diff options
| author |   Jan Malkiewicz <jan.malkiewicz@nokia.com> | 2020-09-18 09:53:12 +0200 |
|---|---|---|
| committer | Jan Malkiewicz <jan.malkiewicz@nokia.com> | 2020-09-18 10:01:49 +0200 |
| commit | f8ce5f7332bd79b584ddd45ed8062cfdb5a938f3 (patch) | |
| tree | 378475eac7d70cbc4d478af39c82d809a1972b3f /certServicePostProcessor/src/main | |
| parent | 900b8224a0401e126e9033c61602aceed68c4080 (diff) | |
[OOM-CMPv2] Rename module folder truststoreMerger -> certServicePostProcessor
Issue-ID: DCAEGEN2-2253
Signed-off-by: Jan Malkiewicz <jan.malkiewicz@nokia.com>
Change-Id: I975f37507f7f79c238f1eac15f375fe64761c80c
Diffstat (limited to 'certServicePostProcessor/src/main')
42 files changed, 1985 insertions, 0 deletions
diff --git a/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/AppExecutor.java b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/AppExecutor.java new file mode 100644 index 00000000..2ef30b68 --- /dev/null +++ b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/AppExecutor.java @@ -0,0 +1,54 @@ +/*============LICENSE_START======================================================= + * oom-truststore-merger + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.postprocessor; + +import org.onap.oom.certservice.postprocessor.api.ExitStatus; +import org.onap.oom.certservice.postprocessor.api.ExitableException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class AppExecutor { + + private static final Logger LOGGER = LoggerFactory.getLogger(AppExecutor.class); + + private AppExitHandler exitHandler; + + AppExecutor() { + this(new AppExitHandler()); + } + + AppExecutor(AppExitHandler exitHandler) { + this.exitHandler = exitHandler; + } + + + public void execute(Runnable logic) { + try { + logic.run(); + exitHandler.exit(ExitStatus.SUCCESS); + } catch (ExitableException e) { + LOGGER.error("Application failed: ", e); + exitHandler.exit(e.applicationExitStatus()); + } catch (Exception e) { + LOGGER.error("Application failed (unexpected error): ", e); + exitHandler.exit(ExitStatus.UNEXPECTED_EXCEPTION); + } + } +} diff --git a/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/AppExitHandler.java b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/AppExitHandler.java new file mode 100644 index 00000000..15677dc4 --- /dev/null +++ b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/AppExitHandler.java @@ -0,0 +1,34 @@ +/*============LICENSE_START======================================================= + * oom-truststore-merger + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.postprocessor; + +import org.onap.oom.certservice.postprocessor.api.ExitStatus; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class AppExitHandler { + private static final Logger LOGGER = LoggerFactory.getLogger(AppExitHandler.class); + + public void exit(ExitStatus exitStatus) { + LOGGER.info("Application exits with code [{}] and message: {}", + exitStatus.getExitCodeValue(), exitStatus.getMessage()); + System.exit(exitStatus.getExitCodeValue()); + } +} diff --git a/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/CertificatePostProcessor.java b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/CertificatePostProcessor.java new file mode 100644 index 00000000..b9038227 --- /dev/null +++ b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/CertificatePostProcessor.java @@ -0,0 +1,47 @@ +/*============LICENSE_START======================================================= + * oom-truststore-merger + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.postprocessor; + +import org.onap.oom.certservice.postprocessor.common.FileTools; +import org.onap.oom.certservice.postprocessor.configuration.AppConfigurationLoader; +import org.onap.oom.certservice.postprocessor.configuration.model.AppConfiguration; +import org.onap.oom.certservice.postprocessor.copier.KeystoreCopier; +import org.onap.oom.certservice.postprocessor.merger.TruststoreMerger; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +class CertificatePostProcessor implements Runnable { + + private static final Logger LOGGER = LoggerFactory.getLogger(CertificatePostProcessor.class); + + private AppConfigurationLoader config = new AppConfigurationLoader(); + private TruststoreMerger merger = new TruststoreMerger(); + private KeystoreCopier copier = new KeystoreCopier(new FileTools()); + + public void run() { + LOGGER.debug("Loading configuration..."); + AppConfiguration configuration = config.loadConfiguration(); + LOGGER.debug("Starting TruststoreMerger..."); + merger.mergeTruststores(configuration); + LOGGER.debug("Starting KeystoreCopier..."); + copier.copyKeystores(configuration); + LOGGER.debug("Certificate post processing finished successfully."); + } +} diff --git a/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/MainApp.java b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/MainApp.java new file mode 100644 index 00000000..f815f489 --- /dev/null +++ b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/MainApp.java @@ -0,0 +1,27 @@ +/*============LICENSE_START======================================================= + * oom-truststore-merger + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.postprocessor; + +public class MainApp { + + public static void main(String[] args) { + new AppExecutor().execute(new CertificatePostProcessor()); + } +} diff --git a/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/api/CertificateConstants.java b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/api/CertificateConstants.java new file mode 100644 index 00000000..3442621b --- /dev/null +++ b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/api/CertificateConstants.java @@ -0,0 +1,31 @@ +/*============LICENSE_START======================================================= + * oom-truststore-merger + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.postprocessor.api; + +public class CertificateConstants { + + private CertificateConstants() { } + + public static final String JKS_TYPE = "JKS"; + public static final String PKCS12_TYPE = "PKCS12"; + public static final String X_509_CERTIFICATE = "X.509"; + public static final String BOUNCY_CASTLE_PROVIDER = "BC"; + +} diff --git a/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/api/ExitStatus.java b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/api/ExitStatus.java new file mode 100644 index 00000000..b6cebeb1 --- /dev/null +++ b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/api/ExitStatus.java @@ -0,0 +1,56 @@ +/*============LICENSE_START======================================================= + * oom-truststore-merger + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.postprocessor.api; + +public enum ExitStatus { + + SUCCESS(0, "Success"), + CERTIFICATES_PATHS_VALIDATION_EXCEPTION(1, "Invalid paths in environment variables"), + CONFIGURATION_EXCEPTION(2, "Invalid merger configuration"), + TRUSTSTORE_FILE_FACTORY_EXCEPTION(3, "Invalid truststore file-password pair"), + PASSWORD_READER_EXCEPTION(4, "Cannot read password from file"), + CREATE_BACKUP_EXCEPTION(5, "Cannot create backup file"), + KEYSTORE_INSTANCE_EXCEPTION(6, "Cannot initialize keystore instance"), + TRUSTSTORE_LOAD_FILE_EXCEPTION(7, "Cannot load truststore file"), + TRUSTSTORE_DATA_OPERATION_EXCEPTION(8, "Cannot operate on truststore data"), + MISSING_TRUSTSTORE_EXCEPTION(9, "Missing truststore certificates in provided file"), + ALIAS_CONFLICT_EXCEPTION(10, "Alias conflict detected"), + WRITE_TRUSTSTORE_FILE_EXCEPTION(11, "Cannot save truststore file"), + KEYSTORE_FILE_COPY_EXCEPTION(12, "Cannot copy keystore file"), + KEYSTORE_NOT_EXIST_EXCEPTION(13, "Keystore file does not exist"), + UNEXPECTED_EXCEPTION(99, "Application exited abnormally"); + + + private final int value; + private final String message; + + ExitStatus(int value, String message) { + this.value = value; + this.message = message; + } + + public int getExitCodeValue() { + return value; + } + + public String getMessage() { + return message; + } +} diff --git a/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/api/ExitableException.java