</springdoc-openapi-maven-plugin.apiDocsUrl>
<docker-maven-plugin.image-name>onap/${project.artifactId}</docker-maven-plugin.image-name>
<springdoc-openapi-maven-plugin.version>0.2</springdoc-openapi-maven-plugin.version>
+ <gson.version>2.8.6</gson.version>
</properties>
<dependencyManagement>
<artifactId>bcprov-jdk15on</artifactId>
<version>${bouncycastle.version}</version>
</dependency>
+ <dependency>
+ <groupId>com.google.code.gson</groupId>
+ <artifactId>gson</artifactId>
+ <version>${gson.version}</version>
+ </dependency>
</dependencies>
<build>
package org.onap.aaf.certservice.api;
+import com.google.gson.Gson;
+import org.onap.aaf.certservice.certification.CertificationModelFactory;
import org.onap.aaf.certservice.certification.CsrModelFactory;
import org.onap.aaf.certservice.certification.CsrModelFactory.StringBase64;
import org.onap.aaf.certservice.certification.exceptions.CsrDecryptionException;
+import org.onap.aaf.certservice.certification.exceptions.PemDecryptionException;
+import org.onap.aaf.certservice.certification.model.CertificationModel;
import org.onap.aaf.certservice.certification.model.CsrModel;
+import org.onap.aaf.certservice.certification.model.ErrorResponseModel;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
private static final Logger LOGGER = LoggerFactory.getLogger(CertificationService.class);
private final CsrModelFactory csrModelFactory;
+ private final CertificationModelFactory certificationModelFactory;
@Autowired
- CertificationService(CsrModelFactory csrModelFactory) {
+ CertificationService(CsrModelFactory csrModelFactory, CertificationModelFactory certificationModelFactory) {
this.csrModelFactory = csrModelFactory;
+ this.certificationModelFactory = certificationModelFactory;
}
/**
* @param encodedPrivateKey Private key for CSR, needed for PoP, encoded in Base64 form
* @return JSON containing trusted certificates and certificate chain
*/
- @GetMapping("v1/certificate/{caName}")
+ @GetMapping(value = "v1/certificate/{caName}", produces = "application/json; charset=utf-8")
public ResponseEntity<String> signCertificate(
@PathVariable String caName,
@RequestHeader("CSR") String encodedCsr,
new StringBase64(encodedPrivateKey)
);
LOGGER.debug("Received CSR meta data: \n{}", csrModel);
- return new ResponseEntity<>(csrModel.toString(), HttpStatus.OK);
+ CertificationModel certificationModel = certificationModelFactory
+ .createCertificationModel(csrModel,caName);
+ return new ResponseEntity<>(
+ new Gson().toJson(certificationModel),
+ HttpStatus.OK);
} catch (CsrDecryptionException e) {
- LOGGER.error("Exception occurred during certificate signing:", e);
- return new ResponseEntity<>("Wrong certificate signing request (CSR) format", HttpStatus.BAD_REQUEST);
+ LOGGER.error("Exception occurred during decoding certificate sign request:", e);
+ return getErrorResponseEntity("Wrong certificate signing request (CSR) format");
+ } catch (PemDecryptionException e) {
+ LOGGER.error("Exception occurred during decoding key:", e);
+ return getErrorResponseEntity("Wrong key (PK) format");
}
}
+ private ResponseEntity<String> getErrorResponseEntity(String errorMessage) {
+ ErrorResponseModel errorResponse = new ErrorResponseModel(errorMessage);
+ return new ResponseEntity<>(
+ new Gson().toJson(errorResponse),
+ HttpStatus.BAD_REQUEST);
+ }
+
}
--- /dev/null
+/*
+ * ============LICENSE_START=======================================================
+ * PROJECT
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.aaf.certservice.certification;
+
+
+final class CertificationData {
+
+ private CertificationData() {}
+
+ private static final String BEGIN_CERTIFICATE = "-----BEGIN CERTIFICATE-----\n";
+ private static final String END_CERTIFICATE = "-----END CERTIFICATE-----";
+
+ static final String EXTRA_CA_CERT = ""
+ + BEGIN_CERTIFICATE
+ + "MIIDvzCCAqcCFF5DejiyfoNfPiiMmBXulniBewBGMA0GCSqGSIb3DQEBCwUAMIGb\n"
+ + "MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2Fu\n"
+ + "LUZyYW5jaXNjbzEZMBcGA1UECgwQTGludXgtRm91bmRhdGlvbjENMAsGA1UECwwE\n"
+ + "T05BUDEVMBMGA1UEAwwMbmV3Lm9uYXAub3JnMR4wHAYJKoZIhvcNAQkBFg90ZXN0\n"
+ + "ZXJAb25hcC5vcmcwHhcNMjAwMjEyMDk1OTM3WhcNMjEwMjExMDk1OTM3WjCBmzEL\n"
+ + "MAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbi1G\n"
+ + "cmFuY2lzY28xGTAXBgNVBAoMEExpbnV4LUZvdW5kYXRpb24xDTALBgNVBAsMBE9O\n"
+ + "QVAxFTATBgNVBAMMDG5ldy5vbmFwLm9yZzEeMBwGCSqGSIb3DQEJARYPdGVzdGVy\n"
+ + "QG9uYXAub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtF4FXeDV\n"
+ + "ng/inC/bTACmZnLC9IiC7PyG/vVbMxxN1bvQLRAwC/Hbl3i9zD68Vs/jPPr/SDr9\n"
+ + "2rgItdDdUY1V30Y3PT06F11XdEaRb+t++1NX0rDf1AqPaBZgnBmB86s1wbqHdJTr\n"
+ + "wEImDZ5xMPfP3fiWy/9Yw/U7iRMIi1/oI0lWuHJV0bn908shuJ6dvInpRCoDnoTX\n"
+ + "YP/FiDSZCFVewQcq4TigB7kRqZrDcPZWbSlqHklDMXRwbCxAiFSziuX6TBwru9Rn\n"
+ + "HhIeXVSgMU1ZSSopVbJGtQ4zSsU1nvTK5Bhc2UHGcAOZy1xTN5D9EEbTqh7l+Wtx\n"
+ + "y8ojkEXvFG8lVwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAE+bUphwHit78LK8sb\n"
+ + "OMjt4DiEu32KeSJOpYgPLeBeAIynaNsa7sQrpuxerGNTmQWIcw6olXI0J+OOwkik\n"
+ + "II7elrYtd5G1uALxXWdamNsaY0Du34moVL1YjexJ7qQ4oBUxg2tuY8NAQGDK+23I\n"
+ + "nCA+ZwzdTJo73TYS6sx64d/YLWkX4nHGUoMlF+xUH34csDyhpuTSzQhC2quB5N8z\n"
+ + "tSFdpe4z2jqx07qo2EBFxi03EQ8Q0ex6l421QM2gbs7cZQ66K0DkpPcF2+iHZnyx\n"
+ + "xq1lnlsWHklElF2bhyXTn3fPp5wtan00P8IolKx7CAWb92QjkW6M0RvTW/xuwIzh\n"
+ + "0rTO\n"
+ + END_CERTIFICATE;
+
+ static final String CA_CERT = ""
+ + BEGIN_CERTIFICATE
+ + "MIIDtzCCAp8CFAwqQddh4/iyGfP8UZ3dpXlxfAN8MA0GCSqGSIb3DQEBCwUAMIGX\n"
+ + "MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2Fu\n"
+ + "LUZyYW5jaXNjbzEZMBcGA1UECgwQTGludXgtRm91bmRhdGlvbjENMAsGA1UECwwE\n"
+ + "T05BUDERMA8GA1UEAwwIb25hcC5vcmcxHjAcBgkqhkiG9w0BCQEWD3Rlc3RlckBv\n"
+ + "bmFwLm9yZzAeFw0yMDAyMTIwOTM0MjdaFw0yMTAyMTEwOTM0MjdaMIGXMQswCQYD\n"
+ + "VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuLUZyYW5j\n"
+ + "aXNjbzEZMBcGA1UECgwQTGludXgtRm91bmRhdGlvbjENMAsGA1UECwwET05BUDER\n"
+ + "MA8GA1UEAwwIb25hcC5vcmcxHjAcBgkqhkiG9w0BCQEWD3Rlc3RlckBvbmFwLm9y\n"
+ + "ZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCFrnO7/eT6V+7XkPPd\n"
+ + "eiL/6xXreuegvit/1/jTVjG+3AOVcmTn2WXwXXRcQLvkWQfJVPoltsY8E3FqFRti\n"
+ + "797XjY6cdQJFVDyzNU0+Fb4vJL9FK5wSvnS6EFjBEn3JvXRlENorDCs/mfjkjJoa\n"
+ + "Dl74gXQEJYcg4nsTeNIj7cm3Q7VK3mZt1t7LSJJ+czxv69UJDuNJpmQ/2WOKyLZA\n"
+ + "gTtBJ+Hyol45/OLsrqwq1dAn9ZRWIFPvRt/XQYH9bI/6MtqSreRVUrdYCiTe/XpP\n"
+ + "B/OM6NEi2+p5QLi3Yi70CEbqP3HqUVbkzF+r7bwIb6M5/HxfqzLmGwLvD+6rYnUn\n"
+ + "Bm8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAhXoO65DXth2X/zFRNsCNpLwmDy7r\n"
+ + "PxT9ZAIZAzSxx3/aCYiuTrKP1JnqjkO+F2IbikrI4n6sKO49SKnRf9SWTFhd+5dX\n"
+ + "vxq5y7MaqxHAY9J7+Qzq33+COVFQnaF7ddel2NbyUVb2b9ZINNsaZkkPXui6DtQ7\n"
+ + "/Fb/1tmAGWd3hMp75G2thBSzs816JMKKa9WD+4VGATEs6OSll4sv2fOZEn+0mAD3\n"
+ + "9q9c+WtLGIudOwcHwzPb2njtNntQSCK/tVOqbY+vzhMY3JW+p9oSrLDSdGC+pAKK\n"
+ + "m/wB+2VPIYcsPMtIhHC4tgoSaiCqjXYptaOh4b8ye8CPBUCpX/AYYkN0Ow==\n"
+ + END_CERTIFICATE;
+
+ static final String INTERMEDIATE_CERT = ""
+ + BEGIN_CERTIFICATE
+ + "MIIDqTCCApGgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZcxCzAJBgNVBAYTAlVT\n"
+ + "MRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4tRnJhbmNpc2NvMRkw\n"
+ + "FwYDVQQKDBBMaW51eC1Gb3VuZGF0aW9uMQ0wCwYDVQQLDARPTkFQMREwDwYDVQQD\n"
+ + "DAhvbmFwLm9yZzEeMBwGCSqGSIb3DQEJARYPdGVzdGVyQG9uYXAub3JnMB4XDTIw\n"
+ + "MDIxMjA5NDAxMloXDTIyMTEwODA5NDAxMlowgYQxCzAJBgNVBAYTAlVTMRMwEQYD\n"
+ + "VQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4tRnJhbmNpc2NvMRkwFwYDVQQK\n"
+ + "DBBMaW51eC1Gb3VuZGF0aW9uMQ0wCwYDVQQLDARPTkFQMR4wHAYDVQQDDBVpbnRl\n"
+ + "cm1lZGlhdGUub25hcC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB\n"
+ + "AQC1oOYMZ6G+2DGDAizYnzdCNiogivlht1s4oqgem7fM1XFPxD2p31ATIibOdqr/\n"
+ + "gv1qemO9Q4r1xn6w1Ufq7T1K7PjnMzdSeTqZefurE2JM/HHx2QvW4TjMlz2ILgaD\n"
+ + "L1LN60kmMQSOi5VxKJpsrCQxbOsxhvefd212gny5AZMcjJe23kUd9OxUrtvpdLEv\n"
+ + "wI3vFEvT7oRUnEUg/XNz7qeg33vf1C39yMR+6O4s6oevgsEebVKjb+yOoS6zzGtz\n"
+ + "72wZjm07C54ZlO+4Uy+QAlMjRiU3mgWkKbkOy+4CvwehjhpTikdBs2DX39ZLGHhn\n"
+ + "L/0a2NYtGulp9XEqmTvRoI+PAgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n"
+ + "hvcNAQELBQADggEBADcitdJ6YswiV8jAD9GK0gf3+zqcGegt4kt+79JXlXYbb1sY\n"
+ + "q3o6prcB7nSUoClgF2xUPCslFGpM0Er9FCSFElQM/ru0l/KVmJS6kSpwEHvsYIH3\n"
+ + "q5anta+Pyk8JSQWAAw+qrind0uBQMnhR8Tn13tgV+Kjvg/xlH/nZIEdN5YtLB1cA\n"
+ + "beVsZRyRfVL9DeZU8s/MZ5wC3kgcEp5A4m5lg7HyBxBdqhzFcDr6xiy6OGqW8Yep\n"
+ + "xrwfc8Fw8a/lOv4U+tBeGNKPQDYaL9hh+oM+qMkNXsHXDqdJsuEGJtU4i3Wcwzoc\n"
+ + "XGN5NWV//4bP+NFmwgcn7AYCdRvz04A8GU/0Cwg=\n"
+ + END_CERTIFICATE;
+
+ static final String ENTITY_CERT = ""
+ + BEGIN_CERTIFICATE
+ + "MIIDjDCCAnSgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwgYQxCzAJBgNVBAYTAlVT\n"
+ + "MRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4tRnJhbmNpc2NvMRkw\n"
+ + "FwYDVQQKDBBMaW51eC1Gb3VuZGF0aW9uMQ0wCwYDVQQLDARPTkFQMR4wHAYDVQQD\n"
+ + "DBVpbnRlcm1lZGlhdGUub25hcC5vcmcwHhcNMjAwMjEyMDk1MTI2WhcNMjIxMTA4\n"
+ + "MDk1MTI2WjB7MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQG\n"
+ + "A1UEBwwNU2FuLUZyYW5jaXNjbzEZMBcGA1UECgwQTGludXgtRm91bmRhdGlvbjEN\n"
+ + "MAsGA1UECwwET05BUDEVMBMGA1UEAwwMdmlkLm9uYXAub3JnMIIBIjANBgkqhkiG\n"
+ + "9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw+GIRzJzUOh0gtc+wzFJEdTnn+q5F10L0Yhr\n"
+ + "G1xKdjPieHIFGsoiXwcuCU8arNSqlz7ocx62KQRkcA8y6edlOAsYtdOEJvqEI9vc\n"
+ + "eyTB/HYsbzw3URPGch4AmibrQkKU9QvGwouHtHn4R2Ft2Y0tfEqv9hxj9v4njq4A\n"
+ + "EiDLAFLl5FmVyCZu/MtKngSgu1smcaFKTYySPMxytgJZexoa/ALZyyE0gRhsvwHm\n"
+ + "NLGCPt1bmE/PEGZybsCqliyTO0S56ncD55The7+D/UDS4kE1Wg0svlWon/YsE6QW\n"
+ + "B3oeJDX7Kr8ebDTIAErevIAD7Sm4ee5se2zxYrsYlj0MzHZtvwIDAQABoxAwDjAM\n"
+ + "BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCvQ1pTvjON6vSlcJRKSY4r\n"
+ + "8q7L4/9ZaVXWJAjzEYJtPIqsgGiPWz0vGfgklowU6tZxp9zRZFXfMil+mPQSe+yo\n"
+ + "ULrZSQ/z48YHPueE/BNO/nT4aaVBEhPLR5aVwC7uQVX8H+m1V1UGT8lk9vdI9rej\n"
+ + "CI9l524sLCpdE4dFXiWK2XHEZ0Vfylk221u3IYEogVVA+UMX7BFPSsOnI2vtYK/i\n"
+ + "lwZtlri8LtTusNe4oiTkYyq+RSyDhtAswg8ANgvfHolhCHoLFj6w1IkG88UCmbwN\n"
+ + "d7BoGMy06y5MJxyXEZG0vR7eNeLey0TIh+rAszAFPsIQvrOHW+HuA+WLQAj1mhnm\n"
+ + END_CERTIFICATE;
+
+}
--- /dev/null
+/*
+ * ============LICENSE_START=======================================================
+ * PROJECT
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.aaf.certservice.certification;
+
+import org.onap.aaf.certservice.certification.model.CertificationModel;
+import org.onap.aaf.certservice.certification.model.CsrModel;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Service;
+
+import java.util.Arrays;
+
+import static org.onap.aaf.certservice.certification.CertificationData.CA_CERT;
+import static org.onap.aaf.certservice.certification.CertificationData.ENTITY_CERT;
+import static org.onap.aaf.certservice.certification.CertificationData.INTERMEDIATE_CERT;
+import static org.onap.aaf.certservice.certification.CertificationData.EXTRA_CA_CERT;
+
+@Service
+public class CertificationModelFactory {
+
+ private static final Logger LOGGER = LoggerFactory.getLogger(CertificationModelFactory.class);
+
+
+ public CertificationModel createCertificationModel(CsrModel csr, String caName) {
+ LOGGER.info("Generating certificates for CA named: {}, and certificate signing request:\n{}",
+ caName, csr);
+ return new CertificationModel(
+ Arrays.asList(ENTITY_CERT, INTERMEDIATE_CERT),
+ Arrays.asList(CA_CERT, EXTRA_CA_CERT)
+ );
+ }
+
+}
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.util.io.pem.PemObject;
import org.onap.aaf.certservice.certification.exceptions.CsrDecryptionException;
+import org.onap.aaf.certservice.certification.exceptions.PemDecryptionException;
import org.onap.aaf.certservice.certification.model.CsrModel;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
private static final Logger LOGGER = LoggerFactory.getLogger(CsrModelFactory.class);
private final PemObjectFactory pemObjectFactory = new PemObjectFactory();
- public CsrModel createCsrModel(StringBase64 csr, StringBase64 privateKey) throws CsrDecryptionException {
+ public CsrModel createCsrModel(StringBase64 csr, StringBase64 privateKey)
+ throws CsrDecryptionException, PemDecryptionException {
LOGGER.debug("Decoded CSR: \n{}", csr);
try {
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemReader;
-import org.onap.aaf.certservice.certification.exceptions.CsrDecryptionException;
+import org.onap.aaf.certservice.certification.exceptions.PemDecryptionException;
public class PemObjectFactory {
- public PemObject createPemObject(String pem) throws CsrDecryptionException {
+ public PemObject createPemObject(String pem) throws PemDecryptionException {
try (StringReader stringReader = new StringReader(pem);
PemReader pemReader = new PemReader(stringReader)) {
