2 * ============LICENSE_START====================================================
4 * ===========================================================================
5 * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
6 * ===========================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END====================================================
22 package org.onap.aaf.cadi.cm;
24 import java.io.BufferedReader;
25 import java.io.ByteArrayInputStream;
26 import java.io.ByteArrayOutputStream;
27 import java.io.DataInputStream;
29 import java.io.FileInputStream;
30 import java.io.FileNotFoundException;
31 import java.io.FileReader;
32 import java.io.IOException;
33 import java.io.InputStream;
34 import java.io.InputStreamReader;
35 import java.io.Reader;
36 import java.io.StringReader;
37 import java.security.InvalidKeyException;
38 import java.security.Key;
39 import java.security.KeyFactory;
40 import java.security.KeyPair;
41 import java.security.KeyPairGenerator;
42 import java.security.NoSuchAlgorithmException;
43 import java.security.PrivateKey;
44 import java.security.PublicKey;
45 import java.security.SecureRandom;
46 import java.security.Signature;
47 import java.security.SignatureException;
48 import java.security.cert.Certificate;
49 import java.security.cert.CertificateEncodingException;
50 import java.security.cert.CertificateException;
51 import java.security.cert.CertificateFactory;
52 import java.security.cert.X509Certificate;
53 import java.security.spec.InvalidKeySpecException;
54 import java.security.spec.PKCS8EncodedKeySpec;
55 import java.security.spec.X509EncodedKeySpec;
56 import java.util.Collection;
57 import java.util.List;
59 import javax.crypto.Cipher;
60 import javax.crypto.NoSuchPaddingException;
62 import org.onap.aaf.cadi.Symm;
63 import org.onap.aaf.misc.env.Env;
64 import org.onap.aaf.misc.env.TimeTaken;
65 import org.onap.aaf.misc.env.Trans;
67 public class Factory {
68 private static final String PRIVATE_KEY_HEADER = "PRIVATE KEY";
69 public static final String KEY_ALGO = "RSA";
70 public static final String SIG_ALGO = "SHA256withRSA";
72 public static final int KEY_LENGTH = 2048;
73 private static final KeyPairGenerator keygen;
74 private static final KeyFactory keyFactory;
75 private static final CertificateFactory certificateFactory;
76 private static final SecureRandom random;
79 private static final Symm base64 = Symm.base64.copy(64);
82 random = new SecureRandom();
83 KeyPairGenerator tempKeygen;
85 tempKeygen = KeyPairGenerator.getInstance(KEY_ALGO);//,"BC");
86 tempKeygen.initialize(KEY_LENGTH, random);
87 } catch (NoSuchAlgorithmException e) {
89 e.printStackTrace(System.err);
93 KeyFactory tempKeyFactory;
95 tempKeyFactory=KeyFactory.getInstance(KEY_ALGO);//,"BC"
96 } catch (NoSuchAlgorithmException e) {
97 tempKeyFactory = null;
98 e.printStackTrace(System.err);
100 keyFactory = tempKeyFactory;
102 CertificateFactory tempCertificateFactory;
104 tempCertificateFactory = CertificateFactory.getInstance("X.509");
105 } catch (CertificateException e) {
106 tempCertificateFactory = null;
107 e.printStackTrace(System.err);
109 certificateFactory = tempCertificateFactory;
115 public static KeyPair generateKeyPair(Trans trans) {
118 tt = trans.start("Generate KeyPair", Env.SUB);
123 return keygen.generateKeyPair();
131 private static final String LINE_END = "-----\n";
133 protected static String textBuilder(String kind, byte[] bytes) throws IOException {
134 StringBuilder sb = new StringBuilder();
135 sb.append("-----BEGIN ");
139 ByteArrayInputStream bais = new ByteArrayInputStream(bytes);
140 ByteArrayOutputStream baos = new ByteArrayOutputStream();
141 base64.encode(bais, baos);
142 sb.append(new String(baos.toByteArray()));
144 if(sb.charAt(sb.length()-1)!='\n') {
147 sb.append("-----END ");
150 return sb.toString();
153 public static PrivateKey toPrivateKey(Trans trans, String pk) throws IOException, CertException {
154 byte[] bytes = decode(new StringReader(pk));
155 return toPrivateKey(trans, bytes);
158 public static PrivateKey toPrivateKey(Trans trans, byte[] bytes) throws IOException, CertException {
159 TimeTaken tt=trans.start("Reconstitute Private Key", Env.SUB);
161 return keyFactory.generatePrivate(new PKCS8EncodedKeySpec(bytes));
162 } catch (InvalidKeySpecException e) {
163 throw new CertException("Translating Private Key from PKCS8 KeySpec",e);
169 public static PrivateKey toPrivateKey(Trans trans, File file) throws IOException, CertException {
170 TimeTaken tt = trans.start("Decode Private Key File", Env.SUB);
172 return toPrivateKey(trans,decode(file));
178 public static String toString(Trans trans, PrivateKey pk) throws IOException {
179 // PKCS8EncodedKeySpec pemContents = new PKCS8EncodedKeySpec(pk.getEncoded());
180 trans.debug().log("Private Key to String");
181 return textBuilder(PRIVATE_KEY_HEADER,pk.getEncoded());
184 public static PublicKey toPublicKey(Trans trans, String pk) throws IOException {
185 TimeTaken tt = trans.start("Reconstitute Public Key", Env.SUB);
187 ByteArrayInputStream bais = new ByteArrayInputStream(pk.getBytes());
188 ByteArrayOutputStream baos = new ByteArrayOutputStream();
189 Symm.base64noSplit.decode(bais, baos);
191 return keyFactory.generatePublic(new X509EncodedKeySpec(baos.toByteArray()));
192 } catch (InvalidKeySpecException e) {
193 trans.error().log(e,"Translating Public Key from X509 KeySpec");
200 public static String toString(Trans trans, PublicKey pk) throws IOException {
201 trans.debug().log("Public Key to String");
202 return textBuilder("PUBLIC KEY",pk.getEncoded());
205 public static Collection<? extends Certificate> toX509Certificate(String x509) throws CertificateException {
206 return toX509Certificate(x509.getBytes());
209 public static Collection<? extends Certificate> toX509Certificate(List<String> x509s) throws CertificateException {
210 ByteArrayOutputStream baos = new ByteArrayOutputStream();
212 for(String x509 : x509s) {
213 baos.write(x509.getBytes());
215 } catch (IOException e) {
216 throw new CertificateException(e);
218 return toX509Certificate(new ByteArrayInputStream(baos.toByteArray()));
221 public static Collection<? extends Certificate> toX509Certificate(byte[] x509) throws CertificateException {
222 return certificateFactory.generateCertificates(new ByteArrayInputStream(x509));
225 public static Collection<? extends Certificate> toX509Certificate(Trans trans, File file) throws CertificateException, FileNotFoundException {
226 FileInputStream fis = new FileInputStream(file);
228 return toX509Certificate(fis);
232 } catch (IOException e) {
233 throw new CertificateException(e);
238 public static Collection<? extends Certificate> toX509Certificate(InputStream is) throws CertificateException {
239 return certificateFactory.generateCertificates(is);
242 public static String toString(Trans trans, Certificate cert) throws IOException, CertException {
243 if(trans.debug().isLoggable()) {
244 StringBuilder sb = new StringBuilder("Certificate to String");
245 if(cert instanceof X509Certificate) {
247 sb.append(((X509Certificate)cert).getSubjectDN());
249 trans.debug().log(sb);
253 throw new CertException("Certificate not built");
255 return textBuilder("CERTIFICATE",cert.getEncoded());
256 } catch (CertificateEncodingException e) {
