summaryrefslogtreecommitdiffstats
path: root/certService/src/main
diff options
context:
space:
mode:
authorTomasz Wrobel <tomasz.wrobel@nokia.com>2020-11-18 07:55:55 +0100
committerTomasz Wrobel <tomasz.wrobel@nokia.com>2020-11-20 12:05:42 +0100
commitfd94a0f31c85d941330b43dcb2baa8ad4aa39270 (patch)
treec35b3fddbd5eebb618807f1894a52964fa6dd90d /certService/src/main
parent75ee4a9d489b53b2abd6b44b1a1a46635a703d44 (diff)
[OOM CERT-SERVICE-API] Add support for URI, IP, E-mail in SANs
Issue-ID: OOM-2632 Change-Id: I903c31ebe05521e281753cb847001ba99275f758 Signed-off-by: Tomasz Wrobel <tomasz.wrobel@nokia.com>
Diffstat (limited to 'certService/src/main')
-rw-r--r--certService/src/main/java/org/onap/oom/certservice/certification/model/CsrModel.java39
-rw-r--r--certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java2
-rw-r--r--certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java17
-rw-r--r--certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CreateCertRequest.java10
4 files changed, 27 insertions, 41 deletions
diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/model/CsrModel.java b/certService/src/main/java/org/onap/oom/certservice/certification/model/CsrModel.java
index 7cba1949..2573c978 100644
--- a/certService/src/main/java/org/onap/oom/certservice/certification/model/CsrModel.java
+++ b/certService/src/main/java/org/onap/oom/certservice/certification/model/CsrModel.java
@@ -29,11 +29,8 @@ import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
-import java.util.Collections;
-import java.util.List;
-import java.util.Objects;
-import java.util.stream.Collectors;
+import java.util.stream.Collectors;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
@@ -53,10 +50,10 @@ public class CsrModel {
private final X500Name subjectData;
private final PrivateKey privateKey;
private final PublicKey publicKey;
- private final List<String> sans;
+ private final GeneralName[] sans;
public CsrModel(PKCS10CertificationRequest csr, X500Name subjectData, PrivateKey privateKey, PublicKey publicKey,
- List<String> sans) {
+ GeneralName[] sans) {
this.csr = csr;
this.subjectData = subjectData;
this.privateKey = privateKey;
@@ -80,18 +77,24 @@ public class CsrModel {
return publicKey;
}
- public List<String> getSans() {
+ public GeneralName[] getSans() {
return sans;
}
@Override
public String toString() {
- return "Subject: { " + subjectData + " ,SANs: " + sans + " }";
+ return "CSR: { Subject: { " + subjectData + " }, SANs: [" + getSansInReadableFormat() + "] }";
}
- public static class CsrModelBuilder {
+ private String getSansInReadableFormat() {
+ return Arrays.stream(this.sans)
+ .map(generalName -> generalName.getName().toString())
+ .collect(Collectors.joining(", "));
+ }
+ public static class CsrModelBuilder {
private final PKCS10CertificationRequest csr;
+
private final PemObject privateKey;
public CsrModel build() throws DecryptionException {
@@ -99,7 +102,7 @@ public class CsrModel {
X500Name subjectData = getSubjectData();
PrivateKey javaPrivateKey = convertingPemPrivateKeyToJavaSecurityPrivateKey(getPrivateKey());
PublicKey javaPublicKey = convertingPemPublicKeyToJavaSecurityPublicKey(getPublicKey());
- List<String> sans = getSansData();
+ GeneralName[] sans = getSansData();
return new CsrModel(csr, subjectData, javaPrivateKey, javaPublicKey, sans);
}
@@ -125,15 +128,12 @@ public class CsrModel {
return csr.getSubject();
}
- private List<String> getSansData() {
+ private GeneralName[] getSansData() {
if (!isAttrsEmpty() && !isAttrsValuesEmpty()) {
Extensions extensions = Extensions.getInstance(csr.getAttributes()[0].getAttrValues().getObjectAt(0));
- GeneralName[] arrayOfAlternativeNames =
- GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName).getNames();
- return Arrays.stream(arrayOfAlternativeNames).map(GeneralName::getName).map(Objects::toString)
- .collect(Collectors.toList());
+ return GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName).getNames();
}
- return Collections.emptyList();
+ return new GeneralName[0];
}
private boolean isAttrsValuesEmpty() {
@@ -145,7 +145,7 @@ public class CsrModel {
}
private PrivateKey convertingPemPrivateKeyToJavaSecurityPrivateKey(PemObject privateKey)
- throws KeyDecryptionException {
+ throws KeyDecryptionException {
try {
KeyFactory factory = KeyFactory.getInstance("RSA");
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(privateKey.getContent());
@@ -154,9 +154,8 @@ public class CsrModel {
throw new KeyDecryptionException("Converting Private Key failed", e.getCause());
}
}
-
private PublicKey convertingPemPublicKeyToJavaSecurityPublicKey(PemObject publicKey)
- throws KeyDecryptionException {
+ throws KeyDecryptionException {
try {
KeyFactory factory = KeyFactory.getInstance("RSA");
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(publicKey.getContent());
@@ -165,6 +164,6 @@ public class CsrModel {
throw new KeyDecryptionException("Converting Public Key from CSR failed", e.getCause());
}
}
- }
+ }
}
diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java
index f5eddb58..6ff274c5 100644
--- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java
+++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java
@@ -86,7 +86,7 @@ public class CmpClientImpl implements CmpClient {
CmpMessageBuilder.of(CreateCertRequest::new)
.with(CreateCertRequest::setIssuerDn, server.getIssuerDN())
.with(CreateCertRequest::setSubjectDn, csrModel.getSubjectData())
- .with(CreateCertRequest::setSansList, csrModel.getSans())
+ .with(CreateCertRequest::setSansArray, csrModel.getSans())
.with(CreateCertRequest::setSubjectKeyPair, keyPair)
.with(CreateCertRequest::setNotBefore, notBefore)
.with(CreateCertRequest::setNotAfter, notAfter)
diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java
index 844f85be..5c61aa9f 100644
--- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java
+++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java
@@ -31,9 +31,7 @@ import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Signature;
import java.security.SignatureException;
-import java.util.ArrayList;
import java.util.Date;
-import java.util.List;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
@@ -109,11 +107,10 @@ public final class CmpMessageHelper {
*
* @return {@link Extensions}.
