From 628ed81f0e56f7163b08b57a8d54833b646239d5 Mon Sep 17 00:00:00 2001
From: Bartosz Gardziejewski <bartosz.gardziejewski@nokia.com>
Date: Wed, 26 Feb 2020 14:46:14 +0100
Subject: Refactor CSR model to be POJO

Issue-ID: AAF-997
Signed-off-by: Bartosz Gardziejewski <bartosz.gardziejewski@nokia.com>
Change-Id: Ia06dd580a64e56dcf1d8bf5f3db6fe6394cdb1c8
---
 .../certservice/certification/CsrModelFactory.java |   2 +-
 .../configuration/model/Cmpv2Server.java           |   8 +-
 .../certservice/certification/model/CsrModel.java  | 130 +++++++++++++++++----
 3 files changed, 112 insertions(+), 28 deletions(-)

(limited to 'certService/src/main/java/org/onap/aaf')

diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/CsrModelFactory.java b/certService/src/main/java/org/onap/aaf/certservice/certification/CsrModelFactory.java
index bca30dee..6f356c1a 100644
--- a/certService/src/main/java/org/onap/aaf/certservice/certification/CsrModelFactory.java
+++ b/certService/src/main/java/org/onap/aaf/certservice/certification/CsrModelFactory.java
@@ -47,7 +47,7 @@ public class CsrModelFactory {
             throws DecryptionException {
         PKCS10CertificationRequest decodedCsr = decodeCsr(csr);
         PemObject decodedPrivateKey = decodePrivateKey(privateKey);
-        return new CsrModel(decodedCsr, decodedPrivateKey);
+        return new CsrModel.CsrModelBuilder(decodedCsr, decodedPrivateKey).build();
     }
 
     private PemObject decodePrivateKey(StringBase64 privateKey)
diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/model/Cmpv2Server.java b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/model/Cmpv2Server.java
index 9a9f9c5d..9f8f9796 100644
--- a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/model/Cmpv2Server.java
+++ b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/model/Cmpv2Server.java
@@ -20,6 +20,7 @@
 
 package org.onap.aaf.certservice.certification.configuration.model;
 
+import org.bouncycastle.asn1.x500.X500Name;
 import org.hibernate.validator.constraints.Length;
 import org.onap.aaf.certservice.certification.configuration.validation.constraints.Cmpv2URL;
 
@@ -32,8 +33,7 @@ public class Cmpv2Server {
     private CaMode caMode;
     @Length(min = 1, max = 128)
     private String caName;
-    @Length(min = 4, max = 256)
-    private String issuerDN;
+    private X500Name issuerDN;
     @Cmpv2URL
     private String url;
 
@@ -61,11 +61,11 @@ public class Cmpv2Server {
         this.caName = caName;
     }
 
-    public String getIssuerDN() {
+    public X500Name getIssuerDN() {
         return issuerDN;
     }
 
-    public void setIssuerDN(String issuerDN) {
+    public void setIssuerDN(X500Name issuerDN) {
         this.issuerDN = issuerDN;
     }
 
diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/model/CsrModel.java b/certService/src/main/java/org/onap/aaf/certservice/certification/model/CsrModel.java
index 2421c5a4..b59f4e3a 100644
--- a/certService/src/main/java/org/onap/aaf/certservice/certification/model/CsrModel.java
+++ b/certService/src/main/java/org/onap/aaf/certservice/certification/model/CsrModel.java
@@ -21,6 +21,13 @@
 package org.onap.aaf.certservice.certification.model;
 
 import java.io.IOException;
+import java.security.KeyFactory;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.security.spec.X509EncodedKeySpec;
 import java.util.Arrays;
 import java.util.List;
 import java.util.Objects;
@@ -35,50 +42,127 @@ import org.bouncycastle.pkcs.PKCS10CertificationRequest;
 import org.bouncycastle.util.io.pem.PemObject;
 
 import org.onap.aaf.certservice.certification.exception.CsrDecryptionException;
+import org.onap.aaf.certservice.certification.exception.DecryptionException;
+import org.onap.aaf.certservice.certification.exception.KeyDecryptionException;
 
 
 public class CsrModel {
 
     private final PKCS10CertificationRequest csr;
-    private final PemObject privateKey;
+    private final X500Name subjectData;
+    private final PrivateKey privateKey;
+    private final PublicKey publicKey;
+    private final List<String> sans;
 
-    public CsrModel(PKCS10CertificationRequest csr, PemObject privateKey) {
+    CsrModel(
+            PKCS10CertificationRequest csr, X500Name subjectData,
+            PrivateKey privateKey, PublicKey publicKey, List<String> sans) {
         this.csr = csr;
+        this.subjectData = subjectData;
         this.privateKey = privateKey;
+        this.publicKey = publicKey;
+        this.sans = sans;
     }
 
