📄 pseutils.java
字号:
/* * * $Id: PSEUtils.java,v 1.16 2006/09/27 17:20:37 bondolo Exp $ * * Copyright (c) 2001 Sun Microsystems, Inc. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The end-user documentation included with the redistribution, * if any, must include the following acknowledgment: * "This product includes software developed by the * Sun Microsystems, Inc. for Project JXTA." * Alternately, this acknowledgment may appear in the software itself, * if and wherever such third-party acknowledgments normally appear. * * 4. The names "Sun", "Sun Microsystems, Inc.", "JXTA" and "Project JXTA" * must not be used to endorse or promote products derived from this * software without prior written permission. For written * permission, please contact Project JXTA at http://www.jxta.org. * * 5. Products derived from this software may not be called "JXTA", * nor may "JXTA" appear in their name, without prior written * permission of Sun. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL SUN MICROSYSTEMS OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * ==================================================================== * * This software consists of voluntary contributions made by many * individuals on behalf of Project JXTA. For more * information on Project JXTA, please see * <http://www.jxta.org/>. * * This license is based on the BSD license adopted by the Apache Foundation. */package net.jxta.impl.membership.pse;import java.io.BufferedReader;import java.io.BufferedWriter;import java.io.ByteArrayOutputStream;import java.io.IOException;import java.io.InputStream;import java.io.Reader;import java.io.StringReader;import java.io.StringWriter;import java.math.BigInteger;import java.security.AlgorithmParameters;import java.security.InvalidKeyException;import java.security.KeyFactory;import java.security.KeyPair;import java.security.KeyPairGenerator;import java.security.MessageDigest;import java.security.NoSuchAlgorithmException;import java.security.PrivateKey;import java.security.Provider;import java.security.SecureRandom;import java.security.Security;import java.security.Signature;import java.security.SignatureException;import java.security.cert.Certificate;import java.security.cert.X509Certificate;import java.security.spec.InvalidKeySpecException;import java.security.spec.KeySpec;import java.util.ArrayList;import java.util.Arrays;import java.util.Calendar;import java.util.Date;import java.util.Hashtable;import java.util.Iterator;import java.util.List;import javax.crypto.Cipher;import javax.crypto.EncryptedPrivateKeyInfo;import javax.crypto.SecretKey;import javax.crypto.SecretKeyFactory;import javax.crypto.spec.PBEKeySpec;import javax.crypto.spec.PBEParameterSpec;import javax.security.auth.x500.X500Principal;import net.jxta.impl.util.BASE64InputStream;import net.jxta.impl.util.BASE64OutputStream;import org.apache.log4j.Level;import org.apache.log4j.Logger;import org.bouncycastle.asn1.x509.X509NameTokenizer;import org.bouncycastle.jce.X509Principal;import org.bouncycastle.jce.X509V3CertificateGenerator;import org.bouncycastle.jce.provider.BouncyCastleProvider;/** * Singleton class of static utility methods. */public final class PSEUtils { /** * Log4J Logger */ private static final transient Logger LOG = Logger.getLogger(PSEUtils.class.getName()); /** * Singleton instance. */ private static final PSEUtils UTILS = new PSEUtils(); /** * A SecureRandom for generating keys. */ final transient SecureRandom srng = new SecureRandom(); /** * Singleton utility class */ private PSEUtils() { try { ClassLoader sysloader = ClassLoader.getSystemClassLoader(); Class loaded = sysloader.loadClass(BouncyCastleProvider.class.getName()); Provider provider = (Provider) loaded.newInstance(); Security.addProvider(provider); if (LOG.isEnabledFor(Level.INFO)) { LOG.info("Loaded Security Providers into system class loader"); } } catch (Exception disallowed) { if (LOG.isEnabledFor(Level.ERROR)) { LOG.error("Can't load Security Providers into System Class Loader, using local class loader (this may not work)", disallowed); } // Add the providers we use. Security.addProvider(new BouncyCastleProvider()); if (LOG.isEnabledFor(Level.INFO)) { LOG.info("Loaded Security Providers into local class loader"); } } // Provider [] providers = Security.getProviders(); // Iterator eachProvider = Arrays.asList(providers).iterator(); // // while (eachProvider.hasNext()) { // Provider aProvider = (Provider) eachProvider.next(); // // System.out.println("\n\n" + aProvider.getName() + " - " + aProvider.getVersion() + " - " + aProvider.getInfo()); // // Iterator allMappings = aProvider.entrySet().iterator(); // // while (allMappings.hasNext()) { // Map.Entry aMapping = (Map.Entry) allMappings.next(); // // Object key = aMapping.getKey(); // System.out.println(key + " (" + key.getClass().getName() + ") --> " + aMapping.getValue() + " (" + key.getClass().getName() + ")"); // } // } } /** * Issuer Information */ public static class IssuerInfo { public X509Certificate cert; // subject Cert public PrivateKey subjectPkey; // subject private key public X509Certificate issuer; // issuer Cert public PrivateKey issuerPkey; // issuer private key } /** * Generate a Cert * * @param cn subject cn for the certificate * @param issuerinfo the cert issuer or null if self-signed root cert. * @return the details of the generated cert. * @throws SecurityException if the cert could not be generated. */ public static IssuerInfo genCert(String cn, IssuerInfo issuerinfo) throws SecurityException { try { String useCN; if(null == issuerinfo) { if (LOG.isEnabledFor(Level.DEBUG)) { LOG.debug("Generating Self Signed Cert ..."); } if(!cn.endsWith("-CA")) { useCN = cn + "-CA"; } else { useCN = cn; } } else { if (LOG.isEnabledFor(Level.DEBUG)) { LOG.debug("Generating Client Cert ..."); } useCN = cn; } // set name attribute Hashtable attrs = new Hashtable(); attrs.put(X509Principal.CN, useCN); attrs.put(X509Principal.O, "www.jxta.org"); // XXX bondolo 20040405 wouldn't SN or UID be a better choice? // set ou to 20 random digits byte[] ou = new byte[10]; UTILS.srng.nextBytes(ou); String ouStr = toHexDigits(ou); attrs.put(X509Principal.OU, ouStr); X509Principal subject = new X509Principal(attrs); X500Principal samesubject = new X500Principal(subject.getEncoded()); KeyPairGenerator g = KeyPairGenerator.getInstance("RSA"); g.initialize(1024, UTILS.srng); KeyPair keypair = g.generateKeyPair(); return genCert(samesubject, keypair, issuerinfo); } catch (NoSuchAlgorithmException e) { if (LOG.isEnabledFor(Level.ERROR)) { LOG.debug("Could not generate certificate", e); } SecurityException failure = new SecurityException("Could not generate certificate"); failure.initCause(e); throw failure; } } /** * Generate a Cert given a keypair * * @param subject subjectDN for the certificate * @param keypair the keypair to use. * @param issuerinfo the cert issuer or null if self-signed root cert. * @return the details of the generated cert. * @throws SecurityException if the cert could not be generated. */ public static IssuerInfo genCert(X500Principal subject, KeyPair keypair, IssuerInfo issuerinfo) throws SecurityException { try { // set up issuer PrivateKey signer; X509Principal issuer; if(null == issuerinfo) { // self-signed root cert signer = keypair.getPrivate(); issuer = new X509Principal(subject.getEncoded()); } else { // issuer signed service sert signer = issuerinfo.subjectPkey; X500Principal issuer_subject = issuerinfo.cert.getSubjectX500Principal(); issuer = new X509Principal(issuer_subject.getEncoded()); } // set validity 10 years from today Date today = new Date(); Calendar cal = Calendar.getInstance(); cal.setTime(today); cal.add(Calendar.YEAR, 10); Date until = cal.getTime(); // generate cert X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.setIssuerDN(issuer); certGen.setSubjectDN(new X509Principal(subject.getEncoded())); certGen.setNotBefore(today); certGen.setNotAfter(until); certGen.setPublicKey(keypair.getPublic()); //certGen.setSignatureAlgorithm("SHA1withDSA"); certGen.setSignatureAlgorithm("SHA1WITHRSA"); // FIXME bondolo 20040317 needs fixing. certGen.setSerialNumber(BigInteger.valueOf(1)); // return issuer info for generating service cert IssuerInfo info = new IssuerInfo(); // the cert info.cert = certGen.generateX509Certificate(signer, UTILS.srng); // For saving service cert private key info.subjectPkey = keypair.getPrivate(); // for signing service cert info.issuer = (null == issuerinfo) ? info.cert : issuerinfo.cert; // for signing service cert info.issuerPkey = signer; // dump the certificate? if (LOG.isEnabledFor(Level.DEBUG)) { if(null == issuer) { LOG.debug("Root Cert : \n" + info.cert.toString()); } else { LOG.debug("Client Cert : \n" + info.cert.toString()); } } return info; } catch (SignatureException e) { if (LOG.isEnabledFor(Level.ERROR)) { LOG.debug("Could not generate certificate", e); } SecurityException failure = new SecurityException("Could not generate certificate"); failure.initCause(e); throw failure; } catch (InvalidKeyException e) { if (LOG.isEnabledFor(Level.ERROR)) { LOG.debug("Could not generate certificate", e); } SecurityException failure = new SecurityException("Could not generate certificate"); failure.initCause(e); throw failure; } catch (IOException e) { if (LOG.isEnabledFor(Level.ERROR)) { LOG.debug("Could not generate certificate", e); } SecurityException failure = new SecurityException("Could not generate certificate"); failure.initCause(e); throw failure; } } /** * return the CN token from the provided cert's subjectDN * * @param cert the certificate to examine * @return the CN name or null if none could be found. */ public static String getCertSubjectCName(X509Certificate cert) { // get the subject dname X500Principal subject = cert.getSubjectX500Principal(); X509NameTokenizer tokens = new X509NameTokenizer(subject.getName()); // iterate over the attributes of the dname while(tokens.hasMoreTokens()) { String aToken = tokens.nextToken(); if(aToken.length() < 3) { continue; } String attribute = aToken.substring(0, 3); if("CN=".equalsIgnoreCase(attribute)) { return aToken.substring(3); } } return null; } /** * return the CN token from the provided cert's issuerDN * * @param cert the certificate to examine * @return the CN name or null if none could be found. */ public static String getCertIssuerCName(X509Certificate cert) { // get the subject dname X500Principal issuer = cert.getIssuerX500Principal(); X509NameTokenizer tokens = new X509NameTokenizer(issuer.getName()); // iterate over the attributes of the dname while(tokens.hasMoreTokens()) { String aToken = tokens.nextToken(); if(aToken.length() < 3) { continue; } String attribute = aToken.substring(0, 3); if("CN=".equalsIgnoreCase(attribute)) { return aToken.substring(3); } } return null; } /** * Compute the signature of a stream. * * @param key the private key used to sign the stream * @param stream the stream to sign. * @return byte[] the signature */ public static byte[] computeSignature(String algorithm, PrivateKey key, InputStream stream) throws InvalidKeyException, SignatureException, IOException { Signature sign; try { sign = Signature.getInstance(algorithm); } catch(NoSuchAlgorithmException badsigner) { throw new IOException("Could not initialize signer with algorithm " + algorithm);⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -