aboutsummaryrefslogtreecommitdiffstats
path: root/certService/src/main/java
diff options
context:
space:
mode:
Diffstat (limited to 'certService/src/main/java')
-rw-r--r--certService/src/main/java/org/onap/aaf/certservice/certification/CertificationProvider.java3
-rw-r--r--certService/src/main/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapter.java40
-rw-r--r--certService/src/main/java/org/onap/aaf/certservice/cmpv2client/api/CmpClient.java18
-rw-r--r--certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpClientImpl.java30
4 files changed, 15 insertions, 76 deletions
diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationProvider.java b/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationProvider.java
index fa2d88ab..6068237c 100644
--- a/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationProvider.java
+++ b/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationProvider.java
@@ -22,7 +22,6 @@ package org.onap.aaf.certservice.certification;
import org.onap.aaf.certservice.certification.adapter.Cmpv2ClientAdapter;
import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server;
-import org.onap.aaf.certservice.certification.exception.Cmpv2ClientAdapterException;
import org.onap.aaf.certservice.certification.model.CertificationModel;
import org.onap.aaf.certservice.certification.model.CsrModel;
import org.onap.aaf.certservice.cmpv2client.exceptions.CmpClientException;
@@ -40,7 +39,7 @@ public class CertificationProvider {
}
CertificationModel signCsr(CsrModel csrModel, Cmpv2Server server)
- throws CmpClientException, Cmpv2ClientAdapterException {
+ throws CmpClientException {
return cmpv2ClientAdapter.callCmpClient(csrModel, server);
}
diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapter.java b/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapter.java
index 2477c421..96fe4607 100644
--- a/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapter.java
+++ b/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapter.java
@@ -20,26 +20,16 @@
package org.onap.aaf.certservice.certification.adapter;
-import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.StringWriter;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.stream.Collectors;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.openssl.jcajce.JcaMiscPEMGenerator;
-import org.bouncycastle.operator.ContentSigner;
-import org.bouncycastle.operator.OperatorCreationException;
-import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.util.io.pem.PemObjectGenerator;
import org.bouncycastle.util.io.pem.PemWriter;
import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server;
-import org.onap.aaf.certservice.certification.exception.Cmpv2ClientAdapterException;
import org.onap.aaf.certservice.certification.model.CertificationModel;
import org.onap.aaf.certservice.certification.model.CsrModel;
import org.onap.aaf.certservice.cmpv2client.api.CmpClient;
@@ -55,18 +45,10 @@ public class Cmpv2ClientAdapter {
private static final Logger LOGGER = LoggerFactory.getLogger(Cmpv2ClientAdapter.class);
private final CmpClient cmpClient;
- private final RsaContentSignerBuilder rsaContentSignerBuilder;
- private final X509CertificateBuilder x509CertificateBuilder;
- private final CertificateFactoryProvider certificateFactoryProvider;
@Autowired
- public Cmpv2ClientAdapter(CmpClient cmpClient, RsaContentSignerBuilder rsaContentSignerBuilder,
- X509CertificateBuilder x509CertificateBuilder,
- CertificateFactoryProvider certificateFactoryProvider) {
+ public Cmpv2ClientAdapter(CmpClient cmpClient) {
this.cmpClient = cmpClient;
- this.rsaContentSignerBuilder = rsaContentSignerBuilder;
- this.x509CertificateBuilder = x509CertificateBuilder;
- this.certificateFactoryProvider = certificateFactoryProvider;
}
/**
@@ -76,13 +58,10 @@ public class Cmpv2ClientAdapter {
* @param server Cmp Server configuration from cmpServers.json
* @return container for returned certificates
* @throws CmpClientException Exceptions which comes from Cmp Client
- * @throws Cmpv2ClientAdapterException Exceptions which comes from Adapter itself
