+++ /dev/null
-/*
- * //******************************************************************
- * //
- * // Copyright 2016 Samsung Electronics All Rights Reserved.
- * //
- * //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
- * //
- * // Licensed under the Apache License, Version 2.0 (the "License");
- * // you may not use this file except in compliance with the License.
- * // You may obtain a copy of the License at
- * //
- * // http://www.apache.org/licenses/LICENSE-2.0
- * //
- * // Unless required by applicable law or agreed to in writing, software
- * // distributed under the License is distributed on an "AS IS" BASIS,
- * // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * // See the License for the specific language governing permissions and
- * // limitations under the License.
- * //
- * //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
- */
-import org.bouncycastle.cert.X509CRLHolder;
-
-public final class CrlStore {
-
- private CrlStore() {
- throw new AssertionError(); //to get rid of security issue, connected with Java Reflection API
- }
-
- private static final String CRLFILENAME = "crl.txt";
-
- public static void saveCrl(X509CRLHolder crl) {
- //TODO: implement Java KeyStore
- }
-
- public static X509CRLHolder loadCrl() {
- //TODO: implement Java KeyStore
- return null;
- }
-}
* //
* //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
*/
-package org.iotivity.cloud.accountserver.security.x509;
+package org.iotivity.cloud.accountserver.x509.cert;
+
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
public class CertificateBuilder {
- private String issuer;
- private String subjectCN;
- private String subjectC;
- private String subjectO;
- private String subjectOU;
- private String subjectAltName;
- private Date notBefore;
- private Date notAfter;
- private PrivateKey privKey;
- private PublicKey pubKey;
- private BigInteger serial;
- private static final String SIGNATURE_ALGORITHM = "SHA256withECDSA";
- private static final String CURVE = "secp256r1";
+ private String issuer;
+ private String subjectCN;
+ private String subjectC;
+ private String subjectO;
+ private String subjectOU;
+ private String subjectAltName;
+ private Date notBefore;
+ private Date notAfter;
+ private PrivateKey privKey;
+ private PublicKey pubKey;
+ private BigInteger serial;
+ private static final String SIGNATURE_ALGORITHM = "SHA256withECDSA";
+ private static final String CURVE = "secp256r1";
private static final String KEY_GENERATOR_ALGORITHM = "ECDSA";
- public CertificateBuilder(String subject, Date notBefore, Date notAfter, BigInteger serial) {
+ public CertificateBuilder(String subject, Date notBefore, Date notAfter,
+ BigInteger serial) {
Security.addProvider(new BouncyCastleProvider());
init(subject, null, notBefore, notAfter, null, null, serial);
}
- public CertificateBuilder(String subject, PublicKey pubKey, Date notBefore, Date notAfter,
- BigInteger serial, CertificatePrivateKeyPair root) {
- X500Name x500name = new X500Name( root.getCertificate().getSubjectX500Principal().getName() );
+ public CertificateBuilder(String subject, PublicKey pubKey, Date notBefore,
+ Date notAfter, BigInteger serial, CertificatePrivateKeyPair root) {
+ X500Name x500name = new X500Name(
+ root.getCertificate().getSubjectX500Principal().getName());
RDN cn = x500name.getRDNs(BCStyle.CN)[0];
- init(subject, IETFUtils.valueToString(cn.getFirst().getValue()), notBefore, notAfter, root.getKey(), pubKey, serial);
+ init(subject, IETFUtils.valueToString(cn.getFirst().getValue()),
+ notBefore, notAfter, root.getKey(), pubKey, serial);
}
- public CertificateBuilder(String subject, String issuer, Date notBefore, Date notAfter,
- PrivateKey privKey, PublicKey pubKey, BigInteger serial) {
+ public CertificateBuilder(String subject, String issuer, Date notBefore,
+ Date notAfter, PrivateKey privKey, PublicKey pubKey,
+ BigInteger serial) {
Security.addProvider(new BouncyCastleProvider());
init(subject, issuer, notBefore, notAfter, privKey, pubKey, serial);
}
- private void init(String subject, String issuer, Date notBefore, Date notAfter,
- PrivateKey privKey, PublicKey pubKey, BigInteger serial) {
+ private void init(String subject, String issuer, Date notBefore,
+ Date notAfter, PrivateKey privKey, PublicKey pubKey,
+ BigInteger serial) {
this.subjectCN = subject;
this.issuer = issuer;
this.notBefore = notBefore;
this.subjectAltName = subjectAltName;
