diff options
Diffstat (limited to 'certService/src/main/java/org/onap/oom/certservice/certification')
5 files changed, 84 insertions, 70 deletions
diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/CertificationProvider.java b/certService/src/main/java/org/onap/oom/certservice/certification/CertificationProvider.java index 94e778e3..f7fe2c64 100644 --- a/certService/src/main/java/org/onap/oom/certservice/certification/CertificationProvider.java +++ b/certService/src/main/java/org/onap/oom/certservice/certification/CertificationProvider.java @@ -70,7 +70,7 @@ public class CertificationProvider { return getCertificationResponseModel(certificates); } - private static List<String> convertFromX509CertificateListToPemList(List<X509Certificate> certificates) { + private List<String> convertFromX509CertificateListToPemList(List<X509Certificate> certificates) { return certificates.stream().map(CertificationProvider::convertFromX509CertificateToPem).filter(cert -> !cert.isEmpty()) .collect(Collectors.toList()); } diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/conversion/CsrModelFactory.java b/certService/src/main/java/org/onap/oom/certservice/certification/conversion/CsrModelFactory.java index e4ee4c10..6f80f793 100644 --- a/certService/src/main/java/org/onap/oom/certservice/certification/conversion/CsrModelFactory.java +++ b/certService/src/main/java/org/onap/oom/certservice/certification/conversion/CsrModelFactory.java @@ -21,13 +21,13 @@ package org.onap.oom.certservice.certification.conversion; import org.bouncycastle.pkcs.PKCS10CertificationRequest; -import org.bouncycastle.util.io.pem.PemObject; import org.onap.oom.certservice.certification.exception.CsrDecryptionException; import org.onap.oom.certservice.certification.exception.DecryptionException; -import org.onap.oom.certservice.certification.exception.KeyDecryptionException; import org.onap.oom.certservice.certification.model.CsrModel; import org.springframework.stereotype.Service; +import java.security.PrivateKey; + @Service public class CsrModelFactory { @@ -36,23 +36,14 @@ public class CsrModelFactory { = new PemObjectFactory(); private final Pkcs10CertificationRequestFactory certificationRequestFactory = new Pkcs10CertificationRequestFactory(); - + private final StringBase64ToPrivateKeyConverter stringBase64ToPrivateKeyConverter + = new StringBase64ToPrivateKeyConverter(); public CsrModel createCsrModel(StringBase64 csr, StringBase64 privateKey) throws DecryptionException { PKCS10CertificationRequest decodedCsr = decodeCsr(csr); - PemObject decodedPrivateKey = decodePrivateKey(privateKey); - return new CsrModel.CsrModelBuilder(decodedCsr, decodedPrivateKey).build(); - } - - private PemObject decodePrivateKey(StringBase64 privateKey) - throws KeyDecryptionException { - - return privateKey.asString() - .flatMap(pemObjectFactory::createPemObject) - .orElseThrow( - () -> new KeyDecryptionException("Incorrect Key, decryption failed") - ); + PrivateKey javaPrivateKey = stringBase64ToPrivateKeyConverter.convert(privateKey); + return new CsrModel.CsrModelBuilder(decodedCsr, javaPrivateKey).build(); } private PKCS10CertificationRequest decodeCsr(StringBase64 csr) diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/conversion/OldCertificateModelFactory.java b/certService/src/main/java/org/onap/oom/certservice/certification/conversion/OldCertificateModelFactory.java index d88b6bb0..fba5259c 100644 --- a/certService/src/main/java/org/onap/oom/certservice/certification/conversion/OldCertificateModelFactory.java +++ b/certService/src/main/java/org/onap/oom/certservice/certification/conversion/OldCertificateModelFactory.java @@ -20,19 +20,10 @@ package org.onap.oom.certservice.certification.conversion; -import java.security.KeyFactory; -import java.security.NoSuchAlgorithmException; -import java.security.PrivateKey; -import java.security.cert.CertificateEncodingException; -import java.security.cert.CertificateParsingException; -import java.security.cert.X509Certificate; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.PKCS8EncodedKeySpec; import org.bouncycastle.asn1.x500.X500Name; import org.bouncycastle.asn1.x509.Certificate; import org.bouncycastle.asn1.x509.GeneralName; import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder; -import org.bouncycastle.util.io.pem.PemObject; import org.onap.oom.certservice.certification.X509CertificateParser; import org.onap.oom.certservice.certification.exception.CertificateDecryptionException; import org.onap.oom.certservice.certification.exception.KeyDecryptionException; @@ -41,13 +32,19 @@ import org.onap.oom.certservice.certification.model.OldCertificateModel; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import java.security.PrivateKey; +import java.security.cert.CertificateEncodingException; +import java.security.cert.CertificateParsingException; +import java.security.cert.X509Certificate; + @Service public class OldCertificateModelFactory { private static final String BEGIN_CERTIFICATE = "-----BEGIN CERTIFICATE-----\n"; private static final String END_CERTIFICATE = "-----END CERTIFICATE-----\n"; - private static final PemObjectFactory PEM_OBJECT_FACTORY = new PemObjectFactory(); + private final StringBase64ToPrivateKeyConverter stringBase64ToPrivateKeyConverter + = new StringBase64ToPrivateKeyConverter(); private final PemStringToCertificateConverter pemStringToCertificateConverter; private final X509CertificateParser x509CertificateParser; @@ -68,13 +65,13 @@ public class OldCertificateModelFactory { final X500Name subjectData = x509CertificateParser.getSubject(x509Certificate); final GeneralName[] sans = x509CertificateParser.getSans(x509Certificate); final Certificate certificate = new JcaX509CertificateHolder(x509Certificate).toASN1Structure(); - final PrivateKey oldPrivateKey = getOldPrivateKeyObject(encodedOldPrivateKey); + final PrivateKey oldPrivateKey = stringBase64ToPrivateKeyConverter.convert(new StringBase64(encodedOldPrivateKey)); return new OldCertificateModel(certificate, subjectData, sans, oldPrivateKey); } catch (StringToCertificateConversionException e) { throw new CertificateDecryptionException("Cannot convert certificate", e); } catch (CertificateParsingException e) { throw new CertificateDecryptionException("Cannot read Subject Alternative Names from certificate"); - } catch (NoSuchAlgorithmException | KeyDecryptionException | CertificateEncodingException | InvalidKeySpecException e) { + } catch (KeyDecryptionException | CertificateEncodingException e) { throw new CertificateDecryptionException("Cannot convert certificate or key", e); } } @@ -90,17 +87,4 @@ public class OldCertificateModelFactory { return !(certificateChain.contains(BEGIN_CERTIFICATE) && certificateChain.contains(END_CERTIFICATE)); } - private PrivateKey getOldPrivateKeyObject(String encodedOldPrivateKey) - throws KeyDecryptionException, InvalidKeySpecException, NoSuchAlgorithmException { - - StringBase64 stringBase64 = new StringBase64(encodedOldPrivateKey); - PemObject pemObject = stringBase64.asString() - .flatMap(PEM_OBJECT_FACTORY::createPemObject) - .orElseThrow( - () -> new KeyDecryptionException("Incorrect Key, decryption failed") - ); - PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(pemObject.getContent()); - KeyFactory keyFactory = KeyFactory.getInstance("RSA"); - return keyFactory.generatePrivate(keySpec); - } } diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/conversion/StringBase64ToPrivateKeyConverter.java b/certService/src/main/java/org/onap/oom/certservice/certification/conversion/StringBase64ToPrivateKeyConverter.java new file mode 100644 index 00000000..1ea752b1 --- /dev/null +++ b/certService/src/main/java/org/onap/oom/certservice/certification/conversion/StringBase64ToPrivateKeyConverter.java @@ -0,0 +1,55 @@ +/*- + * ============LICENSE_START======================================================= + * Copyright (C) 2021 Nokia. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.certification.conversion; + +import org.bouncycastle.util.io.pem.PemObject; +import org.onap.oom.certservice.certification.exception.KeyDecryptionException; + +import java.security.KeyFactory; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.PKCS8EncodedKeySpec; + +public class StringBase64ToPrivateKeyConverter { + + private final PemObjectFactory pemObjectFactory = new PemObjectFactory(); + + public PrivateKey convert(StringBase64 privateKey) throws KeyDecryptionException { + PemObject decodedPrivateKey = createDecodedPrivateKey(privateKey); + try { + KeyFactory factory = KeyFactory.getInstance("RSA"); + PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(decodedPrivateKey.getContent()); + return factory.generatePrivate(keySpec); + } catch (NoSuchAlgorithmException | InvalidKeySpecException e) { + throw new KeyDecryptionException("Converting Private Key failed", e.getCause()); + } + } + + private PemObject createDecodedPrivateKey(StringBase64 privateKey) throws KeyDecryptionException { + return privateKey.asString() + .flatMap(pemObjectFactory::createPemObject) + .orElseThrow( + () -> new KeyDecryptionException("Incorrect Key, decryption failed") + ); + } + +} diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/model/CsrModel.java b/certService/src/main/java/org/onap/oom/certservice/certification/model/CsrModel.java index 96755832..cd88ff11 100644 --- a/certService/src/main/java/org/onap/oom/certservice/certification/model/CsrModel.java +++ b/certService/src/main/java/org/onap/oom/certservice/certification/model/CsrModel.java @@ -20,16 +20,6 @@ package org.onap.oom.certservice.certification.model; -import java.io.IOException; -import java.security.KeyFactory; -import java.security.NoSuchAlgorithmException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.PKCS8EncodedKeySpec; -import java.security.spec.X509EncodedKeySpec; -import java.util.Arrays; -import java.util.stream.Collectors; import org.bouncycastle.asn1.x500.X500Name; import org.bouncycastle.asn1.x509.Extension; import org.bouncycastle.asn1.x509.Extensions; @@ -41,6 +31,16 @@ import org.onap.oom.certservice.certification.exception.CsrDecryptionException; import org.onap.oom.certservice.certification.exception.DecryptionException; import org.onap.oom.certservice.certification.exception.KeyDecryptionException; +import java.io.IOException; +import java.security.KeyFactory; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.X509EncodedKeySpec; +import java.util.Arrays; +import java.util.stream.Collectors; + public class CsrModel { @@ -95,19 +95,18 @@ public class CsrModel { public static class CsrModelBuilder { private final PKCS10CertificationRequest csr; - private final PemObject privateKey; + private final PrivateKey privateKey; public CsrModel build() throws DecryptionException { X500Name subjectData = getSubjectData(); - PrivateKey javaPrivateKey = convertingPemPrivateKeyToJavaSecurityPrivateKey(getPrivateKey()); PublicKey javaPublicKey = convertingPemPublicKeyToJavaSecurityPublicKey(getPublicKey()); GeneralName[] sans = getSansData(); - return new CsrModel(csr, subjectData, javaPrivateKey, javaPublicKey, sans); + return new CsrModel(csr, subjectData, privateKey, javaPublicKey, sans); } - public CsrModelBuilder(PKCS10CertificationRequest csr, PemObject privateKey) { + public CsrModelBuilder(PKCS10CertificationRequest csr, PrivateKey privateKey) { this.csr = csr; this.privateKey = privateKey; } @@ -120,10 +119,6 @@ public class CsrModel { } } - private PemObject getPrivateKey() { - return privateKey; - } - private X500Name getSubjectData() { return csr.getSubject(); } @@ -144,17 +139,6 @@ public class CsrModel { return csr.getAttributes().length == 0; } - private PrivateKey convertingPemPrivateKeyToJavaSecurityPrivateKey(PemObject privateKey) - throws KeyDecryptionException { - try { - KeyFactory factory = KeyFactory.getInstance("RSA"); - PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(privateKey.getContent()); - return factory.generatePrivate(keySpec); - } catch (NoSuchAlgorithmException | InvalidKeySpecException e) { - throw new KeyDecryptionException("Converting Private Key failed", e.getCause()); - } - } - private PublicKey convertingPemPublicKeyToJavaSecurityPublicKey(PemObject publicKey) throws KeyDecryptionException { try { |