AUT-2758 Refactor creating RevocationInfo objects in ResilientOcspCertificateRevocationChecker

madislm · madislm · commit 8b598e3d08e4 · 2026-04-20T15:30:00.000+03:00
diff --git a/src/main/java/eu/webeid/resilientocsp/ResilientOcspCertificateRevocationChecker.java b/src/main/java/eu/webeid/resilientocsp/ResilientOcspCertificateRevocationChecker.java
@@ -291,33 +291,22 @@ private RevocationInfo request(OcspService ocspService, X509Certificate subjectC
                 responseTime = Instant.now();
                 requestDuration = Duration.between(requestTime, responseTime);
                 RevocationInfo revocationInfo = getRevocationInfo(ocspResponderUri, e, request, null, requestDuration, responseTime);
-                revocationInfo.ocspResponseAttributes().put(RevocationInfo.KEY_OCSP_RESPONSE, e.getResponseBody());
-                revocationInfo.ocspResponseAttributes().put(RevocationInfo.KEY_HTTP_STATUS_CODE, e.getStatusCode());
+                revocationInfo = revocationInfo
+                    .withOcspResponse(e.getResponseBody())
+                    .withHttpStatusCode(e.getStatusCode());
                 throw new ResilientUserCertificateOCSPCheckFailedException(new ValidationInfo(subjectCertificate, List.of(revocationInfo)));
             }
             if (response.getStatus() != OCSPResponseStatus.SUCCESSFUL) {
                 ResilientUserCertificateOCSPCheckFailedException exception = new ResilientUserCertificateOCSPCheckFailedException("Response status: " + ocspStatusToString(response.getStatus()));
-                RevocationInfo revocationInfo = new RevocationInfo(ocspService.getAccessLocation(), new HashMap<>(Map.ofEntries(
-                    Map.entry(RevocationInfo.KEY_OCSP_ERROR, exception),
-                    Map.entry(RevocationInfo.KEY_OCSP_REQUEST, request),
-                    Map.entry(RevocationInfo.KEY_OCSP_RESPONSE, response),
-                    Map.entry(RevocationInfo.KEY_REQUEST_DURATION, requestDuration),
-                    Map.entry(RevocationInfo.KEY_OCSP_RESPONSE_TIME, responseTime)
-                )));
+                RevocationInfo revocationInfo = getRevocationInfo(ocspResponderUri, exception, request, response, requestDuration, responseTime);
                 exception.setValidationInfo(new ValidationInfo(subjectCertificate, List.of(revocationInfo)));
                 throw exception;
             }
 
             final BasicOCSPResp basicResponse = (BasicOCSPResp) response.getResponseObject();
             if (basicResponse == null) {
                 ResilientUserCertificateOCSPCheckFailedException exception = new ResilientUserCertificateOCSPCheckFailedException("Missing Basic OCSP Response");
-                RevocationInfo revocationInfo = new RevocationInfo(ocspService.getAccessLocation(), new HashMap<>(Map.ofEntries(
-                    Map.entry(RevocationInfo.KEY_OCSP_ERROR, exception),
-                    Map.entry(RevocationInfo.KEY_OCSP_REQUEST, request),
-                    Map.entry(RevocationInfo.KEY_OCSP_RESPONSE, response),
-                    Map.entry(RevocationInfo.KEY_REQUEST_DURATION, requestDuration),
-                    Map.entry(RevocationInfo.KEY_OCSP_RESPONSE_TIME, responseTime)
-                )));
+                RevocationInfo revocationInfo = getRevocationInfo(ocspResponderUri, exception, request, response, requestDuration, responseTime);
                 exception.setValidationInfo(new ValidationInfo(subjectCertificate, List.of(revocationInfo)));
                 throw exception;
             }
@@ -329,12 +318,7 @@ private RevocationInfo request(OcspService ocspService, X509Certificate subjectC
             }
             LOG.debug("OCSP response verified successfully");
 
