From bc86a9547761abf886262cdc08c1096fca11da7d Mon Sep 17 00:00:00 2001 From: Joanna Jeremicz Date: Wed, 7 Jul 2021 16:18:44 +0200 Subject: [OOM-CERT-SERVICE] Code refactor - Rename methods names to more descriptive ones - Group classes in packages - Simplify certificate model usage in KUR (use BouncyCastle object) Issue-ID: OOM-2753 Signed-off-by: Joanna Jeremicz Change-Id: I0507752b8d74a71ef27545648c2045f2033a330a --- .../certservice/api/CertificationController.java | 26 +- .../certification/CertificateFactoryProvider.java | 42 --- .../certification/CertificationData.java | 128 -------- .../certification/CertificationModelFactory.java | 105 ------- .../certification/CertificationProvider.java | 33 +- .../CertificationResponseModelFactory.java | 108 +++++++ .../certservice/certification/CsrModelFactory.java | 70 ----- .../certification/PemObjectFactory.java | 49 --- .../PemStringToCertificateConverter.java | 50 --- .../Pkcs10CertificationRequestFactory.java | 45 --- .../certification/RsaContentSignerBuilder.java | 46 --- .../certservice/certification/StringBase64.java | 65 ---- .../certification/X509CertificateBuilder.java | 56 ---- .../certification/X509CertificateModelFactory.java | 77 ----- .../certification/conversion/CsrModelFactory.java | 70 +++++ .../conversion/OldCertificateModelFactory.java | 107 +++++++ .../certification/conversion/PemObjectFactory.java | 49 +++ .../PemStringToCertificateConverter.java | 50 +++ .../Pkcs10CertificationRequestFactory.java | 45 +++ .../conversion/RsaContentSignerBuilder.java | 46 +++ .../certification/conversion/StringBase64.java | 65 ++++ .../conversion/X509CertificateBuilder.java | 56 ++++ .../model/CertificateUpdateModel.java | 24 -- .../certification/model/CertificationModel.java | 44 --- .../model/CertificationResponseModel.java | 44 +++ .../certification/model/OldCertificateModel.java | 63 ++++ .../certification/model/X509CertificateModel.java | 53 ---- .../oom/certservice/cmpv2client/api/CmpClient.java | 14 +- .../cmpv2client/impl/CmpClientImpl.java | 226 +++---------- .../validation/CmpCertificationValidator.java | 142 +++++++++ .../api/CertificationControllerTest.java | 39 ++- .../certification/CertificationData.java | 128 ++++++++ .../CertificationModelFactoryTest.java | 340 -------------------- .../certification/CertificationProviderTest.java | 86 ++--- .../CertificationResponseModelFactoryTest.java | 350 +++++++++++++++++++++ .../certification/CsrModelFactoryTest.java | 141 --------- .../certification/PemObjectFactoryTest.java | 76 ----- .../PemStringToCertificateConverterTest.java | 90 ------ .../certification/RsaContentSignerBuilderTest.java | 63 ---- .../oom/certservice/certification/TestUtils.java | 2 + .../certification/X509CertificateBuilderTest.java | 69 ---- .../X509CertificateModelFactoryTest.java | 166 ---------- .../conversion/CsrModelFactoryTest.java | 142 +++++++++ .../conversion/OldCertificateModelFactoryTest.java | 202 ++++++++++++ .../conversion/PemObjectFactoryTest.java | 76 +++++ .../PemStringToCertificateConverterTest.java | 90 ++++++ .../conversion/RsaContentSignerBuilderTest.java | 61 ++++ .../conversion/X509CertificateBuilderTest.java | 68 ++++ .../certification/model/CsrModelTest.java | 4 +- .../certservice/cmpv2client/ClientTestData.java | 50 ++- .../certservice/cmpv2client/Cmpv2ClientTest.java | 31 +- 51 files changed, 2157 insertions(+), 2115 deletions(-) delete mode 100644 certService/src/main/java/org/onap/oom/certservice/certification/CertificateFactoryProvider.java delete mode 100644 certService/src/main/java/org/onap/oom/certservice/certification/CertificationData.java delete mode 100644 certService/src/main/java/org/onap/oom/certservice/certification/CertificationModelFactory.java create mode 100644 certService/src/main/java/org/onap/oom/certservice/certification/CertificationResponseModelFactory.java delete mode 100644 certService/src/main/java/org/onap/oom/certservice/certification/CsrModelFactory.java delete mode 100644 certService/src/main/java/org/onap/oom/certservice/certification/PemObjectFactory.java delete mode 100644 certService/src/main/java/org/onap/oom/certservice/certification/PemStringToCertificateConverter.java delete mode 100644 certService/src/main/java/org/onap/oom/certservice/certification/Pkcs10CertificationRequestFactory.java delete mode 100644 certService/src/main/java/org/onap/oom/certservice/certification/RsaContentSignerBuilder.java delete mode 100644 certService/src/main/java/org/onap/oom/certservice/certification/StringBase64.java delete mode 100644 certService/src/main/java/org/onap/oom/certservice/certification/X509CertificateBuilder.java delete mode 100644 certService/src/main/java/org/onap/oom/certservice/certification/X509CertificateModelFactory.java create mode 100644 certService/src/main/java/org/onap/oom/certservice/certification/conversion/CsrModelFactory.java create mode 100644 certService/src/main/java/org/onap/oom/certservice/certification/conversion/OldCertificateModelFactory.java create mode 100644 certService/src/main/java/org/onap/oom/certservice/certification/conversion/PemObjectFactory.java create mode 100644 certService/src/main/java/org/onap/oom/certservice/certification/conversion/PemStringToCertificateConverter.java create mode 100644 certService/src/main/java/org/onap/oom/certservice/certification/conversion/Pkcs10CertificationRequestFactory.java create mode 100644 certService/src/main/java/org/onap/oom/certservice/certification/conversion/RsaContentSignerBuilder.java create mode 100644 certService/src/main/java/org/onap/oom/certservice/certification/conversion/StringBase64.java create mode 100644 certService/src/main/java/org/onap/oom/certservice/certification/conversion/X509CertificateBuilder.java delete mode 100644 certService/src/main/java/org/onap/oom/certservice/certification/model/CertificationModel.java create mode 100644 certService/src/main/java/org/onap/oom/certservice/certification/model/CertificationResponseModel.java create mode 100644 certService/src/main/java/org/onap/oom/certservice/certification/model/OldCertificateModel.java delete mode 100644 certService/src/main/java/org/onap/oom/certservice/certification/model/X509CertificateModel.java create mode 100644 certService/src/main/java/org/onap/oom/certservice/cmpv2client/validation/CmpCertificationValidator.java create mode 100644 certService/src/test/java/org/onap/oom/certservice/certification/CertificationData.java delete mode 100644 certService/src/test/java/org/onap/oom/certservice/certification/CertificationModelFactoryTest.java create mode 100644 certService/src/test/java/org/onap/oom/certservice/certification/CertificationResponseModelFactoryTest.java delete mode 100644 certService/src/test/java/org/onap/oom/certservice/certification/CsrModelFactoryTest.java delete mode 100644 certService/src/test/java/org/onap/oom/certservice/certification/PemObjectFactoryTest.java delete mode 100644 certService/src/test/java/org/onap/oom/certservice/certification/PemStringToCertificateConverterTest.java delete mode 100644 certService/src/test/java/org/onap/oom/certservice/certification/RsaContentSignerBuilderTest.java delete mode 100644 certService/src/test/java/org/onap/oom/certservice/certification/X509CertificateBuilderTest.java delete mode 100644 certService/src/test/java/org/onap/oom/certservice/certification/X509CertificateModelFactoryTest.java create mode 100644 certService/src/test/java/org/onap/oom/certservice/certification/conversion/CsrModelFactoryTest.java create mode 100644 certService/src/test/java/org/onap/oom/certservice/certification/conversion/OldCertificateModelFactoryTest.java create mode 100644 certService/src/test/java/org/onap/oom/certservice/certification/conversion/PemObjectFactoryTest.java create mode 100644 certService/src/test/java/org/onap/oom/certservice/certification/conversion/PemStringToCertificateConverterTest.java create mode 100644 certService/src/test/java/org/onap/oom/certservice/certification/conversion/RsaContentSignerBuilderTest.java create mode 100644 certService/src/test/java/org/onap/oom/certservice/certification/conversion/X509CertificateBuilderTest.java diff --git a/certService/src/main/java/org/onap/oom/certservice/api/CertificationController.java b/certService/src/main/java/org/onap/oom/certservice/api/CertificationController.java index 9f877788..8e2a378e 100644 --- a/certService/src/main/java/org/onap/oom/certservice/api/CertificationController.java +++ b/certService/src/main/java/org/onap/oom/certservice/api/CertificationController.java @@ -27,12 +27,12 @@ import io.swagger.v3.oas.annotations.media.Schema; import io.swagger.v3.oas.annotations.responses.ApiResponse; import io.swagger.v3.oas.annotations.responses.ApiResponses; import io.swagger.v3.oas.annotations.tags.Tag; -import org.onap.oom.certservice.certification.CertificationModelFactory; +import org.onap.oom.certservice.certification.CertificationResponseModelFactory; import org.onap.oom.certservice.certification.exception.CertificateDecryptionException; import org.onap.oom.certservice.certification.exception.DecryptionException; import org.onap.oom.certservice.certification.exception.ErrorResponseModel; import org.onap.oom.certservice.certification.model.CertificateUpdateModel; -import org.onap.oom.certservice.certification.model.CertificationModel; +import org.onap.oom.certservice.certification.model.CertificationResponseModel; import org.onap.oom.certservice.cmpv2client.exceptions.CmpClientException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -51,11 +51,11 @@ public class CertificationController { private static final Logger LOGGER = LoggerFactory.getLogger(CertificationController.class); - private final CertificationModelFactory certificationModelFactory; + private final CertificationResponseModelFactory certificationResponseModelFactory; @Autowired - CertificationController(CertificationModelFactory certificationModelFactory) { - this.certificationModelFactory = certificationModelFactory; + CertificationController(CertificationResponseModelFactory certificationResponseModelFactory) { + this.certificationResponseModelFactory = certificationResponseModelFactory; } /** @@ -80,7 +80,7 @@ public class CertificationController { summary = "sign certificate", description = "Web endpoint for requesting certificate signing. Used by system components to gain certificate signed by CA.", tags = {"CertificationService"}) - public ResponseEntity signCertificate( + public ResponseEntity signCertificate( @Parameter(description = "Name of certification authority that will sign CSR.") @PathVariable String caName, @Parameter(description = "Certificate signing request in form of PEM object encoded in Base64 (with header and footer).") @@ -90,9 +90,9 @@ public class CertificationController { ) throws DecryptionException, CmpClientException { caName = replaceWhiteSpaceChars(caName); LOGGER.info("Received certificate signing request for CA named: {}", caName); - CertificationModel certificationModel = certificationModelFactory - .createCertificationModel(encodedCsr, encodedPrivateKey, caName); - return new ResponseEntity<>(certificationModel, HttpStatus.OK); + CertificationResponseModel certificationResponseModel = certificationResponseModelFactory + .provideCertificationModelFromInitialRequest(encodedCsr, encodedPrivateKey, caName); + return new ResponseEntity<>(certificationResponseModel, HttpStatus.OK); } /** @@ -106,7 +106,7 @@ public class CertificationController { * @return JSON containing trusted certificates and certificate chain */ @GetMapping(value = "v1/certificate-update/{caName}", produces = "application/json") - public ResponseEntity updateCertificate( + public ResponseEntity updateCertificate( @PathVariable String caName, @RequestHeader("CSR") String encodedCsr, @RequestHeader("PK") String encodedPrivateKey, @@ -122,9 +122,9 @@ public class CertificationController { .setEncodedOldPrivateKey(encodedOldPrivateKey) .setCaName(caName) .build(); - CertificationModel certificationModel = certificationModelFactory - .createCertificationModel(certificateUpdateModel); - return new ResponseEntity<>(certificationModel, HttpStatus.OK); + CertificationResponseModel certificationResponseModel = certificationResponseModelFactory + .provideCertificationModelFromUpdateRequest(certificateUpdateModel); + return new ResponseEntity<>(certificationResponseModel, HttpStatus.OK); } private String replaceWhiteSpaceChars(String text) { diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/CertificateFactoryProvider.java b/certService/src/main/java/org/onap/oom/certservice/certification/CertificateFactoryProvider.java deleted file mode 100644 index 93fa4c21..00000000 --- a/certService/src/main/java/org/onap/oom/certservice/certification/CertificateFactoryProvider.java +++ /dev/null @@ -1,42 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * Cert Service - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.oom.certservice.certification; - -import java.io.InputStream; -import java.security.NoSuchProviderException; -import java.security.Security; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; -import java.security.cert.X509Certificate; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.springframework.stereotype.Component; - -@Component -public class CertificateFactoryProvider { - - static { - Security.addProvider(new BouncyCastleProvider()); - } - - X509Certificate generateCertificate(InputStream inStream) throws CertificateException, NoSuchProviderException { - return (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(inStream); - } -} diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/CertificationData.java b/certService/src/main/java/org/onap/oom/certservice/certification/CertificationData.java deleted file mode 100644 index 11e81807..00000000 --- a/certService/src/main/java/org/onap/oom/certservice/certification/CertificationData.java +++ /dev/null @@ -1,128 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * PROJECT - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.oom.certservice.certification; - - -final class CertificationData { - - private CertificationData() { - } - - private static final String BEGIN_CERTIFICATE = "-----BEGIN CERTIFICATE-----\n"; - private static final String END_CERTIFICATE = "-----END CERTIFICATE-----"; - - static final String EXTRA_CA_CERT = "" - + BEGIN_CERTIFICATE - + "MIIDvzCCAqcCFF5DejiyfoNfPiiMmBXulniBewBGMA0GCSqGSIb3DQEBCwUAMIGb\n" - + "MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2Fu\n" - + "LUZyYW5jaXNjbzEZMBcGA1UECgwQTGludXgtRm91bmRhdGlvbjENMAsGA1UECwwE\n" - + "T05BUDEVMBMGA1UEAwwMbmV3Lm9uYXAub3JnMR4wHAYJKoZIhvcNAQkBFg90ZXN0\n" - + "ZXJAb25hcC5vcmcwHhcNMjAwMjEyMDk1OTM3WhcNMjEwMjExMDk1OTM3WjCBmzEL\n" - + "MAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbi1G\n" - + "cmFuY2lzY28xGTAXBgNVBAoMEExpbnV4LUZvdW5kYXRpb24xDTALBgNVBAsMBE9O\n" - + "QVAxFTATBgNVBAMMDG5ldy5vbmFwLm9yZzEeMBwGCSqGSIb3DQEJARYPdGVzdGVy\n" - + "QG9uYXAub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtF4FXeDV\n" - + "ng/inC/bTACmZnLC9IiC7PyG/vVbMxxN1bvQLRAwC/Hbl3i9zD68Vs/jPPr/SDr9\n" - + "2rgItdDdUY1V30Y3PT06F11XdEaRb+t++1NX0rDf1AqPaBZgnBmB86s1wbqHdJTr\n" - + "wEImDZ5xMPfP3fiWy/9Yw/U7iRMIi1/oI0lWuHJV0bn908shuJ6dvInpRCoDnoTX\n" - + "YP/FiDSZCFVewQcq4TigB7kRqZrDcPZWbSlqHklDMXRwbCxAiFSziuX6TBwru9Rn\n" - + "HhIeXVSgMU1ZSSopVbJGtQ4zSsU1nvTK5Bhc2UHGcAOZy1xTN5D9EEbTqh7l+Wtx\n" - + "y8ojkEXvFG8lVwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAE+bUphwHit78LK8sb\n" - + "OMjt4DiEu32KeSJOpYgPLeBeAIynaNsa7sQrpuxerGNTmQWIcw6olXI0J+OOwkik\n" - + "II7elrYtd5G1uALxXWdamNsaY0Du34moVL1YjexJ7qQ4oBUxg2tuY8NAQGDK+23I\n" - + "nCA+ZwzdTJo73TYS6sx64d/YLWkX4nHGUoMlF+xUH34csDyhpuTSzQhC2quB5N8z\n" - + "tSFdpe4z2jqx07qo2EBFxi03EQ8Q0ex6l421QM2gbs7cZQ66K0DkpPcF2+iHZnyx\n" - + "xq1lnlsWHklElF2bhyXTn3fPp5wtan00P8IolKx7CAWb92QjkW6M0RvTW/xuwIzh\n" - + "0rTO\n" - + END_CERTIFICATE; - - static final String CA_CERT = "" - + BEGIN_CERTIFICATE - + "MIIDtzCCAp8CFAwqQddh4/iyGfP8UZ3dpXlxfAN8MA0GCSqGSIb3DQEBCwUAMIGX\n" - + "MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2Fu\n" - + "LUZyYW5jaXNjbzEZMBcGA1UECgwQTGludXgtRm91bmRhdGlvbjENMAsGA1UECwwE\n" - + "T05BUDERMA8GA1UEAwwIb25hcC5vcmcxHjAcBgkqhkiG9w0BCQEWD3Rlc3RlckBv\n" - + "bmFwLm9yZzAeFw0yMDAyMTIwOTM0MjdaFw0yMTAyMTEwOTM0MjdaMIGXMQswCQYD\n" - + "VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuLUZyYW5j\n" - + "aXNjbzEZMBcGA1UECgwQTGludXgtRm91bmRhdGlvbjENMAsGA1UECwwET05BUDER\n" - + "MA8GA1UEAwwIb25hcC5vcmcxHjAcBgkqhkiG9w0BCQEWD3Rlc3RlckBvbmFwLm9y\n" - + "ZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCFrnO7/eT6V+7XkPPd\n" - + "eiL/6xXreuegvit/1/jTVjG+3AOVcmTn2WXwXXRcQLvkWQfJVPoltsY8E3FqFRti\n" - + "797XjY6cdQJFVDyzNU0+Fb4vJL9FK5wSvnS6EFjBEn3JvXRlENorDCs/mfjkjJoa\n" - + "Dl74gXQEJYcg4nsTeNIj7cm3Q7VK3mZt1t7LSJJ+czxv69UJDuNJpmQ/2WOKyLZA\n" - + "gTtBJ+Hyol45/OLsrqwq1dAn9ZRWIFPvRt/XQYH9bI/6MtqSreRVUrdYCiTe/XpP\n" - + "B/OM6NEi2+p5QLi3Yi70CEbqP3HqUVbkzF+r7bwIb6M5/HxfqzLmGwLvD+6rYnUn\n" - + "Bm8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAhXoO65DXth2X/zFRNsCNpLwmDy7r\n" - + "PxT9ZAIZAzSxx3/aCYiuTrKP1JnqjkO+F2IbikrI4n6sKO49SKnRf9SWTFhd+5dX\n" - + "vxq5y7MaqxHAY9J7+Qzq33+COVFQnaF7ddel2NbyUVb2b9ZINNsaZkkPXui6DtQ7\n" - + "/Fb/1tmAGWd3hMp75G2thBSzs816JMKKa9WD+4VGATEs6OSll4sv2fOZEn+0mAD3\n" - + "9q9c+WtLGIudOwcHwzPb2njtNntQSCK/tVOqbY+vzhMY3JW+p9oSrLDSdGC+pAKK\n" - + "m/wB+2VPIYcsPMtIhHC4tgoSaiCqjXYptaOh4b8ye8CPBUCpX/AYYkN0Ow==\n" - + END_CERTIFICATE; - - static final String INTERMEDIATE_CERT = "" - + BEGIN_CERTIFICATE - + "MIIDqTCCApGgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZcxCzAJBgNVBAYTAlVT\n" - + "MRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4tRnJhbmNpc2NvMRkw\n" - + "FwYDVQQKDBBMaW51eC1Gb3VuZGF0aW9uMQ0wCwYDVQQLDARPTkFQMREwDwYDVQQD\n" - + "DAhvbmFwLm9yZzEeMBwGCSqGSIb3DQEJARYPdGVzdGVyQG9uYXAub3JnMB4XDTIw\n" - + "MDIxMjA5NDAxMloXDTIyMTEwODA5NDAxMlowgYQxCzAJBgNVBAYTAlVTMRMwEQYD\n" - + "VQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4tRnJhbmNpc2NvMRkwFwYDVQQK\n" - + "DBBMaW51eC1Gb3VuZGF0aW9uMQ0wCwYDVQQLDARPTkFQMR4wHAYDVQQDDBVpbnRl\n" - + "cm1lZGlhdGUub25hcC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB\n" - + "AQC1oOYMZ6G+2DGDAizYnzdCNiogivlht1s4oqgem7fM1XFPxD2p31ATIibOdqr/\n" - + "gv1qemO9Q4r1xn6w1Ufq7T1K7PjnMzdSeTqZefurE2JM/HHx2QvW4TjMlz2ILgaD\n" - + "L1LN60kmMQSOi5VxKJpsrCQxbOsxhvefd212gny5AZMcjJe23kUd9OxUrtvpdLEv\n" - + "wI3vFEvT7oRUnEUg/XNz7qeg33vf1C39yMR+6O4s6oevgsEebVKjb+yOoS6zzGtz\n" - + "72wZjm07C54ZlO+4Uy+QAlMjRiU3mgWkKbkOy+4CvwehjhpTikdBs2DX39ZLGHhn\n" - + "L/0a2NYtGulp9XEqmTvRoI+PAgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n" - + "hvcNAQELBQADggEBADcitdJ6YswiV8jAD9GK0gf3+zqcGegt4kt+79JXlXYbb1sY\n" - + "q3o6prcB7nSUoClgF2xUPCslFGpM0Er9FCSFElQM/ru0l/KVmJS6kSpwEHvsYIH3\n" - + "q5anta+Pyk8JSQWAAw+qrind0uBQMnhR8Tn13tgV+Kjvg/xlH/nZIEdN5YtLB1cA\n" - + "beVsZRyRfVL9DeZU8s/MZ5wC3kgcEp5A4m5lg7HyBxBdqhzFcDr6xiy6OGqW8Yep\n" - + "xrwfc8Fw8a/lOv4U+tBeGNKPQDYaL9hh+oM+qMkNXsHXDqdJsuEGJtU4i3Wcwzoc\n" - + "XGN5NWV//4bP+NFmwgcn7AYCdRvz04A8GU/0Cwg=\n" - + END_CERTIFICATE; - - static final String ENTITY_CERT = "" - + BEGIN_CERTIFICATE - + "MIIDjDCCAnSgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwgYQxCzAJBgNVBAYTAlVT\n" - + "MRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4tRnJhbmNpc2NvMRkw\n" - + "FwYDVQQKDBBMaW51eC1Gb3VuZGF0aW9uMQ0wCwYDVQQLDARPTkFQMR4wHAYDVQQD\n" - + "DBVpbnRlcm1lZGlhdGUub25hcC5vcmcwHhcNMjAwMjEyMDk1MTI2WhcNMjIxMTA4\n" - + "MDk1MTI2WjB7MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG\n" - + "A1UEBwwNU2FuLUZyYW5jaXNjbzEZMBcGA1UECgwQTGludXgtRm91bmRhdGlvbjEN\n" - + "MAsGA1UECwwET05BUDEVMBMGA1UEAwwMdmlkLm9uYXAub3JnMIIBIjANBgkqhkiG\n" - + "9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw+GIRzJzUOh0gtc+wzFJEdTnn+q5F10L0Yhr\n" - + "G1xKdjPieHIFGsoiXwcuCU8arNSqlz7ocx62KQRkcA8y6edlOAsYtdOEJvqEI9vc\n" - + "eyTB/HYsbzw3URPGch4AmibrQkKU9QvGwouHtHn4R2Ft2Y0tfEqv9hxj9v4njq4A\n" - + "EiDLAFLl5FmVyCZu/MtKngSgu1smcaFKTYySPMxytgJZexoa/ALZyyE0gRhsvwHm\n" - + "NLGCPt1bmE/PEGZybsCqliyTO0S56ncD55The7+D/UDS4kE1Wg0svlWon/YsE6QW\n" - + "B3oeJDX7Kr8ebDTIAErevIAD7Sm4ee5se2zxYrsYlj0MzHZtvwIDAQABoxAwDjAM\n" - + "BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCvQ1pTvjON6vSlcJRKSY4r\n" - + "8q7L4/9ZaVXWJAjzEYJtPIqsgGiPWz0vGfgklowU6tZxp9zRZFXfMil+mPQSe+yo\n" - + "ULrZSQ/z48YHPueE/BNO/nT4aaVBEhPLR5aVwC7uQVX8H+m1V1UGT8lk9vdI9rej\n" - + "CI9l524sLCpdE4dFXiWK2XHEZ0Vfylk221u3IYEogVVA+UMX7BFPSsOnI2vtYK/i\n" - + "lwZtlri8LtTusNe4oiTkYyq+RSyDhtAswg8ANgvfHolhCHoLFj6w1IkG88UCmbwN\n" - + "d7BoGMy06y5MJxyXEZG0vR7eNeLey0TIh+rAszAFPsIQvrOHW+HuA+WLQAj1mhnm\n" - + END_CERTIFICATE; - -} diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/CertificationModelFactory.java b/certService/src/main/java/org/onap/oom/certservice/certification/CertificationModelFactory.java deleted file mode 100644 index dddeb2d3..00000000 --- a/certService/src/main/java/org/onap/oom/certservice/certification/CertificationModelFactory.java +++ /dev/null @@ -1,105 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * Cert Service - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.oom.certservice.certification; - -import org.onap.oom.certservice.certification.configuration.Cmpv2ServerProvider; -import org.onap.oom.certservice.certification.configuration.model.Cmpv2Server; -import org.onap.oom.certservice.certification.exception.CertificateDecryptionException; -import org.onap.oom.certservice.certification.exception.DecryptionException; -import org.onap.oom.certservice.certification.model.CertificateUpdateModel; -import org.onap.oom.certservice.certification.model.CertificationModel; -import org.onap.oom.certservice.certification.model.CsrModel; -import org.onap.oom.certservice.certification.model.X509CertificateModel; -import org.onap.oom.certservice.cmpv2client.exceptions.CmpClientException; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Service; - -@Service -public class CertificationModelFactory { - - private static final Logger LOGGER = LoggerFactory.getLogger(CertificationModelFactory.class); - - private final CsrModelFactory csrModelFactory; - private final Cmpv2ServerProvider cmpv2ServerProvider; - private final CertificationProvider certificationProvider; - private final X509CertificateModelFactory x509CertificateModelFactory; - private final UpdateRequestTypeDetector updateRequestTypeDetector; - - @Autowired - CertificationModelFactory( - CsrModelFactory csrModelFactory, - Cmpv2ServerProvider cmpv2ServerProvider, - CertificationProvider certificationProvider, - X509CertificateModelFactory x509CertificateModelFactory, - UpdateRequestTypeDetector updateRequestTypeDetector) { - this.cmpv2ServerProvider = cmpv2ServerProvider; - this.csrModelFactory = csrModelFactory; - this.certificationProvider = certificationProvider; - this.x509CertificateModelFactory = x509CertificateModelFactory; - this.updateRequestTypeDetector = updateRequestTypeDetector; - } - - public CertificationModel createCertificationModel(String encodedCsr, String encodedPrivateKey, String caName) - throws DecryptionException, CmpClientException { - CsrModel csrModel = csrModelFactory.createCsrModel( - new StringBase64(encodedCsr), - new StringBase64(encodedPrivateKey) - ); - LOGGER.debug("Received CSR meta data: \n{}", csrModel); - - Cmpv2Server cmpv2Server = cmpv2ServerProvider.getCmpv2Server(caName); - LOGGER.debug("Found server for given CA name: \n{}", cmpv2Server); - - LOGGER.info("Sending sign request for certification model for CA named: {}, and certificate signing request:\n{}", - caName, csrModel); - return certificationProvider.signCsr(csrModel, cmpv2Server); - } - - public CertificationModel createCertificationModel(CertificateUpdateModel certificateUpdateModel) - throws DecryptionException, CmpClientException, CertificateDecryptionException { - LOGGER.info("CSR: " + certificateUpdateModel.getEncodedCsr() + - ", old cert: " + certificateUpdateModel.getEncodedOldCert() + - ", CA: " + certificateUpdateModel.getCaName()); - final CsrModel csrModel = csrModelFactory.createCsrModel( - new StringBase64(certificateUpdateModel.getEncodedCsr()), - new StringBase64(certificateUpdateModel.getEncodedPrivateKey()) - ); - final X509CertificateModel certificateModel = x509CertificateModelFactory.createCertificateModel( - new StringBase64(certificateUpdateModel.getEncodedOldCert())); - - Cmpv2Server cmpv2Server = cmpv2ServerProvider.getCmpv2Server(certificateUpdateModel.getCaName()); - LOGGER.debug("Found server for given CA name: \n{}", cmpv2Server); - LOGGER.info("Sending update request for certification model for CA named: {}, and certificate update request:\n{}", - certificateUpdateModel.getCaName(), csrModel); - - if (updateRequestTypeDetector.isKur(csrModel.getCertificateData(), certificateModel.getCertificateData())) { - LOGGER.info( - "Certificate Signing Request and Old Certificate have the same parameters. Preparing Key Update Request"); - return certificationProvider.updateCertificate(csrModel, cmpv2Server, certificateUpdateModel); - } else { - LOGGER.info( - "Certificate Signing Request and Old Certificate have different parameters. Preparing Certification Request"); - return certificationProvider.certificationRequest(csrModel, cmpv2Server); - } - } -} diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/CertificationProvider.java b/certService/src/main/java/org/onap/oom/certservice/certification/CertificationProvider.java index 17e23e39..94e778e3 100644 --- a/certService/src/main/java/org/onap/oom/certservice/certification/CertificationProvider.java +++ b/certService/src/main/java/org/onap/oom/certservice/certification/CertificationProvider.java @@ -24,9 +24,9 @@ import org.bouncycastle.openssl.jcajce.JcaMiscPEMGenerator; import org.bouncycastle.util.io.pem.PemObjectGenerator; import org.bouncycastle.util.io.pem.PemWriter; import org.onap.oom.certservice.certification.configuration.model.Cmpv2Server; -import org.onap.oom.certservice.certification.model.CertificateUpdateModel; -import org.onap.oom.certservice.certification.model.CertificationModel; +import org.onap.oom.certservice.certification.model.CertificationResponseModel; import org.onap.oom.certservice.certification.model.CsrModel; +import org.onap.oom.certservice.certification.model.OldCertificateModel; import org.onap.oom.certservice.cmpv2client.api.CmpClient; import org.onap.oom.certservice.cmpv2client.exceptions.CmpClientException; import org.onap.oom.certservice.cmpv2client.model.Cmpv2CertificationModel; @@ -53,24 +53,21 @@ public class CertificationProvider { this.cmpClient = cmpClient; } - public CertificationModel signCsr(CsrModel csrModel, Cmpv2Server server) + public CertificationResponseModel executeInitializationRequest(CsrModel csrModel, Cmpv2Server server) throws CmpClientException { - Cmpv2CertificationModel certificates = cmpClient.createCertificate(csrModel, server); - return new CertificationModel(convertFromX509CertificateListToPemList(certificates.getCertificateChain()), - convertFromX509CertificateListToPemList(certificates.getTrustedCertificates())); + Cmpv2CertificationModel certificates = cmpClient.executeInitializationRequest(csrModel, server); + return getCertificationResponseModel(certificates); } - public CertificationModel updateCertificate(CsrModel csrModel, Cmpv2Server cmpv2Server, - CertificateUpdateModel certificateUpdateModel) throws CmpClientException { - Cmpv2CertificationModel certificates = cmpClient.updateCertificate(csrModel, cmpv2Server, certificateUpdateModel); - return new CertificationModel(convertFromX509CertificateListToPemList(certificates.getCertificateChain()), - convertFromX509CertificateListToPemList(certificates.getTrustedCertificates())); + public CertificationResponseModel executeKeyUpdateRequest(CsrModel csrModel, Cmpv2Server cmpv2Server, + OldCertificateModel oldCertificateModel) throws CmpClientException { + Cmpv2CertificationModel certificates = cmpClient.executeKeyUpdateRequest(csrModel, cmpv2Server, oldCertificateModel); + return getCertificationResponseModel(certificates); } - public CertificationModel certificationRequest(CsrModel csrModel, Cmpv2Server cmpv2Server) throws CmpClientException { - Cmpv2CertificationModel certificates = cmpClient.certificationRequest(csrModel, cmpv2Server); - return new CertificationModel(convertFromX509CertificateListToPemList(certificates.getCertificateChain()), - convertFromX509CertificateListToPemList(certificates.getTrustedCertificates())); + public CertificationResponseModel executeCertificationRequest(CsrModel csrModel, Cmpv2Server cmpv2Server) throws CmpClientException { + Cmpv2CertificationModel certificates = cmpClient.executeCertificationRequest(csrModel, cmpv2Server); + return getCertificationResponseModel(certificates); } private static List convertFromX509CertificateListToPemList(List certificates) { @@ -78,6 +75,12 @@ public class CertificationProvider { .collect(Collectors.toList()); } + private CertificationResponseModel getCertificationResponseModel(Cmpv2CertificationModel certificates) { + return new CertificationResponseModel( + convertFromX509CertificateListToPemList(certificates.getCertificateChain()), + convertFromX509CertificateListToPemList(certificates.getTrustedCertificates())); + } + private