From 0b278343630c1e3c7c92b3e5094570748692666e Mon Sep 17 00:00:00 2001 From: Piotr Marcinkiewicz Date: Wed, 17 Jun 2020 14:54:51 +0200 Subject: Add creation JKS artifact Issue-ID: AAF-1152 Signed-off-by: Piotr Marcinkiewicz Change-Id: I8b38dc07ddbf6758e0c4c036100572b350dceab9 --- .../aaf/certservice/client/api/ExitStatus.java | 2 +- .../conversion/ArtifactsCreatorProvider.java | 29 +++-- .../conversion/ConvertedArtifactsCreator.java | 87 +++++++++++++ .../ConvertedArtifactsCreatorFactory.java | 36 ++++++ .../conversion/PKCS12ArtifactsCreator.java | 81 ------------ .../certification/conversion/PemConverter.java | 137 +++++++++++++++++++++ .../conversion/PemToPKCS12Converter.java | 133 -------------------- .../exception/PemConversionException.java | 39 ++++++ .../exception/PemToPKCS12ConverterException.java | 39 ------ 9 files changed, 318 insertions(+), 265 deletions(-) create mode 100644 certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ConvertedArtifactsCreator.java create mode 100644 certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ConvertedArtifactsCreatorFactory.java delete mode 100644 certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PKCS12ArtifactsCreator.java create mode 100644 certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PemConverter.java delete mode 100644 certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PemToPKCS12Converter.java create mode 100644 certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/exception/PemConversionException.java delete mode 100644 certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/exception/PemToPKCS12ConverterException.java (limited to 'certServiceClient/src/main/java/org/onap') diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/api/ExitStatus.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/api/ExitStatus.java index 6e91fe84..1d321688 100644 --- a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/api/ExitStatus.java +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/api/ExitStatus.java @@ -27,7 +27,7 @@ public enum ExitStatus { CSR_GENERATION_EXCEPTION(4,"Fail in CSR generation"), CERT_SERVICE_API_CONNECTION_EXCEPTION(5,"CertService HTTP unsuccessful response"), HTTP_CLIENT_EXCEPTION(6,"Internal HTTP Client connection problem"), - PKCS12_CONVERSION_EXCEPTION(7,"Fail in PKCS12 conversion"), + PEM_CONVERSION_EXCEPTION(7,"Fail in PEM conversion"), PK_TO_PEM_ENCODING_EXCEPTION(8,"Fail in Private Key to PEM Encoding"), TLS_CONFIGURATION_EXCEPTION(9, "Invalid TLS configuration"), FILE_CREATION_EXCEPTION(10, "File could not be created"); diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ArtifactsCreatorProvider.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ArtifactsCreatorProvider.java index dd4df73b..d3d8a11b 100644 --- a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ArtifactsCreatorProvider.java +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ArtifactsCreatorProvider.java @@ -22,33 +22,40 @@ import org.onap.aaf.certservice.client.certification.PrivateKeyToPemEncoder; import org.onap.aaf.certservice.client.certification.writer.CertFileWriter; public enum ArtifactsCreatorProvider { - P12 { + P12("PKCS12") { @Override ArtifactsCreator create(String destPath) { - return new PKCS12ArtifactsCreator( - new CertFileWriter(destPath), - new RandomPasswordGenerator(), - new PemToPKCS12Converter()); + return ConvertedArtifactsCreatorFactory.createConverter(destPath, getExtension(), getKeyStoreType()); } }, - JKS { + JKS("JKS") { @Override ArtifactsCreator create(String destPath) { - return null; + return ConvertedArtifactsCreatorFactory.createConverter(destPath, getExtension(), getKeyStoreType()); } }, - PEM { + PEM("PEM"){ @Override ArtifactsCreator create(String destPath) { - return new PemArtifactsCreator( - new CertFileWriter(destPath), - new PrivateKeyToPemEncoder()); + return new PemArtifactsCreator(new CertFileWriter(destPath), new PrivateKeyToPemEncoder()); } }; + private final String keyStoreType; + ArtifactsCreatorProvider(String keyStoreType) { + this.keyStoreType = keyStoreType; + } public static ArtifactsCreator getCreator(String outputType, String destPath) { return valueOf(outputType).create(destPath); } + String getKeyStoreType() { + return keyStoreType; + } + + String getExtension() { + return this.toString().toLowerCase(); + } + abstract ArtifactsCreator create(String destPath); } diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ConvertedArtifactsCreator.