*/
public CertificationModel callCmpClient(CsrModel csrModel, Cmpv2Server server)
- throws CmpClientException, Cmpv2ClientAdapterException {
- List<List<X509Certificate>> certificates = cmpClient.createCertificate(server.getCaName(),
- server.getCaMode().getProfile(), csrModel, server,
- convertCsrToX509Certificate(csrModel.getCsr(), csrModel.getPrivateKey()));
+ throws CmpClientException {
+ List<List<X509Certificate>> certificates = cmpClient.createCertificate(csrModel, server);
return new CertificationModel(convertFromX509CertificateListToPemList(certificates.get(0)),
convertFromX509CertificateListToPemList(certificates.get(1)));
}
@@ -98,19 +77,6 @@ public class Cmpv2ClientAdapter {
return sw.toString();
}
- private X509Certificate convertCsrToX509Certificate(PKCS10CertificationRequest csr, PrivateKey privateKey)
- throws Cmpv2ClientAdapterException {
- try {
- X509v3CertificateBuilder certificateGenerator = x509CertificateBuilder.build(csr);
- ContentSigner signer = rsaContentSignerBuilder.build(csr, privateKey);
- X509CertificateHolder holder = certificateGenerator.build(signer);
- return certificateFactoryProvider
- .generateCertificate(new ByteArrayInputStream(holder.toASN1Structure().getEncoded()));
- } catch (IOException | CertificateException | OperatorCreationException | NoSuchProviderException e) {
- throw new Cmpv2ClientAdapterException(e);
- }
- }
-
private List<String> convertFromX509CertificateListToPemList(List<X509Certificate> certificates) {
return certificates.stream().map(this::convertFromX509CertificateToPem).filter(cert -> !cert.isEmpty())
.collect(Collectors.toList());
diff --git a/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/api/CmpClient.java b/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/api/CmpClient.java
index 7de3b712..6ff1bf68 100644
--- a/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/api/CmpClient.java
+++ b/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/api/CmpClient.java
@@ -41,13 +41,8 @@ public interface CmpClient {
* IAK/RV, Verification of the signature (proof-of-possession) on the request is performed and an
* Exception thrown if verification fails or issue encountered in fetching certificate from CA.
*
- * @param caName Information about the External Root Certificate Authority (CA) performing the
- * event CA Name. Could be {@code null}.
- * @param profile Profile on CA server Client/RA Mode configuration on Server. Could be {@code
- * null}.
* @param csrModel Certificate Signing Request model. Must not be {@code null}.
* @param server CMPv2 Server. Must not be {@code null}.
- * @param csr Certificate Signing Request {.cer} file. Must not be {@code null}.
* @param notBefore An optional validity to set in the created certificate, Certificate not valid
* before this date.
* @param notAfter An optional validity to set in the created certificate, Certificate not valid
@@ -56,11 +51,8 @@ public interface CmpClient {
* @throws CmpClientException if client error occurs.
*/
List<List<X509Certificate>> createCertificate(
- String caName,
- String profile,
CsrModel csrModel,
Cmpv2Server server,
- X509Certificate csr,
Date notBefore,
Date notAfter)
throws CmpClientException;
@@ -71,21 +63,13 @@ public interface CmpClient {
* IAK/RV, Verification of the signature (proof-of-possession) on the request is performed and an
* Exception thrown if verification fails or issue encountered in fetching certificate from CA.
*
- * @param caName Information about the External Root Certificate Authority (CA) performing the
- * event CA Name. Could be {@code null}.
- * @param profile Profile on CA server Client/RA Mode configuration on Server. Could be {@code
- * null}.
* @param csrModel Certificate Signing Request Model. Must not be {@code null}.
* @param server CMPv2 server. Must not be {@code null}.
- * @param csr Certificate Signing Request {.cer} file. Must not be {@code null}.
* @return {@link X509Certificate} The newly created Certificate.
* @throws CmpClientException if client error occurs.
