Added CRL issuer (move from x.509 to x509 folder and restructure)

Change-Id: I8c2daa4c5d7a0a9bebaaed9765bc3622871b1dd0
Signed-off-by: Andrii Shtompel <a.shtompel@samsung.com>
Signed-off-by: Jee Hyeok Kim <jihyeok13.kim@samsung.com>
Signed-off-by: Andrii Shtompel <a.shtompel@samsung.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/9899
Tested-by: jenkins-iotivity <jenkins-iotivity@opendaylight.org>

diff --git a/cloud/account/src/main/java/org/iotivity/cloud/accountserver/security/x.509/CrlStore.java b/cloud/account/src/main/java/org/iotivity/cloud/accountserver/security/x.509/CrlStore.java
deleted file mode 100644 (file)
index edf19f7..0000000
--- a/cloud/account/src/main/java/org/iotivity/cloud/accountserver/security/x.509/CrlStore.java
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * //******************************************************************
- * //
- * // Copyright 2016 Samsung Electronics All Rights Reserved.
- * //
- * //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
- * //
- * // Licensed under the Apache License, Version 2.0 (the "License");
- * // you may not use this file except in compliance with the License.
- * // You may obtain a copy of the License at
- * //
- * //      http://www.apache.org/licenses/LICENSE-2.0
- * //
- * // Unless required by applicable law or agreed to in writing, software
- * // distributed under the License is distributed on an "AS IS" BASIS,
- * // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * // See the License for the specific language governing permissions and
- * // limitations under the License.
- * //
- * //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
- */
-import org.bouncycastle.cert.X509CRLHolder;
-
-public final class CrlStore {
-
-    private CrlStore() {
-        throw new AssertionError(); //to get rid of security issue, connected with Java Reflection API
-    }
-
-    private static final String CRLFILENAME = "crl.txt";
-
-    public static void saveCrl(X509CRLHolder crl) {
-        //TODO: implement Java KeyStore
-    }
-
-    public static X509CRLHolder loadCrl() {
-        //TODO: implement Java KeyStore
-        return null;
-    }
-}

diff --git a/cloud/account/src/main/java/org/iotivity/cloud/accountserver/security/x509/CertificateBuilder.java b/cloud/account/src/main/java/org/iotivity/cloud/accountserver/x509/cert/CertificateBuilder.java
similarity index 71%
rename from cloud/account/src/main/java/org/iotivity/cloud/accountserver/security/x509/CertificateBuilder.java
rename to cloud/account/src/main/java/org/iotivity/cloud/accountserver/x509/cert/CertificateBuilder.java
index cb577d7..ad7b94b 100644 (file)
--- a/cloud/account/src/main/java/org/iotivity/cloud/accountserver/security/x509/CertificateBuilder.java
+++ b/cloud/account/src/main/java/org/iotivity/cloud/accountserver/x509/cert/CertificateBuilder.java
@@ -19,7 +19,8 @@
  * //
  * //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
  */
-package org.iotivity.cloud.accountserver.security.x509;
+package org.iotivity.cloud.accountserver.x509.cert;
+
 import java.math.BigInteger;
 import java.security.GeneralSecurityException;
 import java.security.KeyPair;
@@ -50,41 +51,46 @@ import org.bouncycastle.operator.OperatorCreationException;
 import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
 
 public class CertificateBuilder {
-    private String issuer;
-    private String subjectCN;
-    private String subjectC;
-    private String subjectO;
-    private String subjectOU;
-    private String subjectAltName;
-    private Date notBefore;
-    private Date notAfter;
-    private PrivateKey privKey;
-    private PublicKey  pubKey;
-    private BigInteger serial;
-    private static final String SIGNATURE_ALGORITHM = "SHA256withECDSA";
-    private static final String CURVE = "secp256r1";
+    private String              issuer;
+    private String              subjectCN;
+    private String              subjectC;
+    private String              subjectO;
+    private String              subjectOU;
+    private String              subjectAltName;
+    private Date                notBefore;
+    private Date                notAfter;
+    private PrivateKey          privKey;
+    private PublicKey           pubKey;
+    private BigInteger          serial;
+    private static final String SIGNATURE_ALGORITHM     = "SHA256withECDSA";
+    private static final String CURVE                   = "secp256r1";
     private static final String KEY_GENERATOR_ALGORITHM = "ECDSA";
 
