From 0b278343630c1e3c7c92b3e5094570748692666e Mon Sep 17 00:00:00 2001 From: Piotr Marcinkiewicz Date: Wed, 17 Jun 2020 14:54:51 +0200 Subject: [PATCH] Add creation JKS artifact Issue-ID: AAF-1152 Signed-off-by: Piotr Marcinkiewicz Change-Id: I8b38dc07ddbf6758e0c4c036100572b350dceab9 --- certServiceClient/README.md | 2 +- .../aaf/certservice/client/api/ExitStatus.java | 2 +- .../conversion/ArtifactsCreatorProvider.java | 29 +++++---- ...Creator.java => ConvertedArtifactsCreator.java} | 56 ++++++++++-------- .../ConvertedArtifactsCreatorFactory.java | 36 ++++++++++++ ...PemToPKCS12Converter.java => PemConverter.java} | 42 +++++++------ ...rException.java => PemConversionException.java} | 8 +-- .../conversion/ArtifactsCreatorProviderTest.java | 26 +++++++-- ...est.java => ConvertedArtifactsCreatorTest.java} | 49 +++++++++++----- ...S12ConverterTest.java => PemConverterTest.java} | 68 ++++++++++++---------- 10 files changed, 208 insertions(+), 110 deletions(-) rename certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/{PKCS12ArtifactsCreator.java => ConvertedArtifactsCreator.java} (50%) create mode 100644 certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ConvertedArtifactsCreatorFactory.java rename certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/{PemToPKCS12Converter.java => PemConverter.java} (82%) rename certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/exception/{PemToPKCS12ConverterException.java => PemConversionException.java} (82%) rename certServiceClient/src/test/java/org/onap/aaf/certservice/client/certification/conversion/{PKCS12ArtifactsCreatorTest.java => ConvertedArtifactsCreatorTest.java} (67%) rename certServiceClient/src/test/java/org/onap/aaf/certservice/client/certification/conversion/{PemToPKCS12ConverterTest.java => PemConverterTest.java} (76%) diff --git a/certServiceClient/README.md b/certServiceClient/README.md index 56c33bdf..72521737 100644 --- a/certServiceClient/README.md +++ b/certServiceClient/README.md @@ -68,7 +68,7 @@ docker logs aaf-certservice-client 4 Fail in CSR generation 5 CertService HTTP unsuccessful response 6 Internal HTTP Client connection problem -7 Fail in PKCS12 conversion +7 Fail in PEM conversion 8 Fail in Private Key to PEM Encoding 9 Wrong TLS configuration 10 File could not be created diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/api/ExitStatus.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/api/ExitStatus.java index 6e91fe84..1d321688 100644 --- a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/api/ExitStatus.java +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/api/ExitStatus.java @@ -27,7 +27,7 @@ public enum ExitStatus { CSR_GENERATION_EXCEPTION(4,"Fail in CSR generation"), CERT_SERVICE_API_CONNECTION_EXCEPTION(5,"CertService HTTP unsuccessful response"), HTTP_CLIENT_EXCEPTION(6,"Internal HTTP Client connection problem"), - PKCS12_CONVERSION_EXCEPTION(7,"Fail in PKCS12 conversion"), + PEM_CONVERSION_EXCEPTION(7,"Fail in PEM conversion"), PK_TO_PEM_ENCODING_EXCEPTION(8,"Fail in Private Key to PEM Encoding"), TLS_CONFIGURATION_EXCEPTION(9, "Invalid TLS configuration"), FILE_CREATION_EXCEPTION(10, "File could not be created"); diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ArtifactsCreatorProvider.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ArtifactsCreatorProvider.java index dd4df73b..d3d8a11b 100644 --- a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ArtifactsCreatorProvider.java +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ArtifactsCreatorProvider.java @@ -22,33 +22,40 @@ import org.onap.aaf.certservice.client.certification.PrivateKeyToPemEncoder; import org.onap.aaf.certservice.client.certification.writer.CertFileWriter; public enum ArtifactsCreatorProvider { - P12 { + P12("PKCS12") { @Override ArtifactsCreator create(String destPath) { - return new PKCS12ArtifactsCreator( - new CertFileWriter(destPath), - new RandomPasswordGenerator(), - new PemToPKCS12Converter()); + return ConvertedArtifactsCreatorFactory.createConverter(destPath, getExtension(), getKeyStoreType()); } }, - JKS { + JKS("JKS") { @Override ArtifactsCreator create(String destPath) { - return null; + return ConvertedArtifactsCreatorFactory.createConverter(destPath, getExtension(), getKeyStoreType()); } }, - PEM { + PEM("PEM"){ @Override ArtifactsCreator create(String destPath) { - return