!**/src/main/**
!**/src/test/**
**/var
-certServiceClient/certs_volume
+compose-resources/client-volume
### STS ###
.apt_generated
--- /dev/null
+all: build start-backend run-client stop-client stop-backend
+start-with-client: start-backend run-client
+.PHONY: build
+
+build:
+ @echo "##### Build Cert Service images locally #####"
+ mvn clean install -P docker
+ @echo "##### DONE #####"
+
+start-backend:
+ @echo "##### Start Cert Service #####"
+ docker-compose up -d
+ @echo "## Configure ejbca ##"
+ docker exec aafcert-ejbca /opt/primekey/scripts/ejbca-configuration.sh
+ @echo "##### DONE #####"
+
+run-client:
+ @echo "##### Create Cert Service Client volume folder: `pwd`/compose-resources/client-volume/ #####"
+ mkdir -p `pwd`/compose-resources/client-volume/
+ @echo "##### Start Cert Service Client #####"
+ docker run \
+ --name aafcert-client \
+ --env-file ./compose-resources/client-configuration.env \
+ --network certservice_certservice \
+ --mount type=bind,src=`pwd`/compose-resources/client-volume/,dst=/var/certs \
+ onap/org.onap.aaf.certservice.aaf-certservice-client:latest
+
+stop-client:
+ @echo "##### Remove Cert Service Client #####"
+ @echo "Removing aafcert-client"
+ @docker rm aafcert-client > /dev/null 2> /dev/null || true
+ @echo "##### DONE #####"
+
+stop-backend:
+ @echo "##### Stop Cert Service #####"
+ docker-compose down
+ @echo "##### DONE #####"
--- /dev/null
+# Cert service
+
+### General description
+
+More information about the project and all its functionalities you can find under the wiki page:
+ ```
+ https://wiki.onap.org/display/DW/AAF+Certification+Service
+ ```
+
+Project consists of two submodules:
+1. aaf-certservice-api
+2. aaf-certservice-client
+
+Detailed information about submodules can be found in ```README.md``` in their directories.
+
+### Project building
+```
+mvn clean package
+```
+
+### Install the packages into the local repository
+```
+mvn clean install
+```
+
+### Building Docker images and install packages into local repository
+```
+mvn clean install -P docker
+or
+make build
+```
+
+### Running Docker containers from docker-compose with EJBCA
+Docker-compose uses a local image of certservice-api and make run-client uses a local image of certservice-client
+Build docker images locally before running docker compose command.
+```
+1. Build local images
+make build
+2. Start Cert Service with configured EJBCA
+make start-backend
+3. Run Cert Service Client
+make run-client
+3. Remove client container
+make stop-client
+4. Stop Cert Service and EJBCA
+make stop-backend
+```
+
+### Running API with Helm
+1. Use environment/server with installed kubernetes and helm.
+2. Copy certService/helm/aaf-cert-service directory to that environment.
+3. Enter that environment
+4. Run ```helm install ./aaf-cert-service```
+
+
+### AAF CertService CSITs
+#### CSIT repository
+```
+https://gerrit.onap.org/r/admin/repos/integration/csit
+```
+
+####How to run tests locally
+1. Checkout CSIT repository
+2. Configure CSIT local environment
+3. Inside CSIT directory execute
+```
+sudo ./run-csit.sh plans/aaf/certservice
+```
+
+####Jenkins build
+https://jenkins.onap.org/view/CSIT/job/aaf-master-csit-certservice/
+
+### Sonar results
+```
+https://sonarcloud.io/dashboard?id=onap_aaf-certservice
+```
+
+### Maven artifacts
+All maven artifacts are deployed under nexus uri:
+```
+https://nexus.onap.org/content/repositories/snapshots/org/onap/aaf/certservice/
+```
+
+### Docker artifacts
+All docker images are hosted under nexus3 uri:
+```
+https://nexus3.onap.org/repository/docker.snapshot/v2/onap/org.onap.aaf.certservice.aaf-certservice-api/
+```
\ No newline at end of file
+++ /dev/null
-all: build start stop
-.PHONY: build
-
-build:
- @echo "##### Build Cert Service images locally #####"
- mvn clean install -P docker
- @echo "##### DONE #####"
-start:
- @echo "##### Start Cert Service #####"
- docker-compose up -d
- @echo "## Configure ejbca ##"
- docker exec aafcert-ejbca /opt/primekey/scripts/ejbca-configuration.sh
- @echo "##### DONE #####"
-stop:
- @echo "##### Stop Cert Service #####"
- docker-compose down
- @echo "##### DONE #####"
-
-
-
-
-
-
-
-
-
-
-
-
-
-
### Building Docker image and install the package into local repository
```
mvn clean install -P docker
-or
-make build
```
### Running Docker container local
```
docker run -p 8080:8080 --name aaf-certservice-api --mount type=bind,source=/<absolute_path>/cmpServers.json,target=/etc/onap/aaf/certservice/cmpServers.json nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-api:1.0.0
```
-
-### Running Docker container from docker-compose with EJBCA
-Docker-compose uses a local image of certservice.
-Build a docker image locally before run docker compose command.
-```
-1. Build local image
-make build
-2. Start Cert Service with configured EJBCA
-make start
-3. Stop containers
-make stop
-```
-### Running with Helm
-1. Use environment/server with installed kubernetes and helm.
-2. Copy helm/aaf-cert-service directory to that environment.
-3. Enter that environment
-4. Run ```helm install ./aaf-cert-service```
-
### Health Check
Browser:
```
```
Should return {"status":"UP"}
-### AAF CertService CSITs
-#### CSIT repository
-```
-https://gerrit.onap.org/r/admin/repos/integration/csit
-```
-
-####How to run tests locally
-1. Checkout CSIT repository
-2. Configure CSIT local environment
-3. Inside CSIT directory execute
-```
-sudo ./run-csit.sh plans/aaf/certservice
-```
-
-####Jenkins build
-https://jenkins.onap.org/view/CSIT/job/aaf-master-csit-certservice/
-
### Logs locally
path:
You should see:
audit.log error.log trace.log
-### Sonar results
-```
-https://sonarcloud.io/dashboard?id=onap_aaf-certservice
-```
-
-### Maven artifacts
-All maven artifacts are deployed under nexus uri:
-```
-https://nexus.onap.org/content/repositories/snapshots/org/onap/aaf/certservice/
-```
-
-### Docker artifacts
-All docker images are hosted under nexus3 uri:
-```
-https://nexus3.onap.org/repository/docker.snapshot/v2/onap/org.onap.aaf.certservice.aaf-certservice-api/
-```
-
### RestAPI
API is described by Swagger ( OpenAPI 3.0 ) on endpoint /docs
( endpoint is defined in properties as springdoc.swagger-ui.path )
```
http://localchost:8080/docs
-```
-
-### Sonar results
-```
-https://sonarcloud.io/dashboard?id=onap_aaf-certservice
-```
+```
\ No newline at end of file
```
0 Success
1 Invalid client configuration
-2 Invalid CSR data
-3 Failed key pair generation
-4 Failed CSR generation
-5 API return unsuccessful response
-6 Problem with Http Client connection
-7 Failed PKCS12 conversion
-8 Failed Private Key to PEM Encoding
-```
\ No newline at end of file
+2 Invalid CSR configuration
+3 Fail in key pair generation
+4 Fail in CSR generation
+5 CertService HTTP unsuccessful response
+6 Internal HTTP Client connection problem
+7 Fail in PKCS12 conversion
+8 Fail in Private Key to PEM Encoding
+```
+++ /dev/null
-version: "2.1"
-
-services:
- ejbca:
- image: primekey/ejbca-ce:6.15.2.5
- hostname: cahostname
- container_name: aafcert-ejbca
- ports:
- - "80:8080"
- - "443:8443"
- volumes:
- - ../certService/src/main/resources/scripts/:/opt/primekey/scripts
- command: bash -c "
- ./scripts/ejbca-configuration.sh &
- /opt/primekey/bin/start.sh
- "
- healthcheck:
- test: ["CMD-SHELL", "curl -kI https://localhost:8443/ejbca/publicweb/healthcheck/ejbcahealth"]
- interval: 20s
- timeout: 3s
- retries: 9
- networks:
- - certservice
-
- certservice:
- image: onap/org.onap.aaf.certservice.aaf-certservice-api:latest
- volumes:
- - ../certService/helm/aaf-cert-service/resources/cmpServers.json:/etc/onap/aaf/certservice/cmpServers.json
- container_name: aafcert-service
- ports:
- - "8080:8080"
- depends_on:
- ejbca:
- condition: service_healthy
- healthcheck:
- test: ["CMD-SHELL", "curl -f http://localhost:8080/actuator/health"]
- interval: 10s
- timeout: 3s
- retries: 9
- networks:
- - certservice
-
- certservice-client:
- image: onap/org.onap.aaf.certservice.aaf-certservice-client:latest
- container_name: aafcert-client
- env_file:
- - ./client_docker.env
- user: root #Run as root to avoid volume permission issues
- volumes:
- - ./certs_volume/:/var/certs
- depends_on:
- certservice:
- condition: service_healthy
- networks:
- - certservice
-
-networks:
- certservice:
- driver: bridge
*/
package org.onap.aaf.certservice.client;
