sunlabs.brazil.ssl.CertHandler Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of sunlabs.brazil Show documentation
Show all versions of sunlabs.brazil Show documentation
Extremely small footprint Java HTTP stack.
The newest version!
/*
* CertHandler.java
*
* Brazil project web application toolkit,
* export version: 2.3
* Copyright (c) 2001-2004 Sun Microsystems, Inc.
*
* Sun Public License Notice
*
* The contents of this file are subject to the Sun Public License Version
* 1.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is included as the file "license.terms",
* and also available at http://www.sun.com/
*
* The Original Code is from:
* Brazil project web application toolkit release 2.3.
* The Initial Developer of the Original Code is: suhler.
* Portions created by suhler are Copyright (C) Sun Microsystems, Inc.
* All Rights Reserved.
*
* Contributor(s): suhler.
*
* Version: 2.4
* Created by suhler on 01/07/19
* Last modified by suhler on 04/11/30 15:12:12
*
* Version Histories:
*
* 2.4 04/11/30-15:12:12 (suhler)
* fixed sccs version string
*
* 2.3 04/11/30-15:11:43 (suhler)
* fixed sccs version string
*
* 2.2 04/11/30-15:11:27 (suhler)
* fixed sccs version string
*
* 2.1 02/10/01-16:39:50 (suhler)
* version change
*
* 1.3 02/01/29-14:24:11 (suhler)
* doc lint
*
* 1.2 01/07/19-20:17:18 (suhler)
* docs
*
* 1.2 01/07/19-11:18:18 (Codemgr)
* SunPro Code Manager data about conflicts, renames, etc...
* Name history : 1 0 ssl/CertHandler.java
*
* 1.1 01/07/19-11:18:17 (suhler)
* date and time created 01/07/19 11:18:17 by suhler
*
*/
package sunlabs.brazil.ssl;
import iaik.asn1.ASN1;
import iaik.asn1.CodingException;
import iaik.asn1.ObjectID;
import iaik.asn1.structures.AlgorithmID;
import iaik.asn1.structures.Name;
import iaik.pkcs.PKCS7CertList;
import iaik.pkcs.PKCSException;
import iaik.pkcs.pkcs8.EncryptedPrivateKeyInfo;
import iaik.pkcs.pkcs8.PrivateKeyInfo;
import iaik.security.provider.IAIK;
import iaik.utils.KeyAndCertificate;
import iaik.utils.Util;
import iaik.x509.NetscapeCertRequest;
import iaik.x509.X509Certificate;
import iaik.x509.extensions.netscape.NetscapeCertType;
import iaik.x509.extensions.netscape.NetscapeComment;
import iaik.x509.extensions.netscape.NetscapeSSLServerName;
import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.util.Calendar;
import java.util.GregorianCalendar;
import java.util.Hashtable;
import java.util.Random;
import sunlabs.brazil.server.Handler;
import sunlabs.brazil.server.Request;
import sunlabs.brazil.server.Server;
/**
* Handler for issuing A netscape certificate.
* Get a certificate request from the user as form data, generate the
* certificate, and sign it with the CA's certificate.
*
* There is currently no certificate management. The serial number is obtained
* from the form (if available), otherwise it is made up.
* [This should be converted into a template].
*
* The following fields are required query info, either from a GET or POST:
*
* - commonname
- The name of the certificate owner
*
- country
- The country of origin (2 char abbreviation
*
- email
- The email address
*
- expires
- The cert lifetime (in months)
*
- key
- The netscape key information (from KEYGEN)
*
- locality
- The local address of the cert holder
*
- org
- The company
*
- orgunit
- The division
*
- state
- The state or provice
*
* The following fields are optional:
*
* - serial
- the cert serial # (this is temporary)
*
- can_sign
- cert may be used for code signing
*
- can_email
- cert may be used for S/mime
*
- can_ssl
- cert may be used for client SSL
*
*
* The follow server properties are used:
*
* - prefix
- The url prefix for this handler to generate a cert
*
- cert
- The file name containing the CA certificate
*
- id
- If set, The the request property "id" MUST be set
* in order to generate a cert. This allows upstream
* handlers to do authentication before a cert is issued.
