[OOM CERT-SERVICE-API] Add support for URI, IP, E-mail in SANs

Issue-ID: OOM-2632 Change-Id: I903c31ebe05521e281753cb847001ba99275f758 Signed-off-by: Tomasz Wrobel <tomasz.wrobel@nokia.com>
author: Tomasz Wrobel <tomasz.wrobel@nokia.com> 2020-11-18 07:55:55 +0100
committer: Tomasz Wrobel <tomasz.wrobel@nokia.com> 2020-11-20 12:05:42 +0100
commit: fd94a0f31c85d941330b43dcb2baa8ad4aa39270 (patch)
tree: c35b3fddbd5eebb618807f1894a52964fa6dd90d /certService/src/main/java
parent: 75ee4a9d489b53b2abd6b44b1a1a46635a703d44 (diff)
4 files changed, 27 insertions, 41 deletions
diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/model/CsrModel.java b/certService/src/main/java/org/onap/oom/certservice/certification/model/CsrModel.java
index 7cba1949..2573c978 100644
--- a/certService/src/main/java/org/onap/oom/certservice/certification/model/CsrModel.java
+++ b/certService/src/main/java/org/onap/oom/certservice/certification/model/CsrModel.java
@@ -29,11 +29,8 @@ import java.security.spec.InvalidKeySpecException;
 import java.security.spec.PKCS8EncodedKeySpec;
 import java.security.spec.X509EncodedKeySpec;
 import java.util.Arrays;
-import java.util.Collections;
-import java.util.List;
-import java.util.Objects;
-import java.util.stream.Collectors;
 
+import java.util.stream.Collectors;
 import org.bouncycastle.asn1.x500.X500Name;
 import org.bouncycastle.asn1.x509.Extension;
 import org.bouncycastle.asn1.x509.Extensions;
@@ -53,10 +50,10 @@ public class CsrModel {
     private final X500Name subjectData;
     private final PrivateKey privateKey;
     private final PublicKey publicKey;
-    private final List<String> sans;
+    private final GeneralName[] sans;
 
     public CsrModel(PKCS10CertificationRequest csr, X500Name subjectData, PrivateKey privateKey, PublicKey publicKey,
-                    List<String> sans) {
+        GeneralName[] sans) {
         this.csr = csr;
         this.subjectData = subjectData;
         this.privateKey = privateKey;
@@ -80,18 +77,24 @@ public class CsrModel {
         return publicKey;
     }
 
-    public List<String> getSans() {
+    public GeneralName[] getSans() {
         return sans;
     }
 
     @Override
     public String toString() {
-        return "Subject: { " + subjectData + " ,SANs: " + sans + " }";
+        return "CSR: { Subject: { " + subjectData + " }, SANs: [" + getSansInReadableFormat() + "] }";
     }
 
-    public static class CsrModelBuilder {
+    private String getSansInReadableFormat() {
+        return Arrays.stream(this.sans)
+            .map(generalName -> generalName.getName().toString())
+            .collect(Collectors.joining(", "));
+    }
 
+    public static class CsrModelBuilder {
         private final PKCS10CertificationRequest csr;
+
         private final PemObject privateKey;
 
         public CsrModel build() throws DecryptionException {
@@ -99,7 +102,7 @@ public class CsrModel {
             X500Name subjectData = getSubjectData();
             PrivateKey javaPrivateKey = convertingPemPrivateKeyToJavaSecurityPrivateKey(getPrivateKey());
             PublicKey javaPublicKey = convertingPemPublicKeyToJavaSecurityPublicKey(getPublicKey());
-            List<String> sans = getSansData();
+            GeneralName[] sans = getSansData();
 
             return new CsrModel(csr, subjectData, javaPrivateKey, javaPublicKey, sans);
         }
@@ -125,15 +128,12 @@ public class CsrModel {
             return csr.getSubject();
         }
 
-        private List<String> getSansData() {
+        private GeneralName[] getSansData() {
             if (!isAttrsEmpty() && !isAttrsValuesEmpty()) {
                 Extensions extensions = Extensions.getInstance(csr.getAttributes()[0].getAttrValues().getObjectAt(0));
-                GeneralName[] arrayOfAlternativeNames =
-                        GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName).getNames();
-                return Arrays.stream(arrayOfAlternativeNames).map(GeneralName::getName).map(Objects::toString)
-                               .collect(Collectors.toList());
+                return GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName).getNames();
             }
-            return Collections.emptyList();
+            return new GeneralName[0];
         }
 
         private boolean isAttrsValuesEmpty() {
@@ -145,7 +145,7 @@ public class CsrModel {
         }
 
         private PrivateKey convertingPemPrivateKeyToJavaSecurityPrivateKey(PemObject privateKey)
-                throws KeyDecryptionException {
+            throws KeyDecryptionException {
             try {
                 KeyFactory factory = KeyFactory.getInstance("RSA");
                 PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(privateKey.getContent());
@@ -154,9 +154,8 @@ public class CsrModel {
                 throw new KeyDecryptionException("Converting Private Key failed", e.getCause());
             }
         }
-
         private PublicKey convertingPemPublicKeyToJavaSecurityPublicKey(PemObject publicKey)
-                throws KeyDecryptionException {
+            throws KeyDecryptionException {
             try {
                 KeyFactory factory = KeyFactory.getInstance("RSA");
                 X509EncodedKeySpec keySpec = new X509EncodedKeySpec(publicKey.getContent());
@@ -165,6 +164,6 @@ public class CsrModel {
                 throw new KeyDecryptionException("Converting Public Key from CSR failed", e.getCause());
             }
         }
-    }
 
