Fix PrivateKey encoding in certservice-client, refactor CsrFactory

Add PrivateKeyToPemEncoder with tests
Refactor CsrFactory to return not encoded PEM string (less responsibility and easier to test later)

Issue-ID: AAF-996
Change-Id: Ia8124d43ef7fb8b1d3077c98929c52f30b6512c6
Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>

6 files changed, 103 insertions, 20 deletions

diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/CertServiceClient.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/CertServiceClient.java
index 7072a883..d3d7f26d 100644
--- a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/CertServiceClient.java
+++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/CertServiceClient.java
@@ -19,13 +19,14 @@
 
 package org.onap.aaf.certservice.client;
 
+import java.security.KeyPair;
 import org.onap.aaf.certservice.client.api.ExitableException;
+import org.onap.aaf.certservice.client.certification.PrivateKeyToPemEncoder;
 import org.onap.aaf.certservice.client.certification.CsrFactory;
 import org.onap.aaf.certservice.client.certification.KeyPairFactory;
 import org.onap.aaf.certservice.client.certification.conversion.KeystoreTruststoreCreator;
 import org.onap.aaf.certservice.client.certification.conversion.KeystoreTruststoreCreatorFactory;
-
-import java.security.KeyPair;
+import org.onap.aaf.certservice.client.common.Base64Encoder;
 import org.onap.aaf.certservice.client.configuration.EnvsForClient;
 import org.onap.aaf.certservice.client.configuration.EnvsForCsr;
 import org.onap.aaf.certservice.client.configuration.factory.ClientConfigurationFactory;
@@ -39,7 +40,6 @@ import org.onap.aaf.certservice.client.httpclient.model.CertServiceResponse;
 import static org.onap.aaf.certservice.client.api.ExitCode.SUCCESS_EXIT_CODE;
 import static org.onap.aaf.certservice.client.certification.EncryptionAlgorithmConstants.KEY_SIZE;
 import static org.onap.aaf.certservice.client.certification.EncryptionAlgorithmConstants.RSA_ENCRYPTION_ALGORITHM;
-import static org.onap.aaf.certservice.client.common.Base64Coder.encode;
 
 public class CertServiceClient {
 
@@ -51,22 +51,23 @@ public class CertServiceClient {
 
     public void run() {
         KeyPairFactory keyPairFactory = new KeyPairFactory(RSA_ENCRYPTION_ALGORITHM, KEY_SIZE);
+        PrivateKeyToPemEncoder pkEncoder = new PrivateKeyToPemEncoder();
+        Base64Encoder base64Encoder = new Base64Encoder();
         try {
             ClientConfiguration clientConfiguration = new ClientConfigurationFactory(new EnvsForClient()).create();
             CsrConfiguration csrConfiguration = new CsrConfigurationFactory(new EnvsForCsr()).create();
             KeyPair keyPair = keyPairFactory.create();
             CsrFactory csrFactory = new CsrFactory(csrConfiguration);
-            String csr = csrFactory.createEncodedCsr(keyPair);
 
             CloseableHttpClientProvider provider = new CloseableHttpClientProvider(
                 clientConfiguration.getRequestTimeout());
             HttpClient httpClient = new HttpClient(provider, clientConfiguration.getUrlToCertService());
 
             CertServiceResponse certServiceData =
-                httpClient.retrieveCertServiceData(
-                    clientConfiguration.getCaName(),
-                    csr,
-                    encode(keyPair.getPrivate().toString()));
+                    httpClient.retrieveCertServiceData(
+                            clientConfiguration.getCaName(),
+                            base64Encoder.encode(csrFactory.createCsrInPem(keyPair)),
+                            base64Encoder.encode(pkEncoder.encodePrivateKeyToPem(keyPair.getPrivate())));
 
             KeystoreTruststoreCreator filesCreator = new KeystoreTruststoreCreatorFactory(
                 clientConfiguration.getCertsOutputPath()).create();
diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/api/ExitCode.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/api/ExitCode.java
index 561cfd2a..670cbe90 100644
--- a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/api/ExitCode.java
+++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/api/ExitCode.java
@@ -26,7 +26,8 @@ public enum ExitCode {
     CSR_GENERATION_EXCEPTION(4),
     CERT_SERVICE_API_CONNECTION_EXCEPTION(5),
     HTTP_CLIENT_EXCEPTION(6),
-    PKCS12_CONVERSION_EXCEPTION(7);
+    PKCS12_CONVERSION_EXCEPTION(7),
+    PK_TO_PEM_ENCODING_EXCEPTION(8);
 
     private final int value;
 
diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/CsrFactory.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/CsrFactory.java
index f936636a..83fa6d44 100644
--- a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/CsrFactory.java
+++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/CsrFactory.java
@@ -66,12 +66,12 @@ public class CsrFactory {
     }
 
 
-    public String createEncodedCsr(KeyPair keyPair) throws CsrGenerationException {
+    public String createCsrInPem(KeyPair keyPair) throws CsrGenerationException {
         PKCS10CertificationRequest request;
         String csrParameters = getMandatoryParameters().append(getOptionalParameters()).toString();
         X500Principal subject = new X500Principal(csrParameters);
         request = createPKCS10Csr(subject, keyPair);
-        return encodeToBase64(convertPKC10CsrToPem(request));
+        return convertPKC10CsrToPem(request);
     }
 
 
@@ -151,8 +151,4 @@ public class CsrFactory {
     private static Boolean isParameterPresent(String parameter) {
         return parameter != null && !"".equals(parameter);
     }
-
-    private static String encodeToBase64(String csrInPem) {
-        return Base64.getEncoder().encodeToString(csrInPem.getBytes(StandardCharsets.UTF_8));
-    }
 }
diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/PrivateKeyToPemEncoder.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/PrivateKeyToPemEncoder.java
new file mode 100644
index 00000000..77995958
--- /dev/null
+++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/PrivateKeyToPemEncoder.java
@@ -0,0 +1,51 @@
+/*
+ * ============LICENSE_START=======================================================
+ * aaf-certservice-client
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.aaf.certservice.client.certification;
+
+
+
+import java.io.IOException;
+import java.io.StringWriter;
+import java.security.PrivateKey;
+
+import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
+import org.bouncycastle.util.io.pem.PemObject;
+import org.onap.aaf.certservice.client.certification.exception.PkEncodingException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class PrivateKeyToPemEncoder {
+
+    public static final String PEM_OBJECT_TYPE = "RSA PRIVATE KEY";
+    private final Logger LOGGER = LoggerFactory.getLogger(PrivateKeyToPemEncoder.class);
+
+    public String encodePrivateKeyToPem(PrivateKey pk) throws PkEncodingException {
+        LOGGER.info("Encoding PrivateKey to PEM");
+        StringWriter stringWriter = new StringWriter();
+        try (JcaPEMWriter pemWriter = new JcaPEMWriter(stringWriter)) {
+            pemWriter.writeObject(new PemObject(PEM_OBJECT_TYPE, pk.getEncoded()));
+        } catch (IOException e) {
+            LOGGER.error("Exception occurred during encoding PrivateKey to PEM", e);
+            throw new PkEncodingException(e);
+        }
+        return stringWriter.toString();
+    }
+}
diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/exception/PkEncodingException.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/exception/PkEncodingException.java
new file mode 100644
index 00000000..596a6a44
--- /dev/null
+++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/exception/PkEncodingException.java
@@ -0,0 +1,35 @@
+/*============LICENSE_START=======================================================
+ * aaf-certservice-client
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.aaf.certservice.client.certification.exception;
+
+import org.onap.aaf.certservice.client.api.ExitCode;
+import org.onap.aaf.certservice.client.api.ExitableException;
+
+public class PkEncodingException extends ExitableException {
+    private static final ExitCode EXIT_CODE = ExitCode.PK_TO_PEM_ENCODING_EXCEPTION;
+
+    public PkEncodingException(Throwable e) {
+        super(e);
+    }
+
+    public int applicationExitCode() {
+        return EXIT_CODE.getValue();
+    }
+}
diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/common/Base64Coder.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/common/Base64Encoder.java
index c066187d..1f90db1b 100644
--- a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/common/Base64Coder.java
+++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/common/Base64Encoder.java
@@ -1,5 +1,4 @@
-/*
- * ============LICENSE_START=======================================================
+/*============LICENSE_START=======================================================
  * aaf-certservice-client
  * ================================================================================
  * Copyright (C) 2020 Nokia. All rights reserved.
@@ -22,8 +21,8 @@ package org.onap.aaf.certservice.client.common;
 
 import org.bouncycastle.util.encoders.Base64;
 
-public class Base64Coder {
-    public static String encode(String string){
+public class Base64Encoder {
+    public String encode(String string){
         return new String(Base64.encode(string.getBytes()));
     }
-}
+}
\ No newline at end of file