Skip to content

Use platform OCSP implementation by default #95

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
mrts wants to merge 1 commit into
base: v4
Choose a base branch
from
Draft

Use platform OCSP implementation by default #95

mrts wants to merge 1 commit into from

Conversation

@mrts
Copy link
Member

@mrts mrts commented Dec 15, 2025

WE2-1030

Signed-off-by: Mart Somermaa mrts@users.noreply.github.com

@mrts mrts marked this pull request as draft December 15, 2025 13:58
@mrts mrts force-pushed the WE2-1030-use-platform-ocsp branch 6 times, most recently from ed385dd to 2c1de73 Compare December 16, 2025 13:49
github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 16, 2025
View reviewed changes
src/main/java/eu/webeid/ocsp/DefaultOcspCertificateRevocationChecker.java Outdated
* @throws AuthTokenException when user certificate is revoked or revocation check fails.
*/
public void validateCertificateNotRevoked(X509Certificate subjectCertificate) throws AuthTokenException {
public RevocationInfo validateCertificateNotRevoked(X509Certificate subjectCertificate, X509Certificate issuerCertificate) throws AuthTokenException {

Check notice

Code scanning / CodeQL

Missing Override annotation

This method overrides [OcspCertificateRevocationChecker.validateCertificateNotRevoked](1); it is advisable to add an Override annotation.
src/test/java/eu/webeid/ocsp/client/OcspClientOverrideTest.java Outdated
private static class OcpClientThatThrowsException extends IOException {
}

public static AuthTokenValidator getAuthTokenValidatorWithOverriddenOcspClient(OcspClient ocspClient) throws CertificateException, JceException, IOException {

Check notice

Code scanning / CodeQL

Useless parameter

The parameter 'ocspClient' is never used.

Copilot Autofix

AI 9 days ago

The best way to fix this problem is to remove the unused parameter from the method signature and update all method calls to stop passing the unnecessary argument. This keeps the code clean and prevents confusion for future maintainers. Specifically, in src/test/java/eu/webeid/ocsp/client/OcspClientOverrideTest.java, modify the signature of getAuthTokenValidatorWithOverriddenOcspClient to remove the OcspClient ocspClient parameter, and update invocations at lines 47 and 63 to call it without arguments. No additional imports or method definitions are required; only method signatures and usages need updating.

Suggested changeset 1
src/test/java/eu/webeid/ocsp/client/OcspClientOverrideTest.java

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/src/test/java/eu/webeid/ocsp/client/OcspClientOverrideTest.java b/src/test/java/eu/webeid/ocsp/client/OcspClientOverrideTest.java
--- a/src/test/java/eu/webeid/ocsp/client/OcspClientOverrideTest.java
+++ b/src/test/java/eu/webeid/ocsp/client/OcspClientOverrideTest.java
@@ -44,7 +44,7 @@
 
     @Test
     void whenOcspClientIsOverridden_thenItIsUsed() throws JceException, CertificateException, IOException {
-        final AuthTokenValidator validator = getAuthTokenValidatorWithOverriddenOcspClient(new OcpClientThatThrows());
+        final AuthTokenValidator validator = getAuthTokenValidatorWithOverriddenOcspClient();
         assertThatThrownBy(() -> validator.validate(validAuthToken, VALID_CHALLENGE_NONCE))
             .cause()
             .isInstanceOf(OcpClientThatThrowsException.class);
@@ -60,9 +60,7 @@
     @Test
     @Disabled("Demonstrates how to configure the built-in HttpClient instance for OcspClientImpl")
     void whenOcspClientIsConfiguredWithCustomHttpClient_thenOcspCallSucceeds() throws JceException, CertificateException, IOException {
-        final AuthTokenValidator validator = getAuthTokenValidatorWithOverriddenOcspClient(
-            new OcspClientImpl(HttpClient.newBuilder().build(), Duration.ofSeconds(5))
-        );
+        final AuthTokenValidator validator = getAuthTokenValidatorWithOverriddenOcspClient();
         assertThatCode(() -> validator.validate(validAuthToken, VALID_CHALLENGE_NONCE))
             .doesNotThrowAnyException();
     }
@@ -77,7 +75,7 @@
     private static class OcpClientThatThrowsException extends IOException {
     }
 
-    public static AuthTokenValidator getAuthTokenValidatorWithOverriddenOcspClient(OcspClient ocspClient) throws CertificateException, JceException, IOException {
+    public static AuthTokenValidator getAuthTokenValidatorWithOverriddenOcspClient() throws CertificateException, JceException, IOException {
         // FIXME: test override
         return AuthTokenValidators.getAuthTokenValidator();
     }
EOF
@@ -44,7 +44,7 @@

@Test
void whenOcspClientIsOverridden_thenItIsUsed() throws JceException, CertificateException, IOException {
final AuthTokenValidator validator = getAuthTokenValidatorWithOverriddenOcspClient(new OcpClientThatThrows());
final AuthTokenValidator validator = getAuthTokenValidatorWithOverriddenOcspClient();
assertThatThrownBy(() -> validator.validate(validAuthToken, VALID_CHALLENGE_NONCE))
.cause()
.isInstanceOf(OcpClientThatThrowsException.class);
@@ -60,9 +60,7 @@
@Test
@Disabled("Demonstrates how to configure the built-in HttpClient instance for OcspClientImpl")
void whenOcspClientIsConfiguredWithCustomHttpClient_thenOcspCallSucceeds() throws JceException, CertificateException, IOException {
final AuthTokenValidator validator = getAuthTokenValidatorWithOverriddenOcspClient(
new OcspClientImpl(HttpClient.newBuilder().build(), Duration.ofSeconds(5))
);
final AuthTokenValidator validator = getAuthTokenValidatorWithOverriddenOcspClient();
assertThatCode(() -> validator.validate(validAuthToken, VALID_CHALLENGE_NONCE))
.doesNotThrowAnyException();
}
@@ -77,7 +75,7 @@
private static class OcpClientThatThrowsException extends IOException {
}

public static AuthTokenValidator getAuthTokenValidatorWithOverriddenOcspClient(OcspClient ocspClient) throws CertificateException, JceException, IOException {
public static AuthTokenValidator getAuthTokenValidatorWithOverriddenOcspClient() throws CertificateException, JceException, IOException {
// FIXME: test override
return AuthTokenValidators.getAuthTokenValidator();
}
Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
@mrts mrts changed the base branch from main to v4 December 16, 2025 13:56
@mrts mrts force-pushed the WE2-1030-use-platform-ocsp branch 6 times, most recently from b018323 to 9f7fb95 Compare December 19, 2025 18:34
@mrts
Use plaform OCSP implementation by default, move custom OCSP implemen…
2e783f3 
…tation to eu.webeid.ocsp and make it optional

WE2-1030

Signed-off-by: Mart Somermaa <mrts@users.noreply.github.com>
@mrts mrts force-pushed the WE2-1030-use-platform-ocsp branch from 9f7fb95 to 2e783f3 Compare December 19, 2025 19:46
@sonarqubecloud
Copy link

sonarqubecloud bot commented Dec 19, 2025

Quality Gate Failed Quality Gate failed

Failed conditions
75.3% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mrts