diff options
Diffstat (limited to 'certService/src/main')
-rw-r--r-- | certService/src/main/java/org/onap/aaf/certservice/certification/CertificateFactoryProvider.java (renamed from certService/src/main/java/org/onap/aaf/certservice/certification/adapter/CertificateFactoryProvider.java) | 2 | ||||
-rw-r--r-- | certService/src/main/java/org/onap/aaf/certservice/certification/CertificationProvider.java | 43 | ||||
-rw-r--r-- | certService/src/main/java/org/onap/aaf/certservice/certification/RsaContentSignerBuilder.java (renamed from certService/src/main/java/org/onap/aaf/certservice/certification/adapter/RsaContentSignerBuilder.java) | 2 | ||||
-rw-r--r-- | certService/src/main/java/org/onap/aaf/certservice/certification/X509CertificateBuilder.java (renamed from certService/src/main/java/org/onap/aaf/certservice/certification/adapter/X509CertificateBuilder.java) | 4 | ||||
-rw-r--r-- | certService/src/main/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapter.java | 85 | ||||
-rw-r--r-- | certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpClientImpl.java | 6 |
6 files changed, 44 insertions, 98 deletions
diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/CertificateFactoryProvider.java b/certService/src/main/java/org/onap/aaf/certservice/certification/CertificateFactoryProvider.java index 79f59363..b633f905 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/CertificateFactoryProvider.java +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/CertificateFactoryProvider.java @@ -18,7 +18,7 @@ * ============LICENSE_END========================================================= */ -package org.onap.aaf.certservice.certification.adapter; +package org.onap.aaf.certservice.certification; import java.io.InputStream; import java.security.NoSuchProviderException; diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationProvider.java b/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationProvider.java index 6068237c..4435aa75 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationProvider.java +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationProvider.java @@ -20,27 +20,58 @@ package org.onap.aaf.certservice.certification; -import org.onap.aaf.certservice.certification.adapter.Cmpv2ClientAdapter; +import org.bouncycastle.openssl.jcajce.JcaMiscPEMGenerator; +import org.bouncycastle.util.io.pem.PemObjectGenerator; +import org.bouncycastle.util.io.pem.PemWriter; import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server; import org.onap.aaf.certservice.certification.model.CertificationModel; import org.onap.aaf.certservice.certification.model.CsrModel; +import org.onap.aaf.certservice.cmpv2client.api.CmpClient; import org.onap.aaf.certservice.cmpv2client.exceptions.CmpClientException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import java.io.IOException; +import java.io.StringWriter; +import java.security.cert.X509Certificate; +import java.util.List; +import java.util.stream.Collectors; + @Service public class CertificationProvider { - private final Cmpv2ClientAdapter cmpv2ClientAdapter; + private static final Logger LOGGER = LoggerFactory.getLogger(CertificationProvider.class); + + private final CmpClient cmpClient; @Autowired - public CertificationProvider(Cmpv2ClientAdapter cmpv2ClientAdapter) { - this.cmpv2ClientAdapter = cmpv2ClientAdapter; + public CertificationProvider(CmpClient cmpClient) { + this.cmpClient = cmpClient; } - CertificationModel signCsr(CsrModel csrModel, Cmpv2Server server) + public CertificationModel signCsr(CsrModel csrModel, Cmpv2Server server) throws CmpClientException { - return cmpv2ClientAdapter.callCmpClient(csrModel, server); + List<List<X509Certificate>> certificates = cmpClient.createCertificate(csrModel, server); + return new CertificationModel(convertFromX509CertificateListToPemList(certificates.get(0)), + convertFromX509CertificateListToPemList(certificates.get(1))); + } + + private static List<String> convertFromX509CertificateListToPemList(List<X509Certificate> certificates) { + return certificates.stream().map(CertificationProvider::convertFromX509CertificateToPem).filter(cert -> !cert.isEmpty()) + .collect(Collectors.toList()); + } + + private static String convertFromX509CertificateToPem(X509Certificate certificate) { + StringWriter sw = new StringWriter(); + try (PemWriter pw = new PemWriter(sw)) { + PemObjectGenerator gen = new JcaMiscPEMGenerator(certificate); + pw.writeObject(gen); + } catch (IOException e) { + LOGGER.error("Exception occurred during convert of X509 certificate", e); + } + return sw.toString(); } } diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/RsaContentSignerBuilder.java b/certService/src/main/java/org/onap/aaf/certservice/certification/RsaContentSignerBuilder.java index bda89235..12f00f9c 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/RsaContentSignerBuilder.java +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/RsaContentSignerBuilder.java @@ -18,7 +18,7 @@ * ============LICENSE_END========================================================= */ -package org.onap.aaf.certservice.certification.adapter; +package org.onap.aaf.certservice.certification; import java.io.IOException; import java.security.PrivateKey; diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/X509CertificateBuilder.java