Merge "[OOM-CERT-SERVICE] Align implementation with RFC4210"2.3.2

13 files changed, 32 insertions, 24 deletions

diff --git a/certService/pom.xml b/certService/pom.xml
index e6a8672e..fa5ca41f 100644
--- a/certService/pom.xml
+++ b/certService/pom.xml
@@ -18,10 +18,10 @@
     <parent>
         <groupId>org.onap.oom.platform.cert-service</groupId>
         <artifactId>oom-certservice</artifactId>
-        <version>2.3.1-SNAPSHOT</version>
+        <version>2.3.2-SNAPSHOT</version>
     </parent>
     <artifactId>oom-certservice-api</artifactId>
-    <version>2.3.1-SNAPSHOT</version>
+    <version>2.3.2-SNAPSHOT</version>
     <name>oom-certservice-api</name>
     <description>OOM Certification Service Api</description>
     <packaging>jar</packaging>
diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java
index 5c61aa9f..2a77873e 100644
--- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java
+++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java
@@ -72,7 +72,7 @@ public final class CmpMessageHelper {
     private static final AlgorithmIdentifier OWF_ALGORITHM =
             new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.3.14.3.2.26"));
     private static final AlgorithmIdentifier MAC_ALGORITHM =
-            new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.2.840.113549.2.9"));
+            new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.3.6.1.5.5.8.1.2"));
     private static final ASN1ObjectIdentifier PASSWORD_BASED_MAC =
             new ASN1ObjectIdentifier("1.2.840.113533.7.66.13");
 
diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CreateCertRequest.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CreateCertRequest.java
index 8d82b85b..d277a204 100644
--- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CreateCertRequest.java
+++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CreateCertRequest.java
@@ -27,6 +27,7 @@ import static org.onap.oom.certservice.cmpv2client.impl.CmpUtil.generatePkiHeade
 import java.security.KeyPair;
 import java.util.Date;
 
+import org.bouncycastle.asn1.ASN1Integer;
 import org.bouncycastle.asn1.cmp.PKIBody;
 import org.bouncycastle.asn1.cmp.PKIHeader;
 import org.bouncycastle.asn1.cmp.PKIMessage;
@@ -36,8 +37,10 @@ import org.bouncycastle.asn1.crmf.CertRequest;
 import org.bouncycastle.asn1.crmf.CertTemplateBuilder;
 import org.bouncycastle.asn1.crmf.ProofOfPossession;
 import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.asn1.x509.GeneralName;
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
 import org.onap.oom.certservice.cmpv2client.exceptions.CmpClientException;
 
 /**
@@ -55,9 +58,11 @@ class CreateCertRequest {
     private String initAuthPassword;
     private String senderKid;
 
-    private static final int ITERATIONS = createRandomInt(5000);
+    private static final int ITERATIONS = createRandomInt(1000);
     private static final byte[] SALT = createRandomBytes();
     private final int certReqId = createRandomInt(Integer.MAX_VALUE);
+    private final AlgorithmIdentifier signingAlgorithm = new DefaultSignatureAlgorithmIdentifierFinder()
+            .find("SHA256withRSA");
 
     public void setIssuerDn(X500Name issuerDn) {
         this.issuerDn = issuerDn;
@@ -104,6 +109,9 @@ class CreateCertRequest {
                         .setSubject(subjectDn)
                         .setExtensions(CmpMessageHelper.generateExtension(sansArray))
                         .setValidity(CmpMessageHelper.generateOptionalValidity(notBefore, notAfter))
+                        .setVersion(2)
+                        .setSerialNumber(new ASN1Integer(0L))
+                        .setSigningAlg(signingAlgorithm)
                         .setPublicKey(
                                 SubjectPublicKeyInfo.getInstance(subjectKeyPair.getPublic().getEncoded()));
 
diff --git a/certService/version.properties b/certService/version.properties
index f1c5779d..29a89d0c 100644
--- a/certService/version.properties
+++ b/certService/version.properties
@@ -1,6 +1,6 @@
 major=2
 minor=3
-patch=1
+patch=2
 base_version=${major}.${minor}.${patch}
 release_version=${base_version}
 snapshot_version=${base_version}-SNAPSHOT
diff --git a/certServiceClient/pom.xml b/certServiceClient/pom.xml
index b1b2af92..799d9aac 100644
--- a/certServiceClient/pom.xml
+++ b/certServiceClient/pom.xml
@@ -18,12 +18,12 @@
     <parent>
         <artifactId>oom-certservice</artifactId>
         <groupId>org.onap.oom.platform.cert-service</groupId>
-        <version>2.3.1-SNAPSHOT</version>
+        <version>2.3.2-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
     <artifactId>oom-certservice-client</artifactId>
-    <version>2.3.1-SNAPSHOT</version>
+    <version>2.3.2-SNAPSHOT</version>
     <name>oom-certservice-client</name>
     <description>OOM Certification Service Api Client</description>
     <packaging>jar</packaging>
diff --git a/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/factory/ClientConfigurationFactory.java b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/factory/ClientConfigurationFactory.java
index f1541b04..2bd57f77 100644
--- a/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/factory/ClientConfigurationFactory.java
+++ b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/factory/ClientConfigurationFactory.java
@@ -59,7 +59,7 @@ public class ClientConfigurationFactory implements ConfigurationFactory<ClientCo
             .orElseThrow(() -> new ClientConfigurationException(ClientConfigurationEnvs.OUTPUT_PATH + " is invalid."));
 
         envsForClient.getCaName()
-            .filter(ClientEnvsValueValidators::isAlphaNumeric)
+            .filter(ClientEnvsValueValidators::isCaNameValid)
             .map(configuration::setCaName)
             .orElseThrow(() -> new ClientConfigurationException(ClientConfigurationEnvs.CA_NAME + " is invalid."));
 
diff --git a/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/client/ClientEnvsValueValidators.java b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/client/ClientEnvsValueValidators.java
index 503b7e46..86d1e0f0 100644
--- a/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/client/ClientEnvsValueValidators.java
+++ b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/client/ClientEnvsValueValidators.java
@@ -20,11 +20,11 @@
 package org.onap.oom.certservice.client.configuration.validation.client;
 
 public final class ClientEnvsValueValidators {
-    private static final String ALPHA_NUMERIC_REGEX = "^[a-zA-Z0-9]*$";
+    private static final String CA_NAME_REGEX = "^[a-zA-Z0-9_.~-]{1,128}$";
     private static final String VALID_PATH_REGEX = "^/|(/[a-zA-Z0-9_-]+)+/?$";
 
-    public static boolean isAlphaNumeric(String caName) {
-        return caName.matches(ALPHA_NUMERIC_REGEX);
+    public static boolean isCaNameValid(String caName) {
+        return caName.matches(CA_NAME_REGEX);
     }
 
     public static boolean isPathValid(String path) {
diff --git a/certServiceClient/src/test/java/org/onap/oom/certservice/client/configuration/validation/client/ClientEnvsValueValidatorsTest.java b/certServiceClient/src/test/java/org/onap/oom/certservice/client/configuration/validation/client/ClientEnvsValueValidatorsTest.java
index 9ed46c1a..d219873f 100644
--- a/certServiceClient/src/test/java/org/onap/oom/certservice/client/configuration/validation/client/ClientEnvsValueValidatorsTest.java
+++ b/certServiceClient/src/test/java/org/onap/oom/certservice/client/configuration/validation/client/ClientEnvsValueValidatorsTest.java
@@ -21,7 +21,7 @@
 package org.onap.oom.certservice.client.configuration.validation.client;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.onap.oom.certservice.client.configuration.validation.client.ClientEnvsValueValidators.isAlphaNumeric;
+import static org.onap.oom.certservice.client.configuration.validation.client.ClientEnvsValueValidators.isCaNameValid;
 import static org.onap.oom.certservice.client.configuration.validation.client.ClientEnvsValueValidators.isPathValid;
 
