aboutsummaryrefslogtreecommitdiffstats
path: root/certService
diff options
context:
space:
mode:
Diffstat (limited to 'certService')
-rw-r--r--certService/helm/aaf-cert-service/templates/deployment.yaml4
-rw-r--r--certService/helm/aaf-cert-service/values.yaml4
-rw-r--r--certService/src/main/java/org/onap/aaf/certservice/api/ReadinessController.java48
-rw-r--r--certService/src/main/java/org/onap/aaf/certservice/certification/CsrModelFactory.java1
-rw-r--r--certService/src/main/java/org/onap/aaf/certservice/certification/PemObjectFactory.java1
-rw-r--r--certService/src/main/java/org/onap/aaf/certservice/certification/configuration/CmpServersConfig.java17
-rw-r--r--certService/src/test/java/org/onap/aaf/certservice/api/ReadinessControllerTest.java57
-rw-r--r--certService/src/test/java/org/onap/aaf/certservice/certification/TestUtils.java14
-rw-r--r--certService/src/test/java/org/onap/aaf/certservice/certification/adapter/CSRMetaBuilderTest.java1
-rw-r--r--certService/src/test/java/org/onap/aaf/certservice/certification/adapter/RSAContentSignerBuilderTest.java62
-rw-r--r--certService/src/test/java/org/onap/aaf/certservice/certification/adapter/X509CertificateBuilderTest.java69
-rw-r--r--certService/src/test/java/org/onap/aaf/certservice/certification/configuration/CmpServersConfigTest.java49
12 files changed, 315 insertions, 12 deletions
diff --git a/certService/helm/aaf-cert-service/templates/deployment.yaml b/certService/helm/aaf-cert-service/templates/deployment.yaml
index 2e16cbca..f8b2d43f 100644
--- a/certService/helm/aaf-cert-service/templates/deployment.yaml
+++ b/certService/helm/aaf-cert-service/templates/deployment.yaml
@@ -25,13 +25,13 @@ spec:
livenessProbe:
httpGet:
port: {{ .Values.containerPort }}
- path: {{ .Values.healthcheck.path }}
+ path: {{ .Values.liveness.path }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
readinessProbe:
httpGet:
port: {{ .Values.containerPort }}
- path: {{ .Values.healthcheck.path }}
+ path: {{ .Values.readiness.path }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
diff --git a/certService/helm/aaf-cert-service/values.yaml b/certService/helm/aaf-cert-service/values.yaml
index a971edd4..0dab1e32 100644
--- a/certService/helm/aaf-cert-service/values.yaml
+++ b/certService/helm/aaf-cert-service/values.yaml
@@ -9,11 +9,11 @@ service:
liveness:
initialDelaySeconds: 60
periodSeconds: 10
+ path: /actuator/health
readiness:
initialDelaySeconds: 30
periodSeconds: 10
-healthcheck:
- path: /actuator/health
+ path: /ready
volume:
name: aaf-cert-service-volume
mountPath: /etc/onap/aaf/certservice
diff --git a/certService/src/main/java/org/onap/aaf/certservice/api/ReadinessController.java b/certService/src/main/java/org/onap/aaf/certservice/api/ReadinessController.java
new file mode 100644
index 00000000..e33bf512
--- /dev/null
+++ b/certService/src/main/java/org/onap/aaf/certservice/api/ReadinessController.java
@@ -0,0 +1,48 @@
+/*
+ * ============LICENSE_START=======================================================
+ * PROJECT
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.aaf.certservice.api;
+
+import org.onap.aaf.certservice.certification.configuration.CmpServersConfig;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+public class ReadinessController {
+
+ private final CmpServersConfig cmpServersConfig;
+
+ @Autowired
+ public ReadinessController(CmpServersConfig cmpServersConfig) {
+ this.cmpServersConfig = cmpServersConfig;
+ }
+
+ @GetMapping("/ready")
+ public ResponseEntity<String> checkReady() {
+ if (cmpServersConfig.isReady()) {
+ return new ResponseEntity<>(HttpStatus.OK);
+ } else {
+ return new ResponseEntity<>(HttpStatus.SERVICE_UNAVAILABLE);
+ }
+ }
+}
diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/CsrModelFactory.java b/certService/src/main/java/org/onap/aaf/certservice/certification/CsrModelFactory.java
index 9ce65e6a..501ed6d0 100644
--- a/certService/src/main/java/org/onap/aaf/certservice/certification/CsrModelFactory.java
+++ b/certService/src/main/java/org/onap/aaf/certservice/certification/CsrModelFactory.java
@@ -83,7 +83,6 @@ public class CsrModelFactory {
public Optional<String> asString() {
try {
String decodedString = new String(decoder.decode(value));
- LOGGER.debug("Decoded string: {}", decodedString);
return Optional.of(decodedString);
} catch(RuntimeException e) {
