From fd94a0f31c85d941330b43dcb2baa8ad4aa39270 Mon Sep 17 00:00:00 2001 From: Tomasz Wrobel Date: Wed, 18 Nov 2020 07:55:55 +0100 Subject: [PATCH] [OOM CERT-SERVICE-API] Add support for URI, IP, E-mail in SANs Issue-ID: OOM-2632 Change-Id: I903c31ebe05521e281753cb847001ba99275f758 Signed-off-by: Tomasz Wrobel --- .../certservice/certification/model/CsrModel.java | 39 ++++--- .../cmpv2client/impl/CmpClientImpl.java | 2 +- .../cmpv2client/impl/CmpMessageHelper.java | 17 +-- .../cmpv2client/impl/CreateCertRequest.java | 10 +- .../certification/CsrModelFactoryTest.java | 32 +++--- .../oom/certservice/certification/TestData.java | 123 +++++++++++---------- .../certification/model/CsrModelTest.java | 69 ++++++------ .../certservice/cmpv2client/Cmpv2ClientTest.java | 3 +- 8 files changed, 145 insertions(+), 150 deletions(-) diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/model/CsrModel.java b/certService/src/main/java/org/onap/oom/certservice/certification/model/CsrModel.java index 7cba1949..2573c978 100644 --- a/certService/src/main/java/org/onap/oom/certservice/certification/model/CsrModel.java +++ b/certService/src/main/java/org/onap/oom/certservice/certification/model/CsrModel.java @@ -29,11 +29,8 @@ import java.security.spec.InvalidKeySpecException; import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.X509EncodedKeySpec; import java.util.Arrays; -import java.util.Collections; -import java.util.List; -import java.util.Objects; -import java.util.stream.Collectors; +import java.util.stream.Collectors; import org.bouncycastle.asn1.x500.X500Name; import org.bouncycastle.asn1.x509.Extension; import org.bouncycastle.asn1.x509.Extensions; @@ -53,10 +50,10 @@ public class CsrModel { private final X500Name subjectData; private final PrivateKey privateKey; private final PublicKey publicKey; - private final List sans; + private final GeneralName[] sans; public CsrModel(PKCS10CertificationRequest csr, X500Name subjectData, PrivateKey privateKey, PublicKey publicKey, - List sans) { + GeneralName[] sans) { this.csr = csr; this.subjectData = subjectData; this.privateKey = privateKey; @@ -80,18 +77,24 @@ public class CsrModel { return publicKey; } - public List getSans() { + public GeneralName[] getSans() { return sans; } @Override public String toString() { - return "Subject: { " + subjectData + " ,SANs: " + sans + " }"; + return "CSR: { Subject: { " + subjectData + " }, SANs: [" + getSansInReadableFormat() + "] }"; } - public static class CsrModelBuilder { + private String getSansInReadableFormat() { + return Arrays.stream(this.sans) + .map(generalName -> generalName.getName().toString()) + .collect(Collectors.joining(", ")); + } + public static class CsrModelBuilder { private final PKCS10CertificationRequest csr; + private final PemObject privateKey; public CsrModel build() throws DecryptionException { @@ -99,7 +102,7 @@ public class CsrModel { X500Name subjectData = getSubjectData(); PrivateKey javaPrivateKey = convertingPemPrivateKeyToJavaSecurityPrivateKey(getPrivateKey()); PublicKey javaPublicKey = convertingPemPublicKeyToJavaSecurityPublicKey(getPublicKey()); - List sans = getSansData(); + GeneralName[] sans = getSansData(); return new CsrModel(csr, subjectData, javaPrivateKey, javaPublicKey, sans); } @@ -125,15 +128,12 @@ public class CsrModel { return csr.getSubject(); } - private List getSansData() { + private GeneralName[] getSansData() { if (!isAttrsEmpty() && !isAttrsValuesEmpty()) { Extensions extensions = Extensions.getInstance(csr.getAttributes()[0].getAttrValues().getObjectAt(0)); - GeneralName[] arrayOfAlternativeNames = - GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName).getNames(); - return Arrays.stream(arrayOfAlternativeNames).map(GeneralName::getName).map(Objects::toString) - .collect(Collectors.toList()); + return GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName).getNames(); } - return Collections.emptyList(); + return new GeneralName[0]; } private boolean isAttrsValuesEmpty() { @@ -145,7 +145,7 @@ public class CsrModel { } private PrivateKey convertingPemPrivateKeyToJavaSecurityPrivateKey(PemObject privateKey) - throws KeyDecryptionException { + throws KeyDecryptionException { try { KeyFactory factory = KeyFactory.getInstance("RSA"); PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(privateKey.getContent()); @@ -154,9 +154,8 @@ public class CsrModel { throw new KeyDecryptionException("Converting Private Key failed", e.getCause()); } } - private PublicKey convertingPemPublicKeyToJavaSecurityPublicKey(PemObject publicKey) - throws KeyDecryptionException { + throws KeyDecryptionException { try { KeyFactory factory = KeyFactory.getInstance("RSA"); X509EncodedKeySpec keySpec = new X509EncodedKeySpec(publicKey.getContent()); @@ -165,6 +164,6 @@ public class CsrModel { throw new KeyDecryptionException("Converting Public Key from CSR failed", e.getCause()); } } - } + } } diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java index f5eddb58..6ff274c5 100644 --- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java +++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java @@ -86,7 +86,7 @@ public class CmpClientImpl implements CmpClient { CmpMessageBuilder.of(CreateCertRequest::new) .with(CreateCertRequest::setIssuerDn, server.getIssuerDN()) .with(CreateCertRequest::setSubjectDn, csrModel.getSubjectData()) - .with(CreateCertRequest::setSansList, csrModel.getSans()) + .with(CreateCertRequest::setSansArray, csrModel.getSans()) .with(CreateCertRequest::setSubjectKeyPair, keyPair) .with(CreateCertRequest::setNotBefore, notBefore) .with(CreateCertRequest::setNotAfter, notAfter) diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java index 844f85be..5c61aa9f 100644 --- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java +++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java @@ -31,9 +31,7 @@ import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import java.security.Signature; import java.security.SignatureException; -import java.util.ArrayList; import java.util.Date; -import java.util.List; import javax.crypto.Mac; import javax.crypto.SecretKey; import javax.crypto.spec.SecretKeySpec; @@ -109,11 +107,10 @@ public final class CmpMessageHelper { * * @return {@link Extensions}. */ - public static Extensions generateExtension(final List sansList) + public static Extensions generateExtension(final GeneralName[] sansArray) throws CmpClientException { LOG.info("Generating Extensions from Subject Alternative Names"); final ExtensionsGenerator extGenerator = new ExtensionsGenerator(); - final GeneralName[] sansGeneralNames = getGeneralNames(sansList); // KeyUsage try { final KeyUsage keyUsage = @@ -121,7 +118,7 @@ public final class CmpMessageHelper { KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.nonRepudiation); extGenerator.addExtension(Extension.keyUsage, false, new DERBitString(keyUsage)); extGenerator.addExtension( - Extension.subjectAlternativeName, false, new GeneralNames(sansGeneralNames)); + Extension.subjectAlternativeName, false, new GeneralNames(sansArray)); } catch (IOException ioe) { CmpClientException cmpClientException = new CmpClientException( @@ -132,16 +129,6 @@ public final class CmpMessageHelper { return extGenerator.generate(); } - public static GeneralName[] getGeneralNames(List sansList) { - final List nameList = new ArrayList<>(); - for (String san : sansList) { - nameList.add(new GeneralName(GeneralName.dNSName, san)); - } - final GeneralName[] sansGeneralNames = new GeneralName[nameList.size()]; - nameList.toArray(sansGeneralNames); - return sansGeneralNames; - } - /** * Method generates Proof-of-Possession (POP) of Private Key. To allow a CA/RA to properly * validity binding between an End Entity and a Key Pair, the PKI Operations specified here make diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CreateCertRequest.