Implementation of CMPv2 client

Issue-ID: AAF-999
Signed-off-by: ajay_dp001 <ajay.deep.singh@est.tech>
Change-Id: I986d487c6d1ba4d13b0193a12543622d943e3ea7

4 files changed, 226 insertions, 0 deletions

diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/api/CmpClient.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/api/CmpClient.java
new file mode 100644
index 00000000..38429ad9
--- /dev/null
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/api/CmpClient.java
@@ -0,0 +1,85 @@
+/*
+ * Copyright (C) 2019 Ericsson Software Technology AB. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+package org.onap.aaf.auth.cm.cmpv2client.api;
+
+import java.security.cert.Certificate;
+import java.util.Date;
+import org.onap.aaf.auth.cm.cert.CSRMeta;
+import org.onap.aaf.auth.cm.cmpv2client.impl.CAOfflineException;
+import org.onap.aaf.auth.cm.cmpv2client.impl.CmpClientException;
+
+/**
+ * This class represent CmpV2Client Interface for obtaining X.509 Digital Certificates in a Public Key Infrastructure
+ * (PKI), making use of Certificate Management Protocol (CMPv2) operating on newest version: cmp2000(2).
+ */
+public interface CmpClient {
+
+    /**
+     * Requests for a External Root CA Certificate to be created for the passed public keyPair wrapped in a CSRMeta with
+     * common details, accepts self-signed certificate. Basic Authentication using IAK/RV, Verification of the signature
+     * (proof-of-possession) on the request is performed and an Exception thrown if verification fails or issue
+     * encountered in fetching certificate from CA.
+     *
+     * @param caName    Information about the External Root Certificate Authority (CA) performing the event CA Name.
+     *                  Could be {@code null}.
+     * @param profile   Profile on CA server Client/RA Mode configuration on Server. Could be {@code null}.
+     * @param csrMeta   Certificate Signing Request Meta Data. Must not be {@code null}.
+     * @param csr       Certificate Signing Request {.cer} file. Must not be {@code null}.
+     * @param notBefore An optional validity to set in the created certificate, Certificate not valid before this date.
+     * @param notAfter  An optional validity to set in the created certificate, Certificate not valid after this date.
+     * @return The newly created Certificate.
+     *
+     * @throws CAOfflineException if External CA that is offline
+     * @throws CmpClientException if client error occurs.
+     */
+    Certificate createCertRequest(String caName, String profile, CSRMeta csrMeta, Certificate csr,
+        Date notBefore, Date notAfter)
+        throws CAOfflineException, CmpClientException;
+
+    /**
+     * Requests for a External Root CA Certificate to be created for the passed public keyPair wrapped in a CSRMeta with
+     * common details, accepts self-signed certificate. Basic Authentication using IAK/RV, Verification of the signature
+     * (proof-of-possession) on the request is performed and an Exception thrown if verification fails or issue
+     * encountered in fetching certificate from CA.
+     *
+     * @param caName  Information about the External Root Certificate Authority (CA) performing the event CA Name. Could
+     *                be {@code null}.
+     * @param csrMeta Certificate Signing Request Meta Data. Must not be {@code null}.
+     * @param csr     Certificate Signing Request {.cer} file. Must not be {@code null}.
+     * @return The newly created Certificate.
+     *
+     * @throws CAOfflineException if External CA that is offline
+     * @throws CmpClientException if client error occurs.
+     */
+    Certificate createCertRequest(String caName, String profile, CSRMeta csrMeta, Certificate csr)
+        throws CAOfflineException, CmpClientException;
+
+    /**
+     * Requests to Revoke a Certificate. If the certificate is deemed to be no longer trustable prior to its expiration
+     * date, it can be revoked by the issuing Certificate Authority (CA). Methods of revocation  to be used, Certificate
+     * Revocation List (CRL) Or Online Certificate Status Protocol (OCSP) responses.
+     *
+     * @param caName         CA name. Could be {@code null}.
+     * @param cert           Target certificate. Must not be {@code null}.
+     * @param reason         Revocation reason.
+     * @param invalidityTime Invalidity time. Could be {@code null}.
+     * @return return Certificate.
