aboutsummaryrefslogtreecommitdiffstats
path: root/certService/src/main
diff options
context:
space:
mode:
Diffstat (limited to 'certService/src/main')
-rw-r--r--certService/src/main/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapter.java13
-rw-r--r--certService/src/main/java/org/onap/aaf/certservice/certification/adapter/CsrMetaBuilder.java90
-rw-r--r--certService/src/main/java/org/onap/aaf/certservice/certification/model/CsrModel.java4
-rw-r--r--certService/src/main/java/org/onap/aaf/certservice/cmpv2client/api/CmpClient.java103
-rw-r--r--certService/src/main/java/org/onap/aaf/certservice/cmpv2client/external/CsrMeta.java208
-rw-r--r--certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpClientImpl.java63
6 files changed, 96 insertions, 385 deletions
diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapter.java b/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapter.java
index c9e61b02..2477c421 100644
--- a/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapter.java
+++ b/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapter.java
@@ -29,6 +29,7 @@ import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.stream.Collectors;
+
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.openssl.jcajce.JcaMiscPEMGenerator;
@@ -54,17 +55,15 @@ public class Cmpv2ClientAdapter {
private static final Logger LOGGER = LoggerFactory.getLogger(Cmpv2ClientAdapter.class);
private final CmpClient cmpClient;
- private final CsrMetaBuilder csrMetaBuilder;
private final RsaContentSignerBuilder rsaContentSignerBuilder;
private final X509CertificateBuilder x509CertificateBuilder;
private final CertificateFactoryProvider certificateFactoryProvider;
@Autowired
- public Cmpv2ClientAdapter(CmpClient cmpClient, CsrMetaBuilder csrMetaBuilder,
- RsaContentSignerBuilder rsaContentSignerBuilder, X509CertificateBuilder x509CertificateBuilder,
+ public Cmpv2ClientAdapter(CmpClient cmpClient, RsaContentSignerBuilder rsaContentSignerBuilder,
+ X509CertificateBuilder x509CertificateBuilder,
CertificateFactoryProvider certificateFactoryProvider) {
this.cmpClient = cmpClient;
- this.csrMetaBuilder = csrMetaBuilder;
this.rsaContentSignerBuilder = rsaContentSignerBuilder;
this.x509CertificateBuilder = x509CertificateBuilder;
this.certificateFactoryProvider = certificateFactoryProvider;
@@ -82,7 +81,7 @@ public class Cmpv2ClientAdapter {
public CertificationModel callCmpClient(CsrModel csrModel, Cmpv2Server server)
throws CmpClientException, Cmpv2ClientAdapterException {
List<List<X509Certificate>> certificates = cmpClient.createCertificate(server.getCaName(),
- server.getCaMode().getProfile(), csrMetaBuilder.build(csrModel, server),
+ server.getCaMode().getProfile(), csrModel, server,
convertCsrToX509Certificate(csrModel.getCsr(), csrModel.getPrivateKey()));
return new CertificationModel(convertFromX509CertificateListToPemList(certificates.get(0)),
convertFromX509CertificateListToPemList(certificates.get(1)));
@@ -106,7 +105,7 @@ public class Cmpv2ClientAdapter {
ContentSigner signer = rsaContentSignerBuilder.build(csr, privateKey);
X509CertificateHolder holder = certificateGenerator.build(signer);
return certificateFactoryProvider
- .generateCertificate(new ByteArrayInputStream(holder.toASN1Structure().getEncoded()));
+ .generateCertificate(new ByteArrayInputStream(holder.toASN1Structure().getEncoded()));
} catch (IOException | CertificateException | OperatorCreationException | NoSuchProviderException e) {
throw new Cmpv2ClientAdapterException(e);
}
@@ -114,7 +113,7 @@ public class Cmpv2ClientAdapter {
private List<String> convertFromX509CertificateListToPemList(List<X509Certificate> certificates) {
return certificates.stream().map(this::convertFromX509CertificateToPem).filter(cert -> !cert.isEmpty())
- .collect(Collectors.toList());
+ .collect(Collectors.toList());
}
}
diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/CsrMetaBuilder.java b/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/CsrMetaBuilder.java
deleted file mode 100644
index cf35efa1..00000000
--- a/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/CsrMetaBuilder.java
+++ /dev/null
@@ -1,90 +0,0 @@
-/*
- * ============LICENSE_START=======================================================
- * Cert Service
- * ================================================================================
- * Copyright (C) 2020 Nokia. All rights reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-
-package org.onap.aaf.certservice.certification.adapter;
-
-import java.security.KeyPair;
-import java.util.Arrays;
-import java.util.Optional;
-import java.util.stream.Collectors;
-
-import org.bouncycastle.asn1.x500.AttributeTypeAndValue;
-import org.bouncycastle.asn1.x500.style.BCStyle;
-import org.bouncycastle.asn1.x500.style.IETFUtils;
-import org.bouncycastle.cert.CertException;
-import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server;
-import org.onap.aaf.certservice.certification.model.CsrModel;
-import org.onap.aaf.certservice.cmpv2client.external.CsrMeta;
-import org.onap.aaf.certservice.cmpv2client.external.Rdn;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.stereotype.Component;
-
-@Component
-class CsrMetaBuilder {
-
- private static final Logger LOGGER = LoggerFactory.getLogger(CsrMetaBuilder.class);
-
- /**
- * Creates CSRMeta from CsrModel and Cmpv2Server
- *
- * @param csrModel Certificate Signing Request from Service external API
- * @param server Cmp Server configuration from cmpServers.json
- * @return AAF native model for CSR metadata
- */
- CsrMeta build(CsrModel csrModel, Cmpv2Server server) {
- CsrMeta csrMeta = createCsrMeta(csrModel);
- addSans(csrModel, csrMeta);
- csrMeta.setKeyPair(new KeyPair(csrModel.getPublicKey(), csrModel.getPrivateKey()));
- csrMeta.setPassword(server.getAuthentication().getIak());
- csrMeta.setIssuerName(server.getIssuerDN());
- csrMeta.setCaUrl(server.getUrl());
- csrMeta.setName(csrModel.getSubjectData());
- csrMeta.setSenderKid(server.getAuthentication().getRv());
- return csrMeta;
- }
-
- private CsrMeta createCsrMeta(CsrModel csrModel) {
- return new CsrMeta((Arrays.stream(csrModel.getSubjectData().getRDNs()).map(this::convertFromBcRdn)
- .filter(Optional::isPresent).map(Optional::get).collect(Collectors.toList())));
- }
-
- private void addSans(CsrModel csrModel, CsrMeta csrMeta) {
- csrModel.getSans().forEach(csrMeta::addSan);
- }
-
- private Optional<Rdn> convertFromBcRdn(org.bouncycastle.asn1.x500.RDN rdn) {
- Rdn result = null;
- try {
- result = convertRdn(rdn);
- } catch (CertException e) {
- LOGGER.error("Exception occurred during convert of RDN", e);
- }
- return Optional.ofNullable(result);
- }
-
- private Rdn convertRdn(org.bouncycastle.asn1.x500.RDN rdn) throws CertException {
- AttributeTypeAndValue rdnData = rdn.getFirst();
- String tag = BCStyle.INSTANCE.oidToDisplayName(rdnData.getType());
- String value = IETFUtils.valueToString(rdnData.getValue());
- return new Rdn(tag, value);
- }
-
-}
diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/model/CsrModel.java b/certService/src/main/java/org/onap/aaf/certservice/certification/model/CsrModel.java
index a29658f4..d81da10a 100644
--- a/certService/src/main/java/org/onap/aaf/certservice/certification/model/CsrModel.java
+++ b/certService/src/main/java/org/onap/aaf/certservice/certification/model/CsrModel.java
@@ -55,8 +55,8 @@ public class CsrModel {
private final PublicKey publicKey;
private final List<String> sans;
- CsrModel(PKCS10CertificationRequest csr, X500Name subjectData, PrivateKey privateKey, PublicKey publicKey,
- List<String> sans) {
+ public CsrModel(PKCS10CertificationRequest csr, X500Name subjectData, PrivateKey privateKey, PublicKey publicKey,
+ List<String> sans) {
this.csr = csr;
this.subjectData = subjectData;
this.privateKey = privateKey;
diff --git a/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/api/CmpClient.java b/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/api/CmpClient.java
index 8f9d20bd..7de3b712 100644
--- a/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/api/CmpClient.java
+++ b/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/api/CmpClient.java
@@ -24,8 +24,9 @@ import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.List;
+import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server;
+import org.onap.aaf.certservice.certification.model.CsrModel;
import org.onap.aaf.certservice.cmpv2client.exceptions.CmpClientException;
-import org.onap.aaf.certservice.cmpv2client.external.CsrMeta;
/**
* This class represent CmpV2Client Interface for obtaining X.509 Digital Certificates in a Public
@@ -34,53 +35,57 @@ import org.onap.aaf.certservice.cmpv2client.external.CsrMeta;
*/
public interface CmpClient {
- /**
- * Requests for a External Root CA Certificate to be created for the passed public keyPair wrapped
- * in a CSRMeta with common details, accepts self-signed certificate. Basic Authentication using
- * IAK/RV, Verification of the signature (proof-of-possession) on the request is performed and an
- * Exception thrown if verification fails or issue encountered in fetching certificate from CA.
