content = @Content(schema = @Schema(implementation = ErrorResponseModel.class)))
})
@Operation(
- summary = "sign certificate",
- description = "Web endpoint for requesting certificate signing. Used by system components to gain certificate signed by CA.",
+ summary = "initialize certificate",
+ description = "Web endpoint for requesting certificate initialization. Used by system components to gain certificate signed by CA.",
tags = {"CertificationService"})
public ResponseEntity<CertificationResponseModel> signCertificate(
@Parameter(description = "Name of certification authority that will sign CSR.")
@PathVariable String caName,
- @Parameter(description = "Certificate signing request in form of PEM object encoded in Base64 (with header and footer).")
+ @Parameter(description = "Certificate initialization request in form of PEM object encoded in Base64 (with header and footer).")
@RequestHeader("CSR") String encodedCsr,
@Parameter(description = "Private key in form of PEM object encoded in Base64 (with header and footer).")
@RequestHeader("PK") String encodedPrivateKey
) throws DecryptionException, CmpClientException {
caName = replaceWhiteSpaceChars(caName);
- LOGGER.info("Received certificate signing request for CA named: {}", caName);
+ LOGGER.info("Received certificate initialization request for CA named: {}", caName);
CertificationResponseModel certificationResponseModel = certificationResponseModelFactory
.provideCertificationModelFromInitialRequest(encodedCsr, encodedPrivateKey, caName);
return new ResponseEntity<>(certificationResponseModel, HttpStatus.OK);
* ============LICENSE_START=======================================================
* Cert Service
* ================================================================================
- * Copyright (C) 2020 Nokia. All rights reserved.
+ * Copyright (C) 2020-2021 Nokia. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Cmpv2Server cmpv2Server = cmpv2ServerProvider.getCmpv2Server(caName);
LOGGER.debug("Found server for given CA name: \n{}", cmpv2Server);
- LOGGER.info("Sending sign request for certification model for CA named: {}, and certificate signing request:\n{}",
+ LOGGER.info("Sending initialization request for certification model for CA named: {}, and certificate signing request:\n{}",
caName, csrModel);
return certificationProvider.executeInitializationRequest(csrModel, cmpv2Server);
}
public CertificationResponseModel provideCertificationModelFromUpdateRequest(CertificateUpdateModel certificateUpdateModel)
throws DecryptionException, CmpClientException {
- LOGGER.info("CSR: {}, old cert: {}, CA: {}", certificateUpdateModel.getEncodedCsr(),
+ LOGGER.debug("CSR: {}, old cert: {}, CA: {}", certificateUpdateModel.getEncodedCsr(),
certificateUpdateModel.getEncodedOldCert(), certificateUpdateModel.getCaName());
final CsrModel csrModel = csrModelFactory.createCsrModel(
new StringBase64(certificateUpdateModel.getEncodedCsr()),
*/
public static OptionalValidity generateOptionalValidity(
final Date notBefore, final Date notAfter) {
- LOG.info("Generating Optional Validity from Date objects");
+ LOG.debug("Generating Optional Validity from Date objects");
ASN1EncodableVector optionalValidityV = new ASN1EncodableVector();
if (notBefore != null) {
Time nb = new Time(notBefore);
*/
public static Extensions generateExtension(final GeneralName[] sansArray)
throws CmpClientException {
- LOG.info("Generating Extensions from Subject Alternative Names");
+ LOG.debug("Generating Extensions from Subject Alternative Names");
final ExtensionsGenerator extGenerator = new ExtensionsGenerator();
try {
extGenerator.addExtension(Extension.keyUsage, CRITICAL_FALSE, getKeyUsage());
/*-
* ============LICENSE_START=======================================================
- * Copyright (C) 2020 Nordix Foundation.
- * ================================================================================
- * Modification copyright 2021 Nokia
+ * Copyright (C) 2020 Nordix Foundation.
