AUT-2677 Use Optional for getFallbackService

madislm · madislm · commit 93fa0b485e61 · 2026-03-30T15:24:21.000+03:00
diff --git a/src/main/java/eu/webeid/ocsp/service/AiaOcspService.java b/src/main/java/eu/webeid/ocsp/service/AiaOcspService.java
@@ -38,6 +38,7 @@
 import java.security.cert.X509Certificate;
 import java.util.Date;
 import java.util.Objects;
+import java.util.Optional;
 import java.util.Set;
 
 import static eu.webeid.ocsp.protocol.IssuerCommonName.getIssuerCommonName;
@@ -77,8 +78,8 @@ public URI getAccessLocation() {
     }
 
     @Override
-    public FallbackOcspService getFallbackService() {
-        return fallbackOcspService;
+    public Optional<FallbackOcspService> getFallbackService() {
+        return Optional.of(fallbackOcspService);
     }
 
     @Override
diff --git a/src/main/java/eu/webeid/ocsp/service/OcspService.java b/src/main/java/eu/webeid/ocsp/service/OcspService.java
@@ -27,6 +27,7 @@
 
 import java.net.URI;
 import java.util.Date;
+import java.util.Optional;
 
 public interface OcspService {
 
@@ -36,8 +37,8 @@ public interface OcspService {
 
     void validateResponderCertificate(X509CertificateHolder cert, Date now) throws AuthTokenException;
 
-    default FallbackOcspService getFallbackService() {
-        return null;
+    default Optional<FallbackOcspService> getFallbackService() {
+        return Optional.empty();
     }
 
 }
diff --git a/src/main/java/eu/webeid/resilientocsp/ResilientOcspCertificateRevocationChecker.java b/src/main/java/eu/webeid/resilientocsp/ResilientOcspCertificateRevocationChecker.java
@@ -62,6 +62,7 @@
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Optional;
 
 import static java.util.Objects.requireNonNull;
 
@@ -105,12 +106,13 @@ public List<RevocationInfo> validateCertificateNotRevoked(X509Certificate subjec
         OcspService primaryService = resolvePrimaryOcspService(subjectCertificate);
         CircuitBreaker circuitBreaker = circuitBreakerRegistry.circuitBreaker(primaryService.getAccessLocation().toASCIIString());
 
-        if (primaryService.getFallbackService() == null) {
+        Optional<FallbackOcspService> firstFallbackServiceOpt = primaryService.getFallbackService();
+        if (firstFallbackServiceOpt.isEmpty()) {
             return List.of(request(primaryService, subjectCertificate, issuerCertificate, false));
         }
 
         List<RevocationInfo> revocationInfoList = new ArrayList<>();
-        CheckedSupplier<RevocationInfo> fallbackSupplier = buildFallbackSupplier(primaryService, subjectCertificate,
+        CheckedSupplier<RevocationInfo> fallbackSupplier = buildFallbackSupplier(firstFallbackServiceOpt.get(), subjectCertificate,
             issuerCertificate, revocationInfoList);
         CheckedSupplier<RevocationInfo> decoratedSupplier = decorateWithResilience(primaryService, subjectCertificate,
             issuerCertificate, revocationInfoList, fallbackSupplier, circuitBreaker);
@@ -146,11 +148,10 @@ private CircuitBreakerStatistics createCircuitBreakerStatistics(CircuitBreaker c
         );
     }
 
-    private CheckedSupplier<RevocationInfo> buildFallbackSupplier(OcspService primaryService,
+    private CheckedSupplier<RevocationInfo> buildFallbackSupplier(FallbackOcspService firstFallbackService,
                                                                   X509Certificate subjectCertificate,
                                                                   X509Certificate issuerCertificate,
                                                                   List<RevocationInfo> revocationInfoList) {
-        final FallbackOcspService firstFallbackService = primaryService.getFallbackService();
         CheckedSupplier<RevocationInfo> firstFallbackSupplier = () -> {
             try {
                 return request(firstFallbackService, subjectCertificate, issuerCertificate, true);
@@ -329,7 +330,7 @@ private RevocationInfo request(OcspService ocspService, X509Certificate subjectC
             RevocationInfo revocationInfo = getRevocationInfo(ocspResponderUri, e, request, response, requestDuration, responseTime);
             throw new ResilientUserCertificateRevokedException(new ValidationInfo(subjectCertificate, List.of(revocationInfo)));
         } catch (OCSPClientException e) {
-            RevocationInfo revocationInfo = getRevocationInfo(ocspResponderUri, e, request, response, requestDuration, responseTime);
+            RevocationInfo revocationInfo = getRevocationInfo(ocspResponderUri, e, request, null, null, null);
             revocationInfo.ocspResponseAttributes().put(RevocationInfo.KEY_OCSP_RESPONSE, e.getResponseBody());
             revocationInfo.ocspResponseAttributes().put(RevocationInfo.KEY_HTTP_STATUS_CODE, e.getStatusCode());
             throw new ResilientUserCertificateOCSPCheckFailedException(new ValidationInfo(subjectCertificate, List.of(revocationInfo)));
diff --git a/src/test/java/eu/webeid/resilientocsp/ResilientOcspCertificateRevocationCheckerTest.java b/src/test/java/eu/webeid/resilientocsp/ResilientOcspCertificateRevocationCheckerTest.java
@@ -48,6 +48,7 @@
 import java.security.cert.X509Certificate;
 import java.util.List;
 import java.util.Map;
+import java.util.Optional;
 
 import static eu.webeid.ocsp.OcspCertificateRevocationCheckerTest.getOcspResponseBytesFromResources;
 import static eu.webeid.security.testutil.AbstractTestWithValidator.VALID_AUTH_TOKEN;
@@ -284,7 +285,7 @@ void whenOneFallbackIsConfiguredAndPrimaryFails_thenRevocationInfoListShouldHave
         OcspService primaryService = mock(OcspService.class);
         when(primaryService.getAccessLocation()).thenReturn(PRIMARY_URI);
         when(primaryService.doesSupportNonce()).thenReturn(false);
-        when(primaryService.getFallbackService()).thenReturn(fallbackService);
+        when(primaryService.getFallbackService()).thenReturn(Optional.of(fallbackService));
 
         OcspServiceProvider ocspServiceProvider = mock(OcspServiceProvider.class);
         when(ocspServiceProvider.getService(any())).thenReturn(primaryService);
@@ -315,7 +316,7 @@ void whenNoFallbacksAreConfigured_thenRevocationInfoListShouldHaveOneElement() t
         OcspService primaryService = mock(OcspService.class);
         when(primaryService.getAccessLocation()).thenReturn(PRIMARY_URI);
         when(primaryService.doesSupportNonce()).thenReturn(false);
-        when(primaryService.getFallbackService()).thenReturn(null);
+        when(primaryService.getFallbackService()).thenReturn(Optional.empty());
 
         OcspServiceProvider ocspServiceProvider = mock(OcspServiceProvider.class);
         when(ocspServiceProvider.getService(any())).thenReturn(primaryService);
@@ -364,7 +365,7 @@ private ResilientOcspCertificateRevocationChecker buildChecker(OcspClient ocspCl
         OcspService primaryService = mock(OcspService.class);
         when(primaryService.getAccessLocation()).thenReturn(PRIMARY_URI);
         when(primaryService.doesSupportNonce()).thenReturn(false);
-        when(primaryService.getFallbackService()).thenReturn(fallbackService);
+        when(primaryService.getFallbackService()).thenReturn(Optional.of(fallbackService));
 
         OcspServiceProvider ocspServiceProvider = mock(OcspServiceProvider.class);
         when(ocspServiceProvider.getService(any())).thenReturn(primaryService);

Original file line number	Diff line number	Diff line change
`@@ -27,6 +27,7 @@`
`27`	`27`
`28`	`28`	`import java.net.URI;`
`29`	`29`	`import java.util.Date;`
	`30`	`+import java.util.Optional;`
`30`	`31`
`31`	`32`	`public interface OcspService {`
`32`	`33`
`@@ -36,8 +37,8 @@ public interface OcspService {`
`36`	`37`
`37`	`38`	`void validateResponderCertificate(X509CertificateHolder cert, Date now) throws AuthTokenException;`
`38`	`39`
`39`		`- default FallbackOcspService getFallbackService() {`
`40`		`- return null;`
	`40`	`+ default Optional<FallbackOcspService> getFallbackService() {`
	`41`	`+ return Optional.empty();`
`41`	`42`	`}`
`42`	`43`
`43`	`44`	`}`