diff options
Diffstat (limited to 'certService')
19 files changed, 578 insertions, 85 deletions
diff --git a/certService/OpenAPI.yaml b/certService/OpenAPI.yaml new file mode 100644 index 00000000..631a1fbc --- /dev/null +++ b/certService/OpenAPI.yaml @@ -0,0 +1,92 @@ +openapi: 3.0.1 +info: + title: CertService Documentation + description: certification service API documentation + version: v1 +servers: + - url: 'http://localhost:8080' + description: Generated server url +tags: + - name: Actuator + description: Monitor and interact + externalDocs: + description: Spring Boot Actuator Web API Documentation + url: 'https://docs.spring.io/spring-boot/docs/current/actuator-api/html/' +paths: + '/v1/certificate/{caName}': + get: + tags: + - certification-service + operationId: sign certificate + parameters: + - name: caName + in: path + required: true + schema: + type: string + - name: CSR + in: header + required: true + schema: + type: string + - name: PK + in: header + required: true + schema: + type: string + responses: + '200': + description: csr is signed + content: + application/json; charset=utf-8: + schema: + type: string + example: { + "certificateChain": [ + "-----BEGIN CERTIFICATE-----\nMIIDjDCCAnSgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwgYQxCzAJBgNVBAYTAlVT\nMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4tRnJhbmNpc2NvMRkw\nFwYDVQQKDBBMaW51eC1Gb3VuZGF0aW9uMQ0wCwYDVQQLDARPTkFQMR4wHAYDVQQD\nDBVpbnRlcm1lZGlhdGUub25hcC5vcmcwHhcNMjAwMjEyMDk1MTI2WhcNMjIxMTA4\nMDk1MTI2WjB7MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG\nA1UEBwwNU2FuLUZyYW5jaXNjbzEZMBcGA1UECgwQTGludXgtRm91bmRhdGlvbjEN\nMAsGA1UECwwET05BUDEVMBMGA1UEAwwMdmlkLm9uYXAub3JnMIIBIjANBgkqhkiG\n9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw+GIRzJzUOh0gtc+wzFJEdTnn+q5F10L0Yhr\nG1xKdjPieHIFGsoiXwcuCU8arNSqlz7ocx62KQRkcA8y6edlOAsYtdOEJvqEI9vc\neyTB/HYsbzw3URPGch4AmibrQkKU9QvGwouHtHn4R2Ft2Y0tfEqv9hxj9v4njq4A\nEiDLAFLl5FmVyCZu/MtKngSgu1smcaFKTYySPMxytgJZexoa/ALZyyE0gRhsvwHm\nNLGCPt1bmE/PEGZybsCqliyTO0S56ncD55The7+D/UDS4kE1Wg0svlWon/YsE6QW\nB3oeJDX7Kr8ebDTIAErevIAD7Sm4ee5se2zxYrsYlj0MzHZtvwIDAQABoxAwDjAM\nBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCvQ1pTvjON6vSlcJRKSY4r\n8q7L4/9ZaVXWJAjzEYJtPIqsgGiPWz0vGfgklowU6tZxp9zRZFXfMil+mPQSe+yo\nULrZSQ/z48YHPueE/BNO/nT4aaVBEhPLR5aVwC7uQVX8H+m1V1UGT8lk9vdI9rej\nCI9l524sLCpdE4dFXiWK2XHEZ0Vfylk221u3IYEogVVA+UMX7BFPSsOnI2vtYK/i\nlwZtlri8LtTusNe4oiTkYyq+RSyDhtAswg8ANgvfHolhCHoLFj6w1IkG88UCmbwN\nd7BoGMy06y5MJxyXEZG0vR7eNeLey0TIh+rAszAFPsIQvrOHW+HuA+WLQAj1mhnm\n-----END CERTIFICATE-----", + "-----BEGIN CERTIFICATE-----\nMIIDqTCCApGgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZcxCzAJBgNVBAYTAlVT\nMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4tRnJhbmNpc2NvMRkw\nFwYDVQQKDBBMaW51eC1Gb3VuZGF0aW9uMQ0wCwYDVQQLDARPTkFQMREwDwYDVQQD\nDAhvbmFwLm9yZzEeMBwGCSqGSIb3DQEJARYPdGVzdGVyQG9uYXAub3JnMB4XDTIw\nMDIxMjA5NDAxMloXDTIyMTEwODA5NDAxMlowgYQxCzAJBgNVBAYTAlVTMRMwEQYD\nVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4tRnJhbmNpc2NvMRkwFwYDVQQK\nDBBMaW51eC1Gb3VuZGF0aW9uMQ0wCwYDVQQLDARPTkFQMR4wHAYDVQQDDBVpbnRl\ncm1lZGlhdGUub25hcC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB\nAQC1oOYMZ6G+2DGDAizYnzdCNiogivlht1s4oqgem7fM1XFPxD2p31ATIibOdqr/\ngv1qemO9Q4r1xn6w1Ufq7T1K7PjnMzdSeTqZefurE2JM/HHx2QvW4TjMlz2ILgaD\nL1LN60kmMQSOi5VxKJpsrCQxbOsxhvefd212gny5AZMcjJe23kUd9OxUrtvpdLEv\nwI3vFEvT7oRUnEUg/XNz7qeg33vf1C39yMR+6O4s6oevgsEebVKjb+yOoS6zzGtz\n72wZjm07C54ZlO+4Uy+QAlMjRiU3mgWkKbkOy+4CvwehjhpTikdBs2DX39ZLGHhn\nL/0a2NYtGulp9XEqmTvRoI+PAgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZI\nhvcNAQELBQADggEBADcitdJ6YswiV8jAD9GK0gf3+zqcGegt4kt+79JXlXYbb1sY\nq3o6prcB7nSUoClgF2xUPCslFGpM0Er9FCSFElQM/ru0l/KVmJS6kSpwEHvsYIH3\nq5anta+Pyk8JSQWAAw+qrind0uBQMnhR8Tn13tgV+Kjvg/xlH/nZIEdN5YtLB1cA\nbeVsZRyRfVL9DeZU8s/MZ5wC3kgcEp5A4m5lg7HyBxBdqhzFcDr6xiy6OGqW8Yep\nxrwfc8Fw8a/lOv4U+tBeGNKPQDYaL9hh+oM+qMkNXsHXDqdJsuEGJtU4i3Wcwzoc\nXGN5NWV//4bP+NFmwgcn7AYCdRvz04A8GU/0Cwg=\n-----END CERTIFICATE-----" + ], + "trustedCertificates": [ + "-----BEGIN CERTIFICATE-----\nMIIDtzCCAp8CFAwqQddh4/iyGfP8UZ3dpXlxfAN8MA0GCSqGSIb3DQEBCwUAMIGX\nMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2Fu\nLUZyYW5jaXNjbzEZMBcGA1UECgwQTGludXgtRm91bmRhdGlvbjENMAsGA1UECwwE\nT05BUDERMA8GA1UEAwwIb25hcC5vcmcxHjAcBgkqhkiG9w0BCQEWD3Rlc3RlckBv\nbmFwLm9yZzAeFw0yMDAyMTIwOTM0MjdaFw0yMTAyMTEwOTM0MjdaMIGXMQswCQYD\nVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuLUZyYW5j\naXNjbzEZMBcGA1UECgwQTGludXgtRm91bmRhdGlvbjENMAsGA1UECwwET05BUDER\nMA8GA1UEAwwIb25hcC5vcmcxHjAcBgkqhkiG9w0BCQEWD3Rlc3RlckBvbmFwLm9y\nZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCFrnO7/eT6V+7XkPPd\neiL/6xXreuegvit/1/jTVjG+3AOVcmTn2WXwXXRcQLvkWQfJVPoltsY8E3FqFRti\n797XjY6cdQJFVDyzNU0+Fb4vJL9FK5wSvnS6EFjBEn3JvXRlENorDCs/mfjkjJoa\nDl74gXQEJYcg4nsTeNIj7cm3Q7VK3mZt1t7LSJJ+czxv69UJDuNJpmQ/2WOKyLZA\ngTtBJ+Hyol45/OLsrqwq1dAn9ZRWIFPvRt/XQYH9bI/6MtqSreRVUrdYCiTe/XpP\nB/OM6NEi2+p5QLi3Yi70CEbqP3HqUVbkzF+r7bwIb6M5/HxfqzLmGwLvD+6rYnUn\nBm8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAhXoO65DXth2X/zFRNsCNpLwmDy7r\nPxT9ZAIZAzSxx3/aCYiuTrKP1JnqjkO+F2IbikrI4n6sKO49SKnRf9SWTFhd+5dX\nvxq5y7MaqxHAY9J7+Qzq33+COVFQnaF7ddel2NbyUVb2b9ZINNsaZkkPXui6DtQ7\n/Fb/1tmAGWd3hMp75G2thBSzs816JMKKa9WD+4VGATEs6OSll4sv2fOZEn+0mAD3\n9q9c+WtLGIudOwcHwzPb2njtNntQSCK/tVOqbY+vzhMY3JW+p9oSrLDSdGC+pAKK\nm/wB+2VPIYcsPMtIhHC4tgoSaiCqjXYptaOh4b8ye8CPBUCpX/AYYkN0Ow==\n-----END