X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=auth%2Fauth-certman%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fauth%2Fcm%2Fca%2FCA.java;h=275ad549b2ee09778f30aab032e8020d037f9320;hb=be1edcb6830745015f5de72e820f40f36dd571ad;hp=26b4e2aa9b8e4e5004c6734e080bcc196334016a;hpb=f727f876191f815a850b89eb501f49bfd6e65c5d;p=aaf%2Fauthz.git diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java index 26b4e2aa..275ad549 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -30,6 +30,7 @@ import java.util.Collections; import java.util.HashSet; import java.util.List; import java.util.Set; +import java.util.regex.Pattern; import org.bouncycastle.asn1.x500.style.BCStyle; import org.onap.aaf.auth.cm.cert.CSRMeta; @@ -42,6 +43,10 @@ import org.onap.aaf.misc.env.Trans; import org.onap.aaf.misc.env.util.Split; public abstract class CA { + public static final Pattern IPV4_PATTERN = Pattern.compile("\\A(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)(\\.(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)){3}\\z"); + public static final Pattern IPV6_PATTERN = Pattern.compile("\\A(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}\\z"); + + private static final String MUST_EXIST_TO_CREATE_CSRS_FOR = " must exist to create CSRs for "; //TODO figuring out what is an Issuing CA is a matter of convention. Consider SubClassing for Open Source public static final String ISSUING_CA = "Issuing CA"; @@ -54,11 +59,11 @@ public abstract class CA { public static final Set EMPTY = Collections.unmodifiableSet(new HashSet<>()); - + private final String name; private final String env; private MessageDigest messageDigest; - private final String permNS; + private final String permNS; private final String permType; private final ArrayList idDomains; private String[] trustedCAs; @@ -71,8 +76,8 @@ public abstract class CA { trustedCAs = new String[4]; // starting array this.name = caName; this.env = env; - this.env_tag = env==null || env.isEmpty()?false: - Boolean.parseBoolean(access.getProperty(CM_CA_ENV_TAG, Boolean.FALSE.toString())); + this.env_tag = env==null || env.isEmpty()?false: + Boolean.parseBoolean(access.getProperty(CM_CA_ENV_TAG, Boolean.FALSE.toString())); permNS=null; String prefix = CM_CA_PREFIX + name; permType = access.getProperty(prefix + ".perm_type",null); @@ -80,9 +85,9 @@ public abstract class CA { throw new CertException(prefix + ".perm_type" + MUST_EXIST_TO_CREATE_CSRS_FOR + caName); } caIssuerDNs = Split.splitTrim(':', access.getProperty(Config.CADI_X509_ISSUERS, null)); - + String tag = CA.CM_CA_PREFIX+caName+CA.CM_CA_BASE_SUBJECT; - + String fields = access.getProperty(tag, null); if (fields==null) { throw new CertException(tag + MUST_EXIST_TO_CREATE_CSRS_FOR + caName); @@ -94,7 +99,7 @@ public abstract class CA { throw new CertException("email address is not allowed in " + CM_CA_BASE_SUBJECT); } } - + idDomains = new ArrayList<>(); StringBuilder sb = null; for (String s : Split.splitTrim(',', access.getProperty(CA.CM_CA_PREFIX+caName+".idDomains", ""))) { @@ -111,7 +116,7 @@ public abstract class CA { if (sb!=null) { access.printf(Level.INIT, "CA '%s' supports Personal Certificates for %s", caName, sb); } - + String dataDir = access.getProperty(CM_PUBLIC_DIR,null); if (dataDir!=null) { File data = new File(dataDir); @@ -132,7 +137,7 @@ public abstract class CA { FileInputStream fis = new FileInputStream(crt); try { int read = fis.read(bytes); - if (read>0) { + if (read>0) { addTrustedCA(new String(bytes)); } } finally { @@ -166,7 +171,7 @@ public abstract class CA { caIssuerDNs = newsa; } } - + protected synchronized void addTrustedCA(final String crtString) { String crt; if (crtString.endsWith("\n")) { @@ -185,19 +190,19 @@ public abstract class CA { temp[trustedCAs.length]=crt; trustedCAs = temp; } - + public String[] getCaIssuerDNs() { return caIssuerDNs; } - + public String[] getTrustedCAs() { return trustedCAs; } - + public boolean shouldAddEnvTag() { - return env_tag; + return env_tag; } - + public String getEnv() { return env; } @@ -213,16 +218,16 @@ public abstract class CA { public String getName() { return name; } - - + + public String getPermNS() { return permNS; } - + public String getPermType() { return permType; } - + public abstract X509andChain sign(Trans trans, CSRMeta csrmeta) throws IOException, CertException; /* (non-Javadoc)