aboutsummaryrefslogtreecommitdiffstats
path: root/certService/src/main/java
diff options
context:
space:
mode:
authorPawel Baniewski <pawel.baniewski@nokia.com>2021-07-07 07:34:05 +0000
committerGerrit Code Review <gerrit@onap.org>2021-07-07 07:34:05 +0000
commitd1c1e239d5ce46880563d7cccc7d57da6315482a (patch)
tree2f80603a4044421f3005f5792972a6a7964010a9 /certService/src/main/java
parent62d037f9368ae9300ff24292e142df0811479ad1 (diff)
parent52c8476b49aab2a54c875d14ddab7ac26b010a32 (diff)
Merge "[OOM-CERT-SERVICE] Add Certification Request functionality"
Diffstat (limited to 'certService/src/main/java')
-rw-r--r--certService/src/main/java/org/onap/oom/certservice/certification/CertificationModelFactory.java2
-rw-r--r--certService/src/main/java/org/onap/oom/certservice/certification/CertificationProvider.java6
-rw-r--r--certService/src/main/java/org/onap/oom/certservice/cmpv2client/api/CmpClient.java13
-rw-r--r--certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java39
4 files changed, 47 insertions, 13 deletions
diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/CertificationModelFactory.java b/certService/src/main/java/org/onap/oom/certservice/certification/CertificationModelFactory.java
index a5076a38..dddeb2d3 100644
--- a/certService/src/main/java/org/onap/oom/certservice/certification/CertificationModelFactory.java
+++ b/certService/src/main/java/org/onap/oom/certservice/certification/CertificationModelFactory.java
@@ -99,7 +99,7 @@ public class CertificationModelFactory {
} else {
LOGGER.info(
"Certificate Signing Request and Old Certificate have different parameters. Preparing Certification Request");
- throw new UnsupportedOperationException("TODO: implement CR in separate MR");
+ return certificationProvider.certificationRequest(csrModel, cmpv2Server);
}
}
}
diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/CertificationProvider.java b/certService/src/main/java/org/onap/oom/certservice/certification/CertificationProvider.java
index bfa83103..17e23e39 100644
--- a/certService/src/main/java/org/onap/oom/certservice/certification/CertificationProvider.java
+++ b/certService/src/main/java/org/onap/oom/certservice/certification/CertificationProvider.java
@@ -67,6 +67,12 @@ public class CertificationProvider {
convertFromX509CertificateListToPemList(certificates.getTrustedCertificates()));
}
+ public CertificationModel certificationRequest(CsrModel csrModel, Cmpv2Server cmpv2Server) throws CmpClientException {
+ Cmpv2CertificationModel certificates = cmpClient.certificationRequest(csrModel, cmpv2Server);
+ return new CertificationModel(convertFromX509CertificateListToPemList(certificates.getCertificateChain()),
+ convertFromX509CertificateListToPemList(certificates.getTrustedCertificates()));
+ }
+
private static List<String> convertFromX509CertificateListToPemList(List<X509Certificate> certificates) {
return certificates.stream().map(CertificationProvider::convertFromX509CertificateToPem).filter(cert -> !cert.isEmpty())
.collect(Collectors.toList());
diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/api/CmpClient.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/api/CmpClient.java
index 5ded3056..88c73c04 100644
--- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/api/CmpClient.java
+++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/api/CmpClient.java
@@ -88,4 +88,17 @@ public interface CmpClient {
*/
Cmpv2CertificationModel updateCertificate(CsrModel csrModel, Cmpv2Server cmpv2Server,
CertificateUpdateModel certificateUpdateModel) throws CmpClientException;
+
+ /**
+ * Requests for an additional External Root CA Certificate to be created for the passed keyPair wrapped
+ * in a CSRMeta with common details. Basic Authentication using IAK/RV, Verification of the signature
+ * (proof-of-possession) on the request is performed and an Exception thrown if verification fails
+ * or issue encountered in fetching certificate from CA.
+ *
+ * @param csrModel Certificate Signing Request Model. Must not be {@code null}.
+ * @param cmpv2Server CMPv2 server. Must not be {@code null}.
+ * @return model for certification containing certificate chain and trusted certificates
+ * @throws CmpClientException if client error occurs.
+ */
+ Cmpv2CertificationModel certificationRequest(CsrModel csrModel, Cmpv2Server cmpv2Server) throws CmpClientException;
}
diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java
index 270b5995..549cf6b9 100644
--- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java
+++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java
@@ -93,18 +93,7 @@ public class CmpClientImpl implements CmpClient {
throws CmpClientException {
validate(csrModel, server, httpClient, notBefore, notAfter);
-
- final String iak = server.getAuthentication().getIak();
- final PkiMessageProtection pkiMessageProtection = new PasswordBasedProtection(iak);
- final CreateCertRequest certRequest =
- getCmpMessageBuilderWithCommonRequestValues(csrModel, server)
- .with(CreateCertRequest::setNotBefore, notBefore)
- .with(CreateCertRequest::setNotAfter, notAfter)
- .with(CreateCertRequest::setSenderKid, server.getAuthentication().getRv())
- .with(CreateCertRequest::setCmpRequestType, PKIBody.TYPE_INIT_REQ)
- .with(CreateCertRequest::setProtection, pkiMessageProtection)
- .build();
-
+ final CreateCertRequest certRequest = getIakRvRequest(csrModel, server, notBefore, notAfter, PKIBody.TYPE_INIT_REQ);
return executeCmpRequest(csrModel, server, certRequest);
}
@@ -131,6 +120,32 @@ public class CmpClientImpl implements CmpClient {
}
+ @Override
+ public Cmpv2CertificationModel certificationRequest(CsrModel csrModel, Cmpv2Server cmpv2Server) throws CmpClientException {
+
+ validate(csrModel, cmpv2Server, httpClient, null, null);
+ final CreateCertRequest certRequest = getIakRvRequest(csrModel, cmpv2Server, null, null, PKIBody.TYPE_CERT_REQ);
+ return executeCmpRequest(csrModel, cmpv2Server, certRequest);
+ }
+
+ private CreateCertRequest getIakRvRequest(
+ CsrModel csrModel,
+ Cmpv2Server server,
+ Date notBefore,
+ Date notAfter,
+ int requestType) {
+
+ final String iak = server.getAuthentication().getIak();
+ final PkiMessageProtection pkiMessageProtection = new PasswordBasedProtection(iak);
+ return getCmpMessageBuilderWithCommonRequestValues(csrModel, server)
+ .with(CreateCertRequest::setNotBefore, notBefore)
+ .with(CreateCertRequest::setNotAfter, notAfter)
+ .with(CreateCertRequest::setSenderKid, server.getAuthentication().getRv())
+ .with(CreateCertRequest::setCmpRequestType, requestType)
+ .with(CreateCertRequest::setProtection, pkiMessageProtection)
+ .build();
+ }
+
private Cmpv2CertificationModel executeCmpRequest(CsrModel csrModel, Cmpv2Server cmpv2Server,
CreateCertRequest certRequest) throws CmpClientException {
final PKIMessage pkiMessage = certRequest.generateCertReq();