LOGGER.error("Exception occurred during decoding:", e);
diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/PemObjectFactory.java b/certService/src/main/java/org/onap/aaf/certservice/certification/PemObjectFactory.java
index c2293d2d..1eb5270f 100644
--- a/certService/src/main/java/org/onap/aaf/certservice/certification/PemObjectFactory.java
+++ b/certService/src/main/java/org/onap/aaf/certservice/certification/PemObjectFactory.java
@@ -39,7 +39,6 @@ public class PemObjectFactory {
try (StringReader stringReader = new StringReader(pem);
PemReader pemReader = new PemReader(stringReader)) {
- LOGGER.debug("Creating pem object from: {}", pem);
return Optional.ofNullable(pemReader.readPemObject());
} catch (DecoderException | IOException e) {
LOGGER.error("Exception occurred during creation of PEM:", e);
diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/CmpServersConfig.java b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/CmpServersConfig.java
index a304b5a6..cea228c1 100644
--- a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/CmpServersConfig.java
+++ b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/CmpServersConfig.java
@@ -35,15 +35,16 @@ import org.springframework.context.annotation.Configuration;
public class CmpServersConfig {
private static final Logger LOGGER = LoggerFactory.getLogger(CmpServersConfig.class);
+ private static final String INIT_CONFIGURATION = "Loading initial configuration";
+ private static final String RELOADING_CONFIGURATION = "Reloading configuration";
private static final String LOADING_SUCCESS_MESSAGE = "CMP Servers configuration successfully loaded from file {}";
private static final String CMP_SERVERS_CONFIG_FILENAME = "cmpServers.json";
- private static final String INIT_CONFIGURATION = "Loading initial configuration";
- private static final String REFRESHING_CONFIGURATION = "Refreshing configuration";
private final String configPath;
private final CmpServersConfigLoader cmpServersConfigLoader;
private List<Cmpv2Server> cmpServers;
+ private volatile boolean isReady;
@Autowired
public CmpServersConfig(@Value("${app.config.path}") String configPath,
@@ -54,8 +55,8 @@ public class CmpServersConfig {
@PostConstruct
void init() {
- LOGGER.info(INIT_CONFIGURATION);
try {
+ LOGGER.info(INIT_CONFIGURATION);
loadConfiguration();
} catch (CmpServersConfigLoadingException e) {
LOGGER.error(e.getMessage(), e.getCause());
@@ -63,18 +64,24 @@ public class CmpServersConfig {
}
public void reloadConfiguration() throws CmpServersConfigLoadingException {
- LOGGER.info(REFRESHING_CONFIGURATION);
+ LOGGER.info(RELOADING_CONFIGURATION);
loadConfiguration();
}
- void loadConfiguration() throws CmpServersConfigLoadingException {
+
+ synchronized void loadConfiguration() throws CmpServersConfigLoadingException {
+ isReady = false;
String configFilePath = configPath + File.separator + CMP_SERVERS_CONFIG_FILENAME;
this.cmpServers = Collections.unmodifiableList(cmpServersConfigLoader.load(configFilePath));
LOGGER.info(LOADING_SUCCESS_MESSAGE, configFilePath);
+ isReady = true;
}
public List<Cmpv2Server> getCmpServers() {
return cmpServers;
}
+ public boolean isReady() {
+ return isReady;
+ }
}
diff --git a/certService/src/test/java/org/onap/aaf/certservice/api/ReadinessControllerTest.java b/certService/src/test/java/org/onap/aaf/certservice/api/ReadinessControllerTest.java
new file mode 100644
index 00000000..4000a38b
--- /dev/null
+++ b/certService/src/test/java/org/onap/aaf/certservice/api/ReadinessControllerTest.java
@@ -0,0 +1,57 @@
+/*
+ * ============LICENSE_START=======================================================
+ * PROJECT
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.aaf.certservice.api;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.Mock;
+import org.mockito.Mockito;
+import org.mockito.junit.jupiter.MockitoExtension;
+import org.onap.aaf.certservice.certification.configuration.CmpServersConfig;
+import org.springframework.http.HttpStatus;
+
+@ExtendWith(MockitoExtension.class)
+public class ReadinessControllerTest {
+
+ @Mock
+ private CmpServersConfig cmpServersConfig;
+
+ @Test
+ public void shouldReturnStatusOkWhenConfigIsReady() {
+ // Given
+ Mockito.when(cmpServersConfig.isReady()).thenReturn(true);
+
+ // Then
+ assertThat(new ReadinessController(cmpServersConfig).checkReady().getStatusCode()).isEqualTo(HttpStatus.OK);;
+ }
+
+ @Test
+ public void shouldReturnStatusServiceUnavailableWhenConfigIsNotReady() {
+ // Given
+ Mockito.when(cmpServersConfig.isReady()).thenReturn(false);
+
+ // Then
+ assertThat(new ReadinessController(cmpServersConfig).checkReady().getStatusCode()).isEqualTo(HttpStatus.SERVICE_UNAVAILABLE);;
+ }
+
+}
diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/TestUtils.java b/certService/src/test/java/org/onap/aaf/certservice/certification/TestUtils.java
index 11b4f84e..a6e55c57 100644
--- a/certService/src/test/java/org/onap/aaf/certservice/certification/TestUtils.java
+++ b/certService/src/test/java/org/onap/aaf/certservice/certification/TestUtils.java
@@ -20,13 +20,19 @@
package org.onap.aaf.certservice.certification;
+import org.bouncycastle.util.encoders.Base64;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemWriter;
+import org.onap.aaf.certservice.certification.exception.DecryptionException;
import org.onap.aaf.certservice.certification.exception.KeyDecryptionException;
+import org.onap.aaf.certservice.certification.model.CsrModel;
import java.io.IOException;
import java.io.StringWriter;
+import static org.onap.aaf.certservice.certification.TestData.TEST_CSR;
+import static org.onap.aaf.certservice.certification.TestData.TEST_PK;
+
public final class TestUtils {
@@ -44,4 +50,12 @@ public final class TestUtils {
throw new KeyDecryptionException("Writing PAM Object to string failed", e);
}
}
+
+ public static CsrModel createCsrModel() throws DecryptionException {
+ CsrModelFactory csrModelFactory = new CsrModelFactory();
+ String encoderCsr = new String(Base64.encode(TEST_CSR.getBytes()));
+ String encoderPK = new String(Base64.encode(TEST_PK.getBytes()));
+ return csrModelFactory
+ .createCsrModel(new CsrModelFactory.StringBase64(encoderCsr), new CsrModelFactory.StringBase64(encoderPK));
+ }
}
diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/CSRMetaBuilderTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/CSRMetaBuilderTest.java
index 165c9ec1..d3f8cc65 100644
--- a/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/CSRMetaBuilderTest.java
+++ b/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/CSRMetaBuilderTest.java
@@ -33,7 +33,6 @@ import org.onap.aaf.certservice.cmpv2client.external.CSRMeta;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.Arrays;
-import java.util.Collections;
import java.util.List;
import static org.assertj.core.api.Assertions.assertThat;
diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/RSAContentSignerBuilderTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/RSAContentSignerBuilderTest.java
new file mode 100644
index 00000000..3c5c534c
--- /dev/null
+++ b/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/RSAContentSignerBuilderTest.java
@@ -0,0 +1,62 @@
+/*
+ * ============LICENSE_START=======================================================
+ * PROJECT
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.aaf.certservice.certification.adapter;
+
+import org.bouncycastle.operator.ContentSigner;
+import org.bouncycastle.operator.OperatorCreationException;
+import org.bouncycastle.pkcs.PKCS10CertificationRequest;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.onap.aaf.certservice.certification.exception.DecryptionException;
+import org.onap.aaf.certservice.certification.model.CsrModel;
+
+import java.io.IOException;
+import java.security.PrivateKey;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.onap.aaf.certservice.certification.TestUtils.createCsrModel;
+
+class RSAContentSignerBuilderTest {
+
+ private RSAContentSignerBuilder rsaContentSignerBuilder;
+
+ @BeforeEach
+ void setUp() {
+ rsaContentSignerBuilder = new RSAContentSignerBuilder();
+ }
+
+ @Test
+ void shouldBuildProperContentSignerWhenProvidedCertificationRequestAndPrivateKey()
+ throws IOException, OperatorCreationException, DecryptionException {
+ // Given
+ CsrModel testCsrModel = createCsrModel();
+ PKCS10CertificationRequest testCertificationRequest = testCsrModel.getCsr();
+ PrivateKey testPrivateKey = testCsrModel.getPrivateKey();
+
+ // When
+ ContentSigner createdContentSigner = rsaContentSignerBuilder.build(testCertificationRequest, testPrivateKey);
+
+ // Then
+ assertThat(createdContentSigner.getAlgorithmIdentifier())
+ .isEqualTo(testCertificationRequest.getSignatureAlgorithm());
+ }
+
+}
diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/X509CertificateBuilderTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/X509CertificateBuilderTest.java
new file mode 100644
index 00000000..26d11fc3
--- /dev/null
+++ b/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/X509CertificateBuilderTest.java
@@ -0,0 +1,69 @@
+/*
+ * ============LICENSE_START=======================================================
+ * PROJECT
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.aaf.certservice.certification.adapter;
+
+import org.bouncycastle.cert.X509CertificateHolder;
+import org.bouncycastle.cert.X509v3CertificateBuilder;
+import org.bouncycastle.operator.ContentSigner;
+import org.bouncycastle.operator.OperatorCreationException;
+import org.bouncycastle.pkcs.PKCS10CertificationRequest;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.onap.aaf.certservice.certification.exception.DecryptionException;
+import org.onap.aaf.certservice.certification.model.CsrModel;
+
+import java.io.IOException;
+import java.security.PrivateKey;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.onap.aaf.certservice.certification.TestUtils.createCsrModel;
+
+public class X509CertificateBuilderTest {
+
+ private X509CertificateBuilder certificateBuilde;
+
+
+ @BeforeEach
+ void setUp() {
+ certificateBuilde = new X509CertificateBuilder();
+ }
+
+ @Test
+ void shouldBuildCertificateBuilderWhenGivenProperCertificationRequest()
+ throws DecryptionException, IOException, OperatorCreationException {
+ // Given
+ CsrModel testCsrModel = createCsrModel();
+ PKCS10CertificationRequest testCertificationRequest = testCsrModel.getCsr();
+ PrivateKey testPrivateKey = testCsrModel.getPrivateKey();
+ RSAContentSignerBuilder rsaContentSignerBuilder = new RSAContentSignerBuilder();
+ ContentSigner createdContentSigner = rsaContentSignerBuilder.build(testCertificationRequest, testPrivateKey);
+
+ // When
+ X509v3CertificateBuilder certificateBuilder = certificateBuilde.build(testCertificationRequest);
+ X509CertificateHolder certificateHolder = certificateBuilder.build(createdContentSigner);
+
+ // Then
+ assertThat(certificateHolder.getIssuer())
+ .isEqualToComparingFieldByField(testCsrModel.getSubjectData());
+ assertThat(certificateHolder.getSubjectPublicKeyInfo())
+ .isEqualToComparingFieldByField(testCertificationRequest.getSubjectPublicKeyInfo());
+ }
+}
diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/CmpServersConfigTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/CmpServersConfigTest.java
index 5d850fe9..043dbc03 100644
--- a/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/CmpServersConfigTest.java
+++ b/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/CmpServersConfigTest.java
@@ -159,6 +159,55 @@ class CmpServersConfigTest {
assertThat(exception.getMessage()).isEqualTo(ERROR_MESSAGE);
}
+ @Test
+ void shouldBeNotReadyWhenCreated() {
+ assertThat(cmpServersConfig.isReady()).isFalse();
+ }
+
+ @Test
+ void shouldBeReadyWhenSuccessfullyInitialized() {
+ // When
+ this.cmpServersConfig.init(); // Manual PostConstruct call
+
+ // Then
+ assertThat(cmpServersConfig.isReady()).isTrue();
+ }
+
+ @Test
+ void shouldNotBeReadyWhenFailedToInitialize() throws CmpServersConfigLoadingException {
+ // Given
+ Mockito.when(cmpServersConfigLoader.load(any())).thenThrow(new CmpServersConfigLoadingException(ERROR_MESSAGE));
+
+ // When
+ this.cmpServersConfig.init(); // Manual PostConstruct call
+
+ // Then
+ assertThat(cmpServersConfig.isReady()).isFalse();
+ }
+
+ @Test
+ void shouldBeReadyWhenSuccessfullyReloaded() throws CmpServersConfigLoadingException {
+ // When
+ this.cmpServersConfig.reloadConfiguration();
+
+ // Then
+ assertThat(cmpServersConfig.isReady()).isTrue();
+ }
+
+ @Test
+ void shouldNotBeReadyWhenFailedToReload() throws CmpServersConfigLoadingException {
+ // Given
+ Mockito.when(cmpServersConfigLoader.load(any())).thenThrow(new CmpServersConfigLoadingException(ERROR_MESSAGE));
+
+ // When
+ assertThrows(
+ CmpServersConfigLoadingException.class,
+ () -> cmpServersConfig.loadConfiguration());
+
+ // Then
+ assertThat(cmpServersConfig.isReady()).isFalse();
+ }
+
private static List<Cmpv2Server> generateTestConfiguration() {
Cmpv2Server testServer1 = new Cmpv2Server();
testServer1.setCaName("TEST_CA1");