[Webfunds-commits] java/webfunds/sox Crypto.java
Jeroen C. van Gelderen
gelderen@cypherpunks.ai
Thu, 13 Jul 2000 18:38:25 -0400 (AST)
gelderen 00/07/13 18:38:25
Modified: webfunds/sox Crypto.java
Log:
- Remove all references to CertAndKeyGen.
We no longer support generation of X.509 certs.
- Redo import statements, get rid of the dreaded * imports.
Revision Changes Path
1.35 +37 -322 java/webfunds/sox/Crypto.java
Index: Crypto.java
===================================================================
RCS file: /home/webfunds/cvsroot/java/webfunds/sox/Crypto.java,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -r1.34 -r1.35
--- Crypto.java 2000/06/05 07:08:59 1.34
+++ Crypto.java 2000/07/13 22:38:24 1.35
@@ -1,119 +1,52 @@
-/*
- * $Id: Crypto.java,v 1.34 2000/06/05 07:08:59 gelderen Exp $
+/* $Id: Crypto.java,v 1.35 2000/07/13 22:38:24 gelderen Exp $
*
- * Copyright (c) Systemics Ltd 1995-1999 on behalf of
- * the WebFunds Development Team. All Rights Reserved.
+ * Copyright (c) Systemics Inc. 1995-2000 on behalf of
+ * The WebFunds Development Team. All Rights Reserved.
*/
package webfunds.sox;
+
import java.io.*;
import java.math.BigInteger;
-import java.security.*;
+import java.security.Cipher;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.KeyException;
+import java.security.KeyGenerator;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.MessageDigest;
+import java.security.Mode;
+import java.security.NoSuchAlgorithmException;
+import java.security.PaddingScheme;
+import java.security.PrivateKey;
+import java.security.ProviderException;
+import java.security.PublicKey;
+import java.security.SecureRandom;
+import java.security.SignatureException;
import java.util.Date;
-import java.util.zip.*;
-import sun.security.pkcs.*;
-import sun.security.util.*;
-import sun.security.x509.*;
-import cryptix.provider.key.RawSecretKey;
-import cryptix.provider.cipher.*;
+import java.util.zip.GZIPInputStream;
+import java.util.zip.GZIPOutputStream;
+// XXX: Sun X.509 classes we shouldn't be using
+import sun.security.util.BigInt; // done
+import sun.security.util.DerOutputStream;
+import sun.security.util.DerValue;
+import sun.security.x509.AlgorithmId;
+import sun.security.x509.CertException; // done
+import sun.security.x509.X509Cert; // done
+import sun.security.x509.X509Key;
-/**
- * This class implements utility functions for creating, signing and
- * verifying x509 certificates, encrypting and decrypting data, signing
- * data and verifying signatures, and implementing message digests and
- * "secure checksums" on data.
- *
- * In addition to being a collection of utility functions, it is
- * also a means of placing all of the cryptographic decisions in
- * one place, so that they are not scattered throughout the application.
- * Also, this class can be used to migrate from JCE 1.1 to JCE 1.2
- * more easily, with all of the JCE specific features only being here.
- *
- * The primary utility methods are:
- *
- * void generateCertificate()
- * void generateCertificate(int keylen)
- * PublicKey getPublicKey()
- * PrivateKey getPrivateKey()
- * X509Cert getSelfSignedCertificate(String name, String org_unit, String org, String country)
- * X509Cert signCertificate(X509Cert cert, X509Cert issuer, PrivateKey key, long serial)
- * boolean verifyCertificate(X509Cert cert, PublicKey key)
- *
- * Key generateKey()
- * Key password2key(String password)
- *
- * byte[] digest(byte[] data, int offset, int len)
- * byte[] digest(byte[] data)
- *
- * byte[] checksum(String password, byte[] data, int offset, int len)
- * byte[] checksum(String password, byte[] data)
- *
- * byte[] encrypt(Key key, byte[] data, int offset, int len)
- * byte[] encrypt(String password, byte[] data, int offset, int len)
- * byte[] encrypt(Key key, byte[] data)
- * byte[] encrypt(String password, byte[] data)
- *
- * byte[] decrypt(Key key, byte[] data, int offset, int len)
- * byte[] decrypt(String password, byte[] data, int offset, int len)
- * byte[] decrypt(Key key, byte[] data)
- * byte[] decrypt(String password, byte[] data)
- *
- * byte[] pk_encrypt(PublicKey pk, byte[] data, int offset, int len)
- * byte[] pk_encrypt(PublicKey pk, byte[] data)
- * byte[] pk_encrypt(Key key, PublicKey pk, byte[] data, int offset, int len)
- * byte[] pk_encrypt(Key key, PublicKey pk, byte[] data)
- * Key pk_decrypt_key(PrivateKey pk, byte[] data, int offset, int len)
- * byte[] pk_decrypt_data(PrivateKey pk, Key key, byte[] data, int offset, int len)
- * byte[] pk_decrypt(PrivateKey pk, byte[] data, int offset, int len)
- * Key pk_decrypt_key(PrivateKey pk, byte[] data)
- * byte[] pk_decrypt_data(PrivateKey pk, Key key, byte[] data)
- * byte[] pk_decrypt(PrivateKey pk, byte[] data)
- *
- * byte[] sign(PrivateKey key, byte[] data)
- * boolean verify(PublicKey key, byte[] x509sig, byte[] data)
- *
- * AlgorithmId algorithmId(X509Key key)
- * byte[] keyData(X509Key key)
- * byte[] fingerprint(X509Key key)
- *
- * byte[] decodeSignature(byte[] data)
- * byte[] encodeSignature(byte[] sig)
- *
- * PublicKey decodePublicKey(byte[] data)
- * byte[] encodePublicKey(PublicKey key)
- *
- * PrivateKey decodePrivateKey(byte[] data)
- * byte[] encodePrivateKey(PrivateKey key)
- *
- * @version 1.5
- */
+import cryptix.provider.key.RawSecretKey;
+
+import webfunds.utils.Hex;
/**
- * This class is for the easy generation of X509 certificates
- * and their public/private key pairs.
