From bafc48ac2497ae4c5894c2f46228b60aa92c56e1 Mon Sep 17 00:00:00 2001 From: marcos-albornoz Date: Thu, 1 Sep 2022 11:38:47 -0500 Subject: [PATCH 1/3] fix: VCertTknClient SDK methods are working again The VCertTknClient SDK methods left to work since the releases v.0.9.0 until v0.9.2 given a mistake which caused the endpoints used in the background were the specific endpoints declared for the VCertClient. Also it was created a bunch of tests to test the VCertTknClient SDK methods in order to confirm they are working correctly. Resolves: https://github.com/Venafi/vcert-java/issues/115 --- src/main/java/com/venafi/vcert/sdk/VCertTknClient.java | 4 ++-- .../venafi/vcert/sdk/connectors/cloud/CloudConnector.java | 2 +- .../vcert/sdk/connectors/cloud/CloudConnectorUtils.java | 4 ++-- .../com/venafi/vcert/sdk/connectors/tpp/TppConnector.java | 2 +- src/test/java/com/venafi/vcert/sdk/VCertTknClientTest.java | 3 +++ .../vcert/sdk/connectors/tpp/TppConnectorATForSSH.java | 1 + .../vcert/sdk/connectors/tpp/TppTokenConnectorAT.java | 1 + .../vcert/sdk/connectors/tpp/TppTokenConnectorATForSSH.java | 1 + .../vcert/sdk/connectors/tpp/TppTokenConnectorPolicyAT.java | 2 ++ .../vcert/sdk/connectors/tpp/TppTokenConnectorTest.java | 2 ++ .../vcert/sdk/{connectors/tpp => utils}/TppTestUtils.java | 2 +- .../VCertTknClientAuthenticationAT.java | 6 +++++- 12 files changed, 22 insertions(+), 8 deletions(-) rename src/test/java/com/venafi/vcert/sdk/{connectors/tpp => utils}/TppTestUtils.java (98%) rename src/test/java/com/venafi/vcert/sdk/{ => vcertTknClient}/VCertTknClientAuthenticationAT.java (98%) diff --git a/src/main/java/com/venafi/vcert/sdk/VCertTknClient.java b/src/main/java/com/venafi/vcert/sdk/VCertTknClient.java index 18d0fbb..bb79ad5 100644 --- a/src/main/java/com/venafi/vcert/sdk/VCertTknClient.java +++ b/src/main/java/com/venafi/vcert/sdk/VCertTknClient.java @@ -7,7 +7,7 @@ import com.venafi.vcert.sdk.connectors.Connector; import com.venafi.vcert.sdk.connectors.TokenConnector; import com.venafi.vcert.sdk.connectors.tpp.TokenInfo; -import com.venafi.vcert.sdk.connectors.tpp.Tpp; +import com.venafi.vcert.sdk.connectors.tpp.TppToken; import com.venafi.vcert.sdk.connectors.tpp.TppTokenConnector; import com.venafi.vcert.sdk.endpoint.Authentication; @@ -22,7 +22,7 @@ protected Connector createConnector(Config config) throws VCertException { Connector connector; switch (config.connectorType()) { case TPP_TOKEN:{ - connector = new TppTokenConnector(Tpp.connect(config)); + connector = new TppTokenConnector(TppToken.connect(config)); break; } default: diff --git a/src/main/java/com/venafi/vcert/sdk/connectors/cloud/CloudConnector.java b/src/main/java/com/venafi/vcert/sdk/connectors/cloud/CloudConnector.java index 69063c1..16f4136 100644 --- a/src/main/java/com/venafi/vcert/sdk/connectors/cloud/CloudConnector.java +++ b/src/main/java/com/venafi/vcert/sdk/connectors/cloud/CloudConnector.java @@ -703,7 +703,7 @@ public static class ApiClientInformation{ public static class CsrAttributes { private String commonName; private String organization; - private String[] organizationalUnits; + //private String[] organizationalUnits; private String locality; private String state; private String country; diff --git a/src/main/java/com/venafi/vcert/sdk/connectors/cloud/CloudConnectorUtils.java b/src/main/java/com/venafi/vcert/sdk/connectors/cloud/CloudConnectorUtils.java index fa402ba..20abbc9 100644 --- a/src/main/java/com/venafi/vcert/sdk/connectors/cloud/CloudConnectorUtils.java +++ b/src/main/java/com/venafi/vcert/sdk/connectors/cloud/CloudConnectorUtils.java @@ -388,7 +388,7 @@ public static CsrAttributes buildCsrAttributes(CertificateRequest request, Polic } //computing the organizational Units - List reqOrgUnits = Optional.ofNullable(request).map(req -> req.subject()).map(s -> s.organizationalUnit()).orElse(null); + /*List reqOrgUnits = Optional.ofNullable(request).map(req -> req.subject()).map(s -> s.organizationalUnit()).orElse(null); if( reqOrgUnits!=null && reqOrgUnits.size() > 0) { String[] reqOrgUnitsArray = reqOrgUnits.toArray(new String[0]); @@ -405,7 +405,7 @@ public static CsrAttributes buildCsrAttributes(CertificateRequest request, Polic if(defaultOrgUnits!