mosip · mahammedtaheer · Nov 29, 2024 · Nov 14, 2024 · Nov 19, 2024 · Nov 29, 2024
diff --git a/.../main/java/io/mosip/kernel/keymanagerservice/repository/CACertificateStoreRepository.java b/.../main/java/io/mosip/kernel/keymanagerservice/repository/CACertificateStoreRepository.java
@@ -39,6 +39,14 @@ public interface CACertificateStoreRepository extends JpaRepository<CACertificat
 	 */
 	CACertificateStore findByCertThumbprint(String certThumbprint);
 
+	/**
+	 * Function to find CACertificate by Certificate Id.
+	 *
+	 * @param certId
+	 * @return CACertificateStore
+	 */
+	CACertificateStore findByCertId(String certId);
+
 	/**
 	 * Function to fetch all CACertificates. 
 	 * 

diff --git a/...rc/main/java/io/mosip/kernel/partnercertservice/constant/PartnerCertManagerConstants.java b/...rc/main/java/io/mosip/kernel/partnercertservice/constant/PartnerCertManagerConstants.java
@@ -98,4 +98,8 @@ public interface PartnerCertManagerConstants {
 	String AUTH_DOMAIN = "AUTH";
 
 	String PMS_APP_ID = "PMS";
+
+	String GET_CA_CERT = "GetCACertificate";
+
+	String GET_CA_CERT_TRUST = "GetCACertificateWithTrustChain";
 }
diff --git a/...in/java/io/mosip/kernel/partnercertservice/constant/PartnerCertManagerErrorConstants.java b/...in/java/io/mosip/kernel/partnercertservice/constant/PartnerCertManagerErrorConstants.java
@@ -43,7 +43,9 @@ public enum PartnerCertManagerErrorConstants {
 
 	CERT_VALIDITY_LESS_THAN_MIN_VALIDITY_NOT_ALLOWED("KER-PCM-017","The CA Certificate validity is less than required minimum validity."),
 
-	INVALID_CA_CERTIFICATE_TYPE("KER-PCM-017", "Invalid Certificate Type");
+	INVALID_CA_CERTIFICATE_TYPE("KER-PCM-017", "Invalid Certificate Type"),
+
+	CA_CERT_ID_NOT_FOUND("KER-PMS-017", "CA Certificate not found for the given ID."),
     ;
 
 	/**

diff --git a/...main/java/io/mosip/kernel/partnercertservice/controller/PartnerCertManagerController.java b/...main/java/io/mosip/kernel/partnercertservice/controller/PartnerCertManagerController.java
@@ -5,12 +5,7 @@
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.web.bind.annotation.CrossOrigin;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.PathVariable;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestBody;
-import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.*;
 
 import io.mosip.kernel.core.http.RequestWrapper;
 import io.mosip.kernel.core.http.ResponseFilter;
@@ -197,4 +192,30 @@ public ResponseWrapper<CaCertificateChainResponseDto> getCaCertificateList(
 		response.setResponse(partnerCertManagerService.getCaCertificateChain(certListRequestDto.getRequest()));
 		return response;
 	}
+
+	/**
+	 * To Download p7b file for a CA / Intermediate CA certificate along with the trust chain
+	 *
+	 * @param caCertId {@link CACertificateTrustPathRequestDto} request
+	 * @return {@link CACertificateTrustPathResponseDto} p7b data
+	 */
+	@Operation(summary = "To Download p7b file for a CA / Intermediate CA certificate along with the trust chain.",
+			description = "To Download p7b file for a CA / Intermediate CA certificate along with the trust chain.", tags = { "cacertmanager" })
+	@ApiResponses(value = {
+			@ApiResponse(responseCode = "200", description = "Success or you may find errors in error array in response"),
+			@ApiResponse(responseCode = "401", description = "Unauthorized", content = @Content(schema = @Schema(hidden = true))),
+			@ApiResponse(responseCode = "403", description = "Forbidden", content = @Content(schema = @Schema(hidden = true))),
+			@ApiResponse(responseCode = "404", description = "Not Found", content = @Content(schema = @Schema(hidden = true))) })
+	@ResponseFilter
+	@PreAuthorize("hasAnyRole(@keyManAuthRoles.getGetcacertificatetrustpath())")
+	@GetMapping(value = "/getCACertificateTrustPath/{caCertId}")
+	public ResponseWrapper<CACertificateTrustPathResponseDto> getCACertificateTrustPath(
+			@ApiParam("To Download p7b file CA certificate along with trust.") @PathVariable("caCertId") String caCertId) {
+		CACertificateTrustPathRequestDto caCertificateTrustPathRequestDto = new CACertificateTrustPathRequestDto();
+		caCertificateTrustPathRequestDto.setCaCertId(caCertId);
+		ResponseWrapper<CACertificateTrustPathResponseDto> response = new ResponseWrapper<>();
+		response.setResponse(partnerCertManagerService.getCACertificateTrustPath(caCertificateTrustPathRequestDto));
+		return response;
+	}
+
 }
diff --git a/...ager-service/src/main/java/io/mosip/kernel/partnercertservice/dto/AuthorizedRolesDTO.java b/...ager-service/src/main/java/io/mosip/kernel/partnercertservice/dto/AuthorizedRolesDTO.java
@@ -28,4 +28,5 @@ public class AuthorizedRolesDTO {
 
 	private List<String> postgetcacertificates;
 
