summaryrefslogtreecommitdiffstats
path: root/certService/src/main/java
diff options
context:
space:
mode:
Diffstat (limited to 'certService/src/main/java')
-rw-r--r--certService/src/main/java/org/onap/aaf/certservice/api/CertificationController.java18
-rw-r--r--certService/src/main/java/org/onap/aaf/certservice/certification/CertificationExceptionController.java40
-rw-r--r--certService/src/main/java/org/onap/aaf/certservice/certification/CertificationModelFactory.java40
-rw-r--r--certService/src/main/java/org/onap/aaf/certservice/certification/CertificationProvider.java47
-rw-r--r--certService/src/main/java/org/onap/aaf/certservice/certification/CsrModelFactory.java10
-rw-r--r--certService/src/main/java/org/onap/aaf/certservice/certification/adapter/CSRMetaBuilder.java87
-rw-r--r--certService/src/main/java/org/onap/aaf/certservice/certification/adapter/CertificateFactoryProvider.java42
-rw-r--r--certService/src/main/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapter.java120
-rw-r--r--certService/src/main/java/org/onap/aaf/certservice/certification/adapter/RSAContentSignerBuilder.java45
-rw-r--r--certService/src/main/java/org/onap/aaf/certservice/certification/adapter/X509CertificateBuilder.java56
-rw-r--r--certService/src/main/java/org/onap/aaf/certservice/certification/configuration/CmpClientConfig.java49
-rw-r--r--certService/src/main/java/org/onap/aaf/certservice/certification/configuration/Cmpv2ServerProvider.java11
-rw-r--r--certService/src/main/java/org/onap/aaf/certservice/certification/configuration/model/CaMode.java12
-rw-r--r--certService/src/main/java/org/onap/aaf/certservice/certification/exception/Cmpv2ClientAdapterException.java28
-rw-r--r--certService/src/main/java/org/onap/aaf/certservice/certification/model/CsrModel.java44
-rw-r--r--certService/src/main/java/org/onap/aaf/certservice/cmpv2client/external/CSRMeta.java8
-rw-r--r--certService/src/main/java/org/onap/aaf/certservice/cmpv2client/external/RDN.java1
17 files changed, 600 insertions, 58 deletions
diff --git a/certService/src/main/java/org/onap/aaf/certservice/api/CertificationController.java b/certService/src/main/java/org/onap/aaf/certservice/api/CertificationController.java
index e663909c..abb6811b 100644
--- a/certService/src/main/java/org/onap/aaf/certservice/api/CertificationController.java
+++ b/certService/src/main/java/org/onap/aaf/certservice/api/CertificationController.java
@@ -24,9 +24,13 @@ import com.google.gson.Gson;
import org.onap.aaf.certservice.certification.CertificationModelFactory;
import org.onap.aaf.certservice.certification.CsrModelFactory;
import org.onap.aaf.certservice.certification.CsrModelFactory.StringBase64;
+import org.onap.aaf.certservice.certification.configuration.Cmpv2ServerProvider;
+import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server;
+import org.onap.aaf.certservice.certification.exception.Cmpv2ClientAdapterException;
import org.onap.aaf.certservice.certification.exception.DecryptionException;
import org.onap.aaf.certservice.certification.model.CertificationModel;
import org.onap.aaf.certservice.certification.model.CsrModel;
+import org.onap.aaf.certservice.cmpv2client.exceptions.CmpClientException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
@@ -43,12 +47,10 @@ public class CertificationController {
private static final Logger LOGGER = LoggerFactory.getLogger(CertificationController.class);
- private final CsrModelFactory csrModelFactory;
private final CertificationModelFactory certificationModelFactory;
@Autowired
- CertificationController(CsrModelFactory csrModelFactory, CertificationModelFactory certificationModelFactory) {
- this.csrModelFactory = csrModelFactory;
+ CertificationController(CertificationModelFactory certificationModelFactory) {
this.certificationModelFactory = certificationModelFactory;
}
@@ -66,17 +68,11 @@ public class CertificationController {
@PathVariable String caName,
@RequestHeader("CSR") String encodedCsr,
@RequestHeader("PK") String encodedPrivateKey
- ) throws DecryptionException {
-
+ ) throws DecryptionException, CmpClientException, Cmpv2ClientAdapterException {
caName = caName.replaceAll("[\n|\r|\t]", "_");
LOGGER.info("Received certificate signing request for CA named: {}", caName);
- CsrModel csrModel = csrModelFactory.createCsrModel(
- new StringBase64(encodedCsr),
- new StringBase64(encodedPrivateKey)
- );
- LOGGER.debug("Received CSR meta data: \n{}", csrModel);
CertificationModel certificationModel = certificationModelFactory
- .createCertificationModel(csrModel, caName);
+ .createCertificationModel(encodedCsr, encodedPrivateKey, caName);
return new ResponseEntity<>(new Gson().toJson(certificationModel), HttpStatus.OK);
}
diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationExceptionController.java b/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationExceptionController.java
index 130a5167..d649f147 100644
--- a/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationExceptionController.java
+++ b/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationExceptionController.java
@@ -21,10 +21,12 @@
package org.onap.aaf.certservice.certification;
import com.google.gson.Gson;
+import org.onap.aaf.certservice.certification.exception.Cmpv2ClientAdapterException;
import org.onap.aaf.certservice.certification.exception.Cmpv2ServerNotFoundException;
import org.onap.aaf.certservice.certification.exception.CsrDecryptionException;
import org.onap.aaf.certservice.certification.exception.ErrorResponseModel;
import org.onap.aaf.certservice.certification.exception.KeyDecryptionException;
+import org.onap.aaf.certservice.cmpv2client.exceptions.CmpClientException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
@@ -40,19 +42,51 @@ public class CertificationExceptionController {
@ExceptionHandler(value = CsrDecryptionException.class)
public ResponseEntity<String> handle(CsrDecryptionException exception) {
LOGGER.error("Exception occurred during decoding certificate sign request:", exception);
- return getErrorResponseEntity("Wrong certificate signing request (CSR) format", HttpStatus.BAD_REQUEST);
+ return getErrorResponseEntity(
+ "Wrong certificate signing request (CSR) format",
+ HttpStatus.BAD_REQUEST
+ );
}
@ExceptionHandler(value = KeyDecryptionException.class)
public ResponseEntity<String> handle(KeyDecryptionException exception) {
LOGGER.error("Exception occurred during decoding key:", exception);
- return getErrorResponseEntity("Wrong key (PK) format", HttpStatus.BAD_REQUEST);
+ return getErrorResponseEntity(
+ "Wrong key (PK) format",
+ HttpStatus.BAD_REQUEST
+ );
}
@ExceptionHandler(value = Cmpv2ServerNotFoundException.class)
public ResponseEntity<String> handle(Cmpv2ServerNotFoundException exception) {
LOGGER.error("Exception occurred selecting CMPv2 server:", exception);
- return getErrorResponseEntity("Certification authority not found for given CAName", HttpStatus.NOT_FOUND);
+ return getErrorResponseEntity(
+ "Certification authority not found for given CAName",
+ HttpStatus.NOT_FOUND
+ );
+ }
+
+ @ExceptionHandler(value = CmpClientException.class)
+ public ResponseEntity<String> handle(CmpClientException exception) {
+ LOGGER.error("Exception occurred calling cmp client:", exception);
+ return getErrorResponseEntity(
+ "Exception occurred during call to cmp client",
+ HttpStatus.INTERNAL_SERVER_ERROR
+ );
+ }
+
+ @ExceptionHandler(value = RuntimeException.class)
+ public ResponseEntity<String> handle(RuntimeException exception) throws CmpClientException {
+ throw new CmpClientException("Runtime exception occurred calling cmp client business logic", exception);
+ }
+
+ @ExceptionHandler(value = Cmpv2ClientAdapterException.class)
+ public ResponseEntity<String> handle(Cmpv2ClientAdapterException exception) {
+ LOGGER.error("Exception occurred parsing cmp client response:", exception);
+ return getErrorResponseEntity(
+ "Exception occurred parsing cmp client response",
+ HttpStatus.INTERNAL_SERVER_ERROR
+ );
}
private ResponseEntity<String> getErrorResponseEntity(String errorMessage, HttpStatus status) {
diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationModelFactory.java b/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationModelFactory.java
index 69b83465..1d586c17 100644
--- a/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationModelFactory.java
+++ b/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationModelFactory.java
@@ -22,9 +22,12 @@ package org.onap.aaf.certservice.certification;
