Removed unused parameters when creating certificate

author Michal Banka <michal.banka@nokia.com>

Wed, 18 Mar 2020 11:40:13 +0000 (12:40 +0100)

committer Michał Bańka <michal.banka@nokia.com>

Fri, 20 Mar 2020 12:33:21 +0000 (12:33 +0000)
author Michal Banka <michal.banka@nokia.com>
Wed, 18 Mar 2020 11:40:13 +0000 (12:40 +0100)
committer Michał Bańka <michal.banka@nokia.com>
Fri, 20 Mar 2020 12:33:21 +0000 (12:33 +0000)
diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationProvider.java b/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationProvider.java

index fa2d88a..6068237 100644 (file)
--- a/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationProvider.java
+++ b/certService/src/main/java/org/onap/aaf/certservice/certification/CertificationProvider.java
@@ -22,7 +22,6 @@ package org.onap.aaf.certservice.certification;
  
  import org.onap.aaf.certservice.certification.adapter.Cmpv2ClientAdapter;
  import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server;
-import org.onap.aaf.certservice.certification.exception.Cmpv2ClientAdapterException;
  import org.onap.aaf.certservice.certification.model.CertificationModel;
  import org.onap.aaf.certservice.certification.model.CsrModel;
  import org.onap.aaf.certservice.cmpv2client.exceptions.CmpClientException;
@@ -40,7 +39,7 @@ public class CertificationProvider {
      }
  
      CertificationModel signCsr(CsrModel csrModel, Cmpv2Server server)
-            throws CmpClientException, Cmpv2ClientAdapterException {
+            throws CmpClientException {
          return cmpv2ClientAdapter.callCmpClient(csrModel, server);
      }
  
diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapter.java b/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapter.java

index 2477c42..96fe460 100644 (file)
--- a/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapter.java
+++ b/certService/src/main/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapter.java
@@ -20,26 +20,16 @@
  
  package org.onap.aaf.certservice.certification.adapter;
  
-import java.io.ByteArrayInputStream;
  import java.io.IOException;
  import java.io.StringWriter;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.cert.CertificateException;
  import java.security.cert.X509Certificate;
  import java.util.List;
  import java.util.stream.Collectors;
  
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.cert.X509v3CertificateBuilder;
  import org.bouncycastle.openssl.jcajce.JcaMiscPEMGenerator;
-import org.bouncycastle.operator.ContentSigner;
-import org.bouncycastle.operator.OperatorCreationException;
-import org.bouncycastle.pkcs.PKCS10CertificationRequest;
  import org.bouncycastle.util.io.pem.PemObjectGenerator;
  import org.bouncycastle.util.io.pem.PemWriter;
  import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server;
-import org.onap.aaf.certservice.certification.exception.Cmpv2ClientAdapterException;
  import org.onap.aaf.certservice.certification.model.CertificationModel;
  import org.onap.aaf.certservice.certification.model.CsrModel;
  import org.onap.aaf.certservice.cmpv2client.api.CmpClient;
@@ -55,18 +45,10 @@ public class Cmpv2ClientAdapter {
      private static final Logger LOGGER = LoggerFactory.getLogger(Cmpv2ClientAdapter.class);
  
      private final CmpClient cmpClient;
-    private final RsaContentSignerBuilder rsaContentSignerBuilder;
-    private final X509CertificateBuilder x509CertificateBuilder;
-    private final CertificateFactoryProvider certificateFactoryProvider;
  
      @Autowired
-    public Cmpv2ClientAdapter(CmpClient cmpClient, RsaContentSignerBuilder rsaContentSignerBuilder,
-                              X509CertificateBuilder x509CertificateBuilder,
-                              CertificateFactoryProvider certificateFactoryProvider) {
+    public Cmpv2ClientAdapter(CmpClient cmpClient) {
          this.cmpClient = cmpClient;
-        this.rsaContentSignerBuilder = rsaContentSignerBuilder;
-        this.x509CertificateBuilder = x509CertificateBuilder;
-        this.certificateFactoryProvider = certificateFactoryProvider;
      }
  
