cloud/account/src/main/java/org/iotivity/cloud/accountserver/security/x.509/CrlIssuer.java

   1 /*
   2  * //******************************************************************
   3  * //
   4  * // Copyright 2016 Samsung Electronics All Rights Reserved.
   5  * //
   6  * //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
   7  * //
   8  * // Licensed under the Apache License, Version 2.0 (the "License");
   9  * // you may not use this file except in compliance with the License.
  10  * // You may obtain a copy of the License at
  11  * //
  12  * //      http://www.apache.org/licenses/LICENSE-2.0
  13  * //
  14  * // Unless required by applicable law or agreed to in writing, software
  15  * // distributed under the License is distributed on an "AS IS" BASIS,
  16  * // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  17  * // See the License for the specific language governing permissions and
  18  * // limitations under the License.
  19  * //
  20  * //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
  21  */
  22 import org.bouncycastle.asn1.x500.X500Name;
  23 import org.bouncycastle.cert.X509CRLHolder;
  24 import org.bouncycastle.cert.X509v2CRLBuilder;
  25 import org.bouncycastle.jce.provider.BouncyCastleProvider;
  26 import org.bouncycastle.operator.ContentSigner;
  27 import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
  28
  29 import java.math.BigInteger;
  30 import java.security.*;
  31 import java.security.spec.PKCS8EncodedKeySpec;
  32 import java.util.Arrays;
  33 import java.util.Date;
  34
  35 import java.security.spec.ECGenParameterSpec;
  36
  37 public final class CrlIssuer {
  38
  39     private static final String BC = org.bouncycastle.jce.provider.BouncyCastleProvider.PROVIDER_NAME;
  40     private static final String SIGNING_ALGORITHM = "SHA256withECDSA";
  41
  42     private CrlIssuer() {
  43         throw new AssertionError();//to get rid of security issue, connected with Java Reflection API
  44     }
  45
  46     static {
  47         Security.insertProviderAt(new BouncyCastleProvider(), 1);
  48     }
  49
  50     public static byte[] generateCrl(String issuerName,
  51                               Date thisUpdate,
  52                               CrlInfo[] items,
  53                               byte[] issuerPrivateKey) throws Exception {
  54
  55         X500Name issuerDN = new X500Name(issuerName);
  56         X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(issuerDN, thisUpdate);
  57
  58         for (CrlInfo item: items) {
  59             crlBuilder.addCRLEntry(item.getSerialNumber(), item.getRevocationDate(), 0);
  60         }
  61
  62         KeyFactory kf = KeyFactory.getInstance("ECDSA");
  63         PrivateKey privateKey = kf.generatePrivate(new PKCS8EncodedKeySpec(issuerPrivateKey));
  64
  65         // build and sign CRL with CA private key
  66         ContentSigner signer = new JcaContentSignerBuilder(SIGNING_ALGORITHM).setProvider(BC).build(privateKey);
  67         X509CRLHolder crl = crlBuilder.build(signer);
  68
  69         CrlStore.saveCrl(crl);
  70
  71         return crl.getEncoded();
  72     }
  73
  74     public static byte[] getCrl() throws Exception {
  75         X509CRLHolder crl = CrlStore.loadCrl();
  76         return crl.getEncoded();
  77     }
  78
  79     public static void main(String[] args) {
  80         System.out.println("Start!");
  81
  82         /* generate dummy crl items */
  83         CrlInfo[] items = new CrlInfo[2];
  84         int val = 1024;
  85         for (int i = 0; i < items.length; i++) {
  86             items[i] = new CrlInfo();
  87             items[i].setSerialNumber(BigInteger.valueOf(val++));
  88             items[i].setRevocationDate(new Date());
  89         }
  90
  91         ECGenParameterSpec ecGenSpec = new ECGenParameterSpec("prime192v1");
  92         try {
  93             KeyPairGenerator g = KeyPairGenerator.getInstance("ECDSA", "BC");
  94             g.initialize(ecGenSpec, new SecureRandom());
  95             KeyPair pair = g.generateKeyPair();
  96
  97             PrivateKey key = pair.getPrivate();
  98             byte[] crl = generateCrl("C=DE,O=Samsung", new Date(), items, key.getEncoded());
  99
 100             System.out.println("Success!");
 101             System.out.println("Stored CRL = " + getHex(crl));
 102         }
 103         catch (java.lang.Exception e)
 104         {
 105             e.printStackTrace();
 106         }
 107         System.out.println("End!");
 108     }
 109
 110     static final String HEXES = "0123456789ABCDEF";
 111     public static String getHex( byte [] raw ) {
 112         if ( raw == null ) {
 113             return null;
 114         }
 115         final StringBuilder hex = new StringBuilder( 2 * raw.length );
 116         for ( final byte b : raw ) {
 117             hex.append(HEXES.charAt((b & 0xF0) >> 4))
 118                     .append(HEXES.charAt((b & 0x0F)));
 119         }
 120         return hex.toString();
 121     }
 122 }