test: 添加证书编号

scfs-api-core/src/test/java/com/czcb/scfs/api/core/KeyText.java

@@ -39,6 +39,7 @@ public final class KeyText {
             "E6ZWsef5uyYdyjLp2C4cl2A=\n" +
             "-----END PRIVATE KEY-----\n";
 
+    // 证书编号 6CDDAA92CAD75998325027647847330C1756291
     public static final String CERTIFICATE_TEXT_RSA = "-----BEGIN CERTIFICATE-----\n" +
             "MIIDyzCCArOgAwIBAgIUBs3aqSytdZmDJQJ2R4RzMMF1YpEwDQYJKoZIhvcNAQEL\n" +
             "BQAwgY0xCzAJBgNVBAYTAkNOMRIwEAYDVQQIDAnmtZnmsZ/nnIExEjAQBgNVBAcM\n" +
@@ -117,6 +118,52 @@ public final class KeyText {
             "ZPZc8varEGWYvhF+K+hl70kdaBz7hwOX6dg3e2/yuOEzkD3LeTwpA4M=\n" +
             "-----END CERTIFICATE-----";
 
+    // 失效的
+    public static final String PRIVATE_RSA_INVALID = "-----BEGIN PRIVATE KEY-----\n" +
+            "MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCfHOgnUYbFi780EX9xQTdWPvCy\n" +
+            "BhaEnU5Y2p1bW4dHoumgEtjQOkLlRe3Ug1lu6TfhuE9YOQ9+V+Dsnzt7MXIRI7KlOuwpfwXn3e/M\n" +
+            "YP5ZtDBUiuSGNNVSP39wgb6aYXhvFY/Lm9gaO8Q4rauzK94Clw4sH3a7J6ST50xHss8VjSVFUkcP\n" +
+            "hpH+OJBTUrXWiccZCn01XDz0vmq6J3AujM55WBEmoz2r9iiVdCjZsgB4veQIpCKuMvJsEXVgRzUL\n" +
+            "UnaqdX+7BTDBs30kCGyyBarR+wXLAKNQ1nENFs1IGM99I+O8UsD6CvUnt2t7l3B8/qIlOSfds8x+\n" +
+            "BoUxQwhmUaMjAgMBAAECggEAQ+meKz4QdJvnse0wBKKN4Hl/2bRggxzzVliFJnvEG27tIb45nXLo\n" +
+            "n5x/3R9tGjpf+C9namP8eXQ/1C9Iv5XEto0SkJS8PR/y4NspIYZaueX/ZO5diOzfCjqBBf/S32jv\n" +
+            "8xX0aLbtf5D3+SsjaJe2LEvWKD4Luuk6RUjJlaa73dnSuGFSuvYV8MvFdHtfU8L8ZRoqZwmM9QTg\n" +
+            "+Gpix4z6Hy/Mmi1xRl0EhIITq+mV9wR9Ock/0o12nvsNDyDSyrrt3niXTTkVCbct+t4UFwtnrZyH\n" +
+            "dwl1OQ+WleTkUQY+wNgpq4jLjwGowXnqXlKff3tvXEt+3tpdOS8i+kXYwIrvIQKBgQDVnldDo2iq\n" +
+            "TwLcZjXbreHskn/4hvWYUPqucEZ93jmyYNKUKPlXkVnc+kXnS0uuM5JZpi/7+FDkTqwHK83ET4/n\n" +
+            "kTC9zM+K7KyIBbljclPjzXYJAW7nwD8A/vKx6CWi++f4buYc+lttsTprdAZ4/kWPTnvNJSjhSTAR\n" +
+            "SQ32HxkiIQKBgQC+rjujW31WN4d2j48+K0B+7bIQON+VtmBZ48u2ZIQOi4PdoBvHv8HqQyhJlR+6\n" +
+            "z49k5WczSqAXdG2+nIgs8fpjj0lc7YiMIYs0VsLodOToH9J2MfXjWi+A4Y2vbfcjfUuCWhKSZs6B\n" +
+            "eMLNe1LPIBDmlT3A1X83qkCpvAYYQWAkwwKBgFVtslZRZk0dtfYwRf+phT1XxSe9yT/1uprCOd6i\n" +
+            "XY6RnAU2cajsbvSpfgUmnoh3BWMmy+/HeYokUDW59ds5OkKQVN7CpolXZxQqvd4gXZ4vj7HASfsS\n" +
+            "bd/XFXXCcjLA7R70MsCJ+sBebQ+F4gTHI0hRSb9bygJ2g2uWPKgd/a4hAoGABCtZIHxKpEz4iE4h\n" +
