livenessProbe:
httpGet:
port: {{ .Values.containerPort }}
- path: {{ .Values.healthcheck.path }}
+ path: {{ .Values.liveness.path }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
readinessProbe:
httpGet:
port: {{ .Values.containerPort }}
- path: {{ .Values.healthcheck.path }}
+ path: {{ .Values.readiness.path }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
liveness:
initialDelaySeconds: 60
periodSeconds: 10
+ path: /actuator/health
readiness:
initialDelaySeconds: 30
periodSeconds: 10
-healthcheck:
- path: /actuator/health
+ path: /ready
volume:
name: aaf-cert-service-volume
mountPath: /etc/onap/aaf/certservice
--- /dev/null
+/*
+ * ============LICENSE_START=======================================================
+ * PROJECT
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.aaf.certservice.api;
+
+import org.onap.aaf.certservice.certification.configuration.CmpServersConfig;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+public class ReadinessController {
+
+ private final CmpServersConfig cmpServersConfig;
+
+ @Autowired
+ public ReadinessController(CmpServersConfig cmpServersConfig) {
+ this.cmpServersConfig = cmpServersConfig;
+ }
+
+ @GetMapping("/ready")
+ public ResponseEntity<String> checkReady() {
+ if (cmpServersConfig.isReady()) {
+ return new ResponseEntity<>(HttpStatus.OK);
+ } else {
+ return new ResponseEntity<>(HttpStatus.SERVICE_UNAVAILABLE);
+ }
+ }
+}
public Optional<String> asString() {
try {
String decodedString = new String(decoder.decode(value));
- LOGGER.debug("Decoded string: {}", decodedString);
return Optional.of(decodedString);
} catch(RuntimeException e) {
LOGGER.error("Exception occurred during decoding:", e);
try (StringReader stringReader = new StringReader(pem);
PemReader pemReader = new PemReader(stringReader)) {
- LOGGER.debug("Creating pem object from: {}", pem);
return Optional.ofNullable(pemReader.readPemObject());
} catch (DecoderException | IOException e) {
LOGGER.error("Exception occurred during creation of PEM:", e);
public class CmpServersConfig {
private static final Logger LOGGER = LoggerFactory.getLogger(CmpServersConfig.class);
+ private static final String INIT_CONFIGURATION = "Loading initial configuration";
+ private static final String RELOADING_CONFIGURATION = "Reloading configuration";
private static final String LOADING_SUCCESS_MESSAGE = "CMP Servers configuration successfully loaded from file {}";
private static final String CMP_SERVERS_CONFIG_FILENAME = "cmpServers.json";
- private static final String INIT_CONFIGURATION = "Loading initial configuration";
- private static final String REFRESHING_CONFIGURATION = "Refreshing configuration";
private final String configPath;
private final CmpServersConfigLoader cmpServersConfigLoader;
private List<Cmpv2Server> cmpServers;
+ private volatile boolean isReady;
@Autowired
public CmpServersConfig(@Value("${app.config.path}") String configPath,
@PostConstruct
void init() {
- LOGGER.info(INIT_CONFIGURATION);
try {
+ LOGGER.info(INIT_CONFIGURATION);
loadConfiguration();
} catch (CmpServersConfigLoadingException e) {
LOGGER.error(e.getMessage(), e.getCause());
}
public void reloadConfiguration() throws CmpServersConfigLoadingException {
- LOGGER.info(REFRESHING_CONFIGURATION);
+ LOGGER.info(RELOADING_CONFIGURATION);
loadConfiguration();
}
- void loadConfiguration() throws CmpServersConfigLoadingException {
+
+ synchronized void loadConfiguration() throws CmpServersConfigLoadingException {
+ isReady = false;
String configFilePath = configPath + File.separator + CMP_SERVERS_CONFIG_FILENAME;
this.cmpServers = Collections.unmodifiableList(cmpServersConfigLoader.load(configFilePath));
LOGGER.info(LOADING_SUCCESS_MESSAGE, configFilePath);
+ isReady = true;
}
public List<Cmpv2Server> getCmpServers() {
return cmpServers;
}
+ public boolean isReady() {
