📄 profilemanager.java
字号:
package SOMA.security.infrastructure;
import com.entrust.x509.directory.*;
import com.entrust.security.provider.*;
import com.entrust.toolkit.*;
import iaik.x509.*;
import iaik.pkcs.pkcs7.*;
import java.io.*;
import SOMA.security.utility.ControlPassword;
import SOMA.security.utility.ControlPasswordException;
/**
* This class is at a more higher level than the Entrust Java Toolkit.
* It will give the basic functionality for managing one's profile.
* @author Luca Ghetti
* @version
*/
public class ProfileManager implements InfrastructureConst
{
protected String pkcs7FileName = System.getProperty( "user.dir" ) +
File.separator +
"ProfileManagerTemp";
protected String extension = ".pkcs7";
protected int cont = 0;
// The pki the profile belongs to
Infrastructure pki;
// The managed profile
EntrustProfile profile;
public void setProfile(EntrustProfile profile) {
this.profile = profile;
}
/**
* Sets the pki
*/
public void setEntrustInfrastructure(Infrastructure pki) {
this.pki = pki;
}
/**
* Gets the pki
*/
public Infrastructure getEntrustInfrastructure() {
return pki;
}
/**
* Return current EntrustProfile value
*/
public EntrustProfile getProfile(){
return profile;
}
/**
* To create the profile as a bean.
*/
public ProfileManager() {
}
/**
* To create a new profile manager you need an EntrustInfrastructure
* object.
* @param pki is the pki the managed profile belongs to.
*/
public ProfileManager ( Infrastructure pki )
{
this.pki = pki;
}
/**
* This method is used to create a new profile from scratch. One must
* provide the two secrets needed by the entrust PKI.
* @param refnum is the reference number,
* @param authcode is the authentication code,
* @param password is the profile password,
* @param filename the file where the profile is being stored.
*/
public void createProfile(String refnum, String authcode, String password,String filename)
throws java.io.FileNotFoundException,
com.entrust.security.exceptions.EntrustBaseException,
ControlPasswordException
{
// if (ControlPassword.Control(password,ControlPassword.getFileName(filename)))
// throw new ControlPasswordException(ControlPassword.toString(password,ControlPassword.getFileName(filename)));
profile = new EntrustProfile();
profile.setPKIXVersion(EntrustProfile.PKIXforEntrust4);
pki.setEntrustProfile( profile );
pki.createOrRecoverProfile(refnum,authcode,password,profile,EntrustProfile.RSASignature,filename,Infrastructure.CREATE_PROFILE);
}
/**
* This method is used to recover a profile. One must
* provide the two secrets needed by the entrust PKI.
* @param refnum is the reference number,
* @param authcode is the authentication code,
* @param password is the profile password,
* @param filename the file where the profile is being stored.
*/
public void recoverProfile(String refnum, String authcode, String password,String filename)
throws java.io.FileNotFoundException,
com.entrust.security.exceptions.EntrustBaseException,
ControlPasswordException
{
if (ControlPassword.Control(password,ControlPassword.getFileName(filename)))
throw new ControlPasswordException(ControlPassword.toString(password,ControlPassword.getFileName(filename)));
profile = new EntrustProfile();
profile.setPKIXVersion(EntrustProfile.PKIXforEntrust4);
// Recover the profile
pki.createOrRecoverProfile(refnum,authcode,password,profile,EntrustProfile.RSASignature,filename,Infrastructure.RECOVER_PROFILE);
}
/**
* Logs on an existing profile stored in a file.
* @param filename the file name,
* @param password the password.
*/
public void logonProfile(String filename, String password)
throws java.io.FileNotFoundException,
com.entrust.security.exceptions.EntrustBaseException
{
this.logonProfile( filename, password, true );
}
public void logonProfile(String filename, String password, boolean onLineLogon)
throws java.io.FileNotFoundException,
com.entrust.security.exceptions.EntrustBaseException
// iaik.pkcs.PKCSParsingException,
// java.io.IOException
{
try {
FileInputStream epf = new FileInputStream(filename);
if ( pki == null )
pki = new Infrastructure( new InfrastructureAddress() );
if ( pki.directoryAddress == null )
pki.directoryAddress = new InfrastructureAddress();
pki.directoryAddress.checkCiphers();
profile = new EntrustProfile();
profile.logon(epf,new StringBuffer(password));
if ( onLineLogon && pki != null && pki.directoryAddress != null &&
pki.directoryAddress.onLine) // OnLine
{
// Update if necessary the random seed
if (profile.randomSeedRequired()) {
FileOutputStream opf = new FileOutputStream(filename);
profile.randomSeedUpdate(null);
profile.write(opf);
}
// Update the keys if necessary
if (pki != null) pki.updateProfile(profile,filename);
}
} catch ( Exception e ) { System.out.println(" Error creating profile." + e); }
}
/**
* This method is used for logoff the profile.
