[OOM-K8S-CERT-EXTERNAL-PROVIDER] Refactor provider code

- add csr and key params to SignCertificateModel - correct handling error when signing csr fails - create factory for SignCertificateModel Issue-ID: OOM-2753 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: I9bc296dfc999de0390ec90a00cbaa9dd82c89265
author: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> 2021-07-16 14:53:14 +0200
committer: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> 2021-07-20 14:27:31 +0200
commit: 57d9b2c0a7956306e54234233b8330628ac9f960 (patch)
tree: 2e923594373ea1a531d5211fc3bbe066fd8f0425 /certServiceK8sExternalProvider/src/cmpv2provisioner
parent: 62cacd0f91bca52fcdce37b1f46a13757dc1dbd8 (diff)
3 files changed, 21 insertions, 41 deletions
diff --git a/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go
index dc2824ce..53932494 100644
--- a/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go
+++ b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go
@@ -26,14 +26,12 @@
 package cmpv2provisioner
 
 import (
-	"context"
 	"sync"
 
 	"k8s.io/apimachinery/pkg/types"
 
 	"onap.org/oom-certservice/k8s-external-provider/src/certserviceclient"
 	"onap.org/oom-certservice/k8s-external-provider/src/cmpv2api"
-	"onap.org/oom-certservice/k8s-external-provider/src/cmpv2provisioner/csr"
 	"onap.org/oom-certservice/k8s-external-provider/src/leveledlogger"
 	"onap.org/oom-certservice/k8s-external-provider/src/model"
 )
@@ -85,40 +83,24 @@ func Store(namespacedName types.NamespacedName, provisioner *CertServiceCA) {
 }
 
 func (ca *CertServiceCA) Sign(
-	ctx context.Context,
 	signCertificateModel model.SignCertificateModel,
 ) (signedCertificateChain []byte, trustedCertificates []byte, err error) {
 	log := leveledlogger.GetLoggerWithName("certservice-provisioner")
 
-	if signCertificateModel.IsUpdateRevision {
-		log.Debug("Certificate will be updated.", "old-certificate", signCertificateModel.OldCertificate,
-			"old-private-key", signCertificateModel.OldPrivateKey)
-	}
-
 	certificateRequest := signCertificateModel.CertificateRequest
-	privateKeyBytes := signCertificateModel.PrivateKeyBytes
 	log.Info("Signing certificate: ", "cert-name", certificateRequest.Name)
-
 	log.Info("CA: ", "name", ca.name, "url", ca.url)
 
-	csrBytes := certificateRequest.Spec.Request
-	log.Debug("Original CSR PEM: ", "bytes", csrBytes)
-
-	filteredCsrBytes, err := csr.FilterFieldsFromCSR(csrBytes, privateKeyBytes)
-	if err != nil {
-		return nil, nil, err
-	}
-	log.Debug("Filtered out CSR PEM: ", "bytes", filteredCsrBytes)
-
 	var response *certserviceclient.CertificatesResponse
 	var errAPI error
 
-	if signCertificateModel.IsUpdateRevision {
+	if ca.isCertificateUpdate(signCertificateModel) {
+		log.Debug("Certificate will be updated.", "old-certificate", signCertificateModel.OldCertificateBytes)
 		log.Info("Attempt to send certificate update request")
-		response, errAPI = ca.certServiceClient.UpdateCertificate(filteredCsrBytes, privateKeyBytes, signCertificateModel)
+		response, errAPI = ca.certServiceClient.UpdateCertificate(signCertificateModel)
 	} else {
 		log.Info("Attempt to send certificate request")
-		response, errAPI = ca.certServiceClient.GetCertificates(filteredCsrBytes, privateKeyBytes)
+		response, errAPI = ca.certServiceClient.GetCertificates(signCertificateModel)
 	}
 
 	if errAPI != nil {
@@ -135,11 +117,14 @@ func (ca *CertServiceCA) Sign(
 		log.Error(signErr, "Cannot parse response from CertService API")
 		return nil, nil, signErr
 	}
-
 	log.Info("Successfully signed: ", "cert-name", certificateRequest.Name)
-
 	log.Debug("Signed cert PEM: ", "bytes", signedCertificateChain)
 	log.Debug("Trusted CA  PEM: ", "bytes", trustedCertificates)
 
 	return signedCertificateChain, trustedCertificates, nil
 }
+
+
+func (ca *CertServiceCA) isCertificateUpdate(signCertificateModel model.SignCertificateModel) bool {
+	return len(signCertificateModel.OldCertificateBytes) > 0 && len(signCertificateModel.OldPrivateKeyBytes) > 0
+}
diff --git a/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_factory_mock.go b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_factory_mock.go
index cb3b8c63..0e543610 100644
--- a/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_factory_mock.go
+++ b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_factory_mock.go
@@ -35,10 +35,10 @@ type ProvisionerFactoryMock struct {
 
 func (f *ProvisionerFactoryMock) CreateProvisioner(issuer *cmpv2api.CMPv2Issuer, secret v1.Secret) (*CertServiceCA, error) {
 	provisioner, err := New(issuer, &certserviceclient.CertServiceClientMock{
-		GetCertificatesFunc: func(csr []byte, pk []byte) (response *certserviceclient.CertificatesResponse, e error) {
+		GetCertificatesFunc: func(signCertificateModel model.SignCertificateModel) (response *certserviceclient.CertificatesResponse, e error) {
 			return &testdata.SampleCertServiceResponse, nil
 		},
-		UpdateCertificateFunc: func(csr []byte, key []byte, signCertificateModel model.SignCertificateModel) (*certserviceclient.CertificatesResponse, error) {
+		UpdateCertificateFunc: func(signCertificateModel model.SignCertificateModel) (*certserviceclient.CertificatesResponse, error) {
 			return &testdata.SampleCertServiceResponse, nil
 		},
 	})
diff --git a/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_test.go b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_test.go
index 1a066657..e0b0c2e9 100644
--- a/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_test.go
+++ b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_test.go
@@ -21,7 +21,6 @@
 package cmpv2provisioner
 
 import (
-	"context"
 	"testing"
 	"time"
 
@@ -77,19 +76,17 @@ func Test_shouldReturnCorrectSignedPemsWhenParametersAreCorrectForCertificateReq
 
 	testdata.VerifyThatConditionIsTrue(ok, "Provisioner could not be loaded", t)
 
-	ctx := context.Background()
 	request := createCertificateRequest()
 	privateKeyBytes := getPrivateKeyBytes()
 
 	signCertificateModel := model.SignCertificateModel{
-		CertificateRequest: request,
-		PrivateKeyBytes:    privateKeyBytes,
-		IsUpdateRevision:   false,
-		OldCertificate:     "",
-		OldPrivateKey:      "",
+		CertificateRequest:  request,
+		PrivateKeyBytes:     privateKeyBytes,
+		OldCertificateBytes: []byte{},
+		OldPrivateKeyBytes:  []byte{},
 	}
 
-	signedPEM, trustedCAs, err := provisioner.Sign(ctx, signCertificateModel)
+	signedPEM, trustedCAs, err := provisioner.Sign(signCertificateModel)
 
 	assert.Nil(t, err)
 
@@ -108,19 +105,17 @@ func Test_shouldReturnCorrectSignedPemsWhenParametersAreCorrectForUpdateCertific
 
 	testdata.VerifyThatConditionIsTrue(ok, "Provisioner could not be loaded", t)
 
-	ctx := context.Background()
 	request := createCertificateRequest()
 	privateKeyBytes := getPrivateKeyBytes()
 
 	signCertificateModel := model.SignCertificateModel{
-		CertificateRequest: request,
-		PrivateKeyBytes:    privateKeyBytes,
-		IsUpdateRevision:   true,
-		OldCertificate:     testdata.OldCertificateEncoded,
-		OldPrivateKey:      testdata.OldPrivateKeyEncoded,
+		CertificateRequest:  request,
+		PrivateKeyBytes:     privateKeyBytes,
+		OldCertificateBytes: testdata.OldCertificateBytes,
+		OldPrivateKeyBytes:  testdata.OldPrivateKeyBytes,
 	}
 
-	signedPEM, trustedCAs, err := provisioner.Sign(ctx, signCertificateModel)
+	signedPEM, trustedCAs, err := provisioner.Sign(signCertificateModel)
 
 	assert.Nil(t, err)
author	Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>	2021-07-16 14:53:14 +0200
committer	Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>	2021-07-20 14:27:31 +0200
commit	57d9b2c0a7956306e54234233b8330628ac9f960 (patch)
tree	2e923594373ea1a531d5211fc3bbe066fd8f0425 /certServiceK8sExternalProvider/src/cmpv2provisioner
parent	62cacd0f91bca52fcdce37b1f46a13757dc1dbd8 (diff)