2 * ============LICENSE_START=======================================================
3 * OOM Certification Service
4 * ================================================================================
5 * Copyright (C) 2020-2021 Nokia. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package org.onap.oom.certservice.certification;
23 import static org.assertj.core.api.Assertions.assertThat;
24 import static org.junit.jupiter.api.Assertions.assertThrows;
25 import static org.mockito.ArgumentMatchers.any;
26 import static org.mockito.Mockito.when;
27 import static org.onap.oom.certservice.certification.TestData.TEST_CMPv2_KEYSTORE;
28 import static org.onap.oom.certservice.certification.TestData.TEST_CMPv2_TRUSTSTORE;
30 import java.io.IOException;
31 import java.io.InputStream;
32 import java.io.StringReader;
33 import java.nio.charset.StandardCharsets;
34 import java.security.NoSuchProviderException;
35 import java.security.Security;
36 import java.security.cert.CertificateException;
37 import java.security.cert.CertificateFactory;
38 import java.security.cert.X509Certificate;
39 import java.util.Collections;
40 import java.util.List;
41 import java.util.Objects;
42 import org.apache.commons.io.IOUtils;
43 import org.bouncycastle.cert.X509CertificateHolder;
44 import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
45 import org.bouncycastle.jce.provider.BouncyCastleProvider;
46 import org.bouncycastle.openssl.PEMParser;
47 import org.junit.jupiter.api.BeforeEach;
48 import org.junit.jupiter.api.Test;
49 import org.junit.jupiter.api.extension.ExtendWith;
50 import org.mockito.Mock;
51 import org.mockito.junit.jupiter.MockitoExtension;
52 import org.onap.oom.certservice.certification.configuration.model.Cmpv2Server;
53 import org.onap.oom.certservice.certification.model.CertificationResponseModel;
54 import org.onap.oom.certservice.certification.model.CsrModel;
55 import org.onap.oom.certservice.certification.model.OldCertificateModel;
56 import org.onap.oom.certservice.cmpv2client.api.CmpClient;
57 import org.onap.oom.certservice.cmpv2client.exceptions.CmpClientException;
58 import org.onap.oom.certservice.cmpv2client.model.Cmpv2CertificationModel;
60 @ExtendWith(MockitoExtension.class)
61 class CertificationProviderTest {
63 private static final int EXPECTED_SIZE_ONE = 1;
65 private CsrModel csrModel;
67 private Cmpv2Server server;
69 private CsrModel testCsrModel;
71 private Cmpv2Server testServer;
73 private CmpClient cmpClient;
75 private OldCertificateModel oldCertificateModel;
77 private CertificationProvider certificationProvider;
79 private static final String EXPECTED_BEGIN_OF_CERTIFICATE = "-----BEGIN CERTIFICATE-----\n";
80 private static final String EXPECTED_END_OF_CERTIFICATE = "-----END CERTIFICATE-----\n";
83 Security.addProvider(new BouncyCastleProvider());
88 certificationProvider = new CertificationProvider(cmpClient);
92 void shouldConvertToCertificationModelForSignCsr()
93 throws CertificateException, NoSuchProviderException, IOException, CmpClientException {
96 cmpClient.executeInitializationRequest(any(CsrModel.class), any(Cmpv2Server.class))
97 ).thenReturn(createCorrectClientResponse());
99 CertificationResponseModel certificationModel = certificationProvider.executeInitializationRequest(csrModel, server);
102 InputStream certificate = getClass().getClassLoader().getResourceAsStream("certificateModelChain.first");
103 InputStream trustedCertificate =
104 getClass().getClassLoader().getResourceAsStream("trustedCertificatesModel.first");
105 String certificateModel = removeLineEndings(certificationModel.getCertificateChain().get(0));
106 String expectedCertificate =
107 removeLineEndings(IOUtils.toString(Objects.requireNonNull(certificate), StandardCharsets.UTF_8));
108 String trustedCertificateModel = removeLineEndings(certificationModel.getTrustedCertificates().get(0));
109 String expectedTrustedCertificate =
110 removeLineEndings(IOUtils.toString(Objects.requireNonNull(trustedCertificate), StandardCharsets.UTF_8));
112 assertThat(certificateModel).isEqualTo(expectedCertificate);
113 assertThat(trustedCertificateModel).isEqualTo(expectedTrustedCertificate);
117 void certificationProviderThrowCmpClientWhenCallingClientFailsForSignCsr()
118 throws CmpClientException {
120 String expectedErrorMessage = "connecting to CMP client failed";
123 cmpClient.executeInitializationRequest(any(CsrModel.class), any(Cmpv2Server.class))
124 ).thenThrow(new CmpClientException(expectedErrorMessage));
127 Exception exception = assertThrows(
128 CmpClientException.class, () ->
129 certificationProvider.executeInitializationRequest(testCsrModel, testServer)
