package org.onap.aaf.certservice.client;
+import java.security.KeyPair;
import org.onap.aaf.certservice.client.api.ExitableException;
+import org.onap.aaf.certservice.client.certification.PrivateKeyToPemEncoder;
import org.onap.aaf.certservice.client.certification.CsrFactory;
import org.onap.aaf.certservice.client.certification.KeyPairFactory;
import org.onap.aaf.certservice.client.certification.conversion.KeystoreTruststoreCreator;
import org.onap.aaf.certservice.client.certification.conversion.KeystoreTruststoreCreatorFactory;
-
-import java.security.KeyPair;
+import org.onap.aaf.certservice.client.common.Base64Encoder;
import org.onap.aaf.certservice.client.configuration.EnvsForClient;
import org.onap.aaf.certservice.client.configuration.EnvsForCsr;
import org.onap.aaf.certservice.client.configuration.factory.ClientConfigurationFactory;
import static org.onap.aaf.certservice.client.api.ExitCode.SUCCESS_EXIT_CODE;
import static org.onap.aaf.certservice.client.certification.EncryptionAlgorithmConstants.KEY_SIZE;
import static org.onap.aaf.certservice.client.certification.EncryptionAlgorithmConstants.RSA_ENCRYPTION_ALGORITHM;
-import static org.onap.aaf.certservice.client.common.Base64Coder.encode;
public class CertServiceClient {
public void run() {
KeyPairFactory keyPairFactory = new KeyPairFactory(RSA_ENCRYPTION_ALGORITHM, KEY_SIZE);
+ PrivateKeyToPemEncoder pkEncoder = new PrivateKeyToPemEncoder();
+ Base64Encoder base64Encoder = new Base64Encoder();
try {
ClientConfiguration clientConfiguration = new ClientConfigurationFactory(new EnvsForClient()).create();
CsrConfiguration csrConfiguration = new CsrConfigurationFactory(new EnvsForCsr()).create();
KeyPair keyPair = keyPairFactory.create();
CsrFactory csrFactory = new CsrFactory(csrConfiguration);
- String csr = csrFactory.createEncodedCsr(keyPair);
CloseableHttpClientProvider provider = new CloseableHttpClientProvider(
clientConfiguration.getRequestTimeout());
HttpClient httpClient = new HttpClient(provider, clientConfiguration.getUrlToCertService());
CertServiceResponse certServiceData =
- httpClient.retrieveCertServiceData(
- clientConfiguration.getCaName(),
- csr,
- encode(keyPair.getPrivate().toString()));
+ httpClient.retrieveCertServiceData(
+ clientConfiguration.getCaName(),
+ base64Encoder.encode(csrFactory.createCsrInPem(keyPair)),
+ base64Encoder.encode(pkEncoder.encodePrivateKeyToPem(keyPair.getPrivate())));
KeystoreTruststoreCreator filesCreator = new KeystoreTruststoreCreatorFactory(
clientConfiguration.getCertsOutputPath()).create();
CSR_GENERATION_EXCEPTION(4),
CERT_SERVICE_API_CONNECTION_EXCEPTION(5),
HTTP_CLIENT_EXCEPTION(6),
- PKCS12_CONVERSION_EXCEPTION(7);
+ PKCS12_CONVERSION_EXCEPTION(7),
+ PK_TO_PEM_ENCODING_EXCEPTION(8);
private final int value;
}
- public String createEncodedCsr(KeyPair keyPair) throws CsrGenerationException {
+ public String createCsrInPem(KeyPair keyPair) throws CsrGenerationException {
PKCS10CertificationRequest request;
String csrParameters = getMandatoryParameters().append(getOptionalParameters()).toString();
X500Principal subject = new X500Principal(csrParameters);
request = createPKCS10Csr(subject, keyPair);
- return encodeToBase64(convertPKC10CsrToPem(request));
+ return convertPKC10CsrToPem(request);
}
private static Boolean isParameterPresent(String parameter) {
