aboutsummaryrefslogtreecommitdiffstats
path: root/certService/src/main
diff options
context:
space:
mode:
authorPiotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>2021-01-26 10:45:10 +0100
committerJoanna Jeremicz <joanna.jeremicz@nokia.com>2021-01-27 10:00:16 +0100
commitb4030c1d7ebd848f28fb5000ac1d8f7e4fbfca85 (patch)
treec9e29afab63029c1dce1a6772dfd270ff3237642 /certService/src/main
parent26ef1a575d819de4e1dae9f9044b1ab715f41b13 (diff)
[OOM-CERT-SERVICE] Fix KeyUsage extention sent to CMPv2 server2.3.3
- fix setting key usage to digitalSignature & keyEncipherment & nonRepudiation - set extended key usage to clientAuth & serverAuth Issue-ID: OOM-2658 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: I5c00f622c3d117a63e4f48a3d2a90fd48cce3d0e
Diffstat (limited to 'certService/src/main')
-rw-r--r--certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java23
1 files changed, 17 insertions, 6 deletions
diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java
index 2a77873e..1e64a2e0 100644
--- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java
+++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpMessageHelper.java
@@ -25,6 +25,7 @@ import static org.onap.oom.certservice.cmpv2client.impl.CmpUtil.generateProtecte
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
+import java.security.Key;
import java.security.KeyPair;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
@@ -54,11 +55,13 @@ import org.bouncycastle.asn1.crmf.POPOSigningKey;
import org.bouncycastle.asn1.crmf.ProofOfPossession;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.ExtensionsGenerator;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
+import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.Time;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
@@ -75,6 +78,7 @@ public final class CmpMessageHelper {
new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.3.6.1.5.5.8.1.2"));
private static final ASN1ObjectIdentifier PASSWORD_BASED_MAC =
new ASN1ObjectIdentifier("1.2.840.113533.7.66.13");
+ private static final boolean CRITICAL_FALSE = false;
private CmpMessageHelper() {
}
@@ -111,14 +115,11 @@ public final class CmpMessageHelper {
throws CmpClientException {
LOG.info("Generating Extensions from Subject Alternative Names");
final ExtensionsGenerator extGenerator = new ExtensionsGenerator();
- // KeyUsage
try {
- final KeyUsage keyUsage =
- new KeyUsage(
- KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.nonRepudiation);
- extGenerator.addExtension(Extension.keyUsage, false, new DERBitString(keyUsage));
+ extGenerator.addExtension(Extension.keyUsage, CRITICAL_FALSE, getKeyUsage());
+ extGenerator.addExtension(Extension.extendedKeyUsage, CRITICAL_FALSE, getExtendedKeyUsage());
extGenerator.addExtension(
- Extension.subjectAlternativeName, false, new GeneralNames(sansArray));
+ Extension.subjectAlternativeName, CRITICAL_FALSE, new GeneralNames(sansArray));
} catch (IOException ioe) {
CmpClientException cmpClientException =
new CmpClientException(
@@ -230,4 +231,14 @@ public final class CmpMessageHelper {
return new PKIMessage(pkiHeader, pkiBody, bs);
}
+
+ private static KeyUsage getKeyUsage() {
+ return new KeyUsage(
+ KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.nonRepudiation);
+ }
+
+ private static ExtendedKeyUsage getExtendedKeyUsage() {
+ return new ExtendedKeyUsage(
+ new KeyPurposeId[]{KeyPurposeId.id_kp_clientAuth, KeyPurposeId.id_kp_serverAuth});
+ }
}