Create adapter for Cmpv2Client

connected-with: https://gerrit.onap.org/r/c/aaf/certservice/+/102401

Issue-ID: AAF-997
Signed-off-by: Bartosz Gardziejewski <bartosz.gardziejewski@nokia.com>
Signed-off-by: Tomasz Golabek <tomasz.golabek@nokia.com>
Change-Id: Ieb85cd9c93f7a5470fca37a9de4bead3c543199a

2 files changed, 285 insertions, 0 deletions

diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/CSRMetaBuilderTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/CSRMetaBuilderTest.java
new file mode 100644
index 00000000..165c9ec1
--- /dev/null
+++ b/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/CSRMetaBuilderTest.java
@@ -0,0 +1,100 @@
+/*
+ * ============LICENSE_START=======================================================
+ * AAF Certification Service
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.aaf.certservice.certification.adapter;
+
+import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.pkcs.PKCS10CertificationRequest;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.onap.aaf.certservice.certification.configuration.model.Authentication;
+import org.onap.aaf.certservice.certification.configuration.model.CaMode;
+import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server;
+import org.onap.aaf.certservice.certification.model.CsrModel;
+import org.onap.aaf.certservice.cmpv2client.external.CSRMeta;
+
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+public class CSRMetaBuilderTest {
+
+    private CSRMetaBuilder csrMetaBuilder;
+
+    private static final String TEST_CA = "testCA";
+    private static final X500Name TEST_SUBJECT_DATA = new X500Name("CN=testIssuer");
+
+    @BeforeEach
+    void setUp() {
+        csrMetaBuilder = new CSRMetaBuilder();
+    }
+
+    @Test
+    void shouldBuildCsrMetaWhenGivenCsrModelAndCmpv2ServerAreCorrect() {
+        // Given
+        CsrModel testCsrModel = mock(CsrModel.class);
+        Cmpv2Server testServer = createTestServer();
+
+        PKCS10CertificationRequest certificationRequest = mock(PKCS10CertificationRequest.class);
+        when(testCsrModel.getCsr()).thenReturn(certificationRequest);
+        PrivateKey mockPrivateKey = mock(PrivateKey.class);
+        when(testCsrModel.getPrivateKey()).thenReturn(mockPrivateKey);
+        PublicKey mockPublicKey = mock(PublicKey.class);
+        when(testCsrModel.getPublicKey()).thenReturn(mockPublicKey);
+        List<String> testSans = Arrays.asList("SAN01","SAN02");
+        when(testCsrModel.getSans()).thenReturn(testSans);
+
+        when(testCsrModel.getSubjectData()).thenReturn(TEST_SUBJECT_DATA);
+
+        // When
+        CSRMeta createdCSRMeta = csrMetaBuilder.build(testCsrModel, testServer);
+
+        // Then
+        assertThat(createdCSRMeta.password()).isEqualTo(testServer.getAuthentication().getIak());
+        assertThat(createdCSRMeta.senderKid()).isEqualTo(testServer.getAuthentication().getRv());
+        assertThat(createdCSRMeta.caUrl()).isEqualTo(testServer.getUrl());
+        assertThat(createdCSRMeta.sans()).containsAll(testSans);
+        assertThat(createdCSRMeta.keyPair().getPrivate()).isEqualTo(mockPrivateKey);
+        assertThat(createdCSRMeta.keyPair().getPublic()).isEqualTo(mockPublicKey);
+        assertThat(createdCSRMeta.x500Name()).isEqualTo(TEST_SUBJECT_DATA);
+        assertThat(createdCSRMeta.issuerx500Name()).isEqualTo(TEST_SUBJECT_DATA);
+    }
+
+    private Cmpv2Server createTestServer() {
+        Cmpv2Server testServer = new Cmpv2Server();
+        testServer.setCaName(TEST_CA);
+        testServer.setIssuerDN(TEST_SUBJECT_DATA);
+        testServer.setUrl("http://test.ca.server");
+        Authentication testAuthentication = new Authentication();
+        testAuthentication.setIak("testIak");
+        testAuthentication.setRv("testRv");
+        testServer.setAuthentication(testAuthentication);
+        testServer.setCaMode(CaMode.RA);
+
+        return testServer;
+    }
+
+}
diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapterTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapterTest.java
new file mode 100644
index 00000000..296f63cd
--- /dev/null
+++ b/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapterTest.java
@@ -0,0 +1,185 @@
+/*
+ * ============LICENSE_START=======================================================
+ * Cert Service
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.aaf.certservice.certification.adapter;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.StringWriter;
+import java.nio.charset.StandardCharsets;
+import java.security.NoSuchProviderException;
+import java.security.PrivateKey;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+import java.util.Objects;
+import org.apache.commons.io.IOUtils;
+import org.bouncycastle.asn1.x509.Certificate;
+import org.bouncycastle.cert.X509CertificateHolder;
+import org.bouncycastle.cert.X509v3CertificateBuilder;
+import org.bouncycastle.operator.ContentSigner;
+import org.bouncycastle.operator.OperatorCreationException;
+import org.bouncycastle.pkcs.PKCS10CertificationRequest;
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.Test;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.Mockito;
+import org.onap.aaf.certservice.certification.configuration.model.CaMode;
+import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server;
+import org.onap.aaf.certservice.certification.exception.Cmpv2ClientAdapterException;
+import org.onap.aaf.certservice.certification.model.CertificationModel;
+import org.onap.aaf.certservice.certification.model.CsrModel;
+import org.onap.aaf.certservice.cmpv2client.api.CmpClient;
+import org.onap.aaf.certservice.cmpv2client.exceptions.CmpClientException;
+import org.onap.aaf.certservice.cmpv2client.external.CSRMeta;
+import org.springframework.boot.test.context.SpringBootTest;
+
+@SpringBootTest
+class Cmpv2ClientAdapterTest {
+
+    @Mock
+    private CmpClient cmpClient;
+    @Mock
+    private CsrModel csrModel;
+    @Mock
+    private Cmpv2Server server;
+    @Mock
+    private RSAContentSignerBuilder rsaContentSignerBuilder;
+    @Mock
+    private X509CertificateBuilder x509CertificateBuilder;
+    @Mock
+    private PKCS10CertificationRequest csr;
+    @Mock
+    private PrivateKey privateKey;
+    @Mock
+    private X509v3CertificateBuilder x509V3CertificateBuilder;
+    @Mock
+    private ContentSigner contentSigner;
+    @Mock
+    private X509CertificateHolder holder;
+    @Mock
+    private Certificate asn1Certificate;
+    @Mock
+    private X509Certificate certificate;
+    @Mock
+    private CertificateFactoryProvider certificateFactoryProvider;
+    @Mock
+    private CSRMetaBuilder csrMetaBuilder;
+    @Mock
+    private CSRMeta csrMeta;
+
+    @InjectMocks
+    private Cmpv2ClientAdapter adapter;
+
+    private static final CaMode CA_MODEL = CaMode.CLIENT;
+    private static final String TEST_MSG = "Test";
+
+    @Test
+    void adapterShouldRethrowClientExceptionOnFailure()
+            throws CmpClientException, IOException, OperatorCreationException, CertificateException,
+                           NoSuchProviderException {
+        // Given
+        stubInternalProperties();
+
+        // When
+        Mockito.when(cmpClient.createCertificate(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any()))
+                .thenThrow(new CmpClientException(TEST_MSG));
+
+        // Then
+        Assertions.assertThrows(CmpClientException.class, () -> adapter.callCmpClient(csrModel, server));
+    }
+
+    @Test
+    void shouldConvertToCertificationModel()
+            throws OperatorCreationException, CertificateException, NoSuchProviderException, IOException,
+                           CmpClientException, Cmpv2ClientAdapterException {
+        // Given
+        stubInternalProperties();
+
+        // When
