diff options
| author |   Bartosz Gardziejewski <bartosz.gardziejewski@nokia.com> | 2020-02-12 11:53:42 +0100 |
|---|---|---|
| committer | Bartosz Gardziejewski <bartosz.gardziejewski@nokia.com> | 2020-02-13 10:53:19 +0100 |
| commit | 1d90088826d5bb2f141be9683d9e31b606fca978 (patch) | |
| tree | e2cf2fb2f81f607ed0f8142ee08bd9879355cbcb | |
| parent | 41a5418f3d93fb09d5544c2070b42d5d5f4e216a (diff) | |
Return hardcoded CA certs and certification chain.
Issue-ID: AAF-995
Signed-off-by: Bartosz Gardziejewski <bartosz.gardziejewski@nokia.com>
Change-Id: I38b498c4deeedc4ea4323065c5f7b5ddd137209f
17 files changed, 475 insertions, 27 deletions
diff --git a/certService/pom.xml b/certService/pom.xml index 194e2ae4..ea919f8c 100644 --- a/certService/pom.xml +++ b/certService/pom.xml @@ -44,6 +44,7 @@ </springdoc-openapi-maven-plugin.apiDocsUrl> <docker-maven-plugin.image-name>onap/${project.artifactId}</docker-maven-plugin.image-name> <springdoc-openapi-maven-plugin.version>0.2</springdoc-openapi-maven-plugin.version> + <gson.version>2.8.6</gson.version> </properties> <dependencyManagement> @@ -120,6 +121,11 @@ <artifactId>bcprov-jdk15on</artifactId> <version>${bouncycastle.version}</version> </dependency> + <dependency> + <groupId>com.google.code.gson</groupId> + <artifactId>gson</artifactId> + <version>${gson.version}</version> + </dependency> </dependencies> <build> diff --git a/certService/src/main/java/org/onap/aaf/certservice/api/CertificationService.java b/certService/src/main/java/org/onap/aaf/certservice/api/CertificationService.java index a46e07fc..75fc0f52 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/api/CertificationService.java +++ b/certService/src/main/java/org/onap/aaf/certservice/api/CertificationService.java @@ -20,10 +20,15 @@ package org.onap.aaf.certservice.api; +import com.google.gson.Gson; +import org.onap.aaf.certservice.certification.CertificationModelFactory; import org.onap.aaf.certservice.certification.CsrModelFactory; import org.onap.aaf.certservice.certification.CsrModelFactory.StringBase64; import org.onap.aaf.certservice.certification.exceptions.CsrDecryptionException; +import org.onap.aaf.certservice.certification.exceptions.PemDecryptionException; +import org.onap.aaf.certservice.certification.model.CertificationModel; import org.onap.aaf.certservice.certification.model.CsrModel; +import org.onap.aaf.certservice.certification.model.ErrorResponseModel; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -41,10 +46,12 @@ public class CertificationService { private static final Logger LOGGER = LoggerFactory.getLogger(CertificationService.class); private final CsrModelFactory csrModelFactory; + private final CertificationModelFactory certificationModelFactory; @Autowired - CertificationService(CsrModelFactory csrModelFactory) { + CertificationService(CsrModelFactory csrModelFactory, CertificationModelFactory certificationModelFactory) { this.csrModelFactory = csrModelFactory; + this.certificationModelFactory = certificationModelFactory; } /** @@ -56,7 +63,7 @@ public class CertificationService { * @param encodedPrivateKey Private key for CSR, needed for PoP, encoded in Base64 form * @return JSON containing trusted certificates and certificate chain */ - @GetMapping("v1/certificate/{caName}") + @GetMapping(value = "v1/certificate/{caName}", produces = "application/json; charset=utf-8") public ResponseEntity<String> signCertificate( @PathVariable String caName, @RequestHeader("CSR") String encodedCsr, @@ -71,12 +78,26 @@ public class CertificationService { new StringBase64(encodedPrivateKey) ); LOGGER.debug("Received CSR meta data: \n{}", csrModel); - return new ResponseEntity<>(csrModel.toString(), HttpStatus.OK); + CertificationModel certificationModel = certificationModelFactory + .createCertificationModel(csrModel,caName); + return new ResponseEntity<>( + new Gson().toJson(certificationModel), + HttpStatus.OK); } catch (CsrDecryptionException e) { - LOGGER.error("Exception occurred during certificate signing:", e); - return new ResponseEntity<>("Wrong certificate signing request (CSR) format", HttpStatus.BAD_REQUEST); + LOGGER.error("Exception occurred during decoding certificate sign request:", e); + return getErrorResponseEntity("Wrong certificate signing request (CSR) format"); + } catch (PemDecryptionException e) { + LOGGER.error("Exception occurred during decoding key:", e); + return getErrorResponseEntity("Wrong key (PK) format"); } } + private ResponseEntity<String> getErrorResponseEntity(String errorMessage) { + ErrorResponseModel errorResponse = new ErrorResponseModel(errorMessage); + return new ResponseEntity<>( + new Gson().toJson(errorResponse), + HttpStatus.BAD_REQUEST); + } + } diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationData.java b/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationData.java new file mode 100644 index 00000000..a347762e --- /dev/null +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationData.java @@ -0,0 +1,127 @@ +/* + * ============LICENSE_START======================================================= + * PROJECT + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.certification; + + +final class CertificationData { + + private CertificationData() {} + + private static final String BEGIN_CERTIFICATE = "-----BEGIN CERTIFICATE-----\n"; + private static final String END_CERTIFICATE = "-----END CERTIFICATE-----"; + + static final String EXTRA_CA_CERT = "" + + BEGIN_CERTIFICATE + + "MIIDvzCCAqcCFF5DejiyfoNfPiiMmBXulniBewBGMA0GCSqGSIb3DQEBCwUAMIGb\n" + + "MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2Fu\n" + + "LUZyYW5jaXNjbzEZMBcGA1UECgwQTGludXgtRm91bmRhdGlvbjENMAsGA1UECwwE\n" + + "T05BUDEVMBMGA1UEAwwMbmV3Lm9uYXAub3JnMR4wHAYJKoZIhvcNAQkBFg90ZXN0\n" + + "ZXJAb25hcC5vcmcwHhcNMjAwMjEyMDk1OTM3WhcNMjEwMjExMDk1OTM3WjCBmzEL\n" + + "MAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbi1G\n" + + "cmFuY2lzY28xGTAXBgNVBAoMEExpbnV4LUZvdW5kYXRpb24xDTALBgNVBAsMBE9O\n" + + "QVAxFTATBgNVBAMMDG5ldy5vbmFwLm9yZzEeMBwGCSqGSIb3DQEJARYPdGVzdGVy\n" + + "QG9uYXAub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtF4FXeDV\n" + + "ng/inC/bTACmZnLC9IiC7PyG/vVbMxxN1bvQLRAwC/Hbl3i9zD68Vs/jPPr/SDr9\n" + + "2rgItdDdUY1V30Y3PT06F11XdEaRb+t++1NX0rDf1AqPaBZgnBmB86s1wbqHdJTr\n" + + "wEImDZ5xMPfP3fiWy/9Yw/U7iRMIi1/oI0lWuHJV0bn908shuJ6dvInpRCoDnoTX\n" + + "YP/FiDSZCFVewQcq4TigB7kRqZrDcPZWbSlqHklDMXRwbCxAiFSziuX6TBwru9Rn\n" + + "HhIeXVSgMU1ZSSopVbJGtQ4zSsU1nvTK5Bhc2UHGcAOZy1xTN5D9EEbTqh7l+Wtx\n" + + "y8ojkEXvFG8lVwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAE+bUphwHit78LK8sb\n" + + "OMjt4DiEu32KeSJOpYgPLeBeAIynaNsa7sQrpuxerGNTmQWIcw6olXI0J+OOwkik\n" + + "II7elrYtd5G1uALxXWdamNsaY0Du34moVL1YjexJ7qQ4oBUxg2tuY8NAQGDK+23I\n" + + "nCA+ZwzdTJo73TYS6sx64d/YLWkX4nHGUoMlF+xUH34csDyhpuTSzQhC2quB5N8z\n" + + "tSFdpe4z2jqx07qo2EBFxi03EQ8Q0ex6l421QM2gbs7cZQ66K0DkpPcF2+iHZnyx\n" + + "xq1lnlsWHklElF2bhyXTn3fPp5wtan00P8IolKx7CAWb92QjkW6M0RvTW/xuwIzh\n" + + "0rTO\n" + + END_CERTIFICATE; + + static final String CA_CERT = "" + + BEGIN_CERTIFICATE + + "MIIDtzCCAp8CFAwqQddh4/iyGfP8UZ3dpXlxfAN8MA0GCSqGSIb3DQEBCwUAMIGX\n" + + "MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2Fu\n" + + "LUZyYW5jaXNjbzEZMBcGA1UECgwQTGludXgtRm91bmRhdGlvbjENMAsGA1UECwwE\n" + + "T05BUDERMA8GA1UEAwwIb25hcC5vcmcxHjAcBgkqhkiG9w0BCQEWD3Rlc3RlckBv\n" + + "bmFwLm9yZzAeFw0yMDAyMTIwOTM0MjdaFw0yMTAyMTEwOTM0MjdaMIGXMQswCQYD\n" + + "VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuLUZyYW5j\n" + + "aXNjbzEZMBcGA1UECgwQTGludXgtRm91bmRhdGlvbjENMAsGA1UECwwET05BUDER\n" + + "MA8GA1UEAwwIb25hcC5vcmcxHjAcBgkqhkiG9w0BCQEWD3Rlc3RlckBvbmFwLm9y\n" + + "ZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCFrnO7/eT6V+7XkPPd\n" + + "eiL/6xXreuegvit/1/jTVjG+3AOVcmTn2WXwXXRcQLvkWQfJVPoltsY8E3FqFRti\n" + + "797XjY6cdQJFVDyzNU0+Fb4vJL9FK5wSvnS6EFjBEn3JvXRlENorDCs/mfjkjJoa\n" + + "Dl74gXQEJYcg4nsTeNIj7cm3Q7VK3mZt1t7LSJJ+czxv69UJDuNJpmQ/2WOKyLZA\n" + + "gTtBJ+Hyol45/OLsrqwq1dAn9ZRWIFPvRt/XQYH9bI/6MtqSreRVUrdYCiTe/XpP\n" + + "B/OM6NEi2+p5QLi3Yi70CEbqP3HqUVbkzF+r7bwIb6M5/HxfqzLmGwLvD+6rYnUn\n" + + "Bm8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAhXoO65DXth2X/zFRNsCNpLwmDy7r\n" + + "PxT9ZAIZAzSxx3/aCYiuTrKP1JnqjkO+F2IbikrI4n6sKO49SKnRf9SWTFhd+5dX\n" + + "vxq5y7MaqxHAY9J7+Qzq33+COVFQnaF7ddel2NbyUVb2b9ZINNsaZkkPXui6DtQ7\n" + + "/Fb/1tmAGWd3hMp75G2thBSzs816JMKKa9WD+4VGATEs6OSll4sv2fOZEn+0mAD3\n" + + "9q9c+WtLGIudOwcHwzPb2njtNntQSCK/tVOqbY+vzhMY3JW+p9oSrLDSdGC+pAKK\n" + + "m/wB+2VPIYcsPMtIhHC4tgoSaiCqjXYptaOh4b8ye8CPBUCpX/AYYkN0Ow==\n" + + END_CERTIFICATE; + + static final String INTERMEDIATE_CERT = "" + + BEGIN_CERTIFICATE + + "MIIDqTCCApGgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZcxCzAJBgNVBAYTAlVT\n" + + "MRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4tRnJhbmNpc2NvMRkw\n" + + "FwYDVQQKDBBMaW51eC1Gb3VuZGF0aW9uMQ0wCwYDVQQLDARPTkFQMREwDwYDVQQD\n" + + "DAhvbmFwLm9yZzEeMBwGCSqGSIb3DQEJARYPdGVzdGVyQG9uYXAub3JnMB4XDTIw\n" + + "MDIxMjA5NDAxMloXDTIyMTEwODA5NDAxMlowgYQxCzAJBgNVBAYTAlVTMRMwEQYD\n" + + "VQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4tRnJhbmNpc2NvMRkwFwYDVQQK\n" + + "DBBMaW51eC1Gb3VuZGF0aW9uMQ0wCwYDVQQLDARPTkFQMR4wHAYDVQQDDBVpbnRl\n" + + "cm1lZGlhdGUub25hcC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB\n" + + "AQC1oOYMZ6G+2DGDAizYnzdCNiogivlht1s4oqgem7fM1XFPxD2p31ATIibOdqr/\n" + + "gv1qemO9Q4r1xn6w1Ufq7T1K7PjnMzdSeTqZefurE2JM/HHx2QvW4TjMlz2ILgaD\n" + + "L1LN60kmMQSOi5VxKJpsrCQxbOsxhvefd212gny5AZMcjJe23kUd9OxUrtvpdLEv\n" + + "wI3vFEvT7oRUnEUg/XNz7qeg33vf1C39yMR+6O4s6oevgsEebVKjb+yOoS6zzGtz\n" + + "72wZjm07C54ZlO+4Uy+QAlMjRiU3mgWkKbkOy+4CvwehjhpTikdBs2DX39ZLGHhn\n" + + "L/0a2NYtGulp9XEqmTvRoI+PAgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n" + + "hvcNAQELBQADggEBADcitdJ6YswiV8jAD9GK0gf3+zqcGegt4kt+79JXlXYbb1sY\n" + + "q3o6prcB7nSUoClgF2xUPCslFGpM0Er9FCSFElQM/ru0l/KVmJS6kSpwEHvsYIH3\n" + + "q5anta+Pyk8JSQWAAw+qrind0uBQMnhR8Tn13tgV+Kjvg/xlH/nZIEdN5YtLB1cA\n" + + "beVsZRyRfVL9DeZU8s/MZ5wC3kgcEp5A4m5lg7HyBxBdqhzFcDr6xiy6OGqW8Yep\n" + + "xrwfc8Fw8a/lOv4U+tBeGNKPQDYaL9hh+oM+qMkNXsHXDqdJsuEGJtU4i3Wcwzoc\n" + + "XGN5NWV//4bP+NFmwgcn7AYCdRvz04A8GU/0Cwg=\n" + + END_CERTIFICATE; + + static final String ENTITY_CERT = "" + + BEGIN_CERTIFICATE + + "MIIDjDCCAnSgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwgYQxCzAJBgNVBAYTAlVT\n" + + "MRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4tRnJhbmNpc2NvMRkw\n" + + "FwYDVQQKDBBMaW51eC1Gb3VuZGF0aW9uMQ0wCwYDVQQLDARPTkFQMR4wHAYDVQQD\n" + + "DBVpbnRlcm1lZGlhdGUub25hcC5vcmcwHhcNMjAwMjEyMDk1MTI2WhcNMjIxMTA4\n" + + "MDk1MTI2WjB7MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG\n" + + "A1UEBwwNU2FuLUZyYW5jaXNjbzEZMBcGA1UECgwQTGludXgtRm91bmRhdGlvbjEN\n" + + "MAsGA1UECwwET05BUDEVMBMGA1UEAwwMdmlkLm9uYXAub3JnMIIBIjANBgkqhkiG\n" + + "9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw+GIRzJzUOh0gtc+wzFJEdTnn+q5F10L0Yhr\n" + + "G1xKdjPieHIFGsoiXwcuCU8arNSqlz7ocx62KQRkcA8y6edlOAsYtdOEJvqEI9vc\n" + + "eyTB/HYsbzw3URPGch4AmibrQkKU9QvGwouHtHn4R2Ft2Y0tfEqv9hxj9v4njq4A\n" + + "EiDLAFLl5FmVyCZu/MtKngSgu1smcaFKTYySPMxytgJZexoa/ALZyyE0gRhsvwHm\n" + + "NLGCPt1bmE/PEGZybsCqliyTO0S56ncD55The7+D/UDS4kE1Wg0svlWon/YsE6QW\n" + + "B3oeJDX7Kr8ebDTIAErevIAD7Sm4ee5se2zxYrsYlj0MzHZtvwIDAQABoxAwDjAM\n" + + "BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCvQ1pTvjON6vSlcJRKSY4r\n" + + "8q7L4/9ZaVXWJAjzEYJtPIqsgGiPWz0vGfgklowU6tZxp9zRZFXfMil+mPQSe+yo\n" + + "ULrZSQ/z48YHPueE/BNO/nT4aaVBEhPLR5aVwC7uQVX8H+m1V1UGT8lk9vdI9rej\n" + + "CI9l524sLCpdE4dFXiWK2XHEZ0Vfylk221u3IYEogVVA+UMX7BFPSsOnI2vtYK/i\n" + + "lwZtlri8LtTusNe4oiTkYyq+RSyDhtAswg8ANgvfHolhCHoLFj6w1IkG88UCmbwN\n" + + "d7BoGMy06y5MJxyXEZG0vR7eNeLey0TIh+rAszAFPsIQvrOHW+HuA+WLQAj1mhnm\n" + + END_CERTIFICATE; + +} diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationModelFactory.java b/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationModelFactory.java new file mode 100644 index 00000000..1b10c379 --- /dev/null +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationModelFactory.java @@ -0,0 +1,51 @@ +/* + * ============LICENSE_START======================================================= + * PROJECT + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.certification; + +import org.onap.aaf.certservice.certification.model.CertificationModel; +import