📄 infrastructure.java
字号:
package SOMA.security.infrastructure;
import java.io.*;
import java.io.PrintStream;
import com.entrust.util.*;
import com.entrust.x509.directory.*;
import com.entrust.security.provider.*;
import com.entrust.toolkit.*;
import iaik.x509.*;
public class Infrastructure implements NetAddress, InfrastructureConst
{
public PrintStream out = System.out;
String SearchBase = this.CA_SearchBase;
// directory
InfrastructureAddress directoryAddress = null;
// profile
EntrustProfile profile;
// Certificate set %%synchronized
CertificateCRLList localCertificateCRLList = null;
// CRL set %%synchronized
// LocalCRL CRL = null;
public Infrastructure( InfrastructureAddress directoryAddress)
throws java.io.IOException,
iaik.pkcs.PKCSParsingException
{
this.directoryAddress = directoryAddress;
this.localCertificateCRLList = new CertificateCRLList();
if (this.directoryAddress.getOnLine())
this.directoryAddress.connectDirectory();
}
/**
* Creates an new objects that rappresents an Entrust PKI
* @param caIP the ip address or hostname of the entrust authority,
* @param dirIP the ip address or hostname of the ldap directory
*/
public Infrastructure(String caIP,String dirIP) {
this.directoryAddress = new InfrastructureAddress(caIP,dirIP);
this.directoryAddress.checkCiphers();
if (this.directoryAddress.getOnLine())
this.directoryAddress.connectDirectory();
updateCertificateCRLList();
}
/**
* Creates an new objects that rappresents an Entrust PKI
* @param caIP the ip address or hostname of the entrust authority,
* @param dirIP the ip address or hostname of the ldap directory
* @param onLine the directory is on line.
*/
public Infrastructure(String caIP,String dirIP,boolean onLine) {
this.directoryAddress = new InfrastructureAddress(caIP,dirIP,onLine);
this.directoryAddress.checkCiphers();
if (this.directoryAddress.getOnLine())
this.directoryAddress.connectDirectory();
updateCertificateCRLList();
}
/**
* Creates an new objects that rappresents an Entrust PKI
*/
public Infrastructure() {
this.directoryAddress = new InfrastructureAddress("localhost","localhost");
this.directoryAddress.checkCiphers();
if (this.directoryAddress.getOnLine())
this.directoryAddress.connectDirectory();
updateCertificateCRLList();
}
public void setEntrustProfile ( EntrustProfile profile ) {
this.profile = profile;
}
public EntrustProfile getEntrustProfile ( EntrustProfile profile ) {
return this.profile;
}
public void setOut (PrintStream out){
this.out = out;
}
public CertificateCRLList getCertificateCRLList ()
{
return localCertificateCRLList;
}
/**
* This method return onLine state
*/
public boolean getOnLine(){
return (this.directoryAddress != null &&
this.directoryAddress.getOnLine());
}
/**
* This method sets the onLine parameter
* @param onLine it's the new value
*/
public void setOnLine (boolean onLine){
this.directoryAddress.setOnLine(onLine);
}
/**
* This method put CA address object
* @param ca address
*/
public void putInfrastructureAddress(InfrastructureAddress ia) {
this.directoryAddress = ia;
}
/**
* This method return CA address
* @return ca address
*/
public InfrastructureAddress getInfrastructureAddress() {
return this.directoryAddress;
}
public String getSearchBase () {
return SearchBase;
}
public void setSearchBase ( String sb ) {
SearchBase = sb;
}
// return the directory context.
public javax.naming.directory.DirContext getDirectoryContext(){
return this.directoryAddress.DirectoryContext;
}
public void connectDirectory() {
this.directoryAddress.checkCiphers();
if (this.directoryAddress.getOnLine())
this.directoryAddress.connectDirectory();
}
/**
* Creates a new entrust profile. It shouldn't be used directly, but
* through EntrustProfileManager.
*
* @param refnum the reference number,
* @param authcode the authentication code,
* @param password the password used to protect the profile,
* @param epf the profile to be created,
* @param signalg the signature algorithm to be used,
* @param filename the file where to store the profile
* @param mode can be either RECOVER_PROFILE or CREATE_PROFILE
*/
void createOrRecoverProfile(String refnum,String authcode, String password ,int signalg,String filename,int mode)
throws java.io.FileNotFoundException,
com.entrust.security.exceptions.EntrustBaseException
{
createOrRecoverProfile( refnum, authcode, password, this.profile, signalg, filename, mode);
}
void createOrRecoverProfile(String refnum,String authcode, String password,EntrustProfile epf,int signalg,String filename,int mode)
throws java.io.FileNotFoundException,
com.entrust.security.exceptions.EntrustBaseException
{
FileOutputStream out = new FileOutputStream(filename);
EntrustManagerTransport transport = directoryAddress.getTransport();
try {
if (mode == directoryAddress.CREATE_PROFILE) {
System.out.println("!!! refnum : " + refnum);
System.out.println("!!! authcode : " + authcode);
System.out.println("!!! password : " + password);
System.out.println("!!! signalg : " + signalg);
epf.create(new StringBuffer(refnum),new StringBuffer(authcode),new StringBuffer(password),transport,signalg,null);
}
else if (mode == directoryAddress.RECOVER_PROFILE)
epf.recover(new StringBuffer(refnum),new StringBuffer(authcode),new StringBuffer(password),transport,signalg,null);
epf.write(out);
} catch (com.entrust.security.exceptions.EntrustBaseException ex) {
epf.writeComplete(transport,false);
throw ex;
}
epf.writeComplete(transport,true);
}
/**
* Check if an update is needed and performs it.
* @param epf the profile to pbe updated
* @param filename the filename where to store the updated profile
*/
public void updateProfile( String filename )
throws com.entrust.security.exceptions.EntrustBaseException
{
updateProfile(this.profile, filename);
}
public void updateProfile(EntrustProfile profile,String filename)
throws com.entrust.security.exceptions.EntrustBaseException
{
this.directoryAddress.checkCiphers();
if (! directoryAddress.getOnLine())
return;
if (profile.encryptionKeyUpdateRequired())
doKeyUpdate(profile,EntrustProfile.EncryptionKeys,filename);
if (profile.signingKeyUpdateRequired())
doKeyUpdate(profile,EntrustProfile.SigntureKeys,filename);
}
/**
* Used to update the keys
*/
public void doKeyUpdate(int key_type,String filename)
throws com.entrust.security.exceptions.EntrustBaseException
{
doKeyUpdate(this.profile , key_type, filename);
}
public void doKeyUpdate(EntrustProfile profile,int key_type,String filename)
throws com.entrust.security.exceptions.EntrustBaseException
{
this.directoryAddress.checkCiphers();
EntrustManagerTransport transport = this.directoryAddress.getTransport();
if (profile.updateKeys(transport,key_type)) {
try {
FileOutputStream epf = new FileOutputStream(filename);
profile.write(epf);
} catch (Exception any) {
profile.writeComplete(transport,false);
return;
}
profile.writeComplete(transport,true);
}
}
/**
* Returns an array of valid certificates.
* @param epf the profile for the user who is asking for verify,
* @param dn the array of distinguished name for whom to verify and ....
* @return an array of valid certificates
*/
public X509Certificate[] getValidCertificates(String dn[])
{
return getValidCertificates(this.profile, dn);
}
public X509Certificate[] getValidCertificates(EntrustProfile epf,String dn[])
{
JNDIDirectory directory = null;
// If in online mode get the directory
if (this.directoryAddress.getOnLine())
directory = this.directoryAddress.getDirectory();
// Create the verifierier
ETKCertificateVerifier verifier = new ETKCertificateVerifier(directory,epf);
verifier.getContext().setCrlsRequired(this.directoryAddress.getOnLine());
verifier.validateCertificates(dn);
return verifier.getValidCertificates();
}
/**
* Returns an array of valid certificates.
* @param epf the profile for the user who is asking for verify,
* @param certs the array of certificate to verify,
* @return an array of valid certificates
*/
public X509Certificate[] getValidCertificates(X509Certificate certs[])
{
return getValidCertificates(this.profile , certs);
}
public X509Certificate[] getValidCertificates(EntrustProfile epf,X509Certificate certs[])
{
JNDIDirectory directory = null;
// If in online mode get the directory
if (this.directoryAddress.getOnLine())
directory = this.directoryAddress.getDirectory();
// Create the verifier
ETKCertificateVerifier verifier = new ETKCertificateVerifier(directory,epf);
verifier.getContext().setCrlsRequired(this.directoryAddress.getOnLine());
//modifica di rebecca al 23 novembre
boolean ret = verifier.validateCertificates(certs);
System.out.println(" il ritono della verifica ⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -