org/objectweb/proactive/ext/security/ProActiveSecurity.java

00001 /* 
00002  * ################################################################
00003  * 
00004  * ProActive: The Java(TM) library for Parallel, Distributed, 
00005  *            Concurrent computing with Security and Mobility
00006  * 
00007  * Copyright (C) 1997-2007 INRIA/University of Nice-Sophia Antipolis
00008  * Contact: proactive@objectweb.org
00009  * 
00010  * This library is free software; you can redistribute it and/or
00011  * modify it under the terms of the GNU Lesser General Public
00012  * License as published by the Free Software Foundation; either
00013  * version 2.1 of the License, or any later version.
00014  *  
00015  * This library is distributed in the hope that it will be useful,
00016  * but WITHOUT ANY WARRANTY; without even the implied warranty of
00017  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
00018  * Lesser General Public License for more details.
00019  * 
00020  * You should have received a copy of the GNU Lesser General Public
00021  * License along with this library; if not, write to the Free Software
00022  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
00023  * USA
00024  *  
00025  *  Initial developer(s):               The ProActive Team
00026  *                        http://www.inria.fr/oasis/ProActive/contacts.html
00027  *  Contributor(s): 
00028  * 
00029  * ################################################################
00030  */ 
00031 package org.objectweb.proactive.ext.security;
00032 
00033 import java.io.ByteArrayInputStream;
00034 import java.io.IOException;
00035 import java.math.BigInteger;
00036 import java.security.GeneralSecurityException;
00037 import java.security.InvalidAlgorithmParameterException;
00038 import java.security.InvalidKeyException;
00039 import java.security.KeyPair;
00040 import java.security.NoSuchAlgorithmException;
00041 import java.security.NoSuchProviderException;
00042 import java.security.PrivateKey;
00043 import java.security.Provider;
00044 import java.security.PublicKey;
00045 import java.security.SecureRandom;
00046 import java.security.Security;
00047 import java.security.SignatureException;
00048 import java.security.cert.CertPath;
00049 import java.security.cert.CertPathValidator;
00050 import java.security.cert.CertPathValidatorException;
00051 import java.security.cert.CertificateException;
00052 import java.security.cert.CertificateFactory;
00053 import java.security.cert.PKIXCertPathValidatorResult;
00054 import java.security.cert.PKIXParameters;
00055 import java.security.cert.PolicyNode;
00056 import java.security.cert.TrustAnchor;
00057 import java.security.cert.X509Certificate;
00058 import java.util.ArrayList;
00059 import java.util.Collections;
00060 import java.util.Date;
00061 import java.util.List;
00062 import java.util.Random;
00063 
00064 import org.bouncycastle.asn1.ASN1EncodableVector;
00065 import org.bouncycastle.asn1.ASN1InputStream;
00066 import org.bouncycastle.asn1.ASN1Sequence;
00067 import org.bouncycastle.asn1.DERObjectIdentifier;
00068 import org.bouncycastle.asn1.DERSequence;
00069 import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
00070 import org.bouncycastle.asn1.x509.BasicConstraints;
00071 import org.bouncycastle.asn1.x509.GeneralName;
00072 import org.bouncycastle.asn1.x509.GeneralNames;
00073 import org.bouncycastle.asn1.x509.PolicyInformation;
00074 import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
00075 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
00076 import org.bouncycastle.asn1.x509.X509Extensions;
00077 import org.bouncycastle.asn1.x509.X509Name;
00078 import org.bouncycastle.jce.X509KeyUsage;
00079 import org.bouncycastle.jce.provider.JDKKeyPairGenerator;
00080 import org.bouncycastle.x509.X509V3CertificateGenerator;
00081 import org.objectweb.proactive.ProActive;
00082 import org.objectweb.proactive.core.ProActiveException;
00083 import org.objectweb.proactive.core.body.AbstractBody;
00084 import org.objectweb.proactive.core.runtime.RuntimeFactory;
00085 import org.objectweb.proactive.ext.security.exceptions.SecurityNotAvailableException;
00086 
00087 
00088 public class ProActiveSecurity {
00089     public static Object[] generateGenericCertificateSelfSigned() {
00090         Provider myProvider = new org.bouncycastle.jce.provider.BouncyCastleProvider();
00091         Security.addProvider(myProvider);
00092 
00093         /* generation of a default certificate */
00094         KeyPair keyPair = null;
00095         SecureRandom rand = new SecureRandom();
00096 
00097         JDKKeyPairGenerator.RSA keyPairGen = new JDKKeyPairGenerator.RSA();
00098 
00099         keyPairGen.initialize(1024, rand);
00100 
00101         keyPair = keyPairGen.generateKeyPair();
00102 
00103         PrivateKey privateKey = keyPair.getPrivate();
00104         PublicKey publicKey = keyPair.getPublic();
00105         String dnName = "CN=Generic Certificate " + new Random().nextLong() +
00106             ", OU=Generic Certificate, EmailAddress=none";
00107 
00108         return generateCertificate(dnName, dnName, privateKey, publicKey);
00109     }
00110 
00111     public static Object[] genCert(String dn, long validity, String policyId,
00112         PrivateKey privKey, PublicKey pubKey, boolean isCA, String caDn,
00113         PrivateKey caPrivateKey, PublicKey acPubKey)
00114         throws NoSuchAlgorithmException, SignatureException, 
00115             InvalidKeyException {
00116         // Create self signed certificate
00117         String sigAlg = "SHA1WithRSA";
00118         Date firstDate = new Date();
00119 
00120         // Set back startdate ten minutes to avoid some problems with wrongly set clocks.
