Merge "[OOM-CERT-SERVICE] Refactor CertService API code"

6 files changed, 136 insertions, 55 deletions

diff --git a/certService/src/test/java/org/onap/oom/certservice/certification/conversion/CsrModelFactoryTest.java b/certService/src/test/java/org/onap/oom/certservice/certification/conversion/CsrModelFactoryTest.java
index 26624867..54508e4b 100644
--- a/certService/src/test/java/org/onap/oom/certservice/certification/conversion/CsrModelFactoryTest.java
+++ b/certService/src/test/java/org/onap/oom/certservice/certification/conversion/CsrModelFactoryTest.java
@@ -2,7 +2,7 @@
  * ============LICENSE_START=======================================================
  * Cert Service
  * ================================================================================
- * Copyright (C) 2020 Nokia. All rights reserved.
+ * Copyright (C) 2020-2021 Nokia. All rights reserved.
  * ================================================================================
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,13 +20,6 @@
 
 package org.onap.oom.certservice.certification.conversion;
 
-import static org.junit.jupiter.api.Assertions.assertThrows;
-import static org.junit.jupiter.api.Assertions.assertTrue;
-import static org.onap.oom.certservice.certification.TestData.TEST_CSR;
-import static org.onap.oom.certservice.certification.TestData.TEST_PK;
-import static org.onap.oom.certservice.certification.TestData.TEST_WRONG_CSR;
-import static org.onap.oom.certservice.certification.TestData.TEST_WRONG_PEM;
-
 import org.bouncycastle.util.encoders.Base64;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
@@ -36,6 +29,13 @@ import org.onap.oom.certservice.certification.exception.DecryptionException;
 import org.onap.oom.certservice.certification.exception.KeyDecryptionException;
 import org.onap.oom.certservice.certification.model.CsrModel;
 
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.onap.oom.certservice.certification.TestData.TEST_CSR;
+import static org.onap.oom.certservice.certification.TestData.TEST_PK;
+import static org.onap.oom.certservice.certification.TestData.TEST_WRONG_CSR;
+import static org.onap.oom.certservice.certification.TestData.TEST_WRONG_PEM;
+
 
