diff options
Diffstat (limited to 'certServiceClient/src/main')
6 files changed, 113 insertions, 60 deletions
diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/api/ExitStatus.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/api/ExitStatus.java index 6e91fe84..1d321688 100644 --- a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/api/ExitStatus.java +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/api/ExitStatus.java @@ -27,7 +27,7 @@ public enum ExitStatus { CSR_GENERATION_EXCEPTION(4,"Fail in CSR generation"), CERT_SERVICE_API_CONNECTION_EXCEPTION(5,"CertService HTTP unsuccessful response"), HTTP_CLIENT_EXCEPTION(6,"Internal HTTP Client connection problem"), - PKCS12_CONVERSION_EXCEPTION(7,"Fail in PKCS12 conversion"), + PEM_CONVERSION_EXCEPTION(7,"Fail in PEM conversion"), PK_TO_PEM_ENCODING_EXCEPTION(8,"Fail in Private Key to PEM Encoding"), TLS_CONFIGURATION_EXCEPTION(9, "Invalid TLS configuration"), FILE_CREATION_EXCEPTION(10, "File could not be created"); diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ArtifactsCreatorProvider.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ArtifactsCreatorProvider.java index dd4df73b..d3d8a11b 100644 --- a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ArtifactsCreatorProvider.java +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ArtifactsCreatorProvider.java @@ -22,33 +22,40 @@ import org.onap.aaf.certservice.client.certification.PrivateKeyToPemEncoder; import org.onap.aaf.certservice.client.certification.writer.CertFileWriter; public enum ArtifactsCreatorProvider { - P12 { + P12("PKCS12") { @Override ArtifactsCreator create(String destPath) { - return new PKCS12ArtifactsCreator( - new CertFileWriter(destPath), - new RandomPasswordGenerator(), - new PemToPKCS12Converter()); + return ConvertedArtifactsCreatorFactory.createConverter(destPath, getExtension(), getKeyStoreType()); } }, - JKS { + JKS("JKS") { @Override ArtifactsCreator create(String destPath) { - return null; + return ConvertedArtifactsCreatorFactory.createConverter(destPath, getExtension(), getKeyStoreType()); } }, - PEM { + PEM("PEM"){ @Override ArtifactsCreator create(String destPath) { - return new PemArtifactsCreator( - new CertFileWriter(destPath), - new PrivateKeyToPemEncoder()); + return new PemArtifactsCreator(new CertFileWriter(destPath), new PrivateKeyToPemEncoder()); } }; + private final String keyStoreType; + ArtifactsCreatorProvider(String keyStoreType) { + this.keyStoreType = keyStoreType; + } public static ArtifactsCreator getCreator(String outputType, String destPath) { return valueOf(outputType).create(destPath); } + String getKeyStoreType() { + return keyStoreType; + } + + String getExtension() { + return this.toString().toLowerCase(); + } + abstract ArtifactsCreator create(String destPath); } diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PKCS12ArtifactsCreator.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ConvertedArtifactsCreator.java index c1e7c1c8..4e300074 100644 --- a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PKCS12ArtifactsCreator.java +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ConvertedArtifactsCreator.java @@ -22,57 +22,63 @@ package org.onap.aaf.certservice.client.certification.conversion; import java.security.PrivateKey; import java.util.List; import org.onap.aaf.certservice.client.certification.exception.CertFileWriterException; -import org.onap.aaf.certservice.client.certification.exception.PemToPKCS12ConverterException; +import org.onap.aaf.certservice.client.certification.exception.PemConversionException; import org.onap.aaf.certservice.client.certification.writer.CertFileWriter; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -public class PKCS12ArtifactsCreator implements ArtifactsCreator { +public class ConvertedArtifactsCreator implements ArtifactsCreator { - private static final Logger LOGGER = LoggerFactory.getLogger(PKCS12ArtifactsCreator.class); + private static final Logger LOGGER = LoggerFactory.getLogger(ConvertedArtifactsCreator.class); private static final String CERTIFICATE_ALIAS = "certificate"; private static final String TRUSTED_CERTIFICATE_ALIAS = "trusted-certificate-"; private static final int PASSWORD_LENGTH = 24; - private static final String KEYSTORE_P12 = "keystore.p12"; - private static final String KEYSTORE_PASS = "keystore.pass"; - private static final String TRUSTSTORE_P12 = "truststore.p12"; - private static final String TRUSTSTORE_PASS = "truststore.pass"; - private final RandomPasswordGenerator generator; - private final PemToPKCS12Converter converter; - private final CertFileWriter writer; + private static final String PASS_EXT = "pass"; + private static final String KEYSTORE = "keystore"; + private static final String TRUSTSTORE = "truststore"; - public PKCS12ArtifactsCreator(CertFileWriter writer, RandomPasswordGenerator generator, - PemToPKCS12Converter converter) { - this.generator = generator; + private final String fileExtension; + private final RandomPasswordGenerator passwordGenerator; + private final PemConverter converter; + private final CertFileWriter fileWriter; + + public ConvertedArtifactsCreator(CertFileWriter fileWriter, RandomPasswordGenerator passwordGenerator, + PemConverter converter, String fileExtension) { + this.passwordGenerator = passwordGenerator; this.converter = converter; - this.writer = writer; + this.fileWriter = fileWriter; + this.fileExtension = fileExtension; } @Override public void create(List<String> keystoreData, List<String> truststoreData, PrivateKey privateKey) - throws PemToPKCS12ConverterException, CertFileWriterException { + throws PemConversionException, CertFileWriterException { createKeystore(keystoreData,privateKey); createTruststore(truststoreData); } private void createKeystore(List<String> data, PrivateKey privateKey) - throws PemToPKCS12ConverterException, CertFileWriterException { - Password password = generator.generate(PASSWORD_LENGTH); + throws PemConversionException, CertFileWriterException { + Password password = passwordGenerator.generate(PASSWORD_LENGTH); + String keystoreArtifactName = String.format("%s.%s", KEYSTORE, fileExtension); + String keystorePass = String.format("%s.%s", KEYSTORE, PASS_EXT); - LOGGER.debug("Attempt to create PKCS12 keystore files and saving data. File names: {}, {}", KEYSTORE_P12, KEYSTORE_PASS); + LOGGER.debug("Attempt to create keystore files and saving data. File names: {}, {}", keystoreArtifactName, keystorePass); - writer.saveData(converter.convertKeystore(data, password, CERTIFICATE_ALIAS, privateKey), KEYSTORE_P12); - writer.saveData(getPasswordAsBytes(password), KEYSTORE_PASS); + fileWriter.saveData(converter.convertKeystore(data, password, CERTIFICATE_ALIAS, privateKey), keystoreArtifactName); + fileWriter.saveData(getPasswordAsBytes(password), keystorePass); } private void createTruststore(List<String> data) - throws PemToPKCS12ConverterException, CertFileWriterException { - Password password = generator.generate(PASSWORD_LENGTH); + throws PemConversionException, CertFileWriterException { + Password password = passwordGenerator.generate(PASSWORD_LENGTH); + String truststoreArtifactName = String.format("%s.%s", TRUSTSTORE, fileExtension); + String truststorePass = String.format("%s.%s", TRUSTSTORE, PASS_EXT); - LOGGER.debug("Attempt to create PKCS12 truststore files and saving data. File names: {}, {}", TRUSTSTORE_P12, TRUSTSTORE_PASS); + LOGGER.debug("Attempt to create truststore files and saving data. File names: {}, {}", truststoreArtifactName, truststorePass); - writer.saveData(converter.convertTruststore(data, password, TRUSTED_CERTIFICATE_ALIAS), TRUSTSTORE_P12); - writer.saveData(getPasswordAsBytes(password), TRUSTSTORE_PASS); + fileWriter.saveData(converter.convertTruststore(data, password, TRUSTED_CERTIFICATE_ALIAS), truststoreArtifactName); + fileWriter.saveData(getPasswordAsBytes(password), truststorePass); } private byte[] getPasswordAsBytes(Password password) { diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ConvertedArtifactsCreatorFactory.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ConvertedArtifactsCreatorFactory.java new file mode 100644 index 00000000..5a37482a --- /dev/null +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ConvertedArtifactsCreatorFactory.java @@ -0,0 +1,36 @@ +/*============LICENSE_START======================================================= + * aaf-certservice-client + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.client.certification.conversion; + +import org.onap.aaf.certservice.client.certification.writer.CertFileWriter; + +public class ConvertedArtifactsCreatorFactory { + + private ConvertedArtifactsCreatorFactory() { } + + public static ConvertedArtifactsCreator createConverter(String destPath, String fileExtension, String keyStoreType) { + return new ConvertedArtifactsCreator( + new CertFileWriter(destPath), + new RandomPasswordGenerator(), + new PemConverter(keyStoreType), + fileExtension); + } + +} diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PemToPKCS12Converter.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PemConverter.java index ef1666dc..083e4bcf 100644 --- a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PemToPKCS12Converter.java +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PemConverter.java @@ -35,52 +35,56 @@ import org.bouncycastle.cert.X509CertificateHolder; import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.openssl.PEMParser; -import org.onap.aaf.certservice.client.certification.exception.PemToPKCS12ConverterException; +import org.onap.aaf.certservice.client.certification.exception.PemConversionException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -class PemToPKCS12Converter { +class PemConverter { - private static final Logger LOGGER = LoggerFactory.getLogger(PemToPKCS12Converter.class); - private static final String PKCS12 = "PKCS12"; + private static final Logger LOGGER = LoggerFactory.getLogger(PemConverter.class); private static final String PASSWORD_ERROR_MSG = "Password should be min. 16 chars long and should contain only alphanumeric characters and special characters like Underscore (_), Dollar ($) and Pound (#)"; private final LoadStoreParameter EMPTY_KEYSTORE_CONFIGURATION = null; + private final String keyStoreType; + + public PemConverter(String keyStoreType) { + this.keyStoreType = keyStoreType; + } byte[] convertKeystore(List<String> certificateChain, Password password, String alias, PrivateKey privateKey) - throws PemToPKCS12ConverterException { - LOGGER.info("Conversion of PEM certificates to PKCS12 keystore"); + throws PemConversionException { + LOGGER.info("Conversion of PEM certificates to " + keyStoreType + " keystore"); return convert(certificateChain, password, certs -> getKeyStore(alias, password, certs, privateKey)); } byte[] convertTruststore(List<String> trustAnchors, Password password, String alias) - throws PemToPKCS12ConverterException { - LOGGER.info("Conversion of PEM certificates to PKCS12 truststore"); + throws PemConversionException { + LOGGER.info("Conversion of PEM certificates to " + keyStoreType + " truststore"); return convert(trustAnchors, password, certs -> getTrustStore(alias, certs)); } private byte[] convert(List<String> certificates, Password password, StoreEntryOperation operation) - throws PemToPKCS12ConverterException { + throws PemConversionException { checkPassword(password); final Certificate[] X509Certificates = convertToCertificateArray(certificates); return getKeyStoreBytes(password, operation, X509Certificates); } - private void checkPassword(Password password) throws PemToPKCS12ConverterException { + private void checkPassword(Password password) throws PemConversionException { if (!password.isCorrectPasswordPattern()) { LOGGER.error(PASSWORD_ERROR_MSG); - throw new PemToPKCS12ConverterException(PASSWORD_ERROR_MSG); + throw new PemConversionException(PASSWORD_ERROR_MSG); } } private byte[] getKeyStoreBytes(Password password, StoreEntryOperation op, Certificate[] x509Certificates) - throws PemToPKCS12ConverterException { + throws PemConversionException { try (ByteArrayOutputStream bos = new ByteArrayOutputStream()) { KeyStore ks = op.getStore(x509Certificates); ks.store(bos, password.toCharArray()); return bos.toByteArray(); } catch (IOException | CertificateException | NoSuchAlgorithmException | KeyStoreException e) { - LOGGER.error("Pem to PKCS12 converter failed, exception message: {}", e.getMessage()); - throw new PemToPKCS12ConverterException(e); + LOGGER.error("Pem to " + keyStoreType + " converter failed, exception message: {}", e.getMessage()); + throw new PemConversionException(e); } } @@ -103,13 +107,13 @@ class PemToPKCS12Converter { private KeyStore getKeyStoreInstance() throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException { - KeyStore ks = KeyStore.getInstance(PKCS12); + KeyStore ks = KeyStore.getInstance(keyStoreType); ks.load(EMPTY_KEYSTORE_CONFIGURATION); return ks; } private Certificate[] convertToCertificateArray(List<String> certificates) - throws PemToPKCS12ConverterException { + throws PemConversionException { Certificate[] parsedCertificates = new Certificate[certificates.size()]; for (String certificate : certificates) { parsedCertificates[certificates.indexOf(certificate)] = parseCertificate(certificate); @@ -117,17 +121,17 @@ class PemToPKCS12Converter { return parsedCertificates; } - private Certificate parseCertificate(String certificate) throws PemToPKCS12ConverterException { + private Certificate parseCertificate(String certificate) throws PemConversionException { try (PEMParser pem = new PEMParser(new StringReader(certificate))) { X509CertificateHolder certHolder = Optional.ofNullable((X509CertificateHolder) pem.readObject()) .orElseThrow( - () -> new PemToPKCS12ConverterException("The certificate couldn't be parsed correctly. " + certificate)); + () -> new PemConversionException("The certificate couldn't be parsed correctly. " + certificate)); return new JcaX509CertificateConverter() .setProvider(new BouncyCastleProvider()) .getCertificate(certHolder); } catch (IOException | CertificateException e) { LOGGER.error("Certificates conversion failed, exception message: {}", e.getMessage()); - throw new PemToPKCS12ConverterException(e); + throw new PemConversionException(e); } } } diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/exception/PemToPKCS12ConverterException.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/exception/PemConversionException.java index b98f4ace..11c448ee 100644 --- a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/exception/PemToPKCS12ConverterException.java +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/exception/PemConversionException.java @@ -22,13 +22,13 @@ package org.onap.aaf.certservice.client.certification.exception; import org.onap.aaf.certservice.client.api.ExitStatus; import org.onap.aaf.certservice.client.api.ExitableException; -public class PemToPKCS12ConverterException extends ExitableException { - private static final ExitStatus EXIT_STATUS = ExitStatus.PKCS12_CONVERSION_EXCEPTION; +public class PemConversionException extends ExitableException { + private static final ExitStatus EXIT_STATUS = ExitStatus.PEM_CONVERSION_EXCEPTION; - public PemToPKCS12ConverterException(Throwable e) { + public PemConversionException(Throwable e) { super(e); } - public PemToPKCS12ConverterException(String message) { + public PemConversionException(String message) { super(message); } |