From d5aa15227f0c8a8bd57b668fdc25eb3935be81c5 Mon Sep 17 00:00:00 2001 From: Remigiusz Janeczek Date: Tue, 3 Mar 2020 09:49:04 +0100 Subject: Fix PrivateKey encoding in certservice-client, refactor CsrFactory Add PrivateKeyToPemEncoder with tests Refactor CsrFactory to return not encoded PEM string (less responsibility and easier to test later) Issue-ID: AAF-996 Change-Id: Ia8124d43ef7fb8b1d3077c98929c52f30b6512c6 Signed-off-by: Remigiusz Janeczek --- .../aaf/certservice/client/CertServiceClient.java | 17 ++++---- .../onap/aaf/certservice/client/api/ExitCode.java | 3 +- .../client/certification/CsrFactory.java | 8 +--- .../certification/PrivateKeyToPemEncoder.java | 51 ++++++++++++++++++++++ .../exception/PkEncodingException.java | 35 +++++++++++++++ .../aaf/certservice/client/common/Base64Coder.java | 29 ------------ .../certservice/client/common/Base64Encoder.java | 28 ++++++++++++ 7 files changed, 127 insertions(+), 44 deletions(-) create mode 100644 certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/PrivateKeyToPemEncoder.java create mode 100644 certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/exception/PkEncodingException.java delete mode 100644 certServiceClient/src/main/java/org/onap/aaf/certservice/client/common/Base64Coder.java create mode 100644 certServiceClient/src/main/java/org/onap/aaf/certservice/client/common/Base64Encoder.java (limited to 'certServiceClient/src/main/java/org/onap') diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/CertServiceClient.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/CertServiceClient.java index 7072a883..d3d7f26d 100644 --- a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/CertServiceClient.java +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/CertServiceClient.java @@ -19,13 +19,14 @@ package org.onap.aaf.certservice.client; +import java.security.KeyPair; import org.onap.aaf.certservice.client.api.ExitableException; +import org.onap.aaf.certservice.client.certification.PrivateKeyToPemEncoder; import org.onap.aaf.certservice.client.certification.CsrFactory; import org.onap.aaf.certservice.client.certification.KeyPairFactory; import org.onap.aaf.certservice.client.certification.conversion.KeystoreTruststoreCreator; import org.onap.aaf.certservice.client.certification.conversion.KeystoreTruststoreCreatorFactory; - -import java.security.KeyPair; +import org.onap.aaf.certservice.client.common.Base64Encoder; import org.onap.aaf.certservice.client.configuration.EnvsForClient; import org.onap.aaf.certservice.client.configuration.EnvsForCsr; import org.onap.aaf.certservice.client.configuration.factory.ClientConfigurationFactory; @@ -39,7 +40,6 @@ import org.onap.aaf.certservice.client.httpclient.model.CertServiceResponse; import static org.onap.aaf.certservice.client.api.ExitCode.SUCCESS_EXIT_CODE; import static org.onap.aaf.certservice.client.certification.EncryptionAlgorithmConstants.KEY_SIZE; import static org.onap.aaf.certservice.client.certification.EncryptionAlgorithmConstants.RSA_ENCRYPTION_ALGORITHM; -import static org.onap.aaf.certservice.client.common.Base64Coder.encode; public class CertServiceClient { @@ -51,22 +51,23 @@ public class CertServiceClient { public void run() { KeyPairFactory keyPairFactory = new KeyPairFactory(RSA_ENCRYPTION_ALGORITHM, KEY_SIZE); + PrivateKeyToPemEncoder pkEncoder = new PrivateKeyToPemEncoder(); + Base64Encoder base64Encoder = new Base64Encoder(); try { ClientConfiguration clientConfiguration = new ClientConfigurationFactory(new EnvsForClient()).create(); CsrConfiguration csrConfiguration = new CsrConfigurationFactory(new EnvsForCsr()).create(); KeyPair keyPair = keyPairFactory.create(); CsrFactory csrFactory = new CsrFactory(csrConfiguration); - String csr = csrFactory.createEncodedCsr(keyPair); CloseableHttpClientProvider provider = new CloseableHttpClientProvider( clientConfiguration.getRequestTimeout()); HttpClient httpClient = new HttpClient(provider, clientConfiguration.getUrlToCertService()); CertServiceResponse certServiceData = - httpClient.retrieveCertServiceData( - clientConfiguration.getCaName(), - csr, - encode(keyPair.getPrivate().toString())); + httpClient.retrieveCertServiceData( + clientConfiguration.getCaName(), + base64Encoder.encode(csrFactory.createCsrInPem(keyPair)), + base64Encoder.encode(pkEncoder.encodePrivateKeyToPem(keyPair.getPrivate()))); KeystoreTruststoreCreator filesCreator = new KeystoreTruststoreCreatorFactory( clientConfiguration.getCertsOutputPath()).create(); diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/api/ExitCode.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/api/ExitCode.java index 561cfd2a..670cbe90 100644 --- a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/api/ExitCode.java +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/api/ExitCode.java @@ -26,7 +26,8 @@ public enum ExitCode { CSR_GENERATION_EXCEPTION(4), CERT_SERVICE_API_CONNECTION_EXCEPTION(5), HTTP_CLIENT_EXCEPTION(6), - PKCS12_CONVERSION_EXCEPTION(7); + PKCS12_CONVERSION_EXCEPTION(7), + PK_TO_PEM_ENCODING_EXCEPTION(8); private final int value; diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/CsrFactory.