From 5be846ddf01abf99ca1d15ec6ad0f3c53354272f Mon Sep 17 00:00:00 2001
From: Michal Banka <michal.banka@nokia.com>
Date: Wed, 18 Mar 2020 12:40:13 +0100
Subject: Removed unused parameters when creating certificate

Signed-off-by: Michal Banka <michal.banka@nokia.com>
Change-Id: I72d9e3ea30d3c2ba8e4e6c7e5afa0cfad2508bc5
Issue-ID: AAF-1107
---
 .../certification/CertificationProvider.java       |  3 +-
 .../certification/adapter/Cmpv2ClientAdapter.java  | 40 ++--------------------
 .../aaf/certservice/cmpv2client/api/CmpClient.java | 18 +---------
 .../cmpv2client/impl/CmpClientImpl.java            | 30 ++++++----------
 .../adapter/Cmpv2ClientAdapterTest.java            | 24 ++-----------
 .../certservice/cmpv2client/Cmpv2ClientTest.java   | 10 +++---
 6 files changed, 23 insertions(+), 102 deletions(-)

diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationProvider.java b/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationProvider.java
index fa2d88ab..6068237c 100644
--- a/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationProvider.java
+++ b/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationProvider.java
@@ -22,7 +22,6 @@ package org.onap.aaf.certservice.certification;
 
 import org.onap.aaf.certservice.certification.adapter.Cmpv2ClientAdapter;
 import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server;
-import org.onap.aaf.certservice.certification.exception.Cmpv2ClientAdapterException;
 import org.onap.aaf.certservice.certification.model.CertificationModel;
 import org.onap.aaf.certservice.certification.model.CsrModel;
 import org.onap.aaf.certservice.cmpv2client.exceptions.CmpClientException;
@@ -40,7 +39,7 @@ public class CertificationProvider {
     }
 
     CertificationModel signCsr(CsrModel csrModel, Cmpv2Server server)
-            throws CmpClientException, Cmpv2ClientAdapterException {
+            throws CmpClientException {
         return cmpv2ClientAdapter.callCmpClient(csrModel, server);
     }
 
diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapter.java b/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapter.java
index 2477c421..96fe4607 100644
--- a/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapter.java
+++ b/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapter.java
@@ -20,26 +20,16 @@
 
 package org.onap.aaf.certservice.certification.adapter;
 
-import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.StringWriter;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
 import java.util.List;
 import java.util.stream.Collectors;
 
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.cert.X509v3CertificateBuilder;
 import org.bouncycastle.openssl.jcajce.JcaMiscPEMGenerator;
-import org.bouncycastle.operator.ContentSigner;
-import org.bouncycastle.operator.OperatorCreationException;
-import org.bouncycastle.pkcs.PKCS10CertificationRequest;
 import org.bouncycastle.util.io.pem.PemObjectGenerator;
 import org.bouncycastle.util.io.pem.PemWriter;
 import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server;
-import org.onap.aaf.certservice.certification.exception.Cmpv2ClientAdapterException;
 import org.onap.aaf.certservice.certification.model.CertificationModel;
 import org.onap.aaf.certservice.certification.model.CsrModel;
 import org.onap.aaf.certservice.cmpv2client.api.CmpClient;
@@ -55,18 +45,10 @@ public class Cmpv2ClientAdapter {
     private static final Logger LOGGER = LoggerFactory.getLogger(Cmpv2ClientAdapter.class);
 
     private final CmpClient cmpClient;
-    private final RsaContentSignerBuilder rsaContentSignerBuilder;
-    private final X509CertificateBuilder x509CertificateBuilder;
-    private final CertificateFactoryProvider certificateFactoryProvider;
 
     @Autowired
-    public Cmpv2ClientAdapter(CmpClient cmpClient, RsaContentSignerBuilder rsaContentSignerBuilder,
-                              X509CertificateBuilder x509CertificateBuilder,
-                              CertificateFactoryProvider certificateFactoryProvider) {
+    public Cmpv2ClientAdapter(CmpClient cmpClient) {
         this.cmpClient = cmpClient;
-        this.rsaContentSignerBuilder = rsaContentSignerBuilder;
-        this.x509CertificateBuilder = x509CertificateBuilder;
-        this.certificateFactoryProvider = certificateFactoryProvider;
     }
 
