diff options
author | 2020-07-29 16:01:27 +0200 | |
---|---|---|
committer | 2020-08-05 14:18:54 +0200 | |
commit | b8c4e6867d6b26652f4382e93665c220769cdc9f (patch) | |
tree | bb60a44b012731e3ee6fdffe2466f5ed7d6b5c7b /certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PemConverter.java | |
parent | fc31c9e47b3e08f8914dcd1f0c5b6d18aa625567 (diff) |
Removing AAF references from Cert-Service in OOM repo.
Certificates regenerated
External files (from legacy AAF) removed
Still left:
* Sonar link,
* Link to documentation,
* Names of K8s resources in RTD documentation,
* Link to CSITs
Issue-ID: OOM-2526
Signed-off-by: Pawel Baniewski <pawel.baniewski@nokia.com>
Change-Id: I675f7485160b9b8e46e9ea573550e62ed28ca607
Diffstat (limited to 'certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PemConverter.java')
-rw-r--r-- | certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PemConverter.java | 138 |
1 files changed, 0 insertions, 138 deletions
diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PemConverter.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PemConverter.java deleted file mode 100644 index 5e82c177..00000000 --- a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PemConverter.java +++ /dev/null @@ -1,138 +0,0 @@ -/*============LICENSE_START======================================================= - * aaf-certservice-client - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aaf.certservice.client.certification.conversion; - -import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.openssl.PEMParser; -import org.onap.aaf.certservice.client.certification.exception.PemConversionException; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.StringReader; -import java.security.KeyStore; -import java.security.KeyStore.LoadStoreParameter; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.PrivateKey; -import java.security.cert.Certificate; -import java.security.cert.CertificateException; -import java.util.List; -import java.util.Optional; - -class PemConverter { - - private static final Logger LOGGER = LoggerFactory.getLogger(PemConverter.class); - private static final String PASSWORD_ERROR_MSG = "Password should be min. 16 chars long and should contain only alphanumeric characters and special characters like Underscore (_), Dollar ($) and Pound (#)"; - private static final LoadStoreParameter EMPTY_KEYSTORE_CONFIGURATION = null; - private final String keyStoreType; - - public PemConverter(String keyStoreType) { - this.keyStoreType = keyStoreType; - } - - byte[] convertKeystore(List<String> certificateChain, Password password, String alias, PrivateKey privateKey) - throws PemConversionException { - LOGGER.info("Conversion of PEM certificates to " + keyStoreType + " keystore"); - return convert(certificateChain, password, certs -> getKeyStore(alias, password, certs, privateKey)); - } - - byte[] convertTruststore(List<String> trustAnchors, Password password, String alias) - throws PemConversionException { - LOGGER.info("Conversion of PEM certificates to " + keyStoreType + " truststore"); - return convert(trustAnchors, password, certs -> getTrustStore(alias, certs)); - } - - private byte[] convert(List<String> certificates, Password password, StoreEntryOperation operation) - throws PemConversionException { - checkPassword(password); - final Certificate[] X509Certificates = convertToCertificateArray(certificates); - return getKeyStoreBytes(password, operation, X509Certificates); - } - - private void checkPassword(Password password) throws PemConversionException { - if (!password.isCorrectPasswordPattern()) { - LOGGER.error(PASSWORD_ERROR_MSG); - throw new PemConversionException(PASSWORD_ERROR_MSG); - } - } - - private byte[] getKeyStoreBytes(Password password, StoreEntryOperation op, Certificate[] x509Certificates) - throws PemConversionException { - try (ByteArrayOutputStream bos = new ByteArrayOutputStream()) { - KeyStore ks = op.getStore(x509Certificates); - ks.store(bos, password.toCharArray()); - return bos.toByteArray(); - } catch (IOException | CertificateException | NoSuchAlgorithmException | KeyStoreException e) { - LOGGER.error("Pem to " + keyStoreType + " converter failed, exception message: {}", e.getMessage()); - throw new PemConversionException(e); - } - } - - private KeyStore getKeyStore(String alias, Password password, Certificate[] certificates, PrivateKey privateKey) - throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException { - KeyStore ks = getKeyStoreInstance(); - ks.setKeyEntry(alias, privateKey, password.toCharArray(), certificates); - return ks; - } - - private KeyStore getTrustStore(String alias, Certificate[] certificates) - throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException { - KeyStore ks = getKeyStoreInstance(); - long index = 1L; - for (Certificate c : certificates) { - ks.setCertificateEntry(alias + index++, c); - } - return ks; - } - - private KeyStore getKeyStoreInstance() - throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException { - KeyStore ks = KeyStore.getInstance(keyStoreType); - ks.load(EMPTY_KEYSTORE_CONFIGURATION); - return ks; - } - - private Certificate[] convertToCertificateArray(List<String> certificates) - throws PemConversionException { - Certificate[] parsedCertificates = new Certificate[certificates.size()]; - for (String certificate : certificates) { - parsedCertificates[certificates.indexOf(certificate)] = parseCertificate(certificate); - } - return parsedCertificates; - } - - private Certificate parseCertificate(String certificate) throws PemConversionException { - try (PEMParser pem = new PEMParser(new StringReader(certificate))) { - X509CertificateHolder certHolder = Optional.ofNullable((X509CertificateHolder) pem.readObject()) - .orElseThrow( - () -> new PemConversionException("The certificate couldn't be parsed correctly. " + certificate)); - return new JcaX509CertificateConverter() - .setProvider(new BouncyCastleProvider()) - .getCertificate(certHolder); - } catch (IOException | CertificateException e) { - LOGGER.error("Certificates conversion failed, exception message: {}", e.getMessage()); - throw new PemConversionException(e); - } - } -} |