import org.onap.aaf.certservice.certification.configuration.Cmpv2ServerProvider;
import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server;
+import org.onap.aaf.certservice.certification.exception.Cmpv2ClientAdapterException;
import org.onap.aaf.certservice.certification.exception.Cmpv2ServerNotFoundException;
+import org.onap.aaf.certservice.certification.exception.DecryptionException;
import org.onap.aaf.certservice.certification.model.CertificationModel;
import org.onap.aaf.certservice.certification.model.CsrModel;
+import org.onap.aaf.certservice.cmpv2client.exceptions.CmpClientException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
@@ -42,28 +45,35 @@ public class CertificationModelFactory {
private static final Logger LOGGER = LoggerFactory.getLogger(CertificationModelFactory.class);
+ private final CsrModelFactory csrModelFactory;
private final Cmpv2ServerProvider cmpv2ServerProvider;
+ private final CertificationProvider certificationProvider;
@Autowired
- CertificationModelFactory(Cmpv2ServerProvider cmpv2ServerProvider) {
+ CertificationModelFactory(
+ CsrModelFactory csrModelFactory,
+ Cmpv2ServerProvider cmpv2ServerProvider,
+ CertificationProvider certificationProvider
+ ) {
this.cmpv2ServerProvider = cmpv2ServerProvider;
+ this.csrModelFactory = csrModelFactory;
+ this.certificationProvider = certificationProvider;
}
- public CertificationModel createCertificationModel(CsrModel csr, String caName) {
- LOGGER.info("Generating certification model for CA named: {}, and certificate signing request:\n{}",
- caName, csr);
-
- return cmpv2ServerProvider
- .getCmpv2Server(caName)
- .map(this::generateCertificationModel)
- .orElseThrow(() -> new Cmpv2ServerNotFoundException("No server found for given CA name"));
- }
+ public CertificationModel createCertificationModel(String encodedCsr, String encodedPrivateKey, String caName)
+ throws DecryptionException, CmpClientException, Cmpv2ClientAdapterException {
+ CsrModel csrModel = csrModelFactory.createCsrModel(
+ new CsrModelFactory.StringBase64(encodedCsr),
+ new CsrModelFactory.StringBase64(encodedPrivateKey)
+ );
+ LOGGER.debug("Received CSR meta data: \n{}", csrModel);
- private CertificationModel generateCertificationModel(Cmpv2Server cmpv2Server) {
+ Cmpv2Server cmpv2Server = cmpv2ServerProvider.getCmpv2Server(caName);
LOGGER.debug("Found server for given CA name: \n{}", cmpv2Server);
- return new CertificationModel(
- Arrays.asList(ENTITY_CERT, INTERMEDIATE_CERT),
- Arrays.asList(CA_CERT, EXTRA_CA_CERT)
- );
+
+ LOGGER.info("Sending sign request for certification model for CA named: {}, and certificate signing request:\n{}",
+ caName, csrModel);
+ return certificationProvider.signCsr(csrModel, cmpv2Server);
}
+
}
diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationProvider.java b/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationProvider.java
new file mode 100644
index 00000000..fa2d88ab
--- /dev/null
+++ b/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationProvider.java
@@ -0,0 +1,47 @@
+/*
+ * ============LICENSE_START=======================================================
+ * Cert Service
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.aaf.certservice.certification;
+
+import org.onap.aaf.certservice.certification.adapter.Cmpv2ClientAdapter;
+import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server;
+import org.onap.aaf.certservice.certification.exception.Cmpv2ClientAdapterException;
+import org.onap.aaf.certservice.certification.model.CertificationModel;
+import org.onap.aaf.certservice.certification.model.CsrModel;
+import org.onap.aaf.certservice.cmpv2client.exceptions.CmpClientException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+@Service
+public class CertificationProvider {
+
+ private final Cmpv2ClientAdapter cmpv2ClientAdapter;
+
+ @Autowired
+ public CertificationProvider(Cmpv2ClientAdapter cmpv2ClientAdapter) {
+ this.cmpv2ClientAdapter = cmpv2ClientAdapter;
+ }
+
+ CertificationModel signCsr(CsrModel csrModel, Cmpv2Server server)
+ throws CmpClientException, Cmpv2ClientAdapterException {
+ return cmpv2ClientAdapter.callCmpClient(csrModel, server);
+ }
+
+}
diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/CsrModelFactory.java b/certService/src/main/java/org/onap/aaf/certservice/certification/CsrModelFactory.java
index 6f356c1a..9ce65e6a 100644
--- a/certService/src/main/java/org/onap/aaf/certservice/certification/CsrModelFactory.java
+++ b/certService/src/main/java/org/onap/aaf/certservice/certification/CsrModelFactory.java
@@ -21,6 +21,7 @@
package org.onap.aaf.certservice.certification;
import java.util.Base64;
+import java.util.Objects;
import java.util.Optional;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
@@ -89,6 +90,15 @@ public class CsrModelFactory {
return Optional.empty();
}
}
+
+ @Override
+ public boolean equals(Object o) {
+ if (this == o) return true;
+ if (o == null || getClass() != o.getClass()) return false;
+ StringBase64 that = (StringBase64) o;
+ return Objects.equals(value, that.value);
+ }
+
}
}
diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/CSRMetaBuilder.java b/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/CSRMetaBuilder.java
new file mode 100644
index 00000000..184d724a
--- /dev/null
+++ b/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/CSRMetaBuilder.java
@@ -0,0 +1,87 @@
+/*
+ * ============LICENSE_START=======================================================
+ * Cert Service
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.aaf.certservice.certification.adapter;
+
+import java.security.KeyPair;
+import java.util.Arrays;
+import java.util.Objects;
+import java.util.Optional;
+import java.util.stream.Collectors;
+import org.bouncycastle.asn1.x500.style.BCStyle;
+import org.bouncycastle.asn1.x500.style.IETFUtils;
+import org.bouncycastle.cert.CertException;
+import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server;
+import org.onap.aaf.certservice.certification.model.CsrModel;
+import org.onap.aaf.certservice.cmpv2client.external.CSRMeta;
+import org.onap.aaf.certservice.cmpv2client.external.RDN;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Component;
+
+@Component
+class CSRMetaBuilder {
+
+ private static final Logger LOGGER = LoggerFactory.getLogger(CSRMetaBuilder.class);
+
+ /**
+ * Creates CSRMeta from CsrModel and Cmpv2Server
+ *
+ * @param csrModel Certificate Signing Request from Service external API
+ * @param server Cmp Server configuration from cmpServers.json
+ * @return AAF native model for CSR metadata
+ */
+ CSRMeta build(CsrModel csrModel, Cmpv2Server server) {
+ CSRMeta csrMeta = createCsrMeta(csrModel);
+ addSans(csrModel, csrMeta);
+ csrMeta.keyPair(new KeyPair(csrModel.getPublicKey(), csrModel.getPrivateKey()));
+ csrMeta.password(server.getAuthentication().getIak());
+ csrMeta.setIssuerName(server.getIssuerDN());
+ csrMeta.caUrl(server.getUrl());
+ csrMeta.setName(csrModel.getSubjectData());
+ csrMeta.senderKid(server.getAuthentication().getRv());
+ return csrMeta;
+ }
+
+ private CSRMeta createCsrMeta(CsrModel csrModel) {
+ return new CSRMeta((Arrays.stream(csrModel.getSubjectData().getRDNs()).map(this::convertFromBcRDN)
+ .filter(Optional::isPresent).map(Optional::get).collect(Collectors.toList())));
+ }
+
+ private void addSans(CsrModel csrModel, CSRMeta csrMeta) {
+ csrModel.getSans().forEach(csrMeta::san);
+ }
+
+ private String convertRDNToString(org.bouncycastle.asn1.x500.RDN rdn) {
+ return BCStyle.INSTANCE.oidToDisplayName(rdn.getFirst().getType()) + "=" + IETFUtils.valueToString(
+ rdn.getFirst().getValue());
+ }
+
+ private Optional<RDN> convertFromBcRDN(org.bouncycastle.asn1.x500.RDN rdn) {
+ RDN result = null;
+ try {
+ result = new RDN(convertRDNToString(rdn));
+ } catch (CertException e) {
+ LOGGER.error("Exception occurred during convert of RDN", e);
+ }
+ return Optional.ofNullable(result);
+ }
+
+}
diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/CertificateFactoryProvider.java b/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/CertificateFactoryProvider.java
new file mode 100644
index 00000000..79f59363
--- /dev/null
+++ b/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/CertificateFactoryProvider.java
@@ -0,0 +1,42 @@
+/*
+ * ============LICENSE_START=======================================================
+ * Cert Service
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.aaf.certservice.certification.adapter;
+
+import java.io.InputStream;
+import java.security.NoSuchProviderException;
+import java.security.Security;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.springframework.stereotype.Component;
+
+@Component
+public class CertificateFactoryProvider {
+
+ static {
+ Security.addProvider(new BouncyCastleProvider());
+ }
+
+ X509Certificate generateCertificate(InputStream inStream) throws CertificateException, NoSuchProviderException {
+ return (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(inStream);
+ }
+}
diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapter.java b/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapter.java
new file mode 100644
index 00000000..be39f1f3
--- /dev/null
+++ b/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapter.java
@@ -0,0 +1,120 @@
+/*
+ * ============LICENSE_START=======================================================
+ * Cert Service
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.aaf.certservice.certification.adapter;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.StringWriter;
+import java.security.NoSuchProviderException;
+import java.security.PrivateKey;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.List;
+import java.util.stream.Collectors;
+import org.bouncycastle.cert.X509CertificateHolder;
+import org.bouncycastle.cert.X509v3CertificateBuilder;
+import org.bouncycastle.openssl.jcajce.JcaMiscPEMGenerator;
+import org.bouncycastle.operator.ContentSigner;
+import org.bouncycastle.operator.OperatorCreationException;
+import org.bouncycastle.pkcs.PKCS10CertificationRequest;
+import org.bouncycastle.util.io.pem.PemObjectGenerator;
+import org.bouncycastle.util.io.pem.PemWriter;
+import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server;
+import org.onap.aaf.certservice.certification.exception.Cmpv2ClientAdapterException;
+import org.onap.aaf.certservice.certification.model.CertificationModel;
+import org.onap.aaf.certservice.certification.model.CsrModel;
+import org.onap.aaf.certservice.cmpv2client.api.CmpClient;
+import org.onap.aaf.certservice.cmpv2client.exceptions.CmpClientException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+@Component
+public class Cmpv2ClientAdapter {
+
+ private static final Logger LOGGER = LoggerFactory.getLogger(Cmpv2ClientAdapter.class);
+
+ private final CmpClient cmpClient;
+ private final CSRMetaBuilder csrMetaBuilder;
+ private final RSAContentSignerBuilder rsaContentSignerBuilder;
+ private final X509CertificateBuilder x509CertificateBuilder;
+ private final CertificateFactoryProvider certificateFactoryProvider;
+
+ @Autowired
+ public Cmpv2ClientAdapter(CmpClient cmpClient, CSRMetaBuilder csrMetaBuilder,
+ RSAContentSignerBuilder rsaContentSignerBuilder, X509CertificateBuilder x509CertificateBuilder,
+ CertificateFactoryProvider certificateFactoryProvider) {
+ this.cmpClient = cmpClient;
+ this.csrMetaBuilder = csrMetaBuilder;
+ this.rsaContentSignerBuilder = rsaContentSignerBuilder;
+ this.x509CertificateBuilder = x509CertificateBuilder;
+ this.certificateFactoryProvider = certificateFactoryProvider;
+ }
+
+ /**
+ * Uses CmpClient to call to Cmp Server and gather certificates data
+ *
+ * @param csrModel Certificate Signing Request from Service external API
+ * @param server Cmp Server configuration from cmpServers.json
+ * @return container for returned certificates
+ * @throws CmpClientException Exceptions which comes from Cmp Client
+ * @throws Cmpv2ClientAdapterException Exceptions which comes from Adapter itself
+ */
+ public CertificationModel callCmpClient(CsrModel csrModel, Cmpv2Server server)
+ throws CmpClientException, Cmpv2ClientAdapterException {
+ List<List<X509Certificate>> certificates = cmpClient.createCertificate(server.getCaName(),
+ server.getCaMode().getProfile(), csrMetaBuilder.build(csrModel, server),
+ convertCSRToX509Certificate(csrModel.getCsr(), csrModel.getPrivateKey()));
+ return new CertificationModel(convertFromX509CertificateListToPEMList(certificates.get(0)),
+ convertFromX509CertificateListToPEMList(certificates.get(1)));
+ }
+
+ private String convertFromX509CertificateToPEM(X509Certificate certificate) {
+ StringWriter sw = new StringWriter();
