MOSIP-38211: Created new download-root-certificate endpoint (#1042)

* MOSIP-38211: Created new download-root-certificate endpoint

Signed-off-by: Swetha K <[email protected]>

* MOSIP-38211: Created new download-root-certificate endpoint

Signed-off-by: Swetha K <[email protected]>

---------

Signed-off-by: Swetha K <[email protected]>
Co-authored-by: Swetha K <[email protected]>

partner/partner-management-service/src/main/java/io/mosip/pms/partner/constant/ErrorCode.java

@@ -87,6 +87,8 @@ public enum ErrorCode {
 	CERTIFICATE_FETCH_ERROR("PMS_CERTIFICATE_ERROR_008","Error while fetching certificate."),
 	DEACTIVATED_PARTNER_CERTIFICATE_DOWNLOAD_ERROR("PMS_CERTIFICATE_ERROR_009","Unable to download the certificate for a deactivated partner"),
 	CA_CERTIFICATES_FETCH_ERROR("PMS_CERTIFICATE_ERROR_010", "Error while fetching CA certificates."),
+	DOWNLOAD_CA_CERTIFICATE_ERROR("PMS_CERTIFICATE_ERROR_011", "Error while downloading CA certificate."),
+	INVALID_CERTIFICATE_ID("PMS_CERTIFICATE_ERROR_012", "Certificate id is null or empty"),
 	POLICY_GROUP_NOT_EXISTS("PMS_POLICY_ERROR_001","Policy Group does not exists."),
 	PARTNER_POLICY_FETCH_ERROR("PMS_POLICY_ERROR_002","Error while fetching partner policies."),
 	POLICY_GROUP_FETCH_ERROR("PMS_POLICY_ERROR_003", "Error while fetching all approved partner Ids with policy groups."),

partner/partner-management-service/src/main/java/io/mosip/pms/partner/dto/AuthorizedRolesDto.java

@@ -198,5 +198,7 @@ public class AuthorizedRolesDto {
 	private List<String> getalldevicedetails;
 
 	private List<String> getallcacertificates;
+
+	private List<String> getdownloadrootcertificate;
 
 }

partner/partner-management-service/src/main/java/io/mosip/pms/partner/manager/controller/PartnerManagementController.java

@@ -4,13 +4,15 @@
 import java.util.Optional;
 
 import javax.validation.Valid;
+import javax.validation.constraints.NotNull;
 
 import io.mosip.pms.common.dto.PageResponseV2Dto;
 import io.mosip.pms.common.response.dto.ResponseWrapperV2;
 import io.mosip.pms.partner.manager.dto.CaCertificateFilterDto;
 import io.mosip.pms.partner.manager.dto.*;
 import io.mosip.pms.partner.manager.dto.CaCertificateSummaryDto;
 import io.mosip.pms.partner.util.PartnerHelper;
+import io.swagger.annotations.ApiParam;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.enums.ParameterIn;
 import io.swagger.v3.oas.annotations.media.Content;
@@ -469,4 +471,17 @@ public ResponseWrapperV2<PageResponseV2Dto<CaCertificateSummaryDto>> getCaCertif
 		}
 		return partnerManagementService.getCaCertificates(sortFieldName, sortType, pageNo, pageSize, filterDto);
 	}
+
+	@PreAuthorize("hasAnyRole(@authorizedRoles.getGetdownloadrootcertificate())")
+	@GetMapping(value = "/download-root-certificate/{certificateId}")
+	@Operation(summary = "Download root certificate", description = "This endpoint will download p7b file for a CA / Intermediate CA certificate along with the trust chain.")
+	@ApiResponses(value = {
+			@ApiResponse(responseCode = "200", description = "OK"),
+			@ApiResponse(responseCode = "401", description = "Unauthorized", content = @Content(schema = @Schema(hidden = true))),
+			@ApiResponse(responseCode = "403", description = "Forbidden", content = @Content(schema = @Schema(hidden = true)))
+	})
+	ResponseWrapperV2<CACertificateResponseDto> downloadRootCertificate(
+			@ApiParam("To download root certificate.")  @PathVariable("certificateId") @NotNull String certificateId) {
+		return partnerManagementService.downloadRootCertificate(certificateId);
+	}
 }

partner/partner-management-service/src/main/java/io/mosip/pms/partner/manager/dto/CACertificateResponseDto.java

