From 5a9b5d9d6911a82e50c7d3e15c2cc8b9ca14098a Mon Sep 17 00:00:00 2001 From: kjaniak Date: Fri, 13 Nov 2020 15:03:17 +0100 Subject: [OOM cert-service-client] Add validation of email, ip and domain name Added SanMapper to distinguish types of SANS. ExitableException changed to RuntimeException. Introcudced intermediate object San. Issue-ID: OOM-2559 Signed-off-by: kjaniak Change-Id: I060de9869ab9fd737a474f683a251abd8431d224 --- .../oom/certservice/client/CertServiceClient.java | 15 +++-- .../oom/certservice/client/api/ExitStatus.java | 3 +- .../certservice/client/api/ExitableException.java | 2 +- .../client/certification/CsrFactory.java | 5 +- .../factory/ClientConfigurationFactory.java | 16 ++--- .../factory/CsrConfigurationFactory.java | 45 +++++++------ .../client/configuration/factory/SanMapper.java | 48 ++++++++++++++ .../configuration/model/CsrConfiguration.java | 6 +- .../client/configuration/model/San.java | 73 ++++++++++++++++++++++ .../validation/BasicValidationFunctions.java | 57 ----------------- .../configuration/validation/UriValidator.java | 69 -------------------- .../validation/ValidatorsFactory.java | 51 --------------- .../client/ClientEnvsValueValidators.java | 33 ++++++++++ .../validation/client/OutputTypeValidator.java | 35 +++++++++++ .../validation/csr/CommonNameValidator.java | 53 ++++++++++++++++ .../validation/csr/CsrEnvsValueValidators.java | 62 ++++++++++++++++++ .../configuration/validation/csr/UriValidator.java | 69 ++++++++++++++++++++ 17 files changed, 425 insertions(+), 217 deletions(-) create mode 100644 certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/factory/SanMapper.java create mode 100644 certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/model/San.java delete mode 100644 certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/BasicValidationFunctions.java delete mode 100644 certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/UriValidator.java delete mode 100644 certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/ValidatorsFactory.java create mode 100644 certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/client/ClientEnvsValueValidators.java create mode 100644 certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/client/OutputTypeValidator.java create mode 100644 certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/csr/CommonNameValidator.java create mode 100644 certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/csr/CsrEnvsValueValidators.java create mode 100644 certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/csr/UriValidator.java (limited to 'certServiceClient/src/main/java') diff --git a/certServiceClient/src/main/java/org/onap/oom/certservice/client/CertServiceClient.java b/certServiceClient/src/main/java/org/onap/oom/certservice/client/CertServiceClient.java index d26be8d3..afa38b99 100644 --- a/certServiceClient/src/main/java/org/onap/oom/certservice/client/CertServiceClient.java +++ b/certServiceClient/src/main/java/org/onap/oom/certservice/client/CertServiceClient.java @@ -25,6 +25,7 @@ import static org.onap.oom.certservice.client.certification.EncryptionAlgorithmC import java.security.KeyPair; import javax.net.ssl.SSLContext; +import org.onap.oom.certservice.client.api.ExitStatus; import org.onap.oom.certservice.client.api.ExitableException; import org.onap.oom.certservice.client.certification.ArtifactsCreatorProvider; import org.onap.oom.certservice.client.certification.CsrFactory; @@ -36,10 +37,12 @@ import org.onap.oom.certservice.client.configuration.EnvsForCsr; import org.onap.oom.certservice.client.configuration.EnvsForTls; import org.onap.oom.certservice.client.configuration.factory.ClientConfigurationFactory; import org.onap.oom.certservice.client.configuration.factory.CsrConfigurationFactory; +import org.onap.oom.certservice.client.configuration.factory.SanMapper; import org.onap.oom.certservice.client.configuration.factory.SslContextFactory; import org.onap.oom.certservice.client.configuration.model.ClientConfiguration; import org.onap.oom.certservice.client.configuration.model.CsrConfiguration; -import org.onap.oom.certservice.client.configuration.validation.ValidatorsFactory; +import