|
1
31 package org.objectweb.proactive.ext.security;
32
33 import java.io.ByteArrayInputStream  ;
34 import java.math.BigInteger ;
35 import java.security.InvalidKeyException ;
36 import java.security.KeyPair ;
37 import java.security.NoSuchProviderException ;
38 import java.security.PrivateKey ;
39 import java.security.Provider ;
40 import java.security.PublicKey ;
41 import java.security.SecureRandom ;
42 import java.security.Security ;
43 import java.security.SignatureException ;
44 import java.security.cert.CertificateException ;
45 import java.security.cert.CertificateFactory ;
46 import java.security.cert.X509Certificate ;
47 import java.sql.Date ;
48 import java.text.DateFormat ;
49 import java.util.ArrayList ;
50 import java.util.Random ;
51
52 import org.bouncycastle.asn1.ASN1EncodableVector;
53 import org.bouncycastle.asn1.ASN1Sequence;
54 import org.bouncycastle.asn1.DERInputStream;
55 import org.bouncycastle.asn1.DERSequence;
56 import org.bouncycastle.asn1.misc.MiscObjectIdentifiers;
57 import org.bouncycastle.asn1.misc.NetscapeCertType;
58 import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
59 import org.bouncycastle.asn1.x509.BasicConstraints;
60 import org.bouncycastle.asn1.x509.GeneralName;
61 import org.bouncycastle.asn1.x509.GeneralNames;
62 import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
63 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
64 import org.bouncycastle.asn1.x509.X509Extensions;
65 import org.bouncycastle.asn1.x509.X509Name;
66 import org.bouncycastle.jce.X509V3CertificateGenerator;
67 import org.bouncycastle.jce.provider.JDKKeyPairGenerator;
68 import org.objectweb.proactive.core.ProActiveException;
69 import org.objectweb.proactive.core.node.Node;
70 import org.objectweb.proactive.core.node.NodeFactory;
71 import org.objectweb.proactive.core.runtime.ProActiveRuntime;
72 import org.objectweb.proactive.core.runtime.RuntimeFactory;
73
74
75 public class ProActiveSecurity {
76 public static Object [] generateGenericCertificate() {
77 Provider myProvider = new org.bouncycastle.jce.provider.BouncyCastleProvider();
78 Security.addProvider(myProvider);
79
80
81
82 KeyPair keyPair = null;
83 SecureRandom rand = new SecureRandom ();
84
85 JDKKeyPairGenerator.RSA keyPairGen = new JDKKeyPairGenerator.RSA();
86
87 keyPairGen.initialize(1024, rand);
88
89 keyPair = keyPairGen.generateKeyPair();
90
91 PrivateKey privateKey = keyPair.getPrivate();
92 PublicKey publicKey = keyPair.getPublic();
93 return generateCertificate("CN=Generic Certificate " +
94 new Random ().nextLong() +
95 ", OU=Generic Certificate, EmailAddress=none", "CN=none", privateKey,
96 publicKey);
97 }
98
99 public static Object [] generateCertificate(String dnName,
100 String issuerName, PrivateKey caPrivKey, PublicKey caPubKey) {
101 KeyPair keyPair = null;
102 SecureRandom rand = new SecureRandom ();
103
104 JDKKeyPairGenerator.RSA keyPairGen = new JDKKeyPairGenerator.RSA();
105
106 keyPairGen.initialize(1024, rand);
107
108 keyPair = keyPairGen.generateKeyPair();
109
110 PrivateKey privateKey = keyPair.getPrivate();
111 PublicKey publicKey = keyPair.getPublic();
112
113 X509V3CertificateGenerator certifGenerator = new X509V3CertificateGenerator();
114
115 X509Certificate certif = null;
116
117 DateFormat convert = DateFormat.getDateInstance();
118
119 certifGenerator.setPublicKey(publicKey);
120
121 String subjectCN = dnName;
122
123 X509Name subject = new X509Name(subjectCN);
125 X509Name issuer = new X509Name(issuerName);
126
127 certifGenerator.setSubjectDN(subject);
128 certifGenerator.setIssuerDN(issuer);
129 certifGenerator.setSignatureAlgorithm("MD5withRSA");
130
131 Date start = new Date (System.currentTimeMillis() -
132 (1000L * 60 * 60 * 24 * 30));
133 Date stop = new Date (System.currentTimeMillis() +
134 (1000L * 60 * 60 * 24 * 30));
135
136 certifGenerator.setNotAfter(stop);
137 certifGenerator.setNotBefore(start);
138 certifGenerator.setPublicKey(publicKey);
139 certifGenerator.setSerialNumber(new BigInteger ("1"));
140
141 certifGenerator.addExtension(X509Extensions.SubjectKeyIdentifier,
142 false, createSubjectKeyId(publicKey));
143
144 certifGenerator.addExtension(X509Extensions.AuthorityKeyIdentifier,
145 false, createAuthorityKeyId(caPubKey, new X509Name(issuerName), 1));
146
147 certifGenerator.addExtension(X509Extensions.BasicConstraints, false,
148 new BasicConstraints(true));
149
150 certifGenerator.addExtension(MiscObjectIdentifiers.netscapeCertType,
151 false,
152 new NetscapeCertType(NetscapeCertType.smime |
153 NetscapeCertType.sslServer));
154
155 try {
156 certif = certifGenerator.generateX509Certificate(privateKey, "BC");
157 } catch (InvalidKeyException e) {
158 e.printStackTrace();
159 } catch (NoSuchProviderException e) {
160 e.printStackTrace();
