diff options
Diffstat (limited to 'certService/src/main/java/org/onap/aaf/certservice/cmpv2client/external')
4 files changed, 528 insertions, 0 deletions
diff --git a/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/external/CSRMeta.java b/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/external/CSRMeta.java new file mode 100644 index 00000000..7655b025 --- /dev/null +++ b/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/external/CSRMeta.java @@ -0,0 +1,202 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * + * Modifications Copyright (C) 2019 IBM. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ +package org.onap.aaf.certservice.cmpv2client.external; + +import java.security.KeyPair; +import java.security.SecureRandom; +import java.util.ArrayList; +import java.util.List; +import org.bouncycastle.asn1.x500.X500Name; +import org.bouncycastle.asn1.x500.X500NameBuilder; +import org.bouncycastle.asn1.x500.style.BCStyle; +import org.bouncycastle.asn1.x509.Certificate; + +public class CSRMeta { + + private String cn; + private String mechID; + private String environment; + private String email; + private String challenge; + private String issuerCn; + private String issuerEmail; + private String password; + private String CaUrl; + private List<RDN> rdns; + private ArrayList<String> sanList = new ArrayList<>(); + private KeyPair keyPair; + private X500Name name; + private X500Name issuerName; + private Certificate certificate; + private SecureRandom random = new SecureRandom(); + + public CSRMeta(List<RDN> rdns) { + this.rdns = rdns; + } + + public X500Name x500Name() { + if (name == null) { + X500NameBuilder xnb = new X500NameBuilder(); + xnb.addRDN(BCStyle.CN, cn); + xnb.addRDN(BCStyle.E, email); + if (mechID != null) { + if (environment == null) { + xnb.addRDN(BCStyle.OU, mechID); + } else { + xnb.addRDN(BCStyle.OU, mechID + ':' + environment); + } + } + for (RDN rdn : rdns) { + xnb.addRDN(rdn.aoi, rdn.value); + } + name = xnb.build(); + } + return name; + } + + public X500Name issuerx500Name() { + if (issuerName == null) { + X500NameBuilder xnb = new X500NameBuilder(); + xnb.addRDN(BCStyle.CN, issuerCn); + if (issuerEmail != null) { + xnb.addRDN(BCStyle.E, issuerEmail); + } + issuerName = xnb.build(); + } + return issuerName; + } + + public CSRMeta san(String v) { + sanList.add(v); + return this; + } + + public List<String> sans() { + return sanList; + } + + public KeyPair keypair() { + if (keyPair == null) { + keyPair = Factory.generateKeyPair(); + } + return keyPair; + } + + public KeyPair keyPair() { + return keyPair; + } + + public void keyPair(KeyPair keyPair) { + this.keyPair = keyPair; + } + + /** @return the cn */ + public String cn() { + return cn; + } + + /** @param cn the cn to set */ + public void cn(String cn) { + this.cn = cn; + } + + /** Environment of Service MechID is good for */ + public void environment(String env) { + environment = env; + } + + /** @return */ + public String environment() { + return environment; + } + + /** @return the mechID */ + public String mechID() { + return mechID; + } + + /** @param mechID the mechID to set */ + public void mechID(String mechID) { + this.mechID = mechID; + } + + /** @return the email */ + public String email() { + return email; + } + + /** @param email the email to set */ + public void email(String email) { + this.email = email; + } + + /** @return the challenge */ + public String challenge() { + return challenge; + } + + /** @param challenge the challenge to set */ + public void challenge(String challenge) { + this.challenge = challenge; + } + + public void password(String password) { + this.password = password; + } + + public String password() { + return password; + } + + public void certificate(Certificate certificate) { + this.certificate = certificate; + } + + public Certificate certificate() { + return certificate; + } + + public void issuerCn(String issuerCn) { + this.issuerCn = issuerCn; + } + + public String caUrl() { + return CaUrl; + } + + public void caUrl(String caUrl) { + CaUrl = caUrl; + } + + public String issuerCn() { + return issuerCn; + } + + public String issuerEmail() { + return issuerEmail; + } + + public void issuerEmail(String issuerEmail) { + this.issuerEmail = issuerEmail; + } +} diff --git a/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/external/Factory.java b/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/external/Factory.java new file mode 100644 index 00000000..7072abfd --- /dev/null +++ b/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/external/Factory.java @@ -0,0 +1,54 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * + * Modifications Copyright (C) 2019 IBM. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ +package org.onap.aaf.certservice.cmpv2client.external; + +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; + +public class Factory { + + private static final KeyPairGenerator keygen; + private static final SecureRandom random; + private static final String KEY_ALGO = "RSA"; + private static final int KEY_LENGTH = 2048; + private static final int SUB = 0x08; + + static { + random = new SecureRandom(); + KeyPairGenerator tempKeygen; + try { + tempKeygen = KeyPairGenerator.getInstance(KEY_ALGO); // ,"BC"); + tempKeygen.initialize(KEY_LENGTH, random); + } catch (NoSuchAlgorithmException e) { + tempKeygen = null; + e.printStackTrace(System.err); + } + keygen = tempKeygen; + } + + public static KeyPair generateKeyPair() { + return keygen.generateKeyPair(); + } +} diff --git a/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/external/RDN.java b/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/external/RDN.java new file mode 100644 index 00000000..512a76e1 --- /dev/null +++ b/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/external/RDN.java @@ -0,0 +1,145 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * + * Modifications Copyright (C) 2019 IBM. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ +package org.onap.aaf.certservice.cmpv2client.external; + +import java.util.ArrayList; +import java.util.List; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.x500.style.BCStyle; +import org.bouncycastle.cert.CertException; + +public class RDN { + + public String tag; + public String value; + public ASN1ObjectIdentifier aoi; + + public RDN(final String tagValue) throws CertException { + String[] tv = Split.splitTrim('=', tagValue); + switch (tv[0]) { + case "cn": + case "CN": + aoi = BCStyle.CN; + break; + case "c": + case "C": + aoi = BCStyle.C; + break; + case "st": + case "ST": + aoi = BCStyle.ST; + break; + case "l": + case "L": + aoi = BCStyle.L; + break; + case "o": + case "O": + aoi = BCStyle.O; + break; + case "ou": + case "OU": + aoi = BCStyle.OU; + break; + case "dc": + case "DC": + aoi = BCStyle.DC; + break; + case "gn": + case "GN": + aoi = BCStyle.GIVENNAME; + break; + case "sn": + case "SN": + aoi = BCStyle.SN; + break; // surname + case "email": + case "EMAIL": + case "emailaddress": + case "EMAILADDRESS": + aoi = BCStyle.EmailAddress; + break; // should be SAN extension + case "initials": + aoi = BCStyle.INITIALS; + break; + case "pseudonym": + aoi = BCStyle.PSEUDONYM; + break; + case "generationQualifier": + aoi = BCStyle.GENERATION; + break; + case "serialNumber": + aoi = BCStyle.SERIALNUMBER; + break; + default: + throw new CertException( + "Unknown ASN1ObjectIdentifier for " + tv[0] + " in " + tagValue); + } + tag = tv[0]; + value = tv[1]; + } + + /** + * Parse various forms of DNs into appropriate RDNs, which have the ASN1ObjectIdentifier + * + * @param delim + * @param dnString + * @return + * @throws CertException + */ + public static List<RDN> parse(final char delim, final String dnString) throws CertException { + List<RDN> lrnd = new ArrayList<>(); + StringBuilder sb = new StringBuilder(); + boolean inQuotes = false; + for (int i = 0; i < dnString.length(); ++i) { + char c = dnString.charAt(i); + if (inQuotes) { + if ('"' == c) { + inQuotes = false; + } else { + sb.append(dnString.charAt(i)); + } + } else { + if ('"' == c) { + inQuotes = true; + } else if (delim == c) { + if (sb.length() > 0) { + lrnd.add(new RDN(sb.toString())); + sb.setLength(0); + } + } else { + sb.append(dnString.charAt(i)); + } + } + } + if (sb.indexOf("=") > 0) { + lrnd.add(new RDN(sb.toString())); + } + return lrnd; + } + + @Override + public String toString() { + return tag + '=' + value; + } +} diff --git a/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/external/Split.java b/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/external/Split.java new file mode 100644 index 00000000..e531f2d2 --- /dev/null +++ b/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/external/Split.java @@ -0,0 +1,127 @@ +/** + * ============LICENSE_START==================================================== org.onap.aaf + * =========================================================================== Copyright (c) 2018 + * AT&T Intellectual Property. All rights reserved. + * + * Modifications Copyright (C) 2019 IBM. =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. ============LICENSE_END==================================================== + */ +package org.onap.aaf.certservice.cmpv2client.external; + +/** + * Split by Char, optional Trim + * + * <p>Note: Copied from Inno to avoid linking issues. Note: I read the String split and Pattern + * split code, and we can do this more efficiently for a single Character + * + * <p>8/20/2015 + */ +public class Split { + + private static final String[] EMPTY = new String[0]; + + public static String[] split(char c, String value) { + if (value == null) { + return EMPTY; + } + + return split(c, value, 0, value.length()); + } + + public static String[] split(char c, String value, int start, int end) { + if (value == null) { + return EMPTY; + } + + // Count items to preallocate Array (memory alloc is more expensive than counting twice) + int count, idx; + for (count = 1, idx = value.indexOf(c, start); + idx >= 0 && idx < end; + idx = value.indexOf(c, ++idx), ++count) { + ; + } + String[] rv = new String[count]; + if (count == 1) { + rv[0] = value.substring(start, end); + } else { + int last = 0; + count = -1; + for (idx = value.indexOf(c, start); idx >= 0 && idx < end; + idx = value.indexOf(c, idx)) { + rv[++count] = value.substring(last, idx); + last = ++idx; + } + rv[++count] = value.substring(last, end); + } + return rv; + } + + public static String[] splitTrim(char c, String value, int start, int end) { + if (value == null) { + return EMPTY; + } + + // Count items to preallocate Array (memory alloc is more expensive than counting twice) + int count, idx; + for (count = 1, idx = value.indexOf(c, start); + idx >= 0 && idx < end; + idx = value.indexOf(c, ++idx), ++count) { + ; + } + String[] rv = new String[count]; + if (count == 1) { + rv[0] = value.substring(start, end).trim(); + } else { + int last = start; + count = -1; + for (idx = value.indexOf(c, start); idx >= 0 && idx < end; + idx = value.indexOf(c, idx)) { + rv[++count] = value.substring(last, idx).trim(); + last = ++idx; + } + rv[++count] = value.substring(last, end).trim(); + } + return rv; + } + + public static String[] splitTrim(char c, String value) { + if (value == null) { + return EMPTY; + } + return splitTrim(c, value, 0, value.length()); + } + + public static String[] splitTrim(char c, String value, int size) { + if (value == null) { + return EMPTY; + } + + int idx; + String[] rv = new String[size]; + if (size == 1) { + rv[0] = value.trim(); + } else { + int last = 0; + int count = -1; + size -= 2; + for (idx = value.indexOf(c); idx >= 0 && count < size; idx = value.indexOf(c, idx)) { + rv[++count] = value.substring(last, idx).trim(); + last = ++idx; + } + if (idx > 0) { + rv[++count] = value.substring(last, idx).trim(); + } else { + rv[++count] = value.substring(last).trim(); + } + } + return rv; + } +} |