+ try (PemWriter pw = new PemWriter(sw)) {
+ PemObjectGenerator gen = new JcaMiscPEMGenerator(certificate);
+ pw.writeObject(gen);
+ } catch (IOException e) {
+ LOGGER.error("Exception occurred during convert of X509 certificate", e);
+ }
+ return sw.toString();
+ }
+
+ private X509Certificate convertCSRToX509Certificate(PKCS10CertificationRequest csr, PrivateKey privateKey)
+ throws Cmpv2ClientAdapterException {
+ try {
+ X509v3CertificateBuilder certificateGenerator = x509CertificateBuilder.build(csr);
+ ContentSigner signer = rsaContentSignerBuilder.build(csr, privateKey);
+ X509CertificateHolder holder = certificateGenerator.build(signer);
+ return certificateFactoryProvider
+ .generateCertificate(new ByteArrayInputStream(holder.toASN1Structure().getEncoded()));
+ } catch (IOException | CertificateException | OperatorCreationException | NoSuchProviderException e) {
+ throw new Cmpv2ClientAdapterException(e);
+ }
+ }
+
+ private List<String> convertFromX509CertificateListToPEMList(List<X509Certificate> certificates) {
+ return certificates.stream().map(this::convertFromX509CertificateToPEM).filter(cert -> !cert.isEmpty())
+ .collect(Collectors.toList());
+ }
+
+}
diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/RSAContentSignerBuilder.java b/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/RSAContentSignerBuilder.java
new file mode 100644
index 00000000..266c22e2
--- /dev/null
+++ b/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/RSAContentSignerBuilder.java
@@ -0,0 +1,45 @@
+/*
+ * ============LICENSE_START=======================================================
+ * Cert Service
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.aaf.certservice.certification.adapter;
+
+import java.io.IOException;
+import java.security.PrivateKey;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.crypto.util.PrivateKeyFactory;
+import org.bouncycastle.operator.ContentSigner;
+import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
+import org.bouncycastle.operator.OperatorCreationException;
+import org.bouncycastle.operator.bc.BcRSAContentSignerBuilder;
+import org.bouncycastle.pkcs.PKCS10CertificationRequest;
+import org.springframework.stereotype.Component;
+
+@Component
+public class RSAContentSignerBuilder {
+
+ ContentSigner build(PKCS10CertificationRequest csr, PrivateKey privateKey)
+ throws IOException, OperatorCreationException {
+ AlgorithmIdentifier sigAlgId = csr.getSignatureAlgorithm();
+ AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
+
+ return new BcRSAContentSignerBuilder(sigAlgId, digAlgId)
+ .build(PrivateKeyFactory.createKey(privateKey.getEncoded()));
+ }
+
+}
diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/X509CertificateBuilder.java b/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/X509CertificateBuilder.java
new file mode 100644
index 00000000..f96cec8e
--- /dev/null
+++ b/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/X509CertificateBuilder.java
@@ -0,0 +1,56 @@
+/*
+ * ============LICENSE_START=======================================================
+ * Cert Service
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.aaf.certservice.certification.adapter;
+
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.SecureRandom;
+import java.time.LocalDateTime;
+import java.time.ZoneOffset;
+import java.util.Date;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.bouncycastle.cert.X509v3CertificateBuilder;
+import org.bouncycastle.pkcs.PKCS10CertificationRequest;
+import org.springframework.stereotype.Component;
+
+@Component
+public class X509CertificateBuilder {
+
+ private static final int SECURE_NEXT_BYTES = 16;
+ private static final int VALID_PERIOD_IN_DAYS = 365;
+
+ X509v3CertificateBuilder build(PKCS10CertificationRequest csr) throws IOException {
+ return new X509v3CertificateBuilder(csr.getSubject(), createSerial(),
+ Date.from(LocalDateTime.now().toInstant(ZoneOffset.UTC)),
+ Date.from(LocalDateTime.now().plusDays(VALID_PERIOD_IN_DAYS).toInstant(ZoneOffset.UTC)),
+ new PKCS10CertificationRequest(csr.getEncoded()).getSubject(),
+ SubjectPublicKeyInfo.getInstance(ASN1Sequence.getInstance(csr.getSubjectPublicKeyInfo().getEncoded())));
+
+ }
+
+ private BigInteger createSerial() {
+ byte[] serial = new byte[SECURE_NEXT_BYTES];
+ new SecureRandom().nextBytes(serial);
+ return new BigInteger(serial).abs();
+ }
+
+}
diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/CmpClientConfig.java b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/CmpClientConfig.java
new file mode 100644
index 00000000..21b873e6
--- /dev/null
+++ b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/CmpClientConfig.java
@@ -0,0 +1,49 @@
+/*
+ * ============LICENSE_START=======================================================
+ * Cert Service
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.aaf.certservice.certification.configuration;
+
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClientBuilder;
+import org.onap.aaf.certservice.cmpv2client.api.CmpClient;
+import org.onap.aaf.certservice.cmpv2client.impl.CmpClientImpl;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.context.annotation.RequestScope;
+
+@Configuration
+public class CmpClientConfig {
+
+ @Bean
+ CmpClient cmpClient(CloseableHttpClient closeableHttpClient){
+ return new CmpClientImpl(closeableHttpClient);
+ }
+
+ @Bean
+ @RequestScope
+ CloseableHttpClient closeableHttpClient(HttpClientBuilder httpClientBuilder){
+ return httpClientBuilder.build();
+ }
+
+ @Bean
+ HttpClientBuilder httpClientBuilder(){
+ return HttpClientBuilder.create();
+ }
+
+}
diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/Cmpv2ServerProvider.java b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/Cmpv2ServerProvider.java
index 755bfeb0..190bb28a 100644
--- a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/Cmpv2ServerProvider.java
+++ b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/Cmpv2ServerProvider.java
@@ -21,11 +21,10 @@
package org.onap.aaf.certservice.certification.configuration;
import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server;
+import org.onap.aaf.certservice.certification.exception.Cmpv2ServerNotFoundException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
-import java.util.Optional;
-
@Component
public class Cmpv2ServerProvider {
@@ -36,11 +35,9 @@ public class Cmpv2ServerProvider {
this.cmpServersConfig = cmpServersConfig;
}
- public Optional<Cmpv2Server> getCmpv2Server(String caName) {
- return cmpServersConfig.getCmpServers()
- .stream()
- .filter(server -> server.getCaName().equals(caName))
- .findFirst();
+ public Cmpv2Server getCmpv2Server(String caName) {
+ return cmpServersConfig.getCmpServers().stream().filter(server -> server.getCaName().equals(caName)).findFirst()
+ .orElseThrow(() -> new Cmpv2ServerNotFoundException("No server found for given CA name"));
}
}
diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/model/CaMode.java b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/model/CaMode.java
index f226bc58..2186b6ff 100644
--- a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/model/CaMode.java
+++ b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/model/CaMode.java
@@ -21,5 +21,15 @@
package org.onap.aaf.certservice.certification.configuration.model;
public enum CaMode {
- RA, CLIENT
+ RA("RA"), CLIENT("Client");
+
+ private String profile;
+
+ CaMode(String profile) {
+ this.profile = profile;
+ }
+
+ public String getProfile(){
+ return profile;
+ }
}
diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/exception/Cmpv2ClientAdapterException.java b/certService/src/main/java/org/onap/aaf/certservice/certification/exception/Cmpv2ClientAdapterException.java
new file mode 100644
index 00000000..1b26da7b
--- /dev/null
+++ b/certService/src/main/java/org/onap/aaf/certservice/certification/exception/Cmpv2ClientAdapterException.java
@@ -0,0 +1,28 @@
+/*
+ * ============LICENSE_START=======================================================
+ * Cert Service
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.aaf.certservice.certification.exception;
+
+public class Cmpv2ClientAdapterException extends Exception {
+
+ public Cmpv2ClientAdapterException(Throwable cause) {
+ super(cause);
+ }
+}
diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/model/CsrModel.java b/certService/src/main/java/org/onap/aaf/certservice/certification/model/CsrModel.java
index b59f4e3a..a29658f4 100644
--- a/certService/src/main/java/org/onap/aaf/certservice/certification/model/CsrModel.java
+++ b/certService/src/main/java/org/onap/aaf/certservice/certification/model/CsrModel.java
@@ -29,6 +29,7 @@ import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
+import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;
@@ -54,9 +55,8 @@ public class CsrModel {
private final PublicKey publicKey;
private final List<String> sans;
- CsrModel(
- PKCS10CertificationRequest csr, X500Name subjectData,
- PrivateKey privateKey, PublicKey publicKey, List<String> sans) {
+ CsrModel(PKCS10CertificationRequest csr, X500Name subjectData, PrivateKey privateKey, PublicKey publicKey,
+ List<String> sans) {
this.csr = csr;
this.subjectData = subjectData;
this.privateKey = privateKey;
@@ -86,8 +86,7 @@ public class CsrModel {
@Override
public String toString() {
- return "Subject: { " + subjectData
- + " ,SANs: " + sans + " }";
+ return "Subject: { " + subjectData + " ,SANs: " + sans + " }";
}
public static class CsrModelBuilder {
@@ -95,9 +94,7 @@ public class CsrModel {
private final PKCS10CertificationRequest csr;
private final PemObject privateKey;
- public CsrModel build()
- throws DecryptionException
- {
+ public CsrModel build() throws DecryptionException {
X500Name subjectData = getSubjectData();
PrivateKey javaPrivateKey = convertingPemPrivateKeyToJavaSecurityPrivateKey(getPrivateKey());
@@ -129,20 +126,26 @@ public class CsrModel {
}
private List<String> getSansData() {
- Extensions extensions =
- Extensions.getInstance(csr.getAttributes()[0].getAttrValues().getObjectAt(0));
- GeneralName[] arrayOfAlternativeNames =
- GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName).getNames();
-
- return Arrays.stream(arrayOfAlternativeNames)
- .map(GeneralName::getName)
- .map(Objects::toString)
- .collect(Collectors.toList());
+ if (!isAttrsEmpty() && !isAttrsValuesEmpty()) {
+ Extensions extensions = Extensions.getInstance(csr.getAttributes()[0].getAttrValues().getObjectAt(0));
+ GeneralName[] arrayOfAlternativeNames =
+ GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName).getNames();
+ return Arrays.stream(arrayOfAlternativeNames).map(GeneralName::getName).map(Objects::toString)
+ .collect(Collectors.toList());
+ }
+ return Collections.emptyList();
+ }
+
+ private boolean isAttrsValuesEmpty() {
+ return csr.getAttributes()[0].getAttrValues().size() == 0;
+ }
+
+ private boolean isAttrsEmpty() {
+ return csr.getAttributes().length == 0;
}
private PrivateKey convertingPemPrivateKeyToJavaSecurityPrivateKey(PemObject privateKey)
- throws KeyDecryptionException
- {
+ throws KeyDecryptionException {
try {
KeyFactory factory = KeyFactory.getInstance("RSA");
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(privateKey.getContent());
@@ -153,8 +156,7 @@ public class CsrModel {
}
private PublicKey convertingPemPublicKeyToJavaSecurityPublicKey(PemObject publicKey)
- throws KeyDecryptionException
- {
+ throws KeyDecryptionException {
try {
KeyFactory factory = KeyFactory.getInstance("RSA");
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(publicKey.getContent());
diff --git a/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/external/CSRMeta.java b/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/external/CSRMeta.java
index e9f7a483..de11b5bb 100644
--- a/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/external/CSRMeta.java
+++ b/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/external/CSRMeta.java
@@ -207,4 +207,12 @@ public class CSRMeta {
public void issuerEmail(String issuerEmail) {
this.issuerEmail = issuerEmail;
}
+
+ public void setIssuerName(X500Name issuerName) {
+ this.issuerName = issuerName;
+ }
+
+ public void setName(X500Name name) {
+ this.name = name;
+ }
}
diff --git a/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/external/RDN.java b/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/external/RDN.java
index 512a76e1..69445b2e 100644
--- a/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/external/RDN.java
+++ b/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/external/RDN.java
@@ -75,6 +75,7 @@ public class RDN {
break; // surname
case "email":
case "EMAIL":
+ case "E":
case "emailaddress":
case "EMAILADDRESS":
aoi = BCStyle.EmailAddress;