1 /*******************************************************************************
\r
2 * ============LICENSE_START====================================================
\r
4 * * ===========================================================================
\r
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
\r
6 * * Copyright © 2017 Amdocs
\r
7 * * ===========================================================================
\r
8 * * Licensed under the Apache License, Version 2.0 (the "License");
\r
9 * * you may not use this file except in compliance with the License.
\r
10 * * You may obtain a copy of the License at
\r
12 * * http://www.apache.org/licenses/LICENSE-2.0
\r
14 * * Unless required by applicable law or agreed to in writing, software
\r
15 * * distributed under the License is distributed on an "AS IS" BASIS,
\r
16 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
\r
17 * * See the License for the specific language governing permissions and
\r
18 * * limitations under the License.
\r
19 * * ============LICENSE_END====================================================
\r
21 * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
\r
23 ******************************************************************************/
\r
24 package com.att.authz.cm.cert;
\r
26 import java.io.IOException;
\r
27 import java.math.BigInteger;
\r
28 import java.security.KeyPair;
\r
29 import java.security.SecureRandom;
\r
30 import java.security.cert.CertificateException;
\r
31 import java.security.cert.X509Certificate;
\r
32 import java.util.ArrayList;
\r
33 import java.util.Date;
\r
34 import java.util.GregorianCalendar;
\r
35 import java.util.List;
\r
37 import org.bouncycastle.asn1.ASN1Sequence;
\r
38 import org.bouncycastle.asn1.DERPrintableString;
\r
39 import org.bouncycastle.asn1.pkcs.Attribute;
\r
40 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
\r
41 import org.bouncycastle.asn1.x500.X500Name;
\r
42 import org.bouncycastle.asn1.x500.X500NameBuilder;
\r
43 import org.bouncycastle.asn1.x500.style.BCStyle;
\r
44 import org.bouncycastle.asn1.x509.Extension;
\r
45 import org.bouncycastle.asn1.x509.Extensions;
\r
46 import org.bouncycastle.asn1.x509.GeneralName;
\r
47 import org.bouncycastle.asn1.x509.GeneralNames;
\r
48 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
\r
49 import org.bouncycastle.cert.X509v3CertificateBuilder;
\r
50 import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
\r
51 import org.bouncycastle.operator.OperatorCreationException;
\r
52 import org.bouncycastle.pkcs.PKCS10CertificationRequest;
\r
53 import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder;
\r
54 import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
\r
56 import com.att.cadi.cm.CertException;
\r
57 import com.att.cadi.cm.Factory;
\r
58 import com.att.inno.env.Trans;
\r
60 public class CSRMeta {
\r
61 private String environment;
\r
63 private String mechID;
\r
64 private String email;
\r
69 private String challenge;
\r
71 private ArrayList<String> sanList = new ArrayList<String>();
\r
73 private KeyPair keyPair;
\r
74 private X500Name name = null;
\r
75 private SecureRandom random = new SecureRandom();
\r
77 public X500Name x500Name() throws IOException {
\r
79 X500NameBuilder xnb = new X500NameBuilder();
\r
80 xnb.addRDN(BCStyle.CN,cn);
\r
81 xnb.addRDN(BCStyle.E,email);
\r
82 if(environment==null) {
\r
83 xnb.addRDN(BCStyle.OU,mechID);
\r
85 xnb.addRDN(BCStyle.OU,mechID+':'+environment);
\r
87 xnb.addRDN(BCStyle.O,o);
\r
88 xnb.addRDN(BCStyle.L,l);
\r
89 xnb.addRDN(BCStyle.ST,st);
\r
90 xnb.addRDN(BCStyle.C,c);
\r
97 public PKCS10CertificationRequest generateCSR(Trans trans) throws IOException, CertException {
\r
98 PKCS10CertificationRequestBuilder builder = new JcaPKCS10CertificationRequestBuilder(x500Name(),keypair(trans).getPublic());
\r
99 if(challenge!=null) {
\r
100 DERPrintableString password = new DERPrintableString(challenge);
\r
101 builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_challengePassword, password);
\r
104 if(sanList.size()>0) {
\r
105 GeneralName[] gna = new GeneralName[sanList.size()];
\r
107 for(String s : sanList) {
\r
108 gna[++i]=new GeneralName(GeneralName.dNSName,s);
\r
111 builder.addAttribute(
\r
112 PKCSObjectIdentifiers.pkcs_9_at_extensionRequest,
\r
113 new Extensions(new Extension[] {
\r
114 new Extension(Extension.subjectAlternativeName,false,new GeneralNames(gna).getEncoded())
\r
118 // builder.addAttribute(Extension.basicConstraints,new BasicConstraints(false))
\r
119 // .addAttribute(Extension.keyUsage, new KeyUsage(KeyUsage.digitalSignature
\r
120 // | KeyUsage.keyEncipherment));
\r
122 return builder.build(BCFactory.contentSigner(keypair(trans).getPrivate()));
\r
123 } catch (OperatorCreationException e) {
\r
124 throw new CertException(e);
\r
128 @SuppressWarnings("deprecation")
\r
129 public static void dump(PKCS10CertificationRequest csr) {
\r
130 Attribute[] certAttributes = csr.getAttributes();
\r
131 for (Attribute attribute : certAttributes) {
\r
132 if (attribute.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) {
\r
133 Extensions extensions = Extensions.getInstance(attribute.getAttrValues().getObjectAt(0));
\r
134 // Extension ext = extensions.getExtension(Extension.subjectAlternativeName);
\r
135 GeneralNames gns = GeneralNames.fromExtensions(extensions,Extension.subjectAlternativeName);
\r
136 GeneralName[] names = gns.getNames();
\r
137 for(int k=0; k < names.length; k++) {
\r
139 if(names[k].getTagNo() == GeneralName.dNSName) {
\r
142 else if(names[k].getTagNo() == GeneralName.iPAddress) {
\r
143 title = "iPAddress";
\r
144 // Deprecated, but I don't see anything better to use.
\r
145 names[k].toASN1Object();
\r
147 else if(names[k].getTagNo() == GeneralName.otherName) {
\r
148 title = "otherName";
\r
150 System.out.println(title + ": "+ names[k].getName());
\r
156 public X509Certificate initialConversationCert(Trans trans) throws IOException, CertificateException, OperatorCreationException {
\r
157 GregorianCalendar gc = new GregorianCalendar();
\r
158 Date start = gc.getTime();
\r
159 gc.add(GregorianCalendar.DAY_OF_MONTH,2);
\r
160 Date end = gc.getTime();
\r
161 X509v3CertificateBuilder xcb = new X509v3CertificateBuilder(
\r
163 new BigInteger(12,random), // replace with Serialnumber scheme
\r
167 // SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(caCert.getPublicKey().getEn)
\r
168 new SubjectPublicKeyInfo(ASN1Sequence.getInstance(keypair(trans).getPublic().getEncoded()))
\r
170 return new JcaX509CertificateConverter().getCertificate(
\r
171 xcb.build(BCFactory.contentSigner(keypair(trans).getPrivate())));
\r
174 public CSRMeta san(String v) {
\r
179 public List<String> sans() {
\r
184 public KeyPair keypair(Trans trans) {
\r
185 if(keyPair == null) {
\r
186 keyPair = Factory.generateKeyPair(trans);
\r
194 public String cn() {
\r
200 * @param cn the cn to set
\r
202 public void cn(String cn) {
\r
207 * Environment of Service MechID is good for
\r
209 public void environment(String env) {
\r
217 public String environment() {
\r
218 return environment;
\r
222 * @return the mechID
\r
224 public String mechID() {
\r
230 * @param mechID the mechID to set
\r
232 public void mechID(String mechID) {
\r
233 this.mechID = mechID;
\r
238 * @return the email
\r
240 public String email() {
\r
246 * @param email the email to set
\r
248 public void email(String email) {
\r
249 this.email = email;
\r
256 public String o() {
\r
262 * @param o the o to set
\r
264 public void o(String o) {
\r
272 public String l() {
\r
277 * @param l the l to set
\r
279 public void l(String l) {
\r
286 public String st() {
\r
292 * @param st the st to set
\r
294 public void st(String st) {
\r
302 public String c() {
\r
308 * @param c the c to set
\r
310 public void c(String c) {
\r
316 * @return the challenge
\r
318 public String challenge() {
\r
324 * @param challenge the challenge to set
\r
326 public void challenge(String challenge) {
\r
327 this.challenge = challenge;
\r