diff options
author | ajay_dp001 <ajay.deep.singh@est.tech> | 2019-11-06 14:56:07 +0000 |
---|---|---|
committer | Ajay Deep Singh <ajay.deep.singh@est.tech> | 2019-11-12 17:36:26 +0000 |
commit | aee01939319af85adfc471caef2db33087b8a033 (patch) | |
tree | c22ba9fff7d6674630c7a7d6f75ee948b271e37c | |
parent | 333a035c095351e496328ec72c82beb65507e71b (diff) |
Implementation of CMPv2 client
Issue-ID: AAF-999
Signed-off-by: ajay_dp001 <ajay.deep.singh@est.tech>
Change-Id: I986d487c6d1ba4d13b0193a12543622d943e3ea7
4 files changed, 226 insertions, 0 deletions
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/api/CmpClient.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/api/CmpClient.java new file mode 100644 index 00000000..38429ad9 --- /dev/null +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/api/CmpClient.java @@ -0,0 +1,85 @@ +/* + * Copyright (C) 2019 Ericsson Software Technology AB. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +package org.onap.aaf.auth.cm.cmpv2client.api; + +import java.security.cert.Certificate; +import java.util.Date; +import org.onap.aaf.auth.cm.cert.CSRMeta; +import org.onap.aaf.auth.cm.cmpv2client.impl.CAOfflineException; +import org.onap.aaf.auth.cm.cmpv2client.impl.CmpClientException; + +/** + * This class represent CmpV2Client Interface for obtaining X.509 Digital Certificates in a Public Key Infrastructure + * (PKI), making use of Certificate Management Protocol (CMPv2) operating on newest version: cmp2000(2). + */ +public interface CmpClient { + + /** + * Requests for a External Root CA Certificate to be created for the passed public keyPair wrapped in a CSRMeta with + * common details, accepts self-signed certificate. Basic Authentication using IAK/RV, Verification of the signature + * (proof-of-possession) on the request is performed and an Exception thrown if verification fails or issue + * encountered in fetching certificate from CA. + * + * @param caName Information about the External Root Certificate Authority (CA) performing the event CA Name. + * Could be {@code null}. + * @param profile Profile on CA server Client/RA Mode configuration on Server. Could be {@code null}. + * @param csrMeta Certificate Signing Request Meta Data. Must not be {@code null}. + * @param csr Certificate Signing Request {.cer} file. Must not be {@code null}. + * @param notBefore An optional validity to set in the created certificate, Certificate not valid before this date. + * @param notAfter An optional validity to set in the created certificate, Certificate not valid after this date. + * @return The newly created Certificate. + * + * @throws CAOfflineException if External CA that is offline + * @throws CmpClientException if client error occurs. + */ + Certificate createCertRequest(String caName, String profile, CSRMeta csrMeta, Certificate csr, + Date notBefore, Date notAfter) + throws CAOfflineException, CmpClientException; + + /** + * Requests for a External Root CA Certificate to be created for the passed public keyPair wrapped in a CSRMeta with + * common details, accepts self-signed certificate. Basic Authentication using IAK/RV, Verification of the signature + * (proof-of-possession) on the request is performed and an Exception thrown if verification fails or issue + * encountered in fetching certificate from CA. + * + * @param caName Information about the External Root Certificate Authority (CA) performing the event CA Name. Could + * be {@code null}. + * @param csrMeta Certificate Signing Request Meta Data. Must not be {@code null}. + * @param csr Certificate Signing Request {.cer} file. Must not be {@code null}. + * @return The newly created Certificate. + * + * @throws CAOfflineException if External CA that is offline + * @throws CmpClientException if client error occurs. + */ + Certificate createCertRequest(String caName, String profile, CSRMeta csrMeta, Certificate csr) + throws CAOfflineException, CmpClientException; + + /** + * Requests to Revoke a Certificate. If the certificate is deemed to be no longer trustable prior to its expiration + * date, it can be revoked by the issuing Certificate Authority (CA). Methods of revocation to be used, Certificate + * Revocation List (CRL) Or Online Certificate Status Protocol (OCSP) responses. + * + * @param caName CA name. Could be {@code null}. + * @param cert Target certificate. Must not be {@code null}. + * @param reason Revocation reason. + * @param invalidityTime Invalidity time. Could be {@code null}. + * @return return Certificate. + * + * @throws CmpClientException if client error occurs. + */ + Certificate revokeCertRequest(String caName, Certificate cert, int reason, Date invalidityTime) + throws CAOfflineException, CmpClientException; +} diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CAOfflineException.