main.java

jxta_src_2.41b jxta 2.41b 最新版源码 from www.jxta.org

/*
 *  The Sun Project JXTA(TM) Software License
 *  
 *  Copyright (c) 2001-2005 Sun Microsystems, Inc. All rights reserved.
 *  
 *  Redistribution and use in source and binary forms, with or without 
 *  modification, are permitted provided that the following conditions are met:
 *  
 *  1. Redistributions of source code must retain the above copyright notice,
 *     this list of conditions and the following disclaimer.
 *  
 *  2. Redistributions in binary form must reproduce the above copyright notice, 
 *     this list of conditions and the following disclaimer in the documentation 
 *     and/or other materials provided with the distribution.
 *  
 *  3. The end-user documentation included with the redistribution, if any, must 
 *     include the following acknowledgment: "This product includes software 
 *     developed by Sun Microsystems, Inc. for JXTA(TM) technology." 
 *     Alternately, this acknowledgment may appear in the software itself, if 
 *     and wherever such third-party acknowledgments normally appear.
 *  
 *  4. The names "Sun", "Sun Microsystems, Inc.", "JXTA" and "Project JXTA" must 
 *     not be used to endorse or promote products derived from this software 
 *     without prior written permission. For written permission, please contact 
 *     Project JXTA at http://www.jxta.org.
 *  
 *  5. Products derived from this software may not be called "JXTA", nor may 
 *     "JXTA" appear in their name, without prior written permission of Sun.
 *  
 *  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
 *  INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND 
 *  FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL SUN 
 *  MICROSYSTEMS OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 
 *  INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 
 *  LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, 
 *  OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 
 *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 
 *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, 
 *  EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *  
 *  JXTA is a registered trademark of Sun Microsystems, Inc. in the United 
 *  States and other countries.
 *  
 *  Please see the license information page at :
 *  <http://www.jxta.org/project/www/license.html> for instructions on use of 
 *  the license in source files.
 *  
 *  ====================================================================

 *  This software consists of voluntary contributions made by many individuals 
 *  on behalf of Project JXTA. For more information on Project JXTA, please see 
 *  http://www.jxta.org.
 *  
 *  This license is based on the BSD license adopted by the Apache Foundation. 
 *  
 *  $Id: Main.java,v 1.1 2006/05/24 23:45:00 hamada Exp $
 */

package psesample;

import java.io.ByteArrayInputStream;
import java.io.FileReader;
import java.io.StringReader;
import java.net.URI;
import java.security.cert.X509Certificate;
import java.util.Map;
import javax.crypto.EncryptedPrivateKeyInfo;
import javax.swing.JOptionPane;
import javax.swing.JFileChooser;
import java.security.cert.CertificateFactory;

import java.io.IOException;
import java.security.cert.CertificateException;

import net.jxta.document.AdvertisementFactory;
import net.jxta.document.Element;
import net.jxta.document.MimeMediaType;
import net.jxta.document.StructuredDocumentFactory;
import net.jxta.document.XMLDocument;
import net.jxta.discovery.DiscoveryService;
import net.jxta.id.ID;
import net.jxta.peergroup.PeerGroup;
import net.jxta.peergroup.PeerGroupID;
import net.jxta.peergroup.PeerGroupFactory;
import net.jxta.platform.ModuleSpecID;
import net.jxta.protocol.ModuleImplAdvertisement;
import net.jxta.protocol.PeerGroupAdvertisement;

import net.jxta.impl.peergroup.StdPeerGroupParamAdv;
import net.jxta.impl.membership.pse.PSEMembershipService;
import net.jxta.impl.membership.pse.PSEUtils;
import net.jxta.impl.protocol.PSEConfigAdv;

