diff options
author | Bogumil Zebek <bogumil.zebek@nokia.com> | 2020-02-20 17:04:58 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2020-02-20 17:04:58 +0000 |
commit | 7831ee84ae44f14964739fe0d291074a885768dd (patch) | |
tree | bc1bc76f208435a3e5d1ef7ae017f223fd176a57 /certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CreateCertRequest.java | |
parent | 18acead623826c43da43da6d0e55e81e1f2953a1 (diff) | |
parent | 153a7ac15d804178e7c52f69117e1a9478862df1 (diff) |
Merge "Refactoring of Cmpv2Client code for sending CertRequest"
Diffstat (limited to 'certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CreateCertRequest.java')
-rw-r--r-- | certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CreateCertRequest.java | 129 |
1 files changed, 129 insertions, 0 deletions
diff --git a/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CreateCertRequest.java b/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CreateCertRequest.java new file mode 100644 index 00000000..aa544e7f --- /dev/null +++ b/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CreateCertRequest.java @@ -0,0 +1,129 @@ +/* + * Copyright (C) 2020 Ericsson Software Technology AB. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +package org.onap.aaf.certservice.cmpv2client.impl; + +import static org.onap.aaf.certservice.cmpv2client.impl.CmpUtil.createRandomBytes; +import static org.onap.aaf.certservice.cmpv2client.impl.CmpUtil.createRandomInt; +import static org.onap.aaf.certservice.cmpv2client.impl.CmpUtil.generatePkiHeader; + +import java.io.IOException; +import java.security.KeyPair; +import java.util.Date; +import java.util.List; +import java.util.Optional; +import org.bouncycastle.asn1.DERUTF8String; +import org.bouncycastle.asn1.cmp.PKIBody; +import org.bouncycastle.asn1.cmp.PKIHeader; +import org.bouncycastle.asn1.cmp.PKIMessage; +import org.bouncycastle.asn1.crmf.AttributeTypeAndValue; +import org.bouncycastle.asn1.crmf.CRMFObjectIdentifiers; +import org.bouncycastle.asn1.crmf.CertReqMessages; +import org.bouncycastle.asn1.crmf.CertReqMsg; +import org.bouncycastle.asn1.crmf.CertRequest; +import org.bouncycastle.asn1.crmf.CertTemplateBuilder; +import org.bouncycastle.asn1.crmf.ProofOfPossession; +import org.bouncycastle.asn1.x500.X500Name; +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; +import org.onap.aaf.certservice.cmpv2client.exceptions.CmpClientException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +/** + * Implementation of the CmpClient Interface conforming to RFC4210 (Certificate Management Protocol + * (CMP)) and RFC4211 (Certificate Request Message Format (CRMF)) standards. + */ +class CreateCertRequest { + + private static final Logger LOG = LoggerFactory.getLogger(CreateCertRequest.class); + + private X500Name issuerDn; + private X500Name subjectDn; + private List<String> sansList; + private KeyPair subjectKeyPair; + private Date notBefore; + private Date notAfter; + private String initAuthPassword; + + private static final int iterations = createRandomInt(5000); + private static final byte[] salt = createRandomBytes(); + private final int certReqId = createRandomInt(Integer.MAX_VALUE); + + public void setIssuerDn(X500Name issuerDn) { + this.issuerDn = issuerDn; + } + + public void setSubjectDn(X500Name subjectDn) { + this.subjectDn = subjectDn; + } + + public void setSansList(List<String> sansList) { + this.sansList = sansList; + } + + public void setSubjectKeyPair(KeyPair subjectKeyPair) { + this.subjectKeyPair = subjectKeyPair; + } + + public void setNotBefore(Date notBefore) { + this.notBefore = notBefore; + } + + public void setNotAfter(Date notAfter) { + this.notAfter = notAfter; + } + + public void setInitAuthPassword(String initAuthPassword) { + this.initAuthPassword = initAuthPassword; + } + + /** + * Method to create {@link PKIMessage} from {@link CertRequest},{@link ProofOfPossession}, {@link + * CertReqMsg}, {@link CertReqMessages}, {@link PKIHeader} and {@link PKIBody}. + * + * @return {@link PKIMessage} + */ + public PKIMessage generateCertReq() throws CmpClientException { + final CertTemplateBuilder certTemplateBuilder = + new CertTemplateBuilder() + .setIssuer(issuerDn) + .setSubject(subjectDn) + .setExtensions(CmpMessageHelper.generateExtension(sansList)) + .setValidity(CmpMessageHelper.generateOptionalValidity(notBefore, notAfter)) + .setPublicKey( + SubjectPublicKeyInfo.getInstance(subjectKeyPair.getPublic().getEncoded())); + + final CertRequest certRequest = new CertRequest(certReqId, certTemplateBuilder.build(), null); + final ProofOfPossession proofOfPossession = + CmpMessageHelper.generateProofOfPossession(certRequest, subjectKeyPair); + + final AttributeTypeAndValue[] attrTypeVal = { + new AttributeTypeAndValue( + CRMFObjectIdentifiers.id_regCtrl_regToken, new DERUTF8String(initAuthPassword)) + }; + + final CertReqMsg certReqMsg = new CertReqMsg(certRequest, proofOfPossession, attrTypeVal); + final CertReqMessages certReqMessages = new CertReqMessages(certReqMsg); + + final PKIHeader pkiHeader = + generatePkiHeader( + subjectDn, issuerDn, CmpMessageHelper.protectionAlgoIdentifier(iterations, salt)); + final PKIBody pkiBody = new PKIBody(PKIBody.TYPE_CERT_REQ, certReqMessages); + + return CmpMessageHelper.protectPkiMessage( + pkiHeader, pkiBody, initAuthPassword, iterations, salt); + } +} |