* ============LICENSE_END=========================================================
*/
-package org.onap.aaf.certservice.certification.adapter;
+package org.onap.aaf.certservice.certification;
import java.io.InputStream;
import java.security.NoSuchProviderException;
package org.onap.aaf.certservice.certification;
-import org.onap.aaf.certservice.certification.adapter.Cmpv2ClientAdapter;
+import org.bouncycastle.openssl.jcajce.JcaMiscPEMGenerator;
+import org.bouncycastle.util.io.pem.PemObjectGenerator;
+import org.bouncycastle.util.io.pem.PemWriter;
import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server;
import org.onap.aaf.certservice.certification.model.CertificationModel;
import org.onap.aaf.certservice.certification.model.CsrModel;
+import org.onap.aaf.certservice.cmpv2client.api.CmpClient;
import org.onap.aaf.certservice.cmpv2client.exceptions.CmpClientException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
+import java.io.IOException;
+import java.io.StringWriter;
+import java.security.cert.X509Certificate;
+import java.util.List;
+import java.util.stream.Collectors;
+
@Service
public class CertificationProvider {
- private final Cmpv2ClientAdapter cmpv2ClientAdapter;
+ private static final Logger LOGGER = LoggerFactory.getLogger(CertificationProvider.class);
+
+ private final CmpClient cmpClient;
@Autowired
- public CertificationProvider(Cmpv2ClientAdapter cmpv2ClientAdapter) {
- this.cmpv2ClientAdapter = cmpv2ClientAdapter;
+ public CertificationProvider(CmpClient cmpClient) {
+ this.cmpClient = cmpClient;
}
- CertificationModel signCsr(CsrModel csrModel, Cmpv2Server server)
+ public CertificationModel signCsr(CsrModel csrModel, Cmpv2Server server)
throws CmpClientException {
- return cmpv2ClientAdapter.callCmpClient(csrModel, server);
+ List<List<X509Certificate>> certificates = cmpClient.createCertificate(csrModel, server);
+ return new CertificationModel(convertFromX509CertificateListToPemList(certificates.get(0)),
+ convertFromX509CertificateListToPemList(certificates.get(1)));
+ }
+
+ private static List<String> convertFromX509CertificateListToPemList(List<X509Certificate> certificates) {
+ return certificates.stream().map(CertificationProvider::convertFromX509CertificateToPem).filter(cert -> !cert.isEmpty())
+ .collect(Collectors.toList());
+ }
+
+ private static String convertFromX509CertificateToPem(X509Certificate certificate) {
+ StringWriter sw = new StringWriter();
+ try (PemWriter pw = new PemWriter(sw)) {
+ PemObjectGenerator gen = new JcaMiscPEMGenerator(certificate);
+ pw.writeObject(gen);
+ } catch (IOException e) {
+ LOGGER.error("Exception occurred during convert of X509 certificate", e);
+ }
+ return sw.toString();
}
}
* ============LICENSE_END=========================================================
*/
-package org.onap.aaf.certservice.certification.adapter;
+package org.onap.aaf.certservice.certification;
import java.io.IOException;
import java.security.PrivateKey;
* ============LICENSE_END=========================================================
*/
-package org.onap.aaf.certservice.certification.adapter;
+package org.onap.aaf.certservice.certification;
import java.io.IOException;
import java.math.BigInteger;
private static final int SECURE_NEXT_BYTES = 16;
private static final int VALID_PERIOD_IN_DAYS = 365;
- X509v3CertificateBuilder build(PKCS10CertificationRequest csr) throws IOException {
+ public X509v3CertificateBuilder build(PKCS10CertificationRequest csr) throws IOException {
return new X509v3CertificateBuilder(csr.getSubject(), createSerial(),
Date.from(LocalDateTime.now().toInstant(ZoneOffset.UTC)),
Date.from(LocalDateTime.now().plusDays(VALID_PERIOD_IN_DAYS).toInstant(ZoneOffset.UTC)),
+++ /dev/null
-/*
- * ============LICENSE_START=======================================================
- * Cert Service
- * ================================================================================