CERTIFICATE-----", + "-----BEGIN CERTIFICATE-----\nMIIDvzCCAqcCFF5DejiyfoNfPiiMmBXulniBewBGMA0GCSqGSIb3DQEBCwUAMIGb\nMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2Fu\nLUZyYW5jaXNjbzEZMBcGA1UECgwQTGludXgtRm91bmRhdGlvbjENMAsGA1UECwwE\nT05BUDEVMBMGA1UEAwwMbmV3Lm9uYXAub3JnMR4wHAYJKoZIhvcNAQkBFg90ZXN0\nZXJAb25hcC5vcmcwHhcNMjAwMjEyMDk1OTM3WhcNMjEwMjExMDk1OTM3WjCBmzEL\nMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbi1G\ncmFuY2lzY28xGTAXBgNVBAoMEExpbnV4LUZvdW5kYXRpb24xDTALBgNVBAsMBE9O\nQVAxFTATBgNVBAMMDG5ldy5vbmFwLm9yZzEeMBwGCSqGSIb3DQEJARYPdGVzdGVy\nQG9uYXAub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtF4FXeDV\nng/inC/bTACmZnLC9IiC7PyG/vVbMxxN1bvQLRAwC/Hbl3i9zD68Vs/jPPr/SDr9\n2rgItdDdUY1V30Y3PT06F11XdEaRb+t++1NX0rDf1AqPaBZgnBmB86s1wbqHdJTr\nwEImDZ5xMPfP3fiWy/9Yw/U7iRMIi1/oI0lWuHJV0bn908shuJ6dvInpRCoDnoTX\nYP/FiDSZCFVewQcq4TigB7kRqZrDcPZWbSlqHklDMXRwbCxAiFSziuX6TBwru9Rn\nHhIeXVSgMU1ZSSopVbJGtQ4zSsU1nvTK5Bhc2UHGcAOZy1xTN5D9EEbTqh7l+Wtx\ny8ojkEXvFG8lVwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAE+bUphwHit78LK8sb\nOMjt4DiEu32KeSJOpYgPLeBeAIynaNsa7sQrpuxerGNTmQWIcw6olXI0J+OOwkik\nII7elrYtd5G1uALxXWdamNsaY0Du34moVL1YjexJ7qQ4oBUxg2tuY8NAQGDK+23I\nnCA+ZwzdTJo73TYS6sx64d/YLWkX4nHGUoMlF+xUH34csDyhpuTSzQhC2quB5N8z\ntSFdpe4z2jqx07qo2EBFxi03EQ8Q0ex6l421QM2gbs7cZQ66K0DkpPcF2+iHZnyx\nxq1lnlsWHklElF2bhyXTn3fPp5wtan00P8IolKx7CAWb92QjkW6M0RvTW/xuwIzh\n0rTO\n-----END CERTIFICATE-----" + ] + } + '400': + description: incorrect/missing CSR and/or private key + content: + application/json; charset=utf-8: + schema: + type: string + example: { + "errorMessage": "Wrong key (PK) format" + } + '500': + description: exception occurred on server side + content: + application/json; charset=utf-8: + schema: + type: string + /actuator/health: + get: + tags: + - Actuator + operationId: health check + summary: Actuator web endpoint 'health' + responses: + '200': + description: service is healthy + content: {} + /actuator/refresh: + post: + tags: + - Actuator + operationId: refresh configuration + summary: Actuator web endpoint 'refresh' + responses: + '200': + description: configuration is successfully reloaded + content: {} + '500': + description: fail to reload configuration + content: {} +components: {} diff --git a/certService/README.md b/certService/README.md index f9478bed..23cb2cf6 100644 --- a/certService/README.md +++ b/certService/README.md @@ -52,12 +52,12 @@ mvn clean install -P docker ### Running Docker container local ``` -docker run -p 8080:8080 --name aaf-certservice-api onap/org.onap.aaf.certservice.aaf-certservice-api +docker run -p 8080:8080 --name aaf-certservice-api --mount type=bind,source=/<absolute_path>/cmpServers.json,target=/etc/onap/aaf/certservice/cmpServers.json onap/org.onap.aaf.certservice.aaf-certservice-api ``` ### Running Docker container from nexus ``` -docker run -p 8080:8080 --name aaf-certservice-api nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-api:1.0.0 +docker run -p 8080:8080 --name aaf-certservice-api --mount type=bind,source=/<absolute_path>/cmpServers.json,target=/etc/onap/aaf/certservice/cmpServers.json nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-api:1.0.0 ``` ### Running Docker container from docker-compose with EJBCA diff --git a/certService/src/main/java/org/onap/aaf/certservice/api/CertificationService.java b/certService/src/main/java/org/onap/aaf/certservice/api/CertificationService.java index d2de1aa0..945fc6d1 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/api/CertificationService.java +++ b/certService/src/main/java/org/onap/aaf/certservice/api/CertificationService.java @@ -76,7 +76,7 @@ public class CertificationService { ); LOGGER.debug("Received CSR meta data: \n{}", csrModel); CertificationModel certificationModel = certificationModelFactory - .createCertificationModel(csrModel,caName); + .createCertificationModel(csrModel, caName); return new ResponseEntity<>(new Gson().toJson(certificationModel), HttpStatus.OK); } diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationExceptionController.java b/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationExceptionController.java index 4c9d3042..130a5167 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationExceptionController.java +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationExceptionController.java @@ -21,6 +21,7 @@ package org.onap.aaf.certservice.certification; import com.google.gson.Gson; +import org.onap.aaf.certservice.certification.exception.Cmpv2ServerNotFoundException; import org.onap.aaf.certservice.certification.exception.CsrDecryptionException; import org.onap.aaf.certservice.certification.exception.ErrorResponseModel; import org.onap.aaf.certservice.certification.exception.KeyDecryptionException; @@ -39,20 +40,27 @@ public class CertificationExceptionController { @ExceptionHandler(value = CsrDecryptionException.class) public ResponseEntity<String> handle(CsrDecryptionException exception) { LOGGER.error("Exception occurred during decoding certificate sign request:", exception); - return getErrorResponseEntity("Wrong certificate signing request (CSR) format"); + return getErrorResponseEntity("Wrong certificate signing request (CSR) format", HttpStatus.BAD_REQUEST); } @ExceptionHandler(value = KeyDecryptionException.class) public ResponseEntity<String> handle(KeyDecryptionException exception) { LOGGER.error("Exception occurred during decoding key:", exception); - return getErrorResponseEntity("Wrong key (PK) format"); + return getErrorResponseEntity("Wrong key (PK) format", HttpStatus.BAD_REQUEST); } - private ResponseEntity<String> getErrorResponseEntity(String errorMessage) { + @ExceptionHandler(value = Cmpv2ServerNotFoundException.class) + public ResponseEntity<String> handle(Cmpv2ServerNotFoundException exception) { + LOGGER.error("Exception occurred selecting CMPv2 server:", exception); + return getErrorResponseEntity("Certification authority not found for given CAName", HttpStatus.NOT_FOUND); + } + + private ResponseEntity<String> getErrorResponseEntity(String errorMessage, HttpStatus status) { ErrorResponseModel errorResponse = new ErrorResponseModel(errorMessage); return new ResponseEntity<>( new Gson().toJson(errorResponse), - HttpStatus.BAD_REQUEST + status ); } + } diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationModelFactory.java b/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationModelFactory.java index 507ce3c1..69b83465 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationModelFactory.java +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationModelFactory.java @@ -20,10 +20,14 @@ package org.onap.aaf.certservice.certification; +import org.onap.aaf.certservice.certification.configuration.Cmpv2ServerProvider; +import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server; +import org.onap.aaf.certservice.certification.exception.Cmpv2ServerNotFoundException; import org.onap.aaf.certservice.certification.model.CertificationModel; import org.onap.aaf.certservice.certification.model.CsrModel; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import java.util.Arrays; @@ -38,14 +42,28 @@ public class CertificationModelFactory { private static final Logger LOGGER = LoggerFactory.getLogger(CertificationModelFactory.class); + private final Cmpv2ServerProvider cmpv2ServerProvider; + + @Autowired + CertificationModelFactory(Cmpv2ServerProvider cmpv2ServerProvider) { + this.cmpv2ServerProvider = cmpv2ServerProvider; + } public CertificationModel createCertificationModel(CsrModel csr, String caName) { LOGGER.info("Generating certification model for CA named: {}, and certificate signing request:\n{}", caName, csr); + + return cmpv2ServerProvider + .getCmpv2Server(caName) + .map(this::generateCertificationModel) + .orElseThrow(() -> new Cmpv2ServerNotFoundException("No server found for given CA name")); + } + + private CertificationModel generateCertificationModel(Cmpv2Server cmpv2Server) { + LOGGER.debug("Found server for given CA name: \n{}", cmpv2Server); return new CertificationModel( Arrays.asList(ENTITY_CERT, INTERMEDIATE_CERT), Arrays.asList(CA_CERT, EXTRA_CA_CERT) ); } - } diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/CsrModelFactory.java b/certService/src/main/java/org/onap/aaf/certservice/certification/CsrModelFactory.java index bca30dee..6f356c1a 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/CsrModelFactory.java +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/CsrModelFactory.java @@ -47,7 +47,7 @@ public class CsrModelFactory { throws DecryptionException { PKCS10CertificationRequest decodedCsr = decodeCsr(csr); PemObject decodedPrivateKey = decodePrivateKey(privateKey); - return new CsrModel(decodedCsr, decodedPrivateKey); + return new CsrModel.CsrModelBuilder(decodedCsr, decodedPrivateKey).build(); } private PemObject decodePrivateKey(StringBase64 privateKey) diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/CmpServersConfig.java b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/CmpServersConfig.java index 93721e88..25e69251 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/CmpServersConfig.java +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/CmpServersConfig.java @@ -37,7 +37,6 @@ import java.util.Collections; import java.util.List; import org.springframework.context.event.EventListener; -@RefreshScope @Configuration public class CmpServersConfig { diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/Cmpv2ServerProvider.java b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/Cmpv2ServerProvider.java new file mode 100644 index 00000000..755bfeb0 --- /dev/null +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/Cmpv2ServerProvider.java @@ -0,0 +1,46 @@ +/* + * ============LICENSE_START======================================================= + * PROJECT + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.certification.configuration; + +import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import java.util.Optional; + +@Component +public class Cmpv2ServerProvider { + + private final CmpServersConfig cmpServersConfig; + + @Autowired + Cmpv2ServerProvider(CmpServersConfig cmpServersConfig) { + this.cmpServersConfig = cmpServersConfig; + } + + public Optional<Cmpv2Server> getCmpv2Server(String caName) { + return cmpServersConfig.getCmpServers() + .stream() + .filter(server -> server.getCaName().equals(caName)) + .findFirst(); + } + +} diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/model/Authentication.java b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/model/Authentication.java index ffd63ecf..af254d61 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/model/Authentication.java +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/model/Authentication.java @@ -45,4 +45,11 @@ public class Authentication { this.rv = rv; } + @Override + public String toString() { + return "Authentication{" + + " iak=*****" + + ", rv=*****" + + '}'; + } } diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/model/Cmpv2Server.java b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/model/Cmpv2Server.java index 21349d93..9f8f9796 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/model/Cmpv2Server.java +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/model/Cmpv2Server.java @@ -20,6 +20,7 @@ package org.onap.aaf.certservice.certification.configuration.model; +import org.bouncycastle.asn1.x500.X500Name; import org.hibernate.validator.constraints.Length; import org.onap.aaf.certservice.certification.configuration.validation.constraints.Cmpv2URL; @@ -32,8 +33,7 @@ public class Cmpv2Server { private CaMode caMode; @Length(min = 1, max = 128) private String caName; - @Length(min = 4, max = 256) - private String issuerDN; + private X500Name issuerDN; @Cmpv2URL private String url; @@ -61,11 +61,11 @@ public class Cmpv2Server { this.caName = caName; } - public String getIssuerDN() { + public X500Name getIssuerDN() { return issuerDN; } - public void setIssuerDN(String issuerDN) { + public void setIssuerDN(X500Name issuerDN) { this.issuerDN = issuerDN; } @@ -77,4 +77,15 @@ public class Cmpv2Server { this.url = url; } + @Override + public String toString() { + return "Cmpv2Server{" + + "authentication=" + authentication + + ", caMode=" + caMode + + ", caName='" + caName + '\'' + + ", issuerDN='" + issuerDN + '\'' + + ", url='" + url + '\'' + + '}'; + } + } diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/exception/Cmpv2ServerNotFoundException.java b/certService/src/main/java/org/onap/aaf/certservice/certification/exception/Cmpv2ServerNotFoundException.java new file mode 100644 index 00000000..95d4cd69 --- /dev/null +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/exception/Cmpv2ServerNotFoundException.java @@ -0,0 +1,29 @@ +/* + * ============LICENSE_START======================================================= + * PROJECT + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.certification.exception; + +import org.webjars.NotFoundException; + +public class Cmpv2ServerNotFoundException extends NotFoundException { + public Cmpv2ServerNotFoundException(String message) { + super(message); + } +} diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/model/CsrModel.java b/certService/src/main/java/org/onap/aaf/certservice/certification/model/CsrModel.java index 2421c5a4..b59f4e3a 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/model/CsrModel.java +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/model/CsrModel.java @@ -21,6 +21,13 @@ package org.onap.aaf.certservice.certification.model; import java.io.IOException; +import java.security.KeyFactory; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.PKCS8EncodedKeySpec; +import java.security.spec.X509EncodedKeySpec; import java.util.Arrays; import java.util.List; import java.util.Objects; @@ -35,50 +42,127 @@ import org.bouncycastle.pkcs.PKCS10CertificationRequest; import org.bouncycastle.util.io.pem.PemObject; import org.onap.aaf.certservice.certification.exception.CsrDecryptionException; +import org.onap.aaf.certservice.certification.exception.DecryptionException; +import org.onap.aaf.certservice.certification.exception.KeyDecryptionException; public class CsrModel { private final PKCS10CertificationRequest csr; - private final PemObject privateKey; + private final X500Name subjectData; + private final PrivateKey privateKey; + private final PublicKey publicKey; + private final List<String> sans; - public CsrModel(PKCS10CertificationRequest csr, PemObject privateKey) { + CsrModel( + PKCS10CertificationRequest csr, X500Name subjectData, + PrivateKey privateKey, PublicKey publicKey, List<String> sans) { this.csr = csr; + this.subjectData = subjectData; this.privateKey = privateKey; + this.publicKey = publicKey; + this.sans = sans; } - public PemObject getPublicKey() throws CsrDecryptionException { - try { - return new PemObject("PUBLIC KEY", csr.getSubjectPublicKeyInfo().getEncoded()); - } catch (IOException e) { - throw new CsrDecryptionException("Reading Public Key from CSR failed", e.getCause()); - } + public PKCS10CertificationRequest getCsr() { + return csr; } - public PemObject getPrivateKey() { - return privateKey; + public X500Name getSubjectData() { + return subjectData; } - public X500Name getSubjectData() { - return csr.getSubject(); + public PrivateKey getPrivateKey() { + return privateKey; } - public List<String> getSansData() { - Extensions extensions = - Extensions.getInstance(csr.getAttributes()[0].getAttrValues().getObjectAt(0)); - GeneralName[] arrayOfAlternativeNames = - GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName).getNames(); + public PublicKey getPublicKey() { + return publicKey; + } - return Arrays.stream(arrayOfAlternativeNames) - .map(GeneralName::getName) - .map(Objects::toString) - .collect(Collectors.toList()); + public List<String> getSans() { + return sans; } @Override public String toString() { - return "Subject: { " + getSubjectData().toString() - + " ,SANs: " + getSansData().toString() + " }"; + return "Subject: { " + subjectData + + " ,SANs: " + sans + " }"; + } + + public static class CsrModelBuilder { + + private final PKCS10CertificationRequest csr; + private final PemObject privateKey; + + public CsrModel build() + throws DecryptionException + { + + X500Name subjectData = getSubjectData(); + PrivateKey javaPrivateKey = convertingPemPrivateKeyToJavaSecurityPrivateKey(getPrivateKey()); + PublicKey javaPublicKey = convertingPemPublicKeyToJavaSecurityPublicKey(getPublicKey()); + List<String> sans = getSansData(); + + return new CsrModel(csr, subjectData, javaPrivateKey, javaPublicKey, sans); + } + + public CsrModelBuilder(PKCS10CertificationRequest csr, PemObject privateKey) { + this.csr = csr; + this.privateKey = privateKey; + } + + private PemObject getPublicKey() throws CsrDecryptionException { + try { + return new PemObject("PUBLIC KEY", csr.getSubjectPublicKeyInfo().getEncoded()); + } catch (IOException e) { + throw new CsrDecryptionException("Reading Public Key from CSR failed", e.getCause()); + } + } + + private PemObject getPrivateKey() { + return privateKey; + } + + private X500Name getSubjectData() { + return csr.getSubject(); + } + + private List<String> getSansData() { + Extensions extensions = + Extensions.getInstance(csr.getAttributes()[0].getAttrValues().getObjectAt(0)); + GeneralName[] arrayOfAlternativeNames = + GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName).getNames(); + + return Arrays.stream(arrayOfAlternativeNames) + .map(GeneralName::getName) + .map(Objects::toString) + .collect(Collectors.toList()); + } + + private PrivateKey convertingPemPrivateKeyToJavaSecurityPrivateKey(PemObject privateKey) + throws KeyDecryptionException + { + try { + KeyFactory factory = KeyFactory.getInstance("RSA"); + PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(privateKey.getContent()); + return factory.generatePrivate(keySpec); + } catch (NoSuchAlgorithmException | InvalidKeySpecException e) { + throw new KeyDecryptionException("Converting Private Key failed", e.getCause()); + } + } + + private PublicKey convertingPemPublicKeyToJavaSecurityPublicKey(PemObject publicKey) + throws KeyDecryptionException + { + try { + KeyFactory factory = KeyFactory.getInstance("RSA"); + X509EncodedKeySpec keySpec = new X509EncodedKeySpec(publicKey.getContent()); + return factory.generatePublic(keySpec); + } catch (InvalidKeySpecException | NoSuchAlgorithmException e) { + throw new KeyDecryptionException("Converting Public Key from CSR failed", e.getCause()); + } + } } } diff --git a/certService/src/main/resources/log4j2.xml b/certService/src/main/resources/log4j2.xml index 48cc23c8..f814b4bd 100644 --- a/certService/src/main/resources/log4j2.xml +++ b/certService/src/main/resources/log4j2.xml @@ -14,25 +14,24 @@ <LevelRangeFilter maxLevel="ERROR" minLevel="ERROR"/> <PatternLayout pattern="[%d{ISO8601}][%-5p][%-5c] %m%n"/> <Policies> - <SizeBasedTriggeringPolicy size="64 MB"/> + <SizeBasedTriggeringPolicy size="50 MB"/> </Policies> <DefaultRolloverStrategy max="10"/> </RollingFile> - <RollingFile fileName="var/log/onap/aaf/certservice/trace.log" filePattern="logs/trace-%d{yyyy-MM-dd}-%i.log" name="TRACE_LOG"> - <LevelRangeFilter maxLevel="TRACE" minLevel="ERROR"/> + <RollingFile fileName="var/log/onap/aaf/certservice/debug.log" filePattern="logs/debug-%d{yyyy-MM-dd}-%i.log" name="DEBUG_LOG"> + <LevelRangeFilter maxLevel="DEBUG" minLevel="ERROR"/> <PatternLayout pattern="[%d{ISO8601}][%-5p][%-5c] %m%n"/> <Policies> - <SizeBasedTriggeringPolicy size="64 MB"/> + <SizeBasedTriggeringPolicy size="50 MB"/> </Policies> - <DefaultRolloverStrategy max="10"/> </RollingFile> <RollingFile fileName="var/log/onap/aaf/certservice/audit.log" filePattern="logs/audit-%d{yyyy-MM-dd}-%i.log" name="AUDIT_LOG"> <LevelRangeFilter maxLevel="INFO" minLevel="INFO"/> <PatternLayout pattern="[%d{ISO8601}][%-5p][%-5c] %m%n"/> <Policies> - <SizeBasedTriggeringPolicy size="32 MB"/> + <SizeBasedTriggeringPolicy size="50 MB"/> </Policies> <DefaultRolloverStrategy max="10"/> </RollingFile> @@ -48,10 +47,10 @@ <Logger name="io.micrometer" level="ERROR"/> <Logger name="io.swagger" level="ERROR"/> - <Root additivity="false" level="TRACE"> + <Root additivity="false" level="DEBUG"> <AppenderRef ref="CONSOLE"/> <AppenderRef ref="ERROR_LOG"/> - <AppenderRef ref="TRACE_LOG"/> + <AppenderRef ref="DEBUG_LOG"/> <AppenderRef ref="AUDIT_LOG"/> </Root> diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/exception/CertificationExceptionControllerTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/CertificationExceptionControllerTest.java index 3dc93035..1a92c0c8 100644 --- a/certService/src/test/java/org/onap/aaf/certservice/certification/exception/CertificationExceptionControllerTest.java +++ b/certService/src/test/java/org/onap/aaf/certservice/certification/CertificationExceptionControllerTest.java @@ -18,12 +18,15 @@ * ============LICENSE_END========================================================= */ -package org.onap.aaf.certservice.certification.exception; +package org.onap.aaf.certservice.certification; import com.google.gson.Gson; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; -import org.onap.aaf.certservice.certification.CertificationExceptionController; +import