return parameter != null && !"".equals(parameter);
}
-
- private static String encodeToBase64(String csrInPem) {
- return Base64.getEncoder().encodeToString(csrInPem.getBytes(StandardCharsets.UTF_8));
- }
}
--- /dev/null
+/*
+ * ============LICENSE_START=======================================================
+ * aaf-certservice-client
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.aaf.certservice.client.certification;
+
+
+
+import java.io.IOException;
+import java.io.StringWriter;
+import java.security.PrivateKey;
+
+import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
+import org.bouncycastle.util.io.pem.PemObject;
+import org.onap.aaf.certservice.client.certification.exception.PkEncodingException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class PrivateKeyToPemEncoder {
+
+ public static final String PEM_OBJECT_TYPE = "RSA PRIVATE KEY";
+ private final Logger LOGGER = LoggerFactory.getLogger(PrivateKeyToPemEncoder.class);
+
+ public String encodePrivateKeyToPem(PrivateKey pk) throws PkEncodingException {
+ LOGGER.info("Encoding PrivateKey to PEM");
+ StringWriter stringWriter = new StringWriter();
+ try (JcaPEMWriter pemWriter = new JcaPEMWriter(stringWriter)) {
+ pemWriter.writeObject(new PemObject(PEM_OBJECT_TYPE, pk.getEncoded()));
+ } catch (IOException e) {
+ LOGGER.error("Exception occurred during encoding PrivateKey to PEM", e);
+ throw new PkEncodingException(e);
+ }
+ return stringWriter.toString();
+ }
+}
--- /dev/null
+/*============LICENSE_START=======================================================
+ * aaf-certservice-client
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.aaf.certservice.client.certification.exception;
+
+import org.onap.aaf.certservice.client.api.ExitCode;
+import org.onap.aaf.certservice.client.api.ExitableException;
+
+public class PkEncodingException extends ExitableException {
+ private static final ExitCode EXIT_CODE = ExitCode.PK_TO_PEM_ENCODING_EXCEPTION;
+
+ public PkEncodingException(Throwable e) {
+ super(e);
+ }
+
+ public int applicationExitCode() {
+ return EXIT_CODE.getValue();
+ }
+}
-/*
- * ============LICENSE_START=======================================================
+/*============LICENSE_START=======================================================
* aaf-certservice-client
* ================================================================================
* Copyright (C) 2020 Nokia. All rights reserved.
import org.bouncycastle.util.encoders.Base64;
-public class Base64Coder {
- public static String encode(String string){
+public class Base64Encoder {
+ public String encode(String string){
return new String(Base64.encode(string.getBytes()));
}
-}
+}
\ No newline at end of file
when(config.getOrganizationUnit()).thenReturn("ONAP");
when(config.getState()).thenReturn("California");
- assertThat(new CsrFactory(config).createEncodedCsr(keyPair)).isNotEmpty();
+ assertThat(new CsrFactory(config).createCsrInPem(keyPair)).isNotEmpty();
}
}
--- /dev/null
+/*============LICENSE_START=======================================================
+ * aaf-certservice-client
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.aaf.certservice.client.certification;
+
+
+import org.bouncycastle.util.io.pem.PemObject;
+import org.bouncycastle.util.io.pem.PemReader;
+import org.junit.jupiter.api.Test;
