X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=auth%2Fauth-certman%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fauth%2Fcm%2Fcert%2FCSRMeta.java;h=e0ee03656b765209a5eadc7f28c70cf1f1dea2cc;hb=be1edcb6830745015f5de72e820f40f36dd571ad;hp=5df439ab079fb41569d0fa4b797b86e33d9fa9fe;hpb=4b5a7d721d994a49057e9bfb403c7bff1b376660;p=aaf%2Fauthz.git diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/CSRMeta.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/CSRMeta.java index 5df439ab..e0ee0365 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/CSRMeta.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/CSRMeta.java @@ -3,13 +3,15 @@ * org.onap.aaf * =========================================================================== * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * + * Modifications Copyright (C) 2019 IBM. * =========================================================================== * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -70,42 +72,43 @@ public class CSRMeta { } public X500Name x500Name() { - if(name==null) { + if (name==null) { X500NameBuilder xnb = new X500NameBuilder(); xnb.addRDN(BCStyle.CN,cn); - xnb.addRDN(BCStyle.E,email); - if(mechID!=null) { - if(environment==null) { + // Add as Subject Alternate Name, email + // xnb.addRDN(BCStyle.E,email); + if (mechID!=null) { + if (environment==null) { xnb.addRDN(BCStyle.OU,mechID); } else { xnb.addRDN(BCStyle.OU,mechID+':'+environment); } } - for(RDN rdn : rdns) { + for (RDN rdn : rdns) { xnb.addRDN(rdn.aoi,rdn.value); } name = xnb.build(); } return name; } - - + + public PKCS10CertificationRequest generateCSR(Trans trans) throws IOException, CertException { PKCS10CertificationRequestBuilder builder = new JcaPKCS10CertificationRequestBuilder(x500Name(),keypair(trans).getPublic()); - if(challenge!=null) { + if (challenge!=null) { DERPrintableString password = new DERPrintableString(challenge); builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_challengePassword, password); } - + int plus = email==null?0:1; - if(!sanList.isEmpty()) { + if (!sanList.isEmpty()) { GeneralName[] gna = new GeneralName[sanList.size()+plus]; int i=-1; - for(String s : sanList) { + for (String s : sanList) { gna[++i]=new GeneralName(GeneralName.dNSName,s); } gna[++i]=new GeneralName(GeneralName.rfc822Name,email); - + builder.addAttribute( PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, new Extensions(new Extension[] { @@ -120,7 +123,7 @@ public class CSRMeta { throw new CertException(e); } } - + @SuppressWarnings("deprecation") public static void dump(PKCS10CertificationRequest csr) { Attribute[] certAttributes = csr.getAttributes(); @@ -132,17 +135,17 @@ public class CSRMeta { Extensions extensions = Extensions.getInstance(attribute.getAttrValues().getObjectAt(0)); GeneralNames gns = GeneralNames.fromExtensions(extensions,Extension.subjectAlternativeName); GeneralName[] names = gns.getNames(); - for(int k=0; k < names.length; k++) { + for (int k=0; k < names.length; k++) { String title = ""; - if(names[k].getTagNo() == GeneralName.dNSName) { + if (names[k].getTagNo() == GeneralName.dNSName) { title = "dNSName"; - } else if(names[k].getTagNo() == GeneralName.iPAddress) { + } else if (names[k].getTagNo() == GeneralName.iPAddress) { title = "iPAddress"; // Deprecated, but I don't see anything better to use. names[k].toASN1Object(); - } else if(names[k].getTagNo() == GeneralName.otherName) { + } else if (names[k].getTagNo() == GeneralName.otherName) { title = "otherName"; - } else if(names[k].getTagNo() == GeneralName.rfc822Name) { + } else if (names[k].getTagNo() == GeneralName.rfc822Name) { title = "email"; } @@ -150,8 +153,8 @@ public class CSRMeta { } } } - - public X509Certificate initialConversationCert(Trans trans) throws IOException, CertificateException, OperatorCreationException { + + public X509Certificate initialConversationCert(Trans trans) throws CertificateException, OperatorCreationException { GregorianCalendar gc = new GregorianCalendar(); Date start = gc.getTime(); gc.add(GregorianCalendar.DAY_OF_MONTH,2); @@ -180,7 +183,7 @@ public class CSRMeta { public KeyPair keypair(Trans trans) { - if(keyPair == null) { + if (keyPair == null) { keyPair = Factory.generateKeyPair(trans); } return keyPair; @@ -207,15 +210,15 @@ public class CSRMeta { public void environment(String env) { environment = env; } - + /** - * + * * @return */ public String environment() { return environment; } - + /** * @return the mechID */ @@ -261,5 +264,5 @@ public class CSRMeta { public void challenge(String challenge) { this.challenge = challenge; } - + }