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CreateCertRequest.java index a0ba13d6..8d82b85b 100644 --- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CreateCertRequest.java +++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CreateCertRequest.java @@ -26,7 +26,6 @@ import static org.onap.oom.certservice.cmpv2client.impl.CmpUtil.generatePkiHeade import java.security.KeyPair; import java.util.Date; -import java.util.List; import org.bouncycastle.asn1.cmp.PKIBody; import org.bouncycastle.asn1.cmp.PKIHeader; @@ -37,6 +36,7 @@ import org.bouncycastle.asn1.crmf.CertRequest; import org.bouncycastle.asn1.crmf.CertTemplateBuilder; import org.bouncycastle.asn1.crmf.ProofOfPossession; import org.bouncycastle.asn1.x500.X500Name; +import org.bouncycastle.asn1.x509.GeneralName; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.onap.oom.certservice.cmpv2client.exceptions.CmpClientException; @@ -48,7 +48,7 @@ class CreateCertRequest { private X500Name issuerDn; private X500Name subjectDn; - private List sansList; + private GeneralName[] sansArray; private KeyPair subjectKeyPair; private Date notBefore; private Date notAfter; @@ -67,8 +67,8 @@ class CreateCertRequest { this.subjectDn = subjectDn; } - public void setSansList(List sansList) { - this.sansList = sansList; + public void setSansArray(GeneralName[] sansArray) { + this.sansArray = sansArray; } public void setSubjectKeyPair(KeyPair subjectKeyPair) { @@ -102,7 +102,7 @@ class CreateCertRequest { new CertTemplateBuilder() .setIssuer(issuerDn) .setSubject(subjectDn) - .setExtensions(CmpMessageHelper.generateExtension(sansList)) + .setExtensions(CmpMessageHelper.generateExtension(sansArray)) .setValidity(CmpMessageHelper.generateOptionalValidity(notBefore, notAfter)) .setPublicKey( SubjectPublicKeyInfo.getInstance(subjectKeyPair.getPublic().getEncoded())); diff --git a/certService/src/test/java/org/onap/oom/certservice/certification/CsrModelFactoryTest.java b/certService/src/test/java/org/onap/oom/certservice/certification/CsrModelFactoryTest.java index 75a6e81c..88cc6fb8 100644 --- a/certService/src/test/java/org/onap/oom/certservice/certification/CsrModelFactoryTest.java +++ b/certService/src/test/java/org/onap/oom/certservice/certification/CsrModelFactoryTest.java @@ -54,18 +54,12 @@ class CsrModelFactoryTest { // when CsrModel decryptedCsr = csrModelFactory - .createCsrModel(new StringBase64(encoderCsr), new StringBase64(encoderPK)); + .createCsrModel(new StringBase64(encoderCsr), new StringBase64(encoderPK)); - // then - assertTrue( - decryptedCsr.toString() - .contains( - "C=US,ST=California,L=San-Francisco,O=Linux-Foundation," - + "OU=ONAP,CN=onap.org,E=tester@onap.org") - && - decryptedCsr.toString() - .contains("SANs: [gerrit.onap.org, test.onap.org, onap.com]") - ); + assertTrue(decryptedCsr.toString() + .contains(TestData.EXPECTED_CERT_SUBJECT)); + assertTrue(decryptedCsr.toString() + .contains(TestData.EXPECTED_CERT_SANS)); } @Test @@ -76,8 +70,8 @@ class CsrModelFactoryTest { // when Exception exception = assertThrows( - CsrDecryptionException.class, () -> csrModelFactory - .createCsrModel(new StringBase64(wrongCsr), new