aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2021-07-13[OOM-CERT-SERVICE] Refactor CertService API codePiotr Marcinkiewicz18-176/+277
- move conversion StringBase64 to PrivateKey to separate class - move protection algorithm classes to separate package - adjust modifiers and test to above changes Issue-ID: OOM-2753 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: Ifafa38162acfcd59d5177dbc478a6209e97a18e3
2021-07-12Merge "[OOM-K8S-CERT-EXTERNAL-PROVIDER] Add check if cert should be updated"Pawel Baniewski4-3/+255
2021-07-09Merge "[OOM-CERT-SERVICE] Add Unit test for private key in pkcs1 format"Pawel Baniewski2-8/+58
2021-07-09[OOM-CERT-SERVICE] Alignment of makefileTomasz Wrobel2-6/+13
- Add more SANs to openssl request creation - Add customization of CA destination Issue-ID: OOM-2753 Signed-off-by: Tomasz Wrobel <tomasz.wrobel@nokia.com> Change-Id: I409a874983bdc7cda61195086549abc30259fb3c
2021-07-09[OOM-CERT-SERVICE] Add Unit test for private key in pkcs1 formatTomasz Wrobel2-8/+58
Issue-ID: OOM-2753 Signed-off-by: Tomasz Wrobel <tomasz.wrobel@nokia.com> Change-Id: I91000b223c30eae1cd9f4d48be9e8197e239e1d2
2021-07-08[OOM-CERT-SERVICE] Code refactorJoanna Jeremicz32-501/+543
- Rename methods names to more descriptive ones - Group classes in packages - Simplify certificate model usage in KUR (use BouncyCastle object) Issue-ID: OOM-2753 Signed-off-by: Joanna Jeremicz <joanna.jeremicz@nokia.com> Change-Id: I0507752b8d74a71ef27545648c2045f2033a330a
2021-07-08[OOM-K8S-CERT-EXTERNAL-PROVIDER] Add check if cert should be updatedRemigiusz Janeczek4-3/+255
Issue-ID: OOM-2753 Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com> Change-Id: If0d7154b39c9ca7f9a7942f61b93725405b8f4e8
2021-07-07Merge "[OOM-CERT-SERVICE] Add Certification Request functionality"Pawel Baniewski8-22/+124
2021-07-07Merge "[OOM-K8S-CERT-EXTERNAL-PROVIDER] Format golang code"Pawel Baniewski11-29/+25
2021-07-06[OOM-K8S-CERT-EXTERNAL-PROVIDER] Format golang codeRemigiusz Janeczek11-29/+25
Issue-ID: OOM-2753 Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com> Change-Id: I7b2f83dff5f7894b3064461b523bd94a77cac1f3
2021-07-06[OOM-CERT-SERVICE] Add Certification Request functionalityJoanna Jeremicz8-22/+124
Issue-ID: OOM-2753 Signed-off-by: Joanna Jeremicz <joanna.jeremicz@nokia.com> Change-Id: Id8702dd45254f0e82d9b71e5e69372569e523838
2021-07-05[OOM-CERT-SERVICE] Add Key Update Request functionalityTomasz Wrobel13-38/+487
Issue-ID: OOM-2753 Signed-off-by: Tomasz Wrobel <tomasz.wrobel@nokia.com> Change-Id: Icecef30b830c38606e17fbc2c502208543d048d2
2021-07-02[OOM-CERT-SERVICE] Fix EJBCA "CA with name - does not exist" errorRemigiusz Janeczek1-0/+1
When sending KUR request to EJBCA it fails with error: "CA with name - does not exist" Issue-ID: OOM-2753 Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com> Change-Id: I19d41fd1c8718d5b7e82f361d398c1ebe2545401
2021-07-02Merge "[OOM-CERT-SERVICE] Add Certificate Update Admin role"Bogumil Zebek1-0/+7
2021-07-02[OOM-CERT-SERVICE] Fix makefile requestsRemigiusz Janeczek1-4/+4
Issue-ID: OOM-2753 Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com> Change-Id: Ic295f805b8aea6f13b95e6c972037066471a5faa
2021-07-01Merge "[OOM-CERT-SERVICE] Add logic for KUR/CR detection"Bogumil Zebek23-135/+1246
2021-07-01Merge "[OOM-CERT-SERVICE] Modify EJBCA configuration"Bogumil Zebek3-2/+13
2021-07-01Merge "[OOM-CERT-SERVICE] Add handling cmp response when PBM value is missing."Bogumil Zebek2-20/+106
2021-07-01[OOM-CERT-SERVICE] Add logic for KUR/CR detectionRemigiusz Janeczek23-135/+1246