static String convertFromX509CertificateToPem(X509Certificate certificate) { StringWriter sw = new StringWriter(); try (PemWriter pw = new PemWriter(sw)) { diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/CertificationResponseModelFactory.java b/certService/src/main/java/org/onap/oom/certservice/certification/CertificationResponseModelFactory.java new file mode 100644 index 00000000..0e793bb0 --- /dev/null +++ b/certService/src/main/java/org/onap/oom/certservice/certification/CertificationResponseModelFactory.java @@ -0,0 +1,108 @@ +/* + * ============LICENSE_START======================================================= + * Cert Service + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.certification; + +import org.onap.oom.certservice.certification.configuration.Cmpv2ServerProvider; +import org.onap.oom.certservice.certification.configuration.model.Cmpv2Server; +import org.onap.oom.certservice.certification.conversion.CsrModelFactory; +import org.onap.oom.certservice.certification.conversion.OldCertificateModelFactory; +import org.onap.oom.certservice.certification.conversion.StringBase64; +import org.onap.oom.certservice.certification.exception.CertificateDecryptionException; +import org.onap.oom.certservice.certification.exception.DecryptionException; +import org.onap.oom.certservice.certification.model.CertificateUpdateModel; +import org.onap.oom.certservice.certification.model.CertificationResponseModel; +import org.onap.oom.certservice.certification.model.CsrModel; +import org.onap.oom.certservice.certification.model.OldCertificateModel; +import org.onap.oom.certservice.cmpv2client.exceptions.CmpClientException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +@Service +public class CertificationResponseModelFactory { + + private static final Logger LOGGER = LoggerFactory.getLogger(CertificationResponseModelFactory.class); + + private final CsrModelFactory csrModelFactory; + private final Cmpv2ServerProvider cmpv2ServerProvider; + private final CertificationProvider certificationProvider; + private final OldCertificateModelFactory oldCertificateModelFactory; + private final UpdateRequestTypeDetector updateRequestTypeDetector; + + @Autowired + CertificationResponseModelFactory( + CsrModelFactory csrModelFactory, + Cmpv2ServerProvider cmpv2ServerProvider, + CertificationProvider certificationProvider, + OldCertificateModelFactory oldCertificateModelFactory, + UpdateRequestTypeDetector updateRequestTypeDetector) { + this.cmpv2ServerProvider = cmpv2ServerProvider; + this.csrModelFactory = csrModelFactory; + this.certificationProvider = certificationProvider; + this.oldCertificateModelFactory = oldCertificateModelFactory; + this.updateRequestTypeDetector = updateRequestTypeDetector; + } + + public CertificationResponseModel provideCertificationModelFromInitialRequest(String encodedCsr, String encodedPrivateKey, String caName) + throws DecryptionException, CmpClientException { + CsrModel csrModel = csrModelFactory.createCsrModel( + new StringBase64(encodedCsr), + new StringBase64(encodedPrivateKey) + ); + LOGGER.debug("Received CSR meta data: \n{}", csrModel); + + Cmpv2Server cmpv2Server = cmpv2ServerProvider.getCmpv2Server(caName); + LOGGER.debug("Found server for given CA name: \n{}", cmpv2Server); + + LOGGER.info("Sending sign request for certification model for CA named: {}, and certificate signing request:\n{}", + caName, csrModel); + return certificationProvider.executeInitializationRequest(csrModel, cmpv2Server); + } + + public CertificationResponseModel provideCertificationModelFromUpdateRequest(CertificateUpdateModel certificateUpdateModel) + throws DecryptionException, CmpClientException, CertificateDecryptionException { + LOGGER.info("CSR: " + certificateUpdateModel.getEncodedCsr() + + ", old cert: " + certificateUpdateModel.getEncodedOldCert() + + ", CA: " + certificateUpdateModel.getCaName()); + final CsrModel csrModel = csrModelFactory.createCsrModel( + new StringBase64(certificateUpdateModel.getEncodedCsr()), + new StringBase64(certificateUpdateModel.getEncodedPrivateKey()) + ); + final OldCertificateModel certificateModel = oldCertificateModelFactory.createCertificateModel( + new StringBase64(certificateUpdateModel.getEncodedOldCert()), certificateUpdateModel.getEncodedOldPrivateKey()); + + Cmpv2Server cmpv2Server = cmpv2ServerProvider.getCmpv2Server(certificateUpdateModel.getCaName()); + LOGGER.debug("Found server for given CA name: \n{}", cmpv2Server); + LOGGER.info("Sending update request for certification model for CA named: {}, and certificate update request:\n{}", + certificateUpdateModel.getCaName(), csrModel); + + if (updateRequestTypeDetector.isKur(csrModel.getCertificateData(), certificateModel.getCertificateData())) { + LOGGER.info( + "Certificate Signing Request and Old Certificate have the same parameters. Preparing Key Update Request"); + return certificationProvider.executeKeyUpdateRequest(csrModel, cmpv2Server, certificateModel); + } else { + LOGGER.info( + "Certificate Signing Request and Old Certificate have different parameters. Preparing Certification Request"); + return certificationProvider.executeCertificationRequest(csrModel, cmpv2Server); + } + } +} diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/CsrModelFactory.java b/certService/src/main/java/org/onap/oom/certservice/certification/CsrModelFactory.java deleted file mode 100644 index 789773d6..00000000 --- a/certService/src/main/java/org/onap/oom/certservice/certification/CsrModelFactory.java +++ /dev/null @@ -1,70 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * Cert Service - * ================================================================================ - * Copyright (C) 2020-2021 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.oom.certservice.certification; - -import org.bouncycastle.pkcs.PKCS10CertificationRequest; -import org.bouncycastle.util.io.pem.PemObject; -import org.onap.oom.certservice.certification.exception.CsrDecryptionException; -import org.onap.oom.certservice.certification.exception.DecryptionException; -import org.onap.oom.certservice.certification.exception.KeyDecryptionException; -import org.onap.oom.certservice.certification.model.CsrModel; -import org.springframework.stereotype.Service; - - -@Service -public class CsrModelFactory { - - private final PemObjectFactory pemObjectFactory - = new PemObjectFactory(); - private final Pkcs10CertificationRequestFactory certificationRequestFactory - = new Pkcs10CertificationRequestFactory(); - - - public CsrModel createCsrModel(StringBase64 csr, StringBase64 privateKey) - throws DecryptionException { - PKCS10CertificationRequest decodedCsr = decodeCsr(csr); - PemObject decodedPrivateKey = decodePrivateKey(privateKey); - return new CsrModel.CsrModelBuilder(decodedCsr, decodedPrivateKey).build(); - } - - private PemObject decodePrivateKey(StringBase64 privateKey) - throws KeyDecryptionException { - - return privateKey.asString() - .flatMap(pemObjectFactory::createPemObject) - .orElseThrow( - () -> new KeyDecryptionException("Incorrect Key, decryption failed") - ); - } - - private PKCS10CertificationRequest decodeCsr(StringBase64 csr) - throws CsrDecryptionException { - return csr.asString() - .flatMap(pemObjectFactory::createPemObject) - .flatMap(certificationRequestFactory::createPkcs10CertificationRequest) - .orElseThrow( - () -> new CsrDecryptionException("Incorrect CSR, decryption failed") - ); - } - -} - - diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/PemObjectFactory.java b/certService/src/main/java/org/onap/oom/certservice/certification/PemObjectFactory.java deleted file mode 100644 index 24d32bdd..00000000 --- a/certService/src/main/java/org/onap/oom/certservice/certification/PemObjectFactory.java +++ /dev/null @@ -1,49 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * PROJECT - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.oom.certservice.certification; - -import java.io.IOException; -import java.io.StringReader; -import java.util.Optional; - -import org.bouncycastle.util.encoders.DecoderException; -import org.bouncycastle.util.io.pem.PemObject; -import org.bouncycastle.util.io.pem.PemReader; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - - -public class PemObjectFactory { - - private static final Logger LOGGER = LoggerFactory.getLogger(PemObjectFactory.class); - - public Optional createPemObject(String pem) { - - try (StringReader stringReader = new StringReader(pem); - PemReader pemReader = new PemReader(stringReader)) { - return Optional.ofNullable(pemReader.readPemObject()); - } catch (DecoderException | IOException e) { - LOGGER.error("Exception occurred during creation of PEM:", e); - return Optional.empty(); - } - } - -} diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/PemStringToCertificateConverter.java b/certService/src/main/java/org/onap/oom/certservice/certification/PemStringToCertificateConverter.java deleted file mode 100644 index 7126cd4a..00000000 --- a/certService/src/main/java/org/onap/oom/certservice/certification/PemStringToCertificateConverter.java +++ /dev/null @@ -1,50 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * Cert Service - * ================================================================================ - * Copyright (C) 2021 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.oom.certservice.certification; - -import java.io.IOException; -import java.io.StringReader; -import java.security.cert.CertificateException; -import java.security.cert.X509Certificate; -import java.util.Optional; -import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.openssl.PEMParser; -import org.onap.oom.certservice.certification.exception.StringToCertificateConversionException; -import org.springframework.stereotype.Service; - -@Service -public class PemStringToCertificateConverter { - - public X509Certificate convert(String certificatePemString) throws StringToCertificateConversionException { - try (PEMParser pemParser = new PEMParser(new StringReader(certificatePemString))) { - X509CertificateHolder certHolder = Optional.ofNullable((X509CertificateHolder) pemParser.readObject()) - .orElseThrow( - () -> new StringToCertificateConversionException("The certificate could not be converted correctly.")); - return new JcaX509CertificateConverter() - .setProvider(new BouncyCastleProvider()) - .getCertificate(certHolder); - } catch (IOException | CertificateException e) { - throw new StringToCertificateConversionException("Exception occurred during certificate conversion.", e); - } - } -} diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/Pkcs10CertificationRequestFactory.java b/certService/src/main/java/org/onap/oom/certservice/certification/Pkcs10CertificationRequestFactory.java deleted file mode 100644 index c38eb0a1..00000000 --- a/certService/src/main/java/org/onap/oom/certservice/certification/Pkcs10CertificationRequestFactory.java +++ /dev/null @@ -1,45 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * PROJECT - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.oom.certservice.certification; - -import org.bouncycastle.pkcs.PKCS10CertificationRequest; -import org.bouncycastle.util.encoders.DecoderException; -import org.bouncycastle.util.io.pem.PemObject; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import java.io.IOException; -import java.util.Optional; - -public class Pkcs10CertificationRequestFactory { - - private static final Logger LOGGER = LoggerFactory.getLogger(Pkcs10CertificationRequestFactory.class); - - public Optional createPkcs10CertificationRequest(PemObject pemObject) { - try { - LOGGER.debug("Creating certification request from pem object"); - return Optional.of(new PKCS10CertificationRequest(pemObject.getContent())); - } catch (DecoderException | IOException e) { - LOGGER.error("Exception occurred during creation of certification request:", e); - return Optional.empty(); - } - } -} diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/RsaContentSignerBuilder.java b/certService/src/main/java/org/onap/oom/certservice/certification/RsaContentSignerBuilder.java deleted file mode 100644 index 741b20ab..00000000 --- a/certService/src/main/java/org/onap/oom/certservice/certification/RsaContentSignerBuilder.java +++ /dev/null @@ -1,46 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * Cert Service - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.oom.certservice.certification; - -import java.io.IOException; -import java.security.PrivateKey; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.crypto.util.PrivateKeyFactory; -import org.bouncycastle.operator.ContentSigner; -import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.operator.bc.BcRSAContentSignerBuilder; -import org.bouncycastle.pkcs.PKCS10CertificationRequest; -import org.springframework.stereotype.Component; - -@Component -public class RsaContentSignerBuilder { - - ContentSigner build(PKCS10CertificationRequest csr, PrivateKey privateKey) - throws IOException, OperatorCreationException { - AlgorithmIdentifier sigAlgId = csr.getSignatureAlgorithm(); - AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId); - - return new BcRSAContentSignerBuilder(sigAlgId, digAlgId) - .build(PrivateKeyFactory.createKey(privateKey.getEncoded())); - } - -} diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/StringBase64.java b/certService/src/main/java/org/onap/oom/certservice/certification/StringBase64.java deleted file mode 100644 index 9929e52c..00000000 --- a/certService/src/main/java/org/onap/oom/certservice/certification/StringBase64.java +++ /dev/null @@ -1,65 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * Cert Service - * ================================================================================ - * Copyright (C) 2020-2021 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.oom.certservice.certification; - -import java.util.Base64; -import java.util.Objects; -import java.util.Optional; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -public class StringBase64 { - - private final String value; - private final Base64.Decoder decoder = Base64.getDecoder(); - private static final Logger LOGGER = LoggerFactory.getLogger(StringBase64.class); - - public StringBase64(String value) { - this.value = value; - } - - public Optional asString() { - try { - String decodedString = new String(decoder.decode(value)); - return Optional.of(decodedString); - } catch (RuntimeException e) { - LOGGER.error("Exception occurred during decoding:", e); - return Optional.empty(); - } - } - - @Override - public boolean equals(Object otherObject) { - if (this == otherObject) { - return true; - } - if (otherObject == null || getClass() != otherObject.getClass()) { - return false; - } - StringBase64 that = (StringBase64) otherObject; - return Objects.equals(value, that.value); - } - - @Override - public int hashCode() { - return value.hashCode(); - } -} diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/X509CertificateBuilder.java b/certService/src/main/java/org/onap/oom/certservice/certification/X509CertificateBuilder.java deleted file mode 100644 index 67aecb7c..00000000 --- a/certService/src/main/java/org/onap/oom/certservice/certification/X509CertificateBuilder.java +++ /dev/null @@ -1,56 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * Cert Service - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.oom.certservice.certification; - -import java.io.IOException; -import java.math.BigInteger; -import java.security.SecureRandom; -import java.time.LocalDateTime; -import java.time.ZoneOffset; -import java.util.Date; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.cert.X509v3CertificateBuilder; -import org.bouncycastle.pkcs.PKCS10CertificationRequest; -import org.springframework.stereotype.Component; - -@Component -public class X509CertificateBuilder { - - private static final int SECURE_NEXT_BYTES = 16; - private static final int VALID_PERIOD_IN_DAYS = 365; - - X509v3CertificateBuilder build(PKCS10CertificationRequest csr) throws IOException { - return new X509v3CertificateBuilder(csr.getSubject(), createSerial(), - Date.from(LocalDateTime.now().toInstant(ZoneOffset.UTC)), - Date.from(LocalDateTime.now().plusDays(VALID_PERIOD_IN_DAYS).toInstant(ZoneOffset.UTC)), - new PKCS10CertificationRequest(csr.getEncoded()).getSubject(), - SubjectPublicKeyInfo.getInstance(ASN1Sequence.getInstance(csr.getSubjectPublicKeyInfo().getEncoded()))); - - } - - private BigInteger createSerial() { - byte[] serial = new byte[SECURE_NEXT_BYTES]; - new SecureRandom().nextBytes(serial); - return new BigInteger(serial).abs(); - } - -} diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/X509CertificateModelFactory.java b/certService/src/main/java/org/onap/oom/certservice/certification/X509CertificateModelFactory.java deleted file mode 100644 index 17367ce7..00000000 --- a/certService/src/main/java/org/onap/oom/certservice/certification/X509CertificateModelFactory.java +++ /dev/null @@ -1,77 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * Cert Service - * ================================================================================ - * Copyright (C) 2021 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.oom.certservice.certification; - -import java.security.cert.CertificateParsingException; -import java.security.cert.X509Certificate; -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.asn1.x509.GeneralName; -import org.onap.oom.certservice.certification.exception.CertificateDecryptionException; -import org.onap.oom.certservice.certification.exception.StringToCertificateConversionException; -import org.onap.oom.certservice.certification.model.X509CertificateModel; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Service; - -@Service -public class X509CertificateModelFactory { - - private static final String BEGIN_CERTIFICATE = "-----BEGIN CERTIFICATE-----\n"; - private static final String END_CERTIFICATE = "-----END CERTIFICATE-----\n"; - - private final PemStringToCertificateConverter pemStringToCertificateConverter; - private final X509CertificateParser x509CertificateParser; - - @Autowired - public X509CertificateModelFactory(PemStringToCertificateConverter pemStringToCertificateConverter, - X509CertificateParser x509CertificateParser) { - this.pemStringToCertificateConverter = pemStringToCertificateConverter; - this.x509CertificateParser = x509CertificateParser; - } - - public X509CertificateModel createCertificateModel(StringBase64 base64EncodedCertificate) - throws CertificateDecryptionException { - final String certificateString = base64EncodedCertificate.asString() - .map(this::getFirstCertificateFromCertificateChain) - .orElseThrow(() -> new CertificateDecryptionException("Incorrect certificate, decryption failed")); - try { - final X509Certificate certificate = pemStringToCertificateConverter.convert(certificateString); - final X500Name subjectData = x509CertificateParser.getSubject(certificate); - final GeneralName[] sans = x509CertificateParser.getSans(certificate); - return new X509CertificateModel(certificate, subjectData, sans); - } catch (StringToCertificateConversionException e) { - throw new CertificateDecryptionException("Cannot convert certificate", e); - - } catch (CertificateParsingException e) { - throw new CertificateDecryptionException("Cannot read Subject Alternative Names from certificate"); - } - } - - private String getFirstCertificateFromCertificateChain(String certificateChain) { - if (doesNotContainCertificates(certificateChain)) { - return null; - } - return certificateChain.split(END_CERTIFICATE)[0] + END_CERTIFICATE; - } - - private boolean doesNotContainCertificates(String certificateChain) { - return !(certificateChain.contains(BEGIN_CERTIFICATE) && certificateChain.contains(END_CERTIFICATE)); - } -} diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/conversion/CsrModelFactory.java b/certService/src/main/java/org/onap/oom/certservice/certification/conversion/CsrModelFactory.java new file mode 100644 index 00000000..e4ee4c10 --- /dev/null +++ b/certService/src/main/java/org/onap/oom/certservice/certification/conversion/CsrModelFactory.java @@ -0,0 +1,70 @@ +/* + * ============LICENSE_START======================================================= + * Cert Service + * ================================================================================ + * Copyright (C) 2020-2021 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.certification.conversion; + +import org.bouncycastle.pkcs.PKCS10CertificationRequest; +import org.bouncycastle.util.io.pem.PemObject; +import org.onap.oom.certservice.certification.exception.CsrDecryptionException; +import org.onap.oom.certservice.certification.exception.DecryptionException; +import org.onap.oom.certservice.certification.exception.KeyDecryptionException; +import org.onap.oom.certservice.certification.model.CsrModel; +import org.springframework.stereotype.Service; + + +@Service +public class CsrModelFactory { + + private final PemObjectFactory pemObjectFactory + = new PemObjectFactory(); + private final Pkcs10CertificationRequestFactory certificationRequestFactory + = new Pkcs10CertificationRequestFactory(); + + + public CsrModel createCsrModel(StringBase64 csr, StringBase64 privateKey) + throws DecryptionException { + PKCS10CertificationRequest decodedCsr = decodeCsr(csr); + PemObject decodedPrivateKey = decodePrivateKey(privateKey); + return new CsrModel.CsrModelBuilder(decodedCsr, decodedPrivateKey).build(); + } + + private PemObject decodePrivateKey(StringBase64 privateKey) + throws KeyDecryptionException { + + return privateKey.asString() + .flatMap(pemObjectFactory::createPemObject) + .orElseThrow( + () -> new KeyDecryptionException("Incorrect Key, decryption failed") + ); + } + + private PKCS10CertificationRequest decodeCsr(StringBase64 csr) + throws CsrDecryptionException { + return csr.asString() + .flatMap(pemObjectFactory::createPemObject) + .flatMap(certificationRequestFactory::createPkcs10CertificationRequest) + .orElseThrow( + () -> new CsrDecryptionException("Incorrect CSR, decryption failed") + ); + } + +} + + diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/conversion/OldCertificateModelFactory.java b/certService/src/main/java/org/onap/oom/certservice/certification/conversion/OldCertificateModelFactory.java new file mode 100644 index 00000000..f5c199f6 --- /dev/null +++ b/certService/src/main/java/org/onap/oom/certservice/certification/conversion/OldCertificateModelFactory.java @@ -0,0 +1,107 @@ +/* + * ============LICENSE_START======================================================= + * Cert Service + * ================================================================================ + * Copyright (C) 2021 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.certification.conversion; + +import java.security.KeyFactory; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.cert.CertificateEncodingException; +import java.security.cert.CertificateParsingException; +import java.security.cert.X509Certificate; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.PKCS8EncodedKeySpec; +import org.bouncycastle.asn1.x500.X500Name; +import org.bouncycastle.asn1.x509.Certificate; +import org.bouncycastle.asn1.x509.GeneralName; +import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder; +import org.bouncycastle.util.io.pem.PemObject; +import org.onap.oom.certservice.certification.X509CertificateParser; +import org.onap.oom.certservice.certification.exception.CertificateDecryptionException; +import org.onap.oom.certservice.certification.exception.KeyDecryptionException; +import org.onap.oom.certservice.certification.exception.StringToCertificateConversionException; +import org.onap.oom.certservice.certification.model.OldCertificateModel; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +@Service +public class OldCertificateModelFactory { + + private static final String BEGIN_CERTIFICATE = "-----BEGIN CERTIFICATE-----\n"; + private static final String END_CERTIFICATE = "-----END CERTIFICATE-----\n"; + private static final PemObjectFactory PEM_OBJECT_FACTORY = new PemObjectFactory(); + + private final PemStringToCertificateConverter pemStringToCertificateConverter; + private final X509CertificateParser x509CertificateParser; + + @Autowired + public OldCertificateModelFactory(PemStringToCertificateConverter pemStringToCertificateConverter, + X509CertificateParser x509CertificateParser) { + this.pemStringToCertificateConverter = pemStringToCertificateConverter; + this.x509CertificateParser = x509CertificateParser; + } + + public OldCertificateModel createCertificateModel(StringBase64 base64EncodedCertificate, String encodedOldPrivateKey) + throws CertificateDecryptionException { + final String certificateString = base64EncodedCertificate.asString() + .map(this::getFirstCertificateFromCertificateChain) + .orElseThrow(() -> new CertificateDecryptionException("Incorrect certificate, decryption failed")); + try { + final X509Certificate x509Certificate = pemStringToCertificateConverter.convert(certificateString); + final X500Name subjectData = x509CertificateParser.getSubject(x509Certificate); + final GeneralName[] sans = x509CertificateParser.getSans(x509Certificate); + final Certificate certificate = new JcaX509CertificateHolder(x509Certificate).toASN1Structure(); + final PrivateKey oldPrivateKey = getOldPrivateKeyObject(encodedOldPrivateKey); + return new OldCertificateModel(certificate, subjectData, sans, oldPrivateKey); + } catch (StringToCertificateConversionException e) { + throw new CertificateDecryptionException("Cannot convert certificate", e); + + } catch (CertificateParsingException e) { + throw new CertificateDecryptionException("Cannot read Subject Alternative Names from certificate"); + } catch (NoSuchAlgorithmException | KeyDecryptionException | CertificateEncodingException | InvalidKeySpecException e) { + throw new CertificateDecryptionException("Cannot convert certificate or key", e); + } + } + + private String getFirstCertificateFromCertificateChain(String certificateChain) { + if (doesNotContainCertificates(certificateChain)) { + return null; + } + return certificateChain.split(END_CERTIFICATE)[0] + END_CERTIFICATE; + } + + private boolean doesNotContainCertificates(String certificateChain) { + return !