new PemArtifactsCreator( - new CertFileWriter(destPath), - new PrivateKeyToPemEncoder()); + return new PemArtifactsCreator(new CertFileWriter(destPath), new PrivateKeyToPemEncoder()); } }; + private final String keyStoreType; + ArtifactsCreatorProvider(String keyStoreType) { + this.keyStoreType = keyStoreType; + } public static ArtifactsCreator getCreator(String outputType, String destPath) { return valueOf(outputType).create(destPath); } + String getKeyStoreType() { + return keyStoreType; + } + + String getExtension() { + return this.toString().toLowerCase(); + } + abstract ArtifactsCreator create(String destPath); } diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PKCS12ArtifactsCreator.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ConvertedArtifactsCreator.java similarity index 50% rename from certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PKCS12ArtifactsCreator.java rename to certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ConvertedArtifactsCreator.java index c1e7c1c8..4e300074 100644 --- a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PKCS12ArtifactsCreator.java +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ConvertedArtifactsCreator.java @@ -22,57 +22,63 @@ package org.onap.aaf.certservice.client.certification.conversion; import java.security.PrivateKey; import java.util.List; import org.onap.aaf.certservice.client.certification.exception.CertFileWriterException; -import org.onap.aaf.certservice.client.certification.exception.PemToPKCS12ConverterException; +import org.onap.aaf.certservice.client.certification.exception.PemConversionException; import org.onap.aaf.certservice.client.certification.writer.CertFileWriter; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -public class PKCS12ArtifactsCreator implements ArtifactsCreator { +public class ConvertedArtifactsCreator implements ArtifactsCreator { - private static final Logger LOGGER = LoggerFactory.getLogger(PKCS12ArtifactsCreator.class); + private static final Logger LOGGER = LoggerFactory.getLogger(ConvertedArtifactsCreator.class); private static final String CERTIFICATE_ALIAS = "certificate"; private static final String TRUSTED_CERTIFICATE_ALIAS = "trusted-certificate-"; private static final int PASSWORD_LENGTH = 24; - private static final String KEYSTORE_P12 = "keystore.p12"; - private static final String KEYSTORE_PASS = "keystore.pass"; - private static final String TRUSTSTORE_P12 = "truststore.p12"; - private static final String TRUSTSTORE_PASS = "truststore.pass"; - private final RandomPasswordGenerator generator; - private final PemToPKCS12Converter converter; - private final CertFileWriter writer; + private static final String PASS_EXT = "pass"; + private static final String KEYSTORE = "keystore"; + private static final String TRUSTSTORE = "truststore"; - public PKCS12ArtifactsCreator(CertFileWriter writer, RandomPasswordGenerator generator, - PemToPKCS12Converter converter) { - this.generator = generator; + private final String fileExtension; + private final RandomPasswordGenerator passwordGenerator; + private final PemConverter converter; + private final CertFileWriter fileWriter; + + public ConvertedArtifactsCreator(CertFileWriter fileWriter, RandomPasswordGenerator passwordGenerator, + PemConverter converter, String fileExtension) { + this.passwordGenerator = passwordGenerator; this.converter = converter; - this.writer = writer; + this.fileWriter = fileWriter; + this.fileExtension = fileExtension; } @Override public void create(List keystoreData, List truststoreData, PrivateKey privateKey) - throws PemToPKCS12ConverterException, CertFileWriterException { + throws PemConversionException, CertFileWriterException { createKeystore(keystoreData,privateKey); createTruststore(truststoreData); } private void createKeystore(List data, PrivateKey privateKey) - throws PemToPKCS12ConverterException, CertFileWriterException { - Password password = generator.generate(PASSWORD_LENGTH); + throws PemConversionException, CertFileWriterException { + Password password = passwordGenerator.generate(PASSWORD_LENGTH); + String keystoreArtifactName = String.format("%s.%s", KEYSTORE, fileExtension); + String keystorePass = String.format("%s.