📄 peercerts.java
字号:
/************************************************************************
*
* $Id: PeerCerts.java,v 1.2 2002/03/04 21:42:58 echtcherbina Exp $
*
* Copyright (c) 2001 Sun Microsystems, Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Sun Microsystems, Inc. for Project JXTA."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Sun", "Sun Microsystems, Inc.", "JXTA" and "Project JXTA"
* must not be used to endorse or promote products derived from this
* software without prior written permission. For written
* permission, please contact Project JXTA at http://www.jxta.org.
*
* 5. Products derived from this software may not be called "JXTA",
* nor may "JXTA" appear in their name, without prior written
* permission of Sun.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL SUN MICROSYSTEMS OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of Project JXTA. For more
* information on Project JXTA, please see
* <http://www.jxta.org/>.
*
* This license is based on the BSD license adopted by the Apache Foundation.
*********************************************************************************/
//
// Contains method to generate certs when initializing jxta platform
//
package net.jxta.impl.endpoint.tls;
import COM.claymoresystems.cert.*;
import COM.claymoresystems.crypto.*;
import COM.claymoresystems.provider.ClaymoreProvider;
import COM.claymoresystems.util.Util;
import COM.claymoresystems.ptls.SSLDebug;
import org.bouncycastle.jce.provider.X509CertificateObject;
import org.bouncycastle.jce.X509V3CertificateGenerator;
import org.bouncycastle.util.encoders.*;
import org.bouncycastle.jce.provider.*;
import org.bouncycastle.jce.*;
import org.bouncycastle.asn1.pkcs.*;
import xjava.security.Cipher;
import xjava.security.interfaces.CryptixRSAPublicKey;
import xjava.security.interfaces.CryptixRSAPrivateKey;
import xjava.security.interfaces.RSAFactors;
import jxta.security.hash.*;
import jxta.security.crypto.*;
// import jxta.security.cipher.Cipher; // removed, not needed, causes a build error
import jxta.security.cipher.Key;
import jxta.security.util.URLBase64;
import jxta.security.impl.crypto.*;
import jxta.security.impl.cipher.KeyBuilder;
import jxta.security.impl.cipher.RC4Cipher;
import jxta.security.impl.cipher.SecretKey;
import jxta.security.impl.random.JRandom;
import jxta.security.exceptions.CryptoException;
// import jxta.security.util.Util; // removed, not needed, causes a build error
import jxta.security.util.URLBase64;
import jxta.security.crypto.*;
import jxta.security.impl.crypto.*;
import jxta.security.impl.random.JRandom;
import jxta.security.exceptions.CryptoException;
import org.apache.log4j.Category; import org.apache.log4j.Priority;
import java.security.*;
import java.security.cert.*;
import java.security.interfaces.RSAPrivateCrtKey;
import java.io.*;
import java.util.*;
import java.math.*;
public class PeerCerts {
private static final Category LOG = Category.getInstance(PeerCerts.class.getName());
static final String testPw = "password";
// Issuer information for signing service certificate
private static class IssuerInfo {
PrivateKey rootKey; // issuer private key
Hashtable issuer; // issuer
PrivateKey subjectPkey; // subject private key
byte[] passwd; // passwd for encrypting the above
}
// genreate root cert
public static IssuerInfo genPeerRootCert(String peerName, String password)
throws IOException {
String rootFile = JTlsUtil.getPCERootPath() + JTlsDefs.CLIENTROOT;
// generate and save cert
SSLDebug.debug(SSLDebug.DEBUG_JXTA, "Generating root cert ...");
IssuerInfo info = genCert(rootFile, peerName + "-CA", null);
// generate our passphrase (used for both root and client certs)
info.passwd = genPassPhrase(password);
// Append private key to generated cert
appendPrivateKey(info, rootFile);
// return the root's private key to sign the service certificate
return info;
}
// save service cert with its private key
public static void genPeerServiceCert(String peerName,
IssuerInfo info,
String password)
throws IOException {
String keyFile = JTlsUtil.getPCEClientPath() + JTlsDefs.CLIENTSERVICE;
// genreate ans save cert, return the private key. Actually it is
// a RSAPrivateCrtKey.
SSLDebug.debug(SSLDebug.DEBUG_JXTA, "\nGenerating client cert ...");
IssuerInfo myinfo = genCert(keyFile, peerName, info);
// set passwd for encryption
myinfo.passwd = info.passwd;
// Append the private key
appendPrivateKey(myinfo, keyFile);
}
// Append RSAPrivateCrtKey to the certificate
private static void appendPrivateKey(IssuerInfo info, String keyFile)
throws IOException {
RSAPrivateCrtKey priKey = (RSAPrivateCrtKey)info.subjectPkey;
// append the private key at the end of the keyFile
FileWriter fw = new FileWriter(keyFile, true);
BufferedWriter bw = new BufferedWriter(fw);
EAYEncryptedPrivateKey.writePrivateKey(priKey, info.passwd, bw);
bw.flush();
fw.close();
}
private static final int NUM_BYTES = 128;
public static SecureRandom seedSRN()
throws jxta.security.exceptions.CryptoException {
byte[] seed = new byte[NUM_BYTES];
JRandom jran = new JRandom();
jran.nextBytes(seed);
return new SecureRandom(seed);
}
// generate passwd and encrypt and save
// return the passphrase
// save the encrypted passphrase in peer.phrase
private static byte[] genPassPhrase(String password)
throws IOException {
String PCEpath = JTlsUtil.getPCEClientPath();
String phraseFile = PCEpath + JTlsDefs.PASSPHRASE;
byte[] buf = new byte[NUM_BYTES];
// generate NUM_BYTES long random bytes
// may use jxta's JRandom rng = new JRandom();
SecureRandom rng = null;
try {
rng = seedSRN();
} catch (jxta.security.exceptions.CryptoException cex) {
// should never happen
//if (LOG.isEnabledFor(Priority.DEBUG)) LOG.debug("Could not seed SRN: ", cex);
return null;
}
rng.nextBytes(buf);
byte[] phrase = new byte[buf.length];
System.arraycopy(buf, 0, phrase, 0, buf.length);
// hash the random bytes using SHA1, and base64 encode
// to make a text string.
byte[] str64 = null;
try {
byte profile = (byte)(JxtaCrypto.MEMBER_SHA1);
JxtaCrypto suite = new JxtaCryptoSuite(profile, null, (byte)0, (byte)0);
Hash sha1 = suite.getJxtaHash(Hash.ALG_SHA1);
byte[] digest = new byte[sha1.getDigestLength()];
// Where Tn = digest, T(n+1) = H(Tn);
int len = NUM_BYTES;
for (int i=0; i<NUM_BYTES-1; ++i){
sha1.doFinal(buf, 0, len, digest, 0);
System.arraycopy(digest, 0, buf, 0, digest.length);
len = digest.length;
}
// save digest as base64 encoded block to a file in local
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -