1 /*******************************************************************************
\r
2 * ============LICENSE_START====================================================
\r
4 * * ===========================================================================
\r
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
\r
6 * * ===========================================================================
\r
7 * * Licensed under the Apache License, Version 2.0 (the "License");
\r
8 * * you may not use this file except in compliance with the License.
\r
9 * * You may obtain a copy of the License at
\r
11 * * http://www.apache.org/licenses/LICENSE-2.0
\r
13 * * Unless required by applicable law or agreed to in writing, software
\r
14 * * distributed under the License is distributed on an "AS IS" BASIS,
\r
15 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
\r
16 * * See the License for the specific language governing permissions and
\r
17 * * limitations under the License.
\r
18 * * ============LICENSE_END====================================================
\r
20 * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
\r
22 ******************************************************************************/
\r
23 package org.onap.aaf.cadi.cm;
\r
25 import java.io.BufferedReader;
\r
26 import java.io.ByteArrayInputStream;
\r
27 import java.io.ByteArrayOutputStream;
\r
28 import java.io.DataInputStream;
\r
29 import java.io.File;
\r
30 import java.io.FileInputStream;
\r
31 import java.io.FileNotFoundException;
\r
32 import java.io.FileReader;
\r
33 import java.io.IOException;
\r
34 import java.io.InputStream;
\r
35 import java.io.InputStreamReader;
\r
36 import java.io.Reader;
\r
37 import java.io.StringReader;
\r
38 import java.security.InvalidKeyException;
\r
39 import java.security.Key;
\r
40 import java.security.KeyFactory;
\r
41 import java.security.KeyPair;
\r
42 import java.security.KeyPairGenerator;
\r
43 import java.security.NoSuchAlgorithmException;
\r
44 import java.security.PrivateKey;
\r
45 import java.security.PublicKey;
\r
46 import java.security.SecureRandom;
\r
47 import java.security.Signature;
\r
48 import java.security.SignatureException;
\r
49 import java.security.cert.Certificate;
\r
50 import java.security.cert.CertificateEncodingException;
\r
51 import java.security.cert.CertificateException;
\r
52 import java.security.cert.CertificateFactory;
\r
53 import java.security.cert.X509Certificate;
\r
54 import java.security.spec.InvalidKeySpecException;
\r
55 import java.security.spec.PKCS8EncodedKeySpec;
\r
56 import java.security.spec.X509EncodedKeySpec;
\r
57 import java.util.Collection;
\r
58 import java.util.List;
\r
60 import javax.crypto.Cipher;
\r
61 import javax.crypto.NoSuchPaddingException;
\r
63 import org.onap.aaf.cadi.Symm;
\r
65 import org.onap.aaf.inno.env.Env;
\r
66 import org.onap.aaf.inno.env.TimeTaken;
\r
67 import org.onap.aaf.inno.env.Trans;
\r
69 public class Factory {
\r
70 private static final String PRIVATE_KEY_HEADER = "PRIVATE KEY";
\r
71 public static final String KEY_ALGO = "RSA";
\r
72 public static final String SIG_ALGO = "SHA256withRSA";
\r
74 public static final int KEY_LENGTH = 2048;
\r
75 private static final KeyPairGenerator keygen;
\r
76 private static final KeyFactory keyFactory;
\r
77 private static final CertificateFactory certificateFactory;
\r
78 private static final SecureRandom random;
\r
81 private static final Symm base64 = Symm.base64.copy(64);
\r
84 random = new SecureRandom();
\r
85 KeyPairGenerator tempKeygen;
\r
87 tempKeygen = KeyPairGenerator.getInstance(KEY_ALGO);//,"BC");
\r
88 tempKeygen.initialize(KEY_LENGTH, random);
\r
89 } catch (NoSuchAlgorithmException e) {
\r
91 e.printStackTrace(System.err);
\r
93 keygen = tempKeygen;
\r
95 KeyFactory tempKeyFactory;
\r
97 tempKeyFactory=KeyFactory.getInstance(KEY_ALGO);//,"BC"
\r
98 } catch (NoSuchAlgorithmException e) {
\r
99 tempKeyFactory = null;
\r
100 e.printStackTrace(System.err);
\r
102 keyFactory = tempKeyFactory;
\r
104 CertificateFactory tempCertificateFactory;
\r
106 tempCertificateFactory = CertificateFactory.getInstance("X.509");
\r
107 } catch (CertificateException e) {
\r
108 tempCertificateFactory = null;
\r
109 e.printStackTrace(System.err);