StringBase64(encoderPK)) + CsrDecryptionException.class, () -> csrModelFactory + .createCsrModel(new StringBase64(wrongCsr), new StringBase64(encoderPK)) ); String expectedMessage = "Incorrect CSR, decryption failed"; @@ -95,8 +89,8 @@ class CsrModelFactoryTest { // when Exception exception = assertThrows( - KeyDecryptionException.class, () -> csrModelFactory - .createCsrModel(new StringBase64(wrongCsr), new StringBase64(encoderPK)) + KeyDecryptionException.class, () -> csrModelFactory + .createCsrModel(new StringBase64(wrongCsr), new StringBase64(encoderPK)) ); String expectedMessage = "Incorrect Key, decryption failed"; @@ -115,8 +109,8 @@ class CsrModelFactoryTest { // when Exception exception = assertThrows( - CsrDecryptionException.class, () -> csrModelFactory - .createCsrModel(new StringBase64(wrongCsr), new StringBase64(encoderPK)) + CsrDecryptionException.class, () -> csrModelFactory + .createCsrModel(new StringBase64(wrongCsr), new StringBase64(encoderPK)) ); String expectedMessage = "Incorrect CSR, decryption failed"; @@ -134,8 +128,8 @@ class CsrModelFactoryTest { // when Exception exception = assertThrows( - KeyDecryptionException.class, () -> csrModelFactory - .createCsrModel(new StringBase64(wrongCsr), new StringBase64(encoderPK)) + KeyDecryptionException.class, () -> csrModelFactory + .createCsrModel(new StringBase64(wrongCsr), new StringBase64(encoderPK)) ); String expectedMessage = "Incorrect Key, decryption failed"; diff --git a/certService/src/test/java/org/onap/oom/certservice/certification/TestData.java b/certService/src/test/java/org/onap/oom/certservice/certification/TestData.java index 81c16128..1c883f8e 100644 --- a/certService/src/test/java/org/onap/oom/certservice/certification/TestData.java +++ b/certService/src/test/java/org/onap/oom/certservice/certification/TestData.java @@ -25,71 +25,78 @@ public final class TestData { private TestData() { } - public static final String TEST_CSR = "" - + "-----BEGIN CERTIFICATE REQUEST-----\n" - + "MIIDIzCCAgsCAQAwgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh\n" - + "MRYwFAYDVQQHDA1TYW4tRnJhbmNpc2NvMRkwFwYDVQQKDBBMaW51eC1Gb3VuZGF0\n" - + "aW9uMQ0wCwYDVQQLDARPTkFQMREwDwYDVQQDDAhvbmFwLm9yZzEeMBwGCSqGSIb3\n" - + "DQEJARYPdGVzdGVyQG9uYXAub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" - + "CgKCAQEA13K1LrQ1L6eL7B8K4kucNct0sSjZe7Ww91V40s6mjcWajeFJk+pObZKz\n" - + "BfnImkVJwxdNMDD6tX16wykbGfQPyh4BBiAjLVk9XSeoPHFRBQ4LKTuyPtXhEXyr\n" - + "qwatYXGWZE554qq64pbReddOUJHgMc38SrOk/eMAKxB0uRrXpA0mPH7zwIZ4X8g2\n" - + "PoxJKI1BSYc8kOvvujsGSMw3e5nS8A+doFUwVi3jJMnaVCoZrvJbtREfXHZqBLQ5\n" - + "XQ8mNpIFfmGYF/tvW/O6LBdlZkuAQ9i4FBgf5+HdIVZOXrn09ksIZxW6vxIvAVi0\n" - + "5AOSgXictyphcNP2i/erBeCQCVB7MwIDAQABoEYwRAYJKoZIhvcNAQkOMTcwNTAz\n" - + "BgNVHREELDAqgg9nZXJyaXQub25hcC5vcmeCDXRlc3Qub25hcC5vcmeCCG9uYXAu\n" - + "Y29tMA0GCSqGSIb3DQEBCwUAA4IBAQBXH2nRwodQRJTuyrLe/VSg3PUdcPyAx2Ew\n" - + "63tWiGO+qWo8rK2a9Rr/t/zkQe2lx6NHqcMc2Rt6NeKGbrAvHGxTiYM35gktBdxG\n" - + "UaQS1ymrBWHAwbC+kv78r+5lCfafNm/EVdhUZbEw+crsw2wx4iKEW0byS4Ln0o5g\n" - + "aXVUW3i4G5FaYiYBUIDsujDdnH1IoxunEA6pDzDv1h6R9/TYu6Se8HToREIjOPBZ\n" - + "pDI5lDRu0YmI8r+TmAU3tTT1sY2WVxYDnhJut9ofegfMPQV4FIohxtPcCfoLSWti\n" - + "ml6jbcFqDvlzq3B3CXH9HU3jdJt33iSjCQGsSqy6bmCOdMS6XTPU\n" - + "-----END CERTIFICATE REQUEST-----\n"; + public static final String LOCALHOST_IP_IN_HEX = "#7f000001"; //127.0.0.1 + + public static final String EXPECTED_CERT_SUBJECT = "C=US,ST=California,L=San-Francisco,O=Linux-Foundation,OU=ONAP,CN=onap.org"; + public static final String EXPECTED_CERT_SANS = + "SANs: [localhost, onap.org, test.onap.org, onap@onap.org, " + LOCALHOST_IP_IN_HEX + ", onap://cluster.local/]"; + + + public static final String TEST_CSR = "-----BEGIN CERTIFICATE REQUEST-----\n" + + "MIIDNTCCAh0CAQAwdzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEx\n" + + "FjAUBgNVBAcTDVNhbi1GcmFuY2lzY28xGTAXBgNVBAoTEExpbnV4LUZvdW5kYXRp\n" + + "b24xDTALBgNVBAsTBE9OQVAxETAPBgNVBAMTCG9uYXAub3JnMIIBIjANBgkqhkiG\n" + + "9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxRYVFOosyABMq+yANz9phmYyfmHbw9F9r3Ca\n" + + "v1oZ2xw1LbF2HGBq8F45nXfMjX2H+Lxk8m/XmIDb+9lzINU6J6xmDrKZiiif5ORa\n" + + "oRENfQZNWkAWPguWyKGtHk6ueeSjS8D0SWwloc1g0hB3GREffocuJ24K+t2nXglf\n" + + "7XVgmHxjiE8k+pD3SUo5rA7Fx1TmLguEA8aCRGaYg/aofCNe9hDm34iqUzm5tPPQ\n" + + "OgR3Lpqx2JW0iJYbQXmX3cG/RE0qFl+rgrNhCd8ptX7IUiWtQmttssR3bE8JVgaf\n" + + "x9EU9GZ5dZXifSFJzs42UY7X6DPiQDFerfWRNc3dRTYBlkbTiwIDAQABoHkwdwYJ\n" + + "KoZIhvcNAQkOMWowaDBZBgNVHREEUjBQgglsb2NhbGhvc3SCCG9uYXAub3Jngg10\n" + + "ZXN0Lm9uYXAub3JngQ1vbmFwQG9uYXAub3JnhwR/AAABhhVvbmFwOi8vY2x1c3Rl\n" + + "ci5sb2NhbC8wCwYDVR0PBAQDAgWgMA0GCSqGSIb3DQEBCwUAA4IBAQAk9lRwbWyL\n" + + "VRWSM5cBiRK2nCKhfur20khHFQgYcPAD8BRXEk5/F0KBSBMNGMrBgOYqq3IYsoMc\n" + + "mvs9KKVqIV3+lBej2QTF3cxdHYPTrCvvkoheMYt5qqjkrQRbiydzj7/wvflmBXs1\n" + + "7TViU+TqoJ8q5DWTEvv0X5t/WF6sSIxFHHKD7otDXPW5CAeqXO5A99bTrSiXmVAH\n" + + "72/n/JFHueURv+NbpHyBNXweezNnB5BDrrqduabkhn31ThA0wzePDNR02aXwxxHn\n" + + "77sSa3iuAN3IaVWYfxCOX4fEw8F+wMAAMTiWItM8Lc9DT5rsYeRHAZmOMVEnowc2\n" + + "3eKLFeWDIi2Z\n" + + "-----END CERTIFICATE REQUEST-----\n"; public static final String TEST_WRONG_CSR = "" - + "-----BEGIN CERTIFICATE REQUEST-----\n" - + "MIIDIzCCAgsCAQAwgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh\n" - + "MRYwFAYDVQQHDA1TYW4tRnJhbmNpc2NvMRkwFwYDVQQKDBBMaW51eC1Gb3VuZGF0\n" - + "aW9uMQ0wCwYDVQQLDARPTkFQMREwDwYDVQQDDAhvbmFwLm9yZzEeMBwGCSqGSIb3\n" - + "-----END CERTIFICATE REQUEST-----\n"; + + "-----BEGIN CERTIFICATE REQUEST-----\n" + + "MIIDIzCCAgsCAQAwgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh\n" + + "MRYwFAYDVQQHDA1TYW4tRnJhbmNpc2NvMRkwFwYDVQQKDBBMaW51eC1Gb3VuZGF0\n" + + "aW9uMQ0wCwYDVQQLDARPTkFQMREwDwYDVQQDDAhvbmFwLm9yZzEeMBwGCSqGSIb3\n" + + "-----END CERTIFICATE REQUEST-----\n"; public static final String TEST_PK = "-----BEGIN PRIVATE KEY-----\n" - + "MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDXcrUutDUvp4vs\n" - + "HwriS5w1y3SxKNl7tbD3VXjSzqaNxZqN4UmT6k5tkrMF+ciaRUnDF00wMPq1fXrD\n" - + "KRsZ9A/KHgEGICMtWT1dJ6g8cVEFDgspO7I+1eERfKurBq1hcZZkTnniqrriltF5\n" - + "105QkeAxzfxKs6T94wArEHS5GtekDSY8fvPAhnhfyDY+jEkojUFJhzyQ6++6OwZI\n" - + "zDd7mdLwD52gVTBWLeMkydpUKhmu8lu1ER9cdmoEtDldDyY2kgV+YZgX+29b87os\n" - + "F2VmS4BD2LgUGB/n4d0hVk5eufT2SwhnFbq/Ei8BWLTkA5KBeJy3KmFw0/aL96sF\n" - + "4JAJUHszAgMBAAECggEAJ1StdsU3IGf5xzUzi3Q6JCfsOZs3eLoGgGB+Gh3XkfIM\n" - + "8PG7uOEBSEeLnv+me2NCv/a1BKMsYY1yp8YNSIOhjkhD75ZWVaUA6syejcox/DZA\n" - + "G1rmg0oQOF0GCcbCSBOwXMdmwNZiH5Ng0llX1qWKxAzSjeCVsjOKiFIMvO4Fh9D4\n" - + "9Io6/dRRNCxB6MEs1GT5IDfCV2PGDIalJ3znFqDnfdu9RDEDfNVHSUr6Jdu3Hrf5\n" - + "3qCcSEkMGuXYLotCNtTP1x0H0wW5gVpcbQEb29qdmHL1qkp3UiA3afsHnO/3k0gv\n" - + "gV5FxaldugyZAjqUGERdKaY6BMDJkDuu0qD0tPQK4QKBgQDuP5X5BcQ4iHNej+il\n" - + "xxT8QaEcZj0YEzcXzfm3ztZP7g+Jc1MbQXh6BuHLkXG5LeCwdnmk+LUD0MLoUSm3\n" - + "N2ZdtVuOHX7VEBrhrTwK/kMDpC7ganQzfvgOr9WQGmgGMRiUYAyK1J/x78yX967Z\n" - + "IAzdVZ/JSDdsyA983JckLL7CPQKBgQDngDkEJKYGfDt2mfItD8c8nhczGbDdoyYh\n" - + "s93ppTtgzFoNgFL4y/DOvisWMGgoeeYXSgH5uoPv6yY7IIkQzYySY6qQ3gmk1/X+\n" - + "bO+IsKVtlHBzqqojFteg3MfVojisMoAx6y5aBw1BXE2nAU8yWBTtuk+3KgGn9Oxk\n" - + "+Z4rdP06LwKBgA4b09zIW6NhaTubWBKhJHv/wvO0lj+bu7J8LyKUbBqVpXPlUXGW\n" - + "wfSv/aUZetuVfO3WRkPfupB8R16Ml+TSsgwwljhnRMCHUKA2qwyXnA5WJbSCeVkn\n" - + "Vrc/8Gy1M53SQHtg6L079DDWm44QS9ltzXU6Adlgnm+htVEWmxi4UZ+dAoGAfr6z\n" - + "+LG7+GcCA2AruEIgOe7wErkpHV+am+8nOymMxeV8FFJCmxbFQ9vYKTDdhfOfZvbM\n" - + "+BYG8E8VQmAAyyNOqENK+j+mlgrrEp4/0t2r5L/VhW5V8hoqelcGTc+gKZ8IkswJ\n" - + "N58Owc8wcJQF8TFKXBGaXVTxTSyKVIpZ778AeV8CgYAAvuicDkdwWv5EhDFf3aTI\n" - + "wfRFYflA6oiygnI63HzVyY4a+SyZs+nQpB5HBDo+Lyz8RaVRC5E7jQ8kiXJpxAu7\n" - + "1wnspz+pa3q61yR32N+zGuub71FXdLWSOlys6rzJqvqYihKxY22C2TyDyBCR2tMj\n" - + "mdnshXNAJfKkfghkJhFHrg==\n" - + "-----END PRIVATE KEY-----"; + + "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDFFhUU6izIAEyr\n" + + "7IA3P2mGZjJ+YdvD0X2vcJq/WhnbHDUtsXYcYGrwXjmdd8yNfYf4vGTyb9eYgNv7\n" + + "2XMg1TonrGYOspmKKJ/k5FqhEQ19Bk1aQBY+C5bIoa0eTq555KNLwPRJbCWhzWDS\n" + + "EHcZER9+hy4nbgr63adeCV/tdWCYfGOITyT6kPdJSjmsDsXHVOYuC4QDxoJEZpiD\n" + + "9qh8I172EObfiKpTObm089A6BHcumrHYlbSIlhtBeZfdwb9ETSoWX6uCs2EJ3ym1\n" + + "fshSJa1Ca22yxHdsTwlWBp/H0RT0Znl1leJ9IUnOzjZRjtfoM+JAMV6t9ZE1zd1F\n" + + "NgGWRtOLAgMBAAECggEABG7Etp21uCHZl5xQHe39L5qo1BLbYIIbs5Byyo76OeVe\n" + + "hNKS93xrq1BTN2l0XlJOdpe2JYXCcZmkWPvBDSH+ltnXycjWjzbusbU5HJpHlWJI\n" + + "5xi951NXZtfMDvxyDCfKTG/gjq4yAnueC9t28kdiT/Q2Y4ikEpRdqU3IrIyRSZyo\n" + + "duBWfr3ADU5xxnWcTt61vpAQsYh4XiwosyBhXTwsMnWgRkOr6e4Vu2J+wL6vUid7\n" + + "7VOr8PtOu73CjYA7zIy0XSOrRq5Q3H7eGgyln0AQtaO0qO2COJHa6cv3yIgesSUL\n" + + "8ltiWAGiZZ6qZ72B3tDnKmoEkuvE1/KpeitewGcKkQKBgQDxqHR9IJBOBRjjmyKi\n" + + "ra54mJjKwHQ5dxJQpVFLEIRL2H3ujjRNH3ggLAOiH02TqZGS3fnTsTsApnkpy5J/\n" + + "qtysjV0SFxP0gprQQ1wM64NWTaeDAt9lXII918YrALAAR86ikrTxOyoS1kqOSEmX\n" + + "QZu3VrgkAvs+V5ckvEXjZWxO1wKBgQDQyHErT7aJeUBukj6skahnzhmVNTmjsn3P\n" + + "zyy/cOmBz8wn7JsxgTdpWETpHOVsO0G5wg9Ts7V3Krh6AmrEf/6/NlWLdygDfIvM\n" + + "9Jxc8D2dLEUUm18jw15tEsQtItj3Rt0e5GJiQO1rNBMb+2Q8FDlX1tu0xgMMZ4En\n" + + "izjnAEKObQKBgHnWZrTXgCn14/CNPM8sJfTjatV+Zpq6b999GhlwgGMFCakGxVPE\n" + + "8/m0dzh7887pBV440EZs6sSPKjNqUbhQWuYcd7oxLHxwhMFP1M8mxpbym+wvvJYM\n" + + "KBYp/d2cgSADFClfMh8Vp0bMB9bol0HNcEblT/3ICwgJfUimK85USmENAoGBAMnl\n" + + "O0LF19/C6CLEu2THihGvxR97k9yPy4f8cOpD9xq35lWpQT4zFXGCkUjXz6fE+b73\n" + + "QTkQ7GdrYW9jDPouSBuCIGE4ffI5KzusQ9S/4OUvnTHbObpsv9A8OIbpTuR4m3W3\n" + + "JsiavrxPZDdH99r9N6KQvG9omCQTp1qlEAaaQsJVAoGBAO4ccgmzbku62OKLIAqy\n" + + "JN4Z8i9PaCEPgqfs0THMIKuj1l8FO723zTZMwsBWgZ4Gd32EbYW9tbwvLblGdd6H\n" + + "xAXLfLjRWefKm6i2iIdkeNMJmTTCYjHFyoTe84Miq9d3cEnW7s055Pm1uxRPXYk+\n" + + "GFRpHltg2qX2u6M8ryskAMah\n" + + "-----END PRIVATE KEY-----\n"; public static final String TEST_PEM = "" - + "-----BEGIN CERTIFICATE REQUEST-----\n" - + "MIIDIzCCAgsCAQAwgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh\n" - + "-----END CERTIFICATE REQUEST-----\n"; + + "-----BEGIN CERTIFICATE REQUEST-----\n" + + "MIIDIzCCAgsCAQAwgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh\n" + + "-----END CERTIFICATE REQUEST-----\n"; public static final String TEST_WRONG_PEM = "" - + "-----BEGIN WRONG REQUEST-----" - + "MIIDIzCCAgsCAQAwgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh" - + "-----END WRONG REQUEST-----"; + + "-----BEGIN WRONG REQUEST-----" + + "MIIDIzCCAgsCAQAwgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh" + + "-----END WRONG REQUEST-----"; } diff --git a/certService/src/test/java/org/onap/oom/certservice/certification/model/CsrModelTest.java b/certService/src/test/java/org/onap/oom/certservice/certification/model/CsrModelTest.java index 7981b271..84c1cca0 100644 --- a/certService/src/test/java/org/onap/oom/certservice/certification/model/CsrModelTest.java +++ b/certService/src/test/java/org/onap/oom/certservice/certification/model/CsrModelTest.java @@ -20,12 +20,16 @@ package org.onap.oom.certservice.certification.model; +import java.util.Arrays; +import java.util.List; +import java.util.stream.Collectors; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.pkcs.PKCS10CertificationRequest; import org.bouncycastle.util.io.pem.PemObject; import org.junit.jupiter.api.Test; import org.onap.oom.certservice.certification.Pkcs10CertificationRequestFactory; import org.onap.oom.certservice.certification.PemObjectFactory; +import org.onap.oom.certservice.certification.TestData; import org.onap.oom.certservice.certification.exception.CsrDecryptionException; import org.onap.oom.certservice.certification.exception.DecryptionException; import org.onap.oom.certservice.certification.exception.KeyDecryptionException; @@ -37,6 +41,7 @@ import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; +import static org.onap.oom.certservice.certification.TestData.LOCALHOST_IP_IN_HEX; import static org.onap.oom.certservice.certification.TestData.TEST_CSR; import static org.onap.oom.certservice.certification.TestData.TEST_PEM; import static org.onap.oom.certservice.certification.TestData.TEST_PK; @@ -45,9 +50,9 @@ import static org.onap.oom.certservice.certification.TestData.TEST_PK; class CsrModelTest { private final Pkcs10CertificationRequestFactory certificationRequestFactory - = new Pkcs10CertificationRequestFactory(); + = new Pkcs10CertificationRequestFactory(); private final PemObjectFactory pemObjectFactory - = new PemObjectFactory(); + = new PemObjectFactory(); @Test void shouldByConstructedAndReturnProperFields() throws DecryptionException, IOException { @@ -58,20 +63,22 @@ class CsrModelTest { // When CsrModel csrModel = generateTestCsrModel(testCsr); - + List sansList = Arrays.stream(csrModel.getSans()) + .map(generalName -> generalName.getName().toString()) + .collect(Collectors.toList()); // Then assertThat(csrModel.getCsr()) - .isEqualTo(testCsr); + .isEqualTo(testCsr); assertThat(csrModel.getPrivateKey().getEncoded()) - .contains(testPrivateKey.getContent()); + .contains(testPrivateKey.getContent()); assertThat(csrModel.getPublicKey().getEncoded()) - .contains(testPublicKey.getContent()); - assertThat(csrModel.getSans()) - .contains( - "gerrit.onap.org", "test.onap.org", "onap.com"); + .contains(testPublicKey.getContent()); + assertThat(sansList) + .contains("localhost", "onap.org", "test.onap.org", "onap@onap.org", LOCALHOST_IP_IN_HEX, + "onap://cluster.local/"); + assertThat(csrModel.getSubjectData().toString()) - .contains( - "C=US,ST=California,L=San-Francisco,O=Linux-Foundation,OU=ONAP,CN=onap.org,E=tester@onap.org"); + .contains(TestData.EXPECTED_CERT_SUBJECT); } @Test @@ -81,14 +88,14 @@ class CsrModelTest { PKCS10CertificationRequest testCsr = mock(PKCS10CertificationRequest.class); SubjectPublicKeyInfo wrongKryInfo = mock(SubjectPublicKeyInfo.class); when(testCsr.getSubjectPublicKeyInfo()) - .thenReturn(wrongKryInfo); + .thenReturn(wrongKryInfo); when(wrongKryInfo.getEncoded()) - .thenThrow(new IOException()); + .thenThrow(new IOException()); // When Exception exception = assertThrows( - CsrDecryptionException.class, - () -> new CsrModel.CsrModelBuilder(testCsr, testPrivateKey).build() + CsrDecryptionException.class, + () -> new CsrModel.CsrModelBuilder(testCsr, testPrivateKey).build() ); String expectedMessage = "Reading Public Key from CSR failed"; @@ -105,14 +112,14 @@ class CsrModelTest { PKCS10CertificationRequest testCsr = mock(PKCS10CertificationRequest.class); SubjectPublicKeyInfo wrongKryInfo = mock(SubjectPublicKeyInfo.class); when(testCsr.getSubjectPublicKeyInfo()) - .thenReturn(wrongKryInfo); + .thenReturn(wrongKryInfo); when(wrongKryInfo.getEncoded()) - .thenThrow(new IOException()); + .thenThrow(new IOException()); // When Exception exception = assertThrows( - KeyDecryptionException.class, - () -> new CsrModel.CsrModelBuilder(testCsr, testPrivateKey).build() + KeyDecryptionException.class, + () -> new