@@ -0,0 +1,23 @@
+package io.mosip.pms.partner.manager.dto;
+
+import lombok.AllArgsConstructor;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+import java.time.LocalDateTime;
+
+@Data
+@AllArgsConstructor
+@NoArgsConstructor
+public class CACertificateResponseDto {
+
+    /**
+     * CA Certificate Data
+     */
+    private String p7bFile;
+
+    /**
+     * Response Timestamp
+     */
+    private LocalDateTime timestamp;
+}

partner/partner-management-service/src/main/java/io/mosip/pms/partner/manager/dto/CaCertificateSummaryDto.java

@@ -23,6 +23,9 @@ public class CaCertificateSummaryDto {
     @Schema(description = "The entity or person issuing the certificate.", example = "Certificate Authority X")
     private String issuedBy;
 
+    @Schema(description = "The unique hash of the certificate.", example = "xyx-abc-123")
+    private String certThumbprint;
+
     @Schema(description = "The start date and time of the certificate's validity period", example = "2023-12-01T00:00:00")
     private LocalDateTime validFromDate;
 

partner/partner-management-service/src/main/java/io/mosip/pms/partner/manager/service/PartnerManagerService.java

@@ -101,4 +101,6 @@ public PartnersPolicyMappingResponse activateDeactivateAuthEKYCPartner(String pa
 	public ResponseWrapperV2<PageResponseV2Dto<ApiKeyRequestSummaryDto>> getAllApiKeyRequests(String sortFieldName, String sortType, int pageNo, int pageSize, ApiKeyFilterDto filterDto);
 
 	public ResponseWrapperV2<PageResponseV2Dto<CaCertificateSummaryDto>> getCaCertificates(String sortFieldName, String sortType, int pageNo, int pageSize, CaCertificateFilterDto filterDto);
+
+	public ResponseWrapperV2<CACertificateResponseDto> downloadRootCertificate(String certificateId);
 }

partner/partner-management-service/src/main/java/io/mosip/pms/partner/manager/service/impl/PartnerManagementServiceImpl.java

@@ -80,6 +80,7 @@ public class PartnerManagementServiceImpl implements PartnerManagerService {
 	public static final String DEVICE_PROVIDER = "Device_Provider";
 	public static final String FTM_PROVIDER = "FTM_Provider";
 	private static final String APPROVED = "approved";
+	public static final String BLANK_STRING = "";
 
 	@Value("${mosip.pms.api.id.all.partners.get}")
 	private String getAllPartnersId;
@@ -93,6 +94,9 @@ public class PartnerManagementServiceImpl implements PartnerManagerService {
 	@Value("${mosip.pms.api.id.all.ca.certificates.get}")
 	private String getCaCertificatesId;
 
+	@Value("${mosip.pms.api.id.download.ca.certificate.get}")
+	private String getDownloadCaCertificateId;
+
 	@Autowired
 	PartnerSummaryRepository partnerSummaryRepository;
 
@@ -1050,6 +1054,54 @@ public ResponseWrapperV2<PageResponseV2Dto<CaCertificateSummaryDto>> getCaCertif
 		return responseWrapper;
 	}
 