 class CsrModelFactoryTest {
 
@@ -58,7 +58,6 @@ class CsrModelFactoryTest {
 
         assertTrue(decryptedCsr.toString()
             .contains(TestData.EXPECTED_CERT_SUBJECT));
-        System.out.println(decryptedCsr.toString());
         assertTrue(decryptedCsr.toString()
             .contains(TestData.EXPECTED_CERT_SANS));
     }
diff --git a/certService/src/test/java/org/onap/oom/certservice/certification/conversion/StringBase64ToPrivateKeyConverterTest.java b/certService/src/test/java/org/onap/oom/certservice/certification/conversion/StringBase64ToPrivateKeyConverterTest.java
new file mode 100644
index 00000000..7a722b2c
--- /dev/null
+++ b/certService/src/test/java/org/onap/oom/certservice/certification/conversion/StringBase64ToPrivateKeyConverterTest.java
@@ -0,0 +1,89 @@
+/*-
+ * ============LICENSE_START=======================================================
+ *  Copyright (C) 2021 Nokia.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.oom.certservice.certification.conversion;
+
+import org.bouncycastle.util.encoders.Base64;
+import org.junit.jupiter.api.Test;
+import org.onap.oom.certservice.certification.exception.KeyDecryptionException;
+
+import java.security.PrivateKey;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.onap.oom.certservice.certification.TestData.TEST_PEM;
+import static org.onap.oom.certservice.certification.TestData.TEST_PK;
+
+class StringBase64ToPrivateKeyConverterTest {
+
+    private static final String RSA = "RSA";
+    public static final String PKCS_8 = "PKCS#8";
+
+    @Test
+    void shouldUseProperAlgorithmWhenConverting() throws KeyDecryptionException {
+        // Given
+        StringBase64ToPrivateKeyConverter stringBase64ToPrivateKeyConverter = new StringBase64ToPrivateKeyConverter();
+        String encodedPK = new String(Base64.encode(TEST_PK.getBytes()));
+        // When
+        PrivateKey privateKey = stringBase64ToPrivateKeyConverter.convert(new StringBase64(encodedPK));
+        // Then
+        assertEquals(RSA, privateKey.getAlgorithm());
+    }
+
+    @Test
+    void shouldUsePkcs8FormatWhenConverting() throws KeyDecryptionException {
+        // Given
+        StringBase64ToPrivateKeyConverter stringBase64ToPrivateKeyConverter = new StringBase64ToPrivateKeyConverter();
+        String encodedPK = new String(Base64.encode(TEST_PK.getBytes()));
+        // When
+        PrivateKey privateKey = stringBase64ToPrivateKeyConverter.convert(new StringBase64(encodedPK));
+        // Then
+        assertEquals(PKCS_8, privateKey.getFormat());
+    }
+
+    @Test
+    void shouldCorrectlyConvertWhenPrivateKeyPemIsProper() throws KeyDecryptionException {
+        // Given
+        StringBase64ToPrivateKeyConverter stringBase64ToPrivateKeyConverter = new StringBase64ToPrivateKeyConverter();
+        String encodedPK = new String(Base64.encode(TEST_PK.getBytes()));
+        // When
+        PrivateKey privateKey = stringBase64ToPrivateKeyConverter.convert(new StringBase64(encodedPK));
+        // Then
+        assertNotNull(privateKey.getEncoded());
+    }
+
+    @Test
+    void shouldThrowExceptionWhenPrivateKeyPemIsNotProperPrivateKey() {
+        // Given
+        StringBase64ToPrivateKeyConverter stringBase64ToPrivateKeyConverter = new StringBase64ToPrivateKeyConverter();
+        StringBase64 privateKey = new StringBase64(TEST_PEM);
+        // When
+        Exception exception = assertThrows(
+                KeyDecryptionException.class, () -> stringBase64ToPrivateKeyConverter.convert(privateKey));
+
+        String expectedMessage = "Incorrect Key, decryption failed";
+        String actualMessage = exception.getMessage();
+        // Then
+        assertTrue(actualMessage.contains(expectedMessage));
+    }
+
+}
diff --git a/certService/src/test/java/org/onap/oom/certservice/certification/model/CsrModelTest.java b/certService/src/test/java/org/onap/oom/certservice/certification/model/CsrModelTest.java
index 72837e56..c3bd4d78 100644
--- a/certService/src/test/java/org/onap/oom/certservice/certification/model/CsrModelTest.java
+++ b/certService/src/test/java/org/onap/oom/certservice/certification/model/CsrModelTest.java
@@ -2,7 +2,7 @@
  * ============LICENSE_START=======================================================
  * PROJECT
  * ================================================================================
- * Copyright (C) 2020 Nokia. All rights reserved.
+ * Copyright (C) 2020-2021 Nokia. All rights reserved.
  * ================================================================================
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,21 +20,26 @@
 
 package org.onap.oom.certservice.certification.model;
 
-import java.util.Arrays;
-import java.util.List;
-import java.util.stream.Collectors;
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
 import org.bouncycastle.pkcs.PKCS10CertificationRequest;
 import org.bouncycastle.util.io.pem.PemObject;
 import org.junit.jupiter.api.Test;
-import org.onap.oom.certservice.certification.conversion.Pkcs10CertificationRequestFactory;
-import org.onap.oom.certservice.certification.conversion.PemObjectFactory;
 import org.onap.oom.certservice.certification.TestData;
+import org.onap.oom.certservice.certification.conversion.PemObjectFactory;
+import org.onap.oom.certservice.certification.conversion.Pkcs10CertificationRequestFactory;
 import org.onap.oom.certservice.certification.exception.CsrDecryptionException;
 import org.onap.oom.certservice.certification.exception.DecryptionException;
 import org.onap.oom.certservice.certification.exception.KeyDecryptionException;
 
 import java.io.IOException;
+import java.security.KeyFactory;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.util.Arrays;
+import java.util.List;
+import java.util.stream.Collectors;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.junit.jupiter.api.Assertions.assertThrows;
@@ -57,7 +62,7 @@ class CsrModelTest {
     @Test
     void shouldByConstructedAndReturnProperFields() throws DecryptionException, IOException {
         // Given
-        PemObject testPrivateKey = getPemPrivateKey();
+        PrivateKey testPrivateKey = getPemPrivateKey();
         PemObject testPublicKey = generateTestPublicKey();
         PKCS10CertificationRequest testCsr = generateTestCertificationRequest();
 
