Menu
▾
▴
[Neuclear-develop] neuclear-id/src/java/org/neuclear/signers/servlet DemoSigningServlet.java,1.6,1.7 SigningServlet.java,1.6,1.7
|
From: <pe...@us...> - 2003-10-29 21:16:31
|
Update of /cvsroot/neuclear/neuclear-id/src/java/org/neuclear/signers/servlet
In directory sc8-pr-cvs1:/tmp/cvs-serv29589/src/java/org/neuclear/signers/servlet
Modified Files:
DemoSigningServlet.java SigningServlet.java
Log Message:
Refactored the whole signing process. Now we have an interface called Signer which is the old SignerStore.
To use it you pass a byte array and an alias. The sign method then returns the signature.
If a Signer needs a passphrase it uses a PassPhraseAgent to present a dialogue box, read it from a command line etc.
This new Signer pattern allows us to use secure signing hardware such as N-Cipher in the future for server applications as well
as SmartCards for end user applications.
Index: DemoSigningServlet.java
===================================================================
RCS file: /cvsroot/neuclear/neuclear-id/src/java/org/neuclear/signers/servlet/DemoSigningServlet.java,v
retrieving revision 1.6
retrieving revision 1.7
diff -C2 -d -r1.6 -r1.7
*** DemoSigningServlet.java 21 Oct 2003 22:31:13 -0000 1.6
--- DemoSigningServlet.java 29 Oct 2003 21:16:27 -0000 1.7
***************
*** 2,5 ****
--- 2,12 ----
* $Id$
* $Log$
+ * Revision 1.7 2003/10/29 21:16:27 pelle
+ * Refactored the whole signing process. Now we have an interface called Signer which is the old SignerStore.
+ * To use it you pass a byte array and an alias. The sign method then returns the signature.
+ * If a Signer needs a passphrase it uses a PassPhraseAgent to present a dialogue box, read it from a command line etc.
+ * This new Signer pattern allows us to use secure signing hardware such as N-Cipher in the future for server applications as well
+ * as SmartCards for end user applications.
+ *
* Revision 1.6 2003/10/21 22:31:13 pelle
* Renamed NeudistException to NeuClearException and moved it to org.neuclear.commons where it makes more sense.
***************
*** 45,49 ****
*
* Revision 1.6 2003/02/18 00:06:15 pelle
! * Moved the SignerStore's into xml-sig
*
* Revision 1.5 2003/02/14 21:10:36 pelle
--- 52,56 ----
*
* Revision 1.6 2003/02/18 00:06:15 pelle
! * Moved the Signer's into xml-sig
*
* Revision 1.5 2003/02/14 21:10:36 pelle
***************
*** 66,70 ****
* Revision 1.1 2002/10/06 00:39:29 pelle
* I have now expanded support for different types of Signers.
! * There is now a JCESignerStore which uses a JCE KeyStore for signing.
* I have refactored the SigningServlet a bit, eliminating most of the demo code.
* This has been moved into DemoSigningServlet.
--- 73,77 ----
* Revision 1.1 2002/10/06 00:39:29 pelle
* I have now expanded support for different types of Signers.
! * There is now a JCESigner which uses a JCE KeyStore for signing.
* I have refactored the SigningServlet a bit, eliminating most of the demo code.
* This has been moved into DemoSigningServlet.
***************
*** 104,108 ****
*
* Revision 1.5 2002/09/23 15:09:18 pelle
! * Got the SimpleSignerStore working properly.
* I couldn't get SealedObjects working with BouncyCastle's Symmetric keys.
* Don't know what I was doing, so I reimplemented it. Encrypting
--- 111,115 ----
*
* Revision 1.5 2002/09/23 15:09:18 pelle
! * Got the SimpleSigner working properly.
* I couldn't get SealedObjects working with BouncyCastle's Symmetric keys.
* Don't know what I was doing, so I reimplemented it. Encrypting
***************
*** 120,137 ****
package org.neuclear.signers.servlet;
! import org.neuclear.id.InvalidIdentityException;
! import org.neuclear.id.NSTools;
! import org.neuclear.id.Identity;
! import org.neudist.crypto.signerstores.SignerStore;
! import org.neudist.crypto.signerstores.SimpleSignerStore;
! import org.neuclear.commons.NeuClearException;
!
