import io.swagger.v3.oas.annotations.responses.ApiResponses;
import io.swagger.v3.oas.annotations.tags.Tag;
import org.onap.oom.certservice.certification.CertificationResponseModelFactory;
-import org.onap.oom.certservice.certification.exception.CertificateDecryptionException;
import org.onap.oom.certservice.certification.exception.DecryptionException;
import org.onap.oom.certservice.certification.exception.ErrorResponseModel;
import org.onap.oom.certservice.certification.model.CertificateUpdateModel;
@RequestHeader("PK") String encodedPrivateKey,
@RequestHeader("OLD_CERT") String encodedOldCert,
@RequestHeader("OLD_PK") String encodedOldPrivateKey
- ) throws DecryptionException, CmpClientException, CertificateDecryptionException {
+ ) throws DecryptionException, CmpClientException {
caName = replaceWhiteSpaceChars(caName);
LOGGER.info("Received certificate update request for CA named: {}", caName);
CertificateUpdateModel certificateUpdateModel = new CertificateUpdateModel.CertificateUpdateModelBuilder()
import org.onap.oom.certservice.certification.conversion.CsrModelFactory;
import org.onap.oom.certservice.certification.conversion.OldCertificateModelFactory;
import org.onap.oom.certservice.certification.conversion.StringBase64;
-import org.onap.oom.certservice.certification.exception.CertificateDecryptionException;
import org.onap.oom.certservice.certification.exception.DecryptionException;
import org.onap.oom.certservice.certification.model.CertificateUpdateModel;
import org.onap.oom.certservice.certification.model.CertificationResponseModel;
}
public CertificationResponseModel provideCertificationModelFromUpdateRequest(CertificateUpdateModel certificateUpdateModel)
- throws DecryptionException, CmpClientException, CertificateDecryptionException {
- LOGGER.info("CSR: " + certificateUpdateModel.getEncodedCsr() +
- ", old cert: " + certificateUpdateModel.getEncodedOldCert() +
- ", CA: " + certificateUpdateModel.getCaName());
+ throws DecryptionException, CmpClientException {
+ LOGGER.info("CSR: {}, old cert: {}, CA: {}", certificateUpdateModel.getEncodedCsr(),
+ certificateUpdateModel.getEncodedOldCert(), certificateUpdateModel.getCaName());
final CsrModel csrModel = csrModelFactory.createCsrModel(
new StringBase64(certificateUpdateModel.getEncodedCsr()),
new StringBase64(certificateUpdateModel.getEncodedPrivateKey())
return new OldCertificateModel(certificate, subjectData, sans, oldPrivateKey);
} catch (StringToCertificateConversionException e) {
throw new CertificateDecryptionException("Cannot convert certificate", e);
-
} catch (CertificateParsingException e) {
throw new CertificateDecryptionException("Cannot read Subject Alternative Names from certificate");
} catch (NoSuchAlgorithmException | KeyDecryptionException | CertificateEncodingException | InvalidKeySpecException e) {
package org.onap.oom.certservice.certification.exception;
-public class CertificateDecryptionException extends Exception {
+public class CertificateDecryptionException extends DecryptionException {
public CertificateDecryptionException(String message, Throwable cause) {
super(message, cause);
package org.onap.oom.certservice.certification.model;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x509.GeneralName;
-
import java.util.Arrays;
import java.util.Collections;
import java.util.Comparator;
import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;
+import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.asn1.x509.GeneralName;
public class CertificateData {
}
@Override
- public boolean equals(Object o) {
