2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2020-2021 Nokia. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package org.onap.oom.certservice.certification;
23 import static org.assertj.core.api.Assertions.assertThat;
24 import static org.junit.jupiter.api.Assertions.assertEquals;
25 import static org.junit.jupiter.api.Assertions.assertThrows;
26 import static org.junit.jupiter.api.Assertions.assertTrue;
27 import static org.mockito.ArgumentMatchers.any;
28 import static org.mockito.Mockito.mock;
29 import static org.mockito.Mockito.times;
30 import static org.mockito.Mockito.verify;
31 import static org.mockito.Mockito.when;
32 import static org.onap.oom.certservice.certification.CertificationData.CA_CERT;
33 import static org.onap.oom.certservice.certification.CertificationData.ENTITY_CERT;
34 import static org.onap.oom.certservice.certification.CertificationData.EXTRA_CA_CERT;
35 import static org.onap.oom.certservice.certification.CertificationData.INTERMEDIATE_CERT;
36 import static org.onap.oom.certservice.certification.TestData.TEST_CSR;
37 import static org.onap.oom.certservice.certification.TestData.TEST_PK;
38 import static org.onap.oom.certservice.certification.TestData.TEST_WRONG_CSR;
39 import static org.onap.oom.certservice.certification.TestData.TEST_WRONG_PEM;
41 import java.util.Arrays;
42 import java.util.Base64;
43 import java.util.List;
44 import org.junit.jupiter.api.BeforeEach;
45 import org.junit.jupiter.api.Test;
46 import org.junit.jupiter.api.extension.ExtendWith;
47 import org.mockito.Mock;
48 import org.mockito.junit.jupiter.MockitoExtension;
49 import org.onap.oom.certservice.certification.configuration.Cmpv2ServerProvider;
50 import org.onap.oom.certservice.certification.configuration.model.Cmpv2Server;
51 import org.onap.oom.certservice.certification.conversion.CsrModelFactory;
52 import org.onap.oom.certservice.certification.conversion.OldCertificateModelFactory;
53 import org.onap.oom.certservice.certification.conversion.StringBase64;
54 import org.onap.oom.certservice.certification.exception.CertificateDecryptionException;
55 import org.onap.oom.certservice.certification.exception.Cmpv2ServerNotFoundException;
56 import org.onap.oom.certservice.certification.exception.CsrDecryptionException;
57 import org.onap.oom.certservice.certification.exception.DecryptionException;
58 import org.onap.oom.certservice.certification.model.CertificateUpdateModel;
59 import org.onap.oom.certservice.certification.model.CertificateUpdateModel.CertificateUpdateModelBuilder;
60 import org.onap.oom.certservice.certification.model.CertificationResponseModel;
61 import org.onap.oom.certservice.certification.model.CsrModel;
62 import org.onap.oom.certservice.certification.model.OldCertificateModel;
63 import org.onap.oom.certservice.cmpv2client.exceptions.CmpClientException;
65 @ExtendWith(MockitoExtension.class)
66 class CertificationResponseModelFactoryTest {
68 private static final String TEST_CA_NAME = "TestCA";
69 private static final String ENCODED_CSR = getEncodedString(TEST_CSR);
70 private static final String ENCODED_PK = getEncodedString(TEST_PK);
71 private static final String ENCODED_WRONG_CSR = getEncodedString(TEST_WRONG_CSR);
72 private static final String ENCODED_WRONG_PK = getEncodedString(TEST_WRONG_PEM);
74 private static final String TEST_ENCODED_CSR = "encodedCSR";
75 private static final String TEST_ENCODED_PK = "encodedPK";
76 private static final String TEST_ENCODED_OLD_PK = "encodedOldPK";
77 private static final String TEST_ENCODED_OLD_CERT = "encodedOldCert";
78 private static final CertificateUpdateModel TEST_CERTIFICATE_UPDATE_MODEL = new CertificateUpdateModelBuilder()
79 .setEncodedCsr(TEST_ENCODED_CSR)
80 .setEncodedPrivateKey(TEST_ENCODED_PK)
81 .setEncodedOldCert(TEST_ENCODED_OLD_CERT)
82 .setEncodedOldPrivateKey(TEST_ENCODED_OLD_PK)
83 .setCaName(TEST_CA_NAME)
86 private CertificationResponseModelFactory certificationResponseModelFactory;
89 private Cmpv2ServerProvider cmpv2ServerProvider;
91 private CsrModelFactory csrModelFactory;
93 private CertificationProvider certificationProvider;
95 private OldCertificateModelFactory oldCertificateModelFactory;
97 private UpdateRequestTypeDetector updateRequestTypeDetector;
99 private OldCertificateModel testOldCertificateModel;
101 private static String getEncodedString(String testCsr) {
102 return Base64.getEncoder().encodeToString(testCsr.getBytes());
