X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=auth%2Fauth-certman%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fauth%2Fcm%2Fcert%2FBCFactory.java;h=9715422d80dda1f1cf173102e9946f3149ad20b8;hb=6dd9704640eb8cc8d6b4ccd266e40a3f6f589e75;hp=7f4590f38e177f663b8088968cfb83fe234c72c9;hpb=ceda6e8bc270202bcb24340b86617110289c902e;p=aaf%2Fauthz.git diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/BCFactory.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/BCFactory.java index 7f4590f3..9715422d 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/BCFactory.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/BCFactory.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -37,8 +37,8 @@ import org.bouncycastle.pkcs.PKCS10CertificationRequest; import org.onap.aaf.auth.cm.ca.CA; import org.onap.aaf.auth.cm.validation.CertmanValidator; import org.onap.aaf.cadi.Symm; -import org.onap.aaf.cadi.cm.CertException; -import org.onap.aaf.cadi.cm.Factory; +import org.onap.aaf.cadi.configure.CertException; +import org.onap.aaf.cadi.configure.Factory; import org.onap.aaf.misc.env.Env; import org.onap.aaf.misc.env.TimeTaken; import org.onap.aaf.misc.env.Trans; @@ -47,105 +47,105 @@ import org.onap.aaf.misc.env.Trans; /** * Additional Factory mechanisms for CSRs, and BouncyCastle. The main Factory * utilizes only Java abstractions, and is useful in Client code. - * + * * @author JonathanGathman * */ public class BCFactory extends Factory { - private static final JcaContentSignerBuilder jcsb; - - - static { - // Bouncy - jcsb = new JcaContentSignerBuilder(Factory.SIG_ALGO); - } - - public static ContentSigner contentSigner(PrivateKey pk) throws OperatorCreationException { - return jcsb.build(pk); - } - - public static String toString(PKCS10CertificationRequest csr) throws IOException, CertException { - if(csr==null) { - throw new CertException("x509 Certificate Request not built"); - } - return textBuilder("CERTIFICATE REQUEST",csr.getEncoded()); - } - - public static PKCS10CertificationRequest toCSR(Trans trans, File file) throws IOException { - TimeTaken tt = trans.start("Reconstitute CSR", Env.SUB); - try { - FileReader fr = new FileReader(file); - return new PKCS10CertificationRequest(decode(strip(fr))); - } finally { - tt.done(); - } - } - - public static byte[] sign(Trans trans, ASN1Object toSign, PrivateKey pk) throws IOException, InvalidKeyException, SignatureException, NoSuchAlgorithmException { - TimeTaken tt = trans.start("Encode Security Object", Env.SUB); - try { - return sign(trans,toSign.getEncoded(),pk); - } finally { - tt.done(); - } - } - - public static CSRMeta createCSRMeta(CA ca, String mechid, String sponsorEmail, List fqdns) throws CertException { - CSRMeta csr = ca.newCSRMeta(); - boolean first = true; - // Set CN (and SAN) - for(String fqdn : fqdns) { - if(first) { - first = false; - csr.cn(fqdn); - } - csr.san(fqdn); // duplicate CN in SAN, per RFC 5280 section 4.2.1.6 - } - - csr.challenge(new String(Symm.randomGen(24))); - csr.mechID(mechid); - csr.email(sponsorEmail); - String errs; - if((errs=validateApp(csr))!=null) { - throw new CertException(errs); - } - return csr; - } - - private static String validateApp(CSRMeta csr) { - CertmanValidator v = new CertmanValidator(); - if(v.nullOrBlank("cn", csr.cn()) - .nullOrBlank("mechID", csr.mechID()) - .nullOrBlank("email", csr.email()) - .err()) { - return v.errs(); - } else { - return null; - } - } - - public static CSRMeta createPersonalCSRMeta(CA ca, String personal, String email) throws CertException { - CSRMeta csr = ca.newCSRMeta(); - csr.cn(personal); - csr.challenge(new String(Symm.randomGen(24))); - csr.email(email); - String errs; - if((errs=validatePersonal(csr))!=null) { - throw new CertException(errs); - } - return csr; - } - - private static String validatePersonal(CSRMeta csr) { - CertmanValidator v = new CertmanValidator(); - if(v.nullOrBlank("cn", csr.cn()) - .nullOrBlank("email", csr.email()) - .err()) { - return v.errs(); - } else { - return null; - } - } - + private static final JcaContentSignerBuilder jcsb; + + + static { + // Bouncy + jcsb = new JcaContentSignerBuilder(Factory.SIG_ALGO); + } + + public static ContentSigner contentSigner(PrivateKey pk) throws OperatorCreationException { + return jcsb.build(pk); + } + + public static String toString(PKCS10CertificationRequest csr) throws IOException, CertException { + if (csr==null) { + throw new CertException("x509 Certificate Request not built"); + } + return textBuilder("CERTIFICATE REQUEST",csr.getEncoded()); + } + + public static PKCS10CertificationRequest toCSR(Trans trans, File file) throws IOException { + TimeTaken tt = trans.start("Reconstitute CSR", Env.SUB); + try { + FileReader fr = new FileReader(file); + return new PKCS10CertificationRequest(decode(strip(fr))); + } finally { + tt.done(); + } + } + + public static byte[] sign(Trans trans, ASN1Object toSign, PrivateKey pk) throws IOException, InvalidKeyException, SignatureException, NoSuchAlgorithmException { + TimeTaken tt = trans.start("Encode Security Object", Env.SUB); + try { + return sign(trans,toSign.getEncoded(),pk); + } finally { + tt.done(); + } + } + + public static CSRMeta createCSRMeta(CA ca, String mechid, String sponsorEmail, List fqdns) throws CertException { + CSRMeta csr = ca.newCSRMeta(); + boolean first = true; + // Set CN (and SAN) + for (String fqdn : fqdns) { + if (first) { + first = false; + csr.cn(fqdn); + } + csr.san(fqdn); // duplicate CN in SAN, per RFC 5280 section 4.2.1.6 + } + + csr.challenge(new String(Symm.randomGen(24))); + csr.mechID(mechid); + csr.email(sponsorEmail); + String errs; + if ((errs=validateApp(csr))!=null) { + throw new CertException(errs); + } + return csr; + } + + private static String validateApp(CSRMeta csr) { + CertmanValidator v = new CertmanValidator(); + if (v.nullOrBlank("cn", csr.cn()) + .nullOrBlank("mechID", csr.mechID()) +// .nullOrBlank("email", csr.email()) + .err()) { + return v.errs(); + } else { + return null; + } + } + + public static CSRMeta createPersonalCSRMeta(CA ca, String personal, String email) throws CertException { + CSRMeta csr = ca.newCSRMeta(); + csr.cn(personal); + csr.challenge(new String(Symm.randomGen(24))); + csr.email(email); + String errs; + if ((errs=validatePersonal(csr))!=null) { + throw new CertException(errs); + } + return csr; + } + + private static String validatePersonal(CSRMeta csr) { + CertmanValidator v = new CertmanValidator(); + if (v.nullOrBlank("cn", csr.cn()) + .nullOrBlank("email", csr.email()) + .err()) { + return v.errs(); + } else { + return null; + } + } + }