From e601aefa1c0f992eaad9028bb3383176ada1488c Mon Sep 17 00:00:00 2001
From: "i.pazderskyy" <i.pazderskyy@samsung.com>
Date: Fri, 29 Jul 2016 14:45:18 +0300
Subject: [PATCH] Added certificate builder.

Change-Id: I5c6930c4ab4f4aec2379108ed2f7efbe2a817a48
Signed-off-by: i.pazderskyy <i.pazderskyy@samsung.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/9861
Reviewed-by: Andrii Androsov <a.androsov@samsung.com>
Tested-by: jenkins-iotivity <jenkins-iotivity@opendaylight.org>
Reviewed-by: Jee Hyeok Kim <jihyeok13.kim@samsung.com>
---
 cloud/account/pom.xml                              |  96 +++++++-----
 .../security/x509/CertificateBuilder.java          | 163 +++++++++++++++++++++
 .../security/x509/CertificatePrivateKeyPair.java   |  42 ++++++
 3 files changed, 261 insertions(+), 40 deletions(-)
 create mode 100644 cloud/account/src/main/java/org/iotivity/cloud/accountserver/security/x509/CertificateBuilder.java
 create mode 100644 cloud/account/src/main/java/org/iotivity/cloud/accountserver/security/x509/CertificatePrivateKeyPair.java

diff --git a/cloud/account/pom.xml b/cloud/account/pom.xml
index d066f10..fd1bff3 100644
--- a/cloud/account/pom.xml
+++ b/cloud/account/pom.xml
@@ -1,52 +1,68 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-  <modelVersion>4.0.0</modelVersion>
-  <groupId>org.iotivity.cloud</groupId>
-  <artifactId>CloudAccount</artifactId>
-  <version>0.0.1-SNAPSHOT</version>
-  
-  <properties>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+	<groupId>org.iotivity.cloud</groupId>
+	<artifactId>CloudAccount</artifactId>
+	<version>0.0.1-SNAPSHOT</version>
+
+	<properties>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<maven.test.skip>true</maven.test.skip>
 	</properties>
-	
-  <dependencies>
-  		<dependency>
+
+	<dependencies>
+		<dependency>
 			<groupId>org.iotivity.cloud</groupId>
 			<artifactId>CloudStack</artifactId>
 			<version>0.0.1-SNAPSHOT</version>
 		</dependency>
-  		<dependency>
-  			<groupId>org.mongodb</groupId>
-  			<artifactId>mongo-java-driver</artifactId>
-  			<version>3.2.0</version>
-  		</dependency>
-  		<dependency>
-  			<groupId>junit</groupId>
-  			<artifactId>junit</artifactId>
-  			<version>4.12</version>
-  		</dependency>
-  		<dependency>
-  			<groupId>org.apache.oltu.oauth2</groupId>
-  			<artifactId>org.apache.oltu.oauth2.client</artifactId>
-  			<version>1.0.1</version>
-  		</dependency>
-  		<dependency>
-  			<groupId>org.apache.oltu.oauth2</groupId>
-  			<artifactId>
+		<dependency>
+			<groupId>org.mongodb</groupId>
+			<artifactId>mongo-java-driver</artifactId>
+			<version>3.2.0</version>
+		</dependency>
+		<dependency>
+			<groupId>junit</groupId>
+			<artifactId>junit</artifactId>
+			<version>4.12</version>
+		</dependency>
+		<dependency>
+			<groupId>org.apache.oltu.oauth2</groupId>
+			<artifactId>org.apache.oltu.oauth2.client</artifactId>
+			<version>1.0.1</version>
+		</dependency>
+		<dependency>
+			<groupId>org.apache.oltu.oauth2</groupId>
+			<artifactId>
   				org.apache.oltu.oauth2.common
   			</artifactId>
-  			<version>1.0.1</version>
-  		</dependency>
-  		<dependency>
-  			<groupId>org.apache.oltu.oauth2</groupId>
-  			<artifactId>
+			<version>1.0.1</version>
+		</dependency>
+		<dependency>
+			<groupId>org.apache.oltu.oauth2</groupId>
+			<artifactId>
   				org.apache.oltu.oauth2.authzserver
   			</artifactId>
-  			<version>1.0.1</version>
-  		</dependency>
-  </dependencies>
-	
-  <build>
+			<version>1.0.1</version>
+		</dependency>
+
+		<!-- For security tasks(certificates, signature, keystore) -->
+		<dependency>
+			<groupId>org.bouncycastle</groupId>
+			<artifactId>bcprov-jdk15on</artifactId>
+			<version>1.54</version>
+		</dependency>
+
+		<dependency>
+			<groupId>org.bouncycastle</groupId>
+			<artifactId>bcpkix-jdk15on</artifactId>
+			<version>1.54</version>
+		</dependency>
+		<!-- For security tasks(certificates, signature, keystore) -->
+
+	</dependencies>
+
+	<build>
 		<plugins>
 			<plugin>
 				<inherited>true</inherited>
@@ -88,7 +104,7 @@
 					<overWriteIfNewer>true</overWriteIfNewer>
 				</configuration>
 			</plugin>
-		</plugins>		
+		</plugins>
 	</build>
-  
+
 </project>
\ No newline at end of file
diff --git a/cloud/account/src/main/java/org/iotivity/cloud/accountserver/security/x509/CertificateBuilder.java b/cloud/account/src/main/java/org/iotivity/cloud/accountserver/security/x509/CertificateBuilder.java
new file mode 100644
index 0000000..cb577d7
--- /dev/null
+++ b/cloud/account/src/main/java/org/iotivity/cloud/accountserver/security/x509/CertificateBuilder.java
@@ -0,0 +1,163 @@
+/*
+ * //******************************************************************
+ * //
+ * // Copyright 2016 Samsung Electronics All Rights Reserved.
