1 13 14 package org.ejbca.core.model.ca.catoken; 15 16 import java.security.InvalidKeyException ; 17 import java.security.KeyPair ; 18 import java.security.KeyStore ; 19 import java.security.KeyStoreException ; 20 import java.security.NoSuchAlgorithmException ; 21 import java.security.PrivateKey ; 22 import java.security.Provider ; 23 import java.security.PublicKey ; 24 import java.security.Security ; 25 import java.security.Signature ; 26 import java.security.UnrecoverableKeyException ; 27 import java.util.Hashtable ; 28 import java.util.Map ; 29 import java.util.Properties ; 30 31 import org.apache.commons.lang.StringUtils; 32 import org.apache.log4j.Logger; 33 import org.ejbca.core.model.InternalResources; 34 import org.ejbca.core.model.SecConst; 35 36 37 41 public abstract class BaseCAToken implements IHardCAToken { 42 43 44 private static final Logger log = Logger.getLogger(BaseCAToken.class); 45 46 private static final InternalResources intres = InternalResources.getInstance(); 47 48 final private String sProviderName; 49 final private String sSlotLabelKey; 50 51 56 public BaseCAToken(String providerClassName, String pn, 57 String slk) throws InstantiationException , IllegalAccessException { 58 log.debug("Creating CAToken"); 59 sProviderName = pn; 60 sSlotLabelKey = slk; 61 try { 62 Provider prov = (Provider )Class.forName(providerClassName).newInstance(); 63 Security.addProvider( prov ); 64 } catch (ClassNotFoundException e) { 65 throw new InstantiationException ("Class not found: "+providerClassName); 66 } 67 } 68 69 private KeyStrings keyStrings; 70 protected String sSlotLabel; 71 private Map mKeys; 72 private String mAuthCode; 73 74 private void autoActivate() { 75 if ( mKeys==null && mAuthCode!=null ) 76 try { 77 activate(mAuthCode); 78 } catch (Exception e) { 79 log.debug(e); 80 } 81 } 82 private void testKey( KeyPair pair ) throws Exception { 83 final byte input[] = "Lillan gick p� v�gen ut, m�tte d�r en katt ...".getBytes(); 84 final byte signBV[]; 85 String keyalg = pair.getPublic().getAlgorithm(); 86 if (log.isDebugEnabled()) { 87 log.debug("Testing keys with algorithm: "+keyalg); 88 } 89 String testSigAlg = "SHA1withRSA"; 90 if (StringUtils.equals(keyalg, "EC")) { 91 testSigAlg = "SHA1withECDSA"; 92 } 93 { 94 Signature signature = Signature.getInstance(testSigAlg, getProvider()); 95 signature.initSign( pair.getPrivate() ); 96 signature.update( input ); 97 signBV = signature.sign(); 98 }{ 99 Signature signature = Signature.getInstance(testSigAlg, "BC"); 100 signature.initVerify(pair.getPublic()); 101 signature.update(input); 102 if ( !signature.verify(signBV) ) 103 throw new InvalidKeyException ("Not possible to sign and then verify with key pair."); 104 } 105 } 106 111 protected void setKeys(KeyStore keyStore, String authCode) throws Exception { 112 mKeys = null; 113 final String keyAliases[] = keyStrings.getAllStrings(); 114 final Map mTmp = new Hashtable (); 115 for ( int i=0; i<keyAliases.length; i++ ) { 116 PrivateKey privateK = 117 (PrivateKey )keyStore.getKey(keyAliases[i], 118 (authCode!=null && authCode.length()>0)? authCode.toCharArray():null); 119 PublicKey publicK = readPublicKey(keyStore, keyAliases[i]); 120 KeyPair keyPair = new KeyPair (publicK, privateK); 121 mTmp.put(keyAliases[i], keyPair); 122 } 123 for ( int i=0; i<keyAliases.length; i++ ) { 124 KeyPair pair = (KeyPair )mTmp.get(keyAliases[i]); 125 testKey(pair); 126 log.debug("Key with alias "+keyAliases[i]+" tested. toString for private part: "+pair.getPrivate()); 127 } 128 mKeys = mTmp; 129 if ( getCATokenStatus()!=IHardCAToken.STATUS_ACTIVE ) 130 throw new Exception ("Activation test failed"); 131 } 132 133 141 protected PublicKey readPublicKey(KeyStore keyStore, String alias) throws KeyStoreException , NoSuchAlgorithmException , UnrecoverableKeyException { 142 return keyStore.getCertificate(alias).getPublicKey(); 143 } 144 145 148 public void init(Properties properties, String signaturealgorithm) { 149 log.debug("Properties: "+(properties!=null ? properties.toString() : "null")+". Signaturealg: "+signaturealgorithm); 150 keyStrings = new KeyStrings(properties); 151 sSlotLabel = properties.getProperty(sSlotLabelKey); 152 sSlotLabel = sSlotLabel!=null ? sSlotLabel.trim() : null; 153 mAuthCode = properties.getProperty("pin"); 154 autoActivate(); 155 } 156 157 160 public abstract void activate(String authCode) throws CATokenOfflineException, CATokenAuthenticationFailedException; 161 162 165 public boolean deactivate(){ 166 String msg = intres.getLocalizedMessage("catoken.deactivate"); 167 log.info(msg); 168 mKeys = null; 169 return true; 170 } 171 172 175 public PrivateKey getPrivateKey(int purpose) 176 throws CATokenOfflineException { 177 autoActivate(); 178 KeyPair keyPair = mKeys!=null ? 179 (KeyPair )mKeys.get(keyStrings.getString(purpose)) : 180 null; 181 if ( keyPair==null ) 182 throw new CATokenOfflineException("no such key"); 183 return keyPair.getPrivate(); 184 } 185 186 189 public PublicKey getPublicKey(int purpose) 190 throws CATokenOfflineException { 191 autoActivate(); 192 KeyPair keyPair = mKeys!=null ? 193 (KeyPair )mKeys.get(keyStrings.getString(purpose)) : 194 null; 195 if ( keyPair==null ) 196 throw new CATokenOfflineException(); 197 return keyPair.getPublic(); 198 } 199 200 203 public String getProvider() { 204 return sProviderName; 205 } 206 207 210 public int getCATokenStatus() { 211 autoActivate(); 212 { 213 String strings[] = keyStrings.getAllStrings(); 214 int i=0; 215 while( strings!=null && i<strings.length && mKeys!=null && mKeys.get(strings[i])!=null ) 216 i++; 217 if ( strings==null || i<strings.length) 218 return IHardCAToken.STATUS_OFFLINE; 219 } { 220 PrivateKey privateKey; 221 PublicKey publicKey; 222 try { 223 privateKey = getPrivateKey(SecConst.CAKEYPURPOSE_KEYTEST); 224 publicKey = getPublicKey(SecConst.CAKEYPURPOSE_KEYTEST); 225 } catch (CATokenOfflineException e) { 226 privateKey = null; 227 publicKey = null; 228 log.debug("no test key defined"); 229 } 230 if ( privateKey!=null && publicKey!=null ) { 231 try{ 233 testKey(new KeyPair (publicKey, privateKey)); 234 } catch( Throwable th ){ 235 log.error("Error testing activation", th); 236 return IHardCAToken.STATUS_OFFLINE; 237 } 238 } 239 } 240 return IHardCAToken.STATUS_ACTIVE; 241 } 242 } 243 | Popular Tags |