aboutsummaryrefslogtreecommitdiffstats
path: root/certServiceClient/src/main/java/org
diff options
context:
space:
mode:
authorJoanna Jeremicz <joanna.jeremicz@nokia.com>2020-02-26 14:30:36 +0100
committerJoanna Jeremicz <joanna.jeremicz@nokia.com>2020-03-03 15:30:14 +0100
commitee672c3672924ca54b89a7c429ee06f01b9f6caa (patch)
treeed4740289cb452a2924116b048ae29c4374db82b /certServiceClient/src/main/java/org
parentbe552bb854e00ad79d0854304226829d0f969fb6 (diff)
Transform pem files into pkcs12
Transform from received from CertService pem files into pkcs12 Issue-ID: AAF-996 Signed-off-by: Joanna Jeremicz <joanna.jeremicz@nokia.com> Change-Id: I39b71cf3f267c5ca701b3d4cf456fc6d81ae5f81
Diffstat (limited to 'certServiceClient/src/main/java/org')
-rw-r--r--certServiceClient/src/main/java/org/onap/aaf/certservice/client/CertServiceClient.java23
-rw-r--r--certServiceClient/src/main/java/org/onap/aaf/certservice/client/api/ExitCode.java3
-rw-r--r--certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/KeystoreTruststoreCreator.java55
-rw-r--r--certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/KeystoreTruststoreCreatorFactory.java35
-rw-r--r--certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PKCS12FilesCreator.java71
-rw-r--r--certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/Password.java42
-rw-r--r--certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PemToPKCS12Converter.java133
-rw-r--r--certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/RandomPasswordGenerator.java47
-rw-r--r--certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/StoreEntryOperation.java34
-rw-r--r--certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/exception/PemToPKCS12ConverterException.java39
-rw-r--r--certServiceClient/src/main/java/org/onap/aaf/certservice/client/configuration/factory/ClientConfigurationFactory.java5
11 files changed, 477 insertions, 10 deletions
diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/CertServiceClient.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/CertServiceClient.java
index 59d0c032..7072a883 100644
--- a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/CertServiceClient.java
+++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/CertServiceClient.java
@@ -22,6 +22,10 @@ package org.onap.aaf.certservice.client;
import org.onap.aaf.certservice.client.api.ExitableException;
import org.onap.aaf.certservice.client.certification.CsrFactory;
import org.onap.aaf.certservice.client.certification.KeyPairFactory;
+import org.onap.aaf.certservice.client.certification.conversion.KeystoreTruststoreCreator;
+import org.onap.aaf.certservice.client.certification.conversion.KeystoreTruststoreCreatorFactory;
+
+import java.security.KeyPair;
import org.onap.aaf.certservice.client.configuration.EnvsForClient;
import org.onap.aaf.certservice.client.configuration.EnvsForCsr;
import org.onap.aaf.certservice.client.configuration.factory.ClientConfigurationFactory;
@@ -32,14 +36,13 @@ import org.onap.aaf.certservice.client.httpclient.CloseableHttpClientProvider;
import org.onap.aaf.certservice.client.httpclient.HttpClient;
import org.onap.aaf.certservice.client.httpclient.model.CertServiceResponse;
-import java.security.KeyPair;
-
import static org.onap.aaf.certservice.client.api.ExitCode.SUCCESS_EXIT_CODE;
import static org.onap.aaf.certservice.client.certification.EncryptionAlgorithmConstants.KEY_SIZE;
import static org.onap.aaf.certservice.client.certification.EncryptionAlgorithmConstants.RSA_ENCRYPTION_ALGORITHM;
import static org.onap.aaf.certservice.client.common.Base64Coder.encode;
public class CertServiceClient {
+
private AppExitHandler appExitHandler;
public CertServiceClient(AppExitHandler appExitHandler) {
@@ -53,16 +56,22 @@ public class CertServiceClient {
CsrConfiguration csrConfiguration = new CsrConfigurationFactory(new EnvsForCsr()).create();
KeyPair keyPair = keyPairFactory.create();
CsrFactory csrFactory = new CsrFactory(csrConfiguration);
+ String csr = csrFactory.createEncodedCsr(keyPair);
- CloseableHttpClientProvider provider = new CloseableHttpClientProvider(clientConfiguration.getRequestTimeout());
+ CloseableHttpClientProvider provider = new CloseableHttpClientProvider(
+ clientConfiguration.getRequestTimeout());
HttpClient httpClient = new HttpClient(provider, clientConfiguration.getUrlToCertService());
CertServiceResponse certServiceData =
- httpClient.retrieveCertServiceData(
- clientConfiguration.getCaName(),
- csrFactory.createEncodedCsr(keyPair),
- encode(keyPair.getPrivate().toString()));
+ httpClient.retrieveCertServiceData(
+ clientConfiguration.getCaName(),
+ csr,
+ encode(keyPair.getPrivate().toString()));
+ KeystoreTruststoreCreator filesCreator = new KeystoreTruststoreCreatorFactory(
+ clientConfiguration.getCertsOutputPath()).create();
+ filesCreator.createKeystore(certServiceData.getCertificateChain(), keyPair.getPrivate());
+ filesCreator.createTruststore(certServiceData.getTrustedCertificates());
} catch (ExitableException e) {
appExitHandler.exit(e.applicationExitCode());
}
diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/api/ExitCode.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/api/ExitCode.java
index b72a0e2d..561cfd2a 100644
--- a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/api/ExitCode.java
+++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/api/ExitCode.java
@@ -25,7 +25,8 @@ public enum ExitCode {
KEY_PAIR_GENERATION_EXCEPTION(3),
CSR_GENERATION_EXCEPTION(4),
CERT_SERVICE_API_CONNECTION_EXCEPTION(5),
- HTTP_CLIENT_EXCEPTION(6);
+ HTTP_CLIENT_EXCEPTION(6),
+ PKCS12_CONVERSION_EXCEPTION(7);
private final int value;
diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/KeystoreTruststoreCreator.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/KeystoreTruststoreCreator.java
new file mode 100644
index 00000000..6dc2ef87
--- /dev/null
+++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/KeystoreTruststoreCreator.java
@@ -0,0 +1,55 @@
+/*============LICENSE_START=======================================================
+ * aaf-certservice-client
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.aaf.certservice.client.certification.conversion;
+
+import java.security.PrivateKey;
+import java.util.List;
+import org.onap.aaf.certservice.client.certification.exception.PemToPKCS12ConverterException;
+
+public class KeystoreTruststoreCreator {
+
+ private static final String CERTIFICATE_ALIAS = "certificate";
+ private static final String TRUSTED_CERTIFICATE_ALIAS = "trusted-certificate-";
+ private static final int PASSWORD_LENGTH = 24;
+ private final RandomPasswordGenerator generator;
+ private final PemToPKCS12Converter converter;
+ private final PKCS12FilesCreator creator;
+
+ public KeystoreTruststoreCreator(PKCS12FilesCreator creator, RandomPasswordGenerator generator,
+ PemToPKCS12Converter converter) {
+ this.generator = generator;
+ this.converter = converter;
+ this.creator = creator;
+ }
+
+ public void createKeystore(List<String> data, PrivateKey privateKey)
+ throws PemToPKCS12ConverterException {
+ Password password = generator.generate(PASSWORD_LENGTH);
+ creator.saveKeystoreData(converter.convertKeystore(data, password, CERTIFICATE_ALIAS, privateKey),
+ password.getPassword());
+ }
+
+ public void createTruststore(List<String> data)
+ throws PemToPKCS12ConverterException {
+ Password password = generator.generate(PASSWORD_LENGTH);
+ creator.saveTruststoreData(converter.convertTruststore(data, password, TRUSTED_CERTIFICATE_ALIAS),
+ password.getPassword());
+ }
+}
diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/KeystoreTruststoreCreatorFactory.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/KeystoreTruststoreCreatorFactory.java
new file mode 100644
index 00000000..8c719535
--- /dev/null
+++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/KeystoreTruststoreCreatorFactory.java
@@ -0,0 +1,35 @@
+/*============LICENSE_START=======================================================
+ * aaf-certservice-client
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.aaf.certservice.client.certification.conversion;
+
+public class KeystoreTruststoreCreatorFactory {
+ private final String outputPath;
+
+ public KeystoreTruststoreCreatorFactory(String outputPath) {
+ this.outputPath = outputPath;
+ }
+
+ public KeystoreTruststoreCreator create() {
+ return new KeystoreTruststoreCreator(
+ new PKCS12FilesCreator(outputPath),
+ new RandomPasswordGenerator(),
+ new PemToPKCS12Converter());
+ }
+}
diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PKCS12FilesCreator.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PKCS12FilesCreator.java