\r
111 certificateFactory = tempCertificateFactory;
\r
117 public static KeyPair generateKeyPair(Trans trans) {
\r
120 tt = trans.start("Generate KeyPair", Env.SUB);
\r
125 return keygen.generateKeyPair();
\r
133 private static final String LINE_END = "-----\n";
\r
135 protected static String textBuilder(String kind, byte[] bytes) throws IOException {
\r
136 StringBuilder sb = new StringBuilder();
\r
137 sb.append("-----BEGIN ");
\r
139 sb.append(LINE_END);
\r
141 ByteArrayInputStream bais = new ByteArrayInputStream(bytes);
\r
142 ByteArrayOutputStream baos = new ByteArrayOutputStream();
\r
143 base64.encode(bais, baos);
\r
144 sb.append(new String(baos.toByteArray()));
\r
146 if(sb.charAt(sb.length()-1)!='\n') {
\r
149 sb.append("-----END ");
\r
151 sb.append(LINE_END);
\r
152 return sb.toString();
\r
155 public static PrivateKey toPrivateKey(Trans trans, String pk) throws IOException, CertException {
\r
156 byte[] bytes = decode(new StringReader(pk));
\r
157 return toPrivateKey(trans, bytes);
\r
160 public static PrivateKey toPrivateKey(Trans trans, byte[] bytes) throws IOException, CertException {
\r
161 TimeTaken tt=trans.start("Reconstitute Private Key", Env.SUB);
\r
163 return keyFactory.generatePrivate(new PKCS8EncodedKeySpec(bytes));
\r
164 } catch (InvalidKeySpecException e) {
\r
165 throw new CertException("Translating Private Key from PKCS8 KeySpec",e);
\r
171 public static PrivateKey toPrivateKey(Trans trans, File file) throws IOException, CertException {
\r
172 TimeTaken tt = trans.start("Decode Private Key File", Env.SUB);
\r
174 return toPrivateKey(trans,decode(file));
\r
180 public static String toString(Trans trans, PrivateKey pk) throws IOException {
\r
181 // PKCS8EncodedKeySpec pemContents = new PKCS8EncodedKeySpec(pk.getEncoded());
\r
182 trans.debug().log("Private Key to String");
\r
183 return textBuilder(PRIVATE_KEY_HEADER,pk.getEncoded());
\r
186 public static PublicKey toPublicKey(Trans trans, String pk) throws IOException {
\r
187 TimeTaken tt = trans.start("Reconstitute Public Key", Env.SUB);
\r
189 ByteArrayInputStream bais = new ByteArrayInputStream(pk.getBytes());
\r
190 ByteArrayOutputStream baos = new ByteArrayOutputStream();
\r
191 Symm.base64noSplit.decode(bais, baos);
\r
193 return keyFactory.generatePublic(new X509EncodedKeySpec(baos.toByteArray()));
\r
194 } catch (InvalidKeySpecException e) {
\r
195 trans.error().log(e,"Translating Public Key from X509 KeySpec");
\r
202 public static String toString(Trans trans, PublicKey pk) throws IOException {
\r
203 trans.debug().log("Public Key to String");
\r
204 return textBuilder("PUBLIC KEY",pk.getEncoded());
\r
207 public static Collection<? extends Certificate> toX509Certificate(String x509) throws CertificateException {
\r
208 return toX509Certificate(x509.getBytes());
\r
211 public static Collection<? extends Certificate> toX509Certificate(List<String> x509s) throws CertificateException {
\r
212 ByteArrayOutputStream baos = new ByteArrayOutputStream();
\r
214 for(String x509 : x509s) {
\r
215 baos.write(x509.getBytes());
\r
217 } catch (IOException e) {
\r
218 throw new CertificateException(e);
\r
220 return toX509Certificate(new ByteArrayInputStream(baos.toByteArray()));
\r
223 public static Collection<? extends Certificate> toX509Certificate(byte[] x509) throws CertificateException {
\r
224 return certificateFactory.generateCertificates(new ByteArrayInputStream(x509));
\r
227 public static Collection<? extends Certificate> toX509Certificate(Trans trans, File file) throws CertificateException, FileNotFoundException {
\r
228 FileInputStream fis = new FileInputStream(file);
\r
230 return toX509Certificate(fis);
\r
234 } catch (IOException e) {
\r
235 throw new CertificateException(e);
\r
240 public static Collection<? extends Certificate> toX509Certificate(InputStream is) throws CertificateException {
\r
241 return certificateFactory.generateCertificates(is);
\r
244 public static String toString(Trans trans, Certificate cert) throws IOException, CertException {
\r
245 if(trans.debug().isLoggable()) {
\r
246 StringBuilder sb = new StringBuilder("Certificate to String");
\r
247 if(cert instanceof X509Certificate) {
\r
249 sb.append(((X509Certificate)cert).getSubjectDN());
