Menu
▾
▴
[Neuclear-develop] neuclear-id/src/java/org/neuclear/id/tools/commandline BuildAllTopLevel.java,NONE,1.1 BuildHttpIdentity.java,NONE,1.1 CommandLineSigner.java,NONE,1.1 IdentityCreator.java,NONE,1.1
Update of /cvsroot/neuclear/neuclear-id/src/java/org/neuclear/id/tools/commandline In directory sc8-pr-cvs1:/tmp/cvs-serv16140/src/java/org/neuclear/id/tools/commandline Added Files: BuildAllTopLevel.java BuildHttpIdentity.java CommandLineSigner.java IdentityCreator.java Log Message: IdentityCreator is now the default class of the uber jar. It has many new features such as: - Self signed certificates - Unsigned Certificates (for external signing) - Signing of Externally generated Certificates - Command Line verification of an Identity name CachedSource now supports freshness. It needs to be tested a bit more thoroughly though. Documentation including the bdg has been updated to reflect these changes. --- NEW FILE: BuildAllTopLevel.java --- package org.neuclear.id.tools.commandline; import org.neuclear.commons.NeuClearException; import org.neuclear.commons.crypto.passphraseagents.GuiDialogAgent; import org.neuclear.commons.crypto.signers.*; import org.neuclear.id.SignedNamedObject; import org.neuclear.id.builders.IdentityBuilder; import org.neuclear.store.FileStore; import org.neuclear.store.Store; import org.neuclear.xml.XMLException; import java.io.FileNotFoundException; import java.security.GeneralSecurityException; /* NeuClear Distributed Transaction Clearing Platform (C) 2003 Pelle Braendgaard This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA $Id: BuildAllTopLevel.java,v 1.1 2003/12/09 23:41:44 pelle Exp $ $Log: BuildAllTopLevel.java,v $ Revision 1.1 2003/12/09 23:41:44 pelle IdentityCreator is now the default class of the uber jar. It has many new features such as: - Self signed certificates - Unsigned Certificates (for external signing) - Signing of Externally generated Certificates - Command Line verification of an Identity name CachedSource now supports freshness. It needs to be tested a bit more thoroughly though. Documentation including the bdg has been updated to reflect these changes. Revision 1.3 2003/12/08 19:32:32 pelle Added support for the http scheme into ID. See http://neuclear.org/archives/000195.html Revision 1.2 2003/11/21 04:45:13 pelle EncryptedFileStore now works. It uses the PBECipher with DES3 afair. Otherwise You will Finaliate. Anything that can be final has been made final throughout everyting. We've used IDEA's Inspector tool to find all instance of variables that could be final. This should hopefully make everything more stable (and secure). Revision 1.1 2003/11/20 23:42:24 pelle Getting all the tests to work in id Removing usage of BC in CryptoTools as it was causing issues. First version of EntityLedger that will use OFB's EntityEngine. This will allow us to support a vast amount databases without writing SQL. (Yipee) */ /** * User: pelleb * Date: Nov 20, 2003 * Time: 3:26:45 PM */ public final class BuildAllTopLevel { public static SignedNamedObject createIdentities(final String name, final Signer signer, final PublicKeySource pubsource) throws NeuClearException, XMLException { final IdentityBuilder id = new IdentityBuilder( name, pubsource.getPublicKey(name), "http://repository.neuclear.org", "http://users.neuclear.org:8080/Signer", "http://logger.neuclear.org", "mailto:pe...@ne..."); System.out.println("Signing: " + name); return id.sign(signer); } public static void main(final String[] args) { try { final JCESigner rootsig = new DefaultSigner(new GuiDialogAgent()); final JCESigner testsig = new TestCaseSigner(); final Store store = new FileStore("target/testdata/repository"); store.receive(createIdentities("neu://", rootsig, rootsig)); store.receive(createIdentities("neu://test", rootsig, testsig)); store.receive(createIdentities("neu://pelle@neuclear.org", rootsig, rootsig)); store.receive(createIdentities("neu://pelle", rootsig, rootsig)); store.receive(createIdentities("neu://verax", rootsig, rootsig)); store.receive(createIdentities("neu://bob@test", testsig, testsig)); store.receive(createIdentities("neu://alice@test", testsig, testsig)); } catch (NeuClearException e) { e.printStackTrace(); } catch (GeneralSecurityException e) { e.printStackTrace(); } catch (FileNotFoundException e) { e.printStackTrace(); } catch (XMLException e) { e.printStackTrace(); } } } --- NEW FILE: BuildHttpIdentity.java --- package org.neuclear.id.tools.commandline; import org.neuclear.commons.NeuClearException; import org.neuclear.commons.Utility; import org.neuclear.commons.crypto.passphraseagents.GuiDialogAgent; import org.neuclear.commons.crypto.passphraseagents.CommandLineAgent; import org.neuclear.commons.crypto.signers.*; import org.neuclear.id.SignedNamedObject; import org.neuclear.id.NSTools; import org.neuclear.id.builders.IdentityBuilder; import org.neuclear.store.FileStore; import org.neuclear.store.Store; import org.neuclear.xml.XMLException; import java.io.*; import java.security.GeneralSecurityException; /* NeuClear Distributed Transaction Clearing Platform (C) 2003 Pelle Braendgaard This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA $Id: BuildHttpIdentity.java,v 1.1 2003/12/09 23:41:44 pelle Exp $ $Log: BuildHttpIdentity.java,v $ Revision 1.1 2003/12/09 23:41:44 pelle IdentityCreator is now the default class of the uber jar. It has many new features such as: - Self signed certificates - Unsigned Certificates (for external signing) - Signing of Externally generated Certificates - Command Line verification of an Identity name CachedSource now supports freshness. It needs to be tested a bit more thoroughly though. Documentation including the bdg has been updated to reflect these changes. Revision 1.2 2003/12/08 22:05:08 pelle Some further documentation. Added the start of a busy developers guide form neuclear-id Revision 1.1 2003/12/08 19:32:32 pelle Added support for the http scheme into ID. See http://neuclear.org/archives/000195.html Revision 1.2 2003/11/21 04:45:13 pelle EncryptedFileStore now works. It uses the PBECipher with DES3 afair. Otherwise You will Finaliate. Anything that can be final has been made final throughout everyting. We've used IDEA's Inspector tool to find all instance of variables that could be final. This should hopefully make everything more stable (and secure). Revision 1.1 2003/11/20 23:42:24 pelle Getting all the tests to work in id Removing usage of BC in CryptoTools as it was causing issues. First version of EntityLedger that will use OFB's EntityEngine. This will allow us to support a vast amount databases without writing SQL. (Yipee) */ /** * User: pelleb * Date: Nov 20, 2003 * Time: 3:26:45 PM */ public final class BuildHttpIdentity { public static void main(final String[] args) { try { if (args.length<2){ System.err.println("Usage: java org.neuclear.id.tools.commandline.BuildHttpIdentity name receiver"); System.err.println("eg. java org.neuclear.id.tools.commandline.BuildHttpIdentity neu://neuclear.org mailto:bo...@ne..."); System.exit(1); } final JCESigner rootsig = new DefaultSigner(new GuiDialogAgent()); createIdentity(args[0], rootsig,args[1]); } catch (NeuClearException e) { e.printStackTrace(); } catch (GeneralSecurityException e) { e.printStackTrace(); } catch (FileNotFoundException e) { e.printStackTrace(); } catch (XMLException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); //To change body of catch statement use Options | File Templates. } System.exit(0); } private static void createIdentity(final String name, final JCESigner rootsig,String receiver) throws NeuClearException, XMLException, IOException { System.out.println("Creating "+name); String store = NSTools.isHttpScheme(name); boolean isTopLevel=!Utility.isEmpty(store); if (!isTopLevel) { // If this isn't a top level we will derive the repository from its parent. store=NSTools.isHttpScheme(NSTools.getParentNSURI(name)); } final IdentityBuilder id = new IdentityBuilder( name, rootsig.getPublicKey(name), store, "http://localhost:11870/Signer", "http://logger.neuclear.org", receiver); System.out.println("Signing: " + name); id.sign((isTopLevel)?name:NSTools.getParentNSURI(name),rootsig); String filename = "_NEUID"+NSTools.name2path(name)+"/root.id"; System.out.println("Saving to: "+filename); File fout=new File(filename); fout.getParentFile().mkdirs(); OutputStream os=new FileOutputStream(fout); os.write(id.canonicalize()); os.close(); } } --- NEW FILE: CommandLineSigner.java --- /* $Id: CommandLineSigner.java,v 1.1 2003/12/09 23:41:44 pelle Exp $ * $Log: CommandLineSigner.java,v $ * Revision 1.1 2003/12/09 23:41:44 pelle * IdentityCreator is now the default class of the uber jar. * It has many new features such as: * - Self signed certificates * - Unsigned Certificates (for external signing) * - Signing of Externally generated Certificates * - Command Line verification of an Identity name * * CachedSource now supports freshness. It needs to be tested a bit more thoroughly * though. * * Documentation including the bdg has been updated to reflect these changes. * * Revision 1.14 2003/11/21 04:45:13 pelle * EncryptedFileStore now works. It uses the PBECipher with DES3 afair. * Otherwise You will Finaliate. * Anything that can be final has been made final throughout everyting. We've used IDEA's Inspector tool to find all instance of variables that could be final. * This should hopefully make everything more stable (and secure). * * Revision 1.13 2003/11/13 23:26:42 pelle * The signing service and web authentication application is now almost working. * * Revision 1.12 2003/11/11 21:18:43 pelle * Further vital reshuffling. * org.neudist.crypto.* and org.neudist.utils.* have been moved to respective areas under org.neuclear.commons * org.neuclear.signers.* as well as org.neuclear.passphraseagents have been moved under org.neuclear.commons.crypto as well. * Did a bit of work on the Canonicalizer and changed a few other minor bits. * * Revision 1.11 2003/10/31 23:58:53 pelle * The IdentityCreator now fully works with the new Signer architecture. * * Revision 1.10 2003/10/29 21:16:27 pelle * Refactored the whole signing process. Now we have an interface called Signer which is the old SignerStore. * To use it you pass a byte array and an alias. The sign method then returns the signature. * If a Signer needs a passphrase it uses a PassPhraseAgent to present a dialogue box, read it from a command line etc. * This new Signer pattern allows us to use secure signing hardware such as N-Cipher in the future for server applications as well * as SmartCards for end user applications. * * Revision 1.9 2003/10/28 23:44:35 pelle * The GuiDialogAgent now works. It simply presents itself as a simple modal dialog box asking for a passphrase. * The two Signer implementations both use it for the passphrase. * * Revision 1.8 2003/10/25 00:39:54 pelle * Fixed SmtpSender it now sends the messages. * Refactored CommandLineSigner. Now it simply signs files read from command line. However new class IdentityCreator * is subclassed and creates new Identities. You can subclass CommandLineSigner to create your own variants. * Several problems with configuration. Trying to solve at the moment. Updated PicoContainer to beta-2 * * Revision 1.7 2003/10/21 22:31:13 pelle * Renamed NeudistException to NeuClearException and moved it to org.neuclear.commons where it makes more sense. * Unhooked the XMLException in the xmlsig library from NeuClearException to make all of its exceptions an independent hierarchy. * Obviously had to perform many changes throughout the code to support these changes. * * Revision 1.6 2003/10/01 19:08:31 pelle * Changed XML Format. Now NameSpace has been modified to Identity also the * xml namespace prefix nsdl has been changed to neuid. * The standard constants for using these have been moved into NSTools. * The NamedObjectBuilder can also now take an Element, such as an unsigned template. * * Revision 1.5 2003/09/26 00:22:07 pelle * Cleanups and final changes to code for refactoring of the Verifier and Reader part. * * Revision 1.4 2003/09/24 23:56:48 pelle * Refactoring nearly done. New model for creating signed objects. * With view for supporting the xmlpull api shortly for performance reasons. * Currently still uses dom4j but that has been refactored out that it * should now be very quick to implement a xmlpull implementation. * * A side benefit of this is that the API has been further simplified. I still have some work * todo with regards to cleaning up some of the outlying parts of the code. * * Revision 1.3 2003/09/23 19:16:28 pelle * Changed NameSpace to Identity. * To cause less confusion in the future. * * Revision 1.2 2003/09/22 19:24:02 pelle * More fixes throughout to problems caused by renaming. * * Revision 1.1.1.1 2003/09/19 14:41:31 pelle * First import into the neuclear project. This was originally under the SF neuclear * project. This marks a general major refactoring and renaming ahead. * * The new name for this code is NeuClear Identity and has the general package header of * org.neuclear.id * There are other areas within the current code which will be split out into other subprojects later on. * In particularly the signers will be completely seperated out as well as the contract types. * * * Revision 1.13 2003/02/18 14:57:21 pelle * Finished Cleaning up Receivers and Stores. * Also updated nsdl.xsd xml schema with latest changes. * The whole API is now very simple. * * Revision 1.12 2003/02/18 00:06:15 pelle * Moved the Signer's into xml-sig * * Revision 1.11 2003/02/16 00:26:18 pelle * Changed the hardcoded logger default to pick it up from LogSender * * Revision 1.10 2003/02/14 21:10:35 pelle * The email sender works. The LogSender and the SoapSender should work but havent been tested yet. * The SignedNamedObject has a new log() method that logs it's contents at it's parent Identity's logger. * The Identity object also has a new method send() which allows one to send a named object to the Identity's * default receiver. * * Revision 1.9 2003/02/14 05:10:13 pelle * New Source model is implemented. * It doesnt quite verify things correctly yet. I'm not yet sure why. * CommandLineSigner is simplified to make it easier to use. * * Revision 1.8 2003/02/10 22:30:14 pelle * Got rid of even further dependencies. In Particular OSCore * * Revision 1.7 2003/02/09 00:15:55 pelle * Fixed things so they now compile with r_0.7 of XMLSig * * Revision 1.6 2002/12/17 21:40:58 pelle * First part of refactoring of SignedNamedObject and SignedObject Interface/Class parings. * * Revision 1.5 2002/12/17 20:34:41 pelle * Lots of changes to core functionality. * First of all I've refactored most of the Resolving and verification code. I have a few more things to do * on it before I'm happy. * There is now a NSResolver class, which handles all the namespace resolution. I took most of the functionality * for this out of SignedNamedObject. * Then there is the veriifer, which verifies a given SignedNamedObject using the NSResolver. * This has simplified the SignedNamedObject classes drastically, leaving them as mainly data objects, which is what they * should be. * I have also gone around and tightened up security on many different classes, making clases and/or methods final where appropriate. * NSCache now operates using http://www.waterken.com's fantastic ADT collections library. * Something important has been added, which is a SignRequest named object. This signed object, embeds an unsigned * named object for signing by an end users' signing service. * Now were almost ready to start seriously implementing AssetIssuers and Transfers, which will be the most important * part of the framework. * * Revision 1.4 2002/10/10 21:29:25 pelle * Oops. XML-Signature's SignedInfo element I had coded as SignatureInfo * As I thought Canonicalisation doesnt seem to be standard. * Updated the SignedServlet to default to using ~/.neuclear/signers.ks * * Revision 1.3 2002/10/06 00:39:29 pelle * I have now expanded support for different types of Signers. * There is now a JCESigner which uses a JCE KeyStore for signing. * I have refactored the SigningServlet a bit, eliminating most of the demo code. * This has been moved into DemoSigningServlet. * I have expanded the CommandLineSigner, so it now also has an option for specifying a default signing service. * The default web application now contains two signers. * - The Demo one is still at /Signer * - There is a new one at /personal/Signer this uses the testkeys.ks for * signing anything under neu://test * Note neu://test now has a default interactive signer running on localhost. * So to play with this you must install the webapp on your own local machine. * * Revision 1.2 2002/10/02 21:03:45 pelle * Major Commit * I completely redid the namespace resolving code. * It now works correctly with the new store attribute of the namespace * And can correctly work out the location of a namespace file * by hierarchically signing it. * I have also included several top level namespaces and finalised * the root namespace. * In short all of the above means that we can theoretically call * Neubia live now. (Well on my first deployment anyway). * There is a new CommandLineSigner utility class which creates and signs * namespaces using standard java keystores. * I'm now working on updating the documentation, so other people * than me might have a chance at using it. * * Revision 1.1 2002/09/29 00:22:09 pelle * Several cosmetic changes. * First attempt at a new CommandLine tool for signing and creating namespace files. * This will be used by people to create requests for namespaces. * */ package org.neuclear.id.tools.commandline; import org.apache.commons.cli.*; import org.dom4j.Document; import org.neuclear.commons.Utility; import org.neuclear.commons.NeuClearException; import org.neuclear.commons.time.TimeTools; import org.neuclear.commons.configuration.Configuration; import org.neuclear.commons.configuration.ConfigurationException; import org.neuclear.commons.crypto.CryptoTools; import org.neuclear.commons.crypto.passphraseagents.CommandLineAgent; import org.neuclear.commons.crypto.signers.Signer; import org.neuclear.commons.crypto.signers.DefaultSigner; import org.neuclear.id.SignedNamedObject; import org.neuclear.id.NSTools; import org.neuclear.id.Identity; import org.neuclear.id.resolver.NSResolver; import org.neuclear.id.builders.NamedObjectBuilder; import org.neuclear.xml.XMLException; import org.neuclear.xml.XMLTools; import java.io.*; import java.security.GeneralSecurityException; /** * @author pelleb * @version $Revision: 1.1 $ */ public class CommandLineSigner { public CommandLineSigner(final String[] args) throws ParseException, FileNotFoundException, GeneralSecurityException, NeuClearException { CryptoTools.ensureProvider(); options = createOptions(); final CommandLineParser clparser = CommandLineParserFactory.newParser(); cmd = clparser.parse(options, args); checkArguments(); if (cmd.hasOption('v')){ String name=cmd.getOptionValue('v'); System.out.println("Resolving and Verifying: "+name); try { Identity id=NSResolver.resolveIdentity(name); if (id!=null){ System.out.println("Signed Object: "+id.getName()+ " is verified"); System.out.println("was signed at: "+TimeTools.formatTimeStamp(id.getTimeStamp())); System.out.println("Is of type: "+id.getClass().getName()); System.out.println("repository: "+id.getRepository()); System.out.println("signer: "+id.getSigner()); } else { System.out.println("Couldnt Resolve or Verify the object."); } } catch (NeuClearException e) { System.out.println("Couldnt Resolve or Verify the object."); } System.exit(0); } // agent=(PassPhraseAgent)Configuration.getComponent(PassPhraseAgent.class,"neuclear-id"); sig = new DefaultSigner(new CommandLineAgent()); alias = cmd.getOptionValue("a"); of = cmd.getOptionValue("o"); if (Utility.isEmpty(of)&&cmd.hasOption('i')){ of=cmd.getOptionValue('i')+".id"; } } public static void main(final String[] args) { try { final CommandLineSigner signer = new CommandLineSigner(args); signer.execute(); } catch (Exception e) { e.printStackTrace(); } } public final void checkArguments() { if (!hasArguments()) { final HelpFormatter help = new HelpFormatter(); help.printHelp("java " + this.getClass().getName() + getExtraHelp()+" [--outputfile signed/test.id] " , options); System.exit(1); } } protected String getExtraHelp() { return " --inputfile unsigned/test.id"; } protected boolean hasArguments() { return cmd.hasOption("i")||cmd.hasOption('v'); } public final void execute() { try { final NamedObjectBuilder subject = build(); if (!sig.canSignFor(alias)) { if (!Utility.isEmpty(of)) of=subject.getLocalName()+".xml"; System.err.println("Key with alias: " + alias + " doesnt exist in our keystore. \nSaving unsigned Identity as: "+of); } else { System.err.println("Signing by " + alias + " ..."); subject.sign(alias, sig); } OutputStream dest = System.out; if (!Utility.isEmpty(of)) { final File outFile = new File(of); if (outFile.getParentFile() != null) outFile.getParentFile().mkdirs(); dest = new FileOutputStream(of); System.err.println("Outputting to: " + of); } XMLTools.writeFile(dest, subject.getElement()); System.out.println(); } catch (Exception e) { System.err.println(e.getMessage()); e.printStackTrace(System.err); } } protected NamedObjectBuilder build() throws Exception { final String sf = cmd.getOptionValue("i"); try { InputStream source = System.in; if (!Utility.isEmpty(sf)) { source = new FileInputStream(sf); } final Document doc = XMLTools.loadDocument(source); final NamedObjectBuilder subject = new NamedObjectBuilder(doc); if (Utility.isEmpty(alias)) { alias = Utility.denullString(NSTools.isHttpScheme(subject.getName()),NSTools.getParentNSURI(subject.getName())); } if (!sig.canSignFor(alias)) { System.err.println("You can not sign as " +alias+ " with your current keystore."); System.exit(1); } System.out.println("You are about to sign the following Contract. Please make sure that is what you want."); System.out.println("Type: "+subject.getTagName()); System.out.println("Proposed Name: "+subject.getName()); System.out.println("Raw XML:\n==================="); System.out.println(subject.asXML()); System.out.print("===================\nAre you shure you wish to sign this? (y/N) "); String answer=new jline.ConsoleReader().readLine(); if (!answer.toLowerCase().equals("y")) { System.out.println("Aborted Signing Process"); System.exit(0); } return subject; } catch (FileNotFoundException e) { System.err.println("Couldnt find file: " + sf); System.exit(1); } catch (XMLException e) { System.err.println("Error parsing file: " + sf + "\n" + e.getLocalizedMessage()); System.exit(1); } return null; } private Options createOptions() { // create Options object final Options options = new Options(); // add t option // options.addOption("s", "keystore", true, "specify KeyStore"); // options.addOption("t", "keystoretype", true, "specify KeyStore Type"); // options.addOption("j", "keystorepassword", true, "specify KeyStore Password"); // options.addOption("a", "alias", true, "specify Key Alias in KeyStore"); // options.addOption("p", "password", true, "specify Alias Password"); options.addOption("o", "outputfile", true, "specify Output File"); options.addOption("i", "inputfile", true, "specify Input File"); options.addOption("v", "verify", true, "Specify NEU ID to verify"); getLocalOptions(options); return options; } protected void getLocalOptions(final Options options) { } protected final CommandLine cmd; protected final Options options; public final static String keystore = System.getProperty("user.home") + "/.keystore"; protected final Signer sig; // protected final PassPhraseAgent agent; protected String alias; protected String of; } --- NEW FILE: IdentityCreator.java --- /* $Id: IdentityCreator.java,v 1.1 2003/12/09 23:41:44 pelle Exp $ * $Log: IdentityCreator.java,v $ * Revision 1.1 2003/12/09 23:41:44 pelle * IdentityCreator is now the default class of the uber jar. * It has many new features such as: * - Self signed certificates * - Unsigned Certificates (for external signing) * - Signing of Externally generated Certificates * - Command Line verification of an Identity name * * CachedSource now supports freshness. It needs to be tested a bit more thoroughly * though. * * Documentation including the bdg has been updated to reflect these changes. * * Revision 1.7 2003/12/06 00:17:03 pelle * Updated various areas in NSTools. * Updated URI Validation in particular to support new expanded format * Updated createUniqueID and friends to be a lot more unique and more efficient. * In CryptoTools updated getRandom() to finally use a SecureRandom. * Changed CryptoTools.getFormatURLSafe to getBase36 because that is what it really is. * * Revision 1.6 2003/11/21 04:45:13 pelle * EncryptedFileStore now works. It uses the PBECipher with DES3 afair. * Otherwise You will Finaliate. * Anything that can be final has been made final throughout everyting. We've used IDEA's Inspector tool to find all instance of variables that could be final. * This should hopefully make everything more stable (and secure). * * Revision 1.5 2003/11/11 21:18:43 pelle * Further vital reshuffling. * org.neudist.crypto.* and org.neudist.utils.* have been moved to respective areas under org.neuclear.commons * org.neuclear.signers.