Beispiel #1
0
  /**
   * Used during setup to get the certification from the keystore and encrypt the auth_value with
   * the private key
   *
   * @return true if the certificate was found and the string encypted correctly otherwise returns
   *     false
   */
  public void setCertificate()
      throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException,
          NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException,
          BadPaddingException, UnrecoverableEntryException {
    KeyStore store = KeyStore.getInstance(this.keystore_type);
    java.io.FileInputStream fis = new java.io.FileInputStream(this.keystore_path);
    store.load(fis, this.keystore_password);

    this.cipher = Cipher.getInstance(this.cipher_type);
    this.certificate = (X509Certificate) store.getCertificate(this.cert_alias);

    if (log.isDebugEnabled()) {
      log.debug("certificate = " + this.certificate.toString());
    }

    this.cipher.init(Cipher.ENCRYPT_MODE, this.certificate);
    this.encryptedToken = this.cipher.doFinal(this.auth_value.getBytes());

    if (log.isDebugEnabled()) {
      log.debug("encryptedToken = " + this.encryptedToken);
    }

    KeyStore.PrivateKeyEntry privateKey =
        (KeyStore.PrivateKeyEntry)
            store.getEntry(this.cert_alias, new KeyStore.PasswordProtection(this.cert_password));
    this.certPrivateKey = privateKey.getPrivateKey();

    this.valueSet = true;

    if (log.isDebugEnabled()) {
      log.debug("certPrivateKey = " + this.certPrivateKey.toString());
    }
  }
Beispiel #2
0
  public void signJar(Jar jar) {
    if (digestNames == null || digestNames.length == 0)
      error("Need at least one digest algorithm name, none are specified");

    if (keystoreFile == null || !keystoreFile.getAbsoluteFile().exists()) {
      error("No such keystore file: " + keystoreFile);
      return;
    }

    if (alias == null) {
      error("Private key alias not set for signing");
      return;
    }

    MessageDigest digestAlgorithms[] = new MessageDigest[digestNames.length];

    getAlgorithms(digestNames, digestAlgorithms);

    try {
      Manifest manifest = jar.getManifest();
      manifest.getMainAttributes().putValue("Signed-By", "Bnd");

      // Create a new manifest that contains the
      // Name parts with the specified digests

      ByteArrayOutputStream o = new ByteArrayOutputStream();
      manifest.write(o);
      doManifest(jar, digestNames, digestAlgorithms, o);
      o.flush();
      byte newManifestBytes[] = o.toByteArray();
      jar.putResource("META-INF/MANIFEST.MF", new EmbeddedResource(newManifestBytes, 0));

      // Use the bytes from the new manifest to create
      // a signature file

      byte[] signatureFileBytes = doSignatureFile(digestNames, digestAlgorithms, newManifestBytes);
      jar.putResource("META-INF/BND.SF", new EmbeddedResource(signatureFileBytes, 0));

      // Now we must create an RSA signature
      // this requires the private key from the keystore

      KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());

      KeyStore.PrivateKeyEntry privateKeyEntry = null;

      java.io.FileInputStream keystoreInputStream = null;
      try {
        keystoreInputStream = new java.io.FileInputStream(keystoreFile);
        char[] pw = password == null ? new char[0] : password.toCharArray();

        keystore.load(keystoreInputStream, pw);
        keystoreInputStream.close();
        privateKeyEntry =
            (PrivateKeyEntry) keystore.getEntry(alias, new KeyStore.PasswordProtection(pw));
      } catch (Exception e) {
        error(
            "No able to load the private key from the give keystore("
                + keystoreFile.getAbsolutePath()
                + ") with alias "
                + alias
                + " : "
                + e);
        return;
      } finally {
        IO.close(keystoreInputStream);
      }
      PrivateKey privateKey = privateKeyEntry.getPrivateKey();

      Signature signature = Signature.getInstance("MD5withRSA");
      signature.initSign(privateKey);

      signature.update(signatureFileBytes);

      signature.sign();

      // TODO, place the SF in a PCKS#7 structure ...
      // no standard class for this? The following
      // is an idea but we will to have do ASN.1 BER
      // encoding ...

