aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xtest/integration/samplecaservicecontainer/applicationfiles/CaSign.java201
-rwxr-xr-xtest/integration/samplecaservicecontainer/applicationfiles/ca.cert21
-rwxr-xr-xtest/integration/samplecaservicecontainer/applicationfiles/privkey.pem28
-rwxr-xr-xtest/integration/samplecaservicecontainer/applicationfiles/test.csr16
-rwxr-xr-xtest/integration/samplecaservicecontainer/applicationfiles/test.key27
5 files changed, 293 insertions, 0 deletions
diff --git a/test/integration/samplecaservicecontainer/applicationfiles/CaSign.java b/test/integration/samplecaservicecontainer/applicationfiles/CaSign.java
new file mode 100755
index 0000000..a43e262
--- /dev/null
+++ b/test/integration/samplecaservicecontainer/applicationfiles/CaSign.java
@@ -0,0 +1,201 @@
+/*
+ * Copyright 2018 Intel Corporation, Inc
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import java.security.*;
+import sun.security.pkcs11.*;
+import javax.crypto.spec.SecretKeySpec;
+import java.util.*;
+import sun.security.pkcs11.*;
+import java.security.interfaces.*;
+import javax.net.ssl.*;
+import javax.crypto.spec.*;
+import java.io.*;
+import java.security.cert.*;
+import java.security.spec.*;
+import sun.security.x509.*;
+import java.security.KeyStore.PrivateKeyEntry;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.KeyManagementException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.SecureRandom;
+import java.security.Security;
+import java.security.SignatureException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.Date;
+import java.util.Random;
+
+import org.bouncycastle.pkcs.PKCS10CertificationRequest;
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.asn1.x500.X500NameBuilder;
+import org.bouncycastle.asn1.x500.style.BCStyle;
+import org.bouncycastle.asn1.x509.BasicConstraints;
+import org.bouncycastle.asn1.x509.Extension;
+import org.bouncycastle.asn1.x509.KeyPurposeId;
+import org.bouncycastle.asn1.x509.KeyUsage;
+import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.bouncycastle.cert.CertIOException;
+import org.bouncycastle.cert.X509CertificateHolder;
+import org.bouncycastle.cert.X509v3CertificateBuilder;
+import org.bouncycastle.cert.bc.BcX509ExtensionUtils;
+import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
+import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.operator.ContentSigner;
+import org.bouncycastle.operator.OperatorCreationException;
+import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.bouncycastle.util.io.pem.PemReader;
+import org.bouncycastle.util.io.pem.PemObject;
+import org.bouncycastle.asn1.pkcs.CertificationRequest;
+import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
+import org.bouncycastle.asn1.x509.Extension;
+import org.bouncycastle.asn1.x509.GeneralName;
+import org.bouncycastle.asn1.x509.GeneralNames;
+import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
+
+
+
+import javax.xml.bind.DatatypeConverter;
+import java.security.cert.X509Certificate;
+import java.io.StringWriter;
+
+public class CaSign {
+
+ private static final KeyPurposeId[] ASN_WebUsage = new KeyPurposeId[] {
+ KeyPurposeId.id_kp_serverAuth,
+
+ KeyPurposeId.id_kp_clientAuth};
+
+ public static void main(String[] args) throws Exception {
+ //System.setProperty("javax.net.debug","all");
+ //System.setProperty("javax.security.debug","all");
+ if ( args.length < 2 )
+ System.out.println("Arguments mismatch, Usage: CaSign <pin> <alias>");
+ for(int i = 0; i < args.length; i++) {
+ System.out.println(args[i]);
+ }
+ // Set up the Sun PKCS 11 provider
+ String configName = "/tmp/pkcs11.cfg";
+ Provider p = new SunPKCS11(configName);
+ //Provider p = Security.getProvider("SunPKCS11-pkcs11Test");
+ if (p==null) {
+ throw new RuntimeException("could not get security provider for");
+ }
+ Security.addProvider(p);
+ // Load the key store
+ char[] pin = args[0].toCharArray();
+ KeyStore keyStore = KeyStore.getInstance("PKCS11", p);
+ keyStore.load(null, pin);
+
+
+ Enumeration<String> aliases = keyStore.aliases();
+ while(aliases.hasMoreElements()){
+ String alias = aliases.nextElement();
+ System.out.println(alias + ": " + keyStore.getKey(alias,args[0].toCharArray()));
+ }
+ PrivateKeyEntry privateKeyEntry = (PrivateKeyEntry) keyStore.getEntry(args[1], null);
+ PrivateKey privateKey = privateKeyEntry.getPrivateKey();
+
+ File csrf = new File("/tmp/test.csr");
+ if ( csrf == null )
+ System.out.println("Make sure to copy the test.csr file to /tmp");
+ Reader pemcsr = new FileReader(csrf);
+ PemReader reader = new PemReader(pemcsr);
+ PemObject pem = reader.readPemObject();
+ PKCS10CertificationRequest csr = new PKCS10CertificationRequest(pem.getContent());
+
+ X509Certificate caCert = (X509Certificate) privateKeyEntry.getCertificate();
+ RSAPublicKey publicKey = (RSAPublicKey) caCert.getPublicKey();
+
+ Security.addProvider(new BouncyCastleProvider());
+
+ X500NameBuilder x500NameBld = new X500NameBuilder(BCStyle.INSTANCE);
+ x500NameBld.addRDN(BCStyle.C, "US");
+ x500NameBld.addRDN(BCStyle.ST, "CA");
+ x500NameBld.addRDN(BCStyle.L, "local");
+ x500NameBld.addRDN(BCStyle.O, "onap");
+ x500NameBld.addRDN(BCStyle.CN, "test.onap.ca");
+ X500Name issuer = x500NameBld.build();
+
+ GregorianCalendar gc = new GregorianCalendar();
+ Date start = gc.getTime();
+ gc.add(GregorianCalendar.DAY_OF_MONTH, 1000);
+ Date end = gc.getTime();
+
+ X509Certificate x509;
+ byte[] serialish = new byte[24];
+ SecureRandom random = new SecureRandom();
+ BigInteger bi;
+ synchronized(serialish) {
+ random.nextBytes(serialish);
+ bi = new BigInteger(serialish);
+ }
+ X509v3CertificateBuilder xcb = new X509v3CertificateBuilder(issuer, bi,
+ start, end, csr.getSubject(), csr.getSubjectPublicKeyInfo());
+
+
+
+ JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();
+ xcb .addExtension(Extension.basicConstraints,
+ false, new BasicConstraints(false))
+ .addExtension(Extension.keyUsage,
+ true, new KeyUsage(KeyUsage.digitalSignature
+ | KeyUsage.keyEncipherment))
+ .addExtension(Extension.extendedKeyUsage,
+ true, new ExtendedKeyUsage(ASN_WebUsage))
+
+ .addExtension(Extension.authorityKeyIdentifier,
+ false, extUtils.createAuthorityKeyIdentifier(caCert))
+ .addExtension(Extension.subjectKeyIdentifier,
+ false, extUtils.createSubjectKeyIdentifier(caCert.getPublicKey()));
+ //.addExtension(Extension.subjectAlternativeName,
+ // false, new GeneralNames(sans));
+
+
+
+ ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSA").build(privateKey);
+ x509 = new JcaX509CertificateConverter().getCertificate(xcb.build(sigGen));
+
+ StringWriter sw = new StringWriter();
+ sw.write("-----BEGIN CERTIFICATE-----\n");
+ sw.write(DatatypeConverter.printBase64Binary(x509.getEncoded()).replaceAll("(.{64})", "$1\n"));
+ sw.write("\n-----END CERTIFICATE-----\n");
+ FileWriter fw = new FileWriter("/tmp/test.cert");
+ fw.write(sw.toString());
+ fw.close();
+ System.out.println("Done - Signed certificate at /tmp/test.cert");
+
+ }
+}
diff --git a/test/integration/samplecaservicecontainer/applicationfiles/ca.cert b/test/integration/samplecaservicecontainer/applicationfiles/ca.cert
new file mode 100755
index 0000000..78f187c
--- /dev/null
+++ b/test/integration/samplecaservicecontainer/applicationfiles/ca.cert
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDczCCAlugAwIBAgIJALoay4GExsvXMA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIDAJDQTEOMAwGA1UEBwwFbG9jYWwxDTALBgNVBAoMBG9u
+YXAxFTATBgNVBAMMDHRlc3Qub25hcC5jYTAeFw0xODA2MjkxNzUwNDVaFw0yODA2
+MjYxNzUwNDVaMFAxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEOMAwGA1UEBwwF
+bG9jYWwxDTALBgNVBAoMBG9uYXAxFTATBgNVBAMMDHRlc3Qub25hcC5jYTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOgXhAT+GCA5yVD/PfRnJdkeFuIh
+2oz3OpAYUMBDfbrJgtAumgHO27cCBNgbYaaY+0wIiMCRjFJcikGBFxYyGQ7MXsqk
+/xZ1CAbCyLfsTUOB5Wsu1j5izFByNWfx+iiZpfNwNB3YOcZXb5Z5voaVZYXcT9NS
+f8OtApplrxwdsSBpHZC4ruwAGiBngITyFWCmn07Q9RUOkss2KabBj7iy/SmI+kg2
+gamDr2yphbaG6BFmvk8U99r4xSZVVqB0i+kdhdGOBxE0casfE9NcIcZmzLNP7BFe
+CVwFRuUgtb3aawIAU/Y7/DuH8KBVZVZKgrB7eNQ1p9Q/cN+x2DkuMlzntx0CAwEA
+AaNQME4wHQYDVR0OBBYEFNBfJ7egJPzesBRsw+GHHstjp9mBMB8GA1UdIwQYMBaA
+FNBfJ7egJPzesBRsw+GHHstjp9mBMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEL
+BQADggEBAKshRkFAWPIc+ImeLrizAQT+BQlyRJJpCuqm7IMNv2i2JpLIUxObcZu4
+Uxmf57GzxnjGlzamY4+4uIgkxLSMae3WNNmTYCr5mCmZC7Pl0T8QzMvxxKe9tjsm
+FHxyAIMDRRlA/St3YN9+FhXuDyD2OkFDqDsoYb/bIk6/GQ0tZJbqXVjH/61OSVQB
+1le/s/hAvp+6CAa+iHOZHggdHWeBV7t+MQzWsYf9d4AhtJryT7cexdSVbDQ9nOSG
+VyPAVeae2cT9+M1lwG6oRz8zlOJzTvcj6spQuG2mucXkhUDmbPavcsoArRPE9gZ2
+EaOVFLxTswzODhfuDyf5RHuAvPN/WeU=
+-----END CERTIFICATE-----
diff --git a/test/integration/samplecaservicecontainer/applicationfiles/privkey.pem b/test/integration/samplecaservicecontainer/applicationfiles/privkey.pem
new file mode 100755
index 0000000..e1f08b4
--- /dev/null
+++ b/test/integration/samplecaservicecontainer/applicationfiles/privkey.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDoF4QE/hggOclQ
+/z30ZyXZHhbiIdqM9zqQGFDAQ326yYLQLpoBztu3AgTYG2GmmPtMCIjAkYxSXIpB
+gRcWMhkOzF7KpP8WdQgGwsi37E1DgeVrLtY+YsxQcjVn8foomaXzcDQd2DnGV2+W
+eb6GlWWF3E/TUn/DrQKaZa8cHbEgaR2QuK7sABogZ4CE8hVgpp9O0PUVDpLLNimm
+wY+4sv0piPpINoGpg69sqYW2hugRZr5PFPfa+MUmVVagdIvpHYXRjgcRNHGrHxPT
+XCHGZsyzT+wRXglcBUblILW92msCAFP2O/w7h/CgVWVWSoKwe3jUNafUP3Dfsdg5
+LjJc57cdAgMBAAECggEAV3udsMASWftOLfC36qsCsi9MUtqN5bq+4Ve5AG+wMbsJ
+Su118Z6GZRomt0rC6Sga+RLycRurt9PX7U76Y8xoc5KHXH0LBe0BJINBY0p36S1K
+S7dw3D0jZGNYTCECuVEJI5S0oFdDl8aXcjHbpiEkDmv3zuD29cv+AjK36bIrdNpS
+nlYudD58MoNo0rjO4F/rpcj3yIKTsdGkgUEsQqFM2gSqrSYc12lsmadnLdohGe+N
+fDA3k1MBjSt3fd+2DS6FmH9P/4UDeTc7j5v0Dvw7NQnYSXn9cAw0Ze6zLYFm4/wi
+d91Dqjc7l9EtknpPsLmPXO0a2sUtxXv3cuT1zRSwQQKBgQD1OqLFolSVzK/AYLF/
+KJz/pmuJULFUXchqzqp9W5ZUWbCsAtqHPiCTxjwD6Pyy0A5ppqjFUwtVler4JyN7
+u6fTDYrMOOlqt7FQ/oCLkin2Xvh+GR5meX/WTbkLboEgsLSUAEnuX47YYColvNk9
+qYxn6LdnRn3hcw+MrxPl6VMWDQKBgQDySSo0VUGvKGTHrJqFpXljvcd92IGjEeXu
++1lJZNZHTVOWqMEMvGyHJ/9r4dvWuOXDGayAwaorjJdhKi6LYBktwUHJbsaWLVdD
+2pf14ydU7s2eFRNtmOpvIPlpNO1dXw7PXuVCtMfh3VFMOahLyJDn6xrZ+Hb4p6eU
+uaeiSepxUQKBgQDiOlytLCsSIslEFS/J2gK0CagM/mcJKJdaiRtZGCPf3voQRXWp
+7FOLYAY/qTFuGGgjaT8rAohjRTGGCj0+yYhyOH0CF8Kl05591LtrhsS1ZzmgwrV7
+3bxkTEFYXXI8YSfFnVqW0Irr7BMVy1kx/Hbt6Q9A9BPu5wHCTEV0BULEBQKBgQDn
+kYJjDnF/Jg5cwd3Wireg2wxGfZ4566tmZJmMCnK7J28S+iu5LoZUD6iSxgZGDeac
+OHelgHRSt0cgOR7PW4P1NVbZXaU0eBWF5vGCtB8tkCi6RM6S26qFmHCJW2ra6TXQ
+gZSB0yOP/uXrAtiVxhapcw3w8wdS1XrYLTHJbPhEYQKBgQC9gRhaoK3S//t9csy2
+cvx6ZD4WQ4ONXA/Ojz3UoMv9JiZpSk+yr++W7Hn2kghkXYlnDe8N/o9Hqcx3VxJk
+LA1n3m9esMXp3t/vmDQ0BRoCPvJQhI7sbJVfIIHvmFsfNeJGRHkY2/3YstVu0MT5
+siotGnZGO+BBH8yL0i/epR7EBg==
+-----END PRIVATE KEY-----
diff --git a/test/integration/samplecaservicecontainer/applicationfiles/test.csr b/test/integration/samplecaservicecontainer/applicationfiles/test.csr
new file mode 100755
index 0000000..91c5d44
--- /dev/null
+++ b/test/integration/samplecaservicecontainer/applicationfiles/test.csr
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICkzCCAXsCAQAwTjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRQwEgYDVQQH
+DAtTYW50YSBDbGFyYTEMMAoGA1UECgwDT1RDMQ4wDAYDVQQDDAVJbnRlbDCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANJCQqdMIr2WCj94xp2/ywsiWYsF
