Venafi · marcos-albornoz · Mar 1, 2022 · Mar 1, 2022
@@ -0,0 +1,37 @@
+package com.venafi.vcert.sdk.features;
+
+import com.venafi.vcert.sdk.certificate.EllipticCurve;
+
+import java.util.List;
+import java.util.Map;
+import java.util.function.Function;
+import java.util.stream.Collectors;
+
+public class SupportedECCKeys {
+
+	public static final SupportedECCKeys TPP = new SupportedECCKeys(List.of(EllipticCurve.EllipticCurveP256, EllipticCurve.EllipticCurveP384, EllipticCurve.EllipticCurveP521));
+
+	private Map<String, EllipticCurve> ellipticCurveMap;
+
+	public SupportedECCKeys(List<EllipticCurve> ellipticCurves) {
+		ellipticCurveMap = ellipticCurves.stream().collect(Collectors.toMap(EllipticCurve::value, Function.identity()));
+	}
+
+	public boolean containsEllipticCurves(String[] curves){
+
+		for (String curve : curves) {
+			if(!containsEllipticCurve(curve))
+				return false;
+		}
+
+		return true;
+	}
+
+	public boolean containsEllipticCurve(String value){
+		return ellipticCurveMap.containsKey(value);
+	}
+
+	public EllipticCurve getEllipticCurve(String value){
+		return ellipticCurveMap.get(value);
+	}
+}
@@ -0,0 +1,45 @@
+package com.venafi.vcert.sdk.features;
+
+import com.venafi.vcert.sdk.certificate.KeyType;
+
+import java.util.List;
+import java.util.Map;
+import java.util.function.Function;
+import java.util.stream.Collectors;
+
+public class SupportedKeyPairs {
+
+	public static final SupportedKeyPairs TPP = new SupportedKeyPairs(List.of(KeyType.RSA, KeyType.ECDSA));
+	public static final SupportedKeyPairs VAAS = new SupportedKeyPairs(List.of(KeyType.RSA));
+
+    private Map<String, KeyType> keyTypeMap;
+
+    public SupportedKeyPairs(List<KeyType> keyTypes) {
+    	keyTypeMap = keyTypes.stream().collect(Collectors.toMap(KeyType::value, Function.identity()));
+    }
+
+    public boolean containsKeyTypes(String[] types){
+
+        for (String type : types) {
+            if(!containsKeyType(type))
+                return false;
+        }
+
+        return true;
+    }
+
+    public boolean containsKeyType(String value){
+        KeyType keyType = null;
+        try {
+            keyType = KeyType.from(value);
+        } catch (IllegalArgumentException e){
+            return false;
+        }
+
+        return keyTypeMap.containsKey(keyType.value());
+    }
+
+    public KeyType getKeyType(String value){
+        return keyTypeMap.get(KeyType.from(value).value());
+    }
+}
@@ -0,0 +1,38 @@
+package com.venafi.vcert.sdk.features;
+
+import com.venafi.vcert.sdk.certificate.KeySize;
+
+import java.util.List;
+import java.util.Map;
+import java.util.function.Function;
+import java.util.stream.Collectors;
+
+public class SupportedRSAKeySizes {
+
+	public static final SupportedRSAKeySizes TPP = new SupportedRSAKeySizes(List.of(KeySize.KS512, KeySize.KS1024, KeySize.KS2048, KeySize.KS3072, KeySize.KS4096));
+	public static final SupportedRSAKeySizes VAAS = new SupportedRSAKeySizes(List.of(KeySize.KS1024, KeySize.KS2048, KeySize.KS4096));
+
+    private Map<Integer, KeySize> rsaKeySizeMap;
+
+    public SupportedRSAKeySizes(List<KeySize> keySizes) {
+    	rsaKeySizeMap = keySizes.stream().collect(Collectors.toMap(KeySize::value, Function.identity()));
+    }
+
+    public boolean containsRsaKeySizes(Integer[] sizes){
+
+        for (int size : sizes) {
+            if(!containsRsaKeySize(size))
+                return false;
+        }
+
+        return true;
+    }
+
+    public boolean containsRsaKeySize(int value){
+        return rsaKeySizeMap.containsKey(value);
+    }
+
+    public KeySize getRsaKeySize(int value){
+        return rsaKeySizeMap.get(value);
+    }
+}
@@ -1,6 +1,8 @@
 package com.venafi.vcert.sdk.policy.converter.cloud;
 
 import com.venafi.vcert.sdk.VCertException;
+import com.venafi.vcert.sdk.features.SupportedKeyPairs;
+import com.venafi.vcert.sdk.features.SupportedRSAKeySizes;
 import com.venafi.vcert.sdk.policy.domain.*;
 import com.venafi.vcert.sdk.policy.converter.IPolicySpecificationValidator;
 import org.apache.commons.lang3.StringUtils;
@@ -91,13 +93,13 @@ private void validateKeyPair(KeyPair keyPair) throws VCertException {
             if(keyPair.keyTypes() != null) {
                 int keyTypesLength = keyPair.keyTypes().length;
 