+            "SrG1alEWOKaVtPdU6gJCHQ3bmVnRm1H56Yc23UF0qw84r2QEdadSd1ulXn3sPGO90oXD/NNQPljv\n" +
+            "SGkfWxiekGil7LFtb6ot/zeknEPSTkiwQ7VkpkgD6fGXiFs0nzuYFvFTjUcsH4BLlNMDMPLsizE6\n" +
+            "wfMCgYANvw4Lq1cVfHAl3f6IZlpWHPFEEJbPcBLu9+qtUlZjleCaWA8WXuiBxkqaIkeVi3JMst34\n" +
+            "adfIfBsAk4FeyLpkiTYNjOckZvXFXYKA3a05l/RJ5rsnnI9GRh+3Gk3V+87OU7HwMU6jNZmQiPIO\n" +
+            "/jerEvZ9A5tbuzKkfJj2F0ZXfw==\n" +
+            "-----END PRIVATE KEY-----";
+
+    // 失效的证书 823CF3E310F2E2ED1AF85506E74A95DC4301006FDEF2FD019953FAF4DE12A8BF
+    public static final String CERTIFICATE_RSA_INVALID = "-----BEGIN CERTIFICATE-----\n" +
+            "MIIDeTCCAmGgAwIBAgIhAII88+MQ8uLtGvhVBudKldxDAQBv3vL9AZlT+vTeEqi/MA0GCSqGSIb3\n" +
+            "DQEBCwUAMIGNMQswCQYDVQQGEwJDTjESMBAGA1UECAwJ5rWZ5rGf55yBMRIwEAYDVQQHDAnmna3l\n" +
+            "t57luIIxITAfBgNVBAoMGOa1meaxn+eooOW3nuWVhuS4mumTtuihjDEYMBYGA1UECwwP5pWw5a2X\n" +
+            "6YeR6J6N6YOoMRkwFwYDVQQDDBBzY2ZzLmN6Y2IuY29tLmNuMB4XDTIzMDYxODA5MDczMVoXDTI0\n" +
+            "MDYxODA5MDczMVowUjELMAkGA1UEBhMCQ04xEjAQBgNVBAgMCea1meaxn+ecgTESMBAGA1UEBwwJ\n" +
+            "5p2t5bee5biCMRswGQYDVQQKDBLnqKDlt57llYbkuJrpk7booYwwggEiMA0GCSqGSIb3DQEBAQUA\n" +
+            "A4IBDwAwggEKAoIBAQCfHOgnUYbFi780EX9xQTdWPvCyBhaEnU5Y2p1bW4dHoumgEtjQOkLlRe3U\n" +
+            "g1lu6TfhuE9YOQ9+V+Dsnzt7MXIRI7KlOuwpfwXn3e/MYP5ZtDBUiuSGNNVSP39wgb6aYXhvFY/L\n" +
+            "m9gaO8Q4rauzK94Clw4sH3a7J6ST50xHss8VjSVFUkcPhpH+OJBTUrXWiccZCn01XDz0vmq6J3Au\n" +
+            "jM55WBEmoz2r9iiVdCjZsgB4veQIpCKuMvJsEXVgRzULUnaqdX+7BTDBs30kCGyyBarR+wXLAKNQ\n" +
+            "1nENFs1IGM99I+O8UsD6CvUnt2t7l3B8/qIlOSfds8x+BoUxQwhmUaMjAgMBAAEwDQYJKoZIhvcN\n" +
+            "AQELBQADggEBACRCHOYH8ncOiYjMm3As7OFdnVDuGByMoZsDucqwrs0mJZVdp3OMgvGhC9zkzdZX\n" +
+            "sJFKQeIRp/13cD1SKxtwfU7w4J+/FWpWPEG9Jf2bLqurYivu0tTa1xe5SDL4unNaj/o7BA0vaKJe\n" +
+            "gagyULAilNCGBCfy59BSR/GQbgAC6pdl3soMx/s1c9BcZVplbq12/rmStGce6h3QqNjwpRMowbVW\n" +
+            "XswXhr08AUevF7UriDjHkCsa6MqQ5x+ShV9qO1f2LDYBQRnM2Ty44EV5eUbHyKOJAYF+WqT6IRiA\n" +
+            "2sMZrKRTHaNZB4j0Vc87HuxDtTNh/EEXU2sO31WZHs3ymAChbC4=\n" +
+            "-----END CERTIFICATE-----";
+
     public static PrivateKey loadTestPrivateKeyRSA2() {
         return PemFile.loadPrivateKeyFromString(PRIVATE_RSA_2);
     }
@@ -125,4 +172,11 @@ public final class KeyText {
         return PemFile.loadX509FromString(CERTIFICATE_RSA_2);
     }
 