}
- public CertificatePrivateKeyPair build()
- throws GeneralSecurityException, OperatorCreationException, CertIOException {
- if(null == privKey && null == pubKey)
- {
+ public CertificatePrivateKeyPair build() throws GeneralSecurityException,
+ OperatorCreationException, CertIOException {
+ if (null == privKey && null == pubKey) {
ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec(CURVE);
KeyPairGenerator g = null;
subjectNameBld.addRDN(BCStyle.CN, subjectCN);
- if(null != subjectOU) {
+ if (null != subjectOU) {
subjectNameBld.addRDN(BCStyle.OU, subjectOU);
}
- if(null != subjectO) {
+ if (null != subjectO) {
subjectNameBld.addRDN(BCStyle.O, subjectO);
}
- if(null != subjectC) {
+ if (null != subjectC) {
subjectNameBld.addRDN(BCStyle.C, subjectC);
}
X500NameBuilder issuerNameBld = new X500NameBuilder(BCStyle.INSTANCE);
issuerNameBld.addRDN(BCStyle.CN, issuer);
- ContentSigner sigGen = new JcaContentSignerBuilder(SIGNATURE_ALGORITHM).setProvider("BC").build(privKey);
+ ContentSigner sigGen = new JcaContentSignerBuilder(SIGNATURE_ALGORITHM)
+ .setProvider("BC").build(privKey);
- X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(issuerNameBld.build(),
- serial, notBefore, notAfter ,subjectNameBld.build(), pubKey);
+ X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(
+ issuerNameBld.build(), serial, notBefore, notAfter,
+ subjectNameBld.build(), pubKey);
- if(null != subjectAltName) {
- certGen.addExtension(Extension.subjectAlternativeName, false, new DEROctetString(subjectAltName.getBytes()));
+ if (null != subjectAltName) {
+ certGen.addExtension(Extension.subjectAlternativeName, false,
+ new DEROctetString(subjectAltName.getBytes()));
}
- cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(certGen.build(sigGen));
+ cert = new JcaX509CertificateConverter().setProvider("BC")
+ .getCertificate(certGen.build(sigGen));
return new CertificatePrivateKeyPair(cert, privKey);
}
* //
* //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
*/
-package org.iotivity.cloud.accountserver.security.x509;
+package org.iotivity.cloud.accountserver.x509.cert;
+
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
public class CertificatePrivateKeyPair {
private X509Certificate certificate = null;
- private PrivateKey key = null;
+ private PrivateKey key = null;
public CertificatePrivateKeyPair(X509Certificate cert, PrivateKey k) {
certificate = cert;
* //
* //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
*/
+package org.iotivity.cloud.accountserver.x509.crl;
+
import java.math.BigInteger;
import java.util.Date;
public class CrlInfo {
private BigInteger serialNumber;
- private Date revocationDate;
+ private Date revocationDate;
- void setSerialNumber(BigInteger serialNumber) {
+ public void setSerialNumber(BigInteger serialNumber) {
this.serialNumber = serialNumber;
}
- BigInteger getSerialNumber() {
+
+ public BigInteger getSerialNumber() {
return serialNumber;
}
- void setRevocationDate(Date date) {
+
+ public void setRevocationDate(Date date) {
this.revocationDate = date;
}
- Date getRevocationDate() {
+
+ public Date getRevocationDate() {
return new Date(revocationDate.getTime());
}
}
* //
* //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
*/
+package org.iotivity.cloud.accountserver.x509.crl;
+
+import java.math.BigInteger;
+import java.security.KeyFactory;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.PrivateKey;
+import java.security.SecureRandom;
+import java.security.Security;
+import java.security.spec.ECGenParameterSpec;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.util.Date;
+
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.cert.X509CRLHolder;
import org.bouncycastle.cert.X509v2CRLBuilder;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
-import java.math.BigInteger;
-import java.security.*;
-import java.security.spec.PKCS8EncodedKeySpec;
-import java.util.Arrays;
-import java.util.Date;
-
-import java.security.spec.ECGenParameterSpec;
-
public final class CrlIssuer {
- private static final String BC = org.bouncycastle.jce.provider.BouncyCastleProvider.PROVIDER_NAME;
+ private static final String BC = org.bouncycastle.jce.provider.BouncyCastleProvider.PROVIDER_NAME;
private static final String SIGNING_ALGORITHM = "SHA256withECDSA";
private CrlIssuer() {
- throw new AssertionError();//to get rid of security issue, connected with Java Reflection API
