diff options
25 files changed, 74 insertions, 143 deletions
diff --git a/certService/src/main/java/org/onap/oom/certservice/api/CertificationController.java b/certService/src/main/java/org/onap/oom/certservice/api/CertificationController.java index 8e2a378e..a4389ec2 100644 --- a/certService/src/main/java/org/onap/oom/certservice/api/CertificationController.java +++ b/certService/src/main/java/org/onap/oom/certservice/api/CertificationController.java @@ -28,7 +28,6 @@ import io.swagger.v3.oas.annotations.responses.ApiResponse; import io.swagger.v3.oas.annotations.responses.ApiResponses; import io.swagger.v3.oas.annotations.tags.Tag; import org.onap.oom.certservice.certification.CertificationResponseModelFactory; -import org.onap.oom.certservice.certification.exception.CertificateDecryptionException; import org.onap.oom.certservice.certification.exception.DecryptionException; import org.onap.oom.certservice.certification.exception.ErrorResponseModel; import org.onap.oom.certservice.certification.model.CertificateUpdateModel; @@ -112,7 +111,7 @@ public class CertificationController { @RequestHeader("PK") String encodedPrivateKey, @RequestHeader("OLD_CERT") String encodedOldCert, @RequestHeader("OLD_PK") String encodedOldPrivateKey - ) throws DecryptionException, CmpClientException, CertificateDecryptionException { + ) throws DecryptionException, CmpClientException { caName = replaceWhiteSpaceChars(caName); LOGGER.info("Received certificate update request for CA named: {}", caName); CertificateUpdateModel certificateUpdateModel = new CertificateUpdateModel.CertificateUpdateModelBuilder() diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/CertificationResponseModelFactory.java b/certService/src/main/java/org/onap/oom/certservice/certification/CertificationResponseModelFactory.java index 0e793bb0..af90bf7e 100644 --- a/certService/src/main/java/org/onap/oom/certservice/certification/CertificationResponseModelFactory.java +++ b/certService/src/main/java/org/onap/oom/certservice/certification/CertificationResponseModelFactory.java @@ -25,7 +25,6 @@ import org.onap.oom.certservice.certification.configuration.model.Cmpv2Server; import org.onap.oom.certservice.certification.conversion.CsrModelFactory; import org.onap.oom.certservice.certification.conversion.OldCertificateModelFactory; import org.onap.oom.certservice.certification.conversion.StringBase64; -import org.onap.oom.certservice.certification.exception.CertificateDecryptionException; import org.onap.oom.certservice.certification.exception.DecryptionException; import org.onap.oom.certservice.certification.model.CertificateUpdateModel; import org.onap.oom.certservice.certification.model.CertificationResponseModel; @@ -79,10 +78,9 @@ public class CertificationResponseModelFactory { } public CertificationResponseModel provideCertificationModelFromUpdateRequest(CertificateUpdateModel certificateUpdateModel) - throws DecryptionException, CmpClientException, CertificateDecryptionException { - LOGGER.info("CSR: " + certificateUpdateModel.getEncodedCsr() + - ", old cert: " + certificateUpdateModel.getEncodedOldCert() + - ", CA: " + certificateUpdateModel.getCaName()); + throws DecryptionException, CmpClientException { + LOGGER.info("CSR: {}, old cert: {}, CA: {}", certificateUpdateModel.getEncodedCsr(), + certificateUpdateModel.getEncodedOldCert(), certificateUpdateModel.getCaName()); final CsrModel csrModel = csrModelFactory.createCsrModel( new StringBase64(certificateUpdateModel.getEncodedCsr()), new StringBase64(certificateUpdateModel.getEncodedPrivateKey()) diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/configuration/model/CaMode.java b/certService/src/main/java/org/onap/oom/certservice/certification/configuration/model/CaMode.java deleted file mode 100644 index 9980ef50..00000000 --- a/certService/src/main/java/org/onap/oom/certservice/certification/configuration/model/CaMode.java +++ /dev/null @@ -1,35 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * PROJECT - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.oom.certservice.certification.configuration.model; - -public enum CaMode { - RA("RA"), CLIENT("Client"); - - private String profile; - - CaMode(String profile) { - this.profile = profile; - } - - public String getProfile() { - return profile; - } -} diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/configuration/model/Cmpv2Server.java b/certService/src/main/java/org/onap/oom/certservice/certification/configuration/model/Cmpv2Server.java index b27f2888..d2b62f7f 100644 --- a/certService/src/main/java/org/onap/oom/certservice/certification/configuration/model/Cmpv2Server.java +++ b/certService/src/main/java/org/onap/oom/certservice/certification/configuration/model/Cmpv2Server.java @@ -1,8 +1,8 @@ /* * ============LICENSE_START======================================================= - * PROJECT + * Cert Service * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. + * Copyright (C) 2020-2021 Nokia. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -23,10 +23,12 @@ package org.onap.oom.certservice.certification.configuration.model; import javax.validation.Valid; import javax.validation.constraints.NotNull; +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import org.bouncycastle.asn1.x500.X500Name; import org.hibernate.validator.constraints.Length; import org.onap.oom.certservice.certification.configuration.validation.constraints.Cmpv2Url; +@JsonIgnoreProperties(ignoreUnknown = true) public class Cmpv2Server { private static final int MAX_CA_NAME_LENGTH = 128; @@ -35,8 +37,6 @@ public class Cmpv2Server { @Valid private Authentication authentication; @NotNull - private CaMode caMode; - @NotNull @Length(min = 1, max = MAX_CA_NAME_LENGTH) private String caName; @NotNull @@ -52,14 +52,6 @@ public class Cmpv2Server { this.authentication = authentication; } - public CaMode getCaMode() { - return caMode; - } - - public void setCaMode(CaMode caMode) { - this.caMode = caMode; - } - public String getCaName() { return caName; } @@ -88,11 +80,9 @@ public class Cmpv2Server { public String toString() { return "Cmpv2Server{" + "authentication=" + authentication - + ", caMode=" + caMode + ", caName='" + caName + '\'' + ", issuerDN='" + issuerDN + '\'' + ", url='" + url + '\'' + '}'; } - } diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/exception/CertificateDecryptionException.java b/certService/src/main/java/org/onap/oom/certservice/certification/exception/CertificateDecryptionException.java index 16fdb44b..20df03c9 100644 --- a/certService/src/main/java/org/onap/oom/certservice/certification/exception/CertificateDecryptionException.java +++ b/certService/src/main/java/org/onap/oom/certservice/certification/exception/CertificateDecryptionException.java @@ -20,7 +20,7 @@ package org.onap.oom.certservice.certification.exception; -public class CertificateDecryptionException extends Exception { +public class CertificateDecryptionException extends DecryptionException { public CertificateDecryptionException(String message, Throwable cause) { super(message, cause); diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/model/CertificateData.java b/certService/src/main/java/org/onap/oom/certservice/certification/model/CertificateData.java index 3a00c915..bc701e08 100644 --- a/certService/src/main/java/org/onap/oom/certservice/certification/model/CertificateData.java +++ b/certService/src/main/java/org/onap/oom/certservice/certification/model/CertificateData.java @@ -20,15 +20,14 @@ package org.onap.oom.certservice.certification.model; -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.asn1.x509.GeneralName; - import java.util.Arrays; import java.util.Collections; import java.util.Comparator; import java.util.List; import java.util.Objects; import java.util.stream.Collectors; +import org.bouncycastle.asn1.x500.X500Name; +import org.bouncycastle.asn1.x509.GeneralName; public class CertificateData { @@ -49,10 +48,14 @@ public class CertificateData { } @Override - public boolean equals(Object o) { - if (this == o) return true; - if (o == null || getClass() != o.getClass()) return false; - CertificateData that = (CertificateData) o; + public boolean equals(Object obj) { + if (this == obj) { + return true; + } + if (obj == null || getClass() != obj.getClass()) { + return false; + } + CertificateData that = (CertificateData) obj; return Objects.equals(subject, that.subject) && Objects.equals(sortedSans, that.sortedSans); } diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/model/CertificateUpdateModel.java b/certService/src/main/java/org/onap/oom/certservice/certification/model/CertificateUpdateModel.java index 699ffe71..770d8812 100644 --- a/certService/src/main/java/org/onap/oom/certservice/certification/model/CertificateUpdateModel.java +++ b/certService/src/main/java/org/onap/oom/certservice/certification/model/CertificateUpdateModel.java @@ -31,7 +31,7 @@ public final class CertificateUpdateModel { private final String caName; private CertificateUpdateModel(String encodedCsr, String encodedPrivateKey, String encodedOldCert, - String encodedOldPrivateKey, String