diff options
author | Bartosz Gardziejewski <bartosz.gardziejewski@nokia.com> | 2020-03-25 14:08:49 +0100 |
---|---|---|
committer | Zebek Bogumil <bogumil.zebek@nokia.com> | 2020-03-27 11:47:14 +0100 |
commit | a999a364ac1d9557decfd3b0157cbe46181006f3 (patch) | |
tree | 99596cdb2981f53324bd4a526961a7c25460a749 /certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpClientImpl.java | |
parent | 9600d1361dd6e662248fe0704d1436ae56d446a7 (diff) |
Refactor CmpResponseHelper to support intermediate certificate
Issue-ID: AAF-1107
Signed-off-by: Bartosz Gardziejewski <bartosz.gardziejewski@nokia.com>
Change-Id: Ia2e2f9ba1fbcf0482121ffb5f451c408774481ba
Diffstat (limited to 'certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpClientImpl.java')
-rw-r--r-- | certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpClientImpl.java | 27 |
1 files changed, 13 insertions, 14 deletions
diff --git a/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpClientImpl.java b/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpClientImpl.java index 28731f29..87991132 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpClientImpl.java +++ b/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpClientImpl.java @@ -24,7 +24,7 @@ import java.security.KeyPair; import java.security.PublicKey; import static org.onap.aaf.certservice.cmpv2client.impl.CmpResponseHelper.checkIfCmpResponseContainsError; -import static org.onap.aaf.certservice.cmpv2client.impl.CmpResponseHelper.getCertfromByteArray; +import static org.onap.aaf.certservice.cmpv2client.impl.CmpResponseHelper.getCertFromByteArray; import static org.onap.aaf.certservice.cmpv2client.impl.CmpResponseHelper.verifyAndReturnCertChainAndTrustSTore; import static org.onap.aaf.certservice.cmpv2client.impl.CmpResponseValidationHelper.checkImplicitConfirm; import static org.onap.aaf.certservice.cmpv2client.impl.CmpResponseValidationHelper.verifyPasswordBasedProtection; @@ -33,10 +33,8 @@ import static org.onap.aaf.certservice.cmpv2client.impl.CmpResponseValidationHel import java.io.IOException; import java.security.cert.CertificateParsingException; import java.security.cert.X509Certificate; -import java.util.ArrayList; import java.util.Collections; import java.util.Date; -import java.util.List; import java.util.Objects; import java.util.Optional; @@ -53,6 +51,7 @@ import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server; import org.onap.aaf.certservice.certification.model.CsrModel; import org.onap.aaf.certservice.cmpv2client.exceptions.CmpClientException; import org.onap.aaf.certservice.cmpv2client.api.CmpClient; +import org.onap.aaf.certservice.cmpv2client.model.Cmpv2CertificationModel; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -73,7 +72,7 @@ public class CmpClientImpl implements CmpClient { } @Override - public List<List<X509Certificate>> createCertificate( + public Cmpv2CertificationModel createCertificate( CsrModel csrModel, Cmpv2Server server, Date notBefore, @@ -101,7 +100,7 @@ public class CmpClientImpl implements CmpClient { } @Override - public List<List<X509Certificate>> createCertificate(CsrModel csrModel, Cmpv2Server server) + public Cmpv2CertificationModel createCertificate(CsrModel csrModel, Cmpv2Server server) throws CmpClientException { return createCertificate(csrModel, server, null, null); } @@ -145,7 +144,7 @@ public class CmpClientImpl implements CmpClient { } } - private List<List<X509Certificate>> checkCmpCertRepMessage(final PKIMessage respPkiMessage) + private Cmpv2CertificationModel checkCmpCertRepMessage(final PKIMessage respPkiMessage) throws CmpClientException { final PKIBody pkiBody = respPkiMessage.getBody(); if (Objects.nonNull(pkiBody) && pkiBody.getContent() instanceof CertRepMessage) { @@ -163,25 +162,25 @@ public class CmpClientImpl implements CmpClient { throw cmpClientException; } } else { - return new ArrayList<>(Collections.emptyList()); + return new Cmpv2CertificationModel(Collections.emptyList(), Collections.emptyList()); } } - return new ArrayList<>(Collections.emptyList()); + return new Cmpv2CertificationModel(Collections.emptyList(), Collections.emptyList()); } - private List<List<X509Certificate>> verifyReturnCertChainAndTrustStore( + private Cmpv2CertificationModel verifyReturnCertChainAndTrustStore( PKIMessage respPkiMessage, CertRepMessage certRepMessage, CertResponse certResponse) throws CertificateParsingException, CmpClientException, IOException { LOG.info("Verifying certificates returned as part of CertResponse."); final CMPCertificate cmpCertificate = certResponse.getCertifiedKeyPair().getCertOrEncCert().getCertificate(); final Optional<X509Certificate> leafCertificate = - getCertfromByteArray(cmpCertificate.getEncoded(), X509Certificate.class); + getCertFromByteArray(cmpCertificate.getEncoded(), X509Certificate.class); if (leafCertificate.isPresent()) { return verifyAndReturnCertChainAndTrustSTore( respPkiMessage, certRepMessage, leafCertificate.get()); } - return Collections.emptyList(); + return new Cmpv2CertificationModel(Collections.emptyList(), Collections.emptyList()); } private CertResponse getCertificateResponseContainingNewCertificate( @@ -192,8 +191,8 @@ public class CmpClientImpl implements CmpClient { /** * Validate inputs for Certificate Creation. * - * @param csrModel Certificate Signing Request model. Must not be {@code null}. - * @param server CMPv2 Server. Must not be {@code null}. + * @param csrModel Certificate Signing Request model. Must not be {@code null}. + * @param server CMPv2 Server. Must not be {@code null}. * @throws IllegalArgumentException if Before Date is set after the After Date. */ private static void validate( @@ -222,7 +221,7 @@ public class CmpClientImpl implements CmpClient { } } - private List<List<X509Certificate>> retrieveCertificates( + private Cmpv2CertificationModel retrieveCertificates( CsrModel csrModel, Cmpv2Server server, PKIMessage pkiMessage, Cmpv2HttpClient cmpv2HttpClient) throws CmpClientException { final byte[] respBytes = cmpv2HttpClient.postRequest(pkiMessage, server.getUrl(), server.getCaName()); |