00121         firstDate.setTime(firstDate.getTime() - (10 * 60 * 1000));
00122 
00123         Date lastDate = new Date();
00124 
00125         // validity in days = validity*24*60*60*1000 milliseconds
00126         lastDate.setTime(lastDate.getTime() +
00127             (validity * (24 * 60 * 60 * 1000)));
00128 
00129         X509V3CertificateGenerator certgen = new X509V3CertificateGenerator();
00130 
00131         // Serialnumber is random bits, where random generator is initialized with Date.getTime() when this
00132         // bean is created.
00133         byte[] serno = new byte[8];
00134         SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
00135         random.setSeed((long) (new Date().getTime()));
00136         random.nextBytes(serno);
00137         certgen.setSerialNumber((new java.math.BigInteger(serno)).abs());
00138         certgen.setNotBefore(firstDate);
00139         certgen.setNotAfter(lastDate);
00140         certgen.setSignatureAlgorithm(sigAlg);
00141         certgen.setSubjectDN(CertTools.stringToBcX509Name(dn));
00142         certgen.setIssuerDN(CertTools.stringToBcX509Name(caDn));
00143         certgen.setPublicKey(pubKey);
00144 
00145         // Basic constranits is always critical and MUST be present at-least in CA-certificates.
00146         BasicConstraints bc = new BasicConstraints(isCA);
00147         certgen.addExtension(X509Extensions.BasicConstraints.getId(), true, bc);
00148 
00149         // Put critical KeyUsage in CA-certificates
00150         if (false) {
00151             //if (isCA == true) {
00152             int keyusage = X509KeyUsage.keyCertSign + X509KeyUsage.cRLSign;
00153             X509KeyUsage ku = new X509KeyUsage(keyusage);
00154             certgen.addExtension(X509Extensions.KeyUsage.getId(), true, ku);
00155         }
00156 
00157         // Subject and Authority key identifier is always non-critical and MUST be present for certificates to verify in Mozilla.
00158         try {
00159             if (false) {
00160                 //if (isCA == true) {
00161                 SubjectPublicKeyInfo spki = new SubjectPublicKeyInfo((ASN1Sequence) new ASN1InputStream(
00162                             new ByteArrayInputStream(pubKey.getEncoded())).readObject());
00163                 SubjectKeyIdentifier ski = new SubjectKeyIdentifier(spki);
00164 
00165                 SubjectPublicKeyInfo apki = new SubjectPublicKeyInfo((ASN1Sequence) new ASN1InputStream(
00166                             new ByteArrayInputStream(acPubKey.getEncoded())).readObject());
00167                 AuthorityKeyIdentifier aki = new AuthorityKeyIdentifier(apki);
00168 
00169                 certgen.addExtension(X509Extensions.SubjectKeyIdentifier.getId(),
00170                     false, ski);
00171                 certgen.addExtension(X509Extensions.AuthorityKeyIdentifier.getId(),
00172                     false, aki);
00173             }
00174         } catch (IOException e) { // do nothing
00175         }
00176 
00177         // CertificatePolicies extension if supplied policy ID, always non-critical
00178         if (policyId != null) {
00179             PolicyInformation pi = new PolicyInformation(new DERObjectIdentifier(
00180                         policyId));
00181             DERSequence seq = new DERSequence(pi);
00182             certgen.addExtension(X509Extensions.CertificatePolicies.getId(),
00183                 false, seq);
00184         }
00185 
00186         X509Certificate selfcert = certgen.generateX509Certificate(caPrivateKey);
00187 
00188         return new Object[] { selfcert, privKey };
00189     } //genselfCert
00190 
00191     public static Object[] generateCertificate(String dnName,
00192         String issuerName, PrivateKey caPrivKey, PublicKey caPubKey) {
00193         KeyPair keyPair = null;
00194 
00195         SecureRandom rand = new SecureRandom();
00196 
00197         JDKKeyPairGenerator.RSA keyPairGen = new JDKKeyPairGenerator.RSA();
00198 
00199         keyPairGen.initialize(1024, rand);
00200 
00201         keyPair = keyPairGen.generateKeyPair();
00202 
00203         PrivateKey privateKey = keyPair.getPrivate();
00204         PublicKey publicKey = keyPair.getPublic();
00205         X509Certificate certif = null;
00206         Object[] o = null;
00207         try {
00208             o = genCert(dnName, 365, null, privateKey, publicKey, true,
00209                     issuerName, caPrivKey, caPubKey);