org.onap.aaf.certservice.certification.model.CsrModel; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.stereotype.Service; + +import java.util.Arrays; + +import static org.onap.aaf.certservice.certification.CertificationData.CA_CERT; +import static org.onap.aaf.certservice.certification.CertificationData.ENTITY_CERT; +import static org.onap.aaf.certservice.certification.CertificationData.INTERMEDIATE_CERT; +import static org.onap.aaf.certservice.certification.CertificationData.EXTRA_CA_CERT; + +@Service +public class CertificationModelFactory { + + private static final Logger LOGGER = LoggerFactory.getLogger(CertificationModelFactory.class); + + + public CertificationModel createCertificationModel(CsrModel csr, String caName) { + LOGGER.info("Generating certificates for CA named: {}, and certificate signing request:\n{}", + caName, csr); + return new CertificationModel( + Arrays.asList(ENTITY_CERT, INTERMEDIATE_CERT), + Arrays.asList(CA_CERT, EXTRA_CA_CERT) + ); + } + +} diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/CsrModelFactory.java b/certService/src/main/java/org/onap/aaf/certservice/certification/CsrModelFactory.java index 98daa6eb..c1262e1e 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/CsrModelFactory.java +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/CsrModelFactory.java @@ -26,6 +26,7 @@ import java.util.Base64; import org.bouncycastle.pkcs.PKCS10CertificationRequest; import org.bouncycastle.util.io.pem.PemObject; import org.onap.aaf.certservice.certification.exceptions.CsrDecryptionException; +import org.onap.aaf.certservice.certification.exceptions.PemDecryptionException; import org.onap.aaf.certservice.certification.model.CsrModel; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -38,7 +39,8 @@ public class CsrModelFactory { private static final Logger LOGGER = LoggerFactory.getLogger(CsrModelFactory.class); private final PemObjectFactory pemObjectFactory = new PemObjectFactory(); - public CsrModel createCsrModel(StringBase64 csr, StringBase64 privateKey) throws CsrDecryptionException { + public CsrModel createCsrModel(StringBase64 csr, StringBase64 privateKey) + throws CsrDecryptionException, PemDecryptionException { LOGGER.debug("Decoded CSR: \n{}", csr); try { diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/PemObjectFactory.java b/certService/src/main/java/org/onap/aaf/certservice/certification/PemObjectFactory.java index 08ffc56d..61ea0aaf 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/PemObjectFactory.java +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/PemObjectFactory.java @@ -26,18 +26,18 @@ import java.io.StringReader; import org.bouncycastle.util.io.pem.PemObject; import org.bouncycastle.util.io.pem.PemReader; -import org.onap.aaf.certservice.certification.exceptions.CsrDecryptionException; +import org.onap.aaf.certservice.certification.exceptions.PemDecryptionException; public class PemObjectFactory { - public PemObject createPemObject(String pem) throws CsrDecryptionException { + public PemObject createPemObject(String pem) throws PemDecryptionException { try (StringReader stringReader = new StringReader(pem); PemReader pemReader = new PemReader(stringReader)) { return pemReader.readPemObject(); } catch (IOException e) { - throw new CsrDecryptionException("Unable to create PEM", e); + throw new PemDecryptionException("Unable to create PEM", e); } } diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/exceptions/CsrDecryptionException.java b/certService/src/main/java/org/onap/aaf/certservice/certification/exceptions/CsrDecryptionException.java index fb16ad91..2f3f3659 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/exceptions/CsrDecryptionException.java +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/exceptions/CsrDecryptionException.java @@ -20,7 +20,7 @@ package org.onap.aaf.certservice.certification.exceptions; -public class CsrDecryptionException extends Exception { +public class CsrDecryptionException extends DecryptionException { public CsrDecryptionException(String message, Throwable cause) { super(message, cause); } diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/exceptions/DecryptionException.java b/certService/src/main/java/org/onap/aaf/certservice/certification/exceptions/DecryptionException.java new file mode 100644 index 00000000..67249cd5 --- /dev/null +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/exceptions/DecryptionException.java @@ -0,0 +1,27 @@ +/* + * ============LICENSE_START======================================================= + * PROJECT + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.certification.exceptions; + +public class DecryptionException extends Exception { + public DecryptionException(String message, Throwable cause) { + super(message, cause); + } +} diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/exceptions/PemDecryptionException.java b/certService/src/main/java/org/onap/aaf/certservice/certification/exceptions/PemDecryptionException.java new file mode 100644 index 00000000..564660e5 --- /dev/null +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/exceptions/PemDecryptionException.java @@ -0,0 +1,28 @@ +/* + * ============LICENSE_START======================================================= + * PROJECT + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.certification.exceptions; + +public class PemDecryptionException extends DecryptionException { + public PemDecryptionException(String message, Throwable cause) { + super(message, cause); + } + +} diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/model/CertificationModel.java b/certService/src/main/java/org/onap/aaf/certservice/certification/model/CertificationModel.java new file mode 100644 index 00000000..b851d0d9 --- /dev/null +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/model/CertificationModel.java @@ -0,0 +1,44 @@ +/* + * ============LICENSE_START======================================================= + * PROJECT + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.certification.model; + +import java.util.Collections; +import java.util.List; + +public class CertificationModel { + + private final List<String> certificateChain; + private final List<String> trustedCertificates; + + public CertificationModel(List<String> certificateChain, List<String> trustedCertificates) { + this.certificateChain = certificateChain; + this.trustedCertificates = trustedCertificates; + } + + public List<String> getCertificateChain() { + return Collections.unmodifiableList(certificateChain); + } + + public List<String> getTrustedCertificates() { + return Collections.unmodifiableList(trustedCertificates); + } + +} diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/model/ErrorResponseModel.java b/certService/src/main/java/org/onap/aaf/certservice/certification/model/ErrorResponseModel.java new file mode 100644 index 00000000..bca7915d --- /dev/null +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/model/ErrorResponseModel.java @@ -0,0 +1,36 @@ +/* + * ============LICENSE_START======================================================= + * PROJECT + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.certification.model; + +public class ErrorResponseModel { + + private final String errorMessage; + + public ErrorResponseModel(String errorMessage) { + this.errorMessage = errorMessage; + } + + public String getErrorMessage() { + return errorMessage; + } + +} + diff --git a/certService/src/test/java/org/onap/aaf/certservice/api/CertificationServiceTest.java b/certService/src/test/java/org/onap/aaf/certservice/api/CertificationServiceTest.java index 9367fcb1..8ee88db5 100644 --- a/certService/src/test/java/org/onap/aaf/certservice/api/CertificationServiceTest.java +++ b/certService/src/test/java/org/onap/aaf/certservice/api/CertificationServiceTest.java @@ -20,19 +20,26 @@ package org.onap.aaf.certservice.api; +import com.google.gson.Gson; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.mockito.Mock; import org.mockito.MockitoAnnotations; +import org.onap.aaf.certservice.certification.CertificationModelFactory; import org.onap.aaf.certservice.certification.CsrModelFactory; import org.onap.aaf.certservice.certification.CsrModelFactory.StringBase64; import org.onap.aaf.certservice.certification.exceptions.CsrDecryptionException; +import org.onap.aaf.certservice.certification.exceptions.DecryptionException; +import org.onap.aaf.certservice.certification.exceptions.PemDecryptionException; +import org.onap.aaf.certservice.certification.model.CertificationModel; import org.onap.aaf.certservice.certification.model.CsrModel; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import java.io.IOException; +import java.util.Arrays; +import static org.assertj.core.api.Assertions.assertThat; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertTrue; import static org.mockito.ArgumentMatchers.any; @@ -47,43 +54,75 @@ class CertificationServiceTest { @Mock private CsrModelFactory csrModelFactory; + @Mock + private CertificationModelFactory certificationModelFactory; + @BeforeEach void serUp() { MockitoAnnotations.initMocks(this); - certificationService = new CertificationService(csrModelFactory); + certificationService = new CertificationService(csrModelFactory, certificationModelFactory); } @Test - void shouldReturnDataAboutCsrBaseOnEncodedParameters() throws CsrDecryptionException { + void shouldReturnDataAboutCsrBaseOnEncodedParameters() throws DecryptionException { // given final String testStringCsr = "testData"; + final String testCaName = "TestCa"; CsrModel mockedCsrModel = mock(CsrModel.class); + CertificationModel testCertificationModel = new CertificationModel( + Arrays.asList("ENTITY_CERT", "INTERMEDIATE_CERT"), + Arrays.asList("CA_CERT", "EXTRA_CA_CERT") + ); when(mockedCsrModel.toString()).thenReturn(testStringCsr); when(csrModelFactory.createCsrModel(any(StringBase64.class), any(StringBase64.class))) .thenReturn(mockedCsrModel); + when(certificationModelFactory.createCertificationModel(mockedCsrModel, testCaName)) + .thenReturn(testCertificationModel); // when ResponseEntity<String> testResponse = - certificationService.signCertificate("TestCa", "encryptedCSR", "encryptedPK"); + certificationService.signCertificate(testCaName, "encryptedCSR", "encryptedPK"); + + CertificationModel responseCertificationModel = new Gson().fromJson(testResponse.getBody(), CertificationModel.class); // then assertEquals(HttpStatus.OK, testResponse.getStatusCode()); + assertThat(responseCertificationModel + ).isEqualToComparingFieldByField(testCertificationModel); + + } + + @Test + void shouldReturnBadRequestWhenCreatingCsrModelFails() throws DecryptionException { + // given + when(csrModelFactory.createCsrModel(any(StringBase64.class), any(StringBase64.class))) + .thenThrow(new CsrDecryptionException("CSR creation fail",new IOException())); + + // when + ResponseEntity<String> testResponse = + certificationService.signCertificate("TestCa", "encryptedCSR", "encryptedPK"); + + String expectedMessage = "Wrong certificate signing request (CSR) format"; + + // then + assertEquals(HttpStatus.BAD_REQUEST, testResponse.getStatusCode()); assertTrue( - testResponse.toString().contains(testStringCsr) + testResponse.toString().contains(expectedMessage) ); + } @Test - void shouldReturnBadRequestWhenCreatingCsrModelFails() throws CsrDecryptionException { + void shouldReturnBadRequestWhenCreatingPemModelFails() throws DecryptionException { // given when(csrModelFactory.createCsrModel(any(StringBase64.class), any(StringBase64.class))) - .thenThrow(new CsrDecryptionException("creation fail",new IOException())); + .thenThrow(new PemDecryptionException("PEM creation fail",new IOException())); // when ResponseEntity<String> testResponse = certificationService.signCertificate("TestCa", "encryptedCSR", "encryptedPK"); - String expectedMessage = "Wrong certificate signing request (CSR) format"; + String expectedMessage = "Wrong key (PK) format"; // then assertEquals(HttpStatus.BAD_REQUEST, testResponse.getStatusCode()); diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/CertificationModelFactoryTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/CertificationModelFactoryTest.java new file mode 100644 index 00000000..2953af78 --- /dev/null +++ b/certService/src/test/java/org/onap/aaf/certservice/certification/CertificationModelFactoryTest.java @@ -0,0 +1,63 @@ +/* + * ============LICENSE_START======================================================= + * PROJECT + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.certification; + +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.onap.aaf.certservice.certification.model.CertificationModel; +import org.onap.aaf.certservice.certification.model.CsrModel; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.mockito.Mockito.mock; +import static org.onap.aaf.certservice.certification.CertificationData.CA_CERT; +import static org.onap.aaf.certservice.certification.CertificationData.ENTITY_CERT; +import static org.onap.aaf.certservice.certification.CertificationData.INTERMEDIATE_CERT; +import static org.onap.aaf.certservice.certification.CertificationData.EXTRA_CA_CERT; + + +class CertificationModelFactoryTest { + + + private CertificationModelFactory certificationModelFactory; + + @BeforeEach + void setUp() { + certificationModelFactory = new CertificationModelFactory(); + } + + @Test + void shouldCreateProperCertificationModelWhenGivenProperCsrModelAndCaName() { + // given + final String testCaName = "testCA"; + CsrModel mockedCsrModel = mock(CsrModel.class); + + // when + CertificationModel certificationModel = certificationModelFactory.createCertificationModel(mockedCsrModel ,testCaName); + + //then + assertEquals(2, certificationModel.getCertificateChain().size()); + assertThat(certificationModel.getCertificateChain()).contains(INTERMEDIATE_CERT, ENTITY_CERT); + assertEquals(2, certificationModel.getTrustedCertificates().size()); + assertThat(certificationModel.getTrustedCertificates()).contains(CA_CERT, EXTRA_CA_CERT); + } + +} diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/CsrModelFactoryTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/CsrModelFactoryTest.java index 8b5f5dc5..065c7a0e 100644 --- a/certService/src/test/java/org/onap/aaf/certservice/certification/CsrModelFactoryTest.java +++ b/certService/src/test/java/org/onap/aaf/certservice/certification/CsrModelFactoryTest.java @@ -25,6 +25,7 @@ import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.onap.aaf.certservice.certification.CsrModelFactory.StringBase64; import org.onap.aaf.certservice.certification.exceptions.CsrDecryptionException; +import org.onap.aaf.certservice.certification.exceptions.DecryptionException; import org.onap.aaf.certservice.certification.model.CsrModel; import static org.junit.jupiter.api.Assertions.assertThrows; @@ -44,7 +45,7 @@ class CsrModelFactoryTest { } @Test - void shouldDecryptCsrAndReturnStringWithDataAboutIt() throws CsrDecryptionException { + void shouldDecryptCsrAndReturnStringWithDataAboutIt() throws DecryptionException { // given String encoderCsr = new String(Base64.encode(TEST_CSR.getBytes())); String encoderPK = new String(Base64.encode(TEST_PK.getBytes())); diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/PemObjectFactoryTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/PemObjectFactoryTest.java index 2fa747db..479c375b 100644 --- a/certService/src/test/java/org/onap/aaf/certservice/certification/PemObjectFactoryTest.java +++ b/certService/src/test/java/org/onap/aaf/certservice/certification/PemObjectFactoryTest.java @@ -24,6 +24,7 @@ import org.bouncycastle.util.io.pem.PemObject; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.onap.aaf.certservice.certification.exceptions.CsrDecryptionException; +import org.onap.aaf.certservice.certification.exceptions.PemDecryptionException; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertThrows; @@ -44,7 +45,7 @@ class PemObjectFactoryTest { } @Test - void shouldTransformStringInToPemObjectAndBackToString() throws CsrDecryptionException { + void shouldTransformStringInToPemObjectAndBackToString() throws PemDecryptionException { // when PemObject pemObject = pemObjectFactory.createPemObject(TEST_PEM); String parsedPemObject = pemObjectToString(pemObject); @@ -57,7 +58,7 @@ class PemObjectFactoryTest { void