107 certificationResponseModelFactory =
108 new CertificationResponseModelFactory(csrModelFactory, cmpv2ServerProvider, certificationProvider,
109 oldCertificateModelFactory, updateRequestTypeDetector);
113 void shouldCreateProperCertificationModelWhenGivenProperCsrModelAndCaName()
114 throws CmpClientException, DecryptionException {
117 CsrModel csrModel = mockCsrFactoryModelCreation();
118 Cmpv2Server testServer = mockCmpv2ProviderServerSelection();
119 mockCertificateProviderCertificateSigning(csrModel, testServer);
122 CertificationResponseModel certificationModel =
123 certificationResponseModelFactory
124 .provideCertificationModelFromInitialRequest(ENCODED_CSR, ENCODED_PK, TEST_CA_NAME);
127 assertEquals(2, certificationModel.getCertificateChain().size());
128 assertThat(certificationModel.getCertificateChain()).contains(INTERMEDIATE_CERT, ENTITY_CERT);
129 assertEquals(2, certificationModel.getTrustedCertificates().size());
130 assertThat(certificationModel.getTrustedCertificates()).contains(CA_CERT, EXTRA_CA_CERT);
134 void shouldThrowDecryptionExceptionWhenGivenWrongEncodedCsr()
135 throws DecryptionException {
137 String expectedMessage = "Incorrect CSR, decryption failed";
139 csrModelFactory.createCsrModel(
140 new StringBase64(ENCODED_WRONG_CSR),
141 new StringBase64(ENCODED_WRONG_PK)
144 new CsrDecryptionException(expectedMessage)
148 Exception exception = assertThrows(
149 DecryptionException.class, () ->
150 certificationResponseModelFactory
151 .provideCertificationModelFromInitialRequest(ENCODED_WRONG_CSR, ENCODED_WRONG_PK, TEST_CA_NAME)
155 assertTrue(exception.getMessage().contains(expectedMessage));
159 void shouldThrowCmpv2ServerNotFoundExceptionWhenGivenWrongCaName()
160 throws DecryptionException {
162 String expectedMessage = "CA not found";
163 mockCsrFactoryModelCreation();
165 cmpv2ServerProvider.getCmpv2Server(TEST_CA_NAME)
167 new Cmpv2ServerNotFoundException(expectedMessage)
171 Exception exception = assertThrows(
172 Cmpv2ServerNotFoundException.class, () ->
173 certificationResponseModelFactory
174 .provideCertificationModelFromInitialRequest(ENCODED_CSR, ENCODED_PK, TEST_CA_NAME)
178 assertTrue(exception.getMessage().contains(expectedMessage));
182 void shouldThrowCmpClientExceptionWhenSigningCsrFailed()
183 throws DecryptionException, CmpClientException {
185 String expectedMessage = "failed to sign certificate";
186 CsrModel csrModel = mockCsrFactoryModelCreation();
187 Cmpv2Server testServer = mockCmpv2ProviderServerSelection();
189 certificationProvider.executeInitializationRequest(csrModel, testServer)
191 new CmpClientException(expectedMessage)
195 Exception exception = assertThrows(
196 CmpClientException.class, () ->
197 certificationResponseModelFactory
198 .provideCertificationModelFromInitialRequest(ENCODED_CSR, ENCODED_PK, TEST_CA_NAME)
202 assertTrue(exception.getMessage().contains(expectedMessage));
206 void shouldPerformKurWhenCsrAndOldCertDataMatch()
207 throws CertificateDecryptionException, DecryptionException, CmpClientException {
209 CsrModel csrModel = mockCsrFactoryModelCreation();
210 Cmpv2Server testServer = mockCmpv2ProviderServerSelection();
211 mockCertificateProviderCertificateUpdate(csrModel, testServer);
212 mockCertificateFactoryModelCreation();
213 when(updateRequestTypeDetector.isKur(any(), any())).thenReturn(true);
214 when(oldCertificateModelFactory.createCertificateModel(any(), any())).thenReturn(testOldCertificateModel);
217 CertificationResponseModel certificationModel = certificationResponseModelFactory
218 .provideCertificationModelFromUpdateRequest(TEST_CERTIFICATE_UPDATE_MODEL);
221 assertEquals(2, certificationModel.getCertificateChain().size());
222 assertThat(certificationModel.getCertificateChain()).contains(INTERMEDIATE_CERT, ENTITY_CERT);
223 assertEquals(2, certificationModel.getTrustedCertificates().size());
224 assertThat(certificationModel.getTrustedCertificates()).contains(CA_CERT, EXTRA_CA_CERT);
226 verify(certificationProvider, times(1))
227 .executeKeyUpdateRequest(csrModel, testServer, testOldCertificateModel);
231 void shouldThrowCmpClientExceptionWhenUpdateRequestFailed()
232 throws DecryptionException, CmpClientException, CertificateDecryptionException {
235 String expectedMessage = "Exception occurred while send request to CMPv2 Server";
236 CsrModel csrModel = mockCsrFactoryModelCreation();