+ * //
+ * //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
+ * //
+ * // Licensed under the Apache License, Version 2.0 (the "License");
+ * // you may not use this file except in compliance with the License.
+ * // You may obtain a copy of the License at
+ * //
+ * //      http://www.apache.org/licenses/LICENSE-2.0
+ * //
+ * // Unless required by applicable law or agreed to in writing, software
+ * // distributed under the License is distributed on an "AS IS" BASIS,
+ * // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * // See the License for the specific language governing permissions and
+ * // limitations under the License.
+ * //
+ * //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
+ */
+package org.iotivity.cloud.accountserver.security.x509;
+import java.math.BigInteger;
+import java.security.GeneralSecurityException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.SecureRandom;
+import java.security.Security;
+import java.security.cert.X509Certificate;
+import java.util.Date;
+
+import org.bouncycastle.asn1.DEROctetString;
+import org.bouncycastle.asn1.x500.RDN;
+import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.asn1.x500.X500NameBuilder;
+import org.bouncycastle.asn1.x500.style.BCStyle;
+import org.bouncycastle.asn1.x500.style.IETFUtils;
+import org.bouncycastle.asn1.x509.Extension;
+import org.bouncycastle.cert.CertIOException;
+import org.bouncycastle.cert.X509v3CertificateBuilder;
+import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
+import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
+import org.bouncycastle.jce.ECNamedCurveTable;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.jce.spec.ECParameterSpec;
+import org.bouncycastle.operator.ContentSigner;
+import org.bouncycastle.operator.OperatorCreationException;
+import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
+
+public class CertificateBuilder {
+    private String issuer;
+    private String subjectCN;
+    private String subjectC;
+    private String subjectO;
+    private String subjectOU;
+    private String subjectAltName;
+    private Date notBefore;
+    private Date notAfter;
+    private PrivateKey privKey;
+    private PublicKey  pubKey;
+    private BigInteger serial;
+    private static final String SIGNATURE_ALGORITHM = "SHA256withECDSA";
+    private static final String CURVE = "secp256r1";
+    private static final String KEY_GENERATOR_ALGORITHM = "ECDSA";
+
+    public CertificateBuilder(String subject, Date notBefore, Date notAfter, BigInteger serial) {
+        Security.addProvider(new BouncyCastleProvider());
+        init(subject, null, notBefore, notAfter, null, null, serial);
+    }
+
+    public CertificateBuilder(String subject, PublicKey pubKey, Date notBefore, Date notAfter, 
+            BigInteger serial, CertificatePrivateKeyPair root) {
+        X500Name x500name = new X500Name( root.getCertificate().getSubjectX500Principal().getName() );
+        RDN cn = x500name.getRDNs(BCStyle.CN)[0];
+        init(subject, IETFUtils.valueToString(cn.getFirst().getValue()), notBefore, notAfter, root.getKey(), pubKey, serial);
+    }
+
+    public CertificateBuilder(String subject, String issuer, Date notBefore, Date notAfter, 
+            PrivateKey privKey, PublicKey pubKey, BigInteger serial) {
+        Security.addProvider(new BouncyCastleProvider());
+        init(subject, issuer, notBefore, notAfter, privKey, pubKey, serial);
+    }
+
+    private void init(String subject, String issuer, Date notBefore, Date notAfter,
+            PrivateKey privKey, PublicKey pubKey, BigInteger serial) {
+        this.subjectCN = subject;
+        this.issuer = issuer;
+        this.notBefore = notBefore;
+        this.notAfter = notAfter;
+        this.privKey = privKey;
+        this.pubKey = pubKey;
+        this.serial = serial;
+    }
+
+    public void setSubjectC(String subjectC) {
+        this.subjectC = subjectC;
+    }
+
+    public void setSubjectO(String subjectO) {
