+++ /dev/null
-/*
- * ============LICENSE_START=======================================================
- * PROJECT
- * ================================================================================
- * Copyright (C) 2020 Nokia. All rights reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-
-package org.onap.oom.certservice.certification.configuration.model;
-
-public enum CaMode {
- RA("RA"), CLIENT("Client");
-
- private String profile;
-
- CaMode(String profile) {
- this.profile = profile;
- }
-
- public String getProfile() {
- return profile;
- }
-}
/*
* ============LICENSE_START=======================================================
- * PROJECT
+ * Cert Service
* ================================================================================
- * Copyright (C) 2020 Nokia. All rights reserved.
+ * Copyright (C) 2020-2021 Nokia. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
import javax.validation.Valid;
import javax.validation.constraints.NotNull;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import org.bouncycastle.asn1.x500.X500Name;
import org.hibernate.validator.constraints.Length;
import org.onap.oom.certservice.certification.configuration.validation.constraints.Cmpv2Url;
+@JsonIgnoreProperties(ignoreUnknown = true)
public class Cmpv2Server {
private static final int MAX_CA_NAME_LENGTH = 128;
@Valid
private Authentication authentication;
@NotNull
- private CaMode caMode;
- @NotNull
@Length(min = 1, max = MAX_CA_NAME_LENGTH)
private String caName;
@NotNull
this.authentication = authentication;
}
- public CaMode getCaMode() {
- return caMode;
- }
-
- public void setCaMode(CaMode caMode) {
- this.caMode = caMode;
- }
-
public String getCaName() {
return caName;
}
public String toString() {
return "Cmpv2Server{"
+ "authentication=" + authentication
- + ", caMode=" + caMode
+ ", caName='" + caName + '\''
+ ", issuerDN='" + issuerDN + '\''
+ ", url='" + url + '\''
+ '}';
}
-
}
import org.bouncycastle.asn1.cmp.PKIHeader;
import org.bouncycastle.asn1.cmp.PKIMessage;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.onap.oom.certservice.certification.configuration.model.CaMode;
import org.onap.oom.certservice.certification.configuration.model.Cmpv2Server;
import org.onap.oom.certservice.certification.model.CsrModel;
import org.onap.oom.certservice.cmpv2client.exceptions.CmpClientException;
public class CmpCertificationValidator {
private static final String DEFAULT_CA_NAME = "Certification Authority";
- private static final String DEFAULT_PROFILE = CaMode.RA.getProfile();
private static final ASN1ObjectIdentifier PASSWORD_BASED_MAC = new ASN1ObjectIdentifier("1.2.840.113533.7.66.13");
private static final Logger LOG = LoggerFactory.getLogger(CmpCertificationValidator.class);
final Date notAfter) {
String caName = CmpUtil.isNullOrEmpty(server.getCaName()) ? server.getCaName() : DEFAULT_CA_NAME;
- String profile = server.getCaMode() != null ? server.getCaMode().getProfile() : DEFAULT_PROFILE;
LOG.info(
- "Validate before creating Certificate Request for CA :{} in Mode {} ", caName, profile);
+ "Validate before creating Certificate Request for CA: {}", caName);
CmpUtil.notNull(csrModel, "CsrModel Instance");
CmpUtil.notNull(csrModel.getSubjectData(), "Subject DN");
/*
* ============LICENSE_START=======================================================
- * PROJECT
+ * Cert Service
* ================================================================================
* Copyright (C) 2020-2021 Nokia. All rights reserved.
* ================================================================================
"CA_NAME", "TEST",
"URL", "http://127.0.0.1/ejbca/publicweb/cmp/cmp",
"ISSUER_DN", "CN=ManagementCA",
- "CA_MODE", "CLIENT",
"IAK", "xxx",
"RV", "yyy"
);
"CA_NAME", "TEST2",
"URL", "http://127.0.0.1/ejbca/publicweb/cmp/cmpRA",
"ISSUER_DN", "CN=ManagementCA2",
- "CA_MODE", "RA",
"IAK", "xxx",
"RV", "yyy"
);
assertThat(cmpv2Server.getCaName()).isEqualTo(expected.get("CA_NAME"));
assertThat(cmpv2Server.getUrl()).isEqualTo(expected.get("URL"));
assertThat(cmpv2Server.getIssuerDN()).hasToString(expected.get("ISSUER_DN"));
- assertThat(cmpv2Server.getCaMode().name()).isEqualTo(expected.get("CA_MODE"));
assertThat(cmpv2Server.getAuthentication().getIak()).isEqualTo(expected.get("IAK"));
assertThat(cmpv2Server.getAuthentication().getRv()).isEqualTo(expected.get("RV"));
}
import org.mockito.Mockito;
import org.mockito.junit.jupiter.MockitoExtension;
import org.onap.oom.certservice.certification.configuration.model.Authentication;
-import org.onap.oom.certservice.certification.configuration.model.CaMode;
import org.onap.oom.certservice.certification.configuration.model.Cmpv2Server;
@ExtendWith(MockitoExtension.class)
testAuthentication1.setIak("testIak");
testAuthentication1.setRv("testRv");
testServer1.setAuthentication(testAuthentication1);
- testServer1.setCaMode(CaMode.RA);
Cmpv2Server testServer2 = new Cmpv2Server();
testServer2.setCaName("TEST_CA2");
testAuthentication2.setIak("test2Iak");
testAuthentication2.setRv("test2Rv");
testServer2.setAuthentication(testAuthentication2);
- testServer2.setCaMode(CaMode.CLIENT);
return List.of(testServer1, testServer2);
}
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import org.onap.oom.certservice.certification.configuration.model.Authentication;
-import org.onap.oom.certservice.certification.configuration.model.CaMode;
import org.onap.oom.certservice.certification.configuration.model.Cmpv2Server;
import org.onap.oom.certservice.certification.exception.Cmpv2ServerNotFoundException;
testAuthentication.setIak("testIak");
testAuthentication.setRv("testRv");
testServer.setAuthentication(testAuthentication);
- testServer.setCaMode(CaMode.RA);
return testServer;
}
/*
* ============LICENSE_START=======================================================
- * PROJECT
+ * Cert Service
* ================================================================================
- * Copyright (C) 2020 Nokia. All rights reserved.
+ * Copyright (C) 2020-2021 Nokia. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
import org.junit.jupiter.api.extension.ExtendWith;
import org.onap.oom.certservice.CertServiceApplication;
import org.onap.oom.certservice.certification.configuration.model.Authentication;
-import org.onap.oom.certservice.certification.configuration.model.CaMode;
import org.onap.oom.certservice.certification.configuration.model.Cmpv2Server;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.context.ContextConfiguration;
assertExceptionIsThrown();
}
- @Test
- void shouldThrowExceptionWhenCaModeIsNull() {
- // Given
- server.setCaMode(null);
-
- // Then
- assertExceptionIsThrown();
- }
-
@Test
void shouldThrowExceptionWhenUrlIsNull() {
// Given
private void setServerConfiguration() {
server = new Cmpv2Server();
- server.setCaMode(CaMode.CLIENT);
server.setCaName("TEST");
server.setIssuerDN(new X500Name("CN=ManagementCA"));
server.setUrl("http://127.0.0.1/ejbca/publicweb/cmp/cmp");
authentication.setIak("testIAK");
}
-}
\ No newline at end of file
+}
"caName": "TEST",
"url": "http://127.0.0.1/ejbca/publicweb/cmp/cmp",
"issuerDN": "CN=ManagementCA",
- "caMode": "CLIENT",
"authentication": {
"iak": "xxx",
"rv": "yyy"
"caName": "TEST2",
"url": "http://127.0.0.1/ejbca/publicweb/cmp/cmpRA",
"issuerDN": "CN=ManagementCA2",
- "caMode": "RA",
"authentication": {
"iak": "xxx",
"rv": "yyy"
}
}
]
-}
\ No newline at end of file
+}
{
"caName": " ",
"url": "http://127.0.0.1/ejbca/publicweb/cmp/cmp",
- "issuerDN": "CN=ManagementCA",
- "caMode": "CLIENT"
+ "issuerDN": "CN=ManagementCA"
},
{
"caName": "TEST2",
"url": "http://127.0.0.1/ejbca/publicweb/cmp/cmpRA",
- "caMode": "RA",
"authentication": {
"iak": "xxx",
"rv": "yyy"
}
}
]
-}
\ No newline at end of file
+}
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
- name: _sample_cert_name_
+ name: cert-test
namespace: onap
spec:
# The secret name to store the signed certificate
- secretName: _sample_secret_name_
+ secretName: cert-test-secret-name
# Common Name
commonName: certissuer.onap.org
subject:
issuerRef:
group: certmanager.onap.org
kind: CMPv2Issuer
- name: cmpv2-issuer
+ name: cmpv2-issuer-onap
"caName": "Client",
"url": "http://oomcert-ejbca:8080/ejbca/publicweb/cmp/cmp",
"issuerDN": "O=EJBCA Container Quickstart,CN=ManagementCA,UID=12345",
- "caMode": "CLIENT",
"authentication": {
"iak": "mypassword",
"rv": "mypassword"
"caName": "RA",
"url": "http://oomcert-ejbca:8080/ejbca/publicweb/cmp/cmpRA",
"issuerDN": "O=EJBCA Container Quickstart,CN=ManagementCA,UID=12345",
- "caMode": "RA",
"authentication": {
"iak": "mypassword",
"rv": "mypassword"
**New Features**
- N/A
+ Add certificate update use case (support for CMPv2 messages: Key Update Request and Certification Request).
**Bug Fixes**
**Upgrade Notes**
+ caMode is removed from cmpServers.json configuration file.
+
**Deprecation Notes**
CertService client is not supported since Istanbul release.
"caName": "Client",
"url": "http://oomcert-ejbca:8080/ejbca/publicweb/cmp/cmp",
"issuerDN": "CN=ManagementCA",
- "caMode": "CLIENT",
"authentication": {
"iak": "mypassword",
"rv": "mypassword"
"caName": "RA",
"url": "http://oomcert-ejbca:8080/ejbca/publicweb/cmp/cmpRA",
"issuerDN": "CN=ManagementCA",
- "caMode": "RA",
"authentication": {
"iak": "mypassword",
"rv": "mypassword"
- *caName* - name of the external CA server. It's used to match *CA_NAME* sent by CertService client in order to match proper configuration.
- *url* - URL to CMPv2 server
- *issuerDN* - Distinguished Name of the CA that will sign the certificate
- - *caMode* - Issuer mode. Allowed values are *CLIENT* and *RA*
- *authentication*
- *iak* - Initial authentication key, used to authenticate request in CMPv2 server
+---------------------+---------------------------------------------------------------------------------------------------------------------------------+
| Name | Value |
+=====================+=================================================================================================================================+
-| Request URL | http://ejbca:8080/ejbca/publicweb/cmp/cmpRA |
+| Request URL | http://ejbca:8080/ejbca/publicweb/cmp/cmpRA |
+---------------------+---------------------------------------------------------------------------------------------------------------------------------+
| Response Type | PKI Response |
+---------------------+---------------------------------------------------------------------------------------------------------------------------------+