package org.onap.oom.certservice.cmpv2client.impl;
- import static org.onap.oom.certservice.cmpv2client.impl.CmpResponseHelper.checkIfCmpResponseContainsError;
- import static org.onap.oom.certservice.cmpv2client.impl.CmpResponseHelper.getCertFromByteArray;
- import static org.onap.oom.certservice.cmpv2client.impl.CmpResponseHelper.verifyAndReturnCertChainAndTrustSTore;
-
- import java.io.IOException;
- import java.security.KeyPair;
- import java.security.Security;
- import java.security.cert.CertificateParsingException;
- import java.security.cert.X509Certificate;
- import java.util.Collections;
- import java.util.Date;
- import java.util.Objects;
- import java.util.Optional;
import org.apache.http.impl.client.CloseableHttpClient;
import org.bouncycastle.asn1.cmp.CMPCertificate;
import org.bouncycastle.asn1.cmp.CertRepMessage;
import org.onap.oom.certservice.certification.model.OldCertificateModel;
import org.onap.oom.certservice.cmpv2client.api.CmpClient;
import org.onap.oom.certservice.cmpv2client.exceptions.CmpClientException;
+ import org.onap.oom.certservice.cmpv2client.impl.protections.PasswordBasedProtection;
+ import org.onap.oom.certservice.cmpv2client.impl.protections.PkiMessageProtection;
+ import org.onap.oom.certservice.cmpv2client.impl.protections.SignatureProtection;
import org.onap.oom.certservice.cmpv2client.model.Cmpv2CertificationModel;
import org.onap.oom.certservice.cmpv2client.validation.CmpCertificationValidator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+ import java.io.IOException;
+ import java.security.KeyPair;
+ import java.security.Security;
+ import java.security.cert.CertificateParsingException;
+ import java.security.cert.X509Certificate;
+ import java.util.Collections;
+ import java.util.Date;
+ import java.util.Objects;
+ import java.util.Optional;
+
+ import static org.onap.oom.certservice.cmpv2client.impl.CmpResponseHelper.checkIfCmpResponseContainsError;
+ import static org.onap.oom.certservice.cmpv2client.impl.CmpResponseHelper.getCertFromByteArray;
+ import static org.onap.oom.certservice.cmpv2client.impl.CmpResponseHelper.verifyAndReturnCertChainAndTrustSTore;
+
/**
* Implementation of the CmpClient Interface conforming to RFC4210 (Certificate Management Protocol
* (CMP)) and RFC4211 (Certificate Request Message Format (CRMF)) standards.
final CreateCertRequest certRequest =
getCmpMessageBuilderWithCommonRequestValues(csrModel, cmpv2Server)
.with(CreateCertRequest::setCmpRequestType, PKIBody.TYPE_KEY_UPDATE_REQ)
- .with(CreateCertRequest::setExtraCerts, getCMPCertificate(oldCertificateModel.getOldCertificate()))
+ .with(CreateCertRequest::setExtraCerts, getCmpCertificate(oldCertificateModel.getOldCertificate()))
.with(CreateCertRequest::setProtection, pkiMessageProtection)
.build();
return new SignatureProtection(oldCertificateModel.getOldPrivateKey());
}
- private CMPCertificate[] getCMPCertificate(Certificate oldCertificate) {
+ private CMPCertificate[] getCmpCertificate(Certificate oldCertificate) {
CMPCertificate cert = new CMPCertificate(oldCertificate);
return new CMPCertificate[]{cert};
}
package org.onap.oom.certservice.cmpv2client.validation;
- import static org.onap.oom.certservice.cmpv2client.impl.CmpResponseValidationHelper.checkImplicitConfirm;
- import static org.onap.oom.certservice.cmpv2client.impl.CmpResponseValidationHelper.verifyPasswordBasedProtection;
- import static org.onap.oom.certservice.cmpv2client.impl.CmpResponseValidationHelper.verifySignature;
- import java.security.PublicKey;
- import java.util.Date;
- import java.util.Objects;
- import java.util.Optional;
import org.apache.http.impl.client.CloseableHttpClient;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.cmp.CertResponse;
import org.bouncycastle.asn1.cmp.PKIHeader;
import org.bouncycastle.asn1.cmp.PKIMessage;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.onap.oom.certservice.certification.configuration.model.CaMode;
import org.onap.oom.certservice.certification.configuration.model.Cmpv2Server;
import org.onap.oom.certservice.certification.model.CsrModel;
import org.onap.oom.certservice.cmpv2client.exceptions.CmpClientException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+ import java.security.PublicKey;
+ import java.util.Date;
+ import java.util.Objects;
+ import java.util.Optional;
+
+ import static org.onap.oom.certservice.cmpv2client.impl.CmpResponseValidationHelper.checkImplicitConfirm;
+ import static org.onap.oom.certservice.cmpv2client.impl.CmpResponseValidationHelper.verifyPasswordBasedProtection;
+ import static org.onap.oom.certservice.cmpv2client.impl.CmpResponseValidationHelper.verifySignature;
+
public class CmpCertificationValidator {
private static final String DEFAULT_CA_NAME = "Certification Authority";
- private static final String DEFAULT_PROFILE = CaMode.RA.getProfile();
private static final ASN1ObjectIdentifier PASSWORD_BASED_MAC = new ASN1ObjectIdentifier("1.2.840.113533.7.66.13");
private static final Logger LOG = LoggerFactory.getLogger(CmpCertificationValidator.class);
final Date notAfter) {
String caName = CmpUtil.isNullOrEmpty(server.getCaName()) ? server.getCaName() : DEFAULT_CA_NAME;
- String profile = server.getCaMode() != null ? server.getCaMode().getProfile() : DEFAULT_PROFILE;
LOG.info(
- "Validate before creating Certificate Request for CA :{} in Mode {} ", caName, profile);
+ "Validate before creating Certificate Request for CA: {}", caName);
CmpUtil.notNull(csrModel, "CsrModel Instance");
CmpUtil.notNull(csrModel.getSubjectData(), "Subject DN");