00210         } catch (InvalidKeyException e) {
00211             // TODOSECURITY Auto-generated catch block
00212             e.printStackTrace();
00213         } catch (NoSuchAlgorithmException e) {
00214             // TODOSECURITY Auto-generated catch block
00215             e.printStackTrace();
00216         } catch (SignatureException e) {
00217             // TODOSECURITY Auto-generated catch block
00218             e.printStackTrace();
00219         }
00220 
00221         /*
00222            X509V3CertificateGenerator certifGenerator = new X509V3CertificateGenerator();
00223            X509Certificate certif = null;
00224            DateFormat convert = DateFormat.getDateInstance();
00225            certifGenerator.setPublicKey(publicKey);
00226            String subjectCN = dnName;
00227 
00228            X509Name subject = new X509Name(subjectCN);
00229            X509Name issuer = new X509Name(issuerName);
00230            certifGenerator.setSubjectDN(subject);
00231            certifGenerator.setIssuerDN(issuer);
00232 
00233            certifGenerator.setSignatureAlgorithm("MD5withRSA");
00234            Date start = new Date(System.currentTimeMillis() -
00235                    (1000L * 60 * 60 * 24 * 30));
00236            Date stop = new Date(System.currentTimeMillis() +
00237                    (1000L * 60 * 60 * 24 * 30));
00238            certifGenerator.setNotAfter(stop);
00239            certifGenerator.setNotBefore(start);
00240            certifGenerator.setPublicKey(publicKey);
00241            certifGenerator.setSerialNumber(new BigInteger("1"));
00242            certifGenerator.addExtension(X509Extensions.SubjectKeyIdentifier,
00243                false, createSubjectKeyId(publicKey));
00244            certifGenerator.addExtension(X509Extensions.AuthorityKeyIdentifier,
00245                false, createAuthorityKeyId(caPubKey, new X509Name(issuerName), 1));
00246            certifGenerator.addExtension(X509Extensions.BasicConstraints, false,
00247                new BasicConstraints(true));
00248            certifGenerator.addExtension(MiscObjectIdentifiers.netscapeCertType,
00249                false,
00250                new NetscapeCertType(NetscapeCertType.smime |
00251                    NetscapeCertType.sslServer));
00252 
00253            try {
00254                certif = certifGenerator.generateX509Certificate(privateKey, "BC");
00255            } catch (InvalidKeyException e) {
00256                e.printStackTrace();
00257            } catch (NoSuchProviderException e) {
00258                e.printStackTrace();
00259            } catch (SecurityException e) {
00260                e.printStackTrace();
00261            } catch (SignatureException e) {
00262                e.printStackTrace();
00263            }
00264            return new Object[] { certif, privateKey };
00265            }
00266            public static String retrieveVNName(Node node) {
00267                if (NodeFactory.isNodeLocal(node)) {
00268                    //   System.out.println("Launching OA nodeURL extracted locally: " + node.getVnName());
00269                    return node.getVnName();
00270                }
00271                String s = node.getNodeInformation().getName();
00272                // int n = s.lastIndexOf("/");
00273                //         String name = s.substring(n + 1);
00274                String vn = null;
00275                try {
00276                    vn = RuntimeFactory.getDefaultRuntime().getVNName(node.getNodeInformation()
00277                                                                          .getName());
00278                } catch (ProActiveException e1) {
00279                    e1.printStackTrace();
00280                }
00281                //  System.out.println("Launching OA nodeURL : " + s);
00282                // System.out.println("Node url " + node.getNodeInformation().getURL());
00283                // System.out.println("Launching OA nodeURL extracted: " + vn);
00284                return vn;
00285                /*int i = s.lastIndexOf("//");
00286                String s2 = s.substring(i, s.length());
00287                if (i  > 0) {
00288                System.out.println("coupeeeeeeee " + s2);
00289          */
00290 
00291         //vn =  RuntimeFactory.getDefaultRuntime().getVNName(name);
00292         return o;
00293     }
00294 
00295     //
00296     // create the subject key identifier.
