diff options
Diffstat (limited to 'common-be/src/main/java/org/openecomp/sdc/be/csar/security')
15 files changed, 29 insertions, 79 deletions
diff --git a/common-be/src/main/java/org/openecomp/sdc/be/csar/security/CertificateManagerImpl.java b/common-be/src/main/java/org/openecomp/sdc/be/csar/security/CertificateManagerImpl.java index 9ec8ea864e..7323eae690 100644 --- a/common-be/src/main/java/org/openecomp/sdc/be/csar/security/CertificateManagerImpl.java +++ b/common-be/src/main/java/org/openecomp/sdc/be/csar/security/CertificateManagerImpl.java @@ -16,7 +16,6 @@ * SPDX-License-Identifier: Apache-2.0 * ============LICENSE_END========================================================= */ - package org.openecomp.sdc.be.csar.security; import java.io.File; @@ -47,21 +46,16 @@ import org.springframework.stereotype.Component; @Component public class CertificateManagerImpl implements CertificateManager { + public static final String CERT_DIR_ENV_VARIABLE = "SDC_CERT_DIR"; private static final Logger LOGGER = LoggerFactory.getLogger(CertificateManagerImpl.class); - private final PrivateKeyReader privateKeyReader; private final CertificateReader certificateReader; private final Environment environment; - + private final Map<String, CertificateInfo> certificateMap = new HashMap<>(); private Path certificateDirectoryPath; private File certificateDirectory; - private final Map<String, CertificateInfo> certificateMap = new HashMap<>(); - public static final String CERT_DIR_ENV_VARIABLE = "SDC_CERT_DIR"; - - public CertificateManagerImpl(final PrivateKeyReader privateKeyReader, - final CertificateReader certificateReader, - final Environment environment) { + public CertificateManagerImpl(final PrivateKeyReader privateKeyReader, final CertificateReader certificateReader, final Environment environment) { this.certificateReader = certificateReader; this.privateKeyReader = privateKeyReader; this.environment = environment; @@ -72,7 +66,6 @@ public class CertificateManagerImpl implements CertificateManager { if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) { Security.addProvider(new BouncyCastleProvider()); } - final String certificateDir = environment.getProperty(CERT_DIR_ENV_VARIABLE); if (certificateDir == null) { LOGGER.warn("Environment variable '{}' was not provided. Could not load certificates.", CERT_DIR_ENV_VARIABLE); @@ -81,8 +74,8 @@ public class CertificateManagerImpl implements CertificateManager { try { this.certificateDirectoryPath = Paths.get(certificateDir); } catch (final Exception e) { - LOGGER.error("Invalid path '{}' provided in the environment variable '{}'. Could not load certificates.", - certificateDir, CERT_DIR_ENV_VARIABLE, e); + LOGGER.error("Invalid path '{}' provided in the environment variable '{}'. Could not load certificates.", certificateDir, + CERT_DIR_ENV_VARIABLE, e); return; } try { @@ -104,49 +97,37 @@ public class CertificateManagerImpl implements CertificateManager { LOGGER.warn("Certificate directory is empty. No trusted certificate found."); return; } - - final List<File> certFileList = Arrays.stream(files) - .filter(file -> "cert".equals(FilenameUtils.getExtension(file.getName()))) + final List<File> certFileList = Arrays.stream(files).filter(file -> "cert".equals(FilenameUtils.getExtension(file.getName()))) .collect(Collectors.toList()); - final List<File> keyFileList = Arrays.stream(files) - .filter(file -> "key".equals(FilenameUtils.getExtension(file.getName()))) + final List<File> keyFileList = Arrays.stream(files).filter(file -> "key".equals(FilenameUtils.getExtension(file.getName()))) .collect(Collectors.toList()); - if (certFileList.isEmpty()) { LOGGER.error("Certificate directory is empty. No trusted certificate found."); return; } - certFileList.forEach(certFile -> { final String baseFileName = FilenameUtils.getBaseName(certFile.getName()); final Certificate certificate = loadCertificate(certFile); - final