[OOM-CERT-SERVICE] Add Certification Request functionality

Issue-ID: OOM-2753 Signed-off-by: Joanna Jeremicz <joanna.jeremicz@nokia.com> Change-Id: Id8702dd45254f0e82d9b71e5e69372569e523838
author: Joanna Jeremicz <joanna.jeremicz@nokia.com> 2021-07-05 16:47:58 +0200
committer: Joanna Jeremicz <joanna.jeremicz@nokia.com> 2021-07-06 12:06:10 +0200
commit: 52c8476b49aab2a54c875d14ddab7ac26b010a32 (patch)
tree: 173d1fbe2b136e521e5879cd2b3838d977840c54 /certService/src/main/java
parent: 23de50858f982b986b2e6f3a13ccca4a3bd3980c (diff)
4 files changed, 47 insertions, 13 deletions
diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/CertificationModelFactory.java b/certService/src/main/java/org/onap/oom/certservice/certification/CertificationModelFactory.java
index a5076a38..dddeb2d3 100644
--- a/certService/src/main/java/org/onap/oom/certservice/certification/CertificationModelFactory.java
+++ b/certService/src/main/java/org/onap/oom/certservice/certification/CertificationModelFactory.java
@@ -99,7 +99,7 @@ public class CertificationModelFactory {
         } else {
             LOGGER.info(
                 "Certificate Signing Request and Old Certificate have different parameters. Preparing Certification Request");
-            throw new UnsupportedOperationException("TODO: implement CR in separate MR");
+            return certificationProvider.certificationRequest(csrModel, cmpv2Server);
         }
     }
 }
diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/CertificationProvider.java b/certService/src/main/java/org/onap/oom/certservice/certification/CertificationProvider.java
index bfa83103..17e23e39 100644
--- a/certService/src/main/java/org/onap/oom/certservice/certification/CertificationProvider.java
+++ b/certService/src/main/java/org/onap/oom/certservice/certification/CertificationProvider.java
@@ -67,6 +67,12 @@ public class CertificationProvider {
             convertFromX509CertificateListToPemList(certificates.getTrustedCertificates()));
     }
 
+    public CertificationModel certificationRequest(CsrModel csrModel, Cmpv2Server cmpv2Server) throws CmpClientException {
+        Cmpv2CertificationModel certificates = cmpClient.certificationRequest(csrModel, cmpv2Server);
+        return new CertificationModel(convertFromX509CertificateListToPemList(certificates.getCertificateChain()),
+            convertFromX509CertificateListToPemList(certificates.getTrustedCertificates()));
+    }
+
     private static List<String> convertFromX509CertificateListToPemList(List<X509Certificate> certificates) {
         return certificates.stream().map(CertificationProvider::convertFromX509CertificateToPem).filter(cert -> !cert.isEmpty())
                 .collect(Collectors.toList());
diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/api/CmpClient.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/api/CmpClient.java
index 5ded3056..88c73c04 100644
--- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/api/CmpClient.java
+++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/api/CmpClient.java
@@ -88,4 +88,17 @@ public interface CmpClient {
    */
   Cmpv2CertificationModel updateCertificate(CsrModel csrModel, Cmpv2Server cmpv2Server,
       CertificateUpdateModel certificateUpdateModel) throws CmpClientException;
+
+  /**
+   * Requests for an additional External Root CA Certificate to be created for the passed keyPair wrapped
+   * in a CSRMeta with common details. Basic Authentication using IAK/RV, Verification of the signature
+   * (proof-of-possession) on the request is performed and an Exception thrown if verification fails
+   * or issue encountered in fetching certificate from CA.
+   *
+   * @param csrModel  Certificate Signing Request Model. Must not be {@code null}.
+   * @param cmpv2Server    CMPv2 server. Must not be {@code null}.
+   * @return model for certification containing certificate chain and trusted certificates
+   * @throws CmpClientException if client error occurs.
+   */
+  Cmpv2CertificationModel certificationRequest(CsrModel csrModel, Cmpv2Server cmpv2Server) throws CmpClientException;
 }
diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java
index 270b5995..549cf6b9 100644
--- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java
+++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java
@@ -93,18 +93,7 @@ public class CmpClientImpl implements CmpClient {
             throws CmpClientException {
 
         validate(csrModel, server, httpClient, notBefore, notAfter);
-
-        final String iak = server.getAuthentication().getIak();
-        final PkiMessageProtection pkiMessageProtection = new PasswordBasedProtection(iak);
-        final CreateCertRequest certRequest =
-                getCmpMessageBuilderWithCommonRequestValues(csrModel, server)
-                        .with(CreateCertRequest::setNotBefore, notBefore)
-                        .with(CreateCertRequest::setNotAfter, notAfter)
-                        .with(CreateCertRequest::setSenderKid, server.getAuthentication().getRv())
-                        .with(CreateCertRequest::setCmpRequestType, PKIBody.TYPE_INIT_REQ)
-                        .with(CreateCertRequest::setProtection, pkiMessageProtection)
-                        .build();
-
+        final CreateCertRequest certRequest = getIakRvRequest(csrModel, server, notBefore, notAfter, PKIBody.TYPE_INIT_REQ);
         return executeCmpRequest(csrModel, server, certRequest);
     }
 
@@ -131,6 +120,32 @@ public class CmpClientImpl implements CmpClient {
 
     }
 
+    @Override
+    public Cmpv2CertificationModel certificationRequest(CsrModel csrModel, Cmpv2Server cmpv2Server) throws CmpClientException {
+
+        validate(csrModel, cmpv2Server, httpClient, null, null);
+        final CreateCertRequest certRequest = getIakRvRequest(csrModel, cmpv2Server, null, null, PKIBody.TYPE_CERT_REQ);
+        return executeCmpRequest(csrModel, cmpv2Server, certRequest);
+    }
+
+    private CreateCertRequest getIakRvRequest(
+        CsrModel csrModel,
+        Cmpv2Server server,
+        Date notBefore,
+        Date notAfter,
+        int requestType) {
+
+        final String iak = server.getAuthentication().getIak();
+        final PkiMessageProtection pkiMessageProtection = new PasswordBasedProtection(iak);
+        return getCmpMessageBuilderWithCommonRequestValues(csrModel, server)
+            .with(CreateCertRequest::setNotBefore, notBefore)
+            .with(CreateCertRequest::setNotAfter, notAfter)
+            .with(CreateCertRequest::setSenderKid, server.getAuthentication().getRv())
+            .with(CreateCertRequest::setCmpRequestType, requestType)
+            .with(CreateCertRequest::setProtection, pkiMessageProtection)
+            .build();
+    }
+
     private Cmpv2CertificationModel executeCmpRequest(CsrModel csrModel, Cmpv2Server cmpv2Server,
         CreateCertRequest certRequest) throws CmpClientException {
         final PKIMessage pkiMessage = certRequest.generateCertReq();
author	Joanna Jeremicz <joanna.jeremicz@nokia.com>	2021-07-05 16:47:58 +0200
committer	Joanna Jeremicz <joanna.jeremicz@nokia.com>	2021-07-06 12:06:10 +0200
commit	52c8476b49aab2a54c875d14ddab7ac26b010a32 (patch)
tree	173d1fbe2b136e521e5879cd2b3838d977840c54 /certService/src/main/java
parent	23de50858f982b986b2e6f3a13ccca4a3bd3980c (diff)