From c85a8965e876fde2089582a6468eb02ce18bafd5 Mon Sep 17 00:00:00 2001 From: Bartosz Gardziejewski Date: Wed, 18 Mar 2020 09:38:27 +0100 Subject: Resolve all checkstyle warnings Issue-ID: AAF-1107 Signed-off-by: Bartosz Gardziejewski Change-Id: I28cfc2b82f1a4800a984e30f59ff36fe90bebb38 --- .../certification/CertificationData.java | 3 +- .../certservice/certification/CsrModelFactory.java | 28 ++++--- .../PKCS10CertificationRequestFactory.java | 45 ----------- .../Pkcs10CertificationRequestFactory.java | 45 +++++++++++ .../certification/adapter/CSRMetaBuilder.java | 90 ---------------------- .../certification/adapter/Cmpv2ClientAdapter.java | 24 +++--- .../certification/adapter/CsrMetaBuilder.java | 90 ++++++++++++++++++++++ .../adapter/RSAContentSignerBuilder.java | 45 ----------- .../adapter/RsaContentSignerBuilder.java | 46 +++++++++++ .../configuration/CmpClientConfig.java | 7 +- .../configuration/CmpServersConfigLoader.java | 2 +- .../configuration/model/Authentication.java | 14 ++-- .../certification/configuration/model/CaMode.java | 2 +- .../configuration/model/Cmpv2Server.java | 23 +++--- .../validation/constraints/Cmpv2URL.java | 39 ---------- .../validation/constraints/Cmpv2URLValidator.java | 55 ------------- .../validation/constraints/Cmpv2Url.java | 41 ++++++++++ .../validation/constraints/Cmpv2UrlValidator.java | 55 +++++++++++++ .../violations/PortNumberViolation.java | 2 +- .../violations/RequestTypeViolation.java | 4 +- .../constraints/violations/URLServerViolation.java | 25 ------ .../constraints/violations/UrlServerViolation.java | 25 ++++++ .../exception/CsrDecryptionException.java | 1 + .../exception/DecryptionException.java | 3 + .../exception/KeyDecryptionException.java | 1 + 25 files changed, 369 insertions(+), 346 deletions(-) delete mode 100644 certService/src/main/java/org/onap/aaf/certservice/certification/PKCS10CertificationRequestFactory.java create mode 100644 certService/src/main/java/org/onap/aaf/certservice/certification/Pkcs10CertificationRequestFactory.java delete mode 100644 certService/src/main/java/org/onap/aaf/certservice/certification/adapter/CSRMetaBuilder.java create mode 100644 certService/src/main/java/org/onap/aaf/certservice/certification/adapter/CsrMetaBuilder.java delete mode 100644 certService/src/main/java/org/onap/aaf/certservice/certification/adapter/RSAContentSignerBuilder.java create mode 100644 certService/src/main/java/org/onap/aaf/certservice/certification/adapter/RsaContentSignerBuilder.java delete mode 100644 certService/src/main/java/org/onap/aaf/certservice/certification/configuration/validation/constraints/Cmpv2URL.java delete mode 100644 certService/src/main/java/org/onap/aaf/certservice/certification/configuration/validation/constraints/Cmpv2URLValidator.java create mode 100644 certService/src/main/java/org/onap/aaf/certservice/certification/configuration/validation/constraints/Cmpv2Url.java create mode 100644 certService/src/main/java/org/onap/aaf/certservice/certification/configuration/validation/constraints/Cmpv2UrlValidator.java delete mode 100644 certService/src/main/java/org/onap/aaf/certservice/certification/configuration/validation/constraints/violations/URLServerViolation.java create mode 100644 certService/src/main/java/org/onap/aaf/certservice/certification/configuration/validation/constraints/violations/UrlServerViolation.java (limited to 'certService/src/main/java/org/onap/aaf/certservice/certification') diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationData.java b/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationData.java index a347762e..bce72977 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationData.java +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationData.java @@ -23,7 +23,8 @@ package org.onap.aaf.certservice.certification; final class CertificationData { - private CertificationData() {} + private CertificationData() { + } private static final String BEGIN_CERTIFICATE = "-----BEGIN CERTIFICATE-----\n"; private static final String END_CERTIFICATE = "-----END CERTIFICATE-----"; diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/CsrModelFactory.java b/certService/src/main/java/org/onap/aaf/certservice/certification/CsrModelFactory.java index 501ed6d0..b4f94b93 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/CsrModelFactory.java +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/CsrModelFactory.java @@ -40,8 +40,8 @@ public class CsrModelFactory { private final PemObjectFactory pemObjectFactory = new PemObjectFactory(); - private final PKCS10CertificationRequestFactory certificationRequestFactory - = new PKCS10CertificationRequestFactory(); + private final Pkcs10CertificationRequestFactory certificationRequestFactory + = new Pkcs10CertificationRequestFactory(); public CsrModel createCsrModel(StringBase64 csr, StringBase64 privateKey) @@ -57,15 +57,15 @@ public class CsrModelFactory { return privateKey.asString() .flatMap(pemObjectFactory::createPemObject) .orElseThrow( - () -> new KeyDecryptionException("Incorrect Key, decryption failed") - ); + () -> new KeyDecryptionException("Incorrect Key, decryption failed") + ); } private PKCS10CertificationRequest decodeCsr(StringBase64 csr) throws CsrDecryptionException { return csr.asString() .flatMap(pemObjectFactory::createPemObject) - .flatMap(certificationRequestFactory::createKCS10CertificationRequest) + .flatMap(certificationRequestFactory::createPkcs10CertificationRequest) .orElseThrow( () -> new CsrDecryptionException("Incorrect CSR, decryption failed") ); @@ -84,20 +84,28 @@ public class CsrModelFactory { try { String decodedString = new String(decoder.decode(value)); return Optional.of(decodedString); - } catch(RuntimeException e) { + } catch (RuntimeException e) { LOGGER.error("Exception occurred during decoding:", e); return Optional.empty(); } } @Override - public boolean equals(Object o) { - if (this == o) return true; - if (o == null || getClass() != o.getClass()) return false; - StringBase64 that = (StringBase64) o; + public boolean equals(Object otherObject) { + if (this == otherObject) { + return true; + } + if (otherObject == null || getClass() != otherObject.getClass()) { + return false; + } + StringBase64 that = (StringBase64) otherObject; return Objects.equals(value, that.value); } + @Override + public int hashCode() { + return value.hashCode(); + } } } diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/PKCS10CertificationRequestFactory.java b/certService/src/main/java/org/onap/aaf/certservice/certification/PKCS10CertificationRequestFactory.java deleted file mode 100644 index b255b7c2..00000000 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/PKCS10CertificationRequestFactory.java +++ /dev/null @@ -1,45 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * PROJECT - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aaf.certservice.certification; - -import org.bouncycastle.pkcs.PKCS10CertificationRequest; -import org.bouncycastle.util.encoders.DecoderException; -import org.bouncycastle.util.io.pem.PemObject; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import java.io.IOException; -import java.util.Optional; - -public class PKCS10CertificationRequestFactory { - - private static final Logger LOGGER = LoggerFactory.getLogger(PKCS10CertificationRequestFactory.class); - - public Optional createKCS10CertificationRequest(PemObject pemObject) { - try { - LOGGER.debug("Creating certification request from pem object"); - return Optional.of(new PKCS10CertificationRequest(pemObject.getContent())); - } catch (DecoderException | IOException e) { - LOGGER.error("Exception occurred during creation of certification request:", e); - return Optional.empty(); - } - } -} diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/Pkcs10CertificationRequestFactory.java b/certService/src/main/java/org/onap/aaf/certservice/certification/Pkcs10CertificationRequestFactory.java new file mode 100644 index 00000000..1b00a815 --- /dev/null +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/Pkcs10CertificationRequestFactory.java @@ -0,0 +1,45 @@ +/* + * ============LICENSE_START======================================================= + * PROJECT + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.certification; + +import org.bouncycastle.pkcs.PKCS10CertificationRequest; +import org.bouncycastle.util.encoders.DecoderException; +import org.bouncycastle.util.io.pem.PemObject; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import java.io.IOException; +import java.util.Optional; + +public class Pkcs10CertificationRequestFactory { + + private static final Logger LOGGER = LoggerFactory.getLogger(Pkcs10CertificationRequestFactory.class); + + public Optional createPkcs10CertificationRequest(PemObject pemObject) { + try { + LOGGER.debug("Creating certification request from pem object"); + return Optional.of(new PKCS10CertificationRequest(pemObject.getContent())); + } catch (DecoderException | IOException e) { + LOGGER.error("Exception occurred during creation of certification request:", e); + return Optional.empty(); + } + } +} diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/CSRMetaBuilder.java b/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/CSRMetaBuilder.java