%s", KEYSTORE, PASS_EXT); - LOGGER.debug("Attempt to create PKCS12 keystore files and saving data. File names: {}, {}", KEYSTORE_P12, KEYSTORE_PASS); + LOGGER.debug("Attempt to create keystore files and saving data. File names: {}, {}", keystoreArtifactName, keystorePass); - writer.saveData(converter.convertKeystore(data, password, CERTIFICATE_ALIAS, privateKey), KEYSTORE_P12); - writer.saveData(getPasswordAsBytes(password), KEYSTORE_PASS); + fileWriter.saveData(converter.convertKeystore(data, password, CERTIFICATE_ALIAS, privateKey), keystoreArtifactName); + fileWriter.saveData(getPasswordAsBytes(password), keystorePass); } private void createTruststore(List data) - throws PemToPKCS12ConverterException, CertFileWriterException { - Password password = generator.generate(PASSWORD_LENGTH); + throws PemConversionException, CertFileWriterException { + Password password = passwordGenerator.generate(PASSWORD_LENGTH); + String truststoreArtifactName = String.format("%s.%s", TRUSTSTORE, fileExtension); + String truststorePass = String.format("%s.%s", TRUSTSTORE, PASS_EXT); - LOGGER.debug("Attempt to create PKCS12 truststore files and saving data. File names: {}, {}", TRUSTSTORE_P12, TRUSTSTORE_PASS); + LOGGER.debug("Attempt to create truststore files and saving data. File names: {}, {}", truststoreArtifactName, truststorePass); - writer.saveData(converter.convertTruststore(data, password, TRUSTED_CERTIFICATE_ALIAS), TRUSTSTORE_P12); - writer.saveData(getPasswordAsBytes(password), TRUSTSTORE_PASS); + fileWriter.saveData(converter.convertTruststore(data, password, TRUSTED_CERTIFICATE_ALIAS), truststoreArtifactName); + fileWriter.saveData(getPasswordAsBytes(password), truststorePass); } private byte[] getPasswordAsBytes(Password password) { diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ConvertedArtifactsCreatorFactory.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ConvertedArtifactsCreatorFactory.java new file mode 100644 index 00000000..5a37482a --- /dev/null +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/ConvertedArtifactsCreatorFactory.java @@ -0,0 +1,36 @@ +/*============LICENSE_START======================================================= + * aaf-certservice-client + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aaf.certservice.client.certification.conversion; + +import org.onap.aaf.certservice.client.certification.writer.CertFileWriter; + +public class ConvertedArtifactsCreatorFactory { + + private ConvertedArtifactsCreatorFactory() { } + + public static ConvertedArtifactsCreator createConverter(String destPath, String fileExtension, String keyStoreType) { + return new ConvertedArtifactsCreator( + new CertFileWriter(destPath), + new RandomPasswordGenerator(), + new PemConverter(keyStoreType), + fileExtension); + } + +} diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PemToPKCS12Converter.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PemConverter.java similarity index 82% rename from certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PemToPKCS12Converter.java rename to certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PemConverter.java index ef1666dc..083e4bcf 100644 --- a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PemToPKCS12Converter.java +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/conversion/PemConverter.java @@ -35,52 +35,56 @@ import org.bouncycastle.cert.X509CertificateHolder; import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.openssl.PEMParser; -import org.onap.aaf.certservice.client.certification.exception.PemToPKCS12ConverterException; +import org.onap.aaf.certservice.client.certification.exception.PemConversionException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -class PemToPKCS12Converter { +class PemConverter { - private static final Logger LOGGER = LoggerFactory.getLogger(PemToPKCS12Converter.class); - private static final String PKCS12 = "PKCS12"; + private static final Logger LOGGER = LoggerFactory.getLogger(PemConverter.class); private static final String PASSWORD_ERROR_MSG = "Password should be min. 16 chars long and should contain only alphanumeric characters and special characters like Underscore (_), Dollar ($) and Pound (#)"; private final LoadStoreParameter EMPTY_KEYSTORE_CONFIGURATION = null; + private final String keyStoreType; + + public PemConverter(String keyStoreType) { + this.keyStoreType = keyStoreType; + } byte[] convertKeystore(List certificateChain, Password password, String alias, PrivateKey privateKey) - throws