+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.authz.cm.cert;\r
-\r
-import java.io.IOException;\r
-import java.math.BigInteger;\r
-import java.security.KeyPair;\r
-import java.security.SecureRandom;\r
-import java.security.cert.CertificateException;\r
-import java.security.cert.X509Certificate;\r
-import java.util.ArrayList;\r
-import java.util.Date;\r
-import java.util.GregorianCalendar;\r
-import java.util.List;\r
-\r
-import org.bouncycastle.asn1.ASN1Sequence;\r
-import org.bouncycastle.asn1.DERPrintableString;\r
-import org.bouncycastle.asn1.pkcs.Attribute;\r
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;\r
-import org.bouncycastle.asn1.x500.X500Name;\r
-import org.bouncycastle.asn1.x500.X500NameBuilder;\r
-import org.bouncycastle.asn1.x500.style.BCStyle;\r
-import org.bouncycastle.asn1.x509.Extension;\r
-import org.bouncycastle.asn1.x509.Extensions;\r
-import org.bouncycastle.asn1.x509.GeneralName;\r
-import org.bouncycastle.asn1.x509.GeneralNames;\r
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;\r
-import org.bouncycastle.cert.X509v3CertificateBuilder;\r
-import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;\r
-import org.bouncycastle.operator.OperatorCreationException;\r
-import org.bouncycastle.pkcs.PKCS10CertificationRequest;\r
-import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder;\r
-import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;\r
-\r
-import org.onap.aaf.cadi.cm.CertException;\r
-import org.onap.aaf.cadi.cm.Factory;\r
-import org.onap.aaf.inno.env.Trans;\r
-\r
-public class CSRMeta {\r
- private String environment;\r
- private String cn;\r
- private String mechID;\r
- private String email;\r
- private String o;\r
- private String l;\r
- private String st;\r
- private String c;\r
- private String challenge;\r
- \r
- private ArrayList<String> sanList = new ArrayList<String>();\r
-\r
- private KeyPair keyPair;\r
- private X500Name name = null;\r
- private SecureRandom random = new SecureRandom();\r
-\r
- public X500Name x500Name() throws IOException {\r
- if(name==null) {\r
- X500NameBuilder xnb = new X500NameBuilder();\r
- xnb.addRDN(BCStyle.CN,cn);\r
- xnb.addRDN(BCStyle.E,email);\r
- if(environment==null) {\r
- xnb.addRDN(BCStyle.OU,mechID);\r
- } else {\r
- xnb.addRDN(BCStyle.OU,mechID+':'+environment);\r
- }\r
- xnb.addRDN(BCStyle.O,o);\r
- xnb.addRDN(BCStyle.L,l);\r
- xnb.addRDN(BCStyle.ST,st);\r
- xnb.addRDN(BCStyle.C,c);\r
- name = xnb.build();\r
- }\r
- return name;\r
- }\r
- \r
- \r
- public PKCS10CertificationRequest generateCSR(Trans trans) throws IOException, CertException {\r
- PKCS10CertificationRequestBuilder builder = new JcaPKCS10CertificationRequestBuilder(x500Name(),keypair(trans).getPublic());\r
- if(challenge!=null) {\r
- DERPrintableString password = new DERPrintableString(challenge);\r
- builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_challengePassword, password);\r
- }\r
- \r
- if(sanList.size()>0) {\r
- GeneralName[] gna = new GeneralName[sanList.size()];\r
- int i=-1;\r
- for(String s : sanList) {\r
- gna[++i]=new GeneralName(GeneralName.dNSName,s);\r
- }\r
- \r
- builder.addAttribute(\r
- PKCSObjectIdentifiers.pkcs_9_at_extensionRequest,\r
- new Extensions(new Extension[] {\r
- new Extension(Extension.subjectAlternativeName,false,new GeneralNames(gna).getEncoded())\r
- })\r
- );\r
- }\r
-// builder.addAttribute(Extension.basicConstraints,new BasicConstraints(false))\r
-// .addAttribute(Extension.keyUsage, new KeyUsage(KeyUsage.digitalSignature\r
-// | KeyUsage.keyEncipherment));\r
- try {\r
- return builder.build(BCFactory.contentSigner(keypair(trans).getPrivate()));\r
- } catch (OperatorCreationException e) {\r
- throw new CertException(e);\r
- }\r
- }\r
- \r
- @SuppressWarnings("deprecation")\r
- public static void dump(PKCS10CertificationRequest csr) {\r
- Attribute[] certAttributes = csr.getAttributes();\r
- for (Attribute attribute : certAttributes) {\r
- if (attribute.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) {\r
- Extensions extensions = Extensions.getInstance(attribute.getAttrValues().getObjectAt(0));\r
-// Extension ext = extensions.getExtension(Extension.subjectAlternativeName);\r
- GeneralNames gns = GeneralNames.fromExtensions(extensions,Extension.subjectAlternativeName);\r
- GeneralName[] names = gns.getNames();\r
- for(int k=0; k < names.length; k++) {\r
- String title = "";\r
- if(names[k].getTagNo() == GeneralName.dNSName) {\r
- title = "dNSName";\r
- }\r
- else if(names[k].getTagNo() == GeneralName.iPAddress) {\r
- title = "iPAddress";\r
- // Deprecated, but I don't see anything better to use.\r
- names[k].toASN1Object();\r
- }\r
- else if(names[k].getTagNo() == GeneralName.otherName) {\r
- title = "otherName";\r
- }\r
- System.out.println(title + ": "+ names[k].getName());\r
- } \r
- }\r
- }\r
- }\r
- \r
- public X509Certificate initialConversationCert(Trans trans) throws IOException, CertificateException, OperatorCreationException {\r
- GregorianCalendar gc = new GregorianCalendar();\r
- Date start = gc.getTime();\r
- gc.add(GregorianCalendar.DAY_OF_MONTH,2);\r
- Date end = gc.getTime();\r
- X509v3CertificateBuilder xcb = new X509v3CertificateBuilder(\r
- x500Name(),\r
- new BigInteger(12,random), // replace with Serialnumber scheme\r
- start,\r
- end,\r
- x500Name(),\r
-// SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(caCert.getPublicKey().getEn)\r
- new SubjectPublicKeyInfo(ASN1Sequence.getInstance(keypair(trans).getPublic().getEncoded()))\r
- );\r
- return new JcaX509CertificateConverter().getCertificate(\r
- xcb.build(BCFactory.contentSigner(keypair(trans).getPrivate())));\r
- }\r
-\r
- public CSRMeta san(String v) {\r
- sanList.add(v);\r
- return this;\r
- }\r
-\r
- public List<String> sans() {\r
- return sanList;\r
- }\r
-\r
-\r
- public KeyPair keypair(Trans trans) {\r
- if(keyPair == null) {\r
- keyPair = Factory.generateKeyPair(trans);\r
- }\r
- return keyPair;\r
- }\r
-\r
- /**\r
- * @return the cn\r
- */\r
- public String cn() {\r
- return cn;\r
- }\r
-\r
-\r
- /**\r
- * @param cn the cn to set\r
- */\r
- public void cn(String cn) {\r
- this.cn = cn;\r
- }\r
-\r
- /**\r
- * Environment of Service MechID is good for\r
- */\r
- public void environment(String env) {\r
- environment = env;\r
- }\r
- \r
- /**\r
- * \r
- * @return\r
- */\r
- public String environment() {\r
- return environment;\r
- }\r
- \r
- /**\r
- * @return the mechID\r
- */\r
- public String mechID() {\r
- return mechID;\r
- }\r
-\r
-\r
- /**\r
- * @param mechID the mechID to set\r
- */\r
- public void mechID(String mechID) {\r
- this.mechID = mechID;\r
- }\r
-\r
-\r
- /**\r
- * @return the email\r
- */\r
- public String email() {\r
- return email;\r
- }\r
-\r
-\r
- /**\r
- * @param email the email to set\r
- */\r
- public void email(String email) {\r
- this.email = email;\r
- }\r
-\r
-\r
- /**\r
- * @return the o\r
- */\r
- public String o() {\r
- return o;\r
- }\r
-\r
-\r
- /**\r
- * @param o the o to set\r
- */\r
- public void o(String o) {\r
- this.o = o;\r
- }\r
-\r
- /**\r
- * \r
- * @return the l\r
- */\r
- public String l() {\r
- return l;\r
- }\r
- \r
- /**\r
- * @param l the l to set\r
- */\r
- public void l(String l) {\r
- this.l=l;\r
- }\r
-\r
- /**\r
- * @return the st\r
- */\r
- public String st() {\r
- return st;\r
- }\r
-\r
-\r
- /**\r
- * @param st the st to set\r
- */\r
- public void st(String st) {\r
- this.st = st;\r
- }\r
-\r
-\r
- /**\r
- * @return the c\r
- */\r
- public String c() {\r
- return c;\r
- }\r
-\r
-\r
- /**\r
- * @param c the c to set\r
- */\r
- public void c(String c) {\r
- this.c = c;\r
- }\r
-\r
-\r
- /**\r
- * @return the challenge\r
- */\r
- public String challenge() {\r
- return challenge;\r
- }\r
-\r
-\r
- /**\r
- * @param challenge the challenge to set\r
- */\r
- public void challenge(String challenge) {\r
- this.challenge = challenge;\r
- }\r
- \r
-}\r
Code Review / aaf / authz.git / blobdiff