deleted file mode 100644 index 1959d638..00000000 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/CSRMetaBuilder.java +++ /dev/null @@ -1,90 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * Cert Service - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aaf.certservice.certification.adapter; - -import java.security.KeyPair; -import java.util.Arrays; -import java.util.Optional; -import java.util.stream.Collectors; - -import org.bouncycastle.asn1.x500.AttributeTypeAndValue; -import org.bouncycastle.asn1.x500.style.BCStyle; -import org.bouncycastle.asn1.x500.style.IETFUtils; -import org.bouncycastle.cert.CertException; -import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server; -import org.onap.aaf.certservice.certification.model.CsrModel; -import org.onap.aaf.certservice.cmpv2client.external.CSRMeta; -import org.onap.aaf.certservice.cmpv2client.external.RDN; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.stereotype.Component; - -@Component -class CSRMetaBuilder { - - private static final Logger LOGGER = LoggerFactory.getLogger(CSRMetaBuilder.class); - - /** - * Creates CSRMeta from CsrModel and Cmpv2Server - * - * @param csrModel Certificate Signing Request from Service external API - * @param server Cmp Server configuration from cmpServers.json - * @return AAF native model for CSR metadata - */ - CSRMeta build(CsrModel csrModel, Cmpv2Server server) { - CSRMeta csrMeta = createCsrMeta(csrModel); - addSans(csrModel, csrMeta); - csrMeta.setKeyPair(new KeyPair(csrModel.getPublicKey(), csrModel.getPrivateKey())); - csrMeta.setPassword(server.getAuthentication().getIak()); - csrMeta.setIssuerName(server.getIssuerDN()); - csrMeta.setCaUrl(server.getUrl()); - csrMeta.setName(csrModel.getSubjectData()); - csrMeta.setSenderKid(server.getAuthentication().getRv()); - return csrMeta; - } - - private CSRMeta createCsrMeta(CsrModel csrModel) { - return new CSRMeta((Arrays.stream(csrModel.getSubjectData().getRDNs()).map(this::convertFromBcRDN) - .filter(Optional::isPresent).map(Optional::get).collect(Collectors.toList()))); - } - - private void addSans(CsrModel csrModel, CSRMeta csrMeta) { - csrModel.getSans().forEach(csrMeta::addSan); - } - - private Optional convertFromBcRDN(org.bouncycastle.asn1.x500.RDN rdn) { - RDN result = null; - try { - result = convertRDN(rdn); - } catch (CertException e) { - LOGGER.error("Exception occurred during convert of RDN", e); - } - return Optional.ofNullable(result); - } - - private RDN convertRDN(org.bouncycastle.asn1.x500.RDN rdn) throws CertException { - AttributeTypeAndValue rdnData = rdn.getFirst(); - String tag = BCStyle.INSTANCE.oidToDisplayName(rdnData.getType()); - String value = IETFUtils.valueToString(rdnData.getValue()); - return new RDN(tag, value); - } - -} diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapter.java b/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapter.java index be39f1f3..c9e61b02 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapter.java +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapter.java @@ -54,15 +54,15 @@ public class Cmpv2ClientAdapter { private static final Logger LOGGER = LoggerFactory.getLogger(Cmpv2ClientAdapter.class); private final CmpClient cmpClient; - private final CSRMetaBuilder csrMetaBuilder; - private final RSAContentSignerBuilder rsaContentSignerBuilder; + private final CsrMetaBuilder csrMetaBuilder; + private final RsaContentSignerBuilder rsaContentSignerBuilder; private final X509CertificateBuilder x509CertificateBuilder; private final CertificateFactoryProvider certificateFactoryProvider; @Autowired - public Cmpv2ClientAdapter(CmpClient cmpClient, CSRMetaBuilder csrMetaBuilder, - RSAContentSignerBuilder rsaContentSignerBuilder, X509CertificateBuilder x509CertificateBuilder, - CertificateFactoryProvider certificateFactoryProvider) { + public Cmpv2ClientAdapter(CmpClient cmpClient, CsrMetaBuilder csrMetaBuilder, + RsaContentSignerBuilder rsaContentSignerBuilder, X509CertificateBuilder x509CertificateBuilder, + CertificateFactoryProvider certificateFactoryProvider) { this.cmpClient = cmpClient; this.csrMetaBuilder = csrMetaBuilder; this.rsaContentSignerBuilder = rsaContentSignerBuilder; @@ -83,12 +83,12 @@ public class Cmpv2ClientAdapter { throws CmpClientException, Cmpv2ClientAdapterException { List> certificates = cmpClient.createCertificate(server.getCaName(), server.getCaMode().getProfile(), csrMetaBuilder.build(csrModel, server), - convertCSRToX509Certificate(csrModel.getCsr(), csrModel.getPrivateKey())); - return new