summaryrefslogtreecommitdiffstats
path: root/auth/auth-certman/src/main/java/org
diff options
context:
space:
mode:
authorInstrumental <jonathan.gathman@att.com>2018-07-02 09:40:49 -0500
committerInstrumental <jonathan.gathman@att.com>2018-07-02 09:41:03 -0500
commitc060284812fbbc18fcf22eb628c47c251505fe50 (patch)
tree6f8b8bc7d58667fd711dc913c2fa4a9d111a75ba /auth/auth-certman/src/main/java/org
parent2c0dd5c5136e249f63f1d3296063795cde30c399 (diff)
Update CM to us Local Intermediate Certs
Issue-ID: AAF-384 Change-Id: Iefd36c5b9ab8011ac696cb85e74c54edb63cb40a Signed-off-by: Instrumental <jonathan.gathman@att.com>
Diffstat (limited to 'auth/auth-certman/src/main/java/org')
-rw-r--r--auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java31
-rw-r--r--auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/JscepCA.java2
-rw-r--r--auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/LocalCA.java50
-rw-r--r--auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509ChainWithIssuer.java24
-rw-r--r--auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509andChain.java13
-rw-r--r--auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/BCFactory.java4
-rw-r--r--auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/CSRMeta.java4
-rw-r--r--auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/RDN.java2
-rw-r--r--auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/data/CertReq.java2
-rw-r--r--auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/data/CertResp.java13
-rw-r--r--auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/facade/FacadeImpl.java4
-rw-r--r--auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper1_0.java14
-rw-r--r--auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper2_0.java7
-rw-r--r--auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java6
14 files changed, 110 insertions, 66 deletions
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java
index ea726480..ac3e1a54 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java
@@ -36,7 +36,8 @@ import org.onap.aaf.auth.cm.cert.CSRMeta;
import org.onap.aaf.auth.cm.cert.RDN;
import org.onap.aaf.cadi.Access;
import org.onap.aaf.cadi.Access.Level;
-import org.onap.aaf.cadi.cm.CertException;
+import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.configure.CertException;
import org.onap.aaf.misc.env.Trans;
import org.onap.aaf.misc.env.util.Split;
@@ -57,9 +58,9 @@ public abstract class CA {
private final String env;
private MessageDigest messageDigest;
private final String permType;
- private Set<String> caIssuerDNs;
private final ArrayList<String> idDomains;
private String[] trustedCAs;
+ private String[] caIssuerDNs;
private List<RDN> rdns;
@@ -71,7 +72,7 @@ public abstract class CA {
if(permType==null) {
throw new CertException(CM_CA_PREFIX + name + ".perm_type" + MUST_EXIST_TO_CREATE_CSRS_FOR + caName);
}
- caIssuerDNs = new HashSet<>();
+ caIssuerDNs = Split.splitTrim(':', access.getProperty(Config.CADI_X509_ISSUERS, null));
String tag = CA.CM_CA_PREFIX+caName+CA.CM_CA_BASE_SUBJECT;
@@ -112,7 +113,12 @@ public abstract class CA {
String trustCas = access.getProperty(CM_TRUST_CAS,null);
if(trustCas!=null) {
for(String fname : Split.splitTrim(',', trustCas)) {
- File crt = new File(data,fname);
+ File crt;
+ if(fname.contains("/")) {
+ crt = new File(fname);
+ } else {
+ crt = new File(data,fname);
+ }
if(crt.exists()) {
access.printf(Level.INIT, "Loading CA Cert from %s", crt.getAbsolutePath());
bytes = new byte[(int)crt.length()];
@@ -139,7 +145,19 @@ public abstract class CA {
}
protected void addCaIssuerDN(String issuerDN) {
- caIssuerDNs.add(issuerDN);
+ boolean changed = true;
+ for(String id : caIssuerDNs) {
+ if(id.equals(issuerDN)) {
+ changed = false;
+ break;
+ }
+ }
+ if(changed) {
+ String[] newsa = new String[caIssuerDNs.length+1];
+ newsa[0]=issuerDN;
+ System.arraycopy(caIssuerDNs, 0, newsa, 1, caIssuerDNs.length);
+ caIssuerDNs = newsa;
+ }
}
protected synchronized void addTrustedCA(final String crtString) {
@@ -161,7 +179,7 @@ public abstract class CA {
trustedCAs = temp;
}
- public Set<String> getCaIssuerDNs() {
+ public String[] getCaIssuerDNs() {
return caIssuerDNs;
}
@@ -211,4 +229,5 @@ public abstract class CA {
public CSRMeta newCSRMeta() {
return new CSRMeta(rdns);
}
+
}
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/JscepCA.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/JscepCA.java
index ee73dbdc..3f398381 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/JscepCA.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/JscepCA.java
@@ -48,7 +48,7 @@ import org.onap.aaf.cadi.Access;
import org.onap.aaf.cadi.LocatorException;
import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.Locator.Item;
-import org.onap.aaf.cadi.cm.CertException;
+import org.onap.aaf.cadi.configure.CertException;
import org.onap.aaf.cadi.locator.HotPeerLocator;
import org.onap.aaf.misc.env.Env;
import org.onap.aaf.misc.env.TimeTaken;
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/LocalCA.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/LocalCA.java
index e2287c3b..af2d2f6b 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/LocalCA.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/LocalCA.java
@@ -39,6 +39,7 @@ import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
+import java.util.Collections;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.List;
@@ -64,28 +65,33 @@ import org.onap.aaf.auth.cm.cert.RDN;
import org.onap.aaf.auth.env.NullTrans;
import org.onap.aaf.cadi.Access;
import org.onap.aaf.cadi.Access.Level;
-import org.onap.aaf.cadi.cm.CertException;
-import org.onap.aaf.cadi.cm.Factory;
+import org.onap.aaf.cadi.configure.CertException;
+import org.onap.aaf.cadi.configure.Factory;
import org.onap.aaf.misc.env.Env;
import org.onap.aaf.misc.env.TimeTaken;
import org.onap.aaf.misc.env.Trans;
public class LocalCA extends CA {
+ private final static BigInteger ONE = new BigInteger("1");
// Extensions
private static final KeyPurposeId[] ASN_WebUsage = new KeyPurposeId[] {
KeyPurposeId.id_kp_serverAuth, // WebServer
- KeyPurposeId.id_kp_clientAuth};// WebClient
-
+ KeyPurposeId.id_kp_clientAuth // WebClient
+ };
+
private final PrivateKey caKey;
private final X500Name issuer;
private final SecureRandom random = new SecureRandom();
- private byte[] serialish;
+ private BigInteger serial;
private final X509ChainWithIssuer x509cwi; // "Cert" is CACert
-
+
+
public LocalCA(Access access, final String name, final String env, final String[][] params) throws IOException, CertException {
super(access, name, env);
- serialish = new byte[24];
+
+ serial = new BigInteger(64,random);
+
if(params.length<1 || params[0].length<2) {
throw new IOException("LocalCA expects cm_ca.<ca name>=org.onap.aaf.auth.cm.ca.LocalCA,<full path to key file>[;<Full Path to Trust Chain, ending with actual CA>]+");
}
@@ -180,7 +186,9 @@ public class LocalCA extends CA {
}
X500NameBuilder xnb = new X500NameBuilder();
- for(RDN rnd : RDN.parse(',', x509cwi.getIssuerDN())) {
+ List<RDN> rp = RDN.parse(',', x509cwi.getIssuerDN());
+ Collections.reverse(rp);
+ for(RDN rnd : rp) {
xnb.addRDN(rnd.aoi,rnd.value);
}
issuer = xnb.build();
@@ -201,9 +209,10 @@ public class LocalCA extends CA {
TimeTaken tt = trans.start("Create/Sign Cert",Env.SUB);
try {
BigInteger bi;
- synchronized(serialish) {
- random.nextBytes(serialish);
- bi = new BigInteger(serialish);
+
+ synchronized(ONE) {
+ bi = serial;
+ serial = serial.add(ONE);
}
RSAPublicKey rpk = (RSAPublicKey)csrmeta.keypair(trans).getPublic();
@@ -225,20 +234,23 @@ public class LocalCA extends CA {
JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();
xcb.addExtension(Extension.basicConstraints,
- false, new BasicConstraints(false))
+ false, new BasicConstraints(false
+ ))
.addExtension(Extension.keyUsage,
true, new KeyUsage(KeyUsage.digitalSignature
- | KeyUsage.keyEncipherment))
+ | KeyUsage.keyEncipherment
+ | KeyUsage.nonRepudiation))
.addExtension(Extension.extendedKeyUsage,
true, new ExtendedKeyUsage(ASN_WebUsage))
-
.addExtension(Extension.authorityKeyIdentifier,
- false, extUtils.createAuthorityKeyIdentifier(x509cwi.cert))
- .addExtension(Extension.subjectKeyIdentifier,
- false, extUtils.createSubjectKeyIdentifier(x509cwi.cert.getPublicKey()))
+ false, extUtils.createAuthorityKeyIdentifier(x509cwi.cert))
+ .addExtension(Extension.subjectKeyIdentifier,
+ false, extUtils.createSubjectKeyIdentifier(rpk))
.addExtension(Extension.subjectAlternativeName,
false, new GeneralNames(sans))
- ;
+// .addExtension(MiscObjectIdentifiers.netscape, true, new NetscapeCertType(
+// NetscapeCertType.sslClient|NetscapeCertType.sslClient))
+ ;
x509 = new JcaX509CertificateConverter().getCertificate(
xcb.build(BCFactory.contentSigner(caKey)));
@@ -248,7 +260,7 @@ public class LocalCA extends CA {
tt.done();
}
- return new X509ChainWithIssuer(x509cwi,x509);
+ return new X509andChain(x509,x509cwi.trustChain);
}
}
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509ChainWithIssuer.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509ChainWithIssuer.java
index 6ba5a37f..e31b9988 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509ChainWithIssuer.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509ChainWithIssuer.java
@@ -29,13 +29,14 @@ import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.List;
-import org.onap.aaf.cadi.cm.CertException;
-import org.onap.aaf.cadi.cm.Factory;
+import org.onap.aaf.cadi.configure.CertException;
+import org.onap.aaf.cadi.configure.Factory;
public class X509ChainWithIssuer extends X509andChain {
private String issuerDN;
+ public X509Certificate caX509;
- public X509ChainWithIssuer(X509ChainWithIssuer orig, X509Certificate x509) {
+ public X509ChainWithIssuer(X509ChainWithIssuer orig, X509Certificate x509) throws IOException, CertException {
super(x509,orig.trustChain);
issuerDN=orig.issuerDN;
}
@@ -48,7 +49,8 @@ public class X509ChainWithIssuer extends X509andChain {
if(rdr==null) { // cover for badly formed array
continue;
}
- byte[] bytes = Factory.decode(rdr);
+
+ byte[] bytes = Factory.decode(rdr,null);
try {
certs = Factory.toX509Certificate(bytes);
} catch (CertificateException e) {
@@ -62,24 +64,24 @@ public class X509ChainWithIssuer extends X509andChain {
}
if(cert==null) { // first in Trust Chain
issuerDN = subject.toString();
+ cert=x509; // adding each time makes sure last one is signer.
}
addTrustChainEntry(x509);
- cert=x509; // adding each time makes sure last one is signer.
}
}
}
public X509ChainWithIssuer(Certificate[] certs) throws IOException, CertException {
X509Certificate x509;
- for(Certificate c : certs) {
- x509=(X509Certificate)c;
+ for(int i=certs.length-1; i>=0; --i) {
+ x509=(X509Certificate)certs[i];
Principal subject = x509.getSubjectDN();
if(subject!=null) {
- if(cert==null) { // first in Trust Chain
- issuerDN= subject.toString();
- }
addTrustChainEntry(x509);
- cert=x509; // adding each time makes sure last one is signer.
+ if(i==0) { // last one is signer
+ cert=x509;
+ issuerDN= subject.toString();
+ }
}
}
}
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509andChain.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509andChain.java
index 46a6393a..5141cc62 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509andChain.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/X509andChain.java
@@ -25,8 +25,8 @@ import java.security.cert.X509Certificate;
import java.util.List;
import org.onap.aaf.auth.env.NullTrans;
-import org.onap.aaf.cadi.cm.CertException;
-import org.onap.aaf.cadi.cm.Factory;
+import org.onap.aaf.cadi.configure.CertException;
+import org.onap.aaf.cadi.configure.Factory;
/**
@@ -45,14 +45,14 @@ public class X509andChain {
trustChain = null;
}
- public X509andChain(X509Certificate cert, String[] trustChain) {
+ public X509andChain(X509Certificate cert, String[] tc) throws IOException, CertException {
this.cert = cert;
- this.trustChain = trustChain;
+ trustChain=tc;
}
- public X509andChain(X509Certificate cert, List<String> chain) {
+ public X509andChain(X509Certificate cert, List<String> chain) throws IOException, CertException {
this.cert = cert;
- trustChain = new String[chain.size()];
+ trustChain = new String[chain.size()+1];
chain.toArray(trustChain);
}
@@ -67,6 +67,7 @@ public class X509andChain {
trustChain=temp;
}
}
+
public X509Certificate getX509() {
return cert;
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/BCFactory.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/BCFactory.java
index 7f4590f3..70ddd438 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/BCFactory.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/BCFactory.java
@@ -37,8 +37,8 @@ import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.onap.aaf.auth.cm.ca.CA;
import org.onap.aaf.auth.cm.validation.CertmanValidator;