+    public static PrivateKey loadPrivateKeyInvalid() {
+        return PemFile.loadPrivateKeyFromString(PRIVATE_RSA_INVALID);
+    }
+
+    public static X509Certificate loadCertificateInvalid() {
+        return PemFile.loadX509FromString(CERTIFICATE_RSA_INVALID);
+    }
 }

scfs-api-core/src/test/java/com/czcb/scfs/api/core/cipher/DefaultSignatureTest.java

@@ -18,7 +18,7 @@ class DefaultSignatureTest {
         certificates.add(KeyText.loadTestRSA());
         CertificateProvider provider = new LocalCertificateProvider(certificates);
 
-        Signer signer = new TestSigner(KeyText.loadTestPrivateKeyRSA());
+        Signer signer = new TestSigner(KeyText.loadTestPrivateKeyRSA(), "");
         Verifier verifier = new TestVerifier(provider);
         DefaultSignature signature = new DefaultSignature(provider, signer, verifier);
 

scfs-api-core/src/test/java/com/czcb/scfs/api/core/cipher/DefaultValidatorTest.java

@@ -32,7 +32,36 @@ class DefaultValidatorTest {
         list.add(certificate);
         CertificateProvider certificateProvider = new LocalCertificateProvider(list);
         Privacy privacy = new TestPrivacy(privateKey, certificateProvider);
-        Signature signature = new DefaultSignature(certificateProvider, new TestSigner(privateKey), new TestVerifier(certificateProvider));
+        Signature signature = new DefaultSignature(certificateProvider,
+                new TestSigner(privateKey, "6CDDAA92CAD75998325027647847330C1756291"),
+                new TestVerifier(certificateProvider));
+
+        return new TestProfile(
+                privacy,
+                signature,
+                new DefaultChannel.Builder()
+                        .channelNo("000000")
+                        .appNo("111111")
+                        .build(),
+                new DefaultHttpProfile.Builder()
+                        .online(false)
+                        .logLevel(LogLevel.basic)
+                        .compressionEnabled(false)
+                        .host("http://127.0.0.1:8888")
+                        .build()
+        );
+    }
+
+    Profile buildProfileInvalid() {
+        PrivateKey privateKey = KeyText.loadPrivateKeyInvalid();
+        X509Certificate certificate = KeyText.loadCertificateInvalid();
+        List<X509Certificate> list = new ArrayList<>();
+        list.add(certificate);
+        CertificateProvider certificateProvider = new LocalCertificateProvider(list);
+        Privacy privacy = new TestPrivacy(privateKey, certificateProvider);
+        Signature signature = new DefaultSignature(certificateProvider,
+                new TestSigner(privateKey, "823CF3E310F2E2ED1AF85506E74A95DC4301006FDEF2FD019953FAF4DE12A8BF"),
+                new TestVerifier(certificateProvider));
 