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CAOfflineException.java new file mode 100644 index 00000000..d1484f30 --- /dev/null +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CAOfflineException.java @@ -0,0 +1,42 @@ +/* + * Copyright (C) 2019 Ericsson Software Technology AB. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +package org.onap.aaf.auth.cm.cmpv2client.impl; + +/** + * The CAOfflineException wraps java.net.ConnectException. Exception thrown during Http Method call towards External CA + * Server if Offline. Signals an error occurred while attempting to connect a socket to a remote address and port. The + * connection was refused remotely (e.g., no process is listening on the remote address/port). + */ +public class CAOfflineException extends Exception { + + private static final long serialVersionUID = 2L; + + /** + * Creates a new instance without detail message. + */ + public CAOfflineException() { + super(); + } + + /** + * Constructs an instance with the specified detail message. + * + * @param msg the detail message. + */ + public CAOfflineException(String msg) { + super(msg); + } +} diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CmpClientException.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CmpClientException.java new file mode 100644 index 00000000..2a17ab10 --- /dev/null +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CmpClientException.java @@ -0,0 +1,45 @@ +/* + * Copyright (C) 2019 Ericsson Software Technology AB. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +package org.onap.aaf.auth.cm.cmpv2client.impl; + +/** + * The CmpClientException wraps all Exceptions occur internally to Cmpv2Client Api code. + */ +public class CmpClientException extends Exception { + + private static final long serialVersionUID = 1L; + + /** + * Creates a new instance with detail message. + */ + public CmpClientException(String message) { + super(message); + } + + /** + * Creates a new instance with detail Throwable cause. + */ + public CmpClientException(Throwable cause) { + super(cause); + } + + /** + * Creates a new instance with detail message and Throwable cause. + */ + public CmpClientException(String message, Throwable cause) { + super(message, cause); + } +} diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CmpClientImpl.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CmpClientImpl.java new file mode 100644 index 00000000..19cf634c --- /dev/null +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CmpClientImpl.java @@ -0,0 +1,54 @@ +/* + * Copyright (C) 2019 Ericsson Software Technology AB. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +package org.onap.aaf.auth.cm.cmpv2client.impl; + +import java.security.cert.Certificate; +import java.util.Date; +import org.onap.aaf.auth.cm.cert.CSRMeta; +import org.onap.aaf.auth.cm.cmpv2client.api.CmpClient; + +/** + * Implementation of the CmpClient Interface conforming to RFC4210 (Certificate Management Protocol (CMP)) and RFC4211 ( + * Certificate Request Message Format (CRMF)) standards. + */ +public final class CmpClientImpl implements CmpClient { + + @Override + public Certificate createCertRequest(final String caName, final String profile, final CSRMeta csrMeta, + final Certificate csr, final Date notBefore, final Date notAfter) + throws CAOfflineException, CmpClientException { + + // TODO Auto-generated method stub + return null; + } + + @Override + public Certificate createCertRequest(final String caName, final String profile, final CSRMeta csrMeta, + final Certificate csr) + throws CAOfflineException, CmpClientException { + // TODO Auto-generated method stub + return null; + } + + @Override + public Certificate revokeCertRequest(final String caName, final Certificate cert, final int reason, + final Date invalidityTime) + throws CAOfflineException, CmpClientException { + // TODO Auto-generated method stub + return null; + } +} + |