- *
- * @param caName Information about the External Root Certificate Authority (CA) performing the
- * event CA Name. Could be {@code null}.
- * @param profile Profile on CA server Client/RA Mode configuration on Server. Could be {@code
- * null}.
- * @param csrMeta Certificate Signing Request Meta Data. Must not be {@code null}.
- * @param csr Certificate Signing Request {.cer} file. Must not be {@code null}.
- * @param notBefore An optional validity to set in the created certificate, Certificate not valid
- * before this date.
- * @param notAfter An optional validity to set in the created certificate, Certificate not valid
- * after this date.
- * @return {@link X509Certificate} The newly created Certificate.
- * @throws CmpClientException if client error occurs.
- */
- List<List<X509Certificate>> createCertificate(
- String caName,
- String profile,
- CsrMeta csrMeta,
- X509Certificate csr,
- Date notBefore,
- Date notAfter)
- throws CmpClientException;
+ /**
+ * Requests for a External Root CA Certificate to be created for the passed public keyPair wrapped
+ * in a CSRMeta with common details, accepts self-signed certificate. Basic Authentication using
+ * IAK/RV, Verification of the signature (proof-of-possession) on the request is performed and an
+ * Exception thrown if verification fails or issue encountered in fetching certificate from CA.
+ *
+ * @param caName Information about the External Root Certificate Authority (CA) performing the
+ * event CA Name. Could be {@code null}.
+ * @param profile Profile on CA server Client/RA Mode configuration on Server. Could be {@code
+ * null}.
+ * @param csrModel Certificate Signing Request model. Must not be {@code null}.
+ * @param server CMPv2 Server. Must not be {@code null}.
+ * @param csr Certificate Signing Request {.cer} file. Must not be {@code null}.
+ * @param notBefore An optional validity to set in the created certificate, Certificate not valid
+ * before this date.
+ * @param notAfter An optional validity to set in the created certificate, Certificate not valid
+ * after this date.
+ * @return {@link X509Certificate} The newly created Certificate.
+ * @throws CmpClientException if client error occurs.
+ */
+ List<List<X509Certificate>> createCertificate(
+ String caName,
+ String profile,
+ CsrModel csrModel,
+ Cmpv2Server server,
+ X509Certificate csr,
+ Date notBefore,
+ Date notAfter)
+ throws CmpClientException;
- /**
- * Requests for a External Root CA Certificate to be created for the passed public keyPair wrapped
- * in a CSRMeta with common details, accepts self-signed certificate. Basic Authentication using
- * IAK/RV, Verification of the signature (proof-of-possession) on the request is performed and an
- * Exception thrown if verification fails or issue encountered in fetching certificate from CA.
- *
- * @param caName Information about the External Root Certificate Authority (CA) performing the
- * event CA Name. Could be {@code null}.
- * @param profile Profile on CA server Client/RA Mode configuration on Server. Could be {@code
- * null}.
- * @param csrMeta Certificate Signing Request Meta Data. Must not be {@code null}.
- * @param csr Certificate Signing Request {.cer} file. Must not be {@code null}.
- * @return {@link X509Certificate} The newly created Certificate.
- * @throws CmpClientException if client error occurs.
- */
- List<List<X509Certificate>> createCertificate(
- String caName,
- String profile,
- CsrMeta csrMeta,
- X509Certificate csr)
- throws CmpClientException;
+ /**
+ * Requests for a External Root CA Certificate to be created for the passed public keyPair wrapped
+ * in a CSRMeta with common details, accepts self-signed certificate. Basic Authentication using
+ * IAK/RV, Verification of the signature (proof-of-possession) on the request is performed and an
+ * Exception thrown if verification fails or issue encountered in fetching certificate from CA.
+ *
+ * @param caName Information about the External Root Certificate Authority (CA) performing the
+ * event CA Name. Could be {@code null}.
+ * @param profile Profile on CA server Client/RA Mode configuration on Server. Could be {@code
+ * null}.