     /**
@@ -76,13 +58,10 @@ public class Cmpv2ClientAdapter {
      * @param server   Cmp Server configuration from cmpServers.json
      * @return container for returned certificates
      * @throws CmpClientException          Exceptions which comes from Cmp Client
-     * @throws Cmpv2ClientAdapterException Exceptions which comes from Adapter itself
      */
     public CertificationModel callCmpClient(CsrModel csrModel, Cmpv2Server server)
-            throws CmpClientException, Cmpv2ClientAdapterException {
-        List<List<X509Certificate>> certificates = cmpClient.createCertificate(server.getCaName(),
-                server.getCaMode().getProfile(), csrModel, server,
-                convertCsrToX509Certificate(csrModel.getCsr(), csrModel.getPrivateKey()));
+            throws CmpClientException {
+        List<List<X509Certificate>> certificates = cmpClient.createCertificate(csrModel, server);
         return new CertificationModel(convertFromX509CertificateListToPemList(certificates.get(0)),
                 convertFromX509CertificateListToPemList(certificates.get(1)));
     }
@@ -98,19 +77,6 @@ public class Cmpv2ClientAdapter {
         return sw.toString();
     }
 
-    private X509Certificate convertCsrToX509Certificate(PKCS10CertificationRequest csr, PrivateKey privateKey)
-            throws Cmpv2ClientAdapterException {
-        try {
-            X509v3CertificateBuilder certificateGenerator = x509CertificateBuilder.build(csr);
-            ContentSigner signer = rsaContentSignerBuilder.build(csr, privateKey);
-            X509CertificateHolder holder = certificateGenerator.build(signer);
-            return certificateFactoryProvider
-                    .generateCertificate(new ByteArrayInputStream(holder.toASN1Structure().getEncoded()));
-        } catch (IOException | CertificateException | OperatorCreationException | NoSuchProviderException e) {
-            throw new Cmpv2ClientAdapterException(e);
-        }
-    }
-
     private List<String> convertFromX509CertificateListToPemList(List<X509Certificate> certificates) {
         return certificates.stream().map(this::convertFromX509CertificateToPem).filter(cert -> !cert.isEmpty())
                 .collect(Collectors.toList());
diff --git a/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/api/CmpClient.java b/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/api/CmpClient.java
index 7de3b712..6ff1bf68 100644
--- a/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/api/CmpClient.java
+++ b/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/api/CmpClient.java
@@ -41,13 +41,8 @@ public interface CmpClient {
    * IAK/RV, Verification of the signature (proof-of-possession) on the request is performed and an
    * Exception thrown if verification fails or issue encountered in fetching certificate from CA.
    *
-   * @param caName    Information about the External Root Certificate Authority (CA) performing the
-   *                  event CA Name. Could be {@code null}.
-   * @param profile   Profile on CA server Client/RA Mode configuration on Server. Could be {@code
-   *                  null}.
    * @param csrModel  Certificate Signing Request model. Must not be {@code null}.
    * @param server    CMPv2 Server. Must not be {@code null}.
-   * @param csr       Certificate Signing Request {.cer} file. Must not be {@code null}.
    * @param notBefore An optional validity to set in the created certificate, Certificate not valid
    *                  before this date.
    * @param notAfter  An optional validity to set in the created certificate, Certificate not valid
@@ -56,11 +51,8 @@ public interface CmpClient {
    * @throws CmpClientException if client error occurs.
    */
   List<List<X509Certificate>> createCertificate(
-      String caName,
-      String profile,
       CsrModel csrModel,
       Cmpv2Server server,
-      X509Certificate csr,
       Date notBefore,
       Date notAfter)
       throws CmpClientException;
@@ -71,21 +63,13 @@ public interface CmpClient {
    * IAK/RV, Verification of the signature (proof-of-possession) on the request is performed and an
    * Exception thrown if verification fails or issue encountered in fetching certificate from CA.
    *
-   * @param caName    Information about the External Root Certificate Authority (CA) performing the
-   *                  event CA Name. Could be {@code null}.
-   * @param profile   Profile on CA server Client/RA Mode configuration on Server. Could be {@code
-   *                  null}.
    * @param csrModel  Certificate Signing Request Model. Must not be {@code null}.
    * @param server    CMPv2 server. Must not be {@code null}.
-   * @param csr       Certificate Signing Request {.cer} file. Must not be {@code null}.
    * @return {@link X509Certificate} The newly created Certificate.
    * @throws CmpClientException if client error occurs.
    */
   List<List<X509Certificate>> createCertificate(
-      String caName,
-      String profile,
       CsrModel csrModel,
-      Cmpv2Server server,
-      X509Certificate csr)
+      Cmpv2Server server)
       throws CmpClientException;
 }
diff --git a/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpClientImpl.java b/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpClientImpl.java
index 79656e91..08c43031 100644
--- a/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpClientImpl.java
+++ b/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpClientImpl.java
@@ -48,6 +48,7 @@ import org.bouncycastle.asn1.cmp.PKIBody;
 import org.bouncycastle.asn1.cmp.PKIHeader;
 import org.bouncycastle.asn1.cmp.PKIMessage;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.onap.aaf.certservice.certification.configuration.model.CaMode;
 import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server;
 import org.onap.aaf.certservice.certification.model.CsrModel;
 import org.onap.aaf.certservice.cmpv2client.exceptions.CmpClientException;
@@ -64,7 +65,6 @@ public class CmpClientImpl implements CmpClient {
     private static final Logger LOG = LoggerFactory.getLogger(CmpClientImpl.class);
     private final CloseableHttpClient httpClient;
 
