authz-certman/src/main/java/com/att/authz/cm/cert/CSRMeta.java

   1 /*******************************************************************************\r
   2  * ============LICENSE_START====================================================\r
   3  * * org.onap.aai\r
   4  * * ===========================================================================\r
   5  * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
   6  * * Copyright © 2017 Amdocs\r
   7  * * ===========================================================================\r
   8  * * Licensed under the Apache License, Version 2.0 (the "License");\r
   9  * * you may not use this file except in compliance with the License.\r
  10  * * You may obtain a copy of the License at\r
  11  * * \r
  12  *  *      http://www.apache.org/licenses/LICENSE-2.0\r
  13  * * \r
  14  *  * Unless required by applicable law or agreed to in writing, software\r
  15  * * distributed under the License is distributed on an "AS IS" BASIS,\r
  16  * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
  17  * * See the License for the specific language governing permissions and\r
  18  * * limitations under the License.\r
  19  * * ============LICENSE_END====================================================\r
  20  * *\r
  21  * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
  22  * *\r
  23  ******************************************************************************/\r
  24 package com.att.authz.cm.cert;\r
  25 \r
  26 import java.io.IOException;\r
  27 import java.math.BigInteger;\r
  28 import java.security.KeyPair;\r
  29 import java.security.SecureRandom;\r
  30 import java.security.cert.CertificateException;\r
  31 import java.security.cert.X509Certificate;\r
  32 import java.util.ArrayList;\r
  33 import java.util.Date;\r
  34 import java.util.GregorianCalendar;\r
  35 import java.util.List;\r
  36 \r
  37 import org.bouncycastle.asn1.ASN1Sequence;\r
  38 import org.bouncycastle.asn1.DERPrintableString;\r
  39 import org.bouncycastle.asn1.pkcs.Attribute;\r
  40 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;\r
  41 import org.bouncycastle.asn1.x500.X500Name;\r
  42 import org.bouncycastle.asn1.x500.X500NameBuilder;\r
  43 import org.bouncycastle.asn1.x500.style.BCStyle;\r
  44 import org.bouncycastle.asn1.x509.Extension;\r
  45 import org.bouncycastle.asn1.x509.Extensions;\r
  46 import org.bouncycastle.asn1.x509.GeneralName;\r
  47 import org.bouncycastle.asn1.x509.GeneralNames;\r
  48 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;\r
  49 import org.bouncycastle.cert.X509v3CertificateBuilder;\r
  50 import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;\r
  51 import org.bouncycastle.operator.OperatorCreationException;\r
  52 import org.bouncycastle.pkcs.PKCS10CertificationRequest;\r
  53 import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder;\r
  54 import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;\r
  55 \r
  56 import com.att.cadi.cm.CertException;\r
  57 import com.att.cadi.cm.Factory;\r
  58 import com.att.inno.env.Trans;\r
  59 \r
  60 public class CSRMeta {\r
  61         private String environment;\r
  62         private String cn;\r
  63         private String mechID;\r
  64         private String email;\r
  65         private String o;\r
  66         private String l;\r
  67         private String st;\r
  68         private String c;\r
  69         private String challenge;\r
  70         \r
  71         private ArrayList<String> sanList = new ArrayList<String>();\r
  72 \r
  73         private KeyPair keyPair;\r
  74         private X500Name name = null;\r
  75         private SecureRandom random = new SecureRandom();\r
  76 \r
  77         public X500Name x500Name() throws IOException {\r
  78                 if(name==null) {\r
  79                         X500NameBuilder xnb = new X500NameBuilder();\r
  80                         xnb.addRDN(BCStyle.CN,cn);\r
  81                         xnb.addRDN(BCStyle.E,email);\r
  82                         if(environment==null) {\r
  83                                 xnb.addRDN(BCStyle.OU,mechID);\r
  84                         } else {\r
  85                                 xnb.addRDN(BCStyle.OU,mechID+':'+environment);\r
  86                         }\r
  87                         xnb.addRDN(BCStyle.O,o);\r
  88                         xnb.addRDN(BCStyle.L,l);\r
  89                         xnb.addRDN(BCStyle.ST,st);\r
  90                         xnb.addRDN(BCStyle.C,c);\r
  91                         name = xnb.build();\r
  92                 }\r
