WIP: Add and pass test cases for basic constraints handling

src/test/java/net/ripe/rpki/commons/interop/BBNCMSConformanceTest.java

@@ -56,25 +56,38 @@ public class BBNCMSConformanceTest {
             "571, SigInfoBadSigVal,         # incorrect signature 6488#2.1.6.6",
             "543, SigInfoNoHashAlg,         # had no hash algorithm 6488#2.1.6.3"
     })
-    @ParameterizedTest(name = "{displayName} - {0} {1} {2}")
+    @ParameterizedTest(name = "{index}: {arguments}")
     public void testGenericCMSSignedObject(String testNumber, String testCaseFile, String testCaseDescription) throws IOException {
         final String fileName = String.format("root/badCMS%s.roa", testCaseFile);
 
-        assertTrue("Should reject certificate with " + testCaseDescription + " from " + fileName, parseCertificate(fileName));
+        assertTrue("Should reject signed object with " + testCaseDescription + " from " + fileName, parseCertificate(fileName));
     }
 
-    @Disabled("These checks are not implemented yet.")
     @CsvSource({
-            "518, 2DigestAlgs,              # two digest algorithms 6488#2.1.2",
-            "526, SigInfoWrongSid,          # wrong choice of Signer Identifier 6488#2.1.6.2",
-            "542, SigInfoWrongSigAlg,       # has wrong signature algorithm 6488#2.1.6.5 6485#2",
-            "722, SigInfoForbiddenAttr,     # extra - forbidden attribute 6488#2.1.6.4",
+            "572, badEEHasBasicConstraints,      basic constraints extension present 6487#4.8.1",
+            "575, badEEHasCABasicConstraint,     basic constraints extension present with CA bool set to true 6487#4.8.1",
+            "574, badEEKeyUsageHasKeyCertSign,   KU has digitalSignature and keyCertSign but no CA basic constraint 6487#4.8.4",
+            "576, badEEKeyUsageHasKeyCertSignCABool,   KU has digitalSignature and keyCertSign and CA basic constraint 6487#4.8.4"
     })
-    @ParameterizedTest(name = "{displayName} - {0} {1} {2}")
-    public void testGenericCMSSignedObject_ignored(String testNumber, String testCaseFile, String testCaseDescription) throws IOException {
+    @ParameterizedTest(name = "{index}: {arguments}")
+    public void shouldRejectCMSWithIncorrectBasicConstrainsOrKU(String testCasenumber, String testCaseFile, String testCaseDescription) throws IOException {
+        final String fileName = String.format("root/%s.roa", testCaseFile);
+
+        assertTrue("Should reject signed object with " + testCaseDescription + " from " + fileName, parseCertificate(fileName));
+    }
+
+
+    @CsvSource({
+            "518, true, 2DigestAlgs,              two digest algorithms 6488#2.1.2",
+            "526, false, SigInfoWrongSid,          wrong choice of Signer Identifier 6488#2.1.6.2",
+            "542, false, SigInfoWrongSigAlg,       has wrong signature algorithm 6488#2.1.6.5 6485#2",
+            "722, false, SigInfoForbiddenAttr,     extra - forbidden attribute 6488#2.1.6.4",
+    })
+    @ParameterizedTest(name = "{index}: {arguments}")
+    public void testGenericCMSSignedObject_ignored(String testNumber, boolean ignoreFailure, String testCaseFile, String testCaseDescription) throws IOException {
         final String fileName = String.format("root/badCMS%s.roa", testCaseFile);
 
-        assertTrue("Should reject certificate with " + testCaseDescription + " from " + fileName, parseCertificate(fileName));
+        assertTrue("Should reject signed object with " + testCaseDescription + " from " + fileName, parseCertificate(fileName));
     }
 
     private boolean parseCertificate(String certificate) throws IOException {
@@ -88,7 +101,6 @@ private boolean parseCertificate(String certificate) throws IOException {
         result.getWarnings().stream()
                 .forEach(warning -> System.out.println("[warning]: " + warning.toString()));
 
-
         return result.hasFailures();
     }
 }

src/test/java/net/ripe/rpki/commons/interop/BBNCertificateConformanceTest.java

@@ -53,14 +53,25 @@ public void shouldRejectCertificateWithTwoKeyUsageBits() throws  IOException {
         assertTrue(parseCertificate("root/badCert2KeyUsage.cer"));
     }
 
+    @CsvSource({
+            "173, badCertNoBasicConstr,       no basic constraints extension 6487#4.8,4.8.1",
+            "174, badCert2BasicConstr,        two basic constraints extensions 5280#4.2",
+    })
+    @ParameterizedTest(name = "{index}: {arguments}")
+    public void shouldRejectCertificateWithIncorrectBasicConstrainsOrKU(String testCasenumber, String testCaseFile, String testCaseDescription) throws IOException {
+        final String fileName = String.format("root/%s.cer", testCaseFile);
+
+        assertTrue("Should reject certificate with " + testCaseDescription + " from " + fileName, parseCertificate(fileName));
+    }
+
     @CsvSource({
             "127, KUsageExtra,          has disallowed key usage bit (nonRepudiation) 6487#4.8.4",
             "217, KUsageDigitalSig,     has disallowed key usage bit (digitalSignature) 6487#4.8.4",
             "128, KUsageNoCertSign,     lacks bit for signing certificates 6487#4.8.4",
             "129, KUsageNoCrit,         key usage extension not critical 6487#4.8.4",
             "131, KUsageNoCRLSign,      lacks bit for signing CRLs 6487#4.8.4"
     })
-    @ParameterizedTest(name = "{displayName} - {0} {1} {2}")
+    @ParameterizedTest(name = "{index}: {arguments}")
     public void shouldRejectCertificateWithIncorrectKeyUsageBits(String testCasenumber, String testCaseFile, String testCaseDescription) throws IOException {
         final String fileName = String.format("root/badCert%s.cer", testCaseFile);
 
@@ -80,6 +91,12 @@ private boolean parseCertificate(String certificate) throws IOException {
         byte[] encoded = Files.toByteArray(file);
         ValidationResult result = ValidationResult.withLocation(file.getName());
         new X509ResourceCertificateParser().parse(result, encoded);
+
+        result.getFailuresForAllLocations().stream()
+                .forEach(failure -> System.out.println("[failure]: " + failure.toString()));
+        result.getWarnings().stream()
+                .forEach(warning -> System.out.println("[warning]: " + warning.toString()));
+
         return result.hasFailures();
     }
 }