From ce4f24d8bc667654f6426aa374e280a28576318c Mon Sep 17 00:00:00 2001 From: Michal Banka Date: Fri, 20 Mar 2020 13:18:50 +0100 Subject: Removed dependency to cmpv2client adapter Signed-off-by: Michal Banka Change-Id: I14aea91ee910354e898ea1e011a2ff27df54e93c Issue-ID: AAF-1107 --- .../certification/CertificateFactoryProvider.java | 42 ++++++ .../certification/CertificationProvider.java | 43 +++++- .../certification/RsaContentSignerBuilder.java | 46 ++++++ .../certification/X509CertificateBuilder.java | 56 +++++++ .../adapter/CertificateFactoryProvider.java | 42 ------ .../certification/adapter/Cmpv2ClientAdapter.java | 85 ----------- .../adapter/RsaContentSignerBuilder.java | 46 ------ .../adapter/X509CertificateBuilder.java | 56 ------- .../cmpv2client/impl/CmpClientImpl.java | 6 +- .../certification/CertificationProviderTest.java | 88 +++++++---- .../certification/RsaContentSignerBuilderTest.java | 63 ++++++++ .../certification/X509CertificateBuilderTest.java | 69 +++++++++ .../adapter/Cmpv2ClientAdapterTest.java | 161 --------------------- .../adapter/RsaContentSignerBuilderTest.java | 62 -------- .../adapter/X509CertificateBuilderTest.java | 69 --------- 15 files changed, 379 insertions(+), 555 deletions(-) create mode 100644 certService/src/main/java/org/onap/aaf/certservice/certification/CertificateFactoryProvider.java create mode 100644 certService/src/main/java/org/onap/aaf/certservice/certification/RsaContentSignerBuilder.java create mode 100644 certService/src/main/java/org/onap/aaf/certservice/certification/X509CertificateBuilder.java delete mode 100644 certService/src/main/java/org/onap/aaf/certservice/certification/adapter/CertificateFactoryProvider.java delete mode 100644 certService/src/main/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapter.java delete mode 100644 certService/src/main/java/org/onap/aaf/certservice/certification/adapter/RsaContentSignerBuilder.java delete mode 100644 certService/src/main/java/org/onap/aaf/certservice/certification/adapter/X509CertificateBuilder.java create mode 100644 certService/src/test/java/org/onap/aaf/certservice/certification/RsaContentSignerBuilderTest.java create mode 100644 certService/src/test/java/org/onap/aaf/certservice/certification/X509CertificateBuilderTest.java delete mode 100644 certService/src/test/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapterTest.java delete mode 100644 certService/src/test/java/org/onap/aaf/certservice/certification/adapter/RsaContentSignerBuilderTest.java delete mode 100644 certService/src/test/java/org/onap/aaf/certservice/certification/adapter/X509CertificateBuilderTest.java diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/CertificateFactoryProvider.java b/certService/src/main/java/org/onap/aaf/certservice/certification/CertificateFactoryProvider.java new file mode 100644 index 00000000..b633f905 --- /dev/null +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/CertificateFactoryProvider.java @@ -0,0 +1,42 @@ +/* + * ============LICENSE_START======================================================= + * Cert Service + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.certification; + +import java.io.InputStream; +import java.security.NoSuchProviderException; +import java.security.Security; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.springframework.stereotype.Component; + +@Component +public class CertificateFactoryProvider { + + static { + Security.addProvider(new BouncyCastleProvider()); + } + + X509Certificate generateCertificate(InputStream inStream) throws CertificateException, NoSuchProviderException { + return (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(inStream); + } +} diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationProvider.java b/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationProvider.java index 6068237c..4435aa75 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationProvider.java +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationProvider.java @@ -20,27 +20,58 @@ package org.onap.aaf.certservice.certification; -import org.onap.aaf.certservice.certification.adapter.Cmpv2ClientAdapter; +import org.bouncycastle.openssl.jcajce.JcaMiscPEMGenerator; +import org.bouncycastle.util.io.pem.PemObjectGenerator; +import org.bouncycastle.util.io.pem.PemWriter; import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server; import org.onap.aaf.certservice.certification.model.CertificationModel; import org.onap.aaf.certservice.certification.model.CsrModel; +import org.onap.aaf.certservice.cmpv2client.api.CmpClient; import org.onap.aaf.certservice.cmpv2client.exceptions.CmpClientException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import java.io.IOException; +import java.io.StringWriter; +import java.security.cert.X509Certificate; +import