Пример #1
0
  /**
   * Generate a key pair for the specified identity.
   *
   * @param identityName The name of the specified identity.
   * @param isKsk true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (KSK).
   * @param params The parameters of the key.
   * @return The name of the generated key.
   */
  private Name generateKeyPair(Name identityName, boolean isKsk, KeyParams params)
      throws SecurityException {
    Logger.getLogger(this.getClass().getName()).log(Level.INFO, "Get new key ID");
    Name keyName = identityStorage_.getNewKeyName(identityName, isKsk);

    Logger.getLogger(this.getClass().getName())
        .log(Level.INFO, "Generate key pair in private storage");
    privateKeyStorage_.generateKeyPair(keyName, params);

    Logger.getLogger(this.getClass().getName())
        .log(Level.INFO, "Create a key record in public storage");
    PublicKey pubKey = privateKeyStorage_.getPublicKey(keyName);
    identityStorage_.addKey(keyName, params.getKeyType(), pubKey.getKeyDer());

    return keyName;
  }
Пример #2
0
  /**
   * Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a
   * self-signed certificate of the KSK. If a key pair or certificate for the identity already
   * exists, use it.
   *
   * @param identityName The name of the identity.
   * @param params The key parameters if a key needs to be generated for the identity.
   * @return The name of the default certificate of the identity.
   * @throws SecurityException if the identity has already been created.
   */
  public final Name createIdentityAndCertificate(Name identityName, KeyParams params)
      throws SecurityException {
    identityStorage_.addIdentity(identityName);

    Name keyName = null;
    boolean generateKey = true;
    try {
      keyName = identityStorage_.getDefaultKeyNameForIdentity(identityName);
      PublicKey key = new PublicKey(identityStorage_.getKey(keyName));
      if (key.getKeyType() == params.getKeyType())
        // The key exists and has the same type, so don't need to generate one.
        generateKey = false;
    } catch (SecurityException ex) {
    }

    if (generateKey) {
      keyName = generateKeyPair(identityName, true, params);
      identityStorage_.setDefaultKeyNameForIdentity(keyName);
    }

    Name certName = null;
    boolean makeCert = true;
    try {
      certName = identityStorage_.getDefaultCertificateNameForKey(keyName);
      // The cert exists, so don't need to make it.
      makeCert = false;
    } catch (SecurityException ex) {
    }

    if (makeCert) {
      IdentityCertificate selfCert = selfSign(keyName);
      addCertificateAsIdentityDefault(selfCert);
      certName = selfCert.getName();
    }

    return certName;
  }
Пример #3
0
  /**
   * Return a new Signature object based on the signature algorithm of the public key with keyName
   * (derived from certificateName).
   *
   * @param certificateName The certificate name.
   * @param digestAlgorithm Set digestAlgorithm[0] to the signature algorithm's digest algorithm,
   *     e.g. DigestAlgorithm.SHA256.
   * @return A new object of the correct subclass of Signature.
   */
  private Signature makeSignatureByCertificate(
      Name certificateName, DigestAlgorithm[] digestAlgorithm) throws SecurityException {
    Name keyName = IdentityCertificate.certificateNameToPublicKeyName(certificateName);
    PublicKey publicKey = privateKeyStorage_.getPublicKey(keyName);
    KeyType keyType = publicKey.getKeyType();

    if (keyType == KeyType.RSA) {
      Sha256WithRsaSignature signature = new Sha256WithRsaSignature();
      digestAlgorithm[0] = DigestAlgorithm.SHA256;

      signature.getKeyLocator().setType(KeyLocatorType.KEYNAME);
      signature.getKeyLocator().setKeyName(certificateName.getPrefix(-1));

      return signature;
    } else if (keyType == KeyType.ECDSA) {
      Sha256WithEcdsaSignature signature = new Sha256WithEcdsaSignature();
      digestAlgorithm[0] = DigestAlgorithm.SHA256;

      signature.getKeyLocator().setType(KeyLocatorType.KEYNAME);
      signature.getKeyLocator().setKeyName(certificateName.getPrefix(-1));

      return signature;
    } else throw new SecurityException("Key type is not recognized");
  }