org.onap.aaf.certservice.certification.exception.Cmpv2ServerNotFoundException; +import org.onap.aaf.certservice.certification.exception.CsrDecryptionException; +import org.onap.aaf.certservice.certification.exception.ErrorResponseModel; +import org.onap.aaf.certservice.certification.exception.KeyDecryptionException; import org.springframework.http.ResponseEntity; import static org.junit.jupiter.api.Assertions.assertEquals; @@ -68,4 +71,18 @@ class CertificationExceptionControllerTest { assertEquals(expectedMessage, response.getErrorMessage()); } + @Test + void shouldReturnResponseEntityWithAppropriateErrorMessageWhenGivenCaNameIsNotPresentInConfig() { + // given + String expectedMessage = "Certification authority not found for given CAName"; + Cmpv2ServerNotFoundException csrDecryptionException = new Cmpv2ServerNotFoundException("test Ca exception"); + + // when + ResponseEntity<String> responseEntity = certificationExceptionController.handle(csrDecryptionException); + + ErrorResponseModel response = new Gson().fromJson(responseEntity.getBody(), ErrorResponseModel.class); + + // then + assertEquals(expectedMessage, response.getErrorMessage()); + } } diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/CertificationModelFactoryTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/CertificationModelFactoryTest.java index 2953af78..50e604e2 100644 --- a/certService/src/test/java/org/onap/aaf/certservice/certification/CertificationModelFactoryTest.java +++ b/certService/src/test/java/org/onap/aaf/certservice/certification/CertificationModelFactoryTest.java @@ -22,36 +22,52 @@ package org.onap.aaf.certservice.certification; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; +import org.mockito.Mock; +import org.mockito.junit.jupiter.MockitoExtension; +import org.onap.aaf.certservice.certification.configuration.Cmpv2ServerProvider; +import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server; +import org.onap.aaf.certservice.certification.exception.Cmpv2ServerNotFoundException; import org.onap.aaf.certservice.certification.model.CertificationModel; import org.onap.aaf.certservice.certification.model.CsrModel; +import java.util.Optional; + import static org.assertj.core.api.Assertions.assertThat; import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertThrows; +import static org.junit.jupiter.api.Assertions.assertTrue; import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; import static org.onap.aaf.certservice.certification.CertificationData.CA_CERT; import static org.onap.aaf.certservice.certification.CertificationData.ENTITY_CERT; import static org.onap.aaf.certservice.certification.CertificationData.INTERMEDIATE_CERT; import static org.onap.aaf.certservice.certification.CertificationData.EXTRA_CA_CERT; - +@ExtendWith(MockitoExtension.class) class CertificationModelFactoryTest { + private static final String TEST_CA = "testCA"; private CertificationModelFactory certificationModelFactory; + @Mock + Cmpv2ServerProvider cmpv2ServerProvider; + @BeforeEach void setUp() { - certificationModelFactory = new CertificationModelFactory(); + certificationModelFactory = new CertificationModelFactory(cmpv2ServerProvider); } @Test void shouldCreateProperCertificationModelWhenGivenProperCsrModelAndCaName() { // given - final String testCaName = "testCA"; CsrModel mockedCsrModel = mock(CsrModel.class); + when(cmpv2ServerProvider.getCmpv2Server(TEST_CA)).thenReturn(Optional.of(createTestCmpv2Server())); // when - CertificationModel certificationModel = certificationModelFactory.createCertificationModel(mockedCsrModel ,testCaName); + CertificationModel certificationModel = + certificationModelFactory.createCertificationModel(mockedCsrModel ,TEST_CA); //then assertEquals(2, certificationModel.getCertificateChain().size()); @@ -60,4 +76,24 @@ class CertificationModelFactoryTest { assertThat(certificationModel.getTrustedCertificates()).contains(CA_CERT, EXTRA_CA_CERT); } + @Test + void shouldThrowCmpv2ServerNotFoundExceptionWhenGivenWrongCaName() { + // given + String expectedMessage = "CA not found"; + CsrModel mockedCsrModel = mock(CsrModel.class); + when(cmpv2ServerProvider.getCmpv2Server(TEST_CA)).thenThrow(new Cmpv2ServerNotFoundException(expectedMessage)); + + // when + Exception exception = assertThrows( + Cmpv2ServerNotFoundException.class, () -> + certificationModelFactory.createCertificationModel(mockedCsrModel ,TEST_CA) + ); + + // then + assertTrue(exception.getMessage().contains(expectedMessage)); + } + + private Cmpv2Server createTestCmpv2Server() { + return new Cmpv2Server(); + } } diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/CmpServersConfigLoaderTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/CmpServersConfigLoaderTest.java index b4eec400..cf8c07a1 100644 --- a/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/CmpServersConfigLoaderTest.java +++ b/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/CmpServersConfigLoaderTest.java @@ -88,9 +88,9 @@ class CmpServersConfigLoaderTest { private void verifyThatCmpServerEquals(Cmpv2Server cmpv2Server, Map<String, String> expected) { assertThat(cmpv2Server.getCaName()).isEqualTo(expected.get("CA_NAME")); assertThat(cmpv2Server.getUrl()).isEqualTo(expected.get("URL")); - assertThat(cmpv2Server.getIssuerDN()).isEqualTo(expected.get("ISSUER_DN")); + assertThat(cmpv2Server.getIssuerDN().toString()).isEqualTo(expected.get("ISSUER_DN")); assertThat(cmpv2Server.getCaMode().name()).isEqualTo(expected.get("CA_MODE")); assertThat(cmpv2Server.getAuthentication().getIak()).isEqualTo(expected.get("IAK")); assertThat(cmpv2Server.getAuthentication().getRv()).isEqualTo(expected.get("RV")); } -}
