2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2021 Nokia. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package org.onap.oom.certservice.certification;
23 import java.security.cert.CertificateParsingException;
24 import java.security.cert.X509Certificate;
25 import org.bouncycastle.asn1.x500.X500Name;
26 import org.bouncycastle.asn1.x509.GeneralName;
27 import org.onap.oom.certservice.certification.exception.CertificateDecryptionException;
28 import org.onap.oom.certservice.certification.exception.StringToCertificateConversionException;
29 import org.onap.oom.certservice.certification.model.X509CertificateModel;
30 import org.springframework.beans.factory.annotation.Autowired;
31 import org.springframework.stereotype.Service;
34 public class X509CertificateModelFactory {
36 private static final String BEGIN_CERTIFICATE = "-----BEGIN CERTIFICATE-----\n";
37 private static final String END_CERTIFICATE = "-----END CERTIFICATE-----\n";
39 private final PemStringToCertificateConverter pemStringToCertificateConverter;
40 private final X509CertificateParser x509CertificateParser;
43 public X509CertificateModelFactory(PemStringToCertificateConverter pemStringToCertificateConverter,
44 X509CertificateParser x509CertificateParser) {
45 this.pemStringToCertificateConverter = pemStringToCertificateConverter;
46 this.x509CertificateParser = x509CertificateParser;
49 public X509CertificateModel createCertificateModel(StringBase64 base64EncodedCertificate)
50 throws CertificateDecryptionException {
51 final String certificateString = base64EncodedCertificate.asString()
52 .map(this::getFirstCertificateFromCertificateChain)
53 .orElseThrow(() -> new CertificateDecryptionException("Incorrect certificate, decryption failed"));
55 final X509Certificate certificate = pemStringToCertificateConverter.convert(certificateString);
56 final X500Name subjectData = x509CertificateParser.getSubject(certificate);
57 final GeneralName[] sans = x509CertificateParser.getSans(certificate);
58 return new X509CertificateModel(certificate, subjectData, sans);
59 } catch (StringToCertificateConversionException e) {
60 throw new CertificateDecryptionException("Cannot convert certificate", e);
62 } catch (CertificateParsingException e) {
63 throw new CertificateDecryptionException("Cannot read Subject Alternative Names from certificate");
67 private String getFirstCertificateFromCertificateChain(String certificateChain) {
68 if (doesNotContainCertificates(certificateChain)) {
71 return certificateChain.split(END_CERTIFICATE)[0] + END_CERTIFICATE;
74 private boolean doesNotContainCertificates(String certificateChain) {
75 return !(certificateChain.contains(BEGIN_CERTIFICATE) && certificateChain.contains(END_CERTIFICATE));