-    public CertificateBuilder(String subject, Date notBefore, Date notAfter, BigInteger serial) {
+    public CertificateBuilder(String subject, Date notBefore, Date notAfter,
+            BigInteger serial) {
         Security.addProvider(new BouncyCastleProvider());
         init(subject, null, notBefore, notAfter, null, null, serial);
     }
 
-    public CertificateBuilder(String subject, PublicKey pubKey, Date notBefore, Date notAfter, 
-            BigInteger serial, CertificatePrivateKeyPair root) {
-        X500Name x500name = new X500Name( root.getCertificate().getSubjectX500Principal().getName() );
+    public CertificateBuilder(String subject, PublicKey pubKey, Date notBefore,
+            Date notAfter, BigInteger serial, CertificatePrivateKeyPair root) {
+        X500Name x500name = new X500Name(
+                root.getCertificate().getSubjectX500Principal().getName());
         RDN cn = x500name.getRDNs(BCStyle.CN)[0];
-        init(subject, IETFUtils.valueToString(cn.getFirst().getValue()), notBefore, notAfter, root.getKey(), pubKey, serial);
+        init(subject, IETFUtils.valueToString(cn.getFirst().getValue()),
+                notBefore, notAfter, root.getKey(), pubKey, serial);
     }
 
-    public CertificateBuilder(String subject, String issuer, Date notBefore, Date notAfter, 
-            PrivateKey privKey, PublicKey pubKey, BigInteger serial) {
+    public CertificateBuilder(String subject, String issuer, Date notBefore,
+            Date notAfter, PrivateKey privKey, PublicKey pubKey,
+            BigInteger serial) {
         Security.addProvider(new BouncyCastleProvider());
         init(subject, issuer, notBefore, notAfter, privKey, pubKey, serial);
     }
 
-    private void init(String subject, String issuer, Date notBefore, Date notAfter,
-            PrivateKey privKey, PublicKey pubKey, BigInteger serial) {
+    private void init(String subject, String issuer, Date notBefore,
+            Date notAfter, PrivateKey privKey, PublicKey pubKey,
+            BigInteger serial) {
         this.subjectCN = subject;
         this.issuer = issuer;
         this.notBefore = notBefore;
@@ -110,10 +116,9 @@ public class CertificateBuilder {
         this.subjectAltName = subjectAltName;
     }
 
-    public CertificatePrivateKeyPair build()
-            throws GeneralSecurityException, OperatorCreationException, CertIOException {
-        if(null == privKey && null == pubKey)
-        {
+    public CertificatePrivateKeyPair build() throws GeneralSecurityException,
+            OperatorCreationException, CertIOException {
+        if (null == privKey && null == pubKey) {
             ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec(CURVE);
             KeyPairGenerator g = null;
 
@@ -131,31 +136,35 @@ public class CertificateBuilder {
 
         subjectNameBld.addRDN(BCStyle.CN, subjectCN);
 
-        if(null != subjectOU) {
+        if (null != subjectOU) {
             subjectNameBld.addRDN(BCStyle.OU, subjectOU);
         }
 
-        if(null != subjectO) {
+        if (null != subjectO) {
             subjectNameBld.addRDN(BCStyle.O, subjectO);
         }
 
-        if(null != subjectC) {
+        if (null != subjectC) {
             subjectNameBld.addRDN(BCStyle.C, subjectC);
         }
 
         X500NameBuilder issuerNameBld = new X500NameBuilder(BCStyle.INSTANCE);
         issuerNameBld.addRDN(BCStyle.CN, issuer);
 
