diff options
Diffstat (limited to 'certServiceClient/src/main')
30 files changed, 1191 insertions, 76 deletions
diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/CertServiceClient.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/CertServiceClient.java index f8867846..d3d7f26d 100644 --- a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/CertServiceClient.java +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/CertServiceClient.java @@ -19,22 +19,30 @@ package org.onap.aaf.certservice.client; +import java.security.KeyPair; import org.onap.aaf.certservice.client.api.ExitableException; +import org.onap.aaf.certservice.client.certification.PrivateKeyToPemEncoder; +import org.onap.aaf.certservice.client.certification.CsrFactory; import org.onap.aaf.certservice.client.certification.KeyPairFactory; +import org.onap.aaf.certservice.client.certification.conversion.KeystoreTruststoreCreator; +import org.onap.aaf.certservice.client.certification.conversion.KeystoreTruststoreCreatorFactory; +import org.onap.aaf.certservice.client.common.Base64Encoder; import org.onap.aaf.certservice.client.configuration.EnvsForClient; import org.onap.aaf.certservice.client.configuration.EnvsForCsr; import org.onap.aaf.certservice.client.configuration.factory.ClientConfigurationFactory; import org.onap.aaf.certservice.client.configuration.factory.CsrConfigurationFactory; import org.onap.aaf.certservice.client.configuration.model.ClientConfiguration; import org.onap.aaf.certservice.client.configuration.model.CsrConfiguration; - -import java.security.KeyPair; +import org.onap.aaf.certservice.client.httpclient.CloseableHttpClientProvider; +import org.onap.aaf.certservice.client.httpclient.HttpClient; +import org.onap.aaf.certservice.client.httpclient.model.CertServiceResponse; import static org.onap.aaf.certservice.client.api.ExitCode.SUCCESS_EXIT_CODE; import static org.onap.aaf.certservice.client.certification.EncryptionAlgorithmConstants.KEY_SIZE; import static org.onap.aaf.certservice.client.certification.EncryptionAlgorithmConstants.RSA_ENCRYPTION_ALGORITHM; public class CertServiceClient { + private AppExitHandler appExitHandler; public CertServiceClient(AppExitHandler appExitHandler) { @@ -43,14 +51,31 @@ public class CertServiceClient { public void run() { KeyPairFactory keyPairFactory = new KeyPairFactory(RSA_ENCRYPTION_ALGORITHM, KEY_SIZE); + PrivateKeyToPemEncoder pkEncoder = new PrivateKeyToPemEncoder(); + Base64Encoder base64Encoder = new Base64Encoder(); try { ClientConfiguration clientConfiguration = new ClientConfigurationFactory(new EnvsForClient()).create(); CsrConfiguration csrConfiguration = new CsrConfigurationFactory(new EnvsForCsr()).create(); KeyPair keyPair = keyPairFactory.create(); + CsrFactory csrFactory = new CsrFactory(csrConfiguration); + + CloseableHttpClientProvider provider = new CloseableHttpClientProvider( + clientConfiguration.getRequestTimeout()); + HttpClient httpClient = new HttpClient(provider, clientConfiguration.getUrlToCertService()); + + CertServiceResponse certServiceData = + httpClient.retrieveCertServiceData( + clientConfiguration.getCaName(), + base64Encoder.encode(csrFactory.createCsrInPem(keyPair)), + base64Encoder.encode(pkEncoder.encodePrivateKeyToPem(keyPair.getPrivate()))); + + KeystoreTruststoreCreator filesCreator = new KeystoreTruststoreCreatorFactory( + clientConfiguration.getCertsOutputPath()).create(); + filesCreator.createKeystore(certServiceData.getCertificateChain(), keyPair.getPrivate()); + filesCreator.createTruststore(certServiceData.getTrustedCertificates()); } catch (ExitableException e) { appExitHandler.exit(e.applicationExitCode()); } appExitHandler.exit(SUCCESS_EXIT_CODE.getValue()); } - } diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/api/ExitCode.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/api/ExitCode.java index 295738f4..670cbe90 100644 --- a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/api/ExitCode.java +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/api/ExitCode.java @@ -22,7 +22,12 @@ public enum ExitCode { SUCCESS_EXIT_CODE(0), CLIENT_CONFIGURATION_EXCEPTION(1), CSR_CONFIGURATION_EXCEPTION(2), - KEY_PAIR_GENERATION_EXCEPTION(3); + KEY_PAIR_GENERATION_EXCEPTION(3), + CSR_GENERATION_EXCEPTION(4), + CERT_SERVICE_API_CONNECTION_EXCEPTION(5), + HTTP_CLIENT_EXCEPTION(6), + PKCS12_CONVERSION_EXCEPTION(7), + PK_TO_PEM_ENCODING_EXCEPTION(8); private final int value; diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/api/ExitableException.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/api/ExitableException.java index 51981a48..f9166c96 100644 --- a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/api/ExitableException.java +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/api/ExitableException.java @@ -26,6 +26,5 @@ public abstract class ExitableException extends Exception { public ExitableException(String message) { super(message); } - public abstract int applicationExitCode(); } diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/CsrFactory.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/CsrFactory.java new file mode 100644 index 00000000..83fa6d44 --- /dev/null +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/CsrFactory.java @@ -0,0 +1,154 @@ +/*============LICENSE_START======================================================= + * aaf-certservice-client + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.client.certification; + +import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +import org.bouncycastle.asn1.x509.Extension; +import org.bouncycastle.asn1.x509.Extensions; +import org.bouncycastle.asn1.x509.ExtensionsGenerator; +import org.bouncycastle.asn1.x509.GeneralName; +import org.bouncycastle.asn1.x509.GeneralNames; +import org.bouncycastle.openssl.jcajce.JcaPEMWriter; +import org.bouncycastle.operator.ContentSigner; +import org.bouncycastle.operator.OperatorCreationException; +import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; +import org.bouncycastle.pkcs.PKCS10CertificationRequest; +import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder; + +import org.onap.aaf.certservice.client.certification.exception.CsrGenerationException; +import org.onap.aaf.certservice.client.configuration.model.CsrConfiguration; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import javax.security.auth.x500.X500Principal; +import java.io.IOException; +import java.io.StringWriter; +import java.nio.charset.StandardCharsets; +import java.security.KeyPair; +import java.util.Base64; +import java.util.Optional; + +import static org.onap.aaf.certservice.client.certification.EncryptionAlgorithmConstants.COMMON_NAME; +import