+ * @param csrModel Certificate Signing Request Model. Must not be {@code null}.
+ * @param server CMPv2 server. Must not be {@code null}.
+ * @param csr Certificate Signing Request {.cer} file. Must not be {@code null}.
+ * @return {@link X509Certificate} The newly created Certificate.
+ * @throws CmpClientException if client error occurs.
+ */
+ List<List<X509Certificate>> createCertificate(
+ String caName,
+ String profile,
+ CsrModel csrModel,
+ Cmpv2Server server,
+ X509Certificate csr)
+ throws CmpClientException;
}
diff --git a/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/external/CsrMeta.java b/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/external/CsrMeta.java
deleted file mode 100644
index 4c4e784c..00000000
--- a/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/external/CsrMeta.java
+++ /dev/null
@@ -1,208 +0,0 @@
-/*
- * ============LICENSE_START====================================================
- * org.onap.aaf
- * ===========================================================================
- * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
- *
- * Modifications Copyright (C) 2019 IBM.
- * ===========================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END====================================================
- *
- */
-
-package org.onap.aaf.certservice.cmpv2client.external;
-
-import java.security.KeyPair;
-import java.util.ArrayList;
-import java.util.List;
-
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x500.X500NameBuilder;
-import org.bouncycastle.asn1.x500.style.BCStyle;
-import org.bouncycastle.asn1.x509.Certificate;
-
-public class CsrMeta {
-
- private String cn;
- private String mechID;
- private String environment;
- private String email;
- private String challenge;
- private String issuerCn;
- private String issuerEmail;
- private String password;
- private String caUrl;
- private List<Rdn> rdns;
- private ArrayList<String> sanList = new ArrayList<>();
- private KeyPair keyPair;
- private X500Name name;
- private X500Name issuerName;
- private Certificate certificate;
- private String senderKid;
-
- public CsrMeta(List<Rdn> rdns) {
- this.rdns = rdns;
- }
-
- public X500Name getX500Name() {
- if (name == null) {
- X500NameBuilder nameBuilder = new X500NameBuilder();
- nameBuilder.addRDN(BCStyle.CN, cn);
- nameBuilder.addRDN(BCStyle.E, email);
- if (mechID != null) {
- if (environment == null) {
- nameBuilder.addRDN(BCStyle.OU, mechID);
- } else {
- nameBuilder.addRDN(BCStyle.OU, mechID + ':' + environment);
- }
- }
- for (Rdn rdn : rdns) {
- nameBuilder.addRDN(rdn.getAoi(), rdn.getValue());
- }
- name = nameBuilder.build();
- }
- return name;
- }
-
- public X500Name getIssuerX500Name() {
- if (issuerName == null) {
- X500NameBuilder xnb = new X500NameBuilder();
- xnb.addRDN(BCStyle.CN, issuerCn);
- if (issuerEmail != null) {
- xnb.addRDN(BCStyle.E, issuerEmail);
- }
- issuerName = xnb.build();
- }
- return issuerName;
- }
-
- public void addSan(String san) {
- sanList.add(san);
- }
-
- public List<String> getSans() {
- return sanList;
- }
-
- public KeyPair getKeyPairOrGenerateIfNull() {
- if (keyPair == null) {
- keyPair = Factory.generateKeyPair();
- }
- return keyPair;
- }
-
- public KeyPair getKeyPair() {
- return keyPair;
- }
-
- public void setKeyPair(KeyPair keyPair) {
- this.keyPair = keyPair;
- }
-
- public String getCn() {
- return cn;
- }
-
- public void setCn(String cn) {
- this.cn = cn;
- }
-
- public void setEnvironment(String env) {
- environment = env;
- }
-
- public String getEnvironment() {
- return environment;
- }
-
- public String getMechID() {
- return mechID;
- }
-
- public void setMechID(String mechID) {
- this.mechID = mechID;
- }
-
- public String getEmail() {
- return email;
- }
-
- public void setEmail(String email) {
- this.email = email;
- }
-
- public String getChallenge() {
- return challenge;
- }
-
- public void setChallenge(String challenge) {
- this.challenge = challenge;
- }
-
- public void setPassword(String password) {
- this.password = password;
- }
-
- public String getPassword() {
- return password;
- }
-
- public void setCertificate(Certificate certificate) {
- this.certificate = certificate;
- }
-
- public Certificate getCertificate() {
- return certificate;