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/CsrFactory.java index f936636a..83fa6d44 100644 --- a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/CsrFactory.java +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/CsrFactory.java @@ -66,12 +66,12 @@ public class CsrFactory { } - public String createEncodedCsr(KeyPair keyPair) throws CsrGenerationException { + public String createCsrInPem(KeyPair keyPair) throws CsrGenerationException { PKCS10CertificationRequest request; String csrParameters = getMandatoryParameters().append(getOptionalParameters()).toString(); X500Principal subject = new X500Principal(csrParameters); request = createPKCS10Csr(subject, keyPair); - return encodeToBase64(convertPKC10CsrToPem(request)); + return convertPKC10CsrToPem(request); } @@ -151,8 +151,4 @@ public class CsrFactory { private static Boolean isParameterPresent(String parameter) { return parameter != null && !"".equals(parameter); } - - private static String encodeToBase64(String csrInPem) { - return Base64.getEncoder().encodeToString(csrInPem.getBytes(StandardCharsets.UTF_8)); - } } diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/PrivateKeyToPemEncoder.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/PrivateKeyToPemEncoder.java new file mode 100644 index 00000000..77995958 --- /dev/null +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/PrivateKeyToPemEncoder.java @@ -0,0 +1,51 @@ +/* + * ============LICENSE_START======================================================= + * aaf-certservice-client + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.client.certification; + + + +import java.io.IOException; +import java.io.StringWriter; +import java.security.PrivateKey; + +import org.bouncycastle.openssl.jcajce.JcaPEMWriter; +import org.bouncycastle.util.io.pem.PemObject; +import org.onap.aaf.certservice.client.certification.exception.PkEncodingException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class PrivateKeyToPemEncoder { + + public static final String PEM_OBJECT_TYPE = "RSA PRIVATE KEY"; + private final Logger LOGGER = LoggerFactory.getLogger(PrivateKeyToPemEncoder.class); + + public String encodePrivateKeyToPem(PrivateKey pk) throws PkEncodingException { + LOGGER.info("Encoding PrivateKey to PEM"); + StringWriter stringWriter = new StringWriter(); + try (JcaPEMWriter pemWriter = new JcaPEMWriter(stringWriter)) { + pemWriter.writeObject(new PemObject(PEM_OBJECT_TYPE, pk.getEncoded())); + } catch (IOException e) { + LOGGER.error("Exception occurred during encoding PrivateKey to PEM", e); + throw new PkEncodingException(e); + } + return stringWriter.toString(); + } +} diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/exception/PkEncodingException.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/exception/PkEncodingException.java new file mode 100644 index 00000000..596a6a44 --- /dev/null +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/exception/PkEncodingException.java @@ -0,0 +1,35 @@ +/*============LICENSE_START======================================================= + * aaf-certservice-client + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.client.certification.exception; + +import org.onap.aaf.certservice.client.api.ExitCode; +import org.onap.aaf.certservice.client.api.ExitableException; + +public class PkEncodingException extends ExitableException { + private static final ExitCode EXIT_CODE = ExitCode.PK_TO_PEM_ENCODING_EXCEPTION; + + public PkEncodingException(Throwable e) { + super(e); + } + + public int applicationExitCode() { + return EXIT_CODE.getValue(); + } +} diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/common/Base64Coder.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/common/Base64Coder.java deleted file mode 100644 index c066187d..00000000 --- a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/common/Base64Coder.java +++ /dev/null @@ -1,29 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * aaf-certservice-client - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.aaf.certservice.client.common; - -import org.bouncycastle.util.encoders.Base64; - -public class Base64Coder { - public static String encode(String string){ - return new String(Base64.encode(string.getBytes())); - } -} diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/common/Base64Encoder.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/common/Base64Encoder.java new file mode 100644 index 00000000..1f90db1b --- /dev/null +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/common/Base64Encoder.java @@ -0,0 +1,28 @@ +/*============LICENSE_START======================================================= + * aaf-certservice-client + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.client.common; + +import org.bouncycastle.util.encoders.Base64; + +public class Base64Encoder { + public String encode(String string){ + return new String(Base64.encode(string.getBytes())); + } +} \ No newline at end of file -- cgit 1.2.3-korg