-                if (keyTypesLength > 0 && !CloudKeyPairEnums.containsKeyTypes(keyPair.keyTypes()))
+                if (keyTypesLength > 0 && !SupportedKeyPairs.VAAS.containsKeyTypes(keyPair.keyTypes()))
                     throw new VCertException(String.format(ATTRIBUTE_DOESNT_MATCH_WITH_ACCEPTED_VALUES_EXCEPTION_MESSAGE, PolicySpecificationConst.ATT_POLICY_KEYPAIR_KEY_TYPES));
             }
 
             //validate key bit strength
             if(keyPair.rsaKeySizes() != null) {
-                if (!CloudKeyPairEnums.containsRsaKeySizes(keyPair.rsaKeySizes()))
+                if (!SupportedRSAKeySizes.VAAS.containsRsaKeySizes(keyPair.rsaKeySizes()))
                     throw new VCertException(String.format(ATTRIBUTE_DOESNT_MATCH_WITH_ACCEPTED_VALUES_EXCEPTION_MESSAGE, PolicySpecificationConst.ATT_POLICY_KEYPAIR_RSA_KEY_SIZES));
             }
         }
@@ -165,7 +167,7 @@ private void validateDefaultKeyPair(DefaultsKeyPair defaultsKeyPair, KeyPair pol
 
             String defaultKeyType = defaultsKeyPair.keyType();
             if ( defaultKeyType != null && !defaultKeyType.equals("")) {
-                if(!CloudKeyPairEnums.containsKeyType( defaultKeyType ))
+                if(!SupportedKeyPairs.VAAS.containsKeyType( defaultKeyType ))
                     throw new VCertException(String.format(DEFAULT_ATTRIBUTE_DOESNT_MATCH_WITH_ACCEPTED_VALUES_EXCEPTION_MESSAGE, PolicySpecificationConst.ATT_DEFAULTS_KEYPAIR_KEY_TYPE));
 
                 if(policyKeyPair != null) {
@@ -177,7 +179,7 @@ private void validateDefaultKeyPair(DefaultsKeyPair defaultsKeyPair, KeyPair pol
 
             Integer defaultRsaKeySize = defaultsKeyPair.rsaKeySize();
             if( defaultRsaKeySize != null ) {
-                if( !CloudKeyPairEnums.containsRsaKeySize( defaultRsaKeySize ))
+                if( !SupportedRSAKeySizes.VAAS.containsRsaKeySize( defaultRsaKeySize ))
                     throw new VCertException(String.format(DEFAULT_ATTRIBUTE_DOESNT_MATCH_WITH_ACCEPTED_VALUES_EXCEPTION_MESSAGE, PolicySpecificationConst.ATT_DEFAULTS_KEYPAIR_RSA_KEY_SIZE));
 
                 if(policyKeyPair != null && !Arrays.stream(policyKeyPair.rsaKeySizes()).anyMatch(defaultRsaKeySize::equals))

@@ -1,6 +1,9 @@
 package com.venafi.vcert.sdk.policy.converter.tpp;
 
 import com.venafi.vcert.sdk.VCertException;
+import com.venafi.vcert.sdk.features.SupportedKeyPairs;
+import com.venafi.vcert.sdk.features.SupportedRSAKeySizes;
+import com.venafi.vcert.sdk.features.SupportedECCKeys;
 import com.venafi.vcert.sdk.policy.domain.*;
 import com.venafi.vcert.sdk.policy.converter.IPolicySpecificationValidator;
 
@@ -68,7 +71,7 @@ private void validateKeyPair(KeyPair keyPair) throws VCertException {
                 if (keyTypesLength > 1)
                     throw new VCertException(String.format(ATTRIBUTE_HAS_MORE_THAN_ONE_VALUE_EXCEPTION_MESSAGE, PolicySpecificationConst.ATT_POLICY_KEYPAIR_KEY_TYPES));
 
-                if (keyTypesLength == 1 && !TPPKeyPairEnums.containsKeyTypes(keyPair.keyTypes()))
+                if (keyTypesLength == 1 && !SupportedKeyPairs.TPP.containsKeyTypes(keyPair.keyTypes()))
                     throw new VCertException(String.format(ATTRIBUTE_DOESNT_MATCH_WITH_ACCEPTED_VALUES_EXCEPTION_MESSAGE, PolicySpecificationConst.ATT_POLICY_KEYPAIR_KEY_TYPES));
             }
 