CertificationModel(convertFromX509CertificateListToPEMList(certificates.get(0)), - convertFromX509CertificateListToPEMList(certificates.get(1))); + convertCsrToX509Certificate(csrModel.getCsr(), csrModel.getPrivateKey())); + return new CertificationModel(convertFromX509CertificateListToPemList(certificates.get(0)), + convertFromX509CertificateListToPemList(certificates.get(1))); } - private String convertFromX509CertificateToPEM(X509Certificate certificate) { + private String convertFromX509CertificateToPem(X509Certificate certificate) { StringWriter sw = new StringWriter(); try (PemWriter pw = new PemWriter(sw)) { PemObjectGenerator gen = new JcaMiscPEMGenerator(certificate); @@ -99,7 +99,7 @@ public class Cmpv2ClientAdapter { return sw.toString(); } - private X509Certificate convertCSRToX509Certificate(PKCS10CertificationRequest csr, PrivateKey privateKey) + private X509Certificate convertCsrToX509Certificate(PKCS10CertificationRequest csr, PrivateKey privateKey) throws Cmpv2ClientAdapterException { try { X509v3CertificateBuilder certificateGenerator = x509CertificateBuilder.build(csr); @@ -112,8 +112,8 @@ public class Cmpv2ClientAdapter { } } - private List convertFromX509CertificateListToPEMList(List certificates) { - return certificates.stream().map(this::convertFromX509CertificateToPEM).filter(cert -> !cert.isEmpty()) + private List convertFromX509CertificateListToPemList(List certificates) { + return certificates.stream().map(this::convertFromX509CertificateToPem).filter(cert -> !cert.isEmpty()) .collect(Collectors.toList()); } diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/CsrMetaBuilder.java b/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/CsrMetaBuilder.java new file mode 100644 index 00000000..cf35efa1 --- /dev/null +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/CsrMetaBuilder.java @@ -0,0 +1,90 @@ +/* + * ============LICENSE_START======================================================= + * Cert Service + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.certification.adapter; + +import java.security.KeyPair; +import java.util.Arrays; +import java.util.Optional; +import java.util.stream.Collectors; + +import org.bouncycastle.asn1.x500.AttributeTypeAndValue; +import org.bouncycastle.asn1.x500.style.BCStyle; +import org.bouncycastle.asn1.x500.style.IETFUtils; +import org.bouncycastle.cert.CertException; +import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server; +import org.onap.aaf.certservice.certification.model.CsrModel; +import org.onap.aaf.certservice.cmpv2client.external.CsrMeta; +import org.onap.aaf.certservice.cmpv2client.external.Rdn; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.stereotype.Component; + +@Component +class CsrMetaBuilder { + + private static final Logger LOGGER = LoggerFactory.getLogger(CsrMetaBuilder.class); + + /** + * Creates CSRMeta from CsrModel and Cmpv2Server + * + * @param csrModel Certificate Signing Request from Service external API + * @param server Cmp Server configuration from cmpServers.json + * @return AAF native model for CSR metadata + */ + CsrMeta build(CsrModel csrModel, Cmpv2Server server) { + CsrMeta csrMeta = createCsrMeta(csrModel); + addSans(csrModel, csrMeta); + csrMeta.setKeyPair(new KeyPair(csrModel.getPublicKey(), csrModel.getPrivateKey())); + csrMeta.setPassword(server.getAuthentication().getIak()); + csrMeta.setIssuerName(server.getIssuerDN()); + csrMeta.setCaUrl(server.getUrl()); + csrMeta.setName(csrModel.getSubjectData()); + csrMeta.setSenderKid(server.getAuthentication().getRv()); + return csrMeta; + } + + private CsrMeta createCsrMeta(CsrModel csrModel) { + return new CsrMeta((Arrays.stream(csrModel.getSubjectData().getRDNs()).map(this::convertFromBcRdn) + .filter(Optional::isPresent).map(Optional::get).collect(Collectors.toList()))); + } + + private void addSans(CsrModel csrModel, CsrMeta csrMeta) { + csrModel.getSans().forEach(csrMeta::addSan); + } + + private Optional convertFromBcRdn(org.bouncycastle.asn1.x500.RDN rdn) { + Rdn result = null; + try { + result = convertRdn(rdn); + } catch (CertException e) { + LOGGER.error("Exception occurred during convert of RDN", e); + } + return Optional.ofNullable(result); + } + + private Rdn convertRdn(org.bouncycastle.asn1.x500.RDN rdn) throws CertException { + AttributeTypeAndValue rdnData = rdn.getFirst(); + String tag = BCStyle.INSTANCE.oidToDisplayName(rdnData.getType()); + String value = IETFUtils.valueToString(rdnData.getValue()); + return new Rdn(tag, value); + } + +} diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/RSAContentSignerBuilder.java b/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/RSAContentSignerBuilder.java