+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.http;\r
-\r
-import java.io.ByteArrayInputStream;\r
-import java.io.ByteArrayOutputStream;\r
-import java.io.IOException;\r
-import java.net.HttpURLConnection;\r
-import java.security.PrivateKey;\r
-import java.security.SecureRandom;\r
-import java.security.Signature;\r
-import java.security.cert.CertificateEncodingException;\r
-import java.security.cert.X509Certificate;\r
-\r
-import javax.net.ssl.HttpsURLConnection;\r
-import javax.net.ssl.X509KeyManager;\r
-\r
-import org.onap.aaf.cadi.CadiException;\r
-import org.onap.aaf.cadi.SecuritySetter;\r
-import org.onap.aaf.cadi.Symm;\r
-import org.onap.aaf.cadi.config.Config;\r
-import org.onap.aaf.cadi.config.SecurityInfoC;\r
-\r
-import org.onap.aaf.inno.env.APIException;\r
-import org.onap.aaf.inno.env.util.Chrono;\r
-\r
-\r
-public class HX509SS implements SecuritySetter<HttpURLConnection> {\r
- private static final byte[] X509 = "x509 ".getBytes();\r
- private PrivateKey priv;\r
- private byte[] pub;\r
- private String cert;\r
- private SecurityInfoC<HttpURLConnection> securityInfo;\r
- private String algo;\r
- private String alias;\r
- private static int count = new SecureRandom().nextInt();\r
-\r
- public HX509SS(SecurityInfoC<HttpURLConnection> si) throws APIException, IOException, CertificateEncodingException {\r
- this(null,si,false);\r
- }\r
- \r
- public HX509SS(SecurityInfoC<HttpURLConnection> si, boolean asDefault) throws APIException, IOException, CertificateEncodingException {\r
- this(null,si,asDefault);\r
- }\r
- \r
- public HX509SS(final String sendAlias, SecurityInfoC<HttpURLConnection> si) throws APIException, IOException, CertificateEncodingException {\r
- this(sendAlias, si, false);\r
- }\r
-\r
- public HX509SS(final String sendAlias, SecurityInfoC<HttpURLConnection> si, boolean asDefault) throws APIException, IOException, CertificateEncodingException {\r
- securityInfo = si;\r
- if((alias=sendAlias) == null) {\r
- if(si.default_alias == null) {\r
- throw new APIException("JKS Alias is required to use X509SS Security. Use " + Config.CADI_ALIAS +" to set default alias");\r
- } else {\r
- alias = si.default_alias;\r
- }\r
- }\r
- \r
- priv=null;\r
- X509KeyManager[] xkms = si.getKeyManagers();\r
- if(xkms==null || xkms.length==0) {\r
- throw new APIException("There are no valid keys available in given Keystores. Wrong Keypass? Expired?");\r
- }\r
- for(int i=0;priv==null&&i<xkms.length;++i) {\r
- priv = xkms[i].getPrivateKey(alias);\r
- }\r
- for(int i=0;cert==null&&i<xkms.length;++i) {\r
- X509Certificate[] chain = xkms[i].getCertificateChain(alias);\r
- if(chain!=null&&chain.length>0) {\r
- algo = chain[0].getSigAlgName(); \r
- pub = chain[0].getEncoded();\r
- ByteArrayOutputStream baos = new ByteArrayOutputStream(pub.length*2); \r
- ByteArrayInputStream bais = new ByteArrayInputStream(pub);\r
- Symm.base64noSplit.encode(bais,baos,X509);\r
- cert = baos.toString();\r
- \r
- /*\r
- // Inner Test code, uncomment if fix needed\r
- bais = new ByteArrayInputStream(baos.toByteArray());\r
- baos = new ByteArrayOutputStream(input.length*2);\r
- Symm.base64noSplit().decode(bais,baos,5);\r
- byte[] output = baos.toByteArray();\r
- String reconstitute = output.toString();\r
- System.out.println("ok");\r
- CertificateFactory certFactory;\r
- try {\r
- bais = new ByteArrayInputStream(output);\r
- certFactory = CertificateFactory.getInstance("X.509");\r
- X509Certificate x509 = (X509Certificate)certFactory.generateCertificate(bais);\r
- System.out.println(x509.toString());\r
- } catch (CertificateException e) {\r
- e.printStackTrace();\r
- }\r
- */\r
- }\r
- }\r
- if(algo==null) {\r
- throw new APIException("X509 Security Setter not configured");\r
- }\r
- }\r
-\r
- @Override\r
- public void setSecurity(HttpURLConnection huc) throws CadiException {\r
- if(huc instanceof HttpsURLConnection) {\r
- securityInfo.setSocketFactoryOn((HttpsURLConnection)huc);\r
- }\r
- if(alias==null) { // must be a one-way\r
- huc.setRequestProperty("Authorization", cert);\r
- \r
- // Test Signed content\r
- try {\r
- String data = "SignedContent["+ inc() + ']' + Chrono.dateTime();\r
- huc.setRequestProperty("Data", data);\r
- \r
- Signature sig = Signature.getInstance(algo);\r
- sig.initSign(priv);\r
- sig.update(data.getBytes());\r
- byte[] signature = sig.sign();\r
- \r
- ByteArrayOutputStream baos = new ByteArrayOutputStream((int)(signature.length*1.3));\r
- ByteArrayInputStream bais = new ByteArrayInputStream(signature);\r
- Symm.base64noSplit.encode(bais, baos);\r
- huc.setRequestProperty("Signature", new String(baos.toByteArray()));\r
- \r
- } catch (Exception e) {\r
- throw new CadiException(e);\r
- }\r
- }\r
- }\r
- \r
- private synchronized int inc() {\r
- return ++count;\r
- }\r
- \r
- /* (non-Javadoc)\r
- * @see com.att.cadi.SecuritySetter#getID()\r
- */\r
- @Override\r
- public String getID() {\r
- return alias;\r
- }\r
- \r
- @Override\r
- public int setLastResponse(int respCode) {\r
- return 0;\r
- }\r
-}\r
Code Review / aaf / cadi.git / blobdiff