+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.cm;\r
-\r
-import java.io.File;\r
-import java.security.KeyStore;\r
-import java.security.PrivateKey;\r
-import java.security.cert.Certificate;\r
-import java.security.cert.X509Certificate;\r
-import java.util.Collection;\r
-\r
-import org.onap.aaf.cadi.CadiException;\r
-import org.onap.aaf.cadi.Symm;\r
-import org.onap.aaf.cadi.config.Config;\r
-import org.onap.aaf.cadi.util.Chmod;\r
-\r
-import org.onap.aaf.inno.env.Trans;\r
-\r
-import certman.v1_0.Artifacts.Artifact;\r
-import certman.v1_0.CertInfo;\r
-\r
-public class PlaceArtifactInKeystore extends ArtifactDir {\r
- private String kst;\r
- //TODO get ROOT DNs or Trusted DNs from Certificate Manager.\r
-// private static String[] rootDNs = new String[]{ \r
-// "CN=ATT CADI Root CA - Test, O=ATT, OU=CSO, C=US", // Lab. delete eventually\r
-// "CN=ATT AAF CADI TEST CA, OU=CSO, O=ATT, C=US",\r
-// "CN=ATT AAF CADI CA, OU=CSO, O=ATT, C=US"\r
-// };\r
-\r
- public PlaceArtifactInKeystore(String kst) {\r
- this.kst = kst;\r
- }\r
-\r
- @Override\r
- public boolean _place(Trans trans, CertInfo certInfo, Artifact arti) throws CadiException {\r
- File fks = new File(dir,arti.getAppName()+'.'+kst);\r
- try {\r
- KeyStore jks = KeyStore.getInstance(kst);\r
- if(fks.exists()) {\r
- fks.delete();\r
- } \r
-\r
- // Get the Cert(s)... Might include Trust store\r
- Collection<? extends Certificate> certColl = Factory.toX509Certificate(certInfo.getCerts());\r
- X509Certificate[] certs = new X509Certificate[certColl.size()];\r
- certColl.toArray(certs);\r
- \r
-\r
- // Add CADI Keyfile Entry to Properties\r
- addProperty(Config.CADI_KEYFILE,arti.getDir()+'/'+arti.getAppName() + ".keyfile");\r
- // Set Keystore Password\r
- addProperty(Config.CADI_KEYSTORE,fks.getAbsolutePath());\r
- String keystorePass = Symm.randomGen(CmAgent.PASS_SIZE);\r
- addEncProperty(Config.CADI_KEYSTORE_PASSWORD,keystorePass);\r
- char[] keystorePassArray = keystorePass.toCharArray();\r
- jks.load(null,keystorePassArray); // load in\r
- \r
- // Add Private Key/Cert Entry for App\r
- // Note: Java SSL security classes, while having a separate key from keystore,\r
- // is documented to not actually work. \r
- // java.security.UnrecoverableKeyException: Cannot recover key\r
- // You can create a custom Key Manager to make it work, but Practicality \r
- // dictates that you live with the default, meaning, they are the same\r
- String keyPass = keystorePass; //Symm.randomGen(CmAgent.PASS_SIZE);\r
- PrivateKey pk = Factory.toPrivateKey(trans, certInfo.getPrivatekey());\r
- addEncProperty(Config.CADI_KEY_PASSWORD, keyPass);\r
- addProperty(Config.CADI_ALIAS, arti.getMechid());\r
-// Set<Attribute> attribs = new HashSet<Attribute>();\r
-// if(kst.equals("pkcs12")) {\r
-// // Friendly Name\r
-// attribs.add(new PKCS12Attribute("1.2.840.113549.1.9.20", arti.getAppName()));\r
-// } \r
-// \r
- KeyStore.ProtectionParameter protParam = \r
- new KeyStore.PasswordProtection(keyPass.toCharArray());\r
- \r
- KeyStore.PrivateKeyEntry pkEntry = \r
- new KeyStore.PrivateKeyEntry(pk, new Certificate[] {certs[0]});\r
- jks.setEntry(arti.getMechid(), \r
- pkEntry, protParam);\r
- \r
- // Write out\r
- write(fks,Chmod.to400,jks,keystorePassArray);\r
- \r
- // Change out to TrustStore\r
- fks = new File(dir,arti.getAppName()+".trust."+kst);\r
- jks = KeyStore.getInstance(kst);\r
- \r
- // Set Truststore Password\r
- addProperty(Config.CADI_TRUSTSTORE,fks.getAbsolutePath());\r
- String trustStorePass = Symm.randomGen(CmAgent.PASS_SIZE);\r
- addEncProperty(Config.CADI_TRUSTSTORE_PASSWORD,trustStorePass);\r
- char[] truststorePassArray = trustStorePass.toCharArray();\r
- jks.load(null,truststorePassArray); // load in\r
- \r
- // Add Trusted Certificates\r
- for(int i=1; i<certs.length;++i) {\r
- jks.setCertificateEntry("cadi_root_" + arti.getCa() + '_' + i, certs[i]);\r
- }\r
- // Write out\r
- write(fks,Chmod.to644,jks,truststorePassArray);\r
-\r
- } catch (Exception e) {\r
- throw new CadiException(e);\r
- }\r
- return false;\r
- }\r
-\r
-}\r