diff options
author | Remigiusz Janeczek <remigiusz.janeczek@nokia.com> | 2021-07-02 09:49:20 +0200 |
---|---|---|
committer | Remigiusz Janeczek <remigiusz.janeczek@nokia.com> | 2021-07-14 09:16:13 +0200 |
commit | 2cdaccb63c0f01b42ca1b83749ee42b537620919 (patch) | |
tree | 96588d7c83da6dee722911eaf03df0c5cd586eb3 | |
parent | 78b60d22b8779d1fbf3e27287b9774862f71404b (diff) |
[OOM-CERT-SERVICE] Remove CaMode from Cmpv2Server configuration
Issue-ID: OOM-2753
Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
Change-Id: I10662551a315a0b38b1213513d07ab2a4ccf5326
13 files changed, 19 insertions, 93 deletions
diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/configuration/model/CaMode.java b/certService/src/main/java/org/onap/oom/certservice/certification/configuration/model/CaMode.java deleted file mode 100644 index 9980ef50..00000000 --- a/certService/src/main/java/org/onap/oom/certservice/certification/configuration/model/CaMode.java +++ /dev/null @@ -1,35 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * PROJECT - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.oom.certservice.certification.configuration.model; - -public enum CaMode { - RA("RA"), CLIENT("Client"); - - private String profile; - - CaMode(String profile) { - this.profile = profile; - } - - public String getProfile() { - return profile; - } -} diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/configuration/model/Cmpv2Server.java b/certService/src/main/java/org/onap/oom/certservice/certification/configuration/model/Cmpv2Server.java index b27f2888..d2b62f7f 100644 --- a/certService/src/main/java/org/onap/oom/certservice/certification/configuration/model/Cmpv2Server.java +++ b/certService/src/main/java/org/onap/oom/certservice/certification/configuration/model/Cmpv2Server.java @@ -1,8 +1,8 @@ /* * ============LICENSE_START======================================================= - * PROJECT + * Cert Service * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. + * Copyright (C) 2020-2021 Nokia. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -23,10 +23,12 @@ package org.onap.oom.certservice.certification.configuration.model; import javax.validation.Valid; import javax.validation.constraints.NotNull; +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import org.bouncycastle.asn1.x500.X500Name; import org.hibernate.validator.constraints.Length; import org.onap.oom.certservice.certification.configuration.validation.constraints.Cmpv2Url; +@JsonIgnoreProperties(ignoreUnknown = true) public class Cmpv2Server { private static final int MAX_CA_NAME_LENGTH = 128; @@ -35,8 +37,6 @@ public class Cmpv2Server { @Valid private Authentication authentication; @NotNull - private CaMode caMode; - @NotNull @Length(min = 1, max = MAX_CA_NAME_LENGTH) private String caName; @NotNull @@ -52,14 +52,6 @@ public class Cmpv2Server { this.authentication = authentication; } - public CaMode getCaMode() { - return caMode; - } - - public void setCaMode(CaMode caMode) { - this.caMode = caMode; - } - public String getCaName() { return caName; } @@ -88,11 +80,9 @@ public class Cmpv2Server { public String toString() { return "Cmpv2Server{" + "authentication=" + authentication - + ", caMode=" + caMode + ", caName='" + caName + '\'' + ", issuerDN='" + issuerDN + '\'' + ", url='" + url + '\'' + '}'; } - } diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/validation/CmpCertificationValidator.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/validation/CmpCertificationValidator.java index 40a2a1d9..0d908bea 100644 --- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/validation/CmpCertificationValidator.java +++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/validation/CmpCertificationValidator.java @@ -36,7 +36,6 @@ import org.bouncycastle.asn1.cmp.CertResponse; import org.bouncycastle.asn1.cmp.PKIHeader; import org.bouncycastle.asn1.cmp.PKIMessage; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.onap.oom.certservice.certification.configuration.model.CaMode; import org.onap.oom.certservice.certification.configuration.model.Cmpv2Server; import org.onap.oom.certservice.certification.model.CsrModel; import org.onap.oom.certservice.cmpv2client.exceptions.CmpClientException; @@ -48,7 +47,6 @@ import