-        ContentSigner sigGen = new JcaContentSignerBuilder(SIGNATURE_ALGORITHM).setProvider("BC").build(privKey);
+        ContentSigner sigGen = new JcaContentSignerBuilder(SIGNATURE_ALGORITHM)
+                .setProvider("BC").build(privKey);
 
-        X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(issuerNameBld.build(),
-                serial, notBefore, notAfter ,subjectNameBld.build(), pubKey);
+        X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(
+                issuerNameBld.build(), serial, notBefore, notAfter,
+                subjectNameBld.build(), pubKey);
 
-        if(null != subjectAltName) {
-            certGen.addExtension(Extension.subjectAlternativeName, false, new DEROctetString(subjectAltName.getBytes()));
+        if (null != subjectAltName) {
+            certGen.addExtension(Extension.subjectAlternativeName, false,
+                    new DEROctetString(subjectAltName.getBytes()));
         }
 
-        cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(certGen.build(sigGen));
+        cert = new JcaX509CertificateConverter().setProvider("BC")
+                .getCertificate(certGen.build(sigGen));
 
         return new CertificatePrivateKeyPair(cert, privKey);
     }

diff --git a/cloud/account/src/main/java/org/iotivity/cloud/accountserver/security/x509/CertificatePrivateKeyPair.java b/cloud/account/src/main/java/org/iotivity/cloud/accountserver/x509/cert/CertificatePrivateKeyPair.java
similarity index 92%
rename from cloud/account/src/main/java/org/iotivity/cloud/accountserver/security/x509/CertificatePrivateKeyPair.java
rename to cloud/account/src/main/java/org/iotivity/cloud/accountserver/x509/cert/CertificatePrivateKeyPair.java
index e964472..45ad593 100644 (file)
--- a/cloud/account/src/main/java/org/iotivity/cloud/accountserver/security/x509/CertificatePrivateKeyPair.java
+++ b/cloud/account/src/main/java/org/iotivity/cloud/accountserver/x509/cert/CertificatePrivateKeyPair.java
@@ -19,13 +19,14 @@
  * //
  * //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
  */
-package org.iotivity.cloud.accountserver.security.x509;
+package org.iotivity.cloud.accountserver.x509.cert;
+
 import java.security.PrivateKey;
 import java.security.cert.X509Certificate;
 
 public class CertificatePrivateKeyPair {
     private X509Certificate certificate = null;
-    private PrivateKey key = null;
+    private PrivateKey      key         = null;
 
     public CertificatePrivateKeyPair(X509Certificate cert, PrivateKey k) {
         certificate = cert;

diff --git a/cloud/account/src/main/java/org/iotivity/cloud/accountserver/security/x.509/CrlInfo.java b/cloud/account/src/main/java/org/iotivity/cloud/accountserver/x509/crl/CrlInfo.java
similarity index 80%
rename from cloud/account/src/main/java/org/iotivity/cloud/accountserver/security/x.509/CrlInfo.java
rename to cloud/account/src/main/java/org/iotivity/cloud/accountserver/x509/crl/CrlInfo.java
index c8a9ca8..bec895c 100644 (file)
--- a/cloud/account/src/main/java/org/iotivity/cloud/accountserver/security/x.509/CrlInfo.java
+++ b/cloud/account/src/main/java/org/iotivity/cloud/accountserver/x509/crl/CrlInfo.java
@@ -19,24 +19,29 @@
  * //
  * //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
  */
+package org.iotivity.cloud.accountserver.x509.crl;
+
 import java.math.BigInteger;
 import java.util.Date;
 
 public class CrlInfo {
 
     private BigInteger serialNumber;
-    private Date revocationDate;
+    private Date       revocationDate;
 
-    void setSerialNumber(BigInteger serialNumber) {
+    public void setSerialNumber(BigInteger serialNumber) {
         this.serialNumber = serialNumber;
     }
-    BigInteger getSerialNumber() {
+
+    public BigInteger getSerialNumber() {
         return serialNumber;
     }
-    void setRevocationDate(Date date) {
+
+    public void setRevocationDate(Date date) {
         this.revocationDate = date;
     }
-    Date getRevocationDate() {
+
+    public Date getRevocationDate() {
         return new Date(revocationDate.getTime());
     }
 }

diff --git a/cloud/account/src/main/java/org/iotivity/cloud/accountserver/security/x.509/CrlIssuer.java b/cloud/account/src/main/java/org/iotivity/cloud/accountserver/x509/crl/CrlIssuer.java
similarity index 69%
rename from cloud/account/src/main/java/org/iotivity/cloud/accountserver/security/x.509/CrlIssuer.java
rename to cloud/account/src/main/java/org/iotivity/cloud/accountserver/x509/crl/CrlIssuer.java
index 6666aae..c02c85f 100644 (file)
--- a/cloud/account/src/main/java/org/iotivity/cloud/accountserver/security/x.509/CrlIssuer.java
+++ b/cloud/account/src/main/java/org/iotivity/cloud/accountserver/x509/crl/CrlIssuer.java
@@ -19,6 +19,19 @@
  * //
  * //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
  */
+package org.iotivity.cloud.accountserver.x509.crl;
+
+import java.math.BigInteger;
+import java.security.KeyFactory;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.PrivateKey;
+import java.security.SecureRandom;
+import java.security.Security;
+import java.security.spec.ECGenParameterSpec;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.util.Date;
+
 import org.bouncycastle.asn1.x500.X500Name;
 import org.bouncycastle.cert.X509CRLHolder;
 import org.bouncycastle.cert.X509v2CRLBuilder;
@@ -26,54 +39,49 @@ import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.operator.ContentSigner;
 import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
 
-import java.math.BigInteger;
-import java.security.*;
-import java.security.spec.PKCS8EncodedKeySpec;
-import java.util.Arrays;
-import java.util.Date;
-
-import java.security.spec.ECGenParameterSpec;
-
 public final class CrlIssuer {
 
-    private static final String BC = org.bouncycastle.jce.provider.BouncyCastleProvider.PROVIDER_NAME;
+    private static final String BC                = org.bouncycastle.jce.provider.BouncyCastleProvider.PROVIDER_NAME;
     private static final String SIGNING_ALGORITHM = "SHA256withECDSA";
 
     private CrlIssuer() {
-        throw new AssertionError();//to get rid of security issue, connected with Java Reflection API
+        throw new AssertionError();// to get rid of security issue, connected
+                                   // with Java Reflection API
     }
 
     static {
         Security.insertProviderAt(new BouncyCastleProvider(), 1);
     }
 
-    public static byte[] generateCrl(String issuerName,
-                              Date thisUpdate,
-                              CrlInfo[] items,
-                              byte[] issuerPrivateKey) throws Exception {
+    public static byte[] generateCrl(String issuerName, Date thisUpdate,
+            CrlInfo[] items, byte[] issuerPrivateKey) throws Exception {
 
         X500Name issuerDN = new X500Name(issuerName);
-        X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(issuerDN, thisUpdate);
+        X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(issuerDN,
+                thisUpdate);
 
-        for (CrlInfo item: items) {
-            crlBuilder.addCRLEntry(item.getSerialNumber(), item.getRevocationDate(), 0);
+        for (CrlInfo item : items) {
+            crlBuilder.addCRLEntry(item.getSerialNumber(),
+                    item.getRevocationDate(), 0);
         }
 
         KeyFactory kf = KeyFactory.getInstance("ECDSA");
-        PrivateKey privateKey = kf.generatePrivate(new PKCS8EncodedKeySpec(issuerPrivateKey));
+        PrivateKey privateKey = kf
+                .generatePrivate(new PKCS8EncodedKeySpec(issuerPrivateKey));
 
         // build and sign CRL with CA private key
-        ContentSigner signer = new JcaContentSignerBuilder(SIGNING_ALGORITHM).setProvider(BC).build(privateKey);
+        ContentSigner signer = new JcaContentSignerBuilder(SIGNING_ALGORITHM)
+                .setProvider(BC).build(privateKey);
         X509CRLHolder crl = crlBuilder.build(signer);
 
-        CrlStore.saveCrl(crl);
+        byte data[] = crl.getEncoded();
+        CrlStore.saveCrl(data);
 
-        return crl.getEncoded();
+        return data;
     }
 
     public static byte[] getCrl() throws Exception {
-        X509CRLHolder crl = CrlStore.loadCrl();
-        return crl.getEncoded();
+        return CrlStore.loadCrl();
     }
 
     public static void main(String[] args) {
@@ -95,25 +103,25 @@ public final class CrlIssuer {
             KeyPair pair = g.generateKeyPair();
 
             PrivateKey key = pair.getPrivate();
-            byte[] crl = generateCrl("C=DE,O=Samsung", new Date(), items, key.getEncoded());
+            byte[] crl = generateCrl("C=DE,O=Samsung", new Date(), items,
+                    key.getEncoded());
 
             System.out.println("Success!");
             System.out.println("Stored CRL = " + getHex(crl));
-        }
-        catch (java.lang.Exception e)
-        {
+        } catch (java.lang.Exception e) {
             e.printStackTrace();
         }
         System.out.println("End!");
     }
 
     static final String HEXES = "0123456789ABCDEF";
-    public static String getHex( byte [] raw ) {
-        if ( raw == null ) {
+
+    public static String getHex(byte[] raw) {
+        if (raw == null) {
             return null;
         }
-        final StringBuilder hex = new StringBuilder( 2 * raw.length );
-        for ( final byte b : raw ) {
+        final StringBuilder hex = new StringBuilder(2 * raw.length);
+        for (final byte b : raw) {
             hex.append(HEXES.charAt((b & 0xF0) >> 4))
                     .append(HEXES.charAt((b & 0x0F)));
         }

diff --git a/cloud/account/src/main/java/org/iotivity/cloud/accountserver/x509/crl/CrlStore.java b/cloud/account/src/main/java/org/iotivity/cloud/accountserver/x509/crl/CrlStore.java
new file mode 100644 (file)
index 0000000..3ed43f1
--- /dev/null
+++ b/cloud/account/src/main/java/org/iotivity/cloud/accountserver/x509/crl/CrlStore.java
@@ -0,0 +1,66 @@
+/*
+ * //******************************************************************
+ * //
+ * // Copyright 2016 Samsung Electronics All Rights Reserved.
+ * //
+ * //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
+ * //
+ * // Licensed under the Apache License, Version 2.0 (the "License");
+ * // you may not use this file except in compliance with the License.
+ * // You may obtain a copy of the License at
+ * //
+ * //      http://www.apache.org/licenses/LICENSE-2.0
+ * //
+ * // Unless required by applicable law or agreed to in writing, software
+ * // distributed under the License is distributed on an "AS IS" BASIS,
+ * // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * // See the License for the specific language governing permissions and
+ * // limitations under the License.
+ * //
+ * //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
+ */
+package org.iotivity.cloud.accountserver.x509.crl;
+
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.InputStream;
+
+public final class CrlStore {
+
+    private CrlStore() {
+        throw new AssertionError(); // to get rid of security issue, connected
+                                    // with Java Reflection API
+    }
+
+    private static final String CRL_FILE_NAME = "crl";
+
+    public static void saveCrl(byte[] crl) {
+        try {
+            FileOutputStream out = new FileOutputStream(CRL_FILE_NAME);
+            out.write(crl);
+            out.close();
+        } catch (java.io.IOException e) {
+            e.printStackTrace();
+        }
+    }
+
+    public static byte[] loadCrl() {
+
+        try {
+            InputStream f = new FileInputStream(CRL_FILE_NAME);
+            int size = f.available();
+            byte data[] = new byte[size];
+
+            if(f.read(data) != data.length) {
+                System.err.println("couldn't read crl");
+            }
+            f.close();
+            return data;
+
+        } catch (java.io.IOException e) {
+            e.printStackTrace();
+        }
+
+        return null;
+    }
+}