133 assertThat(exception.getMessage()).isEqualTo(expectedErrorMessage);
137 void shouldCorrectConvertToCertificationModelForUpdateRequest()
138 throws IOException, CertificateException, CmpClientException {
142 cmpClient.executeKeyUpdateRequest(any(CsrModel.class), any(Cmpv2Server.class), any(OldCertificateModel.class))
143 ).thenReturn(getCmpv2CertificationModel());
145 CertificationResponseModel certificationModel = certificationProvider
146 .executeKeyUpdateRequest(csrModel, server, oldCertificateModel);
147 List<String> certificateChain = certificationModel.getCertificateChain();
148 List<String> trustedCertificates = certificationModel.getTrustedCertificates();
150 assertThat(certificateChain.size()).isEqualTo(EXPECTED_SIZE_ONE);
151 assertThat(certificateChain.get(0)).startsWith(EXPECTED_BEGIN_OF_CERTIFICATE);
152 assertThat(certificateChain.get(0)).endsWith(EXPECTED_END_OF_CERTIFICATE);
154 assertThat(trustedCertificates.size()).isEqualTo(EXPECTED_SIZE_ONE);
155 assertThat(trustedCertificates.get(0)).startsWith(EXPECTED_BEGIN_OF_CERTIFICATE);
156 assertThat(trustedCertificates.get(0)).endsWith(EXPECTED_END_OF_CERTIFICATE);
160 void shouldCorrectConvertToCertificationModelForCertificationRequest()
161 throws IOException, CertificateException, CmpClientException {
164 cmpClient.executeInitializationRequest(any(CsrModel.class), any(Cmpv2Server.class))
165 ).thenReturn(getCmpv2CertificationModel());
167 CertificationResponseModel certificationModel = certificationProvider
168 .executeInitializationRequest(csrModel, server);
169 List<String> certificateChain = certificationModel.getCertificateChain();
170 List<String> trustedCertificates = certificationModel.getTrustedCertificates();
172 assertThat(certificateChain.size()).isEqualTo(EXPECTED_SIZE_ONE);
173 assertThat(certificateChain.get(0)).startsWith(EXPECTED_BEGIN_OF_CERTIFICATE);
174 assertThat(certificateChain.get(0)).endsWith(EXPECTED_END_OF_CERTIFICATE);
176 assertThat(trustedCertificates.size()).isEqualTo(EXPECTED_SIZE_ONE);
177 assertThat(trustedCertificates.get(0)).startsWith(EXPECTED_BEGIN_OF_CERTIFICATE);
178 assertThat(trustedCertificates.get(0)).endsWith(EXPECTED_END_OF_CERTIFICATE);
182 void certificationProviderThrowCmpClientWhenCallingClientFailsForUpdateCertificate()
183 throws CmpClientException {
185 String expectedErrorMessage = "Exception occurred while send request to CMPv2 Server";
188 cmpClient.executeKeyUpdateRequest(any(CsrModel.class), any(Cmpv2Server.class), any(OldCertificateModel.class))
189 ).thenThrow(new CmpClientException(expectedErrorMessage));
192 Exception exception = assertThrows(
193 CmpClientException.class, () ->
194 certificationProvider.executeKeyUpdateRequest(testCsrModel, testServer, oldCertificateModel)
198 assertThat(exception.getMessage()).isEqualTo(expectedErrorMessage);
202 private Cmpv2CertificationModel createCorrectClientResponse()
203 throws CertificateException, NoSuchProviderException {
204 InputStream certificateChain = getClass().getClassLoader().getResourceAsStream("certificateChain.first");
205 InputStream trustedCertificate = getClass().getClassLoader().getResourceAsStream("trustedCertificates.first");
206 X509Certificate x509Certificate = generateCertificate(certificateChain);
207 X509Certificate x509TrustedCertificate = generateCertificate(trustedCertificate);
208 return new Cmpv2CertificationModel(
209 Collections.singletonList(x509Certificate),
210 Collections.singletonList(x509TrustedCertificate));
213 private String removeLineEndings(String string) {
214 return string.replace("\n", "").replace("\r", "");
217 private Cmpv2CertificationModel getCmpv2CertificationModel() throws IOException, CertificateException {
218 List<X509Certificate> certificateChain = getX509CertificateFromPem(TEST_CMPv2_KEYSTORE);
219 List<X509Certificate> trustedCertificates = getX509CertificateFromPem(TEST_CMPv2_TRUSTSTORE);
220 return new Cmpv2CertificationModel(certificateChain, trustedCertificates);
224 private List<X509Certificate> getX509CertificateFromPem(String pemString) throws IOException, CertificateException {
225 PEMParser pemParser = new PEMParser(new StringReader(pemString));
226 X509CertificateHolder certHolder = (X509CertificateHolder) pemParser.readObject();
227 X509Certificate x509Certificate = new JcaX509CertificateConverter()
228 .setProvider(new BouncyCastleProvider())
229 .getCertificate(certHolder);
230 return List.of(x509Certificate);
233 private X509Certificate generateCertificate(InputStream inStream) throws CertificateException, NoSuchProviderException {
234 return (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(inStream);