- * Copyright (C) 2020 Nokia. All rights reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-
-package org.onap.aaf.certservice.certification.adapter;
-
-import java.io.IOException;
-import java.io.StringWriter;
-import java.security.cert.X509Certificate;
-import java.util.List;
-import java.util.stream.Collectors;
-
-import org.bouncycastle.openssl.jcajce.JcaMiscPEMGenerator;
-import org.bouncycastle.util.io.pem.PemObjectGenerator;
-import org.bouncycastle.util.io.pem.PemWriter;
-import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server;
-import org.onap.aaf.certservice.certification.model.CertificationModel;
-import org.onap.aaf.certservice.certification.model.CsrModel;
-import org.onap.aaf.certservice.cmpv2client.api.CmpClient;
-import org.onap.aaf.certservice.cmpv2client.exceptions.CmpClientException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Component;
-
-@Component
-public class Cmpv2ClientAdapter {
-
- private static final Logger LOGGER = LoggerFactory.getLogger(Cmpv2ClientAdapter.class);
-
- private final CmpClient cmpClient;
-
- @Autowired
- public Cmpv2ClientAdapter(CmpClient cmpClient) {
- this.cmpClient = cmpClient;
- }
-
- /**
- * Uses CmpClient to call to Cmp Server and gather certificates data
- *
- * @param csrModel Certificate Signing Request from Service external API
- * @param server Cmp Server configuration from cmpServers.json
- * @return container for returned certificates
- * @throws CmpClientException Exceptions which comes from Cmp Client
- */
- public CertificationModel callCmpClient(CsrModel csrModel, Cmpv2Server server)
- throws CmpClientException {
- List<List<X509Certificate>> certificates = cmpClient.createCertificate(csrModel, server);
- return new CertificationModel(convertFromX509CertificateListToPemList(certificates.get(0)),
- convertFromX509CertificateListToPemList(certificates.get(1)));
- }
-
- private String convertFromX509CertificateToPem(X509Certificate certificate) {
- StringWriter sw = new StringWriter();
- try (PemWriter pw = new PemWriter(sw)) {
- PemObjectGenerator gen = new JcaMiscPEMGenerator(certificate);
- pw.writeObject(gen);
- } catch (IOException e) {
- LOGGER.error("Exception occurred during convert of X509 certificate", e);
- }
- return sw.toString();
- }
-
- private List<String> convertFromX509CertificateListToPemList(List<X509Certificate> certificates) {
- return certificates.stream().map(this::convertFromX509CertificateToPem).filter(cert -> !cert.isEmpty())
- .collect(Collectors.toList());
- }
-
-}
private final CloseableHttpClient httpClient;
private static final String DEFAULT_CA_NAME = "Certification Authority";
+ private static final String DEFAULT_PROFILE = CaMode.RA.getProfile();
public CmpClientImpl(CloseableHttpClient httpClient) {
this.httpClient = httpClient;
final Date notBefore,
final Date notAfter) {
-
String caName = CmpUtil.isNullOrEmpty(server.getCaName()) ? server.getCaName() : DEFAULT_CA_NAME;
- String caProfile = server.getCaMode() != null ? String.valueOf(server.getCaMode()) : String.valueOf(CaMode.RA);
+ String profile = server.getCaMode() != null ? server.getCaMode().getProfile() : DEFAULT_PROFILE;
LOG.info(
- "Validate before creating Certificate Request for CA :{} in Mode {} ", caName, caProfile);
+ "Validate before creating Certificate Request for CA :{} in Mode {} ", caName, profile);
CmpUtil.notNull(csrModel, "CsrModel Instance");
CmpUtil.notNull(csrModel.getSubjectData(), "Subject DN");
package org.onap.aaf.certservice.certification;
+import org.apache.commons.io.IOUtils;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
-import org.onap.aaf.certservice.certification.adapter.Cmpv2ClientAdapter;
import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server;
-import org.onap.aaf.certservice.certification.exception.Cmpv2ClientAdapterException;
-import org.onap.aaf.certservice.certification.exception.DecryptionException;
import org.onap.aaf.certservice.certification.model.CertificationModel;