return pemReader.readPemObject();
} catch (IOException e) {
- throw new CsrDecryptionException("Unable to create PEM", e);
+ throw new PemDecryptionException("Unable to create PEM", e);
}
}
package org.onap.aaf.certservice.certification.exceptions;
-public class CsrDecryptionException extends Exception {
+public class CsrDecryptionException extends DecryptionException {
public CsrDecryptionException(String message, Throwable cause) {
super(message, cause);
}
--- /dev/null
+/*
+ * ============LICENSE_START=======================================================
+ * PROJECT
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.aaf.certservice.certification.exceptions;
+
+public class DecryptionException extends Exception {
+ public DecryptionException(String message, Throwable cause) {
+ super(message, cause);
+ }
+}
--- /dev/null
+/*
+ * ============LICENSE_START=======================================================
+ * PROJECT
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.aaf.certservice.certification.exceptions;
+
+public class PemDecryptionException extends DecryptionException {
+ public PemDecryptionException(String message, Throwable cause) {
+ super(message, cause);
+ }
+
+}
--- /dev/null
+/*
+ * ============LICENSE_START=======================================================
+ * PROJECT
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.aaf.certservice.certification.model;
+
+import java.util.Collections;
+import java.util.List;
+
+public class CertificationModel {
+
+ private final List<String> certificateChain;
+ private final List<String> trustedCertificates;
+
+ public CertificationModel(List<String> certificateChain, List<String> trustedCertificates) {
+ this.certificateChain = certificateChain;
+ this.trustedCertificates = trustedCertificates;
+ }
+
+ public List<String> getCertificateChain() {
+ return Collections.unmodifiableList(certificateChain);
+ }
+
+ public List<String> getTrustedCertificates() {
+ return Collections.unmodifiableList(trustedCertificates);
+ }
+
+}
--- /dev/null
+/*
+ * ============LICENSE_START=======================================================
+ * PROJECT
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.aaf.certservice.certification.model;
+
+public class ErrorResponseModel {
+
+ private final String errorMessage;
+
+ public ErrorResponseModel(String errorMessage) {
+ this.errorMessage = errorMessage;
+ }
+
+ public String getErrorMessage() {
+ return errorMessage;
+ }
+
+}
+
package org.onap.aaf.certservice.api;
+import com.google.gson.Gson;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.mockito.Mock;
import org.mockito.MockitoAnnotations;
+import org.onap.aaf.certservice.certification.CertificationModelFactory;
import org.onap.aaf.certservice.certification.CsrModelFactory;
import org.onap.aaf.certservice.certification.CsrModelFactory.StringBase64;
import org.onap.aaf.certservice.certification.exceptions.CsrDecryptionException;
+import org.onap.aaf.certservice.certification.exceptions.DecryptionException;
+import org.onap.aaf.certservice.certification.exceptions.PemDecryptionException;