         return new TestProfile(
                 privacy,
@@ -281,4 +310,13 @@ class DefaultValidatorTest {
         Assertions.assertNotNull(defaultValidator.getProfile());
         Assertions.assertEquals("000000", defaultValidator.getProfile().getChannel().getChannelNo());
     }
+
+    @Test
+    void testValidate() {
+        Assertions.assertDoesNotThrow(() -> new DefaultValidator(buildProfile()).validate(null));
+
+        DefaultValidator defaultValidator = new DefaultValidator(buildProfileInvalid());
+        ValidationException exception = Assertions.assertThrows(ValidationException.class, () -> defaultValidator.validate(null));
+        Assertions.assertEquals("证书已失效, 序列号:823CF3E310F2E2ED1AF85506E74A95DC4301006FDEF2FD019953FAF4DE12A8BF", exception.getMessage());
+    }
 }

scfs-api-core/src/test/java/com/czcb/scfs/api/core/cipher/LocalCertificateProviderTest.java

@@ -10,17 +10,6 @@ import java.util.List;
 
 class LocalCertificateProviderTest {
 
-//    @Test
-//    void getCertificate() {
-//        String xx = "38844645436081632637265568516991627875287655057";
-//        X509Certificate certificate = KeyText.loadTestRSA();
-//
-//        List<X509Certificate> list = new ArrayList<>();
-//        list.add(certificate);
-//        LocalCertificateProvider provider = new LocalCertificateProvider(list);
-////        Assertions.assertNotNull(provider.getCertificate(xx));
-//    }
-
     @Test
     void getAvailableCertificate() {
         X509Certificate certificate = KeyText.loadTestRSA();
@@ -34,8 +23,21 @@ class LocalCertificateProviderTest {
     @Test
     void testGetAvailableCertificate() {
         List<X509Certificate> data = new ArrayList<>();
-        Assertions.assertThrows(IllegalArgumentException.class, () -> {
+        Assertions.assertNull(new LocalCertificateProvider(data).getAvailableCertificate());
-            new LocalCertificateProvider(data);
+        Assertions.assertNull(new LocalCertificateProvider(null).getAvailableCertificate());
-        });
+    }
+
+    @Test
+    void testGetAvailableCertificateInvalid() {
+        List<X509Certificate> data = new ArrayList<>();
+        data.add(KeyText.loadCertificateInvalid());
+        LocalCertificateProvider provider = new LocalCertificateProvider(data);
+        X509Certificate certificate = provider.getAvailableCertificate();
+        Assertions.assertNotNull(certificate);
+
+        X509Certificate tmp = provider.getCertificate("823CF3E310F2E2ED1AF85506E74A95DC4301006FDEF2FD019953FAF4DE12A8BF");
+        Assertions.assertNotNull(tmp);
+
+        Assertions.assertFalse(provider.isAvailableCertificate("823CF3E310F2E2ED1AF85506E74A95DC4301006FDEF2FD019953FAF4DE12A8BF"));
     }
 }

scfs-api-core/src/test/java/com/czcb/scfs/api/core/http/ApiClientBuilderTest.java