/**
 *  A sample program which demonstrates usage of the JXTA PSE Membership Service.
 *
 *  <p/>This sample is focused upon secure management of certificate chains,
 *  certificate signing and identity management. It implements a peergroup which
 *  provides four types of users:
 *  <ul>
 *      <li>Owner</li>
 *      <li>Administrator</li>
 *      <li>Member</li>
 *      <li>Invitee</li>
 *      <li>Interloper (not valid)</li>
 *  </ul>
 *
 *  <p/>Each of these user types has certain abilities within the peergroup.
 *
 *  <dl>
 *  <dt>Owner</dt>
 *  <dd>Peer Group Owners have all rights within the group and are the owner
 *  of the private key for the group's root certificate. Peers may become the
 *  Peer Group Owner by knowing the password used to encrypt the peer group's
 *  private key. The Peer Group Owner may designate peers as Administrators by 
 *  signing their certificate with the peer group private key.</dd>
 *
 *  <dt>Administrator<dt>
 *  <dd>Peer Group Administrators are peers designated by the Peer Group
 *  Owners to have rights beyond that of regular Member peers. Administrator
 *  peers may generate peer group invitations and may validate Member peers.
 *  Administrator peers have their certifcate signed with the peer group owner
 *  private key. Administrators can sign the certificate of Peer Group Invitees
 *  to allow them to become Peer Group Members. Administrators can generate
 *  Peer Group invitations which can be used by peers to join the peer group.
 *  A Peer Group invitation contains a certificate signed with the 
 *  Administrator's private key and the matching private. The private key is
 *  encryped with a password. To use the invitation a peer must know the
 *  password for the invitations private key.</dd>
 *
 *  <dt>Member</dt>
 *  <dd>Peer Group Members are the standard user class for this sample. Peer
 *  Group Members have a certificate that is signed with the private key of a
 *  Peer Group Administrator (which in turn is signed with the private key of a 
 *  Peer Group Owner). Peer Group Members can request their certificate to be
 *  signed by a Peer Group Owner in order to become a Peer Group Administrator.
 *  <dd>
 *
 *  <dt>Invitee</dt>
 *  <dd>Peer Group Invitees are peers who's certificate is signed by an 
 *  invitation certificate. Invitees sign their own certificate with the private
 *  key from the Peer Group invitation they used when first joining the peer 
 *  group. Peer Group Invitees can request that their certificate be signed by
 *  a Peer Group Adminstrator in order to become a Peer Group Member.</dd>
 *  
 *  <dt>Interloper</dt>
 *  <dd>Peer Group Interlopers are unauthorized peers who do not have a 
 *  correctly signed certificate. Interloper peers may attempt to interact with
 *  other peers within the peer group, but all of their requests will be 
 *  ignored without the correct certificates. While potentially annoying Peer 
 *  Group Interloper peers are easily detected and can do no harm within the 
 *  peer group.</dd>
 *  </dl>
 *
 *  @see net.jxta.membership.MembershipService
 *  @see net.jxta.impl.membership.pse.PSEMembershipService
 */
public class Main {
    
    /**
     * If true then the net peer group will be started which causes the
     * JXTA Shell to be started. This is useful for debugging.
     **/
    private final static boolean START_NETGROUP = true;
    
    /**
     *  The PeerGroup ID used by this example. We use a constant ID so that
     *  every peer running this test program runs within in the same group.
     *  A real application would need to support more than one peergroup and
     *  should use discovery to locate appropriage peer groups.
     *
     *  <p/>This ID was created by making a new group adv in the JXTA shell
     *  with <tt>newpgrp</tt> and then copying the ID from the advertisement.
     **/
    private final static PeerGroupID PSE_SAMPLE_PGID = (PeerGroupID) ID.create( URI.create( "urn:jxta:uuid-6E0C1C2781794A2F983EA4D2ACB758E602"));
    
    /**
     *  The ModuleSpec ID used for this example's peer group. We use a
     *  constant ID so that every peer which creates peer groups uses the
     *  same Module Spec ID.
     *
     *  <p/>This ID was created by making a new group adv in the JXTA shell
     *  with <tt>newpgrp</tt> and then copying the ID from the advertisement.
     **/
    private final static ModuleSpecID PSE_SAMPLE_MSID = (ModuleSpecID) ID.create( URI.create( "urn:jxta:uuid-DEADBEEFDEAFBABAFEEDBABE0000000133BF5414AC624CC8AD3AF6AEC2C8264306"));
    
    /**
     *  This Certificate is the root certificate for the sample PSE peer group. All important
     *  certificate chains in the group have this certificate as their root. Since
     *  every peer in the group is supposed to know this cert sometimes it's
     *  omitted from chains if the last certificate in the chain is signed by
     *  this certificate.
     *
     *  <p/>The certificate (and the private key) were created using the JXTA
     *  Shell with the following command:
     *
     *  <pre>
     *   JXTA><b>pse.createkey PSE_Sample_Root  urn:jxta:uuid-6E0C1C2781794A2F983EA4D2ACB758E602 topsecret</b>
     *   JXTA><b>psecred = login</b>
     *   peer - Enter the identity you want to use for group 'NetPeerGroup' :
     *   KeyStorePassword : <b>password</b>
     *   Identity : <b>urn:jxta:uuid-6E0C1C2781794A2F983EA4D2ACB758E602</b>
     *   IdentityPassword : <b>topsecret</b>
     *   JXTA><b>pse.dumpcred -a psecred</b>
     *  </pre>
     *
     *  <p/>Certificate presented here has been BASE64ed for easier inclusion.
     *
     *  <p/>When stored in the PSE keystore this certificate will be stored
     *  using the Peer Group ID as it's ID.
     **/
    private final static String PSE_SAMPLE_GROUP_ROOT_CERT_BASE64 =
            "MIICGTCCAYKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBTMRUwEwYDVQQKEwx3d3cuanh0YS5vcmcx" +
            "GzAZBgNVBAMTElBTRV9TYW1wbGVfUm9vdC1DQTEdMBsGA1UECxMURERFMkNGQ0MyMjVBNDM0OUQx" +
            "QTAwHhcNMDUwNjE5MDIyODM4WhcNMTUwNjE5MDIyODM4WjBTMRUwEwYDVQQKEwx3d3cuanh0YS5v" +
            "cmcxGzAZBgNVBAMTElBTRV9TYW1wbGVfUm9vdC1DQTEdMBsGA1UECxMURERFMkNGQ0MyMjVBNDM0" +
            "OUQxQTAwgZ4wDQYJKoZIhvcNAQEBBQADgYwAMIGIAoGAdVgeJotJWEEfh/NtusfI8cAIMAq7WxXA" +
            "ZsPIOYnybHPXFNmCTozs/KW0dx01zI6kfHwO1qYXmR/djJAFhr3VhFdUp8y1wDCf6DT63vFOi47t" +
            "6TC1yywjZe59VIAxhDt0B8XJnkEbsEl+uO95ec6/U6dYI1vrtWU4ORdSYz615XMCAwEAATANBgkq" +
            "hkiG9w0BAQUFAAOBgQBRJXLRyIGHvw3GJC3lYwQUDwRSm6vaPKPlCA5Axfwy+jPuStldhuPYOvxz" +
            "a3NxQ/iBlzTGwoVzgxzArM6oLRvtAAvvkQl8z6Lu+NF2ugMs6XfuzRKqrBvSjNaSYM83E51niga2" +
            "3UGc4Brbn3RCTPRADykVhWxgiCADNGVBIBUAMw==";
    