+        Mockito.when(cmpClient.createCertificate(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any()))
+                .thenReturn(createCorrectClientResponse());
+        CertificationModel certificationModel = adapter.callCmpClient(csrModel, server);
+
+        // Then
+        InputStream certificate = getClass().getClassLoader().getResourceAsStream("certificateModelChain.first");
+        InputStream trustedCertificate =
+                getClass().getClassLoader().getResourceAsStream("trustedCertificatesModel.first");
+        String certificateModel = removeLineEndings(certificationModel.getCertificateChain().get(0));
+        String expectedCertificate =
+                removeLineEndings(IOUtils.toString(Objects.requireNonNull(certificate), StandardCharsets.UTF_8));
+        String trustedCertificateModel = removeLineEndings(certificationModel.getTrustedCertificates().get(0));
+        String expectedTrustedCertificate =
+                removeLineEndings(IOUtils.toString(Objects.requireNonNull(trustedCertificate), StandardCharsets.UTF_8));
+
+        Assertions.assertEquals(certificateModel, expectedCertificate);
+        Assertions.assertEquals(trustedCertificateModel, expectedTrustedCertificate);
+    }
+
+    @Test
+    void adapterShouldThrowClientAdapterExceptionOnFailure()
+            throws OperatorCreationException, CertificateException, NoSuchProviderException, IOException,
+                           CmpClientException {
+        // Given
+        stubInternalProperties();
+
+        // When
+        Mockito.when(cmpClient.createCertificate(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any()))
+                .thenReturn(createCorrectClientResponse());
+        Mockito.when(certificateFactoryProvider.generateCertificate(Mockito.any()))
+                .thenThrow(new CertificateException(TEST_MSG));
+
+        // Then
+        Assertions.assertThrows(Cmpv2ClientAdapterException.class, () -> adapter.callCmpClient(csrModel, server));
+    }
+
+    private List<List<X509Certificate>> createCorrectClientResponse()
+            throws CertificateException, NoSuchProviderException {
+        InputStream certificateChain = getClass().getClassLoader().getResourceAsStream("certificateChain.first");
+        InputStream trustedCertificate = getClass().getClassLoader().getResourceAsStream("trustedCertificates.first");
+        X509Certificate x509Certificate = new CertificateFactoryProvider().generateCertificate(certificateChain);
+        X509Certificate x509TrustedCertificate =
+                new CertificateFactoryProvider().generateCertificate(trustedCertificate);
+        return Arrays.asList(Collections.singletonList(x509Certificate),
+                Collections.singletonList(x509TrustedCertificate));
+    }
+
+    private String removeLineEndings(String string) {
+        return string.replace("\n", "").replace("\r", "");
+    }
+
+    private void stubInternalProperties()
+            throws IOException, OperatorCreationException, CertificateException, NoSuchProviderException {
+        Mockito.when(server.getCaMode()).thenReturn(CA_MODEL);
+        Mockito.when(csrModel.getCsr()).thenReturn(csr);
+        Mockito.when(csrModel.getPrivateKey()).thenReturn(privateKey);
+        Mockito.when(x509CertificateBuilder.build(csr)).thenReturn(x509V3CertificateBuilder);
+        Mockito.when(rsaContentSignerBuilder.build(csr, privateKey)).thenReturn(contentSigner);
+        Mockito.when(x509V3CertificateBuilder.build(contentSigner)).thenReturn(holder);
+        Mockito.when(holder.toASN1Structure()).thenReturn(asn1Certificate);
+        Mockito.when(certificateFactoryProvider.generateCertificate(Mockito.any())).thenReturn(certificate);
+        Mockito.when(holder.toASN1Structure().getEncoded()).thenReturn("".getBytes());
+        Mockito.when(csrMetaBuilder.build(csrModel, server)).thenReturn(csrMeta);
+    }
+
+}