@@ -29,7 +29,7 @@ class ApiClientBuilderTest {
         list.add(certificate);
         CertificateProvider certificateProvider = new LocalCertificateProvider(list);
         Privacy privacy = new TestPrivacy(privateKey, certificateProvider);
-        Signature signature = new DefaultSignature(certificateProvider, new TestSigner(privateKey), new TestVerifier(certificateProvider));
+        Signature signature = new DefaultSignature(certificateProvider, new TestSigner(privateKey,""), new TestVerifier(certificateProvider));
 
         return new TestProfile(
                 privacy,
@@ -106,7 +106,7 @@ class ApiClientBuilderTest {
         list.add(certificate);
         CertificateProvider certificateProvider = new LocalCertificateProvider(list);
         Privacy privacy = new TestPrivacy(privateKey, certificateProvider);
-        Signature signature = new DefaultSignature(certificateProvider, new TestSigner(privateKey), new TestVerifier(certificateProvider));
+        Signature signature = new DefaultSignature(certificateProvider, new TestSigner(privateKey,""), new TestVerifier(certificateProvider));
 
         return new TestProfile(
                 privacy,
@@ -126,7 +126,7 @@ class ApiClientBuilderTest {
         list.add(certificate);
         CertificateProvider certificateProvider = new LocalCertificateProvider(list);
         Privacy privacy = new TestPrivacy(privateKey, certificateProvider);
-        Signature signature = new DefaultSignature(certificateProvider, new TestSigner(privateKey), new TestVerifier(certificateProvider));
+        Signature signature = new DefaultSignature(certificateProvider, new TestSigner(privateKey,""), new TestVerifier(certificateProvider));
 
         return new TestProfile(
                 privacy,

scfs-api-core/src/test/java/com/czcb/scfs/api/core/http/client/ApacheHttpclientProxyTest.java

@@ -43,7 +43,9 @@ class ApacheHttpclientProxyTest {
         list.add(certificate);
         CertificateProvider certificateProvider = new LocalCertificateProvider(list);
         Privacy privacy = new TestPrivacy(privateKey, certificateProvider);
-        Signature signature = new DefaultSignature(certificateProvider, new TestSigner(privateKey), new TestVerifier(certificateProvider));
+        Signature signature = new DefaultSignature(certificateProvider,
+                new TestSigner(privateKey, "6CDDAA92CAD75998325027647847330C1756291"),
+                new TestVerifier(certificateProvider));
 
         return new TestProfile(
                 privacy, signature, new DefaultChannel.Builder()

scfs-api-core/src/test/java/com/czcb/scfs/api/core/http/client/ApacheHttpclientTest.java

@@ -48,7 +48,9 @@ class ApacheHttpclientTest {
         list.add(certificate);
         CertificateProvider certificateProvider = new LocalCertificateProvider(list);
         Privacy privacy = new TestPrivacy(privateKey, certificateProvider);
-        Signature signature = new DefaultSignature(certificateProvider, new TestSigner(privateKey), new TestVerifier(certificateProvider));
+        Signature signature = new DefaultSignature(certificateProvider,
+                new TestSigner(privateKey, "6CDDAA92CAD75998325027647847330C1756291"),
+                new TestVerifier(certificateProvider));
 
         return new TestProfile(
                 privacy, signature, new DefaultChannel.Builder()

scfs-api-core/src/test/java/com/czcb/scfs/api/core/http/client/ApacheHttpclientTestProxyTest.java

@@ -43,7 +43,9 @@ class ApacheHttpclientTestProxyTest {
         list.add(certificate);
         CertificateProvider certificateProvider = new LocalCertificateProvider(list);
         Privacy privacy = new TestPrivacy(privateKey, certificateProvider);
-        Signature signature = new DefaultSignature(certificateProvider, new TestSigner(privateKey), new TestVerifier(certificateProvider));
+        Signature signature = new DefaultSignature(certificateProvider,
+                new TestSigner(privateKey, "6CDDAA92CAD75998325027647847330C1756291"),
+                new TestVerifier(certificateProvider));
 
         return new TestProfile(
                 privacy, signature, new DefaultChannel.Builder()

scfs-api-core/src/test/java/com/czcb/scfs/api/core/http/client/ApacheHttpclientV2Test.java

