MOSIP-36344: create new end point for getting ca certificates (root/i… (

#326)

* MOSIP-36344: create new end point for getting ca certificates (root/intermediate)

Signed-off-by: nagendra0721 <[email protected]>

* MOSIP-36344: create new end point for getting ca certificates (root/iintermediate)

---------

Signed-off-by: nagendra0721 <[email protected]>

db_scripts/mosip_keymgr/ddl/keymgr-ca_cert_store.sql

@@ -20,6 +20,7 @@ CREATE TABLE keymgr.ca_cert_store(
 	upd_dtimes timestamp,
 	is_deleted boolean DEFAULT FALSE,
 	del_dtimes timestamp,
+	ca_cert_type character varying(25),
 	CONSTRAINT pk_cacs_id PRIMARY KEY (cert_id),
 	CONSTRAINT cert_thumbprint_unique UNIQUE (cert_thumbprint,partner_domain)
 
@@ -61,3 +62,5 @@ COMMENT ON COLUMN keymgr.ca_cert_store.is_deleted IS 'IS_Deleted : Flag to mark
 -- ddl-end --
 COMMENT ON COLUMN keymgr.ca_cert_store.del_dtimes IS 'Deleted DateTimestamp : Date and Timestamp when the record is soft deleted with is_deleted=TRUE';
 -- ddl-end --
+COMMENT ON COLUMN keymgr.ca_cert_store.ca_cert_type IS 'CA Certificate Type : Indicates if the certificate is a ROOT or INTERMEDIATE CA certificate';
+-- ddl-end --

db_upgrade_scripts/mosip_keymgr/sql/ca_cert_table_update.sql

@@ -0,0 +1,7 @@
+\c mosip_keymgr
+
+ALTER TABLE IF EXISTS keymgr.ca_cert_store
+    ADD COLUMN ca_cert_type character varying(25);
+
+COMMENT ON COLUMN keymgr.ca_cert_store.ca_cert_type
+    IS 'CA_Certificate Type: Specifies the type of CA_Certificate e.g., Root, Intermediate, end-entity';

kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/keymanagerservice/entity/CACertificateStore.java

@@ -91,5 +91,10 @@ public class CACertificateStore extends BaseEntity {
 	 */
     @Column(name = "partner_domain")
     private String partnerDomain;
-
+
+    /**
+     * The field CA Certificate Type
+     */
+    @Column(name = "ca_cert_type")
+    private String caCertificateType;
 }

kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/keymanagerservice/repository/CACertificateStoreRepository.java

@@ -5,6 +5,7 @@
 import java.util.List;
 
 import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.jpa.repository.JpaSpecificationExecutor;
 import org.springframework.data.jpa.repository.Query;
 import org.springframework.stereotype.Repository;
 
@@ -18,7 +19,7 @@
  *
  */
 @Repository
-public interface CACertificateStoreRepository extends JpaRepository<CACertificateStore, String> {
+public interface CACertificateStoreRepository extends JpaRepository<CACertificateStore, String>, JpaSpecificationExecutor<CACertificateStore> {
 
 	/**
 	 * Function to find CACertificates by Certificate Subject and Certificate Issuer. 
@@ -44,7 +45,14 @@ public interface CACertificateStoreRepository extends JpaRepository<CACertificat
 	 * @return list of CACertificateStore
 	*/
 	List<CACertificateStore> findAll();
-
+
+	/**
+	 * Function to fetch all certificate whose caCertificateType is null
+	 *
+	 * @return list of CACertificateStore
+	 */
+	List<CACertificateStore> findByCaCertificateTypeIsNull();
+
 	/**
 	 * Function to find CACertificates by Certificate Subject. 
 	 * 

kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/partnercertservice/constant/CaCertificateTypeConsts.java

@@ -0,0 +1,6 @@
+package io.mosip.kernel.partnercertservice.constant;
+
+public enum CaCertificateTypeConsts {
+    ROOT,
+    INTERMEDIATE
+}

kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/partnercertservice/constant/PartnerCertManagerConstants.java

