7 Fail in PKCS12 conversion
8 Fail in Private Key to PEM Encoding
9 Wrong TLS configuration
+10 Invalid value of the OUTPUT_TYPE parameter
+11 Certificate creation type is not supported
import org.onap.aaf.certservice.client.certification.CsrFactory;
import org.onap.aaf.certservice.client.certification.KeyPairFactory;
import org.onap.aaf.certservice.client.certification.PrivateKeyToPemEncoder;
-import org.onap.aaf.certservice.client.certification.conversion.KeystoreTruststoreCreator;
-import org.onap.aaf.certservice.client.certification.conversion.KeystoreTruststoreCreatorFactory;
+import org.onap.aaf.certservice.client.certification.conversion.ArtifactsCreatorProvider;
import org.onap.aaf.certservice.client.common.Base64Encoder;
import org.onap.aaf.certservice.client.configuration.EnvsForClient;
import org.onap.aaf.certservice.client.configuration.EnvsForCsr;
base64Encoder.encode(csrFactory.createCsrInPem(keyPair)),
base64Encoder.encode(pkEncoder.encodePrivateKeyToPem(keyPair.getPrivate())));
- KeystoreTruststoreCreator filesCreator = new KeystoreTruststoreCreatorFactory(
- clientConfiguration.getCertsOutputPath()).create();
- filesCreator.createKeystore(certServiceData.getCertificateChain(), keyPair.getPrivate());
- filesCreator.createTruststore(certServiceData.getTrustedCertificates());
+ ArtifactsCreatorProvider
+ .getCreator(clientConfiguration.getOutputType(),
+ clientConfiguration.getCertsOutputPath())
+ .create(certServiceData.getCertificateChain(),
+ certServiceData.getTrustedCertificates(),
+ keyPair.getPrivate());
+
} catch (ExitableException e) {
- LOGGER.error("Cert Service Client fail in execution: ", e);
+ LOGGER.error("Cert Service Client fails in execution: ", e);
appExitHandler.exit(e.applicationExitStatus());
}
appExitHandler.exit(SUCCESS);
PKCS12_CONVERSION_EXCEPTION(7,"Fail in PKCS12 conversion"),
PK_TO_PEM_ENCODING_EXCEPTION(8,"Fail in Private Key to PEM Encoding"),
TLS_CONFIGURATION_EXCEPTION(9, "Invalid TLS configuration"),
- OUTPUT_TYPE_PARAMETER_VALIDATION_EXCEPTION(10, "Invalid value of the OUTPUT_TYPE parameter");
+ OUTPUT_TYPE_PARAMETER_VALIDATION_EXCEPTION(10, "Invalid value of the OUTPUT_TYPE parameter"),
+ CERT_OUTPUT_TYPE_NOT_SUPPORTED_EXCEPTION(11, "Certificate creation type is not supported");
private final int value;
private final String message;
* limitations under the License.
* ============LICENSE_END=========================================================
*/
-
package org.onap.aaf.certservice.client.certification.conversion;
-public class KeystoreTruststoreCreatorFactory {
- private final String outputPath;
+import org.onap.aaf.certservice.client.api.ExitableException;
- public KeystoreTruststoreCreatorFactory(String outputPath) {
- this.outputPath = outputPath;
- }
+import java.security.PrivateKey;
+import java.util.List;
- public KeystoreTruststoreCreator create() {
- return new KeystoreTruststoreCreator(
- new PKCS12FilesCreator(outputPath),
- new RandomPasswordGenerator(),
- new PemToPKCS12Converter());
- }
+public interface ArtifactsCreator {
+ void create(List<String> keystoreData, List<String> truststoreData, PrivateKey privateKey)
+ throws ExitableException;
}
--- /dev/null
+/*============LICENSE_START=======================================================
+ * aaf-certservice-client
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.aaf.certservice.client.certification.conversion;
+
+import org.onap.aaf.certservice.client.certification.exception.CertOutputTypeNotSupportedException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.Arrays;
+
+public enum ArtifactsCreatorProvider {
+
+ P12 {
+ @Override
+ ArtifactsCreator create(String outputPath) {
+ return new PKCS12ArtifactsCreator(
+ new PKCS12FilesCreator(outputPath),
+ new RandomPasswordGenerator(),
+ new PemToPKCS12Converter());
+ }
+ },
+ JKS {
+ @Override
+ ArtifactsCreator create(String outputPath) {
+ return null;
+ }
+ },
+ PEM {
+ @Override
+ ArtifactsCreator create(String outputPath) {
+ return null;
+ }
+ };
+
+ private static final Logger LOGGER = LoggerFactory.getLogger(ArtifactsCreatorProvider.class);
+
+ public static ArtifactsCreator getCreator(String outputType, String outputPath)
+ throws CertOutputTypeNotSupportedException {
+ try {
+ LOGGER.info("Artifact creation type selected: {}", outputType);
+ return valueOf(outputType).create(outputPath);
+ } catch (IllegalArgumentException e) {
+ LOGGER.error("Artifact creation type: {} is not supported. Supported types: {}",
+ outputType, Arrays.toString(values()));
+ throw new CertOutputTypeNotSupportedException(e);
+ }
+ }
+
+ abstract ArtifactsCreator create(String outputPath);
+}
import java.util.List;
import org.onap.aaf.certservice.client.certification.exception.PemToPKCS12ConverterException;
-public class KeystoreTruststoreCreator {
+public class PKCS12ArtifactsCreator implements ArtifactsCreator {
private static final String CERTIFICATE_ALIAS = "certificate";
private static final String TRUSTED_CERTIFICATE_ALIAS = "trusted-certificate-";
private final PemToPKCS12Converter converter;
private final PKCS12FilesCreator creator;
- public KeystoreTruststoreCreator(PKCS12FilesCreator creator, RandomPasswordGenerator generator,
- PemToPKCS12Converter converter) {
+ public PKCS12ArtifactsCreator(PKCS12FilesCreator creator, RandomPasswordGenerator generator,
+ PemToPKCS12Converter converter) {
this.generator = generator;
this.converter = converter;
this.creator = creator;
}
- public void createKeystore(List<String> data, PrivateKey privateKey)
+ @Override
+ public void create(List<String> keystoreData, List<String> truststoreData, PrivateKey privateKey) throws PemToPKCS12ConverterException {
+ createKeystore(keystoreData,privateKey);
+ createTruststore(truststoreData);
+ }
+
+ private void createKeystore(List<String> data, PrivateKey privateKey)
throws PemToPKCS12ConverterException {
Password password = generator.generate(PASSWORD_LENGTH);
creator.saveKeystoreData(converter.convertKeystore(data, password, CERTIFICATE_ALIAS, privateKey),
password.getCurrentPassword());
}
- public void createTruststore(List<String> data)
+ private void createTruststore(List<String> data)
throws PemToPKCS12ConverterException {
Password password = generator.generate(PASSWORD_LENGTH);
creator.saveTruststoreData(converter.convertTruststore(data, password, TRUSTED_CERTIFICATE_ALIAS),
--- /dev/null
+/*============LICENSE_START=======================================================
+ * aaf-certservice-client
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.aaf.certservice.client.certification.exception;
+
+import org.onap.aaf.certservice.client.api.ExitStatus;
+import org.onap.aaf.certservice.client.api.ExitableException;
+
+public class CertOutputTypeNotSupportedException extends ExitableException {
+ private static final ExitStatus EXIT_STATUS = ExitStatus.CERT_OUTPUT_TYPE_NOT_SUPPORTED_EXCEPTION;
+
+ public CertOutputTypeNotSupportedException(Throwable e) {
+ super(e);
+ }
+
+ public ExitStatus applicationExitStatus() {
+ return EXIT_STATUS;
+ }
+}
--- /dev/null
+/*============LICENSE_START=======================================================
+ * aaf-certservice-client
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.aaf.certservice.client.certification.conversion;
+
+import org.junit.jupiter.api.Test;
+import org.onap.aaf.certservice.client.certification.exception.CertOutputTypeNotSupportedException;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+
+
+class ArtifactsCreatorProviderTest {
+
+ private static final String STRATEGY_P12 = "P12";
+ private static final String TEST_PATH = "testPath";
+ private static final String NOT_SUPPORTED_STRATEGY = "notSupported";
+
+ @Test
+ void getStrategyOfStringShouldReturnCorrectCreator() throws Exception {
+
+ // when
+ ArtifactsCreator artifactsCreator =
+ ArtifactsCreatorProvider.getCreator(STRATEGY_P12, TEST_PATH);
+ // then
+ assertThat(artifactsCreator).isInstanceOf(PKCS12ArtifactsCreator.class);
+ }
+
+ @Test
+ void notSupportedStrategyShouldThrowException() {
+ // when// then
+ assertThatExceptionOfType(CertOutputTypeNotSupportedException.class)
+ .isThrownBy(() -> ArtifactsCreatorProvider.getCreator(NOT_SUPPORTED_STRATEGY, TEST_PATH));
+
+ }
+}
+++ /dev/null
-/*============LICENSE_START=======================================================
- * aaf-certservice-client
- * ================================================================================
- * Copyright (C) 2020 Nokia. All rights reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-
-package org.onap.aaf.certservice.client.certification.conversion;
-
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.times;
-import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
-
-import java.security.PrivateKey;
-import java.util.List;
-import org.junit.jupiter.api.Test;
-import org.onap.aaf.certservice.client.certification.exception.PemToPKCS12ConverterException;
-
-class KeystoreTruststoreCreatorTest {
-
- private PKCS12FilesCreator filesCreator = mock(PKCS12FilesCreator.class);
- private RandomPasswordGenerator passwordGenerator = mock(RandomPasswordGenerator.class);
- private PemToPKCS12Converter converter = mock(PemToPKCS12Converter.class);
- private PrivateKey privateKey = mock(PrivateKey.class);
-
- @Test
- void createKeystoreShouldCallRequiredMethods() throws PemToPKCS12ConverterException {
- // given
- final Password password = new Password("d9D_u8LooYaXH4G48DtN#vw0");
- final List<String> certificates = List.of("a", "b");
- final int passwordLength = 24;
- final String alias = "certificate";
- final byte[] keystoreBytes = "this is a keystore test".getBytes();
- KeystoreTruststoreCreator creator = new KeystoreTruststoreCreator(filesCreator, passwordGenerator, converter);
-
- // when
- when(passwordGenerator.generate(passwordLength)).thenReturn(password);
- when(converter.convertKeystore(certificates, password, alias, privateKey)).thenReturn(keystoreBytes);
- creator.createKeystore(certificates, privateKey);
-
- // then
- verify(passwordGenerator, times(1)).generate(passwordLength);
- verify(converter, times(1)).convertKeystore(certificates, password, alias, privateKey);
- verify(filesCreator, times(1)).saveKeystoreData(keystoreBytes, password.getCurrentPassword());
- }
-
- @Test
- void createTruststoreShouldCallRequiredMethods() throws PemToPKCS12ConverterException {
- // given
- final Password password = new Password("d9D_u8LooYaXH4G48DtN#vw0");
- final List<String> certificates = List.of("a", "b");
- final int passwordLength = 24;
- final String alias = "trusted-certificate-";
- final byte[] truststoreBytes = "this is a truststore test".getBytes();
- KeystoreTruststoreCreator creator = new KeystoreTruststoreCreator(filesCreator, passwordGenerator, converter);
-
- // when
- when(passwordGenerator.generate(passwordLength)).thenReturn(password);
- when(converter.convertTruststore(certificates, password, alias)).thenReturn(truststoreBytes);
- creator.createTruststore(certificates);
-
- // then
- verify(passwordGenerator, times(1)).generate(passwordLength);
- verify(converter, times(1)).convertTruststore(certificates, password, alias);
- verify(filesCreator, times(1)).saveTruststoreData(truststoreBytes, password.getCurrentPassword());
- }
-}
\ No newline at end of file
--- /dev/null
+/*============LICENSE_START=======================================================
+ * aaf-certservice-client
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.aaf.certservice.client.certification.conversion;
+
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+import java.security.PrivateKey;
+import java.util.List;
+
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.onap.aaf.certservice.client.certification.exception.PemToPKCS12ConverterException;
+
+class PKCS12ArtifactsCreatorTest {
+
+ private static final int PASSWORD_LENGTH = 24;
+ private static final String CERTIFICATE_ALIAS = "certificate";
+ private static final String TRUSTED_CERTIFICATE_ALIAS = "trusted-certificate-";
+
+ private static final Password SAMPLE_PASSWORD = new Password("d9D_u8LooYaXH4G48DtN#vw0");
+ private static final List<String> SAMPLE_KEYSTORE_CERTIFICATE_CHAIN = List.of("a", "b");
+ private static final List<String> SAMPLE_TRUSTED_CERTIFICATE_CHAIN = List.of("c", "d");
+ private static final byte[] SAMPLE_KEYSTORE_BYTES = "this is a keystore test".getBytes();
+ private static final byte[] SAMPLE_TRUSTSTORE_BYTES = "this is a truststore test".getBytes();
+
+ private PKCS12FilesCreator filesCreator;
+ private RandomPasswordGenerator passwordGenerator;
+ private PemToPKCS12Converter converter;
+ private PrivateKey privateKey;
+ private PKCS12ArtifactsCreator artifactCreator;
+
+
+ @BeforeEach
+ void setUp() {
+ filesCreator = mock(PKCS12FilesCreator.class);
+ passwordGenerator = mock(RandomPasswordGenerator.class);
+ converter = mock(PemToPKCS12Converter.class);
+ privateKey = mock(PrivateKey.class);
+ artifactCreator = new PKCS12ArtifactsCreator(filesCreator, passwordGenerator, converter);
+ }
+
+ @Test
+ void generateArtifactsShouldCallConverterAndFilesCreatorMethods() throws PemToPKCS12ConverterException {
+ // given
+ mockPasswordGeneratorAndPKSC12Converter();
+
+ //when
+ artifactCreator.create(SAMPLE_KEYSTORE_CERTIFICATE_CHAIN, SAMPLE_TRUSTED_CERTIFICATE_CHAIN, privateKey);
+
+ // then
+ verify(converter, times(1))
+ .convertKeystore(SAMPLE_KEYSTORE_CERTIFICATE_CHAIN, SAMPLE_PASSWORD, CERTIFICATE_ALIAS, privateKey);
+ verify(filesCreator, times(1))
+ .saveKeystoreData(SAMPLE_KEYSTORE_BYTES, SAMPLE_PASSWORD.getCurrentPassword());
+ verify(converter, times(1))
+ .convertTruststore(SAMPLE_TRUSTED_CERTIFICATE_CHAIN, SAMPLE_PASSWORD, TRUSTED_CERTIFICATE_ALIAS);
+ verify(filesCreator, times(1))
+ .saveTruststoreData(SAMPLE_TRUSTSTORE_BYTES, SAMPLE_PASSWORD.getCurrentPassword());
+ }
+
+ @Test
+ void generateArtifactsMethodShouldCallPasswordGeneratorTwice() throws PemToPKCS12ConverterException {
+ // given
+ mockPasswordGeneratorAndPKSC12Converter();
+
+ //when
+ artifactCreator.create(SAMPLE_KEYSTORE_CERTIFICATE_CHAIN, SAMPLE_TRUSTED_CERTIFICATE_CHAIN, privateKey);
+
+ // then
+ verify(passwordGenerator, times(2)).generate(PASSWORD_LENGTH);
+ }
+
+ private void mockPasswordGeneratorAndPKSC12Converter() throws PemToPKCS12ConverterException {
+ when(passwordGenerator.generate(PASSWORD_LENGTH)).thenReturn(SAMPLE_PASSWORD);
+ when(converter.convertKeystore(SAMPLE_KEYSTORE_CERTIFICATE_CHAIN, SAMPLE_PASSWORD, CERTIFICATE_ALIAS, privateKey))
+ .thenReturn(SAMPLE_KEYSTORE_BYTES);
+ when(converter.convertTruststore(SAMPLE_TRUSTED_CERTIFICATE_CHAIN, SAMPLE_PASSWORD, TRUSTED_CERTIFICATE_ALIAS))
+ .thenReturn(SAMPLE_TRUSTSTORE_BYTES);
+ }
+}
Code Review / oom / platform / cert-service.git / commitdiff