deleted file mode 100644 index 266c22e2..00000000 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/RSAContentSignerBuilder.java +++ /dev/null @@ -1,45 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * Cert Service - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ -package org.onap.aaf.certservice.certification.adapter; - -import java.io.IOException; -import java.security.PrivateKey; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.crypto.util.PrivateKeyFactory; -import org.bouncycastle.operator.ContentSigner; -import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.operator.bc.BcRSAContentSignerBuilder; -import org.bouncycastle.pkcs.PKCS10CertificationRequest; -import org.springframework.stereotype.Component; - -@Component -public class RSAContentSignerBuilder { - - ContentSigner build(PKCS10CertificationRequest csr, PrivateKey privateKey) - throws IOException, OperatorCreationException { - AlgorithmIdentifier sigAlgId = csr.getSignatureAlgorithm(); - AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId); - - return new BcRSAContentSignerBuilder(sigAlgId, digAlgId) - .build(PrivateKeyFactory.createKey(privateKey.getEncoded())); - } - -} diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/RsaContentSignerBuilder.java b/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/RsaContentSignerBuilder.java new file mode 100644 index 00000000..bda89235 --- /dev/null +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/RsaContentSignerBuilder.java @@ -0,0 +1,46 @@ +/* + * ============LICENSE_START======================================================= + * Cert Service + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.certification.adapter; + +import java.io.IOException; +import java.security.PrivateKey; +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.crypto.util.PrivateKeyFactory; +import org.bouncycastle.operator.ContentSigner; +import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder; +import org.bouncycastle.operator.OperatorCreationException; +import org.bouncycastle.operator.bc.BcRSAContentSignerBuilder; +import org.bouncycastle.pkcs.PKCS10CertificationRequest; +import org.springframework.stereotype.Component; + +@Component +public class RsaContentSignerBuilder { + + ContentSigner build(PKCS10CertificationRequest csr, PrivateKey privateKey) + throws IOException, OperatorCreationException { + AlgorithmIdentifier sigAlgId = csr.getSignatureAlgorithm(); + AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId); + + return new BcRSAContentSignerBuilder(sigAlgId, digAlgId) + .build(PrivateKeyFactory.createKey(privateKey.getEncoded())); + } + +} diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/CmpClientConfig.java b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/CmpClientConfig.java index 21b873e6..329098ac 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/CmpClientConfig.java +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/CmpClientConfig.java @@ -17,6 +17,7 @@ * limitations under the License. * ============LICENSE_END========================================================= */ + package org.onap.aaf.certservice.certification.configuration; import org.apache.http.impl.client.CloseableHttpClient; @@ -31,18 +32,18 @@ import org.springframework.web.context.annotation.RequestScope; public class CmpClientConfig { @Bean - CmpClient cmpClient(CloseableHttpClient closeableHttpClient){ + CmpClient cmpClient(CloseableHttpClient closeableHttpClient) { return new CmpClientImpl(closeableHttpClient); } @Bean @RequestScope - CloseableHttpClient closeableHttpClient(HttpClientBuilder httpClientBuilder){ + CloseableHttpClient closeableHttpClient(HttpClientBuilder httpClientBuilder) { return httpClientBuilder.build(); } @Bean - HttpClientBuilder httpClientBuilder(){ + HttpClientBuilder httpClientBuilder() { return HttpClientBuilder.create(); } diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/CmpServersConfigLoader.java b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/CmpServersConfigLoader.java index 1072d630..696ae564 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/CmpServersConfigLoader.java +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/CmpServersConfigLoader.java @@ -40,7 +40,7 @@ class CmpServersConfigLoader { private final Cmpv2ServerConfigurationValidator validator; @Autowired - public CmpServersConfigLoader(Cmpv2ServerConfigurationValidator validator) { + CmpServersConfigLoader(Cmpv2ServerConfigurationValidator validator) { this.validator = validator; } diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/model/Authentication.java