+	private List<String> getcacertificatetrustpath;
 }
diff --git a/...rc/main/java/io/mosip/kernel/partnercertservice/dto/CACertificateTrustPathRequestDto.java b/...rc/main/java/io/mosip/kernel/partnercertservice/dto/CACertificateTrustPathRequestDto.java
@@ -0,0 +1,23 @@
+package io.mosip.kernel.partnercertservice.dto;
+
+import io.mosip.kernel.keymanagerservice.constant.KeymanagerConstant;
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import jakarta.validation.constraints.NotBlank;
+import lombok.AllArgsConstructor;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@AllArgsConstructor
+@NoArgsConstructor
+@ApiModel(description = "Model representing request to download p7b file for ca certificate")
+public class CACertificateTrustPathRequestDto {
+
+    /**
+     * Certificate ID of CA Certificate
+     */
+    @ApiModelProperty(notes = "CA Certificate ID", required = true)
+    @NotBlank(message = KeymanagerConstant.INVALID_REQUEST)
+    String caCertId;
+}
diff --git a/...c/main/java/io/mosip/kernel/partnercertservice/dto/CACertificateTrustPathResponseDto.java b/...c/main/java/io/mosip/kernel/partnercertservice/dto/CACertificateTrustPathResponseDto.java
@@ -0,0 +1,31 @@
+package io.mosip.kernel.partnercertservice.dto;
+
+import lombok.AllArgsConstructor;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+import java.time.LocalDateTime;
+
+/**
+ * DTO class for download of p7b File for CA Certificate.
+ */
+@Data
+@AllArgsConstructor
+@NoArgsConstructor
+public class CACertificateTrustPathResponseDto {
+//
+//    /**
+//     * format of certificate
+//     */
+//
+//    private String Format;
+    /**
+     * CA Certificate Data
+     */
+    private String p7bFile;
+
+    /**
+     * Response Timestamp
+     */
+    private LocalDateTime timestamp;
+}
diff --git a/...e/src/main/java/io/mosip/kernel/partnercertservice/helper/PartnerCertManagerDBHelper.java b/...e/src/main/java/io/mosip/kernel/partnercertservice/helper/PartnerCertManagerDBHelper.java
@@ -177,4 +177,9 @@ public void getCertThumbprints(String appId, Optional<String> refId, List<String
             certThumbprints.add(certThumbprint);
         }
     }
+
+    public CACertificateStore getCACert(String certId) {
+        return caCertificateStoreRepository.findByCertId(certId);
+    }
+
 }
diff --git a/...io/mosip/kernel/partnercertservice/service/impl/PartnerCertificateManagerServiceImpl.java b/...io/mosip/kernel/partnercertservice/service/impl/PartnerCertificateManagerServiceImpl.java
@@ -712,6 +712,62 @@ public PartnerSignedCertDownloadResponseDto getPartnerSignedCertificate(PartnerC
         return responseDto;
     }
 
