/************************************************************************ * * $Id: PeerCerts.java,v 1.2 2002/03/04 21:42:58 echtcherbina Exp $ * * Copyright (c) 2001 Sun Microsystems, Inc. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The end-user documentation included with the redistribution, * if any, must include the following acknowledgment: * "This product includes software developed by the * Sun Microsystems, Inc. for Project JXTA." * Alternately, this acknowledgment may appear in the software itself, * if and wherever such third-party acknowledgments normally appear. * * 4. The names "Sun", "Sun Microsystems, Inc.", "JXTA" and "Project JXTA" * must not be used to endorse or promote products derived from this * software without prior written permission. For written * permission, please contact Project JXTA at http://www.jxta.org. * * 5. Products derived from this software may not be called "JXTA", * nor may "JXTA" appear in their name, without prior written * permission of Sun. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL SUN MICROSYSTEMS OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * ==================================================================== * * This software consists of voluntary contributions made by many * individuals on behalf of Project JXTA. For more * information on Project JXTA, please see * . * * This license is based on the BSD license adopted by the Apache Foundation. *********************************************************************************/ Contains method to generate certs when initializing jxta platform//package net.jxta.impl.endpoint.tls;import COM.claymoresystems.cert.*;import COM.claymoresystems.crypto.*;import COM.claymoresystems.provider.ClaymoreProvider;import COM.claymoresystems.util.Util;import COM.claymoresystems.ptls.SSLDebug;import org.bouncycastle.jce.provider.X509CertificateObject;import org.bouncycastle.jce.X509V3CertificateGenerator;import org.bouncycastle.util.encoders.*;import org.bouncycastle.jce.provider.*;import org.bouncycastle.jce.*;import org.bouncycastle.asn1.pkcs.*;import xjava.security.Cipher;import xjava.security.interfaces.CryptixRSAPublicKey;import xjava.security.interfaces.CryptixRSAPrivateKey;import xjava.security.interfaces.RSAFactors;import jxta.security.hash.*;import jxta.security.crypto.*;// import jxta.security.cipher.Cipher; // removed, not needed, causes a build errorimport jxta.security.cipher.Key;import jxta.security.util.URLBase64;import jxta.security.impl.crypto.*;import jxta.security.impl.cipher.KeyBuilder;import jxta.security.impl.cipher.RC4Cipher;import jxta.security.impl.cipher.SecretKey;import jxta.security.impl.random.JRandom;import jxta.security.exceptions.CryptoException;// import jxta.security.util.Util; // removed, not needed, causes a build errorimport jxta.security.util.URLBase64;import jxta.security.crypto.*;import jxta.security.impl.crypto.*;import jxta.security.impl.random.JRandom;import jxta.security.exceptions.CryptoException;import org.apache.log4j.Category; import org.apache.log4j.Priority;import java.security.*;import java.security.cert.*;import java.security.interfaces.RSAPrivateCrtKey;import java.io.*;import java.util.*;import java.math.*;public class PeerCerts { private static final Category LOG = Category.getInstance(PeerCerts.class.getName()); static final String testPw = "password"; // Issuer information for signing service certificate private static class IssuerInfo { PrivateKey rootKey;// issuer private key Hashtable issuer;// issuer PrivateKey subjectPkey;// subject private key byte[] passwd;// passwd for encrypting the above } // genreate root cert public static IssuerInfo genPeerRootCert(String peerName, String password) throws IOException { String rootFile = JTlsUtil.getPCERootPath() + JTlsDefs.CLIENTROOT;// generate and save certSSLDebug.debug(SSLDebug.DEBUG_JXTA, "Generating root cert ...");IssuerInfo info = genCert(rootFile, peerName + "-CA", null);// generate our passphrase (used for both root and client certs)info.passwd = genPassPhrase(password);// Append private key to generated certappendPrivateKey(info, rootFile);// return the root's private key to sign the service certificatereturn info; } // save service cert with its private key public static void genPeerServiceCert(String peerName, IssuerInfo info, String password) throws IOException { String keyFile = JTlsUtil.getPCEClientPath() + JTlsDefs.CLIENTSERVICE;// genreate ans save cert, return the private key. Actually it is// a RSAPrivateCrtKey.SSLDebug.debug(SSLDebug.DEBUG_JXTA, "\nGenerating client cert ...");IssuerInfo myinfo = genCert(keyFile, peerName, info);// set passwd for encryptionmyinfo.passwd = info.passwd;// Append the private keyappendPrivateKey(myinfo, keyFile); } // Append RSAPrivateCrtKey to the certificate private static void appendPrivateKey(IssuerInfo info, String keyFile)throws IOException {RSAPrivateCrtKey priKey = (RSAPrivateCrtKey)info.subjectPkey;// append the private key at the end of the keyFileFileWriter fw = new FileWriter(keyFile, true);BufferedWriter bw = new BufferedWriter(fw);EAYEncryptedPrivateKey.writePrivateKey(priKey, info.passwd, bw);bw.flush();fw.close(); } private static final int NUM_BYTES = 128; public static SecureRandom seedSRN() throws jxta.security.exceptions.CryptoException {byte[] seed = new byte[NUM_BYTES];JRandom jran = new JRandom();jran.nextBytes(seed);return new SecureRandom(seed); } // generate passwd and encrypt and save // return the passphrase // save the encrypted passphrase in peer.phrase private static byte[] genPassPhrase(String password) throws IOException { String PCEpath = JTlsUtil.getPCEClientPath();String phraseFile = PCEpath + JTlsDefs.PASSPHRASE;byte[] buf = new byte[NUM_BYTES];// generate NUM_BYTES long random bytes// may use jxta's JRandom rng = new JRandom();SecureRandom rng = null;try { rng = seedSRN();} catch (jxta.security.exceptions.CryptoException cex) { // should never happen //if (LOG.isEnabledFor(Priority.DEBUG)) LOG.debug("Could not seed SRN: ", cex); return null;}rng.nextBytes(buf);byte[] phrase = new byte[buf.length];System.arraycopy(buf, 0, phrase, 0, buf.length);// hash the random bytes using SHA1, and base64 encode// to make a text string.byte[] str64 = null;try { byte profile = (byte)(JxtaCrypto.MEMBER_SHA1); JxtaCrypto suite = new JxtaCryptoSuite(profile, null, (byte)0, (byte)0); Hash sha1 = suite.getJxtaHash(Hash.ALG_SHA1); byte[] digest = new byte[sha1.getDigestLength()]; // Where Tn = digest, T(n+1) = H(Tn); int len = NUM_BYTES; for (int i=0; i sha1.doFinal(buf, 0, len, digest, 0); System.arraycopy(digest, 0, buf, 0, digest.length); len = digest.length; } // save digest as base64 encoded block to a file in local
扫一扫
2万+
评论
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
查看更多评论
添加红包