*/
- public static Extensions generateExtension(final List<String> sansList)
+ public static Extensions generateExtension(final GeneralName[] sansArray)
throws CmpClientException {
LOG.info("Generating Extensions from Subject Alternative Names");
final ExtensionsGenerator extGenerator = new ExtensionsGenerator();
- final GeneralName[] sansGeneralNames = getGeneralNames(sansList);
// KeyUsage
try {
final KeyUsage keyUsage =
@@ -121,7 +118,7 @@ public final class CmpMessageHelper {
KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.nonRepudiation);
extGenerator.addExtension(Extension.keyUsage, false, new DERBitString(keyUsage));
extGenerator.addExtension(
- Extension.subjectAlternativeName, false, new GeneralNames(sansGeneralNames));
+ Extension.subjectAlternativeName, false, new GeneralNames(sansArray));
} catch (IOException ioe) {
CmpClientException cmpClientException =
new CmpClientException(
@@ -132,16 +129,6 @@ public final class CmpMessageHelper {
return extGenerator.generate();
}
- public static GeneralName[] getGeneralNames(List<String> sansList) {
- final List<GeneralName> nameList = new ArrayList<>();
- for (String san : sansList) {
- nameList.add(new GeneralName(GeneralName.dNSName, san));
- }
- final GeneralName[] sansGeneralNames = new GeneralName[nameList.size()];
- nameList.toArray(sansGeneralNames);
- return sansGeneralNames;
- }
-
/**
* Method generates Proof-of-Possession (POP) of Private Key. To allow a CA/RA to properly
* validity binding between an End Entity and a Key Pair, the PKI Operations specified here make
diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CreateCertRequest.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CreateCertRequest.java
index a0ba13d6..8d82b85b 100644
--- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CreateCertRequest.java
+++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CreateCertRequest.java
@@ -26,7 +26,6 @@ import static org.onap.oom.certservice.cmpv2client.impl.CmpUtil.generatePkiHeade
import java.security.KeyPair;
import java.util.Date;
-import java.util.List;
import org.bouncycastle.asn1.cmp.PKIBody;
import org.bouncycastle.asn1.cmp.PKIHeader;
@@ -37,6 +36,7 @@ import org.bouncycastle.asn1.crmf.CertRequest;
import org.bouncycastle.asn1.crmf.CertTemplateBuilder;
import org.bouncycastle.asn1.crmf.ProofOfPossession;
import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.onap.oom.certservice.cmpv2client.exceptions.CmpClientException;
@@ -48,7 +48,7 @@ class CreateCertRequest {
private X500Name issuerDn;
private X500Name subjectDn;
- private List<String> sansList;
+ private GeneralName[] sansArray;
private KeyPair subjectKeyPair;
private Date notBefore;
private Date notAfter;
@@ -67,8 +67,8 @@ class CreateCertRequest {
this.subjectDn = subjectDn;
}
- public void setSansList(List<String> sansList) {
- this.sansList = sansList;
+ public void setSansArray(GeneralName[] sansArray) {
+ this.sansArray = sansArray;
}
public void setSubjectKeyPair(KeyPair subjectKeyPair) {
@@ -102,7 +102,7 @@ class CreateCertRequest {
new CertTemplateBuilder()
.setIssuer(issuerDn)
.setSubject(subjectDn)
- .setExtensions(CmpMessageHelper.generateExtension(sansList))
+ .setExtensions(CmpMessageHelper.generateExtension(sansArray))
.setValidity(CmpMessageHelper.generateOptionalValidity(notBefore, notAfter))
.setPublicKey(
SubjectPublicKeyInfo.getInstance(subjectKeyPair.getPublic().getEncoded()));