From 52c8476b49aab2a54c875d14ddab7ac26b010a32 Mon Sep 17 00:00:00 2001
From: Joanna Jeremicz <joanna.jeremicz@nokia.com>
Date: Mon, 5 Jul 2021 16:47:58 +0200
Subject: [OOM-CERT-SERVICE] Add Certification Request functionality

Issue-ID: OOM-2753
Signed-off-by: Joanna Jeremicz <joanna.jeremicz@nokia.com>
Change-Id: Id8702dd45254f0e82d9b71e5e69372569e523838
---
 .../certification/CertificationModelFactory.java   |  2 +-
 .../certification/CertificationProvider.java       |  6 ++++
 .../oom/certservice/cmpv2client/api/CmpClient.java | 13 ++++++++
 .../cmpv2client/impl/CmpClientImpl.java            | 39 +++++++++++++++-------
 4 files changed, 47 insertions(+), 13 deletions(-)

(limited to 'certService/src/main/java/org')

diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/CertificationModelFactory.java b/certService/src/main/java/org/onap/oom/certservice/certification/CertificationModelFactory.java
index a5076a38..dddeb2d3 100644
--- a/certService/src/main/java/org/onap/oom/certservice/certification/CertificationModelFactory.java
+++ b/certService/src/main/java/org/onap/oom/certservice/certification/CertificationModelFactory.java
@@ -99,7 +99,7 @@ public class CertificationModelFactory {
         } else {
             LOGGER.info(
                 "Certificate Signing Request and Old Certificate have different parameters. Preparing Certification Request");
-            throw new UnsupportedOperationException("TODO: implement CR in separate MR");
+            return certificationProvider.certificationRequest(csrModel, cmpv2Server);
         }
     }
 }
diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/CertificationProvider.java b/certService/src/main/java/org/onap/oom/certservice/certification/CertificationProvider.java
index bfa83103..17e23e39 100644
--- a/certService/src/main/java/org/onap/oom/certservice/certification/CertificationProvider.java
+++ b/certService/src/main/java/org/onap/oom/certservice/certification/CertificationProvider.java
@@ -67,6 +67,12 @@ public class CertificationProvider {
             convertFromX509CertificateListToPemList(certificates.getTrustedCertificates()));
     }
 
+    public CertificationModel certificationRequest(CsrModel csrModel, Cmpv2Server cmpv2Server) throws CmpClientException {
+        Cmpv2CertificationModel certificates = cmpClient.certificationRequest(csrModel, cmpv2Server);
+        return new CertificationModel(convertFromX509CertificateListToPemList(certificates.getCertificateChain()),
+            convertFromX509CertificateListToPemList(certificates.getTrustedCertificates()));
+    }
+
     private static List<String> convertFromX509CertificateListToPemList(List<X509Certificate> certificates) {
         return certificates.stream().map(CertificationProvider::convertFromX509CertificateToPem).filter(cert -> !cert.isEmpty())
                 .collect(Collectors.toList());
diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/api/CmpClient.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/api/CmpClient.java
index 5ded3056..88c73c04 100644
--- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/api/CmpClient.java
+++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/api/CmpClient.java
@@ -88,4 +88,17 @@ public interface CmpClient {
    */
   Cmpv2CertificationModel updateCertificate(CsrModel csrModel, Cmpv2Server cmpv2Server,
       CertificateUpdateModel certificateUpdateModel) throws CmpClientException;
+
+  /**
+   * Requests for an additional External Root CA Certificate to be created for the passed keyPair wrapped
+   * in a CSRMeta with common details. Basic Authentication using IAK/RV, Verification of the signature
+   * (proof-of-possession) on the request is performed and an Exception thrown if verification fails
+   * or issue encountered in fetching certificate from CA.
+   *
+   * @param csrModel  Certificate Signing Request Model. Must not be {@code null}.
+   * @param cmpv2Server    CMPv2 server. Must not be {@code null}.
+   * @return model for certification containing certificate chain and trusted certificates
+   * @throws CmpClientException if client error occurs.
+   */
+  Cmpv2CertificationModel certificationRequest(CsrModel csrModel, Cmpv2Server cmpv2Server) throws CmpClientException;
 }
diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java
index 270b5995..549cf6b9 100644
--- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java
+++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java
@@ -93,18 +93,7 @@ public class CmpClientImpl implements CmpClient {
             throws CmpClientException {
 
         validate(csrModel, server, httpClient, notBefore, notAfter);
-
-        final String iak = server.getAuthentication().getIak();
-        final PkiMessageProtection pkiMessageProtection = new PasswordBasedProtection(iak);
-        final CreateCertRequest certRequest =
-                getCmpMessageBuilderWithCommonRequestValues(csrModel, server)
-                        .with(CreateCertRequest::setNotBefore, notBefore)
-                        .with(CreateCertRequest::setNotAfter, notAfter)
-                        .with(CreateCertRequest::setSenderKid, server.getAuthentication().getRv())
-                        .with(CreateCertRequest::setCmpRequestType, PKIBody.TYPE_INIT_REQ)
-                        .with(CreateCertRequest::setProtection, pkiMessageProtection)
-                        .build();
-
+        final CreateCertRequest certRequest = getIakRvRequest(csrModel, server, notBefore, notAfter, PKIBody.TYPE_INIT_REQ);
         return executeCmpRequest(csrModel, server, certRequest);
     }
 
@@ -131,6 +120,32 @@ public class CmpClientImpl implements CmpClient {
 
     }
 
+    @Override
+    public Cmpv2CertificationModel certificationRequest(CsrModel csrModel, Cmpv2Server cmpv2Server) throws CmpClientException {
+
+        validate(csrModel, cmpv2Server, httpClient, null, null);
+        final CreateCertRequest certRequest = getIakRvRequest(csrModel, cmpv2Server, null, null, PKIBody.TYPE_CERT_REQ);
+        return executeCmpRequest(csrModel, cmpv2Server, certRequest);
+    }
+
+    private CreateCertRequest getIakRvRequest(
+        CsrModel csrModel,
+        Cmpv2Server server,
+        Date notBefore,
+        Date notAfter,
+        int requestType) {
+
+        final String iak = server.getAuthentication().getIak();
+        final PkiMessageProtection pkiMessageProtection = new PasswordBasedProtection(iak);
+        return getCmpMessageBuilderWithCommonRequestValues(csrModel, server)
+            .with(CreateCertRequest::setNotBefore, notBefore)
+            .with(CreateCertRequest::setNotAfter, notAfter)
+            .with(CreateCertRequest::setSenderKid, server.getAuthentication().getRv())
+            .with(CreateCertRequest::setCmpRequestType, requestType)
+            .with(CreateCertRequest::setProtection, pkiMessageProtection)
+            .build();
+    }
+
     private Cmpv2CertificationModel executeCmpRequest(CsrModel csrModel, Cmpv2Server cmpv2Server,
         CreateCertRequest certRequest) throws CmpClientException {
         final PKIMessage pkiMessage = certRequest.generateCertReq();
-- 
cgit 1.2.3-korg