org.onap.oom.certservice.client.configuration.validation.client.OutputTypeValidator; +import org.onap.oom.certservice.client.configuration.validation.csr.CommonNameValidator; import org.onap.oom.certservice.client.httpclient.CloseableHttpsClientProvider; import org.onap.oom.certservice.client.httpclient.HttpClient; import org.onap.oom.certservice.client.httpclient.model.CertServiceResponse; @@ -60,12 +63,11 @@ public class CertServiceClient { KeyPairFactory keyPairFactory = new KeyPairFactory(RSA_ENCRYPTION_ALGORITHM, KEY_SIZE); PrivateKeyToPemEncoder pkEncoder = new PrivateKeyToPemEncoder(); Base64Encoder base64Encoder = new Base64Encoder(); - ValidatorsFactory validatorsFactory = new ValidatorsFactory(); try { ClientConfiguration clientConfiguration = new ClientConfigurationFactory(new EnvsForClient(), - validatorsFactory).create(); - CsrConfiguration csrConfiguration = new CsrConfigurationFactory(new EnvsForCsr(), validatorsFactory) - .create(); + new OutputTypeValidator()).create(); + CsrConfiguration csrConfiguration = new CsrConfigurationFactory(new EnvsForCsr(), new CommonNameValidator(), + new SanMapper()).create(); KeyPair keyPair = keyPairFactory.create(); CsrFactory csrFactory = new CsrFactory(csrConfiguration); SSLContext sslContext = new SslContextFactory(new EnvsForTls()).create(); @@ -90,6 +92,9 @@ public class CertServiceClient { } catch (ExitableException e) { LOGGER.error("Cert Service Client fails in execution: ", e); appExitHandler.exit(e.applicationExitStatus()); + } catch (Exception e) { + LOGGER.error("Application failed (unexpected error): ", e); + appExitHandler.exit(ExitStatus.UNEXPECTED_EXCEPTION); } appExitHandler.exit(SUCCESS); } diff --git a/certServiceClient/src/main/java/org/onap/oom/certservice/client/api/ExitStatus.java b/certServiceClient/src/main/java/org/onap/oom/certservice/client/api/ExitStatus.java index 1b1cc066..8ef79167 100644 --- a/certServiceClient/src/main/java/org/onap/oom/certservice/client/api/ExitStatus.java +++ b/certServiceClient/src/main/java/org/onap/oom/certservice/client/api/ExitStatus.java @@ -31,7 +31,8 @@ public enum ExitStatus { PEM_CONVERSION_EXCEPTION(7, "Fail in PEM conversion"), PK_TO_PEM_ENCODING_EXCEPTION(8, "Fail in Private Key to PEM Encoding"), TLS_CONFIGURATION_EXCEPTION(9, "Invalid TLS configuration"), - FILE_CREATION_EXCEPTION(10, "File could not be created"); + FILE_CREATION_EXCEPTION(10, "File could not be created"), + UNEXPECTED_EXCEPTION(99, "Application exited abnormally"); private final int value; private final String message; diff --git a/certServiceClient/src/main/java/org/onap/oom/certservice/client/api/ExitableException.java b/certServiceClient/src/main/java/org/onap/oom/certservice/client/api/ExitableException.java index ab7a308b..d488843f 100644 --- a/certServiceClient/src/main/java/org/onap/oom/certservice/client/api/ExitableException.java +++ b/certServiceClient/src/main/java/org/onap/oom/certservice/client/api/ExitableException.java @@ -19,7 +19,7 @@ package org.onap.oom.certservice.client.api; -public abstract class ExitableException extends Exception { +public abstract class ExitableException extends RuntimeException { public ExitableException(Throwable cause) { super(cause); } diff --git a/certServiceClient/src/main/java/org/onap/oom/certservice/client/certification/CsrFactory.java b/certServiceClient/src/main/java/org/onap/oom/certservice/client/certification/CsrFactory.java index 04216ff4..1215e699 100644 --- a/certServiceClient/src/main/java/org/onap/oom/certservice/client/certification/CsrFactory.java +++ b/certServiceClient/src/main/java/org/onap/oom/certservice/client/certification/CsrFactory.java @@ -48,6 +48,7 @@ import org.bouncycastle.pkcs.PKCS10CertificationRequest; import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder; import org.onap.oom.certservice.client.certification.exception.CsrGenerationException; import org.onap.oom.certservice.client.configuration.model.CsrConfiguration; +import org.onap.oom.certservice.client.configuration.model.San; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -140,9 +141,9 @@ public class CsrFactory { } private GeneralNames createGeneralNames() { - List sans = this.configuration.getSans(); + List