@@ -70,7 +75,7 @@ class CsrModelTest {
         assertThat(csrModel.getCsr())
             .isEqualTo(testCsr);
         assertThat(csrModel.getPrivateKey().getEncoded())
-            .contains(testPrivateKey.getContent());
+            .isEqualTo(testPrivateKey.getEncoded());
         assertThat(csrModel.getPublicKey().getEncoded())
             .contains(testPublicKey.getContent());
         assertThat(sansList)
@@ -84,7 +89,7 @@ class CsrModelTest {
     @Test
     void shouldThrowExceptionWhenPublicKeyIsNotCorrect() throws DecryptionException, IOException {
         // Given
-        PemObject testPrivateKey = getPemPrivateKey();
+        PrivateKey testPrivateKey = getPemPrivateKey();
         PKCS10CertificationRequest testCsr = mock(PKCS10CertificationRequest.class);
         SubjectPublicKeyInfo wrongKryInfo = mock(SubjectPublicKeyInfo.class);
         when(testCsr.getSubjectPublicKeyInfo())
@@ -106,33 +111,9 @@ class CsrModelTest {
     }
 
     @Test
-    void shouldThrowExceptionWhenPrivateKeyPemIsNotProperPrivateKey() throws KeyDecryptionException, IOException {
-        // Given
-        PemObject testPrivateKey = getPemWrongKey();
-        PKCS10CertificationRequest testCsr = mock(PKCS10CertificationRequest.class);
-        SubjectPublicKeyInfo wrongKryInfo = mock(SubjectPublicKeyInfo.class);
-        when(testCsr.getSubjectPublicKeyInfo())
-            .thenReturn(wrongKryInfo);
-        when(wrongKryInfo.getEncoded())
-            .thenThrow(new IOException());
-
-        // When
-        Exception exception = assertThrows(
-            KeyDecryptionException.class,
-            () -> new CsrModel.CsrModelBuilder(testCsr, testPrivateKey).build()
-        );
-
-        String expectedMessage = "Converting Private Key failed";
-        String actualMessage = exception.getMessage();
-
-        // Then
-        assertTrue(actualMessage.contains(expectedMessage));
-    }
-
-    @Test
     void shouldThrowExceptionWhenPublicKeyPemIsNotProperPublicKey() throws KeyDecryptionException, IOException {
         // Given
-        PemObject testPrivateKey = getPemPrivateKey();
+        PrivateKey testPrivateKey = getPemPrivateKey();
         PemObject testPublicKey = getPemWrongKey();
         PKCS10CertificationRequest testCsr = mock(PKCS10CertificationRequest.class);
         SubjectPublicKeyInfo wrongKryInfo = mock(SubjectPublicKeyInfo.class);
@@ -154,11 +135,12 @@ class CsrModelTest {
         assertTrue(actualMessage.contains(expectedMessage));
     }
 
-    private PemObject getPemPrivateKey() throws KeyDecryptionException {
+    private PrivateKey getPemPrivateKey() throws KeyDecryptionException {
         PemObjectFactory pemObjectFactory = new PemObjectFactory();
-        return pemObjectFactory.createPemObject(TEST_PK).orElseThrow(
-            () -> new KeyDecryptionException("Private key decoding fail")
+        PemObject pemObject = pemObjectFactory.createPemObject(TEST_PK).orElseThrow(
+                () -> new KeyDecryptionException("Private key decoding fail")
         );
+        return convertToPrivateKey(pemObject);
     }
 
     private PemObject getPemWrongKey() throws KeyDecryptionException {
@@ -172,7 +154,7 @@ class CsrModelTest {
         PemObject testPrivateKey = pemObjectFactory.createPemObject(TEST_PK).orElseThrow(
             () -> new DecryptionException("Incorrect Private Key, decryption failed")
         );
-        return new CsrModel.CsrModelBuilder(testCsr, testPrivateKey).build();
+        return new CsrModel.CsrModelBuilder(testCsr, convertToPrivateKey(testPrivateKey)).build();
     }
 
     private PemObject generateTestPublicKey() throws DecryptionException, IOException {
@@ -189,4 +171,15 @@ class CsrModelTest {
             );
     }
 