- if (this == o) return true;
- if (o == null || getClass() != o.getClass()) return false;
- CertificateData that = (CertificateData) o;
+ public boolean equals(Object obj) {
+ if (this == obj) {
+ return true;
+ }
+ if (obj == null || getClass() != obj.getClass()) {
+ return false;
+ }
+ CertificateData that = (CertificateData) obj;
return Objects.equals(subject, that.subject) && Objects.equals(sortedSans, that.sortedSans);
}
private final String caName;
private CertificateUpdateModel(String encodedCsr, String encodedPrivateKey, String encodedOldCert,
- String encodedOldPrivateKey, String caName) {
+ String encodedOldPrivateKey, String caName) {
this.encodedCsr = encodedCsr;
this.encodedPrivateKey = encodedPrivateKey;
this.encodedOldCert = encodedOldCert;
}
@Override
- public boolean equals(Object o) {
- if (this == o) return true;
- if (o == null || getClass() != o.getClass()) return false;
- CertificateUpdateModel that = (CertificateUpdateModel) o;
+ public boolean equals(Object obj) {
+ if (this == obj) {
+ return true;
+ }
+ if (obj == null || getClass() != obj.getClass()) {
+ return false;
+ }
+ CertificateUpdateModel that = (CertificateUpdateModel) obj;
return Objects.equals(encodedCsr, that.encodedCsr)
- && Objects.equals(encodedPrivateKey, that.encodedPrivateKey)
- && Objects.equals(encodedOldCert, that.encodedOldCert)
- && Objects.equals(encodedOldPrivateKey, that.encodedOldPrivateKey)
- && Objects.equals(caName, that.caName);
+ && Objects.equals(encodedPrivateKey, that.encodedPrivateKey)
+ && Objects.equals(encodedOldCert, that.encodedOldCert)
+ && Objects.equals(encodedOldPrivateKey, that.encodedOldPrivateKey)
+ && Objects.equals(caName, that.caName);
}
@Override
}
public CertificateUpdateModel build() {
- return new CertificateUpdateModel(encodedCsr, encodedPrivateKey, encodedOldCert, encodedOldPrivateKey, caName);
+ return new CertificateUpdateModel(encodedCsr, encodedPrivateKey, encodedOldCert, encodedOldPrivateKey,
+ caName);
}
}
}
final CreateCertRequest certRequest =
getCmpMessageBuilderWithCommonRequestValues(csrModel, cmpv2Server)
.with(CreateCertRequest::setCmpRequestType, PKIBody.TYPE_KEY_UPDATE_REQ)
- .with(CreateCertRequest::setExtraCerts, getCMPCertificate(oldCertificateModel.getOldCertificate()))
+ .with(CreateCertRequest::setExtraCerts, getCmpCertificate(oldCertificateModel.getOldCertificate()))
.with(CreateCertRequest::setProtection, pkiMessageProtection)
.build();
return new SignatureProtection(oldCertificateModel.getOldPrivateKey());
}
- private CMPCertificate[] getCMPCertificate(Certificate oldCertificate) {
+ private CMPCertificate[] getCmpCertificate(Certificate oldCertificate) {
CMPCertificate cert = new CMPCertificate(oldCertificate);
return new CMPCertificate[]{cert};
}
private static final ASN1ObjectIdentifier PASSWORD_BASED_MAC = new ASN1ObjectIdentifier("1.2.840.113533.7.66.13");
private static final Logger LOG = LoggerFactory.getLogger(CmpCertificationValidator.class);
- public static void validate(
+ public void validate(
final CsrModel csrModel,
final Cmpv2Server server,
final CloseableHttpClient httpClient,
@Test
void shouldUpdateEndpointReturnDataAboutCsrBaseOnEncodedParameters()
- throws DecryptionException, CmpClientException, CertificateDecryptionException {
+ throws DecryptionException, CmpClientException {
// Given
CertificationResponseModel testCertificationResponseModel = new CertificationResponseModel(
Arrays.asList("ENTITY_CERT", "INTERMEDIATE_CERT"),
@Test
void shouldThrowCertificateDecryptionExceptionWhenCreatingPemModelFails()
