2 * ============LICENSE_START====================================================
4 * ===========================================================================
5 * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
6 * ===========================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END====================================================
21 package org.onap.aaf.auth.cm.cert;
24 import java.io.FileReader;
25 import java.io.IOException;
26 import java.security.InvalidKeyException;
27 import java.security.NoSuchAlgorithmException;
28 import java.security.PrivateKey;
29 import java.security.SignatureException;
30 import java.util.List;
32 import org.bouncycastle.asn1.ASN1Object;
33 import org.bouncycastle.operator.ContentSigner;
34 import org.bouncycastle.operator.OperatorCreationException;
35 import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
36 import org.bouncycastle.pkcs.PKCS10CertificationRequest;
37 import org.onap.aaf.auth.cm.ca.CA;
38 import org.onap.aaf.auth.cm.validation.CertmanValidator;
39 import org.onap.aaf.cadi.Symm;
40 import org.onap.aaf.cadi.cm.CertException;
41 import org.onap.aaf.cadi.cm.Factory;
42 import org.onap.aaf.misc.env.Env;
43 import org.onap.aaf.misc.env.TimeTaken;
44 import org.onap.aaf.misc.env.Trans;
48 * Additional Factory mechanisms for CSRs, and BouncyCastle. The main Factory
49 * utilizes only Java abstractions, and is useful in Client code.
51 * @author JonathanGathman
54 public class BCFactory extends Factory {
55 private static final JcaContentSignerBuilder jcsb;
60 jcsb = new JcaContentSignerBuilder(Factory.SIG_ALGO);
63 public static ContentSigner contentSigner(PrivateKey pk) throws OperatorCreationException {
64 return jcsb.build(pk);
67 public static String toString(PKCS10CertificationRequest csr) throws IOException, CertException {
69 throw new CertException("x509 Certificate Request not built");
71 return textBuilder("CERTIFICATE REQUEST",csr.getEncoded());
74 public static PKCS10CertificationRequest toCSR(Trans trans, File file) throws IOException {
75 TimeTaken tt = trans.start("Reconstitute CSR", Env.SUB);
77 FileReader fr = new FileReader(file);
78 return new PKCS10CertificationRequest(decode(strip(fr)));
84 public static byte[] sign(Trans trans, ASN1Object toSign, PrivateKey pk) throws IOException, InvalidKeyException, SignatureException, NoSuchAlgorithmException {
85 TimeTaken tt = trans.start("Encode Security Object", Env.SUB);
87 return sign(trans,toSign.getEncoded(),pk);
93 public static CSRMeta createCSRMeta(CA ca, String mechid, String sponsorEmail, List<String> fqdns) throws CertException {
94 CSRMeta csr = ca.newCSRMeta();
97 for(String fqdn : fqdns) {
102 csr.san(fqdn); // duplicate CN in SAN, per RFC 5280 section 4.2.1.6
105 csr.challenge(new String(Symm.randomGen(24)));
107 csr.email(sponsorEmail);
109 if((errs=validateApp(csr))!=null) {
110 throw new CertException(errs);
115 private static String validateApp(CSRMeta csr) {
116 CertmanValidator v = new CertmanValidator();
117 if(v.nullOrBlank("cn", csr.cn())
118 .nullOrBlank("mechID", csr.mechID())
119 .nullOrBlank("email", csr.email())
127 public static CSRMeta createPersonalCSRMeta(CA ca, String personal, String email) throws CertException {
128 CSRMeta csr = ca.newCSRMeta();
130 csr.challenge(new String(Symm.randomGen(24)));
133 if((errs=validatePersonal(csr))!=null) {
134 throw new CertException(errs);
139 private static String validatePersonal(CSRMeta csr) {
140 CertmanValidator v = new CertmanValidator();
141 if(v.nullOrBlank("cn", csr.cn())
142 .nullOrBlank("email", csr.email())