+import org.onap.aaf.certservice.client.api.ExitStatus;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class AppExitHandler {
- public static final Logger LOGGER = LoggerFactory.getLogger(AppExitHandler.class);
+ private static final Logger LOGGER = LoggerFactory.getLogger(AppExitHandler.class);
- public void exit(int exitCode) {
- LOGGER.debug("Application exits with following exit code: {}", exitCode);
- System.exit(exitCode);
+ public void exit(ExitStatus exitStatus) {
+ LOGGER.info(String.format("Application exits with following exit code: %s and message: %s",
+ exitStatus.getExitCodeValue(), exitStatus.getMessage()));
+ System.exit(exitStatus.getExitCodeValue());
}
-}
\ No newline at end of file
+}
import org.onap.aaf.certservice.client.httpclient.CloseableHttpClientProvider;
import org.onap.aaf.certservice.client.httpclient.HttpClient;
import org.onap.aaf.certservice.client.httpclient.model.CertServiceResponse;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
-import static org.onap.aaf.certservice.client.api.ExitCode.SUCCESS_EXIT_CODE;
+import static org.onap.aaf.certservice.client.api.ExitStatus.SUCCESS;
import static org.onap.aaf.certservice.client.certification.EncryptionAlgorithmConstants.KEY_SIZE;
import static org.onap.aaf.certservice.client.certification.EncryptionAlgorithmConstants.RSA_ENCRYPTION_ALGORITHM;
public class CertServiceClient {
+ private static final Logger LOGGER = LoggerFactory.getLogger(CertServiceClient.class);
+
private AppExitHandler appExitHandler;
public CertServiceClient(AppExitHandler appExitHandler) {
filesCreator.createKeystore(certServiceData.getCertificateChain(), keyPair.getPrivate());
filesCreator.createTruststore(certServiceData.getTrustedCertificates());
} catch (ExitableException e) {
- appExitHandler.exit(e.applicationExitCode());
+ LOGGER.error("Cert Service Client fail in execution: ", e);
+ appExitHandler.exit(e.applicationExitStatus());
}
- appExitHandler.exit(SUCCESS_EXIT_CODE.getValue());
+ appExitHandler.exit(SUCCESS);
}
}
*/
package org.onap.aaf.certservice.client.api;
-public enum ExitCode {
- SUCCESS_EXIT_CODE(0),
- CLIENT_CONFIGURATION_EXCEPTION(1),
- CSR_CONFIGURATION_EXCEPTION(2),
- KEY_PAIR_GENERATION_EXCEPTION(3),
- CSR_GENERATION_EXCEPTION(4),
- CERT_SERVICE_API_CONNECTION_EXCEPTION(5),
- HTTP_CLIENT_EXCEPTION(6),
- PKCS12_CONVERSION_EXCEPTION(7),
- PK_TO_PEM_ENCODING_EXCEPTION(8);
+public enum ExitStatus {
+
+ SUCCESS(0, "Success"),
+ CLIENT_CONFIGURATION_EXCEPTION(1,"Invalid client configuration"),
+ CSR_CONFIGURATION_EXCEPTION(2,"Invalid CSR configuration"),
+ KEY_PAIR_GENERATION_EXCEPTION(3,"Fail in key pair generation"),
+ CSR_GENERATION_EXCEPTION(4,"Fail in CSR generation"),
+ CERT_SERVICE_API_CONNECTION_EXCEPTION(5,"CertService HTTP unsuccessful response"),
+ HTTP_CLIENT_EXCEPTION(6,"Internal HTTP Client connection problem"),
+ PKCS12_CONVERSION_EXCEPTION(7,"Fail in PKCS12 conversion"),
+ PK_TO_PEM_ENCODING_EXCEPTION(8,"Fail in Private Key to PEM Encoding");
private final int value;
+ private final String message;
- ExitCode(int value) {
+ ExitStatus(int value, String message) {
this.value = value;
+ this.message = message;
}
- public int getValue() {
+ public int getExitCodeValue() {
return value;
}
+
+ public String getMessage(){
+ return message;
+ }
}
public ExitableException(String message) {
super(message);
}
- public abstract int applicationExitCode();
+ public abstract ExitStatus applicationExitStatus();
}
import javax.security.auth.x500.X500Principal;
import java.io.IOException;
import java.io.StringWriter;
-import java.nio.charset.StandardCharsets;
import java.security.KeyPair;
-import java.util.Base64;
import java.util.Optional;