@@ -96,4 +96,6 @@ public interface PartnerCertManagerConstants {
 	String ROOT_APP_ID = "ROOT";
 
 	String AUTH_DOMAIN = "AUTH";
+
+	String PMS_APP_ID = "PMS";
 }

kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/partnercertservice/constant/PartnerCertManagerErrorConstants.java

@@ -42,6 +42,8 @@ public enum PartnerCertManagerErrorConstants {
 	SIGN_CERT_NOT_ALLOWED("KER-PCM-016", "Sign Certificate not allowed for the authenticated token."),
 
 	CERT_VALIDITY_LESS_THAN_MIN_VALIDITY_NOT_ALLOWED("KER-PCM-017","The CA Certificate validity is less than required minimum validity."),
+
+	INVALID_CA_CERTIFICATE_TYPE("KER-PCM-017", "Invalid Certificate Type");
     ;
 
 	/**

kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/partnercertservice/controller/PartnerCertManagerController.java

@@ -1,5 +1,6 @@
 package io.mosip.kernel.partnercertservice.controller;
 
+import io.mosip.kernel.partnercertservice.dto.*;
 import jakarta.validation.Valid;
 
 import org.springframework.beans.factory.annotation.Autowired;
@@ -14,15 +15,6 @@
 import io.mosip.kernel.core.http.RequestWrapper;
 import io.mosip.kernel.core.http.ResponseFilter;
 import io.mosip.kernel.core.http.ResponseWrapper;
-import io.mosip.kernel.partnercertservice.dto.CACertificateRequestDto;
-import io.mosip.kernel.partnercertservice.dto.PartnerSignedCertDownloadResponseDto;
-import io.mosip.kernel.partnercertservice.dto.CACertificateResponseDto;
-import io.mosip.kernel.partnercertservice.dto.CertificateTrustRequestDto;
-import io.mosip.kernel.partnercertservice.dto.CertificateTrustResponeDto;
-import io.mosip.kernel.partnercertservice.dto.PartnerCertDownloadRequestDto;
-import io.mosip.kernel.partnercertservice.dto.PartnerCertDownloadResponeDto;
-import io.mosip.kernel.partnercertservice.dto.PartnerCertificateRequestDto;
-import io.mosip.kernel.partnercertservice.dto.PartnerCertificateResponseDto;
 import io.mosip.kernel.partnercertservice.service.spi.PartnerCertificateManagerService;
 import io.swagger.annotations.ApiParam;
 import io.swagger.v3.oas.annotations.Operation;
@@ -180,5 +172,29 @@ public ResponseWrapper<PartnerSignedCertDownloadResponseDto> getPartnerSignedCer
 		response.setResponse(partnerCertManagerService.getPartnerSignedCertificate(certDownloadRequestDto));
 		return response;
 	}
-
+
+	/**
+	 * To get the Previously uploaded CA and IntermediateCA Certificate
+	 *
+	 * @param certListRequestDto {@link CaCertTypeListRequestDto} request
+	 * @return {@link CaCertTypeListRequestDto} Cetificate List data
+	 */
+	@Operation(summary = "To Download CA Type Certificate List.",
+			description = "To Download CA Type Certificate List.", tags = { "cacertmanager" })
+	@ApiResponses(value = {
+			@ApiResponse(responseCode = "200", description = "Success or you may find errors in error array in response"),
+			@ApiResponse(responseCode = "401", description = "Unauthorized", content = @Content(schema = @Schema(hidden = true))),
+			@ApiResponse(responseCode = "403", description = "Forbidden", content = @Content(schema = @Schema(hidden = true))),
+			@ApiResponse(responseCode = "404", description = "Not Found", content = @Content(schema = @Schema(hidden = true))) })
+
+	@ResponseFilter
+	@PreAuthorize("hasAnyRole(@keyManAuthRoles.getPostgetcacertificates())")
+	@PostMapping(value = "/getCaCertificates", produces = "application/json")
+	public ResponseWrapper<CaCertificateChainResponseDto> getCaCertificateList(
+			@ApiParam("To get List of Certificate Based on CA certificate Type.") @RequestBody @Valid RequestWrapper<CaCertTypeListRequestDto> certListRequestDto) {
+
+		ResponseWrapper<CaCertificateChainResponseDto> response = new ResponseWrapper<>();
+		response.setResponse(partnerCertManagerService.getCaCertificateChain(certListRequestDto.getRequest()));
+		return response;
+	}
 }

kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/partnercertservice/dto/AuthorizedRolesDTO.java

@@ -26,4 +26,6 @@ public class AuthorizedRolesDTO {
 
 	private List<String> getgetpartnersignedcertificatepartnercertid;
 
+	private List<String> postgetcacertificates;
+
 }

kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/partnercertservice/dto/CaCertTypeListRequestDto.java

@@ -0,0 +1,106 @@
+package io.mosip.kernel.partnercertservice.dto;
+
+import com.fasterxml.jackson.annotation.JsonFormat;
+import io.mosip.kernel.keymanagerservice.constant.KeymanagerConstant;
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import jakarta.validation.constraints.NotBlank;
+import jakarta.validation.constraints.NotNull;
+import lombok.AllArgsConstructor;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+import java.time.LocalDateTime;
+
+/**
+ * Partner Certificate Download Request DTO
+ *
+ * @author Nagendra
+ */
+
+@Data
+@AllArgsConstructor
+@NoArgsConstructor
+@ApiModel(description = "Model representation request to list partner certificate based on certificate type.")
+public class CaCertTypeListRequestDto {
+
+    /**
+     * Certificate Type
+     */
+    @ApiModelProperty(notes = "Partner Certificate Type", required = false)
+    String caCertificateType;
+
+    /**
+     * Domain Name
+     */
+    @ApiModelProperty(notes = "Domain Name", required = true)
+    @NotBlank(message = KeymanagerConstant.INVALID_REQUEST)
+    String partnerDomain;
+
+    @ApiModelProperty(notes = "Flag to force exclude the mosip CA Certificates", example = "false", required = false)
+    private Boolean excludeMosipCA;
+
+    /**
+     * Sort Direction: ASC, DESC
+     */
+    @ApiModelProperty(notes = "Sort Direction", required = false)
+    String sortOrder;
+    /**
+     * Page Number
+     */
+    @ApiModelProperty(notes = "Page Number", required = false)
+    @NotNull(message = KeymanagerConstant.INVALID_REQUEST)
+    int pageNumber;
+
+    /**
+     * Number of Certificate
+     */
+    @ApiModelProperty(notes = "Number of Certificate", required = false)
+    @NotNull(message = KeymanagerConstant.INVALID_REQUEST)
+    int pageSize;
+
+    /**
+     * CA Certificate Id
+     */
+    @ApiModelProperty(notes = "CA Certificate Id", required = false)
+    private String certId;
+
+    /**
+     * Ca Certificate Issued To
+     */
+    @ApiModelProperty(notes = "Issued To", required = false)
+    private String issuedTo;
+
+    /**
+     * Ca Certificate Issued By
+     */
+    @ApiModelProperty(notes = "Issued By", required = false)
+    private String issuedBy;
+
+    /**
+     * Ca Certificate Valid From
+     */
+    @JsonFormat(shape = JsonFormat.Shape.STRING, pattern = "yyyy-MM-dd'T'HH:mm:ss.SSS'Z'")
+    @ApiModelProperty(notes = "Valid From", required = false)
+    private LocalDateTime validFromDate;
+
+    /**
+     * Ca Certificate Valid Till
+     */
+    @JsonFormat(shape = JsonFormat.Shape.STRING, pattern = "yyyy-MM-dd'T'HH:mm:ss.SSS'Z'")
+    @ApiModelProperty(notes = "Valid Till", required = false)
+    private LocalDateTime validTillDate;
+
+    /**
+     * Ca Certificate uploaded time
+     */
+    @JsonFormat(shape = JsonFormat.Shape.STRING, pattern = "yyyy-MM-dd'T'HH:mm:ss.SSS'Z'")
+    @ApiModelProperty(notes = "Upload Time", required = false)
+    private LocalDateTime uploadTime;
+
+    /**
+     * Sort By Field Name
+     */
+    @ApiModelProperty(notes = "Sort By Field", required = false)
+    private String sortByFieldName;
+}

kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/partnercertservice/dto/CaCertTypeListResponseDto.java

@@ -0,0 +1,78 @@
+package io.mosip.kernel.partnercertservice.dto;
+
+import com.fasterxml.jackson.annotation.JsonFormat;
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import lombok.AllArgsConstructor;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+import java.time.LocalDateTime;
+
+/**
+ * DTO class for List the CA Certificate Based on the Certificate Type.
+ *
+ */
+@Data
+@AllArgsConstructor
+@NoArgsConstructor
+@ApiModel(description = "certificate Dto class representation")
+public class CaCertTypeListResponseDto {
+
+    /**
+     * CA Certificate Type
+     */
+    @ApiModelProperty(notes = "CA Certificate Type", required = true)
+    private String caCertificateType;
+
+    /**
+     * Partner Domain.
+     */
+    @ApiModelProperty(notes = "Partner Domain", required = true)
+    private String partnerDomain;
+
+    /**
+     * CA Certificate Id
+     */
+    @ApiModelProperty(notes = "CA Certificate Id", required = true)
+    private String certId;
+
+    /**
+     * Ca Certificate Issued To
+     */
+    @ApiModelProperty(notes = "Issued To", required = true)
+    private String issuedTo;
+
+    /**
+     * Ca Certificate Issued By
+     */
+    @ApiModelProperty(notes = "Issued By", required = true)
+    private String issuedBy;
+
+    /**
+     * Ca Certificate Valid From
+     */
+    @JsonFormat(shape = JsonFormat.Shape.STRING, pattern = "yyyy-MM-dd'T'HH:mm:ss.SSS'Z'")
+    @ApiModelProperty(notes = "Valid From", required = true)
+    private LocalDateTime validFromDate;
+
+    /**
+     * Ca Certificate Valid Till
+     */
+    @JsonFormat(shape = JsonFormat.Shape.STRING, pattern = "yyyy-MM-dd'T'HH:mm:ss.SSS'Z'")
+    @ApiModelProperty(notes = "Valid Till", required = true)
+    private LocalDateTime validTillDate;
+
+    /**
+     * Ca Certificate uploaded time
+     */
+    @JsonFormat(shape = JsonFormat.Shape.STRING, pattern = "yyyy-MM-dd'T'HH:mm:ss.SSS'Z'")
+    @ApiModelProperty(notes = "Upload Time", required = true)
+    private LocalDateTime uploadTime;
+
+    /**
+     * Ca certificate status
+     */
+    @ApiModelProperty(notes = "status", required = true)
+    private boolean status;
+}

kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/partnercertservice/dto/CaCertificateChainResponseDto.java

@@ -0,0 +1,39 @@
+package io.mosip.kernel.partnercertservice.dto;
+
+import io.swagger.annotations.ApiModel;
+import lombok.AllArgsConstructor;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@AllArgsConstructor
+@NoArgsConstructor
+@ApiModel(description = "Class representing All Partner Certificate Data Response")
+public class CaCertificateChainResponseDto {
+
+    /**
+     * Page Number
+     */
+    private int pageNumber;
+
+    /**
+     * Number of records in the Page
+     */
+    private int pageSize;
+
+    /**
+     * Total Number of Records
+     */
+    private long totalRecords;
+
+    /**
+     * Total number of Pages
+     */
+    private int totalPages;
+
+    /**
+     * Field for CA Certificate
+     */
+    private CaCertTypeListResponseDto[] allPartnerCertificates;
+
+}