org.slf4j.LoggerFactory; public class CmpCertificationValidator { private static final String DEFAULT_CA_NAME = "Certification Authority"; - private static final String DEFAULT_PROFILE = CaMode.RA.getProfile(); private static final ASN1ObjectIdentifier PASSWORD_BASED_MAC = new ASN1ObjectIdentifier("1.2.840.113533.7.66.13"); private static final Logger LOG = LoggerFactory.getLogger(CmpCertificationValidator.class); @@ -60,9 +58,8 @@ public class CmpCertificationValidator { final Date notAfter) { String caName = CmpUtil.isNullOrEmpty(server.getCaName()) ? server.getCaName() : DEFAULT_CA_NAME; - String profile = server.getCaMode() != null ? server.getCaMode().getProfile() : DEFAULT_PROFILE; LOG.info( - "Validate before creating Certificate Request for CA :{} in Mode {} ", caName, profile); + "Validate before creating Certificate Request for CA: {}", caName); CmpUtil.notNull(csrModel, "CsrModel Instance"); CmpUtil.notNull(csrModel.getSubjectData(), "Subject DN"); diff --git a/certService/src/test/java/org/onap/oom/certservice/certification/configuration/CmpServersConfigLoaderTest.java b/certService/src/test/java/org/onap/oom/certservice/certification/configuration/CmpServersConfigLoaderTest.java index 98932d0c..1d6d177f 100644 --- a/certService/src/test/java/org/onap/oom/certservice/certification/configuration/CmpServersConfigLoaderTest.java +++ b/certService/src/test/java/org/onap/oom/certservice/certification/configuration/CmpServersConfigLoaderTest.java @@ -1,6 +1,6 @@ /* * ============LICENSE_START======================================================= - * PROJECT + * Cert Service * ================================================================================ * Copyright (C) 2020-2021 Nokia. All rights reserved. * ================================================================================ @@ -45,7 +45,6 @@ class CmpServersConfigLoaderTest { "CA_NAME", "TEST", "URL", "http://127.0.0.1/ejbca/publicweb/cmp/cmp", "ISSUER_DN", "CN=ManagementCA", - "CA_MODE", "CLIENT", "IAK", "xxx", "RV", "yyy" ); @@ -53,7 +52,6 @@ class CmpServersConfigLoaderTest { "CA_NAME", "TEST2", "URL", "http://127.0.0.1/ejbca/publicweb/cmp/cmpRA", "ISSUER_DN", "CN=ManagementCA2", - "CA_MODE", "RA", "IAK", "xxx", "RV", "yyy" ); @@ -111,7 +109,6 @@ class CmpServersConfigLoaderTest { assertThat(cmpv2Server.getCaName()).isEqualTo(expected.get("CA_NAME")); assertThat(cmpv2Server.getUrl()).isEqualTo(expected.get("URL")); assertThat(cmpv2Server.getIssuerDN()).hasToString(expected.get("ISSUER_DN")); - assertThat(cmpv2Server.getCaMode().name()).isEqualTo(expected.get("CA_MODE")); assertThat(cmpv2Server.getAuthentication().getIak()).isEqualTo(expected.get("IAK")); assertThat(cmpv2Server.getAuthentication().getRv()).isEqualTo(expected.get("RV")); } diff --git a/certService/src/test/java/org/onap/oom/certservice/certification/configuration/CmpServersConfigTest.java b/certService/src/test/java/org/onap/oom/certservice/certification/configuration/CmpServersConfigTest.java index e938fdde..fe325241 100644 --- a/certService/src/test/java/org/onap/oom/certservice/certification/configuration/CmpServersConfigTest.java +++ b/certService/src/test/java/org/onap/oom/certservice/certification/configuration/CmpServersConfigTest.java @@ -35,7 +35,6 @@ import org.mockito.Mock; import org.mockito.Mockito; import org.mockito.junit.jupiter.MockitoExtension; import org.onap.oom.certservice.certification.configuration.model.Authentication; -import org.onap.oom.certservice.certification.configuration.model.CaMode; import org.onap.oom.certservice.certification.configuration.model.Cmpv2Server; @ExtendWith(MockitoExtension.class) @@ -218,7 +217,6 @@ class CmpServersConfigTest { testAuthentication1.setIak("testIak"); testAuthentication1.setRv("testRv"); testServer1.setAuthentication(testAuthentication1); - testServer1.setCaMode(CaMode.RA); Cmpv2Server testServer2 = new Cmpv2Server(); testServer2.setCaName("TEST_CA2"); @@ -228,7 +226,6 @@ class CmpServersConfigTest { testAuthentication2.setIak("test2Iak"); testAuthentication2.setRv("test2Rv"); testServer2.setAuthentication(testAuthentication2); - testServer2.setCaMode(CaMode.CLIENT); return List.of(testServer1, testServer2); } diff --git