import static org.onap.aaf.certservice.client.certification.EncryptionAlgorithmConstants.COMMON_NAME;
try {
return createKeyPairGenerator().generateKeyPair();
} catch (NoSuchAlgorithmException e) {
- LOGGER.error("Generation of KeyPair failed, exception message: " + e.getMessage());
+ LOGGER.error("Generation of KeyPair failed, exception message: {}" , e.getMessage());
throw new KeyPairGenerationException(e);
}
}
try (JcaPEMWriter pemWriter = new JcaPEMWriter(stringWriter)) {
pemWriter.writeObject(new PemObject(PEM_OBJECT_TYPE, pk.getEncoded()));
} catch (IOException e) {
- LOGGER.error("Exception occurred during encoding PrivateKey to PEM", e);
+ LOGGER.error("Encode of private key to PEM failed. Exception message: {}", e.getMessage());
throw new PkEncodingException(e);
}
return stringWriter.toString();
try (FileOutputStream fos = new FileOutputStream(path)) {
fos.write(data);
} catch (IOException e) {
- LOGGER.error("PKCS12 files creation failed", e);
+ LOGGER.error("PKCS12 files creation failed, exception message: {}", e.getMessage());
throw new PemToPKCS12ConverterException(e);
}
}
ks.store(bos, password.toCharArray());
return bos.toByteArray();
} catch (IOException | CertificateException | NoSuchAlgorithmException | KeyStoreException e) {
- LOGGER.error("Pem to PKCS12 converter failed", e);
+ LOGGER.error("Pem to PKCS12 converter failed, exception message: {}", e.getMessage());
throw new PemToPKCS12ConverterException(e);
}
}
.setProvider(new BouncyCastleProvider())
.getCertificate(certHolder);
} catch (IOException | CertificateException e) {
- LOGGER.error("Certificates conversion failed", e);
+ LOGGER.error("Certificates conversion failed, exception message: {}", e.getMessage());
throw new PemToPKCS12ConverterException(e);
}
}
package org.onap.aaf.certservice.client.certification.exception;
-import org.onap.aaf.certservice.client.api.ExitCode;
+import org.onap.aaf.certservice.client.api.ExitStatus;
import org.onap.aaf.certservice.client.api.ExitableException;
public class CsrGenerationException extends ExitableException {
- private static final ExitCode EXIT_CODE = ExitCode.CSR_GENERATION_EXCEPTION;
+ private static final ExitStatus EXIT_STATUS = ExitStatus.CSR_GENERATION_EXCEPTION;
public CsrGenerationException(Throwable e) {
super(e);
}
- public int applicationExitCode() {
- return EXIT_CODE.getValue();
+ public ExitStatus applicationExitStatus() {
+ return EXIT_STATUS;
}
}
*/
package org.onap.aaf.certservice.client.certification.exception;
-import org.onap.aaf.certservice.client.api.ExitCode;
+import org.onap.aaf.certservice.client.api.ExitStatus;
import org.onap.aaf.certservice.client.api.ExitableException;
public class KeyPairGenerationException extends ExitableException {
- private static final ExitCode EXIT_CODE = ExitCode.KEY_PAIR_GENERATION_EXCEPTION;
+ private static final ExitStatus EXIT_STATUS = ExitStatus.KEY_PAIR_GENERATION_EXCEPTION;
public KeyPairGenerationException(Throwable e) {
super(e);
}
- public int applicationExitCode() {
- return EXIT_CODE.getValue();
+ public ExitStatus applicationExitStatus() {
+ return EXIT_STATUS;
}
}
package org.onap.aaf.certservice.client.certification.exception;
-import org.onap.aaf.certservice.client.api.ExitCode;
+import org.onap.aaf.certservice.client.api.ExitStatus;
import org.onap.aaf.certservice.client.api.ExitableException;
public class PemToPKCS12ConverterException extends ExitableException {
- private static final ExitCode EXIT_CODE = ExitCode.PKCS12_CONVERSION_EXCEPTION;
+ private static final ExitStatus EXIT_STATUS = ExitStatus.PKCS12_CONVERSION_EXCEPTION;
public PemToPKCS12ConverterException(Throwable e) {
super(e);
}
@Override
- public int applicationExitCode() {
- return EXIT_CODE.getValue();
+ public ExitStatus applicationExitStatus() {
+ return EXIT_STATUS;
}
}
package org.onap.aaf.certservice.client.certification.exception;
-import org.onap.aaf.certservice.client.api.ExitCode;
+import org.onap.aaf.certservice.client.api.ExitStatus;
import org.onap.aaf.certservice.client.api.ExitableException;
public class PkEncodingException extends ExitableException {
- private static final ExitCode EXIT_CODE = ExitCode.PK_TO_PEM_ENCODING_EXCEPTION;
+ private static final ExitStatus EXIT_STATUS = ExitStatus.PK_TO_PEM_ENCODING_EXCEPTION;
public PkEncodingException(Throwable e) {
super(e);
}
- public int applicationExitCode() {
- return EXIT_CODE.getValue();
+ public ExitStatus applicationExitStatus() {
+ return EXIT_STATUS;
}
}
*/
package org.onap.aaf.certservice.client.configuration.exception;
-import org.onap.aaf.certservice.client.api.ExitCode;
+import org.onap.aaf.certservice.client.api.ExitStatus;
import org.onap.aaf.certservice.client.api.ExitableException;
public class ClientConfigurationException extends ExitableException {
- private static final ExitCode EXIT_CODE = ExitCode.CLIENT_CONFIGURATION_EXCEPTION;
+ private static final ExitStatus EXIT_STATUS = ExitStatus.CLIENT_CONFIGURATION_EXCEPTION;
public ClientConfigurationException(String message) {
super(message);
}
- public int applicationExitCode() {
- return EXIT_CODE.getValue();
+ public ExitStatus applicationExitStatus() {
+ return EXIT_STATUS;
}
}
*/
package org.onap.aaf.certservice.client.configuration.exception;
-import org.onap.aaf.certservice.client.api.ExitCode;
+import org.onap.aaf.certservice.client.api.ExitStatus;
import org.onap.aaf.certservice.client.api.ExitableException;
public class CsrConfigurationException extends ExitableException {
- private static final ExitCode EXIT_CODE = ExitCode.CSR_CONFIGURATION_EXCEPTION;
+ private static final ExitStatus EXIT_STATUS = ExitStatus.CSR_CONFIGURATION_EXCEPTION;
public CsrConfigurationException(String message) {
super(message);
}
- public int applicationExitCode() {
- return EXIT_CODE.getValue();
+ public ExitStatus applicationExitStatus() {
+ return EXIT_STATUS;
}
}
return extractCertServiceResponse(httpResponse);
} catch (IOException e) {
- LOGGER.error("Failed execute request to API for URL: {}{} . Exception message: {}",
+ LOGGER.error("Failed execute request to API for URL: {}{} , exception message: {}",
certServiceAddress, caName, e.getMessage());
throw new HttpClientException(e);
}
}
- private int getStatusCode(HttpResponse httpResponse) {
- return httpResponse.getStatusLine().getStatusCode();
+ private HttpGet createHttpRequest(String caName, String csr, String pk) {
+ String url = certServiceAddress + caName;
+ HttpGet httpGet = new HttpGet(url);
+ httpGet.addHeader(CSR_HEADER_NAME, csr);
+ httpGet.addHeader(PK_HEADER_NAME, pk);
+ return httpGet;
}
private CertServiceResponse extractCertServiceResponse(HttpResponse httpResponse)
return gson.fromJson(jsonResponse, CertServiceResponse.class);
}
- private String getStringResponse(HttpEntity httpEntity) throws HttpClientException {
- try {
- return EntityUtils.toString(httpEntity, CHARSET_UTF_8);
- } catch (IOException e) {
- LOGGER.error("Cannot parse response to string", e);
- throw new HttpClientException(e);
- }
- }
-
- private HttpGet createHttpRequest(String caName, String csr, String pk) {
- String url = certServiceAddress + caName;
- HttpGet httpGet = new HttpGet(url);
- httpGet.addHeader(CSR_HEADER_NAME, csr);
- httpGet.addHeader(PK_HEADER_NAME, pk);
- return httpGet;
- }
-
-
private CertServiceApiResponseException generateApiResponseException(HttpResponse httpResponse)
