diff options
Diffstat (limited to 'certService')
12 files changed, 315 insertions, 12 deletions
diff --git a/certService/helm/aaf-cert-service/templates/deployment.yaml b/certService/helm/aaf-cert-service/templates/deployment.yaml index 2e16cbca..f8b2d43f 100644 --- a/certService/helm/aaf-cert-service/templates/deployment.yaml +++ b/certService/helm/aaf-cert-service/templates/deployment.yaml @@ -25,13 +25,13 @@ spec: livenessProbe: httpGet: port: {{ .Values.containerPort }} - path: {{ .Values.healthcheck.path }} + path: {{ .Values.liveness.path }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} readinessProbe: httpGet: port: {{ .Values.containerPort }} - path: {{ .Values.healthcheck.path }} + path: {{ .Values.readiness.path }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: diff --git a/certService/helm/aaf-cert-service/values.yaml b/certService/helm/aaf-cert-service/values.yaml index a971edd4..0dab1e32 100644 --- a/certService/helm/aaf-cert-service/values.yaml +++ b/certService/helm/aaf-cert-service/values.yaml @@ -9,11 +9,11 @@ service: liveness: initialDelaySeconds: 60 periodSeconds: 10 + path: /actuator/health readiness: initialDelaySeconds: 30 periodSeconds: 10 -healthcheck: - path: /actuator/health + path: /ready volume: name: aaf-cert-service-volume mountPath: /etc/onap/aaf/certservice diff --git a/certService/src/main/java/org/onap/aaf/certservice/api/ReadinessController.java b/certService/src/main/java/org/onap/aaf/certservice/api/ReadinessController.java new file mode 100644 index 00000000..e33bf512 --- /dev/null +++ b/certService/src/main/java/org/onap/aaf/certservice/api/ReadinessController.java @@ -0,0 +1,48 @@ +/* + * ============LICENSE_START======================================================= + * PROJECT + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.api; + +import org.onap.aaf.certservice.certification.configuration.CmpServersConfig; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RestController; + +@RestController +public class ReadinessController { + + private final CmpServersConfig cmpServersConfig; + + @Autowired + public ReadinessController(CmpServersConfig cmpServersConfig) { + this.cmpServersConfig = cmpServersConfig; + } + + @GetMapping("/ready") + public ResponseEntity<String> checkReady() { + if (cmpServersConfig.isReady()) { + return new ResponseEntity<>(HttpStatus.OK); + } else { + return new ResponseEntity<>(HttpStatus.SERVICE_UNAVAILABLE); + } + } +} diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/CsrModelFactory.java b/certService/src/main/java/org/onap/aaf/certservice/certification/CsrModelFactory.java index 9ce65e6a..501ed6d0 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/CsrModelFactory.java +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/CsrModelFactory.java @@ -83,7 +83,6 @@ public class CsrModelFactory { public Optional<String> asString() { try { String decodedString = new String(decoder.decode(value)); - LOGGER.debug("Decoded string: {}", decodedString); return Optional.of(decodedString); } catch(RuntimeException e) { LOGGER.error("Exception occurred during decoding:", e); diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/PemObjectFactory.java b/certService/src/main/java/org/onap/aaf/certservice/certification/PemObjectFactory.java index c2293d2d..1eb5270f 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/PemObjectFactory.java +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/PemObjectFactory.java @@ -39,7 +39,6 @@ public class PemObjectFactory { try (StringReader stringReader = new StringReader(pem); PemReader pemReader = new PemReader(stringReader)) { - LOGGER.debug("Creating pem object from: {}", pem); return Optional.ofNullable(pemReader.readPemObject()); } catch (DecoderException | IOException e) { LOGGER.error("Exception occurred during creation of PEM:", e); diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/CmpServersConfig.java b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/CmpServersConfig.java index a304b5a6..cea228c1 