X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=cadi%2Fclient%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fcadi%2Fhttp%2FHX509SS.java;h=89c11b692ae9aa8eb47ef76b4a42d661995993ee;hb=1296352d8eafee57f982a4342ad79ada4aa56d28;hp=c9ff59dbbc344d209d90e9818f49284fa2b6daba;hpb=6261a19e61138e861f5c7eaf37835205f19f1fe0;p=aaf%2Fauthz.git diff --git a/cadi/client/src/main/java/org/onap/aaf/cadi/http/HX509SS.java b/cadi/client/src/main/java/org/onap/aaf/cadi/http/HX509SS.java index c9ff59db..89c11b69 100644 --- a/cadi/client/src/main/java/org/onap/aaf/cadi/http/HX509SS.java +++ b/cadi/client/src/main/java/org/onap/aaf/cadi/http/HX509SS.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -45,108 +45,108 @@ import org.onap.aaf.misc.env.util.Chrono; public class HX509SS implements SecuritySetter { - private static final byte[] X509 = "x509 ".getBytes(); - private PrivateKey priv; - private byte[] pub; - private String cert; - private SecurityInfoC securityInfo; - private String algo; - private String alias; - private static int count = new SecureRandom().nextInt(); - - public HX509SS(SecurityInfoC si) throws APIException, CadiException { - this(null,si,false); - } - - public HX509SS(SecurityInfoC si, boolean asDefault) throws APIException, CadiException { - this(null,si,asDefault); - } - - public HX509SS(final String sendAlias, SecurityInfoC si) throws APIException, CadiException { - this(sendAlias, si, false); - } - - public HX509SS(final String sendAlias, SecurityInfoC si, boolean asDefault) throws APIException, CadiException { - securityInfo = si; - if((alias=sendAlias) == null) { - if(si.defaultAlias == null) { - throw new APIException("JKS Alias is required to use X509SS Security. Use " + Config.CADI_ALIAS +" to set default alias"); - } else { - alias = si.defaultAlias; - } - } - - priv=null; - X509KeyManager[] xkms = si.getKeyManagers(); - if(xkms==null || xkms.length==0) { - throw new APIException("There are no valid keys available in given Keystores. Wrong Keypass? Expired?"); - } - for(int i=0;priv==null&&i0) { - algo = chain[0].getSigAlgName(); - pub = chain[0].getEncoded(); - ByteArrayOutputStream baos = new ByteArrayOutputStream(pub.length*2); - ByteArrayInputStream bais = new ByteArrayInputStream(pub); - Symm.base64noSplit.encode(bais,baos,X509); - cert = baos.toString(); - } - } - } catch (CertificateEncodingException | IOException e) { - throw new CadiException(e); - } - if(algo==null) { - throw new APIException("X509 Security Setter not configured"); - } - } - - @Override - public void setSecurity(HttpURLConnection huc) throws CadiException { - if(huc instanceof HttpsURLConnection) { - securityInfo.setSocketFactoryOn((HttpsURLConnection)huc); - } - if(alias==null) { // must be a one-way - huc.setRequestProperty(AbsAuthentication.AUTHORIZATION, cert); - - // Test Signed content - try { - String data = "SignedContent["+ inc() + ']' + Chrono.dateTime(); - huc.setRequestProperty("Data", data); - - Signature sig = Signature.getInstance(algo); - sig.initSign(priv); - sig.update(data.getBytes()); - byte[] signature = sig.sign(); - - ByteArrayOutputStream baos = new ByteArrayOutputStream((int)(signature.length*1.3)); - ByteArrayInputStream bais = new ByteArrayInputStream(signature); - Symm.base64noSplit.encode(bais, baos); - huc.setRequestProperty("Signature", new String(baos.toByteArray())); - - } catch (Exception e) { - throw new CadiException(e); - } - } - } - - private synchronized int inc() { - return ++count; - } - - /* (non-Javadoc) - * @see org.onap.aaf.cadi.SecuritySetter#getID() - */ - @Override - public String getID() { - return alias; - } - - @Override - public int setLastResponse(int respCode) { - return 0; - } + private static final byte[] X509 = "x509 ".getBytes(); + private PrivateKey priv; + private byte[] pub; + private String cert; + private SecurityInfoC securityInfo; + private String algo; + private String alias; + private static int count = new SecureRandom().nextInt(); + + public HX509SS(SecurityInfoC si) throws APIException, CadiException { + this(null,si,false); + } + + public HX509SS(SecurityInfoC si, boolean asDefault) throws APIException, CadiException { + this(null,si,asDefault); + } + + public HX509SS(final String sendAlias, SecurityInfoC si) throws APIException, CadiException { + this(sendAlias, si, false); + } + + public HX509SS(final String sendAlias, SecurityInfoC si, boolean asDefault) throws APIException, CadiException { + securityInfo = si; + if ((alias=sendAlias) == null) { + if (si.defaultAlias == null) { + throw new APIException("JKS Alias is required to use X509SS Security. Use " + Config.CADI_ALIAS +" to set default alias"); + } else { + alias = si.defaultAlias; + } + } + + priv=null; + X509KeyManager[] xkms = si.getKeyManagers(); + if (xkms==null || xkms.length==0) { + throw new APIException("There are no valid keys available in given Keystores. Wrong Keypass? Expired?"); + } + for (int i=0;priv==null&&i0) { + algo = chain[0].getSigAlgName(); + pub = chain[0].getEncoded(); + ByteArrayOutputStream baos = new ByteArrayOutputStream(pub.length*2); + ByteArrayInputStream bais = new ByteArrayInputStream(pub); + Symm.base64noSplit.encode(bais,baos,X509); + cert = baos.toString(); + } + } + } catch (CertificateEncodingException | IOException e) { + throw new CadiException(e); + } + if (algo==null) { + throw new APIException("X509 Security Setter not configured"); + } + } + + @Override + public void setSecurity(HttpURLConnection huc) throws CadiException { + if (huc instanceof HttpsURLConnection) { + securityInfo.setSocketFactoryOn((HttpsURLConnection)huc); + } + if (alias==null) { // must be a one-way + huc.setRequestProperty(AbsAuthentication.AUTHORIZATION, cert); + + // Test Signed content + try { + String data = "SignedContent["+ inc() + ']' + Chrono.dateTime(); + huc.setRequestProperty("Data", data); + + Signature sig = Signature.getInstance(algo); + sig.initSign(priv); + sig.update(data.getBytes()); + byte[] signature = sig.sign(); + + ByteArrayOutputStream baos = new ByteArrayOutputStream((int)(signature.length*1.3)); + ByteArrayInputStream bais = new ByteArrayInputStream(signature); + Symm.base64noSplit.encode(bais, baos); + huc.setRequestProperty("Signature", new String(baos.toByteArray())); + + } catch (Exception e) { + throw new CadiException(e); + } + } + } + + private synchronized int inc() { + return ++count; + } + + /* (non-Javadoc) + * @see org.onap.aaf.cadi.SecuritySetter#getID() + */ + @Override + public String getID() { + return alias; + } + + @Override + public int setLastResponse(int respCode) { + return 0; + } }