caName) { + String encodedOldPrivateKey, String caName) { this.encodedCsr = encodedCsr; this.encodedPrivateKey = encodedPrivateKey; this.encodedOldCert = encodedOldCert; @@ -60,15 +60,19 @@ public final class CertificateUpdateModel { } @Override - public boolean equals(Object o) { - if (this == o) return true; - if (o == null || getClass() != o.getClass()) return false; - CertificateUpdateModel that = (CertificateUpdateModel) o; + public boolean equals(Object obj) { + if (this == obj) { + return true; + } + if (obj == null || getClass() != obj.getClass()) { + return false; + } + CertificateUpdateModel that = (CertificateUpdateModel) obj; return Objects.equals(encodedCsr, that.encodedCsr) - && Objects.equals(encodedPrivateKey, that.encodedPrivateKey) - && Objects.equals(encodedOldCert, that.encodedOldCert) - && Objects.equals(encodedOldPrivateKey, that.encodedOldPrivateKey) - && Objects.equals(caName, that.caName); + && Objects.equals(encodedPrivateKey, that.encodedPrivateKey) + && Objects.equals(encodedOldCert, that.encodedOldCert) + && Objects.equals(encodedOldPrivateKey, that.encodedOldPrivateKey) + && Objects.equals(caName, that.caName); } @Override @@ -110,7 +114,8 @@ public final class CertificateUpdateModel { } public CertificateUpdateModel build() { - return new CertificateUpdateModel(encodedCsr, encodedPrivateKey, encodedOldCert, encodedOldPrivateKey, caName); + return new CertificateUpdateModel(encodedCsr, encodedPrivateKey, encodedOldCert, encodedOldPrivateKey, + caName); } } } diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java index 58291650..4332533b 100644 --- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java +++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java @@ -104,7 +104,7 @@ public class CmpClientImpl implements CmpClient { final CreateCertRequest certRequest = getCmpMessageBuilderWithCommonRequestValues(csrModel, cmpv2Server) .with(CreateCertRequest::setCmpRequestType, PKIBody.TYPE_KEY_UPDATE_REQ) - .with(CreateCertRequest::setExtraCerts, getCMPCertificate(oldCertificateModel.getOldCertificate())) + .with(CreateCertRequest::setExtraCerts, getCmpCertificate(oldCertificateModel.getOldCertificate())) .with(CreateCertRequest::setProtection, pkiMessageProtection) .build(); @@ -158,7 +158,7 @@ public class CmpClientImpl implements CmpClient { return new SignatureProtection(oldCertificateModel.getOldPrivateKey()); } - private CMPCertificate[] getCMPCertificate(Certificate oldCertificate) { + private CMPCertificate[] getCmpCertificate(Certificate oldCertificate) { CMPCertificate cert = new CMPCertificate(oldCertificate); return new CMPCertificate[]{cert}; } diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/validation/CmpCertificationValidator.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/validation/CmpCertificationValidator.java index b9a04a47..c5d6f3e8 100644 --- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/validation/CmpCertificationValidator.java +++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/validation/CmpCertificationValidator.java @@ -29,7 +29,6 @@ import org.bouncycastle.asn1.cmp.CertResponse; import org.bouncycastle.asn1.cmp.PKIHeader; import org.bouncycastle.asn1.cmp.PKIMessage; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.onap.oom.certservice.certification.configuration.model.CaMode; import org.onap.oom.certservice.certification.configuration.model.Cmpv2Server; import org.onap.oom.certservice.certification.model.CsrModel; import org.onap.oom.certservice.cmpv2client.exceptions.CmpClientException; @@ -50,7 +49,6 @@ import static org.onap.oom.certservice.cmpv2client.impl.CmpResponseValidationHel public class CmpCertificationValidator { private static final String DEFAULT_CA_NAME = "Certification Authority"; - private static final String DEFAULT_PROFILE = CaMode.RA.getProfile(); private static final ASN1ObjectIdentifier PASSWORD_BASED_MAC = new ASN1ObjectIdentifier("1.2.840.113533.7.66.13"); private static final Logger LOG = LoggerFactory.getLogger(CmpCertificationValidator.class); @@ -62,9 +60,8 @@ public class CmpCertificationValidator { final Date notAfter) { String caName = CmpUtil.isNullOrEmpty(server.getCaName()) ? server.getCaName() : DEFAULT_CA_NAME; - String profile = server.getCaMode() != null ? server.getCaMode().getProfile() : DEFAULT_PROFILE; LOG.info( - "Validate before creating Certificate Request for CA :{} in Mode {} ", caName, profile); + "Validate before creating Certificate Request for CA: {}", caName); CmpUtil.notNull(csrModel, "CsrModel