From d5aa15227f0c8a8bd57b668fdc25eb3935be81c5 Mon Sep 17 00:00:00 2001
From: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
Date: Tue, 3 Mar 2020 09:49:04 +0100
Subject: Fix PrivateKey encoding in certservice-client, refactor CsrFactory

Add PrivateKeyToPemEncoder with tests
Refactor CsrFactory to return not encoded PEM string (less responsibility and easier to test later)

Issue-ID: AAF-996
Change-Id: Ia8124d43ef7fb8b1d3077c98929c52f30b6512c6
Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
---
 .../client/certification/CsrFactoryTest.java       |  2 +-
 .../certification/PrivateKeyToPemEncoderTest.java  | 66 ++++++++++++++++++++++
 .../src/test/resources/rsaPrivateKeyPem            | 28 +++++++++
 3 files changed, 95 insertions(+), 1 deletion(-)
 create mode 100644 certServiceClient/src/test/java/org/onap/aaf/certservice/client/certification/PrivateKeyToPemEncoderTest.java
 create mode 100644 certServiceClient/src/test/resources/rsaPrivateKeyPem

(limited to 'certServiceClient/src/test')

diff --git a/certServiceClient/src/test/java/org/onap/aaf/certservice/client/certification/CsrFactoryTest.java b/certServiceClient/src/test/java/org/onap/aaf/certservice/client/certification/CsrFactoryTest.java
index 16b5e03b..809a91f2 100644
--- a/certServiceClient/src/test/java/org/onap/aaf/certservice/client/certification/CsrFactoryTest.java
+++ b/certServiceClient/src/test/java/org/onap/aaf/certservice/client/certification/CsrFactoryTest.java
@@ -52,7 +52,7 @@ public class CsrFactoryTest {
         when(config.getOrganizationUnit()).thenReturn("ONAP");
         when(config.getState()).thenReturn("California");
 
-        assertThat(new CsrFactory(config).createEncodedCsr(keyPair)).isNotEmpty();
+        assertThat(new CsrFactory(config).createCsrInPem(keyPair)).isNotEmpty();
      }
 }
 
diff --git a/certServiceClient/src/test/java/org/onap/aaf/certservice/client/certification/PrivateKeyToPemEncoderTest.java b/certServiceClient/src/test/java/org/onap/aaf/certservice/client/certification/PrivateKeyToPemEncoderTest.java
new file mode 100644
index 00000000..def9c1d5
--- /dev/null
+++ b/certServiceClient/src/test/java/org/onap/aaf/certservice/client/certification/PrivateKeyToPemEncoderTest.java
@@ -0,0 +1,66 @@
+/*============LICENSE_START=======================================================
+ * aaf-certservice-client
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.aaf.certservice.client.certification;
+
+
+import org.bouncycastle.util.io.pem.PemObject;
+import org.bouncycastle.util.io.pem.PemReader;
+import org.junit.jupiter.api.Test;
+import org.onap.aaf.certservice.client.certification.exception.PkEncodingException;
+
+import java.io.IOException;
+import java.io.StringReader;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.security.KeyFactory;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.PKCS8EncodedKeySpec;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+class PrivateKeyToPemEncoderTest {
+
+    private static final String ENCRYPTION_ALGORITHM = "RSA";
+    private static final String RESOURCES_DIR = "src/test/resources/";
+    private static final String PRIVATE_KEY_PEM_PATH = RESOURCES_DIR + "rsaPrivateKeyPem";
+
+    @Test
+    public void shouldReturnProperlyEncodedPrivateKey() throws InvalidKeySpecException, NoSuchAlgorithmException, PkEncodingException, IOException {
+        //given
+        String expectedPem = Files.readString(Paths.get(PRIVATE_KEY_PEM_PATH));
+        PrivateKeyToPemEncoder testedPkEncoder = new PrivateKeyToPemEncoder();
+        //when
+        PrivateKey privateKey = extractPrivateKeyFromPem(expectedPem);
+        String resultPkInPem = testedPkEncoder.encodePrivateKeyToPem(privateKey);
+        //then
+        assertThat(resultPkInPem).isEqualTo(expectedPem);
+    }
+
+    private PrivateKey extractPrivateKeyFromPem(String pem) throws NoSuchAlgorithmException, InvalidKeySpecException, IOException {
+        PemReader pemReader = new PemReader(new StringReader(pem));
+        PemObject pemObject = pemReader.readPemObject();
+        pemReader.close();
+        PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(pemObject.getContent());
+        KeyFactory kf = KeyFactory.getInstance(ENCRYPTION_ALGORITHM);
+        return kf.generatePrivate(spec);
+    }
+}
\ No newline at end of file
diff --git a/certServiceClient/src/test/resources/rsaPrivateKeyPem b/certServiceClient/src/test/resources/rsaPrivateKeyPem
new file mode 100644
index 00000000..a99cc3c8
--- /dev/null
+++ b/certServiceClient/src/test/resources/rsaPrivateKeyPem
@@ -0,0 +1,28 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCwooLW/yfXHIGs
+djOW6zCM6mzGq4ZkFr0LMVBE+Y9dckGsYJzCrfC4pQtFjcvTlwalu6/YOgieR/zY
+bgVF7Ic0IYV+BssO+t6Zx2xYli4NIGc5kJgDrKtR6lWvH8AMnQEr+QiDElLBWobU
++QGn5v8A528Ow5yD1fmxKTqqvWS4v1rOShGCIdse5ViraGjnMFxOV6u6pGqa17v7
+dTh0XIUyF/o3aSbmBHXkmvQ4pu/K1ncsF2zHIqUWAc7j8y1u5uE5o8b+dUzkcS4t
+QKfjFKP81I7XQNmpGZ8REzWyaYVk3RrMCju6iVgdKrs198Wif0b7wGswFv4BFhOp
+2jceFUwfAgMBAAECggEABjDb9x8gTVjRbrMB4eNCY14ADAKNBksJuy+ySYiZrsPH
+a3xDYktoaYBXYcuzfioH8J0gb6qxDKMnSIqqoqXEo14daKpiSZcfYDJuKLiyyoD9
+PTZFLbPKmWdmM2ogeBC0rs7eroFg5yf+G87ScQkWnPh/mvveK3y/cKcqSDu1IQh8
+3b8KQshC5g4iBqCfOMW3ASF03M4zmM3brKMWsdsAWEbFHQ34H10FXTHrAINpWIZK
+s2NL3z9tK6hXrwlZdKH6R/JWczSO7O5MBjLfeXZK7q3Tw4qtFWWjcNwfPlUZKMAS
+3fZFamFwY//qW+0yuCO59o70d9Pjm6p0DWsfOs9t8QKBgQD1iRdGV4xZXZT9Q4Wh
+LQMnChjuNHcmhdBYbmC03j3AffQwkQ1dKt++9uWYdy9dO9v1w7aygAMQI36jkDvR
+UJ1Rnmt9gQpeOL/wHP3R0uHbTtxLeGnX3Oo1Yx7Wfl98rq4mmBxjO5Lgft/6kTgz
+XgeiNDWi53KwDEOoFaZhWihZ6QKBgQC4Ka5Hc9wXD/5utpvNs5ut+9zjY0kx6kr8
+SyDZExbVR1ohtvSQ2sd2JvZPyFS0VbvYfFPhyCYcWW9LDEX168CZT5aHgcNop1Iu
+Szq8nYrljFa5Ibdlpf0qxC6JgObC2XytUR0O7BaXHBWpl0/wLpLTcfU2wTDLRoH8
+JLu7P3MoxwKBgQCI9DWqQ60CL8Op3J7NvviyLtynCVaogx0qJi8E062oD9lDubS1
+kfOJZde8ykX+ACR5mffu6p5KwzGg9BOZdhi57N5R+8cXtRnCSbl97t2R4RPZeMm4
+4P02WBpcU9LZDeoPlurGovUTCVHPRm8Nn9YsMGj2e5ip/71BJQpP5OT6+QKBgQCP
+NYJb+AG3QW22hHQmArxWEFxVyrh5g1sqU/XIOCryUVkKjK4kEq02+NdjdUJBNcYs
+c4n7MlxIgVelQXcJ5HlR/uzslQDy2eJzM3cKg2wmUvqBXnGyLuDvJ72UmdNYxC1K
+zZ/OIdLzURibV5oHCQCOQrjQCm06NasQ+zOtSYrwswKBgQCUHhgxynFNyidxPFzX
+V0X5xCbJ3jvJNjZFRsItQ97vEAkfJqxCnOZKMti0JWSlLBEViaKnqaA+ZE/SeJ/k
+Jut5h9gu4QIdeF4mf9v3tjuEQP7RaMCD6xnFZnebkQf6wlZz5VaXME4ICpi1Cnk7
+DySS9CMoRnwdwY7hAbfPtupKDA==
+-----END RSA PRIVATE KEY-----
-- 
cgit 1.2.3-korg