aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--README.md3
-rw-r--r--certService/pom.xml4
-rw-r--r--certService/src/main/java/org/onap/oom/certservice/certification/model/CsrModel.java39
-rw-r--r--certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java2
-rw-r--r--certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java17
-rw-r--r--certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CreateCertRequest.java10
-rw-r--r--certService/src/test/java/org/onap/oom/certservice/certification/CsrModelFactoryTest.java32
-rw-r--r--certService/src/test/java/org/onap/oom/certservice/certification/TestData.java123
-rw-r--r--certService/src/test/java/org/onap/oom/certservice/certification/model/CsrModelTest.java69
-rw-r--r--certService/src/test/java/org/onap/oom/certservice/cmpv2client/Cmpv2ClientTest.java3
-rw-r--r--certService/version.properties2
-rw-r--r--certServiceClient/pom.xml8
-rw-r--r--certServiceClient/src/main/java/org/onap/oom/certservice/client/CertServiceClient.java46
-rw-r--r--certServiceClient/src/main/java/org/onap/oom/certservice/client/api/ExitStatus.java3
-rw-r--r--certServiceClient/src/main/java/org/onap/oom/certservice/client/api/ExitableException.java2
-rw-r--r--certServiceClient/src/main/java/org/onap/oom/certservice/client/certification/CsrFactory.java66
-rw-r--r--certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/factory/AbstractConfigurationFactory.java77
-rw-r--r--certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/factory/ClientConfigurationFactory.java36
-rw-r--r--certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/factory/ConfigurationFactory.java32
-rw-r--r--certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/factory/CsrConfigurationFactory.java48
-rw-r--r--certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/factory/SanMapper.java48
-rw-r--r--certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/model/ClientConfiguration.java14
-rw-r--r--certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/model/CsrConfiguration.java9
-rw-r--r--certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/model/San.java73
-rw-r--r--certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/client/ClientEnvsValueValidators.java33
-rw-r--r--certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/client/OutputTypeValidator.java35
-rw-r--r--certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/csr/CommonNameValidator.java53
-rw-r--r--certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/csr/CsrEnvsValueValidators.java62
-rw-r--r--certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/csr/UriValidator.java69
-rw-r--r--certServiceClient/src/test/java/org/onap/oom/certservice/client/certification/CsrFactoryTest.java25
-rw-r--r--certServiceClient/src/test/java/org/onap/oom/certservice/client/configuration/factory/AbstractConfigurationFactoryTest.java93
-rw-r--r--certServiceClient/src/test/java/org/onap/oom/certservice/client/configuration/factory/ClientConfigurationFactoryTest.java22
-rw-r--r--certServiceClient/src/test/java/org/onap/oom/certservice/client/configuration/factory/CsrConfigurationFactoryTest.java36
-rw-r--r--certServiceClient/src/test/java/org/onap/oom/certservice/client/configuration/factory/SanMapperTest.java77
-rw-r--r--certServiceClient/src/test/java/org/onap/oom/certservice/client/configuration/validation/client/ClientEnvsValueValidatorsTest.java55
-rw-r--r--certServiceClient/src/test/java/org/onap/oom/certservice/client/configuration/validation/client/OutputTypeValidatorTest.java44
-rw-r--r--certServiceClient/src/test/java/org/onap/oom/certservice/client/configuration/validation/csr/CommonNameValidatorTest.java44
-rw-r--r--certServiceClient/src/test/java/org/onap/oom/certservice/client/configuration/validation/csr/CsrEnvsValueValidatorsTest.java122
-rw-r--r--certServiceClient/src/test/java/org/onap/oom/certservice/client/configuration/validation/csr/UriValidatorTest.java164
-rw-r--r--certServiceClient/version.properties2
-rw-r--r--certServiceK8sExternalProvider/README.md3
-rw-r--r--certServiceK8sExternalProvider/deploy/_certificate_example_.yaml8
-rw-r--r--certServiceK8sExternalProvider/deploy/_certificate_example_contains_not_supported_properties.yaml8
-rw-r--r--certServiceK8sExternalProvider/pom.xml25
-rw-r--r--certServiceK8sExternalProvider/src/cmpv2controller/logger/certificate_request_logger.go38
-rw-r--r--certServiceK8sExternalProvider/src/cmpv2controller/logger/certificate_request_logger_test.go7
-rw-r--r--certServiceK8sExternalProvider/src/cmpv2controller/logger/test_resource.go69
-rw-r--r--certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go2
-rw-r--r--certServiceK8sExternalProvider/src/cmpv2provisioner/csr/csr.go3
-rw-r--r--certServiceK8sExternalProvider/src/cmpv2provisioner/csr/csr_test.go6
-rw-r--r--certServicePostProcessor/pom.xml4
-rw-r--r--compose-resources/client-configuration.env2
-rw-r--r--compose-resources/entityprofile_Custom_EndEntity-1356531849.xml179
-rw-r--r--docs/index.rst1
-rw-r--r--docs/sections/change-log.rst262
-rw-r--r--docs/sections/logging.rst2
-rw-r--r--docs/sections/release-notes.rst329
-rw-r--r--docs/sections/usage.rst42
-rw-r--r--pom.xml8
-rw-r--r--releases/2.2.0-container.yaml16
-rw-r--r--version.properties2
61 files changed, 1912 insertions, 806 deletions
diff --git a/README.md b/README.md
index 04c3009d..0f4531f2 100644
--- a/README.md
+++ b/README.md
@@ -7,10 +7,11 @@ More information about the project and all its functionalities you can find unde
https://wiki.onap.org/display/DW/OOM+Certification+Service
```
-Project consists of three submodules:
+Project consists of four submodules:
1. oom-certservice-api
2. oom-certservice-client
3. oom-certservice-post-processor
+4. oom-certservice-k8s-external-provider
Detailed information about submodules can be found in ```README.md``` in their directories.
diff --git a/certService/pom.xml b/certService/pom.xml
index 2c7b5d44..e3e98174 100644
--- a/certService/pom.xml
+++ b/certService/pom.xml
@@ -18,10 +18,10 @@
<parent>
<groupId>org.onap.oom.platform.cert-service</groupId>
<artifactId>oom-certservice</artifactId>
- <version>2.2.0-SNAPSHOT</version>
+ <version>2.3.0-SNAPSHOT</version>
</parent>
<artifactId>oom-certservice-api</artifactId>
- <version>2.2.0-SNAPSHOT</version>
+ <version>2.3.0-SNAPSHOT</version>
<name>oom-certservice-api</name>
<description>OOM Certification Service Api</description>
<packaging>jar</packaging>
diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/model/CsrModel.java b/certService/src/main/java/org/onap/oom/certservice/certification/model/CsrModel.java
index 7cba1949..2573c978 100644
--- a/certService/src/main/java/org/onap/oom/certservice/certification/model/CsrModel.java
+++ b/certService/src/main/java/org/onap/oom/certservice/certification/model/CsrModel.java
@@ -29,11 +29,8 @@ import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
-import java.util.Collections;
-import java.util.List;
-import java.util.Objects;
-import java.util.stream.Collectors;
+import java.util.stream.Collectors;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
@@ -53,10 +50,10 @@ public class CsrModel {
private final X500Name subjectData;
private final PrivateKey privateKey;
private final PublicKey publicKey;
- private final List<String> sans;
+ private final GeneralName[] sans;
public CsrModel(PKCS10CertificationRequest csr, X500Name subjectData, PrivateKey privateKey, PublicKey publicKey,
- List<String> sans) {
+ GeneralName[] sans) {
this.csr = csr;
this.subjectData = subjectData;
this.privateKey = privateKey;
@@ -80,18 +77,24 @@ public class CsrModel {
return publicKey;
}
- public List<String> getSans() {
+ public GeneralName[] getSans() {
return sans;
}
@Override
public String toString() {
- return "Subject: { " + subjectData + " ,SANs: " + sans + " }";
+ return "CSR: { Subject: { " + subjectData + " }, SANs: [" + getSansInReadableFormat() + "] }";
}
- public static class CsrModelBuilder {
+ private String getSansInReadableFormat() {
+ return Arrays.stream(this.sans)
+ .map(generalName -> generalName.getName().toString())
+ .collect(Collectors.joining(", "));
+ }
+ public static class CsrModelBuilder {
private final PKCS10CertificationRequest csr;
+
private final PemObject privateKey;
public CsrModel build() throws DecryptionException {
@@ -99,7 +102,7 @@ public class CsrModel {
X500Name subjectData = getSubjectData();
PrivateKey javaPrivateKey = convertingPemPrivateKeyToJavaSecurityPrivateKey(getPrivateKey());
PublicKey javaPublicKey = convertingPemPublicKeyToJavaSecurityPublicKey(getPublicKey());
- List<String> sans = getSansData();
+ GeneralName[] sans = getSansData();
return new CsrModel(csr, subjectData, javaPrivateKey, javaPublicKey, sans);
}
@@ -125,15 +128,12 @@ public class CsrModel {
return csr.getSubject();
}
- private List<String> getSansData() {
+ private GeneralName[] getSansData() {
if (!isAttrsEmpty() && !isAttrsValuesEmpty()) {
Extensions extensions = Extensions.getInstance(csr.getAttributes()[0].getAttrValues().getObjectAt(0));
- GeneralName[] arrayOfAlternativeNames =
- GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName).getNames();
- return Arrays.stream(arrayOfAlternativeNames).map(GeneralName::getName).map(Objects::toString)
- .collect(Collectors.toList());
+ return GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName).getNames();
}
- return Collections.emptyList();
+ return new GeneralName[0];
}
private boolean isAttrsValuesEmpty() {
@@ -145,7 +145,7 @@ public class CsrModel {
}
private PrivateKey convertingPemPrivateKeyToJavaSecurityPrivateKey(PemObject privateKey)
- throws KeyDecryptionException {
+ throws KeyDecryptionException {
try {
KeyFactory factory = KeyFactory.getInstance("RSA");
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(privateKey.getContent());
@@ -154,9 +154,8 @@ public class CsrModel {
throw new KeyDecryptionException("Converting Private Key failed", e.getCause());
}
}
-
private PublicKey convertingPemPublicKeyToJavaSecurityPublicKey(PemObject publicKey)
- throws KeyDecryptionException {
+ throws KeyDecryptionException {
try {
KeyFactory factory = KeyFactory.getInstance("RSA");
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(publicKey.getContent());
@@ -165,6 +164,6 @@ public class CsrModel {
throw new KeyDecryptionException("Converting Public Key from CSR failed", e.getCause());
}
}
- }
+ }
}
diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java
index f5eddb58..6ff274c5 100644
--- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java
+++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java
@@ -86,7 +86,7 @@ public class CmpClientImpl implements CmpClient {
CmpMessageBuilder.of(CreateCertRequest::new)
.with(CreateCertRequest::setIssuerDn, server.getIssuerDN())
.with(CreateCertRequest::setSubjectDn, csrModel.getSubjectData())
- .with(CreateCertRequest::setSansList, csrModel.getSans())
+ .with(CreateCertRequest::setSansArray, csrModel.getSans())
.with(CreateCertRequest::setSubjectKeyPair, keyPair)
.with(CreateCertRequest::setNotBefore, notBefore)
.with(CreateCertRequest::setNotAfter, notAfter)
diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java
index 844f85be..5c61aa9f 100644
--- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java
+++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java
@@ -31,9 +31,7 @@ import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Signature;
import java.security.SignatureException;
-import java.util.ArrayList;
import java.util.Date;
-import java.util.List;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
@@ -109,11 +107,10 @@ public final class CmpMessageHelper {
*
* @return {@link Extensions}.
*/
- public static Extensions generateExtension(final List<String> sansList)
+ public static Extensions generateExtension(final GeneralName[] sansArray)
throws CmpClientException {
LOG.info("Generating Extensions from Subject Alternative Names");
final ExtensionsGenerator extGenerator = new ExtensionsGenerator();
- final GeneralName[] sansGeneralNames = getGeneralNames(sansList);
// KeyUsage
try {
final KeyUsage keyUsage =
@@ -121,7 +118,7 @@ public final class CmpMessageHelper {
KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.nonRepudiation);
extGenerator.addExtension(Extension.keyUsage, false, new DERBitString(keyUsage));
extGenerator.addExtension(
- Extension.subjectAlternativeName, false, new GeneralNames(sansGeneralNames));
+ Extension.subjectAlternativeName, false, new GeneralNames(sansArray));
} catch (IOException ioe) {
CmpClientException cmpClientException =
new CmpClientException(
@@ -132,16 +129,6 @@ public final class CmpMessageHelper {
return extGenerator.generate();
}
- public static GeneralName[] getGeneralNames(List<String> sansList) {
- final List<GeneralName> nameList = new ArrayList<>();
- for (String san : sansList) {
- nameList.add(new GeneralName(GeneralName.dNSName, san));
- }
- final GeneralName[] sansGeneralNames = new GeneralName[nameList.size()];
- nameList.toArray(sansGeneralNames);
- return sansGeneralNames;
- }
-
/**
* Method generates Proof-of-Possession (POP) of Private Key. To allow a CA/RA to properly
* validity binding between an End Entity and a Key Pair, the PKI Operations specified here make
diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CreateCertRequest.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CreateCertRequest.java
index a0ba13d6..8d82b85b 100644
--- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CreateCertRequest.java
+++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CreateCertRequest.java
@@ -26,7 +26,6 @@ import static org.onap.oom.certservice.cmpv2client.impl.CmpUtil.generatePkiHeade
import java.security.KeyPair;
import java.util.Date;
-import java.util.List;
import org.bouncycastle.asn1.cmp.PKIBody;
import org.bouncycastle.asn1.cmp.PKIHeader;
@@ -37,6 +36,7 @@ import org.bouncycastle.asn1.crmf.CertRequest;
import org.bouncycastle.asn1.crmf.CertTemplateBuilder;
import org.bouncycastle.asn1.crmf.ProofOfPossession;
import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.onap.oom.certservice.cmpv2client.exceptions.CmpClientException;
@@ -48,7 +48,7 @@ class CreateCertRequest {
private X500Name issuerDn;
private X500Name subjectDn;
- private List<String> sansList;
+ private GeneralName[] sansArray;
private KeyPair subjectKeyPair;
private Date notBefore;
private Date notAfter;
@@ -67,8 +67,8 @@ class CreateCertRequest {
this.subjectDn = subjectDn;
}
- public void setSansList(List<String> sansList) {
- this.sansList = sansList;
+ public void setSansArray(GeneralName[] sansArray) {
+ this.sansArray = sansArray;
}
public void setSubjectKeyPair(KeyPair subjectKeyPair) {
@@ -102,7 +102,7 @@ class CreateCertRequest {
new CertTemplateBuilder()
.setIssuer(issuerDn)
.setSubject(subjectDn)
- .setExtensions(CmpMessageHelper.generateExtension(sansList))
+ .setExtensions(CmpMessageHelper.generateExtension(sansArray))
.setValidity(CmpMessageHelper.generateOptionalValidity(notBefore, notAfter))
.setPublicKey(
SubjectPublicKeyInfo.getInstance(subjectKeyPair.getPublic().getEncoded()));
diff --git a/certService/src/test/java/org/onap/oom/certservice/certification/CsrModelFactoryTest.java b/certService/src/test/java/org/onap/oom/certservice/certification/CsrModelFactoryTest.java
index 75a6e81c..88cc6fb8 100644
--- a/certService/src/test/java/org/onap/oom/certservice/certification/CsrModelFactoryTest.java
+++ b/certService/src/test/java/org/onap/oom/certservice/certification/CsrModelFactoryTest.java
@@ -54,18 +54,12 @@ class CsrModelFactoryTest {
// when
CsrModel decryptedCsr = csrModelFactory
- .createCsrModel(new StringBase64(encoderCsr), new StringBase64(encoderPK));
+ .createCsrModel(new StringBase64(encoderCsr), new StringBase64(encoderPK));
- // then
- assertTrue(
- decryptedCsr.toString()
- .contains(
- "C=US,ST=California,L=San-Francisco,O=Linux-Foundation,"
- + "OU=ONAP,CN=onap.org,E=tester@onap.org")
- &&
- decryptedCsr.toString()
- .contains("SANs: [gerrit.onap.org, test.onap.org, onap.com]")
- );
+ assertTrue(decryptedCsr.toString()
+ .contains(TestData.EXPECTED_CERT_SUBJECT));
+ assertTrue(decryptedCsr.toString()
+ .contains(TestData.EXPECTED_CERT_SANS));
}
@Test
@@ -76,8 +70,8 @@ class CsrModelFactoryTest {
// when
Exception exception = assertThrows(
- CsrDecryptionException.class, () -> csrModelFactory
- .createCsrModel(new StringBase64(wrongCsr), new StringBase64(encoderPK))
+ CsrDecryptionException.class, () -> csrModelFactory
+ .createCsrModel(new StringBase64(wrongCsr), new StringBase64(encoderPK))
);
String expectedMessage = "Incorrect CSR, decryption failed";
@@ -95,8 +89,8 @@ class CsrModelFactoryTest {
// when
Exception exception = assertThrows(
- KeyDecryptionException.class, () -> csrModelFactory
- .createCsrModel(new StringBase64(wrongCsr), new StringBase64(encoderPK))
+ KeyDecryptionException.class, () -> csrModelFactory
+ .createCsrModel(new StringBase64(wrongCsr), new StringBase64(encoderPK))
);
String expectedMessage = "Incorrect Key, decryption failed";
@@ -115,8 +109,8 @@ class CsrModelFactoryTest {
// when
Exception exception = assertThrows(
- CsrDecryptionException.class, () -> csrModelFactory
- .createCsrModel(new StringBase64(wrongCsr), new StringBase64(encoderPK))
+ CsrDecryptionException.class, () -> csrModelFactory
+ .createCsrModel(new StringBase64(wrongCsr), new StringBase64(encoderPK))
);
String expectedMessage = "Incorrect CSR, decryption failed";
@@ -134,8 +128,8 @@ class CsrModelFactoryTest {
// when
Exception exception = assertThrows(
- KeyDecryptionException.class, () -> csrModelFactory
- .createCsrModel(new StringBase64(wrongCsr), new StringBase64(encoderPK))
+ KeyDecryptionException.class, () -> csrModelFactory
+ .createCsrModel(new StringBase64(wrongCsr), new StringBase64(encoderPK))
);
String expectedMessage = "Incorrect Key, decryption failed";
diff --git a/certService/src/test/java/org/onap/oom/certservice/certification/TestData.java b/certService/src/test/java/org/onap/oom/certservice/certification/TestData.java
index 81c16128..1c883f8e 100644
--- a/certService/src/test/java/org/onap/oom/certservice/certification/TestData.java
+++ b/certService/src/test/java/org/onap/oom/certservice/certification/TestData.java
@@ -25,71 +25,78 @@ public final class TestData {
private TestData() {
}
- public static final String TEST_CSR = ""
- + "-----BEGIN CERTIFICATE REQUEST-----\n"
- + "MIIDIzCCAgsCAQAwgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh\n"