\r
251 trans.debug().log(sb);
\r
255 throw new CertException("Certificate not built");
\r
257 return textBuilder("CERTIFICATE",cert.getEncoded());
\r
258 } catch (CertificateEncodingException e) {
\r
259 throw new CertException(e);
\r
263 public static Cipher pkCipher() throws NoSuchAlgorithmException, NoSuchPaddingException {
\r
264 return Cipher.getInstance(KEY_ALGO);
\r
267 public static Cipher pkCipher(Key key, boolean encrypt) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException {
\r
268 Cipher cipher = Cipher.getInstance(KEY_ALGO);
\r
269 cipher.init(encrypt?Cipher.ENCRYPT_MODE:Cipher.DECRYPT_MODE,key);
\r
273 public static byte[] strip(Reader rdr) throws IOException {
\r
274 BufferedReader br = new BufferedReader(rdr);
\r
275 ByteArrayOutputStream baos = new ByteArrayOutputStream();
\r
277 while((line=br.readLine())!=null) {
\r
278 if(line.length()>0 &&
\r
279 !line.startsWith("-----") &&
\r
280 line.indexOf(':')<0) { // Header elements
\r
281 baos.write(line.getBytes());
\r
284 return baos.toByteArray();
\r
287 public static class StripperInputStream extends InputStream {
\r
288 private Reader created;
\r
289 private BufferedReader br;
\r
291 private String line;
\r
293 public StripperInputStream(Reader rdr) {
\r
294 if(rdr instanceof BufferedReader) {
\r
295 br = (BufferedReader)rdr;
\r
297 br = new BufferedReader(rdr);
\r
302 public StripperInputStream(File file) throws FileNotFoundException {
\r
303 this(new FileReader(file));
\r
307 public StripperInputStream(InputStream is) throws FileNotFoundException {
\r
308 this(new InputStreamReader(is));
\r
313 public int read() throws IOException {
\r
314 if(line==null || idx>=line.length()) {
\r
315 while((line=br.readLine())!=null) {
\r
316 if(line.length()>0 &&
\r
317 !line.startsWith("-----") &&
\r
318 line.indexOf(':')<0) { // Header elements
\r
328 return line.charAt(idx++);
\r
332 * @see java.io.InputStream#close()
\r
335 public void close() throws IOException {
\r
336 if(created!=null) {
\r
342 public static class Base64InputStream extends InputStream {
\r
343 private InputStream created;
\r
344 private InputStream is;
\r
345 private byte trio[];
\r
346 private byte duo[];
\r
350 public Base64InputStream(File file) throws FileNotFoundException {
\r
351 this(new FileInputStream(file));
\r
355 public Base64InputStream(InputStream is) throws FileNotFoundException {
\r
357 trio = new byte[3];
\r
362 public int read() throws IOException {
\r
363 if(duo==null || idx>=duo.length) {
\r
364 int read = is.read(trio);
\r
368 duo = Symm.base64.decode(trio);
\r
369 if(duo==null || duo.length==0) {
\r
379 * @see java.io.InputStream#close()
\r
382 public void close() throws IOException {
\r
383 if(created!=null) {
\r
389 public static byte[] decode(byte[] bytes) throws IOException {
\r
390 ByteArrayInputStream bais = new ByteArrayInputStream(bytes);
\r
391 ByteArrayOutputStream baos = new ByteArrayOutputStream();
\r
392 Symm.base64.decode(bais, baos);
\r
393 return baos.toByteArray();
\r
396 public static byte[] decode(File f) throws IOException {
\r
397 FileReader fr = new FileReader(f);
\r
399 return Factory.decode(fr);
\r
405 public static byte[] decode(Reader rdr) throws IOException {
\r
406 return decode(strip(rdr));
\r
410 public static byte[] binary(File file) throws IOException {
\r
411 DataInputStream dis = new DataInputStream(new FileInputStream(file));
\r
413 byte[] bytes = new byte[(int)file.length()];
\r
414 dis.readFully(bytes);
\r
422 public static byte[] sign(Trans trans, byte[] bytes, PrivateKey pk) throws IOException, InvalidKeyException, SignatureException, NoSuchAlgorithmException {
\r
423 TimeTaken tt = trans.start("Sign Data", Env.SUB);
\r
425 Signature sig = Signature.getInstance(SIG_ALGO);
\r
426 sig.initSign(pk, random);
\r
434 public static String toSignatureString(byte[] signed) throws IOException {
\r
435 return textBuilder("SIGNATURE", signed);
\r
438 public static boolean verify(Trans trans, byte[] bytes, byte[] signature, PublicKey pk) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
\r
439 TimeTaken tt = trans.start("Verify Data", Env.SUB);
\r
441 Signature sig = Signature.getInstance(SIG_ALGO);
\r
442 sig.initVerify(pk);
\r
444 return sig.verify(signature);
\r