Optional<File> keyFileOptional = keyFileList.stream().filter( - keyFile1 -> FilenameUtils.getBaseName(keyFile1.getName()) - .equals(baseFileName)).findFirst(); - keyFileOptional.ifPresentOrElse( - keyFile -> { - final CertificateInfoImpl certificateInfo = - new CertificateInfoImpl(certFile, certificate, keyFile, loadPrivateKey(keyFile)); - if (certificateInfo.isValid()) { - certificateMap.put(baseFileName, certificateInfo); - } - }, - () -> { - final CertificateInfoImpl certificateInfo = new CertificateInfoImpl(certFile, certificate); - if (certificateInfo.isValid()) { - certificateMap.put(baseFileName, new CertificateInfoImpl(certFile, certificate)); - } + final Optional<File> keyFileOptional = keyFileList.stream() + .filter(keyFile1 -> FilenameUtils.getBaseName(keyFile1.getName()).equals(baseFileName)).findFirst(); + keyFileOptional.ifPresentOrElse(keyFile -> { + final CertificateInfoImpl certificateInfo = new CertificateInfoImpl(certFile, certificate, keyFile, loadPrivateKey(keyFile)); + if (certificateInfo.isValid()) { + certificateMap.put(baseFileName, certificateInfo); + } + }, () -> { + final CertificateInfoImpl certificateInfo = new CertificateInfoImpl(certFile, certificate); + if (certificateInfo.isValid()) { + certificateMap.put(baseFileName, new CertificateInfoImpl(certFile, certificate)); } - ); + }); }); } private void loadCertificateDirectory() { final File file = certificateDirectoryPath.toFile(); if (!file.exists() || !file.isDirectory()) { - final String errorMsg = - String.format("Provided certificate path '%s' is not a directory or does not exist", - certificateDirectoryPath); + final String errorMsg = String.format("Provided certificate path '%s' is not a directory or does not exist", certificateDirectoryPath); throw new CertificateNotFoundException(errorMsg); } this.certificateDirectory = file; diff --git a/common-be/src/main/java/org/openecomp/sdc/be/csar/security/PrivateKeyReaderImpl.java b/common-be/src/main/java/org/openecomp/sdc/be/csar/security/PrivateKeyReaderImpl.java index a6ee61d680..d042ef0dd0 100644 --- a/common-be/src/main/java/org/openecomp/sdc/be/csar/security/PrivateKeyReaderImpl.java +++ b/common-be/src/main/java/org/openecomp/sdc/be/csar/security/PrivateKeyReaderImpl.java @@ -16,7 +16,6 @@ * SPDX-License-Identifier: Apache-2.0 * ============LICENSE_END========================================================= */ - package org.openecomp.sdc.be.csar.security; import java.io.File; @@ -49,5 +48,4 @@ public class PrivateKeyReaderImpl implements PrivateKeyReader { final String errorMsg = "Could not load the private key from given file '%s'. Unsupported format."; throw new UnsupportedKeyFormatException(String.format(errorMsg, privateKeyFile)); } - } diff --git a/common-be/src/main/java/org/openecomp/sdc/be/csar/security/Sha256WithRsaCmsContentSigner.java b/common-be/src/main/java/org/openecomp/sdc/be/csar/security/Sha256WithRsaCmsContentSigner.java index 7b7273e810..ef0315dd84 100644 --- a/common-be/src/main/java/org/openecomp/sdc/be/csar/security/Sha256WithRsaCmsContentSigner.java +++ b/common-be/src/main/java/org/openecomp/sdc/be/csar/security/Sha256WithRsaCmsContentSigner.java @@ -16,7 +16,6 @@ * SPDX-License-Identifier: Apache-2.0 * ============LICENSE_END========================================================= */ - package org.openecomp.sdc.be.csar.security; import java.io.IOException; @@ -48,24 +47,17 @@ import org.springframework.stereotype.Component; public class Sha256WithRsaCmsContentSigner implements CmsContentSigner { @Override - public byte[] signData(final byte[] data, final Certificate signingCertificate, final Key signingKey) - throws CmsSignatureException { - + public byte[] signData(final byte[] data, final Certificate signingCertificate, final Key signingKey) throws CmsSignatureException { final CMSTypedData cmsData = new CMSProcessableByteArray(data); final JcaCertStore certStore = createCertificateStore(signingCertificate); try { - final ContentSigner contentSigner - = new JcaContentSignerBuilder("SHA256withRSA") - .setProvider(BouncyCastleProvider.PROVIDER_NAME).build((PrivateKey) signingKey); - + final ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256withRSA").setProvider(BouncyCastleProvider.PROVIDER_NAME) + .build((PrivateKey) signingKey); final CMSSignedDataGenerator cmsGenerator = new CMSSignedDataGenerator(); cmsGenerator.addSignerInfoGenerator( - new JcaSignerInfoGeneratorBuilder( - new JcaDigestCalculatorProviderBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME).build() - ).build(contentSigner, (X509Certificate) signingCertificate) - ); + new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME).build()) + .build(contentSigner, (X509Certificate) signingCertificate)); cmsGenerator.addCertificates(certStore); - final CMSSignedData cms = cmsGenerator.generate(cmsData, false); return cms.getEncoded(); } catch (final Exception e) { @@ -89,10 +81,8 @@ public class Sha256WithRsaCmsContentSigner implements CmsContentSigner { try { return new JcaCertStore(Collections.singletonList(signingCertificate)); } catch (final CertificateEncodingException e) { - final String errorMsg = String - .format("Could not create certificate store from certificate '%s'", signingCertificate); + final String errorMsg = String.format("Could not create certificate store from certificate '%s'", signingCertificate); throw new CmsSignatureException(errorMsg, e); } } - } diff --git a/common-be/src/main/java/org/openecomp/sdc/be/csar/security/X509CertificateReader.java b/common-be/src/main/java/org/openecomp/sdc/be/csar/security/X509CertificateReader.java index b8e95e7b18..a0f4226cd1 100644 --- a/common-be/src/main/java/org/openecomp/sdc/be/csar/security/X509CertificateReader.java +++ b/common-be/src/main/java/org/openecomp/sdc/be/csar/security/X509CertificateReader.java @@ -16,7 +16,6 @@ * SPDX-License-Identifier: Apache-2.0 * ============LICENSE_END========================================================= */ - package org.openecomp.sdc.be.csar.security; import java.io.File; @@ -53,5 +52,4 @@ public class X509CertificateReader implements CertificateReader { final CertificateFactory factory = CertificateFactory.getInstance("X.509"); return factory.generateCertificate(certificateInputStream); } - } diff --git a/common-be/src/main/java/org/openecomp/sdc/be/csar/security/api/CertificateManager.java b/common-be/src/main/java/org/openecomp/sdc/be/csar/security/api/CertificateManager.java index 53437f399f..2a1a702118 100644 --- a/common-be/src/main/java/org/openecomp/sdc/be/csar/security/api/CertificateManager.java +++ b/common-be/src/main/java/org/openecomp/sdc/be/csar/security/api/CertificateManager.java @@ -16,7 +16,6 @@ * SPDX-License-Identifier: Apache-2.0 * ============LICENSE_END========================================================= */ - package org.openecomp.sdc.be.csar.security.api; import java.util.Optional; @@ -25,5 +24,4 @@ import org.openecomp.sdc.be.csar.security.api.model.CertificateInfo; public interface CertificateManager { Optional<CertificateInfo> getCertificate(String certName); - } diff --git a/common-be/src/main/java/org/openecomp/sdc/be/csar/security/api/CertificateReader.java b/common-be/src/main/java/org/openecomp/sdc/be/csar/security/api/CertificateReader.java index 4c32fa1cee..62b36904c1 100644 --- a/common-be/src/main/java/org/openecomp/sdc/be/csar/security/api/CertificateReader.java +++ b/common-be/src/main/java/org/openecomp/sdc/be/csar/security/api/CertificateReader.java @@ -16,7 +16,6 @@ * SPDX-License-Identifier: Apache-2.0 * ============LICENSE_END========================================================= */ - package org.openecomp.sdc.be.csar.security.api; import java.io.File; diff --git a/common-be/src/main/java/org/openecomp/sdc/be/csar/security/api/CmsContentSigner.java b/common-be/src/main/java/org/openecomp/sdc/be/csar/security/api/CmsContentSigner.java