@@ -78,7 +81,7 @@ private void validateKeyPair(KeyPair keyPair) throws VCertException {
                 if (rsaKeySizesLength > 1)
                     throw new VCertException(String.format(ATTRIBUTE_HAS_MORE_THAN_ONE_VALUE_EXCEPTION_MESSAGE, PolicySpecificationConst.ATT_POLICY_KEYPAIR_RSA_KEY_SIZES));
 
-                if (rsaKeySizesLength == 1 && !TPPKeyPairEnums.containsRsaKeySizes(keyPair.rsaKeySizes()))
+                if (rsaKeySizesLength == 1 && !SupportedRSAKeySizes.TPP.containsRsaKeySizes(keyPair.rsaKeySizes()))
                     throw new VCertException(String.format(ATTRIBUTE_DOESNT_MATCH_WITH_ACCEPTED_VALUES_EXCEPTION_MESSAGE, PolicySpecificationConst.ATT_POLICY_KEYPAIR_RSA_KEY_SIZES));
             }
 
@@ -88,7 +91,7 @@ private void validateKeyPair(KeyPair keyPair) throws VCertException {
                 if (ecLength > 1)
                     throw new VCertException(String.format(ATTRIBUTE_HAS_MORE_THAN_ONE_VALUE_EXCEPTION_MESSAGE, PolicySpecificationConst.ATT_POLICY_KEYPAIR_ELLIPTIC_CURVES));
 
-                if (ecLength == 1 && !TPPKeyPairEnums.containsEllipticCurves(keyPair.ellipticCurves()))
+                if (ecLength == 1 && !SupportedECCKeys.TPP.containsEllipticCurves(keyPair.ellipticCurves()))
                     throw new VCertException(String.format(ATTRIBUTE_DOESNT_MATCH_WITH_ACCEPTED_VALUES_EXCEPTION_MESSAGE, PolicySpecificationConst.ATT_POLICY_KEYPAIR_ELLIPTIC_CURVES));
             }
         }
@@ -138,7 +141,7 @@ private void validateDefaultKeyPair(DefaultsKeyPair defaultsKeyPair, KeyPair pol
 
             String defaultKeyType = defaultsKeyPair.keyType();
             if ( defaultKeyType != null && !defaultKeyType.equals("")) {
-                if(!TPPKeyPairEnums.containsKeyType( defaultKeyType ))
+                if(!SupportedKeyPairs.TPP.containsKeyType( defaultKeyType ))
                     throw new VCertException(String.format(DEFAULT_ATTRIBUTE_DOESNT_MATCH_WITH_ACCEPTED_VALUES_EXCEPTION_MESSAGE, PolicySpecificationConst.ATT_DEFAULTS_KEYPAIR_KEY_TYPE));
 
                 if(policyKeyPair != null) {
@@ -150,7 +153,7 @@ private void validateDefaultKeyPair(DefaultsKeyPair defaultsKeyPair, KeyPair pol
 
             Integer defaultRsaKeySize = defaultsKeyPair.rsaKeySize();
             if( defaultRsaKeySize != null ) {
-                if( !TPPKeyPairEnums.containsRsaKeySize( defaultRsaKeySize ))
+                if( !SupportedRSAKeySizes.TPP.containsRsaKeySize( defaultRsaKeySize ))
                     throw new VCertException(String.format(DEFAULT_ATTRIBUTE_DOESNT_MATCH_WITH_ACCEPTED_VALUES_EXCEPTION_MESSAGE, PolicySpecificationConst.ATT_DEFAULTS_KEYPAIR_RSA_KEY_SIZE));
 
                 if(policyKeyPair != null) {
@@ -162,7 +165,7 @@ private void validateDefaultKeyPair(DefaultsKeyPair defaultsKeyPair, KeyPair pol
 
             String defaultEC = defaultsKeyPair.ellipticCurve();
             if ( defaultEC != null && !defaultEC.equals("")){
-                if ( !TPPKeyPairEnums.containsEllipticCurve( defaultEC ) )
+                if ( !SupportedECCKeys.TPP.containsEllipticCurve( defaultEC ) )
                     throw new VCertException(String.format(DEFAULT_ATTRIBUTE_DOESNT_MATCH_WITH_ACCEPTED_VALUES_EXCEPTION_MESSAGE, PolicySpecificationConst.ATT_DEFAULTS_KEYPAIR_ELLIPTIC_CURVE));
 
                 if(policyKeyPair != null) {