shouldThrowExceptionWhenParsingPemFailed() { // when Exception exception = assertThrows( - CsrDecryptionException.class, () -> pemObjectFactory.createPemObject(TEST_WRONG_PEM) + PemDecryptionException.class, () -> pemObjectFactory.createPemObject(TEST_WRONG_PEM) ); String expectedMessage = "Unable to create PEM"; diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/TestUtils.java b/certService/src/test/java/org/onap/aaf/certservice/certification/TestUtils.java index 156cf8ba..c2824c80 100644 --- a/certService/src/test/java/org/onap/aaf/certservice/certification/TestUtils.java +++ b/certService/src/test/java/org/onap/aaf/certservice/certification/TestUtils.java @@ -22,7 +22,7 @@ package org.onap.aaf.certservice.certification; import org.bouncycastle.util.io.pem.PemObject; import org.bouncycastle.util.io.pem.PemWriter; -import org.onap.aaf.certservice.certification.exceptions.CsrDecryptionException; +import org.onap.aaf.certservice.certification.exceptions.PemDecryptionException; import java.io.IOException; import java.io.StringWriter; @@ -33,7 +33,7 @@ public final class TestUtils { private TestUtils() { } - public static String pemObjectToString(PemObject pemObject) throws CsrDecryptionException { + public static String pemObjectToString(PemObject pemObject) throws PemDecryptionException { try (StringWriter output = new StringWriter()) { PemWriter pemWriter = new PemWriter(output); pemWriter.writeObject(pemObject); @@ -41,7 +41,7 @@ public final class TestUtils { return output.getBuffer().toString(); } catch (IOException e) { - throw new CsrDecryptionException("Writing PAM Object to string failed", e); + throw new PemDecryptionException("Writing PAM Object to string failed", e); } } } diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/model/CsrModelTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/model/CsrModelTest.java index c6ff2a9f..9d748150 100644 --- a/certService/src/test/java/org/onap/aaf/certservice/certification/model/CsrModelTest.java +++ b/certService/src/test/java/org/onap/aaf/certservice/certification/model/CsrModelTest.java @@ -26,6 +26,8 @@ import org.bouncycastle.util.io.pem.PemObject; import org.junit.jupiter.api.Test; import org.onap.aaf.certservice.certification.PemObjectFactory; import org.onap.aaf.certservice.certification.exceptions.CsrDecryptionException; +import org.onap.aaf.certservice.certification.exceptions.DecryptionException; +import org.onap.aaf.certservice.certification.exceptions.PemDecryptionException; import java.io.IOException; @@ -44,7 +46,7 @@ class CsrModelTest { @Test - void shouldByConstructedAndReturnProperFields() throws CsrDecryptionException, IOException { + void shouldByConstructedAndReturnProperFields() throws DecryptionException, IOException { // given PemObject testPublicKey = generateTestPublicKey(); @@ -68,7 +70,7 @@ class CsrModelTest { } @Test - void shouldThrowExceptionWhenKeyIsNotCorrect() throws IOException, CsrDecryptionException { + void shouldThrowExceptionWhenKeyIsNotCorrect() throws PemDecryptionException ,IOException { // given PemObjectFactory pemObjectFactory = new PemObjectFactory(); PKCS10CertificationRequest testCsr = mock(PKCS10CertificationRequest.class); @@ -93,7 +95,7 @@ class CsrModelTest { assertTrue(actualMessage.contains(expectedMessage)); } - private CsrModel generateTestCsrModel() throws CsrDecryptionException, IOException { + private CsrModel generateTestCsrModel() throws PemDecryptionException, IOException { PemObjectFactory pemObjectFactory = new PemObjectFactory(); PKCS10CertificationRequest testCsr = new PKCS10CertificationRequest( pemObjectFactory.createPemObject(TEST_CSR).getContent() @@ -102,7 +104,7 @@ class CsrModelTest { return new CsrModel(testCsr, testPrivateKey); } - private PemObject generateTestPublicKey() throws CsrDecryptionException, IOException { + private PemObject generateTestPublicKey() throws PemDecryptionException, IOException { PemObjectFactory pemObjectFactory = new PemObjectFactory(); PKCS10CertificationRequest testCsr = new PKCS10CertificationRequest( pemObjectFactory.createPemObject(TEST_CSR).getContent() |