From c4047c754b96f63e5c7675969937967aa739bd2f Mon Sep 17 00:00:00 2001 From: Michal Banka Date: Mon, 23 Mar 2020 15:03:10 +0100 Subject: [PATCH] Add validation for uniqueness of CA names Signed-off-by: Michal Banka Change-Id: Icfa9ee0f78d360a4f640904bb9077a10f15497ed Issue-ID: AAF-1107 --- .../certification/X509CertificateBuilder.java | 2 +- .../configuration/CmpServersConfigLoader.java | 9 ++--- ...ava => Cmpv2ServersConfigurationValidator.java} | 26 ++++++++++++-- .../configuration/CmpServersConfigLoaderTest.java | 7 ++-- ...=> Cmpv2ServersConfigurationValidatorTest.java} | 40 +++++++++++++++++----- 5 files changed, 65 insertions(+), 19 deletions(-) rename certService/src/main/java/org/onap/aaf/certservice/certification/configuration/validation/{Cmpv2ServerConfigurationValidator.java => Cmpv2ServersConfigurationValidator.java} (67%) rename certService/src/test/java/org/onap/aaf/certservice/certification/configuration/validation/{Cmpv2ServerConfigurationValidatorTest.java => Cmpv2ServersConfigurationValidatorTest.java} (85%) diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/X509CertificateBuilder.java b/certService/src/main/java/org/onap/aaf/certservice/certification/X509CertificateBuilder.java index 70591759..5b24c653 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/X509CertificateBuilder.java +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/X509CertificateBuilder.java @@ -38,7 +38,7 @@ public class X509CertificateBuilder { private static final int SECURE_NEXT_BYTES = 16; private static final int VALID_PERIOD_IN_DAYS = 365; - public X509v3CertificateBuilder build(PKCS10CertificationRequest csr) throws IOException { + X509v3CertificateBuilder build(PKCS10CertificationRequest csr) throws IOException { return new X509v3CertificateBuilder(csr.getSubject(), createSerial(), Date.from(LocalDateTime.now().toInstant(ZoneOffset.UTC)), Date.from(LocalDateTime.now().plusDays(VALID_PERIOD_IN_DAYS).toInstant(ZoneOffset.UTC)), diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/CmpServersConfigLoader.java b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/CmpServersConfigLoader.java index 696ae564..101712e2 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/CmpServersConfigLoader.java +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/CmpServersConfigLoader.java @@ -25,9 +25,10 @@ import java.io.File; import java.io.IOException; import java.security.InvalidParameterException; import java.util.List; + import org.onap.aaf.certservice.certification.configuration.model.CmpServers; import org.onap.aaf.certservice.certification.configuration.model.Cmpv2Server; -import org.onap.aaf.certservice.certification.configuration.validation.Cmpv2ServerConfigurationValidator; +import org.onap.aaf.certservice.certification.configuration.validation.Cmpv2ServersConfigurationValidator; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; @@ -37,17 +38,17 @@ class CmpServersConfigLoader { private static final String LOADING_EXCEPTION_MESSAGE = "Exception occurred during CMP Servers configuration loading"; private static final String VALIDATION_EXCEPTION_MESSAGE = "Validation of CMPv2 servers configuration failed"; - private final Cmpv2ServerConfigurationValidator validator; + private final Cmpv2ServersConfigurationValidator validator; @Autowired - CmpServersConfigLoader(Cmpv2ServerConfigurationValidator validator) { + CmpServersConfigLoader(Cmpv2ServersConfigurationValidator validator) { this.validator = validator; } List load(String path) throws CmpServersConfigLoadingException { try { List servers = loadConfigFromFile(path).getCmpv2Servers(); - servers.forEach(validator::validate); + validator.validate(servers); return servers; } catch (IOException e) { throw new CmpServersConfigLoadingException(LOADING_EXCEPTION_MESSAGE, e); diff --git a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/validation/Cmpv2ServerConfigurationValidator.java b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/validation/Cmpv2ServersConfigurationValidator.java similarity index 67% rename from certService/src/main/java/org/onap/aaf/certservice/certification/configuration/validation/Cmpv2ServerConfigurationValidator.java rename to certService/src/main/java/org/onap/aaf/certservice/certification/configuration/validation/Cmpv2ServersConfigurationValidator.java index 736a65d1..3cf7fdf7 100644 --- a/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/validation/Cmpv2ServerConfigurationValidator.java +++ b/certService/src/main/java/org/onap/aaf/certservice/certification/configuration/validation/Cmpv2ServersConfigurationValidator.java @@ -27,22 +27,42 @@ import org.springframework.stereotype.Service; import javax.validation.ConstraintViolation; import javax.validation.Validator; import java.security.InvalidParameterException; +import java.util.List; import java.util.Set; @Service -public class Cmpv2ServerConfigurationValidator { +public class Cmpv2ServersConfigurationValidator { private final Validator validator; @Autowired - public Cmpv2ServerConfigurationValidator(Validator validator) { + public Cmpv2ServersConfigurationValidator(Validator validator) { this.validator = validator; } - public void validate(Cmpv2Server serverDetails) { + public void validate(List servers) { + servers.forEach(this::validateServer); + validateUniqueCaNames(servers); + } + + private void validateServer(Cmpv2Server serverDetails) { Set> violations = validator.validate(serverDetails); if (!violations.isEmpty()) { throw new InvalidParameterException(violations.toString()); } } + + private void validateUniqueCaNames(List servers) { + long distinctCAs = getNumberOfUniqueCaNames(servers); + if (servers.size() != distinctCAs) { + throw new InvalidParameterException("CA names are not unique within given CMPv2 servers"); + } + } + + private long getNumberOfUniqueCaNames(List servers) { + return servers.stream().map(Cmpv2Server::getCaName) + .distinct() + .count(); + } + } diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/CmpServersConfigLoaderTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/CmpServersConfigLoaderTest.java index 61970050..87964295 100644 --- a/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/CmpServersConfigLoaderTest.java +++ b/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/CmpServersConfigLoaderTest.java @@ -39,7 +39,7 @@ import org.springframework.test.context.junit.jupiter.SpringExtension; class CmpServersConfigLoaderTest { private static final String EXISTING_CONFIG_FILENAME = "cmpServers.json"; private static final String INVALID_CONFIG_FILENAME = "invalidCmpServers.json"; - private static final String NONEXISTENT_CONFIG_FILENAME = "nonExisting_cmpServers.json"; + private static final String NONEXISTENT_CONFIG_FILENAME = "nonExistingCmpServers.json"; private static final Map EXPECTED_FIRST_CMP_SERVER = Map.of( "CA_NAME", "TEST", @@ -99,10 +99,11 @@ class CmpServersConfigLoaderTest { // Then assertThat(exception.getMessage()).contains("Validation of CMPv2 servers configuration failed"); + assertThat(exception.getCause().getMessage()).contains("authentication"); } - private String getResourcePath(String invalidConfigFilename) { - return getClass().getClassLoader().getResource(invalidConfigFilename).getFile(); + private String getResourcePath(String configFilename) { + return getClass().getClassLoader().getResource(configFilename).getFile(); } private void verifyThatCmpServerEquals(Cmpv2Server cmpv2Server, Map expected) { diff --git a/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/validation/Cmpv2ServerConfigurationValidatorTest.java b/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/validation/Cmpv2ServersConfigurationValidatorTest.java similarity index 85% rename from certService/src/test/java/org/onap/aaf/certservice/certification/configuration/validation/Cmpv2ServerConfigurationValidatorTest.java rename to certService/src/test/java/org/onap/aaf/certservice/certification/configuration/validation/Cmpv2ServersConfigurationValidatorTest.java index 1c021b43..6db77753 100644 --- a/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/validation/Cmpv2ServerConfigurationValidatorTest.java +++ b/certService/src/test/java/org/onap/aaf/certservice/certification/configuration/validation/Cmpv2ServersConfigurationValidatorTest.java @@ -20,8 +20,6 @@ package org.onap.aaf.certservice.certification.configuration.validation; -import static org.junit.jupiter.api.Assertions.assertDoesNotThrow; -import static org.junit.jupiter.api.Assertions.assertThrows; import org.bouncycastle.asn1.x500.X500Name; import org.junit.jupiter.api.BeforeEach; @@ -35,28 +33,47 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit.jupiter.SpringExtension; +import java.security.InvalidParameterException; +import java.util.ArrayList; +import java.util.List; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.junit.jupiter.api.Assertions.assertDoesNotThrow; +import static org.junit.jupiter.api.Assertions.assertThrows; + @ExtendWith(SpringExtension.class) @ContextConfiguration(classes = CertServiceApplication.class) -class Cmpv2ServerConfigurationValidatorTest { +class Cmpv2ServersConfigurationValidatorTest { private static final String EMPTY_STRING = ""; @Autowired - private Cmpv2ServerConfigurationValidator validator; + private Cmpv2ServersConfigurationValidator validator; private Authentication authentication; private Cmpv2Server server; + private List servers; @BeforeEach private void init() { setAuthentication(); setServerConfiguration(); + servers = new ArrayList<>(); + servers.add(server); } @Test - void shouldNotThrowExceptionWhenServerConfigurationIsValid() { + void shouldThrowExceptionWhenCaNamesAreNotUnique() { + // Given + servers.add(server); + + // When + Exception exception = assertThrows( + InvalidParameterException.class, + () -> validator.validate(servers)); + // Then - assertDoesNotThrow(() -> validator.validate(server)); + assertThat(exception.getMessage()).contains("CA names are not unique within given CMPv2 servers"); } @Test @@ -168,8 +185,14 @@ class Cmpv2ServerConfigurationValidatorTest { assertExceptionIsThrown(); } + @Test + void shouldNotThrowExceptionWhenServerConfigurationIsValid() { + // Then + assertDoesNotThrow(() -> validator.validate(servers)); + } + private void assertExceptionIsThrown() { - assertThrows(IllegalArgumentException.class, () -> validator.validate(server)); + assertThrows(IllegalArgumentException.class, () -> validator.validate(servers)); } private void setServerConfiguration() { @@ -186,4 +209,5 @@ class Cmpv2ServerConfigurationValidatorTest { authentication.setRv("testRV"); authentication.setIak("testIAK"); } -} + +} \ No newline at end of file -- 2.16.6