Title:
*Description:
*Copyright: Copyright (c) 2002
* @author Vu Van Trieu * @version 1.0 */ import iaik.x509.*; import java.io.*; import java.math.*; import java.rmi.*; import javax.ejb.*; import java.security.*; import iaik.asn1.structures.*; import iaik.asn1.*; import java.util.*; import iaik.x509.extensions.*; public class iCATool { public static final boolean CA_CERT = true; public static final boolean USER_CERT = false; public static final int DER=1; public static final int PEM=2; public static final int MD5withRSA = 1; public static final int SHA1withRSA = 2; public static final int dsaWithSHA = 3; public static final int dsaWithSHA1 = 4; protected PrivateKey privateKey=null; protected PublicKey publicKey=null; protected X509Certificate certificate=null; protected int algorithm=1; protected BigInteger serial; protected String keyAlgorithm="RSA"; protected int keyLen=512; protected boolean selfCreateKeyPair=false; protected Name name; protected String idCardNum=null; 109 protected Date idCardIssueDate=null; protected String ks_alias; protected String ks_filename; protected String ks_pwd; protected String ks_provider; protected String ks_type; protected java.util.Date validFrom; protected java.util.Date validTo; protected byte[] cert_temp; protected boolean subCritical=false; protected boolean auCritical=false; protected boolean idCardNumCritical = false; protected byte[] ks_data; public PrivateKey getPrivateKey() { return privateKey; } public PublicKey getPublicKey() { return publicKey; } public boolean getSelfCreateKeyPair() { return selfCreateKeyPair; } public BigInteger getSerial() { return serial; } public void setPrivateKey(PrivateKey privateKey) { this.privateKey = privateKey; } public void setPublicKey(PublicKey publicKey) { this.publicKey = publicKey; } public void setSelfCreateKeyPair(boolean selfCreateKeyPair) 110 { this.selfCreateKeyPair = selfCreateKeyPair; } public void setSerial(BigInteger serial) { this.serial = serial; } public byte[] getCertificate() throws EJBException { ByteArrayOutputStream out = null; try { out = new ByteArrayOutputStream(1024); this.certificate.writeTo(out); } catch(Exception e) { throw new EJBException(e.getMessage()); } return out.toByteArray(); } public int getAlgorithm() { return algorithm; } public int getKeyLen() { return keyLen; } public void setAlgorithm(int algorithm) { this.algorithm = algorithm; } public void setKeyLen(int keyLen) { this.keyLen = keyLen; } public void setKeyAlgorithm(String keyAlgorithm) { 111 this.keyAlgorithm = keyAlgorithm; } public String getKeyAlgorithm() { return keyAlgorithm; } //E,CN,UID,OU,O,C public void setSubjectInfo( String emailAddress, String commonName, String organizationalUnit, String organization, String stateOrProvince, String locality, String country) { if (commonName==null || commonName.equals("")) { name=null; return; } name = new Name(); if (country!=null && !country.equals("")) name.addRDN(ObjectID.country, country); if (locality!=null && !locality.equals("")) name.addRDN(ObjectID.locality, locality); if (stateOrProvince!=null && !stateOrProvince.equals("")) name.addRDN(ObjectID.stateOrProvince, stateOrProvince); if (organization!=null && !organization.equals("")) name.addRDN(ObjectID.organization, organization); if (organizationalUnit!=null && !organizationalUnit.equals("")) name.addRDN(ObjectID.organizationalUnit, organizationalUnit); if (emailAddress!=null && !emailAddress.equals("")) name.addRDN(ObjectID.emailAddress, emailAddress); if (commonName!=null && !commonName.equals("")) name.addRDN(ObjectID.commonName, commonName); } public void addName(int oid, String name) { if (this.name==null) this.name = new Name(); switch(oid) { case iName.commonName: this.name.addRDN(ObjectID.commonName,name); break; case iName.country: this.name.addRDN(ObjectID.country,name); 112 break; case iName.emailAddress: this.name.addRDN(ObjectID.emailAddress,name); break; case iName.locality: this.name.addRDN(ObjectID.locality,name); break; case iName.organization: this.name.addRDN(ObjectID.organization,name); break; case iName.organizationalUnit: this.name.addRDN(ObjectID.organizationalUnit,name); break; case iName.stateOrProvince: this.name.addRDN(ObjectID.stateOrProvince,name); break; case