authz-certman/src/main/java/org/onap/aaf/authz/cm/cert/CSRMeta.java

   1 /*******************************************************************************\r
   2  * ============LICENSE_START====================================================\r
   3  * * org.onap.aaf\r
   4  * * ===========================================================================\r
   5  * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
   6  * * ===========================================================================\r
   7  * * Licensed under the Apache License, Version 2.0 (the "License");\r
   8  * * you may not use this file except in compliance with the License.\r
   9  * * You may obtain a copy of the License at\r
  10  * * \r
  11  *  *      http://www.apache.org/licenses/LICENSE-2.0\r
  12  * * \r
  13  *  * Unless required by applicable law or agreed to in writing, software\r
  14  * * distributed under the License is distributed on an "AS IS" BASIS,\r
  15  * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
  16  * * See the License for the specific language governing permissions and\r
  17  * * limitations under the License.\r
  18  * * ============LICENSE_END====================================================\r
  19  * *\r
  20  * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
  21  * *\r
  22  ******************************************************************************/\r
  23 package org.onap.aaf.authz.cm.cert;\r
  24 \r
  25 import java.io.IOException;\r
  26 import java.math.BigInteger;\r
  27 import java.security.KeyPair;\r
  28 import java.security.SecureRandom;\r
  29 import java.security.cert.CertificateException;\r
  30 import java.security.cert.X509Certificate;\r
  31 import java.util.ArrayList;\r
  32 import java.util.Date;\r
  33 import java.util.GregorianCalendar;\r
  34 import java.util.List;\r
  35 \r
  36 import org.bouncycastle.asn1.ASN1Sequence;\r
  37 import org.bouncycastle.asn1.DERPrintableString;\r
  38 import org.bouncycastle.asn1.pkcs.Attribute;\r
  39 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;\r
  40 import org.bouncycastle.asn1.x500.X500Name;\r
  41 import org.bouncycastle.asn1.x500.X500NameBuilder;\r
  42 import org.bouncycastle.asn1.x500.style.BCStyle;\r
  43 import org.bouncycastle.asn1.x509.Extension;\r
  44 import org.bouncycastle.asn1.x509.Extensions;\r
  45 import org.bouncycastle.asn1.x509.GeneralName;\r
  46 import org.bouncycastle.asn1.x509.GeneralNames;\r
  47 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;\r
  48 import org.bouncycastle.cert.X509v3CertificateBuilder;\r
  49 import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;\r
  50 import org.bouncycastle.operator.OperatorCreationException;\r
  51 import org.bouncycastle.pkcs.PKCS10CertificationRequest;\r
  52 import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder;\r
  53 import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;\r
  54 \r
  55 import org.onap.aaf.cadi.cm.CertException;\r
  56 import org.onap.aaf.cadi.cm.Factory;\r
  57 import org.onap.aaf.inno.env.Trans;\r
  58 \r
  59 public class CSRMeta {\r
  60         private String environment;\r
  61         private String cn;\r
  62         private String mechID;\r
  63         private String email;\r
  64         private String o;\r
  65         private String l;\r
  66         private String st;\r
  67         private String c;\r
  68         private String challenge;\r
  69         \r
  70         private ArrayList<String> sanList = new ArrayList<String>();\r
  71 \r
  72         private KeyPair keyPair;\r
  73         private X500Name name = null;\r
  74         private SecureRandom random = new SecureRandom();\r
  75 \r
  76         public X500Name x500Name() throws IOException {\r
  77                 if(name==null) {\r
  78                         X500NameBuilder xnb = new X500NameBuilder();\r
  79                         xnb.addRDN(BCStyle.CN,cn);\r
  80                         xnb.addRDN(BCStyle.E,email);\r
  81                         if(environment==null) {\r
  82                                 xnb.addRDN(BCStyle.OU,mechID);\r
  83                         } else {\r
  84                                 xnb.addRDN(BCStyle.OU,mechID+':'+environment);\r
  85                         }\r
  86                         xnb.addRDN(BCStyle.O,o);\r
  87                         xnb.addRDN(BCStyle.L,l);\r
  88                         xnb.addRDN(BCStyle.ST,st);\r
  89                         xnb.addRDN(BCStyle.C,c);\r
  90                         name = xnb.build();\r
  91                 }\r
  92                 return name;\r
