6f6ae1ea4cd7f9bf564e25eaaa6cf..501d862949fc417c5fac156e885cc0b94dc48447 100644
--- a/core/src/test/java/dev/fitko/fitconnect/core/validation/DefaultValidationServiceTest.java
+++ b/core/src/test/java/dev/fitko/fitconnect/core/validation/DefaultValidationServiceTest.java
@@ -31,7 +31,6 @@ import dev.fitko.fitconnect.core.util.FileUtil;
import dev.fitko.fitconnect.jwkvalidator.exceptions.JWKValidationException;
import org.hamcrest.CoreMatchers;
import org.junit.jupiter.api.BeforeEach;
-import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.api.Test;
import java.io.IOException;
@@ -479,7 +478,6 @@ class DefaultValidationServiceTest {
}
@Test
- @Disabled("will be enabled in scope of https://git.fitko.de/fit-connect/planning/-/issues/901")
public void productiveTransmissionServiceCertificateIsValidAccordingToRootCertificates() throws JWKValidationException, ParseException {
DefaultValidationService defaultValidationService = new DefaultValidationService(
@@ -492,7 +490,6 @@ class DefaultValidationServiceTest {
}
@Test
- @Disabled("will be enabled in scope of https://git.fitko.de/fit-connect/planning/-/issues/901")
public void fitConnectTestCertificateIsValidAccordingToTestRootCertificates() throws JWKValidationException, ParseException {
DefaultValidationService defaultValidationService = new DefaultValidationService(
@@ -505,8 +502,7 @@ class DefaultValidationServiceTest {
}
@Test
- @Disabled("will be enabled in scope of https://git.fitko.de/fit-connect/planning/-/issues/901")
- public void revokedFitConnectTestCertificateIsInvalidAccordingToTestRootCertificates() throws JWKValidationException, ParseException {
+ public void revokedFitConnectTestCertificateIsInvalidAccordingToTestRootCertificates() throws ParseException {
DefaultValidationService defaultValidationService = new DefaultValidationService(
getApplicationConfig(false), hashService, schemaProvider,
@@ -514,7 +510,18 @@ class DefaultValidationServiceTest {
RSAKey rsaKey = RSAKey.parse(FileUtil.loadContentOfFile("certificates/grp-fitko-testzertifikat-fit-connect-2.json"));
- defaultValidationService.validateCertChain(rsaKey, KeyOperation.VERIFY);
+ Exception exception = assertThrows(JWKValidationException.class, () -> {
+ defaultValidationService.validateCertChain(rsaKey, KeyOperation.VERIFY);
+ });
+
+ /**
+ * ATTENTION!
+ *
+ * The term "UNKNOWN" in the expected error message is derived from the response, that our certificate provider
+ * is retrieving when checking the list of revoked certificates. Currently, the text is misleading and the
+ * provider may fix this in the future. Then the expected error text in this test has to be adjusted.
+ */
+ assertThat(exception.getMessage(), is("JWK with id rRaGt35McGycD4MeRyHZSLFo7dda2PEJscBuPT1KJdE-wrapKey returned certificate status UNKNOWN for OCSP check"));
}
@Test