+ return isReady;
+ }
}
--- /dev/null
+/*
+ * ============LICENSE_START=======================================================
+ * PROJECT
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.aaf.certservice.api;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.Mock;
+import org.mockito.Mockito;
+import org.mockito.junit.jupiter.MockitoExtension;
+import org.onap.aaf.certservice.certification.configuration.CmpServersConfig;
+import org.springframework.http.HttpStatus;
+
+@ExtendWith(MockitoExtension.class)
+public class ReadinessControllerTest {
+
+ @Mock
+ private CmpServersConfig cmpServersConfig;
+
+ @Test
+ public void shouldReturnStatusOkWhenConfigIsReady() {
+ // Given
+ Mockito.when(cmpServersConfig.isReady()).thenReturn(true);
+
+ // Then
+ assertThat(new ReadinessController(cmpServersConfig).checkReady().getStatusCode()).isEqualTo(HttpStatus.OK);;
+ }
+
+ @Test
+ public void shouldReturnStatusServiceUnavailableWhenConfigIsNotReady() {
+ // Given
+ Mockito.when(cmpServersConfig.isReady()).thenReturn(false);
+
+ // Then
+ assertThat(new ReadinessController(cmpServersConfig).checkReady().getStatusCode()).isEqualTo(HttpStatus.SERVICE_UNAVAILABLE);;
+ }
+
+}
package org.onap.aaf.certservice.certification;
+import org.bouncycastle.util.encoders.Base64;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemWriter;
+import org.onap.aaf.certservice.certification.exception.DecryptionException;
import org.onap.aaf.certservice.certification.exception.KeyDecryptionException;
+import org.onap.aaf.certservice.certification.model.CsrModel;
import java.io.IOException;
import java.io.StringWriter;
+import static org.onap.aaf.certservice.certification.TestData.TEST_CSR;
+import static org.onap.aaf.certservice.certification.TestData.TEST_PK;
+
public final class TestUtils {
throw new KeyDecryptionException("Writing PAM Object to string failed", e);
}
}
+
+ public static CsrModel createCsrModel() throws DecryptionException {
+ CsrModelFactory csrModelFactory = new CsrModelFactory();
+ String encoderCsr = new String(Base64.encode(TEST_CSR.getBytes()));
+ String encoderPK = new String(Base64.encode(TEST_PK.getBytes()));
+ return csrModelFactory
+ .createCsrModel(new CsrModelFactory.StringBase64(encoderCsr), new CsrModelFactory.StringBase64(encoderPK));
+ }
}
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.Arrays;
-import java.util.Collections;
import java.util.List;
import static org.assertj.core.api.Assertions.assertThat;
--- /dev/null
+/*
+ * ============LICENSE_START=======================================================
+ * PROJECT
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.aaf.certservice.certification.adapter;
+
+import org.bouncycastle.operator.ContentSigner;
+import org.bouncycastle.operator.OperatorCreationException;
+import org.bouncycastle.pkcs.PKCS10CertificationRequest;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.onap.aaf.certservice.certification.exception.DecryptionException;
+import org.onap.aaf.certservice.certification.model.CsrModel;
+
+import java.io.IOException;
+import java.security.PrivateKey;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.onap.aaf.certservice.certification.TestUtils.createCsrModel;
+
+class RSAContentSignerBuilderTest {
+
+ private RSAContentSignerBuilder rsaContentSignerBuilder;
+
+ @BeforeEach
+ void setUp() {
+ rsaContentSignerBuilder = new RSAContentSignerBuilder();
+ }
+
+ @Test
+ void shouldBuildProperContentSignerWhenProvidedCertificationRequestAndPrivateKey()
+ throws IOException, OperatorCreationException, DecryptionException {
+ // Given
+ CsrModel testCsrModel = createCsrModel();
+ PKCS10CertificationRequest testCertificationRequest = testCsrModel.getCsr();
+ PrivateKey testPrivateKey = testCsrModel.getPrivateKey();
+
+ // When
+ ContentSigner createdContentSigner = rsaContentSignerBuilder.build(testCertificationRequest, testPrivateKey);