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/CmpServersConfig.java +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/CmpServersConfig.java @@ -35,15 +35,16 @@ import org.springframework.context.annotation.Configuration; public class CmpServersConfig { private static final Logger LOGGER = LoggerFactory.getLogger(CmpServersConfig.class); + private static final String INIT_CONFIGURATION = "Loading initial configuration"; + private static final String RELOADING_CONFIGURATION = "Reloading configuration"; private static final String LOADING_SUCCESS_MESSAGE = "CMP Servers configuration successfully loaded from file {}"; private static final String CMP_SERVERS_CONFIG_FILENAME = "cmpServers.json"; - private static final String INIT_CONFIGURATION = "Loading initial configuration"; - private static final String REFRESHING_CONFIGURATION = "Refreshing configuration"; private final String configPath; private final CmpServersConfigLoader cmpServersConfigLoader; private List<Cmpv2Server> cmpServers; + private volatile boolean isReady; @Autowired public CmpServersConfig(@Value("${app.config.path}") String configPath, @@ -54,8 +55,8 @@ public class CmpServersConfig { @PostConstruct void init() { - LOGGER.info(INIT_CONFIGURATION); try { + LOGGER.info(INIT_CONFIGURATION); loadConfiguration(); } catch (CmpServersConfigLoadingException e) { LOGGER.error(e.getMessage(), e.getCause()); @@ -63,18 +64,24 @@ public class CmpServersConfig { } public void reloadConfiguration() throws CmpServersConfigLoadingException { - LOGGER.info(REFRESHING_CONFIGURATION); + LOGGER.info(RELOADING_CONFIGURATION); loadConfiguration(); } - void loadConfiguration() throws CmpServersConfigLoadingException { + + synchronized void loadConfiguration() throws CmpServersConfigLoadingException { + isReady = false; String configFilePath = configPath + File.separator + CMP_SERVERS_CONFIG_FILENAME; this.cmpServers = Collections.unmodifiableList(cmpServersConfigLoader.load(configFilePath)); LOGGER.info(LOADING_SUCCESS_MESSAGE, configFilePath); + isReady = true; } public List<Cmpv2Server> getCmpServers() { return cmpServers; } + public boolean isReady() { + return isReady; + } } diff --git a/certService/src/test/java/org/onap/aaf/certservice/api/ReadinessControllerTest.java b/certService/src/test/java/org/onap/aaf/certservice/api/ReadinessControllerTest.java new file mode 100644 index 00000000..4000a38b --- /dev/null +++ b/certService/src/test/java/org/onap/aaf/certservice/api/ReadinessControllerTest.java @@ -0,0 +1,57 @@ +/* + * ============LICENSE_START======================================================= + * PROJECT + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.api; + +import static org.assertj.core.api.Assertions.assertThat; + +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; +import org.mockito.Mock; +import org.mockito.Mockito; +import org.mockito.junit.jupiter.MockitoExtension; +import org.onap.aaf.certservice.certification.configuration.CmpServersConfig; +import org.springframework.http.HttpStatus; + +@ExtendWith(MockitoExtension.class) +public class ReadinessControllerTest { + + @Mock + private CmpServersConfig cmpServersConfig; + + @Test + public void shouldReturnStatusOkWhenConfigIsReady() { + // Given + Mockito.when(cmpServersConfig.isReady()).thenReturn(true); + + // Then + assertThat(new ReadinessController(cmpServersConfig).checkReady().getStatusCode()).isEqualTo(HttpStatus.OK);; + } + + @Test + public void shouldReturnStatusServiceUnavailableWhenConfigIsNotReady() { + // Given + Mockito.when(cmpServersConfig.isReady()).thenReturn(false); + + // Then + assertThat(new ReadinessController(cmpServersConfig).checkReady().getStatusCode()).isEqualTo(HttpStatus.SERVICE_UNAVAILABLE);; + } + +} diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/TestUtils.java b/certService/src/test/java/org/onap/aaf/certservice/certification/TestUtils.java index 11b4f84e..a6e55c57 100644 --- a/certService/src/test/java/org/onap/aaf/certservice/certification/TestUtils.java +++ b/certService/src/test/java/org/onap/aaf/certservice/certification/TestUtils.java @@ -20,13 +20,19 @@ package org.onap.aaf.certservice.certification; +import org.bouncycastle.util.encoders.Base64; import org.bouncycastle.util.io.pem.PemObject; import org.bouncycastle.util.io.pem.PemWriter; +import org.onap.aaf.certservice.certification.exception.DecryptionException; import org.onap.aaf.certservice.certification.exception.KeyDecryptionException; +import org.onap.aaf.certservice.certification.model.CsrModel; import java.io.IOException; import java.io.StringWriter; +import static org.onap.aaf.certservice.certification.TestData.TEST_CSR; +import static org.onap.aaf.certservice.certification.TestData.TEST_PK; + public final class TestUtils { @@ -44,4 +50,12 @@ public final class TestUtils { throw new KeyDecryptionException("Writing PAM Object to string failed", e); } } + + public static CsrModel createCsrModel() throws DecryptionException { + CsrModelFactory csrModelFactory = new CsrModelFactory(); + String encoderCsr = new String(Base64.encode(TEST_CSR.getBytes())); + String encoderPK = new String(Base64.encode(TEST_PK.getBytes())); + return csrModelFactory + .createCsrModel(new CsrModelFactory.StringBase64(encoderCsr), new CsrModelFactory.StringBase64(encoderPK)); + } } diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/CSRMetaBuilderTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/CSRMetaBuilderTest.java index 165c9ec1..d3f8cc65 100644 --- a/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/CSRMetaBuilderTest.java +++ b/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/CSRMetaBuilderTest.java @@ -33,7 +33,6 @@ import org.onap.aaf.certservice.cmpv2client.external.CSRMeta; import java.security.PrivateKey; import java.security.PublicKey; import java.util.Arrays; -import java.util.Collections; import java.util.List; import static org.assertj.core.api.Assertions.assertThat; diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/RSAContentSignerBuilderTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/RSAContentSignerBuilderTest.java new file mode 100644 index 00000000..3c5c534c --- /dev/null +++ b/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/RSAContentSignerBuilderTest.java @@ -0,0 +1,62 @@ +/* + * ============LICENSE_START======================================================= + * PROJECT + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.certification.adapter; + +import org.bouncycastle.operator.ContentSigner; +import org.bouncycastle.operator.OperatorCreationException; +import org.bouncycastle.pkcs.PKCS10CertificationRequest; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.onap.aaf.certservice.certification.exception.DecryptionException; +import org.onap.aaf.certservice.certification.model.CsrModel; + +import java.io.IOException; +import java.security.PrivateKey; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.onap.aaf.certservice.certification.TestUtils.createCsrModel; + +class RSAContentSignerBuilderTest { + + private RSAContentSignerBuilder rsaContentSignerBuilder; + + @BeforeEach + void setUp() { + rsaContentSignerBuilder = new RSAContentSignerBuilder(); + } + + @Test + void shouldBuildProperContentSignerWhenProvidedCertificationRequestAndPrivateKey() + throws IOException, OperatorCreationException, DecryptionException { + // Given + CsrModel testCsrModel = createCsrModel(); + PKCS10CertificationRequest testCertificationRequest = testCsrModel.getCsr(); + PrivateKey testPrivateKey = testCsrModel.getPrivateKey(); + + // When + ContentSigner createdContentSigner = rsaContentSignerBuilder.build(testCertificationRequest, testPrivateKey); + + // Then + assertThat(createdContentSigner.getAlgorithmIdentifier()) + .isEqualTo(testCertificationRequest.getSignatureAlgorithm()); + } + +} diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/X509CertificateBuilderTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/X509CertificateBuilderTest.java new file mode 100644 index 00000000..26d11fc3 --- /dev/null +++ b/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/X509CertificateBuilderTest.java @@ -0,0 +1,69 @@ +/* + * ============LICENSE_START======================================================= + * PROJECT + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.certification.adapter; + +import org.bouncycastle.cert.X509CertificateHolder; +import org.bouncycastle.cert.X509v3CertificateBuilder; +import org.bouncycastle.operator.ContentSigner; +import org.bouncycastle.operator.OperatorCreationException; +import org.bouncycastle.pkcs.PKCS10CertificationRequest; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.onap.aaf.certservice.certification.exception.DecryptionException; +import org.onap.aaf.certservice.certification.model.CsrModel; + +import java.io.IOException; +import java.security.PrivateKey; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.onap.aaf.certservice.certification.TestUtils.createCsrModel; + +public class X509CertificateBuilderTest { + + private X509CertificateBuilder certificateBuilde; + + + @BeforeEach + void setUp() { + certificateBuilde = new X509CertificateBuilder(); + } + + @Test + void shouldBuildCertificateBuilderWhenGivenProperCertificationRequest() + throws DecryptionException, IOException, OperatorCreationException { + // Given + CsrModel testCsrModel = createCsrModel(); + PKCS10CertificationRequest testCertificationRequest = testCsrModel.getCsr(); + PrivateKey testPrivateKey = testCsrModel.getPrivateKey(); + RSAContentSignerBuilder rsaContentSignerBuilder = new RSAContentSignerBuilder(); + ContentSigner createdContentSigner = rsaContentSignerBuilder.build(testCertificationRequest, testPrivateKey); + + // When + X509v3CertificateBuilder certificateBuilder = certificateBuilde.build(testCertificationRequest); + X509CertificateHolder certificateHolder = certificateBuilder.build(createdContentSigner); + + // Then + assertThat(certificateHolder.getIssuer()) + .isEqualToComparingFieldByField(testCsrModel.getSubjectData()); + assertThat(certificateHolder.getSubjectPublicKeyInfo()) + .isEqualToComparingFieldByField(testCertificationRequest.getSubjectPublicKeyInfo()); + } +} diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/CmpServersConfigTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/CmpServersConfigTest.java index 5d850fe9..043dbc03 100644 --- a/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/CmpServersConfigTest.java +++ b/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/CmpServersConfigTest.java @@ -159,6 +159,55 @@ class CmpServersConfigTest { assertThat(exception.getMessage()).isEqualTo(ERROR_MESSAGE); } + @Test + void shouldBeNotReadyWhenCreated() { + assertThat(cmpServersConfig.isReady()).isFalse(); + } + + @Test + void shouldBeReadyWhenSuccessfullyInitialized() { + // When + this.cmpServersConfig.init(); // Manual PostConstruct call + + // Then + assertThat(cmpServersConfig.isReady()).isTrue(); + } + + @Test + void shouldNotBeReadyWhenFailedToInitialize() throws CmpServersConfigLoadingException { + // Given + Mockito.when(cmpServersConfigLoader.load(any())).thenThrow(new CmpServersConfigLoadingException(ERROR_MESSAGE)); + + // When + this.cmpServersConfig.init(); // Manual PostConstruct call + + // Then + assertThat(cmpServersConfig.isReady()).isFalse(); + } + + @Test + void shouldBeReadyWhenSuccessfullyReloaded() throws CmpServersConfigLoadingException { + // When + this.cmpServersConfig.reloadConfiguration(); + + // Then + assertThat(cmpServersConfig.isReady()).isTrue(); + } + + @Test + void shouldNotBeReadyWhenFailedToReload() throws CmpServersConfigLoadingException { + // Given + Mockito.when(cmpServersConfigLoader.load(any())).thenThrow(new CmpServersConfigLoadingException(ERROR_MESSAGE)); + + // When + assertThrows( + CmpServersConfigLoadingException.class, + () -> cmpServersConfig.loadConfiguration()); + + // Then + assertThat(cmpServersConfig.isReady()).isFalse(); + } + private static List<Cmpv2Server> generateTestConfiguration() { Cmpv2Server testServer1 = new Cmpv2Server(); testServer1.setCaName("TEST_CA1"); |