a/certService/src/test/java/org/onap/oom/certservice/certification/configuration/Cmpv2ServerProviderTest.java b/certService/src/test/java/org/onap/oom/certservice/certification/configuration/Cmpv2ServerProviderTest.java index dc6de3ba..9e0982aa 100644 --- a/certService/src/test/java/org/onap/oom/certservice/certification/configuration/Cmpv2ServerProviderTest.java +++ b/certService/src/test/java/org/onap/oom/certservice/certification/configuration/Cmpv2ServerProviderTest.java @@ -27,7 +27,6 @@ import org.junit.jupiter.api.extension.ExtendWith; import org.mockito.Mock; import org.mockito.junit.jupiter.MockitoExtension; import org.onap.oom.certservice.certification.configuration.model.Authentication; -import org.onap.oom.certservice.certification.configuration.model.CaMode; import org.onap.oom.certservice.certification.configuration.model.Cmpv2Server; import org.onap.oom.certservice.certification.exception.Cmpv2ServerNotFoundException; @@ -93,7 +92,6 @@ class Cmpv2ServerProviderTest { testAuthentication.setIak("testIak"); testAuthentication.setRv("testRv"); testServer.setAuthentication(testAuthentication); - testServer.setCaMode(CaMode.RA); return testServer; } diff --git a/certService/src/test/java/org/onap/oom/certservice/certification/configuration/validation/Cmpv2ServersConfigurationValidatorTest.java b/certService/src/test/java/org/onap/oom/certservice/certification/configuration/validation/Cmpv2ServersConfigurationValidatorTest.java index b07c9035..e943d8fe 100644 --- a/certService/src/test/java/org/onap/oom/certservice/certification/configuration/validation/Cmpv2ServersConfigurationValidatorTest.java +++ b/certService/src/test/java/org/onap/oom/certservice/certification/configuration/validation/Cmpv2ServersConfigurationValidatorTest.java @@ -1,8 +1,8 @@ /* * ============LICENSE_START======================================================= - * PROJECT + * Cert Service * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. + * Copyright (C) 2020-2021 Nokia. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -27,7 +27,6 @@ import org.junit.jupiter.api.Test; import org.junit.jupiter.api.extension.ExtendWith; import org.onap.oom.certservice.CertServiceApplication; import org.onap.oom.certservice.certification.configuration.model.Authentication; -import org.onap.oom.certservice.certification.configuration.model.CaMode; import org.onap.oom.certservice.certification.configuration.model.Cmpv2Server; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.test.context.ContextConfiguration; @@ -141,15 +140,6 @@ class Cmpv2ServersConfigurationValidatorTest { } @Test - void shouldThrowExceptionWhenCaModeIsNull() { - // Given - server.setCaMode(null); - - // Then - assertExceptionIsThrown(); - } - - @Test void shouldThrowExceptionWhenUrlIsNull() { // Given server.setUrl(null); @@ -197,7 +187,6 @@ class Cmpv2ServersConfigurationValidatorTest { private void setServerConfiguration() { server = new Cmpv2Server(); - server.setCaMode(CaMode.CLIENT); server.setCaName("TEST"); server.setIssuerDN(new X500Name("CN=ManagementCA")); server.setUrl("http://127.0.0.1/ejbca/publicweb/cmp/cmp"); @@ -210,4 +199,4 @@ class Cmpv2ServersConfigurationValidatorTest { authentication.setIak("testIAK"); } -}
\ No newline at end of file +} diff --git a/certService/src/test/resources/cmpServers.json b/certService/src/test/resources/cmpServers.json index ee9e72b9..5383826a 100644 --- a/certService/src/test/resources/cmpServers.json +++ b/certService/src/test/resources/cmpServers.json @@ -4,7 +4,6 @@ "caName": "TEST", "url": "http://127.0.0.1/ejbca/publicweb/cmp/cmp", "issuerDN": "CN=ManagementCA", - "caMode": "CLIENT", "authentication": { "iak": "xxx", "rv": "yyy" @@ -14,11 +13,10 @@ "caName": "TEST2", "url": "http://127.0.0.1/ejbca/publicweb/cmp/cmpRA", "issuerDN": "CN=ManagementCA2", - "caMode": "RA", "authentication": { "iak": "xxx", "rv": "yyy" } } ] -}
\ No newline at end of file +} diff --git a/certService/src/test/resources/invalidCmpServers.json b/certService/src/test/resources/invalidCmpServers.json index ac4b34af..a1ded3c2 100644 --- a/certService/src/test/resources/invalidCmpServers.json +++ b/certService/src/test/resources/invalidCmpServers.json @@ -3,17 +3,15 @@ { "caName": " ", "url": "http://127.0.0.1/ejbca/publicweb/cmp/cmp", - "issuerDN": "CN=ManagementCA", - "caMode": "CLIENT" + "issuerDN": "CN=ManagementCA" }, { "caName": "TEST2", "url": "http://127.0.0.1/ejbca/publicweb/cmp/cmpRA", - "caMode": "RA", "authentication": { "iak": "xxx", "rv": "yyy" } } ] -}