b/certService/src/main/java/org/onap/aaf/certservice/certification/X509CertificateBuilder.java index f96cec8e..70591759 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/X509CertificateBuilder.java +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/X509CertificateBuilder.java @@ -18,7 +18,7 @@ * ============LICENSE_END========================================================= */ -package org.onap.aaf.certservice.certification.adapter; +package org.onap.aaf.certservice.certification; import java.io.IOException; import java.math.BigInteger; @@ -38,7 +38,7 @@ public class X509CertificateBuilder { private static final int SECURE_NEXT_BYTES = 16; private static final int VALID_PERIOD_IN_DAYS = 365; - X509v3CertificateBuilder build(PKCS10CertificationRequest csr) throws IOException { + public X509v3CertificateBuilder build(PKCS10CertificationRequest csr) throws IOException { return new X509v3CertificateBuilder(csr.getSubject(), createSerial(), Date.from(LocalDateTime.now().toInstant(ZoneOffset.UTC)), Date.from(LocalDateTime.now().plusDays(VALID_PERIOD_IN_DAYS).toInstant(ZoneOffset.UTC)), diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapter.java b/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapter.java deleted file mode 100644 index 96fe4607..00000000 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapter.java +++ /dev/null @@ -1,85 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * Cert Service - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aaf.certservice.certification.adapter; - -import java.io.IOException; -import java.io.StringWriter; -import java.security.cert.X509Certificate; -import java.util.List; -import java.util.stream.Collectors; - -import org.bouncycastle.openssl.jcajce.JcaMiscPEMGenerator; -import org.bouncycastle.util.io.pem.PemObjectGenerator; -import org.bouncycastle.util.io.pem.PemWriter; -import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server; -import org.onap.aaf.certservice.certification.model.CertificationModel; -import org.onap.aaf.certservice.certification.model.CsrModel; -import org.onap.aaf.certservice.cmpv2client.api.CmpClient; -import org.onap.aaf.certservice.cmpv2client.exceptions.CmpClientException; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Component; - -@Component -public class Cmpv2ClientAdapter { - - private static final Logger LOGGER = LoggerFactory.getLogger(Cmpv2ClientAdapter.class); - - private final CmpClient cmpClient; - - @Autowired - public Cmpv2ClientAdapter(CmpClient cmpClient) { - this.cmpClient = cmpClient; - } - - /** - * Uses CmpClient to call to Cmp Server and gather certificates data - * - * @param csrModel Certificate Signing Request from Service external API - * @param server Cmp Server configuration from cmpServers.json - * @return container for returned certificates - * @throws CmpClientException Exceptions which comes from Cmp Client - */ - public CertificationModel callCmpClient(CsrModel csrModel, Cmpv2Server server) - throws CmpClientException { - List<List<X509Certificate>> certificates = cmpClient.createCertificate(csrModel, server); - return new CertificationModel(convertFromX509CertificateListToPemList(certificates.get(0)), - convertFromX509CertificateListToPemList(certificates.get(1))); - } - - private String convertFromX509CertificateToPem(X509Certificate certificate) { - StringWriter sw = new StringWriter(); - try (PemWriter pw = new PemWriter(sw)) { - PemObjectGenerator gen = new JcaMiscPEMGenerator(certificate); - pw.writeObject(gen); - } catch (IOException e) { - LOGGER.error("Exception occurred during convert of X509 certificate", e); - } - return sw.toString(); - } - - private List<String> convertFromX509CertificateListToPemList(List<X509Certificate> certificates) { - return certificates.stream().map(this::convertFromX509CertificateToPem).filter(cert -> !cert.isEmpty()) - .collect(Collectors.toList()); - } - -} diff --git a/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpClientImpl.java b/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpClientImpl.java index 08c43031..28731f29 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpClientImpl.java +++ b/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpClientImpl.java @@ -66,6 +66,7 @@ public class CmpClientImpl implements CmpClient { private final CloseableHttpClient httpClient; private static final String DEFAULT_CA_NAME = "Certification Authority"; + private static final String DEFAULT_PROFILE = CaMode.RA.getProfile(); public CmpClientImpl(CloseableHttpClient httpClient) { this.httpClient = httpClient; @@ -202,11 +203,10 @@ public class CmpClientImpl implements CmpClient { final Date notBefore, final Date notAfter) { - String caName = CmpUtil.isNullOrEmpty(server.getCaName()) ? server.getCaName() : DEFAULT_CA_NAME; - String caProfile = server.getCaMode() != null ? String.valueOf(server.getCaMode()) : String.valueOf(CaMode.RA); + String profile = server.getCaMode() != null ? server.getCaMode().getProfile() : DEFAULT_PROFILE; LOG.info( - "Validate before creating Certificate Request for CA :{} in Mode {} ", caName, caProfile); + "Validate before creating Certificate Request for CA :{} in Mode {} ", caName, profile); CmpUtil.notNull(csrModel, "CsrModel Instance"); CmpUtil.notNull(csrModel.getSubjectData(), "Subject DN"); |