Added certificate builder.

Change-Id: I5c6930c4ab4f4aec2379108ed2f7efbe2a817a48
Signed-off-by: i.pazderskyy <i.pazderskyy@samsung.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/9861
Reviewed-by: Andrii Androsov <a.androsov@samsung.com>
Tested-by: jenkins-iotivity <jenkins-iotivity@opendaylight.org>
Reviewed-by: Jee Hyeok Kim <jihyeok13.kim@samsung.com>

diff --git a/cloud/account/pom.xml b/cloud/account/pom.xml
index d066f10..fd1bff3 100644 (file)
--- a/cloud/account/pom.xml
+++ b/cloud/account/pom.xml
@@ -1,52 +1,68 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-  <modelVersion>4.0.0</modelVersion>
-  <groupId>org.iotivity.cloud</groupId>
-  <artifactId>CloudAccount</artifactId>
-  <version>0.0.1-SNAPSHOT</version>
-  
-  <properties>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+       <modelVersion>4.0.0</modelVersion>
+       <groupId>org.iotivity.cloud</groupId>
+       <artifactId>CloudAccount</artifactId>
+       <version>0.0.1-SNAPSHOT</version>
+
+       <properties>
                <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
                <maven.test.skip>true</maven.test.skip>
        </properties>
-       
-  <dependencies>
-               <dependency>
+
+       <dependencies>
+               <dependency>
                        <groupId>org.iotivity.cloud</groupId>
                        <artifactId>CloudStack</artifactId>
                        <version>0.0.1-SNAPSHOT</version>
                </dependency>
-               <dependency>
-                       <groupId>org.mongodb</groupId>
-                       <artifactId>mongo-java-driver</artifactId>
-                       <version>3.2.0</version>
-               </dependency>
-               <dependency>
-                       <groupId>junit</groupId>
-                       <artifactId>junit</artifactId>
-                       <version>4.12</version>
-               </dependency>
-               <dependency>
-                       <groupId>org.apache.oltu.oauth2</groupId>
-                       <artifactId>org.apache.oltu.oauth2.client</artifactId>
-                       <version>1.0.1</version>
-               </dependency>
-               <dependency>
-                       <groupId>org.apache.oltu.oauth2</groupId>
-                       <artifactId>
+               <dependency>
+                       <groupId>org.mongodb</groupId>
+                       <artifactId>mongo-java-driver</artifactId>
+                       <version>3.2.0</version>
+               </dependency>
+               <dependency>
+                       <groupId>junit</groupId>
+                       <artifactId>junit</artifactId>
+                       <version>4.12</version>
+               </dependency>
+               <dependency>
+                       <groupId>org.apache.oltu.oauth2</groupId>
+                       <artifactId>org.apache.oltu.oauth2.client</artifactId>
+                       <version>1.0.1</version>
+               </dependency>
+               <dependency>
+                       <groupId>org.apache.oltu.oauth2</groupId>
+                       <artifactId>
                                org.apache.oltu.oauth2.common
                        </artifactId>
-                       <version>1.0.1</version>
-               </dependency>
-               <dependency>
-                       <groupId>org.apache.oltu.oauth2</groupId>
-                       <artifactId>
+                       <version>1.0.1</version>
+               </dependency>
+               <dependency>
+                       <groupId>org.apache.oltu.oauth2</groupId>
+                       <artifactId>
                                org.apache.oltu.oauth2.authzserver
                        </artifactId>
-                       <version>1.0.1</version>
-               </dependency>
-  </dependencies>
-       
-  <build>
+                       <version>1.0.1</version>
+               </dependency>
+
+               <!-- For security tasks(certificates, signature, keystore) -->
+               <dependency>
+                       <groupId>org.bouncycastle</groupId>
+                       <artifactId>bcprov-jdk15on</artifactId>
+                       <version>1.54</version>
+               </dependency>
+
+               <dependency>
+                       <groupId>org.bouncycastle</groupId>
+                       <artifactId>bcpkix-jdk15on</artifactId>
+                       <version>1.54</version>
+               </dependency>
+               <!-- For security tasks(certificates, signature, keystore) -->
+
+       </dependencies>
+
+       <build>
                <plugins>
                        <plugin>
                                <inherited>true</inherited>
@@ -88,7 +104,7 @@
                                        <overWriteIfNewer>true</overWriteIfNewer>
                                </configuration>
                        </plugin>
-               </plugins>              
+               </plugins>
        </build>
-  
+
 </project>
\ No newline at end of file

diff --git a/cloud/account/src/main/java/org/iotivity/cloud/accountserver/security/x509/CertificateBuilder.java b/cloud/account/src/main/java/org/iotivity/cloud/accountserver/security/x509/CertificateBuilder.java
new file mode 100644 (file)
index 0000000..cb577d7
--- /dev/null
+++ b/cloud/account/src/main/java/org/iotivity/cloud/accountserver/security/x509/CertificateBuilder.java
@@ -0,0 +1,163 @@
+/*
+ * //******************************************************************
+ * //
+ * // Copyright 2016 Samsung Electronics All Rights Reserved.
+ * //
+ * //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
+ * //
+ * // Licensed under the Apache License, Version 2.0 (the "License");
+ * // you may not use this file except in compliance with the License.
+ * // You may obtain a copy of the License at
+ * //
+ * //      http://www.apache.org/licenses/LICENSE-2.0
+ * //
+ * // Unless required by applicable law or agreed to in writing, software
+ * // distributed under the License is distributed on an "AS IS" BASIS,
+ * // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * // See the License for the specific language governing permissions and
+ * // limitations under the License.
+ * //
+ * //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
+ */
+package org.iotivity.cloud.accountserver.security.x509;
+import java.math.BigInteger;
+import java.security.GeneralSecurityException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.SecureRandom;
+import java.security.Security;
+import java.security.cert.X509Certificate;
+import java.util.Date;
+
+import org.bouncycastle.asn1.DEROctetString;
+import org.bouncycastle.asn1.x500.RDN;
+import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.asn1.x500.X500NameBuilder;
+import org.bouncycastle.asn1.x500.style.BCStyle;
+import org.bouncycastle.asn1.x500.style.IETFUtils;
+import org.bouncycastle.asn1.x509.Extension;
+import org.bouncycastle.cert.CertIOException;
+import org.bouncycastle.cert.X509v3CertificateBuilder;
+import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
+import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
+import org.bouncycastle.jce.ECNamedCurveTable;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.jce.spec.ECParameterSpec;
+import org.bouncycastle.operator.ContentSigner;
+import org.bouncycastle.operator.OperatorCreationException;
+import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
+
+public class CertificateBuilder {
+    private String issuer;
+    private String subjectCN;
+    private String subjectC;
+    private String subjectO;
+    private String subjectOU;
+    private String subjectAltName;
+    private Date notBefore;
+    private Date notAfter;
+    private PrivateKey privKey;
+    private PublicKey  pubKey;
+    private BigInteger serial;
+    private static final String SIGNATURE_ALGORITHM = "SHA256withECDSA";
+    private static final String CURVE = "secp256r1";
+    private static final String KEY_GENERATOR_ALGORITHM = "ECDSA";
+
+    public CertificateBuilder(String subject, Date notBefore, Date notAfter, BigInteger serial) {
+        Security.addProvider(new BouncyCastleProvider());
+        init(subject, null, notBefore, notAfter, null, null, serial);
+    }
+
+    public CertificateBuilder(String subject, PublicKey pubKey, Date notBefore, Date notAfter, 
+            BigInteger serial, CertificatePrivateKeyPair root) {
+        X500Name x500name = new X500Name( root.getCertificate().getSubjectX500Principal().getName() );
+        RDN cn = x500name.getRDNs(BCStyle.CN)[0];
+        init(subject, IETFUtils.valueToString(cn.getFirst().getValue()), notBefore, notAfter, root.getKey(), pubKey, serial);
+    }
+
+    public CertificateBuilder(String subject, String issuer, Date notBefore, Date notAfter, 
+            PrivateKey privKey, PublicKey pubKey, BigInteger serial) {
+        Security.addProvider(new BouncyCastleProvider());
+        init(subject, issuer, notBefore, notAfter, privKey, pubKey, serial);
+    }
+
+    private void init(String subject, String issuer, Date notBefore, Date notAfter,
+            PrivateKey privKey, PublicKey pubKey, BigInteger serial) {
+        this.subjectCN = subject;
+        this.issuer = issuer;
+        this.notBefore = notBefore;
+        this.notAfter = notAfter;
+        this.privKey = privKey;
+        this.pubKey = pubKey;
+        this.serial = serial;
+    }
+
+    public void setSubjectC(String subjectC) {
+        this.subjectC = subjectC;
+    }
+
+    public void setSubjectO(String subjectO) {