+
+ // Then
+ assertThat(createdContentSigner.getAlgorithmIdentifier())
+ .isEqualTo(testCertificationRequest.getSignatureAlgorithm());
+ }
+
+}
--- /dev/null
+/*
+ * ============LICENSE_START=======================================================
+ * PROJECT
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.aaf.certservice.certification.adapter;
+
+import org.bouncycastle.cert.X509CertificateHolder;
+import org.bouncycastle.cert.X509v3CertificateBuilder;
+import org.bouncycastle.operator.ContentSigner;
+import org.bouncycastle.operator.OperatorCreationException;
+import org.bouncycastle.pkcs.PKCS10CertificationRequest;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.onap.aaf.certservice.certification.exception.DecryptionException;
+import org.onap.aaf.certservice.certification.model.CsrModel;
+
+import java.io.IOException;
+import java.security.PrivateKey;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.onap.aaf.certservice.certification.TestUtils.createCsrModel;
+
+public class X509CertificateBuilderTest {
+
+ private X509CertificateBuilder certificateBuilde;
+
+
+ @BeforeEach
+ void setUp() {
+ certificateBuilde = new X509CertificateBuilder();
+ }
+
+ @Test
+ void shouldBuildCertificateBuilderWhenGivenProperCertificationRequest()
+ throws DecryptionException, IOException, OperatorCreationException {
+ // Given
+ CsrModel testCsrModel = createCsrModel();
+ PKCS10CertificationRequest testCertificationRequest = testCsrModel.getCsr();
+ PrivateKey testPrivateKey = testCsrModel.getPrivateKey();
+ RSAContentSignerBuilder rsaContentSignerBuilder = new RSAContentSignerBuilder();
+ ContentSigner createdContentSigner = rsaContentSignerBuilder.build(testCertificationRequest, testPrivateKey);
+
+ // When
+ X509v3CertificateBuilder certificateBuilder = certificateBuilde.build(testCertificationRequest);
+ X509CertificateHolder certificateHolder = certificateBuilder.build(createdContentSigner);
+
+ // Then
+ assertThat(certificateHolder.getIssuer())
+ .isEqualToComparingFieldByField(testCsrModel.getSubjectData());
+ assertThat(certificateHolder.getSubjectPublicKeyInfo())
+ .isEqualToComparingFieldByField(testCertificationRequest.getSubjectPublicKeyInfo());
+ }
+}
assertThat(exception.getMessage()).isEqualTo(ERROR_MESSAGE);
}
+ @Test
+ void shouldBeNotReadyWhenCreated() {
+ assertThat(cmpServersConfig.isReady()).isFalse();
+ }
+
+ @Test
+ void shouldBeReadyWhenSuccessfullyInitialized() {
+ // When
+ this.cmpServersConfig.init(); // Manual PostConstruct call
+
+ // Then
+ assertThat(cmpServersConfig.isReady()).isTrue();
+ }
+
+ @Test
+ void shouldNotBeReadyWhenFailedToInitialize() throws CmpServersConfigLoadingException {
+ // Given
+ Mockito.when(cmpServersConfigLoader.load(any())).thenThrow(new CmpServersConfigLoadingException(ERROR_MESSAGE));
+
+ // When
+ this.cmpServersConfig.init(); // Manual PostConstruct call
+
+ // Then
+ assertThat(cmpServersConfig.isReady()).isFalse();
+ }
+
+ @Test
+ void shouldBeReadyWhenSuccessfullyReloaded() throws CmpServersConfigLoadingException {
+ // When
+ this.cmpServersConfig.reloadConfiguration();
+
+ // Then
+ assertThat(cmpServersConfig.isReady()).isTrue();
+ }
+
+ @Test
+ void shouldNotBeReadyWhenFailedToReload() throws CmpServersConfigLoadingException {
+ // Given
+ Mockito.when(cmpServersConfigLoader.load(any())).thenThrow(new CmpServersConfigLoadingException(ERROR_MESSAGE));
+
+ // When
+ assertThrows(
+ CmpServersConfigLoadingException.class,
+ () -> cmpServersConfig.loadConfiguration());
+
+ // Then
+ assertThat(cmpServersConfig.isReady()).isFalse();
+ }
+
private static List<Cmpv2Server> generateTestConfiguration() {
Cmpv2Server testServer1 = new Cmpv2Server();
testServer1.setCaName("TEST_CA1");
Code Review / oom / platform / cert-service.git / commitdiff