-    private static final String DEFAULT_PROFILE = "RA";
     private static final String DEFAULT_CA_NAME = "Certification Authority";
 
     public CmpClientImpl(CloseableHttpClient httpClient) {
@@ -73,16 +73,13 @@ public class CmpClientImpl implements CmpClient {
 
     @Override
     public List<List<X509Certificate>> createCertificate(
-            String caName,
-            String profile,
             CsrModel csrModel,
             Cmpv2Server server,
-            X509Certificate cert,
             Date notBefore,
             Date notAfter)
             throws CmpClientException {
 
-        validate(csrModel, server, cert, caName, profile, httpClient, notBefore, notAfter);
+        validate(csrModel, server, httpClient, notBefore, notAfter);
         KeyPair keyPair = new KeyPair(csrModel.getPublicKey(), csrModel.getPrivateKey());
 
         final CreateCertRequest certRequest =
@@ -99,14 +96,13 @@ public class CmpClientImpl implements CmpClient {
 
         final PKIMessage pkiMessage = certRequest.generateCertReq();
         Cmpv2HttpClient cmpv2HttpClient = new Cmpv2HttpClient(httpClient);
-        return retrieveCertificates(caName, csrModel, server, pkiMessage, cmpv2HttpClient);
+        return retrieveCertificates(csrModel, server, pkiMessage, cmpv2HttpClient);
     }
 
     @Override
-    public List<List<X509Certificate>> createCertificate(
-            String caName, String profile, CsrModel csrModel, Cmpv2Server server, X509Certificate csr)
+    public List<List<X509Certificate>> createCertificate(CsrModel csrModel, Cmpv2Server server)
             throws CmpClientException {
-        return createCertificate(caName, profile, csrModel, server, csr, null, null);
+        return createCertificate(csrModel, server, null, null);
     }
 
     private void checkCmpResponse(
@@ -197,23 +193,18 @@ public class CmpClientImpl implements CmpClient {
      *
      * @param csrModel        Certificate Signing Request model. Must not be {@code null}.
      * @param server          CMPv2 Server. Must not be {@code null}.
-     * @param cert            Certificate object needed to validate response from CA server.
-     * @param incomingCaName  Date specifying certificate is not valid before this date.
-     * @param incomingProfile Date specifying certificate is not valid after this date.
      * @throws IllegalArgumentException if Before Date is set after the After Date.
      */
     private static void validate(
             final CsrModel csrModel,
             final Cmpv2Server server,
-            final X509Certificate cert,
-            final String incomingCaName,
-            final String incomingProfile,
             final CloseableHttpClient httpClient,
             final Date notBefore,
             final Date notAfter) {
 