index 37bd988e50..0bd056fede 100644 --- a/common-be/src/main/java/org/openecomp/sdc/be/csar/security/api/CmsContentSigner.java +++ b/common-be/src/main/java/org/openecomp/sdc/be/csar/security/api/CmsContentSigner.java @@ -16,7 +16,6 @@ * SPDX-License-Identifier: Apache-2.0 * ============LICENSE_END========================================================= */ - package org.openecomp.sdc.be.csar.security.api; import java.security.Key; @@ -25,8 +24,7 @@ import org.openecomp.sdc.be.csar.security.exception.CmsSignatureException; public interface CmsContentSigner { - byte[] signData(byte[] data, Certificate signingCertificate, Key signingKey) - throws CmsSignatureException; + byte[] signData(byte[] data, Certificate signingCertificate, Key signingKey) throws CmsSignatureException; String formatToPemSignature(byte[] signedData) throws CmsSignatureException; } diff --git a/common-be/src/main/java/org/openecomp/sdc/be/csar/security/api/PrivateKeyReader.java b/common-be/src/main/java/org/openecomp/sdc/be/csar/security/api/PrivateKeyReader.java index 3e8c406b74..2650eb5455 100644 --- a/common-be/src/main/java/org/openecomp/sdc/be/csar/security/api/PrivateKeyReader.java +++ b/common-be/src/main/java/org/openecomp/sdc/be/csar/security/api/PrivateKeyReader.java @@ -16,7 +16,6 @@ * SPDX-License-Identifier: Apache-2.0 * ============LICENSE_END========================================================= */ - package org.openecomp.sdc.be.csar.security.api; import java.io.File; diff --git a/common-be/src/main/java/org/openecomp/sdc/be/csar/security/api/model/CertificateInfo.java b/common-be/src/main/java/org/openecomp/sdc/be/csar/security/api/model/CertificateInfo.java index 5b234cc661..7fe425c23a 100644 --- a/common-be/src/main/java/org/openecomp/sdc/be/csar/security/api/model/CertificateInfo.java +++ b/common-be/src/main/java/org/openecomp/sdc/be/csar/security/api/model/CertificateInfo.java @@ -16,7 +16,6 @@ * SPDX-License-Identifier: Apache-2.0 * ============LICENSE_END========================================================= */ - package org.openecomp.sdc.be.csar.security.api.model; import java.io.File; @@ -42,5 +41,4 @@ public interface CertificateInfo { * @throws UnsupportedOperationException when the certificate is not supported */ boolean isValid(); - } diff --git a/common-be/src/main/java/org/openecomp/sdc/be/csar/security/exception/CertificateNotFoundException.java b/common-be/src/main/java/org/openecomp/sdc/be/csar/security/exception/CertificateNotFoundException.java index a2175f379c..a37aa6d53c 100644 --- a/common-be/src/main/java/org/openecomp/sdc/be/csar/security/exception/CertificateNotFoundException.java +++ b/common-be/src/main/java/org/openecomp/sdc/be/csar/security/exception/CertificateNotFoundException.java @@ -16,7 +16,6 @@ * SPDX-License-Identifier: Apache-2.0 * ============LICENSE_END========================================================= */ - package org.openecomp.sdc.be.csar.security.exception; public class CertificateNotFoundException extends RuntimeException { diff --git a/common-be/src/main/java/org/openecomp/sdc/be/csar/security/exception/CmsSignatureException.java b/common-be/src/main/java/org/openecomp/sdc/be/csar/security/exception/CmsSignatureException.java index 6bc49d6e4d..8ed0283ebf 100644 --- a/common-be/src/main/java/org/openecomp/sdc/be/csar/security/exception/CmsSignatureException.java +++ b/common-be/src/main/java/org/openecomp/sdc/be/csar/security/exception/CmsSignatureException.java @@ -16,7 +16,6 @@ * SPDX-License-Identifier: Apache-2.0 * ============LICENSE_END========================================================= */ - package org.openecomp.sdc.be.csar.security.exception; public class CmsSignatureException extends Exception { diff --git a/common-be/src/main/java/org/openecomp/sdc/be/csar/security/exception/LoadCertificateException.java b/common-be/src/main/java/org/openecomp/sdc/be/csar/security/exception/LoadCertificateException.java