+import org.onap.aaf.certservice.certification.model.CertificationModel;
import org.onap.aaf.certservice.certification.model.CsrModel;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import java.io.IOException;
+import java.util.Arrays;
+import static org.assertj.core.api.Assertions.assertThat;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.mockito.ArgumentMatchers.any;
@Mock
private CsrModelFactory csrModelFactory;
+ @Mock
+ private CertificationModelFactory certificationModelFactory;
+
@BeforeEach
void serUp() {
MockitoAnnotations.initMocks(this);
- certificationService = new CertificationService(csrModelFactory);
+ certificationService = new CertificationService(csrModelFactory, certificationModelFactory);
}
@Test
- void shouldReturnDataAboutCsrBaseOnEncodedParameters() throws CsrDecryptionException {
+ void shouldReturnDataAboutCsrBaseOnEncodedParameters() throws DecryptionException {
// given
final String testStringCsr = "testData";
+ final String testCaName = "TestCa";
CsrModel mockedCsrModel = mock(CsrModel.class);
+ CertificationModel testCertificationModel = new CertificationModel(
+ Arrays.asList("ENTITY_CERT", "INTERMEDIATE_CERT"),
+ Arrays.asList("CA_CERT", "EXTRA_CA_CERT")
+ );
when(mockedCsrModel.toString()).thenReturn(testStringCsr);
when(csrModelFactory.createCsrModel(any(StringBase64.class), any(StringBase64.class)))
.thenReturn(mockedCsrModel);
+ when(certificationModelFactory.createCertificationModel(mockedCsrModel, testCaName))
+ .thenReturn(testCertificationModel);
// when
ResponseEntity<String> testResponse =
- certificationService.signCertificate("TestCa", "encryptedCSR", "encryptedPK");
+ certificationService.signCertificate(testCaName, "encryptedCSR", "encryptedPK");
+
+ CertificationModel responseCertificationModel = new Gson().fromJson(testResponse.getBody(), CertificationModel.class);
// then
assertEquals(HttpStatus.OK, testResponse.getStatusCode());
+ assertThat(responseCertificationModel
+ ).isEqualToComparingFieldByField(testCertificationModel);
+
+ }
+
+ @Test
+ void shouldReturnBadRequestWhenCreatingCsrModelFails() throws DecryptionException {
+ // given
+ when(csrModelFactory.createCsrModel(any(StringBase64.class), any(StringBase64.class)))
+ .thenThrow(new CsrDecryptionException("CSR creation fail",new IOException()));
+
+ // when
+ ResponseEntity<String> testResponse =
+ certificationService.signCertificate("TestCa", "encryptedCSR", "encryptedPK");
+
+ String expectedMessage = "Wrong certificate signing request (CSR) format";
+
+ // then
+ assertEquals(HttpStatus.BAD_REQUEST, testResponse.getStatusCode());
assertTrue(
- testResponse.toString().contains(testStringCsr)
+ testResponse.toString().contains(expectedMessage)
);
+
}
@Test
- void shouldReturnBadRequestWhenCreatingCsrModelFails() throws CsrDecryptionException {
+ void shouldReturnBadRequestWhenCreatingPemModelFails() throws DecryptionException {
// given
when(csrModelFactory.createCsrModel(any(StringBase64.class), any(StringBase64.class)))
- .thenThrow(new CsrDecryptionException("creation fail",new IOException()));
+ .thenThrow(new PemDecryptionException("PEM creation fail",new IOException()));
// when
ResponseEntity<String> testResponse =