+        this.subjectO = subjectO;
+    }
+
+    public void setSubjectOU(String subjectOU) {
+        this.subjectOU = subjectOU;
+    }
+
+    public void setSubjectAltName(String subjectAltName) {
+        this.subjectAltName = subjectAltName;
+    }
+
+    public CertificatePrivateKeyPair build()
+            throws GeneralSecurityException, OperatorCreationException, CertIOException {
+        if(null == privKey && null == pubKey)
+        {
+            ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec(CURVE);
+            KeyPairGenerator g = null;
+
+            g = KeyPairGenerator.getInstance(KEY_GENERATOR_ALGORITHM, "BC");
+            g.initialize(ecSpec, new SecureRandom());
+
+            KeyPair pair = g.generateKeyPair();
+            privKey = pair.getPrivate();
+            pubKey = pair.getPublic();
+            issuer = subjectCN;
+        }
+
+        X509Certificate cert = null;
+        X500NameBuilder subjectNameBld = new X500NameBuilder(BCStyle.INSTANCE);
+
+        subjectNameBld.addRDN(BCStyle.CN, subjectCN);
+
+        if(null != subjectOU) {
+            subjectNameBld.addRDN(BCStyle.OU, subjectOU);
+        }
+
+        if(null != subjectO) {
+            subjectNameBld.addRDN(BCStyle.O, subjectO);
+        }
+
+        if(null != subjectC) {
+            subjectNameBld.addRDN(BCStyle.C, subjectC);
+        }
+
+        X500NameBuilder issuerNameBld = new X500NameBuilder(BCStyle.INSTANCE);
+        issuerNameBld.addRDN(BCStyle.CN, issuer);
+
+        ContentSigner sigGen = new JcaContentSignerBuilder(SIGNATURE_ALGORITHM).setProvider("BC").build(privKey);
+
+        X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(issuerNameBld.build(),
+                serial, notBefore, notAfter ,subjectNameBld.build(), pubKey);
+
+        if(null != subjectAltName) {
+            certGen.addExtension(Extension.subjectAlternativeName, false, new DEROctetString(subjectAltName.getBytes()));
+        }
+
+        cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(certGen.build(sigGen));
+
+        return new CertificatePrivateKeyPair(cert, privKey);
+    }
+
+}
\ No newline at end of file
diff --git a/cloud/account/src/main/java/org/iotivity/cloud/accountserver/security/x509/CertificatePrivateKeyPair.java b/cloud/account/src/main/java/org/iotivity/cloud/accountserver/security/x509/CertificatePrivateKeyPair.java
new file mode 100644
index 0000000..e964472
--- /dev/null
+++ b/cloud/account/src/main/java/org/iotivity/cloud/accountserver/security/x509/CertificatePrivateKeyPair.java
@@ -0,0 +1,42 @@
+/*
+ * //******************************************************************
+ * //
+ * // Copyright 2016 Samsung Electronics All Rights Reserved.
+ * //
+ * //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
+ * //
+ * // Licensed under the Apache License, Version 2.0 (the "License");
+ * // you may not use this file except in compliance with the License.
+ * // You may obtain a copy of the License at
+ * //
+ * //      http://www.apache.org/licenses/LICENSE-2.0
+ * //
+ * // Unless required by applicable law or agreed to in writing, software
+ * // distributed under the License is distributed on an "AS IS" BASIS,
+ * // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * // See the License for the specific language governing permissions and
+ * // limitations under the License.
+ * //
+ * //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
+ */
+package org.iotivity.cloud.accountserver.security.x509;
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+
+public class CertificatePrivateKeyPair {
+    private X509Certificate certificate = null;
+    private PrivateKey key = null;
+
+    public CertificatePrivateKeyPair(X509Certificate cert, PrivateKey k) {
+        certificate = cert;
+        key = k;
+    }
+
+    public X509Certificate getCertificate() {
+        return certificate;
+    }
+
+    public PrivateKey getKey() {
+        return key;
+    }
+}
-- 
2.7.4