sans = this.configuration.getSans(); GeneralName[] generalNames = sans.stream() - .map(san -> new GeneralName(GeneralName.dNSName, san)) + .map(san -> new GeneralName(san.getType(), san.getValue())) .collect(Collectors.toList()) .toArray(GeneralName[]::new); return new GeneralNames(generalNames); diff --git a/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/factory/ClientConfigurationFactory.java b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/factory/ClientConfigurationFactory.java index 9f3ae9cc..f1541b04 100644 --- a/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/factory/ClientConfigurationFactory.java +++ b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/factory/ClientConfigurationFactory.java @@ -25,8 +25,8 @@ import org.onap.oom.certservice.client.configuration.ClientConfigurationEnvs; import org.onap.oom.certservice.client.configuration.EnvsForClient; import org.onap.oom.certservice.client.configuration.exception.ClientConfigurationException; import org.onap.oom.certservice.client.configuration.model.ClientConfiguration; -import org.onap.oom.certservice.client.configuration.validation.BasicValidationFunctions; -import org.onap.oom.certservice.client.configuration.validation.ValidatorsFactory; +import org.onap.oom.certservice.client.configuration.validation.client.ClientEnvsValueValidators; +import org.onap.oom.certservice.client.configuration.validation.client.OutputTypeValidator; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -34,12 +34,12 @@ public class ClientConfigurationFactory implements ConfigurationFactory configuration.setRequestTimeoutInMs(Integer.valueOf(timeout))); envsForClient.getOutputPath() - .filter(BasicValidationFunctions::isPathValid) + .filter(ClientEnvsValueValidators::isPathValid) .map(configuration::setCertsOutputPath) .orElseThrow(() -> new ClientConfigurationException(ClientConfigurationEnvs.OUTPUT_PATH + " is invalid.")); envsForClient.getCaName() - .filter(BasicValidationFunctions::isAlphaNumeric) + .filter(ClientEnvsValueValidators::isAlphaNumeric) .map(configuration::setCaName) .orElseThrow(() -> new ClientConfigurationException(ClientConfigurationEnvs.CA_NAME + " is invalid.")); Optional outputType = envsForClient.getOutputType(); if (outputType.isPresent()) { - outputType.filter(validatorsFactory.outputTypeValidator()) + outputType.filter(outputTypeValidator) .map(configuration::setOutputType) .orElseThrow( () -> new ClientConfigurationException(ClientConfigurationEnvs.OUTPUT_TYPE + " is invalid.")); diff --git a/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/factory/CsrConfigurationFactory.java b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/factory/CsrConfigurationFactory.java index d050a2a3..48ead884 100644 --- a/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/factory/CsrConfigurationFactory.java +++ b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/factory/CsrConfigurationFactory.java @@ -20,15 +20,16 @@ package org.onap.oom.certservice.client.configuration.factory; -import static org.onap.oom.certservice.client.configuration.validation.BasicValidationFunctions.isSpecialCharPresent; +import static org.onap.oom.certservice.client.configuration.validation.csr.CsrEnvsValueValidators.isSpecialCharPresent; import java.util.Arrays; +import java.util.stream.Collectors; import org.onap.oom.certservice.client.configuration.CsrConfigurationEnvs; import org.onap.oom.certservice.client.configuration.EnvsForCsr; import org.onap.oom.certservice.client.configuration.exception.CsrConfigurationException; import org.onap.oom.certservice.client.configuration.model.CsrConfiguration; -import org.onap.oom.certservice.client.configuration.validation.BasicValidationFunctions; -import org.onap.oom.certservice.client.configuration.validation.ValidatorsFactory; +import org.onap.oom.certservice.client.configuration.validation.csr.CommonNameValidator; +import org.onap.oom.certservice.client.configuration.validation.csr.CsrEnvsValueValidators; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -39,11 +40,14 @@ public class CsrConfigurationFactory implements ConfigurationFactory new CsrConfigurationException(CsrConfigurationEnvs.COMMON_NAME + " is