257 throw new CertException(e);
261 public static Cipher pkCipher() throws NoSuchAlgorithmException, NoSuchPaddingException {
262 return Cipher.getInstance(KEY_ALGO);
265 public static Cipher pkCipher(Key key, boolean encrypt) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException {
266 Cipher cipher = Cipher.getInstance(KEY_ALGO);
267 cipher.init(encrypt?Cipher.ENCRYPT_MODE:Cipher.DECRYPT_MODE,key);
271 public static byte[] strip(Reader rdr) throws IOException {
272 BufferedReader br = new BufferedReader(rdr);
273 ByteArrayOutputStream baos = new ByteArrayOutputStream();
275 while((line=br.readLine())!=null) {
276 if(line.length()>0 &&
277 !line.startsWith("-----") &&
278 line.indexOf(':')<0) { // Header elements
279 baos.write(line.getBytes());
282 return baos.toByteArray();
285 public static class StripperInputStream extends InputStream {
286 private Reader created;
287 private BufferedReader br;
291 public StripperInputStream(Reader rdr) {
292 if(rdr instanceof BufferedReader) {
293 br = (BufferedReader)rdr;
295 br = new BufferedReader(rdr);
300 public StripperInputStream(File file) throws FileNotFoundException {
301 this(new FileReader(file));
305 public StripperInputStream(InputStream is) throws FileNotFoundException {
306 this(new InputStreamReader(is));
311 public int read() throws IOException {
312 if(line==null || idx>=line.length()) {
313 while((line=br.readLine())!=null) {
314 if(line.length()>0 &&
315 !line.startsWith("-----") &&
316 line.indexOf(':')<0) { // Header elements
326 return line.charAt(idx++);
330 * @see java.io.InputStream#close()
333 public void close() throws IOException {
340 public static class Base64InputStream extends InputStream {
341 private InputStream created;
342 private InputStream is;
348 public Base64InputStream(File file) throws FileNotFoundException {
349 this(new FileInputStream(file));
353 public Base64InputStream(InputStream is) throws FileNotFoundException {
360 public int read() throws IOException {
361 if(duo==null || idx>=duo.length) {
362 int read = is.read(trio);
366 duo = Symm.base64.decode(trio);
367 if(duo==null || duo.length==0) {
377 * @see java.io.InputStream#close()
380 public void close() throws IOException {
387 public static byte[] decode(byte[] bytes) throws IOException {
388 ByteArrayInputStream bais = new ByteArrayInputStream(bytes);
389 ByteArrayOutputStream baos = new ByteArrayOutputStream();
390 Symm.base64.decode(bais, baos);
391 return baos.toByteArray();
394 public static byte[] decode(File f) throws IOException {
395 FileReader fr = new FileReader(f);
397 return Factory.decode(fr);
403 public static byte[] decode(Reader rdr) throws IOException {
404 return decode(strip(rdr));
408 public static byte[] binary(File file) throws IOException {
409 DataInputStream dis = new DataInputStream(new FileInputStream(file));
411 byte[] bytes = new byte[(int)file.length()];
412 dis.readFully(bytes);
420 public static byte[] sign(Trans trans, byte[] bytes, PrivateKey pk) throws IOException, InvalidKeyException, SignatureException, NoSuchAlgorithmException {
421 TimeTaken tt = trans.start("Sign Data", Env.SUB);
423 Signature sig = Signature.getInstance(SIG_ALGO);
424 sig.initSign(pk, random);
432 public static String toSignatureString(byte[] signed) throws IOException {
433 return textBuilder("SIGNATURE", signed);
436 public static boolean verify(Trans trans, byte[] bytes, byte[] signature, PublicKey pk) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
437 TimeTaken tt = trans.start("Verify Data", Env.SUB);
439 Signature sig = Signature.getInstance(SIG_ALGO);
442 return sig.verify(signature);
Code Review / aaf / authz.git / blob