b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/model/Authentication.java index 3785cf8e..e4c15518 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/model/Authentication.java +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/model/Authentication.java @@ -25,11 +25,13 @@ import org.hibernate.validator.constraints.Length; public class Authentication { + private static final int MAX_IAK_RV_LENGTH = 256; + @NotNull - @Length(min = 1, max = 256) + @Length(min = 1, max = MAX_IAK_RV_LENGTH) private String iak; @NotNull - @Length(min = 1, max = 256) + @Length(min = 1, max = MAX_IAK_RV_LENGTH) private String rv; public String getIak() { @@ -50,9 +52,9 @@ public class Authentication { @Override public String toString() { - return "Authentication{" + - " iak=*****" + - ", rv=*****" + - '}'; + return "Authentication{" + + " iak=*****" + + ", rv=*****" + + '}'; } } diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/model/CaMode.java b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/model/CaMode.java index 2186b6ff..374feb3b 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/model/CaMode.java +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/model/CaMode.java @@ -29,7 +29,7 @@ public enum CaMode { this.profile = profile; } - public String getProfile(){ + public String getProfile() { return profile; } } diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/model/Cmpv2Server.java b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/model/Cmpv2Server.java index 20b83b82..51d91966 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/model/Cmpv2Server.java +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/model/Cmpv2Server.java @@ -22,23 +22,26 @@ package org.onap.aaf.certservice.certification.configuration.model; import javax.validation.Valid; import javax.validation.constraints.NotNull; + import org.bouncycastle.asn1.x500.X500Name; import org.hibernate.validator.constraints.Length; -import org.onap.aaf.certservice.certification.configuration.validation.constraints.Cmpv2URL; +import org.onap.aaf.certservice.certification.configuration.validation.constraints.Cmpv2Url; public class Cmpv2Server { + private static final int MAX_CA_NAME_LENGTH = 128; + @NotNull @Valid private Authentication authentication; @NotNull private CaMode caMode; @NotNull - @Length(min = 1, max = 128) + @Length(min = 1, max = MAX_CA_NAME_LENGTH) private String caName; @NotNull private X500Name issuerDN; - @Cmpv2URL + @Cmpv2Url private String url; public Authentication getAuthentication() { @@ -83,13 +86,13 @@ public class Cmpv2Server { @Override public String toString() { - return "Cmpv2Server{" + - "authentication=" + authentication + - ", caMode=" + caMode + - ", caName='" + caName + '\'' + - ", issuerDN='" + issuerDN + '\'' + - ", url='" + url + '\'' + - '}'; + return "Cmpv2Server{" + + "authentication=" + authentication + + ", caMode=" + caMode + + ", caName='" + caName + '\'' + + ", issuerDN='" + issuerDN + '\'' + + ", url='" + url + '\'' + + '}'; } } diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/validation/constraints/Cmpv2URL.java b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/validation/constraints/Cmpv2URL.java deleted file mode 100644 index 7c942548..00000000 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/validation/constraints/Cmpv2URL.java +++ /dev/null @@ -1,39 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * PROJECT - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aaf.certservice.certification.configuration.validation.constraints; - -import javax.validation.Constraint; -import javax.validation.Payload; -import java.lang.annotation.Retention; -import java.lang.annotation.Target; - -import static java.lang.annotation.ElementType.ANNOTATION_TYPE; -import static java.lang.annotation.ElementType.FIELD; -import static java.lang.annotation.RetentionPolicy.RUNTIME; - -@Target( { FIELD, ANNOTATION_TYPE }) -@Retention(RUNTIME) -@Constraint(validatedBy = Cmpv2URLValidator.class) -public @interface Cmpv2URL { - String message() default "Server URL is invalid."; - Class[] groups() default {}; - Class[] payload() default {}; -} diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/validation/constraints/Cmpv2URLValidator.java b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/validation/constraints/Cmpv2URLValidator.java deleted file mode 100644 index b3224c45..00000000 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/validation/constraints/Cmpv2URLValidator.java +++ /dev/null @@ -1,55 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * PROJECT - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - - -package org.onap.aaf.certservice.certification.configuration.validation.constraints; - -import org.onap.aaf.certservice.certification.configuration.validation.constraints.violations.PortNumberViolation; -import org.onap.aaf.certservice.certification.configuration.validation.constraints.violations.RequestTypeViolation; -import org.onap.aaf.certservice.certification.configuration.validation.constraints.violations.URLServerViolation; - -import javax.validation.ConstraintValidator; -import javax.validation.ConstraintValidatorContext; -import java.util.Arrays; -import java.util.List; -import java.util.concurrent.atomic.AtomicBoolean; - -class Cmpv2URLValidator implements ConstraintValidator { - - private final List violations; - - public Cmpv2URLValidator() { - this.violations = Arrays.asList( - new PortNumberViolation(), - new RequestTypeViolation() - ); - } - - @Override - public boolean isValid(String url, ConstraintValidatorContext context) { - AtomicBoolean isValid = new AtomicBoolean(true); - violations.forEach(violation -> { - if (!violation.validate(url)) { - isValid.set(false); - } - }); - return isValid.get(); - } -} diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/validation/constraints/Cmpv2Url.java b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/validation/constraints/Cmpv2Url.java new file mode 100644 index 00000000..a5450a25 --- /dev/null +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/validation/constraints/Cmpv2Url.java @@ -0,0 +1,41 @@ +/* + * ============LICENSE_START======================================================= + * PROJECT + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.certification.configuration.validation.constraints; + +import javax.validation.Constraint; +import javax.validation.Payload; +import java.lang.annotation.Retention; +import java.lang.annotation.Target; + +import static java.lang.annotation.ElementType.ANNOTATION_TYPE; +import static java.lang.annotation.ElementType.FIELD; +import static java.lang.annotation.RetentionPolicy.RUNTIME; + +@Target({FIELD, ANNOTATION_TYPE}) +@Retention(RUNTIME) +@Constraint(validatedBy = Cmpv2UrlValidator.class) +public @interface Cmpv2Url { + String message() default "Server URL is invalid."; + + Class[] groups() default {}; + + Class[] payload() default {}; +} diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/validation/constraints/Cmpv2UrlValidator.java b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/validation/constraints/Cmpv2UrlValidator.java new file mode 100644 index 00000000..7ce3bb6c --- /dev/null +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/validation/constraints/Cmpv2UrlValidator.java @@ -0,0 +1,55 @@ +/* + * ============LICENSE_START======================================================= + * PROJECT + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + + +package org.onap.aaf.certservice.certification.configuration.validation.constraints; + +import org.onap.aaf.certservice.certification.configuration.validation.constraints.violations.PortNumberViolation; +import org.onap.aaf.certservice.certification.configuration.validation.constraints.violations.RequestTypeViolation; +import org.onap.aaf.certservice.certification.configuration.validation.constraints.violations.UrlServerViolation; + +import javax.validation.ConstraintValidator; +import javax.validation.ConstraintValidatorContext; +import java.util.Arrays; +import java.util.List; +import java.util.concurrent.atomic.AtomicBoolean; + +class Cmpv2UrlValidator implements ConstraintValidator { + + private final List violations; + + Cmpv2UrlValidator() { + this.violations = Arrays.asList( + new PortNumberViolation(), + new RequestTypeViolation() + ); + } + + @Override + public boolean isValid(String url, ConstraintValidatorContext context) { + AtomicBoolean isValid = new AtomicBoolean(true); + violations.forEach(violation -> { + if (!violation.validate(url)) { + isValid.set(false); + } + }); + return isValid.get(); + } +} diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/validation/constraints/violations/PortNumberViolation.java b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/validation/constraints/violations/PortNumberViolation.java index acde0417..96f30149 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/validation/constraints/violations/PortNumberViolation.java +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/validation/constraints/violations/PortNumberViolation.java @@ -23,7 +23,7 @@ package org.onap.aaf.certservice.certification.configuration.validation.constrai import