  93         }\r
  94         \r
  95         \r
  96         public PKCS10CertificationRequest  generateCSR(Trans trans) throws IOException, CertException {\r
  97                 PKCS10CertificationRequestBuilder builder = new JcaPKCS10CertificationRequestBuilder(x500Name(),keypair(trans).getPublic());\r
  98                 if(challenge!=null) {\r
  99                         DERPrintableString password = new DERPrintableString(challenge);\r
 100                         builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_challengePassword, password);\r
 101                 }\r
 102                 \r
 103                 if(sanList.size()>0) {\r
 104                         GeneralName[] gna = new GeneralName[sanList.size()];\r
 105                         int i=-1;\r
 106                         for(String s : sanList) {\r
 107                                 gna[++i]=new GeneralName(GeneralName.dNSName,s);\r
 108                         }\r
 109                         \r
 110                         builder.addAttribute(\r
 111                                         PKCSObjectIdentifiers.pkcs_9_at_extensionRequest,\r
 112                                         new Extensions(new Extension[] {\r
 113                                                         new Extension(Extension.subjectAlternativeName,false,new GeneralNames(gna).getEncoded())\r
 114                                         })\r
 115                         );\r
 116                 }\r
 117 //              builder.addAttribute(Extension.basicConstraints,new BasicConstraints(false))\r
 118 //      .addAttribute(Extension.keyUsage, new KeyUsage(KeyUsage.digitalSignature\r
 119 //                           | KeyUsage.keyEncipherment));\r
 120                 try {\r
 121                         return builder.build(BCFactory.contentSigner(keypair(trans).getPrivate()));\r
 122                 } catch (OperatorCreationException e) {\r
 123                         throw new CertException(e);\r
 124                 }\r
 125         }\r
 126         \r
 127         @SuppressWarnings("deprecation")\r
 128         public static void dump(PKCS10CertificationRequest csr) {\r
 129                  Attribute[] certAttributes = csr.getAttributes();\r
 130                  for (Attribute attribute : certAttributes) {\r
 131                      if (attribute.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) {\r
 132                          Extensions extensions = Extensions.getInstance(attribute.getAttrValues().getObjectAt(0));\r
 133 //                       Extension ext = extensions.getExtension(Extension.subjectAlternativeName);\r
 134                          GeneralNames gns = GeneralNames.fromExtensions(extensions,Extension.subjectAlternativeName);\r
 135                          GeneralName[] names = gns.getNames();\r
 136                          for(int k=0; k < names.length; k++) {\r
 137                              String title = "";\r
 138                              if(names[k].getTagNo() == GeneralName.dNSName) {\r
 139                                  title = "dNSName";\r
 140                              }\r
 141                              else if(names[k].getTagNo() == GeneralName.iPAddress) {\r
 142                                  title = "iPAddress";\r
 143                                  // Deprecated, but I don't see anything better to use.\r
 144                                  names[k].toASN1Object();\r
 145                              }\r
 146                              else if(names[k].getTagNo() == GeneralName.otherName) {\r
 147                                  title = "otherName";\r
 148                              }\r
 149                              System.out.println(title + ": "+ names[k].getName());\r
 150                          } \r
 151                      }\r
 152                  }\r
 153         }\r
 154         \r
 155         public X509Certificate initialConversationCert(Trans trans) throws IOException, CertificateException, OperatorCreationException {\r
 156                 GregorianCalendar gc = new GregorianCalendar();\r
 157                 Date start = gc.getTime();\r
 158                 gc.add(GregorianCalendar.DAY_OF_MONTH,2);\r
 159                 Date end = gc.getTime();\r
 160                 X509v3CertificateBuilder xcb = new X509v3CertificateBuilder(\r
 161                                 x500Name(),\r
 162                                 new BigInteger(12,random), // replace with Serialnumber scheme\r
 163                                 start,\r