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ConvertedArtifactsCreator.java new file mode 100644 index 00000000..4e300074 --- /dev/null +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ConvertedArtifactsCreator.java @@ -0,0 +1,87 @@ +/*============LICENSE_START======================================================= + * aaf-certservice-client + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.client.certification.conversion; + +import java.security.PrivateKey; +import java.util.List; +import org.onap.aaf.certservice.client.certification.exception.CertFileWriterException; +import org.onap.aaf.certservice.client.certification.exception.PemConversionException; +import org.onap.aaf.certservice.client.certification.writer.CertFileWriter; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class ConvertedArtifactsCreator implements ArtifactsCreator { + + private static final Logger LOGGER = LoggerFactory.getLogger(ConvertedArtifactsCreator.class); + private static final String CERTIFICATE_ALIAS = "certificate"; + private static final String TRUSTED_CERTIFICATE_ALIAS = "trusted-certificate-"; + private static final int PASSWORD_LENGTH = 24; + private static final String PASS_EXT = "pass"; + private static final String KEYSTORE = "keystore"; + private static final String TRUSTSTORE = "truststore"; + + private final String fileExtension; + private final RandomPasswordGenerator passwordGenerator; + private final PemConverter converter; + private final CertFileWriter fileWriter; + + public ConvertedArtifactsCreator(CertFileWriter fileWriter, RandomPasswordGenerator passwordGenerator, + PemConverter converter, String fileExtension) { + this.passwordGenerator = passwordGenerator; + this.converter = converter; + this.fileWriter = fileWriter; + this.fileExtension = fileExtension; + } + + @Override + public void create(List keystoreData, List truststoreData, PrivateKey privateKey) + throws PemConversionException, CertFileWriterException { + createKeystore(keystoreData,privateKey); + createTruststore(truststoreData); + } + + private void createKeystore(List data, PrivateKey privateKey) + throws PemConversionException, CertFileWriterException { + Password password = passwordGenerator.generate(PASSWORD_LENGTH); + String keystoreArtifactName = String.format("%s.%s", KEYSTORE, fileExtension); + String keystorePass = String.format("%s.%s", KEYSTORE, PASS_EXT); + + LOGGER.debug("Attempt to create keystore files and saving data. File names: {}, {}", keystoreArtifactName, keystorePass); + + fileWriter.saveData(converter.convertKeystore(data, password, CERTIFICATE_ALIAS, privateKey), keystoreArtifactName); + fileWriter.saveData(getPasswordAsBytes(password), keystorePass); + } + + private void createTruststore(List data) + throws PemConversionException, CertFileWriterException { + Password password = passwordGenerator.generate(PASSWORD_LENGTH); + String truststoreArtifactName = String.format("%s.%s", TRUSTSTORE, fileExtension); + String truststorePass = String.format("%s.%s", TRUSTSTORE, PASS_EXT); + + LOGGER.debug("Attempt to create truststore files and saving data. File names: {}, {}", truststoreArtifactName, truststorePass); + + fileWriter.saveData(converter.convertTruststore(data, password, TRUSTED_CERTIFICATE_ALIAS), truststoreArtifactName); + fileWriter.saveData(getPasswordAsBytes(password), truststorePass); + } + + private byte[] getPasswordAsBytes(Password password) { + return password.getCurrentPassword().getBytes(); + } +} diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ConvertedArtifactsCreatorFactory.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ConvertedArtifactsCreatorFactory.java new file mode 100644 index 00000000..5a37482a --- /dev/null +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ConvertedArtifactsCreatorFactory.java @@ -0,0 +1,36 @@ +/*============LICENSE_START======================================================= + * aaf-certservice-client + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.client.certification.conversion; + +import org.onap.aaf.certservice.client.certification.writer.CertFileWriter; + +public class ConvertedArtifactsCreatorFactory { + + private ConvertedArtifactsCreatorFactory() { } + + public static ConvertedArtifactsCreator createConverter(String destPath, String fileExtension, String keyStoreType) { + return new ConvertedArtifactsCreator( + new CertFileWriter(destPath), + new RandomPasswordGenerator(), + new PemConverter(keyStoreType), + fileExtension); + } + +} diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PKCS12ArtifactsCreator.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PKCS12ArtifactsCreator.java deleted file mode 100644 index c1e7c1c8..00000000 --- a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PKCS12ArtifactsCreator.java +++ /dev/null @@ -1,81 +0,0 @@ -/*============LICENSE_START======================================================= - * aaf-certservice-client - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aaf.certservice.client.certification.conversion; - -import java.security.PrivateKey; -import java.util.List; -import org.onap.aaf.certservice.client.certification.exception.CertFileWriterException; -import org.onap.aaf.certservice.client.certification.exception.PemToPKCS12ConverterException; -import org.onap.aaf.certservice.client.certification.writer.CertFileWriter; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -public class PKCS12ArtifactsCreator