From b288b7ab24f33af72e9c0fedecbb9979d1b4afc7 Mon Sep 17 00:00:00 2001 From: Tomasz Wrobel Date: Tue, 9 Jun 2020 15:37:46 +0200 Subject: Refactor flow of cert files generation, based on OUTPUT_TYPE parameter -Add artifacts creator provider (strategy pattern) -Refactor KeystoreTruststoreCreator -Add new exception: CertOutputTypeNotSupported -Change Unit tests Issue-ID: AAF-1152 Signed-off-by: Tomasz Wrobel Change-Id: If2b2fa50d551e72f19319d781bfb6079d07c7b83 --- .../aaf/certservice/client/CertServiceClient.java | 16 +++--- .../aaf/certservice/client/api/ExitStatus.java | 3 +- .../certification/conversion/ArtifactsCreator.java | 29 ++++++++++ .../conversion/ArtifactsCreatorProvider.java | 66 ++++++++++++++++++++++ .../conversion/KeystoreTruststoreCreator.java | 55 ------------------ .../KeystoreTruststoreCreatorFactory.java | 35 ------------ .../conversion/PKCS12ArtifactsCreator.java | 61 ++++++++++++++++++++ .../CertOutputTypeNotSupportedException.java | 35 ++++++++++++ 8 files changed, 202 insertions(+), 98 deletions(-) create mode 100644 certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ArtifactsCreator.java create mode 100644 certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ArtifactsCreatorProvider.java delete mode 100644 certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/KeystoreTruststoreCreator.java delete mode 100644 certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/KeystoreTruststoreCreatorFactory.java create mode 100644 certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PKCS12ArtifactsCreator.java create mode 100644 certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/exception/CertOutputTypeNotSupportedException.java (limited to 'certServiceClient/src/main/java/org/onap/aaf/certservice/client') diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/CertServiceClient.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/CertServiceClient.java index 1b5b8ee3..27e8a4f0 100644 --- a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/CertServiceClient.java +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/CertServiceClient.java @@ -23,8 +23,7 @@ import org.onap.aaf.certservice.client.api.ExitableException; import org.onap.aaf.certservice.client.certification.CsrFactory; import org.onap.aaf.certservice.client.certification.KeyPairFactory; import org.onap.aaf.certservice.client.certification.PrivateKeyToPemEncoder; -import org.onap.aaf.certservice.client.certification.conversion.KeystoreTruststoreCreator; -import org.onap.aaf.certservice.client.certification.conversion.KeystoreTruststoreCreatorFactory; +import org.onap.aaf.certservice.client.certification.conversion.ArtifactsCreatorProvider; import org.onap.aaf.certservice.client.common.Base64Encoder; import org.onap.aaf.certservice.client.configuration.EnvsForClient; import org.onap.aaf.certservice.client.configuration.EnvsForCsr; @@ -78,12 +77,15 @@ public class CertServiceClient { base64Encoder.encode(csrFactory.createCsrInPem(keyPair)), base64Encoder.encode(pkEncoder.encodePrivateKeyToPem(keyPair.getPrivate()))); - KeystoreTruststoreCreator filesCreator = new KeystoreTruststoreCreatorFactory( - clientConfiguration.getCertsOutputPath()).create(); - filesCreator.createKeystore(certServiceData.getCertificateChain(), keyPair.getPrivate()); - filesCreator.createTruststore(certServiceData.getTrustedCertificates()); + ArtifactsCreatorProvider + .getCreator(clientConfiguration.getOutputType(), + clientConfiguration.getCertsOutputPath()) + .create(certServiceData.getCertificateChain(), + certServiceData.getTrustedCertificates(), + keyPair.getPrivate()); + } catch (ExitableException e) { - LOGGER.error("Cert Service Client fail in execution: ", e); + LOGGER.error("Cert Service Client fails in execution: ", e); appExitHandler.exit(e.applicationExitStatus()); } appExitHandler.exit(SUCCESS); diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/api/ExitStatus.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/api/ExitStatus.java index 41217e76..00057829 100644 --- a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/api/ExitStatus.java +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/api/ExitStatus.java @@ -30,7 +30,8 @@ public enum ExitStatus { PKCS12_CONVERSION_EXCEPTION(7,"Fail in PKCS12 conversion"), PK_TO_PEM_ENCODING_EXCEPTION(8,"Fail in Private Key to PEM Encoding"), TLS_CONFIGURATION_EXCEPTION(9, "Invalid TLS configuration"), - OUTPUT_TYPE_PARAMETER_VALIDATION_EXCEPTION(10, "Invalid value of the OUTPUT_TYPE parameter"); + OUTPUT_TYPE_PARAMETER_VALIDATION_EXCEPTION(10, "Invalid value of the OUTPUT_TYPE parameter"), + CERT_OUTPUT_TYPE_NOT_SUPPORTED_EXCEPTION(11, "Certificate creation type is not supported"); private final int value; private final String message; diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ArtifactsCreator.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ArtifactsCreator.java new file mode 100644 index 00000000..8907c481 --- /dev/null +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ArtifactsCreator.java @@ -0,0 +1,29 @@ +/*============LICENSE_START======================================================= + * aaf-certservice-client + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aaf.certservice.client.certification.conversion; + +import org.onap.aaf.certservice.client.api.ExitableException; + +import java.security.PrivateKey; +import java.util.List; + +public interface ArtifactsCreator { + void create(List keystoreData, List truststoreData, PrivateKey privateKey) + throws ExitableException; +} diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ArtifactsCreatorProvider.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ArtifactsCreatorProvider.java new file mode 100644 index 00000000..6fbf373b --- /dev/null +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ArtifactsCreatorProvider.java @@ -0,0 +1,66 @@ +/*============LICENSE_START======================================================= + * aaf-certservice-client + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aaf.certservice.client.certification.conversion; + +import org.onap.aaf.certservice.client.certification.exception.CertOutputTypeNotSupportedException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import java.util.Arrays; + +public enum ArtifactsCreatorProvider { + + P12 { + @Override + ArtifactsCreator create(String outputPath) { + return new PKCS12ArtifactsCreator( + new PKCS12FilesCreator(outputPath), + new RandomPasswordGenerator(), + new PemToPKCS12Converter()); + } + }, + JKS { + @Override + ArtifactsCreator create(String outputPath) { + return null; + } + }, + PEM { + @Override + ArtifactsCreator create(String outputPath) { + return null; + } + }; + + private static final Logger LOGGER = LoggerFactory.getLogger(ArtifactsCreatorProvider.class); + + public static ArtifactsCreator getCreator(String outputType, String outputPath) + throws CertOutputTypeNotSupportedException { + try { + LOGGER.info("Artifact creation type selected: {}", outputType); + return valueOf(outputType).create(outputPath); + } catch (IllegalArgumentException e) { + LOGGER.error("Artifact creation type: {} is not supported. Supported types: {}", + outputType, Arrays.toString(values())); + throw new CertOutputTypeNotSupportedException(e); + } + } + + abstract ArtifactsCreator create(String outputPath); +} diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/KeystoreTruststoreCreator.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/KeystoreTruststoreCreator.java deleted file mode 100644 index 43784609..00000000 --- a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/KeystoreTruststoreCreator.java +++ /dev/null @@ -1,55 +0,0 @@ -/*============LICENSE_START======================================================= - * aaf-certservice-client - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aaf.certservice.client.certification.conversion; - -import java.security.PrivateKey; -import java.util.List; -import org.onap.aaf.certservice.client.certification.exception.PemToPKCS12ConverterException; - -public class KeystoreTruststoreCreator { - - private static final String CERTIFICATE_ALIAS = "certificate"; - private static final String TRUSTED_CERTIFICATE_ALIAS = "trusted-certificate-"; - private static final int PASSWORD_LENGTH = 24; - private final RandomPasswordGenerator generator; - private final PemToPKCS12Converter converter; - private final PKCS12FilesCreator creator; - - public KeystoreTruststoreCreator(PKCS12FilesCreator creator, RandomPasswordGenerator generator, - PemToPKCS12Converter converter) { - this.generator = generator; - this.converter = converter; - this.creator = creator; - } - - public void createKeystore(List data, PrivateKey privateKey) - throws PemToPKCS12ConverterException { - Password password = generator.generate(PASSWORD_LENGTH); - creator.saveKeystoreData(converter.convertKeystore(data, password, CERTIFICATE_ALIAS, privateKey), - password.getCurrentPassword()); - } - - public void createTruststore(List data) - throws PemToPKCS12ConverterException { - Password password = generator.generate(PASSWORD_LENGTH); - creator.saveTruststoreData(converter.convertTruststore(data, password, TRUSTED_CERTIFICATE_ALIAS), - password.getCurrentPassword()); - } -} diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/KeystoreTruststoreCreatorFactory.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/KeystoreTruststoreCreatorFactory.java deleted file mode 100644 index 8c719535..00000000 --- a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/KeystoreTruststoreCreatorFactory.java +++ /dev/null @@ -1,35 +0,0 @@ -/*============LICENSE_START======================================================= - * aaf-certservice-client - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aaf.certservice.client.certification.conversion; - -public class KeystoreTruststoreCreatorFactory { - private final String outputPath; - - public KeystoreTruststoreCreatorFactory(String outputPath) { - this.outputPath = outputPath; - } - - public KeystoreTruststoreCreator create() { - return new KeystoreTruststoreCreator( - new PKCS12FilesCreator(outputPath), - new RandomPasswordGenerator(), - new PemToPKCS12Converter()); - } -} diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PKCS12ArtifactsCreator.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PKCS12ArtifactsCreator.java new file mode 100644 index 00000000..c07dfd11 --- /dev/null +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PKCS12ArtifactsCreator.java @@ -0,0 +1,61 @@ +/*============LICENSE_START======================================================= + * aaf-certservice-client + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.client.certification.conversion; + +import java.security.PrivateKey; +import java.util.List; +import org.onap.aaf.certservice.client.certification.exception.PemToPKCS12ConverterException; + +public class PKCS12ArtifactsCreator implements ArtifactsCreator { + + private static final String CERTIFICATE_ALIAS = "certificate"; + private static final String TRUSTED_CERTIFICATE_ALIAS = "trusted-certificate-"; + private static final int PASSWORD_LENGTH = 24; + private final RandomPasswordGenerator generator; + private final PemToPKCS12Converter converter; + private final PKCS12FilesCreator creator; + + public PKCS12ArtifactsCreator(PKCS12FilesCreator creator, RandomPasswordGenerator generator, + PemToPKCS12Converter converter) { + this.generator = generator; + this.converter = converter; + this.creator = creator; + } + + @Override + public void create(List keystoreData, List truststoreData, PrivateKey privateKey) throws PemToPKCS12ConverterException { + createKeystore(keystoreData,privateKey); + createTruststore(truststoreData); + } + + private void createKeystore(List data, PrivateKey privateKey) + throws PemToPKCS12ConverterException { + Password password = generator.generate(PASSWORD_LENGTH); + creator.saveKeystoreData(converter.convertKeystore(data, password, CERTIFICATE_ALIAS, privateKey), + password.getCurrentPassword()); + } + + private void createTruststore(List data) + throws PemToPKCS12ConverterException { + Password password = generator.generate(PASSWORD_LENGTH); + creator.saveTruststoreData(converter.convertTruststore(data, password, TRUSTED_CERTIFICATE_ALIAS), + password.getCurrentPassword()); + } +} diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/exception/CertOutputTypeNotSupportedException.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/exception/CertOutputTypeNotSupportedException.java new file mode 100644 index 00000000..3c9581ac --- /dev/null +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/exception/CertOutputTypeNotSupportedException.java @@ -0,0 +1,35 @@ +/*============LICENSE_START======================================================= + * aaf-certservice-client + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.client.certification.exception; + +import org.onap.aaf.certservice.client.api.ExitStatus; +import org.onap.aaf.certservice.client.api.ExitableException; + +public class CertOutputTypeNotSupportedException extends ExitableException { + private static final ExitStatus EXIT_STATUS = ExitStatus.CERT_OUTPUT_TYPE_NOT_SUPPORTED_EXCEPTION; + + public CertOutputTypeNotSupportedException(Throwable e) { + super(e); + } + + public ExitStatus applicationExitStatus() { + return EXIT_STATUS; + } +} -- cgit 1.2.3-korg