-            return new RevocationInfo(ocspResponderUri,new HashMap<>( Map.ofEntries(
-                Map.entry(RevocationInfo.KEY_OCSP_REQUEST, request),
-                Map.entry(RevocationInfo.KEY_OCSP_RESPONSE, response),
-                Map.entry(RevocationInfo.KEY_REQUEST_DURATION, requestDuration),
-                Map.entry(RevocationInfo.KEY_OCSP_RESPONSE_TIME, responseTime)
-            )));
+            return getRevocationInfo(ocspResponderUri, null, request, response, requestDuration, responseTime);
         } catch (ResilientUserCertificateOCSPCheckFailedException e) {
             throw e;
         } catch (UserCertificateRevokedException e) {
@@ -355,20 +339,23 @@ private RevocationInfo request(OcspService ocspService, X509Certificate subjectC
 
     private RevocationInfo getRevocationInfo(URI ocspResponderUri, Exception e, OCSPReq request, OCSPResp response,
                                              Duration requestDuration, Instant end) {
-        RevocationInfo revocationInfo = new RevocationInfo(ocspResponderUri, new HashMap<>(Map.of(RevocationInfo.KEY_OCSP_ERROR, e)));
+        Map<String, Object> ocspResponseAttributes = new HashMap<>();
+        if (e != null) {
+            ocspResponseAttributes.put(RevocationInfo.KEY_OCSP_ERROR, e);
+        }
         if (request != null) {
-            revocationInfo.ocspResponseAttributes().put(RevocationInfo.KEY_OCSP_REQUEST, request);
+            ocspResponseAttributes.put(RevocationInfo.KEY_OCSP_REQUEST, request);
         }
         if (response != null) {
-            revocationInfo.ocspResponseAttributes().put(RevocationInfo.KEY_OCSP_RESPONSE, response);
+            ocspResponseAttributes.put(RevocationInfo.KEY_OCSP_RESPONSE, response);
         }
         if (requestDuration != null) {
-            revocationInfo.ocspResponseAttributes().put(RevocationInfo.KEY_REQUEST_DURATION, requestDuration);
+            ocspResponseAttributes.put(RevocationInfo.KEY_REQUEST_DURATION, requestDuration);
         }
         if (end != null) {
-            revocationInfo.ocspResponseAttributes().put(RevocationInfo.KEY_OCSP_RESPONSE_TIME, end);
+            ocspResponseAttributes.put(RevocationInfo.KEY_OCSP_RESPONSE_TIME, end);
         }
-        return revocationInfo;
+        return new RevocationInfo(ocspResponderUri, ocspResponseAttributes);
     }
 
     private static CircuitBreakerConfig getCircuitBreakerConfig(CircuitBreakerConfig circuitBreakerConfig) {
diff --git a/src/main/java/eu/webeid/security/validator/revocationcheck/RevocationInfo.java b/src/main/java/eu/webeid/security/validator/revocationcheck/RevocationInfo.java
@@ -38,8 +38,20 @@ public record RevocationInfo(URI ocspResponderUri, Map<String, Object> ocspRespo
     public static final String KEY_OCSP_RESPONSE_TIME = "OCSP_RESPONSE_TIME";
 
     public RevocationInfo withCircuitBreakerStatistics(ResilientOcspCertificateRevocationChecker.CircuitBreakerStatistics circuitBreakerStatistics) {
+        return withAdditionalField(KEY_CIRCUIT_BREAKER_STATISTICS, circuitBreakerStatistics);
+    }
+
+    public RevocationInfo withOcspResponse(byte[] ocspResponse) {
+        return withAdditionalField(KEY_OCSP_RESPONSE, ocspResponse);
+    }
+
+    public RevocationInfo withHttpStatusCode(Integer statusCode) {
+        return withAdditionalField(KEY_HTTP_STATUS_CODE, statusCode);
+    }
+
+    private RevocationInfo withAdditionalField(String key, Object value) {
         Map<String, Object> newOcspResponseAttributes = new HashMap<>(ocspResponseAttributes);
-        newOcspResponseAttributes.put(KEY_CIRCUIT_BREAKER_STATISTICS, circuitBreakerStatistics);
+        newOcspResponseAttributes.put(key, value);
         return new RevocationInfo(ocspResponderUri, newOcspResponseAttributes);
     }
 }