*
*
* @author Stephen Uhler
* @version 2.4
*/
public class CertHandler implements Handler {
X509Certificate[] serverChain; // our CA's cert chain
PrivateKey serverKey; // our CA's private key
String prefix; // url prefix
boolean needID = false; // if true, an id property is required
static long serialNo; // default serial num.
/**
* Get the CA's certificate chain. prompting for the
* certificate password on the command line.
*/
public boolean
init(Server server, String prefix) {
this.prefix = server.props.getProperty(prefix + "prefix","/");
String cert = server.props.getProperty(prefix + "cert");
// Temporarily start at seconds since 1/1/99
serialNo = System.currentTimeMillis()/1000 - 915177600;
System.out.println("Starting serialno: " + serialNo);
needID = (server.props.getProperty(prefix + "id") != null);
Security.addProvider(new IAIK());
KeyAndCertificate kac;
/*
* read the certificate from a file
*/
try {
kac = new KeyAndCertificate(cert);
} catch (IOException e) {
System.out.println("Oops: " + e);
e.printStackTrace();
return false;
}
serverChain = kac.getCertificateChain();
System.out.println("SERVER CHAIN ---------------------------");
for (int i = 0; i");
System.exit(1);
}
System.out.println("Creating server CA test certificate");
Security.addProvider(new IAIK());
/* generate a key-pair */
KeyPair kp = null;
try {
KeyPairGenerator generator =
KeyPairGenerator.getInstance("RSA", "IAIK");
generator.initialize(512);
kp = generator.generateKeyPair();
} catch (NoSuchAlgorithmException e) {
System.out.println("Can't create RSA/512 key pair: " + e);
System.exit(1);
} catch (NoSuchProviderException e) {
System.out.println("Can't create RSA/512 key pair: " + e);
System.exit(1);
}
/* get the cert info from the user via the command line */
Name issuer = new Name();
issuer.addRDN(ObjectID.country, getEntry("country","US"));
issuer.addRDN(ObjectID.organization,
getEntry("company","Sun Microsystems Laboratories"));
issuer.addRDN(ObjectID.organizationalUnit,
getEntry("division","Brazil Project"));
issuer.addRDN(ObjectID.commonName,
getEntry("server name","foo.bar.com"));
/* create the cert */
X509Certificate cert = new X509Certificate();
try {
cert.setSerialNumber(new BigInteger(20, new Random()));
cert.setSubjectDN(issuer);
cert.setIssuerDN(issuer);
cert.setPublicKey(kp.getPublic());
GregorianCalendar date = new GregorianCalendar();
date.add(Calendar.DATE, -1);
cert.setValidNotBefore(date.getTime());
date.add(Calendar.MONTH,
Integer.parseInt(getEntry("time of validity (months)","6")));
cert.setValidNotAfter(date.getTime());
/*
* Specify what functions this certificate is good for. If this
* (Or the basicConstraint CA field) is not set, then netscape
* will not recognize this as a CA cert. See:
* http://home.netscape.com/eng/security/comm4-cert-exts.html
* for details
*/
cert.addExtension(new NetscapeCertType(
NetscapeCertType.SSL_CA |
NetscapeCertType.SSL_SERVER |
NetscapeCertType.S_MIME_CA |
NetscapeCertType.OBJECT_SIGNING_CA)
);
/*
* If this certificate is to be used by an ssl server,
* then add the following:
*/
cert.addExtension(new NetscapeSSLServerName(
getEntry("host name of server", "*.eng.sun.com")));
String comment = getEntry("A comment for the certificate user", "");
if (!comment.equals("")) {
cert.addExtension(new NetscapeComment(comment));
}
cert.sign(AlgorithmID.md5WithRSAEncryption,kp.getPrivate());
X509Certificate[] chain = new X509Certificate[1];
chain[0] = cert;
/* encrypt the key and save the cert */
EncryptedPrivateKeyInfo epki = new EncryptedPrivateKeyInfo(
(PrivateKeyInfo)kp.getPrivate());
epki.encrypt(getPassword("Certificate password"),
AlgorithmID.pbeWithMD5AndDES_CBC, null);
new KeyAndCertificate(epki, chain).saveTo(args[0], ASN1.PEM);
} catch (Exception e) {
System.out.println("OOPS: " + e);
e.printStackTrace();
}
System.out.println("Saved server CA test certificate to: " + args[0]);
}
}