+    }
 }
diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java
index f5eddb58..6ff274c5 100644
--- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java
+++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java
@@ -86,7 +86,7 @@ public class CmpClientImpl implements CmpClient {
                 CmpMessageBuilder.of(CreateCertRequest::new)
                         .with(CreateCertRequest::setIssuerDn, server.getIssuerDN())
                         .with(CreateCertRequest::setSubjectDn, csrModel.getSubjectData())
-                        .with(CreateCertRequest::setSansList, csrModel.getSans())
+                        .with(CreateCertRequest::setSansArray, csrModel.getSans())
                         .with(CreateCertRequest::setSubjectKeyPair, keyPair)
                         .with(CreateCertRequest::setNotBefore, notBefore)
                         .with(CreateCertRequest::setNotAfter, notAfter)
diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java
index 844f85be..5c61aa9f 100644
--- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java
+++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java
@@ -31,9 +31,7 @@ import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
 import java.security.Signature;
 import java.security.SignatureException;
-import java.util.ArrayList;
 import java.util.Date;
-import java.util.List;
 import javax.crypto.Mac;
 import javax.crypto.SecretKey;
 import javax.crypto.spec.SecretKeySpec;
@@ -109,11 +107,10 @@ public final class CmpMessageHelper {
      *
      * @return {@link Extensions}.
      */
-    public static Extensions generateExtension(final List<String> sansList)
+    public static Extensions generateExtension(final GeneralName[] sansArray)
             throws CmpClientException {
         LOG.info("Generating Extensions from Subject Alternative Names");
         final ExtensionsGenerator extGenerator = new ExtensionsGenerator();
-        final GeneralName[] sansGeneralNames = getGeneralNames(sansList);
         // KeyUsage
         try {
             final KeyUsage keyUsage =
@@ -121,7 +118,7 @@ public final class CmpMessageHelper {
                             KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.nonRepudiation);
             extGenerator.addExtension(Extension.keyUsage, false, new DERBitString(keyUsage));
             extGenerator.addExtension(
-                    Extension.subjectAlternativeName, false, new GeneralNames(sansGeneralNames));
+                    Extension.subjectAlternativeName, false, new GeneralNames(sansArray));
         } catch (IOException ioe) {
             CmpClientException cmpClientException =
                     new CmpClientException(
@@ -132,16 +129,6 @@ public final class CmpMessageHelper {
         return extGenerator.generate();
     }
 
-    public static GeneralName[] getGeneralNames(List<String> sansList) {
-        final List<GeneralName> nameList = new ArrayList<>();
-        for (String san : sansList) {
-            nameList.add(new GeneralName(GeneralName.dNSName, san));
-        }
-        final GeneralName[] sansGeneralNames = new GeneralName[nameList.size()];
-        nameList.toArray(sansGeneralNames);
-        return sansGeneralNames;
-    }
-
     /**
      * Method generates Proof-of-Possession (POP) of Private Key. To allow a CA/RA to properly
      * validity binding between an End Entity and a Key Pair, the PKI Operations specified here make
diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CreateCertRequest.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CreateCertRequest.java
index a0ba13d6..8d82b85b 100644
--- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CreateCertRequest.java
+++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CreateCertRequest.java
@@ -26,7 +26,6 @@ import static org.onap.oom.certservice.cmpv2client.impl.CmpUtil.generatePkiHeade
 
 import java.security.KeyPair;
 import java.util.Date;
-import java.util.List;
 
 import org.bouncycastle.asn1.cmp.PKIBody;
 import org.bouncycastle.asn1.cmp.PKIHeader;
@@ -37,6 +36,7 @@ import org.bouncycastle.asn1.crmf.CertRequest;
 import org.bouncycastle.asn1.crmf.CertTemplateBuilder;
 import org.bouncycastle.asn1.crmf.ProofOfPossession;
 import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.asn1.x509.GeneralName;
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
 import org.onap.oom.certservice.cmpv2client.exceptions.CmpClientException;
 
@@ -48,7 +48,7 @@ class CreateCertRequest {
 
     private X500Name issuerDn;
     private X500Name subjectDn;
-    private List<String> sansList;
+    private GeneralName[] sansArray;
     private KeyPair subjectKeyPair;
     private Date notBefore;
     private Date notAfter;
@@ -67,8 +67,8 @@ class CreateCertRequest {
         this.subjectDn = subjectDn;
     }
 
-    public void setSansList(List<String> sansList) {
-        this.sansList = sansList;
+    public void setSansArray(GeneralName[] sansArray) {
+        this.sansArray = sansArray;
     }
 
     public void setSubjectKeyPair(KeyPair subjectKeyPair) {
@@ -102,7 +102,7 @@ class CreateCertRequest {
                 new CertTemplateBuilder()
                         .setIssuer(issuerDn)
                         .setSubject(subjectDn)
-                        .setExtensions(CmpMessageHelper.generateExtension(sansList))
+                        .setExtensions(CmpMessageHelper.generateExtension(sansArray))
                         .setValidity(CmpMessageHelper.generateOptionalValidity(notBefore, notAfter))
                         .setPublicKey(
                                 SubjectPublicKeyInfo.getInstance(subjectKeyPair.getPublic().getEncoded()));
author	Tomasz Wrobel <tomasz.wrobel@nokia.com>	2020-11-18 07:55:55 +0100
committer	Tomasz Wrobel <tomasz.wrobel@nokia.com>	2020-11-20 12:05:42 +0100
commit	fd94a0f31c85d941330b43dcb2baa8ad4aa39270 (patch)
tree	c35b3fddbd5eebb618807f1894a52964fa6dd90d /certService/src/main/java
parent	75ee4a9d489b53b2abd6b44b1a1a46635a703d44 (diff)