      /**
@@ -76,13 +58,10 @@ public class Cmpv2ClientAdapter {
       * @param server   Cmp Server configuration from cmpServers.json
       * @return container for returned certificates
       * @throws CmpClientException          Exceptions which comes from Cmp Client
-     * @throws Cmpv2ClientAdapterException Exceptions which comes from Adapter itself
       */
      public CertificationModel callCmpClient(CsrModel csrModel, Cmpv2Server server)
-            throws CmpClientException, Cmpv2ClientAdapterException {
-        List<List<X509Certificate>> certificates = cmpClient.createCertificate(server.getCaName(),
-                server.getCaMode().getProfile(), csrModel, server,
-                convertCsrToX509Certificate(csrModel.getCsr(), csrModel.getPrivateKey()));
+            throws CmpClientException {
+        List<List<X509Certificate>> certificates = cmpClient.createCertificate(csrModel, server);
          return new CertificationModel(convertFromX509CertificateListToPemList(certificates.get(0)),
                  convertFromX509CertificateListToPemList(certificates.get(1)));
      }
@@ -98,19 +77,6 @@ public class Cmpv2ClientAdapter {
          return sw.toString();
      }
  
-    private X509Certificate convertCsrToX509Certificate(PKCS10CertificationRequest csr, PrivateKey privateKey)
-            throws Cmpv2ClientAdapterException {
-        try {
-            X509v3CertificateBuilder certificateGenerator = x509CertificateBuilder.build(csr);
-            ContentSigner signer = rsaContentSignerBuilder.build(csr, privateKey);
-            X509CertificateHolder holder = certificateGenerator.build(signer);
-            return certificateFactoryProvider
-                    .generateCertificate(new ByteArrayInputStream(holder.toASN1Structure().getEncoded()));
-        } catch (IOException | CertificateException | OperatorCreationException | NoSuchProviderException e) {
-            throw new Cmpv2ClientAdapterException(e);
-        }
-    }
-
      private List<String> convertFromX509CertificateListToPemList(List<X509Certificate> certificates) {
          return certificates.stream().map(this::convertFromX509CertificateToPem).filter(cert -> !cert.isEmpty())
                  .collect(Collectors.toList());
diff --git a/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/api/CmpClient.java b/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/api/CmpClient.java

index 7de3b71..6ff1bf6 100644 (file)
--- a/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/api/CmpClient.java
+++ b/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/api/CmpClient.java
@@ -41,13 +41,8 @@ public interface CmpClient {
     * IAK/RV, Verification of the signature (proof-of-possession) on the request is performed and an
     * Exception thrown if verification fails or issue encountered in fetching certificate from CA.
     *
-   * @param caName    Information about the External Root Certificate Authority (CA) performing the
-   *                  event CA Name. Could be {@code null}.
-   * @param profile   Profile on CA server Client/RA Mode configuration on Server. Could be {@code
-   *                  null}.
     * @param csrModel  Certificate Signing Request model. Must not be {@code null}.
     * @param server    CMPv2 Server. Must not be {@code null}.
-   * @param csr       Certificate Signing Request {.cer} file. Must not be {@code null}.
     * @param notBefore An optional validity to set in the created certificate, Certificate not valid
     *                  before this date.
     * @param notAfter  An optional validity to set in the created certificate, Certificate not valid
@@ -56,11 +51,8 @@ public interface CmpClient {
     * @throws CmpClientException if client error occurs.
     */
    List<List<X509Certificate>> createCertificate(
-      String caName,
-      String profile,
        CsrModel csrModel,
        Cmpv2Server server,
-      X509Certificate csr,
        Date notBefore,
        Date notAfter)
        throws CmpClientException;
@@ -71,21 +63,13 @@ public interface CmpClient {
     * IAK/RV, Verification of the signature (proof-of-possession) on the request is performed and an
     * Exception thrown if verification fails or issue encountered in fetching certificate from CA.
     *
-   * @param caName    Information about the External Root Certificate Authority (CA) performing the
-   *                  event CA Name. Could be {@code null}.
-   * @param profile   Profile on CA server Client/RA Mode configuration on Server. Could be {@code
-   *                  null}.
     * @param csrModel  Certificate Signing Request Model. Must not be {@code null}.
     * @param server    CMPv2 server. Must not be {@code null}.
-   * @param csr       Certificate Signing Request {.cer} file. Must not be {@code null}.
     * @return {@link X509Certificate} The newly created Certificate.
     * @throws CmpClientException if client error occurs.
     */
    List<List<X509Certificate>> createCertificate(
-      String caName,
-      String profile,
        CsrModel csrModel,
-      Cmpv2Server server,
-      X509Certificate csr)
+      Cmpv2Server server)
        throws CmpClientException;
  }
diff --git a/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpClientImpl.java b/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpClientImpl.java

