diff --git a/pom.xml b/pom.xml
index 57e64d6..398c0a4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -129,7 +129,7 @@
ch.qos.logback
logback-classic
- 1.3.12
+ 1.2.13
test
diff --git a/src/main/java/ee/sk/mid/MidAuthenticationResponseValidator.java b/src/main/java/ee/sk/mid/MidAuthenticationResponseValidator.java
index d2f2b2b..61b226f 100644
--- a/src/main/java/ee/sk/mid/MidAuthenticationResponseValidator.java
+++ b/src/main/java/ee/sk/mid/MidAuthenticationResponseValidator.java
@@ -193,7 +193,7 @@ private boolean isCertificateTrusted(X509Certificate certificate) {
certificate.verify(trustedCACertificate.getPublicKey());
return true;
} catch (GeneralSecurityException e) {
- logger.warn("Error verifying signer's certificate: " + certificate.getSubjectDN() + " against CA certificate: " + trustedCACertificate.getSubjectDN(), e);
+ logger.debug("Error verifying signer's certificate: " + certificate.getSubjectDN() + " against CA certificate: " + trustedCACertificate.getSubjectDN(), e);
}
}
return false;
diff --git a/src/test/java/ee/sk/mid/AuthenticationResponseValidatorTest.java b/src/test/java/ee/sk/mid/AuthenticationResponseValidatorTest.java
index 8c0d537..0e13cb0 100644
--- a/src/test/java/ee/sk/mid/AuthenticationResponseValidatorTest.java
+++ b/src/test/java/ee/sk/mid/AuthenticationResponseValidatorTest.java
@@ -43,11 +43,17 @@
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.notNullValue;
+import java.util.Arrays;
import java.security.cert.X509Certificate;
import java.util.Collections;
+import ch.qos.logback.classic.Level;
+import ch.qos.logback.classic.Logger;
+import ch.qos.logback.classic.spi.ILoggingEvent;
+import ch.qos.logback.core.read.ListAppender;
import ee.sk.mid.exception.MidInternalErrorException;
import org.junit.Test;
+import org.slf4j.LoggerFactory;
public class AuthenticationResponseValidatorTest {
@@ -95,6 +101,37 @@ public void validate_whenCertificateNotTrusted_shouldReturnCertificateNotTrusted
assertThat(authenticationResult.getErrors(), hasItem(equalTo("Certificate that was returned is not signed by CA that is configured as trusted in mid-rest-java-client")));
}
+ @Test
+ public void validate_whenTrustedCaIterationFailsInitially_shouldLogAtDebugLevel() {
+ X509Certificate wrongCaCertificate = fileToX509Certificate("/trusted_certificates/TEST_of_ESTEID-SK_2011.pem.crt");
+ X509Certificate correctCaCertificate = fileToX509Certificate("/trusted_certificates/TEST_of_ESTEID-SK_2015.pem.crt");
+ MidAuthenticationResponseValidator validator = new MidAuthenticationResponseValidator(Arrays.asList(wrongCaCertificate, correctCaCertificate));
+
+ Logger validatorLogger = (Logger) LoggerFactory.getLogger(MidAuthenticationResponseValidator.class);
+ Level previousLevel = validatorLogger.getLevel();
+ validatorLogger.setLevel(Level.DEBUG);
+ ListAppender listAppender = new ListAppender<>();
+ listAppender.start();
+ validatorLogger.addAppender(listAppender);
+ try {
+ MidAuthenticationResult authenticationResult = validator.validate(createValidMobileIdAuthentication());
+ assertThat(authenticationResult.isValid(), is(true));
+ } finally {
+ validatorLogger.detachAppender(listAppender);
+ validatorLogger.setLevel(previousLevel);
+ }
+
+ boolean hasDebugLog = listAppender.list.stream()
+ .anyMatch(event -> event.getLevel().equals(Level.DEBUG)
+ && event.getFormattedMessage().contains("Error verifying signer's certificate"));
+ boolean hasWarnLog = listAppender.list.stream()
+ .anyMatch(event -> event.getLevel().equals(Level.WARN)
+ && event.getFormattedMessage().contains("Error verifying signer's certificate"));
+
+ assertThat(hasDebugLog, is(true));
+ assertThat(hasWarnLog, is(false));
+ }
+
@Test
public void validate_whenResultLowerCase_shouldReturnValidAuthenticationResult() throws Exception {
MidAuthentication authentication = MidAuthentication.newBuilder()