+     *
+     * @throws CmpClientException if client error occurs.
+     */
+    Certificate revokeCertRequest(String caName, Certificate cert, int reason, Date invalidityTime)
+        throws CAOfflineException, CmpClientException;
+}
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CAOfflineException.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CAOfflineException.java
new file mode 100644
index 00000000..d1484f30
--- /dev/null
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CAOfflineException.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2019 Ericsson Software Technology AB. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+package org.onap.aaf.auth.cm.cmpv2client.impl;
+
+/**
+ * The CAOfflineException wraps java.net.ConnectException. Exception thrown during Http Method call towards External CA
+ * Server if Offline. Signals an error occurred while attempting to connect a socket to a remote address and port. The
+ * connection was refused remotely (e.g., no process is listening on the remote address/port).
+ */
+public class CAOfflineException extends Exception {
+
+    private static final long serialVersionUID = 2L;
+
+    /**
+     * Creates a new instance without detail message.
+     */
+    public CAOfflineException() {
+        super();
+    }
+
+    /**
+     * Constructs an instance with the specified detail message.
+     *
+     * @param msg the detail message.
+     */
+    public CAOfflineException(String msg) {
+        super(msg);
+    }
+}
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CmpClientException.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CmpClientException.java
new file mode 100644
index 00000000..2a17ab10
--- /dev/null
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CmpClientException.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) 2019 Ericsson Software Technology AB. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+package org.onap.aaf.auth.cm.cmpv2client.impl;
+
+/**
+ * The CmpClientException wraps all Exceptions occur internally to Cmpv2Client Api code.
+ */
+public class CmpClientException extends Exception {
+
+    private static final long serialVersionUID = 1L;
+
+    /**
+     * Creates a new instance with detail message.
+     */
+    public CmpClientException(String message) {
+        super(message);
+    }
+
+    /**
+     * Creates a new instance with detail Throwable cause.
+     */
+    public CmpClientException(Throwable cause) {
+        super(cause);
+    }
+
+    /**
+     * Creates a new instance with detail message and Throwable cause.
+     */
+    public CmpClientException(String message, Throwable cause) {
+        super(message, cause);
+    }
+}
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CmpClientImpl.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CmpClientImpl.java
new file mode 100644
index 00000000..19cf634c
--- /dev/null
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CmpClientImpl.java
@@ -0,0 +1,54 @@
+/*
+ * Copyright (C) 2019 Ericsson Software Technology AB. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+package org.onap.aaf.auth.cm.cmpv2client.impl;
+
+import java.security.cert.Certificate;
+import java.util.Date;
+import org.onap.aaf.auth.cm.cert.CSRMeta;
+import org.onap.aaf.auth.cm.cmpv2client.api.CmpClient;
+
+/**
+ * Implementation of the CmpClient Interface conforming to RFC4210 (Certificate Management Protocol (CMP)) and RFC4211 (
+ * Certificate Request Message Format (CRMF)) standards.
+ */
+public final class CmpClientImpl implements CmpClient {
+
+    @Override
+    public Certificate createCertRequest(final String caName, final String profile, final CSRMeta csrMeta,
+        final Certificate csr, final Date notBefore, final Date notAfter)
+        throws CAOfflineException, CmpClientException {
+
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    @Override
+    public Certificate createCertRequest(final String caName, final String profile, final CSRMeta csrMeta,
+        final Certificate csr)
+        throws CAOfflineException, CmpClientException {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    @Override
+    public Certificate revokeCertRequest(final String caName, final Certificate cert, final int reason,
+        final Date invalidityTime)
+        throws CAOfflineException, CmpClientException {
+        // TODO Auto-generated method stub
+        return null;
+    }
+}
+