index 79656e9..08c4303 100644 (file)
--- a/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpClientImpl.java
+++ b/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpClientImpl.java
@@ -48,6 +48,7 @@ import org.bouncycastle.asn1.cmp.PKIBody;
  import org.bouncycastle.asn1.cmp.PKIHeader;
  import org.bouncycastle.asn1.cmp.PKIMessage;
  import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.onap.aaf.certservice.certification.configuration.model.CaMode;
  import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server;
  import org.onap.aaf.certservice.certification.model.CsrModel;
  import org.onap.aaf.certservice.cmpv2client.exceptions.CmpClientException;
@@ -64,7 +65,6 @@ public class CmpClientImpl implements CmpClient {
      private static final Logger LOG = LoggerFactory.getLogger(CmpClientImpl.class);
      private final CloseableHttpClient httpClient;
  
-    private static final String DEFAULT_PROFILE = "RA";
      private static final String DEFAULT_CA_NAME = "Certification Authority";
  
      public CmpClientImpl(CloseableHttpClient httpClient) {
@@ -73,16 +73,13 @@ public class CmpClientImpl implements CmpClient {
  
      @Override
      public List<List<X509Certificate>> createCertificate(
-            String caName,
-            String profile,
              CsrModel csrModel,
              Cmpv2Server server,
-            X509Certificate cert,
              Date notBefore,
              Date notAfter)
              throws CmpClientException {
  
-        validate(csrModel, server, cert, caName, profile, httpClient, notBefore, notAfter);
+        validate(csrModel, server, httpClient, notBefore, notAfter);
          KeyPair keyPair = new KeyPair(csrModel.getPublicKey(), csrModel.getPrivateKey());
  
          final CreateCertRequest certRequest =
@@ -99,14 +96,13 @@ public class CmpClientImpl implements CmpClient {
  
          final PKIMessage pkiMessage = certRequest.generateCertReq();
          Cmpv2HttpClient cmpv2HttpClient = new Cmpv2HttpClient(httpClient);
-        return retrieveCertificates(caName, csrModel, server, pkiMessage, cmpv2HttpClient);
+        return retrieveCertificates(csrModel, server, pkiMessage, cmpv2HttpClient);
      }
  
      @Override
-    public List<List<X509Certificate>> createCertificate(
-            String caName, String profile, CsrModel csrModel, Cmpv2Server server, X509Certificate csr)
+    public List<List<X509Certificate>> createCertificate(CsrModel csrModel, Cmpv2Server server)
              throws CmpClientException {
-        return createCertificate(caName, profile, csrModel, server, csr, null, null);
+        return createCertificate(csrModel, server, null, null);
      }
  
      private void checkCmpResponse(
@@ -197,23 +193,18 @@ public class CmpClientImpl implements CmpClient {
       *
       * @param csrModel        Certificate Signing Request model. Must not be {@code null}.
       * @param server          CMPv2 Server. Must not be {@code null}.
-     * @param cert            Certificate object needed to validate response from CA server.
-     * @param incomingCaName  Date specifying certificate is not valid before this date.
-     * @param incomingProfile Date specifying certificate is not valid after this date.
       * @throws IllegalArgumentException if Before Date is set after the After Date.
       */
      private static void validate(
              final CsrModel csrModel,
              final Cmpv2Server server,
-            final X509Certificate cert,
-            final String incomingCaName,
-            final String incomingProfile,
              final CloseableHttpClient httpClient,
              final Date notBefore,
              final Date notAfter) {
  
-        String caName = CmpUtil.isNullOrEmpty(incomingCaName) ? incomingCaName : DEFAULT_CA_NAME;
-        String caProfile = CmpUtil.isNullOrEmpty(incomingProfile) ? incomingProfile : DEFAULT_PROFILE;
+
+        String caName = CmpUtil.isNullOrEmpty(server.getCaName()) ? server.getCaName() : DEFAULT_CA_NAME;
+        String caProfile = server.getCaMode() != null ? String.valueOf(server.getCaMode()) : String.valueOf(CaMode.RA);
          LOG.info(
                  "Validate before creating Certificate Request for CA :{} in Mode {} ", caName, caProfile);
  
@@ -224,7 +215,6 @@ public class CmpClientImpl implements CmpClient {
          CmpUtil.notNull(server.getIssuerDN(), "Issuer DN");
          CmpUtil.notNull(server.getUrl(), "External CA URL");
          CmpUtil.notNull(server.getAuthentication().getIak(), "IAK/RV Password");
-        CmpUtil.notNull(cert, "Certificate Signing Request (CSR)");
          CmpUtil.notNull(httpClient, "Closeable Http Client");
  
          if (notBefore != null && notAfter != null && notBefore.compareTo(notAfter) > 0) {
@@ -233,9 +223,9 @@ public class CmpClientImpl implements CmpClient {
      }
  
      private List<List<X509Certificate>> retrieveCertificates(
-            String caName, CsrModel csrModel, Cmpv2Server server, PKIMessage pkiMessage, Cmpv2HttpClient cmpv2HttpClient)
+            CsrModel csrModel, Cmpv2Server server, PKIMessage pkiMessage, Cmpv2HttpClient cmpv2HttpClient)
              throws CmpClientException {
-        final byte[] respBytes = cmpv2HttpClient.postRequest(pkiMessage, server.getUrl(), caName);
+        final byte[] respBytes = cmpv2HttpClient.postRequest(pkiMessage, server.getUrl(), server.getCaName());
          try {
              final PKIMessage respPkiMessage = PKIMessage.getInstance(respBytes);
              LOG.info("Received response from Server");
diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapterTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapterTest.java

index e18d1ff..56a29e8 100644 (file)
--- a/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapterTest.java
+++ b/certService/src/test/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapterTest.java
@@ -46,7 +46,6 @@ import org.mockito.Mock;
  import org.mockito.Mockito;
  import org.onap.aaf.certservice.certification.configuration.model.CaMode;
  import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server;
-import org.onap.aaf.certservice.certification.exception.Cmpv2ClientAdapterException;
  import org.onap.aaf.certservice.certification.model.CertificationModel;
  import org.onap.aaf.certservice.certification.model.CsrModel;
  import org.onap.aaf.certservice.cmpv2client.api.CmpClient;
@@ -97,7 +96,7 @@ class Cmpv2ClientAdapterTest {
          stubInternalProperties();
  
          // When
-        Mockito.when(cmpClient.createCertificate(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any()))
+        Mockito.when(cmpClient.createCertificate(Mockito.any(), Mockito.any()))
                  .thenThrow(new CmpClientException(TEST_MSG));
  
          // Then
@@ -107,12 +106,12 @@ class Cmpv2ClientAdapterTest {
      @Test
      void shouldConvertToCertificationModel()
              throws OperatorCreationException, CertificateException, NoSuchProviderException, IOException,
-            CmpClientException, Cmpv2ClientAdapterException {
+            CmpClientException {
          // Given
          stubInternalProperties();
  
          // When
-        Mockito.when(cmpClient.createCertificate(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any()))
+        Mockito.when(cmpClient.createCertificate(Mockito.any(), Mockito.any()))
                  .thenReturn(createCorrectClientResponse());
          CertificationModel certificationModel = adapter.callCmpClient(csrModel, server);
  
@@ -131,23 +130,6 @@ class Cmpv2ClientAdapterTest {
          Assertions.assertEquals(trustedCertificateModel, expectedTrustedCertificate);
      }
  