@@ -44,7 +44,9 @@ class ApacheHttpclientV2Test {
         list.add(certificate);
         CertificateProvider certificateProvider = new LocalCertificateProvider(list);
         Privacy privacy = new TestPrivacy(privateKey, certificateProvider);
-        Signature signature = new DefaultSignature(certificateProvider, new TestSigner(privateKey), new TestVerifier(certificateProvider));
+        Signature signature = new DefaultSignature(certificateProvider,
+                new TestSigner(privateKey, "6CDDAA92CAD75998325027647847330C1756291"),
+                new TestVerifier(certificateProvider));
 
         return new TestProfile(
                 privacy, signature, new DefaultChannel.Builder()

scfs-api-core/src/test/java/com/czcb/scfs/api/core/http/client/ApacheHttpclientV3Test.java

@@ -44,7 +44,9 @@ class ApacheHttpclientV3Test {
         list.add(certificate);
         CertificateProvider certificateProvider = new LocalCertificateProvider(list);
         Privacy privacy = new TestPrivacy(privateKey, certificateProvider);
-        Signature signature = new DefaultSignature(certificateProvider, new TestSigner(privateKey), new TestVerifier(certificateProvider));
+        Signature signature = new DefaultSignature(certificateProvider,
+                new TestSigner(privateKey,"6CDDAA92CAD75998325027647847330C1756291"),
+                new TestVerifier(certificateProvider));
 
         return new TestProfile(
                 privacy, signature, new DefaultChannel.Builder()

scfs-api-core/src/test/java/com/czcb/scfs/api/core/http/client/ApacheHttpclientValidTest.java

