ringcertificate.java

pastry的java实现的2.0b版

    if (signature == null) {
      throw new IllegalArgumentException("Attempt to verify an unsigned RingCertificate!");
    }

    try {
      return SecurityUtils.verify(SecurityUtils.serialize(getIdentifier()), signature, pub);
    } catch (SecurityException e) {
      return false;
    } catch (IOException e) {
      throw new RuntimeException(e);
    }
  }

  /**
   * Returns a string of this object
   *
   * @return a string
   */
  public String toString() {
    return "[Ring Certificate for ring '" + name + "' (" + id + ")]";
  }

  /**
   * Writes this certificate to the given file
   *
   * @param file The file to write to
   * @exception IOException DESCRIBE THE EXCEPTION
   */
  private void writeToFile(File file) throws IOException {
    ObjectOutputStream oos = null;

    try {
      oos = new XMLObjectOutputStream(new BufferedOutputStream(new GZIPOutputStream(new FileOutputStream(file))));
      oos.writeObject(this);
    } finally {
      if (oos != null) {
        oos.close();
      }
    }
  }

  /**
   * Method which returns the certificates found for the given ringId
   *
   * @param ringId The id
   * @return All certificate
   */
  public static RingCertificate getCertificate(Id ringId) {
    return (RingCertificate) CERTIFICATES.get(ringId);
  }

  /**
   * Reads a certificate from the given stream
   *
   * @param stream The file to write to
   * @return DESCRIBE THE RETURN VALUE
   * @exception IOException DESCRIBE THE EXCEPTION
   */
  private static RingCertificate readFromStream(InputStream stream) throws IOException {
    ObjectInputStream ois = null;

    try {
      ois = new XMLObjectInputStream(new BufferedInputStream(new GZIPInputStream(stream)));
      return (RingCertificate) ois.readObject();
    } catch (ClassNotFoundException e) {
      throw new IOException(e.getMessage());
    } finally {
      if (ois != null) {
        ois.close();
      }
    }
  }

  /**
   * Internal method which writes out the keypair to a file, encrypted
   *
   * @param pair The keypair
   * @param pass THe password
   * @param ring The ring name
   * @exception IOException DESCRIBE THE EXCEPTION
   */
  private static void writeKeyPair(KeyPair pair, String pass, String ring) throws IOException {
    byte[] cipher = SecurityUtils.encryptSymmetric(SecurityUtils.serialize(pair), SecurityUtils.hash(pass.getBytes()));
    ObjectOutputStream oos = new XMLObjectOutputStream(new BufferedOutputStream(new GZIPOutputStream(new FileOutputStream(ring.toLowerCase() + ".ringkeypair.enc"))));
    oos.writeObject(cipher);
    oos.close();
  }

  /**
   * Internal method which writes out the keypair to a file, encrypted
   *
   * @param pass THe password
   * @param ring The ring name
   * @return DESCRIBE THE RETURN VALUE
   * @exception IOException DESCRIBE THE EXCEPTION
   * @exception ClassNotFoundException DESCRIBE THE EXCEPTION
   */
  public static KeyPair readKeyPair(String ring, String pass) throws IOException, ClassNotFoundException {
    ObjectInputStream ois = new XMLObjectInputStream(new BufferedInputStream(new GZIPInputStream(new FileInputStream(ring.toLowerCase() + ".ringkeypair.enc"))));
    byte[] cipher = (byte[]) ois.readObject();
    ois.close();

    return (KeyPair) SecurityUtils.deserialize(SecurityUtils.decryptSymmetric(cipher, SecurityUtils.hash(pass.getBytes())));
  }

  /**
   * Main method which, as a utility, generates a RingCertificate by asking the
   * user for prompts
   *
   * @param args The command line arguments
   * @exception Exception DESCRIBE THE EXCEPTION
   */
  public static void main(String[] args) throws Exception {
    Environment env = new Environment();
    BufferedReader r = new BufferedReader(new InputStreamReader(System.in));
    BufferedWriter w = new BufferedWriter(new OutputStreamWriter(System.out));

    // first, load the CA keypair
    File f = new File("ca.keypair.enc");
    ObjectInputStream ois = new XMLObjectInputStream(new BufferedInputStream(new GZIPInputStream(new FileInputStream(f))));
    KeyPair caPair = (KeyPair) SecurityUtils.deserialize(SecurityUtils.decryptSymmetric((byte[]) ois.readObject(), SecurityUtils.hash(prompt(r, w, "Please enter the CA password: ").trim().getBytes())));
    ois.close();

    // get the ring info
    String ring = prompt(r, w, "Please enter the name of the ring (rice, berkeley): ");
//    String protocol = prompt(r, w, "Please enter the protocol of the ring (socket, wire, rmi): ");
    String[] bootstrap = prompt(r, w, "Please enter the bootstraps (host1:port1,host2:port2...): ").trim().split(",");
    int port = Integer.parseInt(prompt(r, w, "Please enter the default port for nodes: "));
    String logServer = prompt(r, w, "Please enter the log upload server (host:port): ");
    String pass = prompt(r, w, "Please enter a password for the ring keypair: ");

    // translate the protocol
    int protocolId = 0;
//    if (protocol.equalsIgnoreCase("wire")) {
//      protocolId = DistPastryNodeFactory.PROTOCOL_WIRE;
//    } else if (protocol.equalsIgnoreCase("rmi")) {
//      protocolId = DistPastryNodeFactory.PROTOCOL_RMI;
//    } else
//      if (protocol.equalsIgnoreCase("socket")) {
    protocolId = DistPastryNodeFactory.PROTOCOL_SOCKET;
//    }

    // build the id
    Id id = generateId(ring, env);

    // translate the InetSocketAddresses
    InetSocketAddress log = toInetSocketAddress(logServer);
    InetSocketAddress[] bootstraps = new InetSocketAddress[bootstrap.length];
    for (int i = 0; i < bootstraps.length; i++) {
      bootstraps[i] = toInetSocketAddress(bootstrap[i]);
    }

    // generate a keypair
    KeyPair pair = SecurityUtils.generateKeyAsymmetric();

    // now create the Ring Certificate
    RingCertificate cert = new RingCertificate(ring, id, protocolId, bootstraps, port, pair.getPublic(), log);
    cert.sign(caPair.getPrivate());
    if (!cert.verify(caPair.getPublic())) {
      throw new RuntimeException("Could not verify generated certificate!");
    }

    cert.writeToFile(new File(ring.toLowerCase() + ".ringcert"));

    // and finally write out the KeyPair
    writeKeyPair(pair, pass, ring.toLowerCase());

    // Environment's Daemon thread.
    System.exit(0);
  }

  /**
   * Internal method for prompting the user
   *
   * @param prompt The prompt
   * @param r DESCRIBE THE PARAMETER
   * @param w DESCRIBE THE PARAMETER
   * @return The result
   * @exception IOException DESCRIBE THE EXCEPTION
   */
  private static String prompt(BufferedReader r, BufferedWriter w, String prompt) throws IOException {
    w.write(prompt);
    w.flush();
    return r.readLine();
  }

  /**
   * Intenrla method for String -> InetSocketAddress
   *
   * @param s DESCRIBE THE PARAMETER
   * @return The address
   * @exception IOException DESCRIBE THE EXCEPTION
   */
  private static InetSocketAddress toInetSocketAddress(String s) throws IOException {
    String host = s.substring(0, s.indexOf(":"));
    int port = Integer.parseInt(s.substring(s.indexOf(":") + 1));

    return new InetSocketAddress(host, port);
  }

  /**
   * Internal method for convering to canocial form
   *
   * @param s DESCRIBE THE PARAMETER
   * @param env DESCRIBE THE PARAMETER
   * @return DESCRIBE THE RETURN VALUE
   */
  private static Id generateId(String s, Environment env) {
    String ring = s.substring(0, 1).toUpperCase() + s.substring(1).toLowerCase();

    PastryIdFactory pif = new PastryIdFactory(env);

    Id ringId = pif.buildId(ring);
    byte[] ringData = ringId.toByteArray();

    for (int i = 0; i < ringData.length - env.getParameters().getInt("p2p_multiring_base"); i++) {
      ringData[i] = 0;
    }

    if (s.toLowerCase().equals("global")) {
      for (int i = 0; i < ringData.length; i++) {
        ringData[i] = 0;
      }
    }

    return pif.buildId(ringData);
  }

  // load all certificates that con be found
  static {
    try {
      // first load the CA public key
      URL a = ClassLoader.getSystemResource("ca.publickey");
//      System.out.println(a.getPath());
      InputStream b = a.openStream();
      GZIPInputStream c = new GZIPInputStream(b);
      BufferedInputStream d = new BufferedInputStream(c);
      ObjectInputStream ois = new XMLObjectInputStream(d);
//      ObjectInputStream ois = new XMLObjectInputStream(new BufferedInputStream(new GZIPInputStream(ClassLoader.getSystemResource("ca.publickey").openStream())));
      PublicKey caPublic = (PublicKey) ois.readObject();
      ois.close();

      // and finally load and verify the certs
      URL a1 = ClassLoader.getSystemResource("ringcert.list");
      InputStream b1 = a1.openStream();
      InputStreamReader c1 = new InputStreamReader(b1);
      BufferedReader r = new BufferedReader(c1);
      String filename = null;

      while ((filename = r.readLine()) != null) {
//        System.out.println(filename);
        URL a2 = ClassLoader.getSystemResource(filename);
        InputStream b2 = a2.openStream();
        RingCertificate cert = readFromStream(b2);

        if (cert.verify(caPublic)) {
          if ((getCertificate(cert.getId()) == null) ||
            (getCertificate(cert.getId()).getVersion() < cert.getVersion())) {
            cert.refresh();
            CERTIFICATES.put(cert.getId(), cert);
          }
        } else {
          System.err.println("RINGCERT: Could not verify ring certificate " + cert + " ignoring.");
        }
      }
    } catch (Exception e) {
      System.err.println("RINGCERT: ERROR: Found exception " + e + " while reading in ring certificates!");
      e.printStackTrace();
    }
  }
}