diff options
author | Pawel Baniewski <pawel.baniewski@nokia.com> | 2021-07-07 07:34:05 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2021-07-07 07:34:05 +0000 |
commit | d1c1e239d5ce46880563d7cccc7d57da6315482a (patch) | |
tree | 2f80603a4044421f3005f5792972a6a7964010a9 /certService/src/main/java | |
parent | 62d037f9368ae9300ff24292e142df0811479ad1 (diff) | |
parent | 52c8476b49aab2a54c875d14ddab7ac26b010a32 (diff) |
Merge "[OOM-CERT-SERVICE] Add Certification Request functionality"
Diffstat (limited to 'certService/src/main/java')
4 files changed, 47 insertions, 13 deletions
diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/CertificationModelFactory.java b/certService/src/main/java/org/onap/oom/certservice/certification/CertificationModelFactory.java index a5076a38..dddeb2d3 100644 --- a/certService/src/main/java/org/onap/oom/certservice/certification/CertificationModelFactory.java +++ b/certService/src/main/java/org/onap/oom/certservice/certification/CertificationModelFactory.java @@ -99,7 +99,7 @@ public class CertificationModelFactory { } else { LOGGER.info( "Certificate Signing Request and Old Certificate have different parameters. Preparing Certification Request"); - throw new UnsupportedOperationException("TODO: implement CR in separate MR"); + return certificationProvider.certificationRequest(csrModel, cmpv2Server); } } } diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/CertificationProvider.java b/certService/src/main/java/org/onap/oom/certservice/certification/CertificationProvider.java index bfa83103..17e23e39 100644 --- a/certService/src/main/java/org/onap/oom/certservice/certification/CertificationProvider.java +++ b/certService/src/main/java/org/onap/oom/certservice/certification/CertificationProvider.java @@ -67,6 +67,12 @@ public class CertificationProvider { convertFromX509CertificateListToPemList(certificates.getTrustedCertificates())); } + public CertificationModel certificationRequest(CsrModel csrModel, Cmpv2Server cmpv2Server) throws CmpClientException { + Cmpv2CertificationModel certificates = cmpClient.certificationRequest(csrModel, cmpv2Server); + return new CertificationModel(convertFromX509CertificateListToPemList(certificates.getCertificateChain()), + convertFromX509CertificateListToPemList(certificates.getTrustedCertificates())); + } + private static List<String> convertFromX509CertificateListToPemList(List<X509Certificate> certificates) { return certificates.stream().map(CertificationProvider::convertFromX509CertificateToPem).filter(cert -> !cert.isEmpty()) .collect(Collectors.toList()); diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/api/CmpClient.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/api/CmpClient.java index 5ded3056..88c73c04 100644 --- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/api/CmpClient.java +++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/api/CmpClient.java @@ -88,4 +88,17 @@ public interface CmpClient { */ Cmpv2CertificationModel updateCertificate(CsrModel csrModel, Cmpv2Server cmpv2Server, CertificateUpdateModel certificateUpdateModel) throws CmpClientException; + + /** + * Requests for an additional External Root CA Certificate to be created for the passed keyPair wrapped + * in a CSRMeta with common details. Basic Authentication using IAK/RV, Verification of the signature + * (proof-of-possession) on the request is performed and an Exception thrown if verification fails + * or issue encountered in fetching certificate from CA. + * + * @param csrModel Certificate Signing Request Model. Must not be {@code null}. + * @param cmpv2Server CMPv2 server. Must not be {@code null}. + * @return model for certification containing certificate chain and trusted certificates + * @throws CmpClientException if client error occurs. + */ + Cmpv2CertificationModel certificationRequest(CsrModel csrModel, Cmpv2Server cmpv2Server) throws CmpClientException; } diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java index 270b5995..549cf6b9 100644 --- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java +++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java @@ -93,18 +93,7 @@ public class CmpClientImpl implements CmpClient { throws CmpClientException { validate(csrModel, server, httpClient, notBefore, notAfter); - - final String iak = server.getAuthentication().getIak(); - final PkiMessageProtection pkiMessageProtection = new PasswordBasedProtection(iak); - final CreateCertRequest certRequest = - getCmpMessageBuilderWithCommonRequestValues(csrModel, server) - .with(CreateCertRequest::setNotBefore, notBefore) - .with(CreateCertRequest::setNotAfter, notAfter) - .with(CreateCertRequest::setSenderKid, server.getAuthentication().getRv()) - .with(CreateCertRequest::setCmpRequestType, PKIBody.TYPE_INIT_REQ) - .with(CreateCertRequest::setProtection, pkiMessageProtection) - .build(); - + final CreateCertRequest certRequest = getIakRvRequest(csrModel, server, notBefore, notAfter, PKIBody.TYPE_INIT_REQ); return executeCmpRequest(csrModel, server, certRequest); } @@ -131,6 +120,32 @@ public class CmpClientImpl implements CmpClient { } + @Override + public Cmpv2CertificationModel certificationRequest(CsrModel csrModel, Cmpv2Server cmpv2Server) throws CmpClientException { + + validate(csrModel, cmpv2Server, httpClient, null, null); + final CreateCertRequest certRequest = getIakRvRequest(csrModel, cmpv2Server, null, null, PKIBody.TYPE_CERT_REQ); + return executeCmpRequest(csrModel, cmpv2Server, certRequest); + } + + private CreateCertRequest getIakRvRequest( + CsrModel csrModel, + Cmpv2Server server, + Date notBefore, + Date notAfter, + int requestType) { + + final String iak = server.getAuthentication().getIak(); + final PkiMessageProtection pkiMessageProtection = new PasswordBasedProtection(iak); + return getCmpMessageBuilderWithCommonRequestValues(csrModel, server) + .with(CreateCertRequest::setNotBefore, notBefore) + .with(CreateCertRequest::setNotAfter, notAfter) + .with(CreateCertRequest::setSenderKid, server.getAuthentication().getRv()) + .with(CreateCertRequest::setCmpRequestType, requestType) + .with(CreateCertRequest::setProtection, pkiMessageProtection) + .build(); + } + private Cmpv2CertificationModel executeCmpRequest(CsrModel csrModel, Cmpv2Server cmpv2Server, CreateCertRequest certRequest) throws CmpClientException { final PKIMessage pkiMessage = certRequest.generateCertReq(); |