iName.streetAddress: this.name.addRDN(ObjectID.streetAddress,name); break; case iName.surName: this.name.addRDN(ObjectID.surName,name); break; case iName.title: this.name.addRDN(ObjectID.title,name); break; case iName.unstructuredAddress: this.name.addRDN(ObjectID.unstructuredAddress,name); break; case iName.unstructuredName: this.name.addRDN(ObjectID.unstructuredName,name); break; default: break; } } public void setKs_alias(String ks_alias) { this.ks_alias = ks_alias; } public void setKs_filename(String ks_filename) { this.ks_filename = ks_filename; } public void setKs_pwd(String ks_pwd) { 113 this.ks_pwd = ks_pwd; } public void setKs_provider(String ks_provider) { this.ks_provider = ks_provider; } public void setKs_type(String ks_type) { this.ks_type = ks_type; } public void setValidFrom(java.util.Date validFrom) { this.validFrom = validFrom; } public java.util.Date getValidFrom() { return validFrom; } public void setValidTo(Date validTo) { this.validTo = validTo; } public Date getValidTo() { return validTo; } public void setCert_temp(byte[] cert_temp) { this.cert_temp = cert_temp; } public void setSubCritical(boolean subCritical) { this.subCritical = subCritical; } public boolean isSubCritical() { return subCritical; } public void setAuCritical(boolean auCritical) { this.auCritical = auCritical; } public boolean isAuCritical() { return auCritical; 114 } public void setKs_data(byte[] ks_data) { this.ks_data = ks_data; } public String getIdCardNum() { return idCardNum; } public void setIdCardNum(String idCardNum) { this.idCardNum = idCardNum; } public boolean isIdCardNumCritical() { return idCardNumCritical; } public void setIdCardNumCritical(boolean idCardNumCritical) { this.idCardNumCritical = idCardNumCritical; } public Date getIdCardIssueDate() { return idCardIssueDate; } public void setIdCardIssueDate(Date idCardIssueDate) { this.idCardIssueDate = idCardIssueDate; } } 115 3) Modul ký duyệt tạo lập chứng số package vasc.ca.security.ejb; import iaik.asn1.*; import iaik.asn1.structures.*; import iaik.x509.*; import iaik.x509.extensions.*; import iaik.x509.extensions.netscape.*; import iaik.pkcs.pkcs10.*; import java.io.*; import java.rmi.*; import java.security.*; import java.util.*; import javax.ejb.*; import vasc.ca.security.utils.*; import vasc.ca.security.interfaces.*; import vasc.ca.security.bean.*; import vasc.ca.bean.keystore.*; import vasc.security.x509.extensions.*; public class CertEJB extends iCATool implements SessionBean { private SessionContext sessionContext; public void ejbCreate() { } public void ejbRemove() { } public void ejbActivate() { } public void ejbPassivate() { } public void setSessionContext(SessionContext sessionContext) { this.sessionContext = sessionContext; } public void createCert() throws EJBException { try 116 { iaik.security.provider.IAIK.addAsProvider(false); //Kiem tra certificate template co hop le hay khong if (cert_temp==null) throw new EJBException("Certficcate template is NULL"); X509Certificate certTmp = new X509Certificate(this.cert_temp); ByteArrayInputStream in = new ByteArrayInputStream(this.ks_data); //Lay thong tin ve CA keystore: private key, public key, certificate KeyStore ks = Util.loadkeyStore(in,this.ks_pwd,this.ks_type,this.ks_provider); if (!ks.isKeyEntry(this.ks_alias)) throw new RemoteException("alias "+this.ks_alias+" is not associated with KeyEntry"); PrivateKey issuerPrivateKey = (PrivateKey)ks.getKey(this.ks_alias,this.ks_pwd.toCharArray()); java.security.cert.Certificate[] crt = (java.security.cert.Certificate[])ks.getCertificateChain(this.ks_alias); java.security.cert.X509Certificate cert = (java.security.cert.X509Certificate)crt[0]; X509Certificate issuerCert = new X509Certificate(cert.getEncoded()); //Vector dung cho viec luu phan mo rong extension cua certificate Vector vector = new Vector(); vector.removeAllElements(); //Neu selfCreateKeyPair=true thi phai sinh keypair truoc sign if (selfCreateKeyPair) { KeyPair keyPair =null; if (keyAlgorithm.equals("")) keyPair = vasc.ca.security.utils.Util.generateKeyPair("RSA",keyLen); else keyPair = vasc.ca.security.utils.Util.generateKeyPair(keyAlgorithm,keyLen); publicKey = keyPair.getPublic(); privateKey = keyPair.getPrivate(); } //Thong tin chung thuc public key cua doi tuong SubjectKeyIdentifier subKey = new SubjectKeyIdentifier(publicKey); if (subCritical) subKey.setCritical(false); vector.addElement(subKey); //Thong tin chung thuc public key cua CA 117 SubjectKeyIdentifier issuer = new SubjectKeyIdentifier(issuerCert.getPublicKey()); AuthorityKeyIdentifier auKey = new AuthorityKeyIdentifier(); if (auCritical) auKey.setCritical(false); auKey.setKeyIdentifier(issuer.get()); auKey.setAuthorityCertSerialNumber(issuerCert.getSerialNumber()); vector.add(auKey); // Gan them thong tin ve so chung minh thu nhan dan nhan if (this.idCardNum!=null && !this.idCardNum.equals("")) { PersonalIdentifierNumber idCard = new PersonalIdentifierNumber(); idCard.setCritical(this.isIdCardNumCritical()); idCard.setIDNumber(this.idCardNum); if (this.idCardIssueDate!=null) idCard.setIssueDate(this.idCardIssueDate); vector.add(idCard); } //Lay phan mo rong certificate template Enumeration enum = certTmp.listExtensions(); while (enum.hasMoreElements()) { V3Extension ext = (V3Extension)enum.nextElement(); if (!(ext instanceof SubjectKeyIdentifier) && !(ext instanceof AuthorityKeyIdentifier)) vector.add(ext); } //Neu khong co phan mo rong nao thi nem mot ngoai le if (vector.size()==0) throw new RemoteException("Certificate template not have any extension"); V3Extension V3extensions[] = new V3Extension[vector.size()]; vector.copyInto(V3extensions); //Dat lai thuat toan sign private key cua CA thuoc loai DSA, //boi vi DSAPrivateKey chi co the dung dsaWithSHA1 hoac dsaWithSHA if (issuerPrivateKey instanceof iaik.security.dsa.DSAPrivateKey) algorithm = iCATool.dsaWithSHA1; switch(algorithm) { case MD5withRSA: 118 this.certificate = vasc.ca.security.utils.Util.createCertificate(name,publicKey, (Name)issuerCert.getSubjectDN(),issuerPrivateKey, AlgorithmID.md5WithRSAEncryption,serial,V3extensions,validFrom, validTo); break; case SHA1withRSA: this.certificate = vasc.ca.security.utils.Util.createCertificate(name,publicKey, (Name)issuerCert.getSubjectDN(),issuerPrivateKey, AlgorithmID.sha1WithRSAEncryption,serial,V3extensions,validFrom,validTo); break; case dsaWithSHA1: this.certificate = vasc.ca.security.utils.Util.createCertificate(name,publicKey, (Name)issuerCert.getSubjectDN(),issuerPrivateKey, AlgorithmID.dsaWithSHA1,serial,V3extensions,validFrom,validTo); break; default: throw new EJBException("Algorithm for signing is invalid"); } } catch(Exception e) { throw new EJBException(e); } } public void createCertFromRequest(byte[] request) throws EJBException { this.selfCreateKeyPair=false; try { //Kiem tra xem request co hop le hay khong RequestInfo reqInfo = Common.checkRequest(new String(request)); if (reqInfo!=null) { if (reqInfo.getType().equals(RequestInfo.T_PKCS10)) { CertificateRequest req = new CertificateRequest(request); if (!req.verify()) throw new EJBException("Request is invalid"); this.publicKey = req.getPublicKey(); 119 if (this.name==null) this.name = req.getSubject(); createCert(); } else { if (reqInfo.getType().equals(RequestInfo.T_KEYGEN)) { this.publicKey = Common.getPublicKeyFromKEYGEN(new String(request)); if (this.publicKey==null) throw new EJBException("Can not parse this request"); } else throw new EJBException("Can not parse this request"); } createCert(); } else throw new EJBException("Can not parse this request"); } catch(Exception e) { throw new EJBException(e); } } } 120 Thank you for evaluating AnyBizSoft PDF Merger! To remove this page, please register your program! Go to Purchase Now>> AnyBizSoft PDF Merger Merge multiple PDF files into one Select page range of PDF to merge Select specific page(s) to merge Extract page(s) from different PDF files and merge into one ... tin nước nhà Luận văn nghiên cứu xây dựng hệ thống quản lý chứng số dựa công nghệ SSL IAIK Đồng thời đưa giải pháp công nghệ cho ứng dụng thực tế liên quan đến chứng số Luận văn bao gồm chương:... PKI :IAIK 80 3.4.1 Giới thiệu chung IAIK 80 3.4.2 Sử dụng IAIK xây dựng hệ thống 81 3.5 HỆ THỐNG QUẢN LÝ CHỨNG CHỈ SỐ 83 3.5.1 Mơ hình phân cấp hệ thống. .. vào CA tạo chứng số Mỗi chứng số có hạn sử dụng Việc kiểm tra chứng số thực độc lập với hệ thống cấp chứng số, thực đầu cuối, thơng qua dịch vụ kiểm tra trạng thái chứng số Chứng số cơng khai