- throws DecryptionException, CertificateDecryptionException, CmpClientException {
+ throws DecryptionException, CmpClientException {
// Given
String expectedMessage = "Incorrect certificate, decryption failed";
when(certificationResponseModelFactory.provideCertificationModelFromUpdateRequest(TEST_CERTIFICATE_UPDATE_MODEL))
// When
when(
cmpClient.executeKeyUpdateRequest(any(CsrModel.class), any(Cmpv2Server.class), any(OldCertificateModel.class))
- ).thenReturn(getCMPv2CertificationModel());
+ ).thenReturn(getCmpv2CertificationModel());
CertificationResponseModel certificationModel = certificationProvider
.executeKeyUpdateRequest(csrModel, server, oldCertificateModel);
when(
cmpClient.executeInitializationRequest(any(CsrModel.class), any(Cmpv2Server.class))
- ).thenReturn(getCMPv2CertificationModel());
+ ).thenReturn(getCmpv2CertificationModel());
CertificationResponseModel certificationModel = certificationProvider
.executeInitializationRequest(csrModel, server);
return string.replace("\n", "").replace("\r", "");
}
- private Cmpv2CertificationModel getCMPv2CertificationModel() throws IOException, CertificateException {
+ private Cmpv2CertificationModel getCmpv2CertificationModel() throws IOException, CertificateException {
List<X509Certificate> certificateChain = getX509CertificateFromPem(TEST_CMPv2_KEYSTORE);
List<X509Certificate> trustedCertificates = getX509CertificateFromPem(TEST_CMPv2_TRUSTSTORE);
return new Cmpv2CertificationModel(certificateChain, trustedCertificates);
@Test
void shouldPerformKurWhenCsrAndOldCertDataMatch()
- throws CertificateDecryptionException, DecryptionException, CmpClientException {
+ throws DecryptionException, CmpClientException {
// Given
CsrModel csrModel = mockCsrFactoryModelCreation();
Cmpv2Server testServer = mockCmpv2ProviderServerSelection();
@Test
void shouldThrowCmpClientExceptionWhenUpdateRequestFailed()
- throws DecryptionException, CmpClientException, CertificateDecryptionException {
+ throws DecryptionException, CmpClientException {
// Given
String expectedMessage = "Exception occurred while send request to CMPv2 Server";
@Test
void shouldPerformCrWhenCsrAndOldCertDataDontMatch()
- throws CertificateDecryptionException, DecryptionException, CmpClientException {
+ throws DecryptionException, CmpClientException {
// Given
CsrModel csrModel = mockCsrFactoryModelCreation();
Cmpv2Server testServer = mockCmpv2ProviderServerSelection();
public static final String EXPECTED_CERT_SUBJECT = "C=US,ST=California,L=San-Francisco,O=Linux-Foundation,OU=ONAP,CN=onap.org";
public static final String EXPECTED_CERT_SANS =
- "SANs: [onap@onap.org, localhost, onap.org, test.onap.org, onap://cluster.local/, " + LOCALHOST_IP_IN_HEX +"]";
+ "SANs: [onap@onap.org, localhost, onap.org, test.onap.org, onap://cluster.local/, " + LOCALHOST_IP_IN_HEX + "]";
public static final String TEST_CSR = "-----BEGIN CERTIFICATE REQUEST-----\n"
private static final OldCertificateModelFactory factory =
new OldCertificateModelFactory(new PemStringToCertificateConverter(), new X509CertificateParser());
- static final OldCertificateModel createCorrectOldCertificateModel() throws CertificateDecryptionException {
+ static OldCertificateModel createCorrectOldCertificateModel() throws CertificateDecryptionException {
return createOldCertificateModel(TEST_ENCODED_OLD_CERT, TEST_ENCODED_OLD_PRIVATE_KEY);
}
- static final OldCertificateModel createOldCertificateModelWithWrongCert() throws CertificateDecryptionException {
+ static OldCertificateModel createOldCertificateModelWithWrongCert() throws CertificateDecryptionException {