invalid.")); + .filter(commonNameValidator) + .map(configuration::setCommonName) + .orElseThrow(() -> new CsrConfigurationException(CsrConfigurationEnvs.COMMON_NAME + " is invalid.")); envsForCsr.getOrganization() - .filter(org -> !isSpecialCharPresent(org)) - .map(configuration::setOrganization) - .orElseThrow(() -> new CsrConfigurationException(CsrConfigurationEnvs.ORGANIZATION + " is invalid.")); + .filter(org -> !isSpecialCharPresent(org)) + .map(configuration::setOrganization) + .orElseThrow(() -> new CsrConfigurationException(CsrConfigurationEnvs.ORGANIZATION + " is invalid.")); envsForCsr.getState() - .map(configuration::setState) - .orElseThrow(() -> new CsrConfigurationException(CsrConfigurationEnvs.STATE + " is invalid.")); + .map(configuration::setState) + .orElseThrow(() -> new CsrConfigurationException(CsrConfigurationEnvs.STATE + " is invalid.")); envsForCsr.getCountry() - .filter(BasicValidationFunctions::isCountryValid) - .map(configuration::setCountry) - .orElseThrow(() -> new CsrConfigurationException(CsrConfigurationEnvs.COUNTRY + " is invalid.")); + .filter(CsrEnvsValueValidators::isCountryValid) + .map(configuration::setCountry) + .orElseThrow(() -> new CsrConfigurationException(CsrConfigurationEnvs.COUNTRY + " is invalid.")); envsForCsr.getOrganizationUnit() - .map(configuration::setOrganizationUnit); + .map(configuration::setOrganizationUnit); envsForCsr.getLocation() - .map(configuration::setLocation); + .map(configuration::setLocation); envsForCsr.getSubjectAlternativesName() .map(sans -> Arrays.asList(sans.split(SANS_DELIMITER))) - .map(configuration::setSubjectAlternativeNames); + .map(list -> list.stream().map(sanMapper).collect(Collectors.toList())) + .map(configuration::setSans); LOGGER.info("Successful validation of CSR configuration. Configuration data: {}", configuration.toString()); diff --git a/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/factory/SanMapper.java b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/factory/SanMapper.java new file mode 100644 index 00000000..f76bd572 --- /dev/null +++ b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/factory/SanMapper.java @@ -0,0 +1,48 @@ +/* + * ============LICENSE_START======================================================= + * oom-certservice-client + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.client.configuration.factory; + +import static org.onap.oom.certservice.client.configuration.validation.csr.CsrEnvsValueValidators.isDomainNameValid; +import static org.onap.oom.certservice.client.configuration.validation.csr.CsrEnvsValueValidators.isEmailAddressValid; +import static org.onap.oom.certservice.client.configuration.validation.csr.CsrEnvsValueValidators.isIpAddressValid; +import static org.onap.oom.certservice.client.configuration.validation.csr.CsrEnvsValueValidators.isUriValid; + +import java.util.function.Function; +import org.bouncycastle.asn1.x509.GeneralName; +import org.onap.oom.certservice.client.configuration.exception.CsrConfigurationException; +import org.onap.oom.certservice.client.configuration.model.San; + +public class SanMapper implements Function { + + public San apply(String san) { + if (isEmailAddressValid(san)) { + return new San(san, GeneralName.rfc822Name); + } else if (isIpAddressValid(san)) { + return new San(san, GeneralName.iPAddress); + } else if (isDomainNameValid(san)) { + return new San(san, GeneralName.dNSName); + } else if (isUriValid(san)) { + return new San(san, GeneralName.uniformResourceIdentifier); + } else { + throw new CsrConfigurationException("SAN :" + san + " does not match any requirements"); + } + } +} diff --git a/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/model/CsrConfiguration.java b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/model/CsrConfiguration.java index 382d1ffc..3f77d259 100644 --- a/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/model/CsrConfiguration.java +++ b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/model/CsrConfiguration.java @@ -32,7 +32,7 @@ public class CsrConfiguration implements ConfigurationModel { private String country; private String organizationUnit; private String location; - private List sans; + private