diff options
21 files changed, 406 insertions, 91 deletions
diff --git a/certService/README.md b/certService/README.md index b7d4fdd6..76bfba23 100644 --- a/certService/README.md +++ b/certService/README.md @@ -95,9 +95,9 @@ audit.log error.log debug.log API is described by Swagger ( OpenAPI 3.0 ) on endpoint /docs ( endpoint is defined in properties as springdoc.swagger-ui.path ) ``` -http://localchost:8080/docs +http://localhost:8080/docs ``` ### OpenAPI during project building yaml file with openAPI 3.0 documentation is generated in target directory with name api-docs.yaml -file OpenAPI.yaml located in certService directory must be update be hand if needed +file OpenAPI.yaml located in ./docs/sections/resources directory must be updated be hand if needed diff --git a/certService/src/main/java/org/onap/oom/certservice/api/CertificationController.java b/certService/src/main/java/org/onap/oom/certservice/api/CertificationController.java index a4389ec2..931ad8c6 100644 --- a/certService/src/main/java/org/onap/oom/certservice/api/CertificationController.java +++ b/certService/src/main/java/org/onap/oom/certservice/api/CertificationController.java @@ -28,6 +28,7 @@ import io.swagger.v3.oas.annotations.responses.ApiResponse; import io.swagger.v3.oas.annotations.responses.ApiResponses; import io.swagger.v3.oas.annotations.tags.Tag; import org.onap.oom.certservice.certification.CertificationResponseModelFactory; +import org.onap.oom.certservice.certification.exception.CertificateDecryptionException; import org.onap.oom.certservice.certification.exception.DecryptionException; import org.onap.oom.certservice.certification.exception.ErrorResponseModel; import org.onap.oom.certservice.certification.model.CertificateUpdateModel; @@ -72,23 +73,23 @@ public class CertificationController { content = @Content(schema = @Schema(implementation = ErrorResponseModel.class))), @ApiResponse(responseCode = "404", description = "CA not found for given name", content = @Content(schema = @Schema(implementation = ErrorResponseModel.class))), - @ApiResponse(responseCode = "500", description = "Something went wrong during connectiion to CMPv2 server", + @ApiResponse(responseCode = "500", description = "Something went wrong during connection to CMPv2 server", content = @Content(schema = @Schema(implementation = ErrorResponseModel.class))) }) @Operation( - summary = "sign certificate", - description = "Web endpoint for requesting certificate signing. Used by system components to gain certificate signed by CA.", + summary = "Initialize certificate", + description = "Web endpoint for requesting certificate initialization. Used by system components to gain certificate signed by CA.", tags = {"CertificationService"}) public ResponseEntity<CertificationResponseModel> signCertificate( @Parameter(description = "Name of certification authority that will sign CSR.") @PathVariable String caName, - @Parameter(description = "Certificate signing request in form of PEM object encoded in Base64 (with header and footer).") + @Parameter(description = "Certificate initialization request in form of PEM object encoded in Base64 (with header and footer).") @RequestHeader("CSR") String encodedCsr, @Parameter(description = "Private key in form of PEM object encoded in Base64 (with header and footer).") @RequestHeader("PK") String encodedPrivateKey ) throws DecryptionException, CmpClientException { caName = replaceWhiteSpaceChars(caName); - LOGGER.info("Received certificate signing request for CA named: {}", caName); + LOGGER.info("Received certificate initialization request for CA named: {}", caName); CertificationResponseModel certificationResponseModel = certificationResponseModelFactory .provideCertificationModelFromInitialRequest(encodedCsr, encodedPrivateKey, caName); return new ResponseEntity<>(certificationResponseModel, HttpStatus.OK); @@ -105,11 +106,30 @@ public class CertificationController { * @return JSON containing trusted certificates and certificate chain */ @GetMapping(value = "v1/certificate-update/{caName}", produces = "application/json") + @ApiResponses(value = { + @ApiResponse(responseCode = "200", description = "Certificate successfully updated"), + @ApiResponse(responseCode = "400", description = "Given CSR, PK, old certificate or/and old PK is incorrect", + content = @Content(schema = @Schema(implementation = ErrorResponseModel.class))), + @ApiResponse(responseCode = "404", description = "CA not found for given name", + content = @Content(schema = @Schema(implementation = ErrorResponseModel.class))), + @ApiResponse(responseCode = "500", description = "Something went wrong during connection to CMPv2 server", + content = @Content(schema = @Schema(implementation = ErrorResponseModel.class))) + }) + @Operation( + summary = "Update certificate", + description = "Web endpoint for updating certificate. Used by system components to update certificate signed by CA.", + tags = {"CertificationService"}) public ResponseEntity<CertificationResponseModel> updateCertificate( + @Parameter(description = "Name of certification authority that will update certificate.") @PathVariable String caName, + @Parameter(description = "Certificate signing request in form of PEM object encoded in Base64 (with header and footer).") @RequestHeader("CSR") String encodedCsr, + @Parameter(description = "Private key in form of PEM object encoded in Base64 (with header and footer).") @RequestHeader("PK") String encodedPrivateKey, + @Parameter(description = "Old certificate in form of PEM object encoded in Base64 (with header and footer).") @RequestHeader("OLD_CERT") String encodedOldCert, + @Parameter(description = "Old private key (corresponding with old certificate) " + + "in form of PEM object encoded in Base64 (with header and footer).") @RequestHeader("OLD_PK") String encodedOldPrivateKey ) throws DecryptionException, CmpClientException { caName = replaceWhiteSpaceChars(caName); diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/CertificationResponseModelFactory.java b/certService/src/main/java/org/onap/oom/certservice/certification/CertificationResponseModelFactory.java index af90bf7e..4c50f6fe 100644 --- a/certService/src/main/java/org/onap/oom/certservice/certification/CertificationResponseModelFactory.java +++ b/certService/src/main/java/org/onap/oom/certservice/certification/CertificationResponseModelFactory.java @@ -2,7 +2,7 @@ * ============LICENSE_START======================================================= * Cert Service * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. + * Copyright (C) 2020-2021 Nokia. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -72,14 +72,14 @@ public class CertificationResponseModelFactory { Cmpv2Server cmpv2Server = cmpv2ServerProvider.getCmpv2Server(caName); LOGGER.debug("Found server for given CA name: \n{}", cmpv2Server); - LOGGER.info("Sending sign request for certification model for CA named: {}, and certificate signing request:\n{}", + LOGGER.info("Sending initialization request for certification model for CA named: {}, and certificate signing request:\n{}", caName, csrModel); return certificationProvider.executeInitializationRequest(csrModel, cmpv2Server); } public CertificationResponseModel provideCertificationModelFromUpdateRequest(CertificateUpdateModel certificateUpdateModel) throws DecryptionException, CmpClientException { - LOGGER.info("CSR: {}, old cert: {}, CA: {}", certificateUpdateModel.getEncodedCsr(), + LOGGER.debug("CSR: {}, old cert: {}, CA: {}", certificateUpdateModel.getEncodedCsr(), certificateUpdateModel.getEncodedOldCert(), certificateUpdateModel.getCaName()); final CsrModel csrModel = csrModelFactory.createCsrModel( new StringBase64(certificateUpdateModel.getEncodedCsr()), diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java index c4be54ce..463451bd 100644 --- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java +++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java @@ -75,7 +75,7 @@ public final class CmpMessageHelper { */ public static OptionalValidity generateOptionalValidity( final Date notBefore, final Date notAfter) { - LOG.info("Generating Optional Validity from Date objects"); + LOG.debug("Generating Optional Validity from Date objects"); ASN1EncodableVector optionalValidityV = new ASN1EncodableVector(); if (notBefore != null) { Time nb = new Time(notBefore); @@ -95,7 +95,7 @@ public final class CmpMessageHelper { */ public static Extensions generateExtension(final GeneralName[] sansArray) throws CmpClientException { - LOG.info("Generating Extensions from Subject Alternative Names"); + LOG.debug("Generating Extensions from Subject Alternative Names"); final ExtensionsGenerator extGenerator = new ExtensionsGenerator(); try { extGenerator.addExtension(Extension.keyUsage, CRITICAL_FALSE, getKeyUsage()); diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpResponseHelper.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpResponseHelper.java index 1b900987..87dfc507 100644 --- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpResponseHelper.java +++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpResponseHelper.java @@ -1,8 +1,7 @@ /*- * ============LICENSE_START======================================================= - * Copyright (C) 2020 Nordix Foundation. - * ================================================================================ - * Modification copyright 2021 Nokia + * Copyright (C) 2020 Nordix Foundation. + * Copyright (C) 2021 Nokia. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -63,13 +62,20 @@ import org.slf4j.LoggerFactory; public final class CmpResponseHelper { private static final Logger LOG = LoggerFactory.getLogger(CmpResponseHelper.class); + private static final Map<Integer, String> RESPONSE_TYPE_TO_STRING = Map.of( + PKIBody.TYPE_INIT_REP, "INIT_REP", + PKIBody.TYPE_CERT_REP, "CERT_REP", + PKIBody.TYPE_KEY_UPDATE_REP, "KEY_UPDATE_REP"); private CmpResponseHelper() { } static void checkIfCmpResponseContainsError(PKIMessage respPkiMessage) { - LOG.info("Response type: {} ", respPkiMessage.getBody().getType()); - if (respPkiMessage.getBody().getType() == PKIBody.TYPE_ERROR) { + final int responseType = respPkiMessage.getBody().getType(); + final String responseTypeName = RESPONSE_TYPE_TO_STRING.getOrDefault(responseType, Integer.toString(responseType)); + LOG.info("Response type is: {} ", responseTypeName); + + if (responseType == PKIBody.TYPE_ERROR) { final ErrorMsgContent errorMsgContent = (ErrorMsgContent) respPkiMessage.getBody().getContent(); String text = errorMsgContent.getPKIStatusInfo().getStatusString().getStringAt(0).getString(); diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpUtil.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpUtil.java index a05a5b7a..0d0d7f34 100644 --- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpUtil.java +++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpUtil.java @@ -84,7 +84,7 @@ public final class CmpUtil { * @return bytes containing a random number string representing a nonce */ public static byte[] createRandomBytes() { - LOGGER.info("Generating random array of bytes"); + LOGGER.debug("Generating random array of bytes"); byte[] randomBytes = new byte[RANDOM_BYTE_LENGTH]; SECURE_RANDOM.nextBytes(randomBytes); return randomBytes; @@ -97,7 +97,7 @@ public final class CmpUtil { * @return bytes containing a random number string representing a nonce */ public static int createRandomInt(int range) { - LOGGER.info("Generating random integer"); + LOGGER.debug("Generating random integer"); return SECURE_RANDOM.nextInt(range) + RANDOM_SEED; } @@ -109,7 +109,7 @@ public final class CmpUtil { * @return bytes representing the PKIHeader and PKIBody thats to be protected */ public static byte[] generateProtectedBytes(PKIHeader header, PKIBody body) throws CmpClientException { - LOGGER.info("Generating array of bytes representing PkiHeader and PkiBody"); + LOGGER.debug("Generating array of bytes representing PkiHeader and PkiBody"); byte[] res; ASN1EncodableVector vector = new ASN1EncodableVector(); vector.add(header); @@ -139,7 +139,7 @@ public final class CmpUtil { */ static PKIHeader generatePkiHeader( X500Name subjectDn, X500Name issuerDn, AlgorithmIdentifier protectionAlg, String senderKid) { - LOGGER.info("Generating a Pki Header Builder"); + LOGGER.debug("Generating a Pki Header Builder"); PKIHeaderBuilder pkiHeaderBuilder = new PKIHeaderBuilder( PKIHeader.CMP_2000, new GeneralName(subjectDn), new GeneralName(issuerDn)); diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/validation/CmpCertificationValidator.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/validation/CmpCertificationValidator.java index 93c60474..0421e9c7 100644 --- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/validation/CmpCertificationValidator.java +++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/validation/CmpCertificationValidator.java @@ -1,8 +1,7 @@ /*- * ============LICENSE_START======================================================= * Copyright (C) 2020 Nordix Foundation. - * ================================================================================ - * Modification copyright 2021 Nokia + * Copyright (C) 2021 Nokia. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -75,6 +74,7 @@ public class CmpCertificationValidator { if (notBefore != null && notAfter != null && notBefore.compareTo(notAfter) > 0) { throw new IllegalArgumentException("Before Date is set after the After Date"); } + LOG.info("Validation completed successfully."); } public void checkCmpResponse(final PKIMessage respPkiMessage, final PublicKey publicKey, final String initAuthPassword) @@ -127,9 +127,7 @@ public class CmpCertificationValidator { } private void logServerResponse(CertResponse certResponse) { - if (LOG.isInfoEnabled()) { - LOG.info("Response status code: {}", certResponse.getStatus().getStatus()); - } + LOG.info("Response status code: {}", certResponse.getStatus().getStatus()); if (certResponse.getStatus().getStatusString() != null) { String serverMessage = certResponse.getStatus().getStatusString().getStringAt(0).getString(); LOG.warn("Response status text: {}", serverMessage); diff --git a/certServiceK8sExternalProvider/src/certserviceclient/cert_service_client.go b/certServiceK8sExternalProvider/src/certserviceclient/cert_service_client.go index 4806c4a1..f4cc9991 100644 --- a/certServiceK8sExternalProvider/src/certserviceclient/cert_service_client.go +++ b/certServiceK8sExternalProvider/src/certserviceclient/cert_service_client.go @@ -2,7 +2,7 @@ * ============LICENSE_START======================================================= * oom-certservice-k8s-external-provider * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. + * Copyright (C) 2020-2021 Nokia. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -25,21 +25,27 @@ import ( "encoding/json" "fmt" "net/http" + + "onap.org/oom-certservice/k8s-external-provider/src/model" ) const ( - CsrHeaderName = "CSR" - PkHeaderName = "PK" + CsrHeaderName = "CSR" + PkHeaderName = "PK" + OldPkHeaderName = "OLD_PK" + OldCertificateHeaderName = "OLD_CERT" ) type CertServiceClient interface { GetCertificates(csr []byte, key []byte) (*CertificatesResponse, error) CheckHealth() error + UpdateCertificate(csr []byte, key []byte, signCertificateModel model.SignCertificateModel) (*CertificatesResponse, error) } type CertServiceClientImpl struct { healthUrl string certificationUrl string + updateUrl string httpClient HTTPClient } @@ -83,6 +89,25 @@ func (client *CertServiceClientImpl) GetCertificates(csr []byte, key []byte) (*C request.Header.Add(CsrHeaderName, base64.StdEncoding.EncodeToString(csr)) request.Header.Add(PkHeaderName, base64.StdEncoding.EncodeToString(key)) + + return client.executeRequest(request) +} + +func (client *CertServiceClientImpl) UpdateCertificate(csr []byte, key []byte, signCertificateModel model.SignCertificateModel) (*CertificatesResponse, error) { + request, err := http.NewRequest("GET", client.updateUrl, nil) + if err != nil { + return nil, err + } + + request.Header.Add(CsrHeaderName, base64.StdEncoding.EncodeToString(csr)) + request.Header.Add(PkHeaderName, base64.StdEncoding.EncodeToString(key)) + request.Header.Add(OldPkHeaderName, signCertificateModel.OldPrivateKey) + request.Header.Add(OldCertificateHeaderName, signCertificateModel.OldCertificate) + + return client.executeRequest(request) +} + +func (client *CertServiceClientImpl) executeRequest(request *http.Request) (*CertificatesResponse, error) { response, err := client.httpClient.Do(request) if err != nil { return nil, err diff --git a/certServiceK8sExternalProvider/src/certserviceclient/cert_service_client_factory.go b/certServiceK8sExternalProvider/src/certserviceclient/cert_service_client_factory.go index 0fa1d165..380cbcf9 100644 --- a/certServiceK8sExternalProvider/src/certserviceclient/cert_service_client_factory.go +++ b/certServiceK8sExternalProvider/src/certserviceclient/cert_service_client_factory.go @@ -2,7 +2,7 @@ * ============LICENSE_START======================================================= * oom-certservice-k8s-external-provider * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. + * Copyright (C) 2020-2021 Nokia. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -29,7 +29,7 @@ import ( "path" ) -func CreateCertServiceClient(baseUrl string, healthEndpoint string, certEndpoint string, caName string, +func CreateCertServiceClient(baseUrl string, healthEndpoint string, certEndpoint string, updateEndpoint string, caName string, keyPemBase64 []byte, certPemBase64 []byte, cacertPemBase64 []byte) (*CertServiceClientImpl, error) { cert, err := tls.X509KeyPair(certPemBase64, keyPemBase64) if err != nil { @@ -49,31 +49,34 @@ func CreateCertServiceClient(baseUrl string, healthEndpoint string, certEndpoint }, }, } - healthUrl, certificationUrl, err := validateAndParseUrls(baseUrl, healthEndpoint, certEndpoint, caName) + healthUrl, certificationUrl, updateUrl, err := validateAndParseUrls(baseUrl, healthEndpoint, certEndpoint, updateEndpoint, caName) if err != nil { return nil, err } client := CertServiceClientImpl{ healthUrl: healthUrl, certificationUrl: certificationUrl, + updateUrl: updateUrl, httpClient: httpClient, } return &client, nil } -func validateAndParseUrls(baseUrl string, healthEndpoint string, certEndpoint string, caName string) (string, string, error) { +func validateAndParseUrls(baseUrl string, healthEndpoint string, certEndpoint string, updateEndpoint string, caName string) (string, string, string, error) { if err := validateUrls(baseUrl, healthEndpoint, certEndpoint, caName); err != nil { - return "", "", err + return "", "", "", err } certUrl, _ := url.Parse(baseUrl) healthUrl, _ := url.Parse(baseUrl) + updateUrl, _ := url.Parse(baseUrl) certUrl.Path = path.Join(certEndpoint, caName) healthUrl.Path = path.Join(healthEndpoint) + updateUrl.Path = path.Join(updateEndpoint, caName) - return healthUrl.String(), certUrl.String(), nil + return healthUrl.String(), certUrl.String(), updateUrl.String(), nil } func validateUrls(baseUrl string, healthEndpoint string, certEndpoint string, caName string) error { diff --git a/certServiceK8sExternalProvider/src/certserviceclient/cert_service_client_factory_test.go b/certServiceK8sExternalProvider/src/certserviceclient/cert_service_client_factory_test.go index 5d255a62..a844e53c 100644 --- a/certServiceK8sExternalProvider/src/certserviceclient/cert_service_client_factory_test.go +++ b/certServiceK8sExternalProvider/src/certserviceclient/cert_service_client_factory_test.go @@ -2,7 +2,7 @@ * ============LICENSE_START======================================================= * oom-certservice-k8s-external-provider * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. + * Copyright (C) 2020-2021 Nokia. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -29,17 +29,19 @@ import ( ) const ( - validUrl = "https://oom-cert-service:8443/" - validUrl2 = "https://oom-cert-service:8443" - invalidUrl = "https://oom-cert service:8443/" - healthEndpoint = "actuator/health" - healthEndpointInvalid = ":/actuator/health" - certEndpoint = "v1/certificate" - certEndpointInvalid = ":/v1/certificate" - caName = "RA" - caNameInvalid = ":/RA" - expectedCertificationUrl = "https://oom-cert-service:8443/v1/certificate/RA" - expectedHealthCheckUrl = "https://oom-cert-service:8443/actuator/health" + validUrl = "https://oom-cert-service:8443/" + validUrl2 = "https://oom-cert-service:8443" + invalidUrl = "https://oom-cert service:8443/" + healthEndpoint = "actuator/health" + healthEndpointInvalid = ":/actuator/health" + certEndpoint = "v1/certificate" + updateEndpoint = "v1/certificate-update" + certEndpointInvalid = ":/v1/certificate" + certUpdateEndpointInvalid = ":/v1/certificate-update" + caName = "RA" + caNameInvalid = ":/RA" + expectedCertificationUrl = "https://oom-cert-service:8443/v1/certificate/RA" + expectedHealthCheckUrl = "https://oom-cert-service:8443/actuator/health" ) func Test_shouldCreateCertServiceClient(t *testing.T) { @@ -48,7 +50,7 @@ func Test_shouldCreateCertServiceClient(t *testing.T) { } func shouldCreateCertServiceClientWithExpectedUrl(t *testing.T, baseUrl string) { - client, err := CreateCertServiceClient(baseUrl, healthEndpoint, certEndpoint, caName, testdata.KeyBytes, testdata.CertBytes, testdata.CacertBytes) + client, err := CreateCertServiceClient(baseUrl, healthEndpoint, certEndpoint, updateEndpoint, caName, testdata.KeyBytes, testdata.CertBytes, testdata.CacertBytes) assert.NotNil(t, client) assert.Nil(t, err) @@ -57,42 +59,49 @@ func shouldCreateCertServiceClientWithExpectedUrl(t *testing.T, baseUrl string) } func Test_shouldReturnError_whenCaNameInvalid(t *testing.T) { - client, err := CreateCertServiceClient(validUrl, healthEndpoint, certEndpoint, caNameInvalid, testdata.KeyBytes, testdata.CertBytes, testdata.CacertBytes) + client, err := CreateCertServiceClient(validUrl, healthEndpoint, certEndpoint, updateEndpoint, caNameInvalid, testdata.KeyBytes, testdata.CertBytes, testdata.CacertBytes) assert.Nil(t, client) assert.Error(t, err) } func Test_shouldReturnError_whenHealthEndpointInvalid(t *testing.T) { - client, err := CreateCertServiceClient(validUrl, healthEndpointInvalid, certEndpoint, caName, testdata.KeyBytes, testdata.CertBytes, testdata.CacertBytes) + client, err := CreateCertServiceClient(validUrl, healthEndpointInvalid, certEndpoint, updateEndpoint, caName, testdata.KeyBytes, testdata.CertBytes, testdata.CacertBytes) assert.Nil(t, client) assert.Error(t, err) } func Test_shouldReturnError_whenCertEndpointInvalid(t *testing.T) { - client, err := CreateCertServiceClient(validUrl, healthEndpoint, certEndpointInvalid, caName, testdata.KeyBytes, testdata.CertBytes, testdata.CacertBytes) + client, err := CreateCertServiceClient(validUrl, healthEndpoint, certEndpointInvalid, updateEndpoint, caName, testdata.KeyBytes, testdata.CertBytes, testdata.CacertBytes) + + assert.Nil(t, client) + assert.Error(t, err) +} + +func Test_shouldReturnError_whenUpdateCertificateEndpointInvalid(t *testing.T) { + client, err := CreateCertServiceClient(validUrl, healthEndpoint, certEndpoint, certUpdateEndpointInvalid, caName, testdata.KeyBytes, testdata.CertBytes, testdata.KeyBytes) assert.Nil(t, client) assert.Error(t, err) } func Test_shouldReturnError_whenUrlInvalid(t *testing.T) { - client, err := CreateCertServiceClient(invalidUrl, healthEndpoint, certEndpoint, caName, testdata.KeyBytes, testdata.CertBytes, testdata.CacertBytes) + client, err := CreateCertServiceClient(invalidUrl, healthEndpoint, certEndpoint, updateEndpoint, caName, testdata.KeyBytes, testdata.CertBytes, testdata.CacertBytes) assert.Nil(t, client) assert.Error(t, err) } func Test_shouldReturnError_whenCanameEmpty(t *testing.T) { - client, err := CreateCertServiceClient(validUrl, healthEndpoint, certEndpoint, "", testdata.KeyBytes, testdata.CertBytes, testdata.CacertBytes) + client, err := CreateCertServiceClient(validUrl, healthEndpoint, certEndpoint, updateEndpoint, "", testdata.KeyBytes, testdata.CertBytes, testdata.CacertBytes) assert.Nil(t, client) assert.Error(t, err) } func Test_shouldReturnError_whenKeyNotMatchingCert(t *testing.T) { - client, err := CreateCertServiceClient(validUrl, healthEndpoint, certEndpoint, caName, testdata.NotMatchingKeyBytes, testdata.CertBytes, testdata.CacertBytes) + client, err := CreateCertServiceClient(validUrl, healthEndpoint, certEndpoint, updateEndpoint, caName, testdata.NotMatchingKeyBytes, testdata.CertBytes, testdata.CacertBytes) assert.Nil(t, client) assert.Error(t, err) @@ -100,7 +109,7 @@ func Test_shouldReturnError_whenKeyNotMatchingCert(t *testing.T) { func Test_shouldReturnError_whenKeyInvalid(t *testing.T) { //Cert used as key - client, err := CreateCertServiceClient(validUrl, healthEndpoint, certEndpoint, caName, testdata.CertBytes, testdata.CertBytes, testdata.CacertBytes) + client, err := CreateCertServiceClient(validUrl, healthEndpoint, certEndpoint, updateEndpoint, caName, testdata.CertBytes, testdata.CertBytes, testdata.CacertBytes) assert.Nil(t, client) assert.Error(t, err) @@ -108,7 +117,7 @@ func Test_shouldReturnError_whenKeyInvalid(t *testing.T) { func Test_shouldReturnError_whenCertInvalid(t *testing.T) { //Cacert used as cert - client, err := CreateCertServiceClient(validUrl, healthEndpoint, certEndpoint, caName, testdata.KeyBytes, testdata.CacertBytes, testdata.CacertBytes) + client, err := CreateCertServiceClient(validUrl, healthEndpoint, certEndpoint, updateEndpoint, caName, testdata.KeyBytes, testdata.CacertBytes, testdata.CacertBytes) assert.Nil(t, client) assert.Error(t, err) @@ -116,7 +125,7 @@ func Test_shouldReturnError_whenCertInvalid(t *testing.T) { func Test_shouldReturnError_whenCacertInvalid(t *testing.T) { //Key used as cacert - client, err := CreateCertServiceClient(validUrl, healthEndpoint, certEndpoint, caName, testdata.KeyBytes, testdata.CertBytes, testdata.KeyBytes) + client, err := CreateCertServiceClient(validUrl, healthEndpoint, certEndpoint, updateEndpoint, caName, testdata.KeyBytes, testdata.CertBytes, testdata.KeyBytes) assert.Nil(t, client) assert.Error(t, err) diff --git a/certServiceK8sExternalProvider/src/certserviceclient/cert_service_client_mock.go b/certServiceK8sExternalProvider/src/certserviceclient/cert_service_client_mock.go index d060a980..a6fec1fd 100644 --- a/certServiceK8sExternalProvider/src/certserviceclient/cert_service_client_mock.go +++ b/certServiceK8sExternalProvider/src/certserviceclient/cert_service_client_mock.go @@ -2,7 +2,7 @@ * ============LICENSE_START======================================================= * oom-certservice-k8s-external-provider * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. + * Copyright (C) 2020-2021 Nokia. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -20,8 +20,15 @@ package certserviceclient +import "onap.org/oom-certservice/k8s-external-provider/src/model" + type CertServiceClientMock struct { - GetCertificatesFunc func(csr []byte, key []byte) (*CertificatesResponse, error) + GetCertificatesFunc func(csr []byte, key []byte) (*CertificatesResponse, error) + UpdateCertificateFunc func(csr []byte, key []byte, signCertificateModel model.SignCertificateModel) (*CertificatesResponse, error) +} + +func (client *CertServiceClientMock) UpdateCertificate(csr []byte, key []byte, signCertificateModel model.SignCertificateModel) (*CertificatesResponse, error) { + return client.UpdateCertificateFunc(csr, key, signCertificateModel) } func (client *CertServiceClientMock) GetCertificates(csr []byte, key []byte) (*CertificatesResponse, error) { diff --git a/certServiceK8sExternalProvider/src/certserviceclient/cert_service_client_test.go b/certServiceK8sExternalProvider/src/certserviceclient/cert_service_client_test.go index 5e80f7f7..e1c6bb91 100644 --- a/certServiceK8sExternalProvider/src/certserviceclient/cert_service_client_test.go +++ b/certServiceK8sExternalProvider/src/certserviceclient/cert_service_client_test.go @@ -2,7 +2,7 @@ * ============LICENSE_START======================================================= * oom-certservice-k8s-external-provider * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. + * Copyright (C) 2020-2021 Nokia. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -30,11 +30,13 @@ import ( "github.com/stretchr/testify/assert" + "onap.org/oom-certservice/k8s-external-provider/src/model" "onap.org/oom-certservice/k8s-external-provider/src/testdata" ) const ( - certificationUrl = "https://oom-cert-service:8443/v1/certificate/RA" + certificationUrl = "https://oom-cert-service:8443/v1/certificate/RA" + certificateUpdateUrl = "https://oom-cert-service:8443/v1/certificate-update/RA" ) func Test_GetCertificates_shouldParseCertificateResponseCorrectly(t *testing.T) { @@ -97,6 +99,48 @@ func Test_GetCertificates_shouldReturnError_whenResponseOtherThan200(t *testing. assert.Error(t, err) } +func Test_UpdateCertificates_shouldParseCertificateResponseCorrectly(t *testing.T) { + responseJson := `{"certificateChain": ["cert-0", "cert-1"], "trustedCertificates": ["trusted-cert-0", "trusted-cert-1"]}` + responseJsonReader := ioutil.NopCloser(bytes.NewReader([]byte(responseJson))) + client := CertServiceClientImpl{ + updateUrl: certificateUpdateUrl, + httpClient: getMockedClient(responseJsonReader, http.StatusOK), + } + + response, _ := client.UpdateCertificate(testdata.CsrBytes, testdata.PkBytes, getTestSignCertificateModel()) + assert.ElementsMatch(t, []string{"cert-0", "cert-1"}, response.CertificateChain) + assert.ElementsMatch(t, []string{"trusted-cert-0", "trusted-cert-1"}, response.TrustedCertificates) +} + + +func Test_UpdateCertificates_shouldReturnError_whenHttpClientReturnsError(t *testing.T) { + client := CertServiceClientImpl{ + updateUrl: certificateUpdateUrl, + httpClient: &httpClientMock{ + DoFunc: func(req *http.Request) (response *http.Response, err error) { + return nil, fmt.Errorf("mock error") + }, + }, + } + response, err := client.UpdateCertificate(testdata.CsrBytes, testdata.PkBytes, getTestSignCertificateModel()) + + assert.Nil(t, response) + assert.Error(t, err) +} + +func Test_UpdateCertificates_shouldReturnError_whenResponseOtherThan200(t *testing.T) { + responseJson := `{"errorMessage": "CertService API error"}` + responseJsonReader := ioutil.NopCloser(bytes.NewReader([]byte(responseJson))) + client := CertServiceClientImpl{ + updateUrl: updateEndpoint, + httpClient: getMockedClient(responseJsonReader, http.StatusNotFound), + } + response, err := client.UpdateCertificate(testdata.CsrBytes, testdata.PkBytes, getTestSignCertificateModel()) + + assert.Nil(t, response) + assert.Error(t, err) +} + func Test_CheckHealth_shouldReturnNil_whenHttpClientReturnsStatusCode200(t *testing.T) { client := CertServiceClientImpl{ certificationUrl: certificationUrl, @@ -168,3 +212,11 @@ type httpClientMock struct { func (client httpClientMock) Do(req *http.Request) (*http.Response, error) { return client.DoFunc(req) } + +func getTestSignCertificateModel() model.SignCertificateModel { + testSignCertificateModel := model.SignCertificateModel{ + OldCertificate: testdata.OldCertificateEncoded, + OldPrivateKey: testdata.OldPrivateKeyEncoded, + } + return testSignCertificateModel +} diff --git a/certServiceK8sExternalProvider/src/cmpv2api/cmpv2_issuer_crd_schema.go b/certServiceK8sExternalProvider/src/cmpv2api/cmpv2_issuer_crd_schema.go index 73392060..9c2d3e1c 100644 --- a/certServiceK8sExternalProvider/src/cmpv2api/cmpv2_issuer_crd_schema.go +++ b/certServiceK8sExternalProvider/src/cmpv2api/cmpv2_issuer_crd_schema.go @@ -3,7 +3,7 @@ * oom-certservice-k8s-external-provider * ================================================================================ * Copyright (c) 2019 Smallstep Labs, Inc. - * Modifications copyright (C) 2020 Nokia. All rights reserved. + * Copyright (C) 2021 Nokia. All rights reserved. * ================================================================================ * This source code was copied from the following git repository: * https://github.com/smallstep/step-issuer @@ -41,6 +41,8 @@ type CMPv2IssuerSpec struct { HealthEndpoint string `json:"healthEndpoint"` // Path to certificate signing endpoint. CertEndpoint string `json:"certEndpoint"` + // Path to certificate update endpoint. + UpdateEndpoint string `json:"updateEndpoint"` // CaName is the name of the external CA server CaName string `json:"caName"` // KeyRef is a reference to a Secret containing the provisioner diff --git a/certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller.go b/certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller.go index 1032ee00..9d266854 100644 --- a/certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller.go +++ b/certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller.go @@ -3,7 +3,7 @@ * oom-certservice-k8s-external-provider * ================================================================================ * Copyright 2019 The cert-manager authors. - * Modifications copyright (C) 2020-2021 Nokia. All rights reserved. + * Copyright (C) 2020-2021 Nokia. All rights reserved. * ================================================================================ * This source code was copied from the following git repository: * https://github.com/smallstep/step-issuer @@ -43,6 +43,7 @@ import ( "onap.org/oom-certservice/k8s-external-provider/src/cmpv2controller/util" provisioners "onap.org/oom-certservice/k8s-external-provider/src/cmpv2provisioner" "onap.org/oom-certservice/k8s-external-provider/src/leveledlogger" + "onap.org/oom-certservice/k8s-external-provider/src/model" x509utils "onap.org/oom-certservice/k8s-external-provider/src/x509" ) @@ -142,12 +143,18 @@ func (controller *CertificateRequestController) Reconcile(k8sRequest ctrl.Reques isUpdateRevision, oldCertificate, oldPrivateKey := util.CheckIfCertificateUpdateAndRetrieveOldCertificateAndPk( controller.Client, certificateRequest, ctx) if isUpdateRevision { - log.Debug("Certificate will be updated.", "old-certificate", oldCertificate, - "old-private-key", oldPrivateKey) //TODO: remove private key from logger + log.Info("Update revision detected") + } + signCertificateModel := model.SignCertificateModel{ + CertificateRequest: certificateRequest, + PrivateKeyBytes: privateKeyBytes, + IsUpdateRevision: isUpdateRevision, + OldCertificate: oldCertificate, + OldPrivateKey: oldPrivateKey, } // 11. Sign CertificateRequest - signedPEM, trustedCAs, err := provisioner.Sign(ctx, certificateRequest, privateKeyBytes) + signedPEM, trustedCAs, err := provisioner.Sign(ctx, signCertificateModel) if err != nil { controller.handleErrorFailedToSignCertificate(certUpdater, log, err) return ctrl.Result{}, nil diff --git a/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go index ee65b3cb..dc2824ce 100644 --- a/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go +++ b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go @@ -3,7 +3,7 @@ * oom-certservice-k8s-external-provider * ================================================================================ * Copyright (c) 2019 Smallstep Labs, Inc. - * Modifications copyright (C) 2020 Nokia. All rights reserved. + * Copyright (C) 2020-2021 Nokia. All rights reserved. * ================================================================================ * This source code was copied from the following git repository: * https://github.com/smallstep/step-issuer @@ -29,13 +29,13 @@ import ( "context" "sync" - certmanager "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1" "k8s.io/apimachinery/pkg/types" "onap.org/oom-certservice/k8s-external-provider/src/certserviceclient" "onap.org/oom-certservice/k8s-external-provider/src/cmpv2api" "onap.org/oom-certservice/k8s-external-provider/src/cmpv2provisioner/csr" "onap.org/oom-certservice/k8s-external-provider/src/leveledlogger" + "onap.org/oom-certservice/k8s-external-provider/src/model" ) var collection = new(sync.Map) @@ -86,10 +86,17 @@ func Store(namespacedName types.NamespacedName, provisioner *CertServiceCA) { func (ca *CertServiceCA) Sign( ctx context.Context, - certificateRequest *certmanager.CertificateRequest, - privateKeyBytes []byte, + signCertificateModel model.SignCertificateModel, ) (signedCertificateChain []byte, trustedCertificates []byte, err error) { log := leveledlogger.GetLoggerWithName("certservice-provisioner") + + if signCertificateModel.IsUpdateRevision { + log.Debug("Certificate will be updated.", "old-certificate", signCertificateModel.OldCertificate, + "old-private-key", signCertificateModel.OldPrivateKey) + } + + certificateRequest := signCertificateModel.CertificateRequest + privateKeyBytes := signCertificateModel.PrivateKeyBytes log.Info("Signing certificate: ", "cert-name", certificateRequest.Name) log.Info("CA: ", "name", ca.name, "url", ca.url) @@ -103,9 +110,19 @@ func (ca *CertServiceCA) Sign( } log.Debug("Filtered out CSR PEM: ", "bytes", filteredCsrBytes) - response, err := ca.certServiceClient.GetCertificates(filteredCsrBytes, privateKeyBytes) - if err != nil { - return nil, nil, err + var response *certserviceclient.CertificatesResponse + var errAPI error + + if signCertificateModel.IsUpdateRevision { + log.Info("Attempt to send certificate update request") + response, errAPI = ca.certServiceClient.UpdateCertificate(filteredCsrBytes, privateKeyBytes, signCertificateModel) + } else { + log.Info("Attempt to send certificate request") + response, errAPI = ca.certServiceClient.GetCertificates(filteredCsrBytes, privateKeyBytes) + } + + if errAPI != nil { + return nil, nil, errAPI } log.Info("Successfully received response from CertService API") log.Debug("Certificate Chain", "cert-chain", response.CertificateChain) diff --git a/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_factory.go b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_factory.go index cf55266c..ee06be33 100644 --- a/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_factory.go +++ b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_factory.go @@ -2,7 +2,7 @@ * ============LICENSE_START======================================================= * oom-certservice-k8s-external-provider * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. + * Copyright (C) 2020-2021 Nokia. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -51,7 +51,7 @@ func (f *ProvisionerFactoryImpl) CreateProvisioner(issuer *cmpv2api.CMPv2Issuer, return nil, err } - certServiceClient, err := certserviceclient.CreateCertServiceClient(issuer.Spec.URL, issuer.Spec.HealthEndpoint, issuer.Spec.CertEndpoint, + certServiceClient, err := certserviceclient.CreateCertServiceClient(issuer.Spec.URL, issuer.Spec.HealthEndpoint, issuer.Spec.CertEndpoint, issuer.Spec.UpdateEndpoint, issuer.Spec.CaName, keyBase64, certBase64, cacertBase64) if err != nil { return nil, err diff --git a/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_factory_mock.go b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_factory_mock.go index f2ffa860..cb3b8c63 100644 --- a/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_factory_mock.go +++ b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_factory_mock.go @@ -2,7 +2,7 @@ * ============LICENSE_START======================================================= * oom-certservice-k8s-external-provider * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. + * Copyright (C) 2020-2021 Nokia. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -26,6 +26,7 @@ import ( "onap.org/oom-certservice/k8s-external-provider/src/certserviceclient" "onap.org/oom-certservice/k8s-external-provider/src/cmpv2api" "onap.org/oom-certservice/k8s-external-provider/src/cmpv2provisioner/testdata" + "onap.org/oom-certservice/k8s-external-provider/src/model" ) type ProvisionerFactoryMock struct { @@ -37,6 +38,9 @@ func (f *ProvisionerFactoryMock) CreateProvisioner(issuer *cmpv2api.CMPv2Issuer, GetCertificatesFunc: func(csr []byte, pk []byte) (response *certserviceclient.CertificatesResponse, e error) { return &testdata.SampleCertServiceResponse, nil }, + UpdateCertificateFunc: func(csr []byte, key []byte, signCertificateModel model.SignCertificateModel) (*certserviceclient.CertificatesResponse, error) { + return &testdata.SampleCertServiceResponse, nil + }, }) return provisioner, err diff --git a/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_test.go b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_test.go index cfafe959..1a066657 100644 --- a/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_test.go +++ b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_test.go @@ -2,7 +2,7 @@ * ============LICENSE_START======================================================= * oom-certservice-k8s-external-provider * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. + * Copyright (C) 2020-2021 Nokia. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -32,6 +32,7 @@ import ( "onap.org/oom-certservice/k8s-external-provider/src/certserviceclient" "onap.org/oom-certservice/k8s-external-provider/src/cmpv2api" + "onap.org/oom-certservice/k8s-external-provider/src/model" "onap.org/oom-certservice/k8s-external-provider/src/testdata" ) @@ -64,7 +65,7 @@ func Test_shouldSuccessfullyLoadPreviouslyStoredProvisioner(t *testing.T) { assert.Equal(t, provisioner.url, issuer.Spec.URL, "Unexpected provisioner url.") } -func Test_shouldReturnCorrectSignedPemsWhenParametersAreCorrect(t *testing.T) { +func Test_shouldReturnCorrectSignedPemsWhenParametersAreCorrectForCertificateRequest(t *testing.T) { issuer := createIssuerAndCerts(ISSUER_NAME, ISSUER_URL) provisionerFactory := ProvisionerFactoryMock{} provisioner, err := provisionerFactory.CreateProvisioner(&issuer, apiv1.Secret{}) @@ -80,7 +81,46 @@ func Test_shouldReturnCorrectSignedPemsWhenParametersAreCorrect(t *testing.T) { request := createCertificateRequest() privateKeyBytes := getPrivateKeyBytes() - signedPEM, trustedCAs, err := provisioner.Sign(ctx, request, privateKeyBytes) + signCertificateModel := model.SignCertificateModel{ + CertificateRequest: request, + PrivateKeyBytes: privateKeyBytes, + IsUpdateRevision: false, + OldCertificate: "", + OldPrivateKey: "", + } + + signedPEM, trustedCAs, err := provisioner.Sign(ctx, signCertificateModel) + + assert.Nil(t, err) + + testdata.VerifyCertsAreEqualToExpected(t, signedPEM, trustedCAs) +} + +func Test_shouldReturnCorrectSignedPemsWhenParametersAreCorrectForUpdateCertificateRequest(t *testing.T) { + issuer := createIssuerAndCerts(ISSUER_NAME, ISSUER_URL) + provisionerFactory := ProvisionerFactoryMock{} + provisioner, err := provisionerFactory.CreateProvisioner(&issuer, apiv1.Secret{}) + + issuerNamespaceName := testdata.CreateIssuerNamespaceName(ISSUER_NAMESPACE, ISSUER_NAME) + Store(issuerNamespaceName, provisioner) + + provisioner, ok := Load(issuerNamespaceName) + + testdata.VerifyThatConditionIsTrue(ok, "Provisioner could not be loaded", t) + + ctx := context.Background() + request := createCertificateRequest() + privateKeyBytes := getPrivateKeyBytes() + + signCertificateModel := model.SignCertificateModel{ + CertificateRequest: request, + PrivateKeyBytes: privateKeyBytes, + IsUpdateRevision: true, + OldCertificate: testdata.OldCertificateEncoded, + OldPrivateKey: testdata.OldPrivateKeyEncoded, + } + + signedPEM, trustedCAs, err := provisioner.Sign(ctx, signCertificateModel) assert.Nil(t, err) diff --git a/certServiceK8sExternalProvider/src/model/sign_certificate_model.go b/certServiceK8sExternalProvider/src/model/sign_certificate_model.go new file mode 100644 index 00000000..40dca1ae --- /dev/null +++ b/certServiceK8sExternalProvider/src/model/sign_certificate_model.go @@ -0,0 +1,31 @@ +/* + * ============LICENSE_START======================================================= + * oom-certservice-k8s-external-provider + * ================================================================================ + * Copyright (C) 2021 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package model + +import cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1" + +type SignCertificateModel struct { + CertificateRequest *cmapi.CertificateRequest + PrivateKeyBytes []byte + IsUpdateRevision bool + OldCertificate string + OldPrivateKey string +} diff --git a/certServiceK8sExternalProvider/src/testdata/constants.go b/certServiceK8sExternalProvider/src/testdata/constants.go index d2097bae..c1e86146 100644 --- a/certServiceK8sExternalProvider/src/testdata/constants.go +++ b/certServiceK8sExternalProvider/src/testdata/constants.go @@ -1,3 +1,23 @@ +/* + * ============LICENSE_START======================================================= + * oom-certservice-k8s-external-provider + * ================================================================================ + * Copyright (C) 2021 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + package testdata import "encoding/base64" @@ -10,3 +30,6 @@ var ( CsrBytes, _ = base64.StdEncoding.DecodeString("LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQy9EQ0NBZVFDQVFBd2JqRUxNQWtHQTFVRUJoTUNWVk14RXpBUkJnTlZCQWdUQ2tOaGJHbG1iM0p1YVdFeApDekFKQmdOVkJBY1RBbFZUTVEwd0N3WURWUVFLRXdSdmJtRndNUkF3RGdZRFZRUUxFd2R2Ym1Gd0xXOTFNUnd3CkdnWURWUVFERXhOalpYSjBhWE56ZFdWeUxtOXVZWEF1YjNKbk1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0MKQVE4QU1JSUJDZ0tDQVFFQTJSZDFCV3JIRm5wUGdkdy9VaFBOYWZPWjB1S3lGZytuWHNNQUJEbFB6YzBxaWRWWQp4RTVmU0E0dUFXUmpvV1FLQ1dxQWxGZS9LYjBSL3ZlTTN6K0hUMUQrRXBsNjNZWUF5dVYyNFdaa2JEeDhGdGV6CjBqd2l1R21Zb0lld1JXMmZXY25RcTV6WDZ4LzEyalJ3eThtQVpJaFRtUXloTjRQWGpjd09ZcVJrVTBQeGsrQnAKMmt4RWpTQi9SSlJGKzE5YWh6K2IreStLQ0dJRVdiSStXb0RpMzFNYmh0aVVrMnd2MXdzUk8vbmRnM1RxT2Y0Twp5QjNtVGlYMkIyL0t1ZXpLbFlseENobUdjS1UxdTUwU0pYT3JZYU9KNTZJemdDTU1FVk1YaEpzYlgweFlnMkZMCjZsSkxXcjlma3pxeFRmenMxYUdVWXdDcG9rWHROa1UybXBPT1lRSURBUUFCb0Vrd1J3WUpLb1pJaHZjTkFRa08KTVRvd09EQXBCZ05WSFJFRUlqQWdnZ2xzYjJOaGJHaHZjM1NDRTJObGNuUnBjM04xWlhJdWIyNWhjQzV2Y21jdwpDd1lEVlIwUEJBUURBZ1dnTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFDNThJWkt5dlFwdUFuVHR3NUd1eVh2ClQralNML240Kzg1b1dwamwxYVZnQTVRcWVHWU8wRzVQbzNMbGVLeTlCaEJIclBmY201eEFudFUvM0VKWmJBSFQKai9WWkRzdmVaR3JEc2hqRWI4dmNuSTRROXVpY0dNYnlUbktFcVpzSm5EMlpqN1RiWFBocXQrV1Z5S0RJc0ZLdAprNHVSWGpaRTI0VVh6ZFhiWnNUeWlscFl0RzJkR3RTTXVSdll6NlR1eUlWRVZMNVBXRWRGak5VUVJSK2czTVpDCmtrc2pKSzkvSC9OZVl1TS9QN1BUWjZkRWFUY3c5UmtSdEVGazBPQlRxWUlyaUhmczJUMUlIdzdMaVl6NFhyUEQKVFBncHppM1IyZVFINDhzSDVMS1UvblQxUWtNbHZiS3RpcWdoZkx6eGQ0MXEzRTZxNkRZdGJybHN6eTVpeTFqOAotLS0tLUVORCBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0K") PkBytes, _ = base64.StdEncoding.DecodeString("LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRFpGM1VGYXNjV2VrK0IKM0Q5U0U4MXA4NW5TNHJJV0Q2ZGV3d0FFT1UvTnpTcUoxVmpFVGw5SURpNEJaR09oWkFvSmFvQ1VWNzhwdlJIKwo5NHpmUDRkUFVQNFNtWHJkaGdESzVYYmhabVJzUEh3VzE3UFNQQ0s0YVppZ2g3QkZiWjlaeWRDcm5OZnJIL1hhCk5IREx5WUJraUZPWkRLRTNnOWVOekE1aXBHUlRRL0dUNEduYVRFU05JSDlFbEVYN1gxcUhQNXY3TDRvSVlnUloKc2o1YWdPTGZVeHVHMkpTVGJDL1hDeEU3K2QyRGRPbzUvZzdJSGVaT0pmWUhiOHE1N01xVmlYRUtHWVp3cFRXNwpuUklsYzZ0aG80bm5vak9BSXd3UlV4ZUVteHRmVEZpRFlVdnFVa3RhdjErVE9yRk4vT3pWb1pSakFLbWlSZTAyClJUYWFrNDVoQWdNQkFBRUNnZ0VBWk04NHZ5QTdmUnVsQ2hlZHE5NllOOGd3T1RhZUhoSjgxVXRXR2FBSGgvanEKOVFDR2JQbzcwcmtLOGdpTkgyZldKVk00akNwSEVmbkRmcE96N2dPUk1PcmFZUWEyZ0dIMndrRldPQXNWUFJIRgpTZEkycGJ6WkhxdWlmWUVsQU1pTUErVHNxcFIxeTdDV3VSSTdBdGI2Y1RUQkpVUXhKUmRySkdTS2xaSGpLS3A4Clo4V0xkNllqTnVzSlY0c1ZNb0pTR3RPc0tkcUx0RytlYnhPK2RCdWNnbm95S01KMi9LREl2bmxHWE1CME5IOUYKaXVOSVFYNnlReHI0VlNGSVZndldwZ0dPYTI0QWtxSlFGRm80UVdlc1JVa01EaFU5aTJPYWc4ekNxL1U4VmFpMQo2eTBTa2FucTBxbVFoN1c5UFV5RXlKdGhhbk5RczYzNDZXWkZmNWY0bFFLQmdRRHc1MzRLZFNiYkJjQTBZVmpaCjI1NDRLbE1MMzBSc04vN2JIdEt0djVVKzIyYjBXekRycHVVbFpVUmVFZGducGlBQVg3RUpLdFRDUVVCektuTmQKU1g4WTE4WTB6cEkyZnhJb2pjN0YwVy9aMzB0bkM1NjNKLzV0WTk4eVJzQ3lISXpRTXQvOTMzUVRLU2pGaktBcwp1ZCtKbDR6Q25yWUpnVitrTGV6V1R4c1ptd0tCZ1FEbXNmaGZPOUF6V3diQS9IS09aL01ZaTRjcWE5disyN2xSCktmYStZQ3ZMRUE0UWhJRTZXVFA2ZGFtTnpwZytQMW9QcmdmSVBpNVJOelRmdlFoSzlMaW56dDdxVTJYbWJYVXUKNDJpR2p3UklwY1hLaGxYeFNCTTFQVGZ5dW5GaXlORW1qVlR2SWdudW9vNmdJNUp0RVNLQ2hGZy95YWIwRm9ONQpVRnV1MGp2bHN3S0JnRUpKWUZ3ZVNqZkFDRmdoWlNKbEZNOGRqa1paQStuSEtxQStoZmY3SEdUMFdBcnF3TFpHCjhReHVKZmJBY0RyUXNrT0lFUjJWcEg5akZ3blpaMjhHMXlzTnpHTWhhQWdJeFFWVnA4eTB5Vk1vNXdXT28vaC8KejdsbjNyVmwxSVh0NXkwdW9vV25vN2ZWL25zRks5bkN0MmlUdzg2VmZ6OTBVczNKT1Q3cSsyajdBb0dBUVFpTQp0dlFhcGsrVDROV0p5Y0ZlRTE1S0ZWaGdwVUQxeGY2cGMxT1RKT1I2d29kSUV0WFF4RnRsRi9mVWpUKzR1TkRiCm1zU0V0QnAzQ2xlMHZjU3RSWWtZNkQvb2F3UVNVOHlCeStVSFZSOStXYkJ6QzlqQXFYSi9raXFqQ2pFSVhQRGMKcjZrTjJicnpzQXMzSFE0R2gzcWRraVhicmRXbTdJME51NFBDcE9jQ2dZRUFzNUh1aFZ3Q0lrL0IrY0I0Um5RbwpXWTJOQjVPd1FpbmVmd3RVVlJJTWxGTkhWeWljTmhyME5wQkJ0TGF0RFRZOTlYRmx3eHh3LzMrM0hBbUdxTjVvCmNvVTVkQ3dNRWo0RmZ6V3ZIUTBWa0VsRVRkZ3ZnVFluejFYU015alJXZjZweTRaTXpBZ0xJL2pDQXlGMnQvMVMKZ1ZIR01LRFV0YjdNRHIzamg3ZmxoUG89Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K") ) + +const OldPrivateKeyEncoded = "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2d0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktrd2dnU2xBZ0VBQW9JQkFRRHBTaUdjSGdxaEJPYUgKVzZ4NFBZaWdnVUhBYW5nVXVNNEkxWlFFZkZleDZCMXMvYWVzUUdVckJMNGNlRnBBd0JMWTY4d2IwR1JsQTFCZgo2eVVpc2FhRXAxL0J4OVR2VUVhd2E1TlprV0pvVVV5TTM2MXBlMXF5bExJcVd0aEdGa3Q1dStGRGJjVFFHcjV1CjBQYzVDMEN4V28rSCsxVU5IdW9sZEo4Zk5adHZLMEpFcm4zWmFsRjgwVVRzbjdpVW1SeWFlQVplTGpiOHZWcWwKSlU2NVpnVzZldThKWk1yUnA4T283T0drZnFrR2lLdWtSVWtValZNNG91eUNERkprYVRJUzB1RnJ6N1JYSlRUbQo0eXBaQnNKeXp5OHhsRHZtbFMwZ3phSHdqOHVPK2pLa3d0bjd1TDk2am1JaVFtbFhkK3h1M0NoeFpJWEpmaTgzCjZpdFc1VjdaQWdNQkFBRUNnZ0VCQUpNcXg3OFRtSUx4YzNnS1ZlZlljWnRIVHpKU09BUmlmTjlIMU1OcnFXcTYKMGUxU3F2YlgvTHBCbUtpZko5aFhFc3l6RzZTa051RWVVUkxoWlNEWXp3STZFQWRQeDcxY2QrdU5RWHdzWWRjTApDbTZJSUg0OWFmN2tIT3pwT0N3bW5tQmlMSDM3L2orRno0SmE0c3FpbGFJTVRpVnJZTUVSTW9hRVpta3F5UzQ3CitHb2FhcDFGMkFoTjVaVTRKeFlMV0ZqejhBWVJSSGRnWDZJTk1paWxmTDJNT0Rld3V5TEpaaXFScTByMFVGcUIKdElia25JcE02azgrczd2VkVXVXY1cVlibkU3TjQzSWIxd2lYbnZQY2orMzR5ZEhadkpWcVprWXdsQ2xWWEVOQgpyeVpkMjBySTc2aTgxTk9Wd1RGaUNRazNZcjNJTWhWTmtRSTF4Nzdvc0lFQ2dZRUEvRVFyZXh4emh5QTVlbkRRCmVIaEh2T042WU54Y1h6VHFhVk16dHRxa0JwbEZ3aENIdzA2c3hZSmJUN3g5UnB3MzZYWS9FaFBwdG9lSVhUWU0Kc1ZaMkljUVorQXN6ejYzK2JYVmJ2VXJjUGRpb0U3bEJadGpTVHlUMnVlYm1Zck52N3ZNNEJOb0tzOUczd2U1bAo2d1BHR0tkdmJuWDhUcVdDNE54LzFUM2w2VEVDZ1lFQTdMNFBKdTA4Ry9FUzROTHlTaVdVSGJsSHRkcXVSQmE3CkhZcWIwejJ3NnBpei8xNHNNOTVmWGZSODZmai92RVVjNndUb2FuRFplc1UvSDg0SEZ0VTFuSGpLTW9qVFQ1ckMKWDQvblJTZ2FBdGwrVmpLNGphb0Jyb1NFeEJsdUI2VGJwUW9LTG0rdUtxakJQYkNjSllORitIMkxUYWdMRVliUwpkNTNPOGlKaDVpa0NnWUJJZ2Z1UmJqTVNrc09TbXR5QTArbWl0Q3VYclo3clNwVlo0cTFKa0h4MjNSVTgyMjE2ClNLSEdQMXFwaDM3bWpiNVFYMGx2azhPb1VEcDB1RFZidjROQzMwK3JpT1RDZTd0V2tOWG1pWjdXTS9EVGducjIKNmJsQlFGbWVRMnpTejhxTGZ1TUtHZlhiaTVycXBmQXJaYkZKb3M2WGpGZ1I3dWE0WlFobExWNW84UUtCZ1FEUgpMRWlVKzAxOTNxM3dhVkhjZzRGd0ZkR3ZjeTFBU2RsQUM4VU1pdGh6SDBNQ29nRnFQdE9DWDArekp1ZEdRTWFCClBNL2hwQjN6NUsyV2UySTJJV0lDQTVPYnZOci8zZHhadFBzQlZxSk0zRUJOQnZtYmFaZWN5OGZHd0RWQW1iL2IKL1pmcldZL0liMXgyRmtLUXZvRW5RajIvK25iMUlHdDdkcnB2cEVOZHFRS0JnUUNLSUFweVRLTXVWNjlPc3U2NAoranRXNG51RkYreDRlQjU1Wk1CYUxGY3ZpWElIUjVWUzlnOUlTTEROZHdJT2V5THlhcDE4UkZWY0xVT1IzOUFICmZodWJXSjhBSjJ4cUFJajBiNmYzeUVBRklHdWE2UnRKcXpUeElFVlFPMFdBS1VuUElBR1UxdkhNSDFGRDZsc3MKRkU4Q1o4enN1dlBRaXRqd0Z2NFJNV0JCMnc9PQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==" +const OldCertificateEncoded = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVyRENDQXhTZ0F3SUJBZ0lVUFdUaGxyU1IyRXFwemRpVjZJUU1sOEo1ZVpBd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1V6RVZNQk1HQ2dtU0pvbVQ4aXhrQVFFTUJURXlNelExTVJVd0V3WURWUVFEREF4TllXNWhaMlZ0Wlc1MApRMEV4SXpBaEJnTlZCQW9NR2tWS1FrTkJJRU52Ym5SaGFXNWxjaUJSZFdsamEzTjBZWEowTUI0WERUSXhNRGN3Ck56RXlNRGMxTVZvWERUSXpNRGN3TnpFeU1EYzFNRm93ZHpFUk1BOEdBMVVFQXd3SWIyNWhjQzV2Y21jeERUQUwKQmdOVkJBc01CRTlPUVZBeEdUQVhCZ05WQkFvTUVFeHBiblY0TFVadmRXNWtZWFJwYjI0eEZqQVVCZ05WQkFjTQpEVk5oYmkxR2NtRnVZMmx6WTI4eEV6QVJCZ05WQkFnTUNrTmhiR2xtYjNKdWFXRXhDekFKQmdOVkJBWVRBbFZUCk1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBNDJ2QmZpeCtCb3NwblRXVTN0REQKY0FHSjZGU010YVJyS3pPTllQWGhyTE9TNU9BZmpNYkNLbGxrcmErWVlMSGZPTzdTajcwNWVEUi8zVVlPWEtiSQo3eERLL0JvamZwVG1YbWVrcmVONXFmazNmV2hOdUEvS054anJybHpIbDdza0t3UW55QVBWVG03ekh2a01sZEFlCjIrTVp1RHNDcXA0NVpEa3RER241NTBpNFQyRlAwdnVoRDVzWFZ5dUkzQVZxbVkySGJYMmE3MVgxT1lZSEthcE4KWE50RVpIYXN2K0w1ZWw2NUM3Qk5BMEpiNGdRK2kzRnJuMFJoNXFuWVZ3QS85MkIxa2FwMC9FQS95dEl1aGdwMAo5R29rNlhGQkc0TGNzbmlHR29WU2dxUHpmd0w0Tm90Mk5FSDlmWC9vSC9LbnEyRjMxTGpodGI0T0p2VG5KTENYCnB3SURBUUFCbzRIVE1JSFFNQXdHQTFVZEV3RUIvd1FDTUFBd0h3WURWUjBqQkJnd0ZvQVUveDhMN2tXWGhDcG8KOVZrSGVaYnlna04wbzJ3d1J3WURWUjBSQkVBd1BvRU5kR1Z6ZEVCdmJtRndMbTl5WjRJSWIyNWhjQzV2Y21lQwpEWFJsYzNRdWIyNWhjQzV2Y21lR0RtWjBjRG92TDNSbGMzUXViM0puaHdSL0FBQUJNQ2NHQTFVZEpRUWdNQjRHCkNDc0dBUVVGQndNQ0JnZ3JCZ0VGQlFjREJBWUlLd1lCQlFVSEF3RXdIUVlEVlIwT0JCWUVGS3ZUR2Rtc3JCUmUKSTlzcFIrYlExWGdVVlBSSE1BNEdBMVVkRHdFQi93UUVBd0lGNERBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVlFQQpoWE9HWU1OUjJzcTNreUVhWG9KL3BYWlJiRW1jWlNYZ2p1dXVES0U4bjh3WlArY2Izd0FDZWU3MmFtZ2dJODR6CmtJeGlkU2ZNZWgvdURZTVBGR2pBQUFyQ1kydTdxcnZsMzBmaVU1OG9qZmhsbUwzbHYyalZBSnRyWksvVnVrWnUKajB6ZG5TU2d6ZyszN0NhL1BHeE1nY3pDaHdhZVEvU0ZpZHhuYWczdHhmUFZjYUdXa25pTkljVER5ZlRUQ3J0YQpjU0JPQ3B1S1doOWRCZk15dTg3VjhNc2N2dGh0WDNIWFhEQStVSXN4VzJlekxOS25UYmM1SURHL3NqOGVteXNmCnA1aDE3alQxblZ1eEY3QWluWC96Um84YzBBK20zVUdLQVdxM1NKU3k1RDdDRkVzTWtRRUhiNWQ3WGtZR3pRNWkKNmZPZURuZlpZZjV0R2tYSTdaZmZXZjduRkprVEhmU25xNkxUaE9SbDAyRWliMXJoZXFCR2xSR0hhTFNIWTh4OApZb0trK2dZbkI3a2MzSzRuV3NMNGpTWW5oUlBaMmpJMTM1RWxwckFtaGlBQ2E3Zk5wMThLbitsQzZvWGZ6b1FqCmJPMlFhUENCdU1NMFFhLzZzb2NwN1lnZkRXZjdUR3llYi9rV2pIWEpXaUUzSk5FcjBhN28ycGVFUHQvSEY4WTAKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQoK" diff --git a/docs/sections/resources/OpenAPI.yaml b/docs/sections/resources/OpenAPI.yaml index d20f833e..1c0c9571 100644 --- a/docs/sections/resources/OpenAPI.yaml +++ b/docs/sections/resources/OpenAPI.yaml @@ -1,7 +1,7 @@ # ============LICENSE_START======================================================= # oom-certservice # ================================================================================ -# Copyright (C) 2020 Nokia. All rights reserved. +# Copyright (C) 2020-2021 Nokia. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,9 +19,9 @@ openapi: 3.0.1 info: title: CertService Documentation description: Certification service API documentation - version: 1.0.0 + version: 1.0.1 servers: - - url: http://localhost:8080 + - url: https://localhost:8443 description: Generated server url tags: - name: Actuator @@ -30,12 +30,83 @@ tags: description: Spring Boot Actuator Web API Documentation url: https://docs.spring.io/spring-boot/docs/current/actuator-api/html/ paths: - /v1/certificate/{caName}: + /v1/certificate-update/{caName}: get: tags: - CertificationService - summary: Sign certificate - description: Web endpoint for requesting certificate signing. Used by system + summary: Update certificate + description: Web endpoint for updating certificate. Used by system + components to update certificate signed by CA. + operationId: updateCertificate + parameters: + - name: caName + in: path + description: Name of certification authority that will update certificate. + required: true + schema: + type: string + example: "RA_TEST" + - name: CSR + in: header + description: Certificate signing request in form of PEM object encoded in Base64 + (with header and footer). + required: true + schema: + type: string + example: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJREZqQ0NBZjRDQVFBd2R6RUxNQWtHQTFVRUJoTUNWVk14RXpBUkJnTlZCQWdNQ2tOaGJHbG1iM0p1YVdFeApGakFVQmdOVkJBY01EVk5oYmkxR2NtRnVZMmx6WTI4eERUQUxCZ05WQkFzTUJFOU9RVkF4R1RBWEJnTlZCQW9NCkVFeHBiblY0TFVadmRXNWtZWFJwYjI0eEVUQVBCZ05WQkFNTUNHOXVZWEF1YjNKbk1JSUJJakFOQmdrcWhraUcKOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXlVbWVvY0o2V09jRHBOR0x2SzRGMURkK3JVTDVBNjlQTVpwSApDSUlQZ2xrakNxcGlLL28yeFJlTTZ5VTlPVkpRcUJJUzRPeUFvWGxlKzJ4OURDanA2U1JpV2RJZEV2NFAzNk1nClRBV3lUdndta1dMYXFodmlwKzZQM0xUOGt0aktDL0JKVXo3dXlOWjAvTEdMWThpbWw1U1hnckQ0WlBvY2VrYzMKMStQZ0NrLzBTZWd6M0JaQkJVOVYwWXFtWFhlZDNkcHY3M1VFTXVESTVIY2NjSlFybkdUSkxDVTlJaWFJa1lQRgozQkhTVWpmbkVrS0hINWVwcTMwVEdyUytscFhxbHJ0cFFEWmIveHZpU3YyRjZWSVhGbURWdkl2RkNPaTZaMVlsClZvenVmNHhQRHQ5cmJxY1RUaGhjeVVqYWdDbnlwTmJzYms5U2QrWXFyNk1JbkZaNUZRSURBUUFCb0Zvd1dBWUoKS29aSWh2Y05BUWtPTVVzd1NUQkhCZ05WSFJFRVFEQStnZzEwWlhOMExtOXVZWEF1YjNKbmdnaHZibUZ3TG05eQpaNGNFZndBQUFZWU9ablJ3T2k4dmRHVnpkQzV2Y21lQkRYUmxjM1JBYjI1aGNDNXZjbWN3RFFZSktvWklodmNOCkFRRUxCUUFEZ2dFQkFJRTU0NFJ0RW5YRE5oQndKWDFGZ0Y4YzN5ck05SHcwNEw4VktNdnRaTlBjQU1SNC9lV0IKYTFDcE5uZVBQZktScWxiakxhOHplTW9iWWxGYlJVbGFvbnkzQXE4TlpiMFMxZ0RUWnFQWUQzRjNkMnhRUGJxOQpPbTR2Ly8zaGRIZlIvdFFCa3NPRkl0QkwvMW9jV004RTZqRm8rdU41ZGlCb3EyMUFvT0NXK1BMYWVnUG9jaGdYClJhZGcxc0JneW1tR3BDV0tNMy9UNnJTZEFvVmFoTzJ6VDd4NGhlRjNEazdsUUN5ZmdySUZDOHd2TmhBWWx1K1IKTmdoTVdNNEcvZzJPMHJvNVYzdWc4LzZ5UnovbDlhWXVJclRDNnVDaGJ3UXJFcEd4ZXR5WEd5bWE1Q2IxcTZyagpNdHNpQ0FneTBkR2dIZ2tOOVJrK3hHRC9BOGhzNURDSmdQUT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUgUkVRVUVTVC0tLS0tCg==" + - name: PK + in: header + description: Private key in form of PEM object encoded in Base64 (with header and footer). + required: true + schema: + type: string + example: "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2d0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktrd2dnU2xBZ0VBQW9JQkFRREpTWjZod25wWTV3T2sKMFl1OHJnWFVOMzZ0UXZrRHIwOHhta2NJZ2crQ1dTTUtxbUlyK2piRkY0enJKVDA1VWxDb0VoTGc3SUNoZVY3NwpiSDBNS09ucEpHSlowaDBTL2cvZm95Qk1CYkpPL0NhUll0cXFHK0tuN28vY3RQeVMyTW9MOEVsVFB1N0kxblQ4CnNZdGp5S2FYbEplQ3NQaGsraHg2UnpmWDQrQUtUL1JKNkRQY0ZrRUZUMVhSaXFaZGQ1M2QybS92ZFFReTRNamsKZHh4d2xDdWNaTWtzSlQwaUpvaVJnOFhjRWRKU04rY1NRb2NmbDZtcmZSTWF0TDZXbGVxV3UybEFObHYvRytKSwovWVhwVWhjV1lOVzhpOFVJNkxwblZpVldqTzUvakU4TzMydHVweE5PR0Z6SlNOcUFLZktrMXV4dVQxSjM1aXF2Cm93aWNWbmtWQWdNQkFBRUNnZ0VCQUxEYnBhejlncUNBZ2x3YjNjcXZvT0dBelNZUk5WaCtmWGZZMVZidGFCRWcKbnNCdFNvclhjNjRpN2lkaDlmUmFsaEhHcDUzSFQ1SVJZVnBLVFdrVXZjbWl0V08wVU9WeUk2SmM0ekRJeEkzUAowVmRtNHpnWi9rR05SQXdwWGM3cytrSVpJMlFvWkloRW5rKzA5QU45dHBweTdkamdBN0E5Ymk0bVN6Tyt2Z2h2Ci9KMnErZlNzTm5hbWE2MGFDMC90QzBEYmlVZ2xFN0taaGVQTjlqaGZCa1pLUW1MUVpUMHJQWE1sU2gvdU41SWUKSGpBYkVQVHJCdGxTZ2pRT2o5ZnJhSk9xRm1tL3hGQ2YvKzRuNU0xeGNpQVBoeUZydDdSU1NuZ2tOcW50VkVXUQpxSytMSWlDSHpLMFpBUWhVMGVSVXZqRjVWK210QjhPaEpNSkxMQkVvS0NFQ2dZRUEvWU05YlB4bVVzS2VCclZiClVtRlg5TXRKWmZwd1lLbkQveVh0MjZWcHM4OEZhbEhsSDd6R3MvQitZYjZXMGgxcnBzUWoreTJtejMvS092eEgKMFA2Um01R0ZJNjhsdXc1UUlHV1FMT2FtaThUZW9yU21vQXp3TkVOL1lpdFY3UURPdVZTQUZiVTJBTkRRMWZaawpFY29HeHdLbC9pOEtWTDF1Z2pseEE1ZWp6dzBDZ1lFQXkwTTBGTTRVendzRHRJbW5hMkRwYmlobGFxQ0dZVWxQCmQ2N2NidDlWejZ6NE1MMm00TlZZOUdhdU9OQUF0R2VVSTlNYnlqNVlmaVJaSXFtc0RjaU16eGtMeDJOTzlUaTEKaHJJZzJxeUNubFhJVWtmQkxxUG94Z3FYeHBpS1hnblYwNU9VWEdHVW5Ya2JNNjZsNlVEMUw0YnVpMzVVRDI3Uwp3ajdCMGdodmtDa0NnWUVBdit3dWdhYm5sRG9RUnNYZnVCTkg4bVJBVWZyeVBzdm5QTytyRGtGQkw4Wkh0RUVCCnREQkhRZ3lNc1ZVSGUxU1luaTBaakZ2NFVGalBjaTV4OUMvMWJoQVIrbnpybEp4MlhzQmxFUWtoQnVscEgwYWkKYXNMQXl1QmF2S2hRS2RnVnFNcm5HUWdTTlRYaEZFcXZZYVJQMHpRWEZNTHFFRk5GS1VOeFlxWFhkclVDZ1lCegpleUR4MlF1MWZicURMZG55aGNMWmxSWFplSTRnWTdoRWRSSkQ0NXNyUEVoZDJNSWc1dFY5TllFeVFlckVsRHgwCkJoSzUycVlJTkxwM21SSnBXbEcxcjdNamV1WjNKOXJxUmZXb2gyNUdhdEkrL1FsaWFEbHRtc01VVDhIOUgzVmUKbVhBbTlFR3RIZ3M0VjdkblNFS0UyQkpiS2xDejIvRGQ3eTNMR0lQWjBRS0JnUUNLRTRMMEhxSkkwV2ZFKzlMYQpONCtjems2dnBoOUdlbHNib1NIM1FBN3V0cDFQdWo0ZU5kZ0tNZUJiczgvQk5JMWFLdFI0c3JFT2VKbkpxSStoCkdRRHc5V1cxSHAyNGlFUXp6QXJLQTNlY2JMYTNwQkhyR3RhMk14VHFBb1NtMWkwU3BybWIvRkNNd0Q1ZDNDV1YKYnp0R29yemhiOVJYdUhnYlZ3OWZZdU1XQlE9PQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==" + - name: OLD_CERT + in: header + description: Old certificate in form of PEM object encoded in Base64 (with header and footer). + required: true + schema: + type: string + example: "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2d0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktrd2dnU2xBZ0VBQW9JQkFRQ3owYnhqaytOSXNzVzMKTDBUazhZS2Rvd1UxZ0VUWUVoeWQ5d0c1M1E4VkcwOFV6cW9QVml4N0lSSXB1cDdDbG9GelErQmxwUUNoZEp1bQpoVmE1dXRjdFhXYVRId0FjRUxjc0hzdEZiZlFLcnMxempGOE1tdW1XcWo1NXdyOTVBcmJCdm1kOW9QL2hKMkRECkd1OUNmM3VzUTl2Qk1GYjJ4eXRKb2tBY1c0ME50UmgyOEhYaTRLZUFBcTIwQVF0dnVLQzd3L0Uvbkt5bmlPM08Kb3lOcEh5KzlZYW1aSDJCRi9CK0xiM2RibkZPNFVCc3JoSk5tTFhkMFBtTmNhRC9NMjJxMzlHdWRnRGNheHZFZwpTaVFRVURNTG1rb3llQUNkRzNaVnVSSlRNZGZscHI3djlocVJETVcxUlJKMEYzWWdjNmN3b0lodGdraEZHZWFtClQ5RHpaSkJyQWdNQkFBRUNnZ0VCQUpwY3lvN2t6akNESHMweEs4QXBQb29aL29lOTg5dFVPUEsxcnVxaHhLZkcKeUsxQTk2V3d3UUIyRkVSMEtvTTZkaWUvdGVzcnFRM3dyd2xVMzIwUzRsTFVJaERiaE5tUzA5dHhGK2dqQ21MOQpTZXNPTGk0QThkTGZsRUFzR1BoRmh5TnNVeVQ2UjQ0OW9vZjZJRGdDZmVVVVg1cEk1KzV5YlV1SmwrV0FCZWNrCkF4aWo1U21TNlpHUnN3L0FIMnUzYWsyTEw0a3lCbTVZd0E4cE5yR3UyTjM2TGJ0djI2aWlQUXdhSlBEeWlPaE0KcW5nUHBKd2s2MHVRb3IrK0xRdUYvN3B3Qm1XOGo3VmRhM3YwZkR6L3hiTXljVE1BRHA2b1pxcFhWRGs4Q0tSYgpiNndCa0ZxbHpwVDc0cTFyYlhrRUJFUjZaTnV5bHhmeWFoQjBGdXZDdnhFQ2dZRUE3N3BCaVcrUEJOeGg1SlBLCjNnM1JGckErYzR3WG0zU1VOTXRIL1JBenVEM01nRGlaRGZXV3FMQVQySlF6VUUwNm03NUZyNzdHa3MwWXQ3WkMKWmxCdko3a3RVSU9oS0ZxMTJqVjYrbWVJV29ka05hdGd1MmZVUGxlaDVwWGhLV1RUUHRUaTkyYWFKUG5PSWQ3UApDQ21PUjBxV1ZmcUk1LzNpaVhZOXNVRm5mVmtDZ1lFQXdBWjBRdENKcGw1SWw0QjVZWS82VXJpOUdLbXQ1MjNzCmJPNWRLRHg1RHYyU3preGZkeU5YN2FnZXBSZ3VrSGpKZ0x2anNTWnlPeEVwaThiQ3d1bTJ1MngyR0p6ektNQmgKVVdrakdTVE5JVkJKUTBhOCs3NVV3bHBJQXhqMFE1RkVMNXVEUm41NFNHN2NnRlpqRmhBTE1qT09vVUFpbk5QagptSkQ2eDFVQjcyTUNnWUVBeFIvQk9FUVZ0SWVMcjZ1Znk0eE0vSDBjUFdOYkhpZDBueHp4S3pTaGNzVE9YamtzCkVnQjZUR2ZOU2ZCRGFhcTNvTTJLL0FMQndvRUg3RGpnek1ValFlVFJVRDJNeldRWjJUN1V5d2RMWmpXaXYwY1gKR2NNOUVhNTVvT1JwNitIT213SHZTRVNFU0JkcDJ3d2Q3YlpPR20xSXhaWm44V3doVmF0MiswU3UxckVDZ1lBeApNZlliSC80RDUyZkZtSjZBUmppbGRMck5WTHMrN1VTQzY5Wmw5b2cxTlBXbGNKK01rRHQ0b1hlb2FEZVZ2N3d3CkJQTGljYTBXUU9GWjlBUDFsNWEvRVp4MzFjM2VCTnRwMWZ1dDkyV3VRVGxqeVAybHFTOWgwMnRiajhzVWZHVHgKcFcvT1laeERRbE92ZFhKUk5xOEhuM25OQ2ZkVUlsek91MlhrSjMwbGJRS0JnUUROZlV1THB5V1B2cGh0SHhTMwpaek9tbHRwM2pkNHVSQkJ6b25KZWNKSFF5N3lpY3VleFlib0RUTjRmaG5aTExoL0dCT05iOXBXK2ZLTVVkeDIxCjh0anJiZUdHengyOHNBMFBHWTMxZlA0aC9xNmY2QXdCVllUa1pkeHNJTmE4WS9EcUxYNmt5Z0VLSXliMGZLQnIKS09ldUlZYTN2cUdGUndSWXU1NTNsMmtqRHc9PQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==" + - name: OLD_PK + in: header + description: Old private key (corresponding with old certificate) in form of PEM object + encoded in Base64 (with header and footer). + required: true + schema: + type: string + example: "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2d0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktrd2dnU2xBZ0VBQW9JQkFRQ3owYnhqaytOSXNzVzMKTDBUazhZS2Rvd1UxZ0VUWUVoeWQ5d0c1M1E4VkcwOFV6cW9QVml4N0lSSXB1cDdDbG9GelErQmxwUUNoZEp1bQpoVmE1dXRjdFhXYVRId0FjRUxjc0hzdEZiZlFLcnMxempGOE1tdW1XcWo1NXdyOTVBcmJCdm1kOW9QL2hKMkRECkd1OUNmM3VzUTl2Qk1GYjJ4eXRKb2tBY1c0ME50UmgyOEhYaTRLZUFBcTIwQVF0dnVLQzd3L0Uvbkt5bmlPM08Kb3lOcEh5KzlZYW1aSDJCRi9CK0xiM2RibkZPNFVCc3JoSk5tTFhkMFBtTmNhRC9NMjJxMzlHdWRnRGNheHZFZwpTaVFRVURNTG1rb3llQUNkRzNaVnVSSlRNZGZscHI3djlocVJETVcxUlJKMEYzWWdjNmN3b0lodGdraEZHZWFtClQ5RHpaSkJyQWdNQkFBRUNnZ0VCQUpwY3lvN2t6akNESHMweEs4QXBQb29aL29lOTg5dFVPUEsxcnVxaHhLZkcKeUsxQTk2V3d3UUIyRkVSMEtvTTZkaWUvdGVzcnFRM3dyd2xVMzIwUzRsTFVJaERiaE5tUzA5dHhGK2dqQ21MOQpTZXNPTGk0QThkTGZsRUFzR1BoRmh5TnNVeVQ2UjQ0OW9vZjZJRGdDZmVVVVg1cEk1KzV5YlV1SmwrV0FCZWNrCkF4aWo1U21TNlpHUnN3L0FIMnUzYWsyTEw0a3lCbTVZd0E4cE5yR3UyTjM2TGJ0djI2aWlQUXdhSlBEeWlPaE0KcW5nUHBKd2s2MHVRb3IrK0xRdUYvN3B3Qm1XOGo3VmRhM3YwZkR6L3hiTXljVE1BRHA2b1pxcFhWRGs4Q0tSYgpiNndCa0ZxbHpwVDc0cTFyYlhrRUJFUjZaTnV5bHhmeWFoQjBGdXZDdnhFQ2dZRUE3N3BCaVcrUEJOeGg1SlBLCjNnM1JGckErYzR3WG0zU1VOTXRIL1JBenVEM01nRGlaRGZXV3FMQVQySlF6VUUwNm03NUZyNzdHa3MwWXQ3WkMKWmxCdko3a3RVSU9oS0ZxMTJqVjYrbWVJV29ka05hdGd1MmZVUGxlaDVwWGhLV1RUUHRUaTkyYWFKUG5PSWQ3UApDQ21PUjBxV1ZmcUk1LzNpaVhZOXNVRm5mVmtDZ1lFQXdBWjBRdENKcGw1SWw0QjVZWS82VXJpOUdLbXQ1MjNzCmJPNWRLRHg1RHYyU3preGZkeU5YN2FnZXBSZ3VrSGpKZ0x2anNTWnlPeEVwaThiQ3d1bTJ1MngyR0p6ektNQmgKVVdrakdTVE5JVkJKUTBhOCs3NVV3bHBJQXhqMFE1RkVMNXVEUm41NFNHN2NnRlpqRmhBTE1qT09vVUFpbk5QagptSkQ2eDFVQjcyTUNnWUVBeFIvQk9FUVZ0SWVMcjZ1Znk0eE0vSDBjUFdOYkhpZDBueHp4S3pTaGNzVE9YamtzCkVnQjZUR2ZOU2ZCRGFhcTNvTTJLL0FMQndvRUg3RGpnek1ValFlVFJVRDJNeldRWjJUN1V5d2RMWmpXaXYwY1gKR2NNOUVhNTVvT1JwNitIT213SHZTRVNFU0JkcDJ3d2Q3YlpPR20xSXhaWm44V3doVmF0MiswU3UxckVDZ1lBeApNZlliSC80RDUyZkZtSjZBUmppbGRMck5WTHMrN1VTQzY5Wmw5b2cxTlBXbGNKK01rRHQ0b1hlb2FEZVZ2N3d3CkJQTGljYTBXUU9GWjlBUDFsNWEvRVp4MzFjM2VCTnRwMWZ1dDkyV3VRVGxqeVAybHFTOWgwMnRiajhzVWZHVHgKcFcvT1laeERRbE92ZFhKUk5xOEhuM25OQ2ZkVUlsek91MlhrSjMwbGJRS0JnUUROZlV1THB5V1B2cGh0SHhTMwpaek9tbHRwM2pkNHVSQkJ6b25KZWNKSFF5N3lpY3VleFlib0RUTjRmaG5aTExoL0dCT05iOXBXK2ZLTVVkeDIxCjh0anJiZUdHengyOHNBMFBHWTMxZlA0aC9xNmY2QXdCVllUa1pkeHNJTmE4WS9EcUxYNmt5Z0VLSXliMGZLQnIKS09ldUlZYTN2cUdGUndSWXU1NTNsMmtqRHc9PQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==" + responses: + "200": + description: Certificate successfully updated + content: + application/json: + schema: + $ref: '#/components/schemas/CertificationResponseModel' + "400": + description: 'Given CSR, PK, old certificate or/and old PK is incorrect' + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorResponseModel' + "404": + description: CA not found for given name + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorResponseModel' + "500": + description: Something went wrong during connection to CMPv2 server + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorResponseModel' + '/v1/certificate/{caName}': + get: + tags: + - CertificationService + summary: Initialize certificate + description: Web endpoint for requesting certificate initialization. Used by system components to gain certificate signed by CA. operationId: signCertificate parameters: @@ -48,12 +119,12 @@ paths: example: "RA_TEST" - name: CSR in: header - description: Certificate signing request in form of PEM object encoded in + description: Certificate initialization request in form of PEM object encoded in Base64 (with header and footer). required: true schema: type: string - example: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJREVqQ0NBZm9DQVFBd2daY3hDekFKQmdOVkJBWVRBbFZUTVJNd0VRWURWUVFJREFwRFlXeHBabTl5Ym1saApNUll3RkFZRFZRUUhEQTFUWVc0dFJuSmhibU5wYzJOdk1Sa3dGd1lEVlFRS0RCQk1hVzUxZUMxR2IzVnVaR0YwCmFXOXVNUTB3Q3dZRFZRUUxEQVJQVGtGUU1SRXdEd1lEVlFRRERBaHZibUZ3TG05eVp6RWVNQndHQ1NxR1NJYjMKRFFFSkFSWVBkR1Z6ZEdWeVFHOXVZWEF1YjNKbk1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQgpDZ0tDQVFFQXpRekpQTmhrRURhL3JnUmhJUmpLVDF2RC84Wk9scXA3UmRuYTEybXFIU2FqQ0hHeGR0K1JPZk0vCkpINk9NczZNSjlwNXRJVE5VUWVDUEQ5cE44WkpzMCtOaWQvRE1Nb1B3MW94NnZyNFc5Rnh4K3NGN2hnK05nYjEKNGxvZVZob2EwajlKd1hlc2krSThNbFBObGRMRXlGYnZubDgyNzl0Qjg2dmRpR2g3blFjek8rbnY5elBqZllVcQpIaGlRK1ptMEZjbWFxblVJOG54aWJQNmFMMS9uWFQ3aHlwY0VzOCtpenNZVktqdVdwSjhlZHN0T1NBYTlkWXkrCkVhYTFPTlo5RFRDQzArZmM4S0pBNGJjWVE0T2tPYXFmcnhxY0xMOXZJL1BROWZtYThTUXBmcXVTbmQvbjNOazMKK1NoYnVCclorVnNQRWhsWnBJb2lXdS9scjlrdnp3SURBUUFCb0RVd013WUpLb1pJaHZjTkFRa09NU1l3SkRBaQpCZ05WSFJFRUd6QVpnZ2h2Ym1Gd0xtOXlaNElOZEdWemRDNXZibUZ3TG05eVp6QU5CZ2txaGtpRzl3MEJBUXNGCkFBT0NBUUVBV0N2QlJzTmZ5S0F1NWhIWldWUm8xd2VWSVJvbHQyRWdsSUkzbHI4d0ZlN1hobUtZVlhESzJ3aHEKc2hCakNNQUJHNW90MlBXUE8yK1JLSmsveEh2RXRoQzMybityQlhOS2hHUUJMY3dyeFNBbjVUMHFNa0xzTGJiRAphTU1nTnRiYWxmOC9mVmNWWDY1WTVVb052Y2FScEpvVUdYY1ovZ3kvMG5aWnNXbURkejk1Rys2MXFnY0s3RlhOClB1bENxLy9YNUZkK2NkQy9TTnNxaGtqdlgyd3hYMUZRVVYwcFp0akcwenl3b3JwNE9HSkRiUUxtaWFZSlQ2Ym8KNjAyZ21zWFNTQlJzVWFCOEsxeWMzalRkS043QjYxcjhwYW05NlBxQjdXME13MVRJVFAzQnhJTk5kN1hhNlI5VAo5T3BTcDhFcUZ5R043M3NJN0svbDdNZVJvUm1PUUE9PQotLS0tLUVORCBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0K" + example: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJREZqQ0NBZjRDQVFBd2R6RUxNQWtHQTFVRUJoTUNWVk14RXpBUkJnTlZCQWdNQ2tOaGJHbG1iM0p1YVdFeApGakFVQmdOVkJBY01EVk5oYmkxR2NtRnVZMmx6WTI4eERUQUxCZ05WQkFzTUJFOU9RVkF4R1RBWEJnTlZCQW9NCkVFeHBiblY0TFVadmRXNWtZWFJwYjI0eEVUQVBCZ05WQkFNTUNHOXVZWEF1YjNKbk1JSUJJakFOQmdrcWhraUcKOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXM5RzhZNVBqU0xMRnR5OUU1UEdDbmFNRk5ZQkUyQkljbmZjQgp1ZDBQRlJ0UEZNNnFEMVlzZXlFU0ticWV3cGFCYzBQZ1phVUFvWFNicG9WV3ViclhMVjFta3g4QUhCQzNMQjdMClJXMzBDcTdOYzR4ZkRKcnBscW8rZWNLL2VRSzJ3YjVuZmFELzRTZGd3eHJ2UW45N3JFUGJ3VEJXOXNjclNhSkEKSEZ1TkRiVVlkdkIxNHVDbmdBS3R0QUVMYjdpZ3U4UHhQNXlzcDRqdHpxTWphUjh2dldHcG1SOWdSZndmaTI5MwpXNXhUdUZBYks0U1RaaTEzZEQ1alhHZy96TnRxdC9Scm5ZQTNHc2J4SUVva0VGQXpDNXBLTW5nQW5SdDJWYmtTClV6SFg1YWErNy9ZYWtRekZ0VVVTZEJkMklIT25NS0NJYllKSVJSbm1way9RODJTUWF3SURBUUFCb0Zvd1dBWUoKS29aSWh2Y05BUWtPTVVzd1NUQkhCZ05WSFJFRVFEQStnZzEwWlhOMExtOXVZWEF1YjNKbmdnaHZibUZ3TG05eQpaNGNFZndBQUFZWU9ablJ3T2k4dmRHVnpkQzV2Y21lQkRYUmxjM1JBYjI1aGNDNXZjbWN3RFFZSktvWklodmNOCkFRRUxCUUFEZ2dFQkFFb3JtOWJ2NTlVVk5ESHhLSlgzREFIT0w2cXVvVnBrRUNhS0xWaVVwaG9CS0c4MU1CN0kKY0k0S211bm5pbzRIa002LytZQmlpYnJXV1c1WFFFWFpKYTRkMnE1SnlRNFNMaXFnT1o4OWRlRm1iTEdTbGFaSQpwLzFmaTFlRVY0aU5wK1FhKzJBbHhTTEZVWmpFamtCRUNJVWs4ZEJERE5ZUXA2MEduazRLSjJkbDVxYTc1dzNsCkFhT2VlcFgvSHdJK2pRc2FIZHFZUW9aUFhuWXF4V2FaVWtNOG9PSXEzTUxzZDNGcGdzcnlUWXVqZDJxeTlTa2oKZjYyNElhU2tmeXVQZEJwdTZENWw5SjZOUmxtY25iWVJydHFaRGtmZXBYV1NPMHEyLzFBR0VSa0ppdTRYR1lLbwo3b0I0MWFvKzNva1V6RmUyOUlseXVmWUhHU0xmaFRtdkp1TT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUgUkVRVUVTVC0tLS0tCg==" - name: PK in: header description: Private key in form of PEM object encoded in Base64 (with header @@ -61,14 +132,14 @@ paths: required: true schema: type: string - example: "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2d0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktrd2dnU2xBZ0VBQW9JQkFRRE5ETWs4MkdRUU5yK3UKQkdFaEdNcFBXOFAveGs2V3FudEYyZHJYYWFvZEpxTUljYkYyMzVFNTh6OGtmbzR5em93bjJubTBoTTFSQjRJOApQMmszeGttelQ0MkozOE13eWcvRFdqSHErdmhiMFhISDZ3WHVHRDQyQnZYaVdoNVdHaHJTUDBuQmQ2eUw0and5ClU4MlYwc1RJVnUrZVh6YnYyMEh6cTkySWFIdWRCek03NmUvM00rTjloU29lR0pENW1iUVZ5WnFxZFFqeWZHSnMKL3BvdlgrZGRQdUhLbHdTeno2TE94aFVxTzVha254NTJ5MDVJQnIxMWpMNFJwclU0MW4wTk1JTFQ1OXp3b2tEaAp0eGhEZzZRNXFwK3ZHcHdzdjI4ajg5RDErWnJ4SkNsK3E1S2QzK2ZjMlRmNUtGdTRHdG41V3c4U0dWbWtpaUphCjcrV3YyUy9QQWdNQkFBRUNnZ0VBZkN5cUVYYlo0aGZGckpScVhhaXRtN0Z1Mkk0M09YYTBnSENWM3EzV255Q3UKeW9aUGVqV1p0UVpoenEvMVhUOUlFVHAxU2FUQzBiZENYMG5uWmlkbXFuZ2F0c3dUWUpCOVMwaHJ3bW1KemREZwpucmp0Tm1yb0FiL2xWOVpMV01rbVJQeWVwZExiWXpyMlNXUUd0QnlYbnR0RzhSbW9JMGtjZjN3dEJGYUJ4VzFwClFzRUNXUFBpdjNZRDh2SzlSRG9wdmxCMnFZVWxCTm1kQ3AxWEJXMU9OZm5wckUwZFhiYTJxVzB3M3lqU2dJdGYKUWJBSTJZQzJEWlpIK3liRGFMZWVtb0p3dDdPK1F6NWp4SkgwWkFpSnVaNzNpSTVocFBJQlhLamRkU1p1bjRpRwpEOFZaaCtYWE9yQWJxVURXdlN4UW9kdFhYeGNSSS9aWUx5WWR1OHdhd1FLQmdRRHA3UEhwdWFDSk50MlBLV3d6Cll4SDhIYlB1L0pTS2R3UytZek5SNzJaYlUwSmQxWTdPc1JCR1Bvd24zOW55WDlJYzJINXBLc2VJYnpsK1lJS1MKQW9BKy9nbFZZUGpIZ2RmVHF6R01QMm5meVh0dVpFQzdicVBLSVlzL0Qwb0pGQzFkUThwUjFxcXp6NjJEMEUvawpSS1MrVFhpSlkvMlJiQVhDckFDVnNwVmQzUUtCZ1FEZ1prZE45SkhIMjYyRWdLQ3p1Q0NHMXlYa3IrcWVHZ3ozCldWbUtMaGVveitHVXlvVDVuaGlvUTJxNlllYTJ1ODlVYUdGZFk4Y0hIQVdhUy9UdU9FYzdBRHV4eTZsVWpKWkQKU3V0YU80cWk3eXh6UGxNN2w5alVpejV5MldZZGRnWEhLOG82M0pOSHdwd0FYaDgycytTbm9STUZSd1JOTGsyWQp4WmxxRm55WG13S0JnUUNkdEkrWEtmMHY1SnhVUXZIZVp3RWQvb3hySnoraFpnSDl0UFZKWE9PZDJERGEvL25xCklQYysxRFk3UDdBNHRoNzZNWDV2dWxhUkJhTTJMeXgzOFZXeW9pTjZ1d2lkd0V6WU9BY01iVWdjaGtJL3R6am8KNC90cWIxam9KNCtiTlU0c0hXTE43N0pmelRoR3NHN2NEdWNlSVM2Tk9hc2VtanY3OVdmamhHVXN4UUtCZ1FETQpwbHFYVE5uNjlHek9MK1Rmb3FmL2NZMjhmM2N3VXovS0FYRzRwSXF0U1ZGSXVsNEZyTnA5OG1ZT3J5U1RPTHRBCkZxWGRYeGJ2Yysza0p5dXNhaVVFT1JVMzlDNXN6bjVueHBiWHh2K0wweWF0djRSM0QrZ1BCeUtmNlliSWpZOTkKY29GUHAwU21xR1JQclljNEExNGdSclVyRmZabFVUb3hmdHlJTlJQUnl3S0JnUURoSFkvT24vRTNodmo4aHBKRQplMWNuQ2ZsV2VKWlZSdnBPQm96NCtwMVltMzZZZEQ0azBpSEh6anZUUGlBSnNGTFB5VXVTZXI0T3hpN2cvcmYvCklPVjN4bHZyNXdSRmxLYWxvWjY5azkxNm5qdWM0d2lXVzdMbGt1YWptVDhlSUszTU05MU9SL1VFcE16dFMyMHEKZ3hRMEVieTFaMlh6TWlkMEhZZTlVcTJaSmc9PQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==" + example: "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2d0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktrd2dnU2xBZ0VBQW9JQkFRQ3owYnhqaytOSXNzVzMKTDBUazhZS2Rvd1UxZ0VUWUVoeWQ5d0c1M1E4VkcwOFV6cW9QVml4N0lSSXB1cDdDbG9GelErQmxwUUNoZEp1bQpoVmE1dXRjdFhXYVRId0FjRUxjc0hzdEZiZlFLcnMxempGOE1tdW1XcWo1NXdyOTVBcmJCdm1kOW9QL2hKMkRECkd1OUNmM3VzUTl2Qk1GYjJ4eXRKb2tBY1c0ME50UmgyOEhYaTRLZUFBcTIwQVF0dnVLQzd3L0Uvbkt5bmlPM08Kb3lOcEh5KzlZYW1aSDJCRi9CK0xiM2RibkZPNFVCc3JoSk5tTFhkMFBtTmNhRC9NMjJxMzlHdWRnRGNheHZFZwpTaVFRVURNTG1rb3llQUNkRzNaVnVSSlRNZGZscHI3djlocVJETVcxUlJKMEYzWWdjNmN3b0lodGdraEZHZWFtClQ5RHpaSkJyQWdNQkFBRUNnZ0VCQUpwY3lvN2t6akNESHMweEs4QXBQb29aL29lOTg5dFVPUEsxcnVxaHhLZkcKeUsxQTk2V3d3UUIyRkVSMEtvTTZkaWUvdGVzcnFRM3dyd2xVMzIwUzRsTFVJaERiaE5tUzA5dHhGK2dqQ21MOQpTZXNPTGk0QThkTGZsRUFzR1BoRmh5TnNVeVQ2UjQ0OW9vZjZJRGdDZmVVVVg1cEk1KzV5YlV1SmwrV0FCZWNrCkF4aWo1U21TNlpHUnN3L0FIMnUzYWsyTEw0a3lCbTVZd0E4cE5yR3UyTjM2TGJ0djI2aWlQUXdhSlBEeWlPaE0KcW5nUHBKd2s2MHVRb3IrK0xRdUYvN3B3Qm1XOGo3VmRhM3YwZkR6L3hiTXljVE1BRHA2b1pxcFhWRGs4Q0tSYgpiNndCa0ZxbHpwVDc0cTFyYlhrRUJFUjZaTnV5bHhmeWFoQjBGdXZDdnhFQ2dZRUE3N3BCaVcrUEJOeGg1SlBLCjNnM1JGckErYzR3WG0zU1VOTXRIL1JBenVEM01nRGlaRGZXV3FMQVQySlF6VUUwNm03NUZyNzdHa3MwWXQ3WkMKWmxCdko3a3RVSU9oS0ZxMTJqVjYrbWVJV29ka05hdGd1MmZVUGxlaDVwWGhLV1RUUHRUaTkyYWFKUG5PSWQ3UApDQ21PUjBxV1ZmcUk1LzNpaVhZOXNVRm5mVmtDZ1lFQXdBWjBRdENKcGw1SWw0QjVZWS82VXJpOUdLbXQ1MjNzCmJPNWRLRHg1RHYyU3preGZkeU5YN2FnZXBSZ3VrSGpKZ0x2anNTWnlPeEVwaThiQ3d1bTJ1MngyR0p6ektNQmgKVVdrakdTVE5JVkJKUTBhOCs3NVV3bHBJQXhqMFE1RkVMNXVEUm41NFNHN2NnRlpqRmhBTE1qT09vVUFpbk5QagptSkQ2eDFVQjcyTUNnWUVBeFIvQk9FUVZ0SWVMcjZ1Znk0eE0vSDBjUFdOYkhpZDBueHp4S3pTaGNzVE9YamtzCkVnQjZUR2ZOU2ZCRGFhcTNvTTJLL0FMQndvRUg3RGpnek1ValFlVFJVRDJNeldRWjJUN1V5d2RMWmpXaXYwY1gKR2NNOUVhNTVvT1JwNitIT213SHZTRVNFU0JkcDJ3d2Q3YlpPR20xSXhaWm44V3doVmF0MiswU3UxckVDZ1lBeApNZlliSC80RDUyZkZtSjZBUmppbGRMck5WTHMrN1VTQzY5Wmw5b2cxTlBXbGNKK01rRHQ0b1hlb2FEZVZ2N3d3CkJQTGljYTBXUU9GWjlBUDFsNWEvRVp4MzFjM2VCTnRwMWZ1dDkyV3VRVGxqeVAybHFTOWgwMnRiajhzVWZHVHgKcFcvT1laeERRbE92ZFhKUk5xOEhuM25OQ2ZkVUlsek91MlhrSjMwbGJRS0JnUUROZlV1THB5V1B2cGh0SHhTMwpaek9tbHRwM2pkNHVSQkJ6b25KZWNKSFF5N3lpY3VleFlib0RUTjRmaG5aTExoL0dCT05iOXBXK2ZLTVVkeDIxCjh0anJiZUdHengyOHNBMFBHWTMxZlA0aC9xNmY2QXdCVllUa1pkeHNJTmE4WS9EcUxYNmt5Z0VLSXliMGZLQnIKS09ldUlZYTN2cUdGUndSWXU1NTNsMmtqRHc9PQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==" responses: "200": description: Certificate successfully signed content: application/json: schema: - $ref: '#/components/schemas/CertificationModel' + $ref: '#/components/schemas/CertificationResponseModel' "400": description: Given CSR or/and PK is incorrect content: @@ -82,7 +153,7 @@ paths: schema: $ref: '#/components/schemas/ErrorResponseModel' "500": - description: Something went wrong during connectiion to CMPv2 server + description: Something went wrong during connection to CMPv2 server content: application/json: schema: @@ -147,7 +218,7 @@ components: errorMessage: type: string example: "Internal server error" - CertificationModel: + CertificationResponseModel: type: object properties: certificateChain: |