* as well as org.neuclear.passphraseagents have been moved under org.neuclear.commons.crypto as well. * Did a bit of work on the Canonicalizer and changed a few other minor bits. * * Revision 1.4 2003/11/05 18:50:33 pelle * Refactored org.neuclear.signers.source.Source and implementing classes to provide support for a local filesystem cache. * Also added Unit tests to make sure it actually works and modified IdentityCreator to write directly to the cache if no output filename is given. * * Revision 1.3 2003/10/31 23:58:53 pelle * The IdentityCreator now fully works with the new Signer architecture. * * Revision 1.2 2003/10/29 21:16:27 pelle * Refactored the whole signing process. Now we have an interface called Signer which is the old SignerStore. * To use it you pass a byte array and an alias. The sign method then returns the signature. * If a Signer needs a passphrase it uses a PassPhraseAgent to present a dialogue box, read it from a command line etc. * This new Signer pattern allows us to use secure signing hardware such as N-Cipher in the future for server applications as well * as SmartCards for end user applications. * * Revision 1.1 2003/10/25 00:39:54 pelle * Fixed SmtpSender it now sends the messages. * Refactored CommandLineSigner. Now it simply signs files read from command line. However new class IdentityCreator * is subclassed and creates new Identities. You can subclass CommandLineSigner to create your own variants. * Several problems with configuration. Trying to solve at the moment. Updated PicoContainer to beta-2 * * Revision 1.7 2003/10/21 22:31:13 pelle * Renamed NeudistException to NeuClearException and moved it to org.neuclear.commons where it makes more sense. * Unhooked the XMLException in the xmlsig library from NeuClearException to make all of its exceptions an independent hierarchy. * Obviously had to perform many changes throughout the code to support these changes. * * Revision 1.6 2003/10/01 19:08:31 pelle * Changed XML Format. Now NameSpace has been modified to Identity also the * xml namespace prefix nsdl has been changed to neuid. * The standard constants for using these have been moved into NSTools. * The NamedObjectBuilder can also now take an Element, such as an unsigned template. * * Revision 1.5 2003/09/26 00:22:07 pelle * Cleanups and final changes to code for refactoring of the Verifier and Reader part. * * Revision 1.4 2003/09/24 23:56:48 pelle * Refactoring nearly done. New model for creating signed objects. * With view for supporting the xmlpull api shortly for performance reasons. * Currently still uses dom4j but that has been refactored out that it * should now be very quick to implement a xmlpull implementation. * * A side benefit of this is that the API has been further simplified. I still have some work * todo with regards to cleaning up some of the outlying parts of the code. * * Revision 1.3 2003/09/23 19:16:28 pelle * Changed NameSpace to Identity. * To cause less confusion in the future. * * Revision 1.2 2003/09/22 19:24:02 pelle * More fixes throughout to problems caused by renaming. * * Revision 1.1.1.1 2003/09/19 14:41:31 pelle * First import into the neuclear project. This was originally under the SF neuclear * project. This marks a general major refactoring and renaming ahead. * * The new name for this code is NeuClear Identity and has the general package header of * org.neuclear.id * There are other areas within the current code which will be split out into other subprojects later on. * In particularly the signers will be completely seperated out as well as the contract types. * * * Revision 1.13 2003/02/18 14:57:21 pelle * Finished Cleaning up Receivers and Stores. * Also updated nsdl.xsd xml schema with latest changes. * The whole API is now very simple. * * Revision 1.12 2003/02/18 00:06:15 pelle * Moved the Signer's into xml-sig * * Revision 1.11 2003/02/16 00:26:18 pelle * Changed the hardcoded logger default to pick it up from LogSender * * Revision 1.10 2003/02/14 21:10:35 pelle * The email sender works. The LogSender and the SoapSender should work but havent been tested yet. * The SignedNamedObject has a new log() method that logs it's contents at it's parent Identity's logger. * The Identity object also has a new method send() which allows one to send a named object to the Identity's * default receiver. * * Revision 1.9 2003/02/14 05:10:13 pelle * New Source model is implemented. * It doesnt quite verify things correctly yet. I'm not yet sure