import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
+import java.security.Key;
import java.security.KeyPair;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import org.bouncycastle.asn1.crmf.ProofOfPossession;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.ExtensionsGenerator;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
+import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.Time;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.3.6.1.5.5.8.1.2"));
private static final ASN1ObjectIdentifier PASSWORD_BASED_MAC =
new ASN1ObjectIdentifier("1.2.840.113533.7.66.13");
+ private static final boolean CRITICAL_FALSE = false;
private CmpMessageHelper() {
}
throws CmpClientException {
LOG.info("Generating Extensions from Subject Alternative Names");
final ExtensionsGenerator extGenerator = new ExtensionsGenerator();
- // KeyUsage
try {
- final KeyUsage keyUsage =
- new KeyUsage(
- KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.nonRepudiation);
- extGenerator.addExtension(Extension.keyUsage, false, new DERBitString(keyUsage));
+ extGenerator.addExtension(Extension.keyUsage, CRITICAL_FALSE, getKeyUsage());
+ extGenerator.addExtension(Extension.extendedKeyUsage, CRITICAL_FALSE, getExtendedKeyUsage());
extGenerator.addExtension(
- Extension.subjectAlternativeName, false, new GeneralNames(sansArray));
+ Extension.subjectAlternativeName, CRITICAL_FALSE, new GeneralNames(sansArray));
} catch (IOException ioe) {
CmpClientException cmpClientException =
new CmpClientException(
return new PKIMessage(pkiHeader, pkiBody, bs);
}
+
+ private static KeyUsage getKeyUsage() {
+ return new KeyUsage(
+ KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.nonRepudiation);
+ }
+
+ private static ExtendedKeyUsage getExtendedKeyUsage() {
+ return new ExtendedKeyUsage(
+ new KeyPurposeId[]{KeyPurposeId.id_kp_clientAuth, KeyPurposeId.id_kp_serverAuth});
+ }
}
--- /dev/null
+/*
+ * ============LICENSE_START=======================================================
+ * oom-certservice-api
+ * ================================================================================
+ * Copyright (C) 2021 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.oom.certservice.cmpv2client.impl;
+
+import static org.junit.jupiter.api.Assertions.assertArrayEquals;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
+import org.bouncycastle.asn1.x509.Extension;
+import org.bouncycastle.asn1.x509.Extensions;
+import org.bouncycastle.asn1.x509.GeneralName;
+import org.bouncycastle.asn1.x509.GeneralNames;
+import org.bouncycastle.asn1.x509.KeyPurposeId;
+import org.bouncycastle.asn1.x509.KeyUsage;
+import org.junit.jupiter.api.Test;
+import org.onap.oom.certservice.cmpv2client.exceptions.CmpClientException;
+
+public class CmpMessageHelperTest {
+
+ private final KeyUsage expectedKeyUsage = new KeyUsage(
+ KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.nonRepudiation);
+ private final ExtendedKeyUsage expectedExtendedKeyUsage = new ExtendedKeyUsage(
+ new KeyPurposeId[]{KeyPurposeId.id_kp_clientAuth, KeyPurposeId.id_kp_serverAuth});
+
+ @Test
+ void shouldSetSansInExtensions() throws CmpClientException {
+ //when
+ Extensions extensions = CmpMessageHelper.generateExtension(getTestSans());
+ //then
+ GeneralName[] sans = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName).getNames();
+ assertArrayEquals(sans, getTestSans());
+ }
+
+ @Test
+ void shouldSetKeyUsagesInExtensions() throws CmpClientException {
+ //when
+ Extensions extensions = CmpMessageHelper.generateExtension(getTestSans());
+ //then
+ KeyUsage actualKeyUsage = KeyUsage.fromExtensions(extensions);
+ ExtendedKeyUsage actualExtendedKeyUsage = ExtendedKeyUsage.fromExtensions(extensions);
+ assertEquals(this.expectedKeyUsage, actualKeyUsage);
+ assertEquals(this.expectedExtendedKeyUsage, actualExtendedKeyUsage);
+ }
+
+ private GeneralName[] getTestSans() {
+ return new GeneralName[]{
+ new GeneralName(GeneralName.dNSName, "tetHostName"),
+ new GeneralName(GeneralName.iPAddress, "1.2.3.4")
+ };
+ }
+
+}
Code Review / oom / platform / cert-service.git / commitdiff