* ===========================================================================
* Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
* ===========================================================================
+ * Modifications Copyright (C) 2018 IBM.
+ * ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
import java.net.MalformedURLException;
import java.net.PasswordAuthentication;
import java.net.URL;
-import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
-import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
-import org.bouncycastle.operator.OperatorCreationException;
+
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.jscep.client.Client;
import org.jscep.client.ClientException;
import org.jscep.client.EnrollmentResponse;
import org.jscep.client.verification.CertificateVerifier;
-import org.jscep.transaction.TransactionException;
import org.onap.aaf.auth.cm.cert.BCFactory;
import org.onap.aaf.auth.cm.cert.CSRMeta;
import org.onap.aaf.cadi.Access;
mxcwiS = new ConcurrentHashMap<>();
mxcwiC = new ConcurrentHashMap<>();
- if(params.length<2) {
+ if (params.length<2) {
throw new CertException("No Trust Chain parameters are included");
}
- if(params[0].length<2) {
+ if (params[0].length<2) {
throw new CertException("User/Password required for JSCEP");
}
final String id = params[0][0];
StringBuilder urlstr = new StringBuilder();
- for(int i=1;i<params.length;++i) { // skip first section, which is user/pass
+ for (int i=1;i<params.length;++i) { // skip first section, which is user/pass
// Work
- if(i>1) {
+ if (i>1) {
urlstr.append(','); // delimiter
}
urlstr.append(params[i][0]);
String dir = access.getProperty(CM_PUBLIC_DIR, "");
- if(!"".equals(dir) && !dir.endsWith("/")) {
+ if (!"".equals(dir) && !dir.endsWith("/")) {
dir = dir + '/';
}
String path;
List<FileReader> frs = new ArrayList<>(params.length-1);
try {
- for(int j=1; j<params[i].length; ++j) { // first 3 taken up, see above
+ for (int j=1; j<params[i].length; ++j) { // first 3 taken up, see above
path = !params[i][j].contains("/")?dir+params[i][j]:params[i][j];
access.printf(Level.INIT, "Loading a TrustChain Member for %s from %s",name, path);
frs.add(new FileReader(path));
addCaIssuerDN(xcwi.getIssuerDN());
mxcwiS.put(params[i][0],xcwi);
} finally {
- for(FileReader fr : frs) {
- if(fr!=null) {
+ for (FileReader fr : frs) {
+ if (fr!=null) {
fr.close();
}
}
PKCS10CertificationRequest csr;
try {
csr = csrmeta.generateCSR(trans);
- if(trans.info().isLoggable()) {
+ if (trans.info().isLoggable()) {
trans.info().log(BCFactory.toString(csr));
}
- if(trans.info().isLoggable()) {
+ if (trans.info().isLoggable()) {
trans.info().log(csr);
}
} finally {
tt = trans.start("Enroll CSR", Env.SUB);
Client client = null;
Item item = null;
- for(int i=0; i<MAX_RETRY;++i) {
+ for (int i=0; i<MAX_RETRY;++i) {
try {
item = clients.best();
client = clients.get(item);
csr,
MS_PROFILE /* profile... MS can't deal with blanks*/);
- while(true) {
- if(er.isSuccess()) {
+ while (true) {
+ if (er.isSuccess()) {
trans.checkpoint("Cert from " + clients.info(item));
X509Certificate x509 = null;
- for( Certificate cert : er.getCertStore().getCertificates(null)) {
- if(x509==null) {
+ for ( Certificate cert : er.getCertStore().getCertificates(null)) {
+ if (x509==null) {
x509 = (X509Certificate)cert;
break;
}
throw new CertException(clients.info(item)+':'+er.getFailInfo().toString());
}
}
- } catch(LocatorException e) {
+ } catch (LocatorException e) {
trans.error().log(e);
i=MAX_RETRY;
} catch (ClientException e) {
trans.error().log(e,"SCEP Client Error, Temporarily Invalidating Client: " + clients.info(item));
try {
clients.invalidate(client);
- if(!clients.hasItems()) {
+ if (!clients.hasItems()) {
clients.refresh();
}
} catch (LocatorException e1) {
trans.error().log(e,clients.info(item));
i=MAX_RETRY; // can't go any further
}
- } catch (InterruptedException|TransactionException|CertificateException|OperatorCreationException | CertStoreException e) {
+ } catch (Exception e) {
trans.error().log(e);
i=MAX_RETRY;
} finally {
protected Client _newClient(String urlinfo) throws LocatorException {
try {
String[] info = Split.split('/', urlinfo);
- Client c = new Client(new URL(JscepCA.CA_PREFIX + info[0] + JscepCA.CA_POSTFIX),
- new CertificateVerifier() {
- @Override
- public boolean verify(X509Certificate cert) {
+ Client c = new Client(new URL(JscepCA.CA_PREFIX + info[0] + JscepCA.CA_POSTFIX),
+ cert -> {
//TODO checkIssuer
return true;
}
- }
);
// Map URL to Client, because Client doesn't expose Connection
mxcwiC.put(c, mxcwiS.get(urlinfo));