! import javax.servlet.ServletConfig;
! import javax.servlet.ServletException;
! import java.io.File;
! import java.io.FileInputStream;
! import java.io.IOException;
! import java.security.*;
! import java.security.interfaces.RSAPrivateKey;
public class DemoSigningServlet extends SigningServlet {
--- 127,131 ----
package org.neuclear.signers.servlet;
! import java.security.KeyPairGenerator;
public class DemoSigningServlet extends SigningServlet {
***************
*** 159,163 ****
System.out.println("NEUDIST: Generating key and Identity for: " + name);
KeyPair kp = kpg.generateKeyPair();
! ((SimpleSignerStore) getKeyStore()).addKey(name, newPassword.toCharArray(), kp.getPrivate());
System.out.println("NEUDIST: Creating Identity");
Identity ns = new Identity(name, kp.getPublic(), "http://neuclear.org:8080/neudistframework/Store", "http://neuclear.org:8080/neudistframework/Signer", "http://neuclear.org:8080/neudistframework/Logger", "");//TODO Fix these values
--- 153,157 ----
System.out.println("NEUDIST: Generating key and Identity for: " + name);
KeyPair kp = kpg.generateKeyPair();
! ((SimpleSigner) getKeyStore()).addKey(name, newPassword.toCharArray(), kp.getPrivate());
System.out.println("NEUDIST: Creating Identity");
Identity ns = new Identity(name, kp.getPublic(), "http://neuclear.org:8080/neudistframework/Store", "http://neuclear.org:8080/neudistframework/Signer", "http://neuclear.org:8080/neudistframework/Logger", "");//TODO Fix these values
***************
*** 189,194 ****
}
! protected static SignerStore getKeyStore(File keyStoreFile, Object kspassword) throws GeneralSecurityException, IOException, NeuClearException {
! return new SimpleSignerStore(keyStoreFile);
}
--- 183,188 ----
}
! protected static Signer getKeyStore(File keyStoreFile, Object kspassword) throws GeneralSecurityException, IOException, NeuClearException {
! return new SimpleSigner(keyStoreFile);
}
Index: SigningServlet.java
===================================================================
RCS file: /cvsroot/neuclear/neuclear-id/src/java/org/neuclear/signers/servlet/SigningServlet.java,v
retrieving revision 1.6
retrieving revision 1.7
diff -C2 -d -r1.6 -r1.7
*** SigningServlet.java 21 Oct 2003 22:31:13 -0000 1.6
--- SigningServlet.java 29 Oct 2003 21:16:27 -0000 1.7
***************
*** 2,5 ****
--- 2,12 ----
* $Id$
* $Log$
+ * Revision 1.7 2003/10/29 21:16:27 pelle
+ * Refactored the whole signing process. Now we have an interface called Signer which is the old SignerStore.
+ * To use it you pass a byte array and an alias. The sign method then returns the signature.
+ * If a Signer needs a passphrase it uses a PassPhraseAgent to present a dialogue box, read it from a command line etc.
+ * This new Signer pattern allows us to use secure signing hardware such as N-Cipher in the future for server applications as well
+ * as SmartCards for end user applications.
+ *
* Revision 1.6 2003/10/21 22:31:13 pelle
* Renamed NeudistException to NeuClearException and moved it to org.neuclear.commons where it makes more sense.
***************
*** 42,46 ****
*
* Revision 1.16 2003/02/18 00:06:15 pelle
! * Moved the SignerStore's into xml-sig
*
* Revision 1.15 2003/02/14 21:10:36 pelle
--- 49,53 ----
*
* Revision 1.16 2003/02/18 00:06:15 pelle
! * Moved the Signer's into xml-sig
*
* Revision 1.15 2003/02/14 21:10:36 pelle
***************
*** 82,86 ****
* Revision 1.9 2002/10/06 00:39:29 pelle
* I have now expanded support for different types of Signers.
! * There is now a JCESignerStore which uses a JCE KeyStore for signing.
* I have refactored the SigningServlet a bit, eliminating most of the demo code.
* This has been moved into DemoSigningServlet.
--- 89,93 ----
* Revision 1.9 2002/10/06 00:39:29 pelle
* I have now expanded support for different types of Signers.
! * There is now a JCESigner which uses a JCE KeyStore for signing.
* I have refactored the SigningServlet a bit, eliminating most of the demo code.
* This has been moved into DemoSigningServlet.
***************
*** 120,124 ****
*
* Revision 1.5 2002/09/23 15:09:18 pelle
! * Got the SimpleSignerStore working properly.
* I couldn't get SealedObjects working with BouncyCastle's Symmetric keys.
* Don't know what I was doing, so I reimplemented it. Encrypting
--- 127,131 ----
*
* Revision 1.5 2002/09/23 15:09:18 pelle
! * Got the SimpleSigner working properly.
* I couldn't get SealedObjects working with BouncyCastle's Symmetric keys.