\ No newline at end of file +} diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/Cmpv2ServerProviderTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/Cmpv2ServerProviderTest.java new file mode 100644 index 00000000..20a85783 --- /dev/null +++ b/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/Cmpv2ServerProviderTest.java @@ -0,0 +1,97 @@ +/* + * ============LICENSE_START======================================================= + * PROJECT + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.certification.configuration; + +import org.bouncycastle.asn1.x500.X500Name; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; +import org.mockito.Mock; +import org.mockito.junit.jupiter.MockitoExtension; +import org.onap.aaf.certservice.certification.configuration.model.Authentication; +import org.onap.aaf.certservice.certification.configuration.model.CaMode; +import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server; + +import java.util.Collections; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.mockito.Mockito.when; + +@ExtendWith(MockitoExtension.class) +class Cmpv2ServerProviderTest { + + private static final String TEST_CA = "testCA"; + + private Cmpv2ServerProvider cmpv2ServerProvider; + + @Mock + private CmpServersConfig cmpServersConfig; + + @BeforeEach + void setUp() { + cmpv2ServerProvider = + new Cmpv2ServerProvider(cmpServersConfig); + } + + @Test + void shouldReturnOptionalWithServerWhenServerWithGivenCaNameIsPresentInConfig() { + // given + Cmpv2Server testServer = createTestServer(); + when(cmpServersConfig.getCmpServers()).thenReturn(Collections.singletonList(testServer)); + + // when + Cmpv2Server receivedServer = cmpv2ServerProvider + .getCmpv2Server(TEST_CA) + .get(); + + // then + assertThat(receivedServer).isEqualToComparingFieldByField(testServer); + } + + + @Test + void shouldReturnEmptyOptionalWhenServerWithGivenCaNameIsNotPresentInConfig() { + // given + when(cmpServersConfig.getCmpServers()).thenReturn(Collections.emptyList()); + + // when + Boolean isEmpty = cmpv2ServerProvider + .getCmpv2Server(TEST_CA) + .isEmpty(); + + // then + assertThat(isEmpty).isTrue(); + } + + private Cmpv2Server createTestServer() { + Cmpv2Server testServer = new Cmpv2Server(); + testServer.setCaName(TEST_CA); + testServer.setIssuerDN(new X500Name("CN=testIssuer")); + testServer.setUrl("http://test.ca.server"); + Authentication testAuthentication = new Authentication(); + testAuthentication.setIak("testIak"); + testAuthentication.setRv("testRv"); + testServer.setAuthentication(testAuthentication); + testServer.setCaMode(CaMode.RA); + + return testServer; + } +} diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/validation/Cmpv2ServerConfigurationValidatorTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/validation/Cmpv2ServerConfigurationValidatorTest.java index ea15740c..18097608 100644 --- a/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/validation/Cmpv2ServerConfigurationValidatorTest.java +++ b/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/validation/Cmpv2ServerConfigurationValidatorTest.java @@ -20,6 +20,7 @@ package org.onap.aaf.certservice.certification.configuration.validation; +import org.bouncycastle.asn1.x500.X500Name; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.junit.jupiter.api.extension.ExtendWith; @@ -84,15 +85,6 @@ class Cmpv2ServerConfigurationValidatorTest { } @Test - public void givenWrongIssuerDNLengthInURLServerDetailsWhenValidatingShouldThrowException() { - //given - server.setIssuerDN("123"); - - //then - assertThrows(IllegalArgumentException.class, () -> validator.validate(server)); - } - - @Test public void givenWrongRVLengthInURLServerDetailsWhenValidatingShouldThrowException() { //given authentication.setRv(""); @@ -114,7 +106,7 @@ class Cmpv2ServerConfigurationValidatorTest { server = new Cmpv2Server(); server.setCaMode(CaMode.CLIENT); server.setCaName("TEST"); - server.setIssuerDN("CN=ManagementCA"); + server.setIssuerDN(new X500Name("CN=ManagementCA")); server.setUrl("http://127.0.0.1/ejbca/publicweb/cmp/cmp"); server.setAuthentication(authentication); } @@ -124,4 +116,4 @@ class Cmpv2ServerConfigurationValidatorTest { authentication.setRv("testRV"); authentication.setIak("testIAK"); } -}