+import org.onap.aaf.certservice.client.certification.exception.PkEncodingException;
+
+import java.io.IOException;
+import java.io.StringReader;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.security.KeyFactory;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.PKCS8EncodedKeySpec;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+class PrivateKeyToPemEncoderTest {
+
+ private static final String ENCRYPTION_ALGORITHM = "RSA";
+ private static final String RESOURCES_DIR = "src/test/resources/";
+ private static final String PRIVATE_KEY_PEM_PATH = RESOURCES_DIR + "rsaPrivateKeyPem";
+
+ @Test
+ public void shouldReturnProperlyEncodedPrivateKey() throws InvalidKeySpecException, NoSuchAlgorithmException, PkEncodingException, IOException {
+ //given
+ String expectedPem = Files.readString(Paths.get(PRIVATE_KEY_PEM_PATH));
+ PrivateKeyToPemEncoder testedPkEncoder = new PrivateKeyToPemEncoder();
+ //when
+ PrivateKey privateKey = extractPrivateKeyFromPem(expectedPem);
+ String resultPkInPem = testedPkEncoder.encodePrivateKeyToPem(privateKey);
+ //then
+ assertThat(resultPkInPem).isEqualTo(expectedPem);
+ }
+
+ private PrivateKey extractPrivateKeyFromPem(String pem) throws NoSuchAlgorithmException, InvalidKeySpecException, IOException {
+ PemReader pemReader = new PemReader(new StringReader(pem));
+ PemObject pemObject = pemReader.readPemObject();
+ pemReader.close();
+ PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(pemObject.getContent());
+ KeyFactory kf = KeyFactory.getInstance(ENCRYPTION_ALGORITHM);
+ return kf.generatePrivate(spec);
+ }
+}
\ No newline at end of file
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCwooLW/yfXHIGs
+djOW6zCM6mzGq4ZkFr0LMVBE+Y9dckGsYJzCrfC4pQtFjcvTlwalu6/YOgieR/zY
+bgVF7Ic0IYV+BssO+t6Zx2xYli4NIGc5kJgDrKtR6lWvH8AMnQEr+QiDElLBWobU
++QGn5v8A528Ow5yD1fmxKTqqvWS4v1rOShGCIdse5ViraGjnMFxOV6u6pGqa17v7
+dTh0XIUyF/o3aSbmBHXkmvQ4pu/K1ncsF2zHIqUWAc7j8y1u5uE5o8b+dUzkcS4t
+QKfjFKP81I7XQNmpGZ8REzWyaYVk3RrMCju6iVgdKrs198Wif0b7wGswFv4BFhOp
+2jceFUwfAgMBAAECggEABjDb9x8gTVjRbrMB4eNCY14ADAKNBksJuy+ySYiZrsPH
+a3xDYktoaYBXYcuzfioH8J0gb6qxDKMnSIqqoqXEo14daKpiSZcfYDJuKLiyyoD9
+PTZFLbPKmWdmM2ogeBC0rs7eroFg5yf+G87ScQkWnPh/mvveK3y/cKcqSDu1IQh8
+3b8KQshC5g4iBqCfOMW3ASF03M4zmM3brKMWsdsAWEbFHQ34H10FXTHrAINpWIZK
+s2NL3z9tK6hXrwlZdKH6R/JWczSO7O5MBjLfeXZK7q3Tw4qtFWWjcNwfPlUZKMAS
+3fZFamFwY//qW+0yuCO59o70d9Pjm6p0DWsfOs9t8QKBgQD1iRdGV4xZXZT9Q4Wh
+LQMnChjuNHcmhdBYbmC03j3AffQwkQ1dKt++9uWYdy9dO9v1w7aygAMQI36jkDvR
+UJ1Rnmt9gQpeOL/wHP3R0uHbTtxLeGnX3Oo1Yx7Wfl98rq4mmBxjO5Lgft/6kTgz
+XgeiNDWi53KwDEOoFaZhWihZ6QKBgQC4Ka5Hc9wXD/5utpvNs5ut+9zjY0kx6kr8
+SyDZExbVR1ohtvSQ2sd2JvZPyFS0VbvYfFPhyCYcWW9LDEX168CZT5aHgcNop1Iu
+Szq8nYrljFa5Ibdlpf0qxC6JgObC2XytUR0O7BaXHBWpl0/wLpLTcfU2wTDLRoH8
+JLu7P3MoxwKBgQCI9DWqQ60CL8Op3J7NvviyLtynCVaogx0qJi8E062oD9lDubS1
+kfOJZde8ykX+ACR5mffu6p5KwzGg9BOZdhi57N5R+8cXtRnCSbl97t2R4RPZeMm4
+4P02WBpcU9LZDeoPlurGovUTCVHPRm8Nn9YsMGj2e5ip/71BJQpP5OT6+QKBgQCP
+NYJb+AG3QW22hHQmArxWEFxVyrh5g1sqU/XIOCryUVkKjK4kEq02+NdjdUJBNcYs
+c4n7MlxIgVelQXcJ5HlR/uzslQDy2eJzM3cKg2wmUvqBXnGyLuDvJ72UmdNYxC1K
+zZ/OIdLzURibV5oHCQCOQrjQCm06NasQ+zOtSYrwswKBgQCUHhgxynFNyidxPFzX
+V0X5xCbJ3jvJNjZFRsItQ97vEAkfJqxCnOZKMti0JWSlLBEViaKnqaA+ZE/SeJ/k
+Jut5h9gu4QIdeF4mf9v3tjuEQP7RaMCD6xnFZnebkQf6wlZz5VaXME4ICpi1Cnk7
+DySS9CMoRnwdwY7hAbfPtupKDA==
+-----END RSA PRIVATE KEY-----
Code Review / oom / platform / cert-service.git / commitdiff