List sans; public String getCommonName() { @@ -89,11 +89,11 @@ public class CsrConfiguration implements ConfigurationModel { return this; } - public List getSans() { + public List getSans() { return sans; } - public CsrConfiguration setSubjectAlternativeNames(List subjectAlternativeNames) { + public CsrConfiguration setSans(List subjectAlternativeNames) { this.sans = List.copyOf(subjectAlternativeNames); return this; } diff --git a/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/model/San.java b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/model/San.java new file mode 100644 index 00000000..5ca36246 --- /dev/null +++ b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/model/San.java @@ -0,0 +1,73 @@ +/* + * ============LICENSE_START======================================================= + * oom-certservice-client + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.client.configuration.model; + +import java.util.Objects; + +public final class San { + + private final String value; + private final int type; + + public San(String value, int type) { + this.value = value; + this.type = type; + } + + public String getValue() { + return value; + } + + public int getType() { + return type; + } + + public String toString() { + return "{SAN value: " + value + ", type: " + getReadableType(type) + '}'; + } + + public boolean equals(Object o) { + if (this == o) { + return true; + } + if (o == null || getClass() != o.getClass()) { + return false; + } + San san1 = (San) o; + return type == san1.type && + Objects.equals(value, san1.value); + } + + public int hashCode() { + return Objects.hash(value, type); + } + + private String getReadableType(int type) { + String readableType = "undefined"; + switch (type) { + case 1: readableType = "rfc822Name"; break; + case 2: readableType = "dNSName"; break; + case 6: readableType = "uniformResourceIdentifier"; break; + case 7: readableType = "iPAddress"; break; + } + return readableType; + } +} diff --git a/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/BasicValidationFunctions.java b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/BasicValidationFunctions.java deleted file mode 100644 index e5044c26..00000000 --- a/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/BasicValidationFunctions.java +++ /dev/null @@ -1,57 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * oom-certservice-client - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.oom.certservice.client.configuration.validation; - -import java.util.Arrays; -import java.util.Locale; -import java.util.regex.Pattern; - -public class BasicValidationFunctions { - - public static boolean isPathValid(String path) { - return path.matches("^/|(/[a-zA-Z0-9_-]+)+/?$"); - } - - public static boolean isAlphaNumeric(String caName) { - return caName.matches("^[a-zA-Z0-9]*$"); - } - - public static boolean isSpecialCharPresent(String stringToCheck) { - return Pattern.compile("[~#@*$+%!()?/{}<>\\|_^]").matcher(stringToCheck).find(); - } - - public static boolean isPortNumberPresent(String stringToCheck) { - return Pattern.compile(":[0-9]{1,5}").matcher(stringToCheck).find(); - } - - public static boolean isIpAddressPresent(String stringToCheck) { - return Pattern.compile("[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}").matcher(stringToCheck).find(); - } - - public static boolean isHttpProtocolsPresent(String stringToCheck) { - return Pattern.compile("[h][t][t][p][:][/][/]|[h][t][t][p][s][:][/][/]").matcher(stringToCheck).find(); - } - - public static boolean isCountryValid(String country) { - return Arrays.asList(Locale.getISOCountries()).contains(country); - } - -} diff --git a/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/UriValidator.java b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/UriValidator.java deleted file mode 100644 index 7800d739..00000000 --- a/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/UriValidator.java +++ /dev/null @@ -1,69 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * oom-certservice-client - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.oom.certservice.client.configuration.validation; - -/** - * Compliant with the RFC3986 - */ -public final class UriValidator { - - private UriValidator() { - } - - private static final String SCHEME = "([A-Za-z][A-Za-z0-9+\\-.]