index 3cd10628f5..aaa3f667ea 100644 --- a/common-be/src/main/java/org/openecomp/sdc/be/csar/security/exception/LoadCertificateException.java +++ b/common-be/src/main/java/org/openecomp/sdc/be/csar/security/exception/LoadCertificateException.java @@ -16,7 +16,6 @@ * SPDX-License-Identifier: Apache-2.0 * ============LICENSE_END========================================================= */ - package org.openecomp.sdc.be.csar.security.exception; public class LoadCertificateException extends RuntimeException { diff --git a/common-be/src/main/java/org/openecomp/sdc/be/csar/security/exception/LoadPrivateKeyException.java b/common-be/src/main/java/org/openecomp/sdc/be/csar/security/exception/LoadPrivateKeyException.java index 00681bc842..54b6a60dc0 100644 --- a/common-be/src/main/java/org/openecomp/sdc/be/csar/security/exception/LoadPrivateKeyException.java +++ b/common-be/src/main/java/org/openecomp/sdc/be/csar/security/exception/LoadPrivateKeyException.java @@ -16,7 +16,6 @@ * SPDX-License-Identifier: Apache-2.0 * ============LICENSE_END========================================================= */ - package org.openecomp.sdc.be.csar.security.exception; public class LoadPrivateKeyException extends RuntimeException { diff --git a/common-be/src/main/java/org/openecomp/sdc/be/csar/security/exception/UnsupportedKeyFormatException.java b/common-be/src/main/java/org/openecomp/sdc/be/csar/security/exception/UnsupportedKeyFormatException.java index d30f6f274a..e7b37a7c57 100644 --- a/common-be/src/main/java/org/openecomp/sdc/be/csar/security/exception/UnsupportedKeyFormatException.java +++ b/common-be/src/main/java/org/openecomp/sdc/be/csar/security/exception/UnsupportedKeyFormatException.java @@ -16,7 +16,6 @@ * SPDX-License-Identifier: Apache-2.0 * ============LICENSE_END========================================================= */ - package org.openecomp.sdc.be.csar.security.exception; public class UnsupportedKeyFormatException extends RuntimeException { diff --git a/common-be/src/main/java/org/openecomp/sdc/be/csar/security/model/CertificateInfoImpl.java b/common-be/src/main/java/org/openecomp/sdc/be/csar/security/model/CertificateInfoImpl.java index f7b2fafb3c..49c2c61b69 100644 --- a/common-be/src/main/java/org/openecomp/sdc/be/csar/security/model/CertificateInfoImpl.java +++ b/common-be/src/main/java/org/openecomp/sdc/be/csar/security/model/CertificateInfoImpl.java @@ -16,7 +16,6 @@ * SPDX-License-Identifier: Apache-2.0 * ============LICENSE_END========================================================= */ - package org.openecomp.sdc.be.csar.security.model; import java.io.File; @@ -33,7 +32,6 @@ import org.slf4j.LoggerFactory; public class CertificateInfoImpl implements CertificateInfo { private static final Logger LOGGER = LoggerFactory.getLogger(CertificateInfoImpl.class); - private final String name; private final File certificateFile; private final Certificate certificate; @@ -46,8 +44,7 @@ public class CertificateInfoImpl implements CertificateInfo { this.name = FilenameUtils.getBaseName(certificateFile.getName()); } - public CertificateInfoImpl(final File certificateFile, final Certificate certificate, - final File privateKeyFile, final Key privateKey) { + public CertificateInfoImpl(final File certificateFile, final Certificate certificate, final File privateKeyFile, final Key privateKey) { this(certificateFile, certificate); this.privateKeyFile = privateKeyFile; this.privateKey = privateKey; @@ -55,7 +52,7 @@ public class CertificateInfoImpl implements CertificateInfo { @Override public boolean isValid() { - if("X.509".equals(certificate.getType())) { + if ("X.509".equals(certificate.getType())) { try { ((X509Certificate) certificate).checkValidity(); return true; @@ -66,5 +63,4 @@ public class CertificateInfoImpl implements CertificateInfo { } throw new UnsupportedOperationException(String.format("Certificate type '%s' not supported", certificate.getType())); } - } |