@@ -0,0 +1,125 @@
+package com.czcb.scfs.api.core.http.client;
+
+import com.czcb.scfs.api.core.*;
+import com.czcb.scfs.api.core.cipher.*;
+import com.czcb.scfs.api.core.exception.ValidationException;
+import com.czcb.scfs.api.core.http.*;
+import com.czcb.scfs.api.core.util.DateTimes;
+import com.czcb.scfs.api.core.util.Nonce;
+import com.czcb.scfs.api.core.util.Strings;
+import com.google.gson.Gson;
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockserver.client.MockServerClient;
+import org.mockserver.junit.jupiter.MockServerExtension;
+import org.mockserver.junit.jupiter.MockServerSettings;
+
+import java.nio.charset.StandardCharsets;
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.List;
+
+import static com.czcb.scfs.api.core.Constants.*;
+import static org.mockserver.model.HttpRequest.request;
+import static org.mockserver.model.HttpResponse.response;
+
+@ExtendWith(MockServerExtension.class)
+@MockServerSettings(ports = {8888})
+class ApacheHttpclientValidTest {
+    private MockServerClient client;
+
+    @BeforeEach
+    public void beforeEachLifecyleMethod(MockServerClient client) {
+        this.client = client;
+    }
+
+    private Profile profile() {
+        PrivateKey privateKey = KeyText.loadPrivateKeyInvalid();
+        X509Certificate certificate = KeyText.loadCertificateInvalid();
+        List<X509Certificate> list = new ArrayList<>();
+        list.add(certificate);
+        CertificateProvider certificateProvider = new LocalCertificateProvider(list);
+        Privacy privacy = new TestPrivacy(privateKey, certificateProvider);
+        Signature signature = new DefaultSignature(certificateProvider,
+                new TestSigner(privateKey, "823CF3E310F2E2ED1AF85506E74A95DC4301006FDEF2FD019953FAF4DE12A8BF"),
+                new TestVerifier(certificateProvider));
+
+        return new TestProfile(
+                privacy, signature, new DefaultChannel.Builder()
+                .channelNo("0000")
+                .appNo("100000")
+                .build(), new DefaultHttpProfile.Builder()
+                .online(false)
+                .logLevel(LogLevel.basic)
+                .compressionEnabled(false)
+                .host("http://127.0.0.1:8888")
+                .build()
+        );
+    }
+
+    @Test
+    void doRemoteExecuteInvalid() {
+        ApiClient apiClient = ApiClientBuilder.custom()
+                .profile(profile())
+                .build();
+
+        // 对称密钥
+        byte[] secret = apiClient.getProfile().getPrivacy().getSecretCipher().getSecretKey();
+        // 加密响应报文
+        String responseBody = apiClient.getProfile().getPrivacy().getSecretCipher().encrypt(secret, "{\"a\":\"123\"}".getBytes(StandardCharsets.UTF_8));
+
+        // 加密对称密钥
+        String secretKey = apiClient.getProfile().getPrivacy().getEncryptor().encrypt(Strings.toStr(secret));
+
+        org.mockserver.model.HttpResponse mock = response()
+                .withBody(responseBody)
+                .withHeader(NONCE, Nonce.ofNonce())
+                .withHeader(SECRET_KEY, secretKey)
+                .withHeader(BANK_CERTIFICATE_SERIAL, "823CF3E310F2E2ED1AF85506E74A95DC4301006FDEF2FD019953FAF4DE12A8BF")
+                .withHeader(CHANNEL_CERTIFICATE_SERIAL, "823CF3E310F2E2ED1AF85506E74A95DC4301006FDEF2FD019953FAF4DE12A8BF")
+                .withHeader(REQUEST_ID, Nonce.ofNonce())
+                .withHeader(TIMESTAMP, DateTimes.ofTimestamp() + 800);
+
+        String buildAuth = NONCE + "=" + mock.getHeader(NONCE).get(0) + "," +
+                TIMESTAMP + "=" + mock.getHeader(TIMESTAMP).get(0) + "," +
+                BANK_CERTIFICATE_SERIAL + "=" + mock.getHeader(BANK_CERTIFICATE_SERIAL).get(0) + "," +
+                CHANNEL_CERTIFICATE_SERIAL + "=" + mock.getHeader(CHANNEL_CERTIFICATE_SERIAL).get(0) + "," +
+                SECRET_KEY + "=" + secretKey;
+
+        String message = buildAuth + "\n" + "\n";
+        mock.withHeader(SIGNATURE, apiClient.getProfile().getSignature().getSigner().sign(message).getSignature());
+
+        client.when(request()
+                .withMethod(HttpMethod.POST.getUpperName())
+                .withPath("/mock/invalid")
+        ).respond(mock);
+
+        TestRequest request = new TestRequest();
+        RequestBody requestBody = new JsonRequestBody.Builder()
+                .body(new Gson().toJson(request))
+                .build();
+
+        HttpHeaders headers = new HttpHeaders();
+        ValidationException exception = Assertions.assertThrows(ValidationException.class, () -> apiClient.post("/mock/invalid", headers, requestBody, TestResponse.class));
+        Assertions.assertEquals("证书已失效, 序列号:823CF3E310F2E2ED1AF85506E74A95DC4301006FDEF2FD019953FAF4DE12A8BF", exception.getMessage());
+    }
+
+
+    public static class TestRequest implements ApiRequest {
+    }
+
+    public static class TestResponse implements ApiResponse {
+        private String name;
+
+        public String getName() {
+            return name;
+        }
+
+        public void setName(String name) {
+            this.name = name;
+        }
+    }
+}

scfs-api-core/src/test/java/com/czcb/scfs/api/core/http/client/TestSigner.java

@@ -13,7 +13,7 @@ public class TestSigner extends AbstractSigner {
     /**
      * @param privateKey API私钥
      */
-    public TestSigner(PrivateKey privateKey) {
+    public TestSigner(PrivateKey privateKey, String certificateSerialNumber) {
-        super("SHA256withRSA", "SHA256withRSA", privateKey, null, "");
+        super("SHA256withRSA", "SHA256withRSA", privateKey, null, certificateSerialNumber);
     }
 }