2 * ============LICENSE_START=======================================================
3 * OOM Certification Service
4 * ================================================================================
5 * Copyright (C) 2020-2021 Nokia. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package org.onap.oom.certservice.certification;
23 import java.io.StringReader;
24 import java.util.List;
25 import org.apache.commons.io.IOUtils;
26 import org.bouncycastle.cert.X509CertificateHolder;
27 import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
28 import org.bouncycastle.jce.provider.BouncyCastleProvider;
29 import org.bouncycastle.openssl.PEMParser;
30 import org.junit.jupiter.api.BeforeEach;
31 import org.junit.jupiter.api.Test;
32 import org.junit.jupiter.api.extension.ExtendWith;
33 import org.mockito.Mock;
34 import org.mockito.junit.jupiter.MockitoExtension;
35 import org.onap.oom.certservice.certification.configuration.model.Cmpv2Server;
36 import org.onap.oom.certservice.certification.model.CertificateUpdateModel;
37 import org.onap.oom.certservice.certification.model.CertificateUpdateModel.CertificateUpdateModelBuilder;
38 import org.onap.oom.certservice.certification.model.CertificationModel;
39 import org.onap.oom.certservice.certification.model.CsrModel;
40 import org.onap.oom.certservice.cmpv2client.api.CmpClient;
41 import org.onap.oom.certservice.cmpv2client.exceptions.CmpClientException;
42 import org.onap.oom.certservice.cmpv2client.model.Cmpv2CertificationModel;
44 import java.io.IOException;
45 import java.io.InputStream;
46 import java.nio.charset.StandardCharsets;
47 import java.security.NoSuchProviderException;
48 import java.security.cert.CertificateException;
49 import java.security.cert.X509Certificate;
50 import java.util.Collections;
51 import java.util.Objects;
53 import static org.assertj.core.api.Assertions.assertThat;
54 import static org.junit.jupiter.api.Assertions.assertThrows;
55 import static org.mockito.ArgumentMatchers.any;
56 import static org.mockito.Mockito.when;
57 import static org.onap.oom.certservice.certification.TestData.TEST_CMPv2_KEYSTORE;
58 import static org.onap.oom.certservice.certification.TestData.TEST_CMPv2_TRUSTSTORE;
60 @ExtendWith(MockitoExtension.class)
61 class CertificationProviderTest {
63 private static final int EXPECTED_SIZE_ONE = 1;
65 private CsrModel csrModel;
67 private Cmpv2Server server;
69 private CsrModel testCsrModel;
71 private Cmpv2Server testServer;
73 private CmpClient cmpClient;
75 private CertificationProvider certificationProvider;
77 private static final CertificateUpdateModel TEST_CERTIFICATE_UPDATE_MODEL = new CertificateUpdateModelBuilder()
78 .setEncodedCsr("encodedCSR")
79 .setEncodedPrivateKey("encodedPK")
80 .setEncodedOldCert("encodedOldCert")
81 .setEncodedOldPrivateKey("encodedOldPK")
84 private static final String EXPECTED_BEGIN_OF_CERTIFICATE = "-----BEGIN CERTIFICATE-----\n";
85 private static final String EXPECTED_END_OF_CERTIFICATE = "-----END CERTIFICATE-----\n";
89 certificationProvider = new CertificationProvider(cmpClient);
93 void shouldConvertToCertificationModelForSignCsr()
94 throws CertificateException, NoSuchProviderException, IOException, CmpClientException {
97 cmpClient.createCertificate(any(CsrModel.class), any(Cmpv2Server.class))
98 ).thenReturn(createCorrectClientResponse());
100 CertificationModel certificationModel = certificationProvider.signCsr(csrModel, server);
103 InputStream certificate = getClass().getClassLoader().getResourceAsStream("certificateModelChain.first");
104 InputStream trustedCertificate =
105 getClass().getClassLoader().getResourceAsStream("trustedCertificatesModel.first");
106 String certificateModel = removeLineEndings(certificationModel.getCertificateChain().get(0));
107 String expectedCertificate =
108 removeLineEndings(IOUtils.toString(Objects.requireNonNull(certificate), StandardCharsets.UTF_8));
109 String trustedCertificateModel = removeLineEndings(certificationModel.getTrustedCertificates().get(0));
110 String expectedTrustedCertificate =