implements ArtifactsCreator { - - private static final Logger LOGGER = LoggerFactory.getLogger(PKCS12ArtifactsCreator.class); - private static final String CERTIFICATE_ALIAS = "certificate"; - private static final String TRUSTED_CERTIFICATE_ALIAS = "trusted-certificate-"; - private static final int PASSWORD_LENGTH = 24; - private static final String KEYSTORE_P12 = "keystore.p12"; - private static final String KEYSTORE_PASS = "keystore.pass"; - private static final String TRUSTSTORE_P12 = "truststore.p12"; - private static final String TRUSTSTORE_PASS = "truststore.pass"; - private final RandomPasswordGenerator generator; - private final PemToPKCS12Converter converter; - private final CertFileWriter writer; - - public PKCS12ArtifactsCreator(CertFileWriter writer, RandomPasswordGenerator generator, - PemToPKCS12Converter converter) { - this.generator = generator; - this.converter = converter; - this.writer = writer; - } - - @Override - public void create(List keystoreData, List truststoreData, PrivateKey privateKey) - throws PemToPKCS12ConverterException, CertFileWriterException { - createKeystore(keystoreData,privateKey); - createTruststore(truststoreData); - } - - private void createKeystore(List data, PrivateKey privateKey) - throws PemToPKCS12ConverterException, CertFileWriterException { - Password password = generator.generate(PASSWORD_LENGTH); - - LOGGER.debug("Attempt to create PKCS12 keystore files and saving data. File names: {}, {}", KEYSTORE_P12, KEYSTORE_PASS); - - writer.saveData(converter.convertKeystore(data, password, CERTIFICATE_ALIAS, privateKey), KEYSTORE_P12); - writer.saveData(getPasswordAsBytes(password), KEYSTORE_PASS); - } - - private void createTruststore(List data) - throws PemToPKCS12ConverterException, CertFileWriterException { - Password password = generator.generate(PASSWORD_LENGTH); - - LOGGER.debug("Attempt to create PKCS12 truststore files and saving data. File names: {}, {}", TRUSTSTORE_P12, TRUSTSTORE_PASS); - - writer.saveData(converter.convertTruststore(data, password, TRUSTED_CERTIFICATE_ALIAS), TRUSTSTORE_P12); - writer.saveData(getPasswordAsBytes(password), TRUSTSTORE_PASS); - } - - private byte[] getPasswordAsBytes(Password password) { - return password.getCurrentPassword().getBytes(); - } -} diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PemConverter.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PemConverter.java new file mode 100644 index 00000000..083e4bcf --- /dev/null +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PemConverter.java @@ -0,0 +1,137 @@ +/*============LICENSE_START======================================================= + * aaf-certservice-client + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.client.certification.conversion; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.StringReader; +import java.security.KeyStore; +import java.security.KeyStore.LoadStoreParameter; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.cert.Certificate; +import java.security.cert.CertificateException; +import java.util.List; +import java.util.Optional; +import org.bouncycastle.cert.X509CertificateHolder; +import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.bouncycastle.openssl.PEMParser; +import org.onap.aaf.certservice.client.certification.exception.PemConversionException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +class PemConverter { + + private static final Logger LOGGER = LoggerFactory.getLogger(PemConverter.class); + private static final String PASSWORD_ERROR_MSG = "Password should be min. 16 chars long and should contain only alphanumeric characters and special characters like Underscore (_), Dollar ($) and Pound (#)"; + private final LoadStoreParameter EMPTY_KEYSTORE_CONFIGURATION = null; + private final String keyStoreType; + + public PemConverter(String keyStoreType) { + this.keyStoreType = keyStoreType; + } + + byte[] convertKeystore(List certificateChain, Password password, String alias, PrivateKey privateKey) + throws PemConversionException { + LOGGER.info("Conversion of PEM certificates to " + keyStoreType + " keystore"); + return convert(certificateChain, password, certs -> getKeyStore(alias, password, certs, privateKey)); + } + + byte[] convertTruststore(List trustAnchors, Password password, String alias) + throws PemConversionException { + LOGGER.info("Conversion of PEM certificates to " + keyStoreType + " truststore"); + return convert(trustAnchors, password, certs -> getTrustStore(alias, certs)); + } + + private byte[] convert(List certificates, Password password, StoreEntryOperation operation) + throws PemConversionException { + checkPassword(password); + final Certificate[] X509Certificates = convertToCertificateArray(certificates); + return getKeyStoreBytes(password, operation, X509Certificates); + } + + private void checkPassword(Password password) throws PemConversionException { + if (!password.isCorrectPasswordPattern()) { + LOGGER.error(PASSWORD_ERROR_MSG); + throw new PemConversionException(PASSWORD_ERROR_MSG); + } + } + + private byte[] getKeyStoreBytes(Password password, StoreEntryOperation op, Certificate[] x509Certificates) + throws PemConversionException { + try (ByteArrayOutputStream bos = new ByteArrayOutputStream()) { + KeyStore ks = op.getStore(x509Certificates); + ks.store(bos, password.toCharArray()); + return bos.toByteArray(); + } catch (IOException | CertificateException | NoSuchAlgorithmException | KeyStoreException e) { + LOGGER.error("Pem to " + keyStoreType + " converter failed, exception message: {}", e.getMessage()); + throw new PemConversionException(e); + } + } + + private KeyStore getKeyStore(String alias, Password password, Certificate[] certificates, PrivateKey privateKey) + throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException { + KeyStore ks = getKeyStoreInstance(); + ks.setKeyEntry(alias, privateKey, password.toCharArray(), certificates); + return ks; + } + + private KeyStore getTrustStore(String alias, Certificate[] certificates) + throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException { + KeyStore ks = getKeyStoreInstance(); + long i = 1L; + for (Certificate c : certificates) { + ks.setCertificateEntry(alias + i++, c); + } + return ks; + } + + private KeyStore getKeyStoreInstance() + throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException { + KeyStore ks = KeyStore.getInstance(keyStoreType); + ks.load(EMPTY_KEYSTORE_CONFIGURATION); + return ks; + } + + private Certificate[] convertToCertificateArray(List certificates) + throws PemConversionException { + Certificate[] parsedCertificates = new Certificate[certificates.size()]; + for (String certificate : certificates) { + parsedCertificates[certificates.indexOf(certificate)] = parseCertificate(certificate); + } + return parsedCertificates; + } + + private Certificate parseCertificate(String certificate) throws PemConversionException { + try (PEMParser pem = new PEMParser(new StringReader(certificate))) { + X509CertificateHolder certHolder = Optional.ofNullable((X509CertificateHolder) pem.readObject()) + .orElseThrow( + () -> new PemConversionException("The certificate couldn't be parsed correctly. " + certificate)); + return new JcaX509CertificateConverter() + .setProvider(new BouncyCastleProvider()) + .getCertificate(certHolder); + } catch (IOException | CertificateException e) { + LOGGER.error("Certificates conversion failed, exception message: {}", e.getMessage()); + throw new PemConversionException(e); + } + } +} diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PemToPKCS12Converter.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PemToPKCS12Converter.java deleted file mode 100644 index ef1666dc..00000000 --- a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PemToPKCS12Converter.java +++ /dev/null @@ -1,133 +0,0 @@ -/*============LICENSE_START======================================================= - * aaf-certservice-client - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aaf.certservice.client.certification.conversion; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.StringReader; -import java.security.KeyStore; -import java.security.KeyStore.LoadStoreParameter; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.PrivateKey; -import java.security.cert.Certificate; -import java.security.cert.CertificateException; -import java.util.List; -import java.util.Optional; -import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.openssl.PEMParser; -import org.onap.aaf.certservice.client.certification.exception.PemToPKCS12ConverterException; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -class PemToPKCS12Converter { - - private static final Logger LOGGER = LoggerFactory.getLogger(PemToPKCS12Converter.class); - private static final String PKCS12 = "PKCS12"; - private static final String PASSWORD_ERROR_MSG = "Password should be min. 16 chars long and should contain only alphanumeric characters and special characters like Underscore (_), Dollar ($) and Pound (#)"; - private final LoadStoreParameter EMPTY_KEYSTORE_CONFIGURATION = null; - - byte[] convertKeystore(List certificateChain, Password password, String alias, PrivateKey privateKey) - throws PemToPKCS12ConverterException { - LOGGER.info("Conversion of PEM certificates to PKCS12 keystore"); - return convert(certificateChain, password, certs -> getKeyStore(alias, password, certs, privateKey)); - } - - byte[] convertTruststore(List trustAnchors, Password password, String alias) - throws PemToPKCS12ConverterException { - LOGGER.info("Conversion of PEM certificates to PKCS12 truststore"); - return convert(trustAnchors, password, certs -> getTrustStore(alias, certs)); - } - - private byte[] convert(List certificates, Password password, StoreEntryOperation operation) - throws PemToPKCS12ConverterException { - checkPassword(password); - final Certificate[] X509Certificates = convertToCertificateArray(certificates); - return getKeyStoreBytes(password, operation, X509Certificates); - } - - private void checkPassword(Password password) throws PemToPKCS12ConverterException { - if (!password.isCorrectPasswordPattern()) { - LOGGER.error(PASSWORD_ERROR_MSG); - throw new PemToPKCS12ConverterException(PASSWORD_ERROR_MSG); - } - } - - private byte[] getKeyStoreBytes(Password password, StoreEntryOperation op, Certificate[] x509Certificates) - throws PemToPKCS12ConverterException { - try (ByteArrayOutputStream bos = new ByteArrayOutputStream()) { - KeyStore ks = op.getStore(x509Certificates); - ks.store(bos, password.toCharArray()); - return bos.toByteArray(); - } catch (IOException | CertificateException | NoSuchAlgorithmException | KeyStoreException e) { - LOGGER.error("Pem to PKCS12 converter failed, exception message: {}", e.getMessage()); - throw new PemToPKCS12ConverterException(e); - } - } - - private KeyStore getKeyStore(String alias, Password password, Certificate[] certificates, PrivateKey privateKey) - throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException { - KeyStore ks = getKeyStoreInstance(); - ks.setKeyEntry(alias, privateKey, password.toCharArray(), certificates); - return ks; - } - - private KeyStore getTrustStore(String alias, Certificate[] certificates) - throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException { - KeyStore ks = getKeyStoreInstance(); - long i = 1L; - for (Certificate c : certificates) { - ks.setCertificateEntry(alias + i++, c); - } - return ks; - } - - private KeyStore getKeyStoreInstance() - throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException { - KeyStore ks = KeyStore.getInstance(PKCS12); - ks.load(EMPTY_KEYSTORE_CONFIGURATION); - return ks; - } - - private Certificate[] convertToCertificateArray(List certificates) - throws PemToPKCS12ConverterException { - Certificate[] parsedCertificates = new Certificate[certificates.size()]; - for (String certificate : certificates) { - parsedCertificates[certificates.indexOf(certificate)] = parseCertificate(certificate); - } - return parsedCertificates; - } - - private Certificate parseCertificate(String certificate) throws PemToPKCS12ConverterException { - try (PEMParser pem = new PEMParser(new StringReader(certificate))) { - X509CertificateHolder certHolder = Optional.ofNullable((X509CertificateHolder) pem.readObject()) - .orElseThrow( - () -> new PemToPKCS12ConverterException("The certificate couldn't be parsed correctly. " + certificate)); - return new JcaX509CertificateConverter() - .setProvider(new BouncyCastleProvider()) - .getCertificate(certHolder); - } catch (IOException | CertificateException e) { - LOGGER.error("Certificates conversion failed, exception message: {}", e.getMessage()); - throw new PemToPKCS12ConverterException(e); - } - } -} diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/exception/PemConversionException.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/exception/PemConversionException.java new file mode 100644 index 00000000..11c448ee --- /dev/null +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/exception/PemConversionException.java @@ -0,0 +1,39 @@ +/*============LICENSE_START======================================================= + * aaf-certservice-client + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.client.certification.exception; + +import org.onap.aaf.certservice.client.api.ExitStatus; +import org.onap.aaf.certservice.client.api.ExitableException; + +public class PemConversionException extends ExitableException { + private static final ExitStatus EXIT_STATUS = ExitStatus.PEM_CONVERSION_EXCEPTION; + + public PemConversionException(Throwable e) { + super(e); + } + public PemConversionException(String message) { + super(message); + } + + @Override + public ExitStatus applicationExitStatus() { + return EXIT_STATUS; + } +} diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/exception/PemToPKCS12ConverterException.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/exception/PemToPKCS12ConverterException.java deleted file mode 100644 index b98f4ace..00000000 --- a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/exception/PemToPKCS12ConverterException.java +++ /dev/null @@ -1,39 +0,0 @@ -/*============LICENSE_START======================================================= - * aaf-certservice-client - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aaf.certservice.client.certification.exception; - -import org.onap.aaf.certservice.client.api.ExitStatus; -import org.onap.aaf.certservice.client.api.ExitableException; - -public class PemToPKCS12ConverterException extends ExitableException { - private static final ExitStatus EXIT_STATUS = ExitStatus.PKCS12_CONVERSION_EXCEPTION; - - public PemToPKCS12ConverterException(Throwable e) { - super(e); - } - public PemToPKCS12ConverterException(String message) { - super(message); - } - - @Override - public ExitStatus applicationExitStatus() { - return EXIT_STATUS; - } -} -- cgit 1.2.3-korg