From 089d8c3fb0a277351a55371dff8c2b27bd3f4ed5 Mon Sep 17 00:00:00 2001 From: Bogumil Zebek Date: Wed, 17 Apr 2019 07:56:27 +0200 Subject: Security TC op2 Change-Id: I247c1223b5731c8dbea1480ca88db1cff78cb633 Issue-ID: VNFSDK-342 Signed-off-by: Zebek Bogumil --- .../onap/cvc/csar/rsa/X509RsaCertification.java | 66 ++++++++++++++++++++++ 1 file changed, 66 insertions(+) create mode 100644 csarvalidation/src/main/java/org/onap/cvc/csar/rsa/X509RsaCertification.java (limited to 'csarvalidation/src/main/java/org/onap/cvc/csar/rsa/X509RsaCertification.java') diff --git a/csarvalidation/src/main/java/org/onap/cvc/csar/rsa/X509RsaCertification.java b/csarvalidation/src/main/java/org/onap/cvc/csar/rsa/X509RsaCertification.java new file mode 100644 index 0000000..8395221 --- /dev/null +++ b/csarvalidation/src/main/java/org/onap/cvc/csar/rsa/X509RsaCertification.java @@ -0,0 +1,66 @@ +/* + * Copyright 2019 Nokia + *

+ * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + *

+ * http://www.apache.org/licenses/LICENSE-2.0 + *

+ * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package org.onap.cvc.csar.rsa; + +import org.apache.commons.codec.binary.Base64; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import java.io.ByteArrayInputStream; +import java.io.InputStream; +import java.nio.charset.StandardCharsets; +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.PublicKey; +import java.security.Signature; +import java.security.SignatureException; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; + +public class X509RsaCertification { + + private static final Logger LOG = LoggerFactory.getLogger(X509RsaCertification.class); + + PublicKey generatePublicKey(String cert) throws CertificateException { + byte[] encodedCert = cert.getBytes(StandardCharsets.UTF_8); + byte[] decodedCert = Base64.decodeBase64(encodedCert); + CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); + InputStream in = new ByteArrayInputStream(decodedCert); + X509Certificate certificate = (X509Certificate) certFactory.generateCertificate(in); + + LOG.info(String.format("Subject DN : %s", certificate.getSubjectDN().getName())); + LOG.info(String.format("Issuer : %s", certificate.getIssuerDN().getName())); + LOG.info(String.format("Not After: %s", certificate.getNotAfter())); + LOG.info(String.format("Not Before: %s", certificate.getNotBefore())); + LOG.info(String.format("version: %d", certificate.getVersion())); + LOG.info(String.format("serial number : %s", certificate.getSerialNumber())); + + return certificate.getPublicKey(); + } + + boolean verify(byte[] content, String signature, PublicKey publicKey) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException { + Signature publicSignature = Signature.getInstance("SHA256withRSA"); + publicSignature.initVerify(publicKey); + publicSignature.update(content); + + byte[] signatureBytes = java.util.Base64.getDecoder().decode(signature); + + return publicSignature.verify(signatureBytes); + } +} -- cgit 1.2.3-korg