00297     //
00298     public static SubjectKeyIdentifier createSubjectKeyId(PublicKey pubKey) {
00299         try {
00300             ByteArrayInputStream bIn = new ByteArrayInputStream(pubKey.getEncoded());
00301             SubjectPublicKeyInfo info = new SubjectPublicKeyInfo((ASN1Sequence) new ASN1InputStream(
00302                         bIn).readObject());
00303 
00304             return new SubjectKeyIdentifier(info);
00305         } catch (Exception e) {
00306             throw new RuntimeException("error creating key");
00307         }
00308     }
00309 
00310     //
00311     // create the authority key identifier.
00312     //
00313     public static AuthorityKeyIdentifier createAuthorityKeyId(
00314         PublicKey pubKey, X509Name name, int sNumber) {
00315         try {
00316             ByteArrayInputStream bIn = new ByteArrayInputStream(pubKey.getEncoded());
00317             SubjectPublicKeyInfo info = new SubjectPublicKeyInfo((ASN1Sequence) new ASN1InputStream(
00318                         bIn).readObject());
00319 
00320             GeneralName genName = new GeneralName(name);
00321             ASN1EncodableVector v = new ASN1EncodableVector();
00322 
00323             v.add(genName);
00324 
00325             return new AuthorityKeyIdentifier(info,
00326                 new GeneralNames(new DERSequence(v)),
00327                 BigInteger.valueOf(sNumber));
00328         } catch (Exception e) {
00329             throw new RuntimeException("error creating AuthorityKeyId");
00330         }
00331     }
00332 
00333     public static AuthorityKeyIdentifier createAuthorityKeyId(PublicKey pubKey) {
00334         try {
00335             ByteArrayInputStream bIn = new ByteArrayInputStream(pubKey.getEncoded());
00336             SubjectPublicKeyInfo info = new SubjectPublicKeyInfo((ASN1Sequence) new ASN1InputStream(
00337                         bIn).readObject());
00338 
00339             return new AuthorityKeyIdentifier(info);
00340         } catch (Exception e) {
00341             throw new RuntimeException("error creating AuthorityKeyId");
00342         }
00343     }
00344 
00345     public static String retrieveVNName(String nodeName) {
00346         String vn = null;
00347         try {
00348             vn = RuntimeFactory.getDefaultRuntime().getVNName(nodeName);
00349         } catch (ProActiveException e1) {
00350             e1.printStackTrace();
00351         }
00352 
00353         //  System.out.println("Launching OA nodeURL : " + s);
00354         // System.out.println("Node url " + node.getNodeInformation().getURL());
00355         // System.out.println("Launching OA nodeURL extracted: " + vn);
00356         return vn;
00357 
00358         /*int i = s.lastIndexOf("//");
00359            String s2 = s.substring(i, s.length());
00360            if (i  > 0) {
00361            System.out.println("coupeeeeeeee " + s2);
00362          */
00363 
00364         //vn =  RuntimeFactory.getDefaultRuntime().getVNName(name);
00365     }
00366 
00367     public static X509Certificate decodeCertificate(byte[] encodedCert) {
00368         X509Certificate certificate = null;
00369 
00370         //
00371         // Recover Servers Certificate
00372         //
00373         try {
00374             CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC");
00375             certificate = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(
00376                         encodedCert));
00377         } catch (CertificateException e) {
00378             e.printStackTrace();
00379         } catch (NoSuchProviderException e) {
00380             e.printStackTrace();
00381         }
00382         return certificate;
00383     }
00384 
00394     /*
00395        public static void checkCertificates(java.security.cert.X509Certificate [] certs)
00396             throws CertificateException {
00397               for (int i = 0; i < certs.length; i++)
00398                 checkCertificate( certs[i] );
00399        }
00400      */
00401 
00414     public static void verifyCertificates(
00415         java.security.cert.X509Certificate[] certs, boolean checkVadility)
00416         throws GeneralSecurityException {
00417         java.security.cert.X509Certificate pCert = null;
00418         for (int i = 0; i < certs.length; i++) {
00419             if (checkVadility) {
00420                 certs[i].checkValidity();
00421             }
00422             pCert = ((i + 1) >= certs.length) ? certs[i] : certs[i + 1];
00423             certs[i].verify(pCert.getPublicKey());
00424         }
00425     }
00426 
00436     public static void checkCertificateChain(
00437         java.security.cert.X509Certificate acCert, X509Certificate[] serverCerts)
00438         throws CertificateException {
00439         try {
00440             CertificateFactory cf = null;
00441             cf = CertificateFactory.getInstance("X.509");