(certificateChain.contains(BEGIN_CERTIFICATE) && certificateChain.contains(END_CERTIFICATE)); + } + + private PrivateKey getOldPrivateKeyObject(String encodedOldPrivateKey) + throws KeyDecryptionException, InvalidKeySpecException, NoSuchAlgorithmException { + + StringBase64 stringBase64 = new StringBase64(encodedOldPrivateKey); + PemObject pemObject = stringBase64.asString() + .flatMap(PEM_OBJECT_FACTORY::createPemObject) + .orElseThrow( + () -> new KeyDecryptionException("Incorrect Key, decryption failed") + ); + PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(pemObject.getContent()); + KeyFactory keyFactory = KeyFactory.getInstance("RSA"); + return keyFactory.generatePrivate(keySpec); + } +} diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/conversion/PemObjectFactory.java b/certService/src/main/java/org/onap/oom/certservice/certification/conversion/PemObjectFactory.java new file mode 100644 index 00000000..0bded4d3 --- /dev/null +++ b/certService/src/main/java/org/onap/oom/certservice/certification/conversion/PemObjectFactory.java @@ -0,0 +1,49 @@ +/* + * ============LICENSE_START======================================================= + * PROJECT + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.certification.conversion; + +import java.io.IOException; +import java.io.StringReader; +import java.util.Optional; + +import org.bouncycastle.util.encoders.DecoderException; +import org.bouncycastle.util.io.pem.PemObject; +import org.bouncycastle.util.io.pem.PemReader; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + + +public class PemObjectFactory { + + private static final Logger LOGGER = LoggerFactory.getLogger(PemObjectFactory.class); + + public Optional createPemObject(String pem) { + + try (StringReader stringReader = new StringReader(pem); + PemReader pemReader = new PemReader(stringReader)) { + return Optional.ofNullable(pemReader.readPemObject()); + } catch (DecoderException | IOException e) { + LOGGER.error("Exception occurred during creation of PEM:", e); + return Optional.empty(); + } + } + +} diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/conversion/PemStringToCertificateConverter.java b/certService/src/main/java/org/onap/oom/certservice/certification/conversion/PemStringToCertificateConverter.java new file mode 100644 index 00000000..99499939 --- /dev/null +++ b/certService/src/main/java/org/onap/oom/certservice/certification/conversion/PemStringToCertificateConverter.java @@ -0,0 +1,50 @@ +/* + * ============LICENSE_START======================================================= + * Cert Service + * ================================================================================ + * Copyright (C) 2021 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.certification.conversion; + +import java.io.IOException; +import java.io.StringReader; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; +import java.util.Optional; +import org.bouncycastle.cert.X509CertificateHolder; +import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.bouncycastle.openssl.PEMParser; +import org.onap.oom.certservice.certification.exception.StringToCertificateConversionException; +import org.springframework.stereotype.Service; + +@Service +public class PemStringToCertificateConverter { + + public X509Certificate convert(String certificatePemString) throws StringToCertificateConversionException { + try (PEMParser pemParser = new PEMParser(new StringReader(certificatePemString))) { + X509CertificateHolder certHolder = Optional.ofNullable((X509CertificateHolder) pemParser.readObject()) + .orElseThrow( + () -> new StringToCertificateConversionException("The certificate could not be converted correctly.")); + return new JcaX509CertificateConverter() + .setProvider(new BouncyCastleProvider()) + .getCertificate(certHolder); + } catch (IOException | CertificateException e) { + throw new StringToCertificateConversionException("Exception occurred during certificate conversion.", e); + } + } +} diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/conversion/Pkcs10CertificationRequestFactory.java b/certService/src/main/java/org/onap/oom/certservice/certification/conversion/Pkcs10CertificationRequestFactory.java new file mode 100644 index 00000000..2b9399d0 --- /dev/null +++ b/certService/src/main/java/org/onap/oom/certservice/certification/conversion/Pkcs10CertificationRequestFactory.java @@ -0,0 +1,45 @@ +/* + * ============LICENSE_START======================================================= + * PROJECT + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.certification.conversion; + +import org.bouncycastle.pkcs.PKCS10CertificationRequest; +import org.bouncycastle.util.encoders.DecoderException; +import org.bouncycastle.util.io.pem.PemObject; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import java.io.IOException; +import java.util.Optional; + +public class Pkcs10CertificationRequestFactory { + + private static final Logger LOGGER = LoggerFactory.getLogger(Pkcs10CertificationRequestFactory.class); + + public Optional createPkcs10CertificationRequest(PemObject pemObject) { + try { + LOGGER.debug("Creating certification request from pem object"); + return Optional.of(new PKCS10CertificationRequest(pemObject.getContent())); + } catch (DecoderException | IOException e) { + LOGGER.error("Exception occurred during creation of certification request:", e); + return Optional.empty(); + } + } +} diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/conversion/RsaContentSignerBuilder.java b/certService/src/main/java/org/onap/oom/certservice/certification/conversion/RsaContentSignerBuilder.java new file mode 100644 index 00000000..d869cef9 --- /dev/null +++ b/certService/src/main/java/org/onap/oom/certservice/certification/conversion/RsaContentSignerBuilder.java @@ -0,0 +1,46 @@ +/* + * ============LICENSE_START======================================================= + * Cert Service + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.certification.conversion; + +import java.io.IOException; +import java.security.PrivateKey; +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.crypto.util.PrivateKeyFactory; +import org.bouncycastle.operator.ContentSigner; +import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder; +import org.bouncycastle.operator.OperatorCreationException; +import org.bouncycastle.operator.bc.BcRSAContentSignerBuilder; +import org.bouncycastle.pkcs.PKCS10CertificationRequest; +import org.springframework.stereotype.Component; + +@Component +public class RsaContentSignerBuilder { + + ContentSigner build(PKCS10CertificationRequest csr, PrivateKey privateKey) + throws IOException, OperatorCreationException { + AlgorithmIdentifier sigAlgId = csr.getSignatureAlgorithm(); + AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId); + + return new BcRSAContentSignerBuilder(sigAlgId, digAlgId) + .build(PrivateKeyFactory.createKey(privateKey.getEncoded())); + } + +} diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/conversion/StringBase64.java b/certService/src/main/java/org/onap/oom/certservice/certification/conversion/StringBase64.java new file mode 100644 index 00000000..4b4813ba --- /dev/null +++ b/certService/src/main/java/org/onap/oom/certservice/certification/conversion/StringBase64.java @@ -0,0 +1,65 @@ +/* + * ============LICENSE_START======================================================= + * Cert Service + * ================================================================================ + * Copyright (C) 2020-2021 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.certification.conversion; + +import java.util.Base64; +import java.util.Objects; +import java.util.Optional; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class StringBase64 { + + private final String value; + private final Base64.Decoder decoder = Base64.getDecoder(); + private static final Logger LOGGER = LoggerFactory.getLogger(StringBase64.class); + + public StringBase64(String value) { + this.value = value; + } + + public Optional asString() { + try { + String decodedString = new String(decoder.decode(value)); + return Optional.of(decodedString); + } catch (RuntimeException e) { + LOGGER.error("Exception occurred during decoding:", e); + return Optional.empty(); + } + } + + @Override + public boolean equals(Object otherObject) { + if (this == otherObject) { + return true; + } + if (otherObject == null || getClass() != otherObject.getClass()) { + return false; + } + StringBase64 that = (StringBase64) otherObject; + return Objects.equals(value, that.value); + } + + @Override + public int hashCode() { + return value.hashCode(); + } +} diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/conversion/X509CertificateBuilder.java b/certService/src/main/java/org/onap/oom/certservice/certification/conversion/X509CertificateBuilder.java new file mode 100644 index 00000000..88e77766 --- /dev/null +++ b/certService/src/main/java/org/onap/oom/certservice/certification/conversion/X509CertificateBuilder.java @@ -0,0 +1,56 @@ +/* + * ============LICENSE_START======================================================= + * Cert Service + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.certification.conversion; + +import java.io.IOException; +import java.math.BigInteger; +import java.security.SecureRandom; +import java.time.LocalDateTime; +import java.time.ZoneOffset; +import java.util.Date; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; +import org.bouncycastle.cert.X509v3CertificateBuilder; +import org.bouncycastle.pkcs.PKCS10CertificationRequest; +import org.springframework.stereotype.Component; + +@Component +public class X509CertificateBuilder { + + private static final int SECURE_NEXT_BYTES = 16; + private static final int VALID_PERIOD_IN_DAYS = 365; + + public X509v3CertificateBuilder build(PKCS10CertificationRequest csr) throws IOException { + return new X509v3CertificateBuilder(csr.getSubject(), createSerial(), + Date.from(LocalDateTime.now().toInstant(ZoneOffset.UTC)), + Date.from(LocalDateTime.now().plusDays(VALID_PERIOD_IN_DAYS).toInstant(ZoneOffset.UTC)), + new PKCS10CertificationRequest(csr.getEncoded()).getSubject(), + SubjectPublicKeyInfo.getInstance(ASN1Sequence.getInstance(csr.getSubjectPublicKeyInfo().getEncoded()))); + + } + + private BigInteger createSerial() { + byte[] serial = new byte[SECURE_NEXT_BYTES]; + new SecureRandom().nextBytes(serial); + return new BigInteger(serial).abs(); + } + +} diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/model/CertificateUpdateModel.java b/certService/src/main/java/org/onap/oom/certservice/certification/model/CertificateUpdateModel.java index 9423af52..699ffe71 100644 --- a/certService/src/main/java/org/onap/oom/certservice/certification/model/CertificateUpdateModel.java +++ b/certService/src/main/java/org/onap/oom/certservice/certification/model/CertificateUpdateModel.java @@ -20,16 +20,7 @@ package org.onap.oom.certservice.certification.model; -import java.security.KeyFactory; -import java.security.NoSuchAlgorithmException; -import java.security.PrivateKey; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.PKCS8EncodedKeySpec; import java.util.Objects; -import org.bouncycastle.util.io.pem.PemObject; -import org.onap.oom.certservice.certification.PemObjectFactory; -import org.onap.oom.certservice.certification.StringBase64; -import org.onap.oom.certservice.certification.exception.KeyDecryptionException; public final class CertificateUpdateModel { @@ -38,7 +29,6 @@ public final class CertificateUpdateModel { private final String encodedOldCert; private final String encodedOldPrivateKey; private final String caName; - private static final PemObjectFactory PEM_OBJECT_FACTORY = new PemObjectFactory(); private CertificateUpdateModel(String encodedCsr, String encodedPrivateKey, String encodedOldCert, String encodedOldPrivateKey, String caName) { @@ -69,20 +59,6 @@ public final class CertificateUpdateModel { return caName; } - public PrivateKey getOldPrivateKeyObject() - throws KeyDecryptionException, InvalidKeySpecException, NoSuchAlgorithmException { - - StringBase64 stringBase64 = new StringBase64(encodedOldPrivateKey); - PemObject pemObject = stringBase64.asString() - .flatMap(PEM_OBJECT_FACTORY::createPemObject) - .orElseThrow( - () -> new KeyDecryptionException("Incorrect Key, decryption failed") - ); - PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(pemObject.getContent()); - KeyFactory keyFactory = KeyFactory.getInstance("RSA"); - return keyFactory.generatePrivate(keySpec); - } - @Override public boolean equals(Object o) { if (this == o) return true; diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/model/CertificationModel.java b/certService/src/main/java/org/onap/oom/certservice/certification/model/CertificationModel.java deleted file mode 100644 index 08a09a75..00000000 --- a/certService/src/main/java/org/onap/oom/certservice/certification/model/CertificationModel.java +++ /dev/null @@ -1,44 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * PROJECT - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.oom.certservice.certification.model; - -import java.util.Collections; -import java.util.List; - -public class CertificationModel { - - private final List certificateChain; - private final List trustedCertificates; - - public CertificationModel(List certificateChain, List trustedCertificates) { - this.certificateChain = certificateChain; - this.trustedCertificates = trustedCertificates; - } - - public List getCertificateChain() { - return Collections.unmodifiableList(certificateChain); - } - - public List getTrustedCertificates() { - return Collections.unmodifiableList(trustedCertificates); - } - -} diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/model/CertificationResponseModel.java b/certService/src/main/java/org/onap/oom/certservice/certification/model/CertificationResponseModel.java new file mode 100644 index 00000000..27b9c917 --- /dev/null +++ b/certService/src/main/java/org/onap/oom/certservice/certification/model/CertificationResponseModel.java @@ -0,0 +1,44 @@ +/* + * ============LICENSE_START======================================================= + * PROJECT + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.certification.model; + +import java.util.Collections; +import java.util.List; + +public class CertificationResponseModel { + + private final List certificateChain; + private final List trustedCertificates; + + public CertificationResponseModel(List certificateChain, List trustedCertificates) { + this.certificateChain = certificateChain; + this.trustedCertificates = trustedCertificates; + } + + public List getCertificateChain() { + return Collections.unmodifiableList(certificateChain); + } + + public List getTrustedCertificates() { + return Collections.unmodifiableList(trustedCertificates); + } + +} diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/model/OldCertificateModel.java b/certService/src/main/java/org/onap/oom/certservice/certification/model/OldCertificateModel.java new file mode 100644 index 00000000..bd2d33a5 --- /dev/null +++ b/certService/src/main/java/org/onap/oom/certservice/certification/model/OldCertificateModel.java @@ -0,0 +1,63 @@ +/* + * ============LICENSE_START======================================================= + * Cert Service + * ================================================================================ + * Copyright (C) 2021 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.certification.model; + +import java.security.PrivateKey; +import org.bouncycastle.asn1.x500.X500Name; +import org.bouncycastle.asn1.x509.Certificate; +import org.bouncycastle.asn1.x509.GeneralName; + +public class OldCertificateModel { + + private final CertificateData certificateData; + + private final Certificate certificate; + + private final PrivateKey oldPrivateKey; + + + public OldCertificateModel(Certificate certificate, X500Name subjectData, + GeneralName[] sans, PrivateKey oldPrivateKey) { + this.certificateData = new CertificateData(subjectData, sans); + this.certificate = certificate; + this.oldPrivateKey = oldPrivateKey; + } + + public Certificate getOldCertificate() { + return certificate; + } + + public X500Name getSubjectData() { + return certificateData.getSubject(); + } + + public GeneralName[] getSans() { + return certificateData.getSortedSans(); + } + + public CertificateData getCertificateData() { + return certificateData; + } + + public PrivateKey getOldPrivateKey() { + return oldPrivateKey; + } +} diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/model/X509CertificateModel.java b/certService/src/main/java/org/onap/oom/certservice/certification/model/X509CertificateModel.java deleted file mode 100644 index f45fb7d3..00000000 --- a/certService/src/main/java/org/onap/oom/certservice/certification/model/X509CertificateModel.java +++ /dev/null @@ -1,53 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * Cert Service - * ================================================================================ - * Copyright (C) 2021 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.oom.certservice.certification.model; - -import java.security.cert.X509Certificate; -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.asn1.x509.GeneralName; - -public class X509CertificateModel { - - private final X509Certificate certificate; - private final CertificateData certificateData; - - public X509CertificateModel(X509Certificate certificate, X500Name subjectData, - GeneralName[] sans) { - this.certificate = certificate; - this.certificateData = new CertificateData(subjectData, sans); - } - - public X509Certificate getCertificate() { - return certificate; - } - - public X500Name getSubjectData() { - return certificateData.getSubject(); - } - - public GeneralName[] getSans() { - return certificateData.getSortedSans(); - } - - public CertificateData getCertificateData() { - return certificateData; - } -} diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/api/CmpClient.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/api/CmpClient.java index 88c73c04..0d9fdeea 100644 --- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/api/CmpClient.java +++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/api/CmpClient.java @@ -24,8 +24,8 @@ package org.onap.oom.certservice.cmpv2client.api; import java.util.Date; import org.onap.oom.certservice.certification.configuration.model.Cmpv2Server; -import org.onap.oom.certservice.certification.model.CertificateUpdateModel; import org.onap.oom.certservice.certification.model.CsrModel; +import org.onap.oom.certservice.certification.model.OldCertificateModel; import org.onap.oom.certservice.cmpv2client.exceptions.CmpClientException; import org.onap.oom.certservice.cmpv2client.model.Cmpv2CertificationModel; @@ -51,7 +51,7 @@ public interface CmpClient { * @return model for certification containing certificate chain and trusted certificates * @throws CmpClientException if client error occurs. */ - Cmpv2CertificationModel createCertificate( + Cmpv2CertificationModel executeInitializationRequest( CsrModel csrModel, Cmpv2Server server, Date notBefore, @@ -69,7 +69,7 @@ public interface CmpClient { * @return model for certification containing certificate chain and trusted certificates * @throws CmpClientException if client error occurs. */ - Cmpv2CertificationModel createCertificate( + Cmpv2CertificationModel executeInitializationRequest( CsrModel csrModel, Cmpv2Server server) throws CmpClientException; @@ -82,12 +82,12 @@ public interface CmpClient { * * @param csrModel Certificate Signing Request Model. Must not be {@code null}. * @param cmpv2Server CMPv2 server. Must not be {@code null}. - * @param certificateUpdateModel Model with key update parameters {@code null}. + * @param oldCertificateModel Model with key update parameters {@code null}. * @return model for certification containing certificate chain and trusted certificates * @throws CmpClientException if client error occurs. */ - Cmpv2CertificationModel updateCertificate(CsrModel csrModel, Cmpv2Server cmpv2Server, - CertificateUpdateModel certificateUpdateModel) throws CmpClientException; + Cmpv2CertificationModel executeKeyUpdateRequest(CsrModel csrModel, Cmpv2Server cmpv2Server, + OldCertificateModel oldCertificateModel) throws CmpClientException; /** * Requests for an additional External Root CA Certificate to be created for the passed keyPair wrapped @@ -100,5 +100,5 @@ public interface CmpClient { * @return model for certification containing certificate chain and trusted certificates * @throws CmpClientException if client error occurs. */ - Cmpv2CertificationModel certificationRequest(CsrModel csrModel, Cmpv2Server cmpv2Server) throws CmpClientException; + Cmpv2CertificationModel executeCertificationRequest(CsrModel csrModel, Cmpv2Server cmpv2Server) throws CmpClientException; } diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java index 549cf6b9..bbca91b6 100644 --- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java +++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java @@ -25,45 +25,31 @@ package org.onap.oom.certservice.cmpv2client.impl; import static org.onap.oom.certservice.cmpv2client.impl.CmpResponseHelper.checkIfCmpResponseContainsError; import static org.onap.oom.certservice.cmpv2client.impl.CmpResponseHelper.getCertFromByteArray; import static org.onap.oom.certservice.cmpv2client.impl.CmpResponseHelper.verifyAndReturnCertChainAndTrustSTore; -import static org.onap.oom.certservice.cmpv2client.impl.CmpResponseValidationHelper.checkImplicitConfirm; -import static org.onap.oom.certservice.cmpv2client.impl.CmpResponseValidationHelper.verifyPasswordBasedProtection; -import static org.onap.oom.certservice.cmpv2client.impl.CmpResponseValidationHelper.verifySignature; -import java.io.ByteArrayInputStream; import java.io.IOException; -import java.io.InputStreamReader; import java.security.KeyPair; -import java.security.NoSuchAlgorithmException; -import java.security.PrivateKey; -import java.security.PublicKey; +import java.security.Security; import java.security.cert.CertificateParsingException; import java.security.cert.X509Certificate; -import java.security.spec.InvalidKeySpecException; import java.util.Collections; import java.util.Date; import java.util.Objects; import java.util.Optional; -import org.apache.commons.codec.binary.Base64; import org.apache.http.impl.client.CloseableHttpClient; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.cmp.CMPCertificate; import org.bouncycastle.asn1.cmp.CertRepMessage; import org.bouncycastle.asn1.cmp.CertResponse; import org.bouncycastle.asn1.cmp.PKIBody; -import org.bouncycastle.asn1.cmp.PKIHeader; import org.bouncycastle.asn1.cmp.PKIMessage; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.Certificate; -import org.bouncycastle.util.io.pem.PemReader; -import org.onap.oom.certservice.certification.configuration.model.CaMode; +import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.onap.oom.certservice.certification.configuration.model.Cmpv2Server; -import org.onap.oom.certservice.certification.exception.KeyDecryptionException; -import org.onap.oom.certservice.certification.model.CertificateUpdateModel; import org.onap.oom.certservice.certification.model.CsrModel; +import org.onap.oom.certservice.certification.model.OldCertificateModel; import org.onap.oom.certservice.cmpv2client.api.CmpClient; import org.onap.oom.certservice.cmpv2client.exceptions.CmpClientException; -import org.onap.oom.certservice.cmpv2client.exceptions.CmpServerException; import org.onap.oom.certservice.cmpv2client.model.Cmpv2CertificationModel; +import org.onap.oom.certservice.cmpv2client.validation.CmpCertificationValidator; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -75,55 +61,56 @@ public class CmpClientImpl implements CmpClient { private static final Logger LOG = LoggerFactory.getLogger(CmpClientImpl.class); private final CloseableHttpClient httpClient; - - private static final String DEFAULT_CA_NAME = "Certification Authority"; - private static final String DEFAULT_PROFILE = CaMode.RA.getProfile(); - private static final ASN1ObjectIdentifier PASSWORD_BASED_MAC = new ASN1ObjectIdentifier("1.2.840.113533.7.66.13"); + private final CmpCertificationValidator validator; public CmpClientImpl(CloseableHttpClient httpClient) { this.httpClient = httpClient; + this.validator = new CmpCertificationValidator(); + } + + static { + Security.addProvider(new BouncyCastleProvider()); } @Override - public Cmpv2CertificationModel createCertificate( + public Cmpv2CertificationModel executeInitializationRequest( CsrModel csrModel, Cmpv2Server server, Date notBefore, Date notAfter) throws CmpClientException { - validate(csrModel, server, httpClient, notBefore, notAfter); + validator.validate(csrModel, server, httpClient, notBefore, notAfter); final CreateCertRequest certRequest = getIakRvRequest(csrModel, server, notBefore, notAfter, PKIBody.TYPE_INIT_REQ); return executeCmpRequest(csrModel, server, certRequest); } @Override - public Cmpv2CertificationModel createCertificate(CsrModel csrModel, Cmpv2Server server) + public Cmpv2CertificationModel executeInitializationRequest(CsrModel csrModel, Cmpv2Server server) throws CmpClientException { - return createCertificate(csrModel, server, null, null); + return executeInitializationRequest(csrModel, server, null, null); } @Override - public Cmpv2CertificationModel updateCertificate(CsrModel csrModel, Cmpv2Server cmpv2Server, - CertificateUpdateModel certificateUpdateModel) throws CmpClientException { - validate(csrModel, cmpv2Server, httpClient, null, null); + public Cmpv2CertificationModel executeKeyUpdateRequest(CsrModel csrModel, Cmpv2Server cmpv2Server, + OldCertificateModel oldCertificateModel) throws CmpClientException { + validator.validate(csrModel, cmpv2Server, httpClient, null, null); - final PkiMessageProtection pkiMessageProtection = getSignatureProtection(certificateUpdateModel); + final PkiMessageProtection pkiMessageProtection = getSignatureProtection(oldCertificateModel); final CreateCertRequest certRequest = getCmpMessageBuilderWithCommonRequestValues(csrModel, cmpv2Server) .with(CreateCertRequest::setCmpRequestType, PKIBody.TYPE_KEY_UPDATE_REQ) - .with(CreateCertRequest::setExtraCerts, getCMPCertificateFromPem(certificateUpdateModel.getEncodedOldCert())) + .with(CreateCertRequest::setExtraCerts, getCMPCertificate(oldCertificateModel.getOldCertificate())) .with(CreateCertRequest::setProtection, pkiMessageProtection) .build(); return executeCmpRequest(csrModel, cmpv2Server, certRequest); - } @Override - public Cmpv2CertificationModel certificationRequest(CsrModel csrModel, Cmpv2Server cmpv2Server) throws CmpClientException { + public Cmpv2CertificationModel executeCertificationRequest(CsrModel csrModel, Cmpv2Server cmpv2Server) throws CmpClientException { - validate(csrModel, cmpv2Server, httpClient, null, null); + validator.validate(csrModel, cmpv2Server, httpClient, null, null); final CreateCertRequest certRequest = getIakRvRequest(csrModel, cmpv2Server, null, null, PKIBody.TYPE_CERT_REQ); return executeCmpRequest(csrModel, cmpv2Server, certRequest); } @@ -163,86 +150,48 @@ public class CmpClientImpl implements CmpClient { .with(CreateCertRequest::setSubjectKeyPair, keyPair); } - private SignatureProtection getSignatureProtection(CertificateUpdateModel certificateUpdateModel) - throws CmpClientException { - try { - PrivateKey oldPrivateKey = certificateUpdateModel.getOldPrivateKeyObject(); - return new SignatureProtection(oldPrivateKey); - } catch (NoSuchAlgorithmException | KeyDecryptionException | InvalidKeySpecException e) { - throw new CmpClientException("Cannot parse old private key ", e); - } - + private SignatureProtection getSignatureProtection(OldCertificateModel oldCertificateModel) { + return new SignatureProtection(oldCertificateModel.getOldPrivateKey()); } - private CMPCertificate[] getCMPCertificateFromPem(String encodedCertPem) throws CmpClientException { - try { - Certificate certificate = Certificate.getInstance( - new PemReader( - new InputStreamReader( - new ByteArrayInputStream( - Base64.decodeBase64(encodedCertPem)))) - .readPemObject().getContent()); - CMPCertificate cert = new CMPCertificate(certificate); + private CMPCertificate[] getCMPCertificate(Certificate oldCertificate) { + CMPCertificate cert = new CMPCertificate(oldCertificate); return new CMPCertificate[]{cert}; - } catch (IOException | NullPointerException e ) { - throw new CmpClientException("Cannot parse old certificate", e); - } - } - - private void checkCmpResponse( - final PKIMessage respPkiMessage, final PublicKey publicKey, final String initAuthPassword) - throws CmpClientException { - final PKIHeader header = respPkiMessage.getHeader(); - final AlgorithmIdentifier protectionAlgo = header.getProtectionAlg(); - verifySignatureWithPublicKey(respPkiMessage, publicKey); - if (isPasswordBasedMacAlgorithm(protectionAlgo)) { - LOG.info("CMP response is protected by Password Base Mac Algorithm. Attempt to verify protection"); - verifyPasswordBasedMacProtection(respPkiMessage, initAuthPassword, header, protectionAlgo); - } } - private boolean isPasswordBasedMacAlgorithm(AlgorithmIdentifier protectionAlgo) throws CmpClientException { - if (Objects.isNull(protectionAlgo)) { - LOG.error("CMP response does not contain Protection Algorithm field"); - throw new CmpClientException("CMP response does not contain Protection Algorithm field"); - } - return PASSWORD_BASED_MAC.equals(protectionAlgo.getAlgorithm()); - } - - private void verifySignatureWithPublicKey(PKIMessage respPkiMessage, PublicKey publicKey) + private Cmpv2CertificationModel retrieveCertificates( + CsrModel csrModel, Cmpv2Server server, PKIMessage pkiMessage, Cmpv2HttpClient cmpv2HttpClient) throws CmpClientException { - if (Objects.nonNull(publicKey)) { - LOG.debug("Verifying signature of the response."); - verifySignature(respPkiMessage, publicKey); - } else { - LOG.error("Public Key is not available, therefore cannot verify signature"); - throw new CmpClientException( - "Public Key is not available, therefore cannot verify signature"); + final byte[] respBytes = cmpv2HttpClient.postRequest(pkiMessage, server.getUrl(), server.getCaName()); + try { + final PKIMessage respPkiMessage = PKIMessage.getInstance(respBytes); + LOG.info("Received response from Server"); + checkIfCmpResponseContainsError(respPkiMessage); + validator.checkCmpResponse(respPkiMessage, csrModel.getPublicKey(), server.getAuthentication().getIak()); + return checkCmpCertRepMessage(respPkiMessage); + } catch (IllegalArgumentException iae) { + CmpClientException cmpClientException = + new CmpClientException( + "Error encountered while processing response from CA server ", iae); + LOG.error("Error encountered while processing response from CA server ", iae); + throw cmpClientException; } } - private void verifyPasswordBasedMacProtection(PKIMessage respPkiMessage, String initAuthPassword, - PKIHeader header, AlgorithmIdentifier protectionAlgo) - throws CmpClientException { - LOG.debug("Verifying PasswordBased Protection of the Response."); - verifyPasswordBasedProtection(respPkiMessage, initAuthPassword, protectionAlgo); - checkImplicitConfirm(header); - } - private Cmpv2CertificationModel checkCmpCertRepMessage(final PKIMessage respPkiMessage) - throws CmpClientException { + throws CmpClientException { final PKIBody pkiBody = respPkiMessage.getBody(); if (Objects.nonNull(pkiBody) && pkiBody.getContent() instanceof CertRepMessage) { final CertRepMessage certRepMessage = (CertRepMessage) pkiBody.getContent(); if (Objects.nonNull(certRepMessage)) { try { CertResponse certResponse = getCertificateResponseContainingNewCertificate(certRepMessage); - checkServerResponse(certResponse); + validator.checkServerResponse(certResponse); return verifyReturnCertChainAndTrustStore(respPkiMessage, certRepMessage, certResponse); } catch (IOException | CertificateParsingException ex) { CmpClientException cmpClientException = - new CmpClientException( - "Exception occurred while retrieving Certificates from response", ex); + new CmpClientException( + "Exception occurred while retrieving Certificates from response", ex); LOG.error("Exception occurred while retrieving Certificates from response", ex); throw cmpClientException; } @@ -253,98 +202,23 @@ public class CmpClientImpl implements CmpClient { return new Cmpv2CertificationModel(Collections.emptyList(), Collections.emptyList()); } - private void checkServerResponse(CertResponse certResponse) { - if (certResponse.getStatus() != null && certResponse.getStatus().getStatus() != null) { - logServerResponse(certResponse); - if (certResponse.getStatus().getStatus().intValue() == PkiStatus.REJECTED.getCode()) { - String serverMessage = certResponse.getStatus().getStatusString().getStringAt(0).getString(); - throw new CmpServerException(Optional.ofNullable(serverMessage).orElse("N/A")); - } - } - } - - private void logServerResponse(CertResponse certResponse) { - if (LOG.isInfoEnabled()) { - LOG.info("Response status code: {}", certResponse.getStatus().getStatus()); - } - if (certResponse.getStatus().getStatusString() != null) { - String serverMessage = certResponse.getStatus().getStatusString().getStringAt(0).getString(); - LOG.warn("Response status text: {}", serverMessage); - } - if (LOG.isWarnEnabled() && certResponse.getStatus().getFailInfo() != null) { - LOG.warn("Response fail info: {}", certResponse.getStatus().getFailInfo()); - } - } - private Cmpv2CertificationModel verifyReturnCertChainAndTrustStore( - PKIMessage respPkiMessage, CertRepMessage certRepMessage, CertResponse certResponse) - throws CertificateParsingException, CmpClientException, IOException { + PKIMessage respPkiMessage, CertRepMessage certRepMessage, CertResponse certResponse) + throws CertificateParsingException, CmpClientException, IOException { LOG.info("Verifying certificates returned as part of CertResponse."); final CMPCertificate cmpCertificate = - certResponse.getCertifiedKeyPair().getCertOrEncCert().getCertificate(); + certResponse.getCertifiedKeyPair().getCertOrEncCert().getCertificate(); final Optional leafCertificate = - getCertFromByteArray(cmpCertificate.getEncoded(), X509Certificate.class); + getCertFromByteArray(cmpCertificate.getEncoded(), X509Certificate.class); if (leafCertificate.isPresent()) { return verifyAndReturnCertChainAndTrustSTore( - respPkiMessage, certRepMessage, leafCertificate.get()); + respPkiMessage, certRepMessage, leafCertificate.get()); } return new Cmpv2CertificationModel(Collections.emptyList(), Collections.emptyList()); } private CertResponse getCertificateResponseContainingNewCertificate( - CertRepMessage certRepMessage) { + CertRepMessage certRepMessage) { return certRepMessage.getResponse()[0]; } - - /** - * Validate inputs for Certificate Creation. - * - * @param csrModel Certificate Signing Request model. Must not be {@code null}. - * @param server CMPv2 Server. Must not be {@code null}. - * @throws IllegalArgumentException if Before Date is set after the After Date. - */ - private static void validate( - final CsrModel csrModel, - final Cmpv2Server server, - final CloseableHttpClient httpClient, - final Date notBefore, - final Date notAfter) { - - String caName = CmpUtil.isNullOrEmpty(server.getCaName()) ? server.getCaName() : DEFAULT_CA_NAME; - String profile = server.getCaMode() != null ? server.getCaMode().getProfile() : DEFAULT_PROFILE; - LOG.info( - "Validate before creating Certificate Request for CA :{} in Mode {} ", caName, profile); - - CmpUtil.notNull(csrModel, "CsrModel Instance"); - CmpUtil.notNull(csrModel.getSubjectData(), "Subject DN"); - CmpUtil.notNull(csrModel.getPrivateKey(), "Subject private key"); - CmpUtil.notNull(csrModel.getPublicKey(), "Subject public key"); - CmpUtil.notNull(server.getIssuerDN(), "Issuer DN"); - CmpUtil.notNull(server.getUrl(), "External CA URL"); - CmpUtil.notNull(server.getAuthentication().getIak(), "IAK/RV Password"); - CmpUtil.notNull(httpClient, "Closeable Http Client"); - - if (notBefore != null && notAfter != null && notBefore.compareTo(notAfter) > 0) { - throw new IllegalArgumentException("Before Date is set after the After Date"); - } - } - - private Cmpv2CertificationModel retrieveCertificates( - CsrModel csrModel, Cmpv2Server server, PKIMessage pkiMessage, Cmpv2HttpClient cmpv2HttpClient) - throws CmpClientException { - final byte[] respBytes = cmpv2HttpClient.postRequest(pkiMessage, server.getUrl(), server.getCaName()); - try { - final PKIMessage respPkiMessage = PKIMessage.getInstance(respBytes); - LOG.info("Received response from Server"); - checkIfCmpResponseContainsError(respPkiMessage); - checkCmpResponse(respPkiMessage, csrModel.getPublicKey(), server.getAuthentication().getIak()); - return checkCmpCertRepMessage(respPkiMessage); - } catch (IllegalArgumentException iae) { - CmpClientException cmpClientException = - new CmpClientException( - "Error encountered while processing response from CA server ", iae); - LOG.error("Error encountered while processing response from CA server ", iae); - throw cmpClientException; - } - } } diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/validation/CmpCertificationValidator.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/validation/CmpCertificationValidator.java new file mode 100644 index 00000000..40a2a1d9 --- /dev/null +++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/validation/CmpCertificationValidator.java @@ -0,0 +1,142 @@ +/*- + * ============LICENSE_START======================================================= + * Copyright (C) 2020 Nordix Foundation. + * ================================================================================ + * Modification copyright 2021 Nokia + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.cmpv2client.validation; + +import static org.onap.oom.certservice.cmpv2client.impl.CmpResponseValidationHelper.checkImplicitConfirm; +import static org.onap.oom.certservice.cmpv2client.impl.CmpResponseValidationHelper.verifyPasswordBasedProtection; +import static org.onap.oom.certservice.cmpv2client.impl.CmpResponseValidationHelper.verifySignature; + +import java.security.PublicKey; +import java.util.Date; +import java.util.Objects; +import java.util.Optional; +import org.apache.http.impl.client.CloseableHttpClient; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.cmp.CertResponse; +import org.bouncycastle.asn1.cmp.PKIHeader; +import org.bouncycastle.asn1.cmp.PKIMessage; +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.onap.oom.certservice.certification.configuration.model.CaMode; +import org.onap.oom.certservice.certification.configuration.model.Cmpv2Server; +import org.onap.oom.certservice.certification.model.CsrModel; +import org.onap.oom.certservice.cmpv2client.exceptions.CmpClientException; +import org.onap.oom.certservice.cmpv2client.exceptions.CmpServerException; +import org.onap.oom.certservice.cmpv2client.impl.CmpUtil; +import org.onap.oom.certservice.cmpv2client.impl.PkiStatus; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class CmpCertificationValidator { + private static final String DEFAULT_CA_NAME = "Certification Authority"; + private static final String DEFAULT_PROFILE = CaMode.RA.getProfile(); + private static final ASN1ObjectIdentifier PASSWORD_BASED_MAC = new ASN1ObjectIdentifier("1.2.840.113533.7.66.13"); + private static final Logger LOG = LoggerFactory.getLogger(CmpCertificationValidator.class); + + public static void validate( + final CsrModel csrModel, + final Cmpv2Server server, + final CloseableHttpClient httpClient, + final Date notBefore, + final Date notAfter) { + + String caName = CmpUtil.isNullOrEmpty(server.getCaName()) ? server.getCaName() : DEFAULT_CA_NAME; + String profile = server.getCaMode() != null ? server.getCaMode().getProfile() : DEFAULT_PROFILE; + LOG.info( + "Validate before creating Certificate Request for CA :{} in Mode {} ", caName, profile); + + CmpUtil.notNull(csrModel, "CsrModel Instance"); + CmpUtil.notNull(csrModel.getSubjectData(), "Subject DN"); + CmpUtil.notNull(csrModel.getPrivateKey(), "Subject private key"); + CmpUtil.notNull(csrModel.getPublicKey(), "Subject public key"); + CmpUtil.notNull(server.getIssuerDN(), "Issuer DN"); + CmpUtil.notNull(server.getUrl(), "External CA URL"); + CmpUtil.notNull(server.getAuthentication().getIak(), "IAK/RV Password"); + CmpUtil.notNull(httpClient, "Closeable Http Client"); + + if (notBefore != null && notAfter != null && notBefore.compareTo(notAfter) > 0) { + throw new IllegalArgumentException("Before Date is set after the After Date"); + } + } + + public void checkCmpResponse(final PKIMessage respPkiMessage, final PublicKey publicKey, final String initAuthPassword) + throws CmpClientException { + final PKIHeader header = respPkiMessage.getHeader(); + final AlgorithmIdentifier protectionAlgo = header.getProtectionAlg(); + verifySignatureWithPublicKey(respPkiMessage, publicKey); + if (isPasswordBasedMacAlgorithm(protectionAlgo)) { + LOG.info("CMP response is protected by Password Base Mac Algorithm. Attempt to verify protection"); + verifyPasswordBasedMacProtection(respPkiMessage, initAuthPassword, header, protectionAlgo); + } + } + + public void checkServerResponse(CertResponse certResponse) { + if (certResponse.getStatus() != null && certResponse.getStatus().getStatus() != null) { + logServerResponse(certResponse); + if (certResponse.getStatus().getStatus().intValue() == PkiStatus.REJECTED.getCode()) { + String serverMessage = certResponse.getStatus().getStatusString().getStringAt(0).getString(); + throw new CmpServerException(Optional.ofNullable(serverMessage).orElse("N/A")); + } + } + } + + private boolean isPasswordBasedMacAlgorithm(AlgorithmIdentifier protectionAlgo) throws CmpClientException { + if (Objects.isNull(protectionAlgo)) { + LOG.error("CMP response does not contain Protection Algorithm field"); + throw new CmpClientException("CMP response does not contain Protection Algorithm field"); + } + return PASSWORD_BASED_MAC.equals(protectionAlgo.getAlgorithm()); + } + + private void verifySignatureWithPublicKey(PKIMessage respPkiMessage, PublicKey publicKey) + throws CmpClientException { + if (Objects.nonNull(publicKey)) { + LOG.debug("Verifying signature of the response."); + verifySignature(respPkiMessage, publicKey); + } else { + LOG.error("Public Key is not available, therefore cannot verify signature"); + throw new CmpClientException( + "Public Key is not available, therefore cannot verify signature"); + } + } + + private void verifyPasswordBasedMacProtection(PKIMessage respPkiMessage, String initAuthPassword, + PKIHeader header, AlgorithmIdentifier protectionAlgo) + throws CmpClientException { + LOG.debug("Verifying PasswordBased Protection of the Response."); + verifyPasswordBasedProtection(respPkiMessage, initAuthPassword, protectionAlgo); + checkImplicitConfirm(header); + } + + private void logServerResponse(CertResponse certResponse) { + if (LOG.isInfoEnabled()) { + LOG.info("Response status code: {}", certResponse.getStatus().getStatus()); + } + if (certResponse.getStatus().getStatusString() != null) { + String serverMessage = certResponse.getStatus().getStatusString().getStringAt(0).getString(); + LOG.warn("Response status text: {}", serverMessage); + } + if (LOG.isWarnEnabled() && certResponse.getStatus().getFailInfo() != null) { + LOG.warn("Response fail info: {}", certResponse.getStatus().getFailInfo()); + } + } +} diff --git a/certService/src/test/java/org/onap/oom/certservice/api/CertificationControllerTest.java b/certService/src/test/java/org/onap/oom/certservice/api/CertificationControllerTest.java index 4ac0b50d..81c2d39a 100644 --- a/certService/src/test/java/org/onap/oom/certservice/api/CertificationControllerTest.java +++ b/certService/src/test/java/org/onap/oom/certservice/api/CertificationControllerTest.java @@ -34,13 +34,13 @@ import org.mockito.Mock; import org.mockito.junit.jupiter.MockitoExtension; import org.onap.oom.certservice.certification.exception.CertificateDecryptionException; import org.onap.oom.certservice.certification.model.CertificateUpdateModel; -import org.onap.oom.certservice.certification.CertificationModelFactory; +import org.onap.oom.certservice.certification.CertificationResponseModelFactory; import org.onap.oom.certservice.certification.exception.Cmpv2ServerNotFoundException; import org.onap.oom.certservice.certification.exception.CsrDecryptionException; import org.onap.oom.certservice.certification.exception.DecryptionException; import org.onap.oom.certservice.certification.exception.KeyDecryptionException; import org.onap.oom.certservice.certification.model.CertificateUpdateModel.CertificateUpdateModelBuilder; -import org.onap.oom.certservice.certification.model.CertificationModel; +import org.onap.oom.certservice.certification.model.CertificationResponseModel; import org.onap.oom.certservice.cmpv2client.exceptions.CmpClientException; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; @@ -67,32 +67,33 @@ class CertificationControllerTest { private CertificationController certificationController; @Mock - private CertificationModelFactory certificationModelFactory; + private CertificationResponseModelFactory certificationResponseModelFactory; @BeforeEach void serUp() { - certificationController = new CertificationController(certificationModelFactory); + certificationController = new CertificationController(certificationResponseModelFactory); } @Test void shouldReturnDataAboutCsrBaseOnEncodedParameters() throws DecryptionException, CmpClientException { // Given - CertificationModel testCertificationModel = new CertificationModel( + CertificationResponseModel testCertificationResponseModel = new CertificationResponseModel( Arrays.asList("ENTITY_CERT", "INTERMEDIATE_CERT"), Arrays.asList("CA_CERT", "EXTRA_CA_CERT") ); - when(certificationModelFactory.createCertificationModel(TEST_ENCODED_CSR, TEST_ENCODED_PK, TEST_CA_NAME)) - .thenReturn(testCertificationModel); + when(certificationResponseModelFactory + .provideCertificationModelFromInitialRequest(TEST_ENCODED_CSR, TEST_ENCODED_PK, TEST_CA_NAME)) + .thenReturn(testCertificationResponseModel); // When - ResponseEntity responseCertificationModel = + ResponseEntity responseCertificationModel = certificationController.signCertificate(TEST_CA_NAME, TEST_ENCODED_CSR, TEST_ENCODED_PK); // Then assertEquals(HttpStatus.OK, responseCertificationModel.getStatusCode()); assertThat(responseCertificationModel.getBody() - ).isEqualToComparingFieldByField(testCertificationModel); + ).isEqualToComparingFieldByField(testCertificationResponseModel); } @@ -101,7 +102,8 @@ class CertificationControllerTest { throws DecryptionException, CmpClientException { // Given String expectedMessage = "Incorrect CSR, decryption failed"; - when(certificationModelFactory.createCertificationModel(TEST_WRONG_ENCODED_CSR, TEST_ENCODED_PK, TEST_CA_NAME)) + when(certificationResponseModelFactory + .provideCertificationModelFromInitialRequest(TEST_WRONG_ENCODED_CSR, TEST_ENCODED_PK, TEST_CA_NAME)) .thenThrow(new CsrDecryptionException(expectedMessage)); // When @@ -121,7 +123,8 @@ class CertificationControllerTest { throws DecryptionException, CmpClientException { // Given String expectedMessage = "Incorrect PEM, decryption failed"; - when(certificationModelFactory.createCertificationModel(TEST_ENCODED_CSR, TEST_WRONG_ENCODED_PK, TEST_CA_NAME)) + when(certificationResponseModelFactory + .provideCertificationModelFromInitialRequest(TEST_ENCODED_CSR, TEST_WRONG_ENCODED_PK, TEST_CA_NAME)) .thenThrow(new KeyDecryptionException(expectedMessage)); // When @@ -141,7 +144,8 @@ class CertificationControllerTest { throws DecryptionException, CmpClientException { // Given String expectedMessage = "No server found for given CA name"; - when(certificationModelFactory.createCertificationModel(TEST_ENCODED_CSR, TEST_ENCODED_PK, TEST_WRONG_CA_NAME)) + when(certificationResponseModelFactory + .provideCertificationModelFromInitialRequest(TEST_ENCODED_CSR, TEST_ENCODED_PK, TEST_WRONG_CA_NAME)) .thenThrow(new Cmpv2ServerNotFoundException(expectedMessage)); // When @@ -160,20 +164,21 @@ class CertificationControllerTest { void shouldUpdateEndpointReturnDataAboutCsrBaseOnEncodedParameters() throws DecryptionException, CmpClientException, CertificateDecryptionException { // Given - CertificationModel testCertificationModel = new CertificationModel( + CertificationResponseModel testCertificationResponseModel = new CertificationResponseModel( Arrays.asList("ENTITY_CERT", "INTERMEDIATE_CERT"), Arrays.asList("CA_CERT", "EXTRA_CA_CERT") ); - when(certificationModelFactory.createCertificationModel(TEST_CERTIFICATE_UPDATE_MODEL)).thenReturn(testCertificationModel); + when(certificationResponseModelFactory.provideCertificationModelFromUpdateRequest(TEST_CERTIFICATE_UPDATE_MODEL)).thenReturn( + testCertificationResponseModel); // When - ResponseEntity responseCertificationModel = + ResponseEntity responseCertificationModel = certificationController.updateCertificate(TEST_CA_NAME, TEST_ENCODED_CSR, TEST_ENCODED_PK, TEST_ENCODED_OLD_CERT, TEST_ENCODED_OLD_PK); // Then assertEquals(HttpStatus.OK, responseCertificationModel.getStatusCode()); - assertThat(responseCertificationModel.getBody()).isEqualToComparingFieldByField(testCertificationModel); + assertThat(responseCertificationModel.getBody()).isEqualToComparingFieldByField(testCertificationResponseModel); } @Test @@ -181,7 +186,7 @@ class CertificationControllerTest { throws DecryptionException, CertificateDecryptionException, CmpClientException { // Given String expectedMessage = "Incorrect certificate, decryption failed"; - when(certificationModelFactory.createCertificationModel(TEST_CERTIFICATE_UPDATE_MODEL)) + when(certificationResponseModelFactory.provideCertificationModelFromUpdateRequest(TEST_CERTIFICATE_UPDATE_MODEL)) .thenThrow(new CertificateDecryptionException(expectedMessage)); // When diff --git a/certService/src/test/java/org/onap/oom/certservice/certification/CertificationData.java b/certService/src/test/java/org/onap/oom/certservice/certification/CertificationData.java new file mode 100644 index 00000000..11e81807 --- /dev/null +++ b/certService/src/test/java/org/onap/oom/certservice/certification/CertificationData.java @@ -0,0 +1,128 @@ +/* + * ============LICENSE_START======================================================= + * PROJECT + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.certification; + + +final class CertificationData { + + private CertificationData() { + } + + private static final String BEGIN_CERTIFICATE = "-----BEGIN CERTIFICATE-----\n"; + private static final String END_CERTIFICATE = "-----END CERTIFICATE-----"; + + static final String EXTRA_CA_CERT = "" + + BEGIN_CERTIFICATE + + "MIIDvzCCAqcCFF5DejiyfoNfPiiMmBXulniBewBGMA0GCSqGSIb3DQEBCwUAMIGb\n" + + "MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2Fu\n" + + "LUZyYW5jaXNjbzEZMBcGA1UECgwQTGludXgtRm91bmRhdGlvbjENMAsGA1UECwwE\n" + + "T05BUDEVMBMGA1UEAwwMbmV3Lm9uYXAub3JnMR4wHAYJKoZIhvcNAQkBFg90ZXN0\n" + + "ZXJAb25hcC5vcmcwHhcNMjAwMjEyMDk1OTM3WhcNMjEwMjExMDk1OTM3WjCBmzEL\n" + + "MAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbi1G\n" + + "cmFuY2lzY28xGTAXBgNVBAoMEExpbnV4LUZvdW5kYXRpb24xDTALBgNVBAsMBE9O\n" + + "QVAxFTATBgNVBAMMDG5ldy5vbmFwLm9yZzEeMBwGCSqGSIb3DQEJARYPdGVzdGVy\n" + + "QG9uYXAub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtF4FXeDV\n" + + "ng/inC/bTACmZnLC9IiC7PyG/vVbMxxN1bvQLRAwC/Hbl3i9zD68Vs/jPPr/SDr9\n" + + "2rgItdDdUY1V30Y3PT06F11XdEaRb+t++1NX0rDf1AqPaBZgnBmB86s1wbqHdJTr\n" + + "wEImDZ5xMPfP3fiWy/9Yw/U7iRMIi1/oI0lWuHJV0bn908shuJ6dvInpRCoDnoTX\n" + + "YP/FiDSZCFVewQcq4TigB7kRqZrDcPZWbSlqHklDMXRwbCxAiFSziuX6TBwru9Rn\n" + + "HhIeXVSgMU1ZSSopVbJGtQ4zSsU1nvTK5Bhc2UHGcAOZy1xTN5D9EEbTqh7l+Wtx\n" + + "y8ojkEXvFG8lVwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAE+bUphwHit78LK8sb\n" + + "OMjt4DiEu32KeSJOpYgPLeBeAIynaNsa7sQrpuxerGNTmQWIcw6olXI0J+OOwkik\n" + + "II7elrYtd5G1uALxXWdamNsaY0Du34moVL1YjexJ7qQ4oBUxg2tuY8NAQGDK+23I\n" + + "nCA+ZwzdTJo73TYS6sx64d/YLWkX4nHGUoMlF+xUH34csDyhpuTSzQhC2quB5N8z\n" + + "tSFdpe4z2jqx07qo2EBFxi03EQ8Q0ex6l421QM2gbs7cZQ66K0DkpPcF2+iHZnyx\n" + + "xq1lnlsWHklElF2bhyXTn3fPp5wtan00P8IolKx7CAWb92QjkW6M0RvTW/xuwIzh\n" + + "0rTO\n" + + END_CERTIFICATE; + + static final String CA_CERT = "" + + BEGIN_CERTIFICATE + + "MIIDtzCCAp8CFAwqQddh4/iyGfP8UZ3dpXlxfAN8MA0GCSqGSIb3DQEBCwUAMIGX\n" + + "MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2Fu\n" + + "LUZyYW5jaXNjbzEZMBcGA1UECgwQTGludXgtRm91bmRhdGlvbjENMAsGA1UECwwE\n" + + "T05BUDERMA8GA1UEAwwIb25hcC5vcmcxHjAcBgkqhkiG9w0BCQEWD3Rlc3RlckBv\n" + + "bmFwLm9yZzAeFw0yMDAyMTIwOTM0MjdaFw0yMTAyMTEwOTM0MjdaMIGXMQswCQYD\n" + + "VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuLUZyYW5j\n" + + "aXNjbzEZMBcGA1UECgwQTGludXgtRm91bmRhdGlvbjENMAsGA1UECwwET05BUDER\n" + + "MA8GA1UEAwwIb25hcC5vcmcxHjAcBgkqhkiG9w0BCQEWD3Rlc3RlckBvbmFwLm9y\n" + + "ZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCFrnO7/eT6V+7XkPPd\n" + + "eiL/6xXreuegvit/1/jTVjG+3AOVcmTn2WXwXXRcQLvkWQfJVPoltsY8E3FqFRti\n" + + "797XjY6cdQJFVDyzNU0+Fb4vJL9FK5wSvnS6EFjBEn3JvXRlENorDCs/mfjkjJoa\n" + + "Dl74gXQEJYcg4nsTeNIj7cm3Q7VK3mZt1t7LSJJ+czxv69UJDuNJpmQ/2WOKyLZA\n" + + "gTtBJ+Hyol45/OLsrqwq1dAn9ZRWIFPvRt/XQYH9bI/6MtqSreRVUrdYCiTe/XpP\n" + + "B/OM6NEi2+p5QLi3Yi70CEbqP3HqUVbkzF+r7bwIb6M5/HxfqzLmGwLvD+6rYnUn\n" + + "Bm8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAhXoO65DXth2X/zFRNsCNpLwmDy7r\n" + + "PxT9ZAIZAzSxx3/aCYiuTrKP1JnqjkO+F2IbikrI4n6sKO49SKnRf9SWTFhd+5dX\n" + + "vxq5y7MaqxHAY9J7+Qzq33+COVFQnaF7ddel2NbyUVb2b9ZINNsaZkkPXui6DtQ7\n" + + "/Fb/1tmAGWd3hMp75G2thBSzs816JMKKa9WD+4VGATEs6OSll4sv2fOZEn+0mAD3\n" + + "9q9c+WtLGIudOwcHwzPb2njtNntQSCK/tVOqbY+vzhMY3JW+p9oSrLDSdGC+pAKK\n" + + "m/wB+2VPIYcsPMtIhHC4tgoSaiCqjXYptaOh4b8ye8CPBUCpX/AYYkN0Ow==\n" + + END_CERTIFICATE; + + static final String INTERMEDIATE_CERT = "" + + BEGIN_CERTIFICATE + + "MIIDqTCCApGgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZcxCzAJBgNVBAYTAlVT\n" + + "MRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4tRnJhbmNpc2NvMRkw\n" + + "FwYDVQQKDBBMaW51eC1Gb3VuZGF0aW9uMQ0wCwYDVQQLDARPTkFQMREwDwYDVQQD\n" + + "DAhvbmFwLm9yZzEeMBwGCSqGSIb3DQEJARYPdGVzdGVyQG9uYXAub3JnMB4XDTIw\n" + + "MDIxMjA5NDAxMloXDTIyMTEwODA5NDAxMlowgYQxCzAJBgNVBAYTAlVTMRMwEQYD\n" + + "VQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4tRnJhbmNpc2NvMRkwFwYDVQQK\n" + + "DBBMaW51eC1Gb3VuZGF0aW9uMQ0wCwYDVQQLDARPTkFQMR4wHAYDVQQDDBVpbnRl\n" + + "cm1lZGlhdGUub25hcC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB\n" + + "AQC1oOYMZ6G+2DGDAizYnzdCNiogivlht1s4oqgem7fM1XFPxD2p31ATIibOdqr/\n" + + "gv1qemO9Q4r1xn6w1Ufq7T1K7PjnMzdSeTqZefurE2JM/HHx2QvW4TjMlz2ILgaD\n" + + "L1LN60kmMQSOi5VxKJpsrCQxbOsxhvefd212gny5AZMcjJe23kUd9OxUrtvpdLEv\n" + + "wI3vFEvT7oRUnEUg/XNz7qeg33vf1C39yMR+6O4s6oevgsEebVKjb+yOoS6zzGtz\n" + + "72wZjm07C54ZlO+4Uy+QAlMjRiU3mgWkKbkOy+4CvwehjhpTikdBs2DX39ZLGHhn\n" + + "L/0a2NYtGulp9XEqmTvRoI+PAgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n" + + "hvcNAQELBQADggEBADcitdJ6YswiV8jAD9GK0gf3+zqcGegt4kt+79JXlXYbb1sY\n" + + "q3o6prcB7nSUoClgF2xUPCslFGpM0Er9FCSFElQM/ru0l/KVmJS6kSpwEHvsYIH3\n" + + "q5anta+Pyk8JSQWAAw+qrind0uBQMnhR8Tn13tgV+Kjvg/xlH/nZIEdN5YtLB1cA\n" + + "beVsZRyRfVL9DeZU8s/MZ5wC3kgcEp5A4m5lg7HyBxBdqhzFcDr6xiy6OGqW8Yep\n" + + "xrwfc8Fw8a/lOv4U+tBeGNKPQDYaL9hh+oM+qMkNXsHXDqdJsuEGJtU4i3Wcwzoc\n" + + "XGN5NWV//4bP+NFmwgcn7AYCdRvz04A8GU/0Cwg=\n" + + END_CERTIFICATE; + + static final String ENTITY_CERT = "" + + BEGIN_CERTIFICATE + + "MIIDjDCCAnSgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwgYQxCzAJBgNVBAYTAlVT\n" + + "MRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4tRnJhbmNpc2NvMRkw\n" + + "FwYDVQQKDBBMaW51eC1Gb3VuZGF0aW9uMQ0wCwYDVQQLDARPTkFQMR4wHAYDVQQD\n" + + "DBVpbnRlcm1lZGlhdGUub25hcC5vcmcwHhcNMjAwMjEyMDk1MTI2WhcNMjIxMTA4\n" + + "MDk1MTI2WjB7MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG\n" + + "A1UEBwwNU2FuLUZyYW5jaXNjbzEZMBcGA1UECgwQTGludXgtRm91bmRhdGlvbjEN\n" + + "MAsGA1UECwwET05BUDEVMBMGA1UEAwwMdmlkLm9uYXAub3JnMIIBIjANBgkqhkiG\n" + + "9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw+GIRzJzUOh0gtc+wzFJEdTnn+q5F10L0Yhr\n" + + "G1xKdjPieHIFGsoiXwcuCU8arNSqlz7ocx62KQRkcA8y6edlOAsYtdOEJvqEI9vc\n" + + "eyTB/HYsbzw3URPGch4AmibrQkKU9QvGwouHtHn4R2Ft2Y0tfEqv9hxj9v4njq4A\n" + + "EiDLAFLl5FmVyCZu/MtKngSgu1smcaFKTYySPMxytgJZexoa/ALZyyE0gRhsvwHm\n" + + "NLGCPt1bmE/PEGZybsCqliyTO0S56ncD55The7+D/UDS4kE1Wg0svlWon/YsE6QW\n" + + "B3oeJDX7Kr8ebDTIAErevIAD7Sm4ee5se2zxYrsYlj0MzHZtvwIDAQABoxAwDjAM\n" + + "BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCvQ1pTvjON6vSlcJRKSY4r\n" + + "8q7L4/9ZaVXWJAjzEYJtPIqsgGiPWz0vGfgklowU6tZxp9zRZFXfMil+mPQSe+yo\n" + + "ULrZSQ/z48YHPueE/BNO/nT4aaVBEhPLR5aVwC7uQVX8H+m1V1UGT8lk9vdI9rej\n" + + "CI9l524sLCpdE4dFXiWK2XHEZ0Vfylk221u3IYEogVVA+UMX7BFPSsOnI2vtYK/i\n" + + "lwZtlri8LtTusNe4oiTkYyq+RSyDhtAswg8ANgvfHolhCHoLFj6w1IkG88UCmbwN\n" + + "d7BoGMy06y5MJxyXEZG0vR7eNeLey0TIh+rAszAFPsIQvrOHW+HuA+WLQAj1mhnm\n" + + END_CERTIFICATE; + +} diff --git a/certService/src/test/java/org/onap/oom/certservice/certification/CertificationModelFactoryTest.java b/certService/src/test/java/org/onap/oom/certservice/certification/CertificationModelFactoryTest.java deleted file mode 100644 index c7454f46..00000000 --- a/certService/src/test/java/org/onap/oom/certservice/certification/CertificationModelFactoryTest.java +++ /dev/null @@ -1,340 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * Cert Service - * ================================================================================ - * Copyright (C) 2020-2021 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.oom.certservice.certification; - -import static org.assertj.core.api.Assertions.assertThat; -import static org.junit.jupiter.api.Assertions.assertEquals; -import static org.junit.jupiter.api.Assertions.assertThrows; -import static org.junit.jupiter.api.Assertions.assertTrue; -import static org.mockito.ArgumentMatchers.any; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.times; -import static org.mockito.Mockito.verify; -import static org.mockito.Mockito.when; -import static org.onap.oom.certservice.certification.CertificationData.CA_CERT; -import static org.onap.oom.certservice.certification.CertificationData.ENTITY_CERT; -import static org.onap.oom.certservice.certification.CertificationData.EXTRA_CA_CERT; -import static org.onap.oom.certservice.certification.CertificationData.INTERMEDIATE_CERT; -import static org.onap.oom.certservice.certification.TestData.TEST_CSR; -import static org.onap.oom.certservice.certification.TestData.TEST_PK; -import static org.onap.oom.certservice.certification.TestData.TEST_WRONG_CSR; -import static org.onap.oom.certservice.certification.TestData.TEST_WRONG_PEM; - -import java.util.Arrays; -import java.util.Base64; -import java.util.List; -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; -import org.junit.jupiter.api.extension.ExtendWith; -import org.mockito.Mock; -import org.mockito.junit.jupiter.MockitoExtension; -import org.onap.oom.certservice.certification.configuration.Cmpv2ServerProvider; -import org.onap.oom.certservice.certification.configuration.model.Cmpv2Server; -import org.onap.oom.certservice.certification.exception.CertificateDecryptionException; -import org.onap.oom.certservice.certification.exception.Cmpv2ServerNotFoundException; -import org.onap.oom.certservice.certification.exception.CsrDecryptionException; -import org.onap.oom.certservice.certification.exception.DecryptionException; -import org.onap.oom.certservice.certification.model.CertificateUpdateModel; -import org.onap.oom.certservice.certification.model.CertificateUpdateModel.CertificateUpdateModelBuilder; -import org.onap.oom.certservice.certification.model.CertificationModel; -import org.onap.oom.certservice.certification.model.CsrModel; -import org.onap.oom.certservice.certification.model.X509CertificateModel; -import org.onap.oom.certservice.cmpv2client.exceptions.CmpClientException; - -@ExtendWith(MockitoExtension.class) -class CertificationModelFactoryTest { - - private static final String TEST_CA_NAME = "TestCA"; - private static final String ENCODED_CSR = getEncodedString(TEST_CSR); - private static final String ENCODED_PK = getEncodedString(TEST_PK); - private static final String ENCODED_WRONG_CSR = getEncodedString(TEST_WRONG_CSR); - private static final String ENCODED_WRONG_PK = getEncodedString(TEST_WRONG_PEM); - - private static final String TEST_ENCODED_CSR = "encodedCSR"; - private static final String TEST_ENCODED_PK = "encodedPK"; - private static final String TEST_ENCODED_OLD_PK = "encodedOldPK"; - private static final String TEST_ENCODED_OLD_CERT = "encodedOldCert"; - private static final CertificateUpdateModel TEST_CERTIFICATE_UPDATE_MODEL = new CertificateUpdateModelBuilder() - .setEncodedCsr(TEST_ENCODED_CSR) - .setEncodedPrivateKey(TEST_ENCODED_PK) - .setEncodedOldCert(TEST_ENCODED_OLD_CERT) - .setEncodedOldPrivateKey(TEST_ENCODED_OLD_PK) - .setCaName(TEST_CA_NAME) - .build(); - - private CertificationModelFactory certificationModelFactory; - - @Mock - private Cmpv2ServerProvider cmpv2ServerProvider; - @Mock - private CsrModelFactory csrModelFactory; - @Mock - private CertificationProvider certificationProvider; - @Mock - private X509CertificateModelFactory x509CertificateModelFactory; - @Mock - private UpdateRequestTypeDetector updateRequestTypeDetector; - - private static String getEncodedString(String testCsr) { - return Base64.getEncoder().encodeToString(testCsr.getBytes()); - } - - @BeforeEach - void setUp() { - certificationModelFactory = - new CertificationModelFactory(csrModelFactory, cmpv2ServerProvider, certificationProvider, - x509CertificateModelFactory, updateRequestTypeDetector); - } - - @Test - void shouldCreateProperCertificationModelWhenGivenProperCsrModelAndCaName() - throws CmpClientException, DecryptionException { - - // Given - CsrModel csrModel = mockCsrFactoryModelCreation(); - Cmpv2Server testServer = mockCmpv2ProviderServerSelection(); - mockCertificateProviderCertificateSigning(csrModel, testServer); - - // When - CertificationModel certificationModel = - certificationModelFactory.createCertificationModel(ENCODED_CSR, ENCODED_PK, TEST_CA_NAME); - - // Then - assertEquals(2, certificationModel.getCertificateChain().size()); - assertThat(certificationModel.getCertificateChain()).contains(INTERMEDIATE_CERT, ENTITY_CERT); - assertEquals(2, certificationModel.getTrustedCertificates().size()); - assertThat(certificationModel.getTrustedCertificates()).contains(CA_CERT, EXTRA_CA_CERT); - } - - @Test - void shouldThrowDecryptionExceptionWhenGivenWrongEncodedCsr() - throws DecryptionException { - // Given - String expectedMessage = "Incorrect CSR, decryption failed"; - when( - csrModelFactory.createCsrModel( - new StringBase64(ENCODED_WRONG_CSR), - new StringBase64(ENCODED_WRONG_PK) - ) - ).thenThrow( - new CsrDecryptionException(expectedMessage) - ); - - // When - Exception exception = assertThrows( - DecryptionException.class, () -> - certificationModelFactory.createCertificationModel(ENCODED_WRONG_CSR, ENCODED_WRONG_PK, TEST_CA_NAME) - ); - - // Then - assertTrue(exception.getMessage().contains(expectedMessage)); - } - - @Test - void shouldThrowCmpv2ServerNotFoundExceptionWhenGivenWrongCaName() - throws DecryptionException { - // Given - String expectedMessage = "CA not found"; - mockCsrFactoryModelCreation(); - when( - cmpv2ServerProvider.getCmpv2Server(TEST_CA_NAME) - ).thenThrow( - new Cmpv2ServerNotFoundException(expectedMessage) - ); - - // When - Exception exception = assertThrows( - Cmpv2ServerNotFoundException.class, () -> - certificationModelFactory.createCertificationModel(ENCODED_CSR, ENCODED_PK, TEST_CA_NAME) - ); - - // Then - assertTrue(exception.getMessage().contains(expectedMessage)); - } - - @Test - void shouldThrowCmpClientExceptionWhenSigningCsrFailed() - throws DecryptionException, CmpClientException { - // Given - String expectedMessage = "failed to sign certificate"; - CsrModel csrModel = mockCsrFactoryModelCreation(); - Cmpv2Server testServer = mockCmpv2ProviderServerSelection(); - when( - certificationProvider.signCsr(csrModel, testServer) - ).thenThrow( - new CmpClientException(expectedMessage) - ); - - // When - Exception exception = assertThrows( - CmpClientException.class, () -> - certificationModelFactory.createCertificationModel(ENCODED_CSR, ENCODED_PK, TEST_CA_NAME) - ); - - // Then - assertTrue(exception.getMessage().contains(expectedMessage)); - } - - @Test - void shouldPerformKurWhenCsrAndOldCertDataMatch() - throws CertificateDecryptionException, DecryptionException, CmpClientException { - //given - CsrModel csrModel = mockCsrFactoryModelCreation(); - Cmpv2Server testServer = mockCmpv2ProviderServerSelection(); - mockCertificateProviderCertificateUpdate(csrModel, testServer); - mockCertificateFactoryModelCreation(); - when(updateRequestTypeDetector.isKur(any(), any())).thenReturn(true); - //when, then - - CertificationModel certificationModel = certificationModelFactory - .createCertificationModel(TEST_CERTIFICATE_UPDATE_MODEL); - - // Then - assertEquals(2, certificationModel.getCertificateChain().size()); - assertThat(certificationModel.getCertificateChain()).contains(INTERMEDIATE_CERT, ENTITY_CERT); - assertEquals(2, certificationModel.getTrustedCertificates().size()); - assertThat(certificationModel.getTrustedCertificates()).contains(CA_CERT, EXTRA_CA_CERT); - - verify(certificationProvider, times(1)) - .updateCertificate(csrModel, testServer, TEST_CERTIFICATE_UPDATE_MODEL); - } - - @Test - void shouldThrowCmpClientExceptionWhenUpdateRequestFailed() - throws DecryptionException, CmpClientException, CertificateDecryptionException { - - // Given - String expectedMessage = "Exception occurred while send request to CMPv2 Server"; - CsrModel csrModel = mockCsrFactoryModelCreation(); - Cmpv2Server testServer = mockCmpv2ProviderServerSelection(); - mockCertificateFactoryModelCreation(); - - when(certificationProvider.updateCertificate(csrModel, testServer, TEST_CERTIFICATE_UPDATE_MODEL)) - .thenThrow(new CmpClientException(expectedMessage)); - when(updateRequestTypeDetector.isKur(any(), any())).thenReturn(true); - - // When - Exception exception = assertThrows( - CmpClientException.class, () -> - certificationModelFactory.createCertificationModel(TEST_CERTIFICATE_UPDATE_MODEL) - ); - - // Then - assertTrue(exception.getMessage().contains(expectedMessage)); - } - - @Test - void shouldPerformCrWhenCsrAndOldCertDataDontMatch() - throws CertificateDecryptionException, DecryptionException, CmpClientException { - // Given - CsrModel csrModel = mockCsrFactoryModelCreation(); - Cmpv2Server testServer = mockCmpv2ProviderServerSelection(); - mockCertificateProviderCertificationRequest(csrModel, testServer); - mockCertificateFactoryModelCreation(); - // When - when(updateRequestTypeDetector.isKur(any(), any())).thenReturn(false); - CertificationModel certificationModel = certificationModelFactory - .createCertificationModel(TEST_CERTIFICATE_UPDATE_MODEL); - // Then - assertEquals(2, certificationModel.getCertificateChain().size()); - assertThat(certificationModel.getCertificateChain()).contains(INTERMEDIATE_CERT, ENTITY_CERT); - assertEquals(2, certificationModel.getTrustedCertificates().size()); - assertThat(certificationModel.getTrustedCertificates()).contains(CA_CERT, EXTRA_CA_CERT); - - verify(certificationProvider, times(1)) - .certificationRequest(csrModel, testServer); - } - - @Test - void shouldThrowCertificateDecryptionExceptionWhenOldCertificateInvalid() - throws CertificateDecryptionException { - //given - when(x509CertificateModelFactory.createCertificateModel(any())) - .thenThrow(new CertificateDecryptionException("Incorrect certificate, decryption failed")); - //when, then - assertThrows( - CertificateDecryptionException.class, () -> - certificationModelFactory.createCertificationModel(TEST_CERTIFICATE_UPDATE_MODEL) - ); - } - - private void mockCertificateProviderCertificateUpdate(CsrModel csrModel, Cmpv2Server testServer) - throws CmpClientException { - CertificationModel expectedCertificationModel = getCertificationModel(); - when( - certificationProvider.updateCertificate(csrModel, testServer, TEST_CERTIFICATE_UPDATE_MODEL) - ).thenReturn(expectedCertificationModel); - } - - private void mockCertificateProviderCertificationRequest(CsrModel csrModel, Cmpv2Server testServer) - throws CmpClientException { - CertificationModel expectedCertificationModel = getCertificationModel(); - when( - certificationProvider.certificationRequest(csrModel, testServer) - ).thenReturn(expectedCertificationModel); - } - - private void mockCertificateProviderCertificateSigning(CsrModel csrModel, Cmpv2Server testServer) - throws CmpClientException { - CertificationModel expectedCertificationModel = getCertificationModel(); - when( - certificationProvider.signCsr(csrModel, testServer) - ).thenReturn(expectedCertificationModel); - } - - private Cmpv2Server mockCmpv2ProviderServerSelection() { - Cmpv2Server testServer = getCmpv2Server(); - when( - cmpv2ServerProvider.getCmpv2Server(TEST_CA_NAME) - ).thenReturn(testServer); - return testServer; - } - - private CsrModel mockCsrFactoryModelCreation() - throws DecryptionException { - CsrModel csrModel = getCsrModel(); - when(csrModelFactory.createCsrModel(any(), any())).thenReturn(csrModel); - return csrModel; - } - - private X509CertificateModel mockCertificateFactoryModelCreation() - throws CertificateDecryptionException { - final X509CertificateModel certificateModel = mock(X509CertificateModel.class); - when(x509CertificateModelFactory.createCertificateModel(any())).thenReturn(certificateModel); - return certificateModel; - } - - private Cmpv2Server getCmpv2Server() { - return new Cmpv2Server(); - } - - private CsrModel getCsrModel() { - return mock(CsrModel.class); - } - - private CertificationModel getCertificationModel() { - List testTrustedCertificates = Arrays.asList(CA_CERT, EXTRA_CA_CERT); - List testCertificationChain = Arrays.asList(INTERMEDIATE_CERT, ENTITY_CERT); - return new CertificationModel(testCertificationChain, testTrustedCertificates); - } - - -} diff --git a/certService/src/test/java/org/onap/oom/certservice/certification/CertificationProviderTest.java b/certService/src/test/java/org/onap/oom/certservice/certification/CertificationProviderTest.java index 7d75a655..192050dc 100644 --- a/certService/src/test/java/org/onap/oom/certservice/certification/CertificationProviderTest.java +++ b/certService/src/test/java/org/onap/oom/certservice/certification/CertificationProviderTest.java @@ -20,8 +20,25 @@ package org.onap.oom.certservice.certification; +import static org.assertj.core.api.Assertions.assertThat; +import static org.junit.jupiter.api.Assertions.assertThrows; +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.Mockito.when; +import static org.onap.oom.certservice.certification.TestData.TEST_CMPv2_KEYSTORE; +import static org.onap.oom.certservice.certification.TestData.TEST_CMPv2_TRUSTSTORE; + +import java.io.IOException; +import java.io.InputStream; import java.io.StringReader; +import java.nio.charset.StandardCharsets; +import java.security.NoSuchProviderException; +import java.security.Security; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; +import java.util.Collections; import java.util.List; +import java.util.Objects; import org.apache.commons.io.IOUtils; import org.bouncycastle.cert.X509CertificateHolder; import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; @@ -33,30 +50,13 @@ import org.junit.jupiter.api.extension.ExtendWith; import org.mockito.Mock; import org.mockito.junit.jupiter.MockitoExtension; import org.onap.oom.certservice.certification.configuration.model.Cmpv2Server; -import org.onap.oom.certservice.certification.model.CertificateUpdateModel; -import org.onap.oom.certservice.certification.model.CertificateUpdateModel.CertificateUpdateModelBuilder; -import org.onap.oom.certservice.certification.model.CertificationModel; +import org.onap.oom.certservice.certification.model.CertificationResponseModel; import org.onap.oom.certservice.certification.model.CsrModel; +import org.onap.oom.certservice.certification.model.OldCertificateModel; import org.onap.oom.certservice.cmpv2client.api.CmpClient; import org.onap.oom.certservice.cmpv2client.exceptions.CmpClientException; import org.onap.oom.certservice.cmpv2client.model.Cmpv2CertificationModel; -import java.io.IOException; -import java.io.InputStream; -import java.nio.charset.StandardCharsets; -import java.security.NoSuchProviderException; -import java.security.cert.CertificateException; -import java.security.cert.X509Certificate; -import java.util.Collections; -import java.util.Objects; - -import static org.assertj.core.api.Assertions.assertThat; -import static org.junit.jupiter.api.Assertions.assertThrows; -import static org.mockito.ArgumentMatchers.any; -import static org.mockito.Mockito.when; -import static org.onap.oom.certservice.certification.TestData.TEST_CMPv2_KEYSTORE; -import static org.onap.oom.certservice.certification.TestData.TEST_CMPv2_TRUSTSTORE; - @ExtendWith(MockitoExtension.class) class CertificationProviderTest { @@ -71,19 +71,18 @@ class CertificationProviderTest { private Cmpv2Server testServer; @Mock private CmpClient cmpClient; + @Mock + private OldCertificateModel oldCertificateModel; private CertificationProvider certificationProvider; - private static final CertificateUpdateModel TEST_CERTIFICATE_UPDATE_MODEL = new CertificateUpdateModelBuilder() - .setEncodedCsr("encodedCSR") - .setEncodedPrivateKey("encodedPK") - .setEncodedOldCert("encodedOldCert") - .setEncodedOldPrivateKey("encodedOldPK") - .setCaName("TestCA") - .build(); private static final String EXPECTED_BEGIN_OF_CERTIFICATE = "-----BEGIN CERTIFICATE-----\n"; private static final String EXPECTED_END_OF_CERTIFICATE = "-----END CERTIFICATE-----\n"; + static { + Security.addProvider(new BouncyCastleProvider()); + } + @BeforeEach public void init() { certificationProvider = new CertificationProvider(cmpClient); @@ -94,10 +93,10 @@ class CertificationProviderTest { throws CertificateException, NoSuchProviderException, IOException, CmpClientException { // When when( - cmpClient.createCertificate(any(CsrModel.class), any(Cmpv2Server.class)) + cmpClient.executeInitializationRequest(any(CsrModel.class), any(Cmpv2Server.class)) ).thenReturn(createCorrectClientResponse()); - CertificationModel certificationModel = certificationProvider.signCsr(csrModel, server); + CertificationResponseModel certificationModel = certificationProvider.executeInitializationRequest(csrModel, server); // Then InputStream certificate = getClass().getClassLoader().getResourceAsStream("certificateModelChain.first"); @@ -114,8 +113,6 @@ class CertificationProviderTest { assertThat(trustedCertificateModel).isEqualTo(expectedTrustedCertificate); } - - @Test void certificationProviderThrowCmpClientWhenCallingClientFailsForSignCsr() throws CmpClientException { @@ -123,13 +120,13 @@ class CertificationProviderTest { String expectedErrorMessage = "connecting to CMP client failed"; when( - cmpClient.createCertificate(any(CsrModel.class), any(Cmpv2Server.class)) + cmpClient.executeInitializationRequest(any(CsrModel.class), any(Cmpv2Server.class)) ).thenThrow(new CmpClientException(expectedErrorMessage)); // When Exception exception = assertThrows( CmpClientException.class, () -> - certificationProvider.signCsr(testCsrModel, testServer) + certificationProvider.executeInitializationRequest(testCsrModel, testServer) ); // Then @@ -142,11 +139,11 @@ class CertificationProviderTest { // When when( - cmpClient.updateCertificate(any(CsrModel.class), any(Cmpv2Server.class), any(CertificateUpdateModel.class)) + cmpClient.executeKeyUpdateRequest(any(CsrModel.class), any(Cmpv2Server.class), any(OldCertificateModel.class)) ).thenReturn(getCMPv2CertificationModel()); - CertificationModel certificationModel = certificationProvider - .updateCertificate(csrModel, server, TEST_CERTIFICATE_UPDATE_MODEL); + CertificationResponseModel certificationModel = certificationProvider + .executeKeyUpdateRequest(csrModel, server, oldCertificateModel); List certificateChain = certificationModel.getCertificateChain(); List trustedCertificates = certificationModel.getTrustedCertificates(); @@ -164,11 +161,11 @@ class CertificationProviderTest { throws IOException, CertificateException, CmpClientException { when( - cmpClient.certificationRequest(any(CsrModel.class), any(Cmpv2Server.class)) + cmpClient.executeInitializationRequest(any(CsrModel.class), any(Cmpv2Server.class)) ).thenReturn(getCMPv2CertificationModel()); - CertificationModel certificationModel = certificationProvider - .certificationRequest(csrModel, server); + CertificationResponseModel certificationModel = certificationProvider + .executeInitializationRequest(csrModel, server); List certificateChain = certificationModel.getCertificateChain(); List trustedCertificates = certificationModel.getTrustedCertificates(); @@ -188,13 +185,13 @@ class CertificationProviderTest { String expectedErrorMessage = "Exception occurred while send request to CMPv2 Server"; when( - cmpClient.updateCertificate(any(CsrModel.class), any(Cmpv2Server.class), any(CertificateUpdateModel.class)) + cmpClient.executeKeyUpdateRequest(any(CsrModel.class), any(Cmpv2Server.class), any(OldCertificateModel.class)) ).thenThrow(new CmpClientException(expectedErrorMessage)); // When Exception exception = assertThrows( CmpClientException.class, () -> - certificationProvider.updateCertificate(testCsrModel, testServer, TEST_CERTIFICATE_UPDATE_MODEL) + certificationProvider.executeKeyUpdateRequest(testCsrModel, testServer, oldCertificateModel) ); // Then @@ -206,9 +203,8 @@ class CertificationProviderTest { throws CertificateException, NoSuchProviderException { InputStream certificateChain = getClass().getClassLoader().getResourceAsStream("certificateChain.first"); InputStream trustedCertificate = getClass().getClassLoader().getResourceAsStream("trustedCertificates.first"); - X509Certificate x509Certificate = new CertificateFactoryProvider().generateCertificate(certificateChain); - X509Certificate x509TrustedCertificate = - new CertificateFactoryProvider().generateCertificate(trustedCertificate); + X509Certificate x509Certificate = generateCertificate(certificateChain); + X509Certificate x509TrustedCertificate = generateCertificate(trustedCertificate); return new Cmpv2CertificationModel( Collections.singletonList(x509Certificate), Collections.singletonList(x509TrustedCertificate)); @@ -233,4 +229,8 @@ class CertificationProviderTest { .getCertificate(certHolder); return List.of(x509Certificate); } + + private X509Certificate generateCertificate(InputStream inStream) throws CertificateException, NoSuchProviderException { + return (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(inStream); + } } diff --git a/certService/src/test/java/org/onap/oom/certservice/certification/CertificationResponseModelFactoryTest.java b/certService/src/test/java/org/onap/oom/certservice/certification/CertificationResponseModelFactoryTest.java new file mode 100644 index 00000000..205513f5 --- /dev/null +++ b/certService/src/test/java/org/onap/oom/certservice/certification/CertificationResponseModelFactoryTest.java @@ -0,0 +1,350 @@ +/* + * ============LICENSE_START======================================================= + * Cert Service + * ================================================================================ + * Copyright (C) 2020-2021 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.certification; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertThrows; +import static org.junit.jupiter.api.Assertions.assertTrue; +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.times; +import static org.mockito.Mockito.verify; +import static org.mockito.Mockito.when; +import static org.onap.oom.certservice.certification.CertificationData.CA_CERT; +import static org.onap.oom.certservice.certification.CertificationData.ENTITY_CERT; +import static org.onap.oom.certservice.certification.CertificationData.EXTRA_CA_CERT; +import static org.onap.oom.certservice.certification.CertificationData.INTERMEDIATE_CERT; +import static org.onap.oom.certservice.certification.TestData.TEST_CSR; +import static org.onap.oom.certservice.certification.TestData.TEST_PK; +import static org.onap.oom.certservice.certification.TestData.TEST_WRONG_CSR; +import static org.onap.oom.certservice.certification.TestData.TEST_WRONG_PEM; + +import java.util.Arrays; +import java.util.Base64; +import java.util.List; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; +import org.mockito.Mock; +import org.mockito.junit.jupiter.MockitoExtension; +import org.onap.oom.certservice.certification.configuration.Cmpv2ServerProvider; +import org.onap.oom.certservice.certification.configuration.model.Cmpv2Server; +import org.onap.oom.certservice.certification.conversion.CsrModelFactory; +import org.onap.oom.certservice.certification.conversion.OldCertificateModelFactory; +import org.onap.oom.certservice.certification.conversion.StringBase64; +import org.onap.oom.certservice.certification.exception.CertificateDecryptionException; +import org.onap.oom.certservice.certification.exception.Cmpv2ServerNotFoundException; +import org.onap.oom.certservice.certification.exception.CsrDecryptionException; +import org.onap.oom.certservice.certification.exception.DecryptionException; +import org.onap.oom.certservice.certification.model.CertificateUpdateModel; +import org.onap.oom.certservice.certification.model.CertificateUpdateModel.CertificateUpdateModelBuilder; +import org.onap.oom.certservice.certification.model.CertificationResponseModel; +import org.onap.oom.certservice.certification.model.CsrModel; +import org.onap.oom.certservice.certification.model.OldCertificateModel; +import org.onap.oom.certservice.cmpv2client.exceptions.CmpClientException; + +@ExtendWith(MockitoExtension.class) +class CertificationResponseModelFactoryTest { + + private static final String TEST_CA_NAME = "TestCA"; + private static final String ENCODED_CSR = getEncodedString(TEST_CSR); + private static final String ENCODED_PK = getEncodedString(TEST_PK); + private static final String ENCODED_WRONG_CSR = getEncodedString(TEST_WRONG_CSR); + private static final String ENCODED_WRONG_PK = getEncodedString(TEST_WRONG_PEM); + + private static final String TEST_ENCODED_CSR = "encodedCSR"; + private static final String TEST_ENCODED_PK = "encodedPK"; + private static final String TEST_ENCODED_OLD_PK = "encodedOldPK"; + private static final String TEST_ENCODED_OLD_CERT = "encodedOldCert"; + private static final CertificateUpdateModel TEST_CERTIFICATE_UPDATE_MODEL = new CertificateUpdateModelBuilder() + .setEncodedCsr(TEST_ENCODED_CSR) + .setEncodedPrivateKey(TEST_ENCODED_PK) + .setEncodedOldCert(TEST_ENCODED_OLD_CERT) + .setEncodedOldPrivateKey(TEST_ENCODED_OLD_PK) + .setCaName(TEST_CA_NAME) + .build(); + + private CertificationResponseModelFactory certificationResponseModelFactory; + + @Mock + private Cmpv2ServerProvider cmpv2ServerProvider; + @Mock + private CsrModelFactory csrModelFactory; + @Mock + private CertificationProvider certificationProvider; + @Mock + private OldCertificateModelFactory oldCertificateModelFactory; + @Mock + private UpdateRequestTypeDetector updateRequestTypeDetector; + @Mock + private OldCertificateModel testOldCertificateModel; + + private static String getEncodedString(String testCsr) { + return Base64.getEncoder().encodeToString(testCsr.getBytes()); + } + + @BeforeEach + void setUp() { + certificationResponseModelFactory = + new CertificationResponseModelFactory(csrModelFactory, cmpv2ServerProvider, certificationProvider, + oldCertificateModelFactory, updateRequestTypeDetector); + } + + @Test + void shouldCreateProperCertificationModelWhenGivenProperCsrModelAndCaName() + throws CmpClientException, DecryptionException { + + // Given + CsrModel csrModel = mockCsrFactoryModelCreation(); + Cmpv2Server testServer = mockCmpv2ProviderServerSelection(); + mockCertificateProviderCertificateSigning(csrModel, testServer); + + // When + CertificationResponseModel certificationModel = + certificationResponseModelFactory + .provideCertificationModelFromInitialRequest(ENCODED_CSR, ENCODED_PK, TEST_CA_NAME); + + // Then + assertEquals(2, certificationModel.getCertificateChain().size()); + assertThat(certificationModel.getCertificateChain()).contains(INTERMEDIATE_CERT, ENTITY_CERT); + assertEquals(2, certificationModel.getTrustedCertificates().size()); + assertThat(certificationModel.getTrustedCertificates()).contains(CA_CERT, EXTRA_CA_CERT); + } + + @Test + void shouldThrowDecryptionExceptionWhenGivenWrongEncodedCsr() + throws DecryptionException { + // Given + String expectedMessage = "Incorrect CSR, decryption failed"; + when( + csrModelFactory.createCsrModel( + new StringBase64(ENCODED_WRONG_CSR), + new StringBase64(ENCODED_WRONG_PK) + ) + ).thenThrow( + new CsrDecryptionException(expectedMessage) + ); + + // When + Exception exception = assertThrows( + DecryptionException.class, () -> + certificationResponseModelFactory + .provideCertificationModelFromInitialRequest(ENCODED_WRONG_CSR, ENCODED_WRONG_PK, TEST_CA_NAME) + ); + + // Then + assertTrue(exception.getMessage().contains(expectedMessage)); + } + + @Test + void shouldThrowCmpv2ServerNotFoundExceptionWhenGivenWrongCaName() + throws DecryptionException { + // Given + String expectedMessage = "CA not found"; + mockCsrFactoryModelCreation(); + when( + cmpv2ServerProvider.getCmpv2Server(TEST_CA_NAME) + ).thenThrow( + new Cmpv2ServerNotFoundException(expectedMessage) + ); + + // When + Exception exception = assertThrows( + Cmpv2ServerNotFoundException.class, () -> + certificationResponseModelFactory + .provideCertificationModelFromInitialRequest(ENCODED_CSR, ENCODED_PK, TEST_CA_NAME) + ); + + // Then + assertTrue(exception.getMessage().contains(expectedMessage)); + } + + @Test + void shouldThrowCmpClientExceptionWhenSigningCsrFailed() + throws DecryptionException, CmpClientException { + // Given + String expectedMessage = "failed to sign certificate"; + CsrModel csrModel = mockCsrFactoryModelCreation(); + Cmpv2Server testServer = mockCmpv2ProviderServerSelection(); + when( + certificationProvider.executeInitializationRequest(csrModel, testServer) + ).thenThrow( + new CmpClientException(expectedMessage) + ); + + // When + Exception exception = assertThrows( + CmpClientException.class, () -> + certificationResponseModelFactory + .provideCertificationModelFromInitialRequest(ENCODED_CSR, ENCODED_PK, TEST_CA_NAME) + ); + + // Then + assertTrue(exception.getMessage().contains(expectedMessage)); + } + + @Test + void shouldPerformKurWhenCsrAndOldCertDataMatch() + throws CertificateDecryptionException, DecryptionException, CmpClientException { + // Given + CsrModel csrModel = mockCsrFactoryModelCreation(); + Cmpv2Server testServer = mockCmpv2ProviderServerSelection(); + mockCertificateProviderCertificateUpdate(csrModel, testServer); + mockCertificateFactoryModelCreation(); + when(updateRequestTypeDetector.isKur(any(), any())).thenReturn(true); + when(oldCertificateModelFactory.createCertificateModel(any(), any())).thenReturn(testOldCertificateModel); + + // When + CertificationResponseModel certificationModel = certificationResponseModelFactory + .provideCertificationModelFromUpdateRequest(TEST_CERTIFICATE_UPDATE_MODEL); + + // Then + assertEquals(2, certificationModel.getCertificateChain().size()); + assertThat(certificationModel.getCertificateChain()).contains(INTERMEDIATE_CERT, ENTITY_CERT); + assertEquals(2, certificationModel.getTrustedCertificates().size()); + assertThat(certificationModel.getTrustedCertificates()).contains(CA_CERT, EXTRA_CA_CERT); + + verify(certificationProvider, times(1)) + .executeKeyUpdateRequest(csrModel, testServer, testOldCertificateModel); + } + + @Test + void shouldThrowCmpClientExceptionWhenUpdateRequestFailed() + throws DecryptionException, CmpClientException, CertificateDecryptionException { + + // Given + String expectedMessage = "Exception occurred while send request to CMPv2 Server"; + CsrModel csrModel = mockCsrFactoryModelCreation(); + Cmpv2Server testServer = mockCmpv2ProviderServerSelection(); + mockCertificateFactoryModelCreation(); + + when(oldCertificateModelFactory.createCertificateModel(any(), any())).thenReturn(testOldCertificateModel); + when(certificationProvider.executeKeyUpdateRequest(csrModel, testServer, testOldCertificateModel)) + .thenThrow(new CmpClientException(expectedMessage)); + when(updateRequestTypeDetector.isKur(any(), any())).thenReturn(true); + + // When + Exception exception = assertThrows( + CmpClientException.class, () -> + certificationResponseModelFactory.provideCertificationModelFromUpdateRequest(TEST_CERTIFICATE_UPDATE_MODEL) + ); + + // Then + assertTrue(exception.getMessage().contains(expectedMessage)); + } + + @Test + void shouldPerformCrWhenCsrAndOldCertDataDontMatch() + throws CertificateDecryptionException, DecryptionException, CmpClientException { + // Given + CsrModel csrModel = mockCsrFactoryModelCreation(); + Cmpv2Server testServer = mockCmpv2ProviderServerSelection(); + mockCertificateProviderCertificationRequest(csrModel, testServer); + mockCertificateFactoryModelCreation(); + // When + when(updateRequestTypeDetector.isKur(any(), any())).thenReturn(false); + CertificationResponseModel certificationModel = certificationResponseModelFactory + .provideCertificationModelFromUpdateRequest(TEST_CERTIFICATE_UPDATE_MODEL); + // Then + assertEquals(2, certificationModel.getCertificateChain().size()); + assertThat(certificationModel.getCertificateChain()).contains(INTERMEDIATE_CERT, ENTITY_CERT); + assertEquals(2, certificationModel.getTrustedCertificates().size()); + assertThat(certificationModel.getTrustedCertificates()).contains(CA_CERT, EXTRA_CA_CERT); + + verify(certificationProvider, times(1)) + .executeCertificationRequest(csrModel, testServer); + } + + @Test + void shouldThrowCertificateDecryptionExceptionWhenOldCertificateInvalid() + throws CertificateDecryptionException { + //given + when(oldCertificateModelFactory.createCertificateModel(any(), any())) + .thenThrow(new