aboutsummaryrefslogtreecommitdiffstats
path: root/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpUtil.java
diff options
context:
space:
mode:
Diffstat (limited to 'certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpUtil.java')
-rw-r--r--certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpUtil.java141
1 files changed, 141 insertions, 0 deletions
diff --git a/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpUtil.java b/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpUtil.java
new file mode 100644
index 00000000..b7452fcf
--- /dev/null
+++ b/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpUtil.java
@@ -0,0 +1,141 @@
+/*
+ * Copyright (C) 2020 Ericsson Software Technology AB. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+package org.onap.aaf.certservice.cmpv2client.impl;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.security.SecureRandom;
+import java.util.Date;
+import java.util.Objects;
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1GeneralizedTime;
+import org.bouncycastle.asn1.DEROctetString;
+import org.bouncycastle.asn1.DEROutputStream;
+import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.cmp.PKIBody;
+import org.bouncycastle.asn1.cmp.PKIHeader;
+import org.bouncycastle.asn1.cmp.PKIHeaderBuilder;
+import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x509.GeneralName;
+import org.onap.aaf.certservice.cmpv2client.exceptions.CmpClientException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public final class CmpUtil {
+
+ private static final Logger LOGGER = LoggerFactory.getLogger(CmpUtil.class);
+ private static final SecureRandom secureRandom = new SecureRandom();
+
+ private CmpUtil() {}
+
+ /**
+ * Validates specified object reference is not null.
+ *
+ * @param argument T - the type of the reference.
+ * @param message message - detail message to be used in the event that a NullPointerException is
+ * thrown.
+ * @return The Object if not null
+ */
+ public static <T> T notNull(T argument, String message) {
+ return Objects.requireNonNull(argument, message + " must not be null");
+ }
+
+ /**
+ * Validates String object reference is not null and not empty.
+ *
+ * @param stringArg String Object that need to be validated.
+ * @return boolean
+ */
+ public static boolean isNullOrEmpty(String stringArg) {
+ return (stringArg != null && !stringArg.trim().isEmpty());
+ }
+
+ /**
+ * Creates a random number than can be used for sendernonce, transactionId and salts.
+ *
+ * @return bytes containing a random number string representing a nonce
+ */
+ static byte[] createRandomBytes() {
+ LOGGER.info("Generating random array of bytes");
+ byte[] randomBytes = new byte[16];
+ secureRandom.nextBytes(randomBytes);
+ return randomBytes;
+ }
+
+ /**
+ * Creates a random integer than can be used to represent a transactionId or determine the number
+ * iterations in a protection algorithm.
+ *
+ * @return bytes containing a random number string representing a nonce
+ */
+ static int createRandomInt(int range) {
+ LOGGER.info("Generating random integer");
+ return secureRandom.nextInt(range) + 1000;
+ }
+
+ /**
+ * Generates protected bytes of a combined PKIHeader and PKIBody.
+ *
+ * @param header Header of PKIMessage containing common parameters
+ * @param body Body of PKIMessage containing specific information for message
+ * @return bytes representing the PKIHeader and PKIBody thats to be protected
+ */
+ static byte[] generateProtectedBytes(PKIHeader header, PKIBody body) throws CmpClientException {
+ LOGGER.info("Generating array of bytes representing PkiHeader and PkiBody");
+ byte[] res;
+ ASN1EncodableVector vector = new ASN1EncodableVector();
+ vector.add(header);
+ vector.add(body);
+ ASN1Encodable protectedPart = new DERSequence(vector);
+ try (ByteArrayOutputStream baos = new ByteArrayOutputStream()) {
+ DEROutputStream out = new DEROutputStream(baos);
+ out.writeObject(protectedPart);
+ res = baos.toByteArray();
+ } catch (IOException ioe) {
+ CmpClientException cmpClientException =
+ new CmpClientException("IOException occurred while creating protectedBytes", ioe);
+ LOGGER.error("IOException occurred while creating protectedBytes");
+ throw cmpClientException;
+ }
+ return res;
+ }
+
+ /**
+ * Generates a PKIHeader Builder object.
+ *
+ * @param subjectDn distinguished name of Subject
+ * @param issuerDn distinguished name of external CA
+ * @param protectionAlg protection Algorithm used to protect PKIMessage
+ * @return PKIHeaderBuilder
+ */
+ static PKIHeader generatePkiHeader(
+ X500Name subjectDn, X500Name issuerDn, AlgorithmIdentifier protectionAlg) {
+ LOGGER.info("Generating a Pki Header Builder");
+ PKIHeaderBuilder pkiHeaderBuilder =
+ new PKIHeaderBuilder(
+ PKIHeader.CMP_2000, new GeneralName(subjectDn), new GeneralName(issuerDn));
+
+ pkiHeaderBuilder.setMessageTime(new ASN1GeneralizedTime(new Date()));
+ pkiHeaderBuilder.setSenderNonce(new DEROctetString(createRandomBytes()));
+ pkiHeaderBuilder.setTransactionID(new DEROctetString(createRandomBytes()));
+ pkiHeaderBuilder.setProtectionAlg(protectionAlg);
+
+ return pkiHeaderBuilder.build();
+ }
+}