X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=auth%2Fauth-certman%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fauth%2Fcm%2Fca%2FLocalCA.java;h=f7de90ea06bb2f1e464140bab113f577c92c61b5;hb=be1edcb6830745015f5de72e820f40f36dd571ad;hp=c51ddbde40646d7c9bdeebd9800e407a5f1d0ee1;hpb=da6154df2951bbdedea753f588d41153e3582ef5;p=aaf%2Fauthz.git diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/LocalCA.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/LocalCA.java index c51ddbde..f7de90ea 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/LocalCA.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/LocalCA.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -72,29 +72,28 @@ import org.onap.aaf.misc.env.TimeTaken; import org.onap.aaf.misc.env.Trans; public class LocalCA extends CA { - private final static BigInteger ONE = new BigInteger("1"); // Extensions private static final KeyPurposeId[] ASN_WebUsage = new KeyPurposeId[] { KeyPurposeId.id_kp_serverAuth, // WebServer KeyPurposeId.id_kp_clientAuth // WebClient }; - + private final PrivateKey caKey; private final X500Name issuer; private BigInteger serial; private final X509ChainWithIssuer x509cwi; // "Cert" is CACert - - + + public LocalCA(Access access, final String name, final String env, final String[][] params) throws IOException, CertException { super(access, name, env); - + serial = new BigInteger(64,new SecureRandom()); if (params.length<1 || params[0].length<2) { throw new IOException("LocalCA expects cm_ca.=org.onap.aaf.auth.cm.ca.LocalCA,[;]+"); } - + // Read in the Private Key String configured; File f = new File(params[0][0]); @@ -145,7 +144,7 @@ public class LocalCA extends CA { } else { throw new CertException("Unknown Keystore type from filename " + fileName); } - + KeyStore.ProtectionParameter keyPass; try { @@ -174,7 +173,7 @@ public class LocalCA extends CA { } PrivateKeyEntry privateKeyEntry = (PrivateKeyEntry)entry; caKey = privateKeyEntry.getPrivateKey(); - + x509cwi = new X509ChainWithIssuer(privateKeyEntry.getCertificateChain()); configured = "keystore \"" + fileName + "\", alias " + params[0][1]; } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException | UnrecoverableEntryException e) { @@ -184,7 +183,7 @@ public class LocalCA extends CA { } else { throw new CertException("Private Key, " + f.getPath() + ", does not exist"); } - + X500NameBuilder xnb = new X500NameBuilder(); List rp = RDN.parse(',', x509cwi.getIssuerDN()); Collections.reverse(rp); @@ -209,12 +208,12 @@ public class LocalCA extends CA { TimeTaken tt = trans.start("Create/Sign Cert",Env.SUB); try { BigInteger bi; - + synchronized(ONE) { bi = serial; serial = serial.add(ONE); } - + RSAPublicKey rpk = (RSAPublicKey)csrmeta.keypair(trans).getPublic(); X509v3CertificateBuilder xcb = new X509v3CertificateBuilder( issuer, @@ -226,8 +225,14 @@ public class LocalCA extends CA { // new SubjectPublicKeyInfo(ASN1Sequence.getInstance(caCert.getPublicKey().getEncoded())) ); List lsan = new ArrayList<>(); + // Email + lsan.add(new GeneralName(GeneralName.rfc822Name,csrmeta.email())); for (String s : csrmeta.sans()) { - lsan.add(new GeneralName(GeneralName.dNSName,s)); + if(IPV4_PATTERN.matcher(s).matches() || IPV6_PATTERN.matcher(s).matches()) { + lsan.add(new GeneralName(GeneralName.iPAddress,s)); + } else { + lsan.add(new GeneralName(GeneralName.dNSName,s)); + } } GeneralName[] sans = new GeneralName[lsan.size()]; lsan.toArray(sans); @@ -238,7 +243,7 @@ public class LocalCA extends CA { )) .addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature - | KeyUsage.keyEncipherment + | KeyUsage.keyEncipherment | KeyUsage.nonRepudiation)) .addExtension(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(ASN_WebUsage)) @@ -250,8 +255,8 @@ public class LocalCA extends CA { false, new GeneralNames(sans)) // .addExtension(MiscObjectIdentifiers.netscape, true, new NetscapeCertType( // NetscapeCertType.sslClient|NetscapeCertType.sslClient)) - ; - + ; + x509 = new JcaX509CertificateConverter().getCertificate( xcb.build(BCFactory.contentSigner(caKey))); } catch (GeneralSecurityException|OperatorCreationException e) { @@ -259,7 +264,7 @@ public class LocalCA extends CA { } finally { tt.done(); } - + return new X509andChain(x509,x509cwi.trustChain); }