237 Cmpv2Server testServer = mockCmpv2ProviderServerSelection();
238 mockCertificateFactoryModelCreation();
240 when(oldCertificateModelFactory.createCertificateModel(any(), any())).thenReturn(testOldCertificateModel);
241 when(certificationProvider.executeKeyUpdateRequest(csrModel, testServer, testOldCertificateModel))
242 .thenThrow(new CmpClientException(expectedMessage));
243 when(updateRequestTypeDetector.isKur(any(), any())).thenReturn(true);
246 Exception exception = assertThrows(
247 CmpClientException.class, () ->
248 certificationResponseModelFactory.provideCertificationModelFromUpdateRequest(TEST_CERTIFICATE_UPDATE_MODEL)
252 assertTrue(exception.getMessage().contains(expectedMessage));
256 void shouldPerformCrWhenCsrAndOldCertDataDontMatch()
257 throws CertificateDecryptionException, DecryptionException, CmpClientException {
259 CsrModel csrModel = mockCsrFactoryModelCreation();
260 Cmpv2Server testServer = mockCmpv2ProviderServerSelection();
261 mockCertificateProviderCertificationRequest(csrModel, testServer);
262 mockCertificateFactoryModelCreation();
264 when(updateRequestTypeDetector.isKur(any(), any())).thenReturn(false);
265 CertificationResponseModel certificationModel = certificationResponseModelFactory
266 .provideCertificationModelFromUpdateRequest(TEST_CERTIFICATE_UPDATE_MODEL);
268 assertEquals(2, certificationModel.getCertificateChain().size());
269 assertThat(certificationModel.getCertificateChain()).contains(INTERMEDIATE_CERT, ENTITY_CERT);
270 assertEquals(2, certificationModel.getTrustedCertificates().size());
271 assertThat(certificationModel.getTrustedCertificates()).contains(CA_CERT, EXTRA_CA_CERT);
273 verify(certificationProvider, times(1))
274 .executeCertificationRequest(csrModel, testServer);
278 void shouldThrowCertificateDecryptionExceptionWhenOldCertificateInvalid()
279 throws CertificateDecryptionException {
281 when(oldCertificateModelFactory.createCertificateModel(any(), any()))
282 .thenThrow(new CertificateDecryptionException("Incorrect certificate, decryption failed"));
285 CertificateDecryptionException.class, () ->
286 certificationResponseModelFactory.provideCertificationModelFromUpdateRequest(TEST_CERTIFICATE_UPDATE_MODEL)
290 private void mockCertificateProviderCertificateUpdate(CsrModel csrModel, Cmpv2Server testServer)
291 throws CmpClientException {
292 CertificationResponseModel expectedCertificationModel = getCertificationModel();
294 certificationProvider.executeKeyUpdateRequest(csrModel, testServer, testOldCertificateModel)
295 ).thenReturn(expectedCertificationModel);
298 private void mockCertificateProviderCertificationRequest(CsrModel csrModel, Cmpv2Server testServer)
299 throws CmpClientException {
300 CertificationResponseModel expectedCertificationModel = getCertificationModel();
302 certificationProvider.executeCertificationRequest(csrModel, testServer)
303 ).thenReturn(expectedCertificationModel);
306 private void mockCertificateProviderCertificateSigning(CsrModel csrModel, Cmpv2Server testServer)
307 throws CmpClientException {
308 CertificationResponseModel expectedCertificationModel = getCertificationModel();
310 certificationProvider.executeInitializationRequest(csrModel, testServer)
311 ).thenReturn(expectedCertificationModel);
314 private Cmpv2Server mockCmpv2ProviderServerSelection() {
315 Cmpv2Server testServer = getCmpv2Server();
317 cmpv2ServerProvider.getCmpv2Server(TEST_CA_NAME)
318 ).thenReturn(testServer);
322 private CsrModel mockCsrFactoryModelCreation()
323 throws DecryptionException {
324 CsrModel csrModel = getCsrModel();
325 when(csrModelFactory.createCsrModel(any(), any())).thenReturn(csrModel);
329 private OldCertificateModel mockCertificateFactoryModelCreation()
330 throws CertificateDecryptionException {
331 final OldCertificateModel certificateModel = mock(OldCertificateModel.class);
332 when(oldCertificateModelFactory.createCertificateModel(any(), any())).thenReturn(certificateModel);
333 return certificateModel;
336 private Cmpv2Server getCmpv2Server() {
337 return new Cmpv2Server();
340 private CsrModel getCsrModel() {
341 return mock(CsrModel.class);
344 private CertificationResponseModel getCertificationModel() {
345 List<String> testTrustedCertificates = Arrays.asList(CA_CERT, EXTRA_CA_CERT);
346 List<String> testCertificationChain = Arrays.asList(INTERMEDIATE_CERT, ENTITY_CERT);
347 return new CertificationResponseModel(testCertificationChain, testTrustedCertificates);