- + "MRYwFAYDVQQHDA1TYW4tRnJhbmNpc2NvMRkwFwYDVQQKDBBMaW51eC1Gb3VuZGF0\n"
- + "aW9uMQ0wCwYDVQQLDARPTkFQMREwDwYDVQQDDAhvbmFwLm9yZzEeMBwGCSqGSIb3\n"
- + "DQEJARYPdGVzdGVyQG9uYXAub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n"
- + "CgKCAQEA13K1LrQ1L6eL7B8K4kucNct0sSjZe7Ww91V40s6mjcWajeFJk+pObZKz\n"
- + "BfnImkVJwxdNMDD6tX16wykbGfQPyh4BBiAjLVk9XSeoPHFRBQ4LKTuyPtXhEXyr\n"
- + "qwatYXGWZE554qq64pbReddOUJHgMc38SrOk/eMAKxB0uRrXpA0mPH7zwIZ4X8g2\n"
- + "PoxJKI1BSYc8kOvvujsGSMw3e5nS8A+doFUwVi3jJMnaVCoZrvJbtREfXHZqBLQ5\n"
- + "XQ8mNpIFfmGYF/tvW/O6LBdlZkuAQ9i4FBgf5+HdIVZOXrn09ksIZxW6vxIvAVi0\n"
- + "5AOSgXictyphcNP2i/erBeCQCVB7MwIDAQABoEYwRAYJKoZIhvcNAQkOMTcwNTAz\n"
- + "BgNVHREELDAqgg9nZXJyaXQub25hcC5vcmeCDXRlc3Qub25hcC5vcmeCCG9uYXAu\n"
- + "Y29tMA0GCSqGSIb3DQEBCwUAA4IBAQBXH2nRwodQRJTuyrLe/VSg3PUdcPyAx2Ew\n"
- + "63tWiGO+qWo8rK2a9Rr/t/zkQe2lx6NHqcMc2Rt6NeKGbrAvHGxTiYM35gktBdxG\n"
- + "UaQS1ymrBWHAwbC+kv78r+5lCfafNm/EVdhUZbEw+crsw2wx4iKEW0byS4Ln0o5g\n"
- + "aXVUW3i4G5FaYiYBUIDsujDdnH1IoxunEA6pDzDv1h6R9/TYu6Se8HToREIjOPBZ\n"
- + "pDI5lDRu0YmI8r+TmAU3tTT1sY2WVxYDnhJut9ofegfMPQV4FIohxtPcCfoLSWti\n"
- + "ml6jbcFqDvlzq3B3CXH9HU3jdJt33iSjCQGsSqy6bmCOdMS6XTPU\n"
- + "-----END CERTIFICATE REQUEST-----\n";
+ public static final String LOCALHOST_IP_IN_HEX = "#7f000001"; //127.0.0.1
+
+ public static final String EXPECTED_CERT_SUBJECT = "C=US,ST=California,L=San-Francisco,O=Linux-Foundation,OU=ONAP,CN=onap.org";
+ public static final String EXPECTED_CERT_SANS =
+ "SANs: [localhost, onap.org, test.onap.org, onap@onap.org, " + LOCALHOST_IP_IN_HEX + ", onap://cluster.local/]";
+
+
+ public static final String TEST_CSR = "-----BEGIN CERTIFICATE REQUEST-----\n"
+ + "MIIDNTCCAh0CAQAwdzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEx\n"
+ + "FjAUBgNVBAcTDVNhbi1GcmFuY2lzY28xGTAXBgNVBAoTEExpbnV4LUZvdW5kYXRp\n"
+ + "b24xDTALBgNVBAsTBE9OQVAxETAPBgNVBAMTCG9uYXAub3JnMIIBIjANBgkqhkiG\n"
+ + "9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxRYVFOosyABMq+yANz9phmYyfmHbw9F9r3Ca\n"
+ + "v1oZ2xw1LbF2HGBq8F45nXfMjX2H+Lxk8m/XmIDb+9lzINU6J6xmDrKZiiif5ORa\n"
+ + "oRENfQZNWkAWPguWyKGtHk6ueeSjS8D0SWwloc1g0hB3GREffocuJ24K+t2nXglf\n"
+ + "7XVgmHxjiE8k+pD3SUo5rA7Fx1TmLguEA8aCRGaYg/aofCNe9hDm34iqUzm5tPPQ\n"
+ + "OgR3Lpqx2JW0iJYbQXmX3cG/RE0qFl+rgrNhCd8ptX7IUiWtQmttssR3bE8JVgaf\n"
+ + "x9EU9GZ5dZXifSFJzs42UY7X6DPiQDFerfWRNc3dRTYBlkbTiwIDAQABoHkwdwYJ\n"
+ + "KoZIhvcNAQkOMWowaDBZBgNVHREEUjBQgglsb2NhbGhvc3SCCG9uYXAub3Jngg10\n"
+ + "ZXN0Lm9uYXAub3JngQ1vbmFwQG9uYXAub3JnhwR/AAABhhVvbmFwOi8vY2x1c3Rl\n"
+ + "ci5sb2NhbC8wCwYDVR0PBAQDAgWgMA0GCSqGSIb3DQEBCwUAA4IBAQAk9lRwbWyL\n"
+ + "VRWSM5cBiRK2nCKhfur20khHFQgYcPAD8BRXEk5/F0KBSBMNGMrBgOYqq3IYsoMc\n"
+ + "mvs9KKVqIV3+lBej2QTF3cxdHYPTrCvvkoheMYt5qqjkrQRbiydzj7/wvflmBXs1\n"
+ + "7TViU+TqoJ8q5DWTEvv0X5t/WF6sSIxFHHKD7otDXPW5CAeqXO5A99bTrSiXmVAH\n"
+ + "72/n/JFHueURv+NbpHyBNXweezNnB5BDrrqduabkhn31ThA0wzePDNR02aXwxxHn\n"
+ + "77sSa3iuAN3IaVWYfxCOX4fEw8F+wMAAMTiWItM8Lc9DT5rsYeRHAZmOMVEnowc2\n"
+ + "3eKLFeWDIi2Z\n"
+ + "-----END CERTIFICATE REQUEST-----\n";
public static final String TEST_WRONG_CSR = ""
- + "-----BEGIN CERTIFICATE REQUEST-----\n"
- + "MIIDIzCCAgsCAQAwgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh\n"
- + "MRYwFAYDVQQHDA1TYW4tRnJhbmNpc2NvMRkwFwYDVQQKDBBMaW51eC1Gb3VuZGF0\n"
- + "aW9uMQ0wCwYDVQQLDARPTkFQMREwDwYDVQQDDAhvbmFwLm9yZzEeMBwGCSqGSIb3\n"
- + "-----END CERTIFICATE REQUEST-----\n";
+ + "-----BEGIN CERTIFICATE REQUEST-----\n"
+ + "MIIDIzCCAgsCAQAwgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh\n"
+ + "MRYwFAYDVQQHDA1TYW4tRnJhbmNpc2NvMRkwFwYDVQQKDBBMaW51eC1Gb3VuZGF0\n"
+ + "aW9uMQ0wCwYDVQQLDARPTkFQMREwDwYDVQQDDAhvbmFwLm9yZzEeMBwGCSqGSIb3\n"
+ + "-----END CERTIFICATE REQUEST-----\n";
public static final String TEST_PK = "-----BEGIN PRIVATE KEY-----\n"
- + "MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDXcrUutDUvp4vs\n"
- + "HwriS5w1y3SxKNl7tbD3VXjSzqaNxZqN4UmT6k5tkrMF+ciaRUnDF00wMPq1fXrD\n"
- + "KRsZ9A/KHgEGICMtWT1dJ6g8cVEFDgspO7I+1eERfKurBq1hcZZkTnniqrriltF5\n"
- + "105QkeAxzfxKs6T94wArEHS5GtekDSY8fvPAhnhfyDY+jEkojUFJhzyQ6++6OwZI\n"
- + "zDd7mdLwD52gVTBWLeMkydpUKhmu8lu1ER9cdmoEtDldDyY2kgV+YZgX+29b87os\n"
- + "F2VmS4BD2LgUGB/n4d0hVk5eufT2SwhnFbq/Ei8BWLTkA5KBeJy3KmFw0/aL96sF\n"
- + "4JAJUHszAgMBAAECggEAJ1StdsU3IGf5xzUzi3Q6JCfsOZs3eLoGgGB+Gh3XkfIM\n"
- + "8PG7uOEBSEeLnv+me2NCv/a1BKMsYY1yp8YNSIOhjkhD75ZWVaUA6syejcox/DZA\n"
- + "G1rmg0oQOF0GCcbCSBOwXMdmwNZiH5Ng0llX1qWKxAzSjeCVsjOKiFIMvO4Fh9D4\n"
- + "9Io6/dRRNCxB6MEs1GT5IDfCV2PGDIalJ3znFqDnfdu9RDEDfNVHSUr6Jdu3Hrf5\n"
- + "3qCcSEkMGuXYLotCNtTP1x0H0wW5gVpcbQEb29qdmHL1qkp3UiA3afsHnO/3k0gv\n"
- + "gV5FxaldugyZAjqUGERdKaY6BMDJkDuu0qD0tPQK4QKBgQDuP5X5BcQ4iHNej+il\n"
- + "xxT8QaEcZj0YEzcXzfm3ztZP7g+Jc1MbQXh6BuHLkXG5LeCwdnmk+LUD0MLoUSm3\n"
- + "N2ZdtVuOHX7VEBrhrTwK/kMDpC7ganQzfvgOr9WQGmgGMRiUYAyK1J/x78yX967Z\n"
- + "IAzdVZ/JSDdsyA983JckLL7CPQKBgQDngDkEJKYGfDt2mfItD8c8nhczGbDdoyYh\n"
- + "s93ppTtgzFoNgFL4y/DOvisWMGgoeeYXSgH5uoPv6yY7IIkQzYySY6qQ3gmk1/X+\n"
- + "bO+IsKVtlHBzqqojFteg3MfVojisMoAx6y5aBw1BXE2nAU8yWBTtuk+3KgGn9Oxk\n"
- + "+Z4rdP06LwKBgA4b09zIW6NhaTubWBKhJHv/wvO0lj+bu7J8LyKUbBqVpXPlUXGW\n"
- + "wfSv/aUZetuVfO3WRkPfupB8R16Ml+TSsgwwljhnRMCHUKA2qwyXnA5WJbSCeVkn\n"
- + "Vrc/8Gy1M53SQHtg6L079DDWm44QS9ltzXU6Adlgnm+htVEWmxi4UZ+dAoGAfr6z\n"
- + "+LG7+GcCA2AruEIgOe7wErkpHV+am+8nOymMxeV8FFJCmxbFQ9vYKTDdhfOfZvbM\n"
- + "+BYG8E8VQmAAyyNOqENK+j+mlgrrEp4/0t2r5L/VhW5V8hoqelcGTc+gKZ8IkswJ\n"
- + "N58Owc8wcJQF8TFKXBGaXVTxTSyKVIpZ778AeV8CgYAAvuicDkdwWv5EhDFf3aTI\n"
- + "wfRFYflA6oiygnI63HzVyY4a+SyZs+nQpB5HBDo+Lyz8RaVRC5E7jQ8kiXJpxAu7\n"
- + "1wnspz+pa3q61yR32N+zGuub71FXdLWSOlys6rzJqvqYihKxY22C2TyDyBCR2tMj\n"
- + "mdnshXNAJfKkfghkJhFHrg==\n"
- + "-----END PRIVATE KEY-----";
+ + "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDFFhUU6izIAEyr\n"
+ + "7IA3P2mGZjJ+YdvD0X2vcJq/WhnbHDUtsXYcYGrwXjmdd8yNfYf4vGTyb9eYgNv7\n"
+ + "2XMg1TonrGYOspmKKJ/k5FqhEQ19Bk1aQBY+C5bIoa0eTq555KNLwPRJbCWhzWDS\n"
+ + "EHcZER9+hy4nbgr63adeCV/tdWCYfGOITyT6kPdJSjmsDsXHVOYuC4QDxoJEZpiD\n"
+ + "9qh8I172EObfiKpTObm089A6BHcumrHYlbSIlhtBeZfdwb9ETSoWX6uCs2EJ3ym1\n"
+ + "fshSJa1Ca22yxHdsTwlWBp/H0RT0Znl1leJ9IUnOzjZRjtfoM+JAMV6t9ZE1zd1F\n"
+ + "NgGWRtOLAgMBAAECggEABG7Etp21uCHZl5xQHe39L5qo1BLbYIIbs5Byyo76OeVe\n"
+ + "hNKS93xrq1BTN2l0XlJOdpe2JYXCcZmkWPvBDSH+ltnXycjWjzbusbU5HJpHlWJI\n"
+ + "5xi951NXZtfMDvxyDCfKTG/gjq4yAnueC9t28kdiT/Q2Y4ikEpRdqU3IrIyRSZyo\n"
+ + "duBWfr3ADU5xxnWcTt61vpAQsYh4XiwosyBhXTwsMnWgRkOr6e4Vu2J+wL6vUid7\n"
+ + "7VOr8PtOu73CjYA7zIy0XSOrRq5Q3H7eGgyln0AQtaO0qO2COJHa6cv3yIgesSUL\n"
+ + "8ltiWAGiZZ6qZ72B3tDnKmoEkuvE1/KpeitewGcKkQKBgQDxqHR9IJBOBRjjmyKi\n"
+ + "ra54mJjKwHQ5dxJQpVFLEIRL2H3ujjRNH3ggLAOiH02TqZGS3fnTsTsApnkpy5J/\n"
+ + "qtysjV0SFxP0gprQQ1wM64NWTaeDAt9lXII918YrALAAR86ikrTxOyoS1kqOSEmX\n"
+ + "QZu3VrgkAvs+V5ckvEXjZWxO1wKBgQDQyHErT7aJeUBukj6skahnzhmVNTmjsn3P\n"
+ + "zyy/cOmBz8wn7JsxgTdpWETpHOVsO0G5wg9Ts7V3Krh6AmrEf/6/NlWLdygDfIvM\n"
+ + "9Jxc8D2dLEUUm18jw15tEsQtItj3Rt0e5GJiQO1rNBMb+2Q8FDlX1tu0xgMMZ4En\n"
+ + "izjnAEKObQKBgHnWZrTXgCn14/CNPM8sJfTjatV+Zpq6b999GhlwgGMFCakGxVPE\n"
+ + "8/m0dzh7887pBV440EZs6sSPKjNqUbhQWuYcd7oxLHxwhMFP1M8mxpbym+wvvJYM\n"
+ + "KBYp/d2cgSADFClfMh8Vp0bMB9bol0HNcEblT/3ICwgJfUimK85USmENAoGBAMnl\n"
+ + "O0LF19/C6CLEu2THihGvxR97k9yPy4f8cOpD9xq35lWpQT4zFXGCkUjXz6fE+b73\n"
+ + "QTkQ7GdrYW9jDPouSBuCIGE4ffI5KzusQ9S/4OUvnTHbObpsv9A8OIbpTuR4m3W3\n"
+ + "JsiavrxPZDdH99r9N6KQvG9omCQTp1qlEAaaQsJVAoGBAO4ccgmzbku62OKLIAqy\n"
+ + "JN4Z8i9PaCEPgqfs0THMIKuj1l8FO723zTZMwsBWgZ4Gd32EbYW9tbwvLblGdd6H\n"
+ + "xAXLfLjRWefKm6i2iIdkeNMJmTTCYjHFyoTe84Miq9d3cEnW7s055Pm1uxRPXYk+\n"
+ + "GFRpHltg2qX2u6M8ryskAMah\n"
+ + "-----END PRIVATE KEY-----\n";
public static final String TEST_PEM = ""
- + "-----BEGIN CERTIFICATE REQUEST-----\n"
- + "MIIDIzCCAgsCAQAwgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh\n"
- + "-----END CERTIFICATE REQUEST-----\n";
+ + "-----BEGIN CERTIFICATE REQUEST-----\n"
+ + "MIIDIzCCAgsCAQAwgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh\n"
+ + "-----END CERTIFICATE REQUEST-----\n";
public static final String TEST_WRONG_PEM = ""
- + "-----BEGIN WRONG REQUEST-----"
- + "MIIDIzCCAgsCAQAwgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh"
- + "-----END WRONG REQUEST-----";
+ + "-----BEGIN WRONG REQUEST-----"
+ + "MIIDIzCCAgsCAQAwgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh"
+ + "-----END WRONG REQUEST-----";
}
diff --git a/certService/src/test/java/org/onap/oom/certservice/certification/model/CsrModelTest.java b/certService/src/test/java/org/onap/oom/certservice/certification/model/CsrModelTest.java
index 7981b271..84c1cca0 100644
--- a/certService/src/test/java/org/onap/oom/certservice/certification/model/CsrModelTest.java
+++ b/certService/src/test/java/org/onap/oom/certservice/certification/model/CsrModelTest.java
@@ -20,12 +20,16 @@
package org.onap.oom.certservice.certification.model;
+import java.util.Arrays;
+import java.util.List;
+import java.util.stream.Collectors;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.util.io.pem.PemObject;
import org.junit.jupiter.api.Test;
import org.onap.oom.certservice.certification.Pkcs10CertificationRequestFactory;
import org.onap.oom.certservice.certification.PemObjectFactory;
+import org.onap.oom.certservice.certification.TestData;
import org.onap.oom.certservice.certification.exception.CsrDecryptionException;
import org.onap.oom.certservice.certification.exception.DecryptionException;
import org.onap.oom.certservice.certification.exception.KeyDecryptionException;
@@ -37,6 +41,7 @@ import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
+import static org.onap.oom.certservice.certification.TestData.LOCALHOST_IP_IN_HEX;
import static org.onap.oom.certservice.certification.TestData.TEST_CSR;
import static org.onap.oom.certservice.certification.TestData.TEST_PEM;
import static org.onap.oom.certservice.certification.TestData.TEST_PK;
@@ -45,9 +50,9 @@ import static org.onap.oom.certservice.certification.TestData.TEST_PK;
class CsrModelTest {
private final Pkcs10CertificationRequestFactory certificationRequestFactory
- = new Pkcs10CertificationRequestFactory();
+ = new Pkcs10CertificationRequestFactory();
private final PemObjectFactory pemObjectFactory
- = new PemObjectFactory();
+ = new PemObjectFactory();
@Test
void shouldByConstructedAndReturnProperFields() throws DecryptionException, IOException {
@@ -58,20 +63,22 @@ class CsrModelTest {
// When
CsrModel csrModel = generateTestCsrModel(testCsr);
-
+ List<String> sansList = Arrays.stream(csrModel.getSans())
+ .map(generalName -> generalName.getName().toString())
+ .collect(Collectors.toList());
// Then
assertThat(csrModel.getCsr())
- .isEqualTo(testCsr);
+ .isEqualTo(testCsr);
assertThat(csrModel.getPrivateKey().getEncoded())
- .contains(testPrivateKey.getContent());
+ .contains(testPrivateKey.getContent());
assertThat(csrModel.getPublicKey().getEncoded())
- .contains(testPublicKey.getContent());
- assertThat(csrModel.getSans())
- .contains(
- "gerrit.onap.org", "test.onap.org", "onap.com");
+ .contains(testPublicKey.getContent());
+ assertThat(sansList)
+ .contains("localhost", "onap.org", "test.onap.org", "onap@onap.org", LOCALHOST_IP_IN_HEX,
+ "onap://cluster.local/");
+
assertThat(csrModel.getSubjectData().toString())
- .contains(
- "C=US,ST=California,L=San-Francisco,O=Linux-Foundation,OU=ONAP,CN=onap.org,E=tester@onap.org");
+ .contains(TestData.EXPECTED_CERT_SUBJECT);
}
@Test
@@ -81,14 +88,14 @@ class CsrModelTest {
PKCS10CertificationRequest testCsr = mock(PKCS10CertificationRequest.class);
SubjectPublicKeyInfo wrongKryInfo = mock(SubjectPublicKeyInfo.class);
when(testCsr.getSubjectPublicKeyInfo())
- .thenReturn(wrongKryInfo);
+ .thenReturn(wrongKryInfo);
when(wrongKryInfo.getEncoded())
- .thenThrow(new IOException());
+ .thenThrow(new IOException());
// When
Exception exception = assertThrows(
- CsrDecryptionException.class,
- () -> new CsrModel.CsrModelBuilder(testCsr, testPrivateKey).build()
+ CsrDecryptionException.class,
+ () -> new CsrModel.CsrModelBuilder(testCsr, testPrivateKey).build()
);
String expectedMessage = "Reading Public Key from CSR failed";
@@ -105,14 +112,14 @@ class CsrModelTest {
PKCS10CertificationRequest testCsr = mock(PKCS10CertificationRequest.class);
SubjectPublicKeyInfo wrongKryInfo = mock(SubjectPublicKeyInfo.class);
when(testCsr.getSubjectPublicKeyInfo())
- .thenReturn(wrongKryInfo);
+ .thenReturn(wrongKryInfo);
when(wrongKryInfo.getEncoded())
- .thenThrow(new IOException());
+ .thenThrow(new IOException());
// When
Exception exception = assertThrows(
- KeyDecryptionException.class,
- () -> new CsrModel.CsrModelBuilder(testCsr, testPrivateKey).build()
+ KeyDecryptionException.class,
+ () -> new CsrModel.CsrModelBuilder(testCsr, testPrivateKey).build()
);
String expectedMessage = "Converting Private Key failed";
@@ -130,14 +137,14 @@ class CsrModelTest {
PKCS10CertificationRequest testCsr = mock(PKCS10CertificationRequest.class);
SubjectPublicKeyInfo wrongKryInfo = mock(SubjectPublicKeyInfo.class);
when(testCsr.getSubjectPublicKeyInfo())
- .thenReturn(wrongKryInfo);
+ .thenReturn(wrongKryInfo);
when(wrongKryInfo.getEncoded())
- .thenReturn(testPublicKey.getContent());
+ .thenReturn(testPublicKey.getContent());
// When
Exception exception = assertThrows(
- KeyDecryptionException.class,
- () -> new CsrModel.CsrModelBuilder(testCsr, testPrivateKey).build()
+ KeyDecryptionException.class,
+ () -> new CsrModel.CsrModelBuilder(testCsr, testPrivateKey).build()
);
String expectedMessage = "Converting Public Key from CSR failed";
@@ -150,20 +157,20 @@ class CsrModelTest {
private PemObject getPemPrivateKey() throws KeyDecryptionException {
PemObjectFactory pemObjectFactory = new PemObjectFactory();
return pemObjectFactory.createPemObject(TEST_PK).orElseThrow(
- () -> new KeyDecryptionException("Private key decoding fail")
+ () -> new KeyDecryptionException("Private key decoding fail")
);
}
private PemObject getPemWrongKey() throws KeyDecryptionException {
PemObjectFactory pemObjectFactory = new PemObjectFactory();
return pemObjectFactory.createPemObject(TEST_PEM).orElseThrow(
- () -> new KeyDecryptionException("Private key decoding fail")
+ () -> new KeyDecryptionException("Private key decoding fail")
);
}
private CsrModel generateTestCsrModel(PKCS10CertificationRequest testCsr) throws DecryptionException {
PemObject testPrivateKey = pemObjectFactory.createPemObject(TEST_PK).orElseThrow(
- () -> new DecryptionException("Incorrect Private Key, decryption failed")
+ () -> new DecryptionException("Incorrect Private Key, decryption failed")
);
return new CsrModel.CsrModelBuilder(testCsr, testPrivateKey).build();
}
@@ -175,11 +182,11 @@ class CsrModelTest {
private PKCS10CertificationRequest generateTestCertificationRequest() throws DecryptionException {
return pemObjectFactory.createPemObject(TEST_CSR)
- .flatMap(
- certificationRequestFactory::createPkcs10CertificationRequest
- ).orElseThrow(
- () -> new DecryptionException("Incorrect CSR, decryption failed")
- );
+ .flatMap(
+ certificationRequestFactory::createPkcs10CertificationRequest
+ ).orElseThrow(
+ () -> new DecryptionException("Incorrect CSR, decryption failed")
+ );
}
}
diff --git a/certService/src/test/java/org/onap/oom/certservice/cmpv2client/Cmpv2ClientTest.java b/certService/src/test/java/org/onap/oom/certservice/cmpv2client/Cmpv2ClientTest.java
index 984e8c77..b09025b2 100644
--- a/certService/src/test/java/org/onap/oom/certservice/cmpv2client/Cmpv2ClientTest.java
+++ b/certService/src/test/java/org/onap/oom/certservice/cmpv2client/Cmpv2ClientTest.java
@@ -52,6 +52,7 @@ import org.apache.http.impl.client.CloseableHttpClient;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
+import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
@@ -273,7 +274,7 @@ class Cmpv2ClientTest {
}
private void setCsrModelAndServerValues(String iak, String rv, String externalCaUrl, Date notBefore, Date notAfter) {
- csrModel = new CsrModel(null, dn, keyPair.getPrivate(), keyPair.getPublic(), Collections.emptyList());
+ csrModel = new CsrModel(null, dn, keyPair.getPrivate(), keyPair.getPublic(), new GeneralName[0]);
Authentication authentication = new Authentication();
authentication.setIak(iak);
diff --git a/certService/version.properties b/certService/version.properties
index 3ad2137c..8d40756c 100644
--- a/certService/version.properties
+++ b/certService/version.properties
@@ -1,5 +1,5 @@
major=2
-minor=2
+minor=3
patch=0
base_version=${major}.${minor}.${patch}
release_version=${base_version}
diff --git a/certServiceClient/pom.xml b/certServiceClient/pom.xml
index 9201b813..d0cb5bd1 100644
--- a/certServiceClient/pom.xml
+++ b/certServiceClient/pom.xml
@@ -18,12 +18,12 @@
<parent>
<artifactId>oom-certservice</artifactId>
<groupId>org.onap.oom.platform.cert-service</groupId>
- <version>2.2.0-SNAPSHOT</version>
+ <version>2.3.0-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>oom-certservice-client</artifactId>
- <version>2.2.0-SNAPSHOT</version>
+ <version>2.3.0-SNAPSHOT</version>
<name>oom-certservice-client</name>
<description>OOM Certification Service Api Client</description>
<packaging>jar</packaging>
@@ -162,6 +162,10 @@
<artifactId>commons-lang3</artifactId>
</dependency>
<dependency>
+ <groupId>commons-validator</groupId>
+ <artifactId>commons-validator</artifactId>
+ </dependency>
+ <dependency>
<groupId>org.assertj</groupId>
<artifactId>assertj-core</artifactId>
</dependency>
diff --git a/certServiceClient/src/main/java/org/onap/oom/certservice/client/CertServiceClient.java b/certServiceClient/src/main/java/org/onap/oom/certservice/client/CertServiceClient.java
index d115380f..afa38b99 100644
--- a/certServiceClient/src/main/java/org/onap/oom/certservice/client/CertServiceClient.java
+++ b/certServiceClient/src/main/java/org/onap/oom/certservice/client/CertServiceClient.java
@@ -19,6 +19,13 @@
package org.onap.oom.certservice.client;
+import static org.onap.oom.certservice.client.api.ExitStatus.SUCCESS;
+import static org.onap.oom.certservice.client.certification.EncryptionAlgorithmConstants.KEY_SIZE;
+import static org.onap.oom.certservice.client.certification.EncryptionAlgorithmConstants.RSA_ENCRYPTION_ALGORITHM;
+
+import java.security.KeyPair;
+import javax.net.ssl.SSLContext;
+import org.onap.oom.certservice.client.api.ExitStatus;
import org.onap.oom.certservice.client.api.ExitableException;
import org.onap.oom.certservice.client.certification.ArtifactsCreatorProvider;
import org.onap.oom.certservice.client.certification.CsrFactory;
@@ -30,22 +37,18 @@ import org.onap.oom.certservice.client.configuration.EnvsForCsr;
import org.onap.oom.certservice.client.configuration.EnvsForTls;
import org.onap.oom.certservice.client.configuration.factory.ClientConfigurationFactory;
import org.onap.oom.certservice.client.configuration.factory.CsrConfigurationFactory;
+import org.onap.oom.certservice.client.configuration.factory.SanMapper;
import org.onap.oom.certservice.client.configuration.factory.SslContextFactory;
import org.onap.oom.certservice.client.configuration.model.ClientConfiguration;
import org.onap.oom.certservice.client.configuration.model.CsrConfiguration;
+import org.onap.oom.certservice.client.configuration.validation.client.OutputTypeValidator;
+import org.onap.oom.certservice.client.configuration.validation.csr.CommonNameValidator;
import org.onap.oom.certservice.client.httpclient.CloseableHttpsClientProvider;
import org.onap.oom.certservice.client.httpclient.HttpClient;
import org.onap.oom.certservice.client.httpclient.model.CertServiceResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import javax.net.ssl.SSLContext;
-import java.security.KeyPair;
-
-import static org.onap.oom.certservice.client.api.ExitStatus.SUCCESS;
-import static org.onap.oom.certservice.client.certification.EncryptionAlgorithmConstants.KEY_SIZE;
-import static org.onap.oom.certservice.client.certification.EncryptionAlgorithmConstants.RSA_ENCRYPTION_ALGORITHM;
-
public class CertServiceClient {
private static final Logger LOGGER = LoggerFactory.getLogger(CertServiceClient.class);
@@ -61,32 +64,37 @@ public class CertServiceClient {
PrivateKeyToPemEncoder pkEncoder = new PrivateKeyToPemEncoder();
Base64Encoder base64Encoder = new Base64Encoder();
try {
- ClientConfiguration clientConfiguration = new ClientConfigurationFactory(new EnvsForClient()).create();
- CsrConfiguration csrConfiguration = new CsrConfigurationFactory(new EnvsForCsr()).create();
+ ClientConfiguration clientConfiguration = new ClientConfigurationFactory(new EnvsForClient(),
+ new OutputTypeValidator()).create();
+ CsrConfiguration csrConfiguration = new CsrConfigurationFactory(new EnvsForCsr(), new CommonNameValidator(),
+ new SanMapper()).create();
KeyPair keyPair = keyPairFactory.create();
CsrFactory csrFactory = new CsrFactory(csrConfiguration);
SSLContext sslContext = new SslContextFactory(new EnvsForTls()).create();
CloseableHttpsClientProvider provider = new CloseableHttpsClientProvider(
- sslContext, clientConfiguration.getRequestTimeout());
+ sslContext, clientConfiguration.getRequestTimeoutInMs());
HttpClient httpClient = new HttpClient(provider, clientConfiguration.getUrlToCertService());
CertServiceResponse certServiceData =
- httpClient.retrieveCertServiceData(
- clientConfiguration.getCaName(),
- base64Encoder.encode(csrFactory.createCsrInPem(keyPair)),
- base64Encoder.encode(pkEncoder.encodePrivateKeyToPem(keyPair.getPrivate())));
+ httpClient.retrieveCertServiceData(
+ clientConfiguration.getCaName(),
+ base64Encoder.encode(csrFactory.createCsrInPem(keyPair)),
+ base64Encoder.encode(pkEncoder.encodePrivateKeyToPem(keyPair.getPrivate())));
ArtifactsCreatorProvider
- .get(clientConfiguration.getOutputType(),
- clientConfiguration.getCertsOutputPath())
- .create(certServiceData.getCertificateChain(),
- certServiceData.getTrustedCertificates(),
- keyPair.getPrivate());
+ .get(clientConfiguration.getOutputType(),
+ clientConfiguration.getCertsOutputPath())
+ .create(certServiceData.getCertificateChain(),
+ certServiceData.getTrustedCertificates(),
+ keyPair.getPrivate());
} catch (ExitableException e) {
LOGGER.error("Cert Service Client fails in execution: ", e);
appExitHandler.exit(e.applicationExitStatus());
+ } catch (Exception e) {
+ LOGGER.error("Application failed (unexpected error): ", e);
+ appExitHandler.exit(ExitStatus.UNEXPECTED_EXCEPTION);
}
appExitHandler.exit(SUCCESS);
}
diff --git a/certServiceClient/src/main/java/org/onap/oom/certservice/client/api/ExitStatus.java b/certServiceClient/src/main/java/org/onap/oom/certservice/client/api/ExitStatus.java
index 1b1cc066..8ef79167 100644
--- a/certServiceClient/src/main/java/org/onap/oom/certservice/client/api/ExitStatus.java
+++ b/certServiceClient/src/main/java/org/onap/oom/certservice/client/api/ExitStatus.java
@@ -31,7 +31,8 @@ public enum ExitStatus {
PEM_CONVERSION_EXCEPTION(7, "Fail in PEM conversion"),
PK_TO_PEM_ENCODING_EXCEPTION(8, "Fail in Private Key to PEM Encoding"),
TLS_CONFIGURATION_EXCEPTION(9, "Invalid TLS configuration"),
- FILE_CREATION_EXCEPTION(10, "File could not be created");
+ FILE_CREATION_EXCEPTION(10, "File could not be created"),
+ UNEXPECTED_EXCEPTION(99, "Application exited abnormally");
private final int value;
private final String message;
diff --git a/certServiceClient/src/main/java/org/onap/oom/certservice/client/api/ExitableException.java b/certServiceClient/src/main/java/org/onap/oom/certservice/client/api/ExitableException.java
index ab7a308b..d488843f 100644
--- a/certServiceClient/src/main/java/org/onap/oom/certservice/client/api/ExitableException.java
+++ b/certServiceClient/src/main/java/org/onap/oom/certservice/client/api/ExitableException.java
@@ -19,7 +19,7 @@
package org.onap.oom.certservice.client.api;
-public abstract class ExitableException extends Exception {
+public abstract class ExitableException extends RuntimeException {
public ExitableException(Throwable cause) {
super(cause);
}
diff --git a/certServiceClient/src/main/java/org/onap/oom/certservice/client/certification/CsrFactory.java b/certServiceClient/src/main/java/org/onap/oom/certservice/client/certification/CsrFactory.java
index ac517be4..1215e699 100644
--- a/certServiceClient/src/main/java/org/onap/oom/certservice/client/certification/CsrFactory.java
+++ b/certServiceClient/src/main/java/org/onap/oom/certservice/client/certification/CsrFactory.java
@@ -19,6 +19,21 @@
package org.onap.oom.certservice.client.certification;
+import static org.onap.oom.certservice.client.certification.EncryptionAlgorithmConstants.COMMON_NAME;
+import static org.onap.oom.certservice.client.certification.EncryptionAlgorithmConstants.COUNTRY;
+import static org.onap.oom.certservice.client.certification.EncryptionAlgorithmConstants.LOCATION;
+import static org.onap.oom.certservice.client.certification.EncryptionAlgorithmConstants.ORGANIZATION;
+import static org.onap.oom.certservice.client.certification.EncryptionAlgorithmConstants.ORGANIZATION_UNIT;
+import static org.onap.oom.certservice.client.certification.EncryptionAlgorithmConstants.SIGN_ALGORITHM;
+import static org.onap.oom.certservice.client.certification.EncryptionAlgorithmConstants.STATE;
+
+import java.io.IOException;
+import java.io.StringWriter;
+import java.security.KeyPair;
+import java.util.List;
+import java.util.Optional;
+import java.util.stream.Collectors;
+import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
@@ -33,28 +48,14 @@ import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.onap.oom.certservice.client.certification.exception.CsrGenerationException;
import org.onap.oom.certservice.client.configuration.model.CsrConfiguration;
+import org.onap.oom.certservice.client.configuration.model.San;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import javax.security.auth.x500.X500Principal;
-import java.io.IOException;
-import java.io.StringWriter;
-import java.security.KeyPair;
-import java.util.Optional;
-
-import static org.onap.oom.certservice.client.certification.EncryptionAlgorithmConstants.COMMON_NAME;
-import static org.onap.oom.certservice.client.certification.EncryptionAlgorithmConstants.COUNTRY;
-import static org.onap.oom.certservice.client.certification.EncryptionAlgorithmConstants.LOCATION;
-import static org.onap.oom.certservice.client.certification.EncryptionAlgorithmConstants.ORGANIZATION;
-import static org.onap.oom.certservice.client.certification.EncryptionAlgorithmConstants.ORGANIZATION_UNIT;
-import static org.onap.oom.certservice.client.certification.EncryptionAlgorithmConstants.SIGN_ALGORITHM;
-import static org.onap.oom.certservice.client.certification.EncryptionAlgorithmConstants.STATE;
-
public class CsrFactory {
private static final Logger LOGGER = LoggerFactory.getLogger(CsrFactory.class);
- private static final String SANS_DELIMITER = ":";
private final CsrConfiguration configuration;
@@ -75,27 +76,29 @@ public class CsrFactory {
private StringBuilder getMandatoryParameters() {
return new StringBuilder(String.format("%s=%s, %s=%s, %s=%s, %s=%s",
- COMMON_NAME, configuration.getCommonName(),
- COUNTRY, configuration.getCountry(),
- STATE, configuration.getState(),
- ORGANIZATION, configuration.getOrganization()));
+ COMMON_NAME, configuration.getCommonName(),
+ COUNTRY, configuration.getCountry(),
+ STATE, configuration.getState(),
+ ORGANIZATION, configuration.getOrganization()));
}
private String getOptionalParameters() {
StringBuilder optionalParameters = new StringBuilder();
Optional.ofNullable(configuration.getOrganizationUnit())
- .filter(CsrFactory::isParameterPresent)
- .map(unit -> optionalParameters.append(String.format(", %s=%s", ORGANIZATION_UNIT, unit)));
+ .filter(CsrFactory::isParameterPresent)
+ .map(unit -> optionalParameters.append(String.format(", %s=%s", ORGANIZATION_UNIT, unit)));
Optional.ofNullable(configuration.getLocation())
- .filter(CsrFactory::isParameterPresent)
- .map(location -> optionalParameters.append(String.format(", %s=%s", LOCATION, location)));
+ .filter(CsrFactory::isParameterPresent)
+ .map(location -> optionalParameters.append(String.format(", %s=%s", LOCATION, location)));
return optionalParameters.toString();
}
- private PKCS10CertificationRequest createPkcs10Csr(X500Principal subject, KeyPair keyPair) throws CsrGenerationException {
- JcaPKCS10CertificationRequestBuilder builder = new JcaPKCS10CertificationRequestBuilder(subject, keyPair.getPublic());
+ private PKCS10CertificationRequest createPkcs10Csr(X500Principal subject, KeyPair keyPair)
+ throws CsrGenerationException {
+ JcaPKCS10CertificationRequestBuilder builder = new JcaPKCS10CertificationRequestBuilder(subject,
+ keyPair.getPublic());
- if (isParameterPresent(configuration.getSans())) {
+ if (!configuration.getSans().isEmpty()) {
builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, generateSansExtension());
}
@@ -138,12 +141,11 @@ public class CsrFactory {
}
private GeneralNames createGeneralNames() {
- String[] sansTable = this.configuration.getSans().split(SANS_DELIMITER);
- int length = sansTable.length;
- GeneralName[] generalNames = new GeneralName[length];
- for (int i = 0; i < length; i++) {
- generalNames[i] = new GeneralName(GeneralName.dNSName, sansTable[i]);
- }
+ List<San> sans = this.configuration.getSans();
+ GeneralName[] generalNames = sans.stream()
+ .map(san -> new GeneralName(san.getType(), san.getValue()))
+ .collect(Collectors.toList())
+ .toArray(GeneralName[]::new);
return new GeneralNames(generalNames);
}
diff --git a/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/factory/AbstractConfigurationFactory.java b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/factory/AbstractConfigurationFactory.java
deleted file mode 100644
index 293ac2d1..00000000
--- a/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/factory/AbstractConfigurationFactory.java
+++ /dev/null
@@ -1,77 +0,0 @@
-/*
- * ============LICENSE_START=======================================================
- * oom-certservice-client
- * ================================================================================
- * Copyright (C) 2020 Nokia. All rights reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-
-package org.onap.oom.certservice.client.configuration.factory;
-
-
-import org.onap.oom.certservice.client.certification.ArtifactsCreatorProvider;
-import org.onap.oom.certservice.client.configuration.exception.ClientConfigurationException;
-import org.onap.oom.certservice.client.configuration.exception.CsrConfigurationException;
-import org.onap.oom.certservice.client.configuration.model.ConfigurationModel;
-
-import java.util.Arrays;
-import java.util.Locale;
-import java.util.regex.Pattern;
-
-public abstract class AbstractConfigurationFactory<T extends ConfigurationModel> {
-
- abstract T create() throws ClientConfigurationException, CsrConfigurationException;
-
- public boolean isPathValid(String path) {
- return path.matches("^/|(/[a-zA-Z0-9_-]+)+/?$");
- }
-
- public boolean isAlphaNumeric(String caName) {
- return caName.matches("^[a-zA-Z0-9]*$");
- }
-
- public boolean isCommonNameValid(String commonName) {
- return !isSpecialCharsPresent(commonName)
- && !isHttpProtocolsPresent(commonName)
- && !isIpAddressPresent(commonName)
- && !isPortNumberPresent(commonName);
- }
-
- public boolean isSpecialCharsPresent(String stringToCheck) {
- return Pattern.compile("[~#@*$+%!()?/{}<>\\|_^]").matcher(stringToCheck).find();
- }
-
- public boolean isCountryValid(String country) {
- return Arrays.asList(Locale.getISOCountries()).contains(country);
- }
-
- public boolean isOutputTypeValid(String outputType) {
- return Arrays.stream(ArtifactsCreatorProvider.values())
- .map(ArtifactsCreatorProvider::toString)
- .anyMatch(name -> name.equals(outputType));
- }
-
- private boolean isPortNumberPresent(String stringToCheck) {
- return Pattern.compile(":[0-9]{1,5}").matcher(stringToCheck).find();
- }
-
- private boolean isIpAddressPresent(String stringToCheck) {
- return Pattern.compile("[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}").matcher(stringToCheck).find();
- }
-
- private boolean isHttpProtocolsPresent(String stringToCheck) {
- return Pattern.compile("[h][t][t][p][:][/][/]|[h][t][t][p][s][:][/][/]").matcher(stringToCheck).find();
- }
-}
diff --git a/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/factory/ClientConfigurationFactory.java b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/factory/ClientConfigurationFactory.java
index 17cb2cc4..f1541b04 100644
--- a/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/factory/ClientConfigurationFactory.java
+++ b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/factory/ClientConfigurationFactory.java
@@ -20,22 +20,26 @@
package org.onap.oom.certservice.client.configuration.factory;
+import java.util.Optional;
import org.onap.oom.certservice.client.configuration.ClientConfigurationEnvs;
import org.onap.oom.certservice.client.configuration.EnvsForClient;
import org.onap.oom.certservice.client.configuration.exception.ClientConfigurationException;
import org.onap.oom.certservice.client.configuration.model.ClientConfiguration;
+import org.onap.oom.certservice.client.configuration.validation.client.ClientEnvsValueValidators;
+import org.onap.oom.certservice.client.configuration.validation.client.OutputTypeValidator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import java.util.Optional;
-
-public class ClientConfigurationFactory extends AbstractConfigurationFactory<ClientConfiguration> {
+public class ClientConfigurationFactory implements ConfigurationFactory<ClientConfiguration> {
private static final Logger LOGGER = LoggerFactory.getLogger(ClientConfigurationFactory.class);
private final EnvsForClient envsForClient;
+ private final OutputTypeValidator outputTypeValidator;
- public ClientConfigurationFactory(EnvsForClient envsForClient) {
+
+ public ClientConfigurationFactory(EnvsForClient envsForClient, OutputTypeValidator outputTypeValidator) {
this.envsForClient = envsForClient;
+ this.outputTypeValidator = outputTypeValidator;
}
@Override
@@ -43,29 +47,29 @@ public class ClientConfigurationFactory extends AbstractConfigurationFactory<Cli
ClientConfiguration configuration = new ClientConfiguration();
-
envsForClient.getUrlToCertService()
- .map(configuration::setUrlToCertService);
+ .map(configuration::setUrlToCertService);
envsForClient.getRequestTimeOut()
- .map(timeout -> configuration.setRequestTimeout(Integer.valueOf(timeout)));
+ .map(timeout -> configuration.setRequestTimeoutInMs(Integer.valueOf(timeout)));
envsForClient.getOutputPath()
- .filter(this::isPathValid)
- .map(configuration::setCertsOutputPath)
- .orElseThrow(() -> new ClientConfigurationException(ClientConfigurationEnvs.OUTPUT_PATH + " is invalid."));
+ .filter(ClientEnvsValueValidators::isPathValid)
+ .map(configuration::setCertsOutputPath)
+ .orElseThrow(() -> new ClientConfigurationException(ClientConfigurationEnvs.OUTPUT_PATH + " is invalid."));
envsForClient.getCaName()
- .filter(this::isAlphaNumeric)
- .map(configuration::setCaName)
- .orElseThrow(() -> new ClientConfigurationException(ClientConfigurationEnvs.CA_NAME + " is invalid."));
+ .filter(ClientEnvsValueValidators::isAlphaNumeric)
+ .map(configuration::setCaName)
+ .orElseThrow(() -> new ClientConfigurationException(ClientConfigurationEnvs.CA_NAME + " is invalid."));
Optional<String> outputType = envsForClient.getOutputType();
if (outputType.isPresent()) {
- outputType.filter(this::isOutputTypeValid)
- .map(configuration::setOutputType)
- .orElseThrow(() -> new ClientConfigurationException(ClientConfigurationEnvs.OUTPUT_TYPE + " is invalid."));
+ outputType.filter(outputTypeValidator)
+ .map(configuration::setOutputType)
+ .orElseThrow(
+ () -> new ClientConfigurationException(ClientConfigurationEnvs.OUTPUT_TYPE + " is invalid."));
}
LOGGER.info("Successful validation of Client configuration. Configuration data: {}", configuration.toString());
diff --git a/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/factory/ConfigurationFactory.java b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/factory/ConfigurationFactory.java
new file mode 100644
index 00000000..43caf55c
--- /dev/null
+++ b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/factory/ConfigurationFactory.java
@@ -0,0 +1,32 @@
+/*
+ * ============LICENSE_START=======================================================
+ * oom-certservice-client
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.oom.certservice.client.configuration.factory;
+
+
+import org.onap.oom.certservice.client.configuration.exception.ClientConfigurationException;
+import org.onap.oom.certservice.client.configuration.exception.CsrConfigurationException;
+import org.onap.oom.certservice.client.configuration.model.ConfigurationModel;
+
+interface ConfigurationFactory<T extends ConfigurationModel> {
+
+ T create() throws ClientConfigurationException, CsrConfigurationException;
+
+}