Issue-ID: OOM-2753 Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com> Change-Id: I571ad3914a870dde83929cb6121c2c63a5df3ae4
2021-06-30[OOM-CERT-SERVICE] Modify EJBCA configurationJoanna Jeremicz3-2/+13
- Do not create default ManagementCA with generated UID - Create ManagementCA with hardcoded UID to allow performing KUR Issue-ID: OOM-2753 Signed-off-by: Joanna Jeremicz <joanna.jeremicz@nokia.com> Change-Id: Ief51c27200300118ffa0206ba2657504ce4bc69c
2021-06-30[OOM-CERT-SERVICE] Add handling cmp response when PBM value is missing.Tomasz Wrobel2-22/+106
Issue-ID: OOM-2753 Signed-off-by: Tomasz Wrobel <tomasz.wrobel@nokia.com> Change-Id: I38de28c994b5c83f936b3b5ea47d024a96f4733e
2021-06-30[OOM-CERT-SERVICE] Add curl requests to MakefileRemigiusz Janeczek5-0/+144
Increase max header size (default was too low for update requests) Issue-ID: OOM-2753 Change-Id: I3614d8d34ed18ae52cec8fb4f9349e170c2ac3af Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
2021-06-30[OOM-CERT-SERVICE] Add Certificate Update Admin rolePiotr Marcinkiewicz1-0/+7
Add Certificate Update Admin role in order to allow performing KUR/CR in EJBCA. Issue-ID: OOM-2753 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: Ib07a694c6a88d5ad58059cd331d2eddbcaf8a97b
2021-06-29Merge "[OOM-CERT-SERVICE] Add update endpoint"Bogumil Zebek4-7/+195
2021-06-29[OOM-CERT-SERVICE] Add update endpointPiotr Marcinkiewicz4-7/+195
- Add endpoint with old cert and old PK parameters for KUR/CR requests Issue-ID: OOM-2753 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: I094ce1a39a11bbb94f94e0b13ca7ff71eb99dd30
2021-06-28[OOM-CERT-SERVICE] Implement signature PKIMessage protectionPiotr Marcinkiewicz11-90/+611
- Add signature protection - Refactor password-based protection code - Add JUnit tests Issue-ID: OOM-2753 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: I398568a35e52a816c32646c8915db5c287ede401
2021-06-18Merge "Fix sonar issues"Pawel Baniewski14-69/+59
2021-06-18Merge "[OOM-CERT-SERVICE] Deprecate certServiceClient - update docs"Pawel Baniewski15-436/+249
2021-06-15Merge "[OOM-CERT-SERVICE] Fix cmpv2 issuer error when CRD is removed"Pawel Baniewski1-3/+4
2021-06-15[OOM-CERT-SERVICE] Fix cmpv2 issuer error when CRD is removedTomasz Wrobel1-3/+4
Issue-ID: OOM-2771 Signed-off-by: Tomasz Wrobel <tomasz.wrobel@nokia.com> Change-Id: I28f7a0d7fb3e7f6227b0a4ac64ca45c274956b8e
2021-06-10[OOM-CERT-SERVICE] Deprecate certServiceClient - update docsPiotr Marcinkiewicz15-436/+249
- Remove certServiceClient description from docs - Move descrption of CMPv2 provider to "How to use functionality" - Update description of getting certs for CertService in OOM - Update certService version to 2.4.0 Issue-ID: OOM-2744 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: I283755b8fbd579646f979c88ea3022266855c4dc
2021-06-10Fix sonar issuesRemigiusz Janeczek14-69/+59
Issue-ID: OOM-2764 Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com> Change-Id: Iab71cbcac1982207e6f29b4b046280ad27143e03
2021-06-02Merge "[OOM-CERT-SERVICE] Configure EJBCA to handle Key Update Request"Bogumil Zebek1-1/+5
2021-06-01Deprecate certServiceClientRemigiusz Janeczek4-6/+9
- disable certServiceClient submodule - set fixed version for certServiceClient image usage Issue-ID: OOM-2744 Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com> Change-Id: Ibfca21ffe4310e7a5d124853c4b33c1c481f10a8
2021-06-01[OOM-CERT-SERVICE] Configure EJBCA to handle Key Update RequestPiotr Marcinkiewicz1-1/+5
Change RA response protection from pbe to signature, set HMAC and End entity certificate authentication in order to enable Key Update Request in EJBCA. Set default CA, which will sign Confirmation Response message. Issue-ID: OOM-2753 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: I1ab13b0a55711291a8c2a1448ae3497747348d67
2021-05-11[OOM-CERT-SERVICE] Update EJBCA image tag to 7.4.3.2Tomasz Wrobel1-1/+1
Issue-ID: OOM-2649 Signed-off-by: Tomasz Wrobel <tomasz.wrobel@nokia.com> Change-Id: I1c1d650b5bb85aa5a235f1e9476475e30a90987c
2021-02-24Create Honolulu release noteshonoluluPiotr Marcinkiewicz1-21/+28
Issue-ID: REQ-601 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: I4bbce41cb8e9dde9f90ad8eb8e3f1a85d0ea94fa
2021-01-27Release 2.3.3Joanna Jeremicz2-1/+18
Issue-ID: OOM-2658 Signed-off-by: Joanna Jeremicz <joanna.jeremicz@nokia.com> Change-Id: I360bed0c0cd01da65d46d02abf73bddb9710329d
2021-01-27[OOM-CERT-SERVICE] Fix KeyUsage extention sent to CMPv2 server2.3.3Piotr Marcinkiewicz2-6/+87
- fix setting key usage to digitalSignature & keyEncipherment & nonRepudiation - set extended key usage to clientAuth & serverAuth Issue-ID: OOM-2658 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: I5c00f622c3d117a63e4f48a3d2a90fd48cce3d0e
2021-01-19[CMPV2] Fix NPE & enhance error messagesJan Malkiewicz14-103/+254
Fix NPE. Include error messages returned by CMP server in API response. Issue-ID: OOM-2657 Signed-off-by: Jan Malkiewicz <jan.malkiewicz@nokia.com> Change-Id: I6ec46b14ba04b5be10de5994236efd8fc14c5d2e
2020-12-28Release CertService 2.3.2Remigiusz Janeczek2-0/+59
Issue-ID: OOM-2656 Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com> Change-Id: I232c132b8dbcc657dce8de0d5bcc5e6af64a4491
2020-12-22Merge "[OOM-CERT-SERVICE] Align implementation with RFC4210"2.3.2Pawel Baniewski13-24/+32
2020-12-21[CMPV2] Add description of the flag CMPv2CertManagerIntegrationJan Malkiewicz1-0/+3
Issue-ID: OOM-2560 Signed-off-by: Jan Malkiewicz <jan.malkiewicz@nokia.com> Change-Id: Ifb5f045d54ea5d2e1673bebf1af1e3113b71375c
2020-12-18[OOM-CERT-SERVICE] Align implementation with RFC4210Piotr Marcinkiewicz13-24/+32
- change MAC algorithm - limit iterations to random value from 1000-2000 range - correct caName validation to allow URL safe characters Issue-ID: OOM-2656 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: I2c320607e7a02996cd249f45ac224e3f3a8aa3c9
2020-12-18[CMPV2] Enhance documentation for CMPv2 cert providerJan Malkiewicz2-12/+14
Issue-ID: OOM-2560 Signed-off-by: Jan Malkiewicz <jan.malkiewicz@nokia.com> Change-Id: I0a8a1979ca815a76b2e3318cc357da848fe52a9e
2020-12-15[OOM-K8S-CERT-EXTERNAL-PROVIDER] Add information about SANs to external providerPiotr Marcinkiewicz1-1/+9
Issue-ID: OOM-2559 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: Ib4cb6d07db38aff7cfe1bdb1710d3c2c193cfcdf
2020-12-09[OOM-CERT-SERVICE] Correct SANs documentation and loggingPiotr Marcinkiewicz2-6/+4
- correct properties logging format in external provider - correct SANs documentation Issue-ID: OOM-2559 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: If58e6ca53849e6d091bba652b1cc091f37d8eeeb
2020-12-02[OOM CERT-SERVICE] Release CertService 2.3.1Remigiusz Janeczek2-1/+59
Issue-ID: OOM-2559 Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com> Change-Id: I44c2a5bd559ca89501e952f088e425dd1068fc6b
2020-12-02[OOM CERT-SERVICE-CLIENT] Fix null pointer when sans empty2.3.1Remigiusz Janeczek10-22/+53
Issue-ID: OOM-2632 Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com> Change-Id: I5e05eb2923b96313cb1d37eb844862289d6acae1
2020-12-01[OOM CERT-SERVICE] Release CertService 2.3.0Piotr Marcinkiewicz2-0/+57
Issue-ID: OOM-2559 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: I19fdf5c00656e4a309da3ad3b696e38a3cfe1cf3