-    @Test
-    void adapterShouldThrowClientAdapterExceptionOnFailure()
-            throws OperatorCreationException, CertificateException, NoSuchProviderException, IOException,
-            CmpClientException {
-        // Given
-        stubInternalProperties();
-
-        // When
-        Mockito.when(cmpClient.createCertificate(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any()))
-                .thenReturn(createCorrectClientResponse());
-        Mockito.when(certificateFactoryProvider.generateCertificate(Mockito.any()))
-                .thenThrow(new CertificateException(TEST_MSG));
-
-        // Then
-        Assertions.assertThrows(Cmpv2ClientAdapterException.class, () -> adapter.callCmpClient(csrModel, server));
-    }
-
      private List<List<X509Certificate>> createCorrectClientResponse()
              throws CertificateException, NoSuchProviderException {
          InputStream certificateChain = getClass().getClassLoader().getResourceAsStream("certificateChain.first");
diff --git a/certService/src/test/java/org/onap/aaf/certservice/cmpv2client/Cmpv2ClientTest.java b/certService/src/test/java/org/onap/aaf/certservice/cmpv2client/Cmpv2ClientTest.java

index bea6b6a..06eeecc 100644 (file)
--- a/certService/src/test/java/org/onap/aaf/certservice/cmpv2client/Cmpv2ClientTest.java
+++ b/certService/src/test/java/org/onap/aaf/certservice/cmpv2client/Cmpv2ClientTest.java
@@ -153,7 +153,7 @@ class Cmpv2ClientTest {
          CmpClientImpl cmpClient = spy(new CmpClientImpl(httpClient));
          // when
          List<List<X509Certificate>> cmpClientResult =
-                cmpClient.createCertificate("data", "RA", csrModel, server, cert, notBefore, notAfter);
+                cmpClient.createCertificate(csrModel, server, notBefore, notAfter);
          // then
          assertNotNull(cmpClientResult);
      }
@@ -192,7 +192,7 @@ class Cmpv2ClientTest {
          // then
          Assertions.assertThrows(
                  CmpClientException.class,
-                () -> cmpClient.createCertificate("data", "RA", csrModel, server, cert, notBefore, notAfter));
+                () -> cmpClient.createCertificate(csrModel, server, notBefore, notAfter));
      }
  
      @Test
@@ -229,7 +229,7 @@ class Cmpv2ClientTest {
          // then
          Assertions.assertThrows(
                  CmpClientException.class,
-                () -> cmpClient.createCertificate("data", "RA", csrModel, server, cert, notBefore, notAfter));
+                () -> cmpClient.createCertificate(csrModel, server, notBefore, notAfter));
      }
  
      @Test
@@ -248,7 +248,7 @@ class Cmpv2ClientTest {
          // then
          Assertions.assertThrows(
                  IllegalArgumentException.class,
-                () -> cmpClient.createCertificate("data", "RA", csrModel, server, cert, notBefore, notAfter));
+                () -> cmpClient.createCertificate(csrModel, server, notBefore, notAfter));
      }
  
      @Test
@@ -268,7 +268,7 @@ class Cmpv2ClientTest {
          // then
          Assertions.assertThrows(
                  CmpClientException.class,
-                () -> cmpClient.createCertificate("data", "RA", csrModel, server, cert, notBefore, notAfter));
+                () -> cmpClient.createCertificate(csrModel, server, notBefore, notAfter));
      }
  
      private void setCsrModelAndServerValues(String iak, String rv, String externalCaUrl, Date notBefore, Date notAfter) {
author	Michal Banka <michal.banka@nokia.com>
	Wed, 18 Mar 2020 11:40:13 +0000 (12:40 +0100)
committer	Michał Bańka <michal.banka@nokia.com>
	Fri, 20 Mar 2020 12:33:21 +0000 (12:33 +0000)
certService/src/main/java/org/onap/aaf/certservice/certification/CertificationProvider.java		patch \| blob \| history
certService/src/main/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapter.java		patch \| blob \| history
certService/src/main/java/org/onap/aaf/certservice/cmpv2client/api/CmpClient.java		patch \| blob \| history
certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpClientImpl.java		patch \| blob \| history
certService/src/test/java/org/onap/aaf/certservice/certification/adapter/Cmpv2ClientAdapterTest.java		patch \| blob \| history
certService/src/test/java/org/onap/aaf/certservice/cmpv2client/Cmpv2ClientTest.java		patch \| blob \| history