mirror of
https://git.jami.net/savoirfairelinux/jami-jams.git
synced 2025-10-30 07:57:19 +08:00
modified variable names
This commit is contained in:
Felix Sidokhine
@ -1,5 +1,5 @@
|
||||
module cryptoengine {
|
||||
exports net.jami.jams.cryptoengine;
|
||||
module jams.ca {
|
||||
exports net.jami.jams.ca;
|
||||
requires jams.common;
|
||||
requires org.bouncycastle.pkix;
|
||||
requires lombok;
|
||||
@ -1,4 +1,4 @@
|
||||
package net.jami.jams.cryptoengine;
|
||||
package net.jami.jams.ca;
|
||||
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import net.jami.jams.common.cryptoengineapi.CertificateAuthority;
|
||||
@ -6,21 +6,19 @@ import net.jami.jams.common.objects.devices.Device;
|
||||
import net.jami.jams.common.objects.requests.RevocationRequest;
|
||||
import net.jami.jams.common.objects.system.SystemAccount;
|
||||
import net.jami.jams.common.objects.user.User;
|
||||
import net.jami.jams.cryptoengine.workers.crl.CRLWorker;
|
||||
import net.jami.jams.cryptoengine.workers.csr.CertificateWorker;
|
||||
import net.jami.jams.cryptoengine.workers.ocsp.OCSPWorker;
|
||||
import net.jami.jams.ca.workers.crl.CRLWorker;
|
||||
import net.jami.jams.ca.workers.csr.CertificateWorker;
|
||||
import net.jami.jams.ca.workers.ocsp.OCSPWorker;
|
||||
import org.bouncycastle.cert.X509CRLHolder;
|
||||
import org.bouncycastle.cert.ocsp.OCSPReq;
|
||||
import org.bouncycastle.cert.ocsp.OCSPResp;
|
||||
import org.bouncycastle.jce.provider.BouncyCastleProvider;
|
||||
import org.bouncycastle.util.encoders.Hex;
|
||||
|
||||
import java.security.MessageDigest;
|
||||
import java.security.Security;
|
||||
import java.util.concurrent.atomic.AtomicReference;
|
||||
|
||||
@Slf4j
|
||||
public class CryptoEngine implements CertificateAuthority {
|
||||
public class JamsCA implements CertificateAuthority {
|
||||
|
||||
|
||||
//These are the workers which are responsible for CRL/OCSP, they have an odd relationship.
|
||||
@ -48,7 +46,7 @@ public class CryptoEngine implements CertificateAuthority {
|
||||
serverDomain = domain;
|
||||
CA = ca;
|
||||
OCSP = ocsp;
|
||||
CryptoEngine.signingAlgorithm = signingAlgorithm;
|
||||
JamsCA.signingAlgorithm = signingAlgorithm;
|
||||
crlWorker = new CRLWorker(CA.getPrivateKey(), CA.getCertificate());
|
||||
}
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
package net.jami.jams.cryptoengine.workers;
|
||||
package net.jami.jams.ca.workers;
|
||||
|
||||
import lombok.Getter;
|
||||
import lombok.Setter;
|
||||
@ -1,10 +1,10 @@
|
||||
package net.jami.jams.cryptoengine.workers.crl;
|
||||
package net.jami.jams.ca.workers.crl;
|
||||
|
||||
import lombok.Getter;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import net.jami.jams.common.objects.requests.RevocationRequest;
|
||||
import net.jami.jams.cryptoengine.CryptoEngine;
|
||||
import net.jami.jams.cryptoengine.workers.X509Worker;
|
||||
import net.jami.jams.ca.JamsCA;
|
||||
import net.jami.jams.ca.workers.X509Worker;
|
||||
import org.bouncycastle.asn1.x500.X500Name;
|
||||
import org.bouncycastle.asn1.x509.CRLReason;
|
||||
import org.bouncycastle.cert.X509CRLHolder;
|
||||
@ -59,7 +59,7 @@ public class CRLWorker extends X509Worker<RevocationRequest> {
|
||||
needsRefresh = false;
|
||||
}
|
||||
synchronized (getInput()){
|
||||
getInput().wait(CryptoEngine.crlLifetime - 10_000);
|
||||
getInput().wait(JamsCA.crlLifetime - 10_000);
|
||||
needsRefresh = true;
|
||||
}
|
||||
}
|
||||
@ -1,12 +1,12 @@
|
||||
package net.jami.jams.cryptoengine.workers.csr;
|
||||
package net.jami.jams.ca.workers.csr;
|
||||
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import net.jami.jams.common.objects.devices.Device;
|
||||
import net.jami.jams.common.objects.system.SystemAccount;
|
||||
import net.jami.jams.common.objects.user.User;
|
||||
import net.jami.jams.cryptoengine.workers.csr.builders.DeviceBuilder;
|
||||
import net.jami.jams.cryptoengine.workers.csr.builders.SystemAccountBuilder;
|
||||
import net.jami.jams.cryptoengine.workers.csr.builders.UserBuilder;
|
||||
import net.jami.jams.ca.workers.csr.builders.DeviceBuilder;
|
||||
import net.jami.jams.ca.workers.csr.builders.SystemAccountBuilder;
|
||||
import net.jami.jams.ca.workers.csr.builders.UserBuilder;
|
||||
|
||||
@Slf4j
|
||||
public class CertificateWorker {
|
||||
@ -1,11 +1,11 @@
|
||||
package net.jami.jams.cryptoengine.workers.csr.builders;
|
||||
package net.jami.jams.ca.workers.csr.builders;
|
||||
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import net.jami.jams.common.objects.devices.Device;
|
||||
import net.jami.jams.common.objects.user.User;
|
||||
import net.jami.jams.cryptoengine.CryptoEngine;
|
||||
import net.jami.jams.cryptoengine.workers.csr.utils.CertificateSigner;
|
||||
import net.jami.jams.cryptoengine.workers.csr.utils.ExtensionLibrary;
|
||||
import net.jami.jams.ca.JamsCA;
|
||||
import net.jami.jams.ca.workers.csr.utils.CertificateSigner;
|
||||
import net.jami.jams.ca.workers.csr.utils.ExtensionLibrary;
|
||||
import org.bouncycastle.cert.X509v3CertificateBuilder;
|
||||
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
|
||||
|
||||
@ -22,7 +22,7 @@ public class DeviceBuilder {
|
||||
new JcaX509CertificateHolder(user.getCertificate()).getSubject(),
|
||||
new BigInteger(256, new SecureRandom()),
|
||||
new Date(System.currentTimeMillis()),
|
||||
new Date(System.currentTimeMillis() + CryptoEngine.deviceLifetime),
|
||||
new Date(System.currentTimeMillis() + JamsCA.deviceLifetime),
|
||||
device.getCertificationRequest().getSubject(),
|
||||
device.getCertificationRequest().getSubjectPublicKeyInfo()
|
||||
);
|
||||
@ -1,10 +1,10 @@
|
||||
package net.jami.jams.cryptoengine.workers.csr.builders;
|
||||
package net.jami.jams.ca.workers.csr.builders;
|
||||
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import net.jami.jams.common.objects.system.SystemAccount;
|
||||
import net.jami.jams.cryptoengine.CryptoEngine;
|
||||
import net.jami.jams.cryptoengine.workers.csr.utils.CertificateSigner;
|
||||
import net.jami.jams.cryptoengine.workers.csr.utils.ExtensionLibrary;
|
||||
import net.jami.jams.ca.JamsCA;
|
||||
import net.jami.jams.ca.workers.csr.utils.CertificateSigner;
|
||||
import net.jami.jams.ca.workers.csr.utils.ExtensionLibrary;
|
||||
import org.bouncycastle.asn1.x500.X500Name;
|
||||
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
|
||||
import org.bouncycastle.cert.X509v3CertificateBuilder;
|
||||
@ -29,7 +29,7 @@ public class SystemAccountBuilder {
|
||||
new X500Name("CN=" + systemAccount.getX509Fields().getDN()),
|
||||
new BigInteger(256, new SecureRandom()),
|
||||
new Date(System.currentTimeMillis()),
|
||||
new Date(System.currentTimeMillis() + CryptoEngine.caLifetime),
|
||||
new Date(System.currentTimeMillis() + JamsCA.caLifetime),
|
||||
new X500Name("CN="+ systemAccount.getX509Fields().getDN()),
|
||||
SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded())
|
||||
);
|
||||
@ -51,15 +51,15 @@ public class SystemAccountBuilder {
|
||||
keyPairGenerator.initialize(4096);
|
||||
KeyPair keyPair = keyPairGenerator.generateKeyPair();
|
||||
X509v3CertificateBuilder builder = new X509v3CertificateBuilder(
|
||||
new JcaX509CertificateHolder(CryptoEngine.CA.getCertificate()).getSubject(),
|
||||
new JcaX509CertificateHolder(JamsCA.CA.getCertificate()).getSubject(),
|
||||
new BigInteger(256, new SecureRandom()),
|
||||
new Date(System.currentTimeMillis()),
|
||||
new Date(System.currentTimeMillis() + CryptoEngine.caLifetime),
|
||||
new Date(System.currentTimeMillis() + JamsCA.caLifetime),
|
||||
new X500Name("CN=" + systemAccount.getX509Fields().getDN()),
|
||||
SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded())
|
||||
);
|
||||
systemAccount.setPrivateKey(keyPair.getPrivate());
|
||||
systemAccount.setCertificate(CertificateSigner.signCertificate(CryptoEngine.CA.getPrivateKey(), builder, ExtensionLibrary.caExtensions));
|
||||
systemAccount.setCertificate(CertificateSigner.signCertificate(JamsCA.CA.getPrivateKey(), builder, ExtensionLibrary.caExtensions));
|
||||
return systemAccount;
|
||||
}
|
||||
catch (Exception e){
|
||||
@ -1,10 +1,10 @@
|
||||
package net.jami.jams.cryptoengine.workers.csr.builders;
|
||||
package net.jami.jams.ca.workers.csr.builders;
|
||||
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import net.jami.jams.common.objects.user.User;
|
||||
import net.jami.jams.cryptoengine.CryptoEngine;
|
||||
import net.jami.jams.cryptoengine.workers.csr.utils.CertificateSigner;
|
||||
import net.jami.jams.cryptoengine.workers.csr.utils.ExtensionLibrary;
|
||||
import net.jami.jams.ca.JamsCA;
|
||||
import net.jami.jams.ca.workers.csr.utils.CertificateSigner;
|
||||
import net.jami.jams.ca.workers.csr.utils.ExtensionLibrary;
|
||||
import org.bouncycastle.asn1.x500.X500Name;
|
||||
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
|
||||
import org.bouncycastle.cert.X509v3CertificateBuilder;
|
||||
@ -25,15 +25,15 @@ public class UserBuilder {
|
||||
keyPairGenerator.initialize(4096);
|
||||
KeyPair keyPair = keyPairGenerator.generateKeyPair();
|
||||
X509v3CertificateBuilder builder = new X509v3CertificateBuilder(
|
||||
new JcaX509CertificateHolder(CryptoEngine.CA.getCertificate()).getSubject(),
|
||||
new JcaX509CertificateHolder(JamsCA.CA.getCertificate()).getSubject(),
|
||||
new BigInteger(256, new SecureRandom()),
|
||||
new Date(System.currentTimeMillis()),
|
||||
new Date(System.currentTimeMillis() + CryptoEngine.userLifetime),
|
||||
new Date(System.currentTimeMillis() + JamsCA.userLifetime),
|
||||
new X500Name(user.getX509Fields().getDN()),
|
||||
SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded())
|
||||
);
|
||||
user.setPrivateKey(keyPair.getPrivate());
|
||||
user.setCertificate(CertificateSigner.signCertificate(CryptoEngine.CA.getPrivateKey(),builder, ExtensionLibrary.userExtensions));
|
||||
user.setCertificate(CertificateSigner.signCertificate(JamsCA.CA.getPrivateKey(),builder, ExtensionLibrary.userExtensions));
|
||||
return user;
|
||||
}
|
||||
catch (Exception e){
|
||||
@ -1,4 +1,4 @@
|
||||
package net.jami.jams.cryptoengine.workers.csr.utils;
|
||||
package net.jami.jams.ca.workers.csr.utils;
|
||||
|
||||
import lombok.Getter;
|
||||
import lombok.Setter;
|
||||
@ -1,7 +1,7 @@
|
||||
package net.jami.jams.cryptoengine.workers.csr.utils;
|
||||
package net.jami.jams.ca.workers.csr.utils;
|
||||
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import net.jami.jams.cryptoengine.CryptoEngine;
|
||||
import net.jami.jams.ca.JamsCA;
|
||||
import org.bouncycastle.asn1.ASN1Encodable;
|
||||
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
|
||||
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
|
||||
@ -30,7 +30,7 @@ public class CertificateSigner {
|
||||
certificateBuilder.addExtension((ASN1ObjectIdentifier) extensions[0],(boolean) extensions[1],(ASN1Encodable) extensions[2]);
|
||||
}
|
||||
//Initialize the signing.
|
||||
AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(CryptoEngine.signingAlgorithm);
|
||||
AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(JamsCA.signingAlgorithm);
|
||||
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
|
||||
AsymmetricKeyParameter asymmetricKeyParameter = PrivateKeyFactory.createKey(privateKey.getEncoded());
|
||||
//Sign the certificate.
|
||||
@ -1,6 +1,6 @@
|
||||
package net.jami.jams.cryptoengine.workers.csr.utils;
|
||||
package net.jami.jams.ca.workers.csr.utils;
|
||||
|
||||
import net.jami.jams.cryptoengine.CryptoEngine;
|
||||
import net.jami.jams.ca.JamsCA;
|
||||
import org.bouncycastle.asn1.x509.*;
|
||||
|
||||
public class ExtensionLibrary {
|
||||
@ -16,14 +16,14 @@ public class ExtensionLibrary {
|
||||
//Pre-Define the CRL Distribution Point
|
||||
DistributionPoint[] distPoints = new DistributionPoint[1];
|
||||
distPoints[0] = new DistributionPoint(new DistributionPointName(
|
||||
new GeneralNames(new GeneralName(SCHEMA, CryptoEngine.serverDomain + "/api/auth/crl")))
|
||||
new GeneralNames(new GeneralName(SCHEMA, JamsCA.serverDomain + "/api/auth/crl")))
|
||||
, null, null
|
||||
);
|
||||
|
||||
//Pre-Define the AIA Point
|
||||
AccessDescription accessDescription = new AccessDescription(
|
||||
AccessDescription.id_ad_ocsp,
|
||||
new GeneralName(SCHEMA,CryptoEngine.serverDomain + "/api/auth/ocsp")
|
||||
new GeneralName(SCHEMA, JamsCA.serverDomain + "/api/auth/ocsp")
|
||||
);
|
||||
|
||||
//CA Extensions.
|
||||
@ -1,7 +1,7 @@
|
||||
package net.jami.jams.cryptoengine.workers.ocsp;
|
||||
package net.jami.jams.ca.workers.ocsp;
|
||||
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import net.jami.jams.cryptoengine.workers.X509Worker;
|
||||
import net.jami.jams.ca.workers.X509Worker;
|
||||
|
||||
import java.security.PrivateKey;
|
||||
import java.security.cert.X509Certificate;
|
||||
@ -1,4 +1,4 @@
|
||||
package net.jami.jams.cryptoengine.workers.csr.builders;
|
||||
package net.jami.jams.ca.workers.csr.builders;
|
||||
|
||||
import net.jami.jams.common.authentication.AuthenticationSourceType;
|
||||
import net.jami.jams.common.objects.devices.Device;
|
||||
@ -9,7 +9,7 @@ import net.jami.jams.common.objects.system.SystemAccount;
|
||||
import net.jami.jams.common.objects.system.SystemAccountType;
|
||||
import net.jami.jams.common.objects.user.User;
|
||||
import net.jami.jams.common.utils.X509Utils;
|
||||
import net.jami.jams.cryptoengine.CryptoEngine;
|
||||
import net.jami.jams.ca.JamsCA;
|
||||
import org.junit.jupiter.api.Assertions;
|
||||
import org.junit.jupiter.api.BeforeAll;
|
||||
import org.junit.jupiter.api.Test;
|
||||
@ -23,8 +23,8 @@ class SystemAccountBuilderTest {
|
||||
|
||||
@BeforeAll
|
||||
static void setUp() throws Exception{
|
||||
CryptoEngine.serverDomain = "https://localhost";
|
||||
CryptoEngine.signingAlgorithm = "SHA512WITHRSA";
|
||||
JamsCA.serverDomain = "https://localhost";
|
||||
JamsCA.signingAlgorithm = "SHA512WITHRSA";
|
||||
InputStream path;
|
||||
ClassLoader classLoader = Thread.currentThread().getContextClassLoader();
|
||||
path = classLoader.getResourceAsStream("pkcs10request.txt");
|
||||
@ -41,7 +41,7 @@ class SystemAccountBuilderTest {
|
||||
caAccount = SystemAccountBuilder.generateCA(caAccount);
|
||||
Assertions.assertNotNull(caAccount.getCertificate(),"CA Certificate was not generated!");
|
||||
|
||||
CryptoEngine.CA = caAccount;
|
||||
JamsCA.CA = caAccount;
|
||||
|
||||
//Generate OCSP
|
||||
SystemAccount ocspAccount = new SystemAccount();
|
||||
@ -77,27 +77,27 @@ class SystemAccountBuilderTest {
|
||||
caAccount = SystemAccountBuilder.generateCA(caAccount);
|
||||
Assertions.assertNotNull(caAccount.getCertificate(),"CA Certificate was not generated!");
|
||||
|
||||
CryptoEngine cryptoEngine = new CryptoEngine();
|
||||
cryptoEngine.init("http://localhost","SHA512WITHRSA",caAccount,null);
|
||||
JamsCA jamsCA = new JamsCA();
|
||||
jamsCA.init("http://localhost","SHA512WITHRSA",caAccount,null);
|
||||
RevocationRequest revocationRequest = new RevocationRequest();
|
||||
revocationRequest.setIdentifier(new BigInteger("91828882"));
|
||||
revocationRequest.setRevocationType(RevocationType.USER);
|
||||
cryptoEngine.revokeCertificate(revocationRequest);
|
||||
jamsCA.revokeCertificate(revocationRequest);
|
||||
synchronized (this){
|
||||
this.wait(2_000);
|
||||
}
|
||||
Assertions.assertNotNull(cryptoEngine.getLatestCRL());
|
||||
Assertions.assertEquals(cryptoEngine.getLatestCRL().get().getRevokedCertificates().toArray().length,1,"Expected only 1 certificate!");
|
||||
Assertions.assertNotNull(jamsCA.getLatestCRL());
|
||||
Assertions.assertEquals(jamsCA.getLatestCRL().get().getRevokedCertificates().toArray().length,1,"Expected only 1 certificate!");
|
||||
|
||||
revocationRequest = new RevocationRequest();
|
||||
revocationRequest.setIdentifier(new BigInteger("17262653"));
|
||||
revocationRequest.setRevocationType(RevocationType.USER);
|
||||
cryptoEngine.revokeCertificate(revocationRequest);
|
||||
jamsCA.revokeCertificate(revocationRequest);
|
||||
synchronized (this){
|
||||
this.wait(2_000);
|
||||
}
|
||||
Assertions.assertNotNull(cryptoEngine.getLatestCRL());
|
||||
Assertions.assertEquals(cryptoEngine.getLatestCRL().get().getRevokedCertificates().toArray().length,2,"Expected only 2 certificates!");
|
||||
Assertions.assertNotNull(jamsCA.getLatestCRL());
|
||||
Assertions.assertEquals(jamsCA.getLatestCRL().get().getRevokedCertificates().toArray().length,2,"Expected only 2 certificates!");
|
||||
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
module jams.server {
|
||||
requires cryptoengine;
|
||||
requires jams.ca;
|
||||
requires jams.common;
|
||||
requires java.management;
|
||||
requires lombok;
|
||||
|
||||
@ -48,7 +48,7 @@ public class Server {
|
||||
userAuthenticationModule = new UserAuthenticationModule();
|
||||
//Test block
|
||||
//Step 2: if the server is initialized,
|
||||
certificateAuthority = CryptoEngineLoader.loadCryptoEngine(dataStore);
|
||||
certificateAuthority = CryptoEngineLoader.loadCertificateAuthority(dataStore);
|
||||
isInstalled.set(new File(System.getProperty("user.dir") + File.separator + "config.json").exists());
|
||||
log.info("Server is already installed: " + isInstalled.get());
|
||||
|
||||
|
||||
@ -6,16 +6,15 @@ import net.jami.jams.common.cryptoengineapi.CertificateAuthority;
|
||||
import net.jami.jams.common.dao.StatementElement;
|
||||
import net.jami.jams.common.dao.StatementList;
|
||||
import net.jami.jams.common.objects.system.SystemAccount;
|
||||
import net.jami.jams.server.Server;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
@Slf4j
|
||||
public class CryptoEngineLoader {
|
||||
|
||||
public static CertificateAuthority loadCryptoEngine(DataStore dataStore){
|
||||
public static CertificateAuthority loadCertificateAuthority(DataStore dataStore){
|
||||
try {
|
||||
Class<?> cls = LibraryLoader.classLoader.loadClass("net.jami.jams.cryptoengine.CryptoEngine");
|
||||
Class<?> cls = LibraryLoader.classLoader.loadClass("net.jami.jams.ca.JamsCA");
|
||||
CertificateAuthority certificateAuthority = (CertificateAuthority) cls.getConstructor().newInstance();
|
||||
StatementList statementList = new StatementList();
|
||||
statementList.addStatement(new StatementElement("entity","=","CA",""));
|
||||
|
||||
Reference in New Issue
Block a user