+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.cm;\r
-\r
-import java.io.BufferedReader;\r
-import java.io.ByteArrayInputStream;\r
-import java.io.ByteArrayOutputStream;\r
-import java.io.DataInputStream;\r
-import java.io.File;\r
-import java.io.FileInputStream;\r
-import java.io.FileNotFoundException;\r
-import java.io.FileReader;\r
-import java.io.IOException;\r
-import java.io.InputStream;\r
-import java.io.InputStreamReader;\r
-import java.io.Reader;\r
-import java.io.StringReader;\r
-import java.security.InvalidKeyException;\r
-import java.security.Key;\r
-import java.security.KeyFactory;\r
-import java.security.KeyPair;\r
-import java.security.KeyPairGenerator;\r
-import java.security.NoSuchAlgorithmException;\r
-import java.security.PrivateKey;\r
-import java.security.PublicKey;\r
-import java.security.SecureRandom;\r
-import java.security.Signature;\r
-import java.security.SignatureException;\r
-import java.security.cert.Certificate;\r
-import java.security.cert.CertificateEncodingException;\r
-import java.security.cert.CertificateException;\r
-import java.security.cert.CertificateFactory;\r
-import java.security.cert.X509Certificate;\r
-import java.security.spec.InvalidKeySpecException;\r
-import java.security.spec.PKCS8EncodedKeySpec;\r
-import java.security.spec.X509EncodedKeySpec;\r
-import java.util.Collection;\r
-import java.util.List;\r
-\r
-import javax.crypto.Cipher;\r
-import javax.crypto.NoSuchPaddingException;\r
-\r
-import org.onap.aaf.cadi.Symm;\r
-\r
-import org.onap.aaf.inno.env.Env;\r
-import org.onap.aaf.inno.env.TimeTaken;\r
-import org.onap.aaf.inno.env.Trans;\r
-\r
-public class Factory {\r
- private static final String PRIVATE_KEY_HEADER = "PRIVATE KEY";\r
- public static final String KEY_ALGO = "RSA";\r
- public static final String SIG_ALGO = "SHA256withRSA";\r
-\r
- public static final int KEY_LENGTH = 2048;\r
- private static final KeyPairGenerator keygen;\r
- private static final KeyFactory keyFactory;\r
- private static final CertificateFactory certificateFactory;\r
- private static final SecureRandom random;\r
- \r
- \r
- private static final Symm base64 = Symm.base64.copy(64);\r
-\r
- static {\r
- random = new SecureRandom();\r
- KeyPairGenerator tempKeygen;\r
- try {\r
- tempKeygen = KeyPairGenerator.getInstance(KEY_ALGO);//,"BC");\r
- tempKeygen.initialize(KEY_LENGTH, random);\r
- } catch (NoSuchAlgorithmException e) {\r
- tempKeygen = null;\r
- e.printStackTrace(System.err);\r
- }\r
- keygen = tempKeygen;\r
-\r
- KeyFactory tempKeyFactory;\r
- try {\r
- tempKeyFactory=KeyFactory.getInstance(KEY_ALGO);//,"BC"\r
- } catch (NoSuchAlgorithmException e) {\r
- tempKeyFactory = null;\r
- e.printStackTrace(System.err);\r
- };\r
- keyFactory = tempKeyFactory;\r
- \r
- CertificateFactory tempCertificateFactory;\r
- try {\r
- tempCertificateFactory = CertificateFactory.getInstance("X.509");\r
- } catch (CertificateException e) {\r
- tempCertificateFactory = null;\r
- e.printStackTrace(System.err);\r
- }\r
- certificateFactory = tempCertificateFactory;\r
-\r
- \r
- }\r
-\r
-\r
- public static KeyPair generateKeyPair(Trans trans) {\r
- TimeTaken tt;\r
- if(trans!=null) {\r
- tt = trans.start("Generate KeyPair", Env.SUB);\r
- } else {\r
- tt = null;\r
- }\r
- try {\r
- return keygen.generateKeyPair();\r
- } finally {\r
- if(tt!=null) {\r
- tt.done();\r
- }\r
- }\r
- } \r
-\r
- private static final String LINE_END = "-----\n";\r
-\r
- protected static String textBuilder(String kind, byte[] bytes) throws IOException {\r
- StringBuilder sb = new StringBuilder();\r
- sb.append("-----BEGIN ");\r
- sb.append(kind);\r
- sb.append(LINE_END);\r
-\r
- ByteArrayInputStream bais = new ByteArrayInputStream(bytes);\r
- ByteArrayOutputStream baos = new ByteArrayOutputStream();\r
- base64.encode(bais, baos);\r
- sb.append(new String(baos.toByteArray()));\r
- \r
- if(sb.charAt(sb.length()-1)!='\n') {\r
- sb.append('\n');\r
- }\r
- sb.append("-----END ");\r
- sb.append(kind);\r
- sb.append(LINE_END);\r
- return sb.toString();\r
- }\r
- \r
- public static PrivateKey toPrivateKey(Trans trans, String pk) throws IOException, CertException {\r
- byte[] bytes = decode(new StringReader(pk));\r
- return toPrivateKey(trans, bytes);\r
- }\r
- \r
- public static PrivateKey toPrivateKey(Trans trans, byte[] bytes) throws IOException, CertException {\r
- TimeTaken tt=trans.start("Reconstitute Private Key", Env.SUB);\r
- try {\r
- return keyFactory.generatePrivate(new PKCS8EncodedKeySpec(bytes));\r
- } catch (InvalidKeySpecException e) {\r
- throw new CertException("Translating Private Key from PKCS8 KeySpec",e);\r
- } finally {\r
- tt.done();\r
- }\r
- }\r
- \r
- public static PrivateKey toPrivateKey(Trans trans, File file) throws IOException, CertException {\r
- TimeTaken tt = trans.start("Decode Private Key File", Env.SUB);\r
- try {\r
- return toPrivateKey(trans,decode(file));\r
- }finally {\r
- tt.done();\r
- }\r
- }\r
-\r
- public static String toString(Trans trans, PrivateKey pk) throws IOException {\r
-// PKCS8EncodedKeySpec pemContents = new PKCS8EncodedKeySpec(pk.getEncoded());\r
- trans.debug().log("Private Key to String");\r
- return textBuilder(PRIVATE_KEY_HEADER,pk.getEncoded());\r
- }\r
-\r
- public static PublicKey toPublicKey(Trans trans, String pk) throws IOException {\r
- TimeTaken tt = trans.start("Reconstitute Public Key", Env.SUB);\r
- try {\r
- ByteArrayInputStream bais = new ByteArrayInputStream(pk.getBytes());\r
- ByteArrayOutputStream baos = new ByteArrayOutputStream();\r
- Symm.base64noSplit.decode(bais, baos);\r
-\r
- return keyFactory.generatePublic(new X509EncodedKeySpec(baos.toByteArray()));\r
- } catch (InvalidKeySpecException e) {\r
- trans.error().log(e,"Translating Public Key from X509 KeySpec");\r
- return null;\r
- } finally {\r
- tt.done();\r
- }\r
- }\r
- \r
- public static String toString(Trans trans, PublicKey pk) throws IOException {\r
- trans.debug().log("Public Key to String");\r
- return textBuilder("PUBLIC KEY",pk.getEncoded());\r
- }\r
-\r
- public static Collection<? extends Certificate> toX509Certificate(String x509) throws CertificateException {\r
- return toX509Certificate(x509.getBytes());\r
- }\r
- \r
- public static Collection<? extends Certificate> toX509Certificate(List<String> x509s) throws CertificateException {\r
- ByteArrayOutputStream baos = new ByteArrayOutputStream();\r
- try {\r
- for(String x509 : x509s) {\r