certificationService.signCertificate("TestCa", "encryptedCSR", "encryptedPK");
- String expectedMessage = "Wrong certificate signing request (CSR) format";
+ String expectedMessage = "Wrong key (PK) format";
// then
assertEquals(HttpStatus.BAD_REQUEST, testResponse.getStatusCode());
--- /dev/null
+/*
+ * ============LICENSE_START=======================================================
+ * PROJECT
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.aaf.certservice.certification;
+
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.onap.aaf.certservice.certification.model.CertificationModel;
+import org.onap.aaf.certservice.certification.model.CsrModel;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.mockito.Mockito.mock;
+import static org.onap.aaf.certservice.certification.CertificationData.CA_CERT;
+import static org.onap.aaf.certservice.certification.CertificationData.ENTITY_CERT;
+import static org.onap.aaf.certservice.certification.CertificationData.INTERMEDIATE_CERT;
+import static org.onap.aaf.certservice.certification.CertificationData.EXTRA_CA_CERT;
+
+
+class CertificationModelFactoryTest {
+
+
+ private CertificationModelFactory certificationModelFactory;
+
+ @BeforeEach
+ void setUp() {
+ certificationModelFactory = new CertificationModelFactory();
+ }
+
+ @Test
+ void shouldCreateProperCertificationModelWhenGivenProperCsrModelAndCaName() {
+ // given
+ final String testCaName = "testCA";
+ CsrModel mockedCsrModel = mock(CsrModel.class);
+
+ // when
+ CertificationModel certificationModel = certificationModelFactory.createCertificationModel(mockedCsrModel ,testCaName);
+
+ //then
+ assertEquals(2, certificationModel.getCertificateChain().size());
+ assertThat(certificationModel.getCertificateChain()).contains(INTERMEDIATE_CERT, ENTITY_CERT);
+ assertEquals(2, certificationModel.getTrustedCertificates().size());
+ assertThat(certificationModel.getTrustedCertificates()).contains(CA_CERT, EXTRA_CA_CERT);
+ }
+
+}
import org.junit.jupiter.api.Test;
import org.onap.aaf.certservice.certification.CsrModelFactory.StringBase64;
import org.onap.aaf.certservice.certification.exceptions.CsrDecryptionException;
+import org.onap.aaf.certservice.certification.exceptions.DecryptionException;
import org.onap.aaf.certservice.certification.model.CsrModel;
import static org.junit.jupiter.api.Assertions.assertThrows;
}
@Test
- void shouldDecryptCsrAndReturnStringWithDataAboutIt() throws CsrDecryptionException {
+ void shouldDecryptCsrAndReturnStringWithDataAboutIt() throws DecryptionException {
// given
String encoderCsr = new String(Base64.encode(TEST_CSR.getBytes()));
String encoderPK = new String(Base64.encode(TEST_PK.getBytes()));
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.onap.aaf.certservice.certification.exceptions.CsrDecryptionException;
+import org.onap.aaf.certservice.certification.exceptions.PemDecryptionException;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertThrows;
}
@Test
- void shouldTransformStringInToPemObjectAndBackToString() throws CsrDecryptionException {
+ void shouldTransformStringInToPemObjectAndBackToString() throws PemDecryptionException {