return createOldCertificateModel(WRONG_OLD_CERT, TEST_ENCODED_OLD_PRIVATE_KEY);
}
- static final OldCertificateModel createOldCertificateModelWithWrongPrivateKey() throws CertificateDecryptionException {
+ static OldCertificateModel createOldCertificateModelWithWrongPrivateKey() throws CertificateDecryptionException {
return createOldCertificateModel(TEST_ENCODED_OLD_CERT, WRONG_OLD_PRIVATE_KEY);
}
- static final OldCertificateModel createOldCertificateModelWithPrivateKeyInPKCS1() throws CertificateDecryptionException {
+ static OldCertificateModel createOldCertificateModelWithPrivateKeyInPkcs1() throws CertificateDecryptionException {
return createOldCertificateModel(TEST_ENCODED_OLD_CERT, TEST_ENCODED_PRIVATE_KEY_IN_PKCS1);
}
- static final OldCertificateModel createOldCertificateModelWithPrivateKeyInPKCS8() throws CertificateDecryptionException {
+ static OldCertificateModel createOldCertificateModelWithPrivateKeyInPkcs8() throws CertificateDecryptionException {
return createOldCertificateModel(TEST_ENCODED_OLD_CERT, TEST_ENCODED_PRIVATE_KEY_IN_PKCS8);
}
- private static final OldCertificateModel createOldCertificateModel(String certificate, String privateKey) throws CertificateDecryptionException {
+ private static OldCertificateModel createOldCertificateModel(String certificate, String privateKey) throws CertificateDecryptionException {
StringBase64 base64EncodedCertificate = new StringBase64(certificate);
return factory.createCertificateModel(base64EncodedCertificate, privateKey);
}
import static org.mockito.Mockito.spy;
import static org.mockito.Mockito.when;
import static org.mockito.MockitoAnnotations.initMocks;
-import static org.onap.oom.certservice.cmpv2client.ClientTestData.createOldCertificateModelWithPrivateKeyInPKCS1;
-import static org.onap.oom.certservice.cmpv2client.ClientTestData.createOldCertificateModelWithPrivateKeyInPKCS8;
+import static org.onap.oom.certservice.cmpv2client.ClientTestData.createOldCertificateModelWithPrivateKeyInPkcs1;
+import static org.onap.oom.certservice.cmpv2client.ClientTestData.createOldCertificateModelWithPrivateKeyInPkcs8;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
private static KeyPair keyPair;
- private final static Decoder BASE64_DECODER = Base64.getDecoder();
+ private static final Decoder BASE64_DECODER = Base64.getDecoder();
@BeforeEach
void setUp()
@Test
- void shouldThrowCMPClientExceptionWhenCannotParseOldCertificate() {
+ void shouldThrowCmpClientExceptionWhenCannotParseOldCertificate() {
setCsrModelAndServerTestDefaultValues();
CmpClientImpl cmpClient = new CmpClientImpl(httpClient);
try (
BufferedInputStream bis = new BufferedInputStream(new ByteArrayInputStream(
- preparePKIMessageWithoutProtectionAlgorithm().getEncoded()
+ preparePkiMessageWithoutProtectionAlgorithm().getEncoded()
))) {
byte[] ba = IOUtils.toByteArray(bis);
server.setIssuerDN(dn);
}
- private PKIMessage preparePKIMessageWithoutProtectionAlgorithm() {
+ private PKIMessage preparePkiMessageWithoutProtectionAlgorithm() {
CertTemplateBuilder certTemplateBuilder = new CertTemplateBuilder();
X500Name issuerDN = getTestIssuerDN();
private static Stream<Arguments> getTestUpdateModelWithSupportedPrivateKeys()
throws CertificateDecryptionException {
return Stream.of(
- Arguments.of(createOldCertificateModelWithPrivateKeyInPKCS1()),
- Arguments.of(createOldCertificateModelWithPrivateKeyInPKCS8())
+ Arguments.of(createOldCertificateModelWithPrivateKeyInPkcs1()),
+ Arguments.of(createOldCertificateModelWithPrivateKeyInPkcs8())
);
}