X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=certService%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Foom%2Fcertservice%2Fcmpv2client%2Fimpl%2FCmpMessageHelper.java;h=1e64a2e04b9cd81a0ff0f4af1d5c9bcfd2d98297;hb=b4030c1d7ebd848f28fb5000ac1d8f7e4fbfca85;hp=5c61aa9f8ac810e452950042e387e52ba076c4c6;hpb=a540a1d598ffa2f3b0e9179cb3d80c34e56ae52a;p=oom%2Fplatform%2Fcert-service.git diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java index 5c61aa9f..1e64a2e0 100644 --- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java +++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java @@ -25,6 +25,7 @@ import static org.onap.oom.certservice.cmpv2client.impl.CmpUtil.generateProtecte import java.io.ByteArrayOutputStream; import java.io.IOException; import java.security.InvalidKeyException; +import java.security.Key; import java.security.KeyPair; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; @@ -54,11 +55,13 @@ import org.bouncycastle.asn1.crmf.POPOSigningKey; import org.bouncycastle.asn1.crmf.ProofOfPossession; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.asn1.x509.ExtendedKeyUsage; import org.bouncycastle.asn1.x509.Extension; import org.bouncycastle.asn1.x509.Extensions; import org.bouncycastle.asn1.x509.ExtensionsGenerator; import org.bouncycastle.asn1.x509.GeneralName; import org.bouncycastle.asn1.x509.GeneralNames; +import org.bouncycastle.asn1.x509.KeyPurposeId; import org.bouncycastle.asn1.x509.KeyUsage; import org.bouncycastle.asn1.x509.Time; import org.bouncycastle.jce.provider.BouncyCastleProvider; @@ -72,9 +75,10 @@ public final class CmpMessageHelper { private static final AlgorithmIdentifier OWF_ALGORITHM = new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.3.14.3.2.26")); private static final AlgorithmIdentifier MAC_ALGORITHM = - new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.2.840.113549.2.9")); + new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.3.6.1.5.5.8.1.2")); private static final ASN1ObjectIdentifier PASSWORD_BASED_MAC = new ASN1ObjectIdentifier("1.2.840.113533.7.66.13"); + private static final boolean CRITICAL_FALSE = false; private CmpMessageHelper() { } @@ -111,14 +115,11 @@ public final class CmpMessageHelper { throws CmpClientException { LOG.info("Generating Extensions from Subject Alternative Names"); final ExtensionsGenerator extGenerator = new ExtensionsGenerator(); - // KeyUsage try { - final KeyUsage keyUsage = - new KeyUsage( - KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.nonRepudiation); - extGenerator.addExtension(Extension.keyUsage, false, new DERBitString(keyUsage)); + extGenerator.addExtension(Extension.keyUsage, CRITICAL_FALSE, getKeyUsage()); + extGenerator.addExtension(Extension.extendedKeyUsage, CRITICAL_FALSE, getExtendedKeyUsage()); extGenerator.addExtension( - Extension.subjectAlternativeName, false, new GeneralNames(sansArray)); + Extension.subjectAlternativeName, CRITICAL_FALSE, new GeneralNames(sansArray)); } catch (IOException ioe) { CmpClientException cmpClientException = new CmpClientException( @@ -230,4 +231,14 @@ public final class CmpMessageHelper { return new PKIMessage(pkiHeader, pkiBody, bs); } + + private static KeyUsage getKeyUsage() { + return new KeyUsage( + KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.nonRepudiation); + } + + private static ExtendedKeyUsage getExtendedKeyUsage() { + return new ExtendedKeyUsage( + new KeyPurposeId[]{KeyPurposeId.id_kp_clientAuth, KeyPurposeId.id_kp_serverAuth}); + } }