+    @Override
+    public CACertificateTrustPathResponseDto getCACertificateTrustPath(CACertificateTrustPathRequestDto caCertificateTrustPathRequestDto) {
+
+
+        LOGGER.info(PartnerCertManagerConstants.SESSIONID, PartnerCertManagerConstants.GET_CA_CERT_TRUST,
+                PartnerCertManagerConstants.EMPTY, "Get CA Certificate with trust request: " );
+
+        String caCertId = caCertificateTrustPathRequestDto.getCaCertId();
+        CACertificateStore caCertificateStore = getCACertificate(caCertId);
+        X509Certificate caCertificate = (X509Certificate) keymanagerUtil.convertToCertificate(String.valueOf(caCertificateStore.getCertData()));
+        String partnerDomain = caCertificateStore.getPartnerDomain();
+        LocalDateTime timestamp = DateUtils.getUTCCurrentDateTime();
+        List<? extends Certificate> certList = null;
+        if (!PartnerCertificateManagerUtil.isSelfSignedCertificate(caCertificate)){
+            certList = getCertificateTrustPath(caCertificate, partnerDomain);
+        }
+
+
+        List<Certificate> chain = new ArrayList<>();
+        chain.add(caCertificate);
+        if (certList != null) {
+            chain.addAll(certList);
+        }
+        String buildTrustPath = PartnerCertificateManagerUtil.buildp7bFile(chain.toArray(new Certificate[0]));
+
+        CACertificateTrustPathResponseDto responseDto = new CACertificateTrustPathResponseDto();
+        responseDto.setP7bFile(buildTrustPath);
+        responseDto.setTimestamp(timestamp);
+        return responseDto;
+    }
+        responseDto.setTimestamp(timestamp);
+        return responseDto;
+    }
+
+    private CACertificateStore getCACertificate(String caCertId) {
+        LOGGER.info(PartnerCertManagerConstants.SESSIONID, PartnerCertManagerConstants.GET_CA_CERT, PartnerCertManagerConstants.EMPTY,
+                "Request to get CA Certificate for caCertId: " + caCertId);
+
+        if (!PartnerCertificateManagerUtil.isValidCertificateID(caCertId)) {
+            LOGGER.error(PartnerCertManagerConstants.SESSIONID, PartnerCertManagerConstants.GET_CA_CERT,
+                    PartnerCertManagerConstants.EMPTY, "Invalid CA Certificate ID provided to get the CA Certificate.");
+            throw new PartnerCertManagerException(
+                    PartnerCertManagerErrorConstants.INVALID_CERTIFICATE_ID.getErrorCode(),
+                    PartnerCertManagerErrorConstants.INVALID_CERTIFICATE_ID.getErrorMessage());
+        }
+        CACertificateStore caCertificateStore = certDBHelper.getCACert(caCertId);
+        if (Objects.isNull(caCertificateStore)) {
+            LOGGER.error(PartnerCertManagerConstants.SESSIONID, PartnerCertManagerConstants.GET_CA_CERT,
+                    PartnerCertManagerConstants.EMPTY, "CA Certificate not found for the provided ID.");
+            throw new PartnerCertManagerException(
+                    PartnerCertManagerErrorConstants.CA_CERT_ID_NOT_FOUND.getErrorCode(),
+                    PartnerCertManagerErrorConstants.CA_CERT_ID_NOT_FOUND.getErrorMessage());
+        }
+        return caCertificateStore;
+    }
+
     private PartnerCertificateStore getPartnerCertificate(String partnetCertId) {
         LOGGER.info(PartnerCertManagerConstants.SESSIONID, PartnerCertManagerConstants.GET_PARTNER_CERT, PartnerCertManagerConstants.EMPTY,
                 "Request to get Certificate for partnerId: " + partnetCertId);        

diff --git a/...java/io/mosip/kernel/partnercertservice/service/spi/PartnerCertificateManagerService.java b/...java/io/mosip/kernel/partnercertservice/service/spi/PartnerCertificateManagerService.java
@@ -77,4 +77,13 @@ public interface PartnerCertificateManagerService {
      * @return {@link CaCertificateChainResponseDto} response
      */
     public CaCertificateChainResponseDto getCaCertificateChain(CaCertTypeListRequestDto certListRequestDto);
+
+    /**
+     * Function to Download p7b file for CA Certificates along with trust
+     *
+     * @param caCertificateTrustPathRequestDto p7bFileDownloadRequestDto
+     * @return {@link CACertificateTrustPathResponseDto} respponse
+     */
+    public CACertificateTrustPathResponseDto getCACertificateTrustPath(CACertificateTrustPathRequestDto caCertificateTrustPathRequestDto);
+
 }
diff --git a/.../src/main/java/io/mosip/kernel/partnercertservice/util/PartnerCertificateManagerUtil.java b/.../src/main/java/io/mosip/kernel/partnercertservice/util/PartnerCertificateManagerUtil.java
@@ -240,6 +240,10 @@ public static String buildP7BCertificateChain(List<? extends Certificate> certLi
         return buildCertChain(chain.toArray(new Certificate[0]));
     }
 
+    public static String buildp7bFile(Certificate[] chain) {
+        return buildCertChain(chain);
+    }
+
     private static String buildCertChain(Certificate[] chain) {
 
         try {

diff --git a/kernel/kernel-keymanager-service/src/main/resources/application-local.properties b/kernel/kernel-keymanager-service/src/main/resources/application-local.properties
@@ -159,4 +159,5 @@ mosip.role.keymanager.getuinpartnercode=ZONAL_ADMIN,GLOBAL_ADMIN,ID_AUTHENTICATI
 mosip.role.keymanager.postzkencrypt=ZONAL_ADMIN,GLOBAL_ADMIN,INDIVIDUAL,ID_AUTHENTICATION,TEST,REGISTRATION_ADMIN,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT
 mosip.role.keymanager.postzkdecrypt=ZONAL_ADMIN,GLOBAL_ADMIN,INDIVIDUAL,ID_AUTHENTICATION,TEST,REGISTRATION_ADMIN,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT
 mosip.role.keymanager.postzkreencryptrandomkey=ZONAL_ADMIN,GLOBAL_ADMIN,INDIVIDUAL,ID_AUTHENTICATION,TEST,REGISTRATION_ADMIN,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT
-mosip.role.keymanager.postgetcacertificates=ZONAL_ADMIN,GLOBAL_ADMIN,PMS_ADMIN,PMS_USER
+mosip.role.keymanager.postgetcacertificates=PARTNER_ADMIN
+mosip.role.keymanager.getcacertificatetrustpath=PARTNER_ADMIN
Original file line number	Diff line number	Diff line change
Expand Up		@@ -28,4 +28,5 @@ public class AuthorizedRolesDTO {

		private List<String> postgetcacertificates;

		private List<String> getcacertificatetrustpath;
		}