Menu
▾
▴
[Neuclear-develop] neuclear-id/src/java/org/neuclear/signers/commandline CommandLineSigner.java,1.9,1.10 IdentityCreator.java,1.1,1.2
|
From: <pe...@us...> - 2003-10-29 21:16:30
|
Update of /cvsroot/neuclear/neuclear-id/src/java/org/neuclear/signers/commandline In directory sc8-pr-cvs1:/tmp/cvs-serv29589/src/java/org/neuclear/signers/commandline Modified Files: CommandLineSigner.java IdentityCreator.java Log Message: Refactored the whole signing process. Now we have an interface called Signer which is the old SignerStore. To use it you pass a byte array and an alias. The sign method then returns the signature. If a Signer needs a passphrase it uses a PassPhraseAgent to present a dialogue box, read it from a command line etc. This new Signer pattern allows us to use secure signing hardware such as N-Cipher in the future for server applications as well as SmartCards for end user applications. Index: CommandLineSigner.java =================================================================== RCS file: /cvsroot/neuclear/neuclear-id/src/java/org/neuclear/signers/commandline/CommandLineSigner.java,v retrieving revision 1.9 retrieving revision 1.10 diff -C2 -d -r1.9 -r1.10 *** CommandLineSigner.java 28 Oct 2003 23:44:35 -0000 1.9 --- CommandLineSigner.java 29 Oct 2003 21:16:27 -0000 1.10 *************** *** 1,7 **** /* $Id$ * $Log$ * Revision 1.9 2003/10/28 23:44:35 pelle ! * The PassPhraseDialogue now works. It simply presents itself as a simple modal dialog box asking for a passphrase. ! * The two SignerStore implementations both use it for the passphrase. * * Revision 1.8 2003/10/25 00:39:54 pelle --- 1,14 ---- /* $Id$ * $Log$ + * Revision 1.10 2003/10/29 21:16:27 pelle + * Refactored the whole signing process. Now we have an interface called Signer which is the old SignerStore. + * To use it you pass a byte array and an alias. The sign method then returns the signature. + * If a Signer needs a passphrase it uses a PassPhraseAgent to present a dialogue box, read it from a command line etc. + * This new Signer pattern allows us to use secure signing hardware such as N-Cipher in the future for server applications as well + * as SmartCards for end user applications. + * * Revision 1.9 2003/10/28 23:44:35 pelle ! * The GuiDialogAgent now works. It simply presents itself as a simple modal dialog box asking for a passphrase. ! * The two Signer implementations both use it for the passphrase. * * Revision 1.8 2003/10/25 00:39:54 pelle *************** *** 57,61 **** * * Revision 1.12 2003/02/18 00:06:15 pelle ! * Moved the SignerStore's into xml-sig * * Revision 1.11 2003/02/16 00:26:18 pelle --- 64,68 ---- * * Revision 1.12 2003/02/18 00:06:15 pelle ! * Moved the Signer's into xml-sig * * Revision 1.11 2003/02/16 00:26:18 pelle *************** *** 105,109 **** * Revision 1.3 2002/10/06 00:39:29 pelle * I have now expanded support for different types of Signers. ! * There is now a JCESignerStore which uses a JCE KeyStore for signing. * I have refactored the SigningServlet a bit, eliminating most of the demo code. * This has been moved into DemoSigningServlet. --- 112,116 ---- * Revision 1.3 2002/10/06 00:39:29 pelle * I have now expanded support for different types of Signers. ! * There is now a JCESigner which uses a JCE KeyStore for signing. * I have refactored the SigningServlet a bit, eliminating most of the demo code. * This has been moved into DemoSigningServlet. *************** *** 141,147 **** --- 148,157 ---- import org.apache.commons.cli.*; import org.dom4j.Document; + import org.neuclear.commons.configuration.Configuration; + import org.neuclear.commons.configuration.ConfigurationException; import org.neuclear.id.SignedNamedObject; import org.neuclear.id.builders.NamedObjectBuilder; import org.neudist.crypto.CryptoTools; + import org.neudist.crypto.Signer; import org.neudist.utils.Utility; import org.neudist.xml.XMLException; *************** *** 149,154 **** import java.io.*; - import java.security.