peercerts.java

jxme的一些相关程序,主要是手机上程序开发以及手机和计算机通信的一些程序资料,程序编译需要Ant支持

	  //    Because puretls insists on a string, we turn our random
	  //    byte array into a base64 string. It gets base64'd again
	  //    in writeObject(digest,..);
	  str64 = URLBase64.encode(digest);// OUR PASSPHRASE

	  // write it encrypted
	  writePassphrase(phraseFile, new String(str64), password);

	} catch (jxta.security.exceptions.CryptoException cex) {
	    //if (LOG.isEnabledFor(Priority.DEBUG)) LOG.debug("Suite Failure: " + cex.toString());
	    throw new IOException("Could not generate passphrase");
	}

	return (str64);
    }

    public static void writePassphrase(String phraseFile, String str64, String passwd)
      throws jxta.security.exceptions.CryptoException, IOException {

	// System.out.println("writePassphrase = " + str64);

	byte[] by64 = str64.getBytes();

	// Save passphrase file and
	// RC4 encrypt all of the data in the file
	//   Create a tempfile

    //PDA requirement 18.02.2002
    //method File.createTempFile did not exist in jdk 1.1.8
    // File tmp = File.createTempFile("yyj", null);
    String filePath  = System.getProperty( "java.io.tmpdir");
    File tmp = new File (filePath, "yyj.tmp");
    //PDA requirement 18.02.2002

	// Write pass phrase to temp file
	FileWriter fw = new FileWriter(tmp);
	BufferedWriter bw = new BufferedWriter(fw);
	WrappedObject.writeHeader("PASSPHRASE",bw);
	WrappedObject.writeObject(by64,"PASSPHRASE",bw);
	fw.close();

	// Now read back the data
	int size = (int)tmp.length();
	FileInputStream fr = new FileInputStream(tmp);
	byte[] ibuf = new byte[size];
	int n = fr.read(ibuf, 0, size);
	fr.close();

	// remove temp file
	tmp.delete();

	// encrypt the data with RC4 stream byte cipher.
	//   Same number of bytes as the plaintext, size..
	byte[] obuf = JTlsUtil.tlsCipher(ibuf, passwd,
					 jxta.security.cipher.Cipher.MODE_ENCRYPT);

	// Write ciphertext to the phrase file
	FileOutputStream fout = new FileOutputStream(phraseFile);
	fout.write(obuf, 0, size);
	fout.close();
    }

    public static IssuerInfo genCert(String fileName,
				     String peerName,
				     IssuerInfo issuer)
      throws IOException {
	try {
	    // need to use jxta's random number generation, or give a seed

	    SecureRandom rng = seedSRN();

	    Security.addProvider(new BouncyCastleProvider());

	    KeyPairGenerator g = KeyPairGenerator.getInstance("RSA", "BC");
	    g.initialize(1024, rng);

	    KeyPair p = g.generateKeyPair();
	    PrivateKey privKey = p.getPrivate();
	    PublicKey pubKey = p.getPublic();

	    // set name attribute
	    Hashtable attrs = new Hashtable();
	    attrs.put(X509Principal.C, "US");
	    attrs.put(X509Principal.O, "www.jxta.org");
	    attrs.put(X509Principal.L, "SF");
	    // set OU 20 random digits
	    byte[] ou = new byte[10];
	    rng.nextBytes(ou);
	    String ouStr = jxta.security.util.Util.hexEncode(ou);
	    attrs.put(X509Principal.OU, ouStr);
	    attrs.put(X509Principal.CN, peerName);

	    // set validity 10 years
	    Date today = new Date();
	    Calendar cal = Calendar.getInstance();
	    cal.setTime(today);
	    cal.add(Calendar.YEAR, 10);
	    Date after = cal.getTime();

	    // set up issuer
	    Hashtable issuerAttrs = null;
	    PrivateKey signer = null;
	    String strx = null;

 	    if (issuer == null) { // self-signed root cert
	      issuerAttrs = attrs;
	      signer = privKey;
	      strx =  "\nRoot Cert:";
	    } else {		  // issuer signed service sert
	      issuerAttrs = issuer.issuer;
	      signer = issuer.rootKey;
	      strx = "\nClient Cert:";
	    }

	    // generate cert
	    X509V3CertificateGenerator certGen =
		new X509V3CertificateGenerator();
	    certGen.setSerialNumber(BigInteger.valueOf(1));
	    certGen.setIssuerDN(new X509Principal(issuerAttrs));
	    certGen.setNotBefore(today);
	    certGen.setNotAfter(after);
	    certGen.setSubjectDN(new X509Principal(attrs));

	    // Do public key
	    certGen.setPublicKey(pubKey);

	    //certGen.setSignatureAlgorithm("SHA1withDSA");
	    certGen.setSignatureAlgorithm("SHA1withRSA");
	    X509Certificate cert = certGen.generateX509Certificate(signer);

	    // what's inside cert.toString()
	    FileWriter fw = new FileWriter(fileName);
	    BufferedWriter bw = new BufferedWriter(fw);
	    bw.write(cert.toString());
	    bw.flush();


	    // print into file: Get encoded certificate
	    byte[] buf = cert.getEncoded();

	    WrappedObject.writeHeader("CERTIFICATE",bw);
	    WrappedObject.writeObject(buf,"CERTIFICATE",bw);
	    fw.close();

	    // dump the certificate?
	    if (SSLDebug.getDebug(SSLDebug.DEBUG_JXTA)) {
	      COM.claymoresystems.util.Util.xdump(strx , buf);
	    }

	    // return issuer info for generating service cert
	    IssuerInfo info = new IssuerInfo();

	    // for signing service cert
	    info.issuer = issuerAttrs;
	    info.rootKey = signer;

	    // For saving service cert private key
	    info.subjectPkey = privKey;

	    return info;

	} catch (NoSuchAlgorithmException e) {
	    //if (LOG.isEnabledFor(Priority.DEBUG)) LOG.debug("genCert:", e);
	  System.out.println("genCert: " + e.getMessage());

	} catch (SignatureException e) {
	    //if (LOG.isEnabledFor(Priority.DEBUG)) LOG.debug("genCert:", e);
	  System.out.println("genCert: " + e.getMessage());

	} catch (CertificateEncodingException e) {
	    //if (LOG.isEnabledFor(Priority.DEBUG)) LOG.debug("genCert:", e);
	  System.out.println("genCert: " + e.getMessage());

	} catch (InvalidKeyException e) {
	    //if (LOG.isEnabledFor(Priority.DEBUG)) LOG.debug("genCert:", e);
	  System.out.println("genCert: " + e.getMessage());

	} catch (NoSuchProviderException e) {
	    //if (LOG.isEnabledFor(Priority.DEBUG)) LOG.debug("genCert:", e);
	  System.out.println("genCert: " + e.getMessage());

	} catch (java.security.cert.CertificateException e) {
	    // if (LOG.isEnabledFor(Priority.DEBUG)) LOG.debug("genCert:", e);
	  System.out.println("genCert: " + e.getMessage());

	} catch (jxta.security.exceptions.CryptoException e) {
	    //if (LOG.isEnabledFor(Priority.DEBUG)) LOG.debug("genCert: " + cex.toString());
	  System.out.println("genCert: " + e.getMessage());

	}
	throw new IOException("Could not generate certificate");
    }

    // We do not use Diffey Hellman. Puretls requires the parameters.
    static final String[] dh = {
      "-----BEGIN DH PARAMETERS-----\n",
      "MIGHAoGBANmAnfkETuKHOCWaE+W+F3kM/e7z5A8hZb7OqwGMQrUOaBEAr4BWeZBn\n",
      "G/87hhwZgNP69/KUchm714qd/PpOspCaUJ20x6PcmKujpAgca/f19HGMBjRawQMk\n",
      "R9oaBwazuQT0l0rTTKmvpMEcrQQIcVWii3CZI56I56oqF8biGPD7AgEC\n",
      "-----END DH PARAMETERS-----\n"
    };

    public static void genDhfile()
      throws IOException {
	String PCEPath = JTlsUtil.getPCEPath(); // base path
	String dhfile = PCEPath + JTlsDefs.DHFILE;

	FileWriter fw = new FileWriter(dhfile);
	BufferedWriter bw = new BufferedWriter(fw);

	for (int i = 0; i < dh.length; i++) {
	  bw.write(dh[i]);
	}
	bw.flush();
	fw.close();
    }

    // We are called by TlsConfig if and only if we must create new
    // certificates. The directory paths are created by TlsConfig.
    public static void generateCerts(String peerName, String password, boolean wantDH)
        throws Exception {
	  // Root certificate

	  IssuerInfo info = genPeerRootCert(peerName, password);

	  // service certificate
	  genPeerServiceCert(peerName, info, password);

	  // Diffy Hellman parameters
	  if (wantDH) genDhfile();
    }
}