static org.onap.aaf.certservice.client.certification.EncryptionAlgorithmConstants.COUNTRY; +import static org.onap.aaf.certservice.client.certification.EncryptionAlgorithmConstants.LOCATION; +import static org.onap.aaf.certservice.client.certification.EncryptionAlgorithmConstants.ORGANIZATION; +import static org.onap.aaf.certservice.client.certification.EncryptionAlgorithmConstants.ORGANIZATION_UNIT; +import static org.onap.aaf.certservice.client.certification.EncryptionAlgorithmConstants.SIGN_ALGORITHM; +import static org.onap.aaf.certservice.client.certification.EncryptionAlgorithmConstants.STATE; + + +public class CsrFactory { + + private final Logger LOGGER = LoggerFactory.getLogger(CsrFactory.class); + private static final String SANS_DELIMITER = ":"; + private final CsrConfiguration configuration; + + + public CsrFactory(CsrConfiguration configuration) { + this.configuration = configuration; + } + + + public String createCsrInPem(KeyPair keyPair) throws CsrGenerationException { + PKCS10CertificationRequest request; + String csrParameters = getMandatoryParameters().append(getOptionalParameters()).toString(); + X500Principal subject = new X500Principal(csrParameters); + request = createPKCS10Csr(subject, keyPair); + return convertPKC10CsrToPem(request); + } + + + private StringBuilder getMandatoryParameters() { + return new StringBuilder(String.format("%s=%s, %s=%s, %s=%s, %s=%s", + COMMON_NAME, configuration.getCommonName(), + COUNTRY, configuration.getCountry(), + STATE, configuration.getState(), + ORGANIZATION, configuration.getOrganization())); + } + + private String getOptionalParameters() { + StringBuilder optionalParameters = new StringBuilder(); + Optional.ofNullable(configuration.getOrganizationUnit()) + .filter(CsrFactory::isParameterPresent) + .map(unit -> optionalParameters.append(String.format(", %s=%s", ORGANIZATION_UNIT, unit))); + Optional.ofNullable(configuration.getLocation()) + .filter(CsrFactory::isParameterPresent) + .map(location -> optionalParameters.append(String.format(", %s=%s", LOCATION, location))); + return optionalParameters.toString(); + } + + private PKCS10CertificationRequest createPKCS10Csr(X500Principal subject, KeyPair keyPair) throws CsrGenerationException { + JcaPKCS10CertificationRequestBuilder builder = new JcaPKCS10CertificationRequestBuilder(subject, keyPair.getPublic()); + + if (isParameterPresent(configuration.getSans())) { + builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, generateSansExtension()); + } + + return builder.build(getContentSigner(keyPair)); + } + + private ContentSigner getContentSigner(KeyPair keyPair) throws CsrGenerationException { + ContentSigner contentSigner; + try { + contentSigner = new JcaContentSignerBuilder(SIGN_ALGORITHM).build(keyPair.getPrivate()); + } catch (OperatorCreationException e) { + LOGGER.error("Creation of PKCS10Csr failed, exception message: {}", e.getMessage()); + throw new CsrGenerationException(e); + + } + return contentSigner; + } + + private String convertPKC10CsrToPem(PKCS10CertificationRequest request) throws CsrGenerationException { + final StringWriter stringWriter = new StringWriter(); + try (JcaPEMWriter pemWriter = new JcaPEMWriter(stringWriter)) { + pemWriter.writeObject(request); + } catch (IOException e) { + LOGGER.error("Conversion to PEM failed, exception message: {}", e.getMessage()); + throw new CsrGenerationException(e); + } + return stringWriter.toString(); + } + + private Extensions generateSansExtension() throws CsrGenerationException { + ExtensionsGenerator generator = new ExtensionsGenerator(); + try { + generator.addExtension(Extension.subjectAlternativeName, false, createGeneralNames()); + } catch (IOException e) { + LOGGER.error("Generation of SANs parameter failed, exception message: {}", e.getMessage()); + throw new CsrGenerationException(e); + } + return generator.generate(); + } + + private GeneralNames createGeneralNames() { + String[] sansTable = this.configuration.getSans().split(SANS_DELIMITER); + int length = sansTable.length; + GeneralName[] generalNames = new GeneralName[length]; + for (int i = 0; i < length; i++) { + generalNames[i] = new GeneralName(GeneralName.dNSName, sansTable[i]); + } + return new GeneralNames(generalNames); + } + + private static Boolean isParameterPresent(String parameter) { + return parameter != null && !"".equals(parameter); + } +} diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/EncryptionAlgorithmConstants.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/EncryptionAlgorithmConstants.java index 2afdbee0..96b3650c 100644 --- a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/EncryptionAlgorithmConstants.java +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/EncryptionAlgorithmConstants.java @@ -16,9 +16,22 @@ * limitations under the License. * ============LICENSE_END========================================================= */ + package org.onap.aaf.certservice.client.certification; -public class EncryptionAlgorithmConstants { +public final class EncryptionAlgorithmConstants { + + private EncryptionAlgorithmConstants() {} + public static final String RSA_ENCRYPTION_ALGORITHM = "RSA"; + public static final String SIGN_ALGORITHM = "SHA1withRSA"; public static final int KEY_SIZE = 2048; + + public static final String COMMON_NAME = "CN"; + public static final String ORGANIZATION = "O"; + public static final String ORGANIZATION_UNIT = "OU"; + public static final String LOCATION = "L"; + public static final String STATE = "ST"; + public static final String COUNTRY = "C"; + } diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/PrivateKeyToPemEncoder.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/PrivateKeyToPemEncoder.java new file mode 100644 index 00000000..77995958 --- /dev/null +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/PrivateKeyToPemEncoder.java @@ -0,0 +1,51 @@ +/* + * ============LICENSE_START======================================================= + * aaf-certservice-client + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.client.certification; + + + +import java.io.IOException; +import java.io.StringWriter; +import java.security.PrivateKey; + +import org.bouncycastle.openssl.jcajce.JcaPEMWriter; +import org.bouncycastle.util.io.pem.PemObject; +import org.onap.aaf.certservice.client.certification.exception.PkEncodingException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class PrivateKeyToPemEncoder { + + public static final String PEM_OBJECT_TYPE = "RSA PRIVATE KEY"; + private final Logger LOGGER = LoggerFactory.getLogger(PrivateKeyToPemEncoder.class); + + public String encodePrivateKeyToPem(PrivateKey pk) throws PkEncodingException { + LOGGER.info("Encoding PrivateKey to PEM"); + StringWriter stringWriter = new StringWriter(); + try (JcaPEMWriter pemWriter = new JcaPEMWriter(stringWriter)) { + pemWriter.writeObject(new PemObject(PEM_OBJECT_TYPE, pk.getEncoded())); + } catch (IOException e) { + LOGGER.error("Exception occurred during encoding PrivateKey to PEM", e); + throw new PkEncodingException(e); + } + return stringWriter.toString(); + } +} diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/KeystoreTruststoreCreator.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/KeystoreTruststoreCreator.java new file mode 100644 index 00000000..6dc2ef87 --- /dev/null +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/KeystoreTruststoreCreator.java @@ -0,0 +1,55 @@ +/*============LICENSE_START======================================================= + * aaf-certservice-client + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.client.certification.conversion; + +import java.security.PrivateKey; +import java.util.List; +import org.onap.aaf.certservice.client.certification.exception.PemToPKCS12ConverterException; + +public class KeystoreTruststoreCreator { + + private static final String CERTIFICATE_ALIAS = "certificate"; + private static final String TRUSTED_CERTIFICATE_ALIAS = "trusted-certificate-"; + private static final int PASSWORD_LENGTH = 24; + private final RandomPasswordGenerator generator; + private final PemToPKCS12Converter converter; + private final PKCS12FilesCreator creator; + + public KeystoreTruststoreCreator(PKCS12FilesCreator creator, RandomPasswordGenerator generator, + PemToPKCS12Converter converter) { + this.generator = generator; + this.converter = converter; + this.creator = creator; + } + + public void createKeystore(List<String> data, PrivateKey privateKey) + throws PemToPKCS12ConverterException { + Password password = generator.generate(PASSWORD_LENGTH); + creator.saveKeystoreData(converter.convertKeystore(data, password, CERTIFICATE_ALIAS, privateKey), + password.getPassword()); + } + + public void createTruststore(List<String> data) + throws PemToPKCS12ConverterException { + Password password = generator.generate(PASSWORD_LENGTH); + creator.saveTruststoreData(converter.convertTruststore(data, password, TRUSTED_CERTIFICATE_ALIAS), + password.getPassword()); + } +} diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/KeystoreTruststoreCreatorFactory.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/KeystoreTruststoreCreatorFactory.java new file mode 100644 index 00000000..8c719535 --- /dev/null +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/KeystoreTruststoreCreatorFactory.java @@ -0,0 +1,35 @@ +/*============LICENSE_START======================================================= + * aaf-certservice-client + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.client.certification.conversion; + +public class KeystoreTruststoreCreatorFactory { + private final String outputPath; + + public KeystoreTruststoreCreatorFactory(String outputPath) { + this.outputPath = outputPath; + } + + public KeystoreTruststoreCreator create() { + return new KeystoreTruststoreCreator( + new PKCS12FilesCreator(outputPath), + new RandomPasswordGenerator(), + new PemToPKCS12Converter()); + } +} diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PKCS12FilesCreator.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PKCS12FilesCreator.java new file mode 100644 index 00000000..d8c41bfd --- /dev/null +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PKCS12FilesCreator.java @@ -0,0 +1,73 @@ +/*============LICENSE_START======================================================= + * aaf-certservice-client + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.client.certification.conversion; + +import java.io.FileOutputStream; +import java.io.IOException; +import java.nio.file.Path; + +import org.onap.aaf.certservice.client.certification.exception.PemToPKCS12ConverterException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +class PKCS12FilesCreator { + + private static final String KEYSTORE_JKS = "keystore.jks"; + private static final String KEYSTORE_PASS = "keystore.pass"; + private static final String TRUSTSTORE_JKS = "truststore.jks"; + private static final String TRUSTSTORE_PASS = "truststore.pass"; + private final String keystoreJksPath; + private final String keystorePassPath; + private final String truststoreJksPath; + private final String truststorePassPath; + private final Logger LOGGER = LoggerFactory.getLogger(PKCS12FilesCreator.class); + + + PKCS12FilesCreator(String path) { + keystoreJksPath = Path.of(path, KEYSTORE_JKS).toString(); + keystorePassPath = Path.of(path, KEYSTORE_PASS).toString(); + truststoreJksPath = Path.of(path, TRUSTSTORE_JKS).toString(); + truststorePassPath = Path.of(path, TRUSTSTORE_PASS).toString(); + } + + void saveKeystoreData(byte[] keystoreData, String keystorePassword) throws PemToPKCS12ConverterException { + LOGGER.debug("Creating PKCS12 keystore files and saving data. Keystore path: {}", keystoreJksPath); + + saveDataToLocation(keystoreData, keystoreJksPath); + saveDataToLocation(keystorePassword.getBytes(), keystorePassPath); + } + + void saveTruststoreData(byte[] truststoreData, String truststorePassword) + throws PemToPKCS12ConverterException { + LOGGER.debug("Creating PKCS12 truststore files and saving data. Truststore path: {}", truststoreJksPath); + + saveDataToLocation(truststoreData, truststoreJksPath); + saveDataToLocation(truststorePassword.getBytes(), truststorePassPath); + } + + private void saveDataToLocation(byte[] data, String path) throws PemToPKCS12ConverterException { + try (FileOutputStream fos = new FileOutputStream(path)) { + fos.write(data); + } catch (IOException e) { + LOGGER.error("PKCS12 files creation failed", e); + throw new PemToPKCS12ConverterException(e); + } + } +} diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/Password.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/Password.java new file mode 100644 index 00000000..f0ee419c --- /dev/null +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/Password.java @@ -0,0 +1,42 @@ +/*============LICENSE_START======================================================= + * aaf-certservice-client + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + + +package org.onap.aaf.certservice.client.certification.conversion; + +class Password { + private final static String PASSWORD_PATTERN = "[\\w$#]{16,}"; + private final String password; + + Password(String password) { + this.password = password; + } + + String getPassword() { + return password; + } + + char[] toCharArray() { + return password.toCharArray(); + } + + boolean isCorrectPasswordPattern() { + return password.matches(PASSWORD_PATTERN); + } +} diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PemToPKCS12Converter.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PemToPKCS12Converter.java new file mode 100644 index 00000000..eab9bf7c --- /dev/null +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PemToPKCS12Converter.java @@ -0,0 +1,133 @@ +/*============LICENSE_START======================================================= + * aaf-certservice-client + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.client.certification.conversion; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.StringReader; +import java.security.KeyStore; +import java.security.KeyStore.LoadStoreParameter; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.cert.Certificate; +import java.security.cert.CertificateException; +import java.util.List; +import java.util.Optional; +import org.bouncycastle.cert.X509CertificateHolder; +import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.bouncycastle.openssl.PEMParser; +import org.onap.aaf.certservice.client.certification.exception.PemToPKCS12ConverterException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +class PemToPKCS12Converter { + + private final static String PKCS12 = "PKCS12"; + private final static String PASSWORD_ERROR_MSG = "Password should be min. 16 chars long and should contain only alphanumeric characters and special characters like Underscore (_), Dollar ($) and Pound (#)"; + private final LoadStoreParameter EMPTY_KEYSTORE_CONFIGURATION = null; + private final Logger LOGGER = LoggerFactory.getLogger(PemToPKCS12Converter.class); + + byte[] convertKeystore(List<String> certificateChain, Password password, String alias, PrivateKey privateKey) + throws PemToPKCS12ConverterException { + LOGGER.debug("Converting PEM certificates to PKCS12 keystore."); + return convert(certificateChain, password, certs -> getKeyStore(alias, password, certs, privateKey)); + } + + byte[] convertTruststore(List<String> trustAnchors, Password password, String alias) + throws PemToPKCS12ConverterException { + LOGGER.debug("Converting PEM certificates to PKCS12 truststore."); + return convert(trustAnchors, password, certs -> getTrustStore(alias, certs)); + } + + private byte[] convert(List<String> certificates, Password password, StoreEntryOperation operation) + throws PemToPKCS12ConverterException { + checkPassword(password); + final Certificate[] X509Certificates = convertToCertificateArray(certificates); + return getKeyStoreBytes(password, operation, X509Certificates); + } + + private void checkPassword(Password password) throws PemToPKCS12ConverterException { + if (!password.isCorrectPasswordPattern()) { + LOGGER.error(PASSWORD_ERROR_MSG); + throw new PemToPKCS12ConverterException(PASSWORD_ERROR_MSG); + } + } + + private byte[] getKeyStoreBytes(Password password, StoreEntryOperation op, Certificate[] x509Certificates) + throws PemToPKCS12ConverterException { + try (ByteArrayOutputStream bos = new ByteArrayOutputStream()) { + KeyStore ks = op.getStore(x509Certificates); + ks.store(bos, password.toCharArray()); + return bos.toByteArray(); + } catch (IOException | CertificateException | NoSuchAlgorithmException | KeyStoreException e) { + LOGGER.error("Pem to PKCS12 converter failed", e); + throw new PemToPKCS12ConverterException(e); + } + } + + private KeyStore getKeyStore(String alias, Password password, Certificate[] certificates, PrivateKey privateKey) + throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException { + KeyStore ks = getKeyStoreInstance(); + ks.setKeyEntry(alias, privateKey, password.toCharArray(), certificates); + return ks; + } + + private KeyStore getTrustStore(String alias, Certificate[] certificates) + throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException { + KeyStore ks = getKeyStoreInstance(); + long i = 1L; + for (Certificate c : certificates) { + ks.setCertificateEntry(alias + i++, c); + } + return ks; + } + + private KeyStore getKeyStoreInstance() + throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException { + KeyStore ks = KeyStore.getInstance(PKCS12); + ks.load(EMPTY_KEYSTORE_CONFIGURATION); + return ks; + } + + private Certificate[] convertToCertificateArray(List<String> certificates) + throws PemToPKCS12ConverterException { + Certificate[] parsedCertificates = new Certificate[certificates.size()]; + for (String certificate : certificates) { + parsedCertificates[certificates.indexOf(certificate)] = parseCertificate(certificate); + } + return parsedCertificates; + } + + private Certificate parseCertificate(String certificate) throws PemToPKCS12ConverterException { + try (PEMParser pem = new PEMParser(new StringReader(certificate))) { + X509CertificateHolder certHolder = Optional.ofNullable((X509CertificateHolder) pem.readObject()) + .orElseThrow( + () -> new PemToPKCS12ConverterException("The certificate couldn't be parsed correctly. " + certificate)); + return new JcaX509CertificateConverter() + .setProvider(new BouncyCastleProvider()) + .getCertificate(certHolder); + } catch (IOException | CertificateException e) { + LOGGER.error("Certificates conversion failed", e); + throw new PemToPKCS12ConverterException(e); + } + } +} diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/RandomPasswordGenerator.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/RandomPasswordGenerator.java new file mode 100644 index 00000000..5db7b26f --- /dev/null +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/RandomPasswordGenerator.java @@ -0,0 +1,47 @@ +/*============LICENSE_START======================================================= + * aaf-certservice-client + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.client.certification.conversion; + +import java.security.SecureRandom; +import org.apache.commons.lang3.RandomStringUtils; + +class RandomPasswordGenerator { + + private static final String ALPHA = "abcdefghijklmnopqrstuvwxyz"; + private static final String NUMBERS = "0123456789"; + private static final String SPECIAL_CHARS = "_$#"; + private static final char[] SET_OF_CHARS = (ALPHA + ALPHA.toUpperCase() + NUMBERS + SPECIAL_CHARS).toCharArray(); + private static final char START_POSITION_IN_ASCII_CHARS = 0; + private static final char END_POSITION_IN_ASCII_CHARS = 0; + private static final boolean USE_LETTERS_ONLY = false; + private static final boolean USE_NUMBERS_ONLY = false; + + Password generate(int passwordLength) { + return new Password(RandomStringUtils.random( + passwordLength, + START_POSITION_IN_ASCII_CHARS, + END_POSITION_IN_ASCII_CHARS, + USE_LETTERS_ONLY, + USE_NUMBERS_ONLY, + SET_OF_CHARS, + new SecureRandom())); + } +} + diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/StoreEntryOperation.