CertificateDecryptionException("Incorrect certificate, decryption failed")); + //when, then + assertThrows( + CertificateDecryptionException.class, () -> + certificationResponseModelFactory.provideCertificationModelFromUpdateRequest(TEST_CERTIFICATE_UPDATE_MODEL) + ); + } + + private void mockCertificateProviderCertificateUpdate(CsrModel csrModel, Cmpv2Server testServer) + throws CmpClientException { + CertificationResponseModel expectedCertificationModel = getCertificationModel(); + when( + certificationProvider.executeKeyUpdateRequest(csrModel, testServer, testOldCertificateModel) + ).thenReturn(expectedCertificationModel); + } + + private void mockCertificateProviderCertificationRequest(CsrModel csrModel, Cmpv2Server testServer) + throws CmpClientException { + CertificationResponseModel expectedCertificationModel = getCertificationModel(); + when( + certificationProvider.executeCertificationRequest(csrModel, testServer) + ).thenReturn(expectedCertificationModel); + } + + private void mockCertificateProviderCertificateSigning(CsrModel csrModel, Cmpv2Server testServer) + throws CmpClientException { + CertificationResponseModel expectedCertificationModel = getCertificationModel(); + when( + certificationProvider.executeInitializationRequest(csrModel, testServer) + ).thenReturn(expectedCertificationModel); + } + + private Cmpv2Server mockCmpv2ProviderServerSelection() { + Cmpv2Server testServer = getCmpv2Server(); + when( + cmpv2ServerProvider.getCmpv2Server(TEST_CA_NAME) + ).thenReturn(testServer); + return testServer; + } + + private CsrModel mockCsrFactoryModelCreation() + throws DecryptionException { + CsrModel csrModel = getCsrModel(); + when(csrModelFactory.createCsrModel(any(), any())).thenReturn(csrModel); + return csrModel; + } + + private OldCertificateModel mockCertificateFactoryModelCreation() + throws CertificateDecryptionException { + final OldCertificateModel certificateModel = mock(OldCertificateModel.class); + when(oldCertificateModelFactory.createCertificateModel(any(), any())).thenReturn(certificateModel); + return certificateModel; + } + + private Cmpv2Server getCmpv2Server() { + return new Cmpv2Server(); + } + + private CsrModel getCsrModel() { + return mock(CsrModel.class); + } + + private CertificationResponseModel getCertificationModel() { + List testTrustedCertificates = Arrays.asList(CA_CERT, EXTRA_CA_CERT); + List testCertificationChain = Arrays.asList(INTERMEDIATE_CERT, ENTITY_CERT); + return new CertificationResponseModel(testCertificationChain, testTrustedCertificates); + } + +} diff --git a/certService/src/test/java/org/onap/oom/certservice/certification/CsrModelFactoryTest.java b/certService/src/test/java/org/onap/oom/certservice/certification/CsrModelFactoryTest.java deleted file mode 100644 index eb6a0550..00000000 --- a/certService/src/test/java/org/onap/oom/certservice/certification/CsrModelFactoryTest.java +++ /dev/null @@ -1,141 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * Cert Service - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.oom.certservice.certification; - -import org.bouncycastle.util.encoders.Base64; -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; -import org.onap.oom.certservice.certification.exception.CsrDecryptionException; -import org.onap.oom.certservice.certification.exception.DecryptionException; -import org.onap.oom.certservice.certification.exception.KeyDecryptionException; -import org.onap.oom.certservice.certification.model.CsrModel; - -import static org.junit.jupiter.api.Assertions.assertThrows; -import static org.junit.jupiter.api.Assertions.assertTrue; -import static org.onap.oom.certservice.certification.TestData.TEST_CSR; -import static org.onap.oom.certservice.certification.TestData.TEST_PK; -import static org.onap.oom.certservice.certification.TestData.TEST_WRONG_CSR; -import static org.onap.oom.certservice.certification.TestData.TEST_WRONG_PEM; - - -class CsrModelFactoryTest { - - private CsrModelFactory csrModelFactory; - - @BeforeEach - void setUp() { - csrModelFactory = new CsrModelFactory(); - } - - @Test - void shouldDecryptCsrAndReturnStringWithDataAboutIt() throws DecryptionException { - // given - String encoderCsr = new String(Base64.encode(TEST_CSR.getBytes())); - String encoderPK = new String(Base64.encode(TEST_PK.getBytes())); - - // when - CsrModel decryptedCsr = csrModelFactory - .createCsrModel(new StringBase64(encoderCsr), new StringBase64(encoderPK)); - - assertTrue(decryptedCsr.toString() - .contains(TestData.EXPECTED_CERT_SUBJECT)); - System.out.println(decryptedCsr.toString()); - assertTrue(decryptedCsr.toString() - .contains(TestData.EXPECTED_CERT_SANS)); - } - - @Test - void shouldThrowCsrDecryptionExceptionWhenCsrIsIncorrect() { - // given - String encoderPK = new String(Base64.encode(TEST_PK.getBytes())); - String wrongCsr = new String(Base64.encode(TEST_WRONG_CSR.getBytes())); - - // when - Exception exception = assertThrows( - CsrDecryptionException.class, () -> csrModelFactory - .createCsrModel(new StringBase64(wrongCsr), new StringBase64(encoderPK)) - ); - - String expectedMessage = "Incorrect CSR, decryption failed"; - String actualMessage = exception.getMessage(); - - // then - assertTrue(actualMessage.contains(expectedMessage)); - } - - @Test - void shouldThrowKeyDecryptionExceptionWhenKeyIsIncorrect() { - // given - String encoderPK = new String(Base64.encode(TEST_WRONG_PEM.getBytes())); - String wrongCsr = new String(Base64.encode(TEST_CSR.getBytes())); - - // when - Exception exception = assertThrows( - KeyDecryptionException.class, () -> csrModelFactory - .createCsrModel(new StringBase64(wrongCsr), new StringBase64(encoderPK)) - ); - - String expectedMessage = "Incorrect Key, decryption failed"; - String actualMessage = exception.getMessage(); - - // then - assertTrue(actualMessage.contains(expectedMessage)); - } - - - @Test - void shouldThrowCsrDecryptionExceptionWhenCsrIsNotInBase64Encoding() { - // given - String encoderPK = new String(Base64.encode(TEST_PK.getBytes())); - String wrongCsr = "Not Base 64 Csr"; - - // when - Exception exception = assertThrows( - CsrDecryptionException.class, () -> csrModelFactory - .createCsrModel(new StringBase64(wrongCsr), new StringBase64(encoderPK)) - ); - - String expectedMessage = "Incorrect CSR, decryption failed"; - String actualMessage = exception.getMessage(); - - // then - assertTrue(actualMessage.contains(expectedMessage)); - } - - @Test - void shouldThrowKeyDecryptionExceptionWhenPkIsNotInBase64Encoding() { - // given - String encoderPK = "Not Base64 Key"; - String wrongCsr = new String(Base64.encode(TEST_CSR.getBytes())); - - // when - Exception exception = assertThrows( - KeyDecryptionException.class, () -> csrModelFactory - .createCsrModel(new StringBase64(wrongCsr), new StringBase64(encoderPK)) - ); - - String expectedMessage = "Incorrect Key, decryption failed"; - String actualMessage = exception.getMessage(); - - // then - assertTrue(actualMessage.contains(expectedMessage)); - } -} diff --git a/certService/src/test/java/org/onap/oom/certservice/certification/PemObjectFactoryTest.java b/certService/src/test/java/org/onap/oom/certservice/certification/PemObjectFactoryTest.java deleted file mode 100644 index 68cfa1a1..00000000 --- a/certService/src/test/java/org/onap/oom/certservice/certification/PemObjectFactoryTest.java +++ /dev/null @@ -1,76 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * PROJECT - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.oom.certservice.certification; - -import org.bouncycastle.util.io.pem.PemObject; -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; -import org.onap.oom.certservice.certification.exception.DecryptionException; - -import static org.junit.jupiter.api.Assertions.assertEquals; -import static org.junit.jupiter.api.Assertions.assertThrows; -import static org.junit.jupiter.api.Assertions.assertTrue; -import static org.onap.oom.certservice.certification.TestData.TEST_PEM; -import static org.onap.oom.certservice.certification.TestData.TEST_WRONG_PEM; -import static org.onap.oom.certservice.certification.TestUtils.pemObjectToString; - - -class PemObjectFactoryTest { - - - private PemObjectFactory pemObjectFactory; - - @BeforeEach - void setUp() { - pemObjectFactory = new PemObjectFactory(); - } - - @Test - void shouldTransformStringInToPemObjectAndBackToString() throws DecryptionException { - // when - PemObject pemObject = pemObjectFactory.createPemObject(TEST_PEM).orElseThrow( - () -> new DecryptionException("Pem decryption failed") - ); - String parsedPemObject = pemObjectToString(pemObject); - - // then - assertEquals(TEST_PEM, parsedPemObject); - } - - @Test - void shouldThrowExceptionWhenParsingPemFailed() { - // given - String expectedMessage = "Unable to create PEM"; - - // when - Exception exception = assertThrows( - DecryptionException.class, () -> pemObjectFactory.createPemObject(TEST_WRONG_PEM).orElseThrow( - () -> new DecryptionException(expectedMessage) - ) - ); - - String actualMessage = exception.getMessage(); - - // then - assertTrue(actualMessage.contains(expectedMessage)); - } - -} diff --git a/certService/src/test/java/org/onap/oom/certservice/certification/PemStringToCertificateConverterTest.java b/certService/src/test/java/org/onap/oom/certservice/certification/PemStringToCertificateConverterTest.java deleted file mode 100644 index ecdb1a2e..00000000 --- a/certService/src/test/java/org/onap/oom/certservice/certification/PemStringToCertificateConverterTest.java +++ /dev/null @@ -1,90 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * Cert Service - * ================================================================================ - * Copyright (C) 2021 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.oom.certservice.certification; - -import static org.assertj.core.api.Assertions.assertThat; -import static org.assertj.core.api.Assertions.assertThatThrownBy; - -import java.io.Serializable; -import java.security.cert.CertificateParsingException; -import java.security.cert.X509Certificate; -import java.util.List; -import org.bouncycastle.asn1.x509.GeneralName; -import org.junit.jupiter.api.Test; -import org.onap.oom.certservice.certification.exception.StringToCertificateConversionException; - -class PemStringToCertificateConverterTest { - - private static final String CERTIFICATE_PEM_STRING = - "-----BEGIN CERTIFICATE-----\n" - + "MIIEizCCAvOgAwIBAgIUGEp2GZ6Y8nzDA9CKl5nURI7CUN8wDQYJKoZIhvcNAQEL\n" - + "BQAwYTEjMCEGCgmSJomT8ixkAQEME2MtMGpiZnE4cWExZm8wd2ttbnkxFTATBgNV\n" - + "BAMMDE1hbmFnZW1lbnRDQTEjMCEGA1UECgwaRUpCQ0EgQ29udGFpbmVyIFF1aWNr\n" - + "c3RhcnQwHhcNMjEwNjI5MDY1MDI1WhcNMjMwNjI5MDY1MDI0WjB3MREwDwYDVQQD\n" - + "DAhvbmFwLm9yZzEZMBcGA1UECwwQTGludXgtRm91bmRhdGlvbjENMAsGA1UECgwE\n" - + "T05BUDEWMBQGA1UEBwwNU2FuLUZyYW5jaXNjbzETMBEGA1UECAwKQ2FsaWZvcm5p\n" - + "YTELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB\n" - + "zvbyrrEiaoBj8kma2QmC+VLmmtWFWyAJgSrYA4kxuyrjQCW4JyFGvmzbYoUFFLOF\n" - + "hfq18VjTs0cbTysX8cFSfkV2EKGERBaZnZRQso6SIJNGa3xMe5FHjREy34Np04IH\n" - + "jSQ42eIBgcNiIada4jgEnIQQYQJSPQtHkfOMC6O+3RpT/eHtvo5urR16MFY1K6so\n" - + "nWYitI5TpEKRozav6zqU/otHgn5jRLryj0IZy0ijlBfSKTxrFfZr3KoMDudVEfUM\n" - + "tsqER3poc1gFkqmCRK38BPNiY7v5KATRB+fWN+P75mw43drx9rImp+JtpOUsDK8r\n" - + "IBd8o4afNvr/WrygBB8rAgMBAAGjgaQwgaEwDAYDVR0TAQH/BAIwADAfBgNVHSME\n" - + "GDAWgBR9M1qUnQM0CpHUz34F5sVUUcIDtjAYBgNVHREEETAPgg10ZXN0Lm9uYXAu\n" - + "b3JnMCcGA1UdJQQgMB4GCCsGAQUFBwMCBggrBgEFBQcDBAYIKwYBBQUHAwEwHQYD\n" - + "VR0OBBYEFAfqcU6xGi8jzjlRuKQBtqRcXi+uMA4GA1UdDwEB/wQEAwIF4DANBgkq\n" - + "hkiG9w0BAQsFAAOCAYEAAdw77q7shKtS8lDGcJ/Y8dEjjNSlRtU14EMC59kmKeft\n" - + "Ri7d0oCQXtdRCut3ymizLVqQkmX6SrGshpWUsNzTdITjQ6JB2KOaiIWIF60NSleW\n" - + "0vLm36EmY1ErK+zKe7tvGWZhTNVzBXtnq+AMfJc41u2uelkx0LNczsX9aCajLH1v\n" - + "4z4XsUnm9qiXpnEm632emuJyj6Nt0JWVuNTJTPRnqVZf6KKR83v8JuV0EefWd5WV\n" - + "cFspL0H3MKJV7uf7hfllnIcRtzXa5pctBCboFShVkRNaAMPpJf0DBLQxm7dAWj5A\n" - + "hG1rwmTmzM6NpwGHW/I1SFMmtQiF0PACz1Un6nDW/Rf1iHEoGf8YBLP332LJSDug\n" - + "RKn0cM3QTcyUEzCZxSwKJ2ngC9eG9C2d3YhB6Zxtl+gUIa3AwwPbqr7YR9QkD2Eo\n" - + "d4LqEH9znyBfi7k2YCwP6rtfSi6ClybXe8eBcuMES4TAQfFK6FVf58tGQIx06I0O\n" - + "34nemZwkLoOBzZkepaQv\n" - + "-----END CERTIFICATE-----\n"; - - private static final List EXPECTED_SUBJECT_ALTERNATIVE_NAME = List - .of(GeneralName.dNSName, "test.onap.org"); - - private static final String EXPECTED_SUBJECT = "CN=onap.org,OU=Linux-Foundation,O=ONAP,L=San-Francisco,ST=California,C=US"; - - private final PemStringToCertificateConverter converter = new PemStringToCertificateConverter(); - - @Test - void shouldConvertStringToCertificate() throws CertificateParsingException, StringToCertificateConversionException { - //given, when - X509Certificate certificate = converter.convert(CERTIFICATE_PEM_STRING); - //then - assertThat(certificate).isNotNull(); - assertThat(certificate.getSubjectDN()) - .hasToString(EXPECTED_SUBJECT); - assertThat(certificate.getSubjectAlternativeNames()) - .containsExactly(EXPECTED_SUBJECT_ALTERNATIVE_NAME); - } - - @Test - void shouldThrowExceptionWhenCertificateStringInvalid() { - assertThatThrownBy(() -> converter.convert("")) - .isInstanceOf(StringToCertificateConversionException.class); - } - -} diff --git a/certService/src/test/java/org/onap/oom/certservice/certification/RsaContentSignerBuilderTest.java b/certService/src/test/java/org/onap/oom/certservice/certification/RsaContentSignerBuilderTest.java deleted file mode 100644 index eebe1815..00000000 --- a/certService/src/test/java/org/onap/oom/certservice/certification/RsaContentSignerBuilderTest.java +++ /dev/null @@ -1,63 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * PROJECT - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.oom.certservice.certification; - -import org.bouncycastle.operator.ContentSigner; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.pkcs.PKCS10CertificationRequest; -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; -import org.onap.oom.certservice.certification.RsaContentSignerBuilder; -import org.onap.oom.certservice.certification.exception.DecryptionException; -import org.onap.oom.certservice.certification.model.CsrModel; - -import java.io.IOException; -import java.security.PrivateKey; - -import static org.assertj.core.api.Assertions.assertThat; -import static org.onap.oom.certservice.certification.TestUtils.createCsrModel; - -class RsaContentSignerBuilderTest { - - private RsaContentSignerBuilder rsaContentSignerBuilder; - - @BeforeEach - void setUp() { - rsaContentSignerBuilder = new RsaContentSignerBuilder(); - } - - @Test - void shouldBuildProperContentSignerWhenProvidedCertificationRequestAndPrivateKey() - throws IOException, OperatorCreationException, DecryptionException { - // Given - CsrModel testCsrModel = createCsrModel(); - PKCS10CertificationRequest testCertificationRequest = testCsrModel.getCsr(); - PrivateKey testPrivateKey = testCsrModel.getPrivateKey(); - - // When - ContentSigner createdContentSigner = rsaContentSignerBuilder.build(testCertificationRequest, testPrivateKey); - - // Then - assertThat(createdContentSigner.getAlgorithmIdentifier()) - .isEqualTo(testCertificationRequest.getSignatureAlgorithm()); - } - -} diff --git a/certService/src/test/java/org/onap/oom/certservice/certification/TestUtils.java b/certService/src/test/java/org/onap/oom/certservice/certification/TestUtils.java index 0dceda19..0284b0af 100644 --- a/certService/src/test/java/org/onap/oom/certservice/certification/TestUtils.java +++ b/certService/src/test/java/org/onap/oom/certservice/certification/TestUtils.java @@ -23,6 +23,8 @@ package org.onap.oom.certservice.certification; import org.bouncycastle.util.encoders.Base64; import org.bouncycastle.util.io.pem.PemObject; import org.bouncycastle.util.io.pem.PemWriter; +import org.onap.oom.certservice.certification.conversion.CsrModelFactory; +import org.onap.oom.certservice.certification.conversion.StringBase64; import org.onap.oom.certservice.certification.exception.DecryptionException; import org.onap.oom.certservice.certification.exception.KeyDecryptionException; import org.onap.oom.certservice.certification.model.CsrModel; diff --git a/certService/src/test/java/org/onap/oom/certservice/certification/X509CertificateBuilderTest.java b/certService/src/test/java/org/onap/oom/certservice/certification/X509CertificateBuilderTest.java deleted file mode 100644 index 52ed99e7..00000000 --- a/certService/src/test/java/org/onap/oom/certservice/certification/X509CertificateBuilderTest.java +++ /dev/null @@ -1,69 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * PROJECT - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.oom.certservice.certification; - -import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.cert.X509v3CertificateBuilder; -import org.bouncycastle.operator.ContentSigner; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.pkcs.PKCS10CertificationRequest; -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; -import org.onap.oom.certservice.certification.exception.DecryptionException; -import org.onap.oom.certservice.certification.model.CsrModel; - -import java.io.IOException; -import java.security.PrivateKey; - -import static org.assertj.core.api.Assertions.assertThat; -import static org.onap.oom.certservice.certification.TestUtils.createCsrModel; - -class X509CertificateBuilderTest { - - private X509CertificateBuilder certificateBuilder; - - - @BeforeEach - void setUp() { - certificateBuilder = new X509CertificateBuilder(); - } - - @Test - void shouldBuildCertificateBuilderWhenGivenProperCertificationRequest() - throws DecryptionException, IOException, OperatorCreationException { - // Given - CsrModel testCsrModel = createCsrModel(); - PKCS10CertificationRequest testCertificationRequest = testCsrModel.getCsr(); - PrivateKey testPrivateKey = testCsrModel.getPrivateKey(); - RsaContentSignerBuilder rsaContentSignerBuilder = new RsaContentSignerBuilder(); - ContentSigner createdContentSigner = rsaContentSignerBuilder.build(testCertificationRequest, testPrivateKey); - - // When - X509v3CertificateBuilder certificateBuilder = this.certificateBuilder.build(testCertificationRequest); - X509CertificateHolder certificateHolder = certificateBuilder.build(createdContentSigner); - - // Then - assertThat(certificateHolder.getIssuer()) - .isEqualToComparingFieldByField(testCsrModel.getSubjectData()); - assertThat(certificateHolder.getSubjectPublicKeyInfo()) - .isEqualToComparingFieldByField(testCertificationRequest.getSubjectPublicKeyInfo()); - } -} diff --git a/certService/src/test/java/org/onap/oom/certservice/certification/X509CertificateModelFactoryTest.java b/certService/src/test/java/org/onap/oom/certservice/certification/X509CertificateModelFactoryTest.java deleted file mode 100644 index bad4887b..00000000 --- a/certService/src/test/java/org/onap/oom/certservice/certification/X509CertificateModelFactoryTest.java +++ /dev/null @@ -1,166 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * Cert Service - * ================================================================================ - * Copyright (C) 2021 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.oom.certservice.certification; - -import static org.assertj.core.api.Assertions.assertThat; -import static org.assertj.core.api.Assertions.assertThatThrownBy; - -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.asn1.x509.GeneralName; -import org.junit.jupiter.api.Test; -import org.onap.oom.certservice.certification.exception.CertificateDecryptionException; -import org.onap.oom.certservice.certification.model.X509CertificateModel; - -class X509CertificateModelFactoryTest { - - private static final String ENCODED_CERTIFICATE_STRING = - "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVpekNDQXZPZ0F3SUJBZ0lVR0VwMkdaNlk4" - + "bnpEQTlDS2w1blVSSTdDVU44d0RRWUpLb1pJaHZjTkFRRUwKQlFBd1lURWpNQ0VHQ2dtU0pvbVQ4" - + "aXhrQVFFTUUyTXRNR3BpWm5FNGNXRXhabTh3ZDJ0dGJua3hGVEFUQmdOVgpCQU1NREUxaGJtRm5a" - + "VzFsYm5SRFFURWpNQ0VHQTFVRUNnd2FSVXBDUTBFZ1EyOXVkR0ZwYm1WeUlGRjFhV05yCmMzUmhj" - + "blF3SGhjTk1qRXdOakk1TURZMU1ESTFXaGNOTWpNd05qSTVNRFkxTURJMFdqQjNNUkV3RHdZRFZR" - + "UUQKREFodmJtRndMbTl5WnpFWk1CY0dBMVVFQ3d3UVRHbHVkWGd0Um05MWJtUmhkR2x2YmpFTk1B" - + "c0dBMVVFQ2d3RQpUMDVCVURFV01CUUdBMVVFQnd3TlUyRnVMVVp5WVc1amFYTmpiekVUTUJFR0Ex" - + "VUVDQXdLUTJGc2FXWnZjbTVwCllURUxNQWtHQTFVRUJoTUNWVk13Z2dFaU1BMEdDU3FHU0liM0RR" - + "RUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRREIKenZieXJyRWlhb0JqOGttYTJRbUMrVkxtbXRXRld5" - + "QUpnU3JZQTRreHV5cmpRQ1c0SnlGR3ZtemJZb1VGRkxPRgpoZnExOFZqVHMwY2JUeXNYOGNGU2Zr" - + "VjJFS0dFUkJhWm5aUlFzbzZTSUpOR2EzeE1lNUZIalJFeTM0TnAwNElICmpTUTQyZUlCZ2NOaUlh" - + "ZGE0amdFbklRUVlRSlNQUXRIa2ZPTUM2TyszUnBUL2VIdHZvNXVyUjE2TUZZMUs2c28KbldZaXRJ" - + "NVRwRUtSb3phdjZ6cVUvb3RIZ241alJMcnlqMElaeTBpamxCZlNLVHhyRmZacjNLb01EdWRWRWZV" - + "TQp0c3FFUjNwb2MxZ0ZrcW1DUkszOEJQTmlZN3Y1S0FUUkIrZldOK1A3NW13NDNkcng5ckltcCtK" - + "dHBPVXNESzhyCklCZDhvNGFmTnZyL1dyeWdCQjhyQWdNQkFBR2pnYVF3Z2FFd0RBWURWUjBUQVFI" - + "L0JBSXdBREFmQmdOVkhTTUUKR0RBV2dCUjlNMXFVblFNMENwSFV6MzRGNXNWVVVjSUR0akFZQmdO" - + "VkhSRUVFVEFQZ2cxMFpYTjBMbTl1WVhBdQpiM0puTUNjR0ExVWRKUVFnTUI0R0NDc0dBUVVGQndN" - + "Q0JnZ3JCZ0VGQlFjREJBWUlLd1lCQlFVSEF3RXdIUVlEClZSME9CQllFRkFmcWNVNnhHaThqemps" - + "UnVLUUJ0cVJjWGkrdU1BNEdBMVVkRHdFQi93UUVBd0lGNERBTkJna3EKaGtpRzl3MEJBUXNGQUFP" - + "Q0FZRUFBZHc3N3E3c2hLdFM4bERHY0ovWThkRWpqTlNsUnRVMTRFTUM1OWttS2VmdApSaTdkMG9D" - + "UVh0ZFJDdXQzeW1pekxWcVFrbVg2U3JHc2hwV1VzTnpUZElUalE2SkIyS09haUlXSUY2ME5TbGVX" - + "CjB2TG0zNkVtWTFFcksrektlN3R2R1daaFROVnpCWHRucStBTWZKYzQxdTJ1ZWxreDBMTmN6c1g5" - + "YUNhakxIMXYKNHo0WHNVbm05cWlYcG5FbTYzMmVtdUp5ajZOdDBKV1Z1TlRKVFBSbnFWWmY2S0tS" - + "ODN2OEp1VjBFZWZXZDVXVgpjRnNwTDBIM01LSlY3dWY3aGZsbG5JY1J0elhhNXBjdEJDYm9GU2hW" - + "a1JOYUFNUHBKZjBEQkxReG03ZEFXajVBCmhHMXJ3bVRtek02TnB3R0hXL0kxU0ZNbXRRaUYwUEFD" - + "ejFVbjZuRFcvUmYxaUhFb0dmOFlCTFAzMzJMSlNEdWcKUktuMGNNM1FUY3lVRXpDWnhTd0tKMm5n" - + "QzllRzlDMmQzWWhCNlp4dGwrZ1VJYTNBd3dQYnFyN1lSOVFrRDJFbwpkNExxRUg5em55QmZpN2sy" - + "WUN3UDZydGZTaTZDbHliWGU4ZUJjdU1FUzRUQVFmRks2RlZmNTh0R1FJeDA2STBPCjM0bmVtWndr" - + "TG9PQnpaa2VwYVF2Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"; - - private static final String ENCODED_CERTIFICATE_CHAIN_STRING = - "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVpekNDQXZPZ0F3SUJBZ0lVR0VwMkdaNlk4" - + "bnpEQTlDS2w1blVSSTdDVU44d0RRWUpLb1pJaHZjTkFRRUwKQlFBd1lURWpNQ0VHQ2dtU0pvbVQ4" - + "aXhrQVFFTUUyTXRNR3BpWm5FNGNXRXhabTh3ZDJ0dGJua3hGVEFUQmdOVgpCQU1NREUxaGJtRm5a" - + "VzFsYm5SRFFURWpNQ0VHQTFVRUNnd2FSVXBDUTBFZ1EyOXVkR0ZwYm1WeUlGRjFhV05yCmMzUmhj" - + "blF3SGhjTk1qRXdOakk1TURZMU1ESTFXaGNOTWpNd05qSTVNRFkxTURJMFdqQjNNUkV3RHdZRFZR" - + "UUQKREFodmJtRndMbTl5WnpFWk1CY0dBMVVFQ3d3UVRHbHVkWGd0Um05MWJtUmhkR2x2YmpFTk1B" - + "c0dBMVVFQ2d3RQpUMDVCVURFV01CUUdBMVVFQnd3TlUyRnVMVVp5WVc1amFYTmpiekVUTUJFR0Ex" - + "VUVDQXdLUTJGc2FXWnZjbTVwCllURUxNQWtHQTFVRUJoTUNWVk13Z2dFaU1BMEdDU3FHU0liM0RR" - + "RUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRREIKenZieXJyRWlhb0JqOGttYTJRbUMrVkxtbXRXRld5" - + "QUpnU3JZQTRreHV5cmpRQ1c0SnlGR3ZtemJZb1VGRkxPRgpoZnExOFZqVHMwY2JUeXNYOGNGU2Zr" - + "VjJFS0dFUkJhWm5aUlFzbzZTSUpOR2EzeE1lNUZIalJFeTM0TnAwNElICmpTUTQyZUlCZ2NOaUlh" - + "ZGE0amdFbklRUVlRSlNQUXRIa2ZPTUM2TyszUnBUL2VIdHZvNXVyUjE2TUZZMUs2c28KbldZaXRJ" - + "NVRwRUtSb3phdjZ6cVUvb3RIZ241alJMcnlqMElaeTBpamxCZlNLVHhyRmZacjNLb01EdWRWRWZV" - + "TQp0c3FFUjNwb2MxZ0ZrcW1DUkszOEJQTmlZN3Y1S0FUUkIrZldOK1A3NW13NDNkcng5ckltcCtK" - + "dHBPVXNESzhyCklCZDhvNGFmTnZyL1dyeWdCQjhyQWdNQkFBR2pnYVF3Z2FFd0RBWURWUjBUQVFI" - + "L0JBSXdBREFmQmdOVkhTTUUKR0RBV2dCUjlNMXFVblFNMENwSFV6MzRGNXNWVVVjSUR0akFZQmdO" - + "VkhSRUVFVEFQZ2cxMFpYTjBMbTl1WVhBdQpiM0puTUNjR0ExVWRKUVFnTUI0R0NDc0dBUVVGQndN" - + "Q0JnZ3JCZ0VGQlFjREJBWUlLd1lCQlFVSEF3RXdIUVlEClZSME9CQllFRkFmcWNVNnhHaThqemps" - + "UnVLUUJ0cVJjWGkrdU1BNEdBMVVkRHdFQi93UUVBd0lGNERBTkJna3EKaGtpRzl3MEJBUXNGQUFP" - + "Q0FZRUFBZHc3N3E3c2hLdFM4bERHY0ovWThkRWpqTlNsUnRVMTRFTUM1OWttS2VmdApSaTdkMG9D" - + "UVh0ZFJDdXQzeW1pekxWcVFrbVg2U3JHc2hwV1VzTnpUZElUalE2SkIyS09haUlXSUY2ME5TbGVX" - + "CjB2TG0zNkVtWTFFcksrektlN3R2R1daaFROVnpCWHRucStBTWZKYzQxdTJ1ZWxreDBMTmN6c1g5" - + "YUNhakxIMXYKNHo0WHNVbm05cWlYcG5FbTYzMmVtdUp5ajZOdDBKV1Z1TlRKVFBSbnFWWmY2S0tS" - + "ODN2OEp1VjBFZWZXZDVXVgpjRnNwTDBIM01LSlY3dWY3aGZsbG5JY1J0elhhNXBjdEJDYm9GU2hW" - + "a1JOYUFNUHBKZjBEQkxReG03ZEFXajVBCmhHMXJ3bVRtek02TnB3R0hXL0kxU0ZNbXRRaUYwUEFD" - + "ejFVbjZuRFcvUmYxaUhFb0dmOFlCTFAzMzJMSlNEdWcKUktuMGNNM1FUY3lVRXpDWnhTd0tKMm5n" - + "QzllRzlDMmQzWWhCNlp4dGwrZ1VJYTNBd3dQYnFyN1lSOVFrRDJFbwpkNExxRUg5em55QmZpN2sy" - + "WUN3UDZydGZTaTZDbHliWGU4ZUJjdU1FUzRUQVFmRks2RlZmNTh0R1FJeDA2STBPCjM0bmVtWndr" - + "TG9PQnpaa2VwYVF2Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KLS0tLS1CRUdJTiBDRVJUSUZJ" - + "Q0FURS0tLS0tCk1JSUVzekNDQXh1Z0F3SUJBZ0lVTk1lYzl0ZlJEU3FPQlJGaTFkWDd2RCsyVG9z" - + "d0RRWUpLb1pJaHZjTkFRRUwKQlFBd1lURWpNQ0VHQ2dtU0pvbVQ4aXhrQVFFTUUyTXRNR3BpWm5F" - + "NGNXRXhabTh3ZDJ0dGJua3hGVEFUQmdOVgpCQU1NREUxaGJtRm5aVzFsYm5SRFFURWpNQ0VHQTFV" - + "RUNnd2FSVXBDUTBFZ1EyOXVkR0ZwYm1WeUlGRjFhV05yCmMzUmhjblF3SGhjTk1qRXdOakk1TURZ" - + "ME9UQTFXaGNOTXpFd05qSTVNRFkwT1RBMFdqQmhNU013SVFZS0NaSW0KaVpQeUxHUUJBUXdUWXkw" - + "d2FtSm1jVGh4WVRGbWJ6QjNhMjF1ZVRFVk1CTUdBMVVFQXd3TVRXRnVZV2RsYldWdQpkRU5CTVNN" - + "d0lRWURWUVFLREJwRlNrSkRRU0JEYjI1MFlXbHVaWElnVVhWcFkydHpkR0Z5ZERDQ0FhSXdEUVlK" - + "CktvWklodmNOQVFFQkJRQURnZ0dQQURDQ0FZb0NnZ0dCQUtvRjduSzQzUDBaRi9tWUVCbU5GWENw" - + "MmZma2srcFoKS1hCdFRFY1UwZVZmQU5WMzRFNHZEcnFSc0k0U3RFdmt5NGxiWW1PUEx5SnVabnRk" - + "c1dyUC9rbi9kUENHWEEzQQovUE44WmNrUENBQVlwa0JuOFNsMVdxaW1UeTA3TStPM0UxOER0TnBO" - + "Sy9RNWVkWW0rRnFXU3BVWHY5NEMzbjZVCmVXKytWaWNlWWc0ZUFDMVBka01LZGV3VEdnWGYzK1lI" - + "Q1dySW9JeWozcDNCOUp4RDdXVVUzTEZ3UkdHWnljVU0KYnRla2FUZXhodDZ1N2JMeld0Ylg1ZHhw" - + "bTBuR1dZa05KVm1mN0pJOHErMGpZdUNDcXdjYXpTNHIyeko5K1BqVwoyclZ0TkdUdVE0RmQyMm1r" - + "c1RMK0FRbktJaW9jNEJadVcwTkM0emNPZ2Ztc2dRdnBsR2s1ZGlmY0RZeHU5c3hkClFGampMKzJ1" - + "UURaK0RMTWlkYXNHRGxEb3FSQXBnV0lnajFxZllOMVNNbXJFZkdKWjFud05WcTlmemswV2VHNEgK" - + "WmVBYjlnU3BxSk9LNlp6d0F0TTV5NlFxOXo4RC84U2hjS2JiN01waExiSnVGVFRyL1lWaE1QRVZE" - + "SHA5RGZMbApYbzhGbkJCRVplUE9FYmdPZk5XbzlhTkg4RlczcHc1Znd3SURBUUFCbzJNd1lUQVBC" - + "Z05WSFJNQkFmOEVCVEFECkFRSC9NQjhHQTFVZEl3UVlNQmFBRkgweldwU2RBelFLa2RUUGZnWG14" - + "VlJSd2dPMk1CMEdBMVVkRGdRV0JCUjkKTTFxVW5RTTBDcEhVejM0RjVzVlVVY0lEdGpBT0JnTlZI" - + "UThCQWY4RUJBTUNBWVl3RFFZSktvWklodmNOQVFFTApCUUFEZ2dHQkFLZUFSdHBweExodThZbms5" - + "RHJFWUFmZHVwb0pESWU0K0RHYlVyQ212LzlIcVozRWxSaHpYWWdqClJCSlgzSjR1eHdNcEZQZFdO" - + "Qk9nMWdzV2FQYkdYSGg4K1U0Y29HLzVjVm5abmYzRG1PelliVW5pYXU4eTFnclAKaWNyNTZLdDcr" - + "Q2tRMFIrWWxUdXBGM3M5WjlIZW5UaHA3YmQ5N3hZNXBFK2l3cG1hNjNmcHJhSFVBb01qQXZEYQpU" - + "S3ZRUDRZS3pJY1ZuamtEdzlqUUxyNGNxYTdaeU1EUVlNTTd5YUJZNkx0bDYxbU9xQ2l4Q2JMWStL" - + "MmlMV0lNCnRoT2grV3R0cXZRejFPc2x4VkV1cWZtak4zMHBhUy9xSWY4MjhLZHp4UEN6S0RnTVVP" - + "ZjdvTEZUa0JCcGVoWVkKYVd5SUFNd2hEa1grRXYzRXg4ZnRzRmJSUUdWOWMvcDJPUXd2TEdTOXdB" - + "cVUyM1pEckhaTTFla0J5RE5FZUVpUgpTSGRWOEtNSTJuQ0J0NlhUeFhTejkwME5EV0l4aXJET0Rp" - + "WmU5SGJJUm5hWlIzMEEyVCtTeElxYUpsNXZVQzYyCnlLbjNicnFUM1UyMlNlbmVpZ2w3bW81bWhL" - + "bE8wdHErc2lJK1Y0T3lORkhadnJHQUNaUTNxYUFUZlozYlN3RVcKYkg1QjRlbHRodz09Ci0tLS0t" - + "RU5EIENFUlRJRklDQVRFLS0tLS0K"; - - private static final String SUBJECT = "CN=onap.org,OU=Linux-Foundation,O=ONAP,L=San-Francisco,ST=California,C=US"; - private static final GeneralName GENERAL_NAME = new GeneralName(GeneralName.dNSName, "test.onap.org"); - - private final X509CertificateModelFactory factory = - new X509CertificateModelFactory(new PemStringToCertificateConverter(), new X509CertificateParser()); - - @Test - void shouldCorrectlyParseX509CertificateFromCertificate() - throws CertificateDecryptionException { - //given - StringBase64 base64EncodedCertificate = new StringBase64(ENCODED_CERTIFICATE_STRING); - //when - final X509CertificateModel certificateModel = factory.createCertificateModel(base64EncodedCertificate); - //then - assertThat(certificateModel.getCertificate()).isNotNull(); - assertThat(certificateModel.getSubjectData()).isEqualTo(new X500Name(SUBJECT)); - assertThat(certificateModel.getSans()).containsExactly(GENERAL_NAME); - } - - @Test - void shouldCorrectlyParseX509CertificateFromCertificateChain() - throws CertificateDecryptionException { - //given - StringBase64 base64EncodedCertificate = new StringBase64(ENCODED_CERTIFICATE_CHAIN_STRING); - //when - final X509CertificateModel certificateModel = factory.createCertificateModel(base64EncodedCertificate); - //then - assertThat(certificateModel.getCertificate()).isNotNull(); - assertThat(certificateModel.getSubjectData()).isEqualTo(new X500Name(SUBJECT)); - assertThat(certificateModel.getSans()).containsExactly(GENERAL_NAME); - } - - @Test - void shouldThrowExceptionWhenCertificateChainHasNoCertificates() { - //given - StringBase64 base64EncodedCertificate = new StringBase64(""); - //when, then - assertThatThrownBy(() -> factory.createCertificateModel(base64EncodedCertificate)) - .isInstanceOf(CertificateDecryptionException.class); - } -} diff --git a/certService/src/test/java/org/onap/oom/certservice/certification/conversion/CsrModelFactoryTest.java b/certService/src/test/java/org/onap/oom/certservice/certification/conversion/CsrModelFactoryTest.java new file mode 100644 index 00000000..26624867 --- /dev/null +++ b/certService/src/test/java/org/onap/oom/certservice/certification/conversion/CsrModelFactoryTest.java @@ -0,0 +1,142 @@ +/* + * ============LICENSE_START======================================================= + * Cert Service + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.certification.conversion; + +import static org.junit.jupiter.api.Assertions.assertThrows; +import static org.junit.jupiter.api.Assertions.assertTrue; +import static org.onap.oom.certservice.certification.TestData.TEST_CSR; +import static org.onap.oom.certservice.certification.TestData.TEST_PK; +import static org.onap.oom.certservice.certification.TestData.TEST_WRONG_CSR; +import static org.onap.oom.certservice.certification.TestData.TEST_WRONG_PEM; + +import org.bouncycastle.util.encoders.Base64; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.onap.oom.certservice.certification.TestData; +import org.onap.oom.certservice.certification.exception.CsrDecryptionException; +import org.onap.oom.certservice.certification.exception.DecryptionException; +import org.onap.oom.certservice.certification.exception.KeyDecryptionException; +import org.onap.oom.certservice.certification.model.CsrModel; + + +class CsrModelFactoryTest { + + private CsrModelFactory csrModelFactory; + + @BeforeEach + void setUp() { + csrModelFactory = new CsrModelFactory(); + } + + @Test + void shouldDecryptCsrAndReturnStringWithDataAboutIt() throws DecryptionException { + // given + String encoderCsr = new String(Base64.encode(TEST_CSR.getBytes())); + String encoderPK = new String(Base64.encode(TEST_PK.getBytes())); + + // when + CsrModel decryptedCsr = csrModelFactory + .createCsrModel(new StringBase64(encoderCsr), new StringBase64(encoderPK)); + + assertTrue(decryptedCsr.toString() + .contains(TestData.EXPECTED_CERT_SUBJECT)); + System.out.println(decryptedCsr.toString()); + assertTrue(decryptedCsr.toString() + .contains(TestData.EXPECTED_CERT_SANS)); + } + + @Test + void shouldThrowCsrDecryptionExceptionWhenCsrIsIncorrect() { + // given + String encoderPK = new String(Base64.encode(TEST_PK.getBytes())); + String wrongCsr = new String(Base64.encode(TEST_WRONG_CSR.getBytes())); + + // when + Exception exception = assertThrows( + CsrDecryptionException.class, () -> csrModelFactory + .createCsrModel(new StringBase64(wrongCsr), new StringBase64(encoderPK)) + ); + + String expectedMessage = "Incorrect CSR, decryption failed"; + String actualMessage = exception.getMessage(); + + // then + assertTrue(actualMessage.contains(expectedMessage)); + } + + @Test + void shouldThrowKeyDecryptionExceptionWhenKeyIsIncorrect() { + // given + String encoderPK = new String(Base64.encode(TEST_WRONG_PEM.getBytes())); + String wrongCsr = new String(Base64.encode(TEST_CSR.getBytes())); + + // when + Exception exception = assertThrows( + KeyDecryptionException.class, () -> csrModelFactory + .createCsrModel(new StringBase64(wrongCsr), new StringBase64(encoderPK)) + ); + + String expectedMessage = "Incorrect Key, decryption failed"; + String actualMessage = exception.getMessage(); + + // then + assertTrue(actualMessage.contains(expectedMessage)); + } + + + @Test + void shouldThrowCsrDecryptionExceptionWhenCsrIsNotInBase64Encoding() { + // given + String encoderPK = new String(Base64.encode(TEST_PK.getBytes())); + String wrongCsr = "Not Base 64 Csr"; + + // when + Exception exception = assertThrows( + CsrDecryptionException.class, () -> csrModelFactory + .createCsrModel(new StringBase64(wrongCsr), new StringBase64(encoderPK)) + ); + + String expectedMessage = "Incorrect CSR, decryption failed"; + String actualMessage = exception.getMessage(); + + // then + assertTrue(actualMessage.contains(expectedMessage)); + } + + @Test + void shouldThrowKeyDecryptionExceptionWhenPkIsNotInBase64Encoding() { + // given + String encoderPK = "Not Base64 Key"; + String wrongCsr = new String(Base64.encode(TEST_CSR.getBytes())); + + // when + Exception exception = assertThrows( + KeyDecryptionException.class, () -> csrModelFactory + .createCsrModel(new StringBase64(wrongCsr), new StringBase64(encoderPK)) + ); + + String expectedMessage = "Incorrect Key, decryption failed"; + String actualMessage = exception.getMessage(); + + // then + assertTrue(actualMessage.contains(expectedMessage)); + } +} diff --git a/certService/src/test/java/org/onap/oom/certservice/certification/conversion/OldCertificateModelFactoryTest.java b/certService/src/test/java/org/onap/oom/certservice/certification/conversion/OldCertificateModelFactoryTest.java new file mode 100644 index 00000000..4adf0355 --- /dev/null +++ b/certService/src/test/java/org/onap/oom/certservice/certification/conversion/OldCertificateModelFactoryTest.java @@ -0,0 +1,202 @@ +/* + * ============LICENSE_START======================================================= + * Cert Service + * ================================================================================ + * Copyright (C) 2021 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.certification.conversion; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.assertj.core.api.Assertions.assertThatThrownBy; + +import org.bouncycastle.asn1.x500.X500Name; +import org.bouncycastle.asn1.x509.GeneralName; +import org.junit.jupiter.api.Test; +import org.onap.oom.certservice.certification.X509CertificateParser; +import org.onap.oom.certservice.certification.exception.CertificateDecryptionException; +import org.onap.oom.certservice.certification.model.OldCertificateModel; + +class OldCertificateModelFactoryTest { + + private static final String ENCODED_CERTIFICATE_STRING = + "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVpekNDQXZPZ0F3SUJBZ0lVR0VwMkdaNlk4" + + "bnpEQTlDS2w1blVSSTdDVU44d0RRWUpLb1pJaHZjTkFRRUwKQlFBd1lURWpNQ0VHQ2dtU0pvbVQ4" + + "aXhrQVFFTUUyTXRNR3BpWm5FNGNXRXhabTh3ZDJ0dGJua3hGVEFUQmdOVgpCQU1NREUxaGJtRm5a" + + "VzFsYm5SRFFURWpNQ0VHQTFVRUNnd2FSVXBDUTBFZ1EyOXVkR0ZwYm1WeUlGRjFhV05yCmMzUmhj" + + "blF3SGhjTk1qRXdOakk1TURZMU1ESTFXaGNOTWpNd05qSTVNRFkxTURJMFdqQjNNUkV3RHdZRFZR" + + "UUQKREFodmJtRndMbTl5WnpFWk1CY0dBMVVFQ3d3UVRHbHVkWGd0Um05MWJtUmhkR2x2YmpFTk1B" + + "c0dBMVVFQ2d3RQpUMDVCVURFV01CUUdBMVVFQnd3TlUyRnVMVVp5WVc1amFYTmpiekVUTUJFR0Ex" + + "VUVDQXdLUTJGc2FXWnZjbTVwCllURUxNQWtHQTFVRUJoTUNWVk13Z2dFaU1BMEdDU3FHU0liM0RR" + + "RUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRREIKenZieXJyRWlhb0JqOGttYTJRbUMrVkxtbXRXRld5" + + "QUpnU3JZQTRreHV5cmpRQ1c0SnlGR3ZtemJZb1VGRkxPRgpoZnExOFZqVHMwY2JUeXNYOGNGU2Zr" + + "VjJFS0dFUkJhWm5aUlFzbzZTSUpOR2EzeE1lNUZIalJFeTM0TnAwNElICmpTUTQyZUlCZ2NOaUlh" + + "ZGE0amdFbklRUVlRSlNQUXRIa2ZPTUM2TyszUnBUL2VIdHZvNXVyUjE2TUZZMUs2c28KbldZaXRJ" + + "NVRwRUtSb3phdjZ6cVUvb3RIZ241alJMcnlqMElaeTBpamxCZlNLVHhyRmZacjNLb01EdWRWRWZV" + + "TQp0c3FFUjNwb2MxZ0ZrcW1DUkszOEJQTmlZN3Y1S0FUUkIrZldOK1A3NW13NDNkcng5ckltcCtK" + + "dHBPVXNESzhyCklCZDhvNGFmTnZyL1dyeWdCQjhyQWdNQkFBR2pnYVF3Z2FFd0RBWURWUjBUQVFI" + + "L0JBSXdBREFmQmdOVkhTTUUKR0RBV2dCUjlNMXFVblFNMENwSFV6MzRGNXNWVVVjSUR0akFZQmdO" + + "VkhSRUVFVEFQZ2cxMFpYTjBMbTl1WVhBdQpiM0puTUNjR0ExVWRKUVFnTUI0R0NDc0dBUVVGQndN" + + "Q0JnZ3JCZ0VGQlFjREJBWUlLd1lCQlFVSEF3RXdIUVlEClZSME9CQllFRkFmcWNVNnhHaThqemps" + + "UnVLUUJ0cVJjWGkrdU1BNEdBMVVkRHdFQi93UUVBd0lGNERBTkJna3EKaGtpRzl3MEJBUXNGQUFP" + + "Q0FZRUFBZHc3N3E3c2hLdFM4bERHY0ovWThkRWpqTlNsUnRVMTRFTUM1OWttS2VmdApSaTdkMG9D" + + "UVh0ZFJDdXQzeW1pekxWcVFrbVg2U3JHc2hwV1VzTnpUZElUalE2SkIyS09haUlXSUY2ME5TbGVX" + + "CjB2TG0zNkVtWTFFcksrektlN3R2R1daaFROVnpCWHRucStBTWZKYzQxdTJ1ZWxreDBMTmN6c1g5" + + "YUNhakxIMXYKNHo0WHNVbm05cWlYcG5FbTYzMmVtdUp5ajZOdDBKV1Z1TlRKVFBSbnFWWmY2S0tS" + + "ODN2OEp1VjBFZWZXZDVXVgpjRnNwTDBIM01LSlY3dWY3aGZsbG5JY1J0elhhNXBjdEJDYm9GU2hW" + + "a1JOYUFNUHBKZjBEQkxReG03ZEFXajVBCmhHMXJ3bVRtek02TnB3R0hXL0kxU0ZNbXRRaUYwUEFD" + + "ejFVbjZuRFcvUmYxaUhFb0dmOFlCTFAzMzJMSlNEdWcKUktuMGNNM1FUY3lVRXpDWnhTd0tKMm5n" + + "QzllRzlDMmQzWWhCNlp4dGwrZ1VJYTNBd3dQYnFyN1lSOVFrRDJFbwpkNExxRUg5em55QmZpN2sy" + + "WUN3UDZydGZTaTZDbHliWGU4ZUJjdU1FUzRUQVFmRks2RlZmNTh0R1FJeDA2STBPCjM0bmVtWndr" + + "TG9PQnpaa2VwYVF2Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"; + + private static final String ENCODED_CERTIFICATE_CHAIN_STRING = + "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVpekNDQXZPZ0F3SUJBZ0lVR0VwMkdaNlk4" + + "bnpEQTlDS2w1blVSSTdDVU44d0RRWUpLb1pJaHZjTkFRRUwKQlFBd1lURWpNQ0VHQ2dtU0pvbVQ4" + + "aXhrQVFFTUUyTXRNR3BpWm5FNGNXRXhabTh3ZDJ0dGJua3hGVEFUQmdOVgpCQU1NREUxaGJtRm5a" + + "VzFsYm5SRFFURWpNQ0VHQTFVRUNnd2FSVXBDUTBFZ1EyOXVkR0ZwYm1WeUlGRjFhV05yCmMzUmhj" + + "blF3SGhjTk1qRXdOakk1TURZMU1ESTFXaGNOTWpNd05qSTVNRFkxTURJMFdqQjNNUkV3RHdZRFZR" + + "UUQKREFodmJtRndMbTl5WnpFWk1CY0dBMVVFQ3d3UVRHbHVkWGd0Um05MWJtUmhkR2x2YmpFTk1B" + + "c0dBMVVFQ2d3RQpUMDVCVURFV01CUUdBMVVFQnd3TlUyRnVMVVp5WVc1amFYTmpiekVUTUJFR0Ex" + + "VUVDQXdLUTJGc2FXWnZjbTVwCllURUxNQWtHQTFVRUJoTUNWVk13Z2dFaU1BMEdDU3FHU0liM0RR" + + "RUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRREIKenZieXJyRWlhb0JqOGttYTJRbUMrVkxtbXRXRld5" + + "QUpnU3JZQTRreHV5cmpRQ1c0SnlGR3ZtemJZb1VGRkxPRgpoZnExOFZqVHMwY2JUeXNYOGNGU2Zr" + + "VjJFS0dFUkJhWm5aUlFzbzZTSUpOR2EzeE1lNUZIalJFeTM0TnAwNElICmpTUTQyZUlCZ2NOaUlh" + + "ZGE0amdFbklRUVlRSlNQUXRIa2ZPTUM2TyszUnBUL2VIdHZvNXVyUjE2TUZZMUs2c28KbldZaXRJ" + + "NVRwRUtSb3phdjZ6cVUvb3RIZ241alJMcnlqMElaeTBpamxCZlNLVHhyRmZacjNLb01EdWRWRWZV" + + "TQp0c3FFUjNwb2MxZ0ZrcW1DUkszOEJQTmlZN3Y1S0FUUkIrZldOK1A3NW13NDNkcng5ckltcCtK" + + "dHBPVXNESzhyCklCZDhvNGFmTnZyL1dyeWdCQjhyQWdNQkFBR2pnYVF3Z2FFd0RBWURWUjBUQVFI" + + "L0JBSXdBREFmQmdOVkhTTUUKR0RBV2dCUjlNMXFVblFNMENwSFV6MzRGNXNWVVVjSUR0akFZQmdO" + + "VkhSRUVFVEFQZ2cxMFpYTjBMbTl1WVhBdQpiM0puTUNjR0ExVWRKUVFnTUI0R0NDc0dBUVVGQndN" + + "Q0JnZ3JCZ0VGQlFjREJBWUlLd1lCQlFVSEF3RXdIUVlEClZSME9CQllFRkFmcWNVNnhHaThqemps" + + "UnVLUUJ0cVJjWGkrdU1BNEdBMVVkRHdFQi93UUVBd0lGNERBTkJna3EKaGtpRzl3MEJBUXNGQUFP" + + "Q0FZRUFBZHc3N3E3c2hLdFM4bERHY0ovWThkRWpqTlNsUnRVMTRFTUM1OWttS2VmdApSaTdkMG9D" + + "UVh0ZFJDdXQzeW1pekxWcVFrbVg2U3JHc2hwV1VzTnpUZElUalE2SkIyS09haUlXSUY2ME5TbGVX" + + "CjB2TG0zNkVtWTFFcksrektlN3R2R1daaFROVnpCWHRucStBTWZKYzQxdTJ1ZWxreDBMTmN6c1g5" + + "YUNhakxIMXYKNHo0WHNVbm05cWlYcG5FbTYzMmVtdUp5ajZOdDBKV1Z1TlRKVFBSbnFWWmY2S0tS" + + "ODN2OEp1VjBFZWZXZDVXVgpjRnNwTDBIM01LSlY3dWY3aGZsbG5JY1J0elhhNXBjdEJDYm9GU2hW" + + "a1JOYUFNUHBKZjBEQkxReG03ZEFXajVBCmhHMXJ3bVRtek02TnB3R0hXL0kxU0ZNbXRRaUYwUEFD" + + "ejFVbjZuRFcvUmYxaUhFb0dmOFlCTFAzMzJMSlNEdWcKUktuMGNNM1FUY3lVRXpDWnhTd0tKMm5n" + + "QzllRzlDMmQzWWhCNlp4dGwrZ1VJYTNBd3dQYnFyN1lSOVFrRDJFbwpkNExxRUg5em55QmZpN2sy" + + "WUN3UDZydGZTaTZDbHliWGU4ZUJjdU1FUzRUQVFmRks2RlZmNTh0R1FJeDA2STBPCjM0bmVtWndr" + + "TG9PQnpaa2VwYVF2Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KLS0tLS1CRUdJTiBDRVJUSUZJ" + + "Q0FURS0tLS0tCk1JSUVzekNDQXh1Z0F3SUJBZ0lVTk1lYzl0ZlJEU3FPQlJGaTFkWDd2RCsyVG9z" + + "d0RRWUpLb1pJaHZjTkFRRUwKQlFBd1lURWpNQ0VHQ2dtU0pvbVQ4aXhrQVFFTUUyTXRNR3BpWm5F" + + "NGNXRXhabTh3ZDJ0dGJua3hGVEFUQmdOVgpCQU1NREUxaGJtRm5aVzFsYm5SRFFURWpNQ0VHQTFV" + + "RUNnd2FSVXBDUTBFZ1EyOXVkR0ZwYm1WeUlGRjFhV05yCmMzUmhjblF3SGhjTk1qRXdOakk1TURZ" + + "ME9UQTFXaGNOTXpFd05qSTVNRFkwT1RBMFdqQmhNU013SVFZS0NaSW0KaVpQeUxHUUJBUXdUWXkw" + + "d2FtSm1jVGh4WVRGbWJ6QjNhMjF1ZVRFVk1CTUdBMVVFQXd3TVRXRnVZV2RsYldWdQpkRU5CTVNN" + + "d0lRWURWUVFLREJwRlNrSkRRU0JEYjI1MFlXbHVaWElnVVhWcFkydHpkR0Z5ZERDQ0FhSXdEUVlK" + + "CktvWklodmNOQVFFQkJRQURnZ0dQQURDQ0FZb0NnZ0dCQUtvRjduSzQzUDBaRi9tWUVCbU5GWENw" + + "MmZma2srcFoKS1hCdFRFY1UwZVZmQU5WMzRFNHZEcnFSc0k0U3RFdmt5NGxiWW1PUEx5SnVabnRk" + + "c1dyUC9rbi9kUENHWEEzQQovUE44WmNrUENBQVlwa0JuOFNsMVdxaW1UeTA3TStPM0UxOER0TnBO" + + "Sy9RNWVkWW0rRnFXU3BVWHY5NEMzbjZVCmVXKytWaWNlWWc0ZUFDMVBka01LZGV3VEdnWGYzK1lI" + + "Q1dySW9JeWozcDNCOUp4RDdXVVUzTEZ3UkdHWnljVU0KYnRla2FUZXhodDZ1N2JMeld0Ylg1ZHhw" + + "bTBuR1dZa05KVm1mN0pJOHErMGpZdUNDcXdjYXpTNHIyeko5K1BqVwoyclZ0TkdUdVE0RmQyMm1r" + + "c1RMK0FRbktJaW9jNEJadVcwTkM0emNPZ2Ztc2dRdnBsR2s1ZGlmY0RZeHU5c3hkClFGampMKzJ1" + + "UURaK0RMTWlkYXNHRGxEb3FSQXBnV0lnajFxZllOMVNNbXJFZkdKWjFud05WcTlmemswV2VHNEgK" + + "WmVBYjlnU3BxSk9LNlp6d0F0TTV5NlFxOXo4RC84U2hjS2JiN01waExiSnVGVFRyL1lWaE1QRVZE" + + "SHA5RGZMbApYbzhGbkJCRVplUE9FYmdPZk5XbzlhTkg4RlczcHc1Znd3SURBUUFCbzJNd1lUQVBC" + + "Z05WSFJNQkFmOEVCVEFECkFRSC9NQjhHQTFVZEl3UVlNQmFBRkgweldwU2RBelFLa2RUUGZnWG14" + + "VlJSd2dPMk1CMEdBMVVkRGdRV0JCUjkKTTFxVW5RTTBDcEhVejM0RjVzVlVVY0lEdGpBT0JnTlZI" + + "UThCQWY4RUJBTUNBWVl3RFFZSktvWklodmNOQVFFTApCUUFEZ2dHQkFLZUFSdHBweExodThZbms5" + + "RHJFWUFmZHVwb0pESWU0K0RHYlVyQ212LzlIcVozRWxSaHpYWWdqClJCSlgzSjR1eHdNcEZQZFdO" + + "Qk9nMWdzV2FQYkdYSGg4K1U0Y29HLzVjVm5abmYzRG1PelliVW5pYXU4eTFnclAKaWNyNTZLdDcr" + + "Q2tRMFIrWWxUdXBGM3M5WjlIZW5UaHA3YmQ5N3hZNXBFK2l3cG1hNjNmcHJhSFVBb01qQXZEYQpU" + + "S3ZRUDRZS3pJY1ZuamtEdzlqUUxyNGNxYTdaeU1EUVlNTTd5YUJZNkx0bDYxbU9xQ2l4Q2JMWStL" + + "MmlMV0lNCnRoT2grV3R0cXZRejFPc2x4VkV1cWZtak4zMHBhUy9xSWY4MjhLZHp4UEN6S0RnTVVP" + + "ZjdvTEZUa0JCcGVoWVkKYVd5SUFNd2hEa1grRXYzRXg4ZnRzRmJSUUdWOWMvcDJPUXd2TEdTOXdB" + + "cVUyM1pEckhaTTFla0J5RE5FZUVpUgpTSGRWOEtNSTJuQ0J0NlhUeFhTejkwME5EV0l4aXJET0Rp" + + "WmU5SGJJUm5hWlIzMEEyVCtTeElxYUpsNXZVQzYyCnlLbjNicnFUM1UyMlNlbmVpZ2w3bW81bWhL" + + "bE8wdHErc2lJK1Y0T3lORkhadnJHQUNaUTNxYUFUZlozYlN3RVcKYkg1QjRlbHRodz09Ci0tLS0t" + + "RU5EIENFUlRJRklDQVRFLS0tLS0K"; + + private static final String ENCODED_PRIVATE_KEY = + "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQk" + + "tnd2dnU2tBZ0VBQW9JQkFRRFNOS0pCUU5XRmF0ajUKUmRhTmQyMGdnTnBOVUVaYzgxU1Y1d0hLeH" + + "EwUy9rT0llTG8rekI5c3lkUUJLWm9JRXJPL3JIekwzb0VCNW5YNQp4NVBkeTViYUdYTzRQZDVCUS" + + "trSXRHckFnNzVrRldmT3VHNU9GWUxpWldMUEcra3FBRXJKNTdzQlB5TzNKNjVxCkEzN0gxNnBiZV" + + "hRL2VzR2RNaVZsenM4dE9UOEtaT1lDQUpGQXg1ZEk4OEowaEt4ZThONFdrZEJLSStXVndKMUsKR0" + + "5pZmgwc2Jjam9rOG1Gbll4Nzcwd3BuZU5nbkZUbU9MWXFIUTRuSklUODdza1BYSUt1RHNMRUJDL0" + + "1kVGQ0QwpPTTZJekZYZmQxNzNDc1p5UnR3V0F2ZXNDcWJGYkVhcDBiWHlCRFN1R0w3NlhGdzRTdj" + + "ZiZkoyano2SjIyRU9SCmVPOGpVdWhKQWdNQkFBRUNnZ0VBUWJyZHBjUHRRSnZwbndEY2x6M3A3TW" + + "o5K2tFSXo1WHpORENaR2R4SVVIRWIKa3ZnVlhQK2RML3BvaGJpSmhzNjZVRXhTZGJsczQ3ZzUyZE" + + "l6aFo1YzNIUXJBRWl3VC80NVIxU0xNUW5CSmpDZgpWai9MbGpVWnlVdGt1MWlCNzNWSjdacTltaV" + + "V4T050NnFZSFFTaE5CSFB0OGcwRVNlK0lyV1l0eXN6UjhadllXCjlqWm9xb0pOTW5ySVkyNmdtdF" + + "RCRURpTmVmaEhBMGVoVHkwYzNBQ1lDTUY3aWlNenplMWhkUjZvTDhuTEZscmQKVGJZRGdCUzBueE" + + "pvRVpxQnZBZWViZFVBaXc1UCtqZ1NXcXhnUkhpWGk2Rk0xWXVnMGF5Mm9GNEl1alV0ek5kNwplbn" + + "NqeTVTTGFGcVp5dy81bkdlWDJMTXYvbFovQUtWYlZ6NnNBa3RVdFFLQmdRRHBBT3BBUVorNWRheG" + + "xyQk5oClFoYy9ndnRPekJpRTA0YU5EdDVLMllEVU80dHdFRmYxTVdXSkNrV3Z1czNOSUphdkJ1K2" + + "5GYzdEREphUEFxbk4KZnQrUGw3NTJ4UUlJRk1GdUt5QTdKL1hSZzFjVUIzNEFrZWtZeTZvRlYwa2" + + "FlWmZvYXBRbGdDWnFWVkd5L2FCdAprSHBndDJnckpZZG82OE11bFQ0ZWplbGE4d0tCZ1FEbTg3UW" + + "E4YzFYRTNuTGFQcGJIeTU5N0N5S0ZKTzBRdC9tCm1RT1FNaEJCOTJGU0JpRE05ZHFkbUU2d3JVU2" + + "NFYVo3aDlaZ1kwQUdxVVFobzE3d3oyL1BxaGhaUFRiOU0rVTgKWUVaWTdnWnNoYkJ1MDgvTkJLTD" + + "NGTitGd216VG8xN1d1SlNyQWFWV3dra1RMOWVSbkI2cUFTeHBMaDFKQ0J4cQpQSE9Kd1FmRzB3S0" + + "JnUUNSTHlUSGpSeDliemxRMFB2eWFrQWFMdjl3aGZQeEwreHpFSVNxbHdTVE9kY1VxTnBsCnliVy" + + "t3a3ZSeDlCY3RLV3Z3ZDZxZWdndnVUUkhRQjJXRWl3elNSWkE0MWowdUJvZkQzZ3g1Q0Jqd0RjT0" + + "grei8KWmV1Y3E2cnhVUVlZSFJQdW1ocGRrNUJjU1hWeTFsNlVacVlhaGEyKzFNK2ZMT2lkcWhqZT" + + "ZRWXl5UUtCZ1FDbwpTclhYWEpRUSs3UW9zVnFkdzk4UkMyUjVTZjFId2VOK0djb3E3UkJEd1l3OV" + + "JSSHB5TTJCUVZjMkQweUxuYUQvCkswRGdBL0xINTlncDJ1NTM4L0M2Rm15ZnVxZXpZbm1Nd1dzQn" + + "FwRXJ5MCtCc3Y4ZG1sOVdSUE9NZU56c2E0UFUKVzdTWjJCMHZWMndBZTBCT2JzRTVpSmxnRzZaam" + + "JYR25TRjI0NTl4TzJRS0JnRER1cXJBcThQMXpXU28wcWZ0QgpkTS9Xc3p6U3VZRHdjemhvajNKek" + + "5VK3lvQ3g4ejNzY0NML240eXFUT1RiWVhLTXFHbUVrSW01eXJ1SWlJeHBRCmNJM1pDUlVZbHZDY0" + + "FaeCtiVU1QSXNkek1TeGJMaHNqSU5Oc3F4dDJlMlQvd2dJWXpWenVERExpZ1drN1lDZkEKNDJ4YX" + + "VldHQ0M21qM25wYUFvcURIVG92Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K"; + + + private static final String SUBJECT = "CN=onap.org,OU=Linux-Foundation,O=ONAP,L=San-Francisco,ST=California,C=US"; + private static final GeneralName GENERAL_NAME = new GeneralName(GeneralName.dNSName, "test.onap.org"); + + private final OldCertificateModelFactory factory = + new OldCertificateModelFactory(new PemStringToCertificateConverter(), new X509CertificateParser()); + + @Test + void shouldCorrectlyParseX509CertificateFromCertificate() + throws CertificateDecryptionException { + //given + StringBase64 base64EncodedCertificate = new StringBase64(ENCODED_CERTIFICATE_STRING); + //when + final OldCertificateModel certificateModel = factory.createCertificateModel(base64EncodedCertificate, ENCODED_PRIVATE_KEY); + //then + assertThat(certificateModel.getOldCertificate()).isNotNull(); + assertThat(certificateModel.getSubjectData()).isEqualTo(new X500Name(SUBJECT)); + assertThat(certificateModel.getSans()).containsExactly(GENERAL_NAME); + assertThat(certificateModel.getOldPrivateKey()).isNotNull(); + } + + @Test + void shouldCorrectlyParseX509CertificateFromCertificateChain() + throws CertificateDecryptionException { + //given + StringBase64 base64EncodedCertificate = new StringBase64(ENCODED_CERTIFICATE_CHAIN_STRING); + //when + final OldCertificateModel certificateModel = factory.createCertificateModel(base64EncodedCertificate, ENCODED_PRIVATE_KEY); + //then + assertThat(certificateModel.getOldCertificate()).isNotNull(); + assertThat(certificateModel.getSubjectData()).isEqualTo(new X500Name(SUBJECT)); + assertThat(certificateModel.getSans()).containsExactly(GENERAL_NAME); + assertThat(certificateModel.getOldPrivateKey()).isNotNull(); + } + + @Test + void shouldThrowExceptionWhenCertificateChainHasNoCertificates() { + //given + StringBase64 base64EncodedCertificate = new StringBase64(""); + //when, then + assertThatThrownBy(() -> factory.createCertificateModel(base64EncodedCertificate, ENCODED_PRIVATE_KEY)) + .isInstanceOf(CertificateDecryptionException.class); + } +} diff --git a/certService/src/test/java/org/onap/oom/certservice/certification/conversion/PemObjectFactoryTest.java b/certService/src/test/java/org/onap/oom/certservice/certification/conversion/PemObjectFactoryTest.java new file mode 100644 index 00000000..2df9490e --- /dev/null +++ b/certService/src/test/java/org/onap/oom/certservice/certification/conversion/PemObjectFactoryTest.java @@ -0,0 +1,76 @@ +/* + * ============LICENSE_START======================================================= + * PROJECT + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.certification.conversion; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertThrows; +import static org.junit.jupiter.api.Assertions.assertTrue; +import static org.onap.oom.certservice.certification.TestData.TEST_PEM; +import static org.onap.oom.certservice.certification.TestData.TEST_WRONG_PEM; +import static org.onap.oom.certservice.certification.TestUtils.pemObjectToString; + +import org.bouncycastle.util.io.pem.PemObject; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.onap.oom.certservice.certification.exception.DecryptionException; + + +class PemObjectFactoryTest { + + + private PemObjectFactory pemObjectFactory; + + @BeforeEach + void setUp() { + pemObjectFactory = new PemObjectFactory(); + } + + @Test + void shouldTransformStringInToPemObjectAndBackToString() throws DecryptionException { + // when + PemObject pemObject = pemObjectFactory.createPemObject(TEST_PEM).orElseThrow( + () -> new DecryptionException("Pem decryption failed") + ); + String parsedPemObject = pemObjectToString(pemObject); + + // then + assertEquals(TEST_PEM, parsedPemObject); + } + + @Test + void shouldThrowExceptionWhenParsingPemFailed() { + // given + String expectedMessage = "Unable to create PEM"; + + // when + Exception exception = assertThrows( + DecryptionException.class, () -> pemObjectFactory.createPemObject(TEST_WRONG_PEM).orElseThrow( + () -> new DecryptionException(expectedMessage) + ) + ); + + String actualMessage = exception.getMessage(); + + // then + assertTrue(actualMessage.contains(expectedMessage)); + } + +} diff --git a/certService/src/test/java/org/onap/oom/certservice/certification/conversion/PemStringToCertificateConverterTest.java b/certService/src/test/java/org/onap/oom/certservice/certification/conversion/PemStringToCertificateConverterTest.java new file mode 100644 index 00000000..708d59ab --- /dev/null +++ b/certService/src/test/java/org/onap/oom/certservice/certification/conversion/PemStringToCertificateConverterTest.java @@ -0,0 +1,90 @@ +/* + * ============LICENSE_START======================================================= + * Cert Service + * ================================================================================ + * Copyright (C) 2021 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.certification.conversion; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.assertj.core.api.Assertions.assertThatThrownBy; + +import java.io.Serializable; +import java.security.cert.CertificateParsingException; +import java.security.cert.X509Certificate; +import java.util.List; +import org.bouncycastle.asn1.x509.GeneralName; +import org.junit.jupiter.api.Test; +import org.onap.oom.certservice.certification.exception.StringToCertificateConversionException; + +class PemStringToCertificateConverterTest { + + private static final String CERTIFICATE_PEM_STRING = + "-----BEGIN CERTIFICATE-----\n" + + "MIIEizCCAvOgAwIBAgIUGEp2GZ6Y8nzDA9CKl5nURI7CUN8wDQYJKoZIhvcNAQEL\n" + + "BQAwYTEjMCEGCgmSJomT8ixkAQEME2MtMGpiZnE4cWExZm8wd2ttbnkxFTATBgNV\n" + + "BAMMDE1hbmFnZW1lbnRDQTEjMCEGA1UECgwaRUpCQ0EgQ29udGFpbmVyIFF1aWNr\n" + + "c3RhcnQwHhcNMjEwNjI5MDY1MDI1WhcNMjMwNjI5MDY1MDI0WjB3MREwDwYDVQQD\n" + + "DAhvbmFwLm9yZzEZMBcGA1UECwwQTGludXgtRm91bmRhdGlvbjENMAsGA1UECgwE\n" + + "T05BUDEWMBQGA1UEBwwNU2FuLUZyYW5jaXNjbzETMBEGA1UECAwKQ2FsaWZvcm5p\n" + + "YTELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB\n" + + "zvbyrrEiaoBj8kma2QmC+VLmmtWFWyAJgSrYA4kxuyrjQCW4JyFGvmzbYoUFFLOF\n" + + "hfq18VjTs0cbTysX8cFSfkV2EKGERBaZnZRQso6SIJNGa3xMe5FHjREy34Np04IH\n" + + "jSQ42eIBgcNiIada4jgEnIQQYQJSPQtHkfOMC6O+3RpT/eHtvo5urR16MFY1K6so\n" + + "nWYitI5TpEKRozav6zqU/otHgn5jRLryj0IZy0ijlBfSKTxrFfZr3KoMDudVEfUM\n" + + "tsqER3poc1gFkqmCRK38BPNiY7v5KATRB+fWN+P75mw43drx9rImp+JtpOUsDK8r\n" + + "IBd8o4afNvr/WrygBB8rAgMBAAGjgaQwgaEwDAYDVR0TAQH/BAIwADAfBgNVHSME\n" + + "GDAWgBR9M1qUnQM0CpHUz34F5sVUUcIDtjAYBgNVHREEETAPgg10ZXN0Lm9uYXAu\n" + + "b3JnMCcGA1UdJQQgMB4GCCsGAQUFBwMCBggrBgEFBQcDBAYIKwYBBQUHAwEwHQYD\n" + + "VR0OBBYEFAfqcU6xGi8jzjlRuKQBtqRcXi+uMA4GA1UdDwEB/wQEAwIF4DANBgkq\n" + + "hkiG9w0BAQsFAAOCAYEAAdw77q7shKtS8lDGcJ/Y8dEjjNSlRtU14EMC59kmKeft\n" + + "Ri7d0oCQXtdRCut3ymizLVqQkmX6SrGshpWUsNzTdITjQ6JB2KOaiIWIF60NSleW\n" + + "0vLm36EmY1ErK+zKe7tvGWZhTNVzBXtnq+AMfJc41u2uelkx0LNczsX9aCajLH1v\n" + + "4z4XsUnm9qiXpnEm632emuJyj6Nt0JWVuNTJTPRnqVZf6KKR83v8JuV0EefWd5WV\n" + + "cFspL0H3MKJV7uf7hfllnIcRtzXa5pctBCboFShVkRNaAMPpJf0DBLQxm7dAWj5A\n" + + "hG1rwmTmzM6NpwGHW/I1SFMmtQiF0PACz1Un6nDW/Rf1iHEoGf8YBLP332LJSDug\n" + + "RKn0cM3QTcyUEzCZxSwKJ2ngC9eG9C2d3YhB6Zxtl+gUIa3AwwPbqr7YR9QkD2Eo\n" + + "d4LqEH9znyBfi7k2YCwP6rtfSi6ClybXe8eBcuMES4TAQfFK6FVf58tGQIx06I0O\n" + + "34nemZwkLoOBzZkepaQv\n" + + "-----END CERTIFICATE-----\n"; + + private static final List EXPECTED_SUBJECT_ALTERNATIVE_NAME = List + .of(GeneralName.dNSName, "test.onap.org"); + + private static final String EXPECTED_SUBJECT = "CN=onap.org,OU=Linux-Foundation,O=ONAP,L=San-Francisco,ST=California,C=US"; + + private final PemStringToCertificateConverter converter = new PemStringToCertificateConverter(); + + @Test + void shouldConvertStringToCertificate() throws CertificateParsingException, StringToCertificateConversionException { + //given, when + X509Certificate certificate = converter.convert(CERTIFICATE_PEM_STRING); + //then + assertThat(certificate).isNotNull(); + assertThat(certificate.getSubjectDN()) + .hasToString(EXPECTED_SUBJECT); + assertThat(certificate.getSubjectAlternativeNames()) + .containsExactly(EXPECTED_SUBJECT_ALTERNATIVE_NAME); + } + + @Test + void shouldThrowExceptionWhenCertificateStringInvalid() { + assertThatThrownBy(() -> converter.convert("")) + .isInstanceOf(StringToCertificateConversionException.class); + } + +} diff --git a/certService/src/test/java/org/onap/oom/certservice/certification/conversion/RsaContentSignerBuilderTest.java b/certService/src/test/java/org/onap/oom/certservice/certification/conversion/RsaContentSignerBuilderTest.java new file mode 100644 index 00000000..2694d514 --- /dev/null +++ b/certService/src/test/java/org/onap/oom/certservice/certification/conversion/RsaContentSignerBuilderTest.java @@ -0,0 +1,61 @@ +/* + * ============LICENSE_START======================================================= + * PROJECT + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.certification.conversion; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.onap.oom.certservice.certification.TestUtils.createCsrModel; + +import java.io.IOException; +import java.security.PrivateKey; +import org.bouncycastle.operator.ContentSigner; +import org.bouncycastle.operator.OperatorCreationException; +import org.bouncycastle.pkcs.PKCS10CertificationRequest; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.onap.oom.certservice.certification.exception.DecryptionException; +import org.onap.oom.certservice.certification.model.CsrModel; + +class RsaContentSignerBuilderTest { + + private RsaContentSignerBuilder rsaContentSignerBuilder; + + @BeforeEach + void setUp() { + rsaContentSignerBuilder = new RsaContentSignerBuilder(); + } + + @Test + void shouldBuildProperContentSignerWhenProvidedCertificationRequestAndPrivateKey() + throws IOException, OperatorCreationException, DecryptionException { + // Given + CsrModel testCsrModel = createCsrModel(); + PKCS10CertificationRequest testCertificationRequest = testCsrModel.getCsr(); + PrivateKey testPrivateKey = testCsrModel.getPrivateKey(); + + // When + ContentSigner createdContentSigner = rsaContentSignerBuilder.build(testCertificationRequest, testPrivateKey); + + // Then + assertThat(createdContentSigner.getAlgorithmIdentifier()) + .isEqualTo(testCertificationRequest.getSignatureAlgorithm()); + } + +} diff --git a/certService/src/test/java/org/onap/oom/certservice/certification/conversion/X509CertificateBuilderTest.java b/certService/src/test/java/org/onap/oom/certservice/certification/conversion/X509CertificateBuilderTest.java new file mode 100644 index 00000000..bf9d1cfb --- /dev/null +++ b/certService/src/test/java/org/onap/oom/certservice/certification/conversion/X509CertificateBuilderTest.java @@ -0,0 +1,68 @@ +/* + * ============LICENSE_START======================================================= + * PROJECT + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.certification.conversion; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.onap.oom.certservice.certification.TestUtils.createCsrModel; + +import java.io.IOException; +import java.security.PrivateKey; +import org.bouncycastle.cert.X509CertificateHolder; +import org.bouncycastle.cert.X509v3CertificateBuilder; +import org.bouncycastle.operator.ContentSigner; +import org.bouncycastle.operator.OperatorCreationException; +import org.bouncycastle.pkcs.PKCS10CertificationRequest; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.onap.oom.certservice.certification.exception.DecryptionException; +import org.onap.oom.certservice.certification.model.CsrModel; + +class X509CertificateBuilderTest { + + private X509CertificateBuilder certificateBuilder; + + + @BeforeEach + void setUp() { + certificateBuilder = new X509CertificateBuilder(); + } + + @Test + void shouldBuildCertificateBuilderWhenGivenProperCertificationRequest() + throws DecryptionException, IOException, OperatorCreationException { + // Given + CsrModel testCsrModel = createCsrModel(); + PKCS10CertificationRequest testCertificationRequest = testCsrModel.getCsr(); + PrivateKey testPrivateKey = testCsrModel.getPrivateKey(); + RsaContentSignerBuilder rsaContentSignerBuilder = new RsaContentSignerBuilder(); + ContentSigner createdContentSigner = rsaContentSignerBuilder.build(testCertificationRequest, testPrivateKey); + + // When + X509v3CertificateBuilder certificateBuilder = this.certificateBuilder.build(testCertificationRequest); + X509CertificateHolder certificateHolder = certificateBuilder.build(createdContentSigner); + + // Then + assertThat(certificateHolder.getIssuer()) + .isEqualToComparingFieldByField(testCsrModel.getSubjectData()); + assertThat(certificateHolder.getSubjectPublicKeyInfo()) + .isEqualToComparingFieldByField(testCertificationRequest.getSubjectPublicKeyInfo()); + } +} diff --git a/certService/src/test/java/org/onap/oom/certservice/certification/model/CsrModelTest.java b/certService/src/test/java/org/onap/oom/certservice/certification/model/CsrModelTest.java index 84c1cca0..72837e56 100644 --- a/certService/src/test/java/org/onap/oom/certservice/certification/model/CsrModelTest.java +++ b/certService/src/test/java/org/onap/oom/certservice/certification/model/CsrModelTest.java @@ -27,8 +27,8 @@ import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.pkcs.PKCS10CertificationRequest; import org.bouncycastle.util.io.pem.PemObject; import org.junit.jupiter.api.Test; -import org.onap.oom.certservice.certification.Pkcs10CertificationRequestFactory; -import org.onap.oom.certservice.certification.PemObjectFactory; +import org.onap.oom.certservice.certification.conversion.Pkcs10CertificationRequestFactory; +import org.onap.oom.certservice.certification.conversion.PemObjectFactory; import