161 } catch (SecurityException e) {
162 e.printStackTrace();
163 } catch (SignatureException e) {
164 e.printStackTrace();
165 }
166
167 return new Object [] { certif, privateKey };
168 }
169
170 public static String retrieveVNName(Node node) {
171 if (NodeFactory.isNodeLocal(node)) {
172 return node.getVnName();
174 }
175 String s = node.getNodeInformation().getName();
176
177 String vn = null;
180 try {
181 vn = RuntimeFactory.getDefaultRuntime().getVNName(node.getNodeInformation()
182 .getName());
183 } catch (ProActiveException e1) {
184 e1.printStackTrace();
185 }
186
187 return vn;
191
192
197
198 }
200
201 public static SubjectKeyIdentifier createSubjectKeyId(PublicKey pubKey) {
205 try {
206 ByteArrayInputStream bIn = new ByteArrayInputStream (pubKey.getEncoded());
207 SubjectPublicKeyInfo info = new SubjectPublicKeyInfo((ASN1Sequence) new DERInputStream(
208 bIn).readObject());
209
210 return new SubjectKeyIdentifier(info);
211 } catch (Exception e) {
212 throw new RuntimeException ("error creating key");
213 }
214 }
215
216 public static AuthorityKeyIdentifier createAuthorityKeyId(
220 PublicKey pubKey, X509Name name, int sNumber) {
221 try {
222 ByteArrayInputStream bIn = new ByteArrayInputStream (pubKey.getEncoded());
223 SubjectPublicKeyInfo info = new SubjectPublicKeyInfo((ASN1Sequence) new DERInputStream(
224 bIn).readObject());
225
226 GeneralName genName = new GeneralName(name);
227 ASN1EncodableVector v = new ASN1EncodableVector();
228
229 v.add(genName);
230
231
232 return new AuthorityKeyIdentifier(
233 info, new GeneralNames(new DERSequence(v)), BigInteger.valueOf(sNumber));
234 } catch (Exception e) {
235 throw new RuntimeException ("error creating AuthorityKeyId");
236 }
237 }
238
239 public static AuthorityKeyIdentifier createAuthorityKeyId(PublicKey pubKey) {
240 try {
241 ByteArrayInputStream bIn = new ByteArrayInputStream (pubKey.getEncoded());
242 SubjectPublicKeyInfo info = new SubjectPublicKeyInfo((ASN1Sequence) new DERInputStream(
243 bIn).readObject());
244
245 return new AuthorityKeyIdentifier(info);
246 } catch (Exception e) {
247 throw new RuntimeException ("error creating AuthorityKeyId");
248 }
249 }
250
251 public static String retrieveVNName(String nodeName) {
252 String vn = null;
253 try {
254 vn = RuntimeFactory.getDefaultRuntime().getVNName(nodeName);
255 } catch (ProActiveException e1) {
256 e1.printStackTrace();
257 }
258
259 return vn;
263
264
269
270 }
272
273
276 public static void migrateTo(PolicyServer ps, String bodyURL, Node nodeTo)
277 throws SecurityMigrationException {
278 PolicyServer runtimePolicyServer = null;
279 PolicyServer applicationPolicyServer = null;
280 String vnFrom;
281 String vn;
282 String vnTo;
283 vn = vnFrom = vnTo = null;
284 vnFrom = bodyURL;
285
286 ProActiveRuntime pr = null;
287
288 try {
289 runtimePolicyServer = RuntimeFactory.getDefaultRuntime()
290 .getPolicyServer();
291
292 int n = vnFrom.lastIndexOf("/");
295 String name = vnFrom.substring(n + 1);
296
297 vn = RuntimeFactory.getDefaultRuntime().getVNName(name);
299
300 vnTo = nodeTo.getVnName();
301 if (vnTo == null) {
302 vnTo = nodeTo.getNodeInformation().getURL();
303 n = vnTo.lastIndexOf("/");
304 name = vnTo.substring(n + 1);
305 pr = nodeTo.getProActiveRuntime();
307 vnTo = pr.getVNName(name);
308 }
309
310 } catch (ProActiveException e1) {
312 e1.printStackTrace();
313 }
314
315 if (runtimePolicyServer != null) {
316 if (runtimePolicyServer.canMigrateTo("VN", vn, vnTo)) {
317 } else {
318 throw new SecurityMigrationException("matching rule : VN[" +
319 vn + "] --> VN[" + vnTo + "]");
320 }
321 }
322
323 if (ps != null) {
324 Communication runtimePolicy;
325 Communication VNPolicy;
326 Communication distantPolicy;
327
328 ArrayList arrayFrom = new ArrayList ();
329 ArrayList arrayTo = new ArrayList ();
330
331 if (vnFrom == null) {
332 arrayFrom.add(new DefaultEntity());
333 } else {
334 }
336 if (vnTo == null) {
337 arrayTo.add(new DefaultEntity());
338 } else {
339 }
341
342 SecurityContext sc = new SecurityContext(SecurityContext.MIGRATION_TO,
343 arrayFrom, arrayTo);
344 try {
345 sc = ps.getPolicy(sc);
346 } catch (SecurityNotAvailableException e) {
347 }
349 if (sc.isMigration()) {
350 } else {
351 throw new SecurityMigrationException("matching rule : VN[" +
352 vn + "] --> VN[" + vnTo + "]");
353 }
354 }
355 }
356
357 public static X509Certificate decodeCertificate(byte[] encodedCert) {
358 X509Certificate certificate = null;
359
360 try {
364 CertificateFactory cf = CertificateFactory.getInstance("X.509");
365 certificate = (X509Certificate ) cf.generateCertificate(new ByteArrayInputStream (
366 encodedCert));
367 } catch (CertificateException e) {
368 e.printStackTrace();
369 }
370 return certificate;
371 }
372 }
373 |
Popular Tags |
Java API By Example, From Geeks To Geeks.