|
|
@ -64,7 +64,6 @@ import java.io.FileInputStream;
|
|
|
|
import java.io.FileNotFoundException;
|
|
|
|
import java.io.FileNotFoundException;
|
|
|
|
import java.io.IOException;
|
|
|
|
import java.io.IOException;
|
|
|
|
import java.io.InputStream;
|
|
|
|
import java.io.InputStream;
|
|
|
|
import java.math.BigInteger;
|
|
|
|
|
|
|
|
import java.security.InvalidKeyException;
|
|
|
|
import java.security.InvalidKeyException;
|
|
|
|
import java.security.KeyFactory;
|
|
|
|
import java.security.KeyFactory;
|
|
|
|
import java.security.KeyPair;
|
|
|
|
import java.security.KeyPair;
|
|
|
@ -77,6 +76,7 @@ import java.security.PrivateKey;
|
|
|
|
import java.security.SecureRandom;
|
|
|
|
import java.security.SecureRandom;
|
|
|
|
import java.security.Security;
|
|
|
|
import java.security.Security;
|
|
|
|
import java.security.SignatureException;
|
|
|
|
import java.security.SignatureException;
|
|
|
|
|
|
|
|
import java.security.cert.Certificate;
|
|
|
|
import java.security.cert.CertificateEncodingException;
|
|
|
|
import java.security.cert.CertificateEncodingException;
|
|
|
|
import java.security.cert.CertificateException;
|
|
|
|
import java.security.cert.CertificateException;
|
|
|
|
import java.security.cert.CertificateExpiredException;
|
|
|
|
import java.security.cert.CertificateExpiredException;
|
|
|
@ -157,10 +157,9 @@ public class CertificateGenerator {
|
|
|
|
keyPairGenerator.initialize(ConfigurationUtil.RSA_KEY_LENGTH, new SecureRandom());
|
|
|
|
keyPairGenerator.initialize(ConfigurationUtil.RSA_KEY_LENGTH, new SecureRandom());
|
|
|
|
KeyPair pair = keyPairGenerator.generateKeyPair();
|
|
|
|
KeyPair pair = keyPairGenerator.generateKeyPair();
|
|
|
|
X500Principal principal = new X500Principal(ConfigurationUtil.DEFAULT_PRINCIPAL);
|
|
|
|
X500Principal principal = new X500Principal(ConfigurationUtil.DEFAULT_PRINCIPAL);
|
|
|
|
BigInteger serial = BigInteger.valueOf(System.currentTimeMillis());
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(
|
|
|
|
X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(
|
|
|
|
principal, serial, validityBeginDate, validityEndDate,
|
|
|
|
principal, CommonUtil.generateSerialNumber(), validityBeginDate, validityEndDate,
|
|
|
|
principal, pair.getPublic());
|
|
|
|
principal, pair.getPublic());
|
|
|
|
ContentSigner contentSigner = new JcaContentSignerBuilder(ConfigurationUtil.SHA256_RSA)
|
|
|
|
ContentSigner contentSigner = new JcaContentSignerBuilder(ConfigurationUtil.SHA256_RSA)
|
|
|
|
.setProvider(ConfigurationUtil.PROVIDER).build(
|
|
|
|
.setProvider(ConfigurationUtil.PROVIDER).build(
|
|
|
@ -283,6 +282,58 @@ public class CertificateGenerator {
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public boolean verifySignature(String headerSignature) throws KeystoreException {
|
|
|
|
|
|
|
|
Certificate certificate = extractCertificateFromSignature(headerSignature);
|
|
|
|
|
|
|
|
return (certificate != null);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public X509Certificate extractCertificateFromSignature(String headerSignature) throws KeystoreException {
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if (headerSignature == null || headerSignature.isEmpty()) {
|
|
|
|
|
|
|
|
return null;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
try {
|
|
|
|
|
|
|
|
KeyStoreReader keyStoreReader = new KeyStoreReader();
|
|
|
|
|
|
|
|
CMSSignedData signedData = new CMSSignedData(Base64.decodeBase64(headerSignature.getBytes()));
|
|
|
|
|
|
|
|
Store reqStore = signedData.getCertificates();
|
|
|
|
|
|
|
|
@SuppressWarnings("unchecked")
|
|
|
|
|
|
|
|
Collection<X509CertificateHolder> reqCerts = reqStore.getMatches(null);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if (reqCerts != null && reqCerts.size() > 0) {
|
|
|
|
|
|
|
|
CertificateFactory certificateFactory = CertificateFactory.getInstance(ConfigurationUtil.X_509);
|
|
|
|
|
|
|
|
X509CertificateHolder holder = reqCerts.iterator().next();
|
|
|
|
|
|
|
|
ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(holder.getEncoded());
|
|
|
|
|
|
|
|
X509Certificate reqCert = (X509Certificate) certificateFactory.
|
|
|
|
|
|
|
|
generateCertificate(byteArrayInputStream);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if(reqCert != null && reqCert.getSerialNumber() != null) {
|
|
|
|
|
|
|
|
Certificate lookUpCertificate = keyStoreReader.getCertificateByAlias(
|
|
|
|
|
|
|
|
reqCert.getSerialNumber().toString());
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if (lookUpCertificate != null && (lookUpCertificate instanceof X509Certificate)) {
|
|
|
|
|
|
|
|
return (X509Certificate)lookUpCertificate;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
} catch (CMSException e) {
|
|
|
|
|
|
|
|
String errorMsg = "CMSException when decoding certificate signature";
|
|
|
|
|
|
|
|
log.error(errorMsg, e);
|
|
|
|
|
|
|
|
throw new KeystoreException(errorMsg, e);
|
|
|
|
|
|
|
|
} catch (IOException e) {
|
|
|
|
|
|
|
|
String errorMsg = "IOException when decoding certificate signature";
|
|
|
|
|
|
|
|
log.error(errorMsg, e);
|
|
|
|
|
|
|
|
throw new KeystoreException(errorMsg, e);
|
|
|
|
|
|
|
|
} catch (CertificateException e) {
|
|
|
|
|
|
|
|
String errorMsg = "CertificateException when decoding certificate signature";
|
|
|
|
|
|
|
|
log.error(errorMsg, e);
|
|
|
|
|
|
|
|
throw new KeystoreException(errorMsg, e);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
return null;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public X509Certificate generateCertificateFromCSR(PrivateKey privateKey,
|
|
|
|
public X509Certificate generateCertificateFromCSR(PrivateKey privateKey,
|
|
|
|
PKCS10CertificationRequest request,
|
|
|
|
PKCS10CertificationRequest request,
|
|
|
|
String issueSubject)
|
|
|
|
String issueSubject)
|
|
|
@ -305,7 +356,7 @@ public class CertificateGenerator {
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder(
|
|
|
|
X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder(
|
|
|
|
new X500Name(issueSubject), BigInteger.valueOf(System.currentTimeMillis()),
|
|
|
|
new X500Name(issueSubject), CommonUtil.generateSerialNumber(),
|
|
|
|
validityBeginDate, validityEndDate, certSubject, request.getSubjectPublicKeyInfo());
|
|
|
|
validityBeginDate, validityEndDate, certSubject, request.getSubjectPublicKeyInfo());
|
|
|
|
|
|
|
|
|
|
|
|
ContentSigner sigGen;
|
|
|
|
ContentSigner sigGen;
|
|
|
|