cloud/account/src/main/java/org/iotivity/cloud/accountserver/x509/crl/CrlIssuer.java

   1 /*
   2  * //******************************************************************
   3  * //
   4  * // Copyright 2016 Samsung Electronics All Rights Reserved.
   5  * //
   6  * //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
   7  * //
   8  * // Licensed under the Apache License, Version 2.0 (the "License");
   9  * // you may not use this file except in compliance with the License.
  10  * // You may obtain a copy of the License at
  11  * //
  12  * //      http://www.apache.org/licenses/LICENSE-2.0
  13  * //
  14  * // Unless required by applicable law or agreed to in writing, software
  15  * // distributed under the License is distributed on an "AS IS" BASIS,
  16  * // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  17  * // See the License for the specific language governing permissions and
  18  * // limitations under the License.
  19  * //
  20  * //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
  21  */
  22 package org.iotivity.cloud.accountserver.x509.crl;
  23
  24 import java.math.BigInteger;
  25 import java.security.KeyFactory;
  26 import java.security.KeyPair;
  27 import java.security.KeyPairGenerator;
  28 import java.security.PrivateKey;
  29 import java.security.SecureRandom;
  30 import java.security.Security;
  31 import java.security.spec.ECGenParameterSpec;
  32 import java.security.spec.PKCS8EncodedKeySpec;
  33 import java.util.Date;
  34
  35 import org.bouncycastle.asn1.x500.X500Name;
  36 import org.bouncycastle.cert.X509CRLHolder;
  37 import org.bouncycastle.cert.X509v2CRLBuilder;
  38 import org.bouncycastle.jce.provider.BouncyCastleProvider;
  39 import org.bouncycastle.operator.ContentSigner;
  40 import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
  41
  42 public final class CrlIssuer {
  43
  44     private static final String BC                = org.bouncycastle.jce.provider.BouncyCastleProvider.PROVIDER_NAME;
  45     private static final String SIGNING_ALGORITHM = "SHA256withECDSA";
  46
  47     private CrlIssuer() {
  48         throw new AssertionError();// to get rid of security issue, connected
  49                                    // with Java Reflection API
  50     }
  51
  52     static {
  53         Security.insertProviderAt(new BouncyCastleProvider(), 1);
  54     }
  55
  56     public static byte[] generateCrl(String issuerName, Date thisUpdate,
  57             CrlInfo[] items, byte[] issuerPrivateKey) throws Exception {
  58
  59         X500Name issuerDN = new X500Name(issuerName);
  60         X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(issuerDN,
  61                 thisUpdate);
  62
  63         for (CrlInfo item : items) {
  64             crlBuilder.addCRLEntry(item.getSerialNumber(),
  65                     item.getRevocationDate(), 0);
  66         }
  67
  68         KeyFactory kf = KeyFactory.getInstance("ECDSA");
  69         PrivateKey privateKey = kf
  70                 .generatePrivate(new PKCS8EncodedKeySpec(issuerPrivateKey));
  71
  72         // build and sign CRL with CA private key
  73         ContentSigner signer = new JcaContentSignerBuilder(SIGNING_ALGORITHM)
  74                 .setProvider(BC).build(privateKey);
  75         X509CRLHolder crl = crlBuilder.build(signer);
  76
  77         byte data[] = crl.getEncoded();
  78         CrlStore.saveCrl(data);
  79
  80         return data;
  81     }
  82
  83     public static byte[] getCrl() throws Exception {
  84         return CrlStore.loadCrl();
  85     }
  86
  87     public static void main(String[] args) {
  88         System.out.println("Start!");
  89
  90         /* generate dummy crl items */
  91         CrlInfo[] items = new CrlInfo[2];
  92         int val = 1024;
  93         for (int i = 0; i < items.length; i++) {
  94             items[i] = new CrlInfo();
  95             items[i].setSerialNumber(BigInteger.valueOf(val++));
  96             items[i].setRevocationDate(new Date());
  97         }
  98
  99         ECGenParameterSpec ecGenSpec = new ECGenParameterSpec("prime192v1");
 100         try {
 101             KeyPairGenerator g = KeyPairGenerator.getInstance("ECDSA", "BC");
 102             g.initialize(ecGenSpec, new SecureRandom());
 103             KeyPair pair = g.generateKeyPair();
 104
 105             PrivateKey key = pair.getPrivate();
 106             byte[] crl = generateCrl("C=DE,O=Samsung", new Date(), items,
 107                     key.getEncoded());
 108
 109             System.out.println("Success!");
 110             System.out.println("Stored CRL = " + getHex(crl));
 111         } catch (java.lang.Exception e) {
 112             e.printStackTrace();
 113         }
 114         System.out.println("End!");
 115     }
 116
 117     static final String HEXES = "0123456789ABCDEF";
 118
 119     public static String getHex(byte[] raw) {
 120         if (raw == null) {
 121             return null;
 122         }
 123         final StringBuilder hex = new StringBuilder(2 * raw.length);
 124         for (final byte b : raw) {
 125             hex.append(HEXES.charAt((b & 0xF0) >> 4))
 126                     .append(HEXES.charAt((b & 0x0F)));
 127         }
 128         return hex.toString();
 129     }
 130 }