PemReaderTest: fix assertions and remove unused code

michaelklishin · michaelklishin · commit 5938d2a52da6 · 2026-03-11T16:17:17.000-07:00
diff --git a/src/test/java/com/rabbitmq/client/PemReaderTest.java b/src/test/java/com/rabbitmq/client/PemReaderTest.java
@@ -16,7 +16,6 @@
 package com.rabbitmq.client;
 
 import java.security.KeyStore;
-import java.security.PrivateKey;
 import java.security.cert.X509Certificate;
 import java.util.List;
 import java.util.Optional;
@@ -44,16 +43,9 @@ class PemReaderTest {
           + "MIICljCCAX4CAQAwDQYJKoZIhvcNAQEEBQAwgaAxCzAJBgNVBAYTAlBUMRMwEQYD\n"
           + "-----END CERTIFICATE REQUEST-----";
 
-  private static final String ENCRYPTED_PRIVATE_KEY =
-      "-----BEGIN ENCRYPTED PRIVATE KEY-----\n"
-          + "MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI1234567890ABCDE\n"
-          + "-----END ENCRYPTED PRIVATE KEY-----";
-
   @Test
   void testValidCertificateParsing() throws Exception {
-    List<X509Certificate> certs = PemReader.readCertificateChain(VALID_CERTIFICATE);
-    assertNotNull(certs);
-    // Note: parsing may fail due to invalid cert data, but regex should match
+    assertThrows(Exception.class, () -> PemReader.readCertificateChain(VALID_CERTIFICATE));
   }
 
   @Test
@@ -67,7 +59,6 @@ void testEmptyBase64Content() throws Exception {
     String emptyBase64Cert = "-----BEGIN CERTIFICATE-----\n" + "-----END CERTIFICATE-----";
     List<X509Certificate> certs = PemReader.readCertificateChain(emptyBase64Cert);
     assertNotNull(certs);
-    assertDoesNotThrow(() -> PemReader.readCertificateChain(emptyBase64Cert));
   }
 
   @Test
@@ -115,17 +106,12 @@ void testRedosResilienceLongDashString() {
     String dosPayload =
         "-----BEGIN " + "-".repeat(1000) + "-----\n" + "data\n" + "-----END CERTIFICATE-----";
     long startTime = System.nanoTime();
-    List<X509Certificate> result = null;
     try {
-      result = PemReader.readCertificateChain(dosPayload);
-    } catch (Exception e) {
-      // Acceptable to fail, but should not hang
+      PemReader.readCertificateChain(dosPayload);
+    } catch (Exception ignored) {
     }
-    long endTime = System.nanoTime();
-    long elapsedMs = (endTime - startTime) / 1_000_000;
-    assertTrue(
-        elapsedMs < 5000,
-        "ReDoS vulnerability detected: parsing took " + elapsedMs + "ms for malicious input");
+    long elapsedMs = (System.nanoTime() - startTime) / 1_000_000;
+    assertTrue(elapsedMs < 5000, "Timeout exceeded: " + elapsedMs + "ms");
   }
 
   @Test
@@ -135,16 +121,12 @@ void testRedosResilienceRepeatedPattern() {
             + "CERTIFICATE ".repeat(100)
             + "-----\ndata\n-----END CERTIFICATE-----";
     long startTime = System.nanoTime();
-    List<X509Certificate> result = null;
     try {
-      result = PemReader.readCertificateChain(dosPayload);
-    } catch (Exception e) {
-      // Acceptable to fail, but should not hang
+      PemReader.readCertificateChain(dosPayload);
+    } catch (Exception ignored) {
     }
-    long endTime = System.nanoTime();
-    long elapsedMs = (endTime - startTime) / 1_000_000;
-    assertTrue(
-        elapsedMs < 5000, "ReDoS vulnerability detected: parsing took " + elapsedMs + "ms");
+    long elapsedMs = (System.nanoTime() - startTime) / 1_000_000;
+    assertTrue(elapsedMs < 5000, "Timeout exceeded: " + elapsedMs + "ms");
   }
 
   @Test
@@ -157,21 +139,19 @@ void testEmptyCertificateChain() throws Exception {
   @Test
   void testMultipleCertificates() throws Exception {
     String multipleCerts = VALID_CERTIFICATE + "\n" + VALID_CERTIFICATE;
-    // Should parse without error
-    assertDoesNotThrow(() -> PemReader.readCertificateChain(multipleCerts));
+    assertThrows(Exception.class, () -> PemReader.readCertificateChain(multipleCerts));
   }
 
   @Test
   void testKeyPasswordHandling() {
-    // Document that password is converted to char array
     Optional<String> password = Optional.of("test-password");
-    assertDoesNotThrow(() -> PemReader.loadPrivateKey(VALID_PRIVATE_KEY_PKCS8, password));
+    assertThrows(Exception.class, () -> PemReader.loadPrivateKey(VALID_PRIVATE_KEY_PKCS8, password));
   }
 
   @Test
   void testEmptyPasswordHandling() {
     Optional<String> noPassword = Optional.empty();
-    assertDoesNotThrow(() -> PemReader.loadPrivateKey(VALID_PRIVATE_KEY_PKCS8, noPassword));
+    assertThrows(Exception.class, () -> PemReader.loadPrivateKey(VALID_PRIVATE_KEY_PKCS8, noPassword));
   }
 
   @Test
@@ -214,13 +194,7 @@ void testCaseInsensitivity() throws Exception {
   @Test
   void testAllAlgorithmsAttempted() {
     String invalidKey = "-----BEGIN PRIVATE KEY-----\ninvaliddata\n-----END PRIVATE KEY-----";
-    Exception exception =
-        assertThrows(Exception.class, () -> PemReader.loadPrivateKey(invalidKey, Optional.empty()));
-    String message = exception.getMessage();
-    assertNotNull(message);
-    assertFalse(
-        message.contains("RSA: RSA:"),
-        "Error message should not duplicate algorithm names");
+    assertThrows(Exception.class, () -> PemReader.loadPrivateKey(invalidKey, Optional.empty()));
   }
 
   @Test
@@ -257,12 +231,12 @@ void testLongCertificateChain() {
     for (int i = 0; i < 100; i++) {
       longChain.append(VALID_CERTIFICATE).append("\n");
     }
-    assertDoesNotThrow(() -> PemReader.readCertificateChain(longChain.toString()));
+    assertThrows(Exception.class, () -> PemReader.readCertificateChain(longChain.toString()));
   }
 
   @Test
   void testMixedContent() {
     String mixed = "Some random text\n" + VALID_CERTIFICATE + "\nMore random text";
-    assertDoesNotThrow(() -> PemReader.readCertificateChain(mixed));
+    assertThrows(Exception.class, () -> PemReader.readCertificateChain(mixed));
   }
 }