import org.onap.aaf.certservice.certification.model.CsrModel;
+import org.onap.aaf.certservice.cmpv2client.api.CmpClient;
import org.onap.aaf.certservice.cmpv2client.exceptions.CmpClientException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.charset.StandardCharsets;
+import java.security.NoSuchProviderException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+import java.util.Objects;
+
import static org.assertj.core.api.Assertions.assertThat;
import static org.junit.jupiter.api.Assertions.assertThrows;
-import static org.mockito.ArgumentMatchers.eq;
-import static org.mockito.Mockito.mock;
+import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.when;
@ExtendWith(MockitoExtension.class)
class CertificationProviderTest {
- private CertificationProvider certificationProvider;
-
@Mock
- private Cmpv2ClientAdapter cmpv2ClientAdapter;
+ private CsrModel csrModel;
+ @Mock
+ private Cmpv2Server server;
+ @Mock
+ private CsrModel testCsrModel;
+ @Mock
+ private Cmpv2Server testServer;
+ @Mock
+ private CmpClient cmpClient;
+
+ private CertificationProvider certificationProvider;
@BeforeEach
- void setUp() {
- certificationProvider = new CertificationProvider(cmpv2ClientAdapter);
+ public void init() {
+ certificationProvider = new CertificationProvider(cmpClient);
}
@Test
- void certificationProviderShouldReturnCertificationModelWhenProvidedProperCsrModelAndCmpv2Server()
- throws CmpClientException, Cmpv2ClientAdapterException {
- // Given
- CsrModel testCsrModel = mock(CsrModel.class);
- Cmpv2Server testServer = mock(Cmpv2Server.class);
- CertificationModel expectedCertificationModel = mock(CertificationModel.class);
+ void shouldConvertToCertificationModel()
+ throws CertificateException, NoSuchProviderException, IOException, CmpClientException {
+ // When
when(
- cmpv2ClientAdapter.callCmpClient(eq(testCsrModel), eq(testServer))
- ).thenReturn(expectedCertificationModel);
+ cmpClient.createCertificate(any(CsrModel.class), any(Cmpv2Server.class))
+ ).thenReturn(createCorrectClientResponse());
- // When
- CertificationModel receivedCertificationModel = certificationProvider.signCsr(testCsrModel, testServer);
+ CertificationModel certificationModel = certificationProvider.signCsr(csrModel, server);
// Then
- assertThat(receivedCertificationModel).isEqualTo(expectedCertificationModel);
+ InputStream certificate = getClass().getClassLoader().getResourceAsStream("certificateModelChain.first");
+ InputStream trustedCertificate =
+ getClass().getClassLoader().getResourceAsStream("trustedCertificatesModel.first");
+ String certificateModel = removeLineEndings(certificationModel.getCertificateChain().get(0));
+ String expectedCertificate =
+ removeLineEndings(IOUtils.toString(Objects.requireNonNull(certificate), StandardCharsets.UTF_8));
+ String trustedCertificateModel = removeLineEndings(certificationModel.getTrustedCertificates().get(0));
+ String expectedTrustedCertificate =
+ removeLineEndings(IOUtils.toString(Objects.requireNonNull(trustedCertificate), StandardCharsets.UTF_8));
+
+ assertThat(certificateModel).isEqualTo(expectedCertificate);
+ assertThat(trustedCertificateModel).isEqualTo(expectedTrustedCertificate);
}
+
@Test
void certificationProviderThrowCmpClientWhenCallingClientFails()
- throws CmpClientException, Cmpv2ClientAdapterException {
+ throws CmpClientException {
// Given
- CsrModel testCsrModel = mock(CsrModel.class);
- Cmpv2Server testServer = mock(Cmpv2Server.class);
String expectedErrorMessage = "connecting to CMP client failed";
+
when(
- cmpv2ClientAdapter.callCmpClient(eq(testCsrModel), eq(testServer))
+ cmpClient.createCertificate(any(CsrModel.class), any(Cmpv2Server.class))
).thenThrow(new CmpClientException(expectedErrorMessage));
// When
assertThat(exception.getMessage()).isEqualTo(expectedErrorMessage);
}
+ private List<List<X509Certificate>> createCorrectClientResponse()
+ throws CertificateException, NoSuchProviderException {
+ InputStream certificateChain = getClass().getClassLoader().getResourceAsStream("certificateChain.first");
+ InputStream trustedCertificate = getClass().getClassLoader().getResourceAsStream("trustedCertificates.first");
+ X509Certificate x509Certificate = new CertificateFactoryProvider().generateCertificate(certificateChain);
+ X509Certificate x509TrustedCertificate =
+ new CertificateFactoryProvider().generateCertificate(trustedCertificate);
+ return Arrays.asList(Collections.singletonList(x509Certificate),
+ Collections.singletonList(x509TrustedCertificate));
+ }
+
+ private String removeLineEndings(String string) {
+ return string.replace("\n", "").replace("\r", "");
+ }
}
* ============LICENSE_END=========================================================
*/
-package org.onap.aaf.certservice.certification.adapter;
+package org.onap.aaf.certservice.certification;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
+import org.onap.aaf.certservice.certification.RsaContentSignerBuilder;
import org.onap.aaf.certservice.certification.exception.DecryptionException;
import org.onap.aaf.certservice.certification.model.CsrModel;
* ============LICENSE_END=========================================================
*/
-package org.onap.aaf.certservice.certification.adapter;
+package org.onap.aaf.certservice.certification;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
public class X509CertificateBuilderTest {
- private X509CertificateBuilder certificateBuilde;
+ private X509CertificateBuilder certificateBuilder;
@BeforeEach
void setUp() {
- certificateBuilde = new X509CertificateBuilder();
+ certificateBuilder = new X509CertificateBuilder();
}
@Test
ContentSigner createdContentSigner = rsaContentSignerBuilder.build(testCertificationRequest, testPrivateKey);
// When
- X509v3CertificateBuilder certificateBuilder = certificateBuilde.build(testCertificationRequest);
+ X509v3CertificateBuilder certificateBuilder = this.certificateBuilder.build(testCertificationRequest);
X509CertificateHolder certificateHolder = certificateBuilder.build(createdContentSigner);
// Then
+++ /dev/null
-/*
- * ============LICENSE_START=======================================================
- * Cert Service
- * ================================================================================
- * Copyright (C) 2020 Nokia. All rights reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-
-package org.onap.aaf.certservice.certification.adapter;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.nio.charset.StandardCharsets;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.List;
-import java.util.Objects;
-
-import org.apache.commons.io.IOUtils;
-import org.bouncycastle.asn1.x509.Certificate;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.cert.X509v3CertificateBuilder;
-import org.bouncycastle.operator.ContentSigner;
-import org.bouncycastle.operator.OperatorCreationException;
-import org.bouncycastle.pkcs.PKCS10CertificationRequest;
-import org.junit.jupiter.api.Assertions;
-import org.junit.jupiter.api.Test;
-import org.mockito.InjectMocks;
-import org.mockito.Mock;
-import org.mockito.Mockito;
-import org.onap.aaf.certservice.certification.configuration.model.CaMode;
-import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server;
-import org.onap.aaf.certservice.certification.model.CertificationModel;
-import org.onap.aaf.certservice.certification.model.CsrModel;
-import org.onap.aaf.certservice.cmpv2client.api.CmpClient;
-import org.onap.aaf.certservice.cmpv2client.exceptions.CmpClientException;
-import org.springframework.boot.test.context.SpringBootTest;
-
-@SpringBootTest
-class Cmpv2ClientAdapterTest {
-
- @Mock
- private CmpClient cmpClient;
- @Mock
- private CsrModel csrModel;
- @Mock
- private Cmpv2Server server;
- @Mock
- private RsaContentSignerBuilder rsaContentSignerBuilder;
- @Mock
- private X509CertificateBuilder x509CertificateBuilder;
- @Mock
- private PKCS10CertificationRequest csr;
- @Mock
- private PrivateKey privateKey;
- @Mock