+yFUmUwaQmeTXETppCqTUG5d/m+aeVVFJMtHnbDtQnytu9GwbUm1lwxtVtVodnXEJ
+85RF6RRMLhgBE94nmtgHBN8+eTz4NK29DXNJEcDe7RNPOWKQLxj26jBZFQvzafJt
+L/piCSHLd8WQLXXuuHdpnGg0e5w6Mo/hmldKJm85IyJwYgIbvwsDwTRf0BbXOzMH
+j9iOjmuVWuTA/b8LFQ+48142XBmEtp7tPRgC9wyQP6qRY+Nxq2nKyXREa6uaS6Uh
+yurZmo/FsF7yuJQZJVbkObmnugYR8nO/tz/c7LtxJb18YJJ1b1xAz/cm71UCAwEA
+AaAAMA0GCSqGSIb3DQEBCwUAA4IBAQBgwDDQAJo0tDgAHBLlwNlvD9PlcktBetEw
+cOaQ1QZZ4xYdQg1CXqC3Y3yiKRIt9VC6qjveosTsc2N0mFdcPCuJ5CGPge2neuna
+VeZJ3tRtUxFTjqCaVWXQkr8zNdQA3upsprQ9oPkJad8GsR1WwJY4hmE05L5vBn30
+WtnKlcyeolouIAx1npT8HcFCyfEdejLCKTk4VN5GaRdoUlzLL3dGOwlJbQ5Db49B
+JBNtMsvr1vYDPEKn613NoBw8DfcY5oBj2ZACr7XxZ8RIBbSUSW5BG5ky/RHwypHl
+KQJ1ITvek3rw7XWAQ2PCnaF8JhPTFSZ5YLe62SK8sqjw/RdObkEp
+-----END CERTIFICATE REQUEST-----
diff --git a/test/integration/samplecaservicecontainer/applicationfiles/test.key b/test/integration/samplecaservicecontainer/applicationfiles/test.key
new file mode 100755
index 0000000..6ae8c1d
--- /dev/null
+++ b/test/integration/samplecaservicecontainer/applicationfiles/test.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEA0kJCp0wivZYKP3jGnb/LCyJZiwXIVSZTBpCZ5NcROmkKpNQb
+l3+b5p5VUUky0edsO1CfK270bBtSbWXDG1W1Wh2dcQnzlEXpFEwuGAET3iea2AcE
+3z55PPg0rb0Nc0kRwN7tE085YpAvGPbqMFkVC/Np8m0v+mIJIct3xZAtde64d2mc
+aDR7nDoyj+GaV0ombzkjInBiAhu/CwPBNF/QFtc7MweP2I6Oa5Va5MD9vwsVD7jz
+XjZcGYS2nu09GAL3DJA/qpFj43GracrJdERrq5pLpSHK6tmaj8WwXvK4lBklVuQ5
+uae6BhHyc7+3P9zsu3ElvXxgknVvXEDP9ybvVQIDAQABAoIBABGaiJgXMMVsvXjo
+9MAaYbaR7qtMFaTDa6oeCzR0qTWZu9FnDNRXU8cwNHZ0yXN3i8E/k8QAKyit9O3B
+2l78gw2Dcz4WljUw0T3ozucll/M+n6E8nTTPtzjakxaEwI6JbJoYUAMQ2/4bkkXl
+zl+z5aY1gAZTC/RLpvYUYffBhXzdE+s6mJ3zK1MEN0eGucieRdBwFPz+EYFnrFwc
+N5e416WVcFn2s8Tpe3+/ntp+UGHgLB7BvcaaRr1QoyJ1oF2FnNbUDiMdW5cHC9tO
+/ida7aRN9iKWCtCIwS45lxSlIc2C2L/4jmhOLkgEIspnIkT3zMGnXAbZTOuvo627
+AOoU0BUCgYEA7MtC5tQRQkAg+lk1paHCLU/+FVDTTiEMPk4YBkUEzYYV+bB28W5R
+qWZLPl5CogV/ob3xltvrahq2SrGE7GFgSY1/nYWBBRp8XYSFul8J+rq9z+T4GZhb
++unF7P5VXkLRlRgjSlvsV/59n7nG9M6aB4DL/7aKeY7eC73Els1l1YsCgYEA41AH
+XSP8uGUH/WSIt2MuX7tAlgzRKztIzp3SOTAvyiOHo5u1uPrn0nDfPeD/dePJ+CbQ
+tt10o7ng1GKSOGYb02gpdLG1N/8ApaNyD2St3hq63upI4vvTEEa9H+J+igQsiaDn
+LNF1F47QnIK8H1RI7UeERWqt+38cD58bSgxrqp8CgYBHCMLNFBkJUsuRzmk1gs0J
+YtHJ+zEoYumVV0AFwXarYOn+uV01F+8PbkxsLUK38AZVsvFiXB7G+bRtu8swThXg
+er4ptv75VPSx6StkuVX5DUQbtYhnxTjykGZ7reBWIp1UqKUNjX3c988ft09j6QZz
+8cNAtrXbuWwLAaaTxpIh+QKBgDqhgcS8a4sERDNPoxPqOSPoIJiTZcBI4laozniB
+vVHeKDZDC3RTA0h8ZJiJWFsIDig7msoQBO3WG++sHRr++15kF41J6PwwgfI3Xkwq
+I86OBnVI6NPjMGWaWV3IBeuDeBlnrzkYLaON6rDz56INE2Jgd/WPtqCQAKTm3RsU
+aRDxAoGBALj6dpB8c/U2FCLceV+FtmCAD9+NFl5+orXGmOPCucBdwzEVoeZfqtHK
+vGjSFOqhZLM0cMgevMgU7dfUi3V0SnQ7BOQp5n0nSEmY4GkR+BEvoVkisskZRHXa
+JI4BL8YZ030gnLI2CzzMB8bOCVBl7vq6NmZxI8U+OhYTi7/uZNmN
+-----END RSA PRIVATE KEY-----