      ByteArrayOutputStream tmpStream = new ByteArrayOutputStream();
      jar.putResource("META-INF/BND.RSA", new EmbeddedResource(tmpStream.toByteArray(), 0));
    } catch (Exception e) {
      error("During signing: " + e);
    }
  }
  /**
   * Sets up a bunch of objects that we need to run tests
   *
   * @param tdhDirectHost
   * @param tdhDirectPort
   * @param tdhOnionHost
   * @param tdhOnionPort
   * @param passPhrase
   * @param createClientBuilder
   * @param context
   * @param directProxy Normally null but sometimes not for some odder tests, this is used for what
   *     are supposed to be local calls.
   * @param onionProxy This is the proxy that should be used with values like tdhOnionHost and
   *     tdhOnionPort
   * @throws NoSuchAlgorithmException
   * @throws IOException
   * @throws UnrecoverableEntryException
   * @throws KeyStoreException
   * @throws KeyManagementException
   */
  public ConfigureRequestObjects(
      String tdhDirectHost,
      int tdhDirectPort,
      String tdhOnionHost,
      int tdhOnionPort,
      char[] passPhrase,
      CreateClientBuilder createClientBuilder,
      Context context,
      Proxy directProxy,
      Proxy onionProxy)
      throws NoSuchAlgorithmException, IOException, UnrecoverableEntryException, KeyStoreException,
          KeyManagementException {

    File clientFilesDir = new File(context.getFilesDir(), clientSubDirectory);

    // We want to start with a new identity
    if (clientFilesDir.exists()) {
      FileUtils.deleteDirectory(clientFilesDir);
    }

    if (clientFilesDir.mkdirs() == false) {
      throw new RuntimeException();
    }

    thaliCouchDbInstance =
        ThaliClientToDeviceHubUtilities.GetLocalCouchDbInstance(
            clientFilesDir,
            createClientBuilder,
            tdhDirectHost,
            tdhDirectPort,
            passPhrase,
            directProxy);

    thaliCouchDbInstance.deleteDatabase(ThaliTestUtilities.TestDatabaseName);
    thaliCouchDbInstance.deleteDatabase(ThaliTestEktorpClient.ReplicationTestDatabaseName);

    testDatabaseConnector =
        thaliCouchDbInstance.createConnector(ThaliTestUtilities.TestDatabaseName, false);

    clientKeyStore = ThaliCryptoUtilities.validateThaliKeyStore(clientFilesDir);

    org.apache.http.client.HttpClient httpClientNoServerValidation =
        createClientBuilder.CreateApacheClient(
            tdhDirectHost, tdhDirectPort, null, clientKeyStore, passPhrase, directProxy);

    serverPublicKey =
        ThaliClientToDeviceHubUtilities.getServersRootPublicKey(httpClientNoServerValidation);

    KeyStore.PrivateKeyEntry clientPrivateKeyEntry =
        ThaliCryptoUtilities.getThaliListenerKeyStoreEntry(clientKeyStore, passPhrase);

    clientPublicKey = clientPrivateKeyEntry.getCertificate().getPublicKey();

    replicationDatabaseConnector =
        thaliCouchDbInstance.createConnector(
            ThaliTestEktorpClient.ReplicationTestDatabaseName, false);

    if (tdhOnionHost != null && tdhOnionHost.isEmpty() == false) {
      HttpClient torHttpClient =
          createClientBuilder.CreateEktorpClient(
              tdhOnionHost, tdhOnionPort, serverPublicKey, clientKeyStore, passPhrase, onionProxy);
      torThaliCouchDbInstance = new ThaliCouchDbInstance(torHttpClient);
      torTestDatabaseConnector =
          torThaliCouchDbInstance.createConnector(ThaliTestUtilities.TestDatabaseName, false);
      torReplicationDatabaseConnector =
          torThaliCouchDbInstance.createConnector(
              ThaliTestEktorpClient.ReplicationTestDatabaseName, false);
    } else {
      torThaliCouchDbInstance = null;
      torTestDatabaseConnector = null;
      torReplicationDatabaseConnector = null;
    }
  }