*/
public void logoffProfile() {
if (profile != null) profile.logoff();
}
/*********************************************************************************/
/**
* This method is used for signed message
* @param data the data to sign,
* @return the signed data.
**/
public byte[] signedData (byte[] inData)
throws java.security.NoSuchAlgorithmException,
iaik.asn1.CodingException,
com.entrust.security.exceptions.EntrustBaseException,
iaik.pkcs.PKCSException,
java.io.IOException
{
String tempFileName = getCurrentFileName();
ETKPKCS7 pkcs7 = new ETKPKCS7(profile);
SignedData sgn = pkcs7.encodeSignedData(pkcs7.encodeData( inData ),
ETKPKCS7.SIGNED_CONTENT );
//System.out.println ("firma codice begin");
ContentInfo cntInf = pkcs7.encodeContentInfo(sgn);
FileOutputStream fos = new FileOutputStream( tempFileName );
cntInf.writeTo( fos );
fos.close();
FileInputStream fis = new FileInputStream( tempFileName );
byte buffer [] = new byte [fis.available()];
byte Signature [] = new byte [fis.available()];
int destPos = 0;
int len;
while ( (len = fis.read( buffer ))> 0 )
{
System.arraycopy( buffer, 0 ,Signature ,destPos , len );
destPos = destPos + len;
}
fis.close();
// System.out.println ("firma codice end");
return Signature;
//returns this PKCS#7 ContentInfo as DER encoded byte array.
}
/**
* This method is used for signed message
* @param data the data to sign,
* @return the signed data.
**/
public void signedData (java.io.InputStream inData,java.io.OutputStream outData)
throws java.security.NoSuchAlgorithmException,
iaik.asn1.CodingException,
com.entrust.security.exceptions.EntrustBaseException,
iaik.pkcs.PKCSException,
java.io.IOException
{
ETKPKCS7 pkcs7 = new ETKPKCS7(profile);
SignedData sgn = pkcs7.encodeSignedData(new Data(inData), ETKPKCS7.SIGNED_CONTENT);
// pkcs7.encodeData(inData)
ContentInfo cntInf = pkcs7.encodeContentInfo(sgn);
cntInf.writeTo(outData);
System.out.println ( " OutData : " + outData.toString() );
}
public boolean verifySignedData ( byte [] in, X509Certificate cert )
throws java.security.NoSuchAlgorithmException,
iaik.asn1.CodingException,
com.entrust.security.exceptions.EntrustBaseException,
java.security.SignatureException,
iaik.pkcs.PKCSException,
java.io.IOException
{
String tempFileName = getCurrentFileName();
if ( cert == null )
{
System.out.println(" Errore certificato non incluso.");
return false;
}
ETKPKCS7 pkcs7 = new ETKPKCS7(profile);
SignedData signedData = null;
//SignedData sign=null;
FileOutputStream fos = new FileOutputStream( tempFileName );
fos.write(in);
fos.close();
FileInputStream fis = new FileInputStream( tempFileName );
ContentInfo contentInfo = pkcs7.decodeInputStream(fis);
signedData = (SignedData) contentInfo.getContent( );
//X509Certificate certs[] = signedData.getCertificates(); ritorna null
System.out.println(" 9");
try {
System.out.println(" 12");
//tolto da rebecca il 18 novembre PKCS7Content ret = pkcs7.decodeSignedData(sign,cert,data);
//PKCS7Content ret = pkcs7.decodeSignedData(sign,certs,null);
JNDIDirectory directory;
if ( pki == null || pki.directoryAddress == null || ! pki.directoryAddress.onLine ) // OffLine
{
directory = null; // null;
if ( ( pki != null ) &&
( pki.localCertificateCRLList != null ) &&
( pki.localCertificateCRLList.certInCRL( cert ) ) )
return false;
}
else // OnLine
{
System.out.println(" 12,1");
directory = pki.directoryAddress.connectDirectory();
//pkcs7.setVerifier( new ETKCertificateVerifier( directory, profile ) );
X509Certificate certs [] = new X509Certificate[1];
certs[0] = cert;
X509Certificate validCerts[] = pki.getValidCertificates( profile, certs );
if ( validCerts == null || validCerts.length<1 )
{
System.out.println(" Errore certificato non valido.");
return false;
}
}
System.out.println(" 12,2");
Data ret =(Data)pkcs7.decodeSignedData(signedData,cert,null);
System.out.println(" 13");
/* modifica di rebecca al 18 novembre
String msg = pkcs7.decodeData(data); // (Data)ret ???
System.out.println(" 14");
new java.io.DataOutputStream(out).writeBytes(msg);
System.out.println(" 15");
*/
} catch (Exception e){ System.out.println(" 16");
fis.close();
( new File( tempFileName )).delete();
return false; }//false;}
fis.close();
( new File( tempFileName )).delete();
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -