diff options
Diffstat (limited to 'certService/src/main/java/org/onap/aaf/certservice')
10 files changed, 237 insertions, 35 deletions
diff --git a/certService/src/main/java/org/onap/aaf/certservice/api/CertificationService.java b/certService/src/main/java/org/onap/aaf/certservice/api/CertificationService.java index d2de1aa0..945fc6d1 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/api/CertificationService.java +++ b/certService/src/main/java/org/onap/aaf/certservice/api/CertificationService.java @@ -76,7 +76,7 @@ public class CertificationService { ); LOGGER.debug("Received CSR meta data: \n{}", csrModel); CertificationModel certificationModel = certificationModelFactory - .createCertificationModel(csrModel,caName); + .createCertificationModel(csrModel, caName); return new ResponseEntity<>(new Gson().toJson(certificationModel), HttpStatus.OK); } diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationExceptionController.java b/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationExceptionController.java index 4c9d3042..130a5167 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationExceptionController.java +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationExceptionController.java @@ -21,6 +21,7 @@ package org.onap.aaf.certservice.certification; import com.google.gson.Gson; +import org.onap.aaf.certservice.certification.exception.Cmpv2ServerNotFoundException; import org.onap.aaf.certservice.certification.exception.CsrDecryptionException; import org.onap.aaf.certservice.certification.exception.ErrorResponseModel; import org.onap.aaf.certservice.certification.exception.KeyDecryptionException; @@ -39,20 +40,27 @@ public class CertificationExceptionController { @ExceptionHandler(value = CsrDecryptionException.class) public ResponseEntity<String> handle(CsrDecryptionException exception) { LOGGER.error("Exception occurred during decoding certificate sign request:", exception); - return getErrorResponseEntity("Wrong certificate signing request (CSR) format"); + return getErrorResponseEntity("Wrong certificate signing request (CSR) format", HttpStatus.BAD_REQUEST); } @ExceptionHandler(value = KeyDecryptionException.class) public ResponseEntity<String> handle(KeyDecryptionException exception) { LOGGER.error("Exception occurred during decoding key:", exception); - return getErrorResponseEntity("Wrong key (PK) format"); + return getErrorResponseEntity("Wrong key (PK) format", HttpStatus.BAD_REQUEST); } - private ResponseEntity<String> getErrorResponseEntity(String errorMessage) { + @ExceptionHandler(value = Cmpv2ServerNotFoundException.class) + public ResponseEntity<String> handle(Cmpv2ServerNotFoundException exception) { + LOGGER.error("Exception occurred selecting CMPv2 server:", exception); + return getErrorResponseEntity("Certification authority not found for given CAName", HttpStatus.NOT_FOUND); + } + + private ResponseEntity<String> getErrorResponseEntity(String errorMessage, HttpStatus status) { ErrorResponseModel errorResponse = new ErrorResponseModel(errorMessage); return new ResponseEntity<>( new Gson().toJson(errorResponse), - HttpStatus.BAD_REQUEST + status ); } + } diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationModelFactory.java b/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationModelFactory.java index 507ce3c1..69b83465 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationModelFactory.java +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationModelFactory.java @@ -20,10 +20,14 @@ package org.onap.aaf.certservice.certification; +import org.onap.aaf.certservice.certification.configuration.Cmpv2ServerProvider; +import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server; +import org.onap.aaf.certservice.certification.exception.Cmpv2ServerNotFoundException; import org.onap.aaf.certservice.certification.model.CertificationModel; import org.onap.aaf.certservice.certification.model.CsrModel; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import java.util.Arrays; @@ -38,14 +42,28 @@ public class CertificationModelFactory { private static final Logger LOGGER = LoggerFactory.getLogger(CertificationModelFactory.class); + private final Cmpv2ServerProvider cmpv2ServerProvider; + + @Autowired + CertificationModelFactory(Cmpv2ServerProvider cmpv2ServerProvider) { + this.cmpv2ServerProvider = cmpv2ServerProvider; + } public CertificationModel createCertificationModel(CsrModel csr, String caName) { LOGGER.info("Generating certification model for CA named: {}, and certificate signing request:\n{}", caName, csr); + + return cmpv2ServerProvider + .getCmpv2Server(caName) + .map(this::generateCertificationModel) + .orElseThrow(() -> new Cmpv2ServerNotFoundException("No server found for given CA name")); + } + + private CertificationModel generateCertificationModel(Cmpv2Server cmpv2Server) { + LOGGER.debug("Found server for given CA name: \n{}", cmpv2Server); return new CertificationModel( Arrays.asList(ENTITY_CERT, INTERMEDIATE_CERT), Arrays.asList(CA_CERT, EXTRA_CA_CERT) ); } - } diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/CsrModelFactory.java b/certService/src/main/java/org/onap/aaf/certservice/certification/CsrModelFactory.java index bca30dee..6f356c1a 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/CsrModelFactory.java +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/CsrModelFactory.java @@ -47,7 +47,7 @@ public class CsrModelFactory { throws DecryptionException { PKCS10CertificationRequest decodedCsr = decodeCsr(csr); PemObject decodedPrivateKey = decodePrivateKey(privateKey); - return new CsrModel(decodedCsr, decodedPrivateKey); + return new CsrModel.CsrModelBuilder(decodedCsr, decodedPrivateKey).build(); } private PemObject decodePrivateKey(StringBase64 privateKey) diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/CmpServersConfig.java b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/CmpServersConfig.java index 93721e88..25e69251 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/CmpServersConfig.java +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/CmpServersConfig.java @@ -37,7 +37,6 @@ import java.util.Collections; import java.util.List; import org.springframework.context.event.EventListener; -@RefreshScope @Configuration public class CmpServersConfig { diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/Cmpv2ServerProvider.java b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/Cmpv2ServerProvider.java new file mode 100644 index 00000000..755bfeb0 --- /dev/null +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/Cmpv2ServerProvider.java @@ -0,0 +1,46 @@ +/* + * ============LICENSE_START======================================================= + * PROJECT + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.certification.configuration; + +import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import java.util.Optional; + +@Component +public class Cmpv2ServerProvider { + + private final CmpServersConfig cmpServersConfig; + + @Autowired + Cmpv2ServerProvider(CmpServersConfig cmpServersConfig) { + this.cmpServersConfig = cmpServersConfig; + } + + public Optional<Cmpv2Server> getCmpv2Server(String caName) { + return cmpServersConfig.getCmpServers() + .stream() + .filter(server -> server.getCaName().equals(caName)) + .findFirst(); + } + +} diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/model/Authentication.java b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/model/Authentication.java index ffd63ecf..af254d61 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/model/Authentication.java +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/model/Authentication.java @@ -45,4 +45,11 @@ public class Authentication { this.rv = rv; } + @Override + public String toString() { + return "Authentication{" + + " iak=*****" + + ", rv=*****" + + '}'; + } } diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/model/Cmpv2Server.java b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/model/Cmpv2Server.java index 21349d93..9f8f9796 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/model/Cmpv2Server.java +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/model/Cmpv2Server.java @@ -20,6 +20,7 @@ package org.onap.aaf.certservice.certification.configuration.model; +import org.bouncycastle.asn1.x500.X500Name; import org.hibernate.validator.constraints.Length; import org.onap.aaf.certservice.certification.configuration.validation.constraints.Cmpv2URL; @@ -32,8 +33,7 @@ public class Cmpv2Server { private CaMode caMode; @Length(min = 1, max = 128) private String caName; - @Length(min = 4, max = 256) - private String issuerDN; + private X500Name issuerDN; @Cmpv2URL private String url; @@ -61,11 +61,11 @@ public class Cmpv2Server { this.caName = caName; } - public String getIssuerDN() { + public X500Name getIssuerDN() { return issuerDN; } - public void setIssuerDN(String issuerDN) { + public void setIssuerDN(X500Name issuerDN) { this.issuerDN = issuerDN; } @@ -77,4 +77,15 @@ public class Cmpv2Server { this.url = url; } + @Override + public String toString() { + return "Cmpv2Server{" + + "authentication=" + authentication + + ", caMode=" + caMode + + ", caName='" + caName + '\'' + + ", issuerDN='" + issuerDN + '\'' + + ", url='" + url + '\'' + + '}'; + } + } diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/exception/Cmpv2ServerNotFoundException.java b/certService/src/main/java/org/onap/aaf/certservice/certification/exception/Cmpv2ServerNotFoundException.java new file mode 100644 index 00000000..95d4cd69 --- /dev/null +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/exception/Cmpv2ServerNotFoundException.java @@ -0,0 +1,29 @@ +/* + * ============LICENSE_START======================================================= + * PROJECT + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.certification.exception; + +import org.webjars.NotFoundException; + +public class Cmpv2ServerNotFoundException extends NotFoundException { + public Cmpv2ServerNotFoundException(String message) { + super(message); + } +} diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/model/CsrModel.java b/certService/src/main/java/org/onap/aaf/certservice/certification/model/CsrModel.java index 2421c5a4..b59f4e3a 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/model/CsrModel.java +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/model/CsrModel.java @@ -21,6 +21,13 @@ package org.onap.aaf.certservice.certification.model; import java.io.IOException; +import java.security.KeyFactory; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.PKCS8EncodedKeySpec; +import java.security.spec.X509EncodedKeySpec; import java.util.Arrays; import java.util.List; import java.util.Objects; @@ -35,50 +42,127 @@ import org.bouncycastle.pkcs.PKCS10CertificationRequest; import org.bouncycastle.util.io.pem.PemObject; import org.onap.aaf.certservice.certification.exception.CsrDecryptionException; +import org.onap.aaf.certservice.certification.exception.DecryptionException; +import org.onap.aaf.certservice.certification.exception.KeyDecryptionException; public class CsrModel { private final PKCS10CertificationRequest csr; - private final PemObject privateKey; + private final X500Name subjectData; + private final PrivateKey privateKey; + private final PublicKey publicKey; + private final List<String> sans; - public CsrModel(PKCS10CertificationRequest csr, PemObject privateKey) { + CsrModel( + PKCS10CertificationRequest csr, X500Name subjectData, + PrivateKey privateKey, PublicKey publicKey, List<String> sans) { this.csr = csr; + this.subjectData = subjectData; this.privateKey = privateKey; + this.publicKey = publicKey; + this.sans = sans; } - public PemObject getPublicKey() throws CsrDecryptionException { - try { - return new PemObject("PUBLIC KEY", csr.getSubjectPublicKeyInfo().getEncoded()); - } catch (IOException e) { - throw new CsrDecryptionException("Reading Public Key from CSR failed", e.getCause()); - } + public PKCS10CertificationRequest getCsr() { + return csr; } - public PemObject getPrivateKey() { - return privateKey; + public X500Name getSubjectData() { + return subjectData; } - public X500Name getSubjectData() { - return csr.getSubject(); + public PrivateKey getPrivateKey() { + return privateKey; } - public List<String> getSansData() { - Extensions extensions = - Extensions.getInstance(csr.getAttributes()[0].getAttrValues().getObjectAt(0)); - GeneralName[] arrayOfAlternativeNames = - GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName).getNames(); + public PublicKey getPublicKey() { + return publicKey; + } - return Arrays.stream(arrayOfAlternativeNames) - .map(GeneralName::getName) - .map(Objects::toString) - .collect(Collectors.toList()); + public List<String> getSans() { + return sans; } @Override public String toString() { - return "Subject: { " + getSubjectData().toString() - + " ,SANs: " + getSansData().toString() + " }"; + return "Subject: { " + subjectData + + " ,SANs: " + sans + " }"; + } + + public static class CsrModelBuilder { + + private final PKCS10CertificationRequest csr; + private final PemObject privateKey; + + public CsrModel build() + throws DecryptionException + { + + X500Name subjectData = getSubjectData(); + PrivateKey javaPrivateKey = convertingPemPrivateKeyToJavaSecurityPrivateKey(getPrivateKey()); + PublicKey javaPublicKey = convertingPemPublicKeyToJavaSecurityPublicKey(getPublicKey()); + List<String> sans = getSansData(); + + return new CsrModel(csr, subjectData, javaPrivateKey, javaPublicKey, sans); + } + + public CsrModelBuilder(PKCS10CertificationRequest csr, PemObject privateKey) { + this.csr = csr; + this.privateKey = privateKey; + } + + private PemObject getPublicKey() throws CsrDecryptionException { + try { + return new PemObject("PUBLIC KEY", csr.getSubjectPublicKeyInfo().getEncoded()); + } catch (IOException e) { + throw new CsrDecryptionException("Reading Public Key from CSR failed", e.getCause()); + } + } + + private PemObject getPrivateKey() { + return privateKey; + } + + private X500Name getSubjectData() { + return csr.getSubject(); + } + + private List<String> getSansData() { + Extensions extensions = + Extensions.getInstance(csr.getAttributes()[0].getAttrValues().getObjectAt(0)); + GeneralName[] arrayOfAlternativeNames = + GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName).getNames(); + + return Arrays.stream(arrayOfAlternativeNames) + .map(GeneralName::getName) + .map(Objects::toString) + .collect(Collectors.toList()); + } + + private PrivateKey convertingPemPrivateKeyToJavaSecurityPrivateKey(PemObject privateKey) + throws KeyDecryptionException + { + try { + KeyFactory factory = KeyFactory.getInstance("RSA"); + PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(privateKey.getContent()); + return factory.generatePrivate(keySpec); + } catch (NoSuchAlgorithmException | InvalidKeySpecException e) { + throw new KeyDecryptionException("Converting Private Key failed", e.getCause()); + } + } + + private PublicKey convertingPemPublicKeyToJavaSecurityPublicKey(PemObject publicKey) + throws KeyDecryptionException + { + try { + KeyFactory factory = KeyFactory.getInstance("RSA"); + X509EncodedKeySpec keySpec = new X509EncodedKeySpec(publicKey.getContent()); + return factory.generatePublic(keySpec); + } catch (InvalidKeySpecException | NoSuchAlgorithmException e) { + throw new KeyDecryptionException("Converting Public Key from CSR failed", e.getCause()); + } + } } } |