From 4a51a8f96715ffb2a42189b93b9fa91b453b8530 Mon Sep 17 00:00:00 2001
From: sg481n <sg481n@att.com>
Date: Thu, 3 Aug 2017 17:39:12 -0400
Subject:  [AAF-21] Initial code import
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Change-Id: Ia1dd196befd061f6ba0c2be6bf4456a30ea50f97
Signed-off-by: sg481n <sg481n@att.com>
---
 .../src/main/java/com/att/cadi/http/HX509SS.java   | 168 +++++++++++++++++++++
 1 file changed, 168 insertions(+)
 create mode 100644 client/src/main/java/com/att/cadi/http/HX509SS.java

(limited to 'client/src/main/java/com/att/cadi/http/HX509SS.java')

diff --git a/client/src/main/java/com/att/cadi/http/HX509SS.java b/client/src/main/java/com/att/cadi/http/HX509SS.java
new file mode 100644
index 0000000..3022c0f
--- /dev/null
+++ b/client/src/main/java/com/att/cadi/http/HX509SS.java
@@ -0,0 +1,168 @@
+/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aai
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * Copyright © 2017 Amdocs
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * * 
+ *  *      http://www.apache.org/licenses/LICENSE-2.0
+ * * 
+ *  * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ * *
+ ******************************************************************************/
+package com.att.cadi.http;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.net.HttpURLConnection;
+import java.security.PrivateKey;
+import java.security.SecureRandom;
+import java.security.Signature;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.X509Certificate;
+
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.X509KeyManager;
+
+import com.att.cadi.CadiException;
+import com.att.cadi.SecuritySetter;
+import com.att.cadi.Symm;
+import com.att.cadi.config.Config;
+import com.att.cadi.config.SecurityInfoC;
+import com.att.inno.env.APIException;
+import com.att.inno.env.util.Chrono;
+
+
+public class HX509SS implements SecuritySetter<HttpURLConnection> {
+	private static final byte[] X509 = "x509 ".getBytes();
+	private PrivateKey priv;
+	private byte[] pub;
+	private String cert;
+	private SecurityInfoC<HttpURLConnection> securityInfo;
+	private String algo;
+	private String alias;
+	private static int count = new SecureRandom().nextInt();
+
+	public HX509SS(SecurityInfoC<HttpURLConnection> si) throws APIException, IOException, CertificateEncodingException {
+		this(null,si,false);
+	}
+	
+	public HX509SS(SecurityInfoC<HttpURLConnection> si, boolean asDefault) throws APIException, IOException, CertificateEncodingException {
+		this(null,si,asDefault);
+	}
+	
+	public HX509SS(final String sendAlias, SecurityInfoC<HttpURLConnection> si) throws APIException, IOException, CertificateEncodingException {
+		this(sendAlias, si, false);
+	}
+
+	public HX509SS(final String sendAlias, SecurityInfoC<HttpURLConnection> si, boolean asDefault) throws APIException, IOException, CertificateEncodingException {
+		securityInfo = si;
+		if((alias=sendAlias) == null) {
+			if(si.default_alias == null) {
+				throw new APIException("JKS Alias is required to use X509SS Security.  Use " + Config.CADI_ALIAS +" to set default alias");
+			} else {
+				alias = si.default_alias;
+			}
+		}
+		
+		priv=null;
+		X509KeyManager[] xkms = si.getKeyManagers();
+		if(xkms==null || xkms.length==0) {
+			throw new APIException("There are no valid keys available in given Keystores.  Wrong Keypass?  Expired?");
+		}
+		for(int i=0;priv==null&&i<xkms.length;++i) {
+			priv = xkms[i].getPrivateKey(alias);
+		}
+		for(int i=0;cert==null&&i<xkms.length;++i) {
+			X509Certificate[] chain = xkms[i].getCertificateChain(alias);
+			if(chain!=null&&chain.length>0) {
+				algo = chain[0].getSigAlgName(); 
+				pub = chain[0].getEncoded();
+				ByteArrayOutputStream baos = new ByteArrayOutputStream(pub.length*2); 
+				ByteArrayInputStream bais = new ByteArrayInputStream(pub);
+				Symm.base64noSplit.encode(bais,baos,X509);
+				cert = baos.toString();
+				
+				/*
+				// Inner Test code, uncomment if fix needed
+				bais = new ByteArrayInputStream(baos.toByteArray());
+				baos = new ByteArrayOutputStream(input.length*2);
+				Symm.base64noSplit().decode(bais,baos,5);
+				byte[] output = baos.toByteArray();
+				String reconstitute = output.toString();
+				System.out.println("ok");
+				CertificateFactory certFactory;
+				try {
+					bais = new ByteArrayInputStream(output);
+					certFactory = CertificateFactory.getInstance("X.509");
+					X509Certificate x509 = (X509Certificate)certFactory.generateCertificate(bais);
+					System.out.println(x509.toString());
+				} catch (CertificateException e) {
+					e.printStackTrace();
+				}
+				*/
+			}
+		}
+		if(algo==null) {
+			throw new APIException("X509 Security Setter not configured");
+		}
+	}
+
+	@Override
+	public void setSecurity(HttpURLConnection huc) throws CadiException {
+		if(huc instanceof HttpsURLConnection) {
+			securityInfo.setSocketFactoryOn((HttpsURLConnection)huc);
+		}
+		if(alias==null) { // must be a one-way
+			huc.setRequestProperty("Authorization", cert);
+			
+			// Test Signed content
+			try {
+				String data = "SignedContent["+ inc() + ']' + Chrono.dateTime();
+				huc.setRequestProperty("Data", data);
+				
+				Signature sig = Signature.getInstance(algo);
+				sig.initSign(priv);
+				sig.update(data.getBytes());
+				byte[] signature = sig.sign();
+				
+				ByteArrayOutputStream baos = new ByteArrayOutputStream((int)(signature.length*1.3));
+				ByteArrayInputStream bais = new ByteArrayInputStream(signature);
+				Symm.base64noSplit.encode(bais, baos);
+				huc.setRequestProperty("Signature", new String(baos.toByteArray()));
+				
+			} catch (Exception e) {
+				throw new CadiException(e);
+			}
+		}
+	}
+	
+	private synchronized int inc() {
+		return ++count;
+	}
+	
+	/* (non-Javadoc)
+	 * @see com.att.cadi.SecuritySetter#getID()
+	 */
+	@Override
+	public String getID() {
+		return alias;
+	}
+	
+	@Override
+	public int setLastResponse(int respCode) {
+		return 0;
+	}
+}
-- 
cgit 1.2.3-korg