- JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();
- xcb.addExtension(Extension.basicConstraints,
- false, new BasicConstraints(false
- ))
- .addExtension(Extension.keyUsage,
- true, new KeyUsage(KeyUsage.digitalSignature
- | KeyUsage.keyEncipherment
- | KeyUsage.nonRepudiation))
- .addExtension(Extension.extendedKeyUsage,
- true, new ExtendedKeyUsage(ASN_WebUsage))
+ x509cwi = new X509ChainWithIssuer(privateKeyEntry.getCertificateChain());
+ configured = "keystore \"" + fileName + "\", alias " + params[0][1];
+ } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException | UnrecoverableEntryException e) {
+ throw new CertException("Exception opening Keystore " + fileName, e);
+ }
+ }
+ } else {
+ throw new CertException("Private Key, " + f.getPath() + ", does not exist");
+ }
+
+ X500NameBuilder xnb = new X500NameBuilder();
+ List<RDN> rp = RDN.parse(',', x509cwi.getIssuerDN());
+ Collections.reverse(rp);
+ for (RDN rnd : rp) {
+ xnb.addRDN(rnd.aoi,rnd.value);
+ }
+ issuer = xnb.build();
+ access.printf(Level.INIT, "LocalCA is configured with %s. The Issuer DN is %s.",
+ configured, issuer.toString());
+ }
+
+ /* (non-Javadoc)
+ * @see org.onap.aaf.auth.cm.service.CA#sign(org.bouncycastle.pkcs.PKCS10CertificationRequest)
+ */
+ @Override
+ public X509andChain sign(Trans trans, CSRMeta csrmeta) throws IOException, CertException {
+ GregorianCalendar gc = new GregorianCalendar();
+ Date start = gc.getTime();
+ gc.add(GregorianCalendar.MONTH, 12);
+ Date end = gc.getTime();
+ X509Certificate x509;
+ TimeTaken tt = trans.start("Create/Sign Cert",Env.SUB);
+ try {
+ BigInteger bi;
+
+ synchronized(ONE) {
+ bi = serial;
+ serial = serial.add(ONE);
+ }
+
+ RSAPublicKey rpk = (RSAPublicKey)csrmeta.keypair(trans).getPublic();
+ X509v3CertificateBuilder xcb = new X509v3CertificateBuilder(
+ issuer,
+ bi, // replace with Serialnumber scheme
+ start,
+ end,
+ csrmeta.x500Name(),
+ SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(new RSAKeyParameters(false,rpk.getModulus(),rpk.getPublicExponent()))
+// new SubjectPublicKeyInfo(ASN1Sequence.getInstance(caCert.getPublicKey().getEncoded()))
+ );
+ List<GeneralName> lsan = new ArrayList<>();
+ for (String s : csrmeta.sans()) {
+ lsan.add(new GeneralName(GeneralName.dNSName,s));
+ }
+ GeneralName[] sans = new GeneralName[lsan.size()];
+ lsan.toArray(sans);
+
+ JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();
+ xcb.addExtension(Extension.basicConstraints,
+ false, new BasicConstraints(false
+ ))
+ .addExtension(Extension.keyUsage,
+ true, new KeyUsage(KeyUsage.digitalSignature
+ | KeyUsage.keyEncipherment
+ | KeyUsage.nonRepudiation))
+ .addExtension(Extension.extendedKeyUsage,
+ true, new ExtendedKeyUsage(ASN_WebUsage))