 164                                 end,\r
 165                                 x500Name(),\r
 166 //                              SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(caCert.getPublicKey().getEn)\r
 167                                 new SubjectPublicKeyInfo(ASN1Sequence.getInstance(keypair(trans).getPublic().getEncoded()))\r
 168                                 );\r
 169                 return new JcaX509CertificateConverter().getCertificate(\r
 170                                 xcb.build(BCFactory.contentSigner(keypair(trans).getPrivate())));\r
 171         }\r
 172 \r
 173         public CSRMeta san(String v) {\r
 174                 sanList.add(v);\r
 175                 return this;\r
 176         }\r
 177 \r
 178         public List<String> sans() {\r
 179                 return sanList;\r
 180         }\r
 181 \r
 182 \r
 183         public KeyPair keypair(Trans trans) {\r
 184                 if(keyPair == null) {\r
 185                         keyPair = Factory.generateKeyPair(trans);\r
 186                 }\r
 187                 return keyPair;\r
 188         }\r
 189 \r
 190         /**\r
 191          * @return the cn\r
 192          */\r
 193         public String cn() {\r
 194                 return cn;\r
 195         }\r
 196 \r
 197 \r
 198         /**\r
 199          * @param cn the cn to set\r
 200          */\r
 201         public void cn(String cn) {\r
 202                 this.cn = cn;\r
 203         }\r
 204 \r
 205         /**\r
 206          * Environment of Service MechID is good for\r
 207          */\r
 208         public void environment(String env) {\r
 209                 environment = env;\r
 210         }\r
 211         \r
 212         /**\r
 213          * \r
 214          * @return\r
 215          */\r
 216         public String environment() {\r
 217                 return environment;\r
 218         }\r
 219         \r
 220         /**\r
 221          * @return the mechID\r
 222          */\r
 223         public String mechID() {\r
 224                 return mechID;\r
 225         }\r
 226 \r
 227 \r
 228         /**\r
 229          * @param mechID the mechID to set\r
 230          */\r
 231         public void mechID(String mechID) {\r
 232                 this.mechID = mechID;\r
 233         }\r
 234 \r
 235 \r
 236         /**\r
 237          * @return the email\r
 238          */\r
 239         public String email() {\r
 240                 return email;\r
 241         }\r
 242 \r
 243 \r
 244         /**\r
 245          * @param email the email to set\r
 246          */\r
 247         public void email(String email) {\r
 248                 this.email = email;\r
 249         }\r
 250 \r
 251 \r
 252         /**\r
 253          * @return the o\r
 254          */\r
 255         public String o() {\r
 256                 return o;\r
 257         }\r
 258 \r
 259 \r
 260         /**\r
 261          * @param o the o to set\r
 262          */\r
 263         public void o(String o) {\r
 264                 this.o = o;\r
 265         }\r
 266 \r
 267         /**\r
 268          * \r
 269          * @return the l\r
 270          */\r
 271         public String l() {\r
 272                 return l;\r
 273         }\r
 274         \r
 275         /**\r
 276          * @param l the l to set\r
 277          */\r
 278         public void l(String l) {\r
 279                 this.l=l;\r
 280         }\r
 281 \r
 282         /**\r
 283          * @return the st\r
 284          */\r
 285         public String st() {\r
 286                 return st;\r
 287         }\r
 288 \r
 289 \r
 290         /**\r
 291          * @param st the st to set\r
 292          */\r
 293         public void st(String st) {\r
 294                 this.st = st;\r
 295         }\r
 296 \r
 297 \r
 298         /**\r
 299          * @return the c\r
 300          */\r
 301         public String c() {\r
 302                 return c;\r
 303         }\r
 304 \r
 305 \r
 306         /**\r
 307          * @param c the c to set\r
 308          */\r
 309         public void c(String c) {\r
 310                 this.c = c;\r
 311         }\r
 312 \r
 313 \r
 314         /**\r
 315          * @return the challenge\r
 316          */\r
 317         public String challenge() {\r
 318                 return challenge;\r
 319         }\r
 320 \r
 321 \r
 322         /**\r
 323          * @param challenge the challenge to set\r
 324          */\r
 325         public void challenge(String challenge) {\r
 326                 this.challenge = challenge;\r
 327         }\r
 328         \r
 329 }\r