java.util.List; +import java.util.stream.Collectors; + @Service public class CertificationProvider { - private final Cmpv2ClientAdapter cmpv2ClientAdapter; + private static final Logger LOGGER = LoggerFactory.getLogger(CertificationProvider.class); + + private final CmpClient cmpClient; @Autowired - public CertificationProvider(Cmpv2ClientAdapter cmpv2ClientAdapter) { - this.cmpv2ClientAdapter = cmpv2ClientAdapter; + public CertificationProvider(CmpClient cmpClient) { + this.cmpClient = cmpClient; } - CertificationModel signCsr(CsrModel csrModel, Cmpv2Server server) + public CertificationModel signCsr(CsrModel csrModel, Cmpv2Server server) throws CmpClientException { - return cmpv2ClientAdapter.callCmpClient(csrModel, server); + List> certificates = cmpClient.createCertificate(csrModel, server); + return new CertificationModel(convertFromX509CertificateListToPemList(certificates.get(0)), + convertFromX509CertificateListToPemList(certificates.get(1))); + } + + private static List convertFromX509CertificateListToPemList(List certificates) { + return certificates.stream().map(CertificationProvider::convertFromX509CertificateToPem).filter(cert -> !cert.isEmpty()) + .collect(Collectors.toList()); + } + + private static String convertFromX509CertificateToPem(X509Certificate certificate) { + StringWriter sw = new StringWriter(); + try (PemWriter pw = new PemWriter(sw)) { + PemObjectGenerator gen = new JcaMiscPEMGenerator(certificate); + pw.writeObject(gen); + } catch (IOException e) { + LOGGER.error("Exception occurred during convert of X509 certificate", e); + } + return sw.toString(); } } diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/RsaContentSignerBuilder.java b/certService/src/main/java/org/onap/aaf/certservice/certification/RsaContentSignerBuilder.java new file mode 100644 index 00000000..12f00f9c --- /dev/null +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/RsaContentSignerBuilder.java @@ -0,0 +1,46 @@ +/* + * ============LICENSE_START======================================================= + * Cert Service + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.certification; + +import java.io.IOException; +import java.security.PrivateKey; +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.crypto.util.PrivateKeyFactory; +import org.bouncycastle.operator.ContentSigner; +import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder; +import org.bouncycastle.operator.OperatorCreationException; +import org.bouncycastle.operator.bc.BcRSAContentSignerBuilder; +import org.bouncycastle.pkcs.PKCS10CertificationRequest; +import org.springframework.stereotype.Component; + +@Component +public class RsaContentSignerBuilder { + + ContentSigner build(PKCS10CertificationRequest csr, PrivateKey privateKey) + throws IOException, OperatorCreationException { + AlgorithmIdentifier sigAlgId = csr.getSignatureAlgorithm(); + AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId); + + return new BcRSAContentSignerBuilder(sigAlgId, digAlgId) + .build(PrivateKeyFactory.createKey(privateKey.getEncoded())); + } + +} diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/X509CertificateBuilder.java b/certService/src/main/java/org/onap/aaf/certservice/certification/X509CertificateBuilder.java new file mode 100644 index 00000000..70591759 --- /dev/null +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/X509CertificateBuilder.java @@ -0,0 +1,56 @@ +/* + * ============LICENSE_START======================================================= + * Cert Service + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.certification; + +import java.io.IOException; +import java.math.BigInteger; +import java.security.SecureRandom; +import java.time.LocalDateTime; +import java.time.ZoneOffset; +import java.util.Date; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; +import org.bouncycastle.cert.X509v3CertificateBuilder; +import org.bouncycastle.pkcs.PKCS10CertificationRequest; +import org.springframework.stereotype.Component; + +@Component +public class X509CertificateBuilder { + + private static final int SECURE_NEXT_BYTES = 16; + private static final int VALID_PERIOD_IN_DAYS = 365; + + public X509v3CertificateBuilder build(PKCS10CertificationRequest csr) throws IOException { + return new X509v3CertificateBuilder(csr.getSubject(), createSerial(), + Date.from(LocalDateTime.now().toInstant(ZoneOffset.UTC)), + Date.from(LocalDateTime.now().plusDays(VALID_PERIOD_IN_DAYS).toInstant(ZoneOffset.UTC)), + new PKCS10CertificationRequest(csr.getEncoded()).getSubject(), + SubjectPublicKeyInfo.getInstance(ASN1Sequence.getInstance(csr.getSubjectPublicKeyInfo().getEncoded()))); + + } + + private BigInteger createSerial() { + byte[] serial = new byte[SECURE_NEXT_BYTES]; + new SecureRandom().nextBytes(serial); + return