\ No newline at end of file +} diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/model/CsrModelTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/model/CsrModelTest.java index bde1dcce..f47f495f 100644 --- a/certService/src/test/java/org/onap/aaf/certservice/certification/model/CsrModelTest.java +++ b/certService/src/test/java/org/onap/aaf/certservice/certification/model/CsrModelTest.java @@ -33,14 +33,13 @@ import org.onap.aaf.certservice.certification.exception.KeyDecryptionException; import java.io.IOException; import static org.assertj.core.api.Assertions.assertThat; -import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; import static org.onap.aaf.certservice.certification.TestData.TEST_CSR; +import static org.onap.aaf.certservice.certification.TestData.TEST_PEM; import static org.onap.aaf.certservice.certification.TestData.TEST_PK; -import static org.onap.aaf.certservice.certification.TestUtils.pemObjectToString; class CsrModelTest { @@ -52,20 +51,21 @@ class CsrModelTest { @Test void shouldByConstructedAndReturnProperFields() throws DecryptionException, IOException { // given + PemObject testPrivateKey = getPemPrivateKey(); PemObject testPublicKey = generateTestPublicKey(); + PKCS10CertificationRequest testCsr = generateTestCertificationRequest(); // when - CsrModel csrModel = generateTestCsrModel(); - + CsrModel csrModel = generateTestCsrModel(testCsr); // then - assertEquals( - pemObjectToString(csrModel.getPrivateKey()).trim(), - TEST_PK.trim()); - assertEquals( - pemObjectToString(csrModel.getPublicKey()).trim(), - pemObjectToString((testPublicKey)).trim()); - assertThat(csrModel.getSansData()) + assertThat(csrModel.getCsr()) + .isEqualTo(testCsr); + assertThat(csrModel.getPrivateKey().getEncoded()) + .contains(testPrivateKey.getContent()); + assertThat(csrModel.getPublicKey().getEncoded()) + .contains(testPublicKey.getContent()); + assertThat(csrModel.getSans()) .contains( "gerrit.onap.org", "test.onap.org", "onap.com"); assertThat(csrModel.getSubjectData().toString()) @@ -74,24 +74,20 @@ class CsrModelTest { } @Test - void shouldThrowExceptionWhenPublicKeyIsNotCorrect() throws KeyDecryptionException, IOException { + void shouldThrowExceptionWhenPublicKeyIsNotCorrect() throws DecryptionException, IOException { // given - PemObjectFactory pemObjectFactory = new PemObjectFactory(); + PemObject testPrivateKey = getPemPrivateKey(); PKCS10CertificationRequest testCsr = mock(PKCS10CertificationRequest.class); SubjectPublicKeyInfo wrongKryInfo = mock(SubjectPublicKeyInfo.class); when(testCsr.getSubjectPublicKeyInfo()) .thenReturn(wrongKryInfo); when(wrongKryInfo.getEncoded()) .thenThrow(new IOException()); - PemObject testPrivateKey = pemObjectFactory.createPemObject(TEST_PK).orElseThrow( - () -> new KeyDecryptionException("Private key decoding fail") - ); - CsrModel csrModel = new CsrModel(testCsr, testPrivateKey); // when Exception exception = assertThrows( CsrDecryptionException.class, - csrModel::getPublicKey + () -> new CsrModel.CsrModelBuilder(testCsr, testPrivateKey).build() ); String expectedMessage = "Reading Public Key from CSR failed"; @@ -101,12 +97,74 @@ class CsrModelTest { assertTrue(actualMessage.contains(expectedMessage)); } - private CsrModel generateTestCsrModel() throws DecryptionException { + @Test + void shouldThrowExceptionWhenPrivateKeyPemIsNotProperPrivateKey() throws KeyDecryptionException, IOException { + // given + PemObject testPrivateKey = getPemWrongKey(); + PKCS10CertificationRequest testCsr = mock(PKCS10CertificationRequest.class); + SubjectPublicKeyInfo wrongKryInfo = mock(SubjectPublicKeyInfo.class); + when(testCsr.getSubjectPublicKeyInfo()) + .thenReturn(wrongKryInfo); + when(wrongKryInfo.getEncoded()) + .thenThrow(new IOException()); + + // when + Exception exception = assertThrows( + KeyDecryptionException.class, + () -> new CsrModel.CsrModelBuilder(testCsr, testPrivateKey).build() + ); + + String expectedMessage = "Converting Private Key failed"; + String actualMessage = exception.getMessage(); + + // then + assertTrue(actualMessage.contains(expectedMessage)); + } + + @Test + void shouldThrowExceptionWhenPublicKeyPemIsNotProperPublicKey() throws KeyDecryptionException, IOException { + // given + PemObject testPrivateKey = getPemPrivateKey(); + PemObject testPublicKey = getPemWrongKey(); + PKCS10CertificationRequest testCsr = mock(PKCS10CertificationRequest.class); + SubjectPublicKeyInfo wrongKryInfo = mock(SubjectPublicKeyInfo.class); + when(testCsr.getSubjectPublicKeyInfo()) + .thenReturn(wrongKryInfo); + when(wrongKryInfo.getEncoded()) + .thenReturn(testPublicKey.getContent()); + + // when + Exception exception = assertThrows( + KeyDecryptionException.class, + () -> new CsrModel.CsrModelBuilder(testCsr, testPrivateKey).build() + ); + + String expectedMessage = "Converting Public Key from CSR failed"; + String actualMessage = exception.getMessage(); + + // then + assertTrue(actualMessage.contains(expectedMessage)); + } + + private PemObject getPemPrivateKey() throws KeyDecryptionException { + PemObjectFactory pemObjectFactory = new PemObjectFactory(); + return pemObjectFactory.createPemObject(TEST_PK).orElseThrow( + () -> new KeyDecryptionException("Private key decoding fail") + ); + } + + private PemObject getPemWrongKey() throws KeyDecryptionException { + PemObjectFactory pemObjectFactory = new PemObjectFactory(); + return pemObjectFactory.createPemObject(TEST_PEM).orElseThrow( + () -> new KeyDecryptionException("Private key decoding fail") + ); + } + + private CsrModel generateTestCsrModel(PKCS10CertificationRequest testCsr) throws DecryptionException { PemObject testPrivateKey = pemObjectFactory.createPemObject(TEST_PK).orElseThrow( () -> new DecryptionException("Incorrect Private Key, decryption failed") ); - PKCS10CertificationRequest testCsr = generateTestCertificationRequest(); - return new CsrModel(testCsr, testPrivateKey); + return new CsrModel.CsrModelBuilder(testCsr, testPrivateKey).build(); } private PemObject generateTestPublicKey() throws DecryptionException, IOException { |