Quản trị hệ thống

Một phần của tài liệu (LUẬN văn THẠC sĩ) xây dựng hệ thống quản lý chứng chỉ số sử dụng công nghệ IAIK và SSL (Trang 88 - 120)

Chương 3 THỬ NGHIỆM XÂY DỰNG HỆ THỐNG QUẢN LÝ CHỨNG CHỈ SỐ

3.5 HỆ THỐNG QUẢN LÝ CHỨNG CHỈ SỐ

3.5.2.8 Quản trị hệ thống

Hệ thống quản trị CA phân quyền dựa trên chứng chỉ số. Khi truy cập, hệ thống quản trị sẽ yêu cầu đưa ra chứng chỉ số. Sau khi thực hiện các bước bắt tay và chứng thực việc sở hữu chứng chỉ số, hệ thống quản trị sẽ thực hiện việc phần quyền. Trình duyệt sẽ cĩ hộp thoại yêu cầu chọn chứng chỉ số như hình 3- 20.

Hình 3-20

Lựa chọn chứng chỉ số thích hợp khi đăng nhập hệ thống quản trị

Tương ứng với mỗi chức năng của hệ thống sẽ cĩ một quyền. Tùy theo các quyền, các thành viên quản trị cĩ thể thực hiện các chức năng chính sau:

 Thu hồi

 Cập nhật trạng thái  Tìm kiếm yêu cầu  Ký duyệt yêu cầu

 Cập nhập danh sách thu hồi  Quản lý thành viên quản trị  Quản lý đối tác

 Thống kê hệ thống  Cấu hình hệ thống

KẾT LUẬN

Kết quả chính của luận văn bao gồm:

1. Tìm hiểu và nghiên cứu qua các tài liệu để hệ thống lại các vấn để sau

 Giới thiệu về hệ mật mã đối xứng, hệ mật mã khĩa cơng khai, giao thức SSL và bộ cơng cụ IAIK hộ trợ cho hệ thống PKI

 Giới thiệu về chứng chỉ khĩa cơng khai, cơ sở hạ tầng mã khĩa cơng khai. 2. Thử nghiệm xây dựng hệ thống quản lý chứng chỉ số

TÀI LIỆU THAM KHẢO Tài liệu tiếng Việt:

1. GS.TS Phan Đình Diệu, Giáo trình Lý thuyết mật mã và an tồn thơng tin. 2. PGS.TS Trịnh Nhật Tiến, Giáo trình An tồn dữ liệu.

Tài liệu tiếng Anh:

1. Secure Electronic Commerce, Building the Infrastructure for Digital Signatures and Encryption, Second Edition. Warwick Ford, Michael S. Baum. Prentice Hall PTR, 2001.

2. PKI Implementing and Managing E-Security. Andrew Nash, William Duane, Celia Joseph, Derek Brink. McGraw-Hill, 2001.

3. Digital Signatures. Mohad Atreya, Benjamin Hammond, Stephen Paine, Paul Starrett, Stephen Wu. McGraw-Hill, 2001.

4. Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework (RFC2527), Internet Engineering Task Force (IETF). 5. Internet X.509 Public Key Infrastructure Qualified Certificates Profile,

Internet Engineering Task Force (IETF).

PHỤ LỤC Một số modul chính của chương trình

1) Modul tiếp nhận yêu cầu của khách hàng

import java.sql.*; import javax.ejb.*; import javax.sql.DataSource; import java.rmi.RemoteException; import java.math.*; import java.util.Collection; import java.util.Vector; import vasc.ca.Common; import java.io.*; /** * <p>Title: CA Developement</p> * <p>Description: </p> * <p>Copyright: Copyright (c) 2002</p> * @author Vu Van Trieu

* @version 1.0 */

public class CertificateEJBBMP extends CertificateEJB { DataSource dataSource;

public BigDecimal ejbCreate(String crtFormat, String crtType, BigDecimal crtClass, BigDecimal keyLen, String algorithm, String crtStatus, Timestamp startDate, Timestamp endDate, BigDecimal publish, String cn, String email,

String o, String ou, String s, String l, String c, byte[] crtData, BigDecimal reqId) throws CreateException {

super.ejbCreate(crtFormat, crtType, crtClass, keyLen, algorithm, crtStatus, startDate, endDate, publish, cn, email, o, ou, s, l, c, crtData, reqId);

Connection connection = null;

PreparedStatement statement = null; BigDecimal crtId=null; ResultSet resultSet=null; try { ////////////////////////////////////////// connection = dataSource.getConnection(); connection.setAutoCommit(false); statement=connection.prepareStatement("SELECT SEQ_CRT_ID.nextval FROM DUAL"); resultSet=statement.executeQuery();

if(resultSet.next()==false) throw new CreateException("Error REQUEST Sequence nextval");

crtId=resultSet.getBigDecimal(1); if(resultSet!=null) {resultSet.close();} statement.close();

///////////////////////////////////////////

statement = connection.prepareStatement("INSERT INTO CERTIFICATE (CRT_ID, CRT_FORMAT, CRT_TYPE, CRT_CLASS, KEY_LEN, ALGORITHM, CRT_STATUS, START_DATE, END_DATE, PUBLISH, CN, EMAIL, O, OU, S, L, C, CRT_DATA, REQ_ID) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, EMPTY_BLOB(), ?)");

statement.setBigDecimal(1, crtId); statement.setString(2, crtFormat); statement.setString(3, crtType);

statement.setBigDecimal(4, crtClass); statement.setBigDecimal(5, keyLen); statement.setString(6, algorithm); statement.setString(7, crtStatus); statement.setTimestamp(8, startDate); statement.setTimestamp(9, endDate); statement.setBigDecimal(10, publish); statement.setString(11, cn); statement.setString(12, email); statement.setString(13, o); statement.setString(14, ou); statement.setString(15, s); statement.setString(16, l); statement.setString(17, c);

/**@todo Set parameter crtData*/ statement.setBigDecimal(18, reqId); //Attention

super.crtId =crtId;

if (statement.executeUpdate() != 1) {

throw new CreateException("Error adding row"); }

else {

statement.close();

statement = connection.prepareStatement("SELECT CRT_DATA FROM CERTIFICATE WHERE CRT_ID=? FOR UPDATE");

statement.setBigDecimal(1, crtId); ResultSet rs=statement.executeQuery(); if(rs.next()) { Blob contentdata=rs.getBlob(1); try { Common.writeBlob(contentdata,crtData); } catch(Exception e) { System.out.println(e.getMessage()); } rs.close(); } } connection.commit(); connection.setAutoCommit(true); return crtId; } catch(SQLException e) {

throw new EJBException("Error executing SQL INSERT INTO CERTIFICATE (CRT_ID, CRT_FORMAT, CRT_TYPE, CRT_CLASS, KEY_LEN, ALGORITHM, CRT_STATUS, START_DATE, END_DATE, PUBLISH, CN, EMAIL, O, OU, S, L, C, CRT_DATA, REQ_ID) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?): " + e.toString());

closeConnection(connection, statement); }

}

public void ejbRemove() throws RemoveException { super.ejbRemove();

Connection connection = null;

PreparedStatement statement = null; try {

connection = dataSource.getConnection();

statement = connection.prepareStatement("DELETE FROM CERTIFICATE WHERE CRT_ID = ?");

statement.setBigDecimal(1, crtId); if (statement.executeUpdate() < 1) {

throw new RemoveException("Error deleting row"); }

}

catch(SQLException e) {

throw new EJBException("Error executing SQL DELETE FROM CERTIFICATE WHERE CRT_ID = ?: " + e.toString());

}

finally {

closeConnection(connection, statement); }

}

public void ejbLoad() {

PreparedStatement statement = null; try {

connection = dataSource.getConnection(); connection.setAutoCommit(false);

statement = connection.prepareStatement("SELECT CRT_FORMAT, CRT_TYPE, CRT_CLASS, KEY_LEN, ALGORITHM, CRT_STATUS, START_DATE, END_DATE, PUBLISH, CN, EMAIL, O, OU, S, L, C, CRT_DATA, REQ_ID FROM CERTIFICATE WHERE CRT_ID = ?");

statement.setBigDecimal(1, crtId);

ResultSet resultSet = statement.executeQuery(); if (!resultSet.next()) {

throw new NoSuchEntityException("Row does not exist"); } this.crtFormat = resultSet.getString(1); this.crtType = resultSet.getString(2); this.crtClass = resultSet.getBigDecimal(3); this.keyLen = resultSet.getBigDecimal(4); this.algorithm = resultSet.getString(5); this.crtStatus = resultSet.getString(6); this.startDate = resultSet.getTimestamp(7); this.endDate = resultSet.getTimestamp(8); this.publish = resultSet.getBigDecimal(9); this.cn = resultSet.getString(10); this.email = resultSet.getString(11); this.o = resultSet.getString(12); this.ou = resultSet.getString(13); this.s = resultSet.getString(14);

this.l = resultSet.getString(15); this.c = resultSet.getString(16); Blob temp=resultSet.getBlob("CRT_DATA"); try { this.crtData=Common.readBlob(temp); } catch(Exception e) {System.out.println(e.getMessage());} this.reqId=resultSet.getBigDecimal(18); if(resultSet!=null) { resultSet.close(); } connection.setAutoCommit(true); } catch(SQLException e) {

throw new EJBException("Error executing SQL SELECT CRT_FORMAT, CRT_TYPE, CRT_CLASS, KEY_LEN, ALGORITHM, CRT_STATUS, START_DATE, END_DATE, PUBLISH, CN, EMAIL, O, OU, S, L, C, CRT_DATA, REQ_ID FROM CERTIFICATE WHERE CRT_ID = ?: " + e.toString());

}

finally {

closeConnection(connection, statement); }

public void ejbStore() { super.ejbStore();

Connection connection = null;

PreparedStatement statement = null; try {

connection = dataSource.getConnection(); connection.setAutoCommit(false);

statement = connection.prepareStatement("UPDATE CERTIFICATE SET CRT_FORMAT = ?, CRT_TYPE = ?, CRT_CLASS = ?, KEY_LEN = ?, ALGORITHM = ?, CRT_STATUS = ?, START_DATE = ?, END_DATE = ?, PUBLISH = ?, CN = ?, EMAIL = ?, O = ?, OU = ?, S = ?, L = ?, C = ?, CRT_DATA =EMPTY_BLOB(), REQ_ID = ? WHERE CRT_ID = ?");

statement.setString(1, crtFormat); statement.setString(2, crtType); statement.setBigDecimal(3, crtClass); statement.setBigDecimal(4, keyLen); statement.setString(5, algorithm); statement.setString(6, crtStatus); statement.setTimestamp(7, startDate); statement.setTimestamp(8, endDate); statement.setBigDecimal(9, publish); statement.setString(10, cn); statement.setString(11, email); statement.setString(12, o); statement.setString(13, ou); statement.setString(14, s); statement.setString(15, l);

/**@todo Set parameter crtData*/ statement.setBigDecimal(17, reqId); statement.setBigDecimal(18, crtId); if (statement.executeUpdate() < 1) {

throw new NoSuchEntityException("Row does not exist"); }

else

{ statement.close();

statement = connection.prepareStatement("SELECT CRT_DATA FROM CERTIFICATE WHERE CRT_ID=? FOR UPDATE");

statement.setBigDecimal(1,crtId); ResultSet rs=statement.executeQuery(); if(rs.next()) { Blob contentdata=rs.getBlob(1); try { Common.writeBlob(contentdata,this.crtData); } catch(Exception e){System.out.println(e.getMessage());} } rs.close(); } connection.commit(); connection.setAutoCommit(true);

}

catch(SQLException e) {

throw new EJBException("Error executing SQL UPDATE CERTIFICATE SET CRT_FORMAT = ?, CRT_TYPE = ?, CRT_CLASS = ?, KEY_LEN = ?, ALGORITHM = ?, CRT_STATUS = ?, START_DATE = ?, END_DATE = ?, PUBLISH = ?, CN = ?, EMAIL = ?, O = ?, OU = ?, S = ?, L = ?, C = ?, CRT_DATA = ?, REQ_ID = ? WHERE CRT_ID = ?: " + e.toString());

}

finally {

closeConnection(connection, statement); }

}

public BigDecimal ejbFindByPrimaryKey(BigDecimal certificateRemoteKey) throws ObjectNotFoundException {

Connection connection = null;

PreparedStatement statement = null; try {

connection = dataSource.getConnection();

statement = connection.prepareStatement("SELECT CRT_ID FROM CERTIFICATE WHERE CRT_ID = ?");

statement.setBigDecimal(1, certificateRemoteKey); ResultSet resultSet = statement.executeQuery(); if (!resultSet.next()) {

throw new ObjectNotFoundException("Primary key does not exist"); }

return certificateRemoteKey; }

throw new EJBException("Error executing SQL SELECT CRT_ID FROM CERTIFICATE WHERE CRT_ID = ?: " + e.toString());

}

finally {

closeConnection(connection, statement); }

}

public BigDecimal ejbFindReqId(BigDecimal reqId){ Connection connection = null;

PreparedStatement statement = null; try {

connection = dataSource.getConnection();

statement = connection.prepareStatement("SELECT CRT_ID FROM CERTIFICATE WHERE REQ_ID = ? ");

statement.setBigDecimal(1, reqId);

ResultSet resultSet = statement.executeQuery(); BigDecimal keys = null;

if (!resultSet.next()) {

//throw new ObjectNotFoundException("Primary key does not exist"); }else{keys = resultSet.getBigDecimal(1);}

return keys; }

catch(SQLException e) {

throw new EJBException("Error executing SQL SELECT CRT_ID FROM CERTIFICATE WHERE REQ_ID = ?: " + e.toString());

}

closeConnection(connection, statement); }

}

public Collection ejbFindAll() { Connection connection = null;

PreparedStatement statement = null; try {

connection = dataSource.getConnection();

statement = connection.prepareStatement("SELECT CRT_ID FROM CERTIFICATE");

ResultSet resultSet = statement.executeQuery(); Vector keys = new Vector();

while (resultSet.next()) {

BigDecimal crtId = resultSet.getBigDecimal(1); keys.addElement(crtId);

}

return keys; }

catch(SQLException e) {

throw new EJBException("Error executing SQL SELECT CRT_ID FROM CERTIFICATE: " + e.toString()); } finally { closeConnection(connection, statement); } }

BigDecimal endSerial, String cn,String email,String o, String ou,String l,String s,String c,

String reason,String startDateValid, String endDateValid,String startDateInvalid, String endDateInvalid,

String category,boolean exact ) {

Connection connection = null;

PreparedStatement statement = null; try { connection = dataSource.getConnection(); try{ statement=vasc.ca.utils.Utils.createStatement(connection,startSerial, endSerial,cn,email,o,ou,l,s,c,reason,startDateValid,endDateValid,startDateInvali d, endDateInvalid, category,exact); } catch(Exception e) {System.out.println(e.getMessage());}

ResultSet resultSet = statement.executeQuery(); Vector keys = new Vector();

while (resultSet.next()) {

BigDecimal crtId = resultSet.getBigDecimal(1); keys.addElement(crtId);

}

return keys; }

catch(SQLException e) {

finally {

closeConnection(connection, statement); }

}

public Collection ejbFindInfoCount (BigDecimal startSerial,

BigDecimal endSerial, String cn,String email,String o, String ou,String l,String s,String c,String reason,String startDateValid, String endDateValid,String startDateInvalid, String endDateInvalid, String category,boolean exact,long start, long end )

{

Connection connection = null;

PreparedStatement statement = null; try { connection = dataSource.getConnection(); try{ statement=vasc.ca.utils.Utils.createStatement(connection,startSerial, endSerial,cn,email,o,ou,l,s,c,reason,startDateValid,endDateValid,startDateInvali d, endDateInvalid, category,exact,start,end); } catch(Exception e) {System.out.println(e.getMessage());}

ResultSet resultSet = statement.executeQuery(); Vector keys = new Vector();

while (resultSet.next()) {

BigDecimal crtId = resultSet.getBigDecimal("CRT_ID"); keys.addElement(crtId);

return keys; }

catch(SQLException e) {

throw new EJBException(" ejbFindInfoCount Error executing " + e.toString()); } finally { closeConnection(connection, statement); } }

void closeConnection(Connection connection, Statement statement) { try { if (statement != null) { statement.close(); } } catch(SQLException e) { } try { if (connection != null) { connection.close(); } } catch(SQLException e) { } }

public void setEntityContext(EntityContext entityContext) { super.setEntityContext(entityContext); try { try { dataSource =Common.getDataSource(); } catch(Exception e) {

throw new EJBException("Error looking up dataSource: " + e.toString()); }

}

catch(Exception e) {

throw new EJBException("Error initializing context:" + e.toString()); }

}

public void unsetEntityContext() { super.unsetEntityContext(); this.entityContext = null; }}

2) Các modul liên quan đến việc tạo chứng chí số package vasc.ca.security.interfaces; /** * <p>Title: </p> * <p>Description: </p> * <p>Copyright: Copyright (c) 2002</p> * @author Vu Van Trieu

* @version 1.0 */ import iaik.x509.*; import java.io.*; import java.math.*; import java.rmi.*; import javax.ejb.*; import java.security.*; import iaik.asn1.structures.*; import iaik.asn1.*; import java.util.*; import iaik.x509.extensions.*; public class iCATool

{

public static final boolean CA_CERT = true; public static final boolean USER_CERT = false; public static final int DER=1;

public static final int PEM=2;

public static final int MD5withRSA = 1; public static final int SHA1withRSA = 2; public static final int dsaWithSHA = 3; public static final int dsaWithSHA1 = 4; protected PrivateKey privateKey=null; protected PublicKey publicKey=null; protected X509Certificate certificate=null; protected int algorithm=1;

protected BigInteger serial;

protected String keyAlgorithm="RSA"; protected int keyLen=512;

protected boolean selfCreateKeyPair=false; protected Name name;

protected Date idCardIssueDate=null; protected String ks_alias;

protected String ks_filename; protected String ks_pwd; protected String ks_provider; protected String ks_type;

protected java.util.Date validFrom; protected java.util.Date validTo; protected byte[] cert_temp;

protected boolean subCritical=false; protected boolean auCritical=false;

protected boolean idCardNumCritical = false; protected byte[] ks_data;

public PrivateKey getPrivateKey() {

return privateKey; }

public PublicKey getPublicKey() {

return publicKey; }

public boolean getSelfCreateKeyPair() {

return selfCreateKeyPair; }

public BigInteger getSerial() {

return serial; }

public void setPrivateKey(PrivateKey privateKey) {

this.privateKey = privateKey; }

public void setPublicKey(PublicKey publicKey) {

this.publicKey = publicKey; }

{

this.selfCreateKeyPair = selfCreateKeyPair; }

public void setSerial(BigInteger serial) {

this.serial = serial; }

public byte[] getCertificate() throws EJBException { ByteArrayOutputStream out = null;

try {

out = new ByteArrayOutputStream(1024); this.certificate.writeTo(out);

}

catch(Exception e) {

throw new EJBException(e.getMessage()); }

return out.toByteArray(); }

public int getAlgorithm() {

return algorithm; }

public int getKeyLen() {

return keyLen; }

public void setAlgorithm(int algorithm) {

this.algorithm = algorithm; }

public void setKeyLen(int keyLen) {

this.keyLen = keyLen; }

this.keyAlgorithm = keyAlgorithm; }

public String getKeyAlgorithm() {

return keyAlgorithm; }

//E,CN,UID,OU,O,C

public void setSubjectInfo( String emailAddress, String commonName, String organizationalUnit, String organization, String stateOrProvince, String locality, String country)

{ if (commonName==null || commonName.equals("")) { name=null; return; }

name = new Name();

if (country!=null && !country.equals("")) name.addRDN(ObjectID.country, country); if (locality!=null && !locality.equals("")) name.addRDN(ObjectID.locality, locality);

if (stateOrProvince!=null && !stateOrProvince.equals("")) name.addRDN(ObjectID.stateOrProvince, stateOrProvince); if (organization!=null && !organization.equals(""))

name.addRDN(ObjectID.organization, organization);

if (organizationalUnit!=null && !organizationalUnit.equals("")) name.addRDN(ObjectID.organizationalUnit, organizationalUnit); if (emailAddress!=null && !emailAddress.equals(""))

name.addRDN(ObjectID.emailAddress, emailAddress); if (commonName!=null && !commonName.equals("")) name.addRDN(ObjectID.commonName, commonName); }

public void addName(int oid, String name) {

if (this.name==null)

this.name = new Name(); switch(oid) { case iName.commonName: this.name.addRDN(ObjectID.commonName,name); break; case iName.country:

break; case iName.emailAddress: this.name.addRDN(ObjectID.emailAddress,name); break; case iName.locality: this.name.addRDN(ObjectID.locality,name); break; case iName.organization: this.name.addRDN(ObjectID.organization,name); break; case iName.organizationalUnit: this.name.addRDN(ObjectID.organizationalUnit,name); break; case iName.stateOrProvince: this.name.addRDN(ObjectID.stateOrProvince,name); break; case iName.streetAddress: this.name.addRDN(ObjectID.streetAddress,name); break; case iName.surName: this.name.addRDN(ObjectID.surName,name); break; case iName.title: this.name.addRDN(ObjectID.title,name); break; case iName.unstructuredAddress: this.name.addRDN(ObjectID.unstructuredAddress,name); break; case iName.unstructuredName: this.name.addRDN(ObjectID.unstructuredName,name); break; default: break; } }

public void setKs_alias(String ks_alias) {

this.ks_alias = ks_alias; }

public void setKs_filename(String ks_filename) {

this.ks_filename = ks_filename; }

this.ks_pwd = ks_pwd; }

public void setKs_provider(String ks_provider) {

this.ks_provider = ks_provider; }

public void setKs_type(String ks_type) {

this.ks_type = ks_type; }

public void setValidFrom(java.util.Date validFrom) {

this.validFrom = validFrom; }

public java.util.Date getValidFrom() {

return validFrom; }

public void setValidTo(Date validTo) {

this.validTo = validTo; }

public Date getValidTo() {

return validTo; }

public void setCert_temp(byte[] cert_temp) {

this.cert_temp = cert_temp; }

public void setSubCritical(boolean subCritical) {

this.subCritical = subCritical; }

public boolean isSubCritical() {

return subCritical; }

public void setAuCritical(boolean auCritical) {

this.auCritical = auCritical; }

public boolean isAuCritical() {

}

public void setKs_data(byte[] ks_data) { this.ks_data = ks_data;

}

public String getIdCardNum() { return idCardNum;

}

public void setIdCardNum(String idCardNum) { this.idCardNum = idCardNum;

}

public boolean isIdCardNumCritical() { return idCardNumCritical;

}

public void setIdCardNumCritical(boolean idCardNumCritical) { this.idCardNumCritical = idCardNumCritical;

}

public Date getIdCardIssueDate() { return idCardIssueDate;

}

public void setIdCardIssueDate(Date idCardIssueDate) { this.idCardIssueDate = idCardIssueDate;

} }

3) Modul ký duyệt và tạo lập chứng chỉ số package vasc.ca.security.ejb; import iaik.asn1.*; import iaik.asn1.structures.*; import iaik.x509.*; import iaik.x509.extensions.*; import iaik.x509.extensions.netscape.*; import iaik.pkcs.pkcs10.*; import java.io.*; import java.rmi.*; import java.security.*; import java.util.*; import javax.ejb.*; import vasc.ca.security.utils.*; import vasc.ca.security.interfaces.*; import vasc.ca.security.bean.*; import vasc.ca.bean.keystore.*; import vasc.security.x509.extensions.*;

public class CertEJB extends iCATool implements SessionBean {

private SessionContext sessionContext; public void ejbCreate()

{ }

public void ejbRemove() {

}

public void ejbActivate() {

}

public void ejbPassivate() {

}

public void setSessionContext(SessionContext sessionContext) {

this.sessionContext = sessionContext; }

public void createCert() throws EJBException {

{

iaik.security.provider.IAIK.addAsProvider(false); //Kiem tra certificate template co hop le hay khong if (cert_temp==null)

throw new EJBException("Certficcate template is NULL"); X509Certificate certTmp = new X509Certificate(this.cert_temp); ByteArrayInputStream in = new ByteArrayInputStream(this.ks_data); //Lay thong tin ve CA trong keystore: private key, public key, certificate KeyStore ks =

Util.loadkeyStore(in,this.ks_pwd,this.ks_type,this.ks_provider); if (!ks.isKeyEntry(this.ks_alias))

throw new RemoteException("alias "+this.ks_alias+" is not associated with KeyEntry"); PrivateKey issuerPrivateKey = (PrivateKey)ks.getKey(this.ks_alias,this.ks_pwd.toCharArray()); java.security.cert.Certificate[] crt = (java.security.cert.Certificate[])ks.getCertificateChain(this.ks_alias); java.security.cert.X509Certificate cert = (java.security.cert.X509Certificate)crt[0];

X509Certificate issuerCert = new X509Certificate(cert.getEncoded()); //Vector dung cho viec luu phan mo rong extension cua certificate Vector vector = new Vector();

vector.removeAllElements();

//Neu selfCreateKeyPair=true thi phai sinh keypair truoc khi sign if (selfCreateKeyPair)

{

KeyPair keyPair =null; if (keyAlgorithm.equals("")) keyPair = vasc.ca.security.utils.Util.generateKeyPair("RSA",keyLen); else keyPair = vasc.ca.security.utils.Util.generateKeyPair(keyAlgorithm,keyLen); publicKey = keyPair.getPublic(); privateKey = keyPair.getPrivate(); }

//Thong tin chung thuc public key cua doi tuong

SubjectKeyIdentifier subKey = new SubjectKeyIdentifier(publicKey); if (subCritical)

subKey.setCritical(false); vector.addElement(subKey);

SubjectKeyIdentifier issuer = new

SubjectKeyIdentifier(issuerCert.getPublicKey());

AuthorityKeyIdentifier auKey = new AuthorityKeyIdentifier(); if (auCritical)

auKey.setCritical(false);

auKey.setKeyIdentifier(issuer.get());

auKey.setAuthorityCertSerialNumber(issuerCert.getSerialNumber()); vector.add(auKey);

// Gan them thong tin ve so chung minh thu nhan dan nhan

if (this.idCardNum!=null && !this.idCardNum.equals("")) {

PersonalIdentifierNumber idCard = new PersonalIdentifierNumber(); idCard.setCritical(this.isIdCardNumCritical()); idCard.setIDNumber(this.idCardNum); if (this.idCardIssueDate!=null) idCard.setIssueDate(this.idCardIssueDate); vector.add(idCard); }

//Lay phan mo rong trong certificate template Enumeration enum = certTmp.listExtensions(); while (enum.hasMoreElements())

{

V3Extension ext = (V3Extension)enum.nextElement();

if (!(ext instanceof SubjectKeyIdentifier) && !(ext instanceof AuthorityKeyIdentifier))

vector.add(ext); }

//Neu khong co phan mo rong nao thi nem ra mot ngoai le if (vector.size()==0)

throw new RemoteException("Certificate template not have any extension");

V3Extension V3extensions[] = new V3Extension[vector.size()]; vector.copyInto(V3extensions);

//Dat lai thuat toan sign khi private key cua CA thuoc loai DSA,

//boi vi DSAPrivateKey chi co the dung dsaWithSHA1 hoac dsaWithSHA if (issuerPrivateKey instanceof iaik.security.dsa.DSAPrivateKey)

algorithm = iCATool.dsaWithSHA1; switch(algorithm)

this.certificate = vasc.ca.security.utils.Util.createCertificate(name,publicKey, (Name)issuerCert.getSubjectDN(),issuerPrivateKey, AlgorithmID.md5WithRSAEncryption,serial,V3extensions,validFrom, validTo); break; case SHA1withRSA: this.certificate = vasc.ca.security.utils.Util.createCertificate(name,publicKey, (Name)issuerCert.getSubjectDN(),issuerPrivateKey, AlgorithmID.sha1WithRSAEncryption,serial,V3extensions,validFrom,validTo); break; case dsaWithSHA1: this.certificate = vasc.ca.security.utils.Util.createCertificate(name,publicKey, (Name)issuerCert.getSubjectDN(),issuerPrivateKey, AlgorithmID.dsaWithSHA1,serial,V3extensions,validFrom,validTo); break; default:

throw new EJBException("Algorithm for signing is invalid"); }

}

catch(Exception e) {

throw new EJBException(e); }

}

public void createCertFromRequest(byte[] request) throws EJBException

{

this.selfCreateKeyPair=false; try

{

//Kiem tra xem request co hop le hay khong

RequestInfo reqInfo = Common.checkRequest(new String(request)); if (reqInfo!=null)

{

if (reqInfo.getType().equals(RequestInfo.T_PKCS10)) {

CertificateRequest req = new CertificateRequest(request); if (!req.verify())

if (this.name==null) this.name = req.getSubject(); createCert(); } else { if (reqInfo.getType().equals(RequestInfo.T_KEYGEN)) { this.publicKey = Common.getPublicKeyFromKEYGEN(new String(request)); if (this.publicKey==null)

throw new EJBException("Can not parse this request"); }

else

throw new EJBException("Can not parse this request"); }

createCert(); }

else

throw new EJBException("Can not parse this request"); }

catch(Exception e) {

throw new EJBException(e); }

} }

PDF Merger

Thank you for evaluating AnyBizSoft PDF Merger! To remove this page, please

register your program!

Go to Purchase Now>>

 Merge multiple PDF files into one

 Select page range of PDF to merge

 Select specific page(s) to merge

Một phần của tài liệu (LUẬN văn THẠC sĩ) xây dựng hệ thống quản lý chứng chỉ số sử dụng công nghệ IAIK và SSL (Trang 88 - 120)

Tải bản đầy đủ (PDF)

(120 trang)