new BigInteger(serial).abs(); + } + +} diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/CertificateFactoryProvider.java b/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/CertificateFactoryProvider.java deleted file mode 100644 index 79f59363..00000000 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/CertificateFactoryProvider.java +++ /dev/null @@ -1,42 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * Cert Service - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aaf.certservice.certification.adapter; - -import java.io.InputStream; -import java.security.NoSuchProviderException; -import java.security.Security; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; -import java.security.cert.X509Certificate; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.springframework.stereotype.Component; - -@Component -public class CertificateFactoryProvider { - - static { - Security.addProvider(new BouncyCastleProvider()); - } - - X509Certificate generateCertificate(InputStream inStream) throws CertificateException, NoSuchProviderException { - return (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(inStream); - } -} diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapter.java b/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapter.java deleted file mode 100644 index 96fe4607..00000000 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapter.java +++ /dev/null @@ -1,85 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * Cert Service - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aaf.certservice.certification.adapter; - -import java.io.IOException; -import java.io.StringWriter; -import java.security.cert.X509Certificate; -import java.util.List; -import java.util.stream.Collectors; - -import org.bouncycastle.openssl.jcajce.JcaMiscPEMGenerator; -import org.bouncycastle.util.io.pem.PemObjectGenerator; -import org.bouncycastle.util.io.pem.PemWriter; -import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server; -import org.onap.aaf.certservice.certification.model.CertificationModel; -import org.onap.aaf.certservice.certification.model.CsrModel; -import org.onap.aaf.certservice.cmpv2client.api.CmpClient; -import org.onap.aaf.certservice.cmpv2client.exceptions.CmpClientException; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Component; - -@Component -public class Cmpv2ClientAdapter { - - private static final Logger LOGGER = LoggerFactory.getLogger(Cmpv2ClientAdapter.class); - - private final CmpClient cmpClient; - - @Autowired - public Cmpv2ClientAdapter(CmpClient cmpClient) { - this.cmpClient = cmpClient; - } - - /** - * Uses CmpClient to call to Cmp Server and gather certificates data - * - * @param csrModel Certificate Signing Request from Service external API - * @param server Cmp Server configuration from cmpServers.json - * @return container for returned certificates - * @throws CmpClientException Exceptions which comes from Cmp Client - */ - public CertificationModel callCmpClient(CsrModel csrModel, Cmpv2Server server) - throws CmpClientException { - List> certificates = cmpClient.createCertificate(csrModel, server); - return new CertificationModel(convertFromX509CertificateListToPemList(certificates.get(0)), - convertFromX509CertificateListToPemList(certificates.get(1))); - } - - private String convertFromX509CertificateToPem(X509Certificate certificate) { - StringWriter sw = new StringWriter(); - try (PemWriter pw = new PemWriter(sw)) { - PemObjectGenerator gen = new JcaMiscPEMGenerator(certificate); - pw.writeObject(gen); - } catch (IOException e) { - LOGGER.error("Exception occurred during convert of X509 certificate", e); - } - return sw.toString(); - } - - private List convertFromX509CertificateListToPemList(List certificates) { - return certificates.stream().map(this::convertFromX509CertificateToPem).filter(cert -> !cert.isEmpty()) - .collect(Collectors.toList()); - } - -} diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/RsaContentSignerBuilder.java b/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/RsaContentSignerBuilder.java deleted file mode 100644 index bda89235..00000000 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/RsaContentSignerBuilder.java +++ /dev/null @@ -1,46 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * Cert Service - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aaf.certservice.certification.adapter; - -import java.io.IOException; -import java.security.PrivateKey; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.crypto.util.PrivateKeyFactory; -import org.bouncycastle.operator.ContentSigner; -import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.operator.bc.BcRSAContentSignerBuilder; -import org.bouncycastle.pkcs.PKCS10CertificationRequest; -import org.springframework.stereotype.Component; - -@Component -public class RsaContentSignerBuilder { - - ContentSigner build(PKCS10CertificationRequest csr, PrivateKey privateKey) - throws IOException, OperatorCreationException { - AlgorithmIdentifier sigAlgId = csr.getSignatureAlgorithm(); - AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId); - - return new BcRSAContentSignerBuilder(sigAlgId, digAlgId) - .build(PrivateKeyFactory.createKey(privateKey.getEncoded())); - } - -} diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/X509CertificateBuilder.java b/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/X509CertificateBuilder.java deleted file mode 100644 index f96cec8e..00000000 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/X509CertificateBuilder.java +++ /dev/null @@ -1,56 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * Cert Service - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aaf.certservice.certification.adapter; - -import java.io.IOException; -import java.math.BigInteger; -import java.security.SecureRandom; -import java.time.LocalDateTime; -import java.time.ZoneOffset; -import java.util.Date; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.cert.X509v3CertificateBuilder; -import org.bouncycastle.pkcs.PKCS10CertificationRequest; -import org.springframework.stereotype.Component; - -@Component -public class X509CertificateBuilder { - - private static final int SECURE_NEXT_BYTES = 16; - private static final int VALID_PERIOD_IN_DAYS = 365; - - X509v3CertificateBuilder build(PKCS10CertificationRequest csr) throws IOException { - return new X509v3CertificateBuilder(csr.getSubject(), createSerial(), - Date.from(LocalDateTime.now().toInstant(ZoneOffset.UTC)), - Date.from(LocalDateTime.now().plusDays(VALID_PERIOD_IN_DAYS).toInstant(ZoneOffset.UTC)), - new PKCS10CertificationRequest(csr.getEncoded()).getSubject(), - SubjectPublicKeyInfo.getInstance(ASN1Sequence.getInstance(csr.getSubjectPublicKeyInfo().getEncoded()))); - - } - - private BigInteger createSerial() { - byte[] serial = new byte[SECURE_NEXT_BYTES]; - new SecureRandom().nextBytes(serial); - return new BigInteger(serial).abs(); - } - -} diff --git a/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpClientImpl.java b/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpClientImpl.java index 08c43031..28731f29 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpClientImpl.java +++ b/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpClientImpl.java @@ -66,6 +66,7 @@ public class CmpClientImpl implements CmpClient { private final CloseableHttpClient httpClient; private static final String DEFAULT_CA_NAME = "Certification Authority"; + private static final String DEFAULT_PROFILE = CaMode.RA.getProfile(); public CmpClientImpl(CloseableHttpClient httpClient) { this.httpClient = httpClient; @@ -202,11 +203,10 @@ public class CmpClientImpl implements CmpClient { final Date notBefore, final Date notAfter) { - String caName = CmpUtil.isNullOrEmpty(server.getCaName()) ? server.getCaName() : DEFAULT_CA_NAME; - String caProfile = server.getCaMode() != null ? String.valueOf(server.getCaMode()) : String.valueOf(CaMode.RA); + String profile = server.getCaMode() != null ? server.getCaMode().getProfile() : DEFAULT_PROFILE; LOG.info( - "Validate before creating Certificate Request for CA :{} in Mode {} ", caName, caProfile); + "Validate before creating Certificate Request for CA :{} in Mode {} ", caName, profile); CmpUtil.notNull(csrModel, "CsrModel Instance"); CmpUtil.notNull(csrModel.getSubjectData(), "Subject DN"); diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/CertificationProviderTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/CertificationProviderTest.java index f75bd608..cf3c7233 100644 --- a/certService/src/test/java/org/onap/aaf/certservice/certification/CertificationProviderTest.java +++ b/certService/src/test/java/org/onap/aaf/certservice/certification/CertificationProviderTest.java @@ -20,65 +20,89 @@ package org.onap.aaf.certservice.certification; +import org.apache.commons.io.IOUtils; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.junit.jupiter.api.extension.ExtendWith; import org.mockito.Mock; import org.mockito.junit.jupiter.MockitoExtension; -import org.onap.aaf.certservice.certification.adapter.Cmpv2ClientAdapter; import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server; -import org.onap.aaf.certservice.certification.exception.Cmpv2ClientAdapterException; -import org.onap.aaf.certservice.certification.exception.DecryptionException; import org.onap.aaf.certservice.certification.model.CertificationModel; import org.onap.aaf.certservice.certification.model.CsrModel; +import org.onap.aaf.certservice.cmpv2client.api.CmpClient; import org.onap.aaf.certservice.cmpv2client.exceptions.CmpClientException; +import java.io.IOException; +import java.io.InputStream; +import java.nio.charset.StandardCharsets; +import java.security.NoSuchProviderException; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; +import java.util.Arrays; +import java.util.Collections; +import java.util.List; +import java.util.Objects; + import static org.assertj.core.api.Assertions.assertThat; import static org.junit.jupiter.api.Assertions.assertThrows; -import static org.mockito.ArgumentMatchers.eq; -import static org.mockito.Mockito.mock; +import static org.mockito.ArgumentMatchers.any; import static org.mockito.Mockito.when; @ExtendWith(MockitoExtension.class) class CertificationProviderTest { - private CertificationProvider certificationProvider; - @Mock - private Cmpv2ClientAdapter cmpv2ClientAdapter; + private CsrModel csrModel; + @Mock + private Cmpv2Server server; + @Mock + private CsrModel testCsrModel; + @Mock + private Cmpv2Server testServer; + @Mock + private CmpClient cmpClient; + + private CertificationProvider certificationProvider; @BeforeEach - void setUp() { - certificationProvider = new CertificationProvider(cmpv2ClientAdapter); + public void init() { + certificationProvider = new CertificationProvider(cmpClient); } @Test - void certificationProviderShouldReturnCertificationModelWhenProvidedProperCsrModelAndCmpv2Server() - throws CmpClientException, Cmpv2ClientAdapterException { - // Given - CsrModel testCsrModel = mock(CsrModel.class); - Cmpv2Server testServer = mock(Cmpv2Server.class); - CertificationModel expectedCertificationModel = mock(CertificationModel.class); + void shouldConvertToCertificationModel() + throws CertificateException, NoSuchProviderException, IOException, CmpClientException { + // When when( - cmpv2ClientAdapter.callCmpClient(eq(testCsrModel), eq(testServer)) - ).thenReturn(expectedCertificationModel); + cmpClient.createCertificate(any(CsrModel.class), any(Cmpv2Server.class)) + ).thenReturn(createCorrectClientResponse()); - // When - CertificationModel receivedCertificationModel = certificationProvider.signCsr(testCsrModel, testServer); + CertificationModel certificationModel = certificationProvider.signCsr(csrModel, server); // Then - assertThat(receivedCertificationModel).isEqualTo(expectedCertificationModel); + InputStream certificate = getClass().getClassLoader().getResourceAsStream("certificateModelChain.first"); + InputStream trustedCertificate = + getClass().getClassLoader().getResourceAsStream("trustedCertificatesModel.first"); + String certificateModel = removeLineEndings(certificationModel.getCertificateChain().get(0)); + String expectedCertificate = + removeLineEndings(IOUtils.toString(Objects.requireNonNull(certificate), StandardCharsets.UTF_8)); + String trustedCertificateModel = removeLineEndings(certificationModel.getTrustedCertificates().get(0)); + String expectedTrustedCertificate = + removeLineEndings(IOUtils.toString(Objects.requireNonNull(trustedCertificate), StandardCharsets.UTF_8)); + + assertThat(certificateModel).isEqualTo(expectedCertificate); + assertThat(trustedCertificateModel).isEqualTo(expectedTrustedCertificate); } + @Test void certificationProviderThrowCmpClientWhenCallingClientFails() - throws CmpClientException, Cmpv2ClientAdapterException { + throws CmpClientException { // Given - CsrModel testCsrModel = mock(CsrModel.class); - Cmpv2Server testServer = mock(Cmpv2Server.class); String expectedErrorMessage = "connecting to CMP client failed"; + when( - cmpv2ClientAdapter.callCmpClient(eq(testCsrModel), eq(testServer)) + cmpClient.createCertificate(any(CsrModel.class), any(Cmpv2Server.class)) ).thenThrow(new CmpClientException(expectedErrorMessage)); // When @@ -91,4 +115,18 @@ class CertificationProviderTest { assertThat(exception.getMessage()).isEqualTo(expectedErrorMessage); } + private List> createCorrectClientResponse() + throws CertificateException, NoSuchProviderException { + InputStream certificateChain = getClass().getClassLoader().getResourceAsStream("certificateChain.first"); + InputStream trustedCertificate = getClass().getClassLoader().getResourceAsStream("trustedCertificates.first"); + X509Certificate x509Certificate = new CertificateFactoryProvider().generateCertificate(certificateChain); + X509Certificate x509TrustedCertificate = + new CertificateFactoryProvider().generateCertificate(trustedCertificate); + return Arrays.asList(Collections.singletonList(x509Certificate), + Collections.singletonList(x509TrustedCertificate)); + } + + private String removeLineEndings(String string) { + return string.replace("\n", "").replace("\r", ""); + } } diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/RsaContentSignerBuilderTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/RsaContentSignerBuilderTest.java new file mode 100644 index 00000000..0083968d --- /dev/null +++ b/certService/src/test/java/org/onap/aaf/certservice/certification/RsaContentSignerBuilderTest.java @@ -0,0 +1,63 @@ +/* + * ============LICENSE_START======================================================= + * PROJECT + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.certification; + +import org.bouncycastle.operator.ContentSigner; +import org.bouncycastle.operator.OperatorCreationException; +import org.bouncycastle.pkcs.PKCS10CertificationRequest; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.onap.aaf.certservice.certification.RsaContentSignerBuilder; +import org.onap.aaf.certservice.certification.exception.DecryptionException; +import org.onap.aaf.certservice.certification.model.CsrModel; + +import java.io.IOException; +import java.security.PrivateKey; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.onap.aaf.certservice.certification.TestUtils.createCsrModel; + +class RsaContentSignerBuilderTest { + + private RsaContentSignerBuilder rsaContentSignerBuilder; + + @BeforeEach + void setUp() { + rsaContentSignerBuilder = new RsaContentSignerBuilder(); + } + + @Test + void shouldBuildProperContentSignerWhenProvidedCertificationRequestAndPrivateKey() + throws IOException, OperatorCreationException, DecryptionException { + // Given + CsrModel testCsrModel = createCsrModel(); + PKCS10CertificationRequest testCertificationRequest = testCsrModel.getCsr(); + PrivateKey testPrivateKey = testCsrModel.getPrivateKey(); + + // When + ContentSigner createdContentSigner = rsaContentSignerBuilder.build(testCertificationRequest, testPrivateKey); + + // Then + assertThat(createdContentSigner.getAlgorithmIdentifier()) + .isEqualTo(testCertificationRequest.getSignatureAlgorithm()); + } + +} diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/X509CertificateBuilderTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/X509CertificateBuilderTest.java new file mode 100644 index 00000000..067f2f5f --- /dev/null +++ b/certService/src/test/java/org/onap/aaf/certservice/certification/X509CertificateBuilderTest.java @@ -0,0 +1,69 @@ +/* + * ============LICENSE_START======================================================= + * PROJECT + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.certification; + +import org.bouncycastle.cert.X509CertificateHolder; +import org.bouncycastle.cert.X509v3CertificateBuilder; +import org.bouncycastle.operator.ContentSigner; +import org.bouncycastle.operator.OperatorCreationException; +import org.bouncycastle.pkcs.PKCS10CertificationRequest; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.onap.aaf.certservice.certification.exception.DecryptionException; +import org.onap.aaf.certservice.certification.model.CsrModel; + +import java.io.IOException; +import java.security.PrivateKey; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.onap.aaf.certservice.certification.TestUtils.createCsrModel; + +public class X509CertificateBuilderTest { + + private X509CertificateBuilder certificateBuilder; + + + @BeforeEach + void setUp() { + certificateBuilder = new X509CertificateBuilder(); + } + + @Test + void shouldBuildCertificateBuilderWhenGivenProperCertificationRequest() + throws DecryptionException, IOException, OperatorCreationException { + // Given + CsrModel testCsrModel = createCsrModel(); + PKCS10CertificationRequest testCertificationRequest = testCsrModel.getCsr(); + PrivateKey testPrivateKey = testCsrModel.getPrivateKey(); + RsaContentSignerBuilder rsaContentSignerBuilder = new RsaContentSignerBuilder(); + ContentSigner createdContentSigner = rsaContentSignerBuilder.build(testCertificationRequest, testPrivateKey); + + // When + X509v3CertificateBuilder certificateBuilder = this.certificateBuilder.build(testCertificationRequest); + X509CertificateHolder certificateHolder = certificateBuilder.build(createdContentSigner); + + // Then + assertThat(certificateHolder.getIssuer()) + .isEqualToComparingFieldByField(testCsrModel.getSubjectData()); + assertThat(certificateHolder.getSubjectPublicKeyInfo()) + .isEqualToComparingFieldByField(testCertificationRequest.getSubjectPublicKeyInfo()); + } +} diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapterTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapterTest.java deleted file mode 100644 index 56a29e85..00000000 --- a/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapterTest.java +++ /dev/null @@ -1,161 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * Cert Service - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aaf.certservice.certification.adapter; - -import java.io.IOException; -import java.io.InputStream; -import java.nio.charset.StandardCharsets; -import java.security.NoSuchProviderException; -import java.security.PrivateKey; -import java.security.cert.CertificateException; -import