 import org.junit.jupiter.params.ParameterizedTest;
@@ -29,15 +29,15 @@ import org.junit.jupiter.params.provider.ValueSource;
 
 class ClientEnvsValueValidatorsTest {
     @ParameterizedTest
-    @ValueSource(strings = {"caname", "caname1", "123caName", "ca1name"})
-    void shouldAcceptValidAlphanumeric(String caName) {
-        assertThat(isAlphaNumeric(caName)).isTrue();
+    @ValueSource(strings = {"caname", "caname1", "123caName", "ca1name", "ca_name", "ca-name", "ca.na~me"})
+    void shouldAcceptValidCaName(String caName) {
+        assertThat(isCaNameValid(caName)).isTrue();
     }
 
     @ParameterizedTest
-    @ValueSource(strings = {"44caname$", "#caname1", "1c_aname", "ca1-name"})
-    void shouldRejectInvalidAlphanumeric(String caName) {
-        assertThat(isAlphaNumeric(caName)).isFalse();
+    @ValueSource(strings = {"44caname$", "#caname1", "1c[aname]", "ca1/name", "", " "})
+    void shouldRejectInvalidCaName(String caName) {
+        assertThat(isCaNameValid(caName)).isFalse();
     }
 
     @ParameterizedTest
diff --git a/certServiceClient/version.properties b/certServiceClient/version.properties
index f1c5779d..29a89d0c 100644
--- a/certServiceClient/version.properties
+++ b/certServiceClient/version.properties
@@ -1,6 +1,6 @@
 major=2
 minor=3
-patch=1
+patch=2
 base_version=${major}.${minor}.${patch}
 release_version=${base_version}
 snapshot_version=${base_version}-SNAPSHOT
diff --git a/certServiceK8sExternalProvider/pom.xml b/certServiceK8sExternalProvider/pom.xml
index fe1d657f..c6454f65 100644
--- a/certServiceK8sExternalProvider/pom.xml
+++ b/certServiceK8sExternalProvider/pom.xml
@@ -5,7 +5,7 @@
   <parent>
     <artifactId>oom-certservice</artifactId>
     <groupId>org.onap.oom.platform.cert-service</groupId>
-    <version>2.3.1-SNAPSHOT</version>
+    <version>2.3.2-SNAPSHOT</version>
   </parent>
   <modelVersion>4.0.0</modelVersion>
 
diff --git a/certServicePostProcessor/pom.xml b/certServicePostProcessor/pom.xml
index 66444649..346c6adf 100644
--- a/certServicePostProcessor/pom.xml
+++ b/certServicePostProcessor/pom.xml
@@ -5,12 +5,12 @@
     <parent>
         <artifactId>oom-certservice</artifactId>
         <groupId>org.onap.oom.platform.cert-service</groupId>
-        <version>2.3.1-SNAPSHOT</version>
+        <version>2.3.2-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
     <artifactId>oom-certservice-post-processor</artifactId>
-    <version>2.3.1-SNAPSHOT</version>
+    <version>2.3.2-SNAPSHOT</version>
     <name>oom-certservice-post-processor</name>
     <description>An application which conducts certificate post-processing like: merging truststores, copying keystores.</description>
     <packaging>jar</packaging>
diff --git a/pom.xml b/pom.xml
index 7dee166c..85b278f9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -23,7 +23,7 @@
     </parent>
     <groupId>org.onap.oom.platform.cert-service</groupId>
     <artifactId>oom-certservice</artifactId>
-    <version>2.3.1-SNAPSHOT</version>
+    <version>2.3.2-SNAPSHOT</version>
     <name>oom-certservice</name>
     <description>OOM Certification Service</description>
     <packaging>pom</packaging>
diff --git a/version.properties b/version.properties
index f1c5779d..29a89d0c 100644
--- a/version.properties
+++ b/version.properties
@@ -1,6 +1,6 @@
 major=2
 minor=3
-patch=1
+patch=2
 base_version=${major}.${minor}.${patch}
 release_version=${base_version}
 snapshot_version=${base_version}-SNAPSHOT