summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTomasz Wrobel <tomasz.wrobel@nokia.com>2020-11-18 07:55:55 +0100
committerTomasz Wrobel <tomasz.wrobel@nokia.com>2020-11-20 12:05:42 +0100
commitfd94a0f31c85d941330b43dcb2baa8ad4aa39270 (patch)
treec35b3fddbd5eebb618807f1894a52964fa6dd90d
parent75ee4a9d489b53b2abd6b44b1a1a46635a703d44 (diff)
[OOM CERT-SERVICE-API] Add support for URI, IP, E-mail in SANs
Issue-ID: OOM-2632 Change-Id: I903c31ebe05521e281753cb847001ba99275f758 Signed-off-by: Tomasz Wrobel <tomasz.wrobel@nokia.com>
-rw-r--r--certService/src/main/java/org/onap/oom/certservice/certification/model/CsrModel.java39
-rw-r--r--certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java2
-rw-r--r--certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java17
-rw-r--r--certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CreateCertRequest.java10
-rw-r--r--certService/src/test/java/org/onap/oom/certservice/certification/CsrModelFactoryTest.java32
-rw-r--r--certService/src/test/java/org/onap/oom/certservice/certification/TestData.java123
-rw-r--r--certService/src/test/java/org/onap/oom/certservice/certification/model/CsrModelTest.java69
-rw-r--r--certService/src/test/java/org/onap/oom/certservice/cmpv2client/Cmpv2ClientTest.java3
8 files changed, 145 insertions, 150 deletions
diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/model/CsrModel.java b/certService/src/main/java/org/onap/oom/certservice/certification/model/CsrModel.java
index 7cba1949..2573c978 100644
--- a/certService/src/main/java/org/onap/oom/certservice/certification/model/CsrModel.java
+++ b/certService/src/main/java/org/onap/oom/certservice/certification/model/CsrModel.java
@@ -29,11 +29,8 @@ import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
-import java.util.Collections;
-import java.util.List;
-import java.util.Objects;
-import java.util.stream.Collectors;
+import java.util.stream.Collectors;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
@@ -53,10 +50,10 @@ public class CsrModel {
private final X500Name subjectData;
private final PrivateKey privateKey;
private final PublicKey publicKey;
- private final List<String> sans;
+ private final GeneralName[] sans;
public CsrModel(PKCS10CertificationRequest csr, X500Name subjectData, PrivateKey privateKey, PublicKey publicKey,
- List<String> sans) {
+ GeneralName[] sans) {
this.csr = csr;
this.subjectData = subjectData;
this.privateKey = privateKey;
@@ -80,18 +77,24 @@ public class CsrModel {
return publicKey;
}
- public List<String> getSans() {
+ public GeneralName[] getSans() {
return sans;
}
@Override
public String toString() {
- return "Subject: { " + subjectData + " ,SANs: " + sans + " }";
+ return "CSR: { Subject: { " + subjectData + " }, SANs: [" + getSansInReadableFormat() + "] }";
}
- public static class CsrModelBuilder {
+ private String getSansInReadableFormat() {
+ return Arrays.stream(this.sans)
+ .map(generalName -> generalName.getName().toString())
+ .collect(Collectors.joining(", "));
+ }
+ public static class CsrModelBuilder {
private final PKCS10CertificationRequest csr;
+
private final PemObject privateKey;
public CsrModel build() throws DecryptionException {
@@ -99,7 +102,7 @@ public class CsrModel {
X500Name subjectData = getSubjectData();
PrivateKey javaPrivateKey = convertingPemPrivateKeyToJavaSecurityPrivateKey(getPrivateKey());
PublicKey javaPublicKey = convertingPemPublicKeyToJavaSecurityPublicKey(getPublicKey());
- List<String> sans = getSansData();
+ GeneralName[] sans = getSansData();
return new CsrModel(csr, subjectData, javaPrivateKey, javaPublicKey, sans);
}
@@ -125,15 +128,12 @@ public class CsrModel {
return csr.getSubject();
}
- private List<String> getSansData() {
+ private GeneralName[] getSansData() {
if (!isAttrsEmpty() && !isAttrsValuesEmpty()) {
Extensions extensions = Extensions.getInstance(csr.getAttributes()[0].getAttrValues().getObjectAt(0));
- GeneralName[] arrayOfAlternativeNames =
- GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName).getNames();
- return Arrays.stream(arrayOfAlternativeNames).map(GeneralName::getName).map(Objects::toString)
- .collect(Collectors.toList());
+ return GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName).getNames();
}
- return Collections.emptyList();
+ return new GeneralName[0];
}
private boolean isAttrsValuesEmpty() {
@@ -145,7 +145,7 @@ public class CsrModel {
}
private PrivateKey convertingPemPrivateKeyToJavaSecurityPrivateKey(PemObject privateKey)
- throws KeyDecryptionException {
+ throws KeyDecryptionException {
try {
KeyFactory factory = KeyFactory.getInstance("RSA");
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(privateKey.getContent());
@@ -154,9 +154,8 @@ public class CsrModel {
throw new KeyDecryptionException("Converting Private Key failed", e.getCause());
}
}
-
private PublicKey convertingPemPublicKeyToJavaSecurityPublicKey(PemObject publicKey)
- throws KeyDecryptionException {
+ throws KeyDecryptionException {
try {
KeyFactory factory = KeyFactory.getInstance("RSA");
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(publicKey.getContent());
@@ -165,6 +164,6 @@ public class CsrModel {
throw new KeyDecryptionException("Converting Public Key from CSR failed", e.getCause());
}
}
- }
+ }
}
diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java
index f5eddb58..6ff274c5 100644
--- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java
+++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java
@@ -86,7 +86,7 @@ public class CmpClientImpl implements CmpClient {
CmpMessageBuilder.of(CreateCertRequest::new)
.with(CreateCertRequest::setIssuerDn, server.getIssuerDN())
.with(CreateCertRequest::setSubjectDn, csrModel.getSubjectData())
- .with(CreateCertRequest::setSansList, csrModel.getSans())
+ .with(CreateCertRequest::setSansArray, csrModel.getSans())
.with(CreateCertRequest::setSubjectKeyPair, keyPair)
.with(CreateCertRequest::setNotBefore, notBefore)
.with(CreateCertRequest::setNotAfter, notAfter)
diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java
index 844f85be..5c61aa9f 100644
--- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java
+++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java
@@ -31,9 +31,7 @@ import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Signature;
import java.security.SignatureException;
-import java.util.ArrayList;
import java.util.Date;
-import java.util.List;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
@@ -109,11 +107,10 @@ public final class CmpMessageHelper {
*
* @return {@link Extensions}.
*/
- public static Extensions generateExtension(final List<String> sansList)
+ public static Extensions generateExtension(final GeneralName[] sansArray)
throws CmpClientException {
LOG.info("Generating Extensions from Subject Alternative Names");
final ExtensionsGenerator extGenerator = new ExtensionsGenerator();
- final GeneralName[] sansGeneralNames = getGeneralNames(sansList);
// KeyUsage
try {
final KeyUsage keyUsage =
@@ -121,7 +118,7 @@ public final class CmpMessageHelper {
KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.nonRepudiation);
extGenerator.addExtension(Extension.keyUsage, false, new DERBitString(keyUsage));
extGenerator.addExtension(
- Extension.subjectAlternativeName, false, new GeneralNames(sansGeneralNames));
+ Extension.subjectAlternativeName, false, new GeneralNames(sansArray));
} catch (IOException ioe) {
CmpClientException cmpClientException =
new CmpClientException(
@@ -132,16 +129,6 @@ public final class CmpMessageHelper {
return extGenerator.generate();
}
- public static GeneralName[] getGeneralNames(List<String> sansList) {
- final List<GeneralName> nameList = new ArrayList<>();
- for (String san : sansList) {
- nameList.add(new GeneralName(GeneralName.dNSName, san));
- }
- final GeneralName[] sansGeneralNames = new GeneralName[nameList.size()];
- nameList.toArray(sansGeneralNames);
- return sansGeneralNames;
- }
-
/**
* Method generates Proof-of-Possession (POP) of Private Key. To allow a CA/RA to properly
* validity binding between an End Entity and a Key Pair, the PKI Operations specified here make
diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CreateCertRequest.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CreateCertRequest.java
index a0ba13d6..8d82b85b 100644
--- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CreateCertRequest.java
+++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CreateCertRequest.java
@@ -26,7 +26,6 @@ import static org.onap.oom.certservice.cmpv2client.impl.CmpUtil.generatePkiHeade
import java.security.KeyPair;
import java.util.Date;
-import java.util.List;
import org.bouncycastle.asn1.cmp.PKIBody;
import org.bouncycastle.asn1.cmp.PKIHeader;
@@ -37,6 +36,7 @@ import org.bouncycastle.asn1.crmf.CertRequest;
import org.bouncycastle.asn1.crmf.CertTemplateBuilder;
import org.bouncycastle.asn1.crmf.ProofOfPossession;
import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.onap.oom.certservice.cmpv2client.exceptions.CmpClientException;
@@ -48,7 +48,7 @@ class CreateCertRequest {
private X500Name issuerDn;
private X500Name subjectDn;
- private List<String> sansList;
+ private GeneralName[] sansArray;
private KeyPair subjectKeyPair;
private Date notBefore;
private Date notAfter;
@@ -67,8 +67,8 @@ class CreateCertRequest {
this.subjectDn = subjectDn;
}
- public void setSansList(List<String> sansList) {
- this.sansList = sansList;
+ public void setSansArray(GeneralName[] sansArray) {
+ this.sansArray = sansArray;
}
public void setSubjectKeyPair(KeyPair subjectKeyPair) {
@@ -102,7 +102,7 @@ class CreateCertRequest {
new CertTemplateBuilder()
.setIssuer(issuerDn)
.setSubject(subjectDn)
- .setExtensions(CmpMessageHelper.generateExtension(sansList))
+ .setExtensions(CmpMessageHelper.generateExtension(sansArray))
.setValidity(CmpMessageHelper.generateOptionalValidity(notBefore, notAfter))
.setPublicKey(
SubjectPublicKeyInfo.getInstance(subjectKeyPair.getPublic().getEncoded()));
diff --git a/certService/src/test/java/org/onap/oom/certservice/certification/CsrModelFactoryTest.java b/certService/src/test/java/org/onap/oom/certservice/certification/CsrModelFactoryTest.java
index 75a6e81c..88cc6fb8 100644
--- a/certService/src/test/java/org/onap/oom/certservice/certification/CsrModelFactoryTest.java
+++ b/certService/src/test/java/org/onap/oom/certservice/certification/CsrModelFactoryTest.java
@@ -54,18 +54,12 @@ class CsrModelFactoryTest {
// when
CsrModel decryptedCsr = csrModelFactory
- .createCsrModel(new StringBase64(encoderCsr), new StringBase64(encoderPK));
+ .createCsrModel(new StringBase64(encoderCsr), new StringBase64(encoderPK));
- // then
- assertTrue(
- decryptedCsr.toString()
- .contains(
- "C=US,ST=California,L=San-Francisco,O=Linux-Foundation,"
- + "OU=ONAP,CN=onap.org,E=tester@onap.org")
- &&
- decryptedCsr.toString()
- .contains("SANs: [gerrit.onap.org, test.onap.org, onap.com]")
- );
+ assertTrue(decryptedCsr.toString()
+ .contains(TestData.EXPECTED_CERT_SUBJECT));
+ assertTrue(decryptedCsr.toString()
+ .contains(TestData.EXPECTED_CERT_SANS));
}
@Test
@@ -76,8 +70,8 @@ class CsrModelFactoryTest {
// when
Exception exception = assertThrows(
- CsrDecryptionException.class, () -> csrModelFactory
- .createCsrModel(new StringBase64(wrongCsr), new StringBase64(encoderPK))
+ CsrDecryptionException.class, () -> csrModelFactory
+ .createCsrModel(new StringBase64(wrongCsr), new StringBase64(encoderPK))
);
String expectedMessage = "Incorrect CSR, decryption failed";
@@ -95,8 +89,8 @@ class CsrModelFactoryTest {
// when
Exception exception = assertThrows(
- KeyDecryptionException.class, () -> csrModelFactory
- .createCsrModel(new StringBase64(wrongCsr), new StringBase64(encoderPK))
+ KeyDecryptionException.class, () -> csrModelFactory
+ .createCsrModel(new StringBase64(wrongCsr), new StringBase64(encoderPK))
);
String expectedMessage = "Incorrect Key, decryption failed";
@@ -115,8 +109,8 @@ class CsrModelFactoryTest {
// when
Exception exception = assertThrows(
- CsrDecryptionException.class, () -> csrModelFactory
- .createCsrModel(new StringBase64(wrongCsr), new StringBase64(encoderPK))
+ CsrDecryptionException.class, () -> csrModelFactory
+ .createCsrModel(new StringBase64(wrongCsr), new StringBase64(encoderPK))
);
String expectedMessage = "Incorrect CSR, decryption failed";
@@ -134,8 +128,8 @@ class CsrModelFactoryTest {
// when
Exception exception = assertThrows(
- KeyDecryptionException.class, () -> csrModelFactory
- .createCsrModel(new StringBase64(wrongCsr), new StringBase64(encoderPK))
+ KeyDecryptionException.class, () -> csrModelFactory
+ .createCsrModel(new StringBase64(wrongCsr), new StringBase64(encoderPK))
);
String expectedMessage = "Incorrect Key, decryption failed";
diff --git a/certService/src/test/java/org/onap/oom/certservice/certification/TestData.java b/certService/src/test/java/org/onap/oom/certservice/certification/TestData.java
index 81c16128..1c883f8e 100644
--- a/certService/src/test/java/org/onap/oom/certservice/certification/TestData.java
+++ b/certService/src/test/java/org/onap/oom/certservice/certification/TestData.java
@@ -25,71 +25,78 @@ public final class TestData {
private TestData() {
}
- public static final String TEST_CSR = ""
- + "-----BEGIN CERTIFICATE REQUEST-----\n"
- + "MIIDIzCCAgsCAQAwgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh\n"
- + "MRYwFAYDVQQHDA1TYW4tRnJhbmNpc2NvMRkwFwYDVQQKDBBMaW51eC1Gb3VuZGF0\n"
- + "aW9uMQ0wCwYDVQQLDARPTkFQMREwDwYDVQQDDAhvbmFwLm9yZzEeMBwGCSqGSIb3\n"
- + "DQEJARYPdGVzdGVyQG9uYXAub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n"
- + "CgKCAQEA13K1LrQ1L6eL7B8K4kucNct0sSjZe7Ww91V40s6mjcWajeFJk+pObZKz\n"
- + "BfnImkVJwxdNMDD6tX16wykbGfQPyh4BBiAjLVk9XSeoPHFRBQ4LKTuyPtXhEXyr\n"
- + "qwatYXGWZE554qq64pbReddOUJHgMc38SrOk/eMAKxB0uRrXpA0mPH7zwIZ4X8g2\n"
- + "PoxJKI1BSYc8kOvvujsGSMw3e5nS8A+doFUwVi3jJMnaVCoZrvJbtREfXHZqBLQ5\n"
- + "XQ8mNpIFfmGYF/tvW/O6LBdlZkuAQ9i4FBgf5+HdIVZOXrn09ksIZxW6vxIvAVi0\n"
- + "5AOSgXictyphcNP2i/erBeCQCVB7MwIDAQABoEYwRAYJKoZIhvcNAQkOMTcwNTAz\n"
- + "BgNVHREELDAqgg9nZXJyaXQub25hcC5vcmeCDXRlc3Qub25hcC5vcmeCCG9uYXAu\n"
- + "Y29tMA0GCSqGSIb3DQEBCwUAA4IBAQBXH2nRwodQRJTuyrLe/VSg3PUdcPyAx2Ew\n"
- + "63tWiGO+qWo8rK2a9Rr/t/zkQe2lx6NHqcMc2Rt6NeKGbrAvHGxTiYM35gktBdxG\n"
- + "UaQS1ymrBWHAwbC+kv78r+5lCfafNm/EVdhUZbEw+crsw2wx4iKEW0byS4Ln0o5g\n"
- + "aXVUW3i4G5FaYiYBUIDsujDdnH1IoxunEA6pDzDv1h6R9/TYu6Se8HToREIjOPBZ\n"
- + "pDI5lDRu0YmI8r+TmAU3tTT1sY2WVxYDnhJut9ofegfMPQV4FIohxtPcCfoLSWti\n"
- + "ml6jbcFqDvlzq3B3CXH9HU3jdJt33iSjCQGsSqy6bmCOdMS6XTPU\n"
- + "-----END CERTIFICATE REQUEST-----\n";
+ public static final String LOCALHOST_IP_IN_HEX = "#7f000001"; //127.0.0.1
+
+ public static final String EXPECTED_CERT_SUBJECT = "C=US,ST=California,L=San-Francisco,O=Linux-Foundation,OU=ONAP,CN=onap.org";
+ public static final String EXPECTED_CERT_SANS =
+ "SANs: [localhost, onap.org, test.onap.org, onap@onap.org, " + LOCALHOST_IP_IN_HEX + ", onap://cluster.local/]";
+
+
+ public static final String TEST_CSR = "-----BEGIN CERTIFICATE REQUEST-----\n"
+ + "MIIDNTCCAh0CAQAwdzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEx\n"
+ + "FjAUBgNVBAcTDVNhbi1GcmFuY2lzY28xGTAXBgNVBAoTEExpbnV4LUZvdW5kYXRp\n"
+ + "b24xDTALBgNVBAsTBE9OQVAxETAPBgNVBAMTCG9uYXAub3JnMIIBIjANBgkqhkiG\n"
+ + "9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxRYVFOosyABMq+yANz9phmYyfmHbw9F9r3Ca\n"
+ + "v1oZ2xw1LbF2HGBq8F45nXfMjX2H+Lxk8m/XmIDb+9lzINU6J6xmDrKZiiif5ORa\n"
+ + "oRENfQZNWkAWPguWyKGtHk6ueeSjS8D0SWwloc1g0hB3GREffocuJ24K+t2nXglf\n"
+ + "7XVgmHxjiE8k+pD3SUo5rA7Fx1TmLguEA8aCRGaYg/aofCNe9hDm34iqUzm5tPPQ\n"
+ + "OgR3Lpqx2JW0iJYbQXmX3cG/RE0qFl+rgrNhCd8ptX7IUiWtQmttssR3bE8JVgaf\n"
+ + "x9EU9GZ5dZXifSFJzs42UY7X6DPiQDFerfWRNc3dRTYBlkbTiwIDAQABoHkwdwYJ\n"
+ + "KoZIhvcNAQkOMWowaDBZBgNVHREEUjBQgglsb2NhbGhvc3SCCG9uYXAub3Jngg10\n"
+ + "ZXN0Lm9uYXAub3JngQ1vbmFwQG9uYXAub3JnhwR/AAABhhVvbmFwOi8vY2x1c3Rl\n"
+ + "ci5sb2NhbC8wCwYDVR0PBAQDAgWgMA0GCSqGSIb3DQEBCwUAA4IBAQAk9lRwbWyL\n"
+ + "VRWSM5cBiRK2nCKhfur20khHFQgYcPAD8BRXEk5/F0KBSBMNGMrBgOYqq3IYsoMc\n"
+ + "mvs9KKVqIV3+lBej2QTF3cxdHYPTrCvvkoheMYt5qqjkrQRbiydzj7/wvflmBXs1\n"
+ + "7TViU+TqoJ8q5DWTEvv0X5t/WF6sSIxFHHKD7otDXPW5CAeqXO5A99bTrSiXmVAH\n"
+ + "72/n/JFHueURv+NbpHyBNXweezNnB5BDrrqduabkhn31ThA0wzePDNR02aXwxxHn\n"
+ + "77sSa3iuAN3IaVWYfxCOX4fEw8F+wMAAMTiWItM8Lc9DT5rsYeRHAZmOMVEnowc2\n"
+ + "3eKLFeWDIi2Z\n"
+ + "-----END CERTIFICATE REQUEST-----\n";
public static final String TEST_WRONG_CSR = ""
- + "-----BEGIN CERTIFICATE REQUEST-----\n"
- + "MIIDIzCCAgsCAQAwgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh\n"
- + "MRYwFAYDVQQHDA1TYW4tRnJhbmNpc2NvMRkwFwYDVQQKDBBMaW51eC1Gb3VuZGF0\n"
- + "aW9uMQ0wCwYDVQQLDARPTkFQMREwDwYDVQQDDAhvbmFwLm9yZzEeMBwGCSqGSIb3\n"
- + "-----END CERTIFICATE REQUEST-----\n";
+ + "-----BEGIN CERTIFICATE REQUEST-----\n"
+ + "MIIDIzCCAgsCAQAwgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh\n"
+ + "MRYwFAYDVQQHDA1TYW4tRnJhbmNpc2NvMRkwFwYDVQQKDBBMaW51eC1Gb3VuZGF0\n"
+ + "aW9uMQ0wCwYDVQQLDARPTkFQMREwDwYDVQQDDAhvbmFwLm9yZzEeMBwGCSqGSIb3\n"
+ + "-----END CERTIFICATE REQUEST-----\n";
public static final String TEST_PK = "-----BEGIN PRIVATE KEY-----\n"
- + "MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDXcrUutDUvp4vs\n"
- + "HwriS5w1y3SxKNl7tbD3VXjSzqaNxZqN4UmT6k5tkrMF+ciaRUnDF00wMPq1fXrD\n"
- + "KRsZ9A/KHgEGICMtWT1dJ6g8cVEFDgspO7I+1eERfKurBq1hcZZkTnniqrriltF5\n"
- + "105QkeAxzfxKs6T94wArEHS5GtekDSY8fvPAhnhfyDY+jEkojUFJhzyQ6++6OwZI\n"
- + "zDd7mdLwD52gVTBWLeMkydpUKhmu8lu1ER9cdmoEtDldDyY2kgV+YZgX+29b87os\n"
- + "F2VmS4BD2LgUGB/n4d0hVk5eufT2SwhnFbq/Ei8BWLTkA5KBeJy3KmFw0/aL96sF\n"
- + "4JAJUHszAgMBAAECggEAJ1StdsU3IGf5xzUzi3Q6JCfsOZs3eLoGgGB+Gh3XkfIM\n"
- + "8PG7uOEBSEeLnv+me2NCv/a1BKMsYY1yp8YNSIOhjkhD75ZWVaUA6syejcox/DZA\n"
- + "G1rmg0oQOF0GCcbCSBOwXMdmwNZiH5Ng0llX1qWKxAzSjeCVsjOKiFIMvO4Fh9D4\n"
- + "9Io6/dRRNCxB6MEs1GT5IDfCV2PGDIalJ3znFqDnfdu9RDEDfNVHSUr6Jdu3Hrf5\n"
- + "3qCcSEkMGuXYLotCNtTP1x0H0wW5gVpcbQEb29qdmHL1qkp3UiA3afsHnO/3k0gv\n"
- + "gV5FxaldugyZAjqUGERdKaY6BMDJkDuu0qD0tPQK4QKBgQDuP5X5BcQ4iHNej+il\n"
- + "xxT8QaEcZj0YEzcXzfm3ztZP7g+Jc1MbQXh6BuHLkXG5LeCwdnmk+LUD0MLoUSm3\n"
- + "N2ZdtVuOHX7VEBrhrTwK/kMDpC7ganQzfvgOr9WQGmgGMRiUYAyK1J/x78yX967Z\n"
- + "IAzdVZ/JSDdsyA983JckLL7CPQKBgQDngDkEJKYGfDt2mfItD8c8nhczGbDdoyYh\n"
- + "s93ppTtgzFoNgFL4y/DOvisWMGgoeeYXSgH5uoPv6yY7IIkQzYySY6qQ3gmk1/X+\n"
- + "bO+IsKVtlHBzqqojFteg3MfVojisMoAx6y5aBw1BXE2nAU8yWBTtuk+3KgGn9Oxk\n"
- + "+Z4rdP06LwKBgA4b09zIW6NhaTubWBKhJHv/wvO0lj+bu7J8LyKUbBqVpXPlUXGW\n"
- + "wfSv/aUZetuVfO3WRkPfupB8R16Ml+TSsgwwljhnRMCHUKA2qwyXnA5WJbSCeVkn\n"
- + "Vrc/8Gy1M53SQHtg6L079DDWm44QS9ltzXU6Adlgnm+htVEWmxi4UZ+dAoGAfr6z\n"
- + "+LG7+GcCA2AruEIgOe7wErkpHV+am+8nOymMxeV8FFJCmxbFQ9vYKTDdhfOfZvbM\n"
- + "+BYG8E8VQmAAyyNOqENK+j+mlgrrEp4/0t2r5L/VhW5V8hoqelcGTc+gKZ8IkswJ\n"
- + "N58Owc8wcJQF8TFKXBGaXVTxTSyKVIpZ778AeV8CgYAAvuicDkdwWv5EhDFf3aTI\n"
- + "wfRFYflA6oiygnI63HzVyY4a+SyZs+nQpB5HBDo+Lyz8RaVRC5E7jQ8kiXJpxAu7\n"
- + "1wnspz+pa3q61yR32N+zGuub71FXdLWSOlys6rzJqvqYihKxY22C2TyDyBCR2tMj\n"
- + "mdnshXNAJfKkfghkJhFHrg==\n"
- + "-----END PRIVATE KEY-----";
+ + "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDFFhUU6izIAEyr\n"
+ + "7IA3P2mGZjJ+YdvD0X2vcJq/WhnbHDUtsXYcYGrwXjmdd8yNfYf4vGTyb9eYgNv7\n"
+ + "2XMg1TonrGYOspmKKJ/k5FqhEQ19Bk1aQBY+C5bIoa0eTq555KNLwPRJbCWhzWDS\n"
+ + "EHcZER9+hy4nbgr63adeCV/tdWCYfGOITyT6kPdJSjmsDsXHVOYuC4QDxoJEZpiD\n"
+ + "9qh8I172EObfiKpTObm089A6BHcumrHYlbSIlhtBeZfdwb9ETSoWX6uCs2EJ3ym1\n"
+ + "fshSJa1Ca22yxHdsTwlWBp/H0RT0Znl1leJ9IUnOzjZRjtfoM+JAMV6t9ZE1zd1F\n"
+ + "NgGWRtOLAgMBAAECggEABG7Etp21uCHZl5xQHe39L5qo1BLbYIIbs5Byyo76OeVe\n"
+ + "hNKS93xrq1BTN2l0XlJOdpe2JYXCcZmkWPvBDSH+ltnXycjWjzbusbU5HJpHlWJI\n"
+ + "5xi951NXZtfMDvxyDCfKTG/gjq4yAnueC9t28kdiT/Q2Y4ikEpRdqU3IrIyRSZyo\n"
+ + "duBWfr3ADU5xxnWcTt61vpAQsYh4XiwosyBhXTwsMnWgRkOr6e4Vu2J+wL6vUid7\n"
+ + "7VOr8PtOu73CjYA7zIy0XSOrRq5Q3H7eGgyln0AQtaO0qO2COJHa6cv3yIgesSUL\n"
+ + "8ltiWAGiZZ6qZ72B3tDnKmoEkuvE1/KpeitewGcKkQKBgQDxqHR9IJBOBRjjmyKi\n"
+ + "ra54mJjKwHQ5dxJQpVFLEIRL2H3ujjRNH3ggLAOiH02TqZGS3fnTsTsApnkpy5J/\n"
+ + "qtysjV0SFxP0gprQQ1wM64NWTaeDAt9lXII918YrALAAR86ikrTxOyoS1kqOSEmX\n"
+ + "QZu3VrgkAvs+V5ckvEXjZWxO1wKBgQDQyHErT7aJeUBukj6skahnzhmVNTmjsn3P\n"
+ + "zyy/cOmBz8wn7JsxgTdpWETpHOVsO0G5wg9Ts7V3Krh6AmrEf/6/NlWLdygDfIvM\n"
+ + "9Jxc8D2dLEUUm18jw15tEsQtItj3Rt0e5GJiQO1rNBMb+2Q8FDlX1tu0xgMMZ4En\n"
+ + "izjnAEKObQKBgHnWZrTXgCn14/CNPM8sJfTjatV+Zpq6b999GhlwgGMFCakGxVPE\n"
+ + "8/m0dzh7887pBV440EZs6sSPKjNqUbhQWuYcd7oxLHxwhMFP1M8mxpbym+wvvJYM\n"
+ + "KBYp/d2cgSADFClfMh8Vp0bMB9bol0HNcEblT/3ICwgJfUimK85USmENAoGBAMnl\n"
+ + "O0LF19/C6CLEu2THihGvxR97k9yPy4f8cOpD9xq35lWpQT4zFXGCkUjXz6fE+b73\n"
+ + "QTkQ7GdrYW9jDPouSBuCIGE4ffI5KzusQ9S/4OUvnTHbObpsv9A8OIbpTuR4m3W3\n"
+ + "JsiavrxPZDdH99r9N6KQvG9omCQTp1qlEAaaQsJVAoGBAO4ccgmzbku62OKLIAqy\n"
+ + "JN4Z8i9PaCEPgqfs0THMIKuj1l8FO723zTZMwsBWgZ4Gd32EbYW9tbwvLblGdd6H\n"
+ + "xAXLfLjRWefKm6i2iIdkeNMJmTTCYjHFyoTe84Miq9d3cEnW7s055Pm1uxRPXYk+\n"
+ + "GFRpHltg2qX2u6M8ryskAMah\n"
+ + "-----END PRIVATE KEY-----\n";
public static final String TEST_PEM = ""
- + "-----BEGIN CERTIFICATE REQUEST-----\n"
- + "MIIDIzCCAgsCAQAwgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh\n"
- + "-----END CERTIFICATE REQUEST-----\n";
+ + "-----BEGIN CERTIFICATE REQUEST-----\n"
+ + "MIIDIzCCAgsCAQAwgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh\n"
+ + "-----END CERTIFICATE REQUEST-----\n";
public static final String TEST_WRONG_PEM = ""
- + "-----BEGIN WRONG REQUEST-----"
- + "MIIDIzCCAgsCAQAwgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh"
- + "-----END WRONG REQUEST-----";
+ + "-----BEGIN WRONG REQUEST-----"
+ + "MIIDIzCCAgsCAQAwgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh"
+ + "-----END WRONG REQUEST-----";
}
diff --git a/certService/src/test/java/org/onap/oom/certservice/certification/model/CsrModelTest.java b/certService/src/test/java/org/onap/oom/certservice/certification/model/CsrModelTest.java
index 7981b271..84c1cca0 100644
--- a/certService/src/test/java/org/onap/oom/certservice/certification/model/CsrModelTest.java
+++ b/certService/src/test/java/org/onap/oom/certservice/certification/model/CsrModelTest.java
@@ -20,12 +20,16 @@
package org.onap.oom.certservice.certification.model;
+import java.util.Arrays;
+import java.util.List;
+import java.util.stream.Collectors;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.util.io.pem.PemObject;
import org.junit.jupiter.api.Test;
import org.onap.oom.certservice.certification.Pkcs10CertificationRequestFactory;
import org.onap.oom.certservice.certification.PemObjectFactory;
+import org.onap.oom.certservice.certification.TestData;
import org.onap.oom.certservice.certification.exception.CsrDecryptionException;
import org.onap.oom.certservice.certification.exception.DecryptionException;
import org.onap.oom.certservice.certification.exception.KeyDecryptionException;
@@ -37,6 +41,7 @@ import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
+import static org.onap.oom.certservice.certification.TestData.LOCALHOST_IP_IN_HEX;
import static org.onap.oom.certservice.certification.TestData.TEST_CSR;
import static org.onap.oom.certservice.certification.TestData.TEST_PEM;
import static org.onap.oom.certservice.certification.TestData.TEST_PK;
@@ -45,9 +50,9 @@ import static org.onap.oom.certservice.certification.TestData.TEST_PK;
class CsrModelTest {
private final Pkcs10CertificationRequestFactory certificationRequestFactory
- = new Pkcs10CertificationRequestFactory();
+ = new Pkcs10CertificationRequestFactory();
private final PemObjectFactory pemObjectFactory
- = new PemObjectFactory();
+ = new PemObjectFactory();
@Test
void shouldByConstructedAndReturnProperFields() throws DecryptionException, IOException {
@@ -58,20 +63,22 @@ class CsrModelTest {
// When
CsrModel csrModel = generateTestCsrModel(testCsr);
-
+ List<String> sansList = Arrays.stream(csrModel.getSans())
+ .map(generalName -> generalName.getName().toString())
+ .collect(Collectors.toList());
// Then
assertThat(csrModel.getCsr())
- .isEqualTo(testCsr);
+ .isEqualTo(testCsr);
assertThat(csrModel.getPrivateKey().getEncoded())
- .contains(testPrivateKey.getContent());
+ .contains(testPrivateKey.getContent());
assertThat(csrModel.getPublicKey().getEncoded())
- .contains(testPublicKey.getContent());
- assertThat(csrModel.getSans())
- .contains(
- "gerrit.onap.org", "test.onap.org", "onap.com");
+ .contains(testPublicKey.getContent());
+ assertThat(sansList)
+ .contains("localhost", "onap.org", "test.onap.org", "onap@onap.org", LOCALHOST_IP_IN_HEX,
+ "onap://cluster.local/");
+
assertThat(csrModel.getSubjectData().toString())
- .contains(
- "C=US,ST=California,L=San-Francisco,O=Linux-Foundation,OU=ONAP,CN=onap.org,E=tester@onap.org");
+ .contains(TestData.EXPECTED_CERT_SUBJECT);
}
@Test
@@ -81,14 +88,14 @@ class CsrModelTest {
PKCS10CertificationRequest testCsr = mock(PKCS10CertificationRequest.class);
SubjectPublicKeyInfo wrongKryInfo = mock(SubjectPublicKeyInfo.class);
when(testCsr.getSubjectPublicKeyInfo())
- .thenReturn(wrongKryInfo);
+ .thenReturn(wrongKryInfo);
when(wrongKryInfo.getEncoded())
- .thenThrow(new IOException());
+ .thenThrow(new IOException());
// When
Exception exception = assertThrows(
- CsrDecryptionException.class,
- () -> new CsrModel.CsrModelBuilder(testCsr, testPrivateKey).build()
+ CsrDecryptionException.class,
+ () -> new CsrModel.CsrModelBuilder(testCsr, testPrivateKey).build()
);
String expectedMessage = "Reading Public Key from CSR failed";
@@ -105,14 +112,14 @@ class CsrModelTest {
PKCS10CertificationRequest testCsr = mock(PKCS10CertificationRequest.class);
SubjectPublicKeyInfo wrongKryInfo = mock(SubjectPublicKeyInfo.class);
when(testCsr.getSubjectPublicKeyInfo())
- .thenReturn(wrongKryInfo);
+ .thenReturn(wrongKryInfo);
when(wrongKryInfo.getEncoded())
- .thenThrow(new IOException());
+ .thenThrow(new IOException());
// When
Exception exception = assertThrows(
- KeyDecryptionException.class,
- () -> new CsrModel.CsrModelBuilder(testCsr, testPrivateKey).build()
+ KeyDecryptionException.class,
+ () -> new CsrModel.CsrModelBuilder(testCsr, testPrivateKey).build()
);
String expectedMessage = "Converting Private Key failed";
@@ -130,14 +137,14 @@ class CsrModelTest {
PKCS10CertificationRequest testCsr = mock(PKCS10CertificationRequest.class);
SubjectPublicKeyInfo wrongKryInfo = mock(SubjectPublicKeyInfo.class);
when(testCsr.getSubjectPublicKeyInfo())
- .thenReturn(wrongKryInfo);
+ .thenReturn(wrongKryInfo);
when(wrongKryInfo.getEncoded())
- .thenReturn(testPublicKey.getContent());
+ .thenReturn(testPublicKey.getContent());
// When
Exception exception = assertThrows(
- KeyDecryptionException.class,
- () -> new CsrModel.CsrModelBuilder(testCsr, testPrivateKey).build()
+ KeyDecryptionException.class,
+ () -> new CsrModel.CsrModelBuilder(testCsr, testPrivateKey).build()
);
String expectedMessage = "Converting Public Key from CSR failed";
@@ -150,20 +157,20 @@ class CsrModelTest {
private PemObject getPemPrivateKey() throws KeyDecryptionException {
PemObjectFactory pemObjectFactory = new PemObjectFactory();
return pemObjectFactory.createPemObject(TEST_PK).orElseThrow(
- () -> new KeyDecryptionException("Private key decoding fail")
+ () -> new KeyDecryptionException("Private key decoding fail")
);
}
private PemObject getPemWrongKey() throws KeyDecryptionException {
PemObjectFactory pemObjectFactory = new PemObjectFactory();
return pemObjectFactory.createPemObject(TEST_PEM).orElseThrow(
- () -> new KeyDecryptionException("Private key decoding fail")
+ () -> new KeyDecryptionException("Private key decoding fail")
);
}
private CsrModel generateTestCsrModel(PKCS10CertificationRequest testCsr) throws DecryptionException {
PemObject testPrivateKey = pemObjectFactory.createPemObject(TEST_PK).orElseThrow(
- () -> new DecryptionException("Incorrect Private Key, decryption failed")
+ () -> new DecryptionException("Incorrect Private Key, decryption failed")
);
return new CsrModel.CsrModelBuilder(testCsr, testPrivateKey).build();
}
@@ -175,11 +182,11 @@ class CsrModelTest {
private PKCS10CertificationRequest generateTestCertificationRequest() throws DecryptionException {
return pemObjectFactory.createPemObject(TEST_CSR)
- .flatMap(
- certificationRequestFactory::createPkcs10CertificationRequest
- ).orElseThrow(
- () -> new DecryptionException("Incorrect CSR, decryption failed")
- );
+ .flatMap(
+ certificationRequestFactory::createPkcs10CertificationRequest
+ ).orElseThrow(
+ () -> new DecryptionException("Incorrect CSR, decryption failed")
+ );
}
}
diff --git a/certService/src/test/java/org/onap/oom/certservice/cmpv2client/Cmpv2ClientTest.java b/certService/src/test/java/org/onap/oom/certservice/cmpv2client/Cmpv2ClientTest.java
index 984e8c77..b09025b2 100644
--- a/certService/src/test/java/org/onap/oom/certservice/cmpv2client/Cmpv2ClientTest.java
+++ b/certService/src/test/java/org/onap/oom/certservice/cmpv2client/Cmpv2ClientTest.java
@@ -52,6 +52,7 @@ import org.apache.http.impl.client.CloseableHttpClient;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
+import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
@@ -273,7 +274,7 @@ class Cmpv2ClientTest {
}
private void setCsrModelAndServerValues(String iak, String rv, String externalCaUrl, Date notBefore, Date notAfter) {
- csrModel = new CsrModel(null, dn, keyPair.getPrivate(), keyPair.getPublic(), Collections.emptyList());
+ csrModel = new CsrModel(null, dn, keyPair.getPrivate(), keyPair.getPublic(), new GeneralName[0]);
Authentication authentication = new Authentication();
authentication.setIak(iak);