- *
- * This class requires that a JCE security provider
- * has been loaded. If desired, the SecureRandom object
- * (the source of random data) can be set to an object
- * that has been suitably seeded. If not set, the default
- * SecureRandom object created by the constructor will be used.
- *
- * Important: This class does not provide the ability to
- * generate key pairs or certificates simultaneously in
- * parallel threads, but there is no protection to prevent this.
- * This should not be a problem given that key generation is
- * rarely done. To allow for this ability would have meant
- * a more complex interface, which is the exact opposite of
- * what this class is trying to achieve. (If this fucntionality
- * is really required, then use synchronized lock variables, or
- * cut and paste this code ...).
- *
- * @see Random
- * @see Provider
- * @version 1.5
- */
+ * Centralized crypto methods. Currently being overhauled.
+ *
+ * @version $Revision: 1.35 $
+ */
public class Crypto
{
/**
@@ -184,7 +117,6 @@
/**
* Useful for making accounts, better than certs.
- * Lifted from CertAndKeyGen.java
* Do this:
* PublicKey publicKey = keyPair.getPublic();
* privateKey = keyPair.getPrivate();
@@ -214,217 +146,6 @@
////////////////////////////////////////////////////////////////////////
/**
- * An instance of sun.security.x509.CertAndKeyGen, the class
- * that does the real work with certificate and key generation.
- * @see sun.security.x509.CertAndKeyGen
- */
- protected static CertAndKeyGen cakg;
-
- /**
- * Create a CertificateFactory object, using the default key size
- * held in KEY_LENGTH.
- * <P>
- * This object may take some time to construct, due to the
- * complexity involved in key generation
- */
- public static void generateCertificate()
- {
- generateCertificate(pk_strength);
- }
-
- /**
- * Create a CertificateFactory object.
- * <P>
- * This object may take some time to construct, due to the
- * cpu-intensive work involved in key generation
- * @param keylen the number of bits in the generated keys
- */
- public static void generateCertificate(int keylen)
- {
- // if (sr == null)
- // sr = new SecureRandom();
-
- try {
- cakg = new CertAndKeyGen(pk_alg, pk_alg);
- cakg.setRandom(getSecureRandom());
- cakg.generate(keylen);
- } catch (NoSuchAlgorithmException e) {
- throw new ProviderException(pk_alg+" Algorithm missing, " + e);
- } catch (InvalidKeyException e) {
- throw new InternalError("Unexpected invalid key exception - " +
- "I bet you forgot to install the hacked X509 library.\n\n" +
- e);
- }
- }
-
- public static CertPackage getCertPackage(int keylen,
- String name, String org_unit, String org, String country)
- throws IOException, SignatureException
- {
-
- CertAndKeyGen cakg;
- X500Name x500Name;
- X509Cert cert;
-
-//System.err.println("Creating selfsigned cert");
-
- try
- {
-//System.err.println("Setting " + pk_alg + " + " + pk_alg);
- cakg = new CertAndKeyGen(pk_alg, pk_alg);
- cakg.setRandom(getSecureRandom());
-//keylen = 1024;
-//System.err.println("Generate " + keylen);
- cakg.generate(keylen);
-//System.err.println("Generated " + cakg);
-//System.err.println("Make name");
- x500Name = new X500Name(name, org_unit, org, country);
-//System.err.println("Adding name " + x500Name + " validity " + cert_validity);
- cert = cakg.getSelfCert(x500Name, cert_validity);
- }
- catch (NoSuchAlgorithmException e)
- {
- System.err.println(e);
- throw new ProviderException(pk_alg+" Algorithm missing\n" + e);
- }
- catch (InvalidKeyException e)
- {
- System.err.println(e);
- throw new InternalError("Unexpected invalid key exception - " +
- "I bet you forgot to install the hacked X509 library.");
- }
- return new CertPackage(cert, cakg.getPrivateKey() );
- }
-
- public static CertPackage getCertPackage()
- throws IOException, SignatureException
- {
- String x = "SOX";
- return getCertPackage(1024, x, x, x, x);
- }
-
- public static CertPackage getCertPackage(int keylen,
- String name, String org_unit, String org, String country,