- }
-
- public void setIssuerCn(String issuerCn) {
- this.issuerCn = issuerCn;
- }
-
- public String getCaUrl() {
- return caUrl;
- }
-
- public void setCaUrl(String caUrl) {
- this.caUrl = caUrl;
- }
-
- public String getSenderKid() {
- return senderKid;
- }
-
- public void setSenderKid(String senderKid) {
- this.senderKid = senderKid;
- }
-
- public String getIssuerCn() {
- return issuerCn;
- }
-
- public String getIssuerEmail() {
- return issuerEmail;
- }
-
- public void setIssuerEmail(String issuerEmail) {
- this.issuerEmail = issuerEmail;
- }
-
- public void setIssuerName(X500Name issuerName) {
- this.issuerName = issuerName;
- }
-
- public void setName(X500Name name) {
- this.name = name;
- }
-}
diff --git a/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpClientImpl.java b/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpClientImpl.java
index 39a0877c..79656e91 100644
--- a/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpClientImpl.java
+++ b/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpClientImpl.java
@@ -20,6 +20,7 @@
package org.onap.aaf.certservice.cmpv2client.impl;
+import java.security.KeyPair;
import java.security.PublicKey;
import static org.onap.aaf.certservice.cmpv2client.impl.CmpResponseHelper.checkIfCmpResponseContainsError;
@@ -47,9 +48,10 @@ import org.bouncycastle.asn1.cmp.PKIBody;
import org.bouncycastle.asn1.cmp.PKIHeader;
import org.bouncycastle.asn1.cmp.PKIMessage;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server;
+import org.onap.aaf.certservice.certification.model.CsrModel;
import org.onap.aaf.certservice.cmpv2client.exceptions.CmpClientException;
import org.onap.aaf.certservice.cmpv2client.api.CmpClient;
-import org.onap.aaf.certservice.cmpv2client.external.CsrMeta;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -73,36 +75,38 @@ public class CmpClientImpl implements CmpClient {
public List<List<X509Certificate>> createCertificate(
String caName,
String profile,
- CsrMeta csrMeta,
+ CsrModel csrModel,
+ Cmpv2Server server,
X509Certificate cert,
Date notBefore,
Date notAfter)
throws CmpClientException {
- // Validate inputs for Certificate Request
- validate(csrMeta, cert, caName, profile, httpClient, notBefore, notAfter);
+
+ validate(csrModel, server, cert, caName, profile, httpClient, notBefore, notAfter);
+ KeyPair keyPair = new KeyPair(csrModel.getPublicKey(), csrModel.getPrivateKey());
final CreateCertRequest certRequest =
CmpMessageBuilder.of(CreateCertRequest::new)
- .with(CreateCertRequest::setIssuerDn, csrMeta.getIssuerX500Name())
- .with(CreateCertRequest::setSubjectDn, csrMeta.getX500Name())
- .with(CreateCertRequest::setSansList, csrMeta.getSans())
- .with(CreateCertRequest::setSubjectKeyPair, csrMeta.getKeyPair())
+ .with(CreateCertRequest::setIssuerDn, server.getIssuerDN())
+ .with(CreateCertRequest::setSubjectDn, csrModel.getSubjectData())
+ .with(CreateCertRequest::setSansList, csrModel.getSans())
+ .with(CreateCertRequest::setSubjectKeyPair, keyPair)
.with(CreateCertRequest::setNotBefore, notBefore)
.with(CreateCertRequest::setNotAfter, notAfter)
- .with(CreateCertRequest::setInitAuthPassword, csrMeta.getPassword())
- .with(CreateCertRequest::setSenderKid, csrMeta.getSenderKid())
+ .with(CreateCertRequest::setInitAuthPassword, server.getAuthentication().getIak())
+ .with(CreateCertRequest::setSenderKid, server.getAuthentication().getRv())
.build();
final PKIMessage pkiMessage = certRequest.generateCertReq();
Cmpv2HttpClient cmpv2HttpClient = new Cmpv2HttpClient(httpClient);
- return retrieveCertificates(caName, csrMeta, pkiMessage, cmpv2HttpClient);
+ return retrieveCertificates(caName, csrModel, server, pkiMessage, cmpv2HttpClient);
}
@Override
public List<List<X509Certificate>> createCertificate(
- String caName, String profile, CsrMeta csrMeta, X509Certificate csr)
+ String caName, String profile, CsrModel csrModel, Cmpv2Server server, X509Certificate csr)
throws CmpClientException {
- return createCertificate(caName, profile, csrMeta, csr, null, null);
+ return createCertificate(caName, profile, csrModel, server, csr, null, null);
}
private void checkCmpResponse(
@@ -191,14 +195,16 @@ public class CmpClientImpl implements CmpClient {
/**
* Validate inputs for Certificate Creation.