- baos.write(x509.getBytes());\r
- }\r
- } catch (IOException e) {\r
- throw new CertificateException(e);\r
- }\r
- return toX509Certificate(new ByteArrayInputStream(baos.toByteArray()));\r
- }\r
-\r
- public static Collection<? extends Certificate> toX509Certificate(byte[] x509) throws CertificateException {\r
- return certificateFactory.generateCertificates(new ByteArrayInputStream(x509));\r
- }\r
-\r
- public static Collection<? extends Certificate> toX509Certificate(Trans trans, File file) throws CertificateException, FileNotFoundException {\r
- FileInputStream fis = new FileInputStream(file);\r
- try {\r
- return toX509Certificate(fis);\r
- } finally {\r
- try {\r
- fis.close();\r
- } catch (IOException e) {\r
- throw new CertificateException(e);\r
- }\r
- }\r
- }\r
-\r
- public static Collection<? extends Certificate> toX509Certificate(InputStream is) throws CertificateException {\r
- return certificateFactory.generateCertificates(is);\r
- }\r
-\r
- public static String toString(Trans trans, Certificate cert) throws IOException, CertException {\r
- if(trans.debug().isLoggable()) {\r
- StringBuilder sb = new StringBuilder("Certificate to String");\r
- if(cert instanceof X509Certificate) {\r
- sb.append(" - ");\r
- sb.append(((X509Certificate)cert).getSubjectDN());\r
- }\r
- trans.debug().log(sb);\r
- }\r
- try {\r
- if(cert==null) {\r
- throw new CertException("Certificate not built");\r
- }\r
- return textBuilder("CERTIFICATE",cert.getEncoded());\r
- } catch (CertificateEncodingException e) {\r
- throw new CertException(e);\r
- }\r
- }\r
-\r
- public static Cipher pkCipher() throws NoSuchAlgorithmException, NoSuchPaddingException {\r
- return Cipher.getInstance(KEY_ALGO); \r
- }\r
-\r
- public static Cipher pkCipher(Key key, boolean encrypt) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException {\r
- Cipher cipher = Cipher.getInstance(KEY_ALGO);\r
- cipher.init(encrypt?Cipher.ENCRYPT_MODE:Cipher.DECRYPT_MODE,key);\r
- return cipher;\r
- }\r
-\r
- public static byte[] strip(Reader rdr) throws IOException {\r
- BufferedReader br = new BufferedReader(rdr);\r
- ByteArrayOutputStream baos = new ByteArrayOutputStream();\r
- String line;\r
- while((line=br.readLine())!=null) {\r
- if(line.length()>0 &&\r
- !line.startsWith("-----") &&\r
- line.indexOf(':')<0) { // Header elements\r
- baos.write(line.getBytes());\r
- }\r
- }\r
- return baos.toByteArray();\r
- }\r
- \r
- public static class StripperInputStream extends InputStream {\r
- private Reader created;\r
- private BufferedReader br;\r
- private int idx;\r
- private String line;\r
-\r
- public StripperInputStream(Reader rdr) {\r
- if(rdr instanceof BufferedReader) {\r
- br = (BufferedReader)rdr;\r
- } else {\r
- br = new BufferedReader(rdr);\r
- }\r
- created = null;\r
- }\r
- \r
- public StripperInputStream(File file) throws FileNotFoundException {\r
- this(new FileReader(file));\r
- created = br;\r
- }\r
-\r
- public StripperInputStream(InputStream is) throws FileNotFoundException {\r
- this(new InputStreamReader(is));\r
- created = br;\r
- }\r
-\r
- @Override\r
- public int read() throws IOException {\r
- if(line==null || idx>=line.length()) {\r
- while((line=br.readLine())!=null) {\r