import org.onap.aaf.cadi.Symm;
-import org.onap.aaf.cadi.cm.CertException;
-import org.onap.aaf.cadi.cm.Factory;
+import org.onap.aaf.cadi.configure.CertException;
+import org.onap.aaf.cadi.configure.Factory;
import org.onap.aaf.misc.env.Env;
import org.onap.aaf.misc.env.TimeTaken;
import org.onap.aaf.misc.env.Trans;
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/CSRMeta.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/CSRMeta.java
index 2b763f7f..7d417d5f 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/CSRMeta.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/CSRMeta.java
@@ -49,8 +49,8 @@ import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
-import org.onap.aaf.cadi.cm.CertException;
-import org.onap.aaf.cadi.cm.Factory;
+import org.onap.aaf.cadi.configure.CertException;
+import org.onap.aaf.cadi.configure.Factory;
import org.onap.aaf.misc.env.Trans;
public class CSRMeta {
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/RDN.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/RDN.java
index 5b55f1ca..564a4b5d 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/RDN.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cert/RDN.java
@@ -25,7 +25,7 @@ import java.util.List;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.x500.style.BCStyle;
-import org.onap.aaf.cadi.cm.CertException;
+import org.onap.aaf.cadi.configure.CertException;
import org.onap.aaf.cadi.util.Split;
public class RDN {
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/data/CertReq.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/data/CertReq.java
index aa0b9c26..d960945c 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/data/CertReq.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/data/CertReq.java
@@ -28,7 +28,7 @@ import javax.xml.datatype.XMLGregorianCalendar;
import org.onap.aaf.auth.cm.ca.CA;
import org.onap.aaf.auth.cm.cert.BCFactory;
import org.onap.aaf.auth.cm.cert.CSRMeta;
-import org.onap.aaf.cadi.cm.CertException;
+import org.onap.aaf.cadi.configure.CertException;
public class CertReq {
// These cannot be null
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/data/CertResp.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/data/CertResp.java
index 595025e7..970bfb85 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/data/CertResp.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/data/CertResp.java
@@ -25,12 +25,11 @@ import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.cert.X509Certificate;
-import java.util.Set;
import org.onap.aaf.auth.cm.ca.CA;
import org.onap.aaf.auth.cm.cert.CSRMeta;
-import org.onap.aaf.cadi.cm.CertException;
-import org.onap.aaf.cadi.cm.Factory;
+import org.onap.aaf.cadi.configure.CertException;
+import org.onap.aaf.cadi.configure.Factory;
import org.onap.aaf.misc.env.Trans;
public class CertResp {
@@ -40,17 +39,15 @@ public class CertResp {
private String privateKey, certString;
private String[] trustChain;
- private String[] trustCAs;
private String[] notes;
- public CertResp(Trans trans, CA ca, X509Certificate x509, CSRMeta csrMeta, String[] trustChain, String[] trustCAs, String[] notes) throws IOException, GeneralSecurityException, CertException {
+ public CertResp(Trans trans, CA ca, X509Certificate x509, CSRMeta csrMeta, String[] trustChain, String[] notes) throws IOException, GeneralSecurityException, CertException {
keyPair = csrMeta.keypair(trans);
privateKey = Factory.toString(trans, keyPair.getPrivate());
certString = Factory.toString(trans,x509);
challenge=csrMeta.challenge();
this.ca = ca;
this.trustChain = trustChain;
- this.trustCAs = trustCAs;
this.notes = notes;
}
@@ -76,7 +73,7 @@ public class CertResp {
return notes;
}
- public Set<String> caIssuerDNs() {
+ public String[] caIssuerDNs() {
return ca.getCaIssuerDNs();
}
@@ -89,6 +86,6 @@ public class CertResp {
}
public String[] trustCAs() {
- return trustCAs;
+ return ca.getTrustedCAs();
}
}
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/facade/FacadeImpl.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/facade/FacadeImpl.java
index 0598ee60..51a905a4 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/facade/FacadeImpl.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/facade/FacadeImpl.java
@@ -58,8 +58,8 @@ import org.onap.aaf.auth.env.AuthzEnv;
import org.onap.aaf.auth.env.AuthzTrans;
import org.onap.aaf.auth.layer.Result;
import org.onap.aaf.cadi.aaf.AAFPermission;
-import org.onap.aaf.cadi.cm.CertException;
-import org.onap.aaf.cadi.cm.Factory;
+import org.onap.aaf.cadi.configure.CertException;
+import org.onap.aaf.cadi.configure.Factory;
import org.onap.aaf.misc.env.APIException;
import org.onap.aaf.misc.env.Data;
import org.onap.aaf.misc.env.Env;
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper1_0.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper1_0.java
index 16517c95..c06734f4 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper1_0.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper1_0.java
@@ -31,8 +31,8 @@ import org.onap.aaf.auth.cm.data.CertReq;
import org.onap.aaf.auth.cm.data.CertResp;
import org.onap.aaf.auth.cm.validation.CertmanValidator;
import org.onap.aaf.auth.dao.cass.ArtiDAO;
-import org.onap.aaf.auth.dao.cass.CertDAO;
import org.onap.aaf.auth.dao.cass.ArtiDAO.Data;
+import org.onap.aaf.auth.dao.cass.CertDAO;
import org.onap.aaf.auth.env.AuthzTrans;
import org.onap.aaf.auth.layer.Result;
import org.onap.aaf.cadi.util.FQI;
@@ -108,7 +108,9 @@ public class Mapper1_0 implements Mapper<BaseRequest,CertInfo,Artifacts,Error> {
if((value=cin.challenge())!=null) {
cout.setChallenge(value);
}
+ // In Version 1, Cert is always first
cout.getCerts().add(cin.asCertString());
+ // Follow with Trust Chain
if(cin.trustChain()!=null) {
for(String c : cin.trustChain()) {
if(c!=null) {
@@ -116,12 +118,15 @@ public class Mapper1_0 implements Mapper<BaseRequest,CertInfo,Artifacts,Error> {
}
}
}
+
// Adding all the Certs in one response is a mistake. Makes it very hard for Agent to setup
// Certs in keystore versus Truststore. Separate in Version 2_0
if(cin.trustCAs()!=null) {
for(String c : cin.trustCAs()) {
if(c!=null) {
- cout.getCerts().add(c);
+ if(!cout.getCerts().contains(c)) {
+ cout.getCerts().add(c);
+ }
}
}
}
@@ -138,7 +143,10 @@ public class Mapper1_0 implements Mapper<BaseRequest,CertInfo,Artifacts,Error> {
}
cout.setNotes(sb.toString());
}
- cout.getCaIssuerDNs().addAll(cin.caIssuerDNs());
+ List<String> caIssuerDNs = cout.getCaIssuerDNs();
+ for(String s : cin.caIssuerDNs()) {
+ caIssuerDNs.add(s);
+ }
cout.setEnv(cin.env());
return Result.ok(cout);
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper2_0.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper2_0.java
index 13123bdf..76f7d9be 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper2_0.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper2_0.java
@@ -127,7 +127,12 @@ public class Mapper2_0 implements Mapper<BaseRequest,CertInfo,Artifacts,Error> {
}
cout.setNotes(sb.toString());
}
- cout.getCaIssuerDNs().addAll(cin.caIssuerDNs());
+
+ List<String> caIssuerDNs = cout.getCaIssuerDNs();
+ for(String s : cin.caIssuerDNs()) {
+ caIssuerDNs.add(s);
+ }
+
cout.setEnv(cin.env());
return Result.ok(cout);
} else {
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java
index 4ef5472a..8d39f540 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java
@@ -59,7 +59,7 @@ import org.onap.aaf.auth.org.Organization.Identity;
import org.onap.aaf.auth.org.OrganizationException;
import org.onap.aaf.cadi.Hash;
import org.onap.aaf.cadi.aaf.AAFPermission;
-import org.onap.aaf.cadi.cm.Factory;
+import org.onap.aaf.cadi.configure.Factory;
import org.onap.aaf.cadi.util.FQI;
import org.onap.aaf.misc.env.APIException;
import org.onap.aaf.misc.env.util.Chrono;
@@ -317,7 +317,7 @@ public class CMService {
crdd.type = CredDAO.CERT_SHA256_RSA;
credDAO.create(trans, crdd);
- CertResp cr = new CertResp(trans, ca, x509, csrMeta, x509ac.getTrustChain(), ca.getTrustedCAs(), compileNotes(notes));
+ CertResp cr = new CertResp(trans, ca, x509, csrMeta, x509ac.getTrustChain(),compileNotes(notes));
return Result.ok(cr);
} catch (Exception e) {
trans.error().log(e);
@@ -398,7 +398,7 @@ public class CMService {
cdd.x509=Factory.toString(trans, x509);
certDAO.create(trans, cdd);
- CertResp cr = new CertResp(trans, ca, x509, csrMeta, x509ac.getTrustChain(), ca.getTrustedCAs(), compileNotes(null));
+ CertResp cr = new CertResp(trans, ca, x509, csrMeta, x509ac.getTrustChain(), compileNotes(null));
return Result.ok(cr);
} catch (Exception e) {
trans.error().log(e);