*
- * @param csrMeta CSRMeta Object containing variables for creating a Certificate Request.
+ * @param csrModel Certificate Signing Request model. Must not be {@code null}.
+ * @param server CMPv2 Server. Must not be {@code null}.
* @param cert Certificate object needed to validate response from CA server.
* @param incomingCaName Date specifying certificate is not valid before this date.
* @param incomingProfile Date specifying certificate is not valid after this date.
* @throws IllegalArgumentException if Before Date is set after the After Date.
*/
- private void validate(
- final CsrMeta csrMeta,
+ private static void validate(
+ final CsrModel csrModel,
+ final Cmpv2Server server,
final X509Certificate cert,
final String incomingCaName,
final String incomingProfile,
@@ -206,20 +212,19 @@ public class CmpClientImpl implements CmpClient {
final Date notBefore,
final Date notAfter) {
- String caName;
- String caProfile;
- caName = CmpUtil.isNullOrEmpty(incomingCaName) ? incomingCaName : DEFAULT_CA_NAME;
- caProfile = CmpUtil.isNullOrEmpty(incomingProfile) ? incomingProfile : DEFAULT_PROFILE;
+ String caName = CmpUtil.isNullOrEmpty(incomingCaName) ? incomingCaName : DEFAULT_CA_NAME;
+ String caProfile = CmpUtil.isNullOrEmpty(incomingProfile) ? incomingProfile : DEFAULT_PROFILE;
LOG.info(
"Validate before creating Certificate Request for CA :{} in Mode {} ", caName, caProfile);
- CmpUtil.notNull(csrMeta, "CSRMeta Instance");
- CmpUtil.notNull(csrMeta.getX500Name(), "Subject DN");
- CmpUtil.notNull(csrMeta.getIssuerX500Name(), "Issuer DN");
- CmpUtil.notNull(csrMeta.getPassword(), "IAK/RV Password");
+ CmpUtil.notNull(csrModel, "CsrModel Instance");
+ CmpUtil.notNull(csrModel.getSubjectData(), "Subject DN");
+ CmpUtil.notNull(csrModel.getPrivateKey(), "Subject private key");
+ CmpUtil.notNull(csrModel.getPublicKey(), "Subject public key");
+ CmpUtil.notNull(server.getIssuerDN(), "Issuer DN");
+ CmpUtil.notNull(server.getUrl(), "External CA URL");
+ CmpUtil.notNull(server.getAuthentication().getIak(), "IAK/RV Password");
CmpUtil.notNull(cert, "Certificate Signing Request (CSR)");
- CmpUtil.notNull(csrMeta.getCaUrl(), "External CA URL");
- CmpUtil.notNull(csrMeta.getKeyPairOrGenerateIfNull(), "Subject KeyPair");
CmpUtil.notNull(httpClient, "Closeable Http Client");
if (notBefore != null && notAfter != null && notBefore.compareTo(notAfter) > 0) {
@@ -228,14 +233,14 @@ public class CmpClientImpl implements CmpClient {
}
private List<List<X509Certificate>> retrieveCertificates(
- String caName, CsrMeta csrMeta, PKIMessage pkiMessage, Cmpv2HttpClient cmpv2HttpClient)
+ String caName, CsrModel csrModel, Cmpv2Server server, PKIMessage pkiMessage, Cmpv2HttpClient cmpv2HttpClient)
throws CmpClientException {
- final byte[] respBytes = cmpv2HttpClient.postRequest(pkiMessage, csrMeta.getCaUrl(), caName);
+ final byte[] respBytes = cmpv2HttpClient.postRequest(pkiMessage, server.getUrl(), caName);
try {
final PKIMessage respPkiMessage = PKIMessage.getInstance(respBytes);
LOG.info("Received response from Server");
checkIfCmpResponseContainsError(respPkiMessage);
- checkCmpResponse(respPkiMessage, csrMeta.getKeyPairOrGenerateIfNull().getPublic(), csrMeta.getPassword());
+ checkCmpResponse(respPkiMessage, csrModel.getPublicKey(), server.getAuthentication().getIak());
return checkCmpCertRepMessage(respPkiMessage);
} catch (IllegalArgumentException iae) {
CmpClientException cmpClientException =