00442             // X509Certificate[] serverCerts = {certLevel2, certLevel1};
00443             // X509Certificate[] serverCerts = { acCert };
00444             List<X509Certificate> mylist = new ArrayList<X509Certificate>();
00445             for (int i = 0; i < serverCerts.length; i++) {
00446                 mylist.add(serverCerts[i]);
00447             }
00448             CertPath cp = cf.generateCertPath(mylist);
00449             TrustAnchor anchor = new TrustAnchor(acCert, null);
00450             PKIXParameters params = new PKIXParameters(Collections.singleton(
00451                         anchor));
00452             params.setRevocationEnabled(false);
00453             params.setSigProvider("BC");
00454             //System.out.println("ddddddddddddd" + params.getSigProvider());
00455             CertPathValidator cpv = null;
00456             try {
00457                 cpv = CertPathValidator.getInstance("PKIX", "BC");
00458             } catch (NoSuchProviderException e5) {
00459                 e5.printStackTrace();
00460             }
00461             PKIXCertPathValidatorResult result = (PKIXCertPathValidatorResult) cpv.validate(cp,
00462                     params);
00463             PolicyNode policyTree = result.getPolicyTree();
00464             PublicKey subjectPublicKey = result.getPublicKey();
00465             System.out.println("Certificate validated");
00466             System.out.println("Policy Tree:\n" + policyTree);
00467             System.out.println("Subject Public key:\n" + subjectPublicKey);
00468         } catch (CertPathValidatorException cpve) {
00469             System.out.println("Validation failure, cert[" + cpve.getIndex() +
00470                 "] :" + cpve.getMessage());
00471         } catch (InvalidAlgorithmParameterException e) {
00472             // TODOSECURITY Auto-generated catch block
00473             e.printStackTrace();
00474         } catch (NoSuchAlgorithmException e) {
00475             // TODOSECURITY Auto-generated catch block
00476             e.printStackTrace();
00477         } catch (CertificateException e) {
00478             // TODOSECURITY Auto-generated catch block
00479             e.printStackTrace();
00480         }
00481     }
00482 
00489     /*
00490        public static X509Certificate createCertificate(java.security.cert.X509Certificate userCert,
00491                                                                  Name subject,
00492                                                                  PublicKey pk,
00493                                                                  Name issuer,
00494                                                                  PrivateKey sk,
00495                                                                  int hours)
00496             throws CertificateException {
00497 
00498               boolean extensions = false;
00499               X509Certificate cert = new X509Certificate();
00500 
00501               try {
00502                 cert.setSerialNumber(new BigInteger(20, new Random()));
00503                 cert.setSubjectDN(subject);
00504                 cert.setPublicKey(pk);
00505                 cert.setIssuerDN(issuer);
00506 
00507                 GregorianCalendar date =
00508                   new GregorianCalendar(TimeZone.getTimeZone("GMT"));
00509                 date.add(Calendar.MINUTE, -5);
00510                 cert.setValidNotBefore(date.getTime());
00511                 date.add(Calendar.MINUTE, 5);
00512                 date.add(Calendar.HOUR, hours);
00513                 cert.setValidNotAfter(date.getTime());
00514 
00515 
00516                 cert.sign(AlgorithmID.md5WithRSAEncryption, sk);
00517               } catch (Exception ex) {
00518                 throw new GlobusProxyException("Create certificate failed.", ex);
00519               }
00520 
00521               return cert;
00522        }
00523      */
00524     public static void loadProvider() {
00525         CertTools.installBCProvider();
00526         //Provider myProvider = new org.bouncycastle.jce.provider.BouncyCastleProvider();
00527         //Security.addProvider(myProvider);
00528     }
00529 
00530     public static X509Certificate getMyCertificate() {
00531         try {
00532             return ((AbstractBody) ProActive.getBodyOnThis()).getProActiveSecurityManager()
00533                     .getCertificate();
00534         } catch (SecurityNotAvailableException e) {
00535             return null;
00536         } catch (IOException e) {
00537             return null;
00538         }
00539     }
00540 
00541     public static X509Certificate[] getMyCertificateChain() {
00542         //TODO finish him
00543         //return ProActive.getBodyOnThis().getProActiveSecurityManager().getCertificate();
00544         return null;
00545     }
00546 }
Generated on Mon Jan 22 15:16:11 2007 for ProActive by  doxygen 1.5.1