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/StoreEntryOperation.java new file mode 100644 index 00000000..6ee7817b --- /dev/null +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/StoreEntryOperation.java @@ -0,0 +1,34 @@ +/*============LICENSE_START======================================================= + * aaf-certservice-client + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.client.certification.conversion; + +import java.io.IOException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.cert.Certificate; +import java.security.cert.CertificateException; + +@FunctionalInterface +public interface StoreEntryOperation { + + KeyStore getStore(Certificate[] certificates) + throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException; +} diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/exception/CsrGenerationException.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/exception/CsrGenerationException.java new file mode 100644 index 00000000..c1d4afd2 --- /dev/null +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/exception/CsrGenerationException.java @@ -0,0 +1,35 @@ +/*============LICENSE_START======================================================= + * aaf-certservice-client + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.client.certification.exception; + +import org.onap.aaf.certservice.client.api.ExitCode; +import org.onap.aaf.certservice.client.api.ExitableException; + +public class CsrGenerationException extends ExitableException { + private static final ExitCode EXIT_CODE = ExitCode.CSR_GENERATION_EXCEPTION; + + public CsrGenerationException(Throwable e) { + super(e); + } + + public int applicationExitCode() { + return EXIT_CODE.getValue(); + } +} diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/exception/PemToPKCS12ConverterException.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/exception/PemToPKCS12ConverterException.java new file mode 100644 index 00000000..87020d6f --- /dev/null +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/exception/PemToPKCS12ConverterException.java @@ -0,0 +1,39 @@ +/*============LICENSE_START======================================================= + * aaf-certservice-client + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.client.certification.exception; + +import org.onap.aaf.certservice.client.api.ExitCode; +import org.onap.aaf.certservice.client.api.ExitableException; + +public class PemToPKCS12ConverterException extends ExitableException { + private static final ExitCode EXIT_CODE = ExitCode.PKCS12_CONVERSION_EXCEPTION; + + public PemToPKCS12ConverterException(Throwable e) { + super(e); + } + public PemToPKCS12ConverterException(String message) { + super(message); + } + + @Override + public int applicationExitCode() { + return EXIT_CODE.getValue(); + } +} diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/exception/PkEncodingException.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/exception/PkEncodingException.java new file mode 100644 index 00000000..596a6a44 --- /dev/null +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/exception/PkEncodingException.java @@ -0,0 +1,35 @@ +/*============LICENSE_START======================================================= + * aaf-certservice-client + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.client.certification.exception; + +import org.onap.aaf.certservice.client.api.ExitCode; +import org.onap.aaf.certservice.client.api.ExitableException; + +public class PkEncodingException extends ExitableException { + private static final ExitCode EXIT_CODE = ExitCode.PK_TO_PEM_ENCODING_EXCEPTION; + + public PkEncodingException(Throwable e) { + super(e); + } + + public int applicationExitCode() { + return EXIT_CODE.getValue(); + } +} diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/common/Base64Encoder.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/common/Base64Encoder.java new file mode 100644 index 00000000..1f90db1b --- /dev/null +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/common/Base64Encoder.java @@ -0,0 +1,28 @@ +/*============LICENSE_START======================================================= + * aaf-certservice-client + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.client.common; + +import org.bouncycastle.util.encoders.Base64; + +public class Base64Encoder { + public String encode(String string){ + return new String(Base64.encode(string.getBytes())); + } +}
\ No newline at end of file diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/configuration/EnvProvider.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/configuration/EnvProvider.java index beccd383..25a152bf 100644 --- a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/configuration/EnvProvider.java +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/configuration/EnvProvider.java @@ -19,8 +19,15 @@ */ package org.onap.aaf.certservice.client.configuration; +import java.util.Optional; + public class EnvProvider { - public String readEnvVariable(String envVariable) { - return System.getProperty(envVariable); + public Optional<String> readEnvVariable(String envVariableName) { + return Optional.ofNullable(System.getenv(envVariableName)) + .filter(EnvProvider::isEnvPresent); + } + + private static Boolean isEnvPresent(String envValue) { + return !"".equals(envValue); } } diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/configuration/EnvValidationUtils.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/configuration/EnvValidationUtils.java index b87df5be..b0405274 100644 --- a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/configuration/EnvValidationUtils.java +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/configuration/EnvValidationUtils.java @@ -27,17 +27,13 @@ public final class EnvValidationUtils { private EnvValidationUtils() {} public static Boolean isPathValid(String path) { - return path.matches("^/|(/[a-zA-Z0-9_-]+)+$"); + return path.matches("^/|(/[a-zA-Z0-9_-]+)+/?$"); } public static Boolean isAlphaNumeric(String caName) { return caName.matches("^[a-zA-Z0-9]*$"); } - public static Boolean isEnvExists(String envValue) { - return envValue != null && !"".equals(envValue); - } - public static Boolean isCountryValid(String country) { return country.matches("^([A-Z][A-Z])$"); } diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/configuration/EnvsForClient.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/configuration/EnvsForClient.java index aad64f5b..1ce76370 100644 --- a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/configuration/EnvsForClient.java +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/configuration/EnvsForClient.java @@ -19,33 +19,31 @@ */ package org.onap.aaf.certservice.client.configuration; +import java.util.Optional; + public class EnvsForClient { - private static final EnvProvider envProvider = new EnvProvider(); - private final String urlToCertService; - private final String requestTimeOut; - private final String outputPath; - private final String caName; + private final EnvProvider envProvider = new EnvProvider(); public EnvsForClient() { - this.urlToCertService = envProvider.readEnvVariable(ClientConfigurationEnvs.REQUEST_URL.toString()); - this.requestTimeOut = envProvider.readEnvVariable(ClientConfigurationEnvs.REQUEST_TIMEOUT.toString()); - this.outputPath = envProvider.readEnvVariable(ClientConfigurationEnvs.OUTPUT_PATH.toString()); - this.caName = envProvider.readEnvVariable(ClientConfigurationEnvs.CA_NAME.toString()); } - public String getUrlToCertService() { - return urlToCertService; + public Optional<String> getUrlToCertService() { + return readEnv(ClientConfigurationEnvs.REQUEST_URL); + } + + public Optional<String> getRequestTimeOut() { + return readEnv(ClientConfigurationEnvs.REQUEST_TIMEOUT); } - public String getRequestTimeOut() { - return requestTimeOut; + public Optional<String> getOutputPath() { + return readEnv(ClientConfigurationEnvs.OUTPUT_PATH); } - public String getOutputPath() { - return outputPath; + public Optional<String> getCaName() { + return readEnv(ClientConfigurationEnvs.CA_NAME); } - public String getCaName() { - return caName; + private Optional<String> readEnv(ClientConfigurationEnvs envName) { + return envProvider.readEnvVariable(envName.toString()); } } diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/configuration/EnvsForCsr.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/configuration/EnvsForCsr.java index 0c948d3f..77efc198 100644 --- a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/configuration/EnvsForCsr.java +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/configuration/EnvsForCsr.java @@ -19,52 +19,42 @@ */ package org.onap.aaf.certservice.client.configuration; +import java.util.Optional; public class EnvsForCsr { private final EnvProvider envProvider = new EnvProvider(); - private String commonName; - private String organization; - private String organizationUnit; - private String location; - private String state; - private String country; - private String subjectAlternativesName; - public EnvsForCsr() { - this.commonName = envProvider.readEnvVariable(CsrConfigurationEnvs.COMMON_NAME.toString()); - this.organization = envProvider.readEnvVariable(CsrConfigurationEnvs.ORGANIZATION.toString()); - this.organizationUnit = envProvider.readEnvVariable(CsrConfigurationEnvs.ORGANIZATION_UNIT.toString()); - this.location = envProvider.readEnvVariable(CsrConfigurationEnvs.LOCATION.toString()); - this.state = envProvider.readEnvVariable(CsrConfigurationEnvs.STATE.toString()); - this.country = envProvider.readEnvVariable(CsrConfigurationEnvs.COUNTRY.toString()); - this.subjectAlternativesName = envProvider.readEnvVariable(CsrConfigurationEnvs.SANS.toString()); + public EnvsForCsr() {} + + public Optional<String> getCommonName() { + return readEnv(CsrConfigurationEnvs.COMMON_NAME); } - public String getCommonName() { - return commonName; + public Optional<String> getOrganization() { + return readEnv(CsrConfigurationEnvs.ORGANIZATION); } - public String getOrganization() { - return organization; + public Optional<String> getOrganizationUnit() { + return readEnv(CsrConfigurationEnvs.ORGANIZATION_UNIT); } - public String getOrganizationUnit() { - return organizationUnit; + public Optional<String> getLocation() { + return readEnv(CsrConfigurationEnvs.LOCATION); } - public String getLocation() { - return location; + public Optional<String> getState() { + return readEnv(CsrConfigurationEnvs.STATE); } - public String getState() { - return state; + public Optional<String> getCountry() { + return readEnv(CsrConfigurationEnvs.COUNTRY); } - public String getCountry() { - return country; + public Optional<String> getSubjectAlternativesName() { + return readEnv(CsrConfigurationEnvs.SANS); } - public String getSubjectAlternativesName() { - return subjectAlternativesName; + private Optional<String> readEnv(CsrConfigurationEnvs envName) { + return envProvider.readEnvVariable(envName.toString()); } } diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/configuration/factory/ClientConfigurationFactory.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/configuration/factory/ClientConfigurationFactory.java index 96b1fb8b..3bd15288 100644 --- a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/configuration/factory/ClientConfigurationFactory.java +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/configuration/factory/ClientConfigurationFactory.java @@ -20,14 +20,15 @@ package org.onap.aaf.certservice.client.configuration.factory; + + +import java.util.Optional; import org.onap.aaf.certservice.client.configuration.ClientConfigurationEnvs; import org.onap.aaf.certservice.client.configuration.EnvValidationUtils; import org.onap.aaf.certservice.client.configuration.EnvsForClient; import org.onap.aaf.certservice.client.configuration.exception.ClientConfigurationException; import org.onap.aaf.certservice.client.configuration.model.ClientConfiguration; -import java.util.Optional; - public class ClientConfigurationFactory implements AbstractConfigurationFactory<ClientConfiguration> { private final EnvsForClient envsForClient; @@ -42,18 +43,18 @@ public class ClientConfigurationFactory implements AbstractConfigurationFactory< ClientConfiguration configuration = new ClientConfiguration(); - Optional.ofNullable(envsForClient.getUrlToCertService()).filter(EnvValidationUtils::isEnvExists) + envsForClient.getUrlToCertService() .map(configuration::setUrlToCertService); - Optional.ofNullable(envsForClient.getRequestTimeOut()).filter(EnvValidationUtils::isEnvExists) + envsForClient.getRequestTimeOut() .map(timeout -> configuration.setRequestTimeout(Integer.valueOf(timeout))); - Optional.ofNullable(envsForClient.getOutputPath()).filter(EnvValidationUtils::isEnvExists) + envsForClient.getOutputPath() .filter(EnvValidationUtils::isPathValid) .map(configuration::setCertsOutputPath) .orElseThrow(() -> new ClientConfigurationException(ClientConfigurationEnvs.OUTPUT_PATH + " is invalid.")); - Optional.ofNullable(envsForClient.getCaName()).filter(EnvValidationUtils::isEnvExists) + envsForClient.getCaName() .filter(EnvValidationUtils::isAlphaNumeric) .map(configuration::setCaName) .orElseThrow(() -> new ClientConfigurationException(ClientConfigurationEnvs.CA_NAME + " is invalid.")); diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/configuration/factory/CsrConfigurationFactory.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/configuration/factory/CsrConfigurationFactory.java index 61e1b3c3..1e5d5c53 100644 --- a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/configuration/factory/CsrConfigurationFactory.java +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/configuration/factory/CsrConfigurationFactory.java @@ -43,32 +43,32 @@ public class CsrConfigurationFactory implements AbstractConfigurationFactory<Csr CsrConfiguration configuration = new CsrConfiguration(); - Optional.ofNullable(envsForCsr.getCommonName()).filter(EnvValidationUtils::isEnvExists) + envsForCsr.getCommonName() .filter(EnvValidationUtils::isCommonNameValid) .map(configuration::setCommonName) .orElseThrow(() -> new CsrConfigurationException(CsrConfigurationEnvs.COMMON_NAME + " is invalid.")); - Optional.ofNullable(envsForCsr.getOrganization()).filter(EnvValidationUtils::isEnvExists) + envsForCsr.getOrganization() .filter(org -> !EnvValidationUtils.isSpecialCharsPresent(org)) .map(configuration::setOrganization) .orElseThrow(() -> new CsrConfigurationException(CsrConfigurationEnvs.ORGANIZATION + " is invalid.")); - Optional.ofNullable(envsForCsr.getState()).filter(EnvValidationUtils::isEnvExists) + envsForCsr.getState() .map(configuration::setState) .orElseThrow(() -> new CsrConfigurationException(CsrConfigurationEnvs.STATE + " is invalid.")); - Optional.ofNullable(envsForCsr.getCountry()).filter(EnvValidationUtils::isEnvExists) + envsForCsr.getCountry() .filter(EnvValidationUtils::isCountryValid) .map(configuration::setCountry) .orElseThrow(() -> new CsrConfigurationException(CsrConfigurationEnvs.COUNTRY + " is invalid.")); - Optional.ofNullable(envsForCsr.getOrganizationUnit()).filter(EnvValidationUtils::isEnvExists) + envsForCsr.getOrganizationUnit() .map(configuration::setOrganizationUnit); - Optional.ofNullable(envsForCsr.getLocation()).filter(EnvValidationUtils::isEnvExists) + envsForCsr.getLocation() .map(configuration::setLocation); - Optional.ofNullable(envsForCsr.getSubjectAlternativesName()).filter(EnvValidationUtils::isEnvExists) + envsForCsr.getSubjectAlternativesName() .map(configuration::setSubjectAlternativeNames); return configuration; diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/configuration/model/CsrConfiguration.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/configuration/model/CsrConfiguration.java index 30caf42a..aaaf10fa 100644 --- a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/configuration/model/CsrConfiguration.java +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/configuration/model/CsrConfiguration.java @@ -29,7 +29,7 @@ public class CsrConfiguration implements ConfigurationModel { private String country; private String organizationUnit; private String location; - private String subjectAlternativeNames; + private String sans; public String getCommonName() { @@ -86,12 +86,12 @@ public class CsrConfiguration implements ConfigurationModel { return this; } - public String getSubjectAlternativeNames() { - return subjectAlternativeNames; + public String getSans() { + return sans; } public CsrConfiguration setSubjectAlternativeNames(String subjectAlternativeNames) { - this.subjectAlternativeNames = subjectAlternativeNames; + this.sans = subjectAlternativeNames; return this; } } diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/httpclient/CloseableHttpClientProvider.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/httpclient/CloseableHttpClientProvider.java new file mode 100644 index 00000000..ff29a14d --- /dev/null +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/httpclient/CloseableHttpClientProvider.java @@ -0,0 +1,40 @@ +/* + * ============LICENSE_START======================================================= + * aaf-certservice-client + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.client.httpclient; + +import org.apache.http.client.config.RequestConfig; +import org.apache.http.impl.client.CloseableHttpClient; +import org.apache.http.impl.client.HttpClientBuilder; + +public class CloseableHttpClientProvider { + + private final int timeout; + + public CloseableHttpClientProvider(int timeout) { + this.timeout = timeout; + } + + public CloseableHttpClient getClient() { + RequestConfig config = + RequestConfig.custom().setConnectionRequestTimeout(timeout).build(); + return HttpClientBuilder.create().setDefaultRequestConfig(config).build(); + } +} diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/httpclient/HttpClient.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/httpclient/HttpClient.java new file mode 100644 index 00000000..30f881bb --- /dev/null +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/httpclient/HttpClient.java @@ -0,0 +1,117 @@ +/* + * ============LICENSE_START======================================================= + * aaf-certservice-client + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.client.httpclient; + +import com.google.gson.Gson; +import org.apache.http.HttpEntity; +import org.apache.http.HttpResponse; +import org.apache.http.HttpStatus; +import org.apache.http.client.methods.HttpGet; +import org.apache.http.impl.client.CloseableHttpClient; +import org.apache.http.util.EntityUtils; +import org.onap.aaf.certservice.client.httpclient.exception.CertServiceApiResponseException; +import org.onap.aaf.certservice.client.httpclient.exception.HttpClientException; +import org.onap.aaf.certservice.client.httpclient.model.CertServiceResponse; +import org.onap.aaf.certservice.client.httpclient.model.ErrorCertServiceResponse; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import java.io.IOException; + +public class HttpClient { + + private static final String CSR_HEADER_NAME = "CSR"; + private static final String PK_HEADER_NAME = "PK"; + private static final String CHARSET_UTF_8 = "UTF-8"; + + private final Logger LOGGER = LoggerFactory.getLogger(HttpClient.class); + + private final Gson gson = new Gson(); + private final CloseableHttpClientProvider httpClientProvider; + private final String certServiceAddress; + + public HttpClient(CloseableHttpClientProvider httpClientProvider, String certServiceAddress) { + this.httpClientProvider = httpClientProvider; + this.certServiceAddress = certServiceAddress; + } + + public CertServiceResponse retrieveCertServiceData(String caName, String csr, String encodedPk) + throws CertServiceApiResponseException, HttpClientException { + + try (CloseableHttpClient httpClient = httpClientProvider.getClient()) { + LOGGER.info("Sending request to API. Url: {}{} ", certServiceAddress, caName); + HttpResponse httpResponse = httpClient.execute(createHttpRequest(caName, csr, encodedPk)); + LOGGER.info("Received response from API"); + return extractCertServiceResponse(httpResponse); + + } catch (IOException e) { + LOGGER.error("Failed execute request to API for URL: {}{} . Exception message: {}", + certServiceAddress, caName, e.getMessage()); + throw new HttpClientException(e); + } + } + + private int getStatusCode(HttpResponse httpResponse) { + return httpResponse.getStatusLine().getStatusCode(); + } + + private CertServiceResponse extractCertServiceResponse(HttpResponse httpResponse) + throws CertServiceApiResponseException, HttpClientException { + int httpResponseCode = getStatusCode(httpResponse); + if (HttpStatus.SC_OK != httpResponseCode) { + LOGGER.error("Error on API response. Response Code: {}", httpResponseCode); + throw generateApiResponseException(httpResponse); + } + String jsonResponse = getStringResponse(httpResponse.getEntity()); + return gson.fromJson(jsonResponse, CertServiceResponse.class); + } + + private String getStringResponse(HttpEntity httpEntity) throws HttpClientException { + try { + return EntityUtils.toString(httpEntity, CHARSET_UTF_8); + } catch (IOException e) { + LOGGER.error("Cannot parse response to string", e); + throw new HttpClientException(e); + } + } + + private HttpGet createHttpRequest(String caName, String csr, String pk) { + String url = certServiceAddress + caName; + HttpGet httpGet = new HttpGet(url); + httpGet.addHeader(CSR_HEADER_NAME, csr); + httpGet.addHeader(PK_HEADER_NAME, pk); + return httpGet; + } + + + private CertServiceApiResponseException generateApiResponseException(HttpResponse httpResponse) + throws HttpClientException { + String stringResponse = getStringResponse(httpResponse.getEntity()); + ErrorCertServiceResponse errorCertServiceResponse = + gson.fromJson(stringResponse, ErrorCertServiceResponse.class); + + String messageFromApi = errorCertServiceResponse.getMessage(); + String path = errorCertServiceResponse.getPath(); + int httpResponseCode = getStatusCode(httpResponse); + + return new CertServiceApiResponseException(certServiceAddress + path, httpResponseCode, messageFromApi); + } +} diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/httpclient/exception/CertServiceApiResponseException.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/httpclient/exception/CertServiceApiResponseException.java new file mode 100644 index 00000000..40470af3 --- /dev/null +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/httpclient/exception/CertServiceApiResponseException.java @@ -0,0 +1,42 @@ +/* + * ============LICENSE_START======================================================= + * aaf-certservice-client + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.client.httpclient.exception; + +import org.onap.aaf.certservice.client.api.ExitCode; +import org.onap.aaf.certservice.client.api.ExitableException; + +public class CertServiceApiResponseException extends ExitableException { + private final ExitCode EXIT_CODE = ExitCode.CERT_SERVICE_API_CONNECTION_EXCEPTION; + + public CertServiceApiResponseException(String url, int responseCode, String messageFromAPI) { + + super(String.format("Request failed for URL '%s'. Response code: %d . Message from API: %s", + url, + responseCode, + messageFromAPI)); + } + + @Override + public int applicationExitCode() { + return EXIT_CODE.getValue(); + } + +} diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/httpclient/exception/HttpClientException.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/httpclient/exception/HttpClientException.java new file mode 100644 index 00000000..d6fb1461 --- /dev/null +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/httpclient/exception/HttpClientException.java @@ -0,0 +1,37 @@ +/* + * ============LICENSE_START======================================================= + * aaf-certservice-client + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.client.httpclient.exception; + +import org.onap.aaf.certservice.client.api.ExitCode; +import org.onap.aaf.certservice.client.api.ExitableException; + +public class HttpClientException extends ExitableException { + private final ExitCode EXIT_CODE = ExitCode.HTTP_CLIENT_EXCEPTION; + + public HttpClientException(Throwable e) { + super(e); + } + + @Override + public int applicationExitCode() { + return EXIT_CODE.getValue(); + } +} diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/httpclient/model/CertServiceResponse.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/httpclient/model/CertServiceResponse.java new file mode 100644 index 00000000..4ca17999 --- /dev/null +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/httpclient/model/CertServiceResponse.java @@ -0,0 +1,44 @@ +/* + * ============LICENSE_START======================================================= + * aaf-certservice-client + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.client.httpclient.model; + +import java.util.Collections; +import java.util.List; + +public class CertServiceResponse { + + private final List<String> certificateChain; + private final List<String> trustedCertificates; + + public CertServiceResponse(List<String> certificateChain, List<String> trustedCertificates) { + this.certificateChain = certificateChain; + this.trustedCertificates = trustedCertificates; + } + + public List<String> getCertificateChain() { + return Collections.unmodifiableList(certificateChain); + } + + public List<String> getTrustedCertificates() { + return Collections.unmodifiableList(trustedCertificates); + } + +} diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/httpclient/model/ErrorCertServiceResponse.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/httpclient/model/ErrorCertServiceResponse.java new file mode 100644 index 00000000..6fe99ce5 --- /dev/null +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/httpclient/model/ErrorCertServiceResponse.java @@ -0,0 +1,40 @@ +/* + * ============LICENSE_START======================================================= + * aaf-certservice-client + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.client.httpclient.model; + +public class ErrorCertServiceResponse { + + private final String message; + private final String path; + + public ErrorCertServiceResponse(String message, String path) { + this.message = message; + this.path = path; + } + + public String getMessage() { + return message; + } + + public String getPath() { + return path; + } +} |