b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/api/ExitableException.java new file mode 100644 index 00000000..54a7c6a1 --- /dev/null +++ b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/api/ExitableException.java @@ -0,0 +1,40 @@ +/*============LICENSE_START======================================================= + * oom-truststore-merger + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.postprocessor.api; + +public class ExitableException extends RuntimeException { + + private final ExitStatus exitStatus; + + public ExitableException(Throwable cause, ExitStatus exitStatus) { + super(cause); + this.exitStatus = exitStatus; + } + + public ExitableException(String message, ExitStatus exitStatus) { + super(message); + this.exitStatus = exitStatus; + } + + public ExitStatus applicationExitStatus() { + return exitStatus; + } + +} diff --git a/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/common/ExtensionResolver.java b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/common/ExtensionResolver.java new file mode 100644 index 00000000..7a785ae1 --- /dev/null +++ b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/common/ExtensionResolver.java @@ -0,0 +1,42 @@ +/*============LICENSE_START======================================================= + * oom-truststore-merger + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.postprocessor.common; + +import java.io.File; + +public final class ExtensionResolver { + + private static final int INDEX_NOT_FOUND = -1; + + private ExtensionResolver() {} + + public static String get(File file) { + int extStartIndex = file.getName().lastIndexOf("."); + if (extStartIndex == INDEX_NOT_FOUND) { + return ""; + } + return file.getName().substring(extStartIndex).toLowerCase(); + } + + public static boolean checkIfFileExists(File file) { + return file.exists(); + } + +} diff --git a/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/common/FileTools.java b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/common/FileTools.java new file mode 100644 index 00000000..620d8088 --- /dev/null +++ b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/common/FileTools.java @@ -0,0 +1,52 @@ +/*============LICENSE_START======================================================= + * oom-truststore-merger + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.postprocessor.common; + +import java.io.File; +import java.io.IOException; +import org.apache.commons.io.FileUtils; +import org.onap.oom.certservice.postprocessor.merger.exception.CreateBackupException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public final class FileTools { + + private static final Logger LOGGER = LoggerFactory.getLogger(FileTools.class); + private static final String BACKUP_EXTENSION = ".bak"; + + public void createBackup(File file) throws CreateBackupException { + LOGGER.debug("Try to create a backup of the file: {}", file.getPath()); + File backupFile = new File(file.getAbsolutePath() + BACKUP_EXTENSION); + try { + copy(file, backupFile); + } catch (IOException e) { + LOGGER.error("Could not create backup of the file: '{}'", file.getPath()); + throw new CreateBackupException(e); + } + LOGGER.debug("Backup file created: '{}'", backupFile.getAbsolutePath()); + } + + public void copy(File source, File destination) throws IOException { + LOGGER.debug("Try to copy from '{}' to '{}'.", source.getAbsolutePath(), destination.getAbsolutePath()); + FileUtils.copyFile(source, destination); + LOGGER.debug("File copied from '{}' to '{}'.", source.getAbsolutePath(), + destination.getAbsolutePath()); + } +} diff --git a/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/common/PasswordReader.java b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/common/PasswordReader.java new file mode 100644 index 00000000..6e4a5f3a --- /dev/null +++ b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/common/PasswordReader.java @@ -0,0 +1,41 @@ +/*============LICENSE_START======================================================= + * oom-truststore-merger + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.postprocessor.common; + +import java.io.File; +import java.io.IOException; +import java.nio.file.Files; +import org.onap.oom.certservice.postprocessor.merger.exception.PasswordReaderException; + +public final class PasswordReader { + + private static final String COULD_NOT_READ_PASSWORD_FROM_FILE_MSG_TEMPLATE = "Could not read password from file: %s"; + + private PasswordReader() { + } + + public static String readPassword(File file) { + try { + return Files.readString(file.toPath()); + } catch (IOException e) { + throw new PasswordReaderException(String.format(COULD_NOT_READ_PASSWORD_FROM_FILE_MSG_TEMPLATE, file)); + } + } +} diff --git a/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/configuration/AppConfigurationLoader.java b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/configuration/AppConfigurationLoader.java new file mode 100644 index 00000000..a3f49d86 --- /dev/null +++ b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/configuration/AppConfigurationLoader.java @@ -0,0 +1,33 @@ +/*============LICENSE_START======================================================= + * oom-truststore-merger + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.postprocessor.configuration; + +import org.onap.oom.certservice.postprocessor.configuration.model.AppConfiguration; +import org.onap.oom.certservice.postprocessor.configuration.path.DelimitedPathsSplitter; +import org.onap.oom.certservice.postprocessor.configuration.path.env.EnvReader; + +public class AppConfigurationLoader { + + public AppConfiguration loadConfiguration() { + DelimitedPathsSplitter pathsSplitter = new DelimitedPathsSplitter(); + AppConfigurationProvider factory = new AppConfigurationProvider(pathsSplitter, new EnvReader()); + return factory.createConfiguration(); + } +} diff --git a/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/configuration/AppConfigurationProvider.java b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/configuration/AppConfigurationProvider.java new file mode 100644 index 00000000..1e9ef8a9 --- /dev/null +++ b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/configuration/AppConfigurationProvider.java @@ -0,0 +1,82 @@ +/*============LICENSE_START======================================================= + * oom-truststore-merger + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.postprocessor.configuration; + + +import static org.onap.oom.certservice.postprocessor.configuration.model.EnvVariable.KEYSTORE_DESTINATION_PATHS; +import static org.onap.oom.certservice.postprocessor.configuration.model.EnvVariable.KEYSTORE_SOURCE_PATHS; +import static org.onap.oom.certservice.postprocessor.configuration.model.EnvVariable.TRUSTSTORES_PASSWORDS_PATHS; +import static org.onap.oom.certservice.postprocessor.configuration.model.EnvVariable.TRUSTSTORES_PATHS; + +import java.util.Collections; +import java.util.List; +import java.util.Optional; +import org.onap.oom.certservice.postprocessor.configuration.path.env.EnvReader; +import org.onap.oom.certservice.postprocessor.configuration.exception.ConfigurationException; +import org.onap.oom.certservice.postprocessor.configuration.model.AppConfiguration; +import org.onap.oom.certservice.postprocessor.configuration.model.EnvVariable; +import org.onap.oom.certservice.postprocessor.configuration.path.DelimitedPathsSplitter; + +public class AppConfigurationProvider { + + private final EnvReader envReader; + private final DelimitedPathsSplitter pathsSplitter; + + public AppConfigurationProvider(DelimitedPathsSplitter pathsSplitter, EnvReader envReader) { + this.envReader = envReader; + this.pathsSplitter = pathsSplitter; + } + + public AppConfiguration createConfiguration() { + List<String> truststoresPaths = getPaths(TRUSTSTORES_PATHS); + List<String> truststoresPasswordsPaths = getPaths(TRUSTSTORES_PASSWORDS_PATHS); + List<String> sourceKeystorePaths = getPaths(KEYSTORE_SOURCE_PATHS); + List<String> destinationKeystorePaths = getPaths(KEYSTORE_DESTINATION_PATHS); + + ensureSameSize(truststoresPaths, truststoresPasswordsPaths, TRUSTSTORES_PATHS.name(), + TRUSTSTORES_PASSWORDS_PATHS.name()); + ensureSameSize(sourceKeystorePaths, destinationKeystorePaths, KEYSTORE_SOURCE_PATHS.name(), + KEYSTORE_DESTINATION_PATHS.name()); + + return new AppConfiguration(truststoresPaths, truststoresPasswordsPaths, sourceKeystorePaths, + destinationKeystorePaths); + } + + private List<String> getPaths(EnvVariable envVariable) { + Optional<String> envValue = envReader.getEnv(envVariable.name()); + isMandatoryEnvPresent(envVariable, envValue); + return envValue.isPresent() ? pathsSplitter.getValidatedPaths(envVariable, envValue) : Collections.emptyList(); + } + + private void isMandatoryEnvPresent(EnvVariable envVariable, Optional<String> envValue) { + if (envVariable.isMandatory() && envValue.isEmpty()) { + throw new ConfigurationException(envVariable + " mandatory environment variable is not defined"); + } + } + + private void ensureSameSize(List<String> firstList, List<String> secondList, String firstListEnvName, + String secondListEnvName) { + if (firstList.size() != secondList.size()) { + throw new ConfigurationException( + "Size of " + firstListEnvName + + " does not match size of " + secondListEnvName + " environment variables"); + } + } +} diff --git a/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/configuration/exception/CertificatesPathsValidationException.java b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/configuration/exception/CertificatesPathsValidationException.java new file mode 100644 index 00000000..fb621017 --- /dev/null +++ b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/configuration/exception/CertificatesPathsValidationException.java @@ -0,0 +1,30 @@ +/*============LICENSE_START======================================================= + * oom-truststore-merger + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.postprocessor.configuration.exception; + +import org.onap.oom.certservice.postprocessor.api.ExitStatus; +import org.onap.oom.certservice.postprocessor.api.ExitableException; + +public class CertificatesPathsValidationException extends ExitableException { + + public CertificatesPathsValidationException(String errorMessage) { + super(errorMessage, ExitStatus.CERTIFICATES_PATHS_VALIDATION_EXCEPTION); + } +} diff --git a/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/configuration/exception/ConfigurationException.java b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/configuration/exception/ConfigurationException.java new file mode 100644 index 00000000..c9f9a416 --- /dev/null +++ b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/configuration/exception/ConfigurationException.java @@ -0,0 +1,30 @@ +/*============LICENSE_START======================================================= + * oom-truststore-merger + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.postprocessor.configuration.exception; + +import org.onap.oom.certservice.postprocessor.api.ExitStatus; +import org.onap.oom.certservice.postprocessor.api.ExitableException; + +public class ConfigurationException extends ExitableException { + + public ConfigurationException(String errorMessage) { + super(errorMessage, ExitStatus.CONFIGURATION_EXCEPTION); + } +} diff --git a/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/configuration/model/AppConfiguration.java b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/configuration/model/AppConfiguration.java new file mode 100644 index 00000000..d28dcac5 --- /dev/null +++ b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/configuration/model/AppConfiguration.java @@ -0,0 +1,56 @@ +/*============LICENSE_START======================================================= + * oom-truststore-merger + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.postprocessor.configuration.model; + +import java.util.Collections; +import java.util.List; + +public final class AppConfiguration { + private final List<String> truststoreFilePaths; + private final List<String> truststoreFilePasswordPaths; + private final List<String> sourceKeystorePaths; + private final List<String> destinationKeystorePaths; + + public AppConfiguration(List<String> truststoreFilePaths, + List<String> truststoreFilePasswordPaths, List<String> sourceKeystorePaths, + List<String> destinationKeystorePaths) { + this.truststoreFilePaths = List.copyOf(truststoreFilePaths); + this.truststoreFilePasswordPaths = List.copyOf(truststoreFilePasswordPaths); + this.sourceKeystorePaths = List.copyOf(sourceKeystorePaths); + this.destinationKeystorePaths = List.copyOf(destinationKeystorePaths); + } + + public List<String> getTruststoreFilePaths() { + return Collections.unmodifiableList(truststoreFilePaths); + } + + public List<String> getTruststoreFilePasswordPaths() { + return Collections.unmodifiableList(truststoreFilePasswordPaths); + } + + + public List<String> getDestinationKeystorePaths() { + return Collections.unmodifiableList(destinationKeystorePaths); + } + + public List<String> getSourceKeystorePaths() { + return Collections.unmodifiableList(sourceKeystorePaths); + } +} diff --git a/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/configuration/model/EnvVariable.java b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/configuration/model/EnvVariable.java new file mode 100644 index 00000000..be49d39c --- /dev/null +++ b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/configuration/model/EnvVariable.java @@ -0,0 +1,51 @@ +/*============LICENSE_START======================================================= + * oom-truststore-merger + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.postprocessor.configuration.model; + +import static org.onap.oom.certservice.postprocessor.configuration.path.validation.ValidationFunctions.doesItContainValidCertificatesPaths; +import static org.onap.oom.certservice.postprocessor.configuration.path.validation.ValidationFunctions.doesItContainValidPasswordPaths; +import static org.onap.oom.certservice.postprocessor.configuration.path.validation.ValidationFunctions.doesItContainValidPathsToCopy; + +import java.util.List; +import java.util.function.Predicate; + +public enum EnvVariable { + TRUSTSTORES_PATHS(true, doesItContainValidCertificatesPaths()), + TRUSTSTORES_PASSWORDS_PATHS(true, doesItContainValidPasswordPaths()), + KEYSTORE_SOURCE_PATHS(false, doesItContainValidPathsToCopy()), + KEYSTORE_DESTINATION_PATHS(false, doesItContainValidPathsToCopy()); + + boolean isMandatory; + + Predicate<List<String>> validationFunction; + + EnvVariable(boolean isMandatory, Predicate<List<String>> validationFunction) { + this.isMandatory = isMandatory; + this.validationFunction = validationFunction; + } + + public boolean isMandatory() { + return isMandatory; + } + + public Predicate<List<String>> getValidationFunction() { + return validationFunction; + } +} diff --git a/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/configuration/path/DelimitedPathsSplitter.java b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/configuration/path/DelimitedPathsSplitter.java new file mode 100644 index 00000000..b2e71cb3 --- /dev/null +++ b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/configuration/path/DelimitedPathsSplitter.java @@ -0,0 +1,49 @@ +/*============LICENSE_START======================================================= + * oom-truststore-merger + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.postprocessor.configuration.path; + +import java.util.Arrays; +import java.util.List; +import java.util.Optional; +import org.onap.oom.certservice.postprocessor.configuration.exception.CertificatesPathsValidationException; +import org.onap.oom.certservice.postprocessor.configuration.model.EnvVariable; + +public class DelimitedPathsSplitter { + + private static final String DELIMITER = ":"; + private static final int NEGATIVE_SPLIT_LIMIT = -1; + + public List<String> getValidatedPaths(EnvVariable envVariable, Optional<String> envValue) + throws CertificatesPathsValidationException { + return envValue.filter(this::hasValue) + .map(this::splitToList) + .filter(envVariable.getValidationFunction()) + .orElseThrow(() -> new