summaryrefslogtreecommitdiffstats
path: root/certService/src/main/java
diff options
context:
space:
mode:
authorRemigiusz Janeczek <remigiusz.janeczek@nokia.com>2021-06-30 12:44:29 +0200
committerRemigiusz Janeczek <remigiusz.janeczek@nokia.com>2021-07-01 10:05:01 +0200
commit92ec2f3a119d6253da3c8aebefe3b0b9829f7645 (patch)
tree7a11f2f9f6c61b3fb6e5d3d41a83bf2c5989f2bf /certService/src/main/java
parent1630a480ab3ac2aeb833855380be3dd89fdca248 (diff)
[OOM-CERT-SERVICE] Add logic for KUR/CR detection
Issue-ID: OOM-2753 Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com> Change-Id: I571ad3914a870dde83929cb6121c2c63a5df3ae4
Diffstat (limited to 'certService/src/main/java')
-rw-r--r--certService/src/main/java/org/onap/oom/certservice/api/CertificationController.java7
-rw-r--r--certService/src/main/java/org/onap/oom/certservice/certification/CertificationModelFactory.java37
-rw-r--r--certService/src/main/java/org/onap/oom/certservice/certification/CsrModelFactory.java47
-rw-r--r--certService/src/main/java/org/onap/oom/certservice/certification/PemStringToCertificateConverter.java50
-rw-r--r--certService/src/main/java/org/onap/oom/certservice/certification/StringBase64.java65
-rw-r--r--certService/src/main/java/org/onap/oom/certservice/certification/UpdateRequestTypeDetector.java33
-rw-r--r--certService/src/main/java/org/onap/oom/certservice/certification/X509CertificateModelFactory.java77
-rw-r--r--certService/src/main/java/org/onap/oom/certservice/certification/X509CertificateParser.java53
-rw-r--r--certService/src/main/java/org/onap/oom/certservice/certification/exception/CertificateDecryptionException.java33
-rw-r--r--certService/src/main/java/org/onap/oom/certservice/certification/exception/StringToCertificateConversionException.java33
-rw-r--r--certService/src/main/java/org/onap/oom/certservice/certification/model/CertificateData.java69
-rw-r--r--certService/src/main/java/org/onap/oom/certservice/certification/model/CsrModel.java24
-rw-r--r--certService/src/main/java/org/onap/oom/certservice/certification/model/X509CertificateModel.java53
13 files changed, 514 insertions, 67 deletions
diff --git a/certService/src/main/java/org/onap/oom/certservice/api/CertificationController.java b/certService/src/main/java/org/onap/oom/certservice/api/CertificationController.java
index a0972d59..d21b1eb5 100644
--- a/certService/src/main/java/org/onap/oom/certservice/api/CertificationController.java
+++ b/certService/src/main/java/org/onap/oom/certservice/api/CertificationController.java
@@ -1,6 +1,6 @@
/*
* ============LICENSE_START=======================================================
- * PROJECT
+ * Cert Service
* ================================================================================
* Copyright (C) 2020-2021 Nokia. All rights reserved.
* ================================================================================
@@ -27,10 +27,11 @@ import io.swagger.v3.oas.annotations.media.Schema;
import io.swagger.v3.oas.annotations.responses.ApiResponse;
import io.swagger.v3.oas.annotations.responses.ApiResponses;
import io.swagger.v3.oas.annotations.tags.Tag;
-import org.onap.oom.certservice.certification.model.CertificateUpdateModel;
import org.onap.oom.certservice.certification.CertificationModelFactory;
+import org.onap.oom.certservice.certification.exception.CertificateDecryptionException;
import org.onap.oom.certservice.certification.exception.DecryptionException;
import org.onap.oom.certservice.certification.exception.ErrorResponseModel;
+import org.onap.oom.certservice.certification.model.CertificateUpdateModel;
import org.onap.oom.certservice.certification.model.CertificationModel;
import org.onap.oom.certservice.cmpv2client.exceptions.CmpClientException;
import org.slf4j.Logger;
@@ -111,7 +112,7 @@ public class CertificationController {
@RequestHeader("PK") String encodedPrivateKey,
@RequestHeader("OLD_CERT") String encodedOldCert,
@RequestHeader("OLD_PK") String encodedOldPrivateKey
- ) {
+ ) throws DecryptionException, CertificateDecryptionException {
caName = replaceWhiteSpaceChars(caName);
LOGGER.info("Received certificate update request for CA named: {}", caName);
CertificateUpdateModel certificateUpdateModel = new CertificateUpdateModel.CertificateUpdateModelBuilder()
diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/CertificationModelFactory.java b/certService/src/main/java/org/onap/oom/certservice/certification/CertificationModelFactory.java
index 94332f2d..d5d9d9b8 100644
--- a/certService/src/main/java/org/onap/oom/certservice/certification/CertificationModelFactory.java
+++ b/certService/src/main/java/org/onap/oom/certservice/certification/CertificationModelFactory.java
@@ -1,6 +1,6 @@
/*
* ============LICENSE_START=======================================================
- * PROJECT
+ * Cert Service
* ================================================================================
* Copyright (C) 2020 Nokia. All rights reserved.
* ================================================================================
@@ -22,10 +22,12 @@ package org.onap.oom.certservice.certification;
import org.onap.oom.certservice.certification.configuration.Cmpv2ServerProvider;
import org.onap.oom.certservice.certification.configuration.model.Cmpv2Server;
+import org.onap.oom.certservice.certification.exception.CertificateDecryptionException;
import org.onap.oom.certservice.certification.exception.DecryptionException;
import org.onap.oom.certservice.certification.model.CertificateUpdateModel;
import org.onap.oom.certservice.certification.model.CertificationModel;
import org.onap.oom.certservice.certification.model.CsrModel;
+import org.onap.oom.certservice.certification.model.X509CertificateModel;
import org.onap.oom.certservice.cmpv2client.exceptions.CmpClientException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -40,23 +42,28 @@ public class CertificationModelFactory {
private final CsrModelFactory csrModelFactory;
private final Cmpv2ServerProvider cmpv2ServerProvider;
private final CertificationProvider certificationProvider;
+ private final X509CertificateModelFactory x509CertificateModelFactory;
+ private final UpdateRequestTypeDetector updateRequestTypeDetector;
@Autowired
CertificationModelFactory(
CsrModelFactory csrModelFactory,
Cmpv2ServerProvider cmpv2ServerProvider,
- CertificationProvider certificationProvider
- ) {
+ CertificationProvider certificationProvider,
+ X509CertificateModelFactory x509CertificateModelFactory,
+ UpdateRequestTypeDetector updateRequestTypeDetector) {
this.cmpv2ServerProvider = cmpv2ServerProvider;
this.csrModelFactory = csrModelFactory;
this.certificationProvider = certificationProvider;
+ this.x509CertificateModelFactory = x509CertificateModelFactory;
+ this.updateRequestTypeDetector = updateRequestTypeDetector;
}
public CertificationModel createCertificationModel(String encodedCsr, String encodedPrivateKey, String caName)
throws DecryptionException, CmpClientException {
CsrModel csrModel = csrModelFactory.createCsrModel(
- new CsrModelFactory.StringBase64(encodedCsr),
- new CsrModelFactory.StringBase64(encodedPrivateKey)
+ new StringBase64(encodedCsr),
+ new StringBase64(encodedPrivateKey)
);
LOGGER.debug("Received CSR meta data: \n{}", csrModel);
@@ -68,10 +75,26 @@ public class CertificationModelFactory {
return certificationProvider.signCsr(csrModel, cmpv2Server);
}
- public CertificationModel createCertificationModel(CertificateUpdateModel certificateUpdateModel) {
+ public CertificationModel createCertificationModel(CertificateUpdateModel certificateUpdateModel)
+ throws DecryptionException, CertificateDecryptionException {
LOGGER.info("CSR: " + certificateUpdateModel.getEncodedCsr() +
", old cert: " + certificateUpdateModel.getEncodedOldCert() +
", CA: " + certificateUpdateModel.getCaName());
- throw new UnsupportedOperationException("TODO: it will be delivered in the next MR");
+ final CsrModel csrModel = csrModelFactory.createCsrModel(
+ new StringBase64(certificateUpdateModel.getEncodedCsr()),
+ new StringBase64(certificateUpdateModel.getEncodedPrivateKey())
+ );
+ final X509CertificateModel certificateModel = x509CertificateModelFactory.createCertificateModel(
+ new StringBase64(certificateUpdateModel.getEncodedOldCert()));
+
+ if (updateRequestTypeDetector.isKur(csrModel.getCertificateData(), certificateModel.getCertificateData())) {
+ LOGGER.info(
+ "Certificate Signing Request and Old Certificate have the same parameters. Preparing Key Update Request");
+ throw new UnsupportedOperationException("TODO: implement KUR in separate MR");
+ } else {
+ LOGGER.info(
+ "Certificate Signing Request and Old Certificate have different parameters. Preparing Certification Request");
+ throw new UnsupportedOperationException("TODO: implement CR in separate MR");
+ }
}
}
diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/CsrModelFactory.java b/certService/src/main/java/org/onap/oom/certservice/certification/CsrModelFactory.java
index 758427f6..789773d6 100644
--- a/certService/src/main/java/org/onap/oom/certservice/certification/CsrModelFactory.java
+++ b/certService/src/main/java/org/onap/oom/certservice/certification/CsrModelFactory.java
@@ -1,8 +1,8 @@
/*
* ============LICENSE_START=======================================================
- * PROJECT
+ * Cert Service
* ================================================================================
- * Copyright (C) 2020 Nokia. All rights reserved.
+ * Copyright (C) 2020-2021 Nokia. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -20,18 +20,12 @@
package org.onap.oom.certservice.certification;
-import java.util.Base64;
-import java.util.Objects;
-import java.util.Optional;
-
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.util.io.pem.PemObject;
import org.onap.oom.certservice.certification.exception.CsrDecryptionException;
import org.onap.oom.certservice.certification.exception.DecryptionException;
import org.onap.oom.certservice.certification.exception.KeyDecryptionException;
import org.onap.oom.certservice.certification.model.CsrModel;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;
@@ -71,43 +65,6 @@ public class CsrModelFactory {
);
}
- public static class StringBase64 {
- private final String value;
- private final Base64.Decoder decoder = Base64.getDecoder();
- private static final Logger LOGGER = LoggerFactory.getLogger(StringBase64.class);
-
- public StringBase64(String value) {
- this.value = value;
- }
-
- public Optional<String> asString() {
- try {
- String decodedString = new String(decoder.decode(value));
- return Optional.of(decodedString);
- } catch (RuntimeException e) {
- LOGGER.error("Exception occurred during decoding:", e);
- return Optional.empty();
- }
- }
-
- @Override
- public boolean equals(Object otherObject) {
- if (this == otherObject) {
- return true;
- }
- if (otherObject == null || getClass() != otherObject.getClass()) {
- return false;
- }
- StringBase64 that = (StringBase64) otherObject;
- return Objects.equals(value, that.value);
- }
-
- @Override
- public int hashCode() {
- return value.hashCode();
- }
- }
-
}
diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/PemStringToCertificateConverter.java b/certService/src/main/java/org/onap/oom/certservice/certification/PemStringToCertificateConverter.java
new file mode 100644
index 00000000..7126cd4a
--- /dev/null
+++ b/certService/src/main/java/org/onap/oom/certservice/certification/PemStringToCertificateConverter.java
@@ -0,0 +1,50 @@
+/*
+ * ============LICENSE_START=======================================================
+ * Cert Service
+ * ================================================================================
+ * Copyright (C) 2021 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.oom.certservice.certification;
+
+import java.io.IOException;
+import java.io.StringReader;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.Optional;
+import org.bouncycastle.cert.X509CertificateHolder;
+import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.openssl.PEMParser;
+import org.onap.oom.certservice.certification.exception.StringToCertificateConversionException;
+import org.springframework.stereotype.Service;
+
+@Service
+public class PemStringToCertificateConverter {
+
+ public X509Certificate convert(String certificatePemString) throws StringToCertificateConversionException {
+ try (PEMParser pemParser = new PEMParser(new StringReader(certificatePemString))) {
+ X509CertificateHolder certHolder = Optional.ofNullable((X509CertificateHolder) pemParser.readObject())
+ .orElseThrow(
+ () -> new StringToCertificateConversionException("The certificate could not be converted correctly."));
+ return new JcaX509CertificateConverter()
+ .setProvider(new BouncyCastleProvider())
+ .getCertificate(certHolder);
+ } catch (IOException | CertificateException e) {
+ throw new StringToCertificateConversionException("Exception occurred during certificate conversion.", e);
+ }
+ }
+}
diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/StringBase64.java b/certService/src/main/java/org/onap/oom/certservice/certification/StringBase64.java
new file mode 100644
index 00000000..9929e52c
--- /dev/null
+++ b/certService/src/main/java/org/onap/oom/certservice/certification/StringBase64.java
@@ -0,0 +1,65 @@
+/*
+ * ============LICENSE_START=======================================================
+ * Cert Service
+ * ================================================================================
+ * Copyright (C) 2020-2021 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.oom.certservice.certification;
+
+import java.util.Base64;
+import java.util.Objects;
+import java.util.Optional;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class StringBase64 {
+
+ private final String value;
+ private final Base64.Decoder decoder = Base64.getDecoder();
+ private static final Logger LOGGER = LoggerFactory.getLogger(StringBase64.class);
+
+ public StringBase64(String value) {
+ this.value = value;
+ }
+
+ public Optional<String> asString() {
+ try {
+ String decodedString = new String(decoder.decode(value));
+ return Optional.of(decodedString);
+ } catch (RuntimeException e) {
+ LOGGER.error("Exception occurred during decoding:", e);
+ return Optional.empty();
+ }
+ }
+
+ @Override
+ public boolean equals(Object otherObject) {
+ if (this == otherObject) {
+ return true;
+ }
+ if (otherObject == null || getClass() != otherObject.getClass()) {
+ return false;
+ }
+ StringBase64 that = (StringBase64) otherObject;
+ return Objects.equals(value, that.value);
+ }
+
+ @Override
+ public int hashCode() {
+ return value.hashCode();
+ }
+}
diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/UpdateRequestTypeDetector.java b/certService/src/main/java/org/onap/oom/certservice/certification/UpdateRequestTypeDetector.java
new file mode 100644
index 00000000..bef2fd5f
--- /dev/null
+++ b/certService/src/main/java/org/onap/oom/certservice/certification/UpdateRequestTypeDetector.java
@@ -0,0 +1,33 @@
+/*
+ * ============LICENSE_START=======================================================
+ * Cert Service
+ * ================================================================================
+ * Copyright (C) 2021 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.oom.certservice.certification;
+
+import org.onap.oom.certservice.certification.model.CertificateData;
+import org.springframework.stereotype.Service;
+
+@Service
+public class UpdateRequestTypeDetector {
+
+ public boolean isKur(CertificateData certificateData1, CertificateData certificateData2) {
+ return certificateData1.equals(certificateData2);
+ }
+
+}
diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/X509CertificateModelFactory.java b/certService/src/main/java/org/onap/oom/certservice/certification/X509CertificateModelFactory.java
new file mode 100644
index 00000000..17367ce7
--- /dev/null
+++ b/certService/src/main/java/org/onap/oom/certservice/certification/X509CertificateModelFactory.java
@@ -0,0 +1,77 @@
+/*
+ * ============LICENSE_START=======================================================
+ * Cert Service
+ * ================================================================================
+ * Copyright (C) 2021 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.oom.certservice.certification;
+
+import java.security.cert.CertificateParsingException;
+import java.security.cert.X509Certificate;
+import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.asn1.x509.GeneralName;
+import org.onap.oom.certservice.certification.exception.CertificateDecryptionException;
+import org.onap.oom.certservice.certification.exception.StringToCertificateConversionException;
+import org.onap.oom.certservice.certification.model.X509CertificateModel;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+@Service
+public class X509CertificateModelFactory {
+
+ private static final String BEGIN_CERTIFICATE = "-----BEGIN CERTIFICATE-----\n";
+ private static final String END_CERTIFICATE = "-----END CERTIFICATE-----\n";
+
+ private final PemStringToCertificateConverter pemStringToCertificateConverter;
+ private final X509CertificateParser x509CertificateParser;
+
+ @Autowired
+ public X509CertificateModelFactory(PemStringToCertificateConverter pemStringToCertificateConverter,
+ X509CertificateParser x509CertificateParser) {
+ this.pemStringToCertificateConverter = pemStringToCertificateConverter;
+ this.x509CertificateParser = x509CertificateParser;
+ }
+
+ public X509CertificateModel createCertificateModel(StringBase64 base64EncodedCertificate)
+ throws CertificateDecryptionException {
+ final String certificateString = base64EncodedCertificate.asString()
+ .map(this::getFirstCertificateFromCertificateChain)
+ .orElseThrow(() -> new CertificateDecryptionException("Incorrect certificate, decryption failed"));
+ try {
+ final X509Certificate certificate = pemStringToCertificateConverter.convert(certificateString);
+ final X500Name subjectData = x509CertificateParser.getSubject(certificate);
+ final GeneralName[] sans = x509CertificateParser.getSans(certificate);
+ return new X509CertificateModel(certificate, subjectData, sans);
+ } catch (StringToCertificateConversionException e) {
+ throw new CertificateDecryptionException("Cannot convert certificate", e);
+
+ } catch (CertificateParsingException e) {
+ throw new CertificateDecryptionException("Cannot read Subject Alternative Names from certificate");
+ }
+ }
+
+ private String getFirstCertificateFromCertificateChain(String certificateChain) {
+ if (doesNotContainCertificates(certificateChain)) {
+ return null;
+ }
+ return certificateChain.split(END_CERTIFICATE)[0] + END_CERTIFICATE;
+ }
+
+ private boolean doesNotContainCertificates(String certificateChain) {
+ return !(certificateChain.contains(BEGIN_CERTIFICATE) && certificateChain.contains(END_CERTIFICATE));
+ }
+}
diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/X509CertificateParser.java b/certService/src/main/java/org/onap/oom/certservice/certification/X509CertificateParser.java
new file mode 100644
index 00000000..67b12796
--- /dev/null
+++ b/certService/src/main/java/org/onap/oom/certservice/certification/X509CertificateParser.java
@@ -0,0 +1,53 @@
+/*
+ * ============LICENSE_START=======================================================
+ * Cert Service
+ * ================================================================================
+ * Copyright (C) 2021 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.oom.certservice.certification;
+
+import java.security.cert.CertificateParsingException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+import javax.security.auth.x500.X500Principal;
+import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.asn1.x509.GeneralName;
+import org.springframework.stereotype.Service;
+
+@Service
+public class X509CertificateParser {
+
+ public X500Name getSubject(X509Certificate certificate) {
+ final X500Principal subjectX500Principal = certificate.getSubjectX500Principal();
+ return new X500Name(subjectX500Principal.getName());
+ }
+
+ public GeneralName[] getSans(X509Certificate certificate) throws CertificateParsingException {
+ final Collection<List<?>> sans = certificate.getSubjectAlternativeNames();
+ if (sans == null) {
+ return new GeneralName[0];
+ }
+ final ArrayList<GeneralName> generalNames = new ArrayList<>();
+ for (List<?> san : sans) {
+ GeneralName sanGn = new GeneralName((Integer) san.get(0), san.get(1).toString());
+ generalNames.add(sanGn);
+ }
+ return generalNames.toArray(new GeneralName[0]);
+ }
+}
diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/exception/CertificateDecryptionException.java b/certService/src/main/java/org/onap/oom/certservice/certification/exception/CertificateDecryptionException.java
new file mode 100644
index 00000000..16fdb44b
--- /dev/null
+++ b/certService/src/main/java/org/onap/oom/certservice/certification/exception/CertificateDecryptionException.java
@@ -0,0 +1,33 @@
+/*
+ * ============LICENSE_START=======================================================
+ * Cert Service
+ * ================================================================================
+ * Copyright (C) 2021 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.oom.certservice.certification.exception;
+
+public class CertificateDecryptionException extends Exception {
+
+ public CertificateDecryptionException(String message, Throwable cause) {
+ super(message, cause);
+ }
+
+ public CertificateDecryptionException(String message) {
+ super(message);
+ }
+
+}
diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/exception/StringToCertificateConversionException.java b/certService/src/main/java/org/onap/oom/certservice/certification/exception/StringToCertificateConversionException.java
new file mode 100644
index 00000000..087172d7
--- /dev/null
+++ b/certService/src/main/java/org/onap/oom/certservice/certification/exception/StringToCertificateConversionException.java
@@ -0,0 +1,33 @@
+/*
+ * ============LICENSE_START=======================================================
+ * Cert Service
+ * ================================================================================
+ * Copyright (C) 2021 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.oom.certservice.certification.exception;
+
+public class StringToCertificateConversionException extends Exception {
+
+ public StringToCertificateConversionException(String message, Throwable cause) {
+ super(message, cause);
+ }
+
+ public StringToCertificateConversionException(String message) {
+ super(message);
+ }
+
+}
diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/model/CertificateData.java b/certService/src/main/java/org/onap/oom/certservice/certification/model/CertificateData.java
new file mode 100644
index 00000000..3a00c915
--- /dev/null
+++ b/certService/src/main/java/org/onap/oom/certservice/certification/model/CertificateData.java
@@ -0,0 +1,69 @@
+/*
+ * ============LICENSE_START=======================================================
+ * Cert Service
+ * ================================================================================
+ * Copyright (C) 2021 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.oom.certservice.certification.model;
+
+import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.asn1.x509.GeneralName;
+
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.Comparator;
+import java.util.List;
+import java.util.Objects;
+import java.util.stream.Collectors;
+
+public class CertificateData {
+
+ private final X500Name subject;
+ private final List<GeneralName> sortedSans;
+
+ public CertificateData(X500Name subject, GeneralName[] sans) {
+ this.subject = subject;
+ this.sortedSans = sans != null ? getSortedSansList(sans) : Collections.emptyList();
+ }
+
+ public X500Name getSubject() {
+ return subject;
+ }
+
+ public GeneralName[] getSortedSans() {
+ return sortedSans.toArray(new GeneralName[0]);
+ }
+
+ @Override
+ public boolean equals(Object o) {
+ if (this == o) return true;
+ if (o == null || getClass() != o.getClass()) return false;
+ CertificateData that = (CertificateData) o;
+ return Objects.equals(subject, that.subject) && Objects.equals(sortedSans, that.sortedSans);
+ }
+
+ @Override
+ public int hashCode() {
+ return Objects.hash(subject, sortedSans);
+ }
+
+ private List<GeneralName> getSortedSansList(GeneralName[] sans) {
+ return Arrays.stream(sans).sorted(Comparator.comparing(GeneralName::toString))
+ .collect(Collectors.toUnmodifiableList());
+ }
+
+}
diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/model/CsrModel.java b/certService/src/main/java/org/onap/oom/certservice/certification/model/CsrModel.java
index 03d1a9d2..96755832 100644
--- a/certService/src/main/java/org/onap/oom/certservice/certification/model/CsrModel.java
+++ b/certService/src/main/java/org/onap/oom/certservice/certification/model/CsrModel.java
@@ -1,8 +1,8 @@
/*
* ============LICENSE_START=======================================================
- * PROJECT
+ * Cert Service
* ================================================================================
- * Copyright (C) 2020 Nokia. All rights reserved.
+ * Copyright (C) 2020-2021 Nokia. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -29,7 +29,6 @@ import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
-
import java.util.stream.Collectors;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.Extension;
@@ -38,7 +37,6 @@ import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.util.io.pem.PemObject;
-
import org.onap.oom.certservice.certification.exception.CsrDecryptionException;
import org.onap.oom.certservice.certification.exception.DecryptionException;
import org.onap.oom.certservice.certification.exception.KeyDecryptionException;
@@ -47,18 +45,16 @@ import org.onap.oom.certservice.certification.exception.KeyDecryptionException;
public class CsrModel {
private final PKCS10CertificationRequest csr;
- private final X500Name subjectData;
private final PrivateKey privateKey;
private final PublicKey publicKey;
- private final GeneralName[] sans;
+ private final CertificateData certificateData;
public CsrModel(PKCS10CertificationRequest csr, X500Name subjectData, PrivateKey privateKey, PublicKey publicKey,
GeneralName[] sans) {
this.csr = csr;
- this.subjectData = subjectData;
this.privateKey = privateKey;
this.publicKey = publicKey;
- this.sans = sans;
+ this.certificateData = new CertificateData(subjectData, sans);
}
public PKCS10CertificationRequest getCsr() {
@@ -66,7 +62,7 @@ public class CsrModel {
}
public X500Name getSubjectData() {
- return subjectData;
+ return certificateData.getSubject();
}
public PrivateKey getPrivateKey() {
@@ -78,16 +74,20 @@ public class CsrModel {
}
public GeneralName[] getSans() {
- return sans;
+ return certificateData.getSortedSans();
+ }
+
+ public CertificateData getCertificateData() {
+ return certificateData;
}
@Override
public String toString() {
- return "CSR: { Subject: { " + subjectData + " }, SANs: [" + getSansInReadableFormat() + "] }";
+ return "CSR: { Subject: { " + certificateData.getSubject() + " }, SANs: [" + getSansInReadableFormat() + "] }";
}
private String getSansInReadableFormat() {
- return Arrays.stream(this.sans)
+ return Arrays.stream(this.certificateData.getSortedSans())
.map(generalName -> generalName.getName().toString())
.collect(Collectors.joining(", "));
}
diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/model/X509CertificateModel.java b/certService/src/main/java/org/onap/oom/certservice/certification/model/X509CertificateModel.java
new file mode 100644
index 00000000..f45fb7d3
--- /dev/null
+++ b/certService/src/main/java/org/onap/oom/certservice/certification/model/X509CertificateModel.java
@@ -0,0 +1,53 @@
+/*
+ * ============LICENSE_START=======================================================
+ * Cert Service
+ * ================================================================================
+ * Copyright (C) 2021 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.oom.certservice.certification.model;
+
+import java.security.cert.X509Certificate;
+import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.asn1.x509.GeneralName;
+
+public class X509CertificateModel {
+
+ private final X509Certificate certificate;
+ private final CertificateData certificateData;
+
+ public X509CertificateModel(X509Certificate certificate, X500Name subjectData,
+ GeneralName[] sans) {
+ this.certificate = certificate;
+ this.certificateData = new CertificateData(subjectData, sans);
+ }
+
+ public X509Certificate getCertificate() {
+ return certificate;
+ }
+
+ public X500Name getSubjectData() {
+ return certificateData.getSubject();
+ }
+
+ public GeneralName[] getSans() {
+ return certificateData.getSortedSans();
+ }
+
+ public CertificateData getCertificateData() {
+ return certificateData;
+ }
+}