=null && defaultOrgUnits.length>0) csrAttributes.organizationalUnits(defaultOrgUnits); - } + }*/ //computing the localities List reqLocalities = Optional.ofNullable(request).map(req -> req.subject()).map(s -> s.locality()).orElse(null); diff --git a/src/main/java/com/venafi/vcert/sdk/connectors/tpp/TppConnector.java b/src/main/java/com/venafi/vcert/sdk/connectors/tpp/TppConnector.java index 160bbe2..2fb6cf7 100644 --- a/src/main/java/com/venafi/vcert/sdk/connectors/tpp/TppConnector.java +++ b/src/main/java/com/venafi/vcert/sdk/connectors/tpp/TppConnector.java @@ -169,7 +169,7 @@ public ZoneConfiguration readZoneConfiguration(String zone) throws VCertExceptio Policy policy = serverPolicy.toPolicy(); ZoneConfiguration zoneConfig = serverPolicy.toZoneConfig(); zoneConfig.policy(policy); - zoneConfig.zoneId(zone); + zoneConfig.zoneId(getPolicyDN(zone)); return zoneConfig; } diff --git a/src/test/java/com/venafi/vcert/sdk/VCertTknClientTest.java b/src/test/java/com/venafi/vcert/sdk/VCertTknClientTest.java index 729c3c3..47e307e 100644 --- a/src/test/java/com/venafi/vcert/sdk/VCertTknClientTest.java +++ b/src/test/java/com/venafi/vcert/sdk/VCertTknClientTest.java @@ -1,5 +1,8 @@ package com.venafi.vcert.sdk; +import com.venafi.vcert.sdk.Config; +import com.venafi.vcert.sdk.VCertException; +import com.venafi.vcert.sdk.VCertTknClient; import com.venafi.vcert.sdk.certificate.CertificateRequest; import com.venafi.vcert.sdk.certificate.ImportRequest; import com.venafi.vcert.sdk.certificate.RenewalRequest; diff --git a/src/test/java/com/venafi/vcert/sdk/connectors/tpp/TppConnectorATForSSH.java b/src/test/java/com/venafi/vcert/sdk/connectors/tpp/TppConnectorATForSSH.java index b621edc..3ec86a7 100644 --- a/src/test/java/com/venafi/vcert/sdk/connectors/tpp/TppConnectorATForSSH.java +++ b/src/test/java/com/venafi/vcert/sdk/connectors/tpp/TppConnectorATForSSH.java @@ -24,6 +24,7 @@ import com.venafi.vcert.sdk.certificate.SshCertificateRequest; import com.venafi.vcert.sdk.certificate.SshConfig; import com.venafi.vcert.sdk.endpoint.Authentication; +import com.venafi.vcert.sdk.utils.TppTestUtils; class TppConnectorATForSSH { diff --git a/src/test/java/com/venafi/vcert/sdk/connectors/tpp/TppTokenConnectorAT.java b/src/test/java/com/venafi/vcert/sdk/connectors/tpp/TppTokenConnectorAT.java index e15ec3e..a6a50df 100644 --- a/src/test/java/com/venafi/vcert/sdk/connectors/tpp/TppTokenConnectorAT.java +++ b/src/test/java/com/venafi/vcert/sdk/connectors/tpp/TppTokenConnectorAT.java @@ -29,6 +29,7 @@ import com.venafi.vcert.sdk.connectors.ZoneConfiguration; import com.venafi.vcert.sdk.endpoint.Authentication; import com.venafi.vcert.sdk.policy.domain.PolicySpecification; +import com.venafi.vcert.sdk.utils.TppTestUtils; import feign.FeignException; import feign.FeignException.BadRequest; diff --git a/src/test/java/com/venafi/vcert/sdk/connectors/tpp/TppTokenConnectorATForSSH.java b/src/test/java/com/venafi/vcert/sdk/connectors/tpp/TppTokenConnectorATForSSH.java index ce9dad7..2e6cbf6 100644 --- a/src/test/java/com/venafi/vcert/sdk/connectors/tpp/TppTokenConnectorATForSSH.java +++ b/src/test/java/com/venafi/vcert/sdk/connectors/tpp/TppTokenConnectorATForSSH.java @@ -25,6 +25,7 @@ import com.venafi.vcert.sdk.certificate.SshCertificateRequest; import com.venafi.vcert.sdk.certificate.SshConfig; import com.venafi.vcert.sdk.endpoint.Authentication; +import com.venafi.vcert.sdk.utils.TppTestUtils; class TppTokenConnectorATForSSH { diff --git a/src/test/java/com/venafi/vcert/sdk/connectors/tpp/TppTokenConnectorPolicyAT.java b/src/test/java/com/venafi/vcert/sdk/connectors/tpp/TppTokenConnectorPolicyAT.java index 9dfaa2b..55caebd 100644 --- a/src/test/java/com/venafi/vcert/sdk/connectors/tpp/TppTokenConnectorPolicyAT.java +++ b/src/test/java/com/venafi/vcert/sdk/connectors/tpp/TppTokenConnectorPolicyAT.java @@ -7,6 +7,8 @@ import com.venafi.vcert.sdk.connectors.tpp.endpoint.ValidateIdentityRequest; import com.venafi.vcert.sdk.connectors.tpp.endpoint.ValidateIdentityResponse; import com.venafi.vcert.sdk.policy.domain.PolicySpecification; +import com.venafi.vcert.sdk.utils.TppTestUtils; + import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.DisplayName; import org.junit.jupiter.api.Test; diff --git a/src/test/java/com/venafi/vcert/sdk/connectors/tpp/TppTokenConnectorTest.java b/src/test/java/com/venafi/vcert/sdk/connectors/tpp/TppTokenConnectorTest.java index 56994c4..ef1e4d1 100644 --- a/src/test/java/com/venafi/vcert/sdk/connectors/tpp/TppTokenConnectorTest.java +++ b/src/test/java/com/venafi/vcert/sdk/connectors/tpp/TppTokenConnectorTest.java @@ -16,6 +16,8 @@ import com.venafi.vcert.sdk.policy.converter.tpp.TPPPolicySpecificationValidator; import com.venafi.vcert.sdk.policy.domain.PolicySpecification; import com.venafi.vcert.sdk.policy.domain.PolicySpecificationConst; +import com.venafi.vcert.sdk.utils.TppTestUtils; + import feign.FeignException; import feign.Request; import