+ * Copyright (C) 2021 Nokia.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
public final class CmpResponseHelper {
private static final Logger LOG = LoggerFactory.getLogger(CmpResponseHelper.class);
+ private static final Map<Integer, String> RESPONSE_TYPE_TO_STRING = Map.of(
+ PKIBody.TYPE_INIT_REP, "INIT_REP",
+ PKIBody.TYPE_CERT_REP, "CERT_REP",
+ PKIBody.TYPE_KEY_UPDATE_REP, "KEY_UPDATE_REP");
private CmpResponseHelper() {
}
static void checkIfCmpResponseContainsError(PKIMessage respPkiMessage) {
- LOG.info("Response type: {} ", respPkiMessage.getBody().getType());
- if (respPkiMessage.getBody().getType() == PKIBody.TYPE_ERROR) {
+ final int responseType = respPkiMessage.getBody().getType();
+ final String responseTypeName = RESPONSE_TYPE_TO_STRING.getOrDefault(responseType, Integer.toString(responseType));
+ LOG.info("Response type is: {} ", responseTypeName);
+
+ if (responseType == PKIBody.TYPE_ERROR) {
final ErrorMsgContent errorMsgContent =
(ErrorMsgContent) respPkiMessage.getBody().getContent();
String text = errorMsgContent.getPKIStatusInfo().getStatusString().getStringAt(0).getString();
* @return bytes containing a random number string representing a nonce
*/
public static byte[] createRandomBytes() {
- LOGGER.info("Generating random array of bytes");
+ LOGGER.debug("Generating random array of bytes");
byte[] randomBytes = new byte[RANDOM_BYTE_LENGTH];
SECURE_RANDOM.nextBytes(randomBytes);
return randomBytes;
* @return bytes containing a random number string representing a nonce
*/
public static int createRandomInt(int range) {
- LOGGER.info("Generating random integer");
+ LOGGER.debug("Generating random integer");
return SECURE_RANDOM.nextInt(range) + RANDOM_SEED;
}
* @return bytes representing the PKIHeader and PKIBody thats to be protected
*/
public static byte[] generateProtectedBytes(PKIHeader header, PKIBody body) throws CmpClientException {
- LOGGER.info("Generating array of bytes representing PkiHeader and PkiBody");
+ LOGGER.debug("Generating array of bytes representing PkiHeader and PkiBody");
byte[] res;
ASN1EncodableVector vector = new ASN1EncodableVector();
vector.add(header);
*/
static PKIHeader generatePkiHeader(
X500Name subjectDn, X500Name issuerDn, AlgorithmIdentifier protectionAlg, String senderKid) {
- LOGGER.info("Generating a Pki Header Builder");
+ LOGGER.debug("Generating a Pki Header Builder");
PKIHeaderBuilder pkiHeaderBuilder =
new PKIHeaderBuilder(
PKIHeader.CMP_2000, new GeneralName(subjectDn), new GeneralName(issuerDn));
/*-
* ============LICENSE_START=======================================================
* Copyright (C) 2020 Nordix Foundation.
- * ================================================================================
- * Modification copyright 2021 Nokia
+ * Copyright (C) 2021 Nokia.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
if (notBefore != null && notAfter != null && notBefore.compareTo(notAfter) > 0) {
throw new IllegalArgumentException("Before Date is set after the After Date");
}
+ LOG.info("Validation completed successfully.");
}
public void checkCmpResponse(final PKIMessage respPkiMessage, final PublicKey publicKey, final String initAuthPassword)
}
private void logServerResponse(CertResponse certResponse) {
- if (LOG.isInfoEnabled()) {
- LOG.info("Response status code: {}", certResponse.getStatus().getStatus());
- }
+ LOG.info("Response status code: {}", certResponse.getStatus().getStatus());
if (certResponse.getStatus().getStatusString() != null) {
String serverMessage = certResponse.getStatus().getStatusString().getStringAt(0).getString();
LOG.warn("Response status text: {}", serverMessage);
Code Review / oom / platform / cert-service.git / commitdiff