+	public ResponseWrapperV2<CACertificateResponseDto> downloadRootCertificate(String certificateId) {
+		ResponseWrapperV2<CACertificateResponseDto> responseWrapper = new ResponseWrapperV2<>();
+		try {
+			if (Objects.isNull(certificateId) || certificateId.equals(BLANK_STRING)) {
+				LOGGER.info("sessionId", "idType", "id", "Certificate Id is null or empty -" + certificateId);
+				throw new PartnerServiceException(io.mosip.pms.partner.constant.ErrorCode.INVALID_CERTIFICATE_ID.getErrorCode(),
+						io.mosip.pms.partner.constant.ErrorCode.INVALID_CERTIFICATE_ID.getErrorMessage()
+				);
+			}
+			CACertificateResponseDto responseObject = null;
+			Map<String, String> pathsegments = new HashMap<>();
+			pathsegments.put("caCertId", certificateId);
+			Map<String, Object> apiResponse = restUtil.getApi(environment.getProperty("pmp.download.ca.certificate.get.rest.uri"), pathsegments, Map.class);
+			responseObject = mapper.readValue(mapper.writeValueAsString(apiResponse.get("response")), CACertificateResponseDto.class);
+			if (responseObject == null && apiResponse.containsKey(PartnerConstants.ERRORS)) {
+				List<Map<String, Object>> certServiceErrorList = (List<Map<String, Object>>) apiResponse
+						.get(PartnerConstants.ERRORS);
+				if (!certServiceErrorList.isEmpty()) {
+					LOGGER.error("Error occurred while downloading the CA certificate from keymanager");
+					throw new ApiAccessibleException(certServiceErrorList.get(0).get(PartnerConstants.ERRORCODE).toString(),
+							certServiceErrorList.get(0).get(PartnerConstants.ERRORMESSAGE).toString());
+				} else {
+					LOGGER.error("Error occurred while downloading the CA certificate from keymanager {}", apiResponse);
+					throw new ApiAccessibleException(ApiAccessibleExceptionConstant.UNABLE_TO_PROCESS.getErrorCode(),
+							ApiAccessibleExceptionConstant.UNABLE_TO_PROCESS.getErrorMessage());
+				}
+			}
+			if (responseObject == null) {
+				throw new ApiAccessibleException(ApiAccessibleExceptionConstant.API_NULL_RESPONSE_EXCEPTION.getErrorCode(),
+						ApiAccessibleExceptionConstant.API_NULL_RESPONSE_EXCEPTION.getErrorMessage());
+			}
+			responseWrapper.setResponse(responseObject);
+		} catch (PartnerServiceException ex) {
+			LOGGER.info("sessionId", "idType", "id", "In downloadRootCertificate method of PartnerManagementServiceImpl - " + ex.getMessage());
+			responseWrapper.setErrors(MultiPartnerUtil.setErrorResponse(ex.getErrorCode(), ex.getErrorText()));
+		} catch (Exception ex) {
+			LOGGER.debug("sessionId", "idType", "id", ex.getStackTrace());
+			LOGGER.error("sessionId", "idType", "id",
+					"In downloadRootCertificate method of PartnerManagementServiceImpl - " + ex.getMessage());
+			String errorCode = io.mosip.pms.partner.constant.ErrorCode.DOWNLOAD_CA_CERTIFICATE_ERROR.getErrorCode();
+			String errorMessage = io.mosip.pms.partner.constant.ErrorCode.DOWNLOAD_CA_CERTIFICATE_ERROR.getErrorMessage();
+			responseWrapper.setErrors(MultiPartnerUtil.setErrorResponse(errorCode, errorMessage));
+		}
+		responseWrapper.setId(getDownloadCaCertificateId);
+		responseWrapper.setVersion(VERSION);
+		return responseWrapper;
+	}
+
 	public String getSortColumn(Map<String, String> aliasToColumnMap, String alias) {
 		return aliasToColumnMap.getOrDefault(alias, alias); // Return alias if no match found
 	}

partner/partner-management-service/src/main/resources/bootstrap.properties

@@ -70,6 +70,7 @@ mosip.kernel.keymanager.url=https://dev.mosip.net
 
 pmp.partner.original.certificate.get.rest.uri=${mosip.kernel.keymanager.url}/v1/keymanager/getPartnerSignedCertificate/{partnerCertId}
 pmp.ca.certificates.post.rest.uri=${mosip.kernel.keymanager.url}/v1/keymanager/getCaCertificates
+pmp.download.ca.certificate.get.rest.uri=${mosip.kernel.keymanager.url}/v1/keymanager/getCACertificateTrustPath/{caCertId}
 
 mosip.role.pms.getpartnercertificates=AUTH_PARTNER,ABIS_PARTNER,SDK_PARTNER,DEVICE_PROVIDER,FTM_PROVIDER,CREDENTIAL_PARTNER,PARTNER_ADMIN,ONLINE_VERIFICATION_PARTNER
 mosip.role.pms.getpolicyrequests=AUTH_PARTNER,ABIS_PARTNER,SDK_PARTNER,CREDENTIAL_PARTNER,PARTNER_ADMIN,ONLINE_VERIFICATION_PARTNER
@@ -97,6 +98,7 @@ mosip.role.pms.getpartnersftmchipdetails=PARTNER_ADMIN
 mosip.role.pms.getallsbidetails=PARTNER_ADMIN
 mosip.role.pms.getalldevicedetails=PARTNER_ADMIN
 mosip.role.pms.getallcacertificates=PARTNER_ADMIN
+mosip.role.pms.getdownloadrootcertificate=PARTNER_ADMIN
 
 #OIDC Client attributes for create and update
 mosip.pms.oidc.clients.grantTypes=authorization_code
@@ -146,4 +148,5 @@ mosip.pms.api.id.partners.ftm.chip.details.get=mosip.pms.partners.ftm.chip.detai
 mosip.pms.api.id.all.sbi.details.get=mosip.pms.all.sbi.details.get
 mosip.pms.api.id.get.all.device.details.get=mosip.pms.get.all.device.details.get
 mosip.pms.api.id.all.ca.certificates.get=mosip.pms.all.ca.certificates.get
+mosip.pms.api.id.download.ca.certificate.get=mosip.pms.download.ca.certificate.get
 ##END properties are for PMS Revamp DP1 release