111 removeLineEndings(IOUtils.toString(Objects.requireNonNull(trustedCertificate), StandardCharsets.UTF_8));
113 assertThat(certificateModel).isEqualTo(expectedCertificate);
114 assertThat(trustedCertificateModel).isEqualTo(expectedTrustedCertificate);
120 void certificationProviderThrowCmpClientWhenCallingClientFailsForSignCsr()
121 throws CmpClientException {
123 String expectedErrorMessage = "connecting to CMP client failed";
126 cmpClient.createCertificate(any(CsrModel.class), any(Cmpv2Server.class))
127 ).thenThrow(new CmpClientException(expectedErrorMessage));
130 Exception exception = assertThrows(
131 CmpClientException.class, () ->
132 certificationProvider.signCsr(testCsrModel, testServer)
136 assertThat(exception.getMessage()).isEqualTo(expectedErrorMessage);
140 void shouldCorrectConvertToCertificationModelForUpdateRequest()
141 throws IOException, CertificateException, CmpClientException {
145 cmpClient.updateCertificate(any(CsrModel.class), any(Cmpv2Server.class), any(CertificateUpdateModel.class))
146 ).thenReturn(getCMPv2CertificationModel());
148 CertificationModel certificationModel = certificationProvider
149 .updateCertificate(csrModel, server, TEST_CERTIFICATE_UPDATE_MODEL);
150 List<String> certificateChain = certificationModel.getCertificateChain();
151 List<String> trustedCertificates = certificationModel.getTrustedCertificates();
153 assertThat(certificateChain.size()).isEqualTo(EXPECTED_SIZE_ONE);
154 assertThat(certificateChain.get(0)).startsWith(EXPECTED_BEGIN_OF_CERTIFICATE);
155 assertThat(certificateChain.get(0)).endsWith(EXPECTED_END_OF_CERTIFICATE);
157 assertThat(trustedCertificates.size()).isEqualTo(EXPECTED_SIZE_ONE);
158 assertThat(trustedCertificates.get(0)).startsWith(EXPECTED_BEGIN_OF_CERTIFICATE);
159 assertThat(trustedCertificates.get(0)).endsWith(EXPECTED_END_OF_CERTIFICATE);
163 void certificationProviderThrowCmpClientWhenCallingClientFailsForUpdateCertificate()
164 throws CmpClientException {
166 String expectedErrorMessage = "Exception occurred while send request to CMPv2 Server";
169 cmpClient.updateCertificate(any(CsrModel.class), any(Cmpv2Server.class), any(CertificateUpdateModel.class))
170 ).thenThrow(new CmpClientException(expectedErrorMessage));
173 Exception exception = assertThrows(
174 CmpClientException.class, () ->
175 certificationProvider.updateCertificate(testCsrModel, testServer, TEST_CERTIFICATE_UPDATE_MODEL)
179 assertThat(exception.getMessage()).isEqualTo(expectedErrorMessage);
183 private Cmpv2CertificationModel createCorrectClientResponse()
184 throws CertificateException, NoSuchProviderException {
185 InputStream certificateChain = getClass().getClassLoader().getResourceAsStream("certificateChain.first");
186 InputStream trustedCertificate = getClass().getClassLoader().getResourceAsStream("trustedCertificates.first");
187 X509Certificate x509Certificate = new CertificateFactoryProvider().generateCertificate(certificateChain);
188 X509Certificate x509TrustedCertificate =
189 new CertificateFactoryProvider().generateCertificate(trustedCertificate);
190 return new Cmpv2CertificationModel(
191 Collections.singletonList(x509Certificate),
192 Collections.singletonList(x509TrustedCertificate));
195 private String removeLineEndings(String string) {
196 return string.replace("\n", "").replace("\r", "");
199 private Cmpv2CertificationModel getCMPv2CertificationModel() throws IOException, CertificateException {
200 List<X509Certificate> certificateChain = getX509CertificateFromPem(TEST_CMPv2_KEYSTORE);
201 List<X509Certificate> trustedCertificates = getX509CertificateFromPem(TEST_CMPv2_TRUSTSTORE);
202 return new Cmpv2CertificationModel(certificateChain, trustedCertificates);
206 private List<X509Certificate> getX509CertificateFromPem(String pemString) throws IOException, CertificateException {
207 PEMParser pemParser = new PEMParser(new StringReader(pemString));
208 X509CertificateHolder certHolder = (X509CertificateHolder) pemParser.readObject();
209 X509Certificate x509Certificate = new JcaX509CertificateConverter()
210 .setProvider(new BouncyCastleProvider())
211 .getCertificate(certHolder);
212 return List.of(x509Certificate);