CsrModel.CsrModelBuilder(testCsr, testPrivateKey).build() ); String expectedMessage = "Converting Private Key failed"; @@ -130,14 +137,14 @@ class CsrModelTest { PKCS10CertificationRequest testCsr = mock(PKCS10CertificationRequest.class); SubjectPublicKeyInfo wrongKryInfo = mock(SubjectPublicKeyInfo.class); when(testCsr.getSubjectPublicKeyInfo()) - .thenReturn(wrongKryInfo); + .thenReturn(wrongKryInfo); when(wrongKryInfo.getEncoded()) - .thenReturn(testPublicKey.getContent()); + .thenReturn(testPublicKey.getContent()); // When Exception exception = assertThrows( - KeyDecryptionException.class, - () -> new CsrModel.CsrModelBuilder(testCsr, testPrivateKey).build() + KeyDecryptionException.class, + () -> new CsrModel.CsrModelBuilder(testCsr, testPrivateKey).build() ); String expectedMessage = "Converting Public Key from CSR failed"; @@ -150,20 +157,20 @@ class CsrModelTest { private PemObject getPemPrivateKey() throws KeyDecryptionException { PemObjectFactory pemObjectFactory = new PemObjectFactory(); return pemObjectFactory.createPemObject(TEST_PK).orElseThrow( - () -> new KeyDecryptionException("Private key decoding fail") + () -> new KeyDecryptionException("Private key decoding fail") ); } private PemObject getPemWrongKey() throws KeyDecryptionException { PemObjectFactory pemObjectFactory = new PemObjectFactory(); return pemObjectFactory.createPemObject(TEST_PEM).orElseThrow( - () -> new KeyDecryptionException("Private key decoding fail") + () -> new KeyDecryptionException("Private key decoding fail") ); } private CsrModel generateTestCsrModel(PKCS10CertificationRequest testCsr) throws DecryptionException { PemObject testPrivateKey = pemObjectFactory.createPemObject(TEST_PK).orElseThrow( - () -> new DecryptionException("Incorrect Private Key, decryption failed") + () -> new DecryptionException("Incorrect Private Key, decryption failed") ); return new CsrModel.CsrModelBuilder(testCsr, testPrivateKey).build(); } @@ -175,11 +182,11 @@ class CsrModelTest { private PKCS10CertificationRequest generateTestCertificationRequest() throws DecryptionException { return pemObjectFactory.createPemObject(TEST_CSR) - .flatMap( - certificationRequestFactory::createPkcs10CertificationRequest - ).orElseThrow( - () -> new DecryptionException("Incorrect CSR, decryption failed") - ); + .flatMap( + certificationRequestFactory::createPkcs10CertificationRequest + ).orElseThrow( + () -> new DecryptionException("Incorrect CSR, decryption failed") + ); } } diff --git a/certService/src/test/java/org/onap/oom/certservice/cmpv2client/Cmpv2ClientTest.java b/certService/src/test/java/org/onap/oom/certservice/cmpv2client/Cmpv2ClientTest.java index 984e8c77..b09025b2 100644 --- a/certService/src/test/java/org/onap/oom/certservice/cmpv2client/Cmpv2ClientTest.java +++ b/certService/src/test/java/org/onap/oom/certservice/cmpv2client/Cmpv2ClientTest.java @@ -52,6 +52,7 @@ import org.apache.http.impl.client.CloseableHttpClient; import org.bouncycastle.asn1.x500.X500Name; import org.bouncycastle.asn1.x500.X500NameBuilder; import org.bouncycastle.asn1.x500.style.BCStyle; +import org.bouncycastle.asn1.x509.GeneralName; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.BeforeEach; @@ -273,7 +274,7 @@ class Cmpv2ClientTest { } private void setCsrModelAndServerValues(String iak, String rv, String externalCaUrl, Date notBefore, Date notAfter) { - csrModel = new CsrModel(null, dn, keyPair.getPrivate(), keyPair.getPublic(), Collections.emptyList()); + csrModel = new CsrModel(null, dn, keyPair.getPrivate(), keyPair.getPublic(), new GeneralName[0]); Authentication authentication = new Authentication(); authentication.setIak(iak); -- 2.16.6