diff options
Diffstat (limited to 'certService')
6 files changed, 23 insertions, 102 deletions
diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationProvider.java b/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationProvider.java index fa2d88ab..6068237c 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationProvider.java +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationProvider.java @@ -22,7 +22,6 @@ package org.onap.aaf.certservice.certification; import org.onap.aaf.certservice.certification.adapter.Cmpv2ClientAdapter; import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server; -import org.onap.aaf.certservice.certification.exception.Cmpv2ClientAdapterException; import org.onap.aaf.certservice.certification.model.CertificationModel; import org.onap.aaf.certservice.certification.model.CsrModel; import org.onap.aaf.certservice.cmpv2client.exceptions.CmpClientException; @@ -40,7 +39,7 @@ public class CertificationProvider { } CertificationModel signCsr(CsrModel csrModel, Cmpv2Server server) - throws CmpClientException, Cmpv2ClientAdapterException { + throws CmpClientException { return cmpv2ClientAdapter.callCmpClient(csrModel, server); } diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapter.java b/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapter.java index 2477c421..96fe4607 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapter.java +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapter.java @@ -20,26 +20,16 @@ package org.onap.aaf.certservice.certification.adapter; -import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.StringWriter; -import java.security.NoSuchProviderException; -import java.security.PrivateKey; -import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.util.List; import java.util.stream.Collectors; -import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.cert.X509v3CertificateBuilder; import org.bouncycastle.openssl.jcajce.JcaMiscPEMGenerator; -import org.bouncycastle.operator.ContentSigner; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.pkcs.PKCS10CertificationRequest; import org.bouncycastle.util.io.pem.PemObjectGenerator; import org.bouncycastle.util.io.pem.PemWriter; import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server; -import org.onap.aaf.certservice.certification.exception.Cmpv2ClientAdapterException; import org.onap.aaf.certservice.certification.model.CertificationModel; import org.onap.aaf.certservice.certification.model.CsrModel; import org.onap.aaf.certservice.cmpv2client.api.CmpClient; @@ -55,18 +45,10 @@ public class Cmpv2ClientAdapter { private static final Logger LOGGER = LoggerFactory.getLogger(Cmpv2ClientAdapter.class); private final CmpClient cmpClient; - private final RsaContentSignerBuilder rsaContentSignerBuilder; - private final X509CertificateBuilder x509CertificateBuilder; - private final CertificateFactoryProvider certificateFactoryProvider; @Autowired - public Cmpv2ClientAdapter(CmpClient cmpClient, RsaContentSignerBuilder rsaContentSignerBuilder, - X509CertificateBuilder x509CertificateBuilder, - CertificateFactoryProvider certificateFactoryProvider) { + public Cmpv2ClientAdapter(CmpClient cmpClient) { this.cmpClient = cmpClient; - this.rsaContentSignerBuilder = rsaContentSignerBuilder; - this.x509CertificateBuilder = x509CertificateBuilder; - this.certificateFactoryProvider = certificateFactoryProvider; } /** @@ -76,13 +58,10 @@ public class Cmpv2ClientAdapter { * @param server Cmp Server configuration from cmpServers.json * @return container for returned certificates * @throws CmpClientException Exceptions which comes from Cmp Client - * @throws Cmpv2ClientAdapterException Exceptions which comes from Adapter itself */ public CertificationModel callCmpClient(CsrModel csrModel, Cmpv2Server server) - throws CmpClientException, Cmpv2ClientAdapterException { - List<List<X509Certificate>> certificates = cmpClient.createCertificate(server.getCaName(), - server.getCaMode().getProfile(), csrModel, server, - convertCsrToX509Certificate(csrModel.getCsr(), csrModel.getPrivateKey())); + throws CmpClientException { + List<List<X509Certificate>> certificates = cmpClient.createCertificate(csrModel, server); return new CertificationModel(convertFromX509CertificateListToPemList(certificates.get(0)), convertFromX509CertificateListToPemList(certificates.get(1))); } @@ -98,19 +77,6 @@ public class Cmpv2ClientAdapter { return sw.toString(); } - private X509Certificate convertCsrToX509Certificate(PKCS10CertificationRequest csr, PrivateKey privateKey) - throws Cmpv2ClientAdapterException { - try { - X509v3CertificateBuilder certificateGenerator = x509CertificateBuilder.build(csr); - ContentSigner signer = rsaContentSignerBuilder.build(csr, privateKey); - X509CertificateHolder holder = certificateGenerator.build(signer); - return certificateFactoryProvider - .generateCertificate(new ByteArrayInputStream(holder.toASN1Structure().getEncoded())); - } catch (IOException | CertificateException | OperatorCreationException | NoSuchProviderException e) { - throw new Cmpv2ClientAdapterException(e); - } - } - private List<String> convertFromX509CertificateListToPemList(List<X509Certificate> certificates) { return certificates.stream().map(this::convertFromX509CertificateToPem).filter(cert -> !cert.isEmpty()) .collect(Collectors.toList()); diff --git a/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/api/CmpClient.java b/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/api/CmpClient.java index 7de3b712..6ff1bf68 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/api/CmpClient.java +++ b/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/api/CmpClient.java @@ -41,13 +41,8 @@ public interface CmpClient { * IAK/RV, Verification of the signature (proof-of-possession) on the request is performed and an * Exception thrown if verification fails or issue encountered in fetching certificate from CA. * - * @param caName Information about the External Root Certificate Authority (CA) performing the - * event CA Name. Could be {@code null}. - * @param profile Profile on CA server Client/RA Mode configuration on Server. Could be {@code - * null}. * @param csrModel Certificate Signing Request model. Must not be {@code null}. * @param server CMPv2 Server. Must not be {@code null}. - * @param csr Certificate Signing Request {.cer} file. Must not be {@code null}. * @param notBefore An optional validity to set in the created certificate, Certificate not valid * before this date. * @param notAfter An optional validity to set in the created certificate, Certificate not valid @@ -56,11 +51,8 @@ public interface CmpClient { * @throws CmpClientException if client error occurs. */ List<List<X509Certificate>> createCertificate( - String caName, - String profile, CsrModel csrModel, Cmpv2Server server, - X509Certificate csr, Date notBefore, Date notAfter) throws CmpClientException; @@ -71,21 +63,13 @@ public interface CmpClient { * IAK/RV, Verification of the signature (proof-of-possession) on the request is performed and an * Exception thrown if verification fails or issue encountered in fetching certificate from CA. * - * @param caName Information about the External Root Certificate Authority (CA) performing the - * event CA Name. Could be {@code null}. - * @param profile Profile on CA server Client/RA Mode configuration on Server. Could be {@code - * null}. * @param csrModel Certificate Signing Request Model. Must not be {@code null}. * @param server CMPv2 server. Must not be {@code null}. - * @param csr Certificate Signing Request {.cer} file. Must not be {@code null}. * @return {@link X509Certificate} The newly created Certificate. * @throws CmpClientException if client error occurs. */ List<List<X509Certificate>> createCertificate( - String caName, - String profile, CsrModel csrModel, - Cmpv2Server server, - X509Certificate csr) + Cmpv2Server server) throws CmpClientException; } diff --git a/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpClientImpl.java b/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpClientImpl.java index 79656e91..08c43031 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpClientImpl.java +++ b/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpClientImpl.java @@ -48,6 +48,7 @@ import org.bouncycastle.asn1.cmp.PKIBody; import org.bouncycastle.asn1.cmp.PKIHeader; import org.bouncycastle.asn1.cmp.PKIMessage; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.onap.aaf.certservice.certification.configuration.model.CaMode; import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server; import org.onap.aaf.certservice.certification.model.CsrModel; import org.onap.aaf.certservice.cmpv2client.exceptions.CmpClientException; @@ -64,7 +65,6 @@ public class CmpClientImpl implements CmpClient { private static final Logger LOG = LoggerFactory.getLogger(CmpClientImpl.class); private final CloseableHttpClient httpClient; - private static final String DEFAULT_PROFILE = "RA"; private static final String DEFAULT_CA_NAME = "Certification Authority"; public CmpClientImpl(CloseableHttpClient httpClient) { @@ -73,16 +73,13 @@ public class CmpClientImpl implements CmpClient { @Override public List<List<X509Certificate>> createCertificate( - String caName, - String profile, CsrModel csrModel, Cmpv2Server server, - X509Certificate cert, Date notBefore, Date notAfter) throws CmpClientException { - validate(csrModel, server, cert, caName, profile, httpClient, notBefore, notAfter); + validate(csrModel, server, httpClient, notBefore, notAfter); KeyPair keyPair = new KeyPair(csrModel.getPublicKey(), csrModel.getPrivateKey()); final CreateCertRequest certRequest = @@ -99,14 +96,13 @@ public class CmpClientImpl implements CmpClient { final PKIMessage pkiMessage = certRequest.generateCertReq(); Cmpv2HttpClient cmpv2HttpClient = new Cmpv2HttpClient(httpClient); - return retrieveCertificates(caName, csrModel, server, pkiMessage, cmpv2HttpClient); + return retrieveCertificates(csrModel, server, pkiMessage, cmpv2HttpClient); } @Override - public List<List<X509Certificate>> createCertificate( - String caName, String profile, CsrModel csrModel, Cmpv2Server server, X509Certificate csr) + public List<List<X509Certificate>> createCertificate(CsrModel csrModel, Cmpv2Server server) throws CmpClientException { - return createCertificate(caName, profile, csrModel, server, csr, null, null); + return createCertificate(csrModel, server, null, null); } private void checkCmpResponse( @@ -197,23 +193,18 @@ public class CmpClientImpl implements CmpClient { * * @param csrModel Certificate Signing Request model. Must not be {@code null}. * @param server CMPv2 Server. Must not be {@code null}. - * @param cert Certificate object needed to validate response from CA server. - * @param incomingCaName Date specifying certificate is not valid before this date. - * @param incomingProfile Date specifying certificate is not valid after this date. * @throws IllegalArgumentException if Before Date is set after the After Date. */ private static void validate( final CsrModel csrModel, final Cmpv2Server server, - final X509Certificate cert, - final String incomingCaName, - final String incomingProfile, final CloseableHttpClient httpClient, final Date notBefore, final Date notAfter) { - String caName = CmpUtil.isNullOrEmpty(incomingCaName) ? incomingCaName : DEFAULT_CA_NAME; - String caProfile = CmpUtil.isNullOrEmpty(incomingProfile) ? incomingProfile : DEFAULT_PROFILE; + + String caName = CmpUtil.isNullOrEmpty(server.getCaName()) ? server.getCaName() : DEFAULT_CA_NAME; + String caProfile = server.getCaMode() != null ? String.valueOf(server.getCaMode()) : String.valueOf(CaMode.RA); LOG.info( "Validate before creating Certificate Request for CA :{} in Mode {} ", caName, caProfile); @@ -224,7 +215,6 @@ public class CmpClientImpl implements CmpClient { CmpUtil.notNull(server.getIssuerDN(), "Issuer DN"); CmpUtil.notNull(server.getUrl(), "External CA URL"); CmpUtil.notNull(server.getAuthentication().getIak(), "IAK/RV Password"); - CmpUtil.notNull(cert, "Certificate Signing Request (CSR)"); CmpUtil.notNull(httpClient, "Closeable Http Client"); if (notBefore != null && notAfter != null && notBefore.compareTo(notAfter) > 0) { @@ -233,9 +223,9 @@ public class CmpClientImpl implements CmpClient { } private List<List<X509Certificate>> retrieveCertificates( - String caName, CsrModel csrModel, Cmpv2Server server, PKIMessage pkiMessage, Cmpv2HttpClient cmpv2HttpClient) + CsrModel csrModel, Cmpv2Server server, PKIMessage pkiMessage, Cmpv2HttpClient cmpv2HttpClient) throws CmpClientException { - final byte[] respBytes = cmpv2HttpClient.postRequest(pkiMessage, server.getUrl(), caName); + final byte[] respBytes = cmpv2HttpClient.postRequest(pkiMessage, server.getUrl(), server.getCaName()); try { final PKIMessage respPkiMessage = PKIMessage.getInstance(respBytes); LOG.info("Received response from Server"); diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapterTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapterTest.java index e18d1ffb..56a29e85 100644 --- a/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapterTest.java +++ b/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapterTest.java @@ -46,7 +46,6 @@ import org.mockito.Mock; import org.mockito.Mockito; import org.onap.aaf.certservice.certification.configuration.model.CaMode; import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server; -import org.onap.aaf.certservice.certification.exception.Cmpv2ClientAdapterException; import org.onap.aaf.certservice.certification.model.CertificationModel; import org.onap.aaf.certservice.certification.model.CsrModel; import org.onap.aaf.certservice.cmpv2client.api.CmpClient; @@ -97,7 +96,7 @@ class Cmpv2ClientAdapterTest { stubInternalProperties(); // When - Mockito.when(cmpClient.createCertificate(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any())) + Mockito.when(cmpClient.createCertificate(Mockito.any(), Mockito.any())) .thenThrow(new CmpClientException(TEST_MSG)); // Then @@ -107,12 +106,12 @@ class Cmpv2ClientAdapterTest { @Test void shouldConvertToCertificationModel() throws OperatorCreationException, CertificateException, NoSuchProviderException, IOException, - CmpClientException, Cmpv2ClientAdapterException { + CmpClientException { // Given stubInternalProperties(); // When - Mockito.when(cmpClient.createCertificate(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any())) + Mockito.when(cmpClient.createCertificate(Mockito.any(), Mockito.any())) .thenReturn(createCorrectClientResponse()); CertificationModel certificationModel = adapter.callCmpClient(csrModel, server); @@ -131,23 +130,6 @@ class Cmpv2ClientAdapterTest { Assertions.assertEquals(trustedCertificateModel, expectedTrustedCertificate); } - @Test - void adapterShouldThrowClientAdapterExceptionOnFailure() - throws OperatorCreationException, CertificateException, NoSuchProviderException, IOException, - CmpClientException { - // Given - stubInternalProperties(); - - // When - Mockito.when(cmpClient.createCertificate(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any())) - .thenReturn(createCorrectClientResponse()); - Mockito.when(certificateFactoryProvider.generateCertificate(Mockito.any())) - .thenThrow(new CertificateException(TEST_MSG)); - - // Then - Assertions.assertThrows(Cmpv2ClientAdapterException.class, () -> adapter.callCmpClient(csrModel, server)); - } - private List<List<X509Certificate>> createCorrectClientResponse() throws CertificateException, NoSuchProviderException { InputStream certificateChain = getClass().getClassLoader().getResourceAsStream("certificateChain.first"); diff --git a/certService/src/test/java/org/onap/aaf/certservice/cmpv2client/Cmpv2ClientTest.java b/certService/src/test/java/org/onap/aaf/certservice/cmpv2client/Cmpv2ClientTest.java index bea6b6a1..06eeecce 100644 --- a/certService/src/test/java/org/onap/aaf/certservice/cmpv2client/Cmpv2ClientTest.java +++ b/certService/src/test/java/org/onap/aaf/certservice/cmpv2client/Cmpv2ClientTest.java @@ -153,7 +153,7 @@ class Cmpv2ClientTest { CmpClientImpl cmpClient = spy(new CmpClientImpl(httpClient)); // when List<List<X509Certificate>> cmpClientResult = - cmpClient.createCertificate("data", "RA", csrModel, server, cert, notBefore, notAfter); + cmpClient.createCertificate(csrModel, server, notBefore, notAfter); // then assertNotNull(cmpClientResult); } @@ -192,7 +192,7 @@ class Cmpv2ClientTest { // then Assertions.assertThrows( CmpClientException.class, - () -> cmpClient.createCertificate("data", "RA", csrModel, server, cert, notBefore, notAfter)); + () -> cmpClient.createCertificate(csrModel, server, notBefore, notAfter)); } @Test @@ -229,7 +229,7 @@ class Cmpv2ClientTest { // then Assertions.assertThrows( CmpClientException.class, - () -> cmpClient.createCertificate("data", "RA", csrModel, server, cert, notBefore, notAfter)); + () -> cmpClient.createCertificate(csrModel, server, notBefore, notAfter)); } @Test @@ -248,7 +248,7 @@ class Cmpv2ClientTest { // then Assertions.assertThrows( IllegalArgumentException.class, - () -> cmpClient.createCertificate("data", "RA", csrModel, server, cert, notBefore, notAfter)); + () -> cmpClient.createCertificate(csrModel, server, notBefore, notAfter)); } @Test @@ -268,7 +268,7 @@ class Cmpv2ClientTest { // then Assertions.assertThrows( CmpClientException.class, - () -> cmpClient.createCertificate("data", "RA", csrModel, server, cert, notBefore, notAfter)); + () -> cmpClient.createCertificate(csrModel, server, notBefore, notAfter)); } private void setCsrModelAndServerValues(String iak, String rv, String externalCaUrl, Date notBefore, Date notAfter) { |