org.onap.oom.certservice.certification.TestData; import org.onap.oom.certservice.certification.exception.CsrDecryptionException; import org.onap.oom.certservice.certification.exception.DecryptionException; diff --git a/certService/src/test/java/org/onap/oom/certservice/cmpv2client/ClientTestData.java b/certService/src/test/java/org/onap/oom/certservice/cmpv2client/ClientTestData.java index 0d8b80bd..cfee3af6 100644 --- a/certService/src/test/java/org/onap/oom/certservice/cmpv2client/ClientTestData.java +++ b/certService/src/test/java/org/onap/oom/certservice/cmpv2client/ClientTestData.java @@ -20,49 +20,43 @@ package org.onap.oom.certservice.cmpv2client; -import org.onap.oom.certservice.certification.model.CertificateUpdateModel; -import org.onap.oom.certservice.certification.model.CertificateUpdateModel.CertificateUpdateModelBuilder; +import org.onap.oom.certservice.certification.conversion.PemStringToCertificateConverter; +import org.onap.oom.certservice.certification.conversion.StringBase64; +import org.onap.oom.certservice.certification.conversion.OldCertificateModelFactory; +import org.onap.oom.certservice.certification.X509CertificateParser; +import org.onap.oom.certservice.certification.exception.CertificateDecryptionException; +import org.onap.oom.certservice.certification.model.OldCertificateModel; public final class ClientTestData { static final String KUR_CORRECT_SERVER_RESPONSE_ENCODED = "MIIQ1DCCAV0CAQKkVTBTMRUwEwYKCZImiZPyLGQBAQwFMTIzNDUxFTATBgNVBAMMDE1hbmFnZW1lbnRDQTEjMCEGA1UECgwaRUpCQ0EgQ29udGFpbmVyIFF1aWNrc3RhcnSkeTB3MREwDwYDVQQDDAhvbmFwLm9yZzEZMBcGA1UECwwQTGludXgtRm91bmRhdGlvbjENMAsGA1UECgwET05BUDEWMBQGA1UEBwwNU2FuLUZyYW5jaXNjbzETMBEGA1UECAwKQ2FsaWZvcm5pYTELMAkGA1UEBhMCVVOgERgPMjAyMTA3MDExNTIzMTZaoQ8wDQYJKoZIhvcNAQELBQCiFgQU0pApkFDmdpd/O4a/byDxTEP2UvCkEgQQASuQH1HOfmX2elKP64XeAKUSBBDsl5fcNATjjIzirfNQHWSIphIEEPXCSC7+2HFXYzme2leNfiaoDjAMMAoGCCsGAQUFBwQNqIIJQzCCCT+hggSfMIIEmzCCBJcwggL/oAMCAQICFHMJ9tfA0fUCNTkaxkm9nsWn9radMA0GCSqGSIb3DQEBCwUAMFMxFTATBgoJkiaJk/IsZAEBDAUxMjM0NTEVMBMGA1UEAwwMTWFuYWdlbWVudENBMSMwIQYDVQQKDBpFSkJDQSBDb250YWluZXIgUXVpY2tzdGFydDAeFw0yMTA3MDExMzUyMDJaFw0zMTA3MDExMzUyMDFaMFMxFTATBgoJkiaJk/IsZAEBDAUxMjM0NTEVMBMGA1UEAwwMTWFuYWdlbWVudENBMSMwIQYDVQQKDBpFSkJDQSBDb250YWluZXIgUXVpY2tzdGFydDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKVNgchumOQ+9nQu4y+5Fux8TAy/d7ChqP/Rq4jy/63vqIIqYPUns2aF9FG2B+mQrj5T5xil2iw3a8F/6AGmJ6tYeIQO+Rctj+yJt63LsNNRe5AZN20mxUlNES269Dzrj/qzayFzaRUtbaJ06S4EtJe73zJAH2wQZRS7kmUFA+qKtDhwetLgXvLzhe6Jaum3sHblM4zYKo6FM+XEfXLlglzGVAO9fmRM0jQybQ3haZHdNMJJQfUPOiUN/+aaHuACyrskY/upbTXUbcmx2PoE/YpbQ6ie3fSVsBuRCAY2FpaiwB1dWD9156Jy4sgnwK756dXy2bzncsZNHANtRBRem+jFBiN2zCT3cGI1hCpFRRE6rG6cUchTY6idRFImy7bUZzinkgjsPCnT/tUE78oAO5W++ZQp1aZ/CSg8thW6bqBJ0pAOqP9ubZTOQY8xaynggnTvLZXFBZULMZ4kl2mReIuOlNQSNceaJ2PNoaSwd5BKzwggO2OMLun6Zrji8b70dwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFNKQKZBQ5naXfzuGv28g8UxD9lLwMB0GA1UdDgQWBBTSkCmQUOZ2l387hr9vIPFMQ/ZS8DAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggGBAH+nECgFKdaM/8DbvsBq9IoQrWKE79BPEo+jWlYNuYmVsBPnh/YiebT/OKH1VQUim523FnCjogVncDByvdusloQ6tTpI93Cp+DxKP06ew1oEsWgRVr2nyDGIA9PAHgkgcpHcKHTcYT1iDCHtFr/rYpo2nGFBVQKvCIxXxMKc55WyVjaHLZ3uWBXGxm6Pmd3DGhRtHlrY6VYOaRd6fg9+RQQnjcyMez4yOG5cigACFQaaWGO5kwvYhL7tQ47feudyzo9mWpQvJo+mZ70sRIXENzyZXvFb046taQmDXoDwE5U93kSl5UDlEELZMNjSvY0Agm8B50B63i++ohoaCMhX0fD/xANilAgjBYNcq06FicQ4ZLgR7u76m3HguGDRlNcJe5xiQNfDw6YJZtFiNZls4e7PqHjTa77z2k4pnoDpDv7tr25fTHDXUruQoY/oFKc+sOmtw4gXkTmAFUGsOOC53CbWhiqI1EPNRf20slKeo5HaOQ8dqRUAyw3YZjBeLcYqhjCCBJgwggSUAgQBSYZ8MAMCAQAwggSFoIIEgTCCBH0wggLloAMCAQICFEBWq68RGhg0HKqvV8GOPyxazGCvMA0GCSqGSIb3DQEBCwUAMFMxFTATBgoJkiaJk/IsZAEBDAUxMjM0NTEVMBMGA1UEAwwMTWFuYWdlbWVudENBMSMwIQYDVQQKDBpFSkJDQSBDb250YWluZXIgUXVpY2tzdGFydDAeFw0yMTA3MDExNTEzMTZaFw0yMzA3MDExNTEzMTVaMHcxETAPBgNVBAMMCG9uYXAub3JnMRkwFwYDVQQLDBBMaW51eC1Gb3VuZGF0aW9uMQ0wCwYDVQQKDARPTkFQMRYwFAYDVQQHDA1TYW4tRnJhbmNpc2NvMRMwEQYDVQQIDApDYWxpZm9ybmlhMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANPJAKAkydOi/N9me/p/fBKcuHIBxtkf0R377wgEKLfJFFb+e5P5wz0EKpQvYfPGnELmxWHex8K4zhHAjkdoLw0dX0ODSgBXvbGxrBcMa+Nj0ZBvbI0vD0jzR4nhCZrNd+KuJAos1KI/vOzJeQRDKbZlE5CK9ILOp3U0o8Ld+Giof69EWFqmR+bBOTifckenDNoONJ0oxBtHNu/ECcXRWdP4GHa2wX0rQv8JJ9IiHbnh3SLVOh1b6GR0FUQE0yPsWt5Gf6G+inoJnxsX8c2Dr/vtVRZfPmAG0bWe9H25XPgSbmkdeYoXT6HPDJg0CeImqKSGVAX/6PVKyLypLNX1gsMCAwEAAaOBpDCBoTAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFNKQKZBQ5naXfzuGv28g8UxD9lLwMBgGA1UdEQQRMA+CDXRlc3Qub25hcC5vcmcwJwYDVR0lBCAwHgYIKwYBBQUHAwIGCCsGAQUFBwMEBggrBgEFBQcDATAdBgNVHQ4EFgQUat5107sM5vSzDfuxcVnd+0ekdnYwDgYDVR0PAQH/BAQDAgXgMA0GCSqGSIb3DQEBCwUAA4IBgQA9uEXgby95mPuFc5gK1tdLVewHsFSYNfVeKfGCw7nRRbbIKRspBl4RlZEk/+kiLC+sW/kWnuu/RxYWq+pgWHMBStrKDnTOEDj2ZTJjORTOxsOCrj1uyLxOtGJlD6N3y601z10bW23ES+/hxF2/jOnjk6/7Sh8/gpyWxQ/6Ntx0mS0eLvQO42NeEpK3EsF6urpyv5yl7gzHoLzjpsnyLIUQifdx3RWQE4EdlHxiYXf9Z6JUxRat2SBdmMtzDov2ufK1ghcuE886vRbRhkzgFQFBireISs730lfgQViqiLcmXBbEyuw3DXHdrlF5iLEdAaAFDKzrmphbJYp5E4hQ7HxS/tlYBi1kH8J6iM2oIGkf0inzl9imddAJQ2jfZjjTgCN+AqS7JRPvz+p6pXo75zwrkcgRhBoY71ATxVXDo+nqjt9MU+dDndyzluEkqI/rxWtlvzjh2xgVNa7jKPts35WMzEkq0qjy69gC7FEb3jSMqKOch7EGgTiIgwj9s5HauUCgggGFA4IBgQAShyiPKdHfoNojfOGhb7MEZNcGx1iolD+ffICYz6MXoVWXIXQ0GQHKru3zmcjqwuTxO51rFNFM4FkUNuogdZsX5KK/vDy7pCeBnLY9Z3zEA4jtgNjJtoWiTzCfWAXpuMO4LXkQxeex8M1uXINugZCFDShJaUBtiYhfyuoE6UX6ta91P703eq5fcFvFT6+Wsop5x2Zc0ie20XiIlDLYvguqzAJ2sUZU5hLIgQ4PpOBxoaDsXtMljTCPE7Njjo0UotCQwmFLD1l3Em6nXXSLHKeCfihCdMy+m7HjVDktCKqbS1wZVTplFGaGFV9cRI1xAMDMq8UakG35GWK+Q7EZwHw/AsmHHc7GHlm+dQj7hfLcoRzm/VM8iYUmxK8rF6waNU+mVp/lNIS1OefaINSz5EPETurUpYh5f2CRJ19u1C6vrFZFfne7mpm+nV3b89YmJclVfNF1X5cAe2oV+03KyaVjKjNbHngWNtSWZ8Td2mM2BtzNgpdK5iawJ5UaJUFaMrGhggSfMIIEmzCCBJcwggL/oAMCAQICFHMJ9tfA0fUCNTkaxkm9nsWn9radMA0GCSqGSIb3DQEBCwUAMFMxFTATBgoJkiaJk/IsZAEBDAUxMjM0NTEVMBMGA1UEAwwMTWFuYWdlbWVudENBMSMwIQYDVQQKDBpFSkJDQSBDb250YWluZXIgUXVpY2tzdGFydDAeFw0yMTA3MDExMzUyMDJaFw0zMTA3MDExMzUyMDFaMFMxFTATBgoJkiaJk/IsZAEBDAUxMjM0NTEVMBMGA1UEAwwMTWFuYWdlbWVudENBMSMwIQYDVQQKDBpFSkJDQSBDb250YWluZXIgUXVpY2tzdGFydDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKVNgchumOQ+9nQu4y+5Fux8TAy/d7ChqP/Rq4jy/63vqIIqYPUns2aF9FG2B+mQrj5T5xil2iw3a8F/6AGmJ6tYeIQO+Rctj+yJt63LsNNRe5AZN20mxUlNES269Dzrj/qzayFzaRUtbaJ06S4EtJe73zJAH2wQZRS7kmUFA+qKtDhwetLgXvLzhe6Jaum3sHblM4zYKo6FM+XEfXLlglzGVAO9fmRM0jQybQ3haZHdNMJJQfUPOiUN/+aaHuACyrskY/upbTXUbcmx2PoE/YpbQ6ie3fSVsBuRCAY2FpaiwB1dWD9156Jy4sgnwK756dXy2bzncsZNHANtRBRem+jFBiN2zCT3cGI1hCpFRRE6rG6cUchTY6idRFImy7bUZzinkgjsPCnT/tUE78oAO5W++ZQp1aZ/CSg8thW6bqBJ0pAOqP9ubZTOQY8xaynggnTvLZXFBZULMZ4kl2mReIuOlNQSNceaJ2PNoaSwd5BKzwggO2OMLun6Zrji8b70dwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFNKQKZBQ5naXfzuGv28g8UxD9lLwMB0GA1UdDgQWBBTSkCmQUOZ2l387hr9vIPFMQ/ZS8DAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggGBAH+nECgFKdaM/8DbvsBq9IoQrWKE79BPEo+jWlYNuYmVsBPnh/YiebT/OKH1VQUim523FnCjogVncDByvdusloQ6tTpI93Cp+DxKP06ew1oEsWgRVr2nyDGIA9PAHgkgcpHcKHTcYT1iDCHtFr/rYpo2nGFBVQKvCIxXxMKc55WyVjaHLZ3uWBXGxm6Pmd3DGhRtHlrY6VYOaRd6fg9+RQQnjcyMez4yOG5cigACFQaaWGO5kwvYhL7tQ47feudyzo9mWpQvJo+mZ70sRIXENzyZXvFb046taQmDXoDwE5U93kSl5UDlEELZMNjSvY0Agm8B50B63i++ohoaCMhX0fD/xANilAgjBYNcq06FicQ4ZLgR7u76m3HguGDRlNcJe5xiQNfDw6YJZtFiNZls4e7PqHjTa77z2k4pnoDpDv7tr25fTHDXUruQoY/oFKc+sOmtw4gXkTmAFUGsOOC53CbWhiqI1EPNRf20slKeo5HaOQ8dqRUAyw3YZjBeLcYqhg=="; static final String CR_CORRECT_SERVER_RESPONSE_ENCODED = "MIIQ3DCCAWECAQKkVTBTMRUwEwYKCZImiZPyLGQBAQwFMTIzNDUxFTATBgNVBAMMDE1hbmFnZW1lbnRDQTEjMCEGA1UECgwaRUpCQ0EgQ29udGFpbmVyIFF1aWNrc3RhcnSkfTB7MRUwEwYDVQQDDAxuZXctb25hcC5vcmcxDTALBgNVBAsMBE9OQVAxGTAXBgNVBAoMEExpbnV4LUZvdW5kYXRpb24xFjAUBgNVBAcMDVNhbi1GcmFuY2lzY28xEzARBgNVBAgMCkNhbGlmb3JuaWExCzAJBgNVBAYTAlVToBEYDzIwMjEwNzA1MTAyMTA0WqEPMA0GCSqGSIb3DQEBCwUAohYEFM+Pii0Tg0Fz9pJ9on8Xfx3WeJFXpBIEEOl66XIZwkWKMTyK1TxSjfSlEgQQ8qF3GT90eTVtTiE8/rgkoqYSBBDbIJFvoEyxzu6vG2JVR8gcqA4wDDAKBggrBgEFBQcEDaOCCUcwgglDoYIEnzCCBJswggSXMIIC/6ADAgECAhQNEl0HWiFv/9JmJaINeSqiMl4icjANBgkqhkiG9w0BAQsFADBTMRUwEwYKCZImiZPyLGQBAQwFMTIzNDUxFTATBgNVBAMMDE1hbmFnZW1lbnRDQTEjMCEGA1UECgwaRUpCQ0EgQ29udGFpbmVyIFF1aWNrc3RhcnQwHhcNMjEwNzA1MTAxODQ3WhcNMzEwNzA1MTAxODQ2WjBTMRUwEwYKCZImiZPyLGQBAQwFMTIzNDUxFTATBgNVBAMMDE1hbmFnZW1lbnRDQTEjMCEGA1UECgwaRUpCQ0EgQ29udGFpbmVyIFF1aWNrc3RhcnQwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCkLt554YW0vv0E4DBTSBnd3AK4HECEMilOBttJoArTc+aj8H1ENUXYWgcBJ3CXQfJv8hLkgcv/cAtLlzVPxLYK60HwUL23s8mXTS1uPcX/3IzpX7E7wfBeCNLSbuK42FtMQjxKCrpZvzuxpUpqAauBDyeg5LrGojVJv0Hr40t29WKZTxv01X/dpEyTrus2h7N/K+rhX1/JaNw5+0E2/f/Fk8IxC+M97BmjUha5BQkVK9DTgosC5MB43eaT/YiG6kPKJCssO1sCovtqHZUdQFsjV1MmRZZdseyJ+5b7sS8iuMJhGbXKSLi5KceD7y5juNvUkG7ct/WVxB7yCf33J5rTetS3qfZkxclVcl7A43HToZHA6iLFKou5fPLTmT6ndsNEiRryqw5gArVMtw9BoulC8HIy7f3RDi0h3yIB8p+Sglt3d2JJ2kaHcE5miaB1+pfZKzVLa//eHMcUHbciUBGqdAiGi3RDQ8EGpMQUKWCZMpWdu9sHGpEqpnxcCD45FTMCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBTPj4otE4NBc/aSfaJ/F38d1niRVzAdBgNVHQ4EFgQUz4+KLRODQXP2kn2ifxd/HdZ4kVcwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IBgQBseB3QdY5thGZ3zC/u7gBsKcQbnC6DAA5hpsYuZM10MzOVsMlIV//jURyodSG6OqFGO4UQWdreYt9YEZx4gIGUSOWAGFMLkV8Cj6TzkATT97gdigkp1OlJ3zzs9ZGk/ij9MLSYUcKYKO6FRMQYF4pkssAdTmxmSsbj9jNNdZnf3pRhh7qBz/CA5Jm4XToetIKap57JWotsdnJA3+p1hNAQteza+PaAbqOEAxQh0PgO770MkLe/qUEpUKHr+DDprvsS77xoKEuPIiIv5hEOR4w2aoQSoJFzWK6CTglLTTcI+evVR+0edTeRwJOyAI4KfZkZgCpo73d1wfPtLI2ipU05uzJ1fhM4fY5IX1OLSYMVP0D8oU4xQjts8/XM2Yen0OuU06uyGjThIG3UeVNOyC+rXlEYM61AClzVUcLguctfgl5ncgSgtSA1B+zQYhie3RcxJtN058K8L2iNDV55IkcAyl6DoAbGcAmetxDKC3Tbn1gRKEt+JJo+BQvBsYUJRZ4wggScMIIEmAIEW1M1iTADAgEAMIIEiaCCBIUwggSBMIIC6aADAgECAhQHgFwoOV7ynMsqorIqNbXM/lGCnTANBgkqhkiG9w0BAQsFADBTMRUwEwYKCZImiZPyLGQBAQwFMTIzNDUxFTATBgNVBAMMDE1hbmFnZW1lbnRDQTEjMCEGA1UECgwaRUpCQ0EgQ29udGFpbmVyIFF1aWNrc3RhcnQwHhcNMjEwNzA1MTAxODQ3WhcNMjMwNzA1MTAxMTAzWjB7MRUwEwYDVQQDDAxuZXctb25hcC5vcmcxDTALBgNVBAsMBE9OQVAxGTAXBgNVBAoMEExpbnV4LUZvdW5kYXRpb24xFjAUBgNVBAcMDVNhbi1GcmFuY2lzY28xEzARBgNVBAgMCkNhbGlmb3JuaWExCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq+2enbtUCb/5askOeN+lOhZ6nGtViBdrJty3Qufud3KAFMlDclY+Hk1V155fOT6X8H4Ra4G+nEPI59ZvgMs/Fn+6SzkcRTGdpW8GO4lY3lrCZAMlAUr8HUseAaMvBs4O9hOUh7t+UFQlIb08AlF98InAhIK97eDZX+UnpHOL93l+kL3yfWX7d8mgnrkD/+fgEuFuTBRIixFRD02ED/P/w9UNHKKsMd736nd0bhY2oYZxS5v14KVulCAYvUJ227cBt9aIZ+N5lb0CDh8l0+HXogI2VoIlaSCej3ErLMf3Ponk6zivZsk9R/QmqYZtG2irxk8KpksqVP8qtH8omr/HfwIDAQABo4GkMIGhMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUz4+KLRODQXP2kn2ifxd/HdZ4kVcwGAYDVR0RBBEwD4INdGVzdC5vbmFwLm9yZzAnBgNVHSUEIDAeBggrBgEFBQcDAgYIKwYBBQUHAwQGCCsGAQUFBwMBMB0GA1UdDgQWBBQ4Dq29q6Jnte9BJ/85Nnb7kVTENjAOBgNVHQ8BAf8EBAMCBeAwDQYJKoZIhvcNAQELBQADggGBAHfgowwiI08FJ92KhG7zA+d6gUdDwslF3tZGg6ZfRYNjoVry1EE9ZcF0uawjfcFXw/zC9v3cha+geheYYJIxkFGGRIQGK+1/csvsm90umNHAtE6+2eec2YMlwEkDE4PGlnjOWmsU1TIQmM+Q6smNz+Mht0kcHPnX3l+W6yxnoW6odP4vnEMcQtpXFSuJ8iAwux3v2UkrEw0YTtqtBuAZ7WjrqFmnqu1++9QZmXlsKtMZhqmqqTkRPIyrTHgZtsNhZP5L2MMnvYFmgtqjCkciPniE8oQtde1W6wCUEC5sxBSYbNWVOB8gKGMgzNwDpL+NervbOkcnR4MT9OK3Podu8JPpNOAHjF9prH8+paKrQrJPM/YV41GnWw2wCuR7pCkz5ocTxqdmzOelEqd+kfv9b4N48HX1W87KDxUqsEOfZeW3taAWjhp+nLWaUEWX7eIfJteMBzCsFGHHiK3HA+q0nPHD2hQJD3gn01LKafinVL+mP51uiDxj2DHyW7DJDJg4UqCCAYUDggGBAF3DAlUKGihKx0Oh45f0Y+rAfTq8PlfTVwZjwxNMEbCTXGWzMlWAQiqoPmJIv4QgucSmcD+2sILe7tNXh1VWIevsSZm/w5Gu/5l4ALwFCCy2I+qzpl3pFpNyeoIgaOBz/pWi4zoP66LXPzxwjjoWHYPSoY+Lq4D8GUfcCOIOFQ5Sncm/1BmWLBDBfSWd4kbkT/tB7LTaHkvywZDBmQYz3FFPnOruW7mL2KRFG+Q6/vQijag5sUMUjHfplleDSTlhDrsma4gVhZsc2tOPFAPzbhrtTS09UDNGGAayGMZXF5CDFqNcqcdO2JL/BgeaVXpgqPMie5UtZ0qeOmQl2L7/SHWXqlp5qHfjjMyJf9qg6+EtWWH98ZkZYqi7wVJRCG4+s8K6HIT9JLQgzgtrwDwSXoo6WS0+5Z2y0/1XOVcSYqJY19ebs+yAPq7hG1yfqg8YOCgRMMqAsMPTOVwXwHTn+fWQ/r+uhkPQGJYVXxrQGnWk/VEXILcbpB/biHUgsvB5H6GCBJ8wggSbMIIElzCCAv+gAwIBAgIUDRJdB1ohb//SZiWiDXkqojJeInIwDQYJKoZIhvcNAQELBQAwUzEVMBMGCgmSJomT8ixkAQEMBTEyMzQ1MRUwEwYDVQQDDAxNYW5hZ2VtZW50Q0ExIzAhBgNVBAoMGkVKQkNBIENvbnRhaW5lciBRdWlja3N0YXJ0MB4XDTIxMDcwNTEwMTg0N1oXDTMxMDcwNTEwMTg0NlowUzEVMBMGCgmSJomT8ixkAQEMBTEyMzQ1MRUwEwYDVQQDDAxNYW5hZ2VtZW50Q0ExIzAhBgNVBAoMGkVKQkNBIENvbnRhaW5lciBRdWlja3N0YXJ0MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEApC7eeeGFtL79BOAwU0gZ3dwCuBxAhDIpTgbbSaAK03Pmo/B9RDVF2FoHASdwl0Hyb/IS5IHL/3ALS5c1T8S2CutB8FC9t7PJl00tbj3F/9yM6V+xO8HwXgjS0m7iuNhbTEI8Sgq6Wb87saVKagGrgQ8noOS6xqI1Sb9B6+NLdvVimU8b9NV/3aRMk67rNoezfyvq4V9fyWjcOftBNv3/xZPCMQvjPewZo1IWuQUJFSvQ04KLAuTAeN3mk/2IhupDyiQrLDtbAqL7ah2VHUBbI1dTJkWWXbHsifuW+7EvIrjCYRm1yki4uSnHg+8uY7jb1JBu3Lf1lcQe8gn99yea03rUt6n2ZMXJVXJewONx06GRwOoixSqLuXzy05k+p3bDRIka8qsOYAK1TLcPQaLpQvByMu390Q4tId8iAfKfkoJbd3diSdpGh3BOZomgdfqX2Ss1S2v/3hzHFB23IlARqnQIhot0Q0PBBqTEFClgmTKVnbvbBxqRKqZ8XAg+ORUzAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUz4+KLRODQXP2kn2ifxd/HdZ4kVcwHQYDVR0OBBYEFM+Pii0Tg0Fz9pJ9on8Xfx3WeJFXMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAYEAbHgd0HWObYRmd8wv7u4AbCnEG5wugwAOYabGLmTNdDMzlbDJSFf/41EcqHUhujqhRjuFEFna3mLfWBGceICBlEjlgBhTC5FfAo+k85AE0/e4HYoJKdTpSd887PWRpP4o/TC0mFHCmCjuhUTEGBeKZLLAHU5sZkrG4/YzTXWZ396UYYe6gc/wgOSZuF06HrSCmqeeyVqLbHZyQN/qdYTQELXs2vj2gG6jhAMUIdD4Du+9DJC3v6lBKVCh6/gw6a77Eu+8aChLjyIiL+YRDkeMNmqEEqCRc1iugk4JS003CPnr1UftHnU3kcCTsgCOCn2ZGYAqaO93dcHz7SyNoqVNObsydX4TOH2OSF9Ti0mDFT9A/KFOMUI7bPP1zNmHp9DrlNOrsho04SBt1HlTTsgvq15RGDOtQApc1VHC4LnLX4JeZ3IEoLUgNQfs0GIYnt0XMSbTdOfCvC9ojQ1eeSJHAMpeg6AGxnAJnrcQygt0259YEShLfiSaPgULwbGFCUWe"; - private static final String TEST_CA = "TestCA"; private static final String WRONG_OLD_CERT = "wrong old cert"; private static final String WRONG_OLD_PRIVATE_KEY = "wrong old private key"; - private static final String TEST_ENCODED_CSR = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQzV6Q0NBYzhDQVFBd2R6RUxNQWtHQTFVRUJoTUNWVk14RXpBUkJnTlZCQWdNQ2tOaGJHbG1iM0p1YVdFeApGakFVQmdOVkJBY01EVk5oYmkxR2NtRnVZMmx6WTI4eERUQUxCZ05WQkFzTUJFOU9RVkF4R1RBWEJnTlZCQW9NCkVFeHBiblY0TFVadmRXNWtZWFJwYjI0eEVUQVBCZ05WQkFNTUNHOXVZWEF1YjNKbk1JSUJJakFOQmdrcWhraUcKOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXdVZmxSZ3k4d2tRajFib1hucGY5Q2lmakN6Y1lWSnJnTlZnVQplVnlOWjltczZIYVBuRDQ3M1M0b09kN3JXTnY3WEloWk9FU3lUM1FsVlB6eFBBNjdYMFR3dERqc3JUUjBxZGhtClBQS1crdHozM1pCRGttVnhLa0hmVmsrVUVmbi9rOHE3L0RGRmExWnV3NFdzT3R0ZDV0MHNIWU01eDFBY0dKVGgKdW9hcUh1WHpXK3BhcHlqYmpZbkJjUHB2bEsxbTdtRmVIWXNtMktBNk9yRHdxaE1wSGVSQkNldjNwMWlhSUdvUQpTTVAwTmhLMVFmaDFjazZ5Zmhid1lRUGZJaklMTWx6Z2J4QkszOXI0M2xSU0NsalkzdCtHSllPM1NKQURtS0YvCkFxMjJTbHg4ZWdCSDFmdHpzWGdOTnl3Y25tNUpGOFZXd0ZTamsydndPeDJjVEpIeDZRSURBUUFCb0Nzd0tRWUoKS29aSWh2Y05BUWtPTVJ3d0dqQVlCZ05WSFJFRUVUQVBnZzEwWlhOMExtOXVZWEF1YjNKbk1BMEdDU3FHU0liMwpEUUVCQ3dVQUE0SUJBUUFSVGo4T2FJUnM4WVI1QmFrRDhFYTRPOEdZZUJmd3pCdWRoU0x4UVIvM01xWHpQMGYzCkpHRVN6TCtVeWduQjE4dG9GdG9qdk5sR25TYVFOcnI4K2lwQkpiLzRVUTdydFJwNThaa0p1Nk9lZGNwSGd1emIKRUw1NnBGNlBnRk5tcFlGbnZ4MDc1UzhxZ2w0eWtzK09DK0hSK1dwaVZuOGQyMlEraVMwL3NZb0VRWkRRTVUvaQplWDRMVDlqSjNWM2lKTFh6OUZmRlhzY1VxeDZ6RGt5VUZJQms0aUZHWE9RLzQ1MmRla0ZPaGlKQ0x1VlRHdTVpCk5NODdZRVptWnVLbXNtd2x4WDU2UjRrd0Z6azZLcWFyMlhNTU5MV0U3VUZ4SDROUlFIeUUxOEVTNU5adDMwMnAKYzl4YkRyekEvbVNSdDVlTTZTYlVqNStlU0tyUDQxdlk4S3hPCi0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQo="; - private static final String TEST_ENCODED_PRIVATE_KEY = "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRRFNOS0pCUU5XRmF0ajUKUmRhTmQyMGdnTnBOVUVaYzgxU1Y1d0hLeHEwUy9rT0llTG8rekI5c3lkUUJLWm9JRXJPL3JIekwzb0VCNW5YNQp4NVBkeTViYUdYTzRQZDVCUStrSXRHckFnNzVrRldmT3VHNU9GWUxpWldMUEcra3FBRXJKNTdzQlB5TzNKNjVxCkEzN0gxNnBiZVhRL2VzR2RNaVZsenM4dE9UOEtaT1lDQUpGQXg1ZEk4OEowaEt4ZThONFdrZEJLSStXVndKMUsKR05pZmgwc2Jjam9rOG1Gbll4Nzcwd3BuZU5nbkZUbU9MWXFIUTRuSklUODdza1BYSUt1RHNMRUJDL01kVGQ0QwpPTTZJekZYZmQxNzNDc1p5UnR3V0F2ZXNDcWJGYkVhcDBiWHlCRFN1R0w3NlhGdzRTdjZiZkoyano2SjIyRU9SCmVPOGpVdWhKQWdNQkFBRUNnZ0VBUWJyZHBjUHRRSnZwbndEY2x6M3A3TWo5K2tFSXo1WHpORENaR2R4SVVIRWIKa3ZnVlhQK2RML3BvaGJpSmhzNjZVRXhTZGJsczQ3ZzUyZEl6aFo1YzNIUXJBRWl3VC80NVIxU0xNUW5CSmpDZgpWai9MbGpVWnlVdGt1MWlCNzNWSjdacTltaVV4T050NnFZSFFTaE5CSFB0OGcwRVNlK0lyV1l0eXN6UjhadllXCjlqWm9xb0pOTW5ySVkyNmdtdFRCRURpTmVmaEhBMGVoVHkwYzNBQ1lDTUY3aWlNenplMWhkUjZvTDhuTEZscmQKVGJZRGdCUzBueEpvRVpxQnZBZWViZFVBaXc1UCtqZ1NXcXhnUkhpWGk2Rk0xWXVnMGF5Mm9GNEl1alV0ek5kNwplbnNqeTVTTGFGcVp5dy81bkdlWDJMTXYvbFovQUtWYlZ6NnNBa3RVdFFLQmdRRHBBT3BBUVorNWRheGxyQk5oClFoYy9ndnRPekJpRTA0YU5EdDVLMllEVU80dHdFRmYxTVdXSkNrV3Z1czNOSUphdkJ1K25GYzdEREphUEFxbk4KZnQrUGw3NTJ4UUlJRk1GdUt5QTdKL1hSZzFjVUIzNEFrZWtZeTZvRlYwa2FlWmZvYXBRbGdDWnFWVkd5L2FCdAprSHBndDJnckpZZG82OE11bFQ0ZWplbGE4d0tCZ1FEbTg3UWE4YzFYRTNuTGFQcGJIeTU5N0N5S0ZKTzBRdC9tCm1RT1FNaEJCOTJGU0JpRE05ZHFkbUU2d3JVU2NFYVo3aDlaZ1kwQUdxVVFobzE3d3oyL1BxaGhaUFRiOU0rVTgKWUVaWTdnWnNoYkJ1MDgvTkJLTDNGTitGd216VG8xN1d1SlNyQWFWV3dra1RMOWVSbkI2cUFTeHBMaDFKQ0J4cQpQSE9Kd1FmRzB3S0JnUUNSTHlUSGpSeDliemxRMFB2eWFrQWFMdjl3aGZQeEwreHpFSVNxbHdTVE9kY1VxTnBsCnliVyt3a3ZSeDlCY3RLV3Z3ZDZxZWdndnVUUkhRQjJXRWl3elNSWkE0MWowdUJvZkQzZ3g1Q0Jqd0RjT0grei8KWmV1Y3E2cnhVUVlZSFJQdW1ocGRrNUJjU1hWeTFsNlVacVlhaGEyKzFNK2ZMT2lkcWhqZTZRWXl5UUtCZ1FDbwpTclhYWEpRUSs3UW9zVnFkdzk4UkMyUjVTZjFId2VOK0djb3E3UkJEd1l3OVJSSHB5TTJCUVZjMkQweUxuYUQvCkswRGdBL0xINTlncDJ1NTM4L0M2Rm15ZnVxZXpZbm1Nd1dzQnFwRXJ5MCtCc3Y4ZG1sOVdSUE9NZU56c2E0UFUKVzdTWjJCMHZWMndBZTBCT2JzRTVpSmxnRzZaamJYR25TRjI0NTl4TzJRS0JnRER1cXJBcThQMXpXU28wcWZ0QgpkTS9Xc3p6U3VZRHdjemhvajNKek5VK3lvQ3g4ejNzY0NML240eXFUT1RiWVhLTXFHbUVrSW01eXJ1SWlJeHBRCmNJM1pDUlVZbHZDY0FaeCtiVU1QSXNkek1TeGJMaHNqSU5Oc3F4dDJlMlQvd2dJWXpWenVERExpZ1drN1lDZkEKNDJ4YXVldHQ0M21qM25wYUFvcURIVG92Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K"; private static final String TEST_ENCODED_OLD_PRIVATE_KEY = "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2d0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktrd2dnU2xBZ0VBQW9JQkFRRHVTZ0FtVWovWEo5NlQKOGkzREZxWE1QOUpaa3RkeEtYZUV2NDZhcGFVTmJyNGNoSi9EM2pLdTFBRFdWVEx4YlNyOEpuT0dDSUFzenZjaQozQmxLb1VUaHVvaUl0NXBnKy9kaFc2SDRnazdtdTRVdzAxdEFVQjZqM2ZubVhJTDZaMTlmS2F0bXlRTmVMSzRQCnlNNTFMTG03ZjgyNjZsR0NrektmdWx0NVAvc21Ya0lxL0FGN1d6Q3gzclNXOW0yZkdKaEFGcjAyL09pV1JvOWIKd0VHSjFkUnJhaTc5ZGtpMEN4eFlDMXYvb3FXVTJLTmpSZDF5RXNXb0ZxTC9pd1NoWCtwazl5cmtSMzQ0aEZLZwpRVFl1bGg3Z0NKQmwyOFhGM2kraDNiVHZJL3VMRk5PLzdvZ29PTjlDM04wdTRiTzhlNUNnUERHZWI5eG9VQklrClVnM0hOSkczQWdNQkFBRUNnZ0VCQU1qOTFEaCtvZWlxY1h5YkJ1eUtPdGtZY0NZcnpOdGZuYmQwR0NYcldGZ0gKTkFZNys4S3J0bFp1N2pIYmRYZmNuQ2hKaXFIZ283U244aDhPUmFzRWNtUndBV0JJZGNnZVgrQlgrVHZ6TmZnNgo3YkpzWklqUHk3aHVzSzRWRkVtQVRocW52REtibE9Lbmp6NHpJNm9FU3JtVHFJVmp4ZEw4cy9PMHJobU0xUnZiClB0QXRCeDNMTEtBUFZWTlN6a05JeHFIY1cwaFJ1bFlqOU81S3hmZDJJdDlrKzVzY0RpQU5qcU9YTVRIMmxrdzcKcE41ZFRtNU1EQXcrMGpaUVNpUFRia0hFQWdPZElxNmxuYStSN1lBRkFNc0ZVKzlmbnNEZVR2M2VHT2h6ZVhCSApJRlRkTStIOVU3Tm8xOW91d0NHU05JTEJESnE1V2JVd3VLQWRTUDBVaGZFQ2dZRUEvNElFa1g2djJVSUpqbldwCjBnbzBTSFJFamQ1Vmk0T2dnQW00L0hDbWx6Q3ljZzljRUhXeXFsd3RNN24xVkw5WDdJaytxMFc2UjBYRXlJbHMKTWlPSEF0cFhxbDB0RnRNQVd5SnBLY05vaktyRjlMR3g2VDVKQk5HTFo1b2JCaXRLNTZtTVZta0RTTzljc3hRYgpURXhQY1JGZmpQdkpJTlBRNDRZYWNRR0padThDZ1lFQTdyOStJN2svdzg2YVNWWkJObTh4NURrZVd4anRBSmRnCndFeXpEWklxYXEwU3IvQ0dxZnRSTFFrNnF4RDQxVWh2d1QrVHVMd2xuWWJMWmRzQmJVVW11cHNBZWpMbnY0RGIKR1RiTHpiNEM1c2FONW13dEJPeU5vaGNoUUVHVUF0RzdzN3BCYStsOE9MSmVzS1FsMWJBc0JXRC9leG01bzZyYwo0T0NYQkNpaHdia0NnWUFjU2ZEbml2YzlQcXFBTTFiU0FuODNabWdRclFVYnBUOG43ZXVsUjNPcVdhSG9MdnNxCmQxMklyeHZ5Rml5cmJXUDJ0RnRUNnl4c3A3VFozeDB6ait0cXpYSFhVdW1qRlVsOHpacUhIVE4rSDRvN1JWRkYKV2JnTDZJZGV1UmswM2FZMWIvZ3h1UDY4SElSTzczTDJSNXlrRUNCY0k2UnBGZ3FTcGs1WEpLeHAwUUtCZ1FEWAp5VmhYTFg1R21odTFJVEs3NG5Dem1EU3BuYlBJandteGhTRm9xSzJSMFhCTWVSY2QxN3FjKy9SODNWQXFaZGdzClVDeFNFaXZsWHduRHU5aGtUTlllWHk1bFJGRldNejdVWVVSL1pyZjBvWTFyc0daWVJ2NFVmTmRlM21iS3pZbmIKZmdMWGFDY1FqNWNxREpMdHV0ZHUzU2JNdW9taE5qT0JSVHo1VTBnd2NRS0JnUURyRy9wZDN6aUw1dFZFSk1KOApUQmdodko1NTZNMjFXaXFRNG1WUGcwbGNub1RXVmdCV0hqS2k2MzNhZVVRRlYrQTN2d3ljS1h4YVdsUzBYWmZVCmRobTJaUnVwYzhaeVA2ZGNaR3VLTWxHR21kSGtGaExIcUNhZXViS25ZUEkyVTFrZklNVGlWR0Jubmk2Y3dkRGIKUzczSG12YVpwU0xsbDlhbXkvZEx1N0QxdGc9PQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg=="; private static final String TEST_ENCODED_OLD_CERT = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVmVENDQXVXZ0F3SUJBZ0lVRncwd1VZc2wxUkF2bHB1bXpqcFRrNjZzNGlzd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1V6RVZNQk1HQ2dtU0pvbVQ4aXhrQVFFTUJURXlNelExTVJVd0V3WURWUVFEREF4TllXNWhaMlZ0Wlc1MApRMEV4SXpBaEJnTlZCQW9NR2tWS1FrTkJJRU52Ym5SaGFXNWxjaUJSZFdsamEzTjBZWEowTUI0WERUSXhNRGN3Ck1qQTNNVE0xTlZvWERUSXpNRGN3TWpBM01EWTFNMW93ZHpFUk1BOEdBMVVFQXd3SWIyNWhjQzV2Y21jeEdUQVgKQmdOVkJBc01FRXhwYm5WNExVWnZkVzVrWVhScGIyNHhEVEFMQmdOVkJBb01CRTlPUVZBeEZqQVVCZ05WQkFjTQpEVk5oYmkxR2NtRnVZMmx6WTI4eEV6QVJCZ05WQkFnTUNrTmhiR2xtYjNKdWFXRXhDekFKQmdOVkJBWVRBbFZUCk1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBN2tvQUpsSS8xeWZlay9JdHd4YWwKekQvU1daTFhjU2wzaEwrT21xV2xEVzYrSElTZnc5NHlydFFBMWxVeThXMHEvQ1p6aGdpQUxNNzNJdHdaU3FGRQo0YnFJaUxlYVlQdjNZVnVoK0lKTzVydUZNTk5iUUZBZW85MzU1bHlDK21kZlh5bXJac2tEWGl5dUQ4ak9kU3k1CnUzL051dXBSZ3BNeW43cGJlVC83Smw1Q0t2d0JlMXN3c2Q2MGx2WnRueGlZUUJhOU52em9sa2FQVzhCQmlkWFUKYTJvdS9YWkl0QXNjV0F0Yi82S2xsTmlqWTBYZGNoTEZxQmFpLzRzRW9WL3FaUGNxNUVkK09JUlNvRUUyTHBZZQo0QWlRWmR2RnhkNHZvZDIwN3lQN2l4VFR2KzZJS0RqZlF0emRMdUd6dkh1UW9Ed3hubS9jYUZBU0pGSU54elNSCnR3SURBUUFCbzRHa01JR2hNQXdHQTFVZEV3RUIvd1FDTUFBd0h3WURWUjBqQkJnd0ZvQVVzWW1NQytnWTE4WWMKdDVMejJheDlTRjhzaHlNd0dBWURWUjBSQkJFd0Q0SU5kR1Z6ZEM1dmJtRndMbTl5WnpBbkJnTlZIU1VFSURBZQpCZ2dyQmdFRkJRY0RBZ1lJS3dZQkJRVUhBd1FHQ0NzR0FRVUZCd01CTUIwR0ExVWREZ1FXQkJTdDVzYTFCc1VNCjJrTHFpdXNGWkxCWGlFMStJREFPQmdOVkhROEJBZjhFQkFNQ0JlQXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnR0IKQUkrYW94LzJPUFdQZC9IanB0b1VhVlRhNkFnZldMMHoyR3NkOS9oVDBPVTdGSWloTEwrUGx4Y3Z2VWVQWGZlRQpHaEtJb3FJb3pERndMeWs1OUVWNVMxSEdsYVI3QnlUZkVJcVl5T0I5YkNPMmlPWjdIcW9vNmxoN2hoUTZXUENRCmtpY3VRMXJRWDJFSHlOVW05aFovU2dWamFYQlpZY0l0cFNsN1lWSVFGUElXY2VYYmtFaG8rSG5HczExTDI0V0QKUWhCNkpWWWJzME9JQzVaNDNablBKaHdHYlVyOCs5Q2IwR0J1dzNITUVMN05mNmFQSWVjOG8ydXphVHU3WXlOegpjYlN4WmMyUzRpeVpSbjdkTldQSmtFUVFGd1dPNlBOYzRwd0xSeC9zR3pHdlY0cFZGdlRuOGE3c0FiVXpwcnZBCmRDNFdjYnJhNE1wTFFKczZqNWJoUFJ1QlRsSXBnZEVhdkVSM1J5bUVGUTBSRHdER2thSndNbkdVVTlqSWdFN3AKR282RG5aV2RJZEFoRlN2Q3RybERLL1NGYmVKM3RTNlMrSUxXUDgydWU3Q0UwSnYrUEVoUnc5aWVreE5hRElNbwpzeXcvM2tnSUNnckV3RjJzUHY5UnVLQ212V3NrMkdKaHRRcXZSK3FFRE5FQW15aXJodFh6L214QUZ0dy9ualpVCjBBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQoK"; + private static final OldCertificateModelFactory factory = + new OldCertificateModelFactory(new PemStringToCertificateConverter(), new X509CertificateParser()); - public static final CertificateUpdateModel TEST_CERTIFICATE_UPDATE_MODEL_WITH_WRONG_OLD_CERT = - new CertificateUpdateModelBuilder() - .setEncodedCsr(TEST_ENCODED_CSR) - .setEncodedPrivateKey(TEST_ENCODED_PRIVATE_KEY) - .setEncodedOldCert(WRONG_OLD_CERT) - .setEncodedOldPrivateKey(TEST_ENCODED_OLD_PRIVATE_KEY) - .setCaName(TEST_CA) - .build(); + static final OldCertificateModel createCorrectOldCertificateModel() throws CertificateDecryptionException { + return createOldCertificateModel(TEST_ENCODED_OLD_CERT, TEST_ENCODED_OLD_PRIVATE_KEY); + } - public static final CertificateUpdateModel TEST_CERTIFICATE_UPDATE_MODEL_WITH_WRONG_PRIVATE_KEY = - new CertificateUpdateModelBuilder() - .setEncodedCsr(TEST_ENCODED_CSR) - .setEncodedPrivateKey(TEST_ENCODED_PRIVATE_KEY) - .setEncodedOldCert(TEST_ENCODED_OLD_CERT) - .setEncodedOldPrivateKey(WRONG_OLD_PRIVATE_KEY) - .setCaName(TEST_CA) - .build(); + static final OldCertificateModel createOldCertificateModelWithWrongCert() throws CertificateDecryptionException { + return createOldCertificateModel(WRONG_OLD_CERT, TEST_ENCODED_OLD_PRIVATE_KEY); + } - static final CertificateUpdateModel TEST_CERTIFICATE_UPDATE_MODEL = new CertificateUpdateModelBuilder() - .setEncodedCsr(TEST_ENCODED_CSR) - .setEncodedPrivateKey(TEST_ENCODED_PRIVATE_KEY) - .setEncodedOldCert(TEST_ENCODED_OLD_CERT) - .setEncodedOldPrivateKey(TEST_ENCODED_OLD_PRIVATE_KEY) - .setCaName(TEST_CA) - .build(); + static final OldCertificateModel createOldCertificateModelWithWrongPrivateKey() throws CertificateDecryptionException { + return createOldCertificateModel(TEST_ENCODED_OLD_CERT, WRONG_OLD_PRIVATE_KEY); + } + + private static final OldCertificateModel createOldCertificateModel(String certificate, String privateKey) throws CertificateDecryptionException { + StringBase64 base64EncodedCertificate = new StringBase64(certificate); + return factory.createCertificateModel(base64EncodedCertificate, privateKey); + } private ClientTestData() { } diff --git a/certService/src/test/java/org/onap/oom/certservice/cmpv2client/Cmpv2ClientTest.java b/certService/src/test/java/org/onap/oom/certservice/cmpv2client/Cmpv2ClientTest.java index de0a100c..b44d6447 100644 --- a/certService/src/test/java/org/onap/oom/certservice/cmpv2client/Cmpv2ClientTest.java +++ b/certService/src/test/java/org/onap/oom/certservice/cmpv2client/Cmpv2ClientTest.java @@ -76,6 +76,7 @@ import org.junit.jupiter.api.Test; import org.mockito.Mock; import org.onap.oom.certservice.certification.configuration.model.Authentication; import org.onap.oom.certservice.certification.configuration.model.Cmpv2Server; +import org.onap.oom.certservice.certification.exception.CertificateDecryptionException; import org.onap.oom.certservice.certification.model.CsrModel; import org.onap.oom.certservice.cmpv2client.exceptions.CmpClientException; import org.onap.oom.certservice.cmpv2client.exceptions.CmpServerException; @@ -141,7 +142,7 @@ class Cmpv2ClientTest { } @Test - void shouldReturnCorrectCmpCertificateForCorrectKeyUpdateResponse() throws CmpClientException, IOException { + void shouldReturnCorrectCmpCertificateForCorrectKeyUpdateResponse() throws CmpClientException, IOException, CertificateDecryptionException { // given setCsrModelAndServerTestDefaultValues(); @@ -160,7 +161,7 @@ class Cmpv2ClientTest { // when Cmpv2CertificationModel cmpClientResult = - cmpClient.updateCertificate(csrModel, server, ClientTestData.TEST_CERTIFICATE_UPDATE_MODEL); + cmpClient.executeKeyUpdateRequest(csrModel, server, ClientTestData.createCorrectOldCertificateModel()); // then assertNotNull(cmpClientResult); @@ -189,7 +190,7 @@ class Cmpv2ClientTest { // when Cmpv2CertificationModel cmpClientResult = - cmpClient.certificationRequest(csrModel, server); + cmpClient.executeCertificationRequest(csrModel, server); // then assertNotNull(cmpClientResult); @@ -203,9 +204,9 @@ class Cmpv2ClientTest { setCsrModelAndServerTestDefaultValues(); CmpClientImpl cmpClient = new CmpClientImpl(httpClient); - assertThatExceptionOfType(CmpClientException.class) - .isThrownBy(() -> cmpClient.updateCertificate(csrModel, server, ClientTestData.TEST_CERTIFICATE_UPDATE_MODEL_WITH_WRONG_PRIVATE_KEY)) - .withMessageContaining("Cannot parse old private key"); + assertThatExceptionOfType(CertificateDecryptionException.class) + .isThrownBy(() -> cmpClient.executeKeyUpdateRequest(csrModel, server, ClientTestData.createOldCertificateModelWithWrongPrivateKey())) + .withMessageContaining("Cannot convert certificate or key"); } @@ -217,9 +218,9 @@ class Cmpv2ClientTest { CmpClientImpl cmpClient = new CmpClientImpl(httpClient); // When // Then - assertThatExceptionOfType(CmpClientException.class) - .isThrownBy(() -> cmpClient.updateCertificate(csrModel, server, ClientTestData.TEST_CERTIFICATE_UPDATE_MODEL_WITH_WRONG_OLD_CERT)) - .withMessageContaining("Cannot parse old certificate"); + assertThatExceptionOfType(CertificateDecryptionException.class) + .isThrownBy(() -> cmpClient.executeKeyUpdateRequest(csrModel, server, ClientTestData.createOldCertificateModelWithWrongCert())) + .withMessageContaining("Incorrect certificate, decryption failed"); } @@ -255,7 +256,7 @@ class Cmpv2ClientTest { CmpClientImpl cmpClient = spy(new CmpClientImpl(httpClient)); // when Cmpv2CertificationModel cmpClientResult = - cmpClient.createCertificate(csrModel, server, notBefore, notAfter); + cmpClient.executeInitializationRequest(csrModel, server, notBefore, notAfter); // then assertNotNull(cmpClientResult); } @@ -294,7 +295,7 @@ class Cmpv2ClientTest { // then Assertions.assertThrows( CmpClientException.class, - () -> cmpClient.createCertificate(csrModel, server, notBefore, notAfter)); + () -> cmpClient.executeInitializationRequest(csrModel, server, notBefore, notAfter)); } @Test @@ -331,7 +332,7 @@ class Cmpv2ClientTest { // then Assertions.assertThrows( CmpServerException.class, - () -> cmpClient.createCertificate(csrModel, server, notBefore, notAfter)); + () -> cmpClient.executeInitializationRequest(csrModel, server, notBefore, notAfter)); } @@ -370,7 +371,7 @@ class Cmpv2ClientTest { CmpClientImpl cmpClient = new CmpClientImpl(httpClient); assertThatExceptionOfType(CmpClientException.class) - .isThrownBy(() -> cmpClient.createCertificate(csrModel, server, notBefore, notAfter)) + .isThrownBy(() -> cmpClient.executeInitializationRequest(csrModel, server, notBefore, notAfter)) .withMessageContaining("CMP response does not contain Protection Algorithm field"); } @@ -391,7 +392,7 @@ class Cmpv2ClientTest { // then Assertions.assertThrows( IllegalArgumentException.class, - () -> cmpClient.createCertificate(csrModel, server, notBefore, notAfter)); + () -> cmpClient.executeInitializationRequest(csrModel, server, notBefore, notAfter)); } @Test @@ -411,7 +412,7 @@ class Cmpv2ClientTest { // then Assertions.assertThrows( CmpClientException.class, - () -> cmpClient.createCertificate(csrModel, server, notBefore, notAfter)); + () -> cmpClient.executeInitializationRequest(csrModel, server, notBefore, notAfter)); } private void setCsrModelAndServerValues(String iak, String rv, String externalCaUrl, Date notBefore, Date notAfter) { -- cgit 1.2.3-korg