2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2020-2021 Nokia. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package org.onap.oom.certservice.certification;
23 import static org.assertj.core.api.Assertions.assertThat;
24 import static org.junit.jupiter.api.Assertions.assertEquals;
25 import static org.junit.jupiter.api.Assertions.assertThrows;
26 import static org.junit.jupiter.api.Assertions.assertTrue;
27 import static org.mockito.ArgumentMatchers.any;
28 import static org.mockito.Mockito.mock;
29 import static org.mockito.Mockito.times;
30 import static org.mockito.Mockito.verify;
31 import static org.mockito.Mockito.when;
32 import static org.onap.oom.certservice.certification.CertificationData.CA_CERT;
33 import static org.onap.oom.certservice.certification.CertificationData.ENTITY_CERT;
34 import static org.onap.oom.certservice.certification.CertificationData.EXTRA_CA_CERT;
35 import static org.onap.oom.certservice.certification.CertificationData.INTERMEDIATE_CERT;
36 import static org.onap.oom.certservice.certification.TestData.TEST_CSR;
37 import static org.onap.oom.certservice.certification.TestData.TEST_PK;
38 import static org.onap.oom.certservice.certification.TestData.TEST_WRONG_CSR;
39 import static org.onap.oom.certservice.certification.TestData.TEST_WRONG_PEM;
41 import java.util.Arrays;
42 import java.util.Base64;
43 import java.util.List;
44 import org.junit.jupiter.api.BeforeEach;
45 import org.junit.jupiter.api.Test;
46 import org.junit.jupiter.api.extension.ExtendWith;
47 import org.mockito.Mock;
48 import org.mockito.junit.jupiter.MockitoExtension;
49 import org.onap.oom.certservice.certification.configuration.Cmpv2ServerProvider;
50 import org.onap.oom.certservice.certification.configuration.model.Cmpv2Server;
51 import org.onap.oom.certservice.certification.exception.CertificateDecryptionException;
52 import org.onap.oom.certservice.certification.exception.Cmpv2ServerNotFoundException;
53 import org.onap.oom.certservice.certification.exception.CsrDecryptionException;
54 import org.onap.oom.certservice.certification.exception.DecryptionException;
55 import org.onap.oom.certservice.certification.model.CertificateUpdateModel;
56 import org.onap.oom.certservice.certification.model.CertificateUpdateModel.CertificateUpdateModelBuilder;
57 import org.onap.oom.certservice.certification.model.CertificationModel;
58 import org.onap.oom.certservice.certification.model.CsrModel;
59 import org.onap.oom.certservice.certification.model.X509CertificateModel;
60 import org.onap.oom.certservice.cmpv2client.exceptions.CmpClientException;
62 @ExtendWith(MockitoExtension.class)
63 class CertificationModelFactoryTest {
65 private static final String TEST_CA_NAME = "TestCA";
66 private static final String ENCODED_CSR = getEncodedString(TEST_CSR);
67 private static final String ENCODED_PK = getEncodedString(TEST_PK);
68 private static final String ENCODED_WRONG_CSR = getEncodedString(TEST_WRONG_CSR);
69 private static final String ENCODED_WRONG_PK = getEncodedString(TEST_WRONG_PEM);
71 private static final String TEST_ENCODED_CSR = "encodedCSR";
72 private static final String TEST_ENCODED_PK = "encodedPK";
73 private static final String TEST_ENCODED_OLD_PK = "encodedOldPK";
74 private static final String TEST_ENCODED_OLD_CERT = "encodedOldCert";
75 private static final CertificateUpdateModel TEST_CERTIFICATE_UPDATE_MODEL = new CertificateUpdateModelBuilder()
76 .setEncodedCsr(TEST_ENCODED_CSR)
77 .setEncodedPrivateKey(TEST_ENCODED_PK)
78 .setEncodedOldCert(TEST_ENCODED_OLD_CERT)
79 .setEncodedOldPrivateKey(TEST_ENCODED_OLD_PK)
80 .setCaName(TEST_CA_NAME)
83 private CertificationModelFactory certificationModelFactory;
86 private Cmpv2ServerProvider cmpv2ServerProvider;
88 private CsrModelFactory csrModelFactory;
90 private CertificationProvider certificationProvider;
92 private X509CertificateModelFactory x509CertificateModelFactory;
94 private UpdateRequestTypeDetector updateRequestTypeDetector;
96 private static String getEncodedString(String testCsr) {
97 return Base64.getEncoder().encodeToString(testCsr.getBytes());
