AUT-2677 Fix exception handling in OcspCertificateRevocationChecker and related tests

madislm · madislm · commit 8e45594978ae · 2026-03-27T11:03:28.000+02:00
diff --git a/src/main/java/eu/webeid/ocsp/OcspCertificateRevocationChecker.java b/src/main/java/eu/webeid/ocsp/OcspCertificateRevocationChecker.java
@@ -22,7 +22,7 @@
 
 package eu.webeid.ocsp;
 
-import eu.webeid.ocsp.client.OcspClient;
+import eu.webeid.ocsp.client.OcspClient;import eu.webeid.ocsp.exceptions.OCSPClientException;
 import eu.webeid.ocsp.protocol.DigestCalculatorImpl;
 import eu.webeid.ocsp.protocol.OcspRequestBuilder;
 import eu.webeid.ocsp.protocol.OcspResponseValidator;
@@ -139,7 +139,7 @@ public List<RevocationInfo> validateCertificateNotRevoked(X509Certificate subjec
 
             return List.of(new RevocationInfo(ocspResponderUri, Map.of(RevocationInfo.KEY_OCSP_RESPONSE, response)));
 
-        } catch (OCSPException | CertificateException | OperatorCreationException | IOException e) {
+        } catch (OCSPException | CertificateException | OperatorCreationException | IOException | OCSPClientException e) {
             throw new UserCertificateOCSPCheckFailedException(e, ocspResponderUri);
         }
     }
diff --git a/src/test/java/eu/webeid/ocsp/OcspCertificateRevocationCheckerTest.java b/src/test/java/eu/webeid/ocsp/OcspCertificateRevocationCheckerTest.java
@@ -65,6 +65,7 @@
 import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.junit.jupiter.api.Assertions.assertInstanceOf;
 import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.mockStatic;
@@ -123,6 +124,8 @@ void whenOcspUrlIsInvalid_thenThrows() throws Exception {
         final OcspCertificateRevocationChecker validator = getOcspCertificateRevocationChecker(ocspServiceProvider);
         assertThatCode(() ->
             validator.validateCertificateNotRevoked(estEid2018Cert, testEsteid2018CA))
+            .isInstanceOf(UserCertificateOCSPCheckFailedException.class)
+            .cause()
             .isInstanceOf(OCSPClientException.class)
             .cause()
             .isInstanceOf(ConnectException.class);
@@ -132,10 +135,11 @@ void whenOcspUrlIsInvalid_thenThrows() throws Exception {
     void whenOcspRequestFails_thenThrows() throws Exception {
         final OcspServiceProvider ocspServiceProvider = getDesignatedOcspServiceProvider("http://demo.sk.ee/ocsps");
         final OcspCertificateRevocationChecker validator = getOcspCertificateRevocationChecker(ocspServiceProvider);
-        OCSPClientException ex = assertThrows(OCSPClientException.class, () ->
+        UserCertificateOCSPCheckFailedException ex = assertThrows(UserCertificateOCSPCheckFailedException.class, () ->
             validator.validateCertificateNotRevoked(estEid2018Cert, testEsteid2018CA));
-        assertThat(ex).hasMessageStartingWith("OCSP request was not successful");
-        assertThat(ex.getStatusCode()).isEqualTo(404);
+        OCSPClientException ocspClientException = assertInstanceOf(OCSPClientException.class, ex.getCause());
+        assertThat(ocspClientException).hasMessageStartingWith("OCSP request was not successful");
+        assertThat(ocspClientException.getStatusCode()).isEqualTo(404);
     }
 
     @Test
@@ -145,6 +149,8 @@ void whenOcspRequestHasInvalidBody_thenThrows() throws Exception {
         );
         assertThatCode(() ->
             validator.validateCertificateNotRevoked(estEid2018Cert, testEsteid2018CA))
+            .isInstanceOf(UserCertificateOCSPCheckFailedException.class)
+            .cause()
             .isInstanceOf(OCSPClientException.class)
             .cause()
             .isInstanceOf(IOException.class)
diff --git a/src/test/java/eu/webeid/ocsp/client/OcspClientOverrideTest.java b/src/test/java/eu/webeid/ocsp/client/OcspClientOverrideTest.java
@@ -48,6 +48,7 @@ class OcspClientOverrideTest extends AbstractTestWithValidator {
     void whenOcspClientIsOverridden_thenItIsUsed() throws JceException, CertificateException, IOException {
         final AuthTokenValidator validator = getAuthTokenValidatorWithOverriddenOcspClient(new OcpClientThatThrows());
         assertThatThrownBy(() -> validator.validate(validAuthToken, VALID_CHALLENGE_NONCE))
+            .cause()
             .isInstanceOf(OcpClientThatThrowsException.class);
     }
 

Original file line number	Diff line number	Diff line change
`@@ -22,7 +22,7 @@`
`22`	`22`
`23`	`23`	`package eu.webeid.ocsp;`
`24`	`24`
`25`		`-import eu.webeid.ocsp.client.OcspClient;`
	`25`	`+import eu.webeid.ocsp.client.OcspClient;import eu.webeid.ocsp.exceptions.OCSPClientException;`
`26`	`26`	`import eu.webeid.ocsp.protocol.DigestCalculatorImpl;`
`27`	`27`	`import eu.webeid.ocsp.protocol.OcspRequestBuilder;`
`28`	`28`	`import eu.webeid.ocsp.protocol.OcspResponseValidator;`
`@@ -139,7 +139,7 @@ public List<RevocationInfo> validateCertificateNotRevoked(X509Certificate subjec`
`139`	`139`
`140`	`140`	`return List.of(new RevocationInfo(ocspResponderUri, Map.of(RevocationInfo.KEY_OCSP_RESPONSE, response)));`
`141`	`141`
`142`		`- } catch (OCSPException \| CertificateException \| OperatorCreationException \| IOException e) {`
	`142`	`+ } catch (OCSPException \| CertificateException \| OperatorCreationException \| IOException \| OCSPClientException e) {`
`143`	`143`	`throw new UserCertificateOCSPCheckFailedException(e, ocspResponderUri);`
`144`	`144`	`}`
`145`	`145`	`}`
Original file line number	Diff line number	Diff line change
`@@ -48,6 +48,7 @@ class OcspClientOverrideTest extends AbstractTestWithValidator {`
`48`	`48`	`void whenOcspClientIsOverridden_thenItIsUsed() throws JceException, CertificateException, IOException {`
`49`	`49`	`final AuthTokenValidator validator = getAuthTokenValidatorWithOverriddenOcspClient(new OcpClientThatThrows());`
`50`	`50`	`assertThatThrownBy(() -> validator.validate(validAuthToken, VALID_CHALLENGE_NONCE))`
	`51`	`+ .cause()`
`51`	`52`	`.isInstanceOf(OcpClientThatThrowsException.class);`
`52`	`53`	`}`
`53`	`54`