diff --git a/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/factory/CsrConfigurationFactory.java b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/factory/CsrConfigurationFactory.java
index 0a88252c..48ead884 100644
--- a/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/factory/CsrConfigurationFactory.java
+++ b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/factory/CsrConfigurationFactory.java
@@ -20,21 +20,34 @@
package org.onap.oom.certservice.client.configuration.factory;
+import static org.onap.oom.certservice.client.configuration.validation.csr.CsrEnvsValueValidators.isSpecialCharPresent;
+
+import java.util.Arrays;
+import java.util.stream.Collectors;
import org.onap.oom.certservice.client.configuration.CsrConfigurationEnvs;
import org.onap.oom.certservice.client.configuration.EnvsForCsr;
import org.onap.oom.certservice.client.configuration.exception.CsrConfigurationException;
import org.onap.oom.certservice.client.configuration.model.CsrConfiguration;
+import org.onap.oom.certservice.client.configuration.validation.csr.CommonNameValidator;
+import org.onap.oom.certservice.client.configuration.validation.csr.CsrEnvsValueValidators;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-public class CsrConfigurationFactory extends AbstractConfigurationFactory<CsrConfiguration> {
+public class CsrConfigurationFactory implements ConfigurationFactory<CsrConfiguration> {
private static final Logger LOGGER = LoggerFactory.getLogger(CsrConfigurationFactory.class);
+ private static final String SANS_DELIMITER = ",";
+
private final EnvsForCsr envsForCsr;
+ private final CommonNameValidator commonNameValidator;
+ private final SanMapper sanMapper;
- public CsrConfigurationFactory(EnvsForCsr envsForCsr) {
+ public CsrConfigurationFactory(EnvsForCsr envsForCsr, CommonNameValidator commonNameValidator,
+ SanMapper sanMapper) {
this.envsForCsr = envsForCsr;
+ this.commonNameValidator = commonNameValidator;
+ this.sanMapper = sanMapper;
}
@Override
@@ -43,35 +56,38 @@ public class CsrConfigurationFactory extends AbstractConfigurationFactory<CsrCon
CsrConfiguration configuration = new CsrConfiguration();
envsForCsr.getCommonName()
- .filter(this::isCommonNameValid)
- .map(configuration::setCommonName)
- .orElseThrow(() -> new CsrConfigurationException(CsrConfigurationEnvs.COMMON_NAME + " is invalid."));
+ .filter(commonNameValidator)
+ .map(configuration::setCommonName)
+ .orElseThrow(() -> new CsrConfigurationException(CsrConfigurationEnvs.COMMON_NAME + " is invalid."));
envsForCsr.getOrganization()
- .filter(org -> !isSpecialCharsPresent(org))
- .map(configuration::setOrganization)
- .orElseThrow(() -> new CsrConfigurationException(CsrConfigurationEnvs.ORGANIZATION + " is invalid."));
+ .filter(org -> !isSpecialCharPresent(org))
+ .map(configuration::setOrganization)
+ .orElseThrow(() -> new CsrConfigurationException(CsrConfigurationEnvs.ORGANIZATION + " is invalid."));
envsForCsr.getState()
- .map(configuration::setState)
- .orElseThrow(() -> new CsrConfigurationException(CsrConfigurationEnvs.STATE + " is invalid."));
+ .map(configuration::setState)
+ .orElseThrow(() -> new CsrConfigurationException(CsrConfigurationEnvs.STATE + " is invalid."));
envsForCsr.getCountry()
- .filter(this::isCountryValid)
- .map(configuration::setCountry)
- .orElseThrow(() -> new CsrConfigurationException(CsrConfigurationEnvs.COUNTRY + " is invalid."));
+ .filter(CsrEnvsValueValidators::isCountryValid)
+ .map(configuration::setCountry)
+ .orElseThrow(() -> new CsrConfigurationException(CsrConfigurationEnvs.COUNTRY + " is invalid."));
envsForCsr.getOrganizationUnit()
- .map(configuration::setOrganizationUnit);
+ .map(configuration::setOrganizationUnit);
envsForCsr.getLocation()
- .map(configuration::setLocation);
+ .map(configuration::setLocation);
envsForCsr.getSubjectAlternativesName()
- .map(configuration::setSubjectAlternativeNames);
+ .map(sans -> Arrays.asList(sans.split(SANS_DELIMITER)))
+ .map(list -> list.stream().map(sanMapper).collect(Collectors.toList()))
+ .map(configuration::setSans);
LOGGER.info("Successful validation of CSR configuration. Configuration data: {}", configuration.toString());
return configuration;
}
+
}
diff --git a/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/factory/SanMapper.java b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/factory/SanMapper.java
new file mode 100644
index 00000000..f76bd572
--- /dev/null
+++ b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/factory/SanMapper.java
@@ -0,0 +1,48 @@
+/*
+ * ============LICENSE_START=======================================================
+ * oom-certservice-client
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.oom.certservice.client.configuration.factory;
+
+import static org.onap.oom.certservice.client.configuration.validation.csr.CsrEnvsValueValidators.isDomainNameValid;
+import static org.onap.oom.certservice.client.configuration.validation.csr.CsrEnvsValueValidators.isEmailAddressValid;
+import static org.onap.oom.certservice.client.configuration.validation.csr.CsrEnvsValueValidators.isIpAddressValid;
+import static org.onap.oom.certservice.client.configuration.validation.csr.CsrEnvsValueValidators.isUriValid;
+
+import java.util.function.Function;
+import org.bouncycastle.asn1.x509.GeneralName;
+import org.onap.oom.certservice.client.configuration.exception.CsrConfigurationException;
+import org.onap.oom.certservice.client.configuration.model.San;
+
+public class SanMapper implements Function<String, San> {
+
+ public San apply(String san) {
+ if (isEmailAddressValid(san)) {
+ return new San(san, GeneralName.rfc822Name);
+ } else if (isIpAddressValid(san)) {
+ return new San(san, GeneralName.iPAddress);
+ } else if (isDomainNameValid(san)) {
+ return new San(san, GeneralName.dNSName);
+ } else if (isUriValid(san)) {
+ return new San(san, GeneralName.uniformResourceIdentifier);
+ } else {
+ throw new CsrConfigurationException("SAN :" + san + " does not match any requirements");
+ }
+ }
+}
diff --git a/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/model/ClientConfiguration.java b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/model/ClientConfiguration.java
index cd8a5c1e..f87b525d 100644
--- a/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/model/ClientConfiguration.java
+++ b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/model/ClientConfiguration.java
@@ -29,7 +29,7 @@ public class ClientConfiguration implements ConfigurationModel {
private static final String DEFAULT_OUTPUT_TYPE = "P12";
private String urlToCertService;
- private Integer requestTimeout;
+ private Integer requestTimeoutInMs;
private String certsOutputPath;
private String caName;
private String outputType;
@@ -37,7 +37,7 @@ public class ClientConfiguration implements ConfigurationModel {
public ClientConfiguration() {
urlToCertService = DEFAULT_REQUEST_URL;
- requestTimeout = DEFAULT_TIMEOUT_MS;
+ requestTimeoutInMs = DEFAULT_TIMEOUT_MS;
outputType = DEFAULT_OUTPUT_TYPE;
}
@@ -51,12 +51,12 @@ public class ClientConfiguration implements ConfigurationModel {
return this;
}
- public Integer getRequestTimeout() {
- return requestTimeout;
+ public Integer getRequestTimeoutInMs() {
+ return requestTimeoutInMs;
}
- public ClientConfiguration setRequestTimeout(Integer requestTimeout) {
- this.requestTimeout = requestTimeout;
+ public ClientConfiguration setRequestTimeoutInMs(Integer requestTimeoutInMs) {
+ this.requestTimeoutInMs = requestTimeoutInMs;
return this;
}
@@ -91,7 +91,7 @@ public class ClientConfiguration implements ConfigurationModel {
public String toString() {
return String.format("%s: %s, %s: %s, %s: %s, %s: %s, %s: %s",
ClientConfigurationEnvs.REQUEST_URL, urlToCertService,
- ClientConfigurationEnvs.REQUEST_TIMEOUT, requestTimeout,
+ ClientConfigurationEnvs.REQUEST_TIMEOUT, requestTimeoutInMs,
ClientConfigurationEnvs.OUTPUT_PATH, certsOutputPath,
ClientConfigurationEnvs.CA_NAME, caName,
ClientConfigurationEnvs.OUTPUT_TYPE, outputType);
diff --git a/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/model/CsrConfiguration.java b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/model/CsrConfiguration.java
index c5aefd97..3f77d259 100644
--- a/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/model/CsrConfiguration.java
+++ b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/model/CsrConfiguration.java
@@ -21,6 +21,7 @@
package org.onap.oom.certservice.client.configuration.model;
+import java.util.List;
import org.onap.oom.certservice.client.configuration.CsrConfigurationEnvs;
public class CsrConfiguration implements ConfigurationModel {
@@ -31,7 +32,7 @@ public class CsrConfiguration implements ConfigurationModel {
private String country;
private String organizationUnit;
private String location;
- private String sans;
+ private List<San> sans;
public String getCommonName() {
@@ -88,12 +89,12 @@ public class CsrConfiguration implements ConfigurationModel {
return this;
}
- public String getSans() {
+ public List<San> getSans() {
return sans;
}
- public CsrConfiguration setSubjectAlternativeNames(String subjectAlternativeNames) {
- this.sans = subjectAlternativeNames;
+ public CsrConfiguration setSans(List<San> subjectAlternativeNames) {
+ this.sans = List.copyOf(subjectAlternativeNames);
return this;
}
diff --git a/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/model/San.java b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/model/San.java
new file mode 100644
index 00000000..5ca36246
--- /dev/null
+++ b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/model/San.java
@@ -0,0 +1,73 @@
+/*
+ * ============LICENSE_START=======================================================
+ * oom-certservice-client
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.oom.certservice.client.configuration.model;
+
+import java.util.Objects;
+
+public final class San {
+
+ private final String value;
+ private final int type;
+
+ public San(String value, int type) {
+ this.value = value;
+ this.type = type;
+ }
+
+ public String getValue() {
+ return value;
+ }
+
+ public int getType() {
+ return type;
+ }
+
+ public String toString() {
+ return "{SAN value: " + value + ", type: " + getReadableType(type) + '}';
+ }
+
+ public boolean equals(Object o) {
+ if (this == o) {
+ return true;
+ }
+ if (o == null || getClass() != o.getClass()) {
+ return false;
+ }
+ San san1 = (San) o;
+ return type == san1.type &&
+ Objects.equals(value, san1.value);
+ }
+
+ public int hashCode() {
+ return Objects.hash(value, type);
+ }
+
+ private String getReadableType(int type) {
+ String readableType = "undefined";
+ switch (type) {
+ case 1: readableType = "rfc822Name"; break;
+ case 2: readableType = "dNSName"; break;
+ case 6: readableType = "uniformResourceIdentifier"; break;
+ case 7: readableType = "iPAddress"; break;
+ }
+ return readableType;
+ }
+}
diff --git a/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/client/ClientEnvsValueValidators.java b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/client/ClientEnvsValueValidators.java
new file mode 100644
index 00000000..503b7e46
--- /dev/null
+++ b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/client/ClientEnvsValueValidators.java
@@ -0,0 +1,33 @@
+/*
+ * ============LICENSE_START=======================================================
+ * oom-certservice-client
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.oom.certservice.client.configuration.validation.client;
+
+public final class ClientEnvsValueValidators {
+ private static final String ALPHA_NUMERIC_REGEX = "^[a-zA-Z0-9]*$";
+ private static final String VALID_PATH_REGEX = "^/|(/[a-zA-Z0-9_-]+)+/?$";
+
+ public static boolean isAlphaNumeric(String caName) {
+ return caName.matches(ALPHA_NUMERIC_REGEX);
+ }
+
+ public static boolean isPathValid(String path) {
+ return path.matches(VALID_PATH_REGEX);
+ }
+}
diff --git a/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/client/OutputTypeValidator.java b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/client/OutputTypeValidator.java
new file mode 100644
index 00000000..6b737e26
--- /dev/null
+++ b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/client/OutputTypeValidator.java
@@ -0,0 +1,35 @@
+/*
+ * ============LICENSE_START=======================================================
+ * oom-certservice-client
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.oom.certservice.client.configuration.validation.client;
+
+import java.util.Arrays;
+import java.util.function.Predicate;
+import org.onap.oom.certservice.client.certification.ArtifactsCreatorProvider;
+
+public class OutputTypeValidator implements Predicate<String> {
+
+ public boolean test(String outputType) {
+ return Arrays.stream(ArtifactsCreatorProvider.values())
+ .map(ArtifactsCreatorProvider::toString)
+ .anyMatch(name -> name.equals(outputType));
+ }
+
+}
diff --git a/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/csr/CommonNameValidator.java b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/csr/CommonNameValidator.java
new file mode 100644
index 00000000..a5244466
--- /dev/null
+++ b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/csr/CommonNameValidator.java
@@ -0,0 +1,53 @@
+/*
+ * ============LICENSE_START=======================================================
+ * oom-certservice-client
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.oom.certservice.client.configuration.validation.csr;
+
+import static org.onap.oom.certservice.client.configuration.validation.csr.CsrEnvsValueValidators.isSpecialCharPresent;
+
+import java.util.function.Predicate;
+import java.util.regex.Pattern;
+
+public final class CommonNameValidator implements Predicate<String> {
+
+ private static final String PORT_POSTFIX_REGEX = ":[0-9]{1,5}";
+ private static final String IPV4_ADDRESS_REGEX = "[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}";
+ private static final String HTTP_HTTPS_SCHEME_REGEX = "[h][t][t][p][:][/][/]|[h][t][t][p][s][:][/][/]";
+
+ public boolean test(String commonName) {
+ return !isSpecialCharPresent(commonName)
+ && !isHttpProtocolsPresent(commonName)
+ && !isIpAddressPresent(commonName)
+ && !isPortNumberPresent(commonName);
+ }
+
+ private boolean isPortNumberPresent(String stringToCheck) {
+ return Pattern.compile(PORT_POSTFIX_REGEX).matcher(stringToCheck).find();
+ }
+
+ private boolean isIpAddressPresent(String stringToCheck) {
+ return Pattern.compile(IPV4_ADDRESS_REGEX).matcher(stringToCheck).find();
+ }
+
+ private boolean isHttpProtocolsPresent(String stringToCheck) {
+ return Pattern.compile(HTTP_HTTPS_SCHEME_REGEX).matcher(stringToCheck).find();
+ }
+
+}
diff --git a/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/csr/CsrEnvsValueValidators.java b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/csr/CsrEnvsValueValidators.java
new file mode 100644
index 00000000..31903a98
--- /dev/null
+++ b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/csr/CsrEnvsValueValidators.java
@@ -0,0 +1,62 @@
+/*
+ * ============LICENSE_START=======================================================
+ * oom-certservice-client
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.oom.certservice.client.configuration.validation.csr;
+
+import java.util.Arrays;
+import java.util.Locale;
+import java.util.regex.Pattern;
+import org.apache.commons.validator.routines.DomainValidator;
+import org.apache.commons.validator.routines.EmailValidator;
+import org.apache.commons.validator.routines.InetAddressValidator;
+
+public final class CsrEnvsValueValidators {
+
+ private static final boolean ALLOW_LOCAL_DOMAINS = true;
+
+ private static final String SPECIAL_CHAR_PRESENCE_REGEX = "[~#@*$+%!()?/{}<>\\|_^]";
+
+ private CsrEnvsValueValidators() {
+ }
+
+ public static boolean isCountryValid(String country) {
+ return Arrays.asList(Locale.getISOCountries()).contains(country);
+ }
+
+ public static boolean isEmailAddressValid(String address) {
+ return EmailValidator.getInstance().isValid(address);
+ }
+
+ public static boolean isIpAddressValid(String address) {
+ return InetAddressValidator.getInstance().isValid(address);
+ }
+
+ public static boolean isDomainNameValid(String domain) {
+ return DomainValidator.getInstance(ALLOW_LOCAL_DOMAINS).isValid(domain);
+ }
+
+ public static boolean isUriValid(String uri) {
+ return UriValidator.isValid(uri);
+ }
+
+ public static boolean isSpecialCharPresent(String stringToCheck) {
+ return Pattern.compile(SPECIAL_CHAR_PRESENCE_REGEX).matcher(stringToCheck).find();
+ }
+}
diff --git a/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/csr/UriValidator.java b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/csr/UriValidator.java
new file mode 100644
index 00000000..b8073f42
--- /dev/null
+++ b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/csr/UriValidator.java
@@ -0,0 +1,69 @@
+/*
+ * ============LICENSE_START=======================================================
+ * oom-certservice-client
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.oom.certservice.client.configuration.validation.csr;
+
+/**
+ * Compliant with the RFC3986
+ */
+final class UriValidator {
+
+ private static final String SCHEME = "([A-Za-z][A-Za-z0-9+\\-.]*):";
+
+ private static final String OR = "|";
+
+ private static final String AUTHORITY_WITH_PATH = "?:(//)(?:((?:[A-Za-z0-9\\-._~!$&'()*+,;=:]|%[0-9A-Fa-f]{2})*)"
+ + "@)?((?:\\[(?:(?:(?:(?:[0-9A-Fa-f]{1,4}:){6}|::(?:[0-9A-Fa-f]{1,4}:){5}|(?:[0-9A-Fa-f]{1,4})?::"
+ + "(?:[0-9A-Fa-f]{1,4}:){4}|(?:(?:[0-9A-Fa-f]{1,4}:){0,1}[0-9A-Fa-f]{1,4})?::(?:[0-9A-Fa-f]{1,4}:){3}|(?:"
+ + "(?:[0-9A-Fa-f]{1,4}:){0,2}[0-9A-Fa-f]{1,4})?::(?:[0-9A-Fa-f]{1,4}:){2}|(?:(?:[0-9A-Fa-f]{1,4}:){0,"
+ + "3}[0-9A-Fa-f]{1,4})?::[0-9A-Fa-f]{1,4}:|(?:(?:[0-9A-Fa-f]{1,4}:){0,4}[0-9A-Fa-f]{1,4})?::)"
+ + "(?:[0-9A-Fa-f]{1,4}:[0-9A-Fa-f]{1,4}|(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}"
+ + "(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))|(?:(?:[0-9A-Fa-f]{1,4}:){0,5}[0-9A-Fa-f]{1,4})?::[0-9A-Fa-f]{1,"
+ + "4}|(?:(?:[0-9A-Fa-f]{1,4}:){0,6}[0-9A-Fa-f]{1,4})?::)|[Vv][0-9A-Fa-f]+\\.[A-Za-z0-9\\-._~!$&'()*+,;=:]+)"
+ + "\\]|(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)|"
+ + "(?:[A-Za-z0-9\\-._~!$&'()*+,;=]|%[0-9A-Fa-f]{2})*))(?::([0-9]*))?((?:/(?:[A-Za-z0-9\\-._~!$&'()*+,;"
+ + "=:@]|%[0-9A-Fa-f]{2})*)*)";
+
+ private static final String PATH_BEGIN_WITH_SLASH = "/((?:(?:[A-Za-z0-9\\-._~!$&'()*+,;=:@]|%[0-9A-Fa-f]{2})+(?:/"
+ + "(?:[A-Za-z0-9\\-._~!$&'()*+,;=:@]|%[0-9A-Fa-f]{2})*)*)?)";
+
+ private static final String PATH_WITHOUT_SLASH = "((?:[A-Za-z0-9\\-._~!$&'()*+,;=:@]|%[0-9A-Fa-f]{2})+(?:/"
+ + "(?:[A-Za-z0-9\\-._~!$&'()*+,;=:@]|%[0-9A-Fa-f]{2})*)*)";
+
+ private static final String QUERY = "(?:\\?((?:[A-Za-z0-9\\-._~!$&'()*+,;=:@/?]|%[0-9A-Fa-f]{2})*))?";
+
+ private static final String FRAGMENT = "(?:\\#((?:[A-Za-z0-9\\-._~!$&'()*+,;=:@/?]|%[0-9A-Fa-f]{2})*))?";
+
+ /**
+ * URI = scheme ":" hier-part [ "?" query ] [ "#" fragment ]
+ * <p>
+ * hier-part = "//" authority path-abempty / path-absolute / path-rootless / path-empty
+ */
+ private static final String RFC3986_URI_MATCH_PATTERN =
+ SCHEME + "(" + AUTHORITY_WITH_PATH + OR + PATH_BEGIN_WITH_SLASH + OR + PATH_WITHOUT_SLASH + OR + "" + ")"
+ + QUERY + FRAGMENT;
+
+ private UriValidator() {
+ }
+
+ static boolean isValid(String uri) {
+ return uri.matches(RFC3986_URI_MATCH_PATTERN);
+ }
+}
+
diff --git a/certServiceClient/src/test/java/org/onap/oom/certservice/client/certification/CsrFactoryTest.java b/certServiceClient/src/test/java/org/onap/oom/certservice/client/certification/CsrFactoryTest.java
index e2bfa976..ab9fc921 100644
--- a/certServiceClient/src/test/java/org/onap/oom/certservice/client/certification/CsrFactoryTest.java
+++ b/certServiceClient/src/test/java/org/onap/oom/certservice/client/certification/CsrFactoryTest.java
@@ -20,30 +20,35 @@
package org.onap.oom.certservice.client.certification;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+import java.security.KeyPair;
+import java.util.List;
+import org.bouncycastle.asn1.x509.GeneralName;
import org.junit.jupiter.api.Test;
import org.onap.oom.certservice.client.certification.exception.CsrGenerationException;
import org.onap.oom.certservice.client.certification.exception.KeyPairGenerationException;
import org.onap.oom.certservice.client.configuration.model.CsrConfiguration;
-
-import java.security.KeyPair;
-
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
+import org.onap.oom.certservice.client.configuration.model.San;
class CsrFactoryTest {
CsrConfiguration config = mock(CsrConfiguration.class);
-
@Test
- void createEncodedCsr_shouldSucceedWhenAllFieldsAreSetCorrectly() throws KeyPairGenerationException, CsrGenerationException {
+ void createEncodedCsr_shouldSucceedWhenAllFieldsAreSetCorrectly()
+ throws KeyPairGenerationException, CsrGenerationException {
KeyPair keyPair =
- new KeyPairFactory(EncryptionAlgorithmConstants.RSA_ENCRYPTION_ALGORITHM, EncryptionAlgorithmConstants.KEY_SIZE).create();
+ new KeyPairFactory(EncryptionAlgorithmConstants.RSA_ENCRYPTION_ALGORITHM,
+ EncryptionAlgorithmConstants.KEY_SIZE).create();
+ San san1 = new San("onapexample.com", GeneralName.dNSName);
+ San san2 = new San("onapexample.com.pl", GeneralName.dNSName);
when(config.getCommonName()).thenReturn("onap.org");
- when(config.getSans()).thenReturn("onapexample.com:onapexample.com.pl:onapexample.pl");
+ when(config.getSans()).thenReturn(List.of(san1, san2));
when(config.getCountry()).thenReturn("US");
when(config.getLocation()).thenReturn("San-Francisco");
when(config.getOrganization()).thenReturn("Linux-Foundation");
diff --git a/certServiceClient/src/test/java/org/onap/oom/certservice/client/configuration/factory/AbstractConfigurationFactoryTest.java b/certServiceClient/src/test/java/org/onap/oom/certservice/client/configuration/factory/AbstractConfigurationFactoryTest.java
deleted file mode 100644
index e55e55b6..00000000
--- a/certServiceClient/src/test/java/org/onap/oom/certservice/client/configuration/factory/AbstractConfigurationFactoryTest.java
+++ /dev/null
@@ -1,93 +0,0 @@
-/*
- * ============LICENSE_START=======================================================
- * oom-certservice-client
- * ================================================================================
- * Copyright (C) 2020 Nokia. All rights reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-
-package org.onap.oom.certservice.client.configuration.factory;
-
-import org.junit.jupiter.params.ParameterizedTest;
-import org.junit.jupiter.params.provider.ValueSource;
-import org.mockito.Mockito;
-
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.mock;
-
-class AbstractConfigurationFactoryTest {
-
- private final AbstractConfigurationFactory cut = mock(AbstractConfigurationFactory.class, Mockito.CALLS_REAL_METHODS);
-
- @ParameterizedTest
- @ValueSource(strings = {"/var/log", "/", "/var/log/", "/second_var", "/second-var"})
- void shouldAcceptValidPath(String path) {
- assertThat(cut.isPathValid(path)).isTrue();
- }
-
- @ParameterizedTest
- @ValueSource(strings = {"/var/log?", "", "var_", "var", "//", "/var//log"})
- void shouldRejectInvalidPath(String path) {
- assertThat(cut.isPathValid(path)).isFalse();
- }
-
- @ParameterizedTest
- @ValueSource(strings = {"PL", "DE", "PN", "US", "IO", "CA", "KH", "CO", "DK", "EC", "CZ", "CN", "BR", "BD", "BE"})
- void shouldAcceptValidCountryCode(String countryCode) {
- assertThat(cut.isCountryValid(countryCode)).isTrue();
- }
-
- @ParameterizedTest
- @ValueSource(strings = {"", "QQ", "AFG", "D", "&*", "!", "ONAP", "p", "pl", "us", "afg"})
- void shouldRejectInvalidCountryCode(String countryCode) {
- assertThat(cut.isCountryValid(countryCode)).isFalse();
- }
-
- @ParameterizedTest
- @ValueSource(strings = {"caname", "caname1", "123caName", "ca1name"})
- void shouldAcceptValidAlphanumeric(String caName) {
- assertThat(cut.isAlphaNumeric(caName)).isTrue();
- }
-
- @ParameterizedTest
- @ValueSource(strings = {"44caname$", "#caname1", "1c_aname", "ca1-name"})
- void shouldRejectInvalidAlphanumeric(String caName) {
- assertThat(cut.isAlphaNumeric(caName)).isFalse();
- }
-
- @ParameterizedTest
- @ValueSource(strings = {"example.com", "www.example.com"})
- void shouldAcceptValidCommonName(String commonName) {
- assertThat(cut.isCommonNameValid(commonName)).isTrue();
- }
-
- @ParameterizedTest
- @ValueSource(strings = {"https://example.com", "http://example.com", "example.com:8080", "0.0.0.0", "@#$%.com"})
- void shouldRejectInvalidCommonName(String commonName) {
- assertThat(cut.isCommonNameValid(commonName)).isFalse();
- }
-
- @ParameterizedTest
- @ValueSource(strings = {"JKS", "P12", "PEM"})
- void shouldAcceptValidOutputType(String outputType) {
- assertThat(cut.isOutputTypeValid(outputType)).isTrue();
- }
-
- @ParameterizedTest
- @ValueSource(strings = {"jks", "p12", "pem", "", "pass", "!@$#pp"})
- void shouldRejectInvalidOutputType(String outputType) {
- assertThat(cut.isOutputTypeValid(outputType)).isFalse();
- }
-}
diff --git a/certServiceClient/src/test/java/org/onap/oom/certservice/client/configuration/factory/ClientConfigurationFactoryTest.java b/certServiceClient/src/test/java/org/onap/oom/certservice/client/configuration/factory/ClientConfigurationFactoryTest.java
index 44827494..166b1e60 100644
--- a/certServiceClient/src/test/java/org/onap/oom/certservice/client/configuration/factory/ClientConfigurationFactoryTest.java
+++ b/certServiceClient/src/test/java/org/onap/oom/certservice/client/configuration/factory/ClientConfigurationFactoryTest.java
@@ -27,6 +27,7 @@ import org.onap.oom.certservice.client.configuration.exception.ClientConfigurati
import org.onap.oom.certservice.client.configuration.model.ClientConfiguration;
import java.util.Optional;
+import org.onap.oom.certservice.client.configuration.validation.client.OutputTypeValidator;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
@@ -47,6 +48,7 @@ public class ClientConfigurationFactoryTest {
private static final String OUTPUT_TYPE_DEFAULT = "P12";
private EnvsForClient envsForClient = mock(EnvsForClient.class);
+ private OutputTypeValidator outputTypeValidator = new OutputTypeValidator();
@Test
@@ -59,12 +61,12 @@ public class ClientConfigurationFactoryTest {
when(envsForClient.getOutputType()).thenReturn(Optional.of(OUTPUT_TYPE_VALID));
// when
- ClientConfiguration configuration = new ClientConfigurationFactory(envsForClient).create();
+ ClientConfiguration configuration = new ClientConfigurationFactory(envsForClient, outputTypeValidator).create();
System.out.println(configuration.toString());
// then
assertThat(configuration.getCaName()).isEqualTo(CA_NAME_VALID);
- assertThat(configuration.getRequestTimeout()).isEqualTo(Integer.valueOf(TIME_OUT_VALID));
+ assertThat(configuration.getRequestTimeoutInMs()).isEqualTo(Integer.valueOf(TIME_OUT_VALID));
assertThat(configuration.getCertsOutputPath()).isEqualTo(OUTPUT_PATH_VALID);
assertThat(configuration.getUrlToCertService()).isEqualTo(URL_TO_CERT_SERVICE_VALID);
assertThat(configuration.getOutputType()).isEqualTo(OUTPUT_TYPE_VALID);
@@ -77,11 +79,11 @@ public class ClientConfigurationFactoryTest {
when(envsForClient.getOutputPath()).thenReturn(Optional.of(OUTPUT_PATH_VALID));
// when
- ClientConfiguration configuration = new ClientConfigurationFactory(envsForClient).create();
+ ClientConfiguration configuration = new ClientConfigurationFactory(envsForClient, outputTypeValidator).create();
// then
assertThat(configuration.getCaName()).isEqualTo(CA_NAME_VALID);
- assertThat(configuration.getRequestTimeout()).isEqualTo(Integer.valueOf(TIME_OUT_VALID));
+ assertThat(configuration.getRequestTimeoutInMs()).isEqualTo(Integer.valueOf(TIME_OUT_VALID));
assertThat(configuration.getCertsOutputPath()).isEqualTo(OUTPUT_PATH_VALID);
assertThat(configuration.getUrlToCertService()).isEqualTo(URL_TO_CERT_SERVICE_DEFAULT);
assertThat(configuration.getOutputType()).isEqualTo(OUTPUT_TYPE_DEFAULT);
@@ -93,7 +95,8 @@ public class ClientConfigurationFactoryTest {
when(envsForClient.getOutputPath()).thenReturn(Optional.of(OUTPUT_PATH_VALID));
// when
- ClientConfigurationFactory configurationFactory = new ClientConfigurationFactory(envsForClient);
+ ClientConfigurationFactory configurationFactory = new ClientConfigurationFactory(envsForClient,
+ outputTypeValidator);
// then
assertThatExceptionOfType(ClientConfigurationException.class)
@@ -110,7 +113,8 @@ public class ClientConfigurationFactoryTest {
when(envsForClient.getUrlToCertService()).thenReturn(Optional.of(URL_TO_CERT_SERVICE_VALID));
// when
- ClientConfigurationFactory configurationFactory = new ClientConfigurationFactory(envsForClient);
+ ClientConfigurationFactory configurationFactory = new ClientConfigurationFactory(envsForClient,
+ outputTypeValidator);
// when/then
assertThatExceptionOfType(ClientConfigurationException.class)
@@ -127,7 +131,8 @@ public class ClientConfigurationFactoryTest {
when(envsForClient.getUrlToCertService()).thenReturn(Optional.of(URL_TO_CERT_SERVICE_VALID));
// when
- ClientConfigurationFactory configurationFactory = new ClientConfigurationFactory(envsForClient);
+ ClientConfigurationFactory configurationFactory = new ClientConfigurationFactory(envsForClient,
+ outputTypeValidator);
//then
assertThatExceptionOfType(ClientConfigurationException.class)
@@ -145,7 +150,8 @@ public class ClientConfigurationFactoryTest {
when(envsForClient.getOutputType()).thenReturn(Optional.of(OUTPUT_TYPE_INVALID));
// when
- ClientConfigurationFactory configurationFactory = new ClientConfigurationFactory(envsForClient);
+ ClientConfigurationFactory configurationFactory = new ClientConfigurationFactory(envsForClient,
+ outputTypeValidator);
//then
assertThatExceptionOfType(ClientConfigurationException.class)
diff --git a/certServiceClient/src/test/java/org/onap/oom/certservice/client/configuration/factory/CsrConfigurationFactoryTest.java b/certServiceClient/src/test/java/org/onap/oom/certservice/client/configuration/factory/CsrConfigurationFactoryTest.java
index e27cb57a..158f0cf2 100644
--- a/certServiceClient/src/test/java/org/onap/oom/certservice/client/configuration/factory/CsrConfigurationFactoryTest.java
+++ b/certServiceClient/src/test/java/org/onap/oom/certservice/client/configuration/factory/CsrConfigurationFactoryTest.java
@@ -20,7 +20,9 @@
package org.onap.oom.certservice.client.configuration.factory;
+import java.util.List;
import org.assertj.core.api.Condition;
+import org.bouncycastle.asn1.x509.GeneralName;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.onap.oom.certservice.client.configuration.CsrConfigurationEnvs;
@@ -29,6 +31,8 @@ import org.onap.oom.certservice.client.configuration.exception.CsrConfigurationE
import org.onap.oom.certservice.client.configuration.model.CsrConfiguration;
import java.util.Optional;
+import org.onap.oom.certservice.client.configuration.model.San;
+import org.onap.oom.certservice.client.configuration.validation.csr.CommonNameValidator;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
@@ -39,7 +43,9 @@ import static org.onap.oom.certservice.client.api.ExitStatus.CSR_CONFIGURATION_E
public class CsrConfigurationFactoryTest {
private static final String COMMON_NAME_VALID = "onap.org";
- private static final String SANS_VALID = "test-name";
+ private static final String RAW_SAN1 = "ves-collector";
+ private static final String RAW_SAN2 = "ves";
+ private static final String RAW_SANS_VALID = String.format("%s,%s", RAW_SAN1, RAW_SAN2);
private static final String COUNTRY_VALID = "US";
private static final String LOCATION_VALID = "San-Francisco";
private static final String ORGANIZATION_VALID = "Linux-Foundation";
@@ -48,8 +54,11 @@ public class CsrConfigurationFactoryTest {
private static final String COMMON_NAME_INVALID = "onap.org*&";
private static final String COUNTRY_INVALID = "PLA";
private static final String ORGANIZATION_INVALID = "Linux?Foundation";
+ private static final String INVALID_SANS = "192.168.1.";
private EnvsForCsr envsForCsr = mock(EnvsForCsr.class);
+ private CommonNameValidator commonNameValidator = new CommonNameValidator();
+ private SanMapper sanMapper = new SanMapper();
private CsrConfigurationFactory testedFactory;
private Condition<CsrConfigurationException> expectedExitCodeCondition = new Condition<>("Correct exit code") {
@Override
@@ -60,20 +69,23 @@ public class CsrConfigurationFactoryTest {
@BeforeEach
void setUp() {
- testedFactory = new CsrConfigurationFactory(envsForCsr);
+ testedFactory = new CsrConfigurationFactory(envsForCsr, commonNameValidator, sanMapper);
}
@Test
void shouldReturnCorrectConfiguration_WhenAllVariablesAreSetAndValid() throws CsrConfigurationException {
// given
mockEnvsWithAllValidParameters();
+ San san1 = new San(RAW_SAN1, GeneralName.dNSName);
+ San san2 = new San(RAW_SAN2, GeneralName.dNSName);
+ List<San> sans = List.of(san1, san2);
// when
CsrConfiguration configuration = testedFactory.create();
// then
assertThat(configuration.getCommonName()).isEqualTo(COMMON_NAME_VALID);
- assertThat(configuration.getSans()).isEqualTo(SANS_VALID);
+ assertThat(configuration.getSans()).isEqualTo(sans);
assertThat(configuration.getCountry()).isEqualTo(COUNTRY_VALID);
assertThat(configuration.getLocation()).isEqualTo(LOCATION_VALID);
assertThat(configuration.getOrganization()).isEqualTo(ORGANIZATION_VALID);
@@ -146,6 +158,17 @@ public class CsrConfigurationFactoryTest {
.has(expectedExitCodeCondition);
}
+ @Test
+ void shouldThrowCsrConfigurationExceptionWhenSansInvalid() {
+ // given
+ mockEnvsWithInvalidSans();
+ // when/then
+ assertThatExceptionOfType(CsrConfigurationException.class)
+ .isThrownBy(testedFactory::create)
+ .withMessageContaining("SAN :" + INVALID_SANS + " does not match any requirements")
+ .has(expectedExitCodeCondition);
+ }
+
private void mockEnvsWithAllValidParameters() {
mockEnvsWithValidRequiredParameters();
mockEnvsWithValidOptionalParameters();
@@ -154,7 +177,7 @@ public class CsrConfigurationFactoryTest {
private void mockEnvsWithValidOptionalParameters() {
when(envsForCsr.getOrganizationUnit()).thenReturn(Optional.of(ORGANIZATION_UNIT_VALID));
when(envsForCsr.getLocation()).thenReturn(Optional.of(LOCATION_VALID));
- when(envsForCsr.getSubjectAlternativesName()).thenReturn(Optional.of(SANS_VALID));
+ when(envsForCsr.getSubjectAlternativesName()).thenReturn(Optional.of(RAW_SANS_VALID));
}
private void mockEnvsWithValidRequiredParameters() {
@@ -183,4 +206,9 @@ public class CsrConfigurationFactoryTest {
mockEnvsWithAllValidParameters();
when(envsForCsr.getState()).thenReturn(Optional.empty());
}
+
+ private void mockEnvsWithInvalidSans() {
+ mockEnvsWithAllValidParameters();
+ when(envsForCsr.getSubjectAlternativesName()).thenReturn(Optional.of(INVALID_SANS));
+ }
}
diff --git a/certServiceClient/src/test/java/org/onap/oom/certservice/client/configuration/factory/SanMapperTest.java b/certServiceClient/src/test/java/org/onap/oom/certservice/client/configuration/factory/SanMapperTest.java
new file mode 100644
index 00000000..9ec4c6e7
--- /dev/null
+++ b/certServiceClient/src/test/java/org/onap/oom/certservice/client/configuration/factory/SanMapperTest.java
@@ -0,0 +1,77 @@
+/*
+ * ============LICENSE_START=======================================================
+ * oom-certservice-client
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.oom.certservice.client.configuration.factory;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+
+import java.util.function.Function;
+import org.bouncycastle.asn1.x509.GeneralName;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
+import org.onap.oom.certservice.client.configuration.exception.CsrConfigurationException;
+import org.onap.oom.certservice.client.configuration.model.San;
+
+class SanMapperTest {
+
+ private Function<String, San> sanMapper = new SanMapper();
+
+ @ParameterizedTest
+ @ValueSource(strings = {"192.178.2.3", "10.183.34.201", "ff:ff:ff:ff:ff:ff:ff:ff", "ff:ff::"})
+ void shouldCorrectlyMapIpAddress(String san) {
+ // when
+ San result = sanMapper.apply(san);
+ // then
+ assertThat(result.getValue()).isEqualTo(san);
+ assertThat(result.getType()).isEqualTo(GeneralName.iPAddress);
+ }
+
+ @ParameterizedTest
+ @ValueSource(strings = {"foo@bar.com", "sample@example.com", "onap@domain.pl", "alex.supertramp@onap.com",
+ "al.super^tramp@onap.org"})
+ void shouldCorrectlyMapEmailAddress(String san) {
+ // when
+ San result = sanMapper.apply(san);
+ // then
+ assertThat(result.getValue()).isEqualTo(san);
+ assertThat(result.getType()).isEqualTo(GeneralName.rfc822Name);
+ }
+
+ @ParameterizedTest
+ @ValueSource(strings = {"sample.com", "Sample.com", "onap.org", "SRI-NIC.ARPA", "ves-collector", "sample"})
+ void shouldCorrectlyMapDomain(String san) {
+ // when
+ San result = sanMapper.apply(san);
+ // then
+ assertThat(result.getValue()).isEqualTo(san);
+ assertThat(result.getType()).isEqualTo(GeneralName.dNSName);
+ }
+
+ @ParameterizedTest
+ @ValueSource(strings = {" ", "", "192.168.0.", "10.183.34.201:8080", "incoreectdomaim@onap.ux", "<sample@example.com>",
+ "onap@domain"})
+ void shouldThrowExceptionOnIncorrectString(String san) {
+ // when, then
+ assertThatExceptionOfType(CsrConfigurationException.class)
+ .isThrownBy(() -> sanMapper.apply(san))
+ .withMessage("SAN :" + san + " does not match any requirements");
+ }
+}
diff --git a/certServiceClient/src/test/java/org/onap/oom/certservice/client/configuration/validation/client/ClientEnvsValueValidatorsTest.java b/certServiceClient/src/test/java/org/onap/oom/certservice/client/configuration/validation/client/ClientEnvsValueValidatorsTest.java
new file mode 100644
index 00000000..9ed46c1a
--- /dev/null
+++ b/certServiceClient/src/test/java/org/onap/oom/certservice/client/configuration/validation/client/ClientEnvsValueValidatorsTest.java
@@ -0,0 +1,55 @@
+/*
+ * ============LICENSE_START=======================================================
+ * oom-certservice-client
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.oom.certservice.client.configuration.validation.client;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.onap.oom.certservice.client.configuration.validation.client.ClientEnvsValueValidators.isAlphaNumeric;
+import static org.onap.oom.certservice.client.configuration.validation.client.ClientEnvsValueValidators.isPathValid;
+
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
+
+class ClientEnvsValueValidatorsTest {
+ @ParameterizedTest
+ @ValueSource(strings = {"caname", "caname1", "123caName", "ca1name"})
+ void shouldAcceptValidAlphanumeric(String caName) {
+ assertThat(isAlphaNumeric(caName)).isTrue();
+ }
+
+ @ParameterizedTest
+ @ValueSource(strings = {"44caname$", "#caname1", "1c_aname", "ca1-name"})
+ void shouldRejectInvalidAlphanumeric(String caName) {
+ assertThat(isAlphaNumeric(caName)).isFalse();
+ }
+
+ @ParameterizedTest
+ @ValueSource(strings = {"/var/log", "/", "/var/log/", "/second_var", "/second-var"})
+ void shouldAcceptValidPath(String path) {
+ assertThat(isPathValid(path)).isTrue();
+ }
+
+ @ParameterizedTest
+ @ValueSource(strings = {"/var/log?", "", "var_", "var", "//", "/var//log"})
+ void shouldRejectInvalidPath(String path) {
+ assertThat(isPathValid(path)).isFalse();
+ }
+
+}
diff --git a/certServiceClient/src/test/java/org/onap/oom/certservice/client/configuration/validation/client/OutputTypeValidatorTest.java b/certServiceClient/src/test/java/org/onap/oom/certservice/client/configuration/validation/client/OutputTypeValidatorTest.java
new file mode 100644
index 00000000..1b32c017
--- /dev/null
+++ b/certServiceClient/src/test/java/org/onap/oom/certservice/client/configuration/validation/client/OutputTypeValidatorTest.java
@@ -0,0 +1,44 @@
+/*
+ * ============LICENSE_START=======================================================
+ * oom-certservice-client
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.oom.certservice.client.configuration.validation.client;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
+
+class OutputTypeValidatorTest {
+
+ OutputTypeValidator cut = new OutputTypeValidator();
+
+ @ParameterizedTest
+ @ValueSource(strings = {"JKS", "P12", "PEM"})
+ void shouldAcceptValidOutputType(String outputType) {
+ assertThat(cut.test(outputType)).isTrue();
+ }
+
+ @ParameterizedTest
+ @ValueSource(strings = {"jks", "p12", "pem", "", "pass", "!@$#pp"})
+ void shouldRejectInvalidOutputType(String outputType) {
+ assertThat(cut.test(outputType)).isFalse();
+ }
+
+}
diff --git a/certServiceClient/src/test/java/org/onap/oom/certservice/client/configuration/validation/csr/CommonNameValidatorTest.java b/certServiceClient/src/test/java/org/onap/oom/certservice/client/configuration/validation/csr/CommonNameValidatorTest.java
new file mode 100644
index 00000000..deb02cf3
--- /dev/null
+++ b/certServiceClient/src/test/java/org/onap/oom/certservice/client/configuration/validation/csr/CommonNameValidatorTest.java
@@ -0,0 +1,44 @@
+/*
+ * ============LICENSE_START=======================================================
+ * oom-certservice-client
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.oom.certservice.client.configuration.validation.csr;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
+
+class CommonNameValidatorTest {
+
+ CommonNameValidator cut = new CommonNameValidator();
+
+ @ParameterizedTest
+ @ValueSource(strings = {"example.com", "www.example.com"})
+ void shouldAcceptValidCommonName(String commonName) {
+ assertThat(cut.test(commonName)).isTrue();
+ }
+
+ @ParameterizedTest
+ @ValueSource(strings = {"https://example.com", "http://example.com", "example.com:8080", "0.0.0.0", "@#$%.com"})
+ void shouldRejectInvalidCommonName(String commonName) {
+ assertThat(cut.test(commonName)).isFalse();
+ }
+
+}
diff --git a/certServiceClient/src/test/java/org/onap/oom/certservice/client/configuration/validation/csr/CsrEnvsValueValidatorsTest.java b/certServiceClient/src/test/java/org/onap/oom/certservice/client/configuration/validation/csr/CsrEnvsValueValidatorsTest.java
new file mode 100644
index 00000000..d1d075a4
--- /dev/null
+++ b/certServiceClient/src/test/java/org/onap/oom/certservice/client/configuration/validation/csr/CsrEnvsValueValidatorsTest.java
@@ -0,0 +1,122 @@
+/*
+ * ============LICENSE_START=======================================================
+ * oom-certservice-client
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.oom.certservice.client.configuration.validation.csr;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.onap.oom.certservice.client.configuration.validation.client.ClientEnvsValueValidators.isPathValid;
+import static org.onap.oom.certservice.client.configuration.validation.csr.CsrEnvsValueValidators.isCountryValid;
+import static org.onap.oom.certservice.client.configuration.validation.csr.CsrEnvsValueValidators.isDomainNameValid;
+import static org.onap.oom.certservice.client.configuration.validation.csr.CsrEnvsValueValidators.isEmailAddressValid;
+import static org.onap.oom.certservice.client.configuration.validation.csr.CsrEnvsValueValidators.isIpAddressValid;
+import static org.onap.oom.certservice.client.configuration.validation.csr.CsrEnvsValueValidators.isSpecialCharPresent;
+import static org.onap.oom.certservice.client.configuration.validation.csr.CsrEnvsValueValidators.isUriValid;
+
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
+
+class CsrEnvsValueValidatorsTest {
+
+ @ParameterizedTest
+ @ValueSource(strings = {"/var/log", "/", "/var/log/", "/second_var", "/second-var"})
+ void shouldAcceptValidPath(String path) {
+ assertThat(isPathValid(path)).isTrue();
+ }
+
+ @ParameterizedTest
+ @ValueSource(strings = {"/var/log?", "", "var_", "var", "//", "/var//log"})
+ void shouldRejectInvalidPath(String path) {
+ assertThat(isPathValid(path)).isFalse();
+ }
+
+ @ParameterizedTest
+ @ValueSource(strings = {"PL", "DE", "PN", "US", "IO", "CA", "KH", "CO", "DK", "EC", "CZ", "CN", "BR", "BD", "BE"})
+ void shouldAcceptValidCountryCode(String countryCode) {
+ assertThat(isCountryValid(countryCode)).isTrue();
+ }
+
+ @ParameterizedTest
+ @ValueSource(strings = {"", "QQ", "AFG", "D", "&*", "!", "ONAP", "p", "pl", "us", "afg"})
+ void shouldRejectInvalidCountryCode(String countryCode) {
+ assertThat(isCountryValid(countryCode)).isFalse();
+ }
+
+ @ParameterizedTest
+ @ValueSource(strings = {"sample@example.com", "onap@domain.pl", "alex.supertramp@onap.com",
+ "al.super^tramp@onap.org"})
+ void shouldAcceptValidEmailAddr(String emailAddr) {
+ assertThat(isEmailAddressValid(emailAddr)).isTrue();
+ }
+
+ @ParameterizedTest
+ @ValueSource(strings = {"<sample@example.com>", "onap@domain", "(mailto)user@onap.com", "mailto:axe@axe.de",
+ "incoreectdomaim@onap.ux"})
+ void shouldRejectInvalidEmailAddr(String address) {
+ assertThat(isEmailAddressValid(address)).isFalse();
+ }
+
+ @ParameterizedTest
+ @ValueSource(strings = {"192.168.0.1", "10.183.34.201", "ff:ff:ff:ff::", "ff:ff:ff:ff:ff:ff:ff:ff"})
+ void shouldAcceptValidIpAddress(String address) {
+ assertThat(isIpAddressValid(address)).isTrue();
+ }
+
+ @ParameterizedTest
+ @ValueSource(strings = {"192.168.0.", "ff:ff:ee:a1:", "fg:ff:ff:ff::", "http://10.183.34.201",
+ "10.183.34.201:8080"})
+ void shouldRejectInvalidIpAddress(String address) {
+ assertThat(isIpAddressValid(address)).isFalse();
+ }
+
+ @ParameterizedTest
+ @ValueSource(strings = {"sample.com", "Sample.com", "onap.org", "SRI-NIC.ARPA", "ves-collector", "sample"})
+ void shouldAcceptValidDomainName(String domain) {
+ assertThat(isDomainNameValid(domain)).isTrue();
+ }
+
+ @ParameterizedTest
+ @ValueSource(strings = {" ", "", "sample@onap.org", "192.168.0.1", "http://sample.com"})
+ void shouldRejectInvalidDomainNames(String domain) {
+ assertThat(isDomainNameValid(domain)).isFalse();
+ }
+
+ @ParameterizedTest
+ @ValueSource(strings = {"http://sample.com/path", "ftp://sample.com/path/file.txt", "https://ves.pl"})
+ void shouldBeTrueForValidUris(String text) {
+ assertThat(isUriValid(text)).isTrue();
+ }
+ @ParameterizedTest
+ @ValueSource(strings = {"3http://sample.com", "192.168.0.1", "www.example.com"})
+ void shouldBeFalseForInvalidUris(String text) {
+ assertThat(isUriValid(text)).isFalse();
+ }
+
+ @ParameterizedTest
+ @ValueSource(strings = {"/text~", "/text#", "/text@", "/text*","/text$", "/text+", "/text%", "/text!", "/text(",
+ "/text)", "/text?", "/text|", "/text_", "/text^"})
+ void shouldBeTrueForStringsWithSpecialChars(String text) {
+ assertThat(isSpecialCharPresent(text)).isTrue();
+ }
+ @ParameterizedTest
+ @ValueSource(strings = {"text", ""})
+ void shouldBeFalseForStringsWithoutSpecialChars(String text) {
+ assertThat(isSpecialCharPresent(text)).isFalse();
+ }
+}
diff --git a/certServiceClient/src/test/java/org/onap/oom/certservice/client/configuration/validation/csr/UriValidatorTest.java b/certServiceClient/src/test/java/org/onap/oom/certservice/client/configuration/validation/csr/UriValidatorTest.java
new file mode 100644
index 00000000..addc4603
--- /dev/null
+++ b/certServiceClient/src/test/java/org/onap/oom/certservice/client/configuration/validation/csr/UriValidatorTest.java
@@ -0,0 +1,164 @@
+/*
+ * ============LICENSE_START=======================================================
+ * oom-certservice-client
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.oom.certservice.client.configuration.validation.csr;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.onap.oom.certservice.client.configuration.validation.csr.UriValidator.isValid;
+
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
+
+class UriValidatorTest {
+
+ /**
+ * scheme = ALPHA *( ALPHA / DIGIT / "+" / "-" / "." )
+ */
+
+ @ParameterizedTest
+ @ValueSource(strings = {"http:/", "http:", "http://", "h4ttp://"})
+ void shouldTrueForValidScheme(String uri) {
+ assertThat(isValid(uri)).isTrue();
+ }
+
+ @ParameterizedTest
+ @ValueSource(strings = {"example.com", "www.example.com", "0.0.0.0", "[2001:0db8:85a3:0000:0000:8a2e:0370:7334]"})
+ void shouldFalseForUriWithoutScheme(String uri) {
+ assertThat(isValid(uri)).isFalse();
+ }
+
+ @ParameterizedTest
+ @ValueSource(strings = {"*http://", "_http://", "?http://", "4http://"})
+ void shouldFalseForUriWithInvalidScheme(String uri) {
+ assertThat(isValid(uri)).isFalse();
+ }
+
+ /**
+ * authority = [ userinfo "@" ] host [ ":" port ]
+ * <p>
+ * userinfo = *( unreserved / pct-encoded / sub-delims / ":" )
+ * <p>
+ * host = IP-literal / IPv4address / reg-name
+ */
+
+ @ParameterizedTest
+ @ValueSource(strings = {
+ "http://user:password@example.com",
+ "http://user@example.com",
+ "http://user:password:test@example.com",
+ "http://user-info:password@example.com"})
+ void shouldTrueForValidUserInAuthority(String uri) {
+ assertThat(isValid(uri)).isTrue();
+ }
+
+ @ParameterizedTest
+ @ValueSource(strings = {
+ "http://user:password",
+ "http://user:password:test:"})
+ void shouldFalseForMissingHostInAuthority(String uri) {
+ assertThat(isValid(uri)).isFalse();
+ }
+
+ @ParameterizedTest
+ @ValueSource(strings = {
+ "http://[2001:0db8:85a3:0000:0000:8a2e:0370:7334]/test",
+ "https://[2001:db8:85a3:8d3:1319:8a2e:370:7348]/",
+ "http://8.8.8.8/",
+ "http://8.8.8.8/test"})
+ void shouldTrueForUriContainsIP(String uri) {
+ assertThat(isValid(uri)).isTrue();
+ }
+
+ @ParameterizedTest
+ @ValueSource(strings = {
+ "http://[2001:0db8:85a3:0000:0000:8a2e:0370:7334]:443/test",
+ "https://[2001:db8:85a3:8d3:1319:8a2e:370:7348]:443/",
+ "http://8.8.8.8:8080/test",
+ "https://8.8.8.8:443/"})
+ void shouldTrueForUriContainsIPAndPort(String uri) {
+ assertThat(isValid(uri)).isTrue();
+ }
+
+ @ParameterizedTest
+ @ValueSource(strings = {
+ "http:/path.to.file",
+ "http:/file",
+ "http:/ptah/to/file"})
+ void shouldTrueForMissingAuthority(String uri) {
+ assertThat(isValid(uri)).isTrue();
+ }
+
+ /**
+ * PATH QUERY FRAGMENT
+ */
+
+ @ParameterizedTest
+ @ValueSource(strings = {
+ "http://example.com/path/to/file",
+ "http://example.com/path",
+ "http://example.com/",})
+ void shouldTrueForPathWithAuthority(String uri) {
+ assertThat(isValid(uri)).isTrue();
+ }
+
+ @ParameterizedTest
+ @ValueSource(strings = {
+ "http:/path/to/file",
+ "http:/path",
+ "http:/",})
+ void shouldTrueForPathWithoutAuthority(String uri) {
+ assertThat(isValid(uri)).isTrue();
+ }
+
+
+ @ParameterizedTest
+ @ValueSource(strings = {
+ "http://example.com/test.txt?test=test1&test2=test3#onap",
+ "http://example.com?",
+ "http://example.com?test=tes1&#",
+ "http://example.com#onap"})
+ void shouldTrueForUriWithQueryAndFragmentInPath(String uri) {
+ assertThat(isValid(uri)).isTrue();
+ }
+
+ @ParameterizedTest
+ @ValueSource(strings = {
+ "http://example.com/test.txt?#onap#?",
+ "http://example.com?##",
+ "http://www.example.com/file%GF.html"})
+ void shouldFalseForUriWithWrongQueryOrWrongFragmentInPath(String uri) {
+ assertThat(isValid(uri)).isFalse();
+ }
+
+ @ParameterizedTest
+ @ValueSource(strings = {
+ "ftp://ftp.is.co.za/rfc/rfc1808.txt",
+ "http://www.ietf.org/rfc/rfc2396.txt",
+ "ldap://[2001:db8::7]/c=GB?objectClass?one",
+ "mailto:John.Doe@example.com",
+ "news:comp.infosystems.www.servers.unix",
+ "tel:+1-816-555-1212",
+ "telnet://192.0.2.16:80/",
+ "urn:oasis:names:specification:docbook:dtd:xml:4.1.2"})
+ void shouldTrueForRFC3986Examples(String uri) {
+ assertThat(isValid(uri)).isTrue();
+ }
+
+}
diff --git a/certServiceClient/version.properties b/certServiceClient/version.properties
index 3ad2137c..8d40756c 100644
--- a/certServiceClient/version.properties
+++ b/certServiceClient/version.properties
@@ -1,5 +1,5 @@
major=2
-minor=2
+minor=3
patch=0
base_version=${major}.${minor}.${patch}
release_version=${base_version}
diff --git a/certServiceK8sExternalProvider/README.md b/certServiceK8sExternalProvider/README.md
index ee739a3f..9e2daa5e 100644
--- a/certServiceK8sExternalProvider/README.md
+++ b/certServiceK8sExternalProvider/README.md
@@ -67,9 +67,6 @@ filtered out from the Certificate Signing Request.
- streetAddresses
- postalCodes
- isCa
- - ipAddresses
- - uris
- - emails
- duration
- usages
diff --git a/certServiceK8sExternalProvider/deploy/_certificate_example_.yaml b/certServiceK8sExternalProvider/deploy/_certificate_example_.yaml
index e19e6351..e5226906 100644
--- a/certServiceK8sExternalProvider/deploy/_certificate_example_.yaml
+++ b/certServiceK8sExternalProvider/deploy/_certificate_example_.yaml
@@ -43,10 +43,16 @@ spec:
- California
organizationalUnits:
- ONAP
- # DNS SAN
+ # SANs
dnsNames:
- localhost
- certissuer.onap.org
+ ipAddresses:
+ - "127.0.0.1"
+ uris:
+ - onap://cluster.local/
+ emailAddresses:
+ - onap@onap.org
# The reference to the CMPv2 issuer
issuerRef:
group: certmanager.onap.org
diff --git a/certServiceK8sExternalProvider/deploy/_certificate_example_contains_not_supported_properties.yaml b/certServiceK8sExternalProvider/deploy/_certificate_example_contains_not_supported_properties.yaml
index 37068435..aa33e98f 100644
--- a/certServiceK8sExternalProvider/deploy/_certificate_example_contains_not_supported_properties.yaml
+++ b/certServiceK8sExternalProvider/deploy/_certificate_example_contains_not_supported_properties.yaml
@@ -47,15 +47,15 @@ spec:
postalCodes: #***NOT SUPPORTED BY CERT SERVICE API***
- 12-345
serialNumber: "12345" #***NOT SUPPORTED BY CERT SERVICE API***
- # DNS SAN
+ # SANs
dnsNames:
- localhost
- certissuer.onap.org
- ipAddresses: #***NOT SUPPORTED BY CERT SERVICE API***
+ ipAddresses:
- "127.0.0.1"
- uris: #***NOT SUPPORTED BY CERT SERVICE API***
+ uris:
- onap://cluster.local/
- emailAddresses: #***NOT SUPPORTED BY CERT SERVICE API***
+ emailAddresses:
- onap@onap.org
duration: 24h #***OVERRIDDEN BY CMPV2 SERVER***
renewBefore: 8h
diff --git a/certServiceK8sExternalProvider/pom.xml b/certServiceK8sExternalProvider/pom.xml
index a34ffc3f..22c4757e 100644
--- a/certServiceK8sExternalProvider/pom.xml
+++ b/certServiceK8sExternalProvider/pom.xml
@@ -5,7 +5,7 @@
<parent>
<artifactId>oom-certservice</artifactId>
<groupId>org.onap.oom.platform.cert-service</groupId>
- <version>2.2.0-SNAPSHOT</version>
+ <version>2.3.0-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
@@ -15,8 +15,20 @@
<properties>
<version.mvn-clean-plugin>3.1.0</version.mvn-clean-plugin>
<version.mvn-golang-wrapper-plugin>2.3.5</version.mvn-golang-wrapper-plugin>
+ <sonar.go.coverage.reportPaths>bin/coverage.out</sonar.go.coverage.reportPaths>
+ <sonar.exclusions>**/*_test.go, **/testdata/*</sonar.exclusions>
+ <sonar-go-plugin.version>1.1.1.2000</sonar-go-plugin.version>
</properties>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.sonarsource.go</groupId>
+ <artifactId>sonar-go-plugin</artifactId>
+ <version>${sonar-go-plugin.version}</version>
+ </dependency>
+ </dependencies>
+
<build>
<!--Changing standard Maven project source structure to make it Go compatible-->
<sourceDirectory>${basedir}</sourceDirectory>
@@ -46,6 +58,17 @@
<extensions>true</extensions>
<executions>
<execution>
+ <id>coverage</id>
+ <goals>
+ <goal>test</goal>
+ </goals>
+ <configuration>
+ <testFlags>
+ <flag>-coverprofile=bin/coverage.out</flag>
+ </testFlags>
+ </configuration>
+ </execution>
+ <execution>
<id>install</id>
<goals>
<goal>install</goal>
diff --git a/certServiceK8sExternalProvider/src/cmpv2controller/logger/certificate_request_logger.go b/certServiceK8sExternalProvider/src/cmpv2controller/logger/certificate_request_logger.go
index 649ce47f..5eeaf2e6 100644
--- a/certServiceK8sExternalProvider/src/cmpv2controller/logger/certificate_request_logger.go
+++ b/certServiceK8sExternalProvider/src/cmpv2controller/logger/certificate_request_logger.go
@@ -50,6 +50,9 @@ func logSupportedProperties(log leveledlogger.Logger, csr *x509.CertificateReque
logSupportedMultiValueProperty(log, csr.Subject.Province, "state")
logSupportedMultiValueProperty(log, csr.Subject.Locality, "location")
logSupportedMultiValueProperty(log, csr.DNSNames, "dns names")
+ logSupportedMultiValueProperty(log, csr.EmailAddresses, "email addresses")
+ logSupportedMultiValueProperty(log, mapIpAddressesToText(csr.IPAddresses), "ipAddresses")
+ logSupportedMultiValueProperty(log, mapUrisToText(csr.URIs), "uris")
}
func logSupportedMultiValueProperty(log leveledlogger.Logger, values []string, propertyName string) {
@@ -80,21 +83,6 @@ func extractUsages(usages []cmapi.KeyUsage) string {
}
func logPropertiesNotSupportedByCertService(log leveledlogger.Logger, request *cmapi.CertificateRequest, csr *x509.CertificateRequest) {
-
- //IP addresses in SANs
- if len(csr.IPAddresses) > 0 {
- log.Warning(getNotSupportedMessage("ipAddresses", extractIPAddresses(csr.IPAddresses)))
- }
- //URIs in SANs
- if len(csr.URIs) > 0 {
- log.Warning(getNotSupportedMessage("uris", extractURIs(csr.URIs)))
- }
-
- //Email addresses in SANs
- if len(csr.EmailAddresses) > 0 {
- log.Warning(getNotSupportedMessage("emailAddresses", extractStringArray(csr.EmailAddresses)))
- }
-
if request.Spec.IsCA == true {
log.Warning(getNotSupportedMessage("isCA", strconv.FormatBool(request.Spec.IsCA)))
}
@@ -121,20 +109,20 @@ func extractStringArray(strArray []string) string {
return values
}
-func extractURIs(URIs []*url.URL) string {
- values := ""
- for _, uri := range URIs {
- values = values + uri.String() + ", "
+func mapUrisToText(uris []*url.URL) []string {
+ urisAsText := make([]string, len(uris))
+ for i, ipAddress := range uris {
+ urisAsText[i] = ipAddress.String()
}
- return values
+ return urisAsText
}
-func extractIPAddresses(addresses []net.IP) string {
- values := ""
- for _, ipAddress := range addresses {
- values = values + ipAddress.String() + ", "
+func mapIpAddressesToText(addresses []net.IP) []string {
+ ipsAsText := make([]string, len(addresses))
+ for i, ipAddress := range addresses {
+ ipsAsText[i] = ipAddress.String()
}
- return values
+ return ipsAsText
}
func getSupportedMessage(property string, value string) string {
diff --git a/certServiceK8sExternalProvider/src/cmpv2controller/logger/certificate_request_logger_test.go b/certServiceK8sExternalProvider/src/cmpv2controller/logger/certificate_request_logger_test.go
index 250fab8b..0b50980b 100644
--- a/certServiceK8sExternalProvider/src/cmpv2controller/logger/certificate_request_logger_test.go
+++ b/certServiceK8sExternalProvider/src/cmpv2controller/logger/certificate_request_logger_test.go
@@ -40,7 +40,6 @@ import (
var unsupportedProperties = []string{
"* property 'duration'",
"* property 'usages'",
- "- property 'ipAddresses'",
"- property 'isCA'",
"- property 'subject.streetAddress'",
"- property 'subject.postalCodes'",
@@ -53,7 +52,11 @@ var supportedProperties = []string{
"+ property 'country'",
"+ property 'state'",
"+ property 'location'",
- "+ property 'dns names'"}
+ "+ property 'dns names'",
+ "+ property 'ipAddresses'",
+ "+ property 'uris'",
+ "+ property 'email addresses'",
+ }
const RESULT_LOG = "testdata/test_result.log"
diff --git a/certServiceK8sExternalProvider/src/cmpv2controller/logger/test_resource.go b/certServiceK8sExternalProvider/src/cmpv2controller/logger/test_resource.go
index c0f6f950..dcb255ea 100644
--- a/certServiceK8sExternalProvider/src/cmpv2controller/logger/test_resource.go
+++ b/certServiceK8sExternalProvider/src/cmpv2controller/logger/test_resource.go
@@ -21,43 +21,44 @@
package logger
const csrWithoutSkippedProperties = (`-----BEGIN CERTIFICATE REQUEST-----
-MIIDETCCAfkCAQAwgYIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
+MIIDPTCCAiUCAQAwgYIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
MRYwFAYDVQQHEw1TYW4tRnJhbmNpc2NvMRkwFwYDVQQKExBMaW51eC1Gb3VuZGF0
aW9uMQ0wCwYDVQQLEwRPTkFQMRwwGgYDVQQDExNjZXJ0aXNzdWVyLm9uYXAub3Jn
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxhQiSgyYGpEfX/HuCFwT
-GHkLe1CheKz2CQzSP9an5BSdET1OgABmuJjtnXZzKpPAZCGJX2QTyDE9zvdTN0Ci
-/8WRL/m2tWUPbt8qRVW36PSKazpB+ELZjQi3rmYtmWUlRuJNfLcksK59pcD5W46t
-d9eettkex0FAcxpQE/ukhpW9r6QrmlQAQHuF1rBw6uJMGzFSPWh9XFLFbxZJyJCu
-AIycvT95bgtot3EMPwGkxAYzxtAu6D5/n65nIZ0f9BuuNFtmnoHmn/9fPUnZHA0h
-qP9kXAAU10S3gig+Na6DeZFBE1y9jCt4vmSq2ssBO24kOAHrg5GrqEsnfoSnu8Nb
-sQIDAQABoEkwRwYJKoZIhvcNAQkOMTowODApBgNVHREEIjAggglsb2NhbGhvc3SC
-E2NlcnRpc3N1ZXIub25hcC5vcmcwCwYDVR0PBAQDAgWgMA0GCSqGSIb3DQEBCwUA
-A4IBAQAWkOeJHnmtlSvlb7HbBeSGY4E9M338sKtwV4ZSvH+n5rgwamkvjhUwhycs
-UR0XgeAyD86kK6kkvVewdIanHYp1k7CuDZkU6piy8t4RhosyqUWQNWtemGYdNZCL
-cgZ1Jbj4NdIZo2EKBIEbTrm9VFt1zidYRFNGNJp8RQQds6r4qATq1NKr6ptrLuIc
-dzfOm1ZPtSn8u4H4+z1re6q18JeM0VPXBiXBtEXwQRXIEnsjCzYxdjy+QwbEmlpB
-o2hMIamWNIbskYnNkaky8eQzjJ8uIesESeanWJlrMUbzicOwQeYMPmj+Mkn1nqlK
-YFwml5XnVXXpGLHGWCswpN3CDyXi
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3RKJGx0bXUz2hyWPssq5
+sZEOcC4ITkBWDx1b/g+abX1J2nTfKZK4JSRd1I/9Lz8LaiyuqacCzJ3vZ+IbvbwJ
+HjTvzakbdQgbm7TSOH4zBXUp6lN92PT+RwM5PGcipi3vcC/eT4aMohEhHH1qkNCP
+G7EC69hTnw3tyXX19euF/gAJwHeYNSHC6k2WwLYkYkkhRIndzv1vM8nBLb7C7JBE
+aAO0fq1trVEoIYdz3tNWZWs+T+Vu8fATqm1rLzKOj3bQljRluFsegrRPR2oD9Th5
+AE5nmw948higVTlXcdeoW0MiAn6pWyHzcTKhBizm+Yp4bejqx8oq+Joq7u5nue/p
+KQIDAQABoHUwcwYJKoZIhvcNAQkOMWYwZDBVBgNVHREETjBMgglsb2NhbGhvc3SC
+E2NlcnRpc3N1ZXIub25hcC5vcmeBDW9uYXBAb25hcC5vcmeHBH8AAAGGFW9uYXA6
+Ly9jbHVzdGVyLmxvY2FsLzALBgNVHQ8EBAMCBaAwDQYJKoZIhvcNAQELBQADggEB
+AI3LghPWW3P8zO5CiLIMYwbYbQt0nA0AA/iDzBh/HXE+owLXECffGhidC9oG8d1r
+ZAL+fkjU1+hBSPyk8ZIeiPGi1NDL4h+65Cobv/D3O5PEDYui98FZSykrkcLCb3Qx
+ga6ki+l3sQYP6sWyK6N1U7uX8t1g7IMbcpMO7rASNMDRWkYtlmJhit0Yd6YgvYuL
+gqH+TRiUTvm6XKby5DaTK3lz7h78lqTxVcWHlxUGTvXAEF15cqbKGy9n/4y1LQUc
+AhEFo/1MKDqMpG8FTw/EFMMzKQAXofeLGcWepXo1oDGHal8/3kYN+0c2cH4ZASp4
+N8j9VQMXik3mDiJWFtM0oWI=
-----END CERTIFICATE REQUEST-----`)
const csrWithSkippedProperties = (`-----BEGIN CERTIFICATE REQUEST-----
-MIIDgjCCAmoCAQAwgaQxCzAJBgNVBAYTAlBMMRMwEQYDVQQIEwpEb2xueVNsYXNr
-MRAwDgYDVQQHEwdXcm9jbGF3MREwDwYDVQQJEwhMb3RuaWN6YTEPMA0GA1UEERMG
-MTItMzQ1MQ0wCwYDVQQKEwRPTkFQMQ0wCwYDVQQLEwRvbmFwMRwwGgYDVQQDExNj
-ZXJ0aXNzdWVyLm9uYXAub3JnMQ4wDAYDVQQFEwUxMjM0NTCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBAPdrWRYpdGY6A9YEQ8mnQdOW7wzdaNHJ83ZrMPZd
-V7jBOMvQbTw6Oe/Q4vD+Dla7FmGqlAajNIgKRiUUQLKVmASELhCYhtW7Mn91qe6l
-xuyPyOEi9o8mArJosFAfPPF0nm9FQPi2qHgyi6C52QR7cKsgNPflpKVsEx9Y+Zns
-YBqkaX16BukvcHUANgsvZ3rLUVeiOsCi2ysVcsm+4XMvF6ejoqKJ9k7Ti0VrQtqh
-e1nKlaa4uP3dreeUXBMLfKUS7QrNavpiX6wVaohVp6p/AYQ2HZurMv86Q2E5D5SC
-ReEpVuWx+r4MI8dAHbYe09ntkRGIe8mVyxHHEWLNfZiwKGsCAwEAAaCBlzCBlAYJ
-KoZIhvcNAQkOMYGGMIGDMFUGA1UdEQROMEyCCWxvY2FsaG9zdIITY2VydGlzc3Vl
-ci5vbmFwLm9yZ4ENb25hcEBvbmFwLm9yZ4cEfwAAAYYVb25hcDovL2NsdXN0ZXIu
-bG9jYWwvMAsGA1UdDwQEAwICBDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
-AwIwDQYJKoZIhvcNAQELBQADggEBAHDMw3+fVOrbVnMI2g/IP40vt1eenkoriTHX
-dnjRRFio75nCNRJdLOJ9FU3wIgdDZwGaiXdn5NDQxCe0BWcbElDJSYR/xOi7V0AM
-2L3CrRAOhr2MjwX7CaOuYWcVtrbtIMf26NLKRXYPlGgc6YeofalDnezMJ/IuRQhj
-bcm17a8owa5dH9u/rmTmlrIT7PV4JHkZIogctIcSqod6xdr1mbi8G9DMFAqV+o7W
-9kV7XDKhTqYoBIsXwfehNMu3lo72VuklIyVNiEVz4mVzpeZy2DgjRjCLt106yDHZ
-f3nco6O4y2EyexBVKq6QRFfZDUab6YcoEVvPAio01RmFrHgnxHs=
+MIIDaDCCAlACAQAwgboxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
+MRYwFAYDVQQHEw1TYW4tRnJhbmNpc2NvMRUwEwYDVQQJEwxzYW1wbGVTdHJlZXQx
+DzANBgNVBBETBjEyLTM0NTEZMBcGA1UEChMQTGludXgtRm91bmRhdGlvbjENMAsG
+A1UECxMET05BUDEcMBoGA1UEAxMTY2VydGlzc3Vlci5vbmFwLm9yZzEOMAwGA1UE
+BRMFMTIzNDUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOsn9B8AmR
+ZGcJ/b2pp+oeA0jQgr7wnJeDCWzF7v5k6vBSeladlERVTCBaWO5SSSVDqrhidnvv
++FpxG6LeN+Y/KQn/Hk8pQSoht3yZaTgQV352nOysIr/tI4QUwahAXH8RwvyS4CHJ
+vy1n/cJlvdiymC9z61dUx4DyHsMlZMRTldiFIs0/VKtgPPZ3hxMT1NJjg9dmyJhm
+RCZOn/cj1laIW6ie/BQJuXINf8VT3bl4mYkfc7yvrj7V3aMWKuzbr8/yMo9fpHqd
+gGQIqtmDOWOHkawkEAPqpeFLdryXcfFEFsy9iJHbr4N/5FKj4lbUaS4aVA04oigl
+RUKM8bE5uQUHAgMBAAGgaDBmBgkqhkiG9w0BCQ4xWTBXMCkGA1UdEQQiMCCCCWxv
+Y2FsaG9zdIITY2VydGlzc3Vlci5vbmFwLm9yZzALBgNVHQ8EBAMCAgQwHQYDVR0l
+BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQACQMf4
+OcJHOD1AWmIXy5G0VYUs2qogrSX0BEWWuXRGt9vicUmesgf9YLHNlg5dOujJmEIP
+HKkks1uy5dNXMlKAZ3i1TSaVhoFap5jZiXmfKfRXb5ImL3e5146hr+1dqRnPA7rR
+4fjjz8B7HeO2TiWu2xgJnyuPHKOwalSOYhVljpEE2hjs064Vc2yovj2FcYdPbfc2
+gFQqkUSBrviuzxhK63fWtMGStv/kSc3cEylDzV45LLIUCVFKzKaqXiG8MCQjhtFI
+2ve5+9NJxPQ3SqBKUuRoTHYBC3YppY/QagepVlENeDomvku8iS2FSkkOxGspbhla
+7uR7K5JP5H9jLQbj
-----END CERTIFICATE REQUEST-----`)
diff --git a/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go
index e89eb1f4..be15e832 100644
--- a/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go
+++ b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go
@@ -101,7 +101,7 @@ func (ca *CertServiceCA) Sign(
if err != nil {
return nil, nil, err
}
- log.Debug("Filtered out CSR PEM: ", "bytes", csrBytes)
+ log.Debug("Filtered out CSR PEM: ", "bytes", filteredCsrBytes)
response, err := ca.certServiceClient.GetCertificates(filteredCsrBytes, privateKeyBytes)
if err != nil {
diff --git a/certServiceK8sExternalProvider/src/cmpv2provisioner/csr/csr.go b/certServiceK8sExternalProvider/src/cmpv2provisioner/csr/csr.go
index 1a86866b..583d533e 100644
--- a/certServiceK8sExternalProvider/src/cmpv2provisioner/csr/csr.go
+++ b/certServiceK8sExternalProvider/src/cmpv2provisioner/csr/csr.go
@@ -45,6 +45,9 @@ func FilterFieldsFromCSR(csrBytes []byte, privateKeyBytes []byte) ([]byte, error
filteredCsr, err := x509.CreateCertificateRequest(rand.Reader, &x509.CertificateRequest{
Subject: filteredSubject,
DNSNames: csr.DNSNames,
+ IPAddresses: csr.IPAddresses,
+ URIs: csr.URIs,
+ EmailAddresses: csr.EmailAddresses,
}, key)
if err != nil {
return nil, err
diff --git a/certServiceK8sExternalProvider/src/cmpv2provisioner/csr/csr_test.go b/certServiceK8sExternalProvider/src/cmpv2provisioner/csr/csr_test.go
index 08fb5538..ff9a799a 100644
--- a/certServiceK8sExternalProvider/src/cmpv2provisioner/csr/csr_test.go
+++ b/certServiceK8sExternalProvider/src/cmpv2provisioner/csr/csr_test.go
@@ -75,6 +75,9 @@ func assertNotFilteredFieldsNotChanged(t *testing.T, originalCsrBytes []byte, fi
filteredCsr := parseCsrBytes(filteredCsrBytes)
assert.Equal(t, originalCsr.DNSNames, filteredCsr.DNSNames)
+ assert.Equal(t, originalCsr.URIs, filteredCsr.URIs)
+ assert.Equal(t, originalCsr.EmailAddresses, filteredCsr.EmailAddresses)
+ assert.Equal(t, originalCsr.IPAddresses, filteredCsr.IPAddresses)
assert.Equal(t, originalCsr.PublicKey, filteredCsr.PublicKey)
assert.Equal(t, originalCsr.PublicKeyAlgorithm, filteredCsr.PublicKeyAlgorithm)
assert.Equal(t, originalCsr.SignatureAlgorithm, filteredCsr.SignatureAlgorithm)
@@ -88,9 +91,6 @@ func assertNotFilteredFieldsNotChanged(t *testing.T, originalCsrBytes []byte, fi
func assertFilteredFieldsEmpty(t *testing.T, csrBytes []byte) {
csr := parseCsrBytes(csrBytes)
- assert.Nil(t, csr.URIs)
- assert.Nil(t, csr.EmailAddresses)
- assert.Nil(t, csr.IPAddresses)
assert.Nil(t, csr.Subject.PostalCode)
assert.Equal(t, "", csr.Subject.SerialNumber)
assert.Nil(t, csr.Subject.StreetAddress)
diff --git a/certServicePostProcessor/pom.xml b/certServicePostProcessor/pom.xml
index 0e3e1608..bd79d85d 100644
--- a/certServicePostProcessor/pom.xml
+++ b/certServicePostProcessor/pom.xml
@@ -5,12 +5,12 @@
<parent>
<artifactId>oom-certservice</artifactId>
<groupId>org.onap.oom.platform.cert-service</groupId>
- <version>2.2.0-SNAPSHOT</version>
+ <version>2.3.0-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>oom-certservice-post-processor</artifactId>
- <version>2.2.0-SNAPSHOT</version>
+ <version>2.3.0-SNAPSHOT</version>
<name>oom-certservice-post-processor</name>
<description>An application which conducts certificate post-processing like: merging truststores, copying keystores.</description>
<packaging>jar</packaging>
diff --git a/compose-resources/client-configuration.env b/compose-resources/client-configuration.env
index 6e1f76c9..8ff45abe 100644
--- a/compose-resources/client-configuration.env
+++ b/compose-resources/client-configuration.env
@@ -11,7 +11,7 @@ ORGANIZATION_UNIT=ONAP
LOCATION=San-Francisco
STATE=California
COUNTRY=US
-SANS=example.org
+SANS=example.org,test.onap.org,onap@onap.org,127.0.0.1,onap://cluster.local/
#Tls config envs
KEYSTORE_PATH=/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks
KEYSTORE_PASSWORD=secret
diff --git a/compose-resources/entityprofile_Custom_EndEntity-1356531849.xml b/compose-resources/entityprofile_Custom_EndEntity-1356531849.xml
index 19d872fe..ec51a80d 100644
--- a/compose-resources/entityprofile_Custom_EndEntity-1356531849.xml
+++ b/compose-resources/entityprofile_Custom_EndEntity-1356531849.xml
@@ -60,19 +60,19 @@
<int>1</int>
</void>
<void method="add">
- <int>0</int>
+ <int>3</int>
</void>
<void method="add">
<int>3</int>
</void>
<void method="add">
- <int>0</int>
+ <int>3</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
- <int>0</int>
+ <int>3</int>
</void>
<void method="add">
<int>0</int>
@@ -354,6 +354,33 @@
<void method="add">
<int>1802</int>
</void>
+ <void method="add">
+ <int>1700</int>
+ </void>
+ <void method="add">
+ <int>1701</int>
+ </void>
+ <void method="add">
+ <int>1702</int>
+ </void>
+ <void method="add">
+ <int>1900</int>
+ </void>
+ <void method="add">
+ <int>1901</int>
+ </void>
+ <void method="add">
+ <int>1902</int>
+ </void>
+ <void method="add">
+ <int>2100</int>
+ </void>
+ <void method="add">
+ <int>2101</int>
+ </void>
+ <void method="add">
+ <int>2102</int>
+ </void>
</object>
</void>
<void method="put">
@@ -570,7 +597,7 @@
</void>
<void method="put">
<int>37</int>
- <string>-1501801709</string>
+ <string>-29939301</string>
</void>
<void method="put">
<int>20037</int>
@@ -932,5 +959,149 @@
<int>30218</int>
<boolean>true</boolean>
</void>
+ <void method="put">
+ <int>17</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20017</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10017</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>30017</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>117</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20117</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10117</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>30117</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>217</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20217</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10217</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>30217</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>19</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20019</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10019</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30019</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>119</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20119</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10119</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30119</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>219</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20219</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10219</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30219</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>21</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20021</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10021</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30021</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>121</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20121</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10121</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30121</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>221</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20221</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10221</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30221</int>
+ <boolean>true</boolean>
+ </void>
</object>
</java>
diff --git a/docs/index.rst b/docs/index.rst
index 6d8e329c..67d83c6e 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -19,6 +19,7 @@ OOM Certification Service
sections/logging.rst
sections/installation.rst
sections/configuration.rst
+ sections/change-log.rst
sections/release-notes.rst
sections/troubleshooting.rst
diff --git a/docs/sections/change-log.rst b/docs/sections/change-log.rst
new file mode 100644
index 00000000..b2423a10
--- /dev/null
+++ b/docs/sections/change-log.rst
@@ -0,0 +1,262 @@
+.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. http://creativecommons.org/licenses/by/4.0
+.. Copyright 2020 NOKIA
+
+
+Change Log
+==============
+
+
+Version: 2.1.0
+--------------
+
+:Release Date:
+
+**New Features**
+
+* Added module **oom-certservice-post-processor** with following functionality:
+
+ * appending CMPv2 certificates to CertMan truststore
+ * replacing CertMan keystore with CMPv2 keystore
+
+**Bug Fixes**
+
+ N/A
+
+**Known Issues**
+
+ N/A
+
+**Security Notes**
+
+ N/A
+
+*Fixed Security Issues*
+
+ N/A
+
+*Known Security Issues*
+
+ N/A
+
+*Known Vulnerabilities in Used Modules*
+
+ N/A
+
+**Upgrade Notes**
+
+**Deprecation Notes**
+
+**Other**
+
+==============
+
+Version: 2.0.0
+--------------
+
+:Release Date:
+
+**New Features**
+
+ - The same functionality as in aaf-certservice 1.2.0
+
+**Bug Fixes**
+
+ N/A
+
+**Known Issues**
+
+ N/A
+
+**Security Notes**
+
+ N/A
+
+*Fixed Security Issues*
+
+ N/A
+
+*Known Security Issues*
+
+ N/A
+
+*Known Vulnerabilities in Used Modules*
+
+ N/A
+
+**Upgrade Notes**
+
+**Deprecation Notes**
+
+**Other**
+
+===========
+
+Version: 1.2.0
+--------------
+
+:Release Date:
+
+**New Features**
+
+ - Client creates subdirectories in given OUTPUT_PATH and place certificate into it.
+
+**Bug Fixes**
+
+ N/A
+
+**Known Issues**
+
+ N/A
+
+**Security Notes**
+
+ N/A
+
+*Fixed Security Issues*
+
+ N/A
+
+*Known Security Issues*
+
+ N/A
+
+*Known Vulnerabilities in Used Modules*
+
+ N/A
+
+**Upgrade Notes**
+
+**Deprecation Notes**
+
+**Other**
+
+===========
+
+Version: 1.1.0
+--------------
+
+:Release Date: 2020-06-29
+
+**New Features**
+
+ - Added property to CertService Client to allow selection of output certificates type (One of: PEM, JKS, P12).
+
+**Bug Fixes**
+
+ - Resolved issue where created PKCS12 certificates had jks extension.
+
+**Known Issues**
+
+ N/A
+
+**Security Notes**
+
+ N/A
+
+*Fixed Security Issues*
+
+ N/A
+
+*Known Security Issues*
+
+ N/A
+
+*Known Vulnerabilities in Used Modules*
+
+ N/A
+
+**Upgrade Notes**
+
+**Deprecation Notes**
+
+**Other**
+
+===========
+
+Version: 1.0.1
+--------------
+
+:Release Date: 2020-05-22
+
+**New Features**
+
+The Frankfurt Release is the first release of the Certification Service.
+
+
+**Bug Fixes**
+
+ - `AAF-1132 <https://jira.onap.org/browse/AAF-1132>`_ - CertService Client returns exit status 5 when TLS configuration fails
+
+**Known Issues**
+
+ - PKCS12 certificates have jks extension
+
+**Security Notes**
+
+ N/A
+
+*Fixed Security Issues*
+
+ N/A
+
+*Known Security Issues*
+
+ N/A
+
+*Known Vulnerabilities in Used Modules*
+
+ N/A
+
+**Upgrade Notes**
+
+**Deprecation Notes**
+
+**Other**
+
+===========
+
+Version: 1.0.0
+--------------
+
+:Release Date: 2020-04-16
+
+**New Features**
+
+The Frankfurt Release is the first release of the Certification Service.
+
+**Bug Fixes**
+
+ - No new fixes were implemented for this release
+
+**Known Issues**
+
+ - `AAF-1132 <https://jira.onap.org/browse/AAF-1132>`_ - CertService Client returns exit status 5 when TLS configuration fails
+
+ - PKCS12 certificates have jks extension
+
+**Security Notes**
+
+ N/A
+
+*Fixed Security Issues*
+
+ N/A
+
+*Known Security Issues*
+
+ N/A
+
+*Known Vulnerabilities in Used Modules*
+
+ N/A
+
+**Upgrade Notes**
+
+**Deprecation Notes**
+
+**Other**
+
+===========
+
+End of Change Log
diff --git a/docs/sections/logging.rst b/docs/sections/logging.rst
index 92a87fb0..0e3511cf 100644
--- a/docs/sections/logging.rst
+++ b/docs/sections/logging.rst
@@ -122,3 +122,5 @@ Client application exits with following exit codes:
+-------+------------------------------------------------+
| 10 | File could not be created |
+-------+------------------------------------------------+
+| 99 | Application exited abnormally |
++-------+------------------------------------------------+
diff --git a/docs/sections/release-notes.rst b/docs/sections/release-notes.rst
index f1c7eecb..56dd8cc7 100644
--- a/docs/sections/release-notes.rst
+++ b/docs/sections/release-notes.rst
@@ -1,307 +1,122 @@
.. This work is licensed under a Creative Commons Attribution 4.0 International License.
.. http://creativecommons.org/licenses/by/4.0
.. Copyright 2020 NOKIA
+.. _release_notes:
+***************************************
+OOM Certification Service Release Notes
+***************************************
-Release Notes
+Abstract
+========
-==============
+This document provides the release notes for the Guilin release.
-Version: 2.2.0
---------------
-
-:Release Date:
-
-**New Features**
-
-* Added module **oom-certservice-k8s-external-provider** with following functionality:
-
- An external provider is a part of PKI infrastructure. It consumes CertificateRequest CRD from Cert-Manager and calls CertService API to enroll certificate from CMPv2 server.
-
- More information can be found on dedicated `wiki page <https://wiki.onap.org/display/DW/CertService+and+K8s+Cert-Manager+integration>`_
-
-**Bug Fixes**
-
- N/A
-
-**Known Issues**
-
- N/A
-
-**Security Notes**
-
- N/A
-
-*Fixed Security Issues*
-
- N/A
-
-*Known Security Issues*
-
- N/A
-
-*Known Vulnerabilities in Used Modules*
-
- N/A
-
-**Upgrade Notes**
-
-**Deprecation Notes**
-
-**Other**
-
-==============
-
-Version: 2.1.0
---------------
-
-:Release Date:
-
-**New Features**
-
-* Added module **oom-certservice-post-processor** with following functionality:
-
- * appending CMPv2 certificates to CertMan truststore
- * replacing CertMan keystore with CMPv2 keystore
-
-**Bug Fixes**
-
- N/A
-
-**Known Issues**
-
- N/A
-
-**Security Notes**
-
- N/A
-
-*Fixed Security Issues*
-
- N/A
-
-*Known Security Issues*
-
- N/A
-
-*Known Vulnerabilities in Used Modules*
-
- N/A
-
-**Upgrade Notes**
-
-**Deprecation Notes**
-
-**Other**
-
-==============
-
-Version: 2.0.0
---------------
-
-:Release Date:
-
-**New Features**
-
- - The same functionality as in aaf-certservice 1.2.0
-
-**Bug Fixes**
-
- N/A
-
-**Known Issues**
-
- N/A
-
-**Security Notes**
-
- N/A
+Summary
+=======
-*Fixed Security Issues*
+Certification Service provides certificates signed by external CMPv2 server - such certificates are further called operators certificates. Operators certificates are meant to secure external ONAP traffic - traffic between network functions (xNFs) and ONAP.
- N/A
+This project was moved from Application Authorization Framework (AAF), to check previous release notes see, `AAF CertService release notes <https://docs.onap.org/projects/onap-aaf-certservice/en/frankfurt/sections/release-notes.html>`_ .
-*Known Security Issues*
- N/A
+Release Data
+============
-*Known Vulnerabilities in Used Modules*
++--------------------------------------+--------------------------------------------------------------------------------+
+| **Project** | OOM |
+| | |
++--------------------------------------+--------------------------------------------------------------------------------+
+| **Docker images** | * onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.1.0 |
+| | * onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0 |
+| | * onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.1.0|
+| | |
++--------------------------------------+--------------------------------------------------------------------------------+
+| **Release designation** | Guilin |
+| | |
++--------------------------------------+--------------------------------------------------------------------------------+
- N/A
-**Upgrade Notes**
+New features
+------------
-**Deprecation Notes**
+- `AAF-1152 <https://jira.onap.org/browse/AAF-1152>`_ Added to CertService's client parameter which controls output type of certificates (JKS, PKCS12, PEM)
-**Other**
+- `DCAEGEN2-2252 <https://jira.onap.org/browse/DCAEGEN2-2252>`_ Added new not existing subfolders creation in output path (CMPv2 Integration).
-===========
+- `DCAEGEN2-2253 <https://jira.onap.org/browse/DCAEGEN2-2253>`_ Implemented CertServicePostprocessor, allows merging truststores and moving keystore files.
-Version: 1.2.0
---------------
-
-:Release Date:
-
-**New Features**
-
- - Client creates subdirectories in given OUTPUT_PATH and place certificate into it.
+- `OOM-2526 <https://jira.onap.org/browse/OOM-2526>`_ Moved project from AAF to OOM platform.
-**Bug Fixes**
+**Bug fixes**
- N/A
+- `OOM-2524 <https://jira.onap.org/browse/OOM-2524>`_ Fixed project makefile.
**Known Issues**
- N/A
-
-**Security Notes**
-
- N/A
-
-*Fixed Security Issues*
-
- N/A
-
-*Known Security Issues*
-
- N/A
-
-*Known Vulnerabilities in Used Modules*
-
- N/A
-
-**Upgrade Notes**
-
-**Deprecation Notes**
-
-**Other**
-
-===========
-
-Version: 1.1.0
---------------
-
-:Release Date: 2020-06-29
-
-**New Features**
-
- - Added property to CertService Client to allow selection of output certificates type (One of: PEM, JKS, P12).
-
-**Bug Fixes**
-
- - Resolved issue where created PKCS12 certificates had jks extension.
-
-**Known Issues**
-
- N/A
-
-**Security Notes**
-
- N/A
-
-*Fixed Security Issues*
+None
- N/A
+Deliverables
+------------
-*Known Security Issues*
+Software Deliverables
+~~~~~~~~~~~~~~~~~~~~~
+Docker images mentioned in Release Date section.
- N/A
+Documentation Deliverables
+~~~~~~~~~~~~~~~~~~~~~~~~~~
+Documentation moved from AAF - `OOM Certification Service <https://docs.onap.org/projects/onap-oom-platform-cert-service/en/latest/index.html#master-index>`_ .
-*Known Vulnerabilities in Used Modules*
+Known Limitations, Issues and Workarounds
+=========================================
- N/A
+System Limitations
+------------------
-**Upgrade Notes**
+Any known system limitations.
-**Deprecation Notes**
-**Other**
+Known Vulnerabilities
+---------------------
-===========
+Any known vulnerabilities.
-Version: 1.0.1
---------------
-
-:Release Date: 2020-05-22
-
-**New Features**
-
-The Frankfurt Release is the first release of the Certification Service.
-
-
-**Bug Fixes**
-
- - `AAF-1132 <https://jira.onap.org/browse/AAF-1132>`_ - CertService Client returns exit status 5 when TLS configuration fails
-
-**Known Issues**
-
- - PKCS12 certificates have jks extension
-
-**Security Notes**
-
- N/A
-
-*Fixed Security Issues*
-
- N/A
-
-*Known Security Issues*
- N/A
+Workarounds
+-----------
-*Known Vulnerabilities in Used Modules*
+Any known workarounds.
- N/A
-**Upgrade Notes**
-
-**Deprecation Notes**
-
-**Other**
-
-===========
-
-Version: 1.0.0
+Security Notes
--------------
-:Release Date: 2020-04-16
-
-**New Features**
-
-The Frankfurt Release is the first release of the Certification Service.
-
-**Bug Fixes**
-
- - No new fixes were implemented for this release
-
-**Known Issues**
-
- - `AAF-1132 <https://jira.onap.org/browse/AAF-1132>`_ - CertService Client returns exit status 5 when TLS configuration fails
-
- - PKCS12 certificates have jks extension
-
-**Security Notes**
-
- N/A
+**Fixed Security Issues**
-*Fixed Security Issues*
+None
- N/A
+**Known Security Issues**
-*Known Security Issues*
+None
- N/A
-*Known Vulnerabilities in Used Modules*
+Test Results
+============
+Not applicable
- N/A
-**Upgrade Notes**
+References
+==========
-**Deprecation Notes**
+For more information on the ONAP Guilin release, please see:
-**Other**
+#. `ONAP Home Page`_
+#. `ONAP Documentation`_
+#. `ONAP Release Downloads`_
+#. `ONAP Wiki Page`_
-===========
-End of Release Notes
+.. _`ONAP Home Page`: https://www.onap.org
+.. _`ONAP Wiki Page`: https://wiki.onap.org
+.. _`ONAP Documentation`: https://docs.onap.org
+.. _`ONAP Release Downloads`: https://git.onap.org
diff --git a/docs/sections/usage.rst b/docs/sections/usage.rst
index e4a75444..6cba936a 100644
--- a/docs/sections/usage.rst
+++ b/docs/sections/usage.rst
@@ -31,7 +31,7 @@ CertService client needs the following configuration parameters to work properly
- LOCATION *(optional)* - Location for which certificate from CMPv2 server should be issued
- STATE *(required)* - State for which certificate from CMPv2 server should be issued
- COUNTRY *(required)* - Country for which certificate from CMPv2 server should be issued
- - SANS *(optional)(SANS's should be separated by a colon e.g. test.onap.org:onap.com)* - Subject Alternative Names (SANs) for which certificate from CMPv2 server should be issued.
+ - SANS *(optional)(SANS's should be separated by a comma e.g. test.onap.org,onap.com)* - Subject Alternative Names (SANs) for which certificate from CMPv2 server should be issued. All SANs types are supported (DNS names, IPs, URIs, emails).
3. Parameters to establish secure communication to CertService:
@@ -71,7 +71,7 @@ To run CertService client as standalone docker container execute following steps
LOCATION=San-Francisco
STATE=California
COUNTRY=US
- SANS=test.onap.org:onap.com
+ SANS=test.onap.org,onap.com,onap@onap.org,127.0.0.1,onap://cluster.local/
#TLS config envs
KEYSTORE_PATH=/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks
@@ -99,24 +99,24 @@ After successful creation of certifications, container exits with exit code 0, e
.. code-block:: bash
- INFO 1 [ main] o.o.a.c.c.c.f.ClientConfigurationFactory : Successful validation of Client configuration. Configuration data: REQUEST_URL: https://oom-cert-service:8443/v1/certificate/, REQUEST_TIMEOUT: 10000, OUTPUT_PATH: /var/certs, CA_NAME: RA, OUTPUT_TYPE: P12
- INFO 1 [ main] o.o.a.c.c.c.f.CsrConfigurationFactory : Successful validation of CSR configuration. Configuration data: COMMON_NAME: onap.org, COUNTRY: US, STATE: California, ORGANIZATION: Linux-Foundation, ORGANIZATION_UNIT: ONAP, LOCATION: San-Francisco, SANS: test.onap.org:onap.org
- INFO 1 [ main] o.o.a.c.c.c.KeyPairFactory : KeyPair generation started with algorithm: RSA and key size: 2048
- INFO 1 [ main] o.o.a.c.c.c.CsrFactory : Creation of CSR has been started with following parameters: COMMON_NAME: onap.org, COUNTRY: US, STATE: California, ORGANIZATION: Linux-Foundation, ORGANIZATION_UNIT: ONAP, LOCATION: San-Francisco, SANS: test.onap.org:onap.org
- INFO 1 [ main] o.o.a.c.c.c.CsrFactory : Creation of CSR has been completed successfully
- INFO 1 [ main] o.o.a.c.c.c.CsrFactory : Conversion of CSR to PEM has been started
- INFO 1 [ main] o.o.a.c.c.c.PrivateKeyToPemEncoder : Attempt to encode private key to PEM
- INFO 1 [ main] o.o.a.c.c.h.HttpClient : Attempt to send request to API, on url: https://oom-cert-service:8443/v1/certificate/RA
- INFO 1 [ main] o.o.a.c.c.h.HttpClient : Received response from API
- DEBUG 1 [ main] o.o.a.c.c.c.c.ConvertedArtifactsCreator : Attempt to create keystore files and saving data. File names: keystore.p12, keystore.pass
- INFO 1 [ main] o.o.a.c.c.c.c.PemConverter : Conversion of PEM certificates to PKCS12 keystore
- DEBUG 1 [ main] o.o.a.c.c.c.w.CertFileWriter : Attempt to save file keystore.p12 in path /var/certs
- DEBUG 1 [ main] o.o.a.c.c.c.w.CertFileWriter : Attempt to save file keystore.pass in path /var/certs
- DEBUG 1 [ main] o.o.a.c.c.c.c.ConvertedArtifactsCreator : Attempt to create truststore files and saving data. File names: truststore.p12, truststore.pass
- INFO 1 [ main] o.o.a.c.c.c.c.PemConverter : Conversion of PEM certificates to PKCS12 truststore
- DEBUG 1 [ main] o.o.a.c.c.c.w.CertFileWriter : Attempt to save file truststore.p12 in path /var/certs
- DEBUG 1 [ main] o.o.a.c.c.c.w.CertFileWriter : Attempt to save file truststore.pass in path /var/certs
- INFO 1 [ main] o.o.a.c.c.AppExitHandler : Application exits with following exit code: 0 and message: Success
+ INFO 1 [ main] o.o.o.c.c.c.f.ClientConfigurationFactory : Successful validation of Client configuration. Configuration data: REQUEST_URL: https://oom-cert-service:8443/v1/certificate/, REQUEST_TIMEOUT: 10000, OUTPUT_PATH: /var/certs, CA_NAME: RA, OUTPUT_TYPE: P12
+ INFO 1 [ main] o.o.o.c.c.c.f.CsrConfigurationFactory : Successful validation of CSR configuration. Configuration data: COMMON_NAME: onap.org, COUNTRY: US, STATE: California, ORGANIZATION: Linux-Foundation, ORGANIZATION_UNIT: ONAP, LOCATION: San-Francisco, SANS: [{SAN value: example.org, type: dNSName}, {SAN value: test.onap.org, type: dNSName}, {SAN value: onap@onap.org, type: rfc822Name}, {SAN value: 127.0.0.1, type: iPAddress}, {SAN value: onap://cluster.local/, type: uniformResourceIdentifier}]
+ INFO 1 [ main] o.o.o.c.c.c.KeyPairFactory : KeyPair generation started with algorithm: RSA and key size: 2048
+ INFO 1 [ main] o.o.o.c.c.c.CsrFactory : Creation of CSR has been started with following parameters: COMMON_NAME: onap.org, COUNTRY: US, STATE: California, ORGANIZATION: Linux-Foundation, ORGANIZATION_UNIT: ONAP, LOCATION: San-Francisco, SANS: [{SAN value: example.org, type: dNSName}, {SAN value: test.onap.org, type: dNSName}, {SAN value: onap@onap.org, type: rfc822Name}, {SAN value: 127.0.0.1, type: iPAddress}, {SAN value: onap://cluster.local/, type: uniformResourceIdentifier}]
+ INFO 1 [ main] o.o.o.c.c.c.CsrFactory : Creation of CSR has been completed successfully
+ INFO 1 [ main] o.o.o.c.c.c.CsrFactory : Conversion of CSR to PEM has been started
+ INFO 1 [ main] o.o.o.c.c.c.PrivateKeyToPemEncoder : Attempt to encode private key to PEM
+ INFO 1 [ main] o.o.o.c.c.h.HttpClient : Attempt to send request to API, on url: https://oom-cert-service:8443/v1/certificate/RA
+ INFO 1 [ main] o.o.o.c.c.h.HttpClient : Received response from API
+ DEBUG 1 [ main] o.o.o.c.c.c.c.ConvertedArtifactsCreator : Attempt to create keystore files and saving data. File names: keystore.p12, keystore.pass
+ INFO 1 [ main] o.o.o.c.c.c.c.PemConverter : Conversion of PEM certificates to PKCS12 keystore
+ DEBUG 1 [ main] o.o.o.c.c.c.w.CertFileWriter : Attempt to save file keystore.p12 in path /var/certs
+ DEBUG 1 [ main] o.o.o.c.c.c.w.CertFileWriter : Attempt to save file keystore.pass in path /var/certs
+ DEBUG 1 [ main] o.o.o.c.c.c.c.ConvertedArtifactsCreator : Attempt to create truststore files and saving data. File names: truststore.p12, truststore.pass
+ INFO 1 [ main] o.o.o.c.c.c.c.PemConverter : Conversion of PEM certificates to PKCS12 truststore
+ DEBUG 1 [ main] o.o.o.c.c.c.w.CertFileWriter : Attempt to save file truststore.p12 in path /var/certs
+ DEBUG 1 [ main] o.o.o.c.c.c.w.CertFileWriter : Attempt to save file truststore.pass in path /var/certs
+ INFO 1 [ main] o.o.o.c.c.AppExitHandler : Application exits with following exit code: 0 and message: Success
@@ -186,7 +186,7 @@ You can use the following deployment example as a reference:
- name: COUNTRY
value: US
- name: SANS
- value: test.onap.org:onap.com
+ value: test.onap.org,onap.com,onap@onap.org,127.0.0.1,onap://cluster.local/
- name: KEYSTORE_PATH
value: /etc/onap/oom/certservice/certs/certServiceClient-keystore.jks
- name: KEYSTORE_PASSWORD
diff --git a/pom.xml b/pom.xml
index 179b7712..a1738a1c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -23,7 +23,7 @@
</parent>
<groupId>org.onap.oom.platform.cert-service</groupId>
<artifactId>oom-certservice</artifactId>
- <version>2.2.0-SNAPSHOT</version>
+ <version>2.3.0-SNAPSHOT</version>
<name>oom-certservice</name>
<description>OOM Certification Service</description>
<packaging>pom</packaging>
@@ -54,6 +54,7 @@
<gson.version>2.8.6</gson.version>
<httpcomponents.version>4.5.6</httpcomponents.version>
<commons-lang3.version>3.9</commons-lang3.version>
+ <commons-validator.version>1.7</commons-validator.version>
<commons-io.version>2.6</commons-io.version>
<junit.version>5.5.2</junit.version>
<mockito-junit-jupiter.version>2.17.0</mockito-junit-jupiter.version>
@@ -242,6 +243,11 @@
<version>${commons-io.version}</version>
</dependency>
<dependency>
+ <groupId>commons-validator</groupId>
+ <artifactId>commons-validator</artifactId>
+ <version>${commons-validator.version}</version>
+ </dependency>
+ <dependency>
<!-- Import dependency management from Spring Boot -->
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-dependencies</artifactId>
diff --git a/releases/2.2.0-container.yaml b/releases/2.2.0-container.yaml
new file mode 100644
index 00000000..07164cd6
--- /dev/null
+++ b/releases/2.2.0-container.yaml
@@ -0,0 +1,16 @@
+distribution_type: 'container'
+container_release_tag: '2.2.0'
+container_pull_registry: nexus3.onap.org:10003
+container_push_registry: nexus3.onap.org:10002
+project: 'oom-platform-cert-service'
+log_dir: 'oom-platform-cert-service-maven-docker-stage-master/118'
+ref: c3c260ac52d12a8a2bcec9c3e2451c48d388ecec
+containers:
+ - name: 'org.onap.oom.platform.cert-service.oom-certservice-api'
+ version: '2.2.0-20201112T134226Z'
+ - name: 'org.onap.oom.platform.cert-service.oom-certservice-client'
+ version: '2.2.0-20201112T134226Z'
+ - name: 'org.onap.oom.platform.cert-service.oom-certservice-post-processor'
+ version: '2.2.0-20201112T134226Z'
+ - name: 'org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider'
+ version: '2.2.0-20201112T134226Z'
diff --git a/version.properties b/version.properties
index 3ad2137c..8d40756c 100644
--- a/version.properties
+++ b/version.properties
@@ -1,5 +1,5 @@
major=2
-minor=2
+minor=3
patch=0
base_version=${major}.${minor}.${patch}
release_version=${base_version}