\ No newline at end of file +} diff --git a/certServiceK8sExternalProvider/deploy/_certificate_example_.yaml b/certServiceK8sExternalProvider/deploy/_certificate_example_.yaml index e5226906..2fb8e4a7 100644 --- a/certServiceK8sExternalProvider/deploy/_certificate_example_.yaml +++ b/certServiceK8sExternalProvider/deploy/_certificate_example_.yaml @@ -25,11 +25,11 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: - name: _sample_cert_name_ + name: cert-test namespace: onap spec: # The secret name to store the signed certificate - secretName: _sample_secret_name_ + secretName: cert-test-secret-name # Common Name commonName: certissuer.onap.org subject: @@ -57,4 +57,4 @@ spec: issuerRef: group: certmanager.onap.org kind: CMPv2Issuer - name: cmpv2-issuer + name: cmpv2-issuer-onap diff --git a/compose-resources/cmpServers.json b/compose-resources/cmpServers.json index 8972fd4d..0d883eae 100644 --- a/compose-resources/cmpServers.json +++ b/compose-resources/cmpServers.json @@ -4,7 +4,6 @@ "caName": "Client", "url": "http://oomcert-ejbca:8080/ejbca/publicweb/cmp/cmp", "issuerDN": "O=EJBCA Container Quickstart,CN=ManagementCA,UID=12345", - "caMode": "CLIENT", "authentication": { "iak": "mypassword", "rv": "mypassword" @@ -14,7 +13,6 @@ "caName": "RA", "url": "http://oomcert-ejbca:8080/ejbca/publicweb/cmp/cmpRA", "issuerDN": "O=EJBCA Container Quickstart,CN=ManagementCA,UID=12345", - "caMode": "RA", "authentication": { "iak": "mypassword", "rv": "mypassword" diff --git a/docs/sections/change-log.rst b/docs/sections/change-log.rst index 41b23fad..ad54434a 100644 --- a/docs/sections/change-log.rst +++ b/docs/sections/change-log.rst @@ -19,7 +19,7 @@ Version: 2.4.0 **New Features** - N/A + Add certificate update use case (support for CMPv2 messages: Key Update Request and Certification Request). **Bug Fixes** @@ -47,6 +47,8 @@ Version: 2.4.0 **Upgrade Notes** + caMode is removed from cmpServers.json configuration file. + **Deprecation Notes** CertService client is not supported since Istanbul release. diff --git a/docs/sections/configuration.rst b/docs/sections/configuration.rst index 6ba7c1b4..97630731 100644 --- a/docs/sections/configuration.rst +++ b/docs/sections/configuration.rst @@ -20,7 +20,6 @@ Example cmpServers.json file: "caName": "Client", "url": "http://oomcert-ejbca:8080/ejbca/publicweb/cmp/cmp", "issuerDN": "CN=ManagementCA", - "caMode": "CLIENT", "authentication": { "iak": "mypassword", "rv": "mypassword" @@ -30,7 +29,6 @@ Example cmpServers.json file: "caName": "RA", "url": "http://oomcert-ejbca:8080/ejbca/publicweb/cmp/cmpRA", "issuerDN": "CN=ManagementCA", - "caMode": "RA", "authentication": { "iak": "mypassword", "rv": "mypassword" @@ -44,7 +42,6 @@ This contains list of CMP Servers, where each server has following properties: - *caName* - name of the external CA server. It's used to match *CA_NAME* sent by CertService client in order to match proper configuration. - *url* - URL to CMPv2 server - *issuerDN* - Distinguished Name of the CA that will sign the certificate - - *caMode* - Issuer mode. Allowed values are *CLIENT* and *RA* - *authentication* - *iak* - Initial authentication key, used to authenticate request in CMPv2 server @@ -240,7 +237,7 @@ Default Values: +---------------------+---------------------------------------------------------------------------------------------------------------------------------+ | Name | Value | +=====================+=================================================================================================================================+ -| Request URL | http://ejbca:8080/ejbca/publicweb/cmp/cmpRA | +| Request URL | http://ejbca:8080/ejbca/publicweb/cmp/cmpRA | +---------------------+---------------------------------------------------------------------------------------------------------------------------------+ | Response Type | PKI Response | +---------------------+---------------------------------------------------------------------------------------------------------------------------------+ |