102 certificationModelFactory =
103 new CertificationModelFactory(csrModelFactory, cmpv2ServerProvider, certificationProvider,
104 x509CertificateModelFactory, updateRequestTypeDetector);
108 void shouldCreateProperCertificationModelWhenGivenProperCsrModelAndCaName()
109 throws CmpClientException, DecryptionException {
112 CsrModel csrModel = mockCsrFactoryModelCreation();
113 Cmpv2Server testServer = mockCmpv2ProviderServerSelection();
114 mockCertificateProviderCertificateSigning(csrModel, testServer);
117 CertificationModel certificationModel =
118 certificationModelFactory.createCertificationModel(ENCODED_CSR, ENCODED_PK, TEST_CA_NAME);
121 assertEquals(2, certificationModel.getCertificateChain().size());
122 assertThat(certificationModel.getCertificateChain()).contains(INTERMEDIATE_CERT, ENTITY_CERT);
123 assertEquals(2, certificationModel.getTrustedCertificates().size());
124 assertThat(certificationModel.getTrustedCertificates()).contains(CA_CERT, EXTRA_CA_CERT);
128 void shouldThrowDecryptionExceptionWhenGivenWrongEncodedCsr()
129 throws DecryptionException {
131 String expectedMessage = "Incorrect CSR, decryption failed";
133 csrModelFactory.createCsrModel(
134 new StringBase64(ENCODED_WRONG_CSR),
135 new StringBase64(ENCODED_WRONG_PK)
138 new CsrDecryptionException(expectedMessage)
142 Exception exception = assertThrows(
143 DecryptionException.class, () ->
144 certificationModelFactory.createCertificationModel(ENCODED_WRONG_CSR, ENCODED_WRONG_PK, TEST_CA_NAME)
148 assertTrue(exception.getMessage().contains(expectedMessage));
152 void shouldThrowCmpv2ServerNotFoundExceptionWhenGivenWrongCaName()
153 throws DecryptionException {
155 String expectedMessage = "CA not found";
156 mockCsrFactoryModelCreation();
158 cmpv2ServerProvider.getCmpv2Server(TEST_CA_NAME)
160 new Cmpv2ServerNotFoundException(expectedMessage)
164 Exception exception = assertThrows(
165 Cmpv2ServerNotFoundException.class, () ->
166 certificationModelFactory.createCertificationModel(ENCODED_CSR, ENCODED_PK, TEST_CA_NAME)
170 assertTrue(exception.getMessage().contains(expectedMessage));
174 void shouldThrowCmpClientExceptionWhenSigningCsrFailed()
175 throws DecryptionException, CmpClientException {
177 String expectedMessage = "failed to sign certificate";
178 CsrModel csrModel = mockCsrFactoryModelCreation();
179 Cmpv2Server testServer = mockCmpv2ProviderServerSelection();
181 certificationProvider.signCsr(csrModel, testServer)
183 new CmpClientException(expectedMessage)
187 Exception exception = assertThrows(
188 CmpClientException.class, () ->
189 certificationModelFactory.createCertificationModel(ENCODED_CSR, ENCODED_PK, TEST_CA_NAME)
193 assertTrue(exception.getMessage().contains(expectedMessage));
197 void shouldPerformKurWhenCsrAndOldCertDataMatch()
198 throws CertificateDecryptionException, DecryptionException, CmpClientException {
200 CsrModel csrModel = mockCsrFactoryModelCreation();
201 Cmpv2Server testServer = mockCmpv2ProviderServerSelection();
202 mockCertificateProviderCertificateUpdate(csrModel, testServer);
203 mockCertificateFactoryModelCreation();
204 when(updateRequestTypeDetector.isKur(any(), any())).thenReturn(true);
207 CertificationModel certificationModel = certificationModelFactory
208 .createCertificationModel(TEST_CERTIFICATE_UPDATE_MODEL);
211 assertEquals(2, certificationModel.getCertificateChain().size());
212 assertThat(certificationModel.getCertificateChain()).contains(INTERMEDIATE_CERT, ENTITY_CERT);
213 assertEquals(2, certificationModel.getTrustedCertificates().size());
214 assertThat(certificationModel.getTrustedCertificates()).contains(CA_CERT, EXTRA_CA_CERT);
216 verify(certificationProvider, times(1))
217 .updateCertificate(csrModel, testServer, TEST_CERTIFICATE_UPDATE_MODEL);
221 void shouldThrowCmpClientExceptionWhenUpdateRequestFailed()
222 throws DecryptionException, CmpClientException, CertificateDecryptionException {
225 String expectedMessage = "Exception occurred while send request to CMPv2 Server";
226 CsrModel csrModel = mockCsrFactoryModelCreation();
227 Cmpv2Server testServer = mockCmpv2ProviderServerSelection();
