Use Optional in CertificateData

mrts · mrts · commit f8ce57935c30 · 2025-11-03T19:17:41.000+02:00
WE2-931

Signed-off-by: Mart Somermaa &lt;mrts@users.noreply.github.com&gt;
diff --git a/src/main/java/eu/webeid/security/certificate/CertificateData.java b/src/main/java/eu/webeid/security/certificate/CertificateData.java
@@ -32,43 +32,44 @@
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
 import java.util.Arrays;
+import java.util.Optional;
 import java.util.stream.Collectors;
 
 public final class CertificateData {
 
-    public static String getSubjectCN(X509Certificate certificate) throws CertificateEncodingException {
+    public static Optional<String> getSubjectCN(X509Certificate certificate) throws CertificateEncodingException {
         return getSubjectField(certificate, BCStyle.CN);
     }
 
-    public static String getSubjectSurname(X509Certificate certificate) throws CertificateEncodingException {
+    public static Optional<String> getSubjectSurname(X509Certificate certificate) throws CertificateEncodingException {
         return getSubjectField(certificate, BCStyle.SURNAME);
     }
 
-    public static String getSubjectGivenName(X509Certificate certificate) throws CertificateEncodingException {
+    public static Optional<String> getSubjectGivenName(X509Certificate certificate) throws CertificateEncodingException {
         return getSubjectField(certificate, BCStyle.GIVENNAME);
     }
 
-    public static String getSubjectIdCode(X509Certificate certificate) throws CertificateEncodingException {
+    public static Optional<String> getSubjectIdCode(X509Certificate certificate) throws CertificateEncodingException {
         return getSubjectField(certificate, BCStyle.SERIALNUMBER);
     }
 
-    public static String getSubjectCountryCode(X509Certificate certificate) throws CertificateEncodingException {
+    public static Optional<String> getSubjectCountryCode(X509Certificate certificate) throws CertificateEncodingException {
         return getSubjectField(certificate, BCStyle.C);
     }
 
-    private static String getSubjectField(X509Certificate certificate, ASN1ObjectIdentifier fieldId) throws CertificateEncodingException {
+    private static Optional<String> getSubjectField(X509Certificate certificate, ASN1ObjectIdentifier fieldId) throws CertificateEncodingException {
         return getField(new JcaX509CertificateHolder(certificate).getSubject(), fieldId);
     }
 
-    private static String getField(X500Name x500Name, ASN1ObjectIdentifier fieldId) throws CertificateEncodingException {
+    private static Optional<String> getField(X500Name x500Name, ASN1ObjectIdentifier fieldId) {
         // Example value: [C=EE, CN=JÕEORG\,JAAK-KRISTJAN\,38001085718, 2.5.4.4=#0c074ac395454f5247, 2.5.4.42=#0c0d4a41414b2d4b524953544a414e, 2.5.4.5=#1311504e4f45452d3338303031303835373138]
         final RDN[] rdns = x500Name.getRDNs(fieldId);
         if (rdns.length == 0 || rdns[0].getFirst() == null) {
-            throw new CertificateEncodingException("X500 name RDNs empty or first element is null");
+            return Optional.empty();
         }
-        return Arrays.stream(rdns)
+        return Optional.of(Arrays.stream(rdns)
             .map(rdn -> IETFUtils.valueToString(rdn.getFirst().getValue()))
-            .collect(Collectors.joining(", "));
+            .collect(Collectors.joining(", ")));
     }
 
     private CertificateData() {
diff --git a/src/test/java/eu/webeid/security/certificate/CertificateDataTest.java b/src/test/java/eu/webeid/security/certificate/CertificateDataTest.java
@@ -23,37 +23,33 @@
 
 import org.junit.jupiter.api.Test;
 
-import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
 
 import static eu.webeid.security.testutil.Certificates.getOrganizationCert;
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
 class CertificateDataTest {
 
     @Test
     void whenOrganizationCertificate_thenSubjectCNAndIdCodeAndCountryCodeExtractionSucceeds() throws Exception {
         final X509Certificate organizationCert = getOrganizationCert();
 
-        assertThat(CertificateData.getSubjectCN(organizationCert))
+        assertThat(CertificateData.getSubjectCN(organizationCert).orElseThrow())
             .isEqualTo("Testijad.ee isikutuvastus");
-        assertThat(CertificateData.getSubjectIdCode(organizationCert))
+        assertThat(CertificateData.getSubjectIdCode(organizationCert).orElseThrow())
             .isEqualTo("12276279");
-        assertThat(CertificateData.getSubjectCountryCode(organizationCert))
+        assertThat(CertificateData.getSubjectCountryCode(organizationCert).orElseThrow())
             .isEqualTo("EE");
     }
 
     @Test
-    void whenOrganizationCertificate_thenSubjectGivenNameAndSurnameExtractionFails() throws Exception {
+    void whenOrganizationCertificate_thenSubjectGivenNameAndSurnameAreEmpty() throws Exception {
         final X509Certificate organizationCert = getOrganizationCert();
 
-        assertThatThrownBy(() -> CertificateData.getSubjectGivenName(organizationCert))
-            .isInstanceOf(CertificateEncodingException.class)
-            .hasMessage("X500 name RDNs empty or first element is null");
-        assertThatThrownBy(() -> CertificateData.getSubjectSurname(organizationCert))
-            .isInstanceOf(CertificateEncodingException.class)
-            .hasMessage("X500 name RDNs empty or first element is null");
+        assertThat(CertificateData.getSubjectGivenName(organizationCert))
+            .isEmpty();
+        assertThat(CertificateData.getSubjectSurname(organizationCert))
+            .isEmpty();
     }
 
 }
diff --git a/src/test/java/eu/webeid/security/validator/AuthTokenSignatureTest.java b/src/test/java/eu/webeid/security/validator/AuthTokenSignatureTest.java
@@ -47,15 +47,15 @@ class AuthTokenSignatureTest extends AbstractTestWithValidator {
     void whenValidTokenAndNonce_thenValidationSucceeds() throws Exception {
         final X509Certificate result = validator.validate(validAuthToken, VALID_CHALLENGE_NONCE);
 
-        assertThat(CertificateData.getSubjectCN(result))
+        assertThat(CertificateData.getSubjectCN(result).orElseThrow())
             .isEqualTo("JÕEORG\\,JAAK-KRISTJAN\\,38001085718");
-        assertThat(toTitleCase(CertificateData.getSubjectGivenName(result)))
+        assertThat(toTitleCase(CertificateData.getSubjectGivenName(result).orElseThrow()))
             .isEqualTo("Jaak-Kristjan");
-        assertThat(toTitleCase(CertificateData.getSubjectSurname(result)))
+        assertThat(toTitleCase(CertificateData.getSubjectSurname(result).orElseThrow()))
             .isEqualTo("Jõeorg");
-        assertThat(CertificateData.getSubjectIdCode(result))
+        assertThat(CertificateData.getSubjectIdCode(result).orElseThrow())
             .isEqualTo("PNOEE-38001085718");
-        assertThat(CertificateData.getSubjectCountryCode(result))
+        assertThat(CertificateData.getSubjectCountryCode(result).orElseThrow())
             .isEqualTo("EE");
     }
 
