1 /*******************************************************************************
\r
2 * ============LICENSE_START====================================================
\r
4 * * ===========================================================================
\r
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
\r
6 * * Copyright © 2017 Amdocs
\r
7 * * ===========================================================================
\r
8 * * Licensed under the Apache License, Version 2.0 (the "License");
\r
9 * * you may not use this file except in compliance with the License.
\r
10 * * You may obtain a copy of the License at
\r
12 * * http://www.apache.org/licenses/LICENSE-2.0
\r
14 * * Unless required by applicable law or agreed to in writing, software
\r
15 * * distributed under the License is distributed on an "AS IS" BASIS,
\r
16 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
\r
17 * * See the License for the specific language governing permissions and
\r
18 * * limitations under the License.
\r
19 * * ============LICENSE_END====================================================
\r
21 * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
\r
23 ******************************************************************************/
\r
24 package com.att.authz.cm.cert;
\r
26 import java.io.File;
\r
27 import java.io.FileReader;
\r
28 import java.io.IOException;
\r
29 import java.lang.reflect.Field;
\r
30 import java.security.InvalidKeyException;
\r
31 import java.security.NoSuchAlgorithmException;
\r
32 import java.security.PrivateKey;
\r
33 import java.security.SignatureException;
\r
34 import java.util.List;
\r
36 import org.bouncycastle.asn1.ASN1Object;
\r
37 import org.bouncycastle.operator.ContentSigner;
\r
38 import org.bouncycastle.operator.OperatorCreationException;
\r
39 import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
\r
40 import org.bouncycastle.pkcs.PKCS10CertificationRequest;
\r
42 import com.att.authz.cm.ca.CA;
\r
43 import com.att.authz.cm.validation.Validator;
\r
44 import com.att.cadi.Symm;
\r
45 import com.att.cadi.cm.CertException;
\r
46 import com.att.cadi.cm.Factory;
\r
47 import com.att.inno.env.Env;
\r
48 import com.att.inno.env.TimeTaken;
\r
49 import com.att.inno.env.Trans;
\r
53 * Additional Factory mechanisms for CSRs, and BouncyCastle. The main Factory
\r
54 * utilizes only Java abstractions, and is useful in Client code.
\r
59 public class BCFactory extends Factory {
\r
60 private static final JcaContentSignerBuilder jcsb;
\r
65 jcsb = new JcaContentSignerBuilder(Factory.SIG_ALGO);
\r
68 public static ContentSigner contentSigner(PrivateKey pk) throws OperatorCreationException {
\r
69 return jcsb.build(pk);
\r
72 public static String toString(Trans trans, PKCS10CertificationRequest csr) throws IOException, CertException {
\r
73 TimeTaken tt = trans.start("CSR to String", Env.SUB);
\r
76 throw new CertException("x509 Certificate Request not built");
\r
78 return textBuilder("CERTIFICATE REQUEST",csr.getEncoded());
\r
84 public static PKCS10CertificationRequest toCSR(Trans trans, File file) throws IOException {
\r
85 TimeTaken tt = trans.start("Reconstitute CSR", Env.SUB);
\r
87 FileReader fr = new FileReader(file);
\r
88 return new PKCS10CertificationRequest(decode(strip(fr)));
\r
94 public static byte[] sign(Trans trans, ASN1Object toSign, PrivateKey pk) throws IOException, InvalidKeyException, SignatureException, NoSuchAlgorithmException {
\r
95 TimeTaken tt = trans.start("Encode Security Object", Env.SUB);
\r
97 return sign(trans,toSign.getEncoded(),pk);
\r
103 public static CSRMeta createCSRMeta(CA ca,final String args[]) throws IllegalArgumentException, IllegalAccessException, CertException {
\r
104 CSRMeta csr = new CSRMeta();
\r
105 ca.stdFields().set(csr);
\r
106 //TODO should we checkDigest?
\r
107 // digest = ca.messageDigest();
\r
109 Field[] fld = CSRMeta.class.getDeclaredFields();
\r
110 for(int i=0;i+1<args.length;++i) {
\r
111 if(args[i].charAt(0)=='-') {
\r
112 for(int j=0;j<fld.length;++j) {
\r
113 if(fld[j].getType().equals(String.class) && args[i].substring(1).equals(fld[j].getName())) {
\r
114 fld[j].set(csr,args[++i]);
\r
120 String errs = validate(csr);
\r
122 throw new CertException(errs);
\r
128 public static CSRMeta createCSRMeta(CA ca, String mechid, String sponsorEmail, List<String> fqdns) throws CertException {
\r
129 CSRMeta csr = new CSRMeta();
\r
130 boolean first = true;
\r
131 // Set CN (and SAN)
\r
132 for(String fqdn : fqdns) {
\r
141 csr.challenge(new String(Symm.randomGen(24)));
\r
142 ca.stdFields().set(csr);
\r
143 csr.mechID(mechid);
\r
144 csr.email(sponsorEmail);
\r
145 String errs = validate(csr);
\r
147 throw new CertException(errs);
\r
152 private static String validate(CSRMeta csr) {
\r
153 Validator v = new Validator();
\r
154 if(v.nullOrBlank("cn", csr.cn())
\r
155 .nullOrBlank("mechID", csr.mechID())
\r
156 .nullOrBlank("email", csr.email())
\r
157 .nullOrBlank("o",csr.o())
\r
158 .nullOrBlank("l",csr.l())
\r
159 .nullOrBlank("st",csr.st())
\r
160 .nullOrBlank("c",csr.c())
\r