+    private PrivateKey convertToPrivateKey(PemObject privateKey)
+            throws KeyDecryptionException {
+        try {
+            KeyFactory factory = KeyFactory.getInstance("RSA");
+            PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(privateKey.getContent());
+            return factory.generatePrivate(keySpec);
+        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
+            throw new KeyDecryptionException("Converting Private Key failed", e.getCause());
+        }
+    }
+
 }
diff --git a/certService/src/test/java/org/onap/oom/certservice/cmpv2client/impl/PasswordBasedProtectionTest.java b/certService/src/test/java/org/onap/oom/certservice/cmpv2client/impl/protections/PasswordBasedProtectionTest.java
index b280a2e6..c249fab7 100644
--- a/certService/src/test/java/org/onap/oom/certservice/cmpv2client/impl/PasswordBasedProtectionTest.java
+++ b/certService/src/test/java/org/onap/oom/certservice/cmpv2client/impl/protections/PasswordBasedProtectionTest.java
@@ -18,7 +18,7 @@
  * ============LICENSE_END=========================================================
  */
 
-package org.onap.oom.certservice.cmpv2client.impl;
+package org.onap.oom.certservice.cmpv2client.impl.protections;
 
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.DERBitString;
@@ -44,8 +44,8 @@ import java.security.Security;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertTrue;
-import static org.onap.oom.certservice.cmpv2client.impl.PkiTestUtils.getProtectedPkiMessage;
-import static org.onap.oom.certservice.cmpv2client.impl.PkiTestUtils.getTestPkiHeader;
+import static org.onap.oom.certservice.cmpv2client.impl.protections.PkiTestUtils.getProtectedPkiMessage;
+import static org.onap.oom.certservice.cmpv2client.impl.protections.PkiTestUtils.getTestPkiHeader;
 
 class PasswordBasedProtectionTest {
 
diff --git a/certService/src/test/java/org/onap/oom/certservice/cmpv2client/impl/PkiTestUtils.java b/certService/src/test/java/org/onap/oom/certservice/cmpv2client/impl/protections/PkiTestUtils.java
index 7f7df455..74af51c1 100644
--- a/certService/src/test/java/org/onap/oom/certservice/cmpv2client/impl/PkiTestUtils.java
+++ b/certService/src/test/java/org/onap/oom/certservice/cmpv2client/impl/protections/PkiTestUtils.java
@@ -18,7 +18,7 @@
  * ============LICENSE_END=========================================================
  */
 
-package org.onap.oom.certservice.cmpv2client.impl;
+package org.onap.oom.certservice.cmpv2client.impl.protections;
 
 import org.bouncycastle.asn1.DERBitString;
 import org.bouncycastle.asn1.DERGeneralizedTime;
diff --git a/certService/src/test/java/org/onap/oom/certservice/cmpv2client/impl/SignatureProtectionTest.java b/certService/src/test/java/org/onap/oom/certservice/cmpv2client/impl/protections/SignatureProtectionTest.java
index ba382c42..a97a3c6e 100644
--- a/certService/src/test/java/org/onap/oom/certservice/cmpv2client/impl/SignatureProtectionTest.java
+++ b/certService/src/test/java/org/onap/oom/certservice/cmpv2client/impl/protections/SignatureProtectionTest.java
@@ -18,7 +18,7 @@
  * ============LICENSE_END=========================================================
  */
 
-package org.onap.oom.certservice.cmpv2client.impl;
+package org.onap.oom.certservice.cmpv2client.impl.protections;
 
 import org.bouncycastle.asn1.DERBitString;
 import org.bouncycastle.asn1.cmp.PKIBody;
@@ -42,9 +42,9 @@ import java.security.Security;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertTrue;
-import static org.onap.oom.certservice.cmpv2client.impl.PkiTestUtils.getProtectedPkiMessage;
-import static org.onap.oom.certservice.cmpv2client.impl.PkiTestUtils.getTestPkiBody;
-import static org.onap.oom.certservice.cmpv2client.impl.PkiTestUtils.getTestPkiHeader;
+import static org.onap.oom.certservice.cmpv2client.impl.protections.PkiTestUtils.getProtectedPkiMessage;
+import static org.onap.oom.certservice.cmpv2client.impl.protections.PkiTestUtils.getTestPkiBody;
+import static org.onap.oom.certservice.cmpv2client.impl.protections.PkiTestUtils.getTestPkiHeader;
 
 class SignatureProtectionTest {