  93                 return name;\r
  94         }\r
  95         \r
  96         \r
  97         public PKCS10CertificationRequest  generateCSR(Trans trans) throws IOException, CertException {\r
  98                 PKCS10CertificationRequestBuilder builder = new JcaPKCS10CertificationRequestBuilder(x500Name(),keypair(trans).getPublic());\r
  99                 if(challenge!=null) {\r
 100                         DERPrintableString password = new DERPrintableString(challenge);\r
 101                         builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_challengePassword, password);\r
 102                 }\r
 103                 \r
 104                 if(sanList.size()>0) {\r
 105                         GeneralName[] gna = new GeneralName[sanList.size()];\r
 106                         int i=-1;\r
 107                         for(String s : sanList) {\r
 108                                 gna[++i]=new GeneralName(GeneralName.dNSName,s);\r
 109                         }\r
 110                         \r
 111                         builder.addAttribute(\r
 112                                         PKCSObjectIdentifiers.pkcs_9_at_extensionRequest,\r
 113                                         new Extensions(new Extension[] {\r
 114                                                         new Extension(Extension.subjectAlternativeName,false,new GeneralNames(gna).getEncoded())\r
 115                                         })\r
 116                         );\r
 117                 }\r
 118 //              builder.addAttribute(Extension.basicConstraints,new BasicConstraints(false))\r
 119 //      .addAttribute(Extension.keyUsage, new KeyUsage(KeyUsage.digitalSignature\r
 120 //                           | KeyUsage.keyEncipherment));\r
 121                 try {\r
 122                         return builder.build(BCFactory.contentSigner(keypair(trans).getPrivate()));\r
 123                 } catch (OperatorCreationException e) {\r
 124                         throw new CertException(e);\r
 125                 }\r
 126         }\r
 127         \r
 128         @SuppressWarnings("deprecation")\r
 129         public static void dump(PKCS10CertificationRequest csr) {\r
 130                  Attribute[] certAttributes = csr.getAttributes();\r
 131                  for (Attribute attribute : certAttributes) {\r
 132                      if (attribute.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) {\r
 133                          Extensions extensions = Extensions.getInstance(attribute.getAttrValues().getObjectAt(0));\r
 134 //                       Extension ext = extensions.getExtension(Extension.subjectAlternativeName);\r
 135                          GeneralNames gns = GeneralNames.fromExtensions(extensions,Extension.subjectAlternativeName);\r
 136                          GeneralName[] names = gns.getNames();\r
 137                          for(int k=0; k < names.length; k++) {\r
 138                              String title = "";\r
 139                              if(names[k].getTagNo() == GeneralName.dNSName) {\r
 140                                  title = "dNSName";\r
 141                              }\r
 142                              else if(names[k].getTagNo() == GeneralName.iPAddress) {\r
 143                                  title = "iPAddress";\r
 144                                  // Deprecated, but I don't see anything better to use.\r
 145                                  names[k].toASN1Object();\r
 146                              }\r
 147                              else if(names[k].getTagNo() == GeneralName.otherName) {\r
 148                                  title = "otherName";\r
 149                              }\r
 150                              System.out.println(title + ": "+ names[k].getName());\r
 151                          } \r
 152                      }\r
 153                  }\r
 154         }\r
 155         \r
 156         public X509Certificate initialConversationCert(Trans trans) throws IOException, CertificateException, OperatorCreationException {\r
 157                 GregorianCalendar gc = new GregorianCalendar();\r
 158                 Date start = gc.getTime();\r
 159                 gc.add(GregorianCalendar.DAY_OF_MONTH,2);\r
 160                 Date end = gc.getTime();\r
 161                 X509v3CertificateBuilder xcb = new X509v3CertificateBuilder(\r
 162                                 x500Name(),\r
 163                                 new BigInteger(12,random), // replace with Serialnumber scheme\r
 164                                 start,\r
 165                                 end,\r
 166                                 x500Name(),\r
 167 //                              SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(caCert.getPublicKey().getEn)\r
 168                                 new SubjectPublicKeyInfo(ASN1Sequence.getInstance(keypair(trans).getPublic().getEncoded()))\r
 169                                 );\r
 170                 return new JcaX509CertificateConverter().getCertificate(\r
 171                                 xcb.build(BCFactory.contentSigner(keypair(trans).getPrivate())));\r
 172         }\r
 173 \r
 174         public CSRMeta san(String v) {\r
 175                 sanList.add(v);\r
 176                 return this;\r
 177         }\r
 178 \r
 179         public List<String> sans() {\r
 180                 return sanList;\r
 181         }\r
 182 \r
 183 \r
 184         public KeyPair keypair(Trans trans) {\r
 185                 if(keyPair == null) {\r
 186                         keyPair = Factory.generateKeyPair(trans);\r
 187                 }\r
 188                 return keyPair;\r
 189         }\r
 190 \r
 191         /**\r
 192          * @return the cn\r
 193          */\r
 194         public String cn() {\r
 195                 return cn;\r
 196         }\r
 197 \r
 198 \r
 199         /**\r
 200          * @param cn the cn to set\r
 201          */\r
 202         public void cn(String cn) {\r
 203                 this.cn = cn;\r
 204         }\r
 205 \r
 206         /**\r
 207          * Environment of Service MechID is good for\r
 208          */\r
 209         public void environment(String env) {\r
 210                 environment = env;\r
 211         }\r
 212         \r
 213         /**\r
 214          * \r
 215          * @return\r
 216          */\r
 217         public String environment() {\r
 218                 return environment;\r
 219         }\r
 220         \r
 221         /**\r
 222          * @return the mechID\r
 223          */\r
 224         public String mechID() {\r
 225                 return mechID;\r
 226         }\r
 227 \r
 228 \r
 229         /**\r
 230          * @param mechID the mechID to set\r
 231          */\r
 232         public void mechID(String mechID) {\r
 233                 this.mechID = mechID;\r
 234         }\r
 235 \r
 236 \r
 237         /**\r
 238          * @return the email\r
 239          */\r
 240         public String email() {\r
 241                 return email;\r
 242         }\r
 243 \r
 244 \r
 245         /**\r
 246          * @param email the email to set\r
 247          */\r
 248         public void email(String email) {\r
 249                 this.email = email;\r
 250         }\r
 251 \r
 252 \r
 253         /**\r
 254          * @return the o\r
 255          */\r
 256         public String o() {\r
 257                 return o;\r
 258         }\r
 259 \r
 260 \r
 261         /**\r
 262          * @param o the o to set\r
 263          */\r
 264         public void o(String o) {\r
 265                 this.o = o;\r
 266         }\r
 267 \r
 268         /**\r
 269          * \r
 270          * @return the l\r
 271          */\r
 272         public String l() {\r
 273                 return l;\r
 274         }\r
 275         \r
 276         /**\r
 277          * @param l the l to set\r
 278          */\r
 279         public void l(String l) {\r
 280                 this.l=l;\r
 281         }\r
 282 \r
 283         /**\r
 284          * @return the st\r
 285          */\r
 286         public String st() {\r
 287                 return st;\r
 288         }\r
 289 \r
 290 \r
 291         /**\r
 292          * @param st the st to set\r
 293          */\r
 294         public void st(String st) {\r
 295                 this.st = st;\r
 296         }\r
 297 \r
 298 \r
 299         /**\r
 300          * @return the c\r
 301          */\r
 302         public String c() {\r
 303                 return c;\r
 304         }\r
 305 \r
 306 \r
 307         /**\r
 308          * @param c the c to set\r
 309          */\r
 310         public void c(String c) {\r
 311                 this.c = c;\r
 312         }\r
 313 \r
 314 \r
 315         /**\r
 316          * @return the challenge\r
 317          */\r
 318         public String challenge() {\r
 319                 return challenge;\r
 320         }\r
 321 \r
 322 \r
 323         /**\r
 324          * @param challenge the challenge to set\r
 325          */\r
 326         public void challenge(String challenge) {\r
 327                 this.challenge = challenge;\r
 328         }\r
 329         \r
 330 }\r