*; - import java.security.cert.CertificateException; /** --- 159,162 ---- *************** *** 157,161 **** */ public class CommandLineSigner { ! public CommandLineSigner(String args[]) throws ParseException, NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException { CryptoTools.ensureProvider(); --- 165,169 ---- */ public class CommandLineSigner { ! public CommandLineSigner(String args[]) throws ParseException, ConfigurationException { CryptoTools.ensureProvider(); *************** *** 165,169 **** cmd = clparser.parse(options, args); checkArguments(); ! ks = loadKeyStore(); alias = cmd.getOptionValue("a"); of = cmd.getOptionValue("o"); --- 173,178 ---- cmd = clparser.parse(options, args); checkArguments(); ! // agent=(PassPhraseAgent)Configuration.getComponent(PassPhraseAgent.class,"neuclear-id"); ! sig = (Signer) Configuration.getComponent(Signer.class, "neuclear-id"); alias = cmd.getOptionValue("a"); of = cmd.getOptionValue("o"); *************** *** 206,224 **** String password = Utility.denullString(cmd.getOptionValue("p"), cmd.getOptionValue("j")); // If we dont specify a password it defaults to ks password ! KeyPair kp = CryptoTools.getKeyPair(ks, alias, password.toCharArray()); ! ! if (kp == null) { System.err.println("Key with alias: " + alias + " doesnt exist"); System.exit(1); } - PrivateKey key = kp.getPrivate(); System.err.println("Signing by " + alias + " ..."); ! subject.sign(key); ! System.err.print("Verifying..."); ! if (subject.verifySignature(kp.getPublic())) ! System.err.println("ok"); ! else ! System.err.println("FAIL"); } --- 215,225 ---- String password = Utility.denullString(cmd.getOptionValue("p"), cmd.getOptionValue("j")); // If we dont specify a password it defaults to ks password ! if (sig.canSignFor(alias)) { System.err.println("Key with alias: " + alias + " doesnt exist"); System.exit(1); } System.err.println("Signing by " + alias + " ..."); ! subject.sign(alias, sig); } *************** *** 240,253 **** } - private KeyStore loadKeyStore() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException { - String ksf = cmd.getOptionValue("s"); - String kstype = cmd.getOptionValue("t"); - String kspassword = cmd.getOptionValue("j"); - File keystoreFile = new File(Utility.denullString(ksf, keystore)); - KeyStore ks = KeyStore.getInstance(Utility.denullString(kstype, KeyStore.getDefaultType())); - ks.load(new FileInputStream(keystoreFile), Utility.denullString(kspassword).toCharArray()); - return ks; - } - protected NamedObjectBuilder build() throws Exception { String sf = cmd.getOptionValue("i"); --- 241,244 ---- *************** *** 275,283 **** // add t option ! options.addOption("s", "keystore", true, "specify KeyStore"); ! options.addOption("t", "keystoretype", true, "specify KeyStore Type"); ! options.addOption("j", "keystorepassword", true, "specify KeyStore Password"); options.addOption("a", "alias", true, "specify Key Alias in KeyStore"); ! options.addOption("p", "password", true, "specify Alias Password"); options.addOption("o", "outputfile", true, "specify Output File"); --- 266,274 ---- // add t option ! // options.addOption("s", "keystore", true, "specify KeyStore"); ! // options.addOption("t", "keystoretype", true, "specify KeyStore Type"); ! // options.addOption("j", "keystorepassword", true, "specify KeyStore Password"); options.addOption("a", "alias", true, "specify Key Alias in KeyStore"); ! // options.addOption("p", "password", true, "specify Alias Password"); options.addOption("o", "outputfile", true, "specify Output File"); *************** *** 295,300 **** protected Options options; public final static String keystore = System.getProperty("user.home") + "/.keystore"; ! protected final KeyStore ks; protected String alias; protected String of; } --- 286,293 ---- protected Options options; public final static String keystore = System.getProperty("user.home") + "/.keystore"; ! protected final Signer sig; ! // protected final PassPhraseAgent agent; protected String alias; protected String of; + } Index: IdentityCreator.java =================================================================== RCS file: /cvsroot/neuclear/neuclear-id/src/java/org/neuclear/signers/commandline/IdentityCreator.java,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** IdentityCreator.java 25 Oct 2003 00:39:54 -0000 1.1 --- IdentityCreator.java 29 Oct 2003 21:16:27 -0000 1.2 *************** *** 1,4 **** --- 1,11 ---- /* $Id$ * $Log$ + * Revision 1.2 2003/10/29 21:16:27 pelle + * Refactored the whole signing process. Now we have an interface called Signer which is the old SignerStore. + * To use it you pass a byte array and an alias. The sign method then returns the signature. + * If a Signer needs a passphrase it uses a PassPhraseAgent to present a dialogue box, read it from a command line etc. + * This new Signer pattern allows us to use secure signing hardware such as N-Cipher in the future for server applications as well + * as SmartCards for end user applications. + * * Revision 1.1 2003/10/25 00:39:54 pelle * Fixed SmtpSender it now sends the messages. *************** *** 53,57 **** * * Revision 1.12 2003/02/18 00:06:15 pelle ! * Moved the SignerStore's into xml-sig * * Revision 1.11 2003/02/16 00:26:18 pelle --- 60,64 ---- * * Revision 1.12 2003/02/18 00:06:15 pelle ! * Moved the Signer's into xml-sig * * Revision 1.11 2003/02/16 00:26:18 pelle *************** *** 101,105 **** * Revision 1.3 2002/10/06 00:39:29 pelle * I have now expanded support for different types of Signers. ! * There is now a JCESignerStore which uses a JCE KeyStore for signing. * I have refactored the SigningServlet a bit, eliminating most of the demo code. * This has been moved into DemoSigningServlet. --- 108,112 ---- * Revision 1.3 2002/10/06 00:39:29 pelle * I have now expanded support for different types of Signers. ! * There is now a JCESigner which uses a JCE KeyStore for signing. * I have refactored the SigningServlet a bit, eliminating most of the demo code. * This has been moved into DemoSigningServlet. *************** *** 136,139 **** --- 143,147 ---- import org.apache.commons.cli.Options; + import org.neuclear.commons.configuration.Configuration; import org.neuclear.id.NSTools; import org.neuclear.id.builders.IdentityBuilder; *************** *** 141,148 **** import org.neuclear.id.resolver.NSResolver; import org.neuclear.senders.LogSender; import org.neudist.utils.Utility; import java.security.PublicKey; - import java.security.cert.Certificate; /** --- 149,157 ---- import org.neuclear.id.resolver.NSResolver; import org.neuclear.senders.LogSender; + import org.neuclear.signers.PublicKeySource; + import org.neudist.crypto.CryptoException; import org.neudist.utils.Utility; import java.security.PublicKey; /** *************** *** 156,159 **** --- 165,170 ---- of = Utility.denullString(of, "." + NSTools.url2path(identity) + "/root.id"); alias = Utility.denullString(alias, NSTools.getParentNSURI(identity)); + pksource = (PublicKeySource) Configuration.getComponent(PublicKeySource.class, "neuclear-id"); + } *************** *** 164,178 **** String defaultlogger = Utility.denullString(cmd.getOptionValue("l"), LogSender.LOGGER); String defaultreceiver = cmd.getOptionValue("b"); ! PublicKey newkid; ! if (!Utility.isEmpty(allow)) { ! Certificate cert = ks.getCertificate(allow); ! if (cert == null) { ! System.err.println("PublicKey: " + allow + " doesnt exist in key store"); ! System.exit(1); ! } ! newkid = cert.getPublicKey(); ! } else ! newkid = ks.getCertificate(alias).getPublicKey(); //Self Sign return new IdentityBuilder(identity, newkid, defaultstore, defaultsigner, defaultlogger, defaultreceiver); } --- 175,183 ---- String defaultlogger = Utility.denullString(cmd.getOptionValue("l"), LogSender.LOGGER); String defaultreceiver = cmd.getOptionValue("b"); ! final PublicKey newkid = pksource.getPublicKey(allow); ! if (newkid == null) ! throw new CryptoException("PublicKey not available for: " + allow); return new IdentityBuilder(identity, newkid, defaultstore, defaultsigner, defaultlogger, defaultreceiver); + } *************** *** 203,206 **** } ! private String identity; } --- 208,212 ---- } ! private final String identity; ! private final PublicKeySource pksource; } |
