Adding the sample directory for application

This can be considered as a sample for shared voulume which holds application content Change-Id: Id46d33869402c22ae9902d1cdff4c1704e422362 Issue-ID: AAF-342 Signed-off-by: Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com>
author: Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com> 2018-07-11 05:54:52 -0700
committer: Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com> 2018-07-11 06:56:00 -0700
commit: a00f00a2c5f390281196e371280f4f481a5f4be0 (patch)
tree: 0c0652c68751baff4c57f785e0ac2fe12afefcb2 /test/integration/samplecaservicecontainer/applicationfiles/CaSign.java
parent: 3351fedea7b12fdf3e6c8f32b4800365f38cf14a (diff)
1 files changed, 201 insertions, 0 deletions
diff --git a/test/integration/samplecaservicecontainer/applicationfiles/CaSign.java b/test/integration/samplecaservicecontainer/applicationfiles/CaSign.java
new file mode 100755
index 0000000..a43e262
--- /dev/null
+++ b/test/integration/samplecaservicecontainer/applicationfiles/CaSign.java
@@ -0,0 +1,201 @@
+/*
+ * Copyright 2018 Intel Corporation, Inc
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import java.security.*;
+import sun.security.pkcs11.*;
+import javax.crypto.spec.SecretKeySpec;
+import java.util.*;
+import sun.security.pkcs11.*;
+import java.security.interfaces.*;
+import javax.net.ssl.*;
+import javax.crypto.spec.*;
+import java.io.*;
+import java.security.cert.*;
+import java.security.spec.*;
+import sun.security.x509.*;
+import java.security.KeyStore.PrivateKeyEntry;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.KeyManagementException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.SecureRandom;
+import java.security.Security;
+import java.security.SignatureException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.Date;
+import java.util.Random;
+
+import org.bouncycastle.pkcs.PKCS10CertificationRequest;
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.asn1.x500.X500NameBuilder;
+import org.bouncycastle.asn1.x500.style.BCStyle;
+import org.bouncycastle.asn1.x509.BasicConstraints;
+import org.bouncycastle.asn1.x509.Extension;
+import org.bouncycastle.asn1.x509.KeyPurposeId;
+import org.bouncycastle.asn1.x509.KeyUsage;
+import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.bouncycastle.cert.CertIOException;
+import org.bouncycastle.cert.X509CertificateHolder;
+import org.bouncycastle.cert.X509v3CertificateBuilder;
+import org.bouncycastle.cert.bc.BcX509ExtensionUtils;
+import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
+import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.operator.ContentSigner;
+import org.bouncycastle.operator.OperatorCreationException;
+import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.bouncycastle.util.io.pem.PemReader;
+import org.bouncycastle.util.io.pem.PemObject;
+import org.bouncycastle.asn1.pkcs.CertificationRequest;
+import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
+import org.bouncycastle.asn1.x509.Extension;
+import org.bouncycastle.asn1.x509.GeneralName;
+import org.bouncycastle.asn1.x509.GeneralNames;
+import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
+
+
+
+import javax.xml.bind.DatatypeConverter;
+import java.security.cert.X509Certificate;
+import java.io.StringWriter;
+
+public class CaSign {
+
+	private static final KeyPurposeId[] ASN_WebUsage = new KeyPurposeId[] {
+				KeyPurposeId.id_kp_serverAuth,
+
+				KeyPurposeId.id_kp_clientAuth};
+
+	public static void main(String[] args) throws Exception {
+        //System.setProperty("javax.net.debug","all");
+        //System.setProperty("javax.security.debug","all");
+        if ( args.length < 2 )
+            System.out.println("Arguments mismatch, Usage: CaSign  <pin> <alias>");
+        for(int i = 0; i < args.length; i++) {
+            System.out.println(args[i]);
+        }
+        // Set up the Sun PKCS 11 provider
+        String configName = "/tmp/pkcs11.cfg";
+        Provider p = new SunPKCS11(configName);
+        //Provider p = Security.getProvider("SunPKCS11-pkcs11Test");
+        if (p==null) {
+           throw new RuntimeException("could not get security provider for");
+        }
+        Security.addProvider(p);
+        // Load the key store
+        char[] pin = args[0].toCharArray();
+        KeyStore keyStore = KeyStore.getInstance("PKCS11", p);
+        keyStore.load(null, pin);
+
+
+        Enumeration<String> aliases = keyStore.aliases();
+        while(aliases.hasMoreElements()){
+            String alias = aliases.nextElement();
+            System.out.println(alias + ": " + keyStore.getKey(alias,args[0].toCharArray()));
+        }
+        PrivateKeyEntry privateKeyEntry = (PrivateKeyEntry) keyStore.getEntry(args[1], null);
+        PrivateKey privateKey = privateKeyEntry.getPrivateKey();
+
+	File csrf = new File("/tmp/test.csr");
+        if ( csrf == null )
+            System.out.println("Make sure to copy the test.csr file to /tmp");
+	Reader pemcsr = new FileReader(csrf);
+	PemReader reader = new PemReader(pemcsr);
+	PemObject pem = reader.readPemObject();
+	PKCS10CertificationRequest csr = new PKCS10CertificationRequest(pem.getContent());
+
+        X509Certificate caCert = (X509Certificate) privateKeyEntry.getCertificate();
+        RSAPublicKey publicKey = (RSAPublicKey) caCert.getPublicKey();
+
+        Security.addProvider(new BouncyCastleProvider());
+
+        X500NameBuilder x500NameBld = new X500NameBuilder(BCStyle.INSTANCE);
+        x500NameBld.addRDN(BCStyle.C, "US");
+        x500NameBld.addRDN(BCStyle.ST, "CA");
+        x500NameBld.addRDN(BCStyle.L, "local");
+        x500NameBld.addRDN(BCStyle.O, "onap");
+        x500NameBld.addRDN(BCStyle.CN, "test.onap.ca");
+	X500Name issuer = x500NameBld.build();
+
+	GregorianCalendar gc = new GregorianCalendar();
+        Date start = gc.getTime();
+	gc.add(GregorianCalendar.DAY_OF_MONTH, 1000);
+	Date end = gc.getTime();
+
+	X509Certificate x509;
+        byte[] serialish = new byte[24];
+	SecureRandom random = new SecureRandom();
+	BigInteger bi;
+        synchronized(serialish) {
+		random.nextBytes(serialish);
+		bi = new BigInteger(serialish);
+        }
+        X509v3CertificateBuilder xcb = new X509v3CertificateBuilder(issuer, bi,
+		start, end, csr.getSubject(), csr.getSubjectPublicKeyInfo());
+
+
+
+	JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();
+		    xcb		.addExtension(Extension.basicConstraints,
+                    	false, new BasicConstraints(false))
+		            .addExtension(Extension.keyUsage,
+		                true, new KeyUsage(KeyUsage.digitalSignature
+		                                 | KeyUsage.keyEncipherment))
+		            .addExtension(Extension.extendedKeyUsage,
+		                          true, new ExtendedKeyUsage(ASN_WebUsage))
+
+                    .addExtension(Extension.authorityKeyIdentifier,
+		                          false, extUtils.createAuthorityKeyIdentifier(caCert))
+		            .addExtension(Extension.subjectKeyIdentifier,
+		                          false, extUtils.createSubjectKeyIdentifier(caCert.getPublicKey()));
+		            //.addExtension(Extension.subjectAlternativeName,
+		            //		false, new GeneralNames(sans));
+
+
+
+	ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSA").build(privateKey);
+	x509 = new JcaX509CertificateConverter().getCertificate(xcb.build(sigGen));
+
+	StringWriter sw = new StringWriter();
+        sw.write("-----BEGIN CERTIFICATE-----\n");
+        sw.write(DatatypeConverter.printBase64Binary(x509.getEncoded()).replaceAll("(.{64})", "$1\n"));
+        sw.write("\n-----END CERTIFICATE-----\n");
+        FileWriter fw = new FileWriter("/tmp/test.cert");
+        fw.write(sw.toString());
+        fw.close();
+        System.out.println("Done - Signed certificate at /tmp/test.cert");
+
+   }
+}
author	Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com>	2018-07-11 05:54:52 -0700
committer	Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com>	2018-07-11 06:56:00 -0700
commit	a00f00a2c5f390281196e371280f4f481a5f4be0 (patch)
tree	0c0652c68751baff4c57f785e0ac2fe12afefcb2 /test/integration/samplecaservicecontainer/applicationfiles/CaSign.java
parent	3351fedea7b12fdf3e6c8f32b4800365f38cf14a (diff)