- X509Cert signcert, PrivateKey sk)
- throws IOException
- {
- CertAndKeyGen cakg;
- X500Name x500Name;
- X509Cert cert;
-
-System.err.println("creating signed cert");
-
- try
- {
- cakg = new CertAndKeyGen(pk_alg, pk_alg);
- cakg.setRandom(getSecureRandom() );
- cakg.generate(keylen);
- x500Name = new X500Name(name, org_unit, org, country);
- cert = cakg.getSignedCert(x500Name, cert_validity, signcert, sk);
- }
- catch (NoSuchAlgorithmException e)
- {
- System.err.println(e);
- throw new ProviderException(pk_alg+" Algorithm missing");
- }
- catch (InvalidKeyException e)
- {
- System.err.println(e);
- throw new InternalError("Unexpected invalid key exception - " +
- "I bet you forgot to install the hacked X509 library.");
- }
- return new CertPackage(cert, cakg.getPrivateKey() );
- }
-
-
- /**
- * Get the most recently generated public key
- * @return the public key
- */
- public static PublicKey getPublicKey()
- {
- return cakg.getPublicKey();
- }
-
- /**
- * Get the most recently generated private key
- * @return the private key
- */
- public static PrivateKey getPrivateKey()
- {
- return cakg.getPrivateKey();
- }
-
- /**
- * Generate a self-signed certificate, using the most recently generated
- * public/private key pair.
- *
- * @param name the name to be used in the certificate
- * @param org_unit the organisational unit to be used in the certificate
- * @param org the organisation to be used in the certificate
- * @param country the country to be used in the certificate
- * @return the X509 certificate
- */
- public static X509Cert getSelfSignedCertificate(
- String name, String org_unit,
- String org, String country)
- {
- return Crypto.getSelfSignedCertificate(name, org_unit, org, country, Crypto.getPublicKey(), Crypto.getPrivateKey() );
- }
-
-
- public static X509Cert getSelfSignedCertificate(
- String name, String org_unit,
- String org, String country, KeyPair pair)
- {
- return Crypto.getSelfSignedCertificate(name, org_unit, org, country, pair.getPublic(), pair.getPrivate() );
- }
-
- public static X509Cert getSelfSignedCertificate(
- String name, String org_unit,
- String org, String country,
- PublicKey pubkey, PrivateKey privkey)
- {
- try {
- X500Name x500Name = new X500Name(name, org_unit, org, country);
- return CertAndKeyGen.getSelfCert(x500Name, (long)cert_validity, sig_alg, new KeyPair(pubkey, privkey) );
- } catch(IOException e) {
- throw new ProviderException("Unexpected IOException: "+
- e.getMessage());
- }
- }
-
- /**
- * Sign a certificate
- *
- * @param cert
- * @param issuer the cert that goes with the private key used for signing
- * @param key the key used for signing the certificate
- * @param serial the serial number on the certificate
- * @return the X509 certificate
- * @exception InvalidKeyException the cert or private key is invalid (e.g. incorrectly formatted)
- * @exception SignatureException the signature is invalid (e.g. incorrectly formatted)
- */
- public static X509Cert signCertificate(X509Cert cert, X509Cert issuer,
- PrivateKey key, long serial)
- throws InvalidKeyException, SignatureException
- {
- X500Signer signer;
- try {
- AlgorithmId alg = issuer.getIssuerAlgorithmId();
- signer = issuer.getSigner(alg, key);
- cert.encodeAndSign(new BigInt((int)serial), signer);
- return cert;
- } catch (NoSuchAlgorithmException e) {
- throw new InvalidKeyException("Cannot process algorithm" +
- " used on issuer certificate ("+e.getMessage()+")");
- } catch (IOException e) {
- throw new InvalidKeyException("IOException (badly formatted?): (" +
- e.getMessage()+")");
- }
- }
-
- /**
* Verify the signature on a signed certificate.
*
* @param cert The signed X509 certificate to be validated
@@ -433,16 +154,10 @@
*/
public static boolean verifyCertificate(X509Cert cert, PublicKey key)
{
- Date now = new Date();
try {
- if (now.before(cert.getNotBefore()))
- return false;
- if (now.after(cert.getNotAfter()))
- return false;
cert.verify(key);
return true;
} catch (CertException e) {
- e = null; // jikes warning if not used
return false ;
}
}