- if(line.length()>0 &&\r
- !line.startsWith("-----") &&\r
- line.indexOf(':')<0) { // Header elements\r
- break;\r
- }\r
- }\r
-\r
- if(line==null) {\r
- return -1;\r
- }\r
- idx = 0;\r
- }\r
- return line.charAt(idx++);\r
- }\r
-\r
- /* (non-Javadoc)\r
- * @see java.io.InputStream#close()\r
- */\r
- @Override\r
- public void close() throws IOException {\r
- if(created!=null) {\r
- created.close();\r
- }\r
- }\r
- }\r
-\r
- public static class Base64InputStream extends InputStream {\r
- private InputStream created;\r
- private InputStream is;\r
- private byte trio[];\r
- private byte duo[];\r
- private int idx;\r
-\r
- \r
- public Base64InputStream(File file) throws FileNotFoundException {\r
- this(new FileInputStream(file));\r
- created = is;\r
- }\r
-\r
- public Base64InputStream(InputStream is) throws FileNotFoundException {\r
- this.is = is;\r
- trio = new byte[3];\r
- idx = 4;\r
- }\r
-\r
- @Override\r
- public int read() throws IOException {\r
- if(duo==null || idx>=duo.length) {\r
- int read = is.read(trio);\r
- if(read==-1) {\r
- return -1;\r
- }\r
- duo = Symm.base64.decode(trio);\r
- if(duo==null || duo.length==0) {\r
- return -1;\r
- }\r
- idx=0;\r
- }\r
- \r
- return duo[idx++];\r
- }\r
-\r
- /* (non-Javadoc)\r
- * @see java.io.InputStream#close()\r
- */\r
- @Override\r
- public void close() throws IOException {\r
- if(created!=null) {\r
- created.close();\r
- }\r
- }\r
- }\r
-\r
- public static byte[] decode(byte[] bytes) throws IOException {\r
- ByteArrayInputStream bais = new ByteArrayInputStream(bytes);\r
- ByteArrayOutputStream baos = new ByteArrayOutputStream();\r
- Symm.base64.decode(bais, baos);\r
- return baos.toByteArray();\r
- }\r
- \r
- public static byte[] decode(File f) throws IOException {\r
- FileReader fr = new FileReader(f);\r
- try {\r
- return Factory.decode(fr);\r
- } finally {\r
- fr.close();\r
- }\r
-\r
- }\r
- public static byte[] decode(Reader rdr) throws IOException {\r
- return decode(strip(rdr));\r
- }\r
-\r
-\r
- public static byte[] binary(File file) throws IOException {\r
- DataInputStream dis = new DataInputStream(new FileInputStream(file));\r
- try {\r
- byte[] bytes = new byte[(int)file.length()];\r
- dis.readFully(bytes);\r
- return bytes;\r
- } finally {\r
- dis.close();\r
- }\r
- }\r
-\r
-\r
- public static byte[] sign(Trans trans, byte[] bytes, PrivateKey pk) throws IOException, InvalidKeyException, SignatureException, NoSuchAlgorithmException {\r
- TimeTaken tt = trans.start("Sign Data", Env.SUB);\r
- try {\r
- Signature sig = Signature.getInstance(SIG_ALGO);\r
- sig.initSign(pk, random);\r
- sig.update(bytes);\r
- return sig.sign();\r
- } finally {\r
- tt.done();\r
- }\r
- }\r
-\r
- public static String toSignatureString(byte[] signed) throws IOException {\r
- return textBuilder("SIGNATURE", signed);\r
- }\r
-\r
- public static boolean verify(Trans trans, byte[] bytes, byte[] signature, PublicKey pk) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {\r
- TimeTaken tt = trans.start("Verify Data", Env.SUB);\r
- try {\r
- Signature sig = Signature.getInstance(SIG_ALGO);\r
- sig.initVerify(pk);\r
- sig.update(bytes);\r
- return sig.verify(signature);\r
- } finally {\r
- tt.done();\r
- } \r
- }\r
-}\r