feign.Response; diff --git a/src/test/java/com/venafi/vcert/sdk/connectors/tpp/TppTestUtils.java b/src/test/java/com/venafi/vcert/sdk/utils/TppTestUtils.java similarity index 98% rename from src/test/java/com/venafi/vcert/sdk/connectors/tpp/TppTestUtils.java rename to src/test/java/com/venafi/vcert/sdk/utils/TppTestUtils.java index 93a9509..fc92a51 100644 --- a/src/test/java/com/venafi/vcert/sdk/connectors/tpp/TppTestUtils.java +++ b/src/test/java/com/venafi/vcert/sdk/utils/TppTestUtils.java @@ -1,4 +1,4 @@ -package com.venafi.vcert.sdk.connectors.tpp; +package com.venafi.vcert.sdk.utils; import java.time.Instant; diff --git a/src/test/java/com/venafi/vcert/sdk/VCertTknClientAuthenticationAT.java b/src/test/java/com/venafi/vcert/sdk/vcertTknClient/VCertTknClientAuthenticationAT.java similarity index 98% rename from src/test/java/com/venafi/vcert/sdk/VCertTknClientAuthenticationAT.java rename to src/test/java/com/venafi/vcert/sdk/vcertTknClient/VCertTknClientAuthenticationAT.java index a391f83..59f7066 100644 --- a/src/test/java/com/venafi/vcert/sdk/VCertTknClientAuthenticationAT.java +++ b/src/test/java/com/venafi/vcert/sdk/vcertTknClient/VCertTknClientAuthenticationAT.java @@ -1,7 +1,7 @@ /** * */ -package com.venafi.vcert.sdk; +package com.venafi.vcert.sdk.vcertTknClient; import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatExceptionOfType; @@ -12,6 +12,10 @@ import org.junit.jupiter.api.Test; +import com.venafi.vcert.sdk.Config; +import com.venafi.vcert.sdk.TestUtils; +import com.venafi.vcert.sdk.VCertException; +import com.venafi.vcert.sdk.VCertTknClient; import com.venafi.vcert.sdk.connectors.ConnectorException.MissingCredentialsException; import com.venafi.vcert.sdk.connectors.tpp.TokenInfo; import com.venafi.vcert.sdk.endpoint.Authentication; From a8fc2302352385dcb7e29b85a227469dc18348f5 Mon Sep 17 00:00:00 2001 From: marcos-albornoz Date: Thu, 1 Sep 2022 11:41:31 -0500 Subject: [PATCH 2/3] fix: add missing tests to test VCertTknClient SDK methods --- .../sdk/vcertTknClient/VCertTknClientAT.java | 87 ++++++ .../vcertTknClient/VCertTknClientCertAT.java | 267 ++++++++++++++++++ .../VCertTknClientCertResource.java | 53 ++++ .../VCertTknClientPolicyAT.java | 32 +++ .../VCertTknClientResource.java | 77 +++++ 5 files changed, 516 insertions(+) create mode 100644 src/test/java/com/venafi/vcert/sdk/vcertTknClient/VCertTknClientAT.java create mode 100644 src/test/java/com/venafi/vcert/sdk/vcertTknClient/VCertTknClientCertAT.java create mode 100644 src/test/java/com/venafi/vcert/sdk/vcertTknClient/VCertTknClientCertResource.java create mode 100644 src/test/java/com/venafi/vcert/sdk/vcertTknClient/VCertTknClientPolicyAT.java create mode 100644 src/test/java/com/venafi/vcert/sdk/vcertTknClient/VCertTknClientResource.java diff --git a/src/test/java/com/venafi/vcert/sdk/vcertTknClient/VCertTknClientAT.java b/src/test/java/com/venafi/vcert/sdk/vcertTknClient/VCertTknClientAT.java new file mode 100644 index 0000000..8c860f0 --- /dev/null +++ b/src/test/java/com/venafi/vcert/sdk/vcertTknClient/VCertTknClientAT.java @@ -0,0 +1,87 @@ +package com.venafi.vcert.sdk.vcertTknClient; + +import static com.venafi.vcert.sdk.TestUtils.getTestIps; +import static java.lang.String.format; +import static org.assertj.core.api.Assertions.assertThat; +import static org.assertj.core.api.Assertions.assertThatCode; +import static org.junit.jupiter.api.Assertions.assertThrows; + +import java.io.IOException; +import java.io.StringReader; +import java.net.InetAddress; +import java.util.Arrays; +import java.util.Collections; + +import org.bouncycastle.openssl.PEMParser; +import org.bouncycastle.pkcs.PKCS10CertificationRequest; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.RegisterExtension; + +import com.venafi.vcert.sdk.TestUtils; +import com.venafi.vcert.sdk.VCertException; +import com.venafi.vcert.sdk.certificate.CertificateRequest; +import com.venafi.vcert.sdk.certificate.KeyType; +import com.venafi.vcert.sdk.connectors.ZoneConfiguration; + +import feign.FeignException; + +class VCertTknClientAT { + + @RegisterExtension + public static final VCertTknClientResource clientResource = new VCertTknClientResource(); + + @Test + void readZoneConfiguration() throws VCertException { + try { + clientResource.client().readZoneConfiguration(TestUtils.TPP_ZONE); + } catch (FeignException fe) { + throw VCertException.fromFeignException(fe); + } + } + + @Test + void readZoneConfigurationInLongFormat() throws VCertException { + try { + clientResource.client().readZoneConfiguration("\\VED\\Policy\\"+TestUtils.TPP_ZONE); + } catch (FeignException fe) { + throw VCertException.fromFeignException(fe); + } + } + + @Test + void ping() throws VCertException { + assertThatCode(() -> clientResource.client().ping()).doesNotThrowAnyException(); + } + + @Test + void generateRequest() throws VCertException, IOException { + String commonName = TestUtils.randomCN(); + ZoneConfiguration zoneConfiguration = clientResource.client().readZoneConfiguration(TestUtils.TPP_ZONE); + CertificateRequest certificateRequest = new CertificateRequest() + .subject(new CertificateRequest.PKIXName().commonName(commonName) + .organization(Collections.singletonList("Venafi, Inc.")) + .organizationalUnit(Arrays.asList("Engineering", "Automated Tests")) + .country(Collections.singletonList("US")).locality(Collections.singletonList("SLC")) + .province(Collections.singletonList("Utah"))) + .dnsNames(Collections.singletonList(InetAddress.getLocalHost().getHostName())) + .ipAddresses(getTestIps()).keyType(KeyType.RSA).keyLength(2048); + + certificateRequest = clientResource.client().generateRequest(zoneConfiguration, certificateRequest); + + assertThat(certificateRequest.csr()).isNotEmpty(); + + PKCS10CertificationRequest request = (PKCS10CertificationRequest) new PEMParser( + new StringReader(new String(certificateRequest.csr()))).readObject(); + + // Values overridden by policy which is why they don't match the above values + String subject = request.getSubject().toString(); + + assertThat(subject).contains(format("CN=%s", commonName)); + } + + @Test + void readPolicyConfiguration() { + assertThrows(UnsupportedOperationException.class, + () -> clientResource.client().readPolicyConfiguration("zone")); + } +} diff --git a/src/test/java/com/venafi/vcert/sdk/vcertTknClient/VCertTknClientCertAT.java b/src/test/java/com/venafi/vcert/sdk/vcertTknClient/VCertTknClientCertAT.java new file mode 100644 index 0000000..574aba0 --- /dev/null +++ b/src/test/java/com/venafi/vcert/sdk/vcertTknClient/VCertTknClientCertAT.java @@ -0,0 +1,267 @@ +/** + * + */ +package com.venafi.vcert.sdk.vcertTknClient; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.junit.Assert.assertTrue; + +import java.io.IOException; +import java.io.StringReader; +import java.net.SocketException; +import java.net.UnknownHostException; +import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.List; + +import org.apache.commons.codec.digest.DigestUtils; +import org.bouncycastle.util.io.pem.PemHeader; +import org.bouncycastle.util.io.pem.PemObject; +import org.bouncycastle.util.io.pem.PemReader; +import org.junit.jupiter.api.DisplayName; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.RegisterExtension; + +import com.venafi.vcert.sdk.TestUtils; +import com.venafi.vcert.sdk.VCertException; +import com.venafi.vcert.sdk.VCertTknClient; +import com.venafi.vcert.sdk.certificate.CertificateRequest; +import com.venafi.vcert.sdk.certificate.CsrOriginOption; +import com.venafi.vcert.sdk.certificate.CustomField; +import com.venafi.vcert.sdk.certificate.DataFormat; +import com.venafi.vcert.sdk.certificate.ImportRequest; +import com.venafi.vcert.sdk.certificate.ImportResponse; +import com.venafi.vcert.sdk.certificate.PEMCollection; +import com.venafi.vcert.sdk.certificate.RenewalRequest; +import com.venafi.vcert.sdk.certificate.RevocationRequest; +import com.venafi.vcert.sdk.connectors.ZoneConfiguration; + +/** + * @author Marcos E. Albornoz Abud + * + */ +public class VCertTknClientCertAT { + + @RegisterExtension + public static final VCertTknClientCertResource clientResource = new VCertTknClientCertResource(); + + @Test + void requestCertificate() throws VCertException, SocketException, UnknownHostException { + VCertTknClient client = clientResource.client(); + ZoneConfiguration zoneConfiguration = clientResource.zoneConfiguration(); + + CertificateRequest certificateRequest = client.generateRequest(zoneConfiguration, clientResource.certificateRequest()); + CertificateRequest csrRequestOnly = new CertificateRequest().csr(certificateRequest.csr()); + assertThat(client.requestCertificate(csrRequestOnly, zoneConfiguration)).isNotNull(); + } + + @Test + void retrieveCertificate() throws VCertException, SocketException, UnknownHostException { + VCertTknClient client = clientResource.client(); + ZoneConfiguration zoneConfiguration = clientResource.zoneConfiguration(); + CertificateRequest certificateRequest = clientResource.certificateRequest() + //.keyType(KeyType.ECDSA).keyCurve(EllipticCurve.EllipticCurveP521) + //.keyType(KeyType.RSA).keyLength(2048) + //.dataFormat(DataFormat.LEGACY) + //.keyPassword("newtiran000!") + //.csrOrigin(CsrOriginOption.ServiceGeneratedCSR) + ; + + certificateRequest = client.generateRequest(zoneConfiguration, certificateRequest); + String certificateId = client.requestCertificate(certificateRequest, zoneConfiguration); + + assertThat(certificateId).isNotNull(); + + PEMCollection pemCollection = client.retrieveCertificate(certificateRequest); + + assertThat(pemCollection.certificate()).isNotNull(); + assertThat(pemCollection.privateKey()).isNotNull(); + } + + @Test + void renewCertificate() throws VCertException, UnknownHostException, SocketException, + CertificateException, NoSuchAlgorithmException { + + VCertTknClient client = clientResource.client(); + ZoneConfiguration zoneConfiguration = clientResource.zoneConfiguration(); + CertificateRequest certificateRequest = client.generateRequest(zoneConfiguration, clientResource.certificateRequest()); + String certificateId = client.requestCertificate(certificateRequest, zoneConfiguration); + assertThat(certificateId).isNotNull(); + + PEMCollection pemCollection = client.retrieveCertificate(certificateRequest); + X509Certificate cert = (X509Certificate) pemCollection.certificate(); + + String thumbprint = DigestUtils.sha1Hex(cert.getEncoded()).toUpperCase(); + + CertificateRequest certificateRequestToRenew = new CertificateRequest() + .subject(certificateRequest.subject()) + .dnsNames(certificateRequest.dnsNames()) + .ipAddresses(certificateRequest.ipAddresses()) + .keyType(certificateRequest.keyType()) + .keyLength(certificateRequest.keyLength()); + client.generateRequest(zoneConfiguration, certificateRequestToRenew); + + String renewRequestId = client.renewCertificate( + new RenewalRequest().request(certificateRequestToRenew).thumbprint(thumbprint)); + + assertThat(renewRequestId).isNotNull(); + } + + @Test + void revokeCertificate() throws VCertException, SocketException, UnknownHostException { + VCertTknClient client = clientResource.client(); + ZoneConfiguration zoneConfiguration = clientResource.zoneConfiguration(); + + CertificateRequest certificateRequest = client.generateRequest(zoneConfiguration, clientResource.certificateRequest()); + String certificateId = client.requestCertificate(certificateRequest, zoneConfiguration); + assertThat(certificateId).isNotNull(); + + // just wait for the certificate issuance + client.retrieveCertificate(certificateRequest); + + RevocationRequest revocationRequest = new RevocationRequest(); + revocationRequest.reason("key-compromise"); + revocationRequest.certificateDN(certificateRequest.pickupId()); + + client.revokeCertificate(revocationRequest); + } + + @Test + @DisplayName("VCertTknClient - Create a cerfiticate that contais custom fields and validate if certifcate were created correctly") + void createCertificateValidateValidityHours() throws UnknownHostException, VCertException { + + //Custom fields + List customFields = new ArrayList(); + customFields.add(new CustomField("custom", "java-test")); + customFields.add(new CustomField("cfList", "item2")); + customFields.add(new CustomField("cfListMulti", "tier1")); + customFields.add(new CustomField("cfListMulti", "tier2")); + + VCertTknClient client = clientResource.client(); + ZoneConfiguration zoneConfiguration = clientResource.zoneConfiguration(); + CertificateRequest certificateRequest = clientResource.certificateRequest().customFields(customFields); + + certificateRequest = client.generateRequest(zoneConfiguration, clientResource.certificateRequest()); + + // Submit the certificate request + client.requestCertificate(certificateRequest, zoneConfiguration); + + // Retrieve PEM collection from Venafi + PEMCollection pemCollection = client.retrieveCertificate(certificateRequest); + + + //At this moment certificate, must be created, it will fail if some custom fields aren't supported or specified on tpp + //so is enough to validate if certificate is created. + assertTrue(pemCollection.certificate() != null); + + } + + @Test + void importCertificate() throws VCertException { + final String cert = "-----BEGIN