228 mockCertificateFactoryModelCreation();
230 when(certificationProvider.updateCertificate(csrModel, testServer, TEST_CERTIFICATE_UPDATE_MODEL))
231 .thenThrow(new CmpClientException(expectedMessage));
232 when(updateRequestTypeDetector.isKur(any(), any())).thenReturn(true);
235 Exception exception = assertThrows(
236 CmpClientException.class, () ->
237 certificationModelFactory.createCertificationModel(TEST_CERTIFICATE_UPDATE_MODEL)
241 assertTrue(exception.getMessage().contains(expectedMessage));
245 void shouldPerformCrWhenCsrAndOldCertDataDontMatch()
246 throws CertificateDecryptionException, DecryptionException, CmpClientException {
248 CsrModel csrModel = mockCsrFactoryModelCreation();
249 Cmpv2Server testServer = mockCmpv2ProviderServerSelection();
250 mockCertificateProviderCertificationRequest(csrModel, testServer);
251 mockCertificateFactoryModelCreation();
253 when(updateRequestTypeDetector.isKur(any(), any())).thenReturn(false);
254 CertificationModel certificationModel = certificationModelFactory
255 .createCertificationModel(TEST_CERTIFICATE_UPDATE_MODEL);
257 assertEquals(2, certificationModel.getCertificateChain().size());
258 assertThat(certificationModel.getCertificateChain()).contains(INTERMEDIATE_CERT, ENTITY_CERT);
259 assertEquals(2, certificationModel.getTrustedCertificates().size());
260 assertThat(certificationModel.getTrustedCertificates()).contains(CA_CERT, EXTRA_CA_CERT);
262 verify(certificationProvider, times(1))
263 .certificationRequest(csrModel, testServer);
267 void shouldThrowCertificateDecryptionExceptionWhenOldCertificateInvalid()
268 throws CertificateDecryptionException {
270 when(x509CertificateModelFactory.createCertificateModel(any()))
271 .thenThrow(new CertificateDecryptionException("Incorrect certificate, decryption failed"));
274 CertificateDecryptionException.class, () ->
275 certificationModelFactory.createCertificationModel(TEST_CERTIFICATE_UPDATE_MODEL)
279 private void mockCertificateProviderCertificateUpdate(CsrModel csrModel, Cmpv2Server testServer)
280 throws CmpClientException {
281 CertificationModel expectedCertificationModel = getCertificationModel();
283 certificationProvider.updateCertificate(csrModel, testServer, TEST_CERTIFICATE_UPDATE_MODEL)
284 ).thenReturn(expectedCertificationModel);
287 private void mockCertificateProviderCertificationRequest(CsrModel csrModel, Cmpv2Server testServer)
288 throws CmpClientException {
289 CertificationModel expectedCertificationModel = getCertificationModel();
291 certificationProvider.certificationRequest(csrModel, testServer)
292 ).thenReturn(expectedCertificationModel);
295 private void mockCertificateProviderCertificateSigning(CsrModel csrModel, Cmpv2Server testServer)
296 throws CmpClientException {
297 CertificationModel expectedCertificationModel = getCertificationModel();
299 certificationProvider.signCsr(csrModel, testServer)
300 ).thenReturn(expectedCertificationModel);
303 private Cmpv2Server mockCmpv2ProviderServerSelection() {
304 Cmpv2Server testServer = getCmpv2Server();
306 cmpv2ServerProvider.getCmpv2Server(TEST_CA_NAME)
307 ).thenReturn(testServer);
311 private CsrModel mockCsrFactoryModelCreation()
312 throws DecryptionException {
313 CsrModel csrModel = getCsrModel();
314 when(csrModelFactory.createCsrModel(any(), any())).thenReturn(csrModel);
318 private X509CertificateModel mockCertificateFactoryModelCreation()
319 throws CertificateDecryptionException {
320 final X509CertificateModel certificateModel = mock(X509CertificateModel.class);
321 when(x509CertificateModelFactory.createCertificateModel(any())).thenReturn(certificateModel);
322 return certificateModel;
325 private Cmpv2Server getCmpv2Server() {
326 return new Cmpv2Server();
329 private CsrModel getCsrModel() {
330 return mock(CsrModel.class);
333 private CertificationModel getCertificationModel() {
334 List<String> testTrustedCertificates = Arrays.asList(CA_CERT, EXTRA_CA_CERT);
335 List<String> testCertificationChain = Arrays.asList(INTERMEDIATE_CERT, ENTITY_CERT);
336 return new CertificationModel(testCertificationChain, testTrustedCertificates);