new file mode 100644
index 00000000..60121b03
--- /dev/null
+++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PKCS12FilesCreator.java
@@ -0,0 +1,71 @@
+/*============LICENSE_START=======================================================
+ * aaf-certservice-client
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.aaf.certservice.client.certification.conversion;
+
+import java.io.FileOutputStream;
+import java.io.IOException;
+import org.onap.aaf.certservice.client.certification.exception.PemToPKCS12ConverterException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+class PKCS12FilesCreator {
+
+ private static final String KEYSTORE_JKS = "keystore.jks";
+ private static final String KEYSTORE_PASS = "keystore.pass";
+ private static final String TRUSTSTORE_JKS = "truststore.jks";
+ private static final String TRUSTSTORE_PASS = "truststore.pass";
+ private final String keystoreJksPath;
+ private final String keystorePassPath;
+ private final String truststoreJksPath;
+ private final String truststorePassPath;
+ private final Logger LOGGER = LoggerFactory.getLogger(PKCS12FilesCreator.class);
+
+
+ PKCS12FilesCreator(String path) {
+ keystoreJksPath = path + KEYSTORE_JKS;
+ keystorePassPath = path + KEYSTORE_PASS;
+ truststoreJksPath = path + TRUSTSTORE_JKS;
+ truststorePassPath = path + TRUSTSTORE_PASS;
+ }
+
+ void saveKeystoreData(byte[] keystoreData, String keystorePassword) throws PemToPKCS12ConverterException {
+ LOGGER.debug("Creating PKCS12 keystore files and saving data. Keystore path: {}", keystoreJksPath);
+
+ saveDataToLocation(keystoreData, keystoreJksPath);
+ saveDataToLocation(keystorePassword.getBytes(), keystorePassPath);
+ }
+
+ void saveTruststoreData(byte[] truststoreData, String truststorePassword)
+ throws PemToPKCS12ConverterException {
+ LOGGER.debug("Creating PKCS12 truststore files and saving data. Truststore path: {}", truststoreJksPath);
+
+ saveDataToLocation(truststoreData, truststoreJksPath);
+ saveDataToLocation(truststorePassword.getBytes(), truststorePassPath);
+ }
+
+ private void saveDataToLocation(byte[] data, String path) throws PemToPKCS12ConverterException {
+ try (FileOutputStream fos = new FileOutputStream(path)) {
+ fos.write(data);
+ } catch (IOException e) {
+ LOGGER.error("PKCS12 files creation failed", e);
+ throw new PemToPKCS12ConverterException(e);
+ }
+ }
+}
diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/Password.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/Password.java
new file mode 100644
index 00000000..f0ee419c
--- /dev/null
+++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/Password.java
@@ -0,0 +1,42 @@
+/*============LICENSE_START=======================================================
+ * aaf-certservice-client
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+
+package org.onap.aaf.certservice.client.certification.conversion;
+
+class Password {
+ private final static String PASSWORD_PATTERN = "[\\w$#]{16,}";
+ private final String password;
+
+ Password(String password) {
+ this.password = password;
+ }
+
+ String getPassword() {
+ return password;
+ }
+
+ char[] toCharArray() {
+ return password.toCharArray();
+ }
+
+ boolean isCorrectPasswordPattern() {
+ return password.matches(PASSWORD_PATTERN);
+ }
+}
diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PemToPKCS12Converter.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PemToPKCS12Converter.java
new file mode 100644
index 00000000..eab9bf7c
--- /dev/null
+++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PemToPKCS12Converter.java
@@ -0,0 +1,133 @@
+/*============LICENSE_START=======================================================
+ * aaf-certservice-client
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.aaf.certservice.client.certification.conversion;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.StringReader;
+import java.security.KeyStore;
+import java.security.KeyStore.LoadStoreParameter;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.util.List;
+import java.util.Optional;
+import org.bouncycastle.cert.X509CertificateHolder;
+import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.openssl.PEMParser;
+import org.onap.aaf.certservice.client.certification.exception.PemToPKCS12ConverterException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+class PemToPKCS12Converter {
+
+ private final static String PKCS12 = "PKCS12";
+ private final static String PASSWORD_ERROR_MSG = "Password should be min. 16 chars long and should contain only alphanumeric characters and special characters like Underscore (_), Dollar ($) and Pound (#)";
+ private final LoadStoreParameter EMPTY_KEYSTORE_CONFIGURATION = null;
+ private final Logger LOGGER = LoggerFactory.getLogger(PemToPKCS12Converter.class);
+
+ byte[] convertKeystore(List<String> certificateChain, Password password, String alias, PrivateKey privateKey)
+ throws PemToPKCS12ConverterException {
+ LOGGER.debug("Converting PEM certificates to PKCS12 keystore.");
+ return convert(certificateChain, password, certs -> getKeyStore(alias, password, certs, privateKey));
+ }
+
+ byte[] convertTruststore(List<String> trustAnchors, Password password, String alias)
+ throws PemToPKCS12ConverterException {
+ LOGGER.debug("Converting PEM certificates to PKCS12 truststore.");
+ return convert(trustAnchors, password, certs -> getTrustStore(alias, certs));
+ }
+
+ private byte[] convert(List<String> certificates, Password password, StoreEntryOperation operation)
+ throws PemToPKCS12ConverterException {
+ checkPassword(password);
+ final Certificate[] X509Certificates = convertToCertificateArray(certificates);
+ return getKeyStoreBytes(password, operation, X509Certificates);
+ }
+
+ private void checkPassword(Password password) throws PemToPKCS12ConverterException {
+ if (!password.isCorrectPasswordPattern()) {
+ LOGGER.error(PASSWORD_ERROR_MSG);
+ throw new PemToPKCS12ConverterException(PASSWORD_ERROR_MSG);
+ }
+ }
+
+ private byte[] getKeyStoreBytes(Password password, StoreEntryOperation op, Certificate[] x509Certificates)
+ throws PemToPKCS12ConverterException {
+ try (ByteArrayOutputStream bos = new ByteArrayOutputStream()) {
+ KeyStore ks = op.getStore(x509Certificates);
+ ks.store(bos, password.toCharArray());
+ return bos.toByteArray();
+ } catch (IOException | CertificateException | NoSuchAlgorithmException | KeyStoreException e) {
+ LOGGER.error("Pem to PKCS12 converter failed", e);
+ throw new PemToPKCS12ConverterException(e);
+ }
+ }
+
+ private KeyStore getKeyStore(String alias, Password password, Certificate[] certificates, PrivateKey privateKey)
+ throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
+ KeyStore ks = getKeyStoreInstance();
+ ks.setKeyEntry(alias, privateKey, password.toCharArray(), certificates);
+ return ks;
+ }
+
+ private KeyStore getTrustStore(String alias, Certificate[] certificates)
+ throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
+ KeyStore ks = getKeyStoreInstance();
+ long i = 1L;
+ for (Certificate c : certificates) {
+ ks.setCertificateEntry(alias + i++, c);
+ }
+ return ks;
+ }
+
+ private KeyStore getKeyStoreInstance()
+ throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
+ KeyStore ks = KeyStore.getInstance(PKCS12);
+ ks.load(EMPTY_KEYSTORE_CONFIGURATION);
+ return ks;
+ }
+
+ private Certificate[] convertToCertificateArray(List<String> certificates)
+ throws PemToPKCS12ConverterException {
+ Certificate[] parsedCertificates = new Certificate[certificates.size()];
+ for (String certificate : certificates) {
+ parsedCertificates[certificates.indexOf(certificate)] = parseCertificate(certificate);
+ }
+ return parsedCertificates;
+ }
+
+ private Certificate parseCertificate(String certificate) throws PemToPKCS12ConverterException {
+ try (PEMParser pem = new PEMParser(new StringReader(certificate))) {
+ X509CertificateHolder certHolder = Optional.ofNullable((X509CertificateHolder) pem.readObject())
+ .orElseThrow(
+ () -> new PemToPKCS12ConverterException("The certificate couldn't be parsed correctly. " + certificate));
+ return new JcaX509CertificateConverter()
+ .setProvider(new BouncyCastleProvider())
+ .getCertificate(certHolder);
+ } catch (IOException | CertificateException e) {
+ LOGGER.error("Certificates conversion failed", e);
+ throw new PemToPKCS12ConverterException(e);
+ }
+ }
+}
diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/RandomPasswordGenerator.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/RandomPasswordGenerator.java
new file mode 100644
index 00000000..5db7b26f
--- /dev/null
+++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/RandomPasswordGenerator.java
@@ -0,0 +1,47 @@
+/*============LICENSE_START=======================================================
+ * aaf-certservice-client
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.aaf.certservice.client.certification.conversion;
+
+import java.security.SecureRandom;
+import org.apache.commons.lang3.RandomStringUtils;
+
+class RandomPasswordGenerator {
+
+ private static final String ALPHA = "abcdefghijklmnopqrstuvwxyz";
+ private static final String NUMBERS = "0123456789";
+ private static final String SPECIAL_CHARS = "_$#";
+ private static final char[] SET_OF_CHARS = (ALPHA + ALPHA.toUpperCase() + NUMBERS + SPECIAL_CHARS).toCharArray();
+ private static final char START_POSITION_IN_ASCII_CHARS = 0;
+ private static final char END_POSITION_IN_ASCII_CHARS = 0;
+ private static final boolean USE_LETTERS_ONLY = false;
+ private static final boolean USE_NUMBERS_ONLY = false;
+
+ Password generate(int passwordLength) {
+ return new Password(RandomStringUtils.random(
+ passwordLength,
+ START_POSITION_IN_ASCII_CHARS,
+ END_POSITION_IN_ASCII_CHARS,
+ USE_LETTERS_ONLY,
+ USE_NUMBERS_ONLY,
+ SET_OF_CHARS,
+ new SecureRandom()));
+ }
+}
+
diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/StoreEntryOperation.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/StoreEntryOperation.java
new file mode 100644
index 00000000..6ee7817b
--- /dev/null
+++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/StoreEntryOperation.java
@@ -0,0 +1,34 @@
+/*============LICENSE_START=======================================================
+ * aaf-certservice-client
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.aaf.certservice.client.certification.conversion;
+
+import java.io.IOException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+
+@FunctionalInterface
+public interface StoreEntryOperation {
+
+ KeyStore getStore(Certificate[] certificates)
+ throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException;
+}
diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/exception/PemToPKCS12ConverterException.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/exception/PemToPKCS12ConverterException.java
new file mode 100644
index 00000000..87020d6f
--- /dev/null
+++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/exception/PemToPKCS12ConverterException.java
@@ -0,0 +1,39 @@
+/*============LICENSE_START=======================================================
+ * aaf-certservice-client
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.aaf.certservice.client.certification.exception;
+
+import org.onap.aaf.certservice.client.api.ExitCode;
+import org.onap.aaf.certservice.client.api.ExitableException;
+
+public class PemToPKCS12ConverterException extends ExitableException {
+ private static final ExitCode EXIT_CODE = ExitCode.PKCS12_CONVERSION_EXCEPTION;
+
+ public PemToPKCS12ConverterException(Throwable e) {
+ super(e);
+ }
+ public PemToPKCS12ConverterException(String message) {
+ super(message);
+ }
+
+ @Override
+ public int applicationExitCode() {
+ return EXIT_CODE.getValue();
+ }
+}
diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/configuration/factory/ClientConfigurationFactory.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/configuration/factory/ClientConfigurationFactory.java
index b7ee5d32..3bd15288 100644
--- a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/configuration/factory/ClientConfigurationFactory.java
+++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/configuration/factory/ClientConfigurationFactory.java
@@ -20,14 +20,15 @@
package org.onap.aaf.certservice.client.configuration.factory;
+
+
+import java.util.Optional;
import org.onap.aaf.certservice.client.configuration.ClientConfigurationEnvs;
import org.onap.aaf.certservice.client.configuration.EnvValidationUtils;
import org.onap.aaf.certservice.client.configuration.EnvsForClient;
import org.onap.aaf.certservice.client.configuration.exception.ClientConfigurationException;
import org.onap.aaf.certservice.client.configuration.model.ClientConfiguration;
-import java.util.Optional;
-
public class ClientConfigurationFactory implements AbstractConfigurationFactory<ClientConfiguration> {
private final EnvsForClient envsForClient;