summaryrefslogtreecommitdiffstats
path: root/certServiceClient/src/main
diff options
context:
space:
mode:
authorPiotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>2020-06-17 14:54:51 +0200
committerPiotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>2020-06-19 10:13:08 +0200
commit0b278343630c1e3c7c92b3e5094570748692666e (patch)
tree7f859bedb889dfb46685e7ea71865fb3f62aff31 /certServiceClient/src/main
parent212038b654728b79aa647e08da2562484c63c883 (diff)
Add creation JKS artifact
Issue-ID: AAF-1152 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: I8b38dc07ddbf6758e0c4c036100572b350dceab9
Diffstat (limited to 'certServiceClient/src/main')
-rw-r--r--certServiceClient/src/main/java/org/onap/aaf/certservice/client/api/ExitStatus.java2
-rw-r--r--certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ArtifactsCreatorProvider.java29
-rw-r--r--certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ConvertedArtifactsCreator.java (renamed from certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PKCS12ArtifactsCreator.java)56
-rw-r--r--certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ConvertedArtifactsCreatorFactory.java36
-rw-r--r--certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PemConverter.java (renamed from certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PemToPKCS12Converter.java)42
-rw-r--r--certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/exception/PemConversionException.java (renamed from certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/exception/PemToPKCS12ConverterException.java)8
6 files changed, 113 insertions, 60 deletions
diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/api/ExitStatus.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/api/ExitStatus.java
index 6e91fe84..1d321688 100644
--- a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/api/ExitStatus.java
+++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/api/ExitStatus.java
@@ -27,7 +27,7 @@ public enum ExitStatus {
CSR_GENERATION_EXCEPTION(4,"Fail in CSR generation"),
CERT_SERVICE_API_CONNECTION_EXCEPTION(5,"CertService HTTP unsuccessful response"),
HTTP_CLIENT_EXCEPTION(6,"Internal HTTP Client connection problem"),
- PKCS12_CONVERSION_EXCEPTION(7,"Fail in PKCS12 conversion"),
+ PEM_CONVERSION_EXCEPTION(7,"Fail in PEM conversion"),
PK_TO_PEM_ENCODING_EXCEPTION(8,"Fail in Private Key to PEM Encoding"),
TLS_CONFIGURATION_EXCEPTION(9, "Invalid TLS configuration"),
FILE_CREATION_EXCEPTION(10, "File could not be created");
diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ArtifactsCreatorProvider.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ArtifactsCreatorProvider.java
index dd4df73b..d3d8a11b 100644
--- a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ArtifactsCreatorProvider.java
+++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ArtifactsCreatorProvider.java
@@ -22,33 +22,40 @@ import org.onap.aaf.certservice.client.certification.PrivateKeyToPemEncoder;
import org.onap.aaf.certservice.client.certification.writer.CertFileWriter;
public enum ArtifactsCreatorProvider {
- P12 {
+ P12("PKCS12") {
@Override
ArtifactsCreator create(String destPath) {
- return new PKCS12ArtifactsCreator(
- new CertFileWriter(destPath),
- new RandomPasswordGenerator(),
- new PemToPKCS12Converter());
+ return ConvertedArtifactsCreatorFactory.createConverter(destPath, getExtension(), getKeyStoreType());
}
},
- JKS {
+ JKS("JKS") {
@Override
ArtifactsCreator create(String destPath) {
- return null;
+ return ConvertedArtifactsCreatorFactory.createConverter(destPath, getExtension(), getKeyStoreType());
}
},
- PEM {
+ PEM("PEM"){
@Override
ArtifactsCreator create(String destPath) {
- return new PemArtifactsCreator(
- new CertFileWriter(destPath),
- new PrivateKeyToPemEncoder());
+ return new PemArtifactsCreator(new CertFileWriter(destPath), new PrivateKeyToPemEncoder());
}
};
+ private final String keyStoreType;
+ ArtifactsCreatorProvider(String keyStoreType) {
+ this.keyStoreType = keyStoreType;
+ }
public static ArtifactsCreator getCreator(String outputType, String destPath) {
return valueOf(outputType).create(destPath);
}
+ String getKeyStoreType() {
+ return keyStoreType;
+ }
+
+ String getExtension() {
+ return this.toString().toLowerCase();
+ }
+
abstract ArtifactsCreator create(String destPath);
}
diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PKCS12ArtifactsCreator.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ConvertedArtifactsCreator.java
index c1e7c1c8..4e300074 100644
--- a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PKCS12ArtifactsCreator.java
+++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ConvertedArtifactsCreator.java
@@ -22,57 +22,63 @@ package org.onap.aaf.certservice.client.certification.conversion;
import java.security.PrivateKey;
import java.util.List;
import org.onap.aaf.certservice.client.certification.exception.CertFileWriterException;
-import org.onap.aaf.certservice.client.certification.exception.PemToPKCS12ConverterException;
+import org.onap.aaf.certservice.client.certification.exception.PemConversionException;
import org.onap.aaf.certservice.client.certification.writer.CertFileWriter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-public class PKCS12ArtifactsCreator implements ArtifactsCreator {
+public class ConvertedArtifactsCreator implements ArtifactsCreator {
- private static final Logger LOGGER = LoggerFactory.getLogger(PKCS12ArtifactsCreator.class);
+ private static final Logger LOGGER = LoggerFactory.getLogger(ConvertedArtifactsCreator.class);
private static final String CERTIFICATE_ALIAS = "certificate";
private static final String TRUSTED_CERTIFICATE_ALIAS = "trusted-certificate-";
private static final int PASSWORD_LENGTH = 24;
- private static final String KEYSTORE_P12 = "keystore.p12";
- private static final String KEYSTORE_PASS = "keystore.pass";
- private static final String TRUSTSTORE_P12 = "truststore.p12";
- private static final String TRUSTSTORE_PASS = "truststore.pass";
- private final RandomPasswordGenerator generator;
- private final PemToPKCS12Converter converter;
- private final CertFileWriter writer;
+ private static final String PASS_EXT = "pass";
+ private static final String KEYSTORE = "keystore";
+ private static final String TRUSTSTORE = "truststore";
- public PKCS12ArtifactsCreator(CertFileWriter writer, RandomPasswordGenerator generator,
- PemToPKCS12Converter converter) {
- this.generator = generator;
+ private final String fileExtension;
+ private final RandomPasswordGenerator passwordGenerator;
+ private final PemConverter converter;
+ private final CertFileWriter fileWriter;
+
+ public ConvertedArtifactsCreator(CertFileWriter fileWriter, RandomPasswordGenerator passwordGenerator,
+ PemConverter converter, String fileExtension) {
+ this.passwordGenerator = passwordGenerator;
this.converter = converter;
- this.writer = writer;
+ this.fileWriter = fileWriter;
+ this.fileExtension = fileExtension;
}
@Override
public void create(List<String> keystoreData, List<String> truststoreData, PrivateKey privateKey)
- throws PemToPKCS12ConverterException, CertFileWriterException {
+ throws PemConversionException, CertFileWriterException {
createKeystore(keystoreData,privateKey);
createTruststore(truststoreData);
}
private void createKeystore(List<String> data, PrivateKey privateKey)
- throws PemToPKCS12ConverterException, CertFileWriterException {
- Password password = generator.generate(PASSWORD_LENGTH);
+ throws PemConversionException, CertFileWriterException {
+ Password password = passwordGenerator.generate(PASSWORD_LENGTH);
+ String keystoreArtifactName = String.format("%s.%s", KEYSTORE, fileExtension);
+ String keystorePass = String.format("%s.%s", KEYSTORE, PASS_EXT);
- LOGGER.debug("Attempt to create PKCS12 keystore files and saving data. File names: {}, {}", KEYSTORE_P12, KEYSTORE_PASS);
+ LOGGER.debug("Attempt to create keystore files and saving data. File names: {}, {}", keystoreArtifactName, keystorePass);
- writer.saveData(converter.convertKeystore(data, password, CERTIFICATE_ALIAS, privateKey), KEYSTORE_P12);
- writer.saveData(getPasswordAsBytes(password), KEYSTORE_PASS);
+ fileWriter.saveData(converter.convertKeystore(data, password, CERTIFICATE_ALIAS, privateKey), keystoreArtifactName);
+ fileWriter.saveData(getPasswordAsBytes(password), keystorePass);
}
private void createTruststore(List<String> data)
- throws PemToPKCS12ConverterException, CertFileWriterException {
- Password password = generator.generate(PASSWORD_LENGTH);
+ throws PemConversionException, CertFileWriterException {
+ Password password = passwordGenerator.generate(PASSWORD_LENGTH);
+ String truststoreArtifactName = String.format("%s.%s", TRUSTSTORE, fileExtension);
+ String truststorePass = String.format("%s.%s", TRUSTSTORE, PASS_EXT);
- LOGGER.debug("Attempt to create PKCS12 truststore files and saving data. File names: {}, {}", TRUSTSTORE_P12, TRUSTSTORE_PASS);
+ LOGGER.debug("Attempt to create truststore files and saving data. File names: {}, {}", truststoreArtifactName, truststorePass);
- writer.saveData(converter.convertTruststore(data, password, TRUSTED_CERTIFICATE_ALIAS), TRUSTSTORE_P12);
- writer.saveData(getPasswordAsBytes(password), TRUSTSTORE_PASS);
+ fileWriter.saveData(converter.convertTruststore(data, password, TRUSTED_CERTIFICATE_ALIAS), truststoreArtifactName);
+ fileWriter.saveData(getPasswordAsBytes(password), truststorePass);
}
private byte[] getPasswordAsBytes(Password password) {
diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ConvertedArtifactsCreatorFactory.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ConvertedArtifactsCreatorFactory.java
new file mode 100644
index 00000000..5a37482a
--- /dev/null
+++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ConvertedArtifactsCreatorFactory.java
@@ -0,0 +1,36 @@
+/*============LICENSE_START=======================================================
+ * aaf-certservice-client
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.aaf.certservice.client.certification.conversion;
+
+import org.onap.aaf.certservice.client.certification.writer.CertFileWriter;
+
+public class ConvertedArtifactsCreatorFactory {
+
+ private ConvertedArtifactsCreatorFactory() { }
+
+ public static ConvertedArtifactsCreator createConverter(String destPath, String fileExtension, String keyStoreType) {
+ return new ConvertedArtifactsCreator(
+ new CertFileWriter(destPath),
+ new RandomPasswordGenerator(),
+ new PemConverter(keyStoreType),
+ fileExtension);
+ }
+
+}
diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PemToPKCS12Converter.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PemConverter.java
index ef1666dc..083e4bcf 100644
--- a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PemToPKCS12Converter.java
+++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PemConverter.java
@@ -35,52 +35,56 @@ import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMParser;
-import org.onap.aaf.certservice.client.certification.exception.PemToPKCS12ConverterException;
+import org.onap.aaf.certservice.client.certification.exception.PemConversionException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-class PemToPKCS12Converter {
+class PemConverter {
- private static final Logger LOGGER = LoggerFactory.getLogger(PemToPKCS12Converter.class);
- private static final String PKCS12 = "PKCS12";
+ private static final Logger LOGGER = LoggerFactory.getLogger(PemConverter.class);
private static final String PASSWORD_ERROR_MSG = "Password should be min. 16 chars long and should contain only alphanumeric characters and special characters like Underscore (_), Dollar ($) and Pound (#)";
private final LoadStoreParameter EMPTY_KEYSTORE_CONFIGURATION = null;
+ private final String keyStoreType;
+
+ public PemConverter(String keyStoreType) {
+ this.keyStoreType = keyStoreType;
+ }
byte[] convertKeystore(List<String> certificateChain, Password password, String alias, PrivateKey privateKey)
- throws PemToPKCS12ConverterException {
- LOGGER.info("Conversion of PEM certificates to PKCS12 keystore");
+ throws PemConversionException {
+ LOGGER.info("Conversion of PEM certificates to " + keyStoreType + " keystore");
return convert(certificateChain, password, certs -> getKeyStore(alias, password, certs, privateKey));
}
byte[] convertTruststore(List<String> trustAnchors, Password password, String alias)
- throws PemToPKCS12ConverterException {
- LOGGER.info("Conversion of PEM certificates to PKCS12 truststore");
+ throws PemConversionException {
+ LOGGER.info("Conversion of PEM certificates to " + keyStoreType + " truststore");
return convert(trustAnchors, password, certs -> getTrustStore(alias, certs));
}
private byte[] convert(List<String> certificates, Password password, StoreEntryOperation operation)
- throws PemToPKCS12ConverterException {
+ throws PemConversionException {
checkPassword(password);
final Certificate[] X509Certificates = convertToCertificateArray(certificates);
return getKeyStoreBytes(password, operation, X509Certificates);
}
- private void checkPassword(Password password) throws PemToPKCS12ConverterException {
+ private void checkPassword(Password password) throws PemConversionException {
if (!password.isCorrectPasswordPattern()) {
LOGGER.error(PASSWORD_ERROR_MSG);
- throw new PemToPKCS12ConverterException(PASSWORD_ERROR_MSG);
+ throw new PemConversionException(PASSWORD_ERROR_MSG);
}
}
private byte[] getKeyStoreBytes(Password password, StoreEntryOperation op, Certificate[] x509Certificates)
- throws PemToPKCS12ConverterException {
+ throws PemConversionException {
try (ByteArrayOutputStream bos = new ByteArrayOutputStream()) {
KeyStore ks = op.getStore(x509Certificates);
ks.store(bos, password.toCharArray());
return bos.toByteArray();
} catch (IOException | CertificateException | NoSuchAlgorithmException | KeyStoreException e) {
- LOGGER.error("Pem to PKCS12 converter failed, exception message: {}", e.getMessage());
- throw new PemToPKCS12ConverterException(e);
+ LOGGER.error("Pem to " + keyStoreType + " converter failed, exception message: {}", e.getMessage());
+ throw new PemConversionException(e);
}
}
@@ -103,13 +107,13 @@ class PemToPKCS12Converter {
private KeyStore getKeyStoreInstance()
throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
- KeyStore ks = KeyStore.getInstance(PKCS12);
+ KeyStore ks = KeyStore.getInstance(keyStoreType);
ks.load(EMPTY_KEYSTORE_CONFIGURATION);
return ks;
}
private Certificate[] convertToCertificateArray(List<String> certificates)
- throws PemToPKCS12ConverterException {
+ throws PemConversionException {
Certificate[] parsedCertificates = new Certificate[certificates.size()];
for (String certificate : certificates) {
parsedCertificates[certificates.indexOf(certificate)] = parseCertificate(certificate);
@@ -117,17 +121,17 @@ class PemToPKCS12Converter {
return parsedCertificates;
}
- private Certificate parseCertificate(String certificate) throws PemToPKCS12ConverterException {
+ private Certificate parseCertificate(String certificate) throws PemConversionException {
try (PEMParser pem = new PEMParser(new StringReader(certificate))) {
X509CertificateHolder certHolder = Optional.ofNullable((X509CertificateHolder) pem.readObject())
.orElseThrow(
- () -> new PemToPKCS12ConverterException("The certificate couldn't be parsed correctly. " + certificate));
+ () -> new PemConversionException("The certificate couldn't be parsed correctly. " + certificate));
return new JcaX509CertificateConverter()
.setProvider(new BouncyCastleProvider())
.getCertificate(certHolder);
} catch (IOException | CertificateException e) {
LOGGER.error("Certificates conversion failed, exception message: {}", e.getMessage());
- throw new PemToPKCS12ConverterException(e);
+ throw new PemConversionException(e);
}
}
}
diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/exception/PemToPKCS12ConverterException.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/exception/PemConversionException.java
index b98f4ace..11c448ee 100644
--- a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/exception/PemToPKCS12ConverterException.java
+++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/exception/PemConversionException.java
@@ -22,13 +22,13 @@ package org.onap.aaf.certservice.client.certification.exception;
import org.onap.aaf.certservice.client.api.ExitStatus;
import org.onap.aaf.certservice.client.api.ExitableException;
-public class PemToPKCS12ConverterException extends ExitableException {
- private static final ExitStatus EXIT_STATUS = ExitStatus.PKCS12_CONVERSION_EXCEPTION;
+public class PemConversionException extends ExitableException {
+ private static final ExitStatus EXIT_STATUS = ExitStatus.PEM_CONVERSION_EXCEPTION;
- public PemToPKCS12ConverterException(Throwable e) {
+ public PemConversionException(Throwable e) {
super(e);
}
- public PemToPKCS12ConverterException(String message) {
+ public PemConversionException(String message) {
super(message);
}