PemToPKCS12ConverterException { - LOGGER.info("Conversion of PEM certificates to PKCS12 keystore"); + throws PemConversionException { + LOGGER.info("Conversion of PEM certificates to " + keyStoreType + " keystore"); return convert(certificateChain, password, certs -> getKeyStore(alias, password, certs, privateKey)); } byte[] convertTruststore(List trustAnchors, Password password, String alias) - throws PemToPKCS12ConverterException { - LOGGER.info("Conversion of PEM certificates to PKCS12 truststore"); + throws PemConversionException { + LOGGER.info("Conversion of PEM certificates to " + keyStoreType + " truststore"); return convert(trustAnchors, password, certs -> getTrustStore(alias, certs)); } private byte[] convert(List certificates, Password password, StoreEntryOperation operation) - throws PemToPKCS12ConverterException { + throws PemConversionException { checkPassword(password); final Certificate[] X509Certificates = convertToCertificateArray(certificates); return getKeyStoreBytes(password, operation, X509Certificates); } - private void checkPassword(Password password) throws PemToPKCS12ConverterException { + private void checkPassword(Password password) throws PemConversionException { if (!password.isCorrectPasswordPattern()) { LOGGER.error(PASSWORD_ERROR_MSG); - throw new PemToPKCS12ConverterException(PASSWORD_ERROR_MSG); + throw new PemConversionException(PASSWORD_ERROR_MSG); } } private byte[] getKeyStoreBytes(Password password, StoreEntryOperation op, Certificate[] x509Certificates) - throws PemToPKCS12ConverterException { + throws PemConversionException { try (ByteArrayOutputStream bos = new ByteArrayOutputStream()) { KeyStore ks = op.getStore(x509Certificates); ks.store(bos, password.toCharArray()); return bos.toByteArray(); } catch (IOException | CertificateException | NoSuchAlgorithmException | KeyStoreException e) { - LOGGER.error("Pem to PKCS12 converter failed, exception message: {}", e.getMessage()); - throw new PemToPKCS12ConverterException(e); + LOGGER.error("Pem to " + keyStoreType + " converter failed, exception message: {}", e.getMessage()); + throw new PemConversionException(e); } } @@ -103,13 +107,13 @@ class PemToPKCS12Converter { private KeyStore getKeyStoreInstance() throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException { - KeyStore ks = KeyStore.getInstance(PKCS12); + KeyStore ks = KeyStore.getInstance(keyStoreType); ks.load(EMPTY_KEYSTORE_CONFIGURATION); return ks; } private Certificate[] convertToCertificateArray(List certificates) - throws PemToPKCS12ConverterException { + throws PemConversionException { Certificate[] parsedCertificates = new Certificate[certificates.size()]; for (String certificate : certificates) { parsedCertificates[certificates.indexOf(certificate)] = parseCertificate(certificate); @@ -117,17 +121,17 @@ class PemToPKCS12Converter { return parsedCertificates; } - private Certificate parseCertificate(String certificate) throws PemToPKCS12ConverterException { + private Certificate parseCertificate(String certificate) throws PemConversionException { try (PEMParser pem = new PEMParser(new StringReader(certificate))) { X509CertificateHolder certHolder = Optional.ofNullable((X509CertificateHolder) pem.readObject()) .orElseThrow( - () -> new PemToPKCS12ConverterException("The certificate couldn't be parsed correctly. " + certificate)); + () -> new PemConversionException("The certificate couldn't be parsed correctly. " + certificate)); return new JcaX509CertificateConverter() .setProvider(new BouncyCastleProvider()) .getCertificate(certHolder); } catch (IOException | CertificateException e) { LOGGER.error("Certificates conversion failed, exception message: {}", e.getMessage()); - throw new PemToPKCS12ConverterException(e); + throw new PemConversionException(e); } } } diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/exception/PemToPKCS12ConverterException.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/exception/PemConversionException.java similarity index 82% rename from certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/exception/PemToPKCS12ConverterException.java rename to certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/exception/PemConversionException.java index b98f4ace..11c448ee 100644 --- a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/exception/PemToPKCS12ConverterException.java +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/certification/exception/PemConversionException.java @@ -22,13 +22,13 @@ package org.onap.aaf.certservice.client.certification.exception; import org.onap.aaf.certservice.client.api.ExitStatus; import org.onap.aaf.certservice.client.api.ExitableException; -public class PemToPKCS12ConverterException extends ExitableException { - private static final ExitStatus EXIT_STATUS = ExitStatus.PKCS12_CONVERSION_EXCEPTION; +public class PemConversionException extends ExitableException { + private static final ExitStatus EXIT_STATUS = ExitStatus.PEM_CONVERSION_EXCEPTION; - public PemToPKCS12ConverterException(Throwable e) { + public PemConversionException(Throwable e) { super(e); } - public PemToPKCS12ConverterException(String message) { + public PemConversionException(String message) { super(message); } diff --git a/certServiceClient/src/test/java/org/onap/aaf/certservice/client/certification/conversion/ArtifactsCreatorProviderTest.java b/certServiceClient/src/test/java/org/onap/aaf/certservice/client/certification/conversion/ArtifactsCreatorProviderTest.java index 133d90d2..8a619991 100644 --- a/certServiceClient/src/test/java/org/onap/aaf/certservice/client/certification/conversion/ArtifactsCreatorProviderTest.java +++ b/certServiceClient/src/test/java/org/onap/aaf/certservice/client/certification/conversion/ArtifactsCreatorProviderTest.java @@ -20,6 +20,9 @@ package org.onap.aaf.certservice.client.certification.conversion; import org.junit.jupiter.api.Test; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.CsvSource; +import org.junit.jupiter.params.provider.ValueSource; import static org.assertj.core.api.Assertions.assertThat; @@ -27,17 +30,19 @@ import static org.assertj.core.api.Assertions.assertThat; class ArtifactsCreatorProviderTest { private static final String P12 = "P12"; + private static final String JKS = "JKS"; private static final String PEM = "PEM"; private static final String TEST_PATH = "testPath"; - @Test - void artifactsProviderShouldReturnP12Creator(){ + @ParameterizedTest + @ValueSource(strings = {JKS, P12}) + void artifactsProviderShouldReturnConvertedCreator(String outputType){ // when ArtifactsCreator artifactsCreator = - ArtifactsCreatorProvider.getCreator(P12, TEST_PATH); + ArtifactsCreatorProvider.getCreator(outputType, TEST_PATH); // then - assertThat(artifactsCreator).isInstanceOf(PKCS12ArtifactsCreator.class); + assertThat(artifactsCreator).isInstanceOf(ConvertedArtifactsCreator.class); } @Test @@ -49,4 +54,17 @@ class ArtifactsCreatorProviderTest { // then assertThat(artifactsCreator).isInstanceOf(PemArtifactsCreator.class); } + + @ParameterizedTest + @CsvSource({ + "JKS, jks", + "P12, p12"}) + void getExtensionShouldProvideExtensionBasedOnArtifactType(String artifactType, String expectedExtension){ + + //when + String actualExtension = ArtifactsCreatorProvider.valueOf(artifactType).getExtension(); + //then + assertThat(actualExtension).isEqualTo(expectedExtension); + } + } diff --git a/certServiceClient/src/test/java/org/onap/aaf/certservice/client/certification/conversion/PKCS12ArtifactsCreatorTest.java b/certServiceClient/src/test/java/org/onap/aaf/certservice/client/certification/conversion/ConvertedArtifactsCreatorTest.java similarity index 67% rename from certServiceClient/src/test/java/org/onap/aaf/certservice/client/certification/conversion/PKCS12ArtifactsCreatorTest.java rename to certServiceClient/src/test/java/org/onap/aaf/certservice/client/certification/conversion/ConvertedArtifactsCreatorTest.java index 4a690e5f..2da4ab98 100644 --- a/certServiceClient/src/test/java/org/onap/aaf/certservice/client/certification/conversion/PKCS12ArtifactsCreatorTest.java +++ b/certServiceClient/src/test/java/org/onap/aaf/certservice/client/certification/conversion/ConvertedArtifactsCreatorTest.java @@ -30,10 +30,10 @@ import java.util.List; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.onap.aaf.certservice.client.certification.exception.CertFileWriterException; -import org.onap.aaf.certservice.client.certification.exception.PemToPKCS12ConverterException; +import org.onap.aaf.certservice.client.certification.exception.PemConversionException; import org.onap.aaf.certservice.client.certification.writer.CertFileWriter; -class PKCS12ArtifactsCreatorTest { +class ConvertedArtifactsCreatorTest { private static final int PASSWORD_LENGTH = 24; private static final String CERTIFICATE_ALIAS = "certificate"; @@ -44,33 +44,52 @@ class PKCS12ArtifactsCreatorTest { private static final List SAMPLE_TRUSTED_CERTIFICATE_CHAIN = List.of("c", "d"); private static final byte[] SAMPLE_KEYSTORE_BYTES = "this is a keystore test".getBytes(); private static final byte[] SAMPLE_TRUSTSTORE_BYTES = "this is a truststore test".getBytes(); + private static final String P12_EXTENSION= "p12"; private CertFileWriter certFileWriter; private RandomPasswordGenerator passwordGenerator; - private PemToPKCS12Converter converter; + private PemConverter converter; private PrivateKey privateKey; - private PKCS12ArtifactsCreator artifactCreator; + private ConvertedArtifactsCreator artifactsCreator; @BeforeEach void setUp() { certFileWriter = mock(CertFileWriter.class); passwordGenerator = mock(RandomPasswordGenerator.class); - converter = mock(PemToPKCS12Converter.class); + converter = mock(PemConverter.class); privateKey = mock(PrivateKey.class); - artifactCreator = new PKCS12ArtifactsCreator(certFileWriter, passwordGenerator, converter); + artifactsCreator = new ConvertedArtifactsCreator(certFileWriter, passwordGenerator, converter, P12_EXTENSION); } @Test - void artifactsCreatorShouldCauseCallOfConvertAndDataSaveMethods() - throws PemToPKCS12ConverterException, CertFileWriterException { + void convertedArtifactCreatorShouldTryCreateFileWithGivenExtension() + throws CertFileWriterException, PemConversionException { + //given + mockPasswordGeneratorAndPemConverter(); + final String keystore = "keystore"; + final String testExtension = "testExt"; + final String keystoreFileName = String.format("%s.%s", keystore, testExtension); + artifactsCreator = new ConvertedArtifactsCreator(certFileWriter, passwordGenerator, converter, testExtension); + + //when + artifactsCreator.create(SAMPLE_KEYSTORE_CERTIFICATE_CHAIN, SAMPLE_TRUSTED_CERTIFICATE_CHAIN, privateKey); + + //then + verify(certFileWriter, times(1)) + .saveData(SAMPLE_KEYSTORE_BYTES, keystoreFileName); + } + + @Test + void convertedArtifactsCreatorShouldCallConverterAndFilesCreatorMethods() + throws PemConversionException, CertFileWriterException { // given - mockPasswordGeneratorAndPKSC12Converter(); + mockPasswordGeneratorAndPemConverter(); final String keystoreP12 = "keystore.p12"; final String keystorePass = "keystore.pass"; //when - artifactCreator.create(SAMPLE_KEYSTORE_CERTIFICATE_CHAIN, SAMPLE_TRUSTED_CERTIFICATE_CHAIN, privateKey); + artifactsCreator.create(SAMPLE_KEYSTORE_CERTIFICATE_CHAIN, SAMPLE_TRUSTED_CERTIFICATE_CHAIN, privateKey); // then verify(converter, times(1)) @@ -84,19 +103,19 @@ class PKCS12ArtifactsCreatorTest { } @Test - void artifactsCreatorShouldCallPasswordGeneratorTwice() - throws PemToPKCS12ConverterException, CertFileWriterException { + void convertedArtifactsCreatorShouldCallPasswordGeneratorTwice() + throws PemConversionException, CertFileWriterException { // given - mockPasswordGeneratorAndPKSC12Converter(); + mockPasswordGeneratorAndPemConverter(); //when - artifactCreator.create(SAMPLE_KEYSTORE_CERTIFICATE_CHAIN, SAMPLE_TRUSTED_CERTIFICATE_CHAIN, privateKey); + artifactsCreator.create(SAMPLE_KEYSTORE_CERTIFICATE_CHAIN, SAMPLE_TRUSTED_CERTIFICATE_CHAIN, privateKey); // then verify(passwordGenerator, times(2)).generate(PASSWORD_LENGTH); } - private void mockPasswordGeneratorAndPKSC12Converter() throws PemToPKCS12ConverterException { + private void mockPasswordGeneratorAndPemConverter() throws PemConversionException { when(passwordGenerator.generate(PASSWORD_LENGTH)).thenReturn(SAMPLE_PASSWORD); when(converter.convertKeystore(SAMPLE_KEYSTORE_CERTIFICATE_CHAIN, SAMPLE_PASSWORD, CERTIFICATE_ALIAS, privateKey)) .thenReturn(SAMPLE_KEYSTORE_BYTES); diff --git a/certServiceClient/src/test/java/org/onap/aaf/certservice/client/certification/conversion/PemToPKCS12ConverterTest.java b/certServiceClient/src/test/java/org/onap/aaf/certservice/client/certification/conversion/PemConverterTest.java similarity index 76% rename from certServiceClient/src/test/java/org/onap/aaf/certservice/client/certification/conversion/PemToPKCS12ConverterTest.java rename to certServiceClient/src/test/java/org/onap/aaf/certservice/client/certification/conversion/PemConverterTest.java index 35043409..0d67fba7 100644 --- a/certServiceClient/src/test/java/org/onap/aaf/certservice/client/certification/conversion/PemToPKCS12ConverterTest.java +++ b/certServiceClient/src/test/java/org/onap/aaf/certservice/client/certification/conversion/PemConverterTest.java @@ -42,10 +42,12 @@ import java.security.cert.CertificateException; import java.util.List; import org.junit.jupiter.api.BeforeAll; import org.junit.jupiter.api.Test; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.ValueSource; import org.onap.aaf.certservice.client.certification.EncryptionAlgorithmConstants; -import org.onap.aaf.certservice.client.certification.exception.PemToPKCS12ConverterException; +import org.onap.aaf.certservice.client.certification.exception.PemConversionException; -class PemToPKCS12ConverterTest { +class PemConverterTest { private static final String RESOURCES_PATH = "src/test/resources"; private static final String CERT1_PATH = RESOURCES_PATH + "/cert1.pem"; @@ -55,6 +57,7 @@ class PemToPKCS12ConverterTest { private static final String EXPECTED_TRUSTSTORE_PATH = RESOURCES_PATH + "/expectedTruststore.jks"; private static final String PKCS12 = "PKCS12"; private static final String PKCS8 = "PKCS#8"; + private static final String JKS = "JKS"; private static final String KEY_ERROR_MSG = "java.security.KeyStoreException: Key protection algorithm not found: java.lang.NullPointerException"; private static final String CERTIFICATES_ERROR_MSG = "The certificate couldn't be parsed correctly. certificate1"; private static final String PASSWORD_ERROR_MSG = "Password should be min. 16 chars long and should contain only alphanumeric characters and special characters like Underscore (_), Dollar ($) and Pound (#)"; @@ -66,15 +69,16 @@ class PemToPKCS12ConverterTest { key = Files.readAllBytes(Path.of(KEY_PATH)); } - @Test - void convertKeystoreShouldReturnKeystoreWithGivenPrivateKeyAndCertificateChain() - throws IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException, PemToPKCS12ConverterException { + @ParameterizedTest + @ValueSource(strings = {PKCS12, JKS}) + void convertKeystoreShouldReturnKeystoreWithGivenPrivateKeyAndCertificateChain(String conversionTarget) + throws IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException, PemConversionException { // given final String alias = "keystore-entry"; final Password password = new Password("d9D_u8LooYaXH4G48DtN#vw0"); final List certificateChain = getCertificates(); - final PemToPKCS12Converter converter = new PemToPKCS12Converter(); - final KeyStore expectedKeyStore = KeyStore.getInstance(PKCS12); + final PemConverter converter = new PemConverter(conversionTarget); + final KeyStore expectedKeyStore = KeyStore.getInstance(conversionTarget); expectedKeyStore.load(new ByteArrayInputStream(Files.readAllBytes(Path.of(EXPECTED_KEYSTORE_PATH))), password.toCharArray()); final Certificate[] expectedChain = expectedKeyStore.getCertificateChain(alias); @@ -84,7 +88,7 @@ class PemToPKCS12ConverterTest { final byte[] result = converter.convertKeystore(certificateChain, password, alias, privateKey); // then - final KeyStore actualKeyStore = KeyStore.getInstance(PKCS12); + final KeyStore actualKeyStore = KeyStore.getInstance(conversionTarget); actualKeyStore.load(new ByteArrayInputStream(result), password.toCharArray()); final Certificate[] actualChain = actualKeyStore.getCertificateChain(alias); @@ -93,17 +97,18 @@ class PemToPKCS12ConverterTest { assertArrayEquals(expectedChain, actualChain); } - @Test - void convertKeystoreShouldThrowPemToPKCS12ConverterExceptionBecauseOfWrongPassword() throws IOException { + @ParameterizedTest + @ValueSource(strings = {PKCS12, JKS}) + void convertKeystoreShouldThrowPemConverterExceptionBecauseOfWrongPassword(String conversionTarget) throws IOException { // given final String alias = "keystore-entry"; final Password password = new Password("apple"); final List certificateChain = getCertificates(); - final PemToPKCS12Converter converter = new PemToPKCS12Converter(); + final PemConverter converter = new PemConverter(conversionTarget); privateKeyMockSetup(); // when - Exception exception = assertThrows(PemToPKCS12ConverterException.class, () -> + Exception exception = assertThrows(PemConversionException.class, () -> converter.convertKeystore(certificateChain, password, alias, privateKey) ); @@ -111,18 +116,19 @@ class PemToPKCS12ConverterTest { assertEquals(PASSWORD_ERROR_MSG, exception.getMessage()); } - @Test - void convertTruststoreShouldReturnTruststoreWithGivenCertificatesArray() - throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException, PemToPKCS12ConverterException { + @ParameterizedTest + @ValueSource(strings = {PKCS12, JKS}) + void convertTruststoreShouldReturnTruststoreWithGivenCertificatesArray(String conversionTarget) + throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException, PemConversionException { // given - final PemToPKCS12Converter converter = new PemToPKCS12Converter(); + final PemConverter converter = new PemConverter(conversionTarget); final String alias = "trusted-certificate-"; final String alias1 = alias + 1; final String alias2 = alias + 2; final Password password = new Password("9z6oFx1epRSCuBWU4Er8i_0y"); final List trustedCertificates = getCertificates(); - final KeyStore expectedTrustStore = KeyStore.getInstance(PKCS12); + final KeyStore expectedTrustStore = KeyStore.getInstance(conversionTarget); expectedTrustStore.load(new ByteArrayInputStream(Files.readAllBytes(Path.of(EXPECTED_TRUSTSTORE_PATH))), password.toCharArray()); @@ -130,7 +136,7 @@ class PemToPKCS12ConverterTest { final byte[] result = converter.convertTruststore(trustedCertificates, password, alias); // then - final KeyStore actualKeyStore = KeyStore.getInstance(PKCS12); + final KeyStore actualKeyStore = KeyStore.getInstance(conversionTarget); actualKeyStore.load(new ByteArrayInputStream(result), password.toCharArray()); assertTrue(actualKeyStore.containsAlias(alias1)); @@ -139,45 +145,47 @@ class PemToPKCS12ConverterTest { assertEquals(expectedTrustStore.getCertificate(alias2), actualKeyStore.getCertificate(alias2)); } - @Test - void convertTruststoreShouldThrowPemToPKCS12ConverterExceptionBecauseOfWrongPassword() throws IOException { + @ParameterizedTest + @ValueSource(strings = {PKCS12, JKS}) + void convertTruststoreShouldThrowPemConverterExceptionBecauseOfWrongPassword(String conversionTarget) throws IOException { // given final String alias = "trusted-certificate-"; final Password password = new Password("nokia"); final List trustedCertificates = getCertificates(); - final PemToPKCS12Converter converter = new PemToPKCS12Converter(); + final PemConverter converter = new PemConverter(conversionTarget); // when then assertThatThrownBy(() -> converter.convertTruststore(trustedCertificates, password, alias)) - .isInstanceOf(PemToPKCS12ConverterException.class).hasMessage(PASSWORD_ERROR_MSG); + .isInstanceOf(PemConversionException.class).hasMessage(PASSWORD_ERROR_MSG); } @Test - void convertKeystoreShouldThrowPemToPKCS12ConverterExceptionBecauseOfWrongPrivateKey() throws IOException { + void convertKeystoreShouldThrowPemConverterExceptionBecauseOfWrongPrivateKey() throws IOException { // given final String alias = "keystore-entry"; final Password password = new Password("d9D_u8LooYaXH4G48DtN#vw0"); final List certificateChain = getCertificates(); - final PemToPKCS12Converter converter = new PemToPKCS12Converter(); + final PemConverter converter = new PemConverter(PKCS12); // when then assertThatThrownBy(() -> converter.convertKeystore(certificateChain, password, alias, privateKey)) - .isInstanceOf(PemToPKCS12ConverterException.class).hasMessage(KEY_ERROR_MSG); + .isInstanceOf(PemConversionException.class).hasMessage(KEY_ERROR_MSG); } - @Test - void convertKeystoreShouldThrowPemToPKCS12ConverterExceptionBecauseOfWrongCertificates() { + @ParameterizedTest + @ValueSource(strings = {PKCS12, JKS}) + void convertKeystoreShouldThrowPemConverterExceptionBecauseOfWrongCertificates(String conversionTarget) { // given final String alias = "keystore-entry"; final Password password = new Password("d9D_u8LooYaXH4G48DtN#vw0"); final List certificateChain = List.of("certificate1", "certificate2"); - final PemToPKCS12Converter converter = new PemToPKCS12Converter(); + final PemConverter converter = new PemConverter(conversionTarget); privateKeyMockSetup(); // when then assertThatThrownBy(() -> converter.convertKeystore(certificateChain, password, alias, privateKey)) - .isInstanceOf(PemToPKCS12ConverterException.class).hasMessage(CERTIFICATES_ERROR_MSG); + .isInstanceOf(PemConversionException.class).hasMessage(CERTIFICATES_ERROR_MSG); } private void privateKeyMockSetup() { @@ -194,4 +202,4 @@ class PemToPKCS12ConverterTest { Path.of(CERT2_PATH), StandardCharsets.UTF_8) ); } -} \ No newline at end of file +} -- 2.16.6