java.net.MalformedURLException; import java.net.URL; -public class PortNumberViolation implements URLServerViolation { +public class PortNumberViolation implements UrlServerViolation { private static final int MIN_PORT = 1; private static final int MAX_PORT = 65535; diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/validation/constraints/violations/RequestTypeViolation.java b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/validation/constraints/violations/RequestTypeViolation.java index 7fbbdf34..67a5c3c4 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/validation/constraints/violations/RequestTypeViolation.java +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/validation/constraints/violations/RequestTypeViolation.java @@ -27,9 +27,9 @@ import java.util.Collections; import java.util.List; import java.util.concurrent.atomic.AtomicBoolean; -public class RequestTypeViolation implements URLServerViolation { +public class RequestTypeViolation implements UrlServerViolation { - private final static List VALID_REQUESTS = Collections.singletonList("http"); + private static final List VALID_REQUESTS = Collections.singletonList("http"); @Override public boolean validate(String serverUrl) { diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/validation/constraints/violations/URLServerViolation.java b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/validation/constraints/violations/URLServerViolation.java deleted file mode 100644 index e5a110d2..00000000 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/validation/constraints/violations/URLServerViolation.java +++ /dev/null @@ -1,25 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * PROJECT - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aaf.certservice.certification.configuration.validation.constraints.violations; - -public interface URLServerViolation { - boolean validate(String url); -} diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/validation/constraints/violations/UrlServerViolation.java b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/validation/constraints/violations/UrlServerViolation.java new file mode 100644 index 00000000..5452beb4 --- /dev/null +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/validation/constraints/violations/UrlServerViolation.java @@ -0,0 +1,25 @@ +/* + * ============LICENSE_START======================================================= + * PROJECT + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.certification.configuration.validation.constraints.violations; + +public interface UrlServerViolation { + boolean validate(String url); +} diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/exception/CsrDecryptionException.java b/certService/src/main/java/org/onap/aaf/certservice/certification/exception/CsrDecryptionException.java index 0bb46258..ed434e07 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/exception/CsrDecryptionException.java +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/exception/CsrDecryptionException.java @@ -24,6 +24,7 @@ public class CsrDecryptionException extends DecryptionException { public CsrDecryptionException(String message, Throwable cause) { super(message, cause); } + public CsrDecryptionException(String message) { super(message); } diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/exception/DecryptionException.java b/certService/src/main/java/org/onap/aaf/certservice/certification/exception/DecryptionException.java index ee0fb202..6d8f7073 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/exception/DecryptionException.java +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/exception/DecryptionException.java @@ -21,10 +21,13 @@ package org.onap.aaf.certservice.certification.exception; public class DecryptionException extends Exception { + public DecryptionException(String message, Throwable cause) { super(message, cause); } + public DecryptionException(String message) { super(message); } + } diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/exception/KeyDecryptionException.java b/certService/src/main/java/org/onap/aaf/certservice/certification/exception/KeyDecryptionException.java index 7970c393..d4814d6a 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/exception/KeyDecryptionException.java +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/exception/KeyDecryptionException.java @@ -24,6 +24,7 @@ public class KeyDecryptionException extends DecryptionException { public KeyDecryptionException(String message, Throwable cause) { super(message, cause); } + public KeyDecryptionException(String message) { super(message); } -- cgit 1.2.3-korg