throws HttpClientException {
String stringResponse = getStringResponse(httpResponse.getEntity());
ErrorCertServiceResponse errorCertServiceResponse =
gson.fromJson(stringResponse, ErrorCertServiceResponse.class);
- String messageFromApi = errorCertServiceResponse.getMessage();
- String path = errorCertServiceResponse.getPath();
- int httpResponseCode = getStatusCode(httpResponse);
+ return new CertServiceApiResponseException(getStatusCode(httpResponse), errorCertServiceResponse.getMessage());
+ }
+
+ private int getStatusCode(HttpResponse httpResponse) {
+ return httpResponse.getStatusLine().getStatusCode();
+ }
- return new CertServiceApiResponseException(certServiceAddress + path, httpResponseCode, messageFromApi);
+ private String getStringResponse(HttpEntity httpEntity) throws HttpClientException {
+ try {
+ return EntityUtils.toString(httpEntity, CHARSET_UTF_8);
+ } catch (IOException e) {
+ LOGGER.error("Cannot parse response to string, exception message: {}", e.getMessage());
+ throw new HttpClientException(e);
+ }
}
}
package org.onap.aaf.certservice.client.httpclient.exception;
-import org.onap.aaf.certservice.client.api.ExitCode;
+import org.onap.aaf.certservice.client.api.ExitStatus;
import org.onap.aaf.certservice.client.api.ExitableException;
public class CertServiceApiResponseException extends ExitableException {
- private static final ExitCode EXIT_CODE = ExitCode.CERT_SERVICE_API_CONNECTION_EXCEPTION;
+ private static final ExitStatus EXIT_STATUS = ExitStatus.CERT_SERVICE_API_CONNECTION_EXCEPTION;
- public CertServiceApiResponseException(String url, int responseCode, String messageFromAPI) {
+ public CertServiceApiResponseException(int responseCode, String messageFromAPI) {
- super(String.format("Request failed for URL '%s'. Response code: %d . Message from API: %s",
- url,
+ super(String.format("CertService HTTP unsuccessful response. Response code: %d . Message from Service: %s",
responseCode,
messageFromAPI));
}
@Override
- public int applicationExitCode() {
- return EXIT_CODE.getValue();
+ public ExitStatus applicationExitStatus() {
+ return EXIT_STATUS;
}
}
package org.onap.aaf.certservice.client.httpclient.exception;
-import org.onap.aaf.certservice.client.api.ExitCode;
+import org.onap.aaf.certservice.client.api.ExitStatus;
import org.onap.aaf.certservice.client.api.ExitableException;
public class HttpClientException extends ExitableException {
- private static final ExitCode EXIT_CODE = ExitCode.HTTP_CLIENT_EXCEPTION;
+ private static final ExitStatus EXIT_STATUS = ExitStatus.HTTP_CLIENT_EXCEPTION;
- public HttpClientException(Throwable e) {
+ public HttpClientException(Throwable e){
super(e);
}
@Override
- public int applicationExitCode() {
- return EXIT_CODE.getValue();
+ public ExitStatus applicationExitStatus() {
+ return EXIT_STATUS;
}
}
public class ErrorCertServiceResponse {
- private final String message;
- private final String path;
+ private final String errorMessage;
- public ErrorCertServiceResponse(String message, String path) {
- this.message = message;
- this.path = path;
+ public ErrorCertServiceResponse(String errorMessage) {
+ this.errorMessage = errorMessage;
}
public String getMessage() {
- return message;
+ return errorMessage;
}
- public String getPath() {
- return path;
- }
}
import static org.mockito.Mockito.doNothing;
import static org.mockito.Mockito.verify;
-import static org.onap.aaf.certservice.client.api.ExitCode.CLIENT_CONFIGURATION_EXCEPTION;
-import static org.onap.aaf.certservice.client.api.ExitCode.SUCCESS_EXIT_CODE;
+import static org.onap.aaf.certservice.client.api.ExitStatus.CLIENT_CONFIGURATION_EXCEPTION;
+import static org.onap.aaf.certservice.client.api.ExitStatus.SUCCESS;
@ExtendWith(MockitoExtension.class)
class CertServiceClientTest {
@Test
public void shouldExitWithDefinedExitCode_onRunCallWhenNoEnvsPresent() {
// given
- doNothing().when(appExitHandler).exit(CLIENT_CONFIGURATION_EXCEPTION.getValue());
- doNothing().when(appExitHandler).exit(SUCCESS_EXIT_CODE.getValue());
+ doNothing().when(appExitHandler).exit(CLIENT_CONFIGURATION_EXCEPTION);
+ doNothing().when(appExitHandler).exit(SUCCESS);
CertServiceClient certServiceClient = new CertServiceClient(appExitHandler);
// when
certServiceClient.run();
// then
- verify(appExitHandler).exit(CLIENT_CONFIGURATION_EXCEPTION.getValue());
- verify(appExitHandler).exit(SUCCESS_EXIT_CODE.getValue());
+ verify(appExitHandler).exit(CLIENT_CONFIGURATION_EXCEPTION);
+ verify(appExitHandler).exit(SUCCESS);
}
-}
\ No newline at end of file
+}
+++ /dev/null
-/*============LICENSE_START=======================================================
- * aaf-certservice-client
- * ================================================================================
- * Copyright (C) 2020 Nokia. All rights reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-package org.onap.aaf.certservice.client;
-
-import org.onap.aaf.certservice.client.api.ExitableException;
-
-class DummyExitableException extends ExitableException {
- private static final int EXIT_CODE = 888;
-
- DummyExitableException() {
- super("This is Test Exitable Exception");
- }
-
- @Override
- public int applicationExitCode() {
- return EXIT_CODE;
- }
-
-}
import org.assertj.core.api.Condition;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
-import org.onap.aaf.certservice.client.api.ExitCode;
import org.onap.aaf.certservice.client.configuration.CsrConfigurationEnvs;
import org.onap.aaf.certservice.client.configuration.EnvsForCsr;
import org.onap.aaf.certservice.client.configuration.exception.CsrConfigurationException;
import org.onap.aaf.certservice.client.configuration.factory.CsrConfigurationFactory;
import java.util.Optional;
-import java.util.function.Predicate;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
+import static org.onap.aaf.certservice.client.api.ExitStatus.CSR_CONFIGURATION_EXCEPTION;
public class CsrConfigurationFactoryTest {
private Condition<CsrConfigurationException> expectedExitCodeCondition = new Condition<>("Correct exit code"){
@Override
public boolean matches(CsrConfigurationException e) {
- return e.applicationExitCode() == ExitCode.CSR_CONFIGURATION_EXCEPTION.getValue();
+ return e.applicationExitStatus() == CSR_CONFIGURATION_EXCEPTION;
}
};
import org.apache.http.impl.client.CloseableHttpClient;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
-import org.onap.aaf.certservice.client.api.ExitCode;
import org.onap.aaf.certservice.client.httpclient.exception.CertServiceApiResponseException;
import org.onap.aaf.certservice.client.httpclient.exception.HttpClientException;
import org.onap.aaf.certservice.client.httpclient.model.CertServiceResponse;
import static java.net.HttpURLConnection.HTTP_BAD_REQUEST;
import static java.net.HttpURLConnection.HTTP_OK;
-import static org.junit.jupiter.api.Assertions.assertEquals;
-import static org.junit.jupiter.api.Assertions.assertNotNull;
-import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
import static org.mockito.Mockito.any;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
List<String> trustedCertificate = certServiceResponse.getTrustedCertificates();
// then
- assertNotNull(certServiceResponse);
+ assertThat(certServiceResponse).isNotNull();
final int expectedTwoElements = 2;
- assertEquals(expectedTwoElements, certificateChain.size());