* Don't know what I was doing, so I reimplemented it. Encrypting
***************
*** 136,158 ****
package org.neuclear.signers.servlet;
! import org.dom4j.DocumentException;
! import org.dom4j.DocumentHelper;
! import org.dom4j.Element;
! import org.dom4j.io.OutputFormat;
! import org.dom4j.io.XMLWriter;
! import org.neuclear.id.InvalidIdentityException;
! import org.neuclear.id.NSTools;
import org.neuclear.id.SignedNamedObject;
import org.neuclear.receiver.ReceiverServlet;
! import org.neudist.crypto.signerstores.InvalidPassphraseException;
! import org.neudist.crypto.signerstores.JCESignerStore;
! import org.neudist.crypto.signerstores.NonExistingSignerException;
! import org.neudist.crypto.signerstores.SignerStore;
! import org.neuclear.commons.NeuClearException;
import org.neudist.utils.ServletTools;
import org.neudist.utils.Utility;
- import org.neudist.xml.soap.SOAPException;
- import org.neudist.xml.xmlsec.XMLSecTools;
- import org.neudist.xml.xmlsec.XMLSecurityException;
import javax.servlet.ServletConfig;
--- 143,153 ----
package org.neuclear.signers.servlet;
! import org.neuclear.commons.configuration.Configuration;
! import org.neuclear.commons.configuration.ConfigurationException;
import org.neuclear.id.SignedNamedObject;
import org.neuclear.receiver.ReceiverServlet;
! import org.neudist.crypto.Signer;
import org.neudist.utils.ServletTools;
import org.neudist.utils.Utility;
import javax.servlet.ServletConfig;
***************
*** 160,170 ****
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
- import java.io.File;
import java.io.IOException;
import java.io.PrintWriter;
- import java.io.StringWriter;
- import java.security.GeneralSecurityException;
- import java.security.KeyPairGenerator;
- import java.security.PrivateKey;
public class SigningServlet extends ReceiverServlet {
--- 155,160 ----
***************
*** 176,204 ****
System.out.println("NEUDIST: Initialising SigningServlet");
title = Utility.denullString(config.getInitParameter("title").toString(), "NeuDist Signing Service");
! File keyStoreFile = new File(config.getServletContext().getRealPath(Utility.denullString(config.getInitParameter("keystore"), System.getProperty("user.home") + "/.neuclear/signers.ks")));
! System.out.println("NEUDIST: Using KeyStore: " + keyStoreFile.getAbsolutePath());
! // ks=KeyStore.getInstance("JKS");
! // char password[]=Utility.denullString(config.getInitParameter("keystore.passphrase"),"SuperDuper").toCharArray();
! // if (!keyStoreFile.exists()) {
! // System.out.println("NEUDIST: Creating KeyStore ");
! // ks.load(null,password);
! if (ks == null) {
! ks = getKeyStore(keyStoreFile, config.getInitParameter("keystore.password"));
}
- // if (keyStoreFile.getParent()!=null)
- // keyStoreFile.getParentFile().mkdirs();
- // ks.store(new FileOutputStream(keyStoreFile),password);
- // } else {
- // System.out.println("NEUDIST: Loading KeyStore: ");
- // ks.load(new FileInputStream(keyStoreFile),password);
- // }
System.out.println("NEUDIST: Finished SigningServlet Init ");
! } catch (GeneralSecurityException e) {
! e.printStackTrace(System.out);
! } catch (IOException e) {
! e.printStackTrace(System.out);
! } catch (NeuClearException e) {
! e.printStackTrace(System.out);
}
--- 166,176 ----
System.out.println("NEUDIST: Initialising SigningServlet");
title = Utility.denullString(config.getInitParameter("title").toString(), "NeuDist Signing Service");
! if (signer == null) {
! signer = (Signer) Configuration.getComponent(Signer.class, "neuclear-id");
}
System.out.println("NEUDIST: Finished SigningServlet Init ");
! } catch (ConfigurationException e) {
! e.printStackTrace();
}
***************
*** 206,216 ****
}
- protected static SignerStore getKeyStore(File keyStoreFile, String kspassword) throws GeneralSecurityException, IOException, NeuClearException {
- return new JCESignerStore(keyStoreFile, kspassword.toCharArray());
- }
-
! protected static final SignerStore getKeyStore() {
! return ks;
}
--- 178,184 ----
}
! protected static final Signer getSigner() {
! return signer;
}
***************
*** 339,343 ****
try {
String parentName = NSTools.getParentNSURI(obj.getName());
! PrivateKey pk = ks.getKey(parentName, passphrase);
if (pk == null)
throw new NonExistingSignerException("Signing Service doesn't contain Signing keys for: " + parentName);
--- 307,311 ----
try {
String parentName = NSTools.getParentNSURI(obj.getName());
! PrivateKey pk = signer.getKey(parentName, passphrase);
if (pk == null)
throw new NonExistingSignerException("Signing Service doesn't contain Signing keys for: " + parentName);
***************
*** 357,362 ****
*/
protected javax.servlet.ServletContext context;
! private static SignerStore ks;
! private KeyPairGenerator kpg;
private String title;
--- 325,329 ----
*/
protected javax.servlet.ServletContext context;
! private static Signer signer;
private String title;
|
