/**
* Used during setup to get the certification from the keystore and encrypt the auth_value with
* the private key
*
* @return true if the certificate was found and the string encypted correctly otherwise returns
* false
*/
public void setCertificate()
throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException,
NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException,
BadPaddingException, UnrecoverableEntryException {
KeyStore store = KeyStore.getInstance(this.keystore_type);
java.io.FileInputStream fis = new java.io.FileInputStream(this.keystore_path);
store.load(fis, this.keystore_password);
this.cipher = Cipher.getInstance(this.cipher_type);
this.certificate = (X509Certificate) store.getCertificate(this.cert_alias);
if (log.isDebugEnabled()) {
log.debug("certificate = " + this.certificate.toString());
}
this.cipher.init(Cipher.ENCRYPT_MODE, this.certificate);
this.encryptedToken = this.cipher.doFinal(this.auth_value.getBytes());
if (log.isDebugEnabled()) {
log.debug("encryptedToken = " + this.encryptedToken);
}
KeyStore.PrivateKeyEntry privateKey =
(KeyStore.PrivateKeyEntry)
store.getEntry(this.cert_alias, new KeyStore.PasswordProtection(this.cert_password));
this.certPrivateKey = privateKey.getPrivateKey();
this.valueSet = true;
if (log.isDebugEnabled()) {
log.debug("certPrivateKey = " + this.certPrivateKey.toString());
}
}
public void signJar(Jar jar) {
if (digestNames == null || digestNames.length == 0)
error("Need at least one digest algorithm name, none are specified");
if (keystoreFile == null || !keystoreFile.getAbsoluteFile().exists()) {
error("No such keystore file: " + keystoreFile);
return;
}
if (alias == null) {
error("Private key alias not set for signing");
return;
}
MessageDigest digestAlgorithms[] = new MessageDigest[digestNames.length];
getAlgorithms(digestNames, digestAlgorithms);
try {
Manifest manifest = jar.getManifest();
manifest.getMainAttributes().putValue("Signed-By", "Bnd");
// Create a new manifest that contains the
// Name parts with the specified digests
ByteArrayOutputStream o = new ByteArrayOutputStream();
manifest.write(o);
doManifest(jar, digestNames, digestAlgorithms, o);
o.flush();
byte newManifestBytes[] = o.toByteArray();
jar.putResource("META-INF/MANIFEST.MF", new EmbeddedResource(newManifestBytes, 0));
// Use the bytes from the new manifest to create
// a signature file
byte[] signatureFileBytes = doSignatureFile(digestNames, digestAlgorithms, newManifestBytes);
jar.putResource("META-INF/BND.SF", new EmbeddedResource(signatureFileBytes, 0));
// Now we must create an RSA signature
// this requires the private key from the keystore
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
KeyStore.PrivateKeyEntry privateKeyEntry = null;
java.io.FileInputStream keystoreInputStream = null;
try {
keystoreInputStream = new java.io.FileInputStream(keystoreFile);
char[] pw = password == null ? new char[0] : password.toCharArray();
keystore.load(keystoreInputStream, pw);
keystoreInputStream.close();
privateKeyEntry =
(PrivateKeyEntry) keystore.getEntry(alias, new KeyStore.PasswordProtection(pw));
} catch (Exception e) {
error(
"No able to load the private key from the give keystore("
+ keystoreFile.getAbsolutePath()
+ ") with alias "
+ alias
+ " : "
+ e);
return;
} finally {
IO.close(keystoreInputStream);
}
PrivateKey privateKey = privateKeyEntry.getPrivateKey();
Signature signature = Signature.getInstance("MD5withRSA");
signature.initSign(privateKey);
signature.update(signatureFileBytes);
signature.sign();
// TODO, place the SF in a PCKS#7 structure ...
// no standard class for this? The following
// is an idea but we will to have do ASN.1 BER
// encoding ...
ByteArrayOutputStream tmpStream = new ByteArrayOutputStream();
jar.putResource("META-INF/BND.RSA", new EmbeddedResource(tmpStream.toByteArray(), 0));
} catch (Exception e) {
error("During signing: " + e);
}
}
/**
* Sets up a bunch of objects that we need to run tests
*
* @param tdhDirectHost
* @param tdhDirectPort
* @param tdhOnionHost
* @param tdhOnionPort
* @param passPhrase
* @param createClientBuilder
* @param context
* @param directProxy Normally null but sometimes not for some odder tests, this is used for what
* are supposed to be local calls.
* @param onionProxy This is the proxy that should be used with values like tdhOnionHost and
* tdhOnionPort
* @throws NoSuchAlgorithmException
* @throws IOException
* @throws UnrecoverableEntryException
* @throws KeyStoreException
* @throws KeyManagementException
*/
public ConfigureRequestObjects(
String tdhDirectHost,
int tdhDirectPort,
String tdhOnionHost,
int tdhOnionPort,
char[] passPhrase,
CreateClientBuilder createClientBuilder,
Context context,
Proxy directProxy,
Proxy onionProxy)
throws NoSuchAlgorithmException, IOException, UnrecoverableEntryException, KeyStoreException,
KeyManagementException {
File clientFilesDir = new File(context.getFilesDir(), clientSubDirectory);
// We want to start with a new identity
if (clientFilesDir.exists()) {
FileUtils.deleteDirectory(clientFilesDir);
}
if (clientFilesDir.mkdirs() == false) {
throw new RuntimeException();
}
thaliCouchDbInstance =
ThaliClientToDeviceHubUtilities.GetLocalCouchDbInstance(
clientFilesDir,
createClientBuilder,
tdhDirectHost,
tdhDirectPort,
passPhrase,
directProxy);
thaliCouchDbInstance.deleteDatabase(ThaliTestUtilities.TestDatabaseName);
thaliCouchDbInstance.deleteDatabase(ThaliTestEktorpClient.ReplicationTestDatabaseName);
testDatabaseConnector =
thaliCouchDbInstance.createConnector(ThaliTestUtilities.TestDatabaseName, false);
clientKeyStore = ThaliCryptoUtilities.validateThaliKeyStore(clientFilesDir);
org.apache.http.client.HttpClient httpClientNoServerValidation =
createClientBuilder.CreateApacheClient(
tdhDirectHost, tdhDirectPort, null, clientKeyStore, passPhrase, directProxy);
serverPublicKey =
ThaliClientToDeviceHubUtilities.getServersRootPublicKey(httpClientNoServerValidation);
KeyStore.PrivateKeyEntry clientPrivateKeyEntry =
ThaliCryptoUtilities.getThaliListenerKeyStoreEntry(clientKeyStore, passPhrase);
clientPublicKey = clientPrivateKeyEntry.getCertificate().getPublicKey();
replicationDatabaseConnector =
thaliCouchDbInstance.createConnector(
ThaliTestEktorpClient.ReplicationTestDatabaseName, false);
if (tdhOnionHost != null && tdhOnionHost.isEmpty() == false) {
HttpClient torHttpClient =
createClientBuilder.CreateEktorpClient(
tdhOnionHost, tdhOnionPort, serverPublicKey, clientKeyStore, passPhrase, onionProxy);
torThaliCouchDbInstance = new ThaliCouchDbInstance(torHttpClient);
torTestDatabaseConnector =
torThaliCouchDbInstance.createConnector(ThaliTestUtilities.TestDatabaseName, false);
torReplicationDatabaseConnector =
torThaliCouchDbInstance.createConnector(
ThaliTestEktorpClient.ReplicationTestDatabaseName, false);
} else {
torThaliCouchDbInstance = null;
torTestDatabaseConnector = null;
torReplicationDatabaseConnector = null;
}
}