*/
List<List<X509Certificate>> createCertificate(
- String caName,
- String profile,
CsrModel csrModel,
- Cmpv2Server server,
- X509Certificate csr)
+ Cmpv2Server server)
throws CmpClientException;
}
diff --git a/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpClientImpl.java b/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpClientImpl.java
index 79656e91..08c43031 100644
--- a/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpClientImpl.java
+++ b/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpClientImpl.java
@@ -48,6 +48,7 @@ import org.bouncycastle.asn1.cmp.PKIBody;
import org.bouncycastle.asn1.cmp.PKIHeader;
import org.bouncycastle.asn1.cmp.PKIMessage;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.onap.aaf.certservice.certification.configuration.model.CaMode;
import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server;
import org.onap.aaf.certservice.certification.model.CsrModel;
import org.onap.aaf.certservice.cmpv2client.exceptions.CmpClientException;
@@ -64,7 +65,6 @@ public class CmpClientImpl implements CmpClient {
private static final Logger LOG = LoggerFactory.getLogger(CmpClientImpl.class);
private final CloseableHttpClient httpClient;
- private static final String DEFAULT_PROFILE = "RA";
private static final String DEFAULT_CA_NAME = "Certification Authority";
public CmpClientImpl(CloseableHttpClient httpClient) {
@@ -73,16 +73,13 @@ public class CmpClientImpl implements CmpClient {
@Override
public List<List<X509Certificate>> createCertificate(
- String caName,
- String profile,
CsrModel csrModel,
Cmpv2Server server,
- X509Certificate cert,
Date notBefore,
Date notAfter)
throws CmpClientException {
- validate(csrModel, server, cert, caName, profile, httpClient, notBefore, notAfter);
+ validate(csrModel, server, httpClient, notBefore, notAfter);
KeyPair keyPair = new KeyPair(csrModel.getPublicKey(), csrModel.getPrivateKey());
final CreateCertRequest certRequest =
@@ -99,14 +96,13 @@ public class CmpClientImpl implements CmpClient {
final PKIMessage pkiMessage = certRequest.generateCertReq();
Cmpv2HttpClient cmpv2HttpClient = new Cmpv2HttpClient(httpClient);
- return retrieveCertificates(caName, csrModel, server, pkiMessage, cmpv2HttpClient);
+ return retrieveCertificates(csrModel, server, pkiMessage, cmpv2HttpClient);
}
@Override
- public List<List<X509Certificate>> createCertificate(
- String caName, String profile, CsrModel csrModel, Cmpv2Server server, X509Certificate csr)
+ public List<List<X509Certificate>> createCertificate(CsrModel csrModel, Cmpv2Server server)
throws CmpClientException {
- return createCertificate(caName, profile, csrModel, server, csr, null, null);
+ return createCertificate(csrModel, server, null, null);
}
private void checkCmpResponse(
@@ -197,23 +193,18 @@ public class CmpClientImpl implements CmpClient {
*
* @param csrModel Certificate Signing Request model. Must not be {@code null}.
* @param server CMPv2 Server. Must not be {@code null}.
- * @param cert Certificate object needed to validate response from CA server.
- * @param incomingCaName Date specifying certificate is not valid before this date.
- * @param incomingProfile Date specifying certificate is not valid after this date.
* @throws IllegalArgumentException if Before Date is set after the After Date.
*/
private static void validate(
final CsrModel csrModel,
final Cmpv2Server server,
- final X509Certificate cert,
- final String incomingCaName,
- final String incomingProfile,
final CloseableHttpClient httpClient,
final Date notBefore,
final Date notAfter) {
- String caName = CmpUtil.isNullOrEmpty(incomingCaName) ? incomingCaName : DEFAULT_CA_NAME;
- String caProfile = CmpUtil.isNullOrEmpty(incomingProfile) ? incomingProfile : DEFAULT_PROFILE;
+
+ String caName = CmpUtil.isNullOrEmpty(server.getCaName()) ? server.getCaName() : DEFAULT_CA_NAME;
+ String caProfile = server.getCaMode() != null ? String.valueOf(server.getCaMode()) : String.valueOf(CaMode.RA);
LOG.info(
"Validate before creating Certificate Request for CA :{} in Mode {} ", caName, caProfile);
@@ -224,7 +215,6 @@ public class CmpClientImpl implements CmpClient {
CmpUtil.notNull(server.getIssuerDN(), "Issuer DN");
CmpUtil.notNull(server.getUrl(), "External CA URL");
CmpUtil.notNull(server.getAuthentication().getIak(), "IAK/RV Password");
- CmpUtil.notNull(cert, "Certificate Signing Request (CSR)");
CmpUtil.notNull(httpClient, "Closeable Http Client");
if (notBefore != null && notAfter != null && notBefore.compareTo(notAfter) > 0) {
@@ -233,9 +223,9 @@ public class CmpClientImpl implements CmpClient {
}
private List<List<X509Certificate>> retrieveCertificates(
- String caName, CsrModel csrModel, Cmpv2Server server, PKIMessage pkiMessage, Cmpv2HttpClient cmpv2HttpClient)
+ CsrModel csrModel, Cmpv2Server server, PKIMessage pkiMessage, Cmpv2HttpClient cmpv2HttpClient)
throws CmpClientException {
- final byte[] respBytes = cmpv2HttpClient.postRequest(pkiMessage, server.getUrl(), caName);
+ final byte[] respBytes = cmpv2HttpClient.postRequest(pkiMessage, server.getUrl(), server.getCaName());
try {
final PKIMessage respPkiMessage = PKIMessage.getInstance(respBytes);
LOG.info("Received response from Server");