- private X509v3CertificateBuilder x509V3CertificateBuilder;
- @Mock
- private ContentSigner contentSigner;
- @Mock
- private X509CertificateHolder holder;
- @Mock
- private Certificate asn1Certificate;
- @Mock
- private X509Certificate certificate;
- @Mock
- private CertificateFactoryProvider certificateFactoryProvider;
-
- @InjectMocks
- private Cmpv2ClientAdapter adapter;
-
- private static final CaMode CA_MODEL = CaMode.CLIENT;
- private static final String TEST_MSG = "Test";
-
- @Test
- void adapterShouldRethrowClientExceptionOnFailure()
- throws CmpClientException, IOException, OperatorCreationException, CertificateException,
- NoSuchProviderException {
- // Given
- stubInternalProperties();
-
- // When
- Mockito.when(cmpClient.createCertificate(Mockito.any(), Mockito.any()))
- .thenThrow(new CmpClientException(TEST_MSG));
-
- // Then
- Assertions.assertThrows(CmpClientException.class, () -> adapter.callCmpClient(csrModel, server));
- }
-
- @Test
- void shouldConvertToCertificationModel()
- throws OperatorCreationException, CertificateException, NoSuchProviderException, IOException,
- CmpClientException {
- // Given
- stubInternalProperties();
-
- // When
- Mockito.when(cmpClient.createCertificate(Mockito.any(), Mockito.any()))
- .thenReturn(createCorrectClientResponse());
- CertificationModel certificationModel = adapter.callCmpClient(csrModel, server);
-
- // Then
- InputStream certificate = getClass().getClassLoader().getResourceAsStream("certificateModelChain.first");
- InputStream trustedCertificate =
- getClass().getClassLoader().getResourceAsStream("trustedCertificatesModel.first");
- String certificateModel = removeLineEndings(certificationModel.getCertificateChain().get(0));
- String expectedCertificate =
- removeLineEndings(IOUtils.toString(Objects.requireNonNull(certificate), StandardCharsets.UTF_8));
- String trustedCertificateModel = removeLineEndings(certificationModel.getTrustedCertificates().get(0));
- String expectedTrustedCertificate =
- removeLineEndings(IOUtils.toString(Objects.requireNonNull(trustedCertificate), StandardCharsets.UTF_8));
-
- Assertions.assertEquals(certificateModel, expectedCertificate);
- Assertions.assertEquals(trustedCertificateModel, expectedTrustedCertificate);
- }
-
- private List<List<X509Certificate>> createCorrectClientResponse()
- throws CertificateException, NoSuchProviderException {
- InputStream certificateChain = getClass().getClassLoader().getResourceAsStream("certificateChain.first");
- InputStream trustedCertificate = getClass().getClassLoader().getResourceAsStream("trustedCertificates.first");
- X509Certificate x509Certificate = new CertificateFactoryProvider().generateCertificate(certificateChain);
- X509Certificate x509TrustedCertificate =
- new CertificateFactoryProvider().generateCertificate(trustedCertificate);
- return Arrays.asList(Collections.singletonList(x509Certificate),
- Collections.singletonList(x509TrustedCertificate));
- }
-
- private String removeLineEndings(String string) {
- return string.replace("\n", "").replace("\r", "");
- }
-
- private void stubInternalProperties()
- throws IOException, OperatorCreationException, CertificateException, NoSuchProviderException {
- Mockito.when(server.getCaMode()).thenReturn(CA_MODEL);
- Mockito.when(csrModel.getCsr()).thenReturn(csr);
- Mockito.when(csrModel.getPrivateKey()).thenReturn(privateKey);
- Mockito.when(x509CertificateBuilder.build(csr)).thenReturn(x509V3CertificateBuilder);
- Mockito.when(rsaContentSignerBuilder.build(csr, privateKey)).thenReturn(contentSigner);
- Mockito.when(x509V3CertificateBuilder.build(contentSigner)).thenReturn(holder);
- Mockito.when(holder.toASN1Structure()).thenReturn(asn1Certificate);
- Mockito.when(certificateFactoryProvider.generateCertificate(Mockito.any())).thenReturn(certificate);
- Mockito.when(holder.toASN1Structure().getEncoded()).thenReturn("".getBytes());
- }
-
-}
Code Review / oom / platform / cert-service.git / commitdiff