-    public PemObject getPublicKey() throws CsrDecryptionException {
-        try {
-            return new PemObject("PUBLIC KEY", csr.getSubjectPublicKeyInfo().getEncoded());
-        } catch (IOException e) {
-            throw new CsrDecryptionException("Reading Public Key from CSR failed", e.getCause());
-        }
+    public PKCS10CertificationRequest getCsr() {
+        return csr;
     }
 
-    public PemObject getPrivateKey() {
-        return privateKey;
+    public X500Name getSubjectData() {
+        return subjectData;
     }
 
-    public X500Name getSubjectData() {
-        return csr.getSubject();
+    public PrivateKey getPrivateKey() {
+        return privateKey;
     }
 
-    public List<String> getSansData() {
-        Extensions extensions =
-                Extensions.getInstance(csr.getAttributes()[0].getAttrValues().getObjectAt(0));
-        GeneralName[] arrayOfAlternativeNames =
-                GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName).getNames();
+    public PublicKey getPublicKey() {
+        return publicKey;
+    }
 
-        return Arrays.stream(arrayOfAlternativeNames)
-                .map(GeneralName::getName)
-                .map(Objects::toString)
-                .collect(Collectors.toList());
+    public List<String> getSans() {
+        return sans;
     }
 
     @Override
     public String toString() {
-        return "Subject: { " + getSubjectData().toString()
-                + " ,SANs: " + getSansData().toString() + " }";
+        return "Subject: { " + subjectData
+                + " ,SANs: " + sans + " }";
+    }
+
+    public static class CsrModelBuilder {
+
+        private final PKCS10CertificationRequest csr;
+        private final PemObject privateKey;
+
+        public CsrModel build()
+                throws DecryptionException
+        {
+
+            X500Name subjectData = getSubjectData();
+            PrivateKey javaPrivateKey = convertingPemPrivateKeyToJavaSecurityPrivateKey(getPrivateKey());
+            PublicKey javaPublicKey = convertingPemPublicKeyToJavaSecurityPublicKey(getPublicKey());
+            List<String> sans = getSansData();
+
+            return new CsrModel(csr, subjectData, javaPrivateKey, javaPublicKey, sans);
+        }
+
+        public CsrModelBuilder(PKCS10CertificationRequest csr, PemObject privateKey) {
+            this.csr = csr;
+            this.privateKey = privateKey;
+        }
+
+        private PemObject getPublicKey() throws CsrDecryptionException {
+            try {
+                return new PemObject("PUBLIC KEY", csr.getSubjectPublicKeyInfo().getEncoded());
+            } catch (IOException e) {
+                throw new CsrDecryptionException("Reading Public Key from CSR failed", e.getCause());
+            }
+        }
+
+        private PemObject getPrivateKey() {
+            return privateKey;
+        }
+
+        private X500Name getSubjectData() {
+            return csr.getSubject();
+        }
+
+        private List<String> getSansData() {
+            Extensions extensions =
+                    Extensions.getInstance(csr.getAttributes()[0].getAttrValues().getObjectAt(0));
+            GeneralName[] arrayOfAlternativeNames =
+                    GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName).getNames();
+
+            return Arrays.stream(arrayOfAlternativeNames)
+                    .map(GeneralName::getName)
+                    .map(Objects::toString)
+                    .collect(Collectors.toList());
+        }
+
+        private PrivateKey convertingPemPrivateKeyToJavaSecurityPrivateKey(PemObject privateKey)
+                throws KeyDecryptionException
+        {
+            try {
+                KeyFactory factory = KeyFactory.getInstance("RSA");
+                PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(privateKey.getContent());
+                return factory.generatePrivate(keySpec);
+            } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
+                throw new KeyDecryptionException("Converting Private Key failed", e.getCause());
+            }
+        }
+
+        private PublicKey convertingPemPublicKeyToJavaSecurityPublicKey(PemObject publicKey)
+                throws KeyDecryptionException
+        {
+            try {
+                KeyFactory factory = KeyFactory.getInstance("RSA");
+                X509EncodedKeySpec keySpec = new X509EncodedKeySpec(publicKey.getContent());
+                return factory.generatePublic(keySpec);
+            } catch (InvalidKeySpecException | NoSuchAlgorithmException e) {
+                throw new KeyDecryptionException("Converting Public Key from CSR failed", e.getCause());
+            }
+        }
     }
 
 }
-- 
cgit 1.2.3-korg