// when
PemObject pemObject = pemObjectFactory.createPemObject(TEST_PEM);
String parsedPemObject = pemObjectToString(pemObject);
void shouldThrowExceptionWhenParsingPemFailed() {
// when
Exception exception = assertThrows(
- CsrDecryptionException.class, () -> pemObjectFactory.createPemObject(TEST_WRONG_PEM)
+ PemDecryptionException.class, () -> pemObjectFactory.createPemObject(TEST_WRONG_PEM)
);
String expectedMessage = "Unable to create PEM";
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemWriter;
-import org.onap.aaf.certservice.certification.exceptions.CsrDecryptionException;
+import org.onap.aaf.certservice.certification.exceptions.PemDecryptionException;
import java.io.IOException;
import java.io.StringWriter;
private TestUtils() {
}
- public static String pemObjectToString(PemObject pemObject) throws CsrDecryptionException {
+ public static String pemObjectToString(PemObject pemObject) throws PemDecryptionException {
try (StringWriter output = new StringWriter()) {
PemWriter pemWriter = new PemWriter(output);
pemWriter.writeObject(pemObject);
return output.getBuffer().toString();
} catch (IOException e) {
- throw new CsrDecryptionException("Writing PAM Object to string failed", e);
+ throw new PemDecryptionException("Writing PAM Object to string failed", e);
}
}
}
import org.junit.jupiter.api.Test;
import org.onap.aaf.certservice.certification.PemObjectFactory;
import org.onap.aaf.certservice.certification.exceptions.CsrDecryptionException;
+import org.onap.aaf.certservice.certification.exceptions.DecryptionException;
+import org.onap.aaf.certservice.certification.exceptions.PemDecryptionException;
import java.io.IOException;
@Test
- void shouldByConstructedAndReturnProperFields() throws CsrDecryptionException, IOException {
+ void shouldByConstructedAndReturnProperFields() throws DecryptionException, IOException {
// given
PemObject testPublicKey = generateTestPublicKey();
}
@Test
- void shouldThrowExceptionWhenKeyIsNotCorrect() throws IOException, CsrDecryptionException {
+ void shouldThrowExceptionWhenKeyIsNotCorrect() throws PemDecryptionException ,IOException {
// given
PemObjectFactory pemObjectFactory = new PemObjectFactory();
PKCS10CertificationRequest testCsr = mock(PKCS10CertificationRequest.class);
assertTrue(actualMessage.contains(expectedMessage));
}
- private CsrModel generateTestCsrModel() throws CsrDecryptionException, IOException {
+ private CsrModel generateTestCsrModel() throws PemDecryptionException, IOException {
PemObjectFactory pemObjectFactory = new PemObjectFactory();
PKCS10CertificationRequest testCsr = new PKCS10CertificationRequest(
pemObjectFactory.createPemObject(TEST_CSR).getContent()
return new CsrModel(testCsr, testPrivateKey);
}
- private PemObject generateTestPublicKey() throws CsrDecryptionException, IOException {
+ private PemObject generateTestPublicKey() throws PemDecryptionException, IOException {
PemObjectFactory pemObjectFactory = new PemObjectFactory();
PKCS10CertificationRequest testCsr = new PKCS10CertificationRequest(
pemObjectFactory.createPemObject(TEST_CSR).getContent()
Code Review / oom / platform / cert-service.git / commitdiff