*):"; - - private static final String OR = "|"; - - private static final String AUTHORITY_WITH_PATH = "?:(//)(?:((?:[A-Za-z0-9\\-._~!$&'()*+,;=:]|%[0-9A-Fa-f]{2})*)" - + "@)?((?:\\[(?:(?:(?:(?:[0-9A-Fa-f]{1,4}:){6}|::(?:[0-9A-Fa-f]{1,4}:){5}|(?:[0-9A-Fa-f]{1,4})?::" - + "(?:[0-9A-Fa-f]{1,4}:){4}|(?:(?:[0-9A-Fa-f]{1,4}:){0,1}[0-9A-Fa-f]{1,4})?::(?:[0-9A-Fa-f]{1,4}:){3}|(?:" - + "(?:[0-9A-Fa-f]{1,4}:){0,2}[0-9A-Fa-f]{1,4})?::(?:[0-9A-Fa-f]{1,4}:){2}|(?:(?:[0-9A-Fa-f]{1,4}:){0," - + "3}[0-9A-Fa-f]{1,4})?::[0-9A-Fa-f]{1,4}:|(?:(?:[0-9A-Fa-f]{1,4}:){0,4}[0-9A-Fa-f]{1,4})?::)" - + "(?:[0-9A-Fa-f]{1,4}:[0-9A-Fa-f]{1,4}|(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}" - + "(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))|(?:(?:[0-9A-Fa-f]{1,4}:){0,5}[0-9A-Fa-f]{1,4})?::[0-9A-Fa-f]{1," - + "4}|(?:(?:[0-9A-Fa-f]{1,4}:){0,6}[0-9A-Fa-f]{1,4})?::)|[Vv][0-9A-Fa-f]+\\.[A-Za-z0-9\\-._~!$&'()*+,;=:]+)" - + "\\]|(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)|" - + "(?:[A-Za-z0-9\\-._~!$&'()*+,;=]|%[0-9A-Fa-f]{2})*))(?::([0-9]*))?((?:/(?:[A-Za-z0-9\\-._~!$&'()*+,;" - + "=:@]|%[0-9A-Fa-f]{2})*)*)"; - - private static final String PATH_BEGIN_WITH_SLASH = "/((?:(?:[A-Za-z0-9\\-._~!$&'()*+,;=:@]|%[0-9A-Fa-f]{2})+(?:/" - + "(?:[A-Za-z0-9\\-._~!$&'()*+,;=:@]|%[0-9A-Fa-f]{2})*)*)?)"; - - private static final String PATH_WITHOUT_SLASH = "((?:[A-Za-z0-9\\-._~!$&'()*+,;=:@]|%[0-9A-Fa-f]{2})+(?:/" - + "(?:[A-Za-z0-9\\-._~!$&'()*+,;=:@]|%[0-9A-Fa-f]{2})*)*)"; - - private static final String QUERY = "(?:\\?((?:[A-Za-z0-9\\-._~!$&'()*+,;=:@/?]|%[0-9A-Fa-f]{2})*))?"; - - private static final String FRAGMENT = "(?:\\#((?:[A-Za-z0-9\\-._~!$&'()*+,;=:@/?]|%[0-9A-Fa-f]{2})*))?"; - - /** - * URI = scheme ":" hier-part [ "?" query ] [ "#" fragment ] - *

- * hier-part = "//" authority path-abempty / path-absolute / path-rootless / path-empty - */ - private static final String RFC3986_URI_MATCH_PATTERN = - SCHEME + "(" + AUTHORITY_WITH_PATH + OR + PATH_BEGIN_WITH_SLASH + OR + PATH_WITHOUT_SLASH + OR + "" + ")" - + QUERY + FRAGMENT; - - public static boolean isValidUri(String uri) { - return uri.matches(RFC3986_URI_MATCH_PATTERN); - } -} diff --git a/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/ValidatorsFactory.java b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/ValidatorsFactory.java deleted file mode 100644 index 8eeac74a..00000000 --- a/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/ValidatorsFactory.java +++ /dev/null @@ -1,51 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * oom-certservice-client - * ================================================================================ - * Copyright (C) 2020 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.oom.certservice.client.configuration.validation; - -import static org.onap.oom.certservice.client.configuration.validation.BasicValidationFunctions.isHttpProtocolsPresent; -import static org.onap.oom.certservice.client.configuration.validation.BasicValidationFunctions.isIpAddressPresent; -import static org.onap.oom.certservice.client.configuration.validation.BasicValidationFunctions.isPortNumberPresent; -import static org.onap.oom.certservice.client.configuration.validation.BasicValidationFunctions.isSpecialCharPresent; - -import java.util.Arrays; -import java.util.function.Predicate; -import org.onap.oom.certservice.client.certification.ArtifactsCreatorProvider; - -public class ValidatorsFactory { - - public Predicate commonNameValidator() { - return commonName -> - !isSpecialCharPresent(commonName) - && !isHttpProtocolsPresent(commonName) - && !isIpAddressPresent(commonName) - && !isPortNumberPresent(commonName); - } - - public Predicate outputTypeValidator() { - return outputType -> Arrays.stream(ArtifactsCreatorProvider.values()) - .map(ArtifactsCreatorProvider::toString) - .anyMatch(name -> name.equals(outputType)); - } - - public Predicate uriValidator() { - return UriValidator::isValidUri; - } -} diff --git a/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/client/ClientEnvsValueValidators.java