- assertEquals(expectedTwoElements, trustedCertificate.size());
- assertEquals(EXPECTED_FIRST_ELEMENT_OF_CERTIFICATE_CHAIN, certificateChain.get(0));
- assertEquals(EXPECTED_FIRST_ELEMENT_OF_TRUSTED_CERTIFICATES, trustedCertificate.get(0));
+ assertThat(certificateChain).hasSize(expectedTwoElements);
+ assertThat(trustedCertificate).hasSize(expectedTwoElements);
+
+ assertThat(certificateChain.get(0)).isEqualTo(EXPECTED_FIRST_ELEMENT_OF_CERTIFICATE_CHAIN);
+ assertThat(trustedCertificate.get(0)).isEqualTo(EXPECTED_FIRST_ELEMENT_OF_TRUSTED_CERTIFICATES);
}
@Test
void shouldThrowCertServiceApiResponseException_WhenPkHeaderIsMissing() throws Exception {
- // given
+ //given
mockServerResponse(HTTP_BAD_REQUEST, MISSING_PK_RESPONSE);
- // when
- CertServiceApiResponseException exception =
- assertThrows(CertServiceApiResponseException.class,
- () -> httpClient.retrieveCertServiceData(CA_NAME, CSR, ""));
-
- // then
- assertEquals(ExitCode.CERT_SERVICE_API_CONNECTION_EXCEPTION.getValue(), exception.applicationExitCode());
+ //when //then
+ assertThatExceptionOfType(CertServiceApiResponseException.class)
+ .isThrownBy(()->httpClient.retrieveCertServiceData(CA_NAME, CSR, ""));
}
@Test
- void shouldThrowHttpClientException_WhenCannotExecuteRequestToAPI() throws Exception{
+ void shouldThrowHttpClientException_WhenCannotExecuteRequestToAPI() throws Exception {
//given
when(closeableHttpClient.execute(any(HttpGet.class))).thenThrow(IOException.class);
- //when
- HttpClientException exception =
- assertThrows(HttpClientException.class,
- () -> httpClient.retrieveCertServiceData(CA_NAME, CSR, ""));
-
- //then
- assertEquals(ExitCode.HTTP_CLIENT_EXCEPTION.getValue(), exception.applicationExitCode());
+ //when //then
+ assertThatExceptionOfType(HttpClientException.class)
+ .isThrownBy(()->httpClient.retrieveCertServiceData(CA_NAME, CSR, ""));
}
@Test
- void shouldThrowHttpClientException_WhenCannotParseResponseToString() throws Exception{
+ void shouldThrowHttpClientException_WhenCannotParseResponseToString() throws Exception {
//given
mockServerResponse(HTTP_OK, CORRECT_RESPONSE);
when(httpEntity.getContent()).thenThrow(IOException.class);
- //when
- HttpClientException exception =
- assertThrows(HttpClientException.class,
- () -> httpClient.retrieveCertServiceData(CA_NAME, CSR, ""));
-
- //then
- assertEquals(ExitCode.HTTP_CLIENT_EXCEPTION.getValue(), exception.applicationExitCode());
+ //when //then
+ assertThatExceptionOfType(HttpClientException.class)
+ .isThrownBy(()->httpClient.retrieveCertServiceData(CA_NAME, CSR, ""));
}
private void mockServerResponse(int serverCodeResponse, String stringResponse)
#Client envs
-REQUEST_URL=http://certservice:8080/v1/certificate/
+REQUEST_URL=http://aafcert-service:8080/v1/certificate/
REQUEST_TIMEOUT=1000
OUTPUT_PATH=/var/certs
CA_NAME=RA
- "80:8080"
- "443:8443"
volumes:
- - ./src/main/resources/scripts/:/opt/primekey/scripts
- command: bash -c "
- /opt/primekey/bin/start.sh
- "
+ - ./compose-resources/ejbca-configuration.sh:/opt/primekey/scripts/ejbca-configuration.sh
healthcheck:
test: ["CMD-SHELL", "curl -kI https://localhost:8443/ejbca/publicweb/healthcheck/ejbcahealth"]
interval: 10s
timeout: 3s
- retries: 9
+ retries: 15
networks:
- certservice
certservice:
image: onap/org.onap.aaf.certservice.aaf-certservice-api:latest
- volumes:
- - ./helm/aaf-cert-service/resources/cmpServers.json:/etc/onap/aaf/certservice/cmpServers.json
container_name: aafcert-service
+ volumes:
+ - ./certService/helm/aaf-cert-service/resources/cmpServers.json:/etc/onap/aaf/certservice/cmpServers.json
ports:
- "8080:8080"
depends_on:
Code Review / oom / platform / cert-service.git / commitdiff