java.security.cert.X509Certificate; -import java.util.Arrays; -import java.util.Collections; -import java.util.List; -import java.util.Objects; - -import org.apache.commons.io.IOUtils; -import org.bouncycastle.asn1.x509.Certificate; -import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.cert.X509v3CertificateBuilder; -import org.bouncycastle.operator.ContentSigner; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.pkcs.PKCS10CertificationRequest; -import org.junit.jupiter.api.Assertions; -import org.junit.jupiter.api.Test; -import org.mockito.InjectMocks; -import org.mockito.Mock; -import org.mockito.Mockito; -import org.onap.aaf.certservice.certification.configuration.model.CaMode; -import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server; -import org.onap.aaf.certservice.certification.model.CertificationModel; -import org.onap.aaf.certservice.certification.model.CsrModel; -import org.onap.aaf.certservice.cmpv2client.api.CmpClient; -import org.onap.aaf.certservice.cmpv2client.exceptions.CmpClientException; -import org.springframework.boot.test.context.SpringBootTest; - -@SpringBootTest -class Cmpv2ClientAdapterTest { - - @Mock - private CmpClient cmpClient; - @Mock - private CsrModel csrModel; - @Mock - private Cmpv2Server server; - @Mock - private RsaContentSignerBuilder rsaContentSignerBuilder; - @Mock - private X509CertificateBuilder x509CertificateBuilder; - @Mock - private PKCS10CertificationRequest csr; - @Mock - private PrivateKey privateKey; - @Mock - private X509v3CertificateBuilder x509V3CertificateBuilder; - @Mock - private ContentSigner contentSigner; - @Mock - private X509CertificateHolder holder; - @Mock - private Certificate asn1Certificate; - @Mock - private X509Certificate certificate; - @Mock - private CertificateFactoryProvider certificateFactoryProvider; - - @InjectMocks - private Cmpv2ClientAdapter adapter; - - private static final CaMode CA_MODEL = CaMode.CLIENT; - private static final String TEST_MSG = "Test"; - - @Test - void adapterShouldRethrowClientExceptionOnFailure() - throws CmpClientException, IOException, OperatorCreationException, CertificateException, - NoSuchProviderException { - // Given - stubInternalProperties(); - - // When - Mockito.when(cmpClient.createCertificate(Mockito.any(), Mockito.any())) - .thenThrow(new CmpClientException(TEST_MSG)); - - // Then - Assertions.assertThrows(CmpClientException.class, () -> adapter.callCmpClient(csrModel, server)); - } - - @Test - void shouldConvertToCertificationModel() - throws OperatorCreationException, CertificateException, NoSuchProviderException, IOException, - CmpClientException { - // Given - stubInternalProperties(); - - // When - Mockito.when(cmpClient.createCertificate(Mockito.any(), Mockito.any())) - .thenReturn(createCorrectClientResponse()); - CertificationModel certificationModel = adapter.callCmpClient(csrModel, server); - - // Then - InputStream certificate = getClass().getClassLoader().getResourceAsStream("certificateModelChain.first"); - InputStream trustedCertificate = - getClass().getClassLoader().getResourceAsStream("trustedCertificatesModel.first"); - String certificateModel = removeLineEndings(certificationModel.getCertificateChain().get(0)); - String expectedCertificate = - removeLineEndings(IOUtils.toString(Objects.requireNonNull(certificate), StandardCharsets.UTF_8)); - String trustedCertificateModel = removeLineEndings(certificationModel.getTrustedCertificates().get(0)); - String expectedTrustedCertificate = - removeLineEndings(IOUtils.toString(Objects.requireNonNull(trustedCertificate), StandardCharsets.UTF_8)); - - Assertions.assertEquals(certificateModel, expectedCertificate); - Assertions.assertEquals(trustedCertificateModel, expectedTrustedCertificate); - } - - private List> createCorrectClientResponse() - throws CertificateException, NoSuchProviderException { - InputStream certificateChain = getClass().getClassLoader().getResourceAsStream("certificateChain.first"); - InputStream trustedCertificate = getClass().getClassLoader().getResourceAsStream("trustedCertificates.first"); - X509Certificate x509Certificate = new CertificateFactoryProvider().generateCertificate(certificateChain); - X509Certificate x509TrustedCertificate = - new CertificateFactoryProvider().generateCertificate(trustedCertificate); - return Arrays.asList(Collections.singletonList(x509Certificate), - Collections.singletonList(x509TrustedCertificate)); - } - - private String removeLineEndings(String string) { - return string.replace("\n", "").replace("\r", ""); - } - - private void stubInternalProperties() - throws IOException, OperatorCreationException, CertificateException, NoSuchProviderException { - Mockito.when(server.getCaMode()).thenReturn(CA_MODEL); - Mockito.when(csrModel.getCsr()).thenReturn(csr); - Mockito.when(csrModel.getPrivateKey()).thenReturn(privateKey); - Mockito.when(x509CertificateBuilder.build(csr)).thenReturn(x509V3CertificateBuilder); - Mockito.when(rsaContentSignerBuilder.build(csr, privateKey)).thenReturn(contentSigner); - Mockito.when(x509V3CertificateBuilder.build(contentSigner)).thenReturn(holder); - Mockito.when(holder.toASN1Structure()).thenReturn(asn1Certificate); - Mockito.when(certificateFactoryProvider.generateCertificate(Mockito.any())).thenReturn(certificate); - Mockito.when(holder.toASN1Structure().getEncoded()).thenReturn("".getBytes()); - } - -} diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/RsaContentSignerBuilderTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/RsaContentSignerBuilderTest.java deleted file mode 100644 index 44669216..00000000 --- a/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/RsaContentSignerBuilderTest.java +++ /dev/null @@ -1,62 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * PROJECT - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aaf.certservice.certification.adapter; - -import org.bouncycastle.operator.ContentSigner; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.pkcs.PKCS10CertificationRequest; -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; -import org.onap.aaf.certservice.certification.exception.DecryptionException; -import org.onap.aaf.certservice.certification.model.CsrModel; - -import java.io.IOException; -import java.security.PrivateKey; - -import static org.assertj.core.api.Assertions.assertThat; -import static org.onap.aaf.certservice.certification.TestUtils.createCsrModel; - -class RsaContentSignerBuilderTest { - - private RsaContentSignerBuilder rsaContentSignerBuilder; - - @BeforeEach - void setUp() { - rsaContentSignerBuilder = new RsaContentSignerBuilder(); - } - - @Test - void shouldBuildProperContentSignerWhenProvidedCertificationRequestAndPrivateKey() - throws IOException, OperatorCreationException, DecryptionException { - // Given - CsrModel testCsrModel = createCsrModel(); - PKCS10CertificationRequest testCertificationRequest = testCsrModel.getCsr(); - PrivateKey testPrivateKey = testCsrModel.getPrivateKey(); - - // When - ContentSigner createdContentSigner = rsaContentSignerBuilder.build(testCertificationRequest, testPrivateKey); - - // Then - assertThat(createdContentSigner.getAlgorithmIdentifier()) - .isEqualTo(testCertificationRequest.getSignatureAlgorithm()); - } - -} diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/X509CertificateBuilderTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/X509CertificateBuilderTest.java deleted file mode 100644 index d53c6c72..00000000 --- a/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/X509CertificateBuilderTest.java +++ /dev/null @@ -1,69 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * PROJECT - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aaf.certservice.certification.adapter; - -import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.cert.X509v3CertificateBuilder; -import org.bouncycastle.operator.ContentSigner; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.pkcs.PKCS10CertificationRequest; -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; -import org.onap.aaf.certservice.certification.exception.DecryptionException; -import org.onap.aaf.certservice.certification.model.CsrModel; - -import java.io.IOException; -import java.security.PrivateKey; - -import static org.assertj.core.api.Assertions.assertThat; -import static org.onap.aaf.certservice.certification.TestUtils.createCsrModel; - -public class X509CertificateBuilderTest { - - private X509CertificateBuilder certificateBuilde; - - - @BeforeEach - void setUp() { - certificateBuilde = new X509CertificateBuilder(); - } - - @Test - void shouldBuildCertificateBuilderWhenGivenProperCertificationRequest() - throws DecryptionException, IOException, OperatorCreationException { - // Given - CsrModel testCsrModel = createCsrModel(); - PKCS10CertificationRequest testCertificationRequest = testCsrModel.getCsr(); - PrivateKey testPrivateKey = testCsrModel.getPrivateKey(); - RsaContentSignerBuilder rsaContentSignerBuilder = new RsaContentSignerBuilder(); - ContentSigner createdContentSigner = rsaContentSignerBuilder.build(testCertificationRequest, testPrivateKey); - - // When - X509v3CertificateBuilder certificateBuilder = certificateBuilde.build(testCertificationRequest); - X509CertificateHolder certificateHolder = certificateBuilder.build(createdContentSigner); - - // Then - assertThat(certificateHolder.getIssuer()) - .isEqualToComparingFieldByField(testCsrModel.getSubjectData()); - assertThat(certificateHolder.getSubjectPublicKeyInfo()) - .isEqualToComparingFieldByField(testCertificationRequest.getSubjectPublicKeyInfo()); - } -} -- cgit 1.2.3-korg