From 153a7ac15d804178e7c52f69117e1a9478862df1 Mon Sep 17 00:00:00 2001 From: EmmettCox Date: Mon, 17 Feb 2020 13:54:05 +0000 Subject: Refactoring of Cmpv2Client code for sending CertRequest Issue-ID: AAF-1036 Signed-off-by: EmmettCox Change-Id: Ic0d95b35abb3ca2406b77bbe6e0cd51da0968684 --- .../aaf/certservice/cmpv2client/impl/CmpUtil.java | 141 +++++++++++++++++++++ 1 file changed, 141 insertions(+) create mode 100644 certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpUtil.java (limited to 'certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpUtil.java') diff --git a/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpUtil.java b/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpUtil.java new file mode 100644 index 00000000..b7452fcf --- /dev/null +++ b/certService/src/main/java/org/onap/aaf/certservice/cmpv2client/impl/CmpUtil.java @@ -0,0 +1,141 @@ +/* + * Copyright (C) 2020 Ericsson Software Technology AB. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +package org.onap.aaf.certservice.cmpv2client.impl; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.security.SecureRandom; +import java.util.Date; +import java.util.Objects; +import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1GeneralizedTime; +import org.bouncycastle.asn1.DEROctetString; +import org.bouncycastle.asn1.DEROutputStream; +import org.bouncycastle.asn1.DERSequence; +import org.bouncycastle.asn1.cmp.PKIBody; +import org.bouncycastle.asn1.cmp.PKIHeader; +import org.bouncycastle.asn1.cmp.PKIHeaderBuilder; +import org.bouncycastle.asn1.x500.X500Name; +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.asn1.x509.GeneralName; +import org.onap.aaf.certservice.cmpv2client.exceptions.CmpClientException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public final class CmpUtil { + + private static final Logger LOGGER = LoggerFactory.getLogger(CmpUtil.class); + private static final SecureRandom secureRandom = new SecureRandom(); + + private CmpUtil() {} + + /** + * Validates specified object reference is not null. + * + * @param argument T - the type of the reference. + * @param message message - detail message to be used in the event that a NullPointerException is + * thrown. + * @return The Object if not null + */ + public static T notNull(T argument, String message) { + return Objects.requireNonNull(argument, message + " must not be null"); + } + + /** + * Validates String object reference is not null and not empty. + * + * @param stringArg String Object that need to be validated. + * @return boolean + */ + public static boolean isNullOrEmpty(String stringArg) { + return (stringArg != null && !stringArg.trim().isEmpty()); + } + + /** + * Creates a random number than can be used for sendernonce, transactionId and salts. + * + * @return bytes containing a random number string representing a nonce + */ + static byte[] createRandomBytes() { + LOGGER.info("Generating random array of bytes"); + byte[] randomBytes = new byte[16]; + secureRandom.nextBytes(randomBytes); + return randomBytes; + } + + /** + * Creates a random integer than can be used to represent a transactionId or determine the number + * iterations in a protection algorithm. + * + * @return bytes containing a random number string representing a nonce + */ + static int createRandomInt(int range) { + LOGGER.info("Generating random integer"); + return secureRandom.nextInt(range) + 1000; + } + + /** + * Generates protected bytes of a combined PKIHeader and PKIBody. + * + * @param header Header of PKIMessage containing common parameters + * @param body Body of PKIMessage containing specific information for message + * @return bytes representing the PKIHeader and PKIBody thats to be protected + */ + static byte[] generateProtectedBytes(PKIHeader header, PKIBody body) throws CmpClientException { + LOGGER.info("Generating array of bytes representing PkiHeader and PkiBody"); + byte[] res; + ASN1EncodableVector vector = new ASN1EncodableVector(); + vector.add(header); + vector.add(body); + ASN1Encodable protectedPart = new DERSequence(vector); + try (ByteArrayOutputStream baos = new ByteArrayOutputStream()) { + DEROutputStream out = new DEROutputStream(baos); + out.writeObject(protectedPart); + res = baos.toByteArray(); + } catch (IOException ioe) { + CmpClientException cmpClientException = + new CmpClientException("IOException occurred while creating protectedBytes", ioe); + LOGGER.error("IOException occurred while creating protectedBytes"); + throw cmpClientException; + } + return res; + } + + /** + * Generates a PKIHeader Builder object. + * + * @param subjectDn distinguished name of Subject + * @param issuerDn distinguished name of external CA + * @param protectionAlg protection Algorithm used to protect PKIMessage + * @return PKIHeaderBuilder + */ + static PKIHeader generatePkiHeader( + X500Name subjectDn, X500Name issuerDn, AlgorithmIdentifier protectionAlg) { + LOGGER.info("Generating a Pki Header Builder"); + PKIHeaderBuilder pkiHeaderBuilder = + new PKIHeaderBuilder( + PKIHeader.CMP_2000, new GeneralName(subjectDn), new GeneralName(issuerDn)); + + pkiHeaderBuilder.setMessageTime(new ASN1GeneralizedTime(new Date())); + pkiHeaderBuilder.setSenderNonce(new DEROctetString(createRandomBytes())); + pkiHeaderBuilder.setTransactionID(new DEROctetString(createRandomBytes())); + pkiHeaderBuilder.setProtectionAlg(protectionAlg); + + return pkiHeaderBuilder.build(); + } +} -- cgit 1.2.3-korg