+        this.subjectO = subjectO;
+    }
+
+    public void setSubjectOU(String subjectOU) {
+        this.subjectOU = subjectOU;
+    }
+
+    public void setSubjectAltName(String subjectAltName) {
+        this.subjectAltName = subjectAltName;
+    }
+
+    public CertificatePrivateKeyPair build()
+            throws GeneralSecurityException, OperatorCreationException, CertIOException {
+        if(null == privKey && null == pubKey)
+        {
+            ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec(CURVE);
+            KeyPairGenerator g = null;
+
+            g = KeyPairGenerator.getInstance(KEY_GENERATOR_ALGORITHM, "BC");
+            g.initialize(ecSpec, new SecureRandom());
+
+            KeyPair pair = g.generateKeyPair();
+            privKey = pair.getPrivate();
+            pubKey = pair.getPublic();
+            issuer = subjectCN;
+        }
+
+        X509Certificate cert = null;
+        X500NameBuilder subjectNameBld = new X500NameBuilder(BCStyle.INSTANCE);
+
+        subjectNameBld.addRDN(BCStyle.CN, subjectCN);
+
+        if(null != subjectOU) {
+            subjectNameBld.addRDN(BCStyle.OU, subjectOU);
+        }
+
+        if(null != subjectO) {
+            subjectNameBld.addRDN(BCStyle.O, subjectO);
+        }
+
+        if(null != subjectC) {
+            subjectNameBld.addRDN(BCStyle.C, subjectC);
+        }
+
+        X500NameBuilder issuerNameBld = new X500NameBuilder(BCStyle.INSTANCE);
+        issuerNameBld.addRDN(BCStyle.CN, issuer);
+
+        ContentSigner sigGen = new JcaContentSignerBuilder(SIGNATURE_ALGORITHM).setProvider("BC").build(privKey);
+
+        X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(issuerNameBld.build(),
+                serial, notBefore, notAfter ,subjectNameBld.build(), pubKey);
+
+        if(null != subjectAltName) {
+            certGen.addExtension(Extension.subjectAlternativeName, false, new DEROctetString(subjectAltName.getBytes()));
+        }
+
+        cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(certGen.build(sigGen));
+
+        return new CertificatePrivateKeyPair(cert, privKey);
+    }
+
+}
\ No newline at end of file

diff --git a/cloud/account/src/main/java/org/iotivity/cloud/accountserver/security/x509/CertificatePrivateKeyPair.java b/cloud/account/src/main/java/org/iotivity/cloud/accountserver/security/x509/CertificatePrivateKeyPair.java
new file mode 100644 (file)
index 0000000..e964472
--- /dev/null
+++ b/cloud/account/src/main/java/org/iotivity/cloud/accountserver/security/x509/CertificatePrivateKeyPair.java
@@ -0,0 +1,42 @@
+/*
+ * //******************************************************************
+ * //
+ * // Copyright 2016 Samsung Electronics All Rights Reserved.
+ * //
+ * //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
+ * //
+ * // Licensed under the Apache License, Version 2.0 (the "License");
+ * // you may not use this file except in compliance with the License.
+ * // You may obtain a copy of the License at
+ * //
+ * //      http://www.apache.org/licenses/LICENSE-2.0
+ * //
+ * // Unless required by applicable law or agreed to in writing, software
+ * // distributed under the License is distributed on an "AS IS" BASIS,
+ * // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * // See the License for the specific language governing permissions and
+ * // limitations under the License.
+ * //
+ * //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
+ */
+package org.iotivity.cloud.accountserver.security.x509;
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+
+public class CertificatePrivateKeyPair {
+    private X509Certificate certificate = null;
+    private PrivateKey key = null;
+
+    public CertificatePrivateKeyPair(X509Certificate cert, PrivateKey k) {
+        certificate = cert;
+        key = k;
+    }
+
+    public X509Certificate getCertificate() {
+        return certificate;
+    }
+
+    public PrivateKey getKey() {
+        return key;
+    }
+}