CERTIFICATE-----\n" + + "MIIDdjCCAl6gAwIBAgIRAPqSZQ04IjWgO2rwIDRcOY8wDQYJKoZIhvcNAQENBQAw\n" + + "gYAxCzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARVdGFoMRcwFQYDVQQHDA5TYWx0IExh\n" + + "a2UgQ2l0eTEPMA0GA1UECgwGVmVuYWZpMRswGQYDVQQLDBJOT1QgRk9SIFBST0RV\n" + + "Q1RJT04xGzAZBgNVBAMMElZDZXJ0IFRlc3QgTW9kZSBDQTAeFw0xODA5MTIxMzUw\n" + + "MzNaFw0xODEyMTExMzUwMzNaMCQxIjAgBgNVBAMTGWltcG9ydC52ZW5hZmkuZXhh\n" + + "bXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChjQk0jSE5\n" + + "ktVdH8bAM0QCpGs1rOOVMmRkMc7d4hQ6bTlFlIypMq9t+1O2Z8i4fiKDS7vSBmBo\n" + + "WBgN9e0fbAnKEvBIcNLBS4lmwzRDxDCrNV3Dr5s+yJtUw9V2XBwiXbtW7qs5+c0O\n" + + "y7a2S/5HudXUlAuXf7SF4MboMMpHRg+UkyA4j0peir8PtmlJjlYBt3lZdaeLlD6F\n" + + "EIlIVQFZ6ulUF/kULhxhTUl2yNUUzJ/bqJlhFU6pkL+GoW1lnaZ8FYXwA1EKYyRk\n" + + "DYL581eqvIBJY9tCNWbOdU1r+5wR4OOKe/WWWhcDC6nL/M8ZYhfQg1nHoD58A8Dk\n" + + "H4AAt8A3EZpdAgMBAAGjRjBEMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB\n" + + "/wQCMAAwHwYDVR0jBBgwFoAUzqRFDvLX0mz4AjPb45tLGavm8AcwDQYJKoZIhvcN\n" + + "AQENBQADggEBABa4wqh+A63O5PHrdUCBSmQs9ve/oIXj561VBmqXkTHLrtKtbtcA\n" + + "yvsMi8RD8BibBAsUCljkCmLoQD/XeQFtsPlMAxisSMYhChh58008CIYDR8Nf/qoe\n" + + "YfzdMB/3VWCqTn9KGF8aMKeQvbFvuqmbtdCv//eYe6mNe2fa/x6PSdGMi4BPmjUC\n" + + "PmBT4p1iwMtu8LnL4UM4awjmmExR4X4rafcyGEbf0D/CRfhDLSwxvrrVcWd6TMMY\n" + + "HPZ/pw//+UrVLgEEsyM2zwf+LokbszPBvPAtHMJtr7Pnq2MQtEEkLfPqOWG3ol1H\n" + + "t+4v2LIW1q4GkwOUjPqgyIaJC5jj5pH9/g8=\n" + "-----END CERTIFICATE-----"; + + final String pk = "-----BEGIN RSA PRIVATE KEY-----\n" + + "MIIEpAIBAAKCAQEAoY0JNI0hOZLVXR/GwDNEAqRrNazjlTJkZDHO3eIUOm05RZSM\n" + + "qTKvbftTtmfIuH4ig0u70gZgaFgYDfXtH2wJyhLwSHDSwUuJZsM0Q8QwqzVdw6+b\n" + + "PsibVMPVdlwcIl27Vu6rOfnNDsu2tkv+R7nV1JQLl3+0heDG6DDKR0YPlJMgOI9K\n" + + "Xoq/D7ZpSY5WAbd5WXWni5Q+hRCJSFUBWerpVBf5FC4cYU1JdsjVFMyf26iZYRVO\n" + + "qZC/hqFtZZ2mfBWF8ANRCmMkZA2C+fNXqryASWPbQjVmznVNa/ucEeDjinv1lloX\n" + + "Awupy/zPGWIX0INZx6A+fAPA5B+AALfANxGaXQIDAQABAoIBAE7of6WOhbsEcHkz\n" + + "CzZYFBEiVEd8chEu8wBJn9ybD/xV21KUM3x1iGC1EPeYi98ppRvygwQcHzz4Qo+X\n" + + "HsJpWAK+62TGzvqhNbTfBglPq+IEiA8MGE07WTu3B+3vIcLbe6UDoNkJndJrSIyU\n" + + "Y9iO+dYClgLi2r9FwoIpSrQzkWqlB3edle4Nq1WABtWTOSDYysz1gk0KrLmQQfXP\n" + + "CPiwkL0SjB+sfbOiVX0B2liV2oxJ5VZWNo/250wFcvrcYrgTNtEVNMXtpN0tnRMH\n" + + "NPwnY+B9WGu/NVhtvOcOTPHq9xQhbmBCS1axikizCaIqEOyegdeDJ4ASJnVybfCA\n" + + "KzjoCpUCgYEAwOmeEvzSP8hCKtLPU8QDBA1y+mEvZMwBY4qr3hfqv3qa0QmFvxkk\n" + + "7Ubmy2oFOoUnVgnhRzAf/bajbkz4ScUgd2JrUdIEhNNVwDn/llnS/UHBlZY++BtW\n" + + "mvyon9ObXgPNPoHcJqzrqARu8PPJQEsZ+xjxM/gyif3prn6Uct6R8B8CgYEA1mHd\n" + + "Astwht39z16FoX9rQRGgx64Z0nesfTjl+4mkypz6ukkcfU1GjobqEG3k666+OJk1\n" + + "SRs8s20Pahrh21LO5x/QtvChhZ+nIedqlhBlNH9uUJI9ChbUN0luetiSPT8F5aqg\n" + + "gZMY13K5icAQ+98EcNwl7ZhVPq0BvLlbqTWi9gMCgYEAjtVqoQxob6lKtIJZ19+t\n" + + "i/aZRyFmAe+6p4UpM8vpl9SjhFrUmGV5neV9ROc+79FfCqlOD3NmfGgaIbUDsTsv\n" + + "irVoWLBzgBUpzKYkw6HGQpXJS4RvIyy6tw6Tm6MFylpuQPXNlyU5ZrHBos4eGGiC\n" + + "2BPjo2MFqH5D41r9dv+sdmkCgYEAtSJYx3y2pe04/xYhGFP9fivzyeMrRC4DWoZR\n" + + "oxcoWl0KZ41QefppzBDoAVuo2Q17AX1JjWxq/DsAlCkEffhYguXZxkhIYQuE/lt2\n" + + "LjbKG/IzdfYphrXFNrVfmIIWBZOTWvqwxOpRSfBQHbhfYUCMkwMfNMHJ/LvWxOtk\n" + + "K/L6rpsCgYB6p9RU2kXexAh9kUpbGqVeJBoIh6ArXHgepESE/7dPw26D0DM0mef0\n" + + "X1MasxN3JF7ZsSGfcCLXnICSJHuNTy9WztqF3hUbQwYd9vmZxtzAo5/fK4DVAaXS\n" + + "ZtIVl/CH/az0xqLKWIlmWOip9SfUVlZdgege+PlQtRqoFVOsH8+MEg==\n" + + "-----END RSA PRIVATE KEY-----"; + + ImportRequest importRequest = new ImportRequest(); + importRequest.certificateData(cert); + importRequest.privateKeyData(pk); + importRequest.policyDN(clientResource.zoneConfiguration().zoneId()); + + + ImportResponse response = clientResource.client().importCertificate(importRequest); + assertThat(response).isNotNull(); + assertThat(response.certificateDN()).isNotNull(); + assertThat(response.certificateVaultId()).isGreaterThan(0); + assertThat(response.privateKeyVaultId()).isGreaterThan(0); + } + + @Test + void privateKeyPKCSTest() throws VCertException, UnknownHostException, IOException { + VCertTknClient client = clientResource.client(); + ZoneConfiguration zoneConfiguration = clientResource.zoneConfiguration(); + + //By default the DataFormat of the CertificateRequest is PKCS8 + CertificateRequest certificateRequest = clientResource.certificateRequest() + .csrOrigin(CsrOriginOption.ServiceGeneratedCSR) + .keyPassword(TestUtils.KEY_PASSWORD); + + certificateRequest = client.generateRequest(zoneConfiguration, certificateRequest); + String pickupId = client.requestCertificate(certificateRequest, zoneConfiguration); + assertThat(pickupId).isNotNull(); + + //Retrieving the PemCollection + PEMCollection pemCollectionRSAPrivateKeyPKCS8 = client.retrieveCertificate(certificateRequest); + + //getting the PrivateKey as PEM which should be a RSA Private Key in PKCS8 Encrypted + String privateKeyPKCS8AsEncryptedPem = pemCollectionRSAPrivateKeyPKCS8.pemPrivateKey(); + + PemObject privateKeyPKCS8AsPemObject = new PemReader(new StringReader(privateKeyPKCS8AsEncryptedPem)).readPemObject(); + + //evaluating that the private Key is in PKCS8 Encrypted + assertThat(pemCollectionRSAPrivateKeyPKCS8.privateKey()).isNotNull(); + assertTrue(privateKeyPKCS8AsPemObject.getType().equals(TestUtils.PEM_HEADER_PKCS8_ENCRYPTED)); + + //changing to data format Legacy in order to get the PrivateKey in PKCS1 + certificateRequest.dataFormat(DataFormat.LEGACY); + + //Retrieving the PemCollection + PEMCollection pemCollectionRSAPrivateKey = client.retrieveCertificate(certificateRequest); + + //getting the PrivateKey as PEM which should be a RSA Private Key Encrypted + String privateKeyRSAAsEncryptedPem = pemCollectionRSAPrivateKey.pemPrivateKey(); + + PemObject privateKeyRSAAsPemObject = new PemReader(new StringReader(privateKeyRSAAsEncryptedPem)).readPemObject(); + + //evaluating that the private Key is in PKCS1 Encrypted + assertThat(pemCollectionRSAPrivateKey.privateKey()).isNotNull(); + assertTrue(privateKeyRSAAsPemObject.getHeaders().stream().anyMatch(header -> TestUtils.PEM_RSA_PRIVATE_KEY_ENCRYPTED_HEADER_VALUE.equals(((PemHeader)header).getValue()))); + } + +} diff --git a/src/test/java/com/venafi/vcert/sdk/vcertTknClient/VCertTknClientCertResource.java b/src/test/java/com/venafi/vcert/sdk/vcertTknClient/VCertTknClientCertResource.java new file mode 100644 index 0000000..dbffa37 --- /dev/null +++ b/src/test/java/com/venafi/vcert/sdk/vcertTknClient/VCertTknClientCertResource.java @@ -0,0 +1,53 @@ +/** + * + */ +package com.venafi.vcert.sdk.vcertTknClient; + +import static com.venafi.vcert.sdk.TestUtils.getTestIps; + +import java.net.InetAddress; +import java.util.Collections; + +import org.junit.jupiter.api.extension.ExtensionContext; + +import com.venafi.vcert.sdk.TestUtils; +import com.venafi.vcert.sdk.certificate.CertificateRequest; +import com.venafi.vcert.sdk.certificate.KeyType; +import com.venafi.vcert.sdk.connectors.ZoneConfiguration; + +import lombok.Getter; + +/** + * @author Marcos E. Albornoz Abud + * + */ +@Getter +public class VCertTknClientCertResource extends VCertTknClientResource { + + private ZoneConfiguration zoneConfiguration; + private CertificateRequest certificateRequest; + + @Override + public void beforeEach(ExtensionContext context) throws Exception { + super.beforeEach(context); + certificateRequest = new CertificateRequest() + .subject(new CertificateRequest.PKIXName() + .commonName(TestUtils.randomCN()) + .organization(Collections.singletonList("Venafi")) + .organizationalUnit(Collections.singletonList("Demo")) + .country(Collections.singletonList("GB")) + .locality(Collections.singletonList("Bracknell")) + .province(Collections.singletonList("Berkshire"))) + .dnsNames(Collections.singletonList(InetAddress.getLocalHost().getHostName())) + .ipAddresses(getTestIps()) + .keyType(KeyType.RSA) + .keyLength(2048); + } + + @Override + public void beforeAll(ExtensionContext context) throws Exception { + super.beforeAll(context); + zoneConfiguration = client().readZoneConfiguration(TestUtils.TPP_ZONE); + } + +} diff --git a/src/test/java/com/venafi/vcert/sdk/vcertTknClient/VCertTknClientPolicyAT.java b/src/test/java/com/venafi/vcert/sdk/vcertTknClient/VCertTknClientPolicyAT.java new file mode 100644 index 0000000..635f26d --- /dev/null +++ b/src/test/java/com/venafi/vcert/sdk/vcertTknClient/VCertTknClientPolicyAT.java @@ -0,0 +1,32 @@ +package com.venafi.vcert.sdk.vcertTknClient; + +import com.venafi.vcert.sdk.VCertException; +import com.venafi.vcert.sdk.VCertTknClient; +import com.venafi.vcert.sdk.policy.domain.PolicySpecification; +import com.venafi.vcert.sdk.utils.TppTestUtils; + +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.DisplayName; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.RegisterExtension; + +public class VCertTknClientPolicyAT { + + @RegisterExtension + public final VCertTknClientResource connectorResource = new VCertTknClientResource(); + + @Test + @DisplayName("VCertTknClient - Create a policy with contacts and retrieve it") + public void createAndGetPolicyContacts() throws VCertException { + VCertTknClient client = connectorResource.client(); + + PolicySpecification policySpecification = TppTestUtils.getPolicySpecification(); + policySpecification.users(new String[]{"osstestuser"}); + String zone = TppTestUtils.getRandomZone(); + client.setPolicy(zone, policySpecification); + PolicySpecification psReturned = client.getPolicy(zone); + + Assertions.assertEquals(1, psReturned.users().length); + Assertions.assertEquals("osstestuser", psReturned.users()[0]); + } +} \ No newline at end of file diff --git a/src/test/java/com/venafi/vcert/sdk/vcertTknClient/VCertTknClientResource.java b/src/test/java/com/venafi/vcert/sdk/vcertTknClient/VCertTknClientResource.java new file mode 100644 index 0000000..70583c6 --- /dev/null +++ b/src/test/java/com/venafi/vcert/sdk/vcertTknClient/VCertTknClientResource.java @@ -0,0 +1,77 @@ +package com.venafi.vcert.sdk.vcertTknClient; + +import static org.assertj.core.api.Assertions.assertThat; + +import java.security.Security; + +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.junit.jupiter.api.extension.AfterEachCallback; +import org.junit.jupiter.api.extension.BeforeAllCallback; +import org.junit.jupiter.api.extension.BeforeEachCallback; +import org.junit.jupiter.api.extension.ExtensionContext; + +import com.venafi.vcert.sdk.Config; +import com.venafi.vcert.sdk.TestUtils; +import com.venafi.vcert.sdk.VCertTknClient; +import com.venafi.vcert.sdk.connectors.tpp.TokenInfo; +import com.venafi.vcert.sdk.endpoint.Authentication; +import com.venafi.vcert.sdk.endpoint.ConnectorType; + +import lombok.Getter; + +/** + * @author Marcos E. Albornoz Abud + * + */ +@Getter +public class VCertTknClientResource implements BeforeEachCallback, BeforeAllCallback, AfterEachCallback { + + private VCertTknClient client; + private TokenInfo info; + + @Override + public void beforeEach(ExtensionContext context) throws Exception { + if(info == null) + authenticate(); + } + + @Override + public void beforeAll(ExtensionContext context) throws Exception { + Security.addProvider(new BouncyCastleProvider()); + authenticate(); + } + + @Override + public void afterEach(ExtensionContext context) throws Exception { + if(context.getTags()!=null && context.getTags().contains("InvalidAuthentication")) + info = null; + } + + private void authenticate() throws Exception { + Authentication authentication = Authentication.builder() + .user(TestUtils.TPP_USER) + .password(TestUtils.TPP_PASSWORD) + .scope("certificate:manage,revoke,discover;configuration:manage") + .build(); + + Config config = Config.builder() + .connectorType(ConnectorType.TPP_TOKEN) + .baseUrl(TestUtils.TPP_TOKEN_URL) + .credentials(authentication) + //.appInfo(appInfo) + .build(); + + client = new VCertTknClient(config); + + TokenInfo info = client.getTokenInfo(); + + assertThat(info).isNotNull(); + assertThat(info.authorized()).isTrue(); + assertThat(info.errorMessage()).isNull(); + assertThat(info.accessToken()).isNotNull(); + assertThat(info.refreshToken()).isNotNull(); + + this.info = info; + } + +} From 82b1846b5103aa29c04a75d3a0a2a76b412bdc67 Mon Sep 17 00:00:00 2001 From: marcos-albornoz Date: Thu, 1 Sep 2022 12:29:34 -0500 Subject: [PATCH 3/3] fix: revert testing changes on Cloud classes --- .../com/venafi/vcert/sdk/connectors/cloud/CloudConnector.java | 2 +- .../vcert/sdk/connectors/cloud/CloudConnectorUtils.java | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/main/java/com/venafi/vcert/sdk/connectors/cloud/CloudConnector.java b/src/main/java/com/venafi/vcert/sdk/connectors/cloud/CloudConnector.java index 16f4136..69063c1 100644 --- a/src/main/java/com/venafi/vcert/sdk/connectors/cloud/CloudConnector.java +++ b/src/main/java/com/venafi/vcert/sdk/connectors/cloud/CloudConnector.java @@ -703,7 +703,7 @@ public static class ApiClientInformation{ public static class CsrAttributes { private String commonName; private String organization; - //private String[] organizationalUnits; + private String[] organizationalUnits; private String locality; private String state; private String country; diff --git a/src/main/java/com/venafi/vcert/sdk/connectors/cloud/CloudConnectorUtils.java b/src/main/java/com/venafi/vcert/sdk/connectors/cloud/CloudConnectorUtils.java index 20abbc9..fa402ba 100644 --- a/src/main/java/com/venafi/vcert/sdk/connectors/cloud/CloudConnectorUtils.java +++ b/src/main/java/com/venafi/vcert/sdk/connectors/cloud/CloudConnectorUtils.java @@ -388,7 +388,7 @@ public static CsrAttributes buildCsrAttributes(CertificateRequest request, Polic } //computing the organizational Units - /*List reqOrgUnits = Optional.ofNullable(request).map(req -> req.subject()).map(s -> s.organizationalUnit()).orElse(null); + List reqOrgUnits = Optional.ofNullable(request).map(req -> req.subject()).map(s -> s.organizationalUnit()).orElse(null); if( reqOrgUnits!=null && reqOrgUnits.size() > 0) { String[] reqOrgUnitsArray = reqOrgUnits.toArray(new String[0]); @@ -405,7 +405,7 @@ public static CsrAttributes buildCsrAttributes(CertificateRequest request, Polic if(defaultOrgUnits!=null && defaultOrgUnits.length>0) csrAttributes.organizationalUnits(defaultOrgUnits); - }*/ + } //computing the localities List reqLocalities = Optional.ofNullable(request).map(req -> req.subject()).map(s -> s.locality()).orElse(null);