X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=auth%2Fauth-certman%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fauth%2Fcm%2Fca%2FJscepCA.java;h=51b962c80e1a9ed022d80c2c316801e544037924;hb=1296352d8eafee57f982a4342ad79ada4aa56d28;hp=4caa339020ed08a76579b010ac9c373ea58e81c6;hpb=264cb20ce5f31317919d5c49394cb3d482d5dbcd;p=aaf%2Fauthz.git diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/JscepCA.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/JscepCA.java index 4caa3390..51b962c8 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/JscepCA.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/JscepCA.java @@ -9,9 +9,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -35,18 +35,16 @@ import java.util.List; import java.util.Map; import java.util.concurrent.ConcurrentHashMap; - import org.bouncycastle.pkcs.PKCS10CertificationRequest; import org.jscep.client.Client; import org.jscep.client.ClientException; import org.jscep.client.EnrollmentResponse; -import org.jscep.client.verification.CertificateVerifier; import org.onap.aaf.auth.cm.cert.BCFactory; import org.onap.aaf.auth.cm.cert.CSRMeta; import org.onap.aaf.cadi.Access; -import org.onap.aaf.cadi.LocatorException; import org.onap.aaf.cadi.Access.Level; import org.onap.aaf.cadi.Locator.Item; +import org.onap.aaf.cadi.LocatorException; import org.onap.aaf.cadi.configure.CertException; import org.onap.aaf.cadi.locator.HotPeerLocator; import org.onap.aaf.misc.env.Env; @@ -73,19 +71,20 @@ public class JscepCA extends CA { super(access, name, env); mxcwiS = new ConcurrentHashMap<>(); mxcwiC = new ConcurrentHashMap<>(); - + if (params.length<2) { throw new CertException("No Trust Chain parameters are included"); - } + } if (params[0].length<2) { throw new CertException("User/Password required for JSCEP"); } final String id = params[0][0]; - final String pw = params[0][1]; - + final String pw = params[0][1]; + // Set this for NTLM password Microsoft Authenticator.setDefault(new Authenticator() { - public PasswordAuthentication getPasswordAuthentication () { + @Override + public PasswordAuthentication getPasswordAuthentication () { try { return new PasswordAuthentication (id,access.decrypt(pw,true).toCharArray()); } catch (IOException e) { @@ -94,16 +93,16 @@ public class JscepCA extends CA { return null; } }); - + StringBuilder urlstr = new StringBuilder(); for (int i=1;i1) { urlstr.append(','); // delimiter } urlstr.append(params[i][0]); - + String dir = access.getProperty(CM_PUBLIC_DIR, ""); if (!"".equals(dir) && !dir.endsWith("/")) { dir = dir + '/'; @@ -126,12 +125,12 @@ public class JscepCA extends CA { } } } - } + } clients = new JscepClientLocator(access,urlstr.toString()); } // package on purpose - + @Override public X509ChainWithIssuer sign(Trans trans, CSRMeta csrmeta) throws IOException, CertException { TimeTaken tt = trans.start("Generating CSR and Keys for New Certificate", Env.SUB); @@ -140,14 +139,14 @@ public class JscepCA extends CA { csr = csrmeta.generateCSR(trans); if (trans.info().isLoggable()) { trans.info().log(BCFactory.toString(csr)); - } + } if (trans.info().isLoggable()) { trans.info().log(csr); } } finally { tt.done(); } - + tt = trans.start("Enroll CSR", Env.SUB); Client client = null; Item item = null; @@ -155,13 +154,13 @@ public class JscepCA extends CA { try { item = clients.best(); client = clients.get(item); - + EnrollmentResponse er = client.enrol( csrmeta.initialConversationCert(trans), csrmeta.keypair(trans).getPrivate(), csr, MS_PROFILE /* profile... MS can't deal with blanks*/); - + while (true) { if (er.isSuccess()) { trans.checkpoint("Cert from " + clients.info(item)); @@ -187,7 +186,7 @@ public class JscepCA extends CA { i=MAX_RETRY; } catch (ClientException e) { trans.error().log(e,"SCEP Client Error, Temporarily Invalidating Client: " + clients.info(item)); - try { + try { clients.invalidate(client); if (!clients.hasItems()) { clients.refresh(); @@ -203,13 +202,13 @@ public class JscepCA extends CA { tt.done(); } } - + return null; } - + /** * Locator specifically for Jscep Clients. - * + * * Class based client for access to common Map */ private class JscepClientLocator extends HotPeerLocator { @@ -225,14 +224,11 @@ public class JscepCA extends CA { protected Client _newClient(String urlinfo) throws LocatorException { try { String[] info = Split.split('/', urlinfo); - Client c = new Client(new URL(JscepCA.CA_PREFIX + info[0] + JscepCA.CA_POSTFIX), - new CertificateVerifier() { - @Override - public boolean verify(X509Certificate cert) { + Client c = new Client(new URL(JscepCA.CA_PREFIX + info[0] + JscepCA.CA_POSTFIX), + cert -> { //TODO checkIssuer return true; } - } ); // Map URL to Client, because Client doesn't expose Connection mxcwiC.put(c, mxcwiS.get(urlinfo)); @@ -251,7 +247,7 @@ public class JscepCA extends CA { protected void _destroy(Client client) { mxcwiC.remove(client); } - - + + } }