Instance"); CmpUtil.notNull(csrModel.getSubjectData(), "Subject DN"); diff --git a/certService/src/test/java/org/onap/oom/certservice/api/CertificationControllerTest.java b/certService/src/test/java/org/onap/oom/certservice/api/CertificationControllerTest.java index 81c2d39a..d3738747 100644 --- a/certService/src/test/java/org/onap/oom/certservice/api/CertificationControllerTest.java +++ b/certService/src/test/java/org/onap/oom/certservice/api/CertificationControllerTest.java @@ -162,7 +162,7 @@ class CertificationControllerTest { @Test void shouldUpdateEndpointReturnDataAboutCsrBaseOnEncodedParameters() - throws DecryptionException, CmpClientException, CertificateDecryptionException { + throws DecryptionException, CmpClientException { // Given CertificationResponseModel testCertificationResponseModel = new CertificationResponseModel( Arrays.asList("ENTITY_CERT", "INTERMEDIATE_CERT"), @@ -183,7 +183,7 @@ class CertificationControllerTest { @Test void shouldThrowCertificateDecryptionExceptionWhenCreatingPemModelFails() - throws DecryptionException, CertificateDecryptionException, CmpClientException { + throws DecryptionException, CmpClientException { // Given String expectedMessage = "Incorrect certificate, decryption failed"; when(certificationResponseModelFactory.provideCertificationModelFromUpdateRequest(TEST_CERTIFICATE_UPDATE_MODEL)) diff --git a/certService/src/test/java/org/onap/oom/certservice/certification/CertificationProviderTest.java b/certService/src/test/java/org/onap/oom/certservice/certification/CertificationProviderTest.java index 192050dc..042b2aec 100644 --- a/certService/src/test/java/org/onap/oom/certservice/certification/CertificationProviderTest.java +++ b/certService/src/test/java/org/onap/oom/certservice/certification/CertificationProviderTest.java @@ -140,7 +140,7 @@ class CertificationProviderTest { // When when( cmpClient.executeKeyUpdateRequest(any(CsrModel.class), any(Cmpv2Server.class), any(OldCertificateModel.class)) - ).thenReturn(getCMPv2CertificationModel()); + ).thenReturn(getCmpv2CertificationModel()); CertificationResponseModel certificationModel = certificationProvider .executeKeyUpdateRequest(csrModel, server, oldCertificateModel); @@ -162,7 +162,7 @@ class CertificationProviderTest { when( cmpClient.executeInitializationRequest(any(CsrModel.class), any(Cmpv2Server.class)) - ).thenReturn(getCMPv2CertificationModel()); + ).thenReturn(getCmpv2CertificationModel()); CertificationResponseModel certificationModel = certificationProvider .executeInitializationRequest(csrModel, server); @@ -214,7 +214,7 @@ class CertificationProviderTest { return string.replace("\n", "").replace("\r", ""); } - private Cmpv2CertificationModel getCMPv2CertificationModel() throws IOException, CertificateException { + private Cmpv2CertificationModel getCmpv2CertificationModel() throws IOException, CertificateException { List<X509Certificate> certificateChain = getX509CertificateFromPem(TEST_CMPv2_KEYSTORE); List<X509Certificate> trustedCertificates = getX509CertificateFromPem(TEST_CMPv2_TRUSTSTORE); return new Cmpv2CertificationModel(certificateChain, trustedCertificates); diff --git a/certService/src/test/java/org/onap/oom/certservice/certification/CertificationResponseModelFactoryTest.java b/certService/src/test/java/org/onap/oom/certservice/certification/CertificationResponseModelFactoryTest.java index 205513f5..90dc2359 100644 --- a/certService/src/test/java/org/onap/oom/certservice/certification/CertificationResponseModelFactoryTest.java +++ b/certService/src/test/java/org/onap/oom/certservice/certification/CertificationResponseModelFactoryTest.java @@ -204,7 +204,7 @@ class CertificationResponseModelFactoryTest { @Test void shouldPerformKurWhenCsrAndOldCertDataMatch() - throws CertificateDecryptionException, DecryptionException, CmpClientException { + throws DecryptionException, CmpClientException { // Given CsrModel csrModel = mockCsrFactoryModelCreation(); Cmpv2Server testServer = mockCmpv2ProviderServerSelection(); @@ -229,7 +229,7 @@ class CertificationResponseModelFactoryTest { @Test void shouldThrowCmpClientExceptionWhenUpdateRequestFailed() - throws DecryptionException, CmpClientException, CertificateDecryptionException { + throws DecryptionException, CmpClientException { // Given String expectedMessage = "Exception occurred while send request to CMPv2 Server"; @@ -254,7 +254,7 @@ class CertificationResponseModelFactoryTest { @Test void shouldPerformCrWhenCsrAndOldCertDataDontMatch() - throws CertificateDecryptionException, DecryptionException, CmpClientException { + throws DecryptionException, CmpClientException { // Given CsrModel csrModel = mockCsrFactoryModelCreation(); Cmpv2Server testServer = mockCmpv2ProviderServerSelection(); diff --git a/certService/src/test/java/org/onap/oom/certservice/certification/TestData.java b/certService/src/test/java/org/onap/oom/certservice/certification/TestData.java index 3c47d866..8a4ba645 100644 --- a/certService/src/test/java/org/onap/oom/certservice/certification/TestData.java +++ b/certService/src/test/java/org/onap/oom/certservice/certification/TestData.java @@ -29,7 +29,7 @@ public final class TestData { public static final String EXPECTED_CERT_SUBJECT = "C=US,ST=California,L=San-Francisco,O=Linux-Foundation,OU=ONAP,CN=onap.org"; public static final String EXPECTED_CERT_SANS = - "SANs: [onap@onap.org, localhost, onap.org, test.onap.org, onap://cluster.local/, " + LOCALHOST_IP_IN_HEX +"]"; + "SANs: [onap@onap.org, localhost, onap.org, test.onap.org, onap://cluster.local/, " + LOCALHOST_IP_IN_HEX + "]"; public static final String TEST_CSR = "-----BEGIN CERTIFICATE REQUEST-----\n" diff --git a/certService/src/test/java/org/onap/oom/certservice/certification/configuration/CmpServersConfigLoaderTest.java b/certService/src/test/java/org/onap/oom/certservice/certification/configuration/CmpServersConfigLoaderTest.java index 98932d0c..1d6d177f 100644 --- a/certService/src/test/java/org/onap/oom/certservice/certification/configuration/CmpServersConfigLoaderTest.java +++ b/certService/src/test/java/org/onap/oom/certservice/certification/configuration/CmpServersConfigLoaderTest.java @@ -1,6 +1,6 @@ /* * ============LICENSE_START======================================================= - * PROJECT + * Cert Service * ================================================================================ * Copyright (C) 2020-2021 Nokia. All rights reserved. * ================================================================================ @@ -45,7 +45,6 @@ class CmpServersConfigLoaderTest { "CA_NAME", "TEST", "URL", "http://127.0.0.1/ejbca/publicweb/cmp/cmp", "ISSUER_DN", "CN=ManagementCA", - "CA_MODE", "CLIENT", "IAK", "xxx", "RV", "yyy" ); @@ -53,7 +52,6 @@ class CmpServersConfigLoaderTest { "CA_NAME", "TEST2", "URL", "http://127.0.0.1/ejbca/publicweb/cmp/cmpRA", "ISSUER_DN", "CN=ManagementCA2", - "CA_MODE", "RA", "IAK", "xxx", "RV", "yyy" ); @@ -111,7 +109,6 @@ class CmpServersConfigLoaderTest { assertThat(cmpv2Server.getCaName()).isEqualTo(expected.get("CA_NAME")); assertThat(cmpv2Server.getUrl()).isEqualTo(expected.get("URL")); assertThat(cmpv2Server.getIssuerDN()).hasToString(expected.get("ISSUER_DN")); - assertThat(cmpv2Server.getCaMode().name()).isEqualTo(expected.get("CA_MODE")); assertThat(cmpv2Server.getAuthentication().getIak()).isEqualTo(expected.get("IAK")); assertThat(cmpv2Server.getAuthentication().getRv()).isEqualTo(expected.get("RV")); } diff --git a/certService/src/test/java/org/onap/oom/certservice/certification/configuration/CmpServersConfigTest.java b/certService/src/test/java/org/onap/oom/certservice/certification/configuration/CmpServersConfigTest.java index e938fdde..fe325241 100644 --- a/certService/src/test/java/org/onap/oom/certservice/certification/configuration/CmpServersConfigTest.java +++ b/certService/src/test/java/org/onap/oom/certservice/certification/configuration/CmpServersConfigTest.java @@ -35,7 +35,6 @@ import org.mockito.Mock; import org.mockito.Mockito; import org.mockito.junit.jupiter.MockitoExtension; import org.onap.oom.certservice.certification.configuration.model.Authentication; -import org.onap.oom.certservice.certification.configuration.model.CaMode; import org.onap.oom.certservice.certification.configuration.model.Cmpv2Server; @ExtendWith(MockitoExtension.class) @@ -218,7 +217,6 @@ class CmpServersConfigTest { testAuthentication1.setIak("testIak"); testAuthentication1.setRv("testRv"); testServer1.setAuthentication(testAuthentication1); - testServer1.setCaMode(CaMode.RA); Cmpv2Server testServer2 = new Cmpv2Server(); testServer2.setCaName("TEST_CA2"); @@ -228,7 +226,6 @@ class CmpServersConfigTest { testAuthentication2.setIak("test2Iak"); testAuthentication2.setRv("test2Rv"); testServer2.setAuthentication(testAuthentication2); - testServer2.setCaMode(CaMode.CLIENT); return List.of(testServer1, testServer2); } diff --git a/certService/src/test/java/org/onap/oom/certservice/certification/configuration/Cmpv2ServerProviderTest.java b/certService/src/test/java/org/onap/oom/certservice/certification/configuration/Cmpv2ServerProviderTest.java index dc6de3ba..9e0982aa 100644 --- a/certService/src/test/java/org/onap/oom/certservice/certification/configuration/Cmpv2ServerProviderTest.java +++ b/certService/src/test/java/org/onap/oom/certservice/certification/configuration/Cmpv2ServerProviderTest.java @@ -27,7 +27,6 @@ import org.junit.jupiter.api.extension.ExtendWith; import org.mockito.Mock; import org.mockito.junit.jupiter.MockitoExtension; import org.onap.oom.certservice.certification.configuration.model.Authentication; -import org.onap.oom.certservice.certification.configuration.model.CaMode; import org.onap.oom.certservice.certification.configuration.model.Cmpv2Server; import org.onap.oom.certservice.certification.exception.Cmpv2ServerNotFoundException; @@ -93,7 +92,6 @@ class Cmpv2ServerProviderTest { testAuthentication.setIak("testIak"); testAuthentication.setRv("testRv"); testServer.setAuthentication(testAuthentication); - testServer.setCaMode(CaMode.RA); return testServer; } diff --git a/certService/src/test/java/org/onap/oom/certservice/certification/configuration/validation/Cmpv2ServersConfigurationValidatorTest.java b/certService/src/test/java/org/onap/oom/certservice/certification/configuration/validation/Cmpv2ServersConfigurationValidatorTest.java index b07c9035..e943d8fe 100644 --- a/certService/src/test/java/org/onap/oom/certservice/certification/configuration/validation/Cmpv2ServersConfigurationValidatorTest.java +++ b/certService/src/test/java/org/onap/oom/certservice/certification/configuration/validation/Cmpv2ServersConfigurationValidatorTest.java @@ -1,8 +1,8 @@ /* * ============LICENSE_START======================================================= - * PROJECT + * Cert Service * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. + * Copyright (C) 2020-2021 Nokia. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -27,7 +27,6 @@ import org.junit.jupiter.api.Test; import org.junit.jupiter.api.extension.ExtendWith; import org.onap.oom.certservice.CertServiceApplication; import org.onap.oom.certservice.certification.configuration.model.Authentication; -import org.onap.oom.certservice.certification.configuration.model.CaMode; import org.onap.oom.certservice.certification.configuration.model.Cmpv2Server; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.test.context.ContextConfiguration; @@ -141,15 +140,6 @@ class Cmpv2ServersConfigurationValidatorTest { } @Test - void shouldThrowExceptionWhenCaModeIsNull() { - // Given - server.setCaMode(null); - - // Then - assertExceptionIsThrown(); - } - - @Test void shouldThrowExceptionWhenUrlIsNull() { // Given server.setUrl(null); @@ -197,7 +187,6 @@ class Cmpv2ServersConfigurationValidatorTest { private void setServerConfiguration() { server = new Cmpv2Server(); - server.setCaMode(CaMode.CLIENT); server.setCaName("TEST"); server.setIssuerDN(new X500Name("CN=ManagementCA")); server.setUrl("http://127.0.0.1/ejbca/publicweb/cmp/cmp"); @@ -210,4 +199,4 @@ class Cmpv2ServersConfigurationValidatorTest { authentication.setIak("testIAK"); } -}
\ No newline at end of file +} diff --git a/certService/src/test/java/org/onap/oom/certservice/cmpv2client/ClientTestData.java b/certService/src/test/java/org/onap/oom/certservice/cmpv2client/ClientTestData.java index 845361ef..e3896acd 100644 --- a/certService/src/test/java/org/onap/oom/certservice/cmpv2client/ClientTestData.java +++ b/certService/src/test/java/org/onap/oom/certservice/cmpv2client/ClientTestData.java @@ -43,27 +43,27 @@ public final class ClientTestData { private static final OldCertificateModelFactory factory = new OldCertificateModelFactory(new PemStringToCertificateConverter(), new X509CertificateParser()); - static final OldCertificateModel createCorrectOldCertificateModel() throws CertificateDecryptionException { + static OldCertificateModel createCorrectOldCertificateModel() throws CertificateDecryptionException { return createOldCertificateModel(TEST_ENCODED_OLD_CERT, TEST_ENCODED_OLD_PRIVATE_KEY); } - static final OldCertificateModel createOldCertificateModelWithWrongCert() throws CertificateDecryptionException { + static OldCertificateModel createOldCertificateModelWithWrongCert() throws CertificateDecryptionException { return createOldCertificateModel(WRONG_OLD_CERT, TEST_ENCODED_OLD_PRIVATE_KEY); } - static final OldCertificateModel createOldCertificateModelWithWrongPrivateKey() throws CertificateDecryptionException { + static OldCertificateModel createOldCertificateModelWithWrongPrivateKey() throws CertificateDecryptionException { return createOldCertificateModel(TEST_ENCODED_OLD_CERT, WRONG_OLD_PRIVATE_KEY); } - static final OldCertificateModel createOldCertificateModelWithPrivateKeyInPKCS1() throws CertificateDecryptionException { + static OldCertificateModel createOldCertificateModelWithPrivateKeyInPkcs1() throws CertificateDecryptionException { return createOldCertificateModel(TEST_ENCODED_OLD_CERT, TEST_ENCODED_PRIVATE_KEY_IN_PKCS1); } - static final OldCertificateModel createOldCertificateModelWithPrivateKeyInPKCS8() throws CertificateDecryptionException { + static OldCertificateModel createOldCertificateModelWithPrivateKeyInPkcs8() throws CertificateDecryptionException { return createOldCertificateModel(TEST_ENCODED_OLD_CERT, TEST_ENCODED_PRIVATE_KEY_IN_PKCS8); } - private static final OldCertificateModel createOldCertificateModel(String certificate, String privateKey) throws CertificateDecryptionException { + private static OldCertificateModel createOldCertificateModel(String certificate, String privateKey) throws CertificateDecryptionException { StringBase64 base64EncodedCertificate = new StringBase64(certificate); return factory.createCertificateModel(base64EncodedCertificate, privateKey); } diff --git a/certService/src/test/java/org/onap/oom/certservice/cmpv2client/Cmpv2ClientTest.java b/certService/src/test/java/org/onap/oom/certservice/cmpv2client/Cmpv2ClientTest.java index 93dcbb77..23964ea3 100644 --- a/certService/src/test/java/org/onap/oom/certservice/cmpv2client/Cmpv2ClientTest.java +++ b/certService/src/test/java/org/onap/oom/certservice/cmpv2client/Cmpv2ClientTest.java @@ -26,8 +26,8 @@ import static org.mockito.Mockito.doAnswer; import static org.mockito.Mockito.spy; import static org.mockito.Mockito.when; import static org.mockito.MockitoAnnotations.initMocks; -import static org.onap.oom.certservice.cmpv2client.ClientTestData.createOldCertificateModelWithPrivateKeyInPKCS1; -import static org.onap.oom.certservice.cmpv2client.ClientTestData.createOldCertificateModelWithPrivateKeyInPKCS8; +import static org.onap.oom.certservice.cmpv2client.ClientTestData.createOldCertificateModelWithPrivateKeyInPkcs1; +import static org.onap.oom.certservice.cmpv2client.ClientTestData.createOldCertificateModelWithPrivateKeyInPkcs8; import java.io.BufferedInputStream; import java.io.ByteArrayInputStream; @@ -115,7 +115,7 @@ class Cmpv2ClientTest { private static KeyPair keyPair; - private final static Decoder BASE64_DECODER = Base64.getDecoder(); + private static final Decoder BASE64_DECODER = Base64.getDecoder(); @BeforeEach void setUp() @@ -233,7 +233,7 @@ class Cmpv2ClientTest { @Test - void shouldThrowCMPClientExceptionWhenCannotParseOldCertificate() { + void shouldThrowCmpClientExceptionWhenCannotParseOldCertificate() { setCsrModelAndServerTestDefaultValues(); CmpClientImpl cmpClient = new CmpClientImpl(httpClient); @@ -375,7 +375,7 @@ class Cmpv2ClientTest { try ( BufferedInputStream bis = new BufferedInputStream(new ByteArrayInputStream( - preparePKIMessageWithoutProtectionAlgorithm().getEncoded() + preparePkiMessageWithoutProtectionAlgorithm().getEncoded() ))) { byte[] ba = IOUtils.toByteArray(bis); @@ -473,7 +473,7 @@ class Cmpv2ClientTest { server.setIssuerDN(dn); } - private PKIMessage preparePKIMessageWithoutProtectionAlgorithm() { + private PKIMessage preparePkiMessageWithoutProtectionAlgorithm() { CertTemplateBuilder certTemplateBuilder = new CertTemplateBuilder(); X500Name issuerDN = getTestIssuerDN(); @@ -504,8 +504,8 @@ class Cmpv2ClientTest { private static Stream<Arguments> getTestUpdateModelWithSupportedPrivateKeys() throws CertificateDecryptionException { return Stream.of( - Arguments.of(createOldCertificateModelWithPrivateKeyInPKCS1()), - Arguments.of(createOldCertificateModelWithPrivateKeyInPKCS8()) + Arguments.of(createOldCertificateModelWithPrivateKeyInPkcs1()), + Arguments.of(createOldCertificateModelWithPrivateKeyInPkcs8()) ); } diff --git a/certService/src/test/resources/cmpServers.json b/certService/src/test/resources/cmpServers.json index ee9e72b9..5383826a 100644 --- a/certService/src/test/resources/cmpServers.json +++ b/certService/src/test/resources/cmpServers.json @@ -4,7 +4,6 @@ "caName": "TEST", "url": "http://127.0.0.1/ejbca/publicweb/cmp/cmp", "issuerDN": "CN=ManagementCA", - "caMode": "CLIENT", "authentication": { "iak": "xxx", "rv": "yyy" @@ -14,11 +13,10 @@ "caName": "TEST2", "url": "http://127.0.0.1/ejbca/publicweb/cmp/cmpRA", "issuerDN": "CN=ManagementCA2", - "caMode": "RA", "authentication": { "iak": "xxx", "rv": "yyy" } } ] -}
\ No newline at end of file +} diff --git a/certService/src/test/resources/invalidCmpServers.json b/certService/src/test/resources/invalidCmpServers.json index ac4b34af..a1ded3c2 100644 --- a/certService/src/test/resources/invalidCmpServers.json +++ b/certService/src/test/resources/invalidCmpServers.json @@ -3,17 +3,15 @@ { "caName": " ", "url": "http://127.0.0.1/ejbca/publicweb/cmp/cmp", - "issuerDN": "CN=ManagementCA", - "caMode": "CLIENT" + "issuerDN": "CN=ManagementCA" }, { "caName": "TEST2", "url": "http://127.0.0.1/ejbca/publicweb/cmp/cmpRA", - "caMode": "RA", "authentication": { "iak": "xxx", "rv": "yyy" } } ] -}
\ No newline at end of file +} diff --git a/certServiceK8sExternalProvider/deploy/_certificate_example_.yaml b/certServiceK8sExternalProvider/deploy/_certificate_example_.yaml index e5226906..2fb8e4a7 100644 --- a/certServiceK8sExternalProvider/deploy/_certificate_example_.yaml +++ b/certServiceK8sExternalProvider/deploy/_certificate_example_.yaml @@ -25,11 +25,11 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: - name: _sample_cert_name_ + name: cert-test namespace: onap spec: # The secret name to store the signed certificate - secretName: _sample_secret_name_ + secretName: cert-test-secret-name # Common Name commonName: certissuer.onap.org subject: @@ -57,4 +57,4 @@ spec: issuerRef: group: certmanager.onap.org kind: CMPv2Issuer - name: cmpv2-issuer + name: cmpv2-issuer-onap diff --git a/compose-resources/cmpServers.json b/compose-resources/cmpServers.json index 8972fd4d..0d883eae 100644 --- a/compose-resources/cmpServers.json +++ b/compose-resources/cmpServers.json @@ -4,7 +4,6 @@ "caName": "Client", "url": "http://oomcert-ejbca:8080/ejbca/publicweb/cmp/cmp", "issuerDN": "O=EJBCA Container Quickstart,CN=ManagementCA,UID=12345", - "caMode": "CLIENT", "authentication": { "iak": "mypassword", "rv": "mypassword" @@ -14,7 +13,6 @@ "caName": "RA", "url": "http://oomcert-ejbca:8080/ejbca/publicweb/cmp/cmpRA", "issuerDN": "O=EJBCA Container Quickstart,CN=ManagementCA,UID=12345", - "caMode": "RA", "authentication": { "iak": "mypassword", "rv": "mypassword" diff --git a/docs/sections/change-log.rst b/docs/sections/change-log.rst index 41b23fad..ad54434a 100644 --- a/docs/sections/change-log.rst +++ b/docs/sections/change-log.rst @@ -19,7 +19,7 @@ Version: 2.4.0 **New Features** - N/A + Add certificate update use case (support for CMPv2 messages: Key Update Request and Certification Request). **Bug Fixes** @@ -47,6 +47,8 @@ Version: 2.4.0 **Upgrade Notes** + caMode is removed from cmpServers.json configuration file. + **Deprecation Notes** CertService client is not supported since Istanbul release. diff --git a/docs/sections/configuration.rst b/docs/sections/configuration.rst index 6ba7c1b4..97630731 100644 --- a/docs/sections/configuration.rst +++ b/docs/sections/configuration.rst @@ -20,7 +20,6 @@ Example cmpServers.json file: "caName": "Client", "url": "http://oomcert-ejbca:8080/ejbca/publicweb/cmp/cmp", "issuerDN": "CN=ManagementCA", - "caMode": "CLIENT", "authentication": { "iak": "mypassword", "rv": "mypassword" @@ -30,7 +29,6 @@ Example cmpServers.json file: "caName": "RA", "url": "http://oomcert-ejbca:8080/ejbca/publicweb/cmp/cmpRA", "issuerDN": "CN=ManagementCA", - "caMode": "RA", "authentication": { "iak": "mypassword", "rv": "mypassword" @@ -44,7 +42,6 @@ This contains list of CMP Servers, where each server has following properties: - *caName* - name of the external CA server. It's used to match *CA_NAME* sent by CertService client in order to match proper configuration. - *url* - URL to CMPv2 server - *issuerDN* - Distinguished Name of the CA that will sign the certificate - - *caMode* - Issuer mode. Allowed values are *CLIENT* and *RA* - *authentication* - *iak* - Initial authentication key, used to authenticate request in CMPv2 server @@ -240,7 +237,7 @@ Default Values: +---------------------+---------------------------------------------------------------------------------------------------------------------------------+ | Name | Value | +=====================+=================================================================================================================================+ -| Request URL | http://ejbca:8080/ejbca/publicweb/cmp/cmpRA | +| Request URL | http://ejbca:8080/ejbca/publicweb/cmp/cmpRA | +---------------------+---------------------------------------------------------------------------------------------------------------------------------+ | Response Type | PKI Response | +---------------------+---------------------------------------------------------------------------------------------------------------------------------+ |