CertificatesPathsValidationException( + envVariable + " environment variable does not contain valid paths")); + } + + private boolean hasValue(String envValue) { + return !envValue.isEmpty(); + } + + private List<String> splitToList(String stringToSplit) { + return Arrays.asList(stringToSplit.split(DELIMITER, NEGATIVE_SPLIT_LIMIT)); + } +} diff --git a/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/configuration/path/env/EnvReader.java b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/configuration/path/env/EnvReader.java new file mode 100644 index 00000000..f30e43be --- /dev/null +++ b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/configuration/path/env/EnvReader.java @@ -0,0 +1,39 @@ +/*============LICENSE_START======================================================= + * oom-truststore-merger + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.postprocessor.configuration.path.env; + +import java.util.Optional; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class EnvReader { + + private static final Logger LOGGER = LoggerFactory.getLogger(EnvReader.class); + + public Optional<String> getEnv(String name) { + return getSystemEnv(name); + } + + Optional<String> getSystemEnv(String name) { + String value = System.getenv(name); + LOGGER.info("Read variable: {} , value: {}", name, value); + return Optional.ofNullable(value); + } +} diff --git a/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/configuration/path/validation/ValidationFunctions.java b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/configuration/path/validation/ValidationFunctions.java new file mode 100644 index 00000000..f65a21a0 --- /dev/null +++ b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/configuration/path/validation/ValidationFunctions.java @@ -0,0 +1,57 @@ +/*============LICENSE_START======================================================= + * oom-truststore-merger + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.postprocessor.configuration.path.validation; + +import java.util.List; +import java.util.function.Predicate; + +public final class ValidationFunctions { + + private static final String CERTIFICATE_PATH_REGEX = "^(/[a-zA-Z0-9_-]+)+\\.(pem|jks|p12)"; + private static final String CERTIFICATE_PASSWORD_PATH_REGEX = "^(/[a-zA-Z0-9_-]+)+\\.pass"; + + private ValidationFunctions() { + } + + public static Predicate<List<String>> doesItContainValidPasswordPaths() { + return paths -> paths.stream().allMatch(ValidationFunctions::isCertificatePasswordPathValid); + } + + public static Predicate<List<String>> doesItContainValidCertificatesPaths() { + return paths -> paths.stream().allMatch(ValidationFunctions::isCertificatePathValid); + } + + public static Predicate<List<String>> doesItContainValidPathsToCopy() { + return paths -> paths.stream().allMatch(path -> + doesMatch(path, CERTIFICATE_PASSWORD_PATH_REGEX) || isCertificatePathValid(path)); + } + + private static boolean isCertificatePathValid(String path) { + return doesMatch(path, CERTIFICATE_PATH_REGEX); + } + + private static boolean isCertificatePasswordPathValid(String path) { + return path.isEmpty() || doesMatch(path, CERTIFICATE_PASSWORD_PATH_REGEX); + } + + private static boolean doesMatch(String path, String regex) { + return path.matches(regex); + } +} diff --git a/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/copier/KeystoreCopier.java b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/copier/KeystoreCopier.java new file mode 100644 index 00000000..f5cea212 --- /dev/null +++ b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/copier/KeystoreCopier.java @@ -0,0 +1,74 @@ +/*============LICENSE_START======================================================= + * oom-truststore-merger + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.postprocessor.copier; + +import java.io.File; +import java.io.IOException; +import java.util.List; +import org.onap.oom.certservice.postprocessor.common.FileTools; +import org.onap.oom.certservice.postprocessor.configuration.model.AppConfiguration; +import org.onap.oom.certservice.postprocessor.copier.exception.KeystoreFileCopyException; +import org.onap.oom.certservice.postprocessor.copier.exception.KeystoreNotExistException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class KeystoreCopier { + + private static final Logger LOGGER = LoggerFactory.getLogger(KeystoreCopier.class); + private final FileTools fileTools; + + public KeystoreCopier(FileTools fileTools) { + this.fileTools = fileTools; + } + + public void copyKeystores(AppConfiguration configuration) { + final List<String> sources = configuration.getSourceKeystorePaths(); + final List<String> destinations = configuration.getDestinationKeystorePaths(); + containsPaths(sources); + try { + for (int i = 0; i < sources.size(); i++) { + copy(sources.get(i), destinations.get(i)); + } + } catch (IOException e) { + throw new KeystoreFileCopyException(e); + } + } + + private void containsPaths(List<String> sources) { + if (sources.isEmpty()) { + LOGGER.info("No Keystore files to copy"); + } + } + + private void copy(String sourcePath, String destinationPath) throws IOException { + final File source = new File(sourcePath); + final File destination = new File(destinationPath); + + if (!source.exists()) { + throw new KeystoreNotExistException("Keystore file does not exist '" + source.getAbsolutePath() + "'!"); + } + + if (destination.exists()) { + fileTools.createBackup(destination); + } + fileTools.copy(source, destination); + } + +} diff --git a/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/copier/exception/KeystoreFileCopyException.java b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/copier/exception/KeystoreFileCopyException.java new file mode 100644 index 00000000..66190965 --- /dev/null +++ b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/copier/exception/KeystoreFileCopyException.java @@ -0,0 +1,31 @@ +/*============LICENSE_START======================================================= + * oom-truststore-merger + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.postprocessor.copier.exception; + +import org.onap.oom.certservice.postprocessor.api.ExitStatus; +import org.onap.oom.certservice.postprocessor.api.ExitableException; + +public class KeystoreFileCopyException extends ExitableException { + + public KeystoreFileCopyException(Exception e) { + super(e, ExitStatus.KEYSTORE_FILE_COPY_EXCEPTION); + } + +} diff --git a/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/copier/exception/KeystoreNotExistException.java b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/copier/exception/KeystoreNotExistException.java new file mode 100644 index 00000000..37f2f537 --- /dev/null +++ b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/copier/exception/KeystoreNotExistException.java @@ -0,0 +1,31 @@ +/*============LICENSE_START======================================================= + * oom-truststore-merger + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.postprocessor.copier.exception; + +import org.onap.oom.certservice.postprocessor.api.ExitStatus; +import org.onap.oom.certservice.postprocessor.api.ExitableException; + +public class KeystoreNotExistException extends ExitableException { + + public KeystoreNotExistException(String message) { + super(message, ExitStatus.KEYSTORE_NOT_EXIST_EXCEPTION); + } + +} diff --git a/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/TruststoreFilesProvider.java b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/TruststoreFilesProvider.java new file mode 100644 index 00000000..9e30bd44 --- /dev/null +++ b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/TruststoreFilesProvider.java @@ -0,0 +1,46 @@ +/*============LICENSE_START======================================================= + * oom-truststore-merger + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.postprocessor.merger; + +import java.util.ArrayList; +import java.util.List; +import org.onap.oom.certservice.postprocessor.merger.model.Truststore; +import org.onap.oom.certservice.postprocessor.merger.model.TruststoreFactory; + +public class TruststoreFilesProvider { + + + private TruststoreFilesProvider() { + } + + public static List<Truststore> getTruststoreFiles(List<String> truststoreFilePaths, + List<String> truststoreFilePasswordPaths) { + List<Truststore> truststoreFiles = new ArrayList<>(); + for (int i = 0; i < truststoreFilePaths.size(); i++) { + String truststorePath = truststoreFilePaths.get(i); + String passwordPath = truststoreFilePasswordPaths.get(i); + + Truststore truststore = TruststoreFactory.create(truststorePath, passwordPath); + truststoreFiles.add(truststore); + } + + return truststoreFiles; + } +} diff --git a/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/TruststoreMerger.java b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/TruststoreMerger.java new file mode 100644 index 00000000..3cf60da1 --- /dev/null +++ b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/TruststoreMerger.java @@ -0,0 +1,54 @@ +/*============LICENSE_START======================================================= + * oom-truststore-merger + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.postprocessor.merger; + +import java.util.List; +import org.onap.oom.certservice.postprocessor.configuration.model.AppConfiguration; +import org.onap.oom.certservice.postprocessor.merger.model.Truststore; +import org.onap.oom.certservice.postprocessor.merger.model.certificate.CertificateWithAlias; + +public class TruststoreMerger { + + private static final int FIRST_TRUSTSTORE_INDEX = 0; + private static final int SECOND_TRUSTSTORE_INDEX = 1; + + public void mergeTruststores(AppConfiguration configuration) { + List<Truststore> truststoreFilesList = getTruststoreFiles(configuration); + + Truststore baseFile = truststoreFilesList.get(FIRST_TRUSTSTORE_INDEX); + baseFile.createBackup(); + + for (int i = SECOND_TRUSTSTORE_INDEX; i < truststoreFilesList.size(); i++) { + Truststore truststore = truststoreFilesList.get(i); + List<CertificateWithAlias> certificateWrappers = truststore.getCertificates(); + baseFile.addCertificates(certificateWrappers); + } + + baseFile.saveFile(); + } + + private List<Truststore> getTruststoreFiles(AppConfiguration configuration) { + return TruststoreFilesProvider + .getTruststoreFiles( + configuration.getTruststoreFilePaths(), + configuration.getTruststoreFilePasswordPaths() + ); + } +} diff --git a/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/exception/AliasConflictException.java b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/exception/AliasConflictException.java new file mode 100644 index 00000000..2e7939b7 --- /dev/null +++ b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/exception/AliasConflictException.java @@ -0,0 +1,31 @@ +/*============LICENSE_START======================================================= + * oom-truststore-merger + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.postprocessor.merger.exception; + +import org.onap.oom.certservice.postprocessor.api.ExitStatus; +import org.onap.oom.certservice.postprocessor.api.ExitableException; + +public class AliasConflictException extends ExitableException { + + public AliasConflictException(String errorMessage) { + super(errorMessage, ExitStatus.ALIAS_CONFLICT_EXCEPTION); + } + +} diff --git a/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/exception/CreateBackupException.java b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/exception/CreateBackupException.java new file mode 100644 index 00000000..8e99f993 --- /dev/null +++ b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/exception/CreateBackupException.java @@ -0,0 +1,30 @@ +/*============LICENSE_START======================================================= + * oom-truststore-merger + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.postprocessor.merger.exception; + +import org.onap.oom.certservice.postprocessor.api.ExitStatus; +import org.onap.oom.certservice.postprocessor.api.ExitableException; + +public class CreateBackupException extends ExitableException { + + public CreateBackupException(Exception cause) { + super(cause, ExitStatus.CREATE_BACKUP_EXCEPTION); + } +} diff --git a/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/exception/KeystoreInstanceException.java b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/exception/KeystoreInstanceException.java new file mode 100644 index 00000000..1279dff7 --- /dev/null +++ b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/exception/KeystoreInstanceException.java @@ -0,0 +1,30 @@ +/*============LICENSE_START======================================================= + * oom-truststore-merger + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.postprocessor.merger.exception; + +import org.onap.oom.certservice.postprocessor.api.ExitStatus; +import org.onap.oom.certservice.postprocessor.api.ExitableException; + +public class KeystoreInstanceException extends ExitableException { + + public KeystoreInstanceException(Exception cause) { + super(cause, ExitStatus.KEYSTORE_INSTANCE_EXCEPTION); + } +} diff --git a/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/exception/LoadTruststoreException.java b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/exception/LoadTruststoreException.java new file mode 100644 index 00000000..b3493fd6 --- /dev/null +++ b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/exception/LoadTruststoreException.java @@ -0,0 +1,30 @@ +/*============LICENSE_START======================================================= + * oom-truststore-merger + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.postprocessor.merger.exception; + +import org.onap.oom.certservice.postprocessor.api.ExitStatus; +import org.onap.oom.certservice.postprocessor.api.ExitableException; + +public class LoadTruststoreException extends ExitableException { + + public LoadTruststoreException(Exception cause) { + super(cause, ExitStatus.TRUSTSTORE_LOAD_FILE_EXCEPTION); + } +} diff --git a/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/exception/MissingTruststoreException.java b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/exception/MissingTruststoreException.java new file mode 100644 index 00000000..51660f60 --- /dev/null +++ b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/exception/MissingTruststoreException.java @@ -0,0 +1,30 @@ +/*============LICENSE_START======================================================= + * oom-truststore-merger + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.postprocessor.merger.exception; + +import org.onap.oom.certservice.postprocessor.api.ExitStatus; +import org.onap.oom.certservice.postprocessor.api.ExitableException; + +public class MissingTruststoreException extends ExitableException { + + public MissingTruststoreException(String errorMessage) { + super(errorMessage, ExitStatus.MISSING_TRUSTSTORE_EXCEPTION); + } +} diff --git a/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/exception/PasswordReaderException.java b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/exception/PasswordReaderException.java new file mode 100644 index 00000000..b1bdf1ea --- /dev/null +++ b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/exception/PasswordReaderException.java @@ -0,0 +1,29 @@ +/*============LICENSE_START======================================================= + * oom-truststore-merger + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.postprocessor.merger.exception; + +import org.onap.oom.certservice.postprocessor.api.ExitStatus; +import org.onap.oom.certservice.postprocessor.api.ExitableException; + +public class PasswordReaderException extends ExitableException { + public PasswordReaderException(String errorMessage) { + super(errorMessage, ExitStatus.PASSWORD_READER_EXCEPTION); + } +} diff --git a/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/exception/TruststoreDataOperationException.java b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/exception/TruststoreDataOperationException.java new file mode 100644 index 00000000..77ae366e --- /dev/null +++ b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/exception/TruststoreDataOperationException.java @@ -0,0 +1,30 @@ +/*============LICENSE_START======================================================= + * oom-truststore-merger + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.postprocessor.merger.exception; + +import org.onap.oom.certservice.postprocessor.api.ExitStatus; +import org.onap.oom.certservice.postprocessor.api.ExitableException; + +public class TruststoreDataOperationException extends ExitableException { + + public TruststoreDataOperationException(Exception cause) { + super(cause, ExitStatus.TRUSTSTORE_DATA_OPERATION_EXCEPTION); + } +} diff --git a/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/exception/TruststoreFileFactoryException.java b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/exception/TruststoreFileFactoryException.java new file mode 100644 index 00000000..a87a62a3 --- /dev/null +++ b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/exception/TruststoreFileFactoryException.java @@ -0,0 +1,30 @@ +/*============LICENSE_START======================================================= + * oom-truststore-merger + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.postprocessor.merger.exception; + +import org.onap.oom.certservice.postprocessor.api.ExitStatus; +import org.onap.oom.certservice.postprocessor.api.ExitableException; + +public class TruststoreFileFactoryException extends ExitableException { + public TruststoreFileFactoryException(String errorMessage) { + super(errorMessage, ExitStatus.TRUSTSTORE_FILE_FACTORY_EXCEPTION); + } + +} diff --git a/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/exception/WriteTruststoreFileException.java b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/exception/WriteTruststoreFileException.java new file mode 100644 index 00000000..f9b772ca --- /dev/null +++ b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/exception/WriteTruststoreFileException.java @@ -0,0 +1,31 @@ +/*============LICENSE_START======================================================= + * oom-truststore-merger + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + + +package org.onap.oom.certservice.postprocessor.merger.exception; + +import org.onap.oom.certservice.postprocessor.api.ExitStatus; +import org.onap.oom.certservice.postprocessor.api.ExitableException; + +public class WriteTruststoreFileException extends ExitableException { + + public WriteTruststoreFileException(Exception cause) { + super(cause, ExitStatus.WRITE_TRUSTSTORE_FILE_EXCEPTION); + } +} diff --git a/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/model/JavaTruststore.java b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/model/JavaTruststore.java new file mode 100644 index 00000000..d264d2f4 --- /dev/null +++ b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/model/JavaTruststore.java @@ -0,0 +1,166 @@ +/*============LICENSE_START======================================================= + * oom-truststore-merger + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.postprocessor.merger.model; + +import java.io.File; +import java.io.FileInputStream; +import java.io.FileOutputStream; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import org.onap.oom.certservice.postprocessor.merger.exception.AliasConflictException; +import org.onap.oom.certservice.postprocessor.merger.exception.LoadTruststoreException; +import org.onap.oom.certservice.postprocessor.merger.exception.MissingTruststoreException; +import org.onap.oom.certservice.postprocessor.merger.exception.TruststoreDataOperationException; +import org.onap.oom.certservice.postprocessor.merger.exception.WriteTruststoreFileException; +import org.onap.oom.certservice.postprocessor.api.ExitableException; +import org.onap.oom.certservice.postprocessor.common.FileTools; +import org.onap.oom.certservice.postprocessor.merger.model.certificate.CertificateWithAlias; +import org.onap.oom.certservice.postprocessor.merger.model.certificate.CertificateWithAliasFactory; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public final class JavaTruststore extends Truststore { + + private static final Logger LOGGER = LoggerFactory.getLogger(JavaTruststore.class); + + private final CertificateWithAliasFactory factory = new CertificateWithAliasFactory(); + private final KeyStore keyStore; + private final String password; + + + private JavaTruststore(KeyStore keyStore, File storeFile, String password) { + super(storeFile, new FileTools()); + this.keyStore = keyStore; + this.password = password; + } + + public static JavaTruststore createWithLoadingFile(KeyStore keyStore, File storeFile, String password) + throws LoadTruststoreException { + JavaTruststore javaTruststore = new JavaTruststore(keyStore, storeFile, password); + javaTruststore.loadFile(); + return javaTruststore; + } + + public List<CertificateWithAlias> getCertificates() throws ExitableException { + LOGGER.debug("Attempt to read certificates from file: {}", storeFile.getPath()); + List<String> aliases = getTruststoreAliases(); + if (aliases.isEmpty()) { + throw new MissingTruststoreException("Missing certificate aliases in file: " + storeFile.getPath()); + } + return getWrappedCertificates(aliases); + } + + public void addCertificates(List<CertificateWithAlias> certificatesWithAliases) + throws ExitableException { + LOGGER.debug("Attempt to add certificates for saving to file"); + if (getTruststoreAliases().isEmpty()) { + throw new MissingTruststoreException("Missing certificate aliases in file: " + storeFile.getPath()); + } + for (CertificateWithAlias certificate : certificatesWithAliases) { + addCertificate(certificate); + } + } + + public void saveFile() throws WriteTruststoreFileException { + LOGGER.debug("Attempt to save file: {}", storeFile.getPath()); + try (FileOutputStream outputStream = new FileOutputStream(storeFile)) { + keyStore.store(outputStream, this.password.toCharArray()); + } catch (Exception e) { + LOGGER.error("Cannot write truststore file"); + throw new WriteTruststoreFileException(e); + } + } + + private void loadFile() throws LoadTruststoreException { + try { + keyStore.load(new FileInputStream(storeFile), this.password.toCharArray()); + } catch (Exception e) { + LOGGER.error("Cannot load file: {}", storeFile.getPath()); + throw new LoadTruststoreException(e); + } + } + + private void addCertificate(CertificateWithAlias certificate) + throws TruststoreDataOperationException, AliasConflictException { + if (hasAliasConflict(certificate)) { + LOGGER.error("Alias conflict detected"); + throw new AliasConflictException("Alias conflict detected. Alias conflicted: " + certificate.getAlias()); + } + try { + keyStore.setCertificateEntry(certificate.getAlias(), certificate.getCertificate()); + } catch (KeyStoreException e) { + LOGGER.error("Cannot merge certificate with alias: {}", certificate.getAlias()); + throw new TruststoreDataOperationException(e); + } + } + + private boolean hasAliasConflict(CertificateWithAlias certificate) throws TruststoreDataOperationException { + try { + return keyStore.containsAlias(certificate.getAlias()); + } catch (KeyStoreException e) { + LOGGER.error("Cannot check alias conflict"); + throw new TruststoreDataOperationException(e); + } + } + + private List<CertificateWithAlias> getWrappedCertificates(List<String> aliases) + throws TruststoreDataOperationException { + + List<CertificateWithAlias> certificateWrapped = new ArrayList<>(); + + for (String alias : aliases) { + certificateWrapped.add(createWrappedCertificate(alias)); + } + return certificateWrapped; + } + + private CertificateWithAlias createWrappedCertificate(String alias) throws TruststoreDataOperationException { + try { + return factory.createCertificateWithAlias(keyStore.getCertificate(alias), alias); + } catch (KeyStoreException e) { + LOGGER.warn("Cannot get certificate with alias: {} ", alias); + throw new TruststoreDataOperationException(e); + } + } + + private List<String> getTruststoreAliases() throws TruststoreDataOperationException { + try { + List<String> aliases = Collections.list(keyStore.aliases()); + return getFilteredAlias(aliases); + } catch (KeyStoreException e) { + LOGGER.warn("Cannot read truststore aliases"); + throw new TruststoreDataOperationException(e); + } + } + + private List<String> getFilteredAlias(List<String> aliases) throws KeyStoreException { + List<String> filteredAlias = new ArrayList<>(); + for (String alias : aliases) { + if (keyStore.isCertificateEntry(alias)) { + filteredAlias.add(alias); + } + } + return filteredAlias; + } + +} diff --git a/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/model/JavaTruststoreFactory.java b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/model/JavaTruststoreFactory.java new file mode 100644 index 00000000..4740d0f6 --- /dev/null +++ b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/model/JavaTruststoreFactory.java @@ -0,0 +1,48 @@ +/*============LICENSE_START======================================================= + * oom-truststore-merger + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.postprocessor.merger.model; + +import java.io.File; +import java.security.KeyStore; +import java.security.KeyStoreException; +import org.onap.oom.certservice.postprocessor.merger.exception.KeystoreInstanceException; +import org.onap.oom.certservice.postprocessor.common.PasswordReader; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class JavaTruststoreFactory { + + private static final Logger LOGGER = LoggerFactory.getLogger(JavaTruststoreFactory.class); + + private JavaTruststoreFactory() { + } + + public static Truststore create(File certFile, String truststorePasswordPath, String keystoreType) { + String password = PasswordReader.readPassword(new File(truststorePasswordPath)); + try { + return JavaTruststore + .createWithLoadingFile(KeyStore.getInstance(keystoreType), certFile, password); + } catch (KeyStoreException e) { + LOGGER.error("Cannot initialize Java Keystore instance"); + throw new KeystoreInstanceException(e); + } + } +} + diff --git a/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/model/PemTruststore.java b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/model/PemTruststore.java new file mode 100644 index 00000000..d7f4bfd2 --- /dev/null +++ b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/model/PemTruststore.java @@ -0,0 +1,156 @@ +/*============LICENSE_START======================================================= + * oom-truststore-merger + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.postprocessor.merger.model; + +import static org.onap.oom.certservice.postprocessor.api.CertificateConstants.BOUNCY_CASTLE_PROVIDER; +import static org.onap.oom.certservice.postprocessor.api.CertificateConstants.X_509_CERTIFICATE; + +import java.io.File; +import java.io.FileInputStream; +import java.io.FileOutputStream; +import java.io.IOException; +import java.io.StringWriter; +import java.security.Security; +import java.security.cert.Certificate; +import java.security.cert.CertificateFactory; +import java.util.ArrayList; +import java.util.List; +import java.util.stream.Collectors; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.bouncycastle.openssl.jcajce.JcaMiscPEMGenerator; +import org.bouncycastle.util.io.pem.PemObjectGenerator; +import org.bouncycastle.util.io.pem.PemWriter; +import org.onap.oom.certservice.postprocessor.merger.exception.MissingTruststoreException; +import org.onap.oom.certservice.postprocessor.merger.exception.TruststoreDataOperationException; +import org.onap.oom.certservice.postprocessor.merger.exception.WriteTruststoreFileException; +import org.onap.oom.certservice.postprocessor.common.FileTools; +import org.onap.oom.certservice.postprocessor.merger.model.certificate.CertificateWithAlias; +import org.onap.oom.certservice.postprocessor.merger.model.certificate.CertificateWithAliasFactory; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class PemTruststore extends Truststore { + + private static final Logger LOGGER = LoggerFactory.getLogger(PemTruststore.class); + + private static final boolean APPEND_TO_FILE = true; + + private final CertificateWithAliasFactory factory = new CertificateWithAliasFactory(); + private final List<CertificateWithAlias> certificatesToBeSaved = new ArrayList<>(); + + public PemTruststore(File storeFile) { + super(storeFile, new FileTools()); + } + + public List<CertificateWithAlias> getCertificates() + throws TruststoreDataOperationException, MissingTruststoreException { + LOGGER.debug("Attempt to read certificates from file: {}", storeFile.getPath()); + if (isFileWithoutPemCertificate()) { + throw new MissingTruststoreException("File does not contain any certificate"); + } + List<Certificate> extractedCertificate = extractCertificatesFromFile(); + return wrapCertificates(extractedCertificate); + } + + public void addCertificates(List<CertificateWithAlias> certificates) + throws TruststoreDataOperationException, MissingTruststoreException { + LOGGER.debug("Attempt to add certificates for saving to file"); + if (isFileWithoutPemCertificate()) { + LOGGER.error("File does not contain any certificate. File path: {} ", storeFile.getPath()); + throw new MissingTruststoreException("File does not contain any certificate"); + } + certificatesToBeSaved.addAll(certificates); + } + + public void saveFile() throws WriteTruststoreFileException, TruststoreDataOperationException { + LOGGER.debug("Attempt to save file: {}", storeFile.getPath()); + List<Certificate> certificates = certificatesToBeSaved.stream() + .map(CertificateWithAlias::getCertificate) + .collect(Collectors.toList()); + String certificatesAsString = transformToStringInPemFormat(certificates); + appendToFile(certificatesAsString); + } + + boolean isFileWithoutPemCertificate() throws TruststoreDataOperationException { + List<Certificate> certificateList = extractCertificatesFromFile(); + return certificateList.isEmpty(); + } + + String transformToStringInPemFormat(List<Certificate> certificates) throws TruststoreDataOperationException { + StringWriter sw = new StringWriter(); + List<PemObjectGenerator> generators = transformToPemGenerators(certificates); + try (PemWriter pemWriter = new PemWriter(sw)) { + for (PemObjectGenerator generator : generators) { + pemWriter.writeObject(generator); + } + } catch (IOException e) { + LOGGER.error("Cannot convert certificates to PEM format"); + throw new TruststoreDataOperationException(e); + } + return sw.toString(); + } + + private List<Certificate> extractCertificatesFromFile() throws TruststoreDataOperationException { + try (FileInputStream inputStream = new FileInputStream(storeFile)) { + Security.addProvider(new BouncyCastleProvider()); + CertificateFactory factory = CertificateFactory.getInstance(X_509_CERTIFICATE, BOUNCY_CASTLE_PROVIDER); + return new ArrayList<>(factory.generateCertificates(inputStream)); + } catch (Exception e) { + LOGGER.error("Cannot read certificates from file: {}", storeFile.getPath()); + throw new TruststoreDataOperationException(e); + } + } + + private List<PemObjectGenerator> transformToPemGenerators(List<Certificate> certificates) + throws TruststoreDataOperationException { + List<PemObjectGenerator> generators = new ArrayList<>(); + for (Certificate certificate : certificates) { + PemObjectGenerator generator = createPemGenerator(certificate); + generators.add(generator); + } + return generators; + } + + private JcaMiscPEMGenerator createPemGenerator(Certificate certificate) + throws TruststoreDataOperationException { + try { + return new JcaMiscPEMGenerator(certificate); + } catch (IOException e) { + LOGGER.error("Cannot convert Certificate Object to PemGenerator Object"); + throw new TruststoreDataOperationException(e); + } + } + + private List<CertificateWithAlias> wrapCertificates(List<Certificate> rawCertificates) { + return rawCertificates.stream() + .map(factory::createPemCertificate) + .collect(Collectors.toList()); + } + + private void appendToFile(String certificatesAsString) throws WriteTruststoreFileException { + try { + FileOutputStream fileOutputStream = new FileOutputStream(storeFile, APPEND_TO_FILE); + fileOutputStream.write(certificatesAsString.getBytes()); + } catch (Exception e) { + LOGGER.error("Cannot write certificates to file"); + throw new WriteTruststoreFileException(e); + } + } +} diff --git a/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/model/Truststore.java b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/model/Truststore.java new file mode 100644 index 00000000..058613a9 --- /dev/null +++ b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/model/Truststore.java @@ -0,0 +1,47 @@ +/*============LICENSE_START======================================================= + * oom-truststore-merger + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.postprocessor.merger.model; + +import java.io.File; +import java.util.List; +import org.onap.oom.certservice.postprocessor.common.FileTools; +import org.onap.oom.certservice.postprocessor.merger.model.certificate.CertificateWithAlias; + +public abstract class Truststore { + + final File storeFile; + + private final FileTools fileTools; + + public Truststore(File storeFile, FileTools fileTools) { + this.storeFile = storeFile; + this.fileTools = fileTools; + } + + public void createBackup() { + fileTools.createBackup(storeFile); + } + + public abstract List<CertificateWithAlias> getCertificates(); + + public abstract void addCertificates(List<CertificateWithAlias> certificates); + + public abstract void saveFile(); +} diff --git a/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/model/TruststoreFactory.java b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/model/TruststoreFactory.java new file mode 100644 index 00000000..5167c301 --- /dev/null +++ b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/model/TruststoreFactory.java @@ -0,0 +1,64 @@ +/*============LICENSE_START======================================================= + * oom-truststore-merger + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.postprocessor.merger.model; + +import static org.onap.oom.certservice.postprocessor.api.CertificateConstants.JKS_TYPE; +import static org.onap.oom.certservice.postprocessor.api.CertificateConstants.PKCS12_TYPE; + +import java.io.File; +import org.onap.oom.certservice.postprocessor.common.ExtensionResolver; +import org.onap.oom.certservice.postprocessor.merger.exception.TruststoreFileFactoryException; + +public class TruststoreFactory { + + private static final String JKS_EXTENSION = ".jks"; + private static final String P12_EXTENSION = ".p12"; + private static final String PEM_EXTENSION = ".pem"; + private static final String FILE_DOES_NOT_EXIST_MSG_TEMPLATE = "File: %s does not exist"; + private static final String UNKNOWN_TRUSTSTORE_TYPE_MSG_TEMPLATE = "Unknown truststore extension type: %s"; + + + private TruststoreFactory() { + } + + public static Truststore create(String truststoreFilePath, String truststorePasswordPath) { + File truststoreFile = new File(truststoreFilePath); + if (!ExtensionResolver.checkIfFileExists(truststoreFile)) { + throw new TruststoreFileFactoryException(String.format(FILE_DOES_NOT_EXIST_MSG_TEMPLATE, truststoreFile)); + } + return createTypedTruststore(truststoreFile, truststorePasswordPath); + } + + private static Truststore createTypedTruststore(File truststoreFile, String truststorePasswordPath) { + String extension = ExtensionResolver.get(truststoreFile); + switch (extension) { + case JKS_EXTENSION: + return JavaTruststoreFactory.create(truststoreFile, truststorePasswordPath, JKS_TYPE); + case P12_EXTENSION: + return JavaTruststoreFactory.create(truststoreFile, truststorePasswordPath, PKCS12_TYPE); + case PEM_EXTENSION: + return new PemTruststore(truststoreFile); + default: + throw new TruststoreFileFactoryException( + String.format(UNKNOWN_TRUSTSTORE_TYPE_MSG_TEMPLATE, extension)); + } + } + +} diff --git a/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/model/certificate/CertificateWithAlias.java b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/model/certificate/CertificateWithAlias.java new file mode 100644 index 00000000..098ffcd0 --- /dev/null +++ b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/model/certificate/CertificateWithAlias.java @@ -0,0 +1,41 @@ +/*============LICENSE_START======================================================= + * oom-truststore-merger + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.postprocessor.merger.model.certificate; + +import java.security.cert.Certificate; + +public class CertificateWithAlias { + + private final Certificate certificate; + private final String alias; + + public CertificateWithAlias(Certificate certificate, String alias) { + this.certificate = certificate; + this.alias = alias; + } + + public String getAlias() { + return this.alias; + } + + public Certificate getCertificate() { + return this.certificate; + } +} diff --git a/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/model/certificate/CertificateWithAliasFactory.java b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/model/certificate/CertificateWithAliasFactory.java new file mode 100644 index 00000000..4ad2b417 --- /dev/null +++ b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/model/certificate/CertificateWithAliasFactory.java @@ -0,0 +1,33 @@ +/*============LICENSE_START======================================================= + * oom-truststore-merger + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.postprocessor.merger.model.certificate; + +import java.security.cert.Certificate; + +public class CertificateWithAliasFactory { + + public CertificateWithAlias createCertificateWithAlias(Certificate certificate, String alias) { + return new CertificateWithAlias(certificate, alias); + } + + public CertificateWithAlias createPemCertificate(Certificate certificate) { + return new CertificateWithAlias(certificate, PemAliasGenerator.getInstance().getAlias()); + } +} diff --git a/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/model/certificate/PemAliasGenerator.java b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/model/certificate/PemAliasGenerator.java new file mode 100644 index 00000000..a89b1031 --- /dev/null +++ b/certServicePostProcessor/src/main/java/org/onap/oom/certservice/postprocessor/merger/model/certificate/PemAliasGenerator.java @@ -0,0 +1,42 @@ +/*============LICENSE_START======================================================= + * oom-truststore-merger + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.postprocessor.merger.model.certificate; + + +import java.util.concurrent.atomic.AtomicInteger; + +public class PemAliasGenerator { + + private static final String PREFIX_ALIAS_NAME = "pem-trusted-certificate-"; + private static final PemAliasGenerator INSTANCE = new PemAliasGenerator(); + private static AtomicInteger counter = new AtomicInteger(0); + + private PemAliasGenerator() { + } + + public static PemAliasGenerator getInstance() { + return INSTANCE; + } + + public String getAlias() { + + return PREFIX_ALIAS_NAME + counter.getAndIncrement(); + } +} diff --git a/certServicePostProcessor/src/main/resources/log4j2.xml b/certServicePostProcessor/src/main/resources/log4j2.xml new file mode 100644 index 00000000..697017e3 --- /dev/null +++ b/certServicePostProcessor/src/main/resources/log4j2.xml @@ -0,0 +1,30 @@ +<?xml version="1.0" encoding="UTF-8"?> + +<Configuration status="INFO"> + + <Appenders> + <Console name="CONSOLE" target="SYSTEM_OUT"> + <PatternLayout + pattern="%d{${LOG_DATEFORMAT_PATTERN:-yyyy-MM-dd HH:mm:ss.SSS}} %highlight{${LOG_LEVEL_PATTERN:-%5p}}{FATAL=red blink, ERROR=red, WARN=yellow bold, INFO=green, DEBUG=green bold, TRACE=blue} %style{%pid}{magenta} [%15.15t] %style{%-40.40C{1.}}{cyan} : %m%n%throwable"/> + </Console> + + <RollingFile fileName="var/log/onap/oom/truststore-merger/truststore-merger.log" + filePattern="logs/truststore-merger-%d{yyyy-MM-dd}-%i.log" name="ROLLING_FILE"> + <PatternLayout pattern="[%d{ISO8601}][%-5p][%-5c] %m%n"/> + <Policies> + <SizeBasedTriggeringPolicy size="64 MB"/> + </Policies> + <DefaultRolloverStrategy max="10"/> + </RollingFile> + + </Appenders> + + <Loggers> + + <Root level="DEBUG"> + <AppenderRef ref="CONSOLE"/> + <AppenderRef ref="ROLLING_FILE"/> + </Root> + + </Loggers> +</Configuration> |