    /**
     *  Private key for the root certificate of the sample PSE peer group. <b>In
     *  most applications the private key would not be included as part of the 
     *  source code</b> For this sample to be entirely standalone it must be 
     *  included.</b>
     *
     *  <p/>The certificate (and the private key) were created using the JXTA
     *  Shell with the following commands:
     *
     *  <pre>
     *   <i>... commands shown in comment of "PSE_SAMPLE_GROUP_ROOT_CERT" ...</i>
     *   JXTA><b>pse.dumpcred -a -p -x topsecret psecred</b>
     *  </pre>
     *
     *  <p/>The private key has been protected using PKCS#8 password based
     *  encryption. The password for the encrypted private key is the string
     *  "<tt>topsecret</tt>".
     *
     *  <p/>As you use this sample you will see that only one peer is required
     *  to know the root key.
     *
     *  <p/>The key presented here has been encrypted using PKCS#5 PBKD, wrapped
     *  as a PKCS#8 encrpyted key and then finally BASE64ed for easier inclusion.
     *
     *  <p/>When stored in the PSE keystore this key will be stored using the 
     *  Peer Group ID as it's ID.
     **/
    private final static String PSE_SAMPLE_GROUP_ROOT_ENCRYPTED_KEY_BASE64 =
            "MIICoTAbBgkqhkiG9w0BBQMwDgQIPPpnqsvvaS0CAicQBIICgJAYTLxQfaUMFL08DnrO/tAZioTu" +
            "TlUnt32h3n9nE/L0UM8u7Q9elq2YwBNN72LD6ODzZKPmS/PnUl0NnE1AOnLVuMUgl1OBXgmUtC4P" +
            "jfgA+En7S0YEmgZN42ceqMpcKGDiBNdr0ebGD9SVy4/XkTLrNcEcHqrhyC6JkSOAo2EKL9OkS6gR" +
            "bVp59JSEiAruDvAZnz3XTjlXJYchZGcMVNfCDJVEMCgCsaKkr1Pf5JAfj1kKBJbazwlvqVrU0eI7" +
            "nPXTdTNVUaZLA7ucbUialef2/osefm5oB00DVkgIkUQSjesVM+THKu3UxIFe+3yTbUsI3zDja+DK" +
            "36l+UBmCLwFSOzJ1HAzP2qj1yvE/crEsvZMr9QrfNp7acfZQCgJZWFBG0wkdkvpTC0SBbzD6TqdW" +
            "hbGq8rca4KDkI4HeVoB3yBnMDm52NOtvh2uTKHul7Zz+3GTjXTIT7B4WcdiKmYo5hzdAidHzrWHV" +
            "eTmBnda34kM4o0uX1rQjWe3pfpp7rKG/zRDMUsqaZhK0k3t8IiNZroMnH39wz/kiRWgh+LBZOmi6" +
            "vG4LeaNDom6+o1tH4lHFXh0uCOSjOOKvX91BaptgXXLuFpny1ZMPnSkWzZA20nCJgNB1+S5RLQGg" +
            "jObczNUFtI8c/nSlbn339fN9G9/EpGaQuoMqxoSWwVnMnfmBnYlq2LehZ3UC3DgSaxRI9XN/F2Ul" +
            "ako4dwiccGcMsGHB/eKHQU/Csk9E19GGghwC2L7Tb2zIx01Ctd2yecpK3clhvN35xR5cvtnKKLtA" +
            "KSi8v6rCLDJ0cPa88QfIHRk+M5ZTDP5QN4A0uFKnsWtMI/xjA9tK4VsMEMtxqjBFem8=";
    
    /**
     *  Root certificate of the sample PSE peer group.
     **/
    final static X509Certificate PSE_SAMPLE_GROUP_ROOT_CERT;
    
    /**
     *  Private key for the root certificate of the sample PSE peer group.
     **/
    private final static EncryptedPrivateKeyInfo PSE_SAMPLE_GROUP_ROOT_ENCRYPTED_KEY;
    
    static {