-        String caName = CmpUtil.isNullOrEmpty(incomingCaName) ? incomingCaName : DEFAULT_CA_NAME;
-        String caProfile = CmpUtil.isNullOrEmpty(incomingProfile) ? incomingProfile : DEFAULT_PROFILE;
+
+        String caName = CmpUtil.isNullOrEmpty(server.getCaName()) ? server.getCaName() : DEFAULT_CA_NAME;
+        String caProfile = server.getCaMode() != null ? String.valueOf(server.getCaMode()) : String.valueOf(CaMode.RA);
         LOG.info(
                 "Validate before creating Certificate Request for CA :{} in Mode {} ", caName, caProfile);
 
@@ -224,7 +215,6 @@ public class CmpClientImpl implements CmpClient {
         CmpUtil.notNull(server.getIssuerDN(), "Issuer DN");
         CmpUtil.notNull(server.getUrl(), "External CA URL");
         CmpUtil.notNull(server.getAuthentication().getIak(), "IAK/RV Password");
-        CmpUtil.notNull(cert, "Certificate Signing Request (CSR)");
         CmpUtil.notNull(httpClient, "Closeable Http Client");
 
         if (notBefore != null && notAfter != null && notBefore.compareTo(notAfter) > 0) {
@@ -233,9 +223,9 @@ public class CmpClientImpl implements CmpClient {
     }
 
     private List<List<X509Certificate>> retrieveCertificates(
-            String caName, CsrModel csrModel, Cmpv2Server server, PKIMessage pkiMessage, Cmpv2HttpClient cmpv2HttpClient)
+            CsrModel csrModel, Cmpv2Server server, PKIMessage pkiMessage, Cmpv2HttpClient cmpv2HttpClient)
             throws CmpClientException {
-        final byte[] respBytes = cmpv2HttpClient.postRequest(pkiMessage, server.getUrl(), caName);
+        final byte[] respBytes = cmpv2HttpClient.postRequest(pkiMessage, server.getUrl(), server.getCaName());
         try {
             final PKIMessage respPkiMessage = PKIMessage.getInstance(respBytes);
             LOG.info("Received response from Server");
diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapterTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapterTest.java
index e18d1ffb..56a29e85 100644
--- a/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapterTest.java
+++ b/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapterTest.java
@@ -46,7 +46,6 @@ import org.mockito.Mock;
 import org.mockito.Mockito;
 import org.onap.aaf.certservice.certification.configuration.model.CaMode;
 import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server;
-import org.onap.aaf.certservice.certification.exception.Cmpv2ClientAdapterException;
 import org.onap.aaf.certservice.certification.model.CertificationModel;
 import org.onap.aaf.certservice.certification.model.CsrModel;
 import org.onap.aaf.certservice.cmpv2client.api.CmpClient;
@@ -97,7 +96,7 @@ class Cmpv2ClientAdapterTest {
         stubInternalProperties();
 
         // When
-        Mockito.when(cmpClient.createCertificate(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any()))
+        Mockito.when(cmpClient.createCertificate(Mockito.any(), Mockito.any()))
                 .thenThrow(new CmpClientException(TEST_MSG));
 
         // Then
@@ -107,12 +106,12 @@ class Cmpv2ClientAdapterTest {
     @Test
     void shouldConvertToCertificationModel()
             throws OperatorCreationException, CertificateException, NoSuchProviderException, IOException,
-            CmpClientException, Cmpv2ClientAdapterException {
+            CmpClientException {
         // Given
         stubInternalProperties();
 
         // When
-        Mockito.when(cmpClient.createCertificate(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any()))
+        Mockito.when(cmpClient.createCertificate(Mockito.any(), Mockito.any()))
                 .thenReturn(createCorrectClientResponse());
         CertificationModel certificationModel = adapter.callCmpClient(csrModel, server);
 
@@ -131,23 +130,6 @@ class Cmpv2ClientAdapterTest {
         Assertions.assertEquals(trustedCertificateModel, expectedTrustedCertificate);
     }
 
-    @Test
-    void adapterShouldThrowClientAdapterExceptionOnFailure()
-            throws OperatorCreationException, CertificateException, NoSuchProviderException, IOException,
-            CmpClientException {
-        // Given
-        stubInternalProperties();
-
-        // When
-        Mockito.when(cmpClient.createCertificate(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any()))
-                .thenReturn(createCorrectClientResponse());
-        Mockito.when(certificateFactoryProvider.generateCertificate(Mockito.any()))
-                .thenThrow(new CertificateException(TEST_MSG));
-
-        // Then
-        Assertions.assertThrows(Cmpv2ClientAdapterException.class, () -> adapter.callCmpClient(csrModel, server));
-    }
-
     private List<List<X509Certificate>> createCorrectClientResponse()
             throws CertificateException, NoSuchProviderException {
         InputStream certificateChain = getClass().getClassLoader().getResourceAsStream("certificateChain.first");
diff --git a/certService/src/test/java/org/onap/aaf/certservice/cmpv2client/Cmpv2ClientTest.java b/certService/src/test/java/org/onap/aaf/certservice/cmpv2client/Cmpv2ClientTest.java
index bea6b6a1..06eeecce 100644
--- a/certService/src/test/java/org/onap/aaf/certservice/cmpv2client/Cmpv2ClientTest.java
+++ b/certService/src/test/java/org/onap/aaf/certservice/cmpv2client/Cmpv2ClientTest.java
@@ -153,7 +153,7 @@ class Cmpv2ClientTest {
         CmpClientImpl cmpClient = spy(new CmpClientImpl(httpClient));
         // when
         List<List<X509Certificate>> cmpClientResult =
-                cmpClient.createCertificate("data", "RA", csrModel, server, cert, notBefore, notAfter);
+                cmpClient.createCertificate(csrModel, server, notBefore, notAfter);
         // then
         assertNotNull(cmpClientResult);
     }
@@ -192,7 +192,7 @@ class Cmpv2ClientTest {
         // then
         Assertions.assertThrows(
                 CmpClientException.class,
-                () -> cmpClient.createCertificate("data", "RA", csrModel, server, cert, notBefore, notAfter));
+                () -> cmpClient.createCertificate(csrModel, server, notBefore, notAfter));
     }
 
     @Test
@@ -229,7 +229,7 @@ class Cmpv2ClientTest {
         // then
         Assertions.assertThrows(
                 CmpClientException.class,
-                () -> cmpClient.createCertificate("data", "RA", csrModel, server, cert, notBefore, notAfter));
+                () -> cmpClient.createCertificate(csrModel, server, notBefore, notAfter));
     }
 
     @Test
@@ -248,7 +248,7 @@ class Cmpv2ClientTest {
         // then
         Assertions.assertThrows(
                 IllegalArgumentException.class,
-                () -> cmpClient.createCertificate("data", "RA", csrModel, server, cert, notBefore, notAfter));
+                () -> cmpClient.createCertificate(csrModel, server, notBefore, notAfter));
     }
 
     @Test
@@ -268,7 +268,7 @@ class Cmpv2ClientTest {
         // then
         Assertions.assertThrows(
                 CmpClientException.class,
-                () -> cmpClient.createCertificate("data", "RA", csrModel, server, cert, notBefore, notAfter));
+                () -> cmpClient.createCertificate(csrModel, server, notBefore, notAfter));
     }
 
     private void setCsrModelAndServerValues(String iak, String rv, String externalCaUrl, Date notBefore, Date notAfter) {
-- 
cgit 1.2.3-korg