From c85db38f7b00389d9c58b46b4efa36fbbf109fed Mon Sep 17 00:00:00 2001 From: nagendra0721 Date: Thu, 19 Dec 2024 15:09:28 +0530 Subject: [PATCH] MOSIP-38439: p7b file download error for some cert-id Signed-off-by: nagendra0721 --- .../PartnerCertManagerErrorConstants.java | 2 ++ .../util/PartnerCertificateManagerUtil.java | 34 ++++++++++++++++--- 2 files changed, 31 insertions(+), 5 deletions(-) diff --git a/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/partnercertservice/constant/PartnerCertManagerErrorConstants.java b/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/partnercertservice/constant/PartnerCertManagerErrorConstants.java index b6e3b1e7..2b245633 100644 --- a/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/partnercertservice/constant/PartnerCertManagerErrorConstants.java +++ b/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/partnercertservice/constant/PartnerCertManagerErrorConstants.java @@ -48,6 +48,8 @@ public enum PartnerCertManagerErrorConstants { CA_CERT_ID_NOT_FOUND("KER-PMS-019", "CA Certificate not found for the given ID."), FUTURE_DATED_CERT_NOT_ALLOWED("KER-PMS-020", "Future Dated Certificate not allowed to upload."), + + P7B_CONVERSION_ERROR("KER-KMS-021", "Failed to create p7b file format."), ; /** diff --git a/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/partnercertservice/util/PartnerCertificateManagerUtil.java b/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/partnercertservice/util/PartnerCertificateManagerUtil.java index f56952c2..e35ece3a 100644 --- a/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/partnercertservice/util/PartnerCertificateManagerUtil.java +++ b/kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/partnercertservice/util/PartnerCertificateManagerUtil.java @@ -14,10 +14,7 @@ import java.time.LocalDateTime; import java.time.ZoneId; import java.time.temporal.ChronoUnit; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Date; -import java.util.List; +import java.util.*; import javax.security.auth.x500.X500Principal; @@ -253,7 +250,7 @@ public static String buildP7BCertificateChain(List certLi } public static String buildp7bFile(Certificate[] chain) { - return buildCertChain(chain); + return buildCertChainWithPKCS7(chain); } private static String buildCertChain(Certificate[] chain) { @@ -274,6 +271,33 @@ private static String buildCertChain(Certificate[] chain) { } } + public static String buildCertChainWithPKCS7(Certificate[] chain) { + try { + CMSSignedDataGenerator generator = new CMSSignedDataGenerator(); + JcaCertStore jcaStore = new JcaCertStore(Arrays.asList(chain)); + generator.addCertificates(jcaStore); + + CMSTypedData cmsTypedData = new CMSAbsentContent(); + CMSSignedData cmsSignedData = generator.generate(cmsTypedData); + + byte[] encodedData = cmsSignedData.getEncoded(); + String base64Encoded = Base64.getEncoder().encodeToString(encodedData); + + StringBuilder pkcs7Formatted = new StringBuilder(); + pkcs7Formatted.append("-----BEGIN PKCS7-----\n"); + pkcs7Formatted.append(base64Encoded.replaceAll("(.{64})", "$1\n")); + pkcs7Formatted.append("\n-----END PKCS7-----"); + + return pkcs7Formatted.toString(); + } catch (CertificateEncodingException | CMSException | IOException e) { + LOGGER.error(PartnerCertManagerConstants.SESSIONID, PartnerCertManagerConstants.GET_CA_CERT_TRUST, + PartnerCertManagerConstants.PCM_UTIL, "Error generating p7b certificates chain."); + throw new PartnerCertManagerException( + PartnerCertManagerErrorConstants.P7B_CONVERSION_ERROR.getErrorCode(), + PartnerCertManagerErrorConstants.P7B_CONVERSION_ERROR.getErrorMessage(), e); + } + } + public static String handleNullOrEmpty(String value) { return (value == null || value.trim().isEmpty()) ? null : value; }