+ throw new AssertionError();// to get rid of security issue, connected
+ // with Java Reflection API
}
static {
Security.insertProviderAt(new BouncyCastleProvider(), 1);
}
- public static byte[] generateCrl(String issuerName,
- Date thisUpdate,
- CrlInfo[] items,
- byte[] issuerPrivateKey) throws Exception {
+ public static byte[] generateCrl(String issuerName, Date thisUpdate,
+ CrlInfo[] items, byte[] issuerPrivateKey) throws Exception {
X500Name issuerDN = new X500Name(issuerName);
- X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(issuerDN, thisUpdate);
+ X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(issuerDN,
+ thisUpdate);
- for (CrlInfo item: items) {
- crlBuilder.addCRLEntry(item.getSerialNumber(), item.getRevocationDate(), 0);
+ for (CrlInfo item : items) {
+ crlBuilder.addCRLEntry(item.getSerialNumber(),
+ item.getRevocationDate(), 0);
}
KeyFactory kf = KeyFactory.getInstance("ECDSA");
- PrivateKey privateKey = kf.generatePrivate(new PKCS8EncodedKeySpec(issuerPrivateKey));
+ PrivateKey privateKey = kf
+ .generatePrivate(new PKCS8EncodedKeySpec(issuerPrivateKey));
// build and sign CRL with CA private key
- ContentSigner signer = new JcaContentSignerBuilder(SIGNING_ALGORITHM).setProvider(BC).build(privateKey);
+ ContentSigner signer = new JcaContentSignerBuilder(SIGNING_ALGORITHM)
+ .setProvider(BC).build(privateKey);
X509CRLHolder crl = crlBuilder.build(signer);
- CrlStore.saveCrl(crl);
+ byte data[] = crl.getEncoded();
+ CrlStore.saveCrl(data);
- return crl.getEncoded();
+ return data;
}
public static byte[] getCrl() throws Exception {
- X509CRLHolder crl = CrlStore.loadCrl();
- return crl.getEncoded();
+ return CrlStore.loadCrl();
}
public static void main(String[] args) {
KeyPair pair = g.generateKeyPair();
PrivateKey key = pair.getPrivate();
- byte[] crl = generateCrl("C=DE,O=Samsung", new Date(), items, key.getEncoded());
+ byte[] crl = generateCrl("C=DE,O=Samsung", new Date(), items,
+ key.getEncoded());
System.out.println("Success!");
System.out.println("Stored CRL = " + getHex(crl));
- }
- catch (java.lang.Exception e)
- {
+ } catch (java.lang.Exception e) {
e.printStackTrace();
}
System.out.println("End!");
}
static final String HEXES = "0123456789ABCDEF";
- public static String getHex( byte [] raw ) {
- if ( raw == null ) {
+
+ public static String getHex(byte[] raw) {
+ if (raw == null) {
return null;
}
- final StringBuilder hex = new StringBuilder( 2 * raw.length );
- for ( final byte b : raw ) {
+ final StringBuilder hex = new StringBuilder(2 * raw.length);
+ for (final byte b : raw) {
hex.append(HEXES.charAt((b & 0xF0) >> 4))
.append(HEXES.charAt((b & 0x0F)));
}
--- /dev/null
+/*
+ * //******************************************************************
+ * //
+ * // Copyright 2016 Samsung Electronics All Rights Reserved.
+ * //
+ * //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
+ * //
+ * // Licensed under the Apache License, Version 2.0 (the "License");
+ * // you may not use this file except in compliance with the License.
+ * // You may obtain a copy of the License at
+ * //
+ * // http://www.apache.org/licenses/LICENSE-2.0
+ * //
+ * // Unless required by applicable law or agreed to in writing, software
+ * // distributed under the License is distributed on an "AS IS" BASIS,
+ * // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * // See the License for the specific language governing permissions and
+ * // limitations under the License.
+ * //
+ * //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
+ */
+package org.iotivity.cloud.accountserver.x509.crl;
+
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.InputStream;
+
+public final class CrlStore {
+
+ private CrlStore() {
+ throw new AssertionError(); // to get rid of security issue, connected
+ // with Java Reflection API
+ }
+
+ private static final String CRL_FILE_NAME = "crl";
+
+ public static void saveCrl(byte[] crl) {
+ try {
+ FileOutputStream out = new FileOutputStream(CRL_FILE_NAME);
+ out.write(crl);
+ out.close();
+ } catch (java.io.IOException e) {
+ e.printStackTrace();
+ }
+ }
+
+ public static byte[] loadCrl() {
+
+ try {
+ InputStream f = new FileInputStream(CRL_FILE_NAME);
+ int size = f.available();
+ byte data[] = new byte[size];
+
+ if(f.read(data) != data.length) {
+ System.err.println("couldn't read crl");
+ }
+ f.close();
+ return data;
+
+ } catch (java.io.IOException e) {
+ e.printStackTrace();
+ }
+
+ return null;
+ }
+}