diff options
5 files changed, 293 insertions, 0 deletions
diff --git a/test/integration/samplecaservicecontainer/applicationfiles/CaSign.java b/test/integration/samplecaservicecontainer/applicationfiles/CaSign.java new file mode 100755 index 0000000..a43e262 --- /dev/null +++ b/test/integration/samplecaservicecontainer/applicationfiles/CaSign.java @@ -0,0 +1,201 @@ +/* + * Copyright 2018 Intel Corporation, Inc + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +import java.security.*; +import sun.security.pkcs11.*; +import javax.crypto.spec.SecretKeySpec; +import java.util.*; +import sun.security.pkcs11.*; +import java.security.interfaces.*; +import javax.net.ssl.*; +import javax.crypto.spec.*; +import java.io.*; +import java.security.cert.*; +import java.security.spec.*; +import sun.security.x509.*; +import java.security.KeyStore.PrivateKeyEntry; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.math.BigInteger; +import java.security.InvalidKeyException; +import java.security.Key; +import java.security.KeyManagementException; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.SecureRandom; +import java.security.Security; +import java.security.SignatureException; +import java.security.UnrecoverableKeyException; +import java.security.cert.Certificate; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; +import java.util.Date; +import java.util.Random; + +import org.bouncycastle.pkcs.PKCS10CertificationRequest; +import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1InputStream; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.DERSequence; +import org.bouncycastle.asn1.x500.X500Name; +import org.bouncycastle.asn1.x500.X500NameBuilder; +import org.bouncycastle.asn1.x500.style.BCStyle; +import org.bouncycastle.asn1.x509.BasicConstraints; +import org.bouncycastle.asn1.x509.Extension; +import org.bouncycastle.asn1.x509.KeyPurposeId; +import org.bouncycastle.asn1.x509.KeyUsage; +import org.bouncycastle.asn1.x509.SubjectKeyIdentifier; +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; +import org.bouncycastle.cert.CertIOException; +import org.bouncycastle.cert.X509CertificateHolder; +import org.bouncycastle.cert.X509v3CertificateBuilder; +import org.bouncycastle.cert.bc.BcX509ExtensionUtils; +import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; +import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.bouncycastle.operator.ContentSigner; +import org.bouncycastle.operator.OperatorCreationException; +import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; +import org.bouncycastle.util.io.pem.PemReader; +import org.bouncycastle.util.io.pem.PemObject; +import org.bouncycastle.asn1.pkcs.CertificationRequest; +import org.bouncycastle.asn1.x509.ExtendedKeyUsage; +import org.bouncycastle.asn1.x509.Extension; +import org.bouncycastle.asn1.x509.GeneralName; +import org.bouncycastle.asn1.x509.GeneralNames; +import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils; + + + +import javax.xml.bind.DatatypeConverter; +import java.security.cert.X509Certificate; +import java.io.StringWriter; + +public class CaSign { + + private static final KeyPurposeId[] ASN_WebUsage = new KeyPurposeId[] { + KeyPurposeId.id_kp_serverAuth, + + KeyPurposeId.id_kp_clientAuth}; + + public static void main(String[] args) throws Exception { + //System.setProperty("javax.net.debug","all"); + //System.setProperty("javax.security.debug","all"); + if ( args.length < 2 ) + System.out.println("Arguments mismatch, Usage: CaSign <pin> <alias>"); + for(int i = 0; i < args.length; i++) { + System.out.println(args[i]); + } + // Set up the Sun PKCS 11 provider + String configName = "/tmp/pkcs11.cfg"; + Provider p = new SunPKCS11(configName); + //Provider p = Security.getProvider("SunPKCS11-pkcs11Test"); + if (p==null) { + throw new RuntimeException("could not get security provider for"); + } + Security.addProvider(p); + // Load the key store + char[] pin = args[0].toCharArray(); + KeyStore keyStore = KeyStore.getInstance("PKCS11", p); + keyStore.load(null, pin); + + + Enumeration<String> aliases = keyStore.aliases(); + while(aliases.hasMoreElements()){ + String alias = aliases.nextElement(); + System.out.println(alias + ": " + keyStore.getKey(alias,args[0].toCharArray())); + } + PrivateKeyEntry privateKeyEntry = (PrivateKeyEntry) keyStore.getEntry(args[1], null); + PrivateKey privateKey = privateKeyEntry.getPrivateKey(); + + File csrf = new File("/tmp/test.csr"); + if ( csrf == null ) + System.out.println("Make sure to copy the test.csr file to /tmp"); + Reader pemcsr = new FileReader(csrf); + PemReader reader = new PemReader(pemcsr); + PemObject pem = reader.readPemObject(); + PKCS10CertificationRequest csr = new PKCS10CertificationRequest(pem.getContent()); + + X509Certificate caCert = (X509Certificate) privateKeyEntry.getCertificate(); + RSAPublicKey publicKey = (RSAPublicKey) caCert.getPublicKey(); + + Security.addProvider(new BouncyCastleProvider()); + + X500NameBuilder x500NameBld = new X500NameBuilder(BCStyle.INSTANCE); + x500NameBld.addRDN(BCStyle.C, "US"); + x500NameBld.addRDN(BCStyle.ST, "CA"); + x500NameBld.addRDN(BCStyle.L, "local"); + x500NameBld.addRDN(BCStyle.O, "onap"); + x500NameBld.addRDN(BCStyle.CN, "test.onap.ca"); + X500Name issuer = x500NameBld.build(); + + GregorianCalendar gc = new GregorianCalendar(); + Date start = gc.getTime(); + gc.add(GregorianCalendar.DAY_OF_MONTH, 1000); + Date end = gc.getTime(); + + X509Certificate x509; + byte[] serialish = new byte[24]; + SecureRandom random = new SecureRandom(); + BigInteger bi; + synchronized(serialish) { + random.nextBytes(serialish); + bi = new BigInteger(serialish); + } + X509v3CertificateBuilder xcb = new X509v3CertificateBuilder(issuer, bi, + start, end, csr.getSubject(), csr.getSubjectPublicKeyInfo()); + + + + JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils(); + xcb .addExtension(Extension.basicConstraints, + false, new BasicConstraints(false)) + .addExtension(Extension.keyUsage, + true, new KeyUsage(KeyUsage.digitalSignature + | KeyUsage.keyEncipherment)) + .addExtension(Extension.extendedKeyUsage, + true, new ExtendedKeyUsage(ASN_WebUsage)) + + .addExtension(Extension.authorityKeyIdentifier, + false, extUtils.createAuthorityKeyIdentifier(caCert)) + .addExtension(Extension.subjectKeyIdentifier, + false, extUtils.createSubjectKeyIdentifier(caCert.getPublicKey())); + //.addExtension(Extension.subjectAlternativeName, + // false, new GeneralNames(sans)); + + + + ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSA").build(privateKey); + x509 = new JcaX509CertificateConverter().getCertificate(xcb.build(sigGen)); + + StringWriter sw = new StringWriter(); + sw.write("-----BEGIN CERTIFICATE-----\n"); + sw.write(DatatypeConverter.printBase64Binary(x509.getEncoded()).replaceAll("(.{64})", "$1\n")); + sw.write("\n-----END CERTIFICATE-----\n"); + FileWriter fw = new FileWriter("/tmp/test.cert"); + fw.write(sw.toString()); + fw.close(); + System.out.println("Done - Signed certificate at /tmp/test.cert"); + + } +} diff --git a/test/integration/samplecaservicecontainer/applicationfiles/ca.cert b/test/integration/samplecaservicecontainer/applicationfiles/ca.cert new file mode 100755 index 0000000..78f187c --- /dev/null +++ b/test/integration/samplecaservicecontainer/applicationfiles/ca.cert @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDczCCAlugAwIBAgIJALoay4GExsvXMA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNV +BAYTAlVTMQswCQYDVQQIDAJDQTEOMAwGA1UEBwwFbG9jYWwxDTALBgNVBAoMBG9u +YXAxFTATBgNVBAMMDHRlc3Qub25hcC5jYTAeFw0xODA2MjkxNzUwNDVaFw0yODA2 +MjYxNzUwNDVaMFAxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEOMAwGA1UEBwwF +bG9jYWwxDTALBgNVBAoMBG9uYXAxFTATBgNVBAMMDHRlc3Qub25hcC5jYTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOgXhAT+GCA5yVD/PfRnJdkeFuIh +2oz3OpAYUMBDfbrJgtAumgHO27cCBNgbYaaY+0wIiMCRjFJcikGBFxYyGQ7MXsqk +/xZ1CAbCyLfsTUOB5Wsu1j5izFByNWfx+iiZpfNwNB3YOcZXb5Z5voaVZYXcT9NS +f8OtApplrxwdsSBpHZC4ruwAGiBngITyFWCmn07Q9RUOkss2KabBj7iy/SmI+kg2 +gamDr2yphbaG6BFmvk8U99r4xSZVVqB0i+kdhdGOBxE0casfE9NcIcZmzLNP7BFe +CVwFRuUgtb3aawIAU/Y7/DuH8KBVZVZKgrB7eNQ1p9Q/cN+x2DkuMlzntx0CAwEA +AaNQME4wHQYDVR0OBBYEFNBfJ7egJPzesBRsw+GHHstjp9mBMB8GA1UdIwQYMBaA +FNBfJ7egJPzesBRsw+GHHstjp9mBMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEL +BQADggEBAKshRkFAWPIc+ImeLrizAQT+BQlyRJJpCuqm7IMNv2i2JpLIUxObcZu4 +Uxmf57GzxnjGlzamY4+4uIgkxLSMae3WNNmTYCr5mCmZC7Pl0T8QzMvxxKe9tjsm +FHxyAIMDRRlA/St3YN9+FhXuDyD2OkFDqDsoYb/bIk6/GQ0tZJbqXVjH/61OSVQB +1le/s/hAvp+6CAa+iHOZHggdHWeBV7t+MQzWsYf9d4AhtJryT7cexdSVbDQ9nOSG +VyPAVeae2cT9+M1lwG6oRz8zlOJzTvcj6spQuG2mucXkhUDmbPavcsoArRPE9gZ2 +EaOVFLxTswzODhfuDyf5RHuAvPN/WeU= +-----END CERTIFICATE----- diff --git a/test/integration/samplecaservicecontainer/applicationfiles/privkey.pem b/test/integration/samplecaservicecontainer/applicationfiles/privkey.pem new file mode 100755 index 0000000..e1f08b4 --- /dev/null +++ b/test/integration/samplecaservicecontainer/applicationfiles/privkey.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDoF4QE/hggOclQ +/z30ZyXZHhbiIdqM9zqQGFDAQ326yYLQLpoBztu3AgTYG2GmmPtMCIjAkYxSXIpB +gRcWMhkOzF7KpP8WdQgGwsi37E1DgeVrLtY+YsxQcjVn8foomaXzcDQd2DnGV2+W +eb6GlWWF3E/TUn/DrQKaZa8cHbEgaR2QuK7sABogZ4CE8hVgpp9O0PUVDpLLNimm +wY+4sv0piPpINoGpg69sqYW2hugRZr5PFPfa+MUmVVagdIvpHYXRjgcRNHGrHxPT +XCHGZsyzT+wRXglcBUblILW92msCAFP2O/w7h/CgVWVWSoKwe3jUNafUP3Dfsdg5 +LjJc57cdAgMBAAECggEAV3udsMASWftOLfC36qsCsi9MUtqN5bq+4Ve5AG+wMbsJ +Su118Z6GZRomt0rC6Sga+RLycRurt9PX7U76Y8xoc5KHXH0LBe0BJINBY0p36S1K +S7dw3D0jZGNYTCECuVEJI5S0oFdDl8aXcjHbpiEkDmv3zuD29cv+AjK36bIrdNpS +nlYudD58MoNo0rjO4F/rpcj3yIKTsdGkgUEsQqFM2gSqrSYc12lsmadnLdohGe+N +fDA3k1MBjSt3fd+2DS6FmH9P/4UDeTc7j5v0Dvw7NQnYSXn9cAw0Ze6zLYFm4/wi +d91Dqjc7l9EtknpPsLmPXO0a2sUtxXv3cuT1zRSwQQKBgQD1OqLFolSVzK/AYLF/ +KJz/pmuJULFUXchqzqp9W5ZUWbCsAtqHPiCTxjwD6Pyy0A5ppqjFUwtVler4JyN7 +u6fTDYrMOOlqt7FQ/oCLkin2Xvh+GR5meX/WTbkLboEgsLSUAEnuX47YYColvNk9 +qYxn6LdnRn3hcw+MrxPl6VMWDQKBgQDySSo0VUGvKGTHrJqFpXljvcd92IGjEeXu ++1lJZNZHTVOWqMEMvGyHJ/9r4dvWuOXDGayAwaorjJdhKi6LYBktwUHJbsaWLVdD +2pf14ydU7s2eFRNtmOpvIPlpNO1dXw7PXuVCtMfh3VFMOahLyJDn6xrZ+Hb4p6eU +uaeiSepxUQKBgQDiOlytLCsSIslEFS/J2gK0CagM/mcJKJdaiRtZGCPf3voQRXWp +7FOLYAY/qTFuGGgjaT8rAohjRTGGCj0+yYhyOH0CF8Kl05591LtrhsS1ZzmgwrV7 +3bxkTEFYXXI8YSfFnVqW0Irr7BMVy1kx/Hbt6Q9A9BPu5wHCTEV0BULEBQKBgQDn +kYJjDnF/Jg5cwd3Wireg2wxGfZ4566tmZJmMCnK7J28S+iu5LoZUD6iSxgZGDeac +OHelgHRSt0cgOR7PW4P1NVbZXaU0eBWF5vGCtB8tkCi6RM6S26qFmHCJW2ra6TXQ +gZSB0yOP/uXrAtiVxhapcw3w8wdS1XrYLTHJbPhEYQKBgQC9gRhaoK3S//t9csy2 +cvx6ZD4WQ4ONXA/Ojz3UoMv9JiZpSk+yr++W7Hn2kghkXYlnDe8N/o9Hqcx3VxJk +LA1n3m9esMXp3t/vmDQ0BRoCPvJQhI7sbJVfIIHvmFsfNeJGRHkY2/3YstVu0MT5 +siotGnZGO+BBH8yL0i/epR7EBg== +-----END PRIVATE KEY----- diff --git a/test/integration/samplecaservicecontainer/applicationfiles/test.csr b/test/integration/samplecaservicecontainer/applicationfiles/test.csr new file mode 100755 index 0000000..91c5d44 --- /dev/null +++ b/test/integration/samplecaservicecontainer/applicationfiles/test.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICkzCCAXsCAQAwTjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRQwEgYDVQQH +DAtTYW50YSBDbGFyYTEMMAoGA1UECgwDT1RDMQ4wDAYDVQQDDAVJbnRlbDCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANJCQqdMIr2WCj94xp2/ywsiWYsF +yFUmUwaQmeTXETppCqTUG5d/m+aeVVFJMtHnbDtQnytu9GwbUm1lwxtVtVodnXEJ +85RF6RRMLhgBE94nmtgHBN8+eTz4NK29DXNJEcDe7RNPOWKQLxj26jBZFQvzafJt +L/piCSHLd8WQLXXuuHdpnGg0e5w6Mo/hmldKJm85IyJwYgIbvwsDwTRf0BbXOzMH +j9iOjmuVWuTA/b8LFQ+48142XBmEtp7tPRgC9wyQP6qRY+Nxq2nKyXREa6uaS6Uh +yurZmo/FsF7yuJQZJVbkObmnugYR8nO/tz/c7LtxJb18YJJ1b1xAz/cm71UCAwEA +AaAAMA0GCSqGSIb3DQEBCwUAA4IBAQBgwDDQAJo0tDgAHBLlwNlvD9PlcktBetEw +cOaQ1QZZ4xYdQg1CXqC3Y3yiKRIt9VC6qjveosTsc2N0mFdcPCuJ5CGPge2neuna +VeZJ3tRtUxFTjqCaVWXQkr8zNdQA3upsprQ9oPkJad8GsR1WwJY4hmE05L5vBn30 +WtnKlcyeolouIAx1npT8HcFCyfEdejLCKTk4VN5GaRdoUlzLL3dGOwlJbQ5Db49B +JBNtMsvr1vYDPEKn613NoBw8DfcY5oBj2ZACr7XxZ8RIBbSUSW5BG5ky/RHwypHl +KQJ1ITvek3rw7XWAQ2PCnaF8JhPTFSZ5YLe62SK8sqjw/RdObkEp +-----END CERTIFICATE REQUEST----- diff --git a/test/integration/samplecaservicecontainer/applicationfiles/test.key b/test/integration/samplecaservicecontainer/applicationfiles/test.key new file mode 100755 index 0000000..6ae8c1d --- /dev/null +++ b/test/integration/samplecaservicecontainer/applicationfiles/test.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA0kJCp0wivZYKP3jGnb/LCyJZiwXIVSZTBpCZ5NcROmkKpNQb +l3+b5p5VUUky0edsO1CfK270bBtSbWXDG1W1Wh2dcQnzlEXpFEwuGAET3iea2AcE +3z55PPg0rb0Nc0kRwN7tE085YpAvGPbqMFkVC/Np8m0v+mIJIct3xZAtde64d2mc +aDR7nDoyj+GaV0ombzkjInBiAhu/CwPBNF/QFtc7MweP2I6Oa5Va5MD9vwsVD7jz +XjZcGYS2nu09GAL3DJA/qpFj43GracrJdERrq5pLpSHK6tmaj8WwXvK4lBklVuQ5 +uae6BhHyc7+3P9zsu3ElvXxgknVvXEDP9ybvVQIDAQABAoIBABGaiJgXMMVsvXjo +9MAaYbaR7qtMFaTDa6oeCzR0qTWZu9FnDNRXU8cwNHZ0yXN3i8E/k8QAKyit9O3B +2l78gw2Dcz4WljUw0T3ozucll/M+n6E8nTTPtzjakxaEwI6JbJoYUAMQ2/4bkkXl +zl+z5aY1gAZTC/RLpvYUYffBhXzdE+s6mJ3zK1MEN0eGucieRdBwFPz+EYFnrFwc +N5e416WVcFn2s8Tpe3+/ntp+UGHgLB7BvcaaRr1QoyJ1oF2FnNbUDiMdW5cHC9tO +/ida7aRN9iKWCtCIwS45lxSlIc2C2L/4jmhOLkgEIspnIkT3zMGnXAbZTOuvo627 +AOoU0BUCgYEA7MtC5tQRQkAg+lk1paHCLU/+FVDTTiEMPk4YBkUEzYYV+bB28W5R +qWZLPl5CogV/ob3xltvrahq2SrGE7GFgSY1/nYWBBRp8XYSFul8J+rq9z+T4GZhb ++unF7P5VXkLRlRgjSlvsV/59n7nG9M6aB4DL/7aKeY7eC73Els1l1YsCgYEA41AH +XSP8uGUH/WSIt2MuX7tAlgzRKztIzp3SOTAvyiOHo5u1uPrn0nDfPeD/dePJ+CbQ +tt10o7ng1GKSOGYb02gpdLG1N/8ApaNyD2St3hq63upI4vvTEEa9H+J+igQsiaDn +LNF1F47QnIK8H1RI7UeERWqt+38cD58bSgxrqp8CgYBHCMLNFBkJUsuRzmk1gs0J +YtHJ+zEoYumVV0AFwXarYOn+uV01F+8PbkxsLUK38AZVsvFiXB7G+bRtu8swThXg +er4ptv75VPSx6StkuVX5DUQbtYhnxTjykGZ7reBWIp1UqKUNjX3c988ft09j6QZz +8cNAtrXbuWwLAaaTxpIh+QKBgDqhgcS8a4sERDNPoxPqOSPoIJiTZcBI4laozniB +vVHeKDZDC3RTA0h8ZJiJWFsIDig7msoQBO3WG++sHRr++15kF41J6PwwgfI3Xkwq +I86OBnVI6NPjMGWaWV3IBeuDeBlnrzkYLaON6rDz56INE2Jgd/WPtqCQAKTm3RsU +aRDxAoGBALj6dpB8c/U2FCLceV+FtmCAD9+NFl5+orXGmOPCucBdwzEVoeZfqtHK +vGjSFOqhZLM0cMgevMgU7dfUi3V0SnQ7BOQp5n0nSEmY4GkR+BEvoVkisskZRHXa +JI4BL8YZ030gnLI2CzzMB8bOCVBl7vq6NmZxI8U+OhYTi7/uZNmN +-----END RSA PRIVATE KEY----- |