b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/client/ClientEnvsValueValidators.java new file mode 100644 index 00000000..503b7e46 --- /dev/null +++ b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/client/ClientEnvsValueValidators.java @@ -0,0 +1,33 @@ +/* + * ============LICENSE_START======================================================= + * oom-certservice-client + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.oom.certservice.client.configuration.validation.client; + +public final class ClientEnvsValueValidators { + private static final String ALPHA_NUMERIC_REGEX = "^[a-zA-Z0-9]*$"; + private static final String VALID_PATH_REGEX = "^/|(/[a-zA-Z0-9_-]+)+/?$"; + + public static boolean isAlphaNumeric(String caName) { + return caName.matches(ALPHA_NUMERIC_REGEX); + } + + public static boolean isPathValid(String path) { + return path.matches(VALID_PATH_REGEX); + } +} diff --git a/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/client/OutputTypeValidator.java b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/client/OutputTypeValidator.java new file mode 100644 index 00000000..6b737e26 --- /dev/null +++ b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/client/OutputTypeValidator.java @@ -0,0 +1,35 @@ +/* + * ============LICENSE_START======================================================= + * oom-certservice-client + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.client.configuration.validation.client; + +import java.util.Arrays; +import java.util.function.Predicate; +import org.onap.oom.certservice.client.certification.ArtifactsCreatorProvider; + +public class OutputTypeValidator implements Predicate { + + public boolean test(String outputType) { + return Arrays.stream(ArtifactsCreatorProvider.values()) + .map(ArtifactsCreatorProvider::toString) + .anyMatch(name -> name.equals(outputType)); + } + +} diff --git a/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/csr/CommonNameValidator.java b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/csr/CommonNameValidator.java new file mode 100644 index 00000000..a5244466 --- /dev/null +++ b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/csr/CommonNameValidator.java @@ -0,0 +1,53 @@ +/* + * ============LICENSE_START======================================================= + * oom-certservice-client + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.client.configuration.validation.csr; + +import static org.onap.oom.certservice.client.configuration.validation.csr.CsrEnvsValueValidators.isSpecialCharPresent; + +import java.util.function.Predicate; +import java.util.regex.Pattern; + +public final class CommonNameValidator implements Predicate { + + private static final String PORT_POSTFIX_REGEX = ":[0-9]{1,5}"; + private static final String IPV4_ADDRESS_REGEX = "[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}"; + private static final String HTTP_HTTPS_SCHEME_REGEX = "[h][t][t][p][:][/][/]|[h][t][t][p][s][:][/][/]"; + + public boolean test(String commonName) { + return !isSpecialCharPresent(commonName) + && !isHttpProtocolsPresent(commonName) + && !isIpAddressPresent(commonName) + && !isPortNumberPresent(commonName); + } + + private boolean isPortNumberPresent(String stringToCheck) { + return Pattern.compile(PORT_POSTFIX_REGEX).matcher(stringToCheck).find(); + } + + private boolean isIpAddressPresent(String stringToCheck) { + return Pattern.compile(IPV4_ADDRESS_REGEX).matcher(stringToCheck).find(); + } + + private boolean isHttpProtocolsPresent(String stringToCheck) { + return Pattern.compile(HTTP_HTTPS_SCHEME_REGEX).matcher(stringToCheck).find(); + } + +} diff --git a/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/csr/CsrEnvsValueValidators.java b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/csr/CsrEnvsValueValidators.java new file mode 100644 index 00000000..31903a98 --- /dev/null +++ b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/csr/CsrEnvsValueValidators.java @@ -0,0 +1,62 @@ +/* + * ============LICENSE_START======================================================= + * oom-certservice-client + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.oom.certservice.client.configuration.validation.csr; + +import java.util.Arrays; +import java.util.Locale; +import java.util.regex.Pattern; +import org.apache.commons.validator.routines.DomainValidator; +import org.apache.commons.validator.routines.EmailValidator; +import org.apache.commons.validator.routines.InetAddressValidator; + +public final class CsrEnvsValueValidators { + + private static final boolean ALLOW_LOCAL_DOMAINS = true; + + private static final String SPECIAL_CHAR_PRESENCE_REGEX = "[~#@*$+%!()?/{}<>\\|_^]"; + + private CsrEnvsValueValidators() { + } + + public static boolean isCountryValid(String country) { + return Arrays.asList(Locale.getISOCountries()).contains(country); + } + + public static boolean isEmailAddressValid(String address) { + return EmailValidator.getInstance().isValid(address); + } + + public static boolean isIpAddressValid(String address) { + return InetAddressValidator.getInstance().isValid(address); + } + + public static boolean isDomainNameValid(String domain) { + return DomainValidator.getInstance(ALLOW_LOCAL_DOMAINS).isValid(domain); + } + + public static boolean isUriValid(String uri) { + return UriValidator.isValid(uri); + } + + public static boolean isSpecialCharPresent(String stringToCheck) { + return Pattern.compile(SPECIAL_CHAR_PRESENCE_REGEX).matcher(stringToCheck).find(); + } +} diff --git a/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/csr/UriValidator.java b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/csr/UriValidator.java new file mode 100644 index 00000000..b8073f42 --- /dev/null +++ b/certServiceClient/src/main/java/org/onap/oom/certservice/client/configuration/validation/csr/UriValidator.java @@ -0,0 +1,69 @@ +/* + * ============LICENSE_START======================================================= + * oom-certservice-client + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.oom.certservice.client.configuration.validation.csr; + +/** + * Compliant with the RFC3986 + */ +final class UriValidator { + + private static final String SCHEME = "([A-Za-z][A-Za-z0-9+\\-.]*):"; + + private static final String OR = "|"; + + private static final String AUTHORITY_WITH_PATH = "?:(//)(?:((?:[A-Za-z0-9\\-._~!$&'()*+,;=:]|%[0-9A-Fa-f]{2})*)" + + "@)?((?:\\[(?:(?:(?:(?:[0-9A-Fa-f]{1,4}:){6}|::(?:[0-9A-Fa-f]{1,4}:){5}|(?:[0-9A-Fa-f]{1,4})?::" + + "(?:[0-9A-Fa-f]{1,4}:){4}|(?:(?:[0-9A-Fa-f]{1,4}:){0,1}[0-9A-Fa-f]{1,4})?::(?:[0-9A-Fa-f]{1,4}:){3}|(?:" + + "(?:[0-9A-Fa-f]{1,4}:){0,2}[0-9A-Fa-f]{1,4})?::(?:[0-9A-Fa-f]{1,4}:){2}|(?:(?:[0-9A-Fa-f]{1,4}:){0," + + "3}[0-9A-Fa-f]{1,4})?::[0-9A-Fa-f]{1,4}:|(?:(?:[0-9A-Fa-f]{1,4}:){0,4}[0-9A-Fa-f]{1,4})?::)" + + "(?:[0-9A-Fa-f]{1,4}:[0-9A-Fa-f]{1,4}|(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}" + + "(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))|(?:(?:[0-9A-Fa-f]{1,4}:){0,5}[0-9A-Fa-f]{1,4})?::[0-9A-Fa-f]{1," + + "4}|(?:(?:[0-9A-Fa-f]{1,4}:){0,6}[0-9A-Fa-f]{1,4})?::)|[Vv][0-9A-Fa-f]+\\.[A-Za-z0-9\\-._~!$&'()*+,;=:]+)" + + "\\]|(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)|" + + "(?:[A-Za-z0-9\\-._~!$&'()*+,;=]|%[0-9A-Fa-f]{2})*))(?::([0-9]*))?((?:/(?:[A-Za-z0-9\\-._~!$&'()*+,;" + + "=:@]|%[0-9A-Fa-f]{2})*)*)"; + + private static final String PATH_BEGIN_WITH_SLASH = "/((?:(?:[A-Za-z0-9\\-._~!$&'()*+,;=:@]|%[0-9A-Fa-f]{2})+(?:/" + + "(?:[A-Za-z0-9\\-._~!$&'()*+,;=:@]|%[0-9A-Fa-f]{2})*)*)?)"; + + private static final String PATH_WITHOUT_SLASH = "((?:[A-Za-z0-9\\-._~!$&'()*+,;=:@]|%[0-9A-Fa-f]{2})+(?:/" + + "(?:[A-Za-z0-9\\-._~!$&'()*+,;=:@]|%[0-9A-Fa-f]{2})*)*)"; + + private static final String QUERY = "(?:\\?((?:[A-Za-z0-9\\-._~!$&'()*+,;=:@/?]|%[0-9A-Fa-f]{2})*))?"; + + private static final String FRAGMENT = "(?:\\#((?:[A-Za-z0-9\\-._~!$&'()*+,;=:@/?]|%[0-9A-Fa-f]{2})*))?"; + + /** + * URI = scheme ":" hier-part [ "?" query ] [ "#" fragment ] + *

+ * hier-part = "//" authority path-abempty / path-absolute / path-rootless / path-empty + */ + private static final String RFC3986_URI_MATCH_PATTERN = + SCHEME + "(" + AUTHORITY_WITH_PATH + OR + PATH_BEGIN_WITH_SLASH + OR + PATH_WITHOUT_SLASH + OR + "" + ")" + + QUERY + FRAGMENT; + + private UriValidator() { + } + + static boolean isValid(String uri) { + return uri.matches(RFC3986_URI_MATCH_PATTERN); + } +} + -- cgit