why. * CommandLineSigner is simplified to make it easier to use. * * Revision 1.8 2003/02/10 22:30:14 pelle * Got rid of even further dependencies. In Particular OSCore * * Revision 1.7 2003/02/09 00:15:55 pelle * Fixed things so they now compile with r_0.7 of XMLSig * * Revision 1.6 2002/12/17 21:40:58 pelle * First part of refactoring of SignedNamedObject and SignedObject Interface/Class parings. * * Revision 1.5 2002/12/17 20:34:41 pelle * Lots of changes to core functionality. * First of all I've refactored most of the Resolving and verification code. I have a few more things to do * on it before I'm happy. * There is now a NSResolver class, which handles all the namespace resolution. I took most of the functionality * for this out of SignedNamedObject. * Then there is the veriifer, which verifies a given SignedNamedObject using the NSResolver. * This has simplified the SignedNamedObject classes drastically, leaving them as mainly data objects, which is what they * should be. * I have also gone around and tightened up security on many different classes, making clases and/or methods final where appropriate. * NSCache now operates using http://www.waterken.com's fantastic ADT collections library. * Something important has been added, which is a SignRequest named object. This signed object, embeds an unsigned * named object for signing by an end users' signing service. * Now were almost ready to start seriously implementing AssetIssuers and Transfers, which will be the most important * part of the framework. * * Revision 1.4 2002/10/10 21:29:25 pelle * Oops. XML-Signature's SignedInfo element I had coded as SignatureInfo * As I thought Canonicalisation doesnt seem to be standard. * Updated the SignedServlet to default to using ~/.neuclear/signers.ks * * Revision 1.3 2002/10/06 00:39:29 pelle * I have now expanded support for different types of Signers. * There is now a JCESigner which uses a JCE KeyStore for signing. * I have refactored the SigningServlet a bit, eliminating most of the demo code. * This has been moved into DemoSigningServlet. * I have expanded the CommandLineSigner, so it now also has an option for specifying a default signing service. * The default web application now contains two signers. * - The Demo one is still at /Signer * - There is a new one at /personal/Signer this uses the testkeys.ks for * signing anything under neu://test * Note neu://test now has a default interactive signer running on localhost. * So to play with this you must install the webapp on your own local machine. * * Revision 1.2 2002/10/02 21:03:45 pelle * Major Commit * I completely redid the namespace resolving code. * It now works correctly with the new store attribute of the namespace * And can correctly work out the location of a namespace file * by hierarchically signing it. * I have also included several top level namespaces and finalised * the root namespace. * In short all of the above means that we can theoretically call * Neubia live now. (Well on my first deployment anyway). * There is a new CommandLineSigner utility class which creates and signs * namespaces using standard java keystores. * I'm now working on updating the documentation, so other people * than me might have a chance at using it. * * Revision 1.1 2002/09/29 00:22:09 pelle * Several cosmetic changes. * First attempt at a new CommandLine tool for signing and creating namespace files. * This will be used by people to create requests for namespaces. * */ package org.neuclear.id.tools.commandline; import org.apache.commons.cli.Options; import org.neuclear.commons.NeuClearException; import org.neuclear.commons.Utility; import org.neuclear.commons.crypto.CryptoException; import org.neuclear.commons.crypto.signers.PublicKeySource; import org.neuclear.id.NSTools; import org.neuclear.id.builders.IdentityBuilder; import org.neuclear.id.builders.NamedObjectBuilder; import org.neuclear.id.resolver.NSResolver; import org.neuclear.senders.LogSender; import java.io.File; import java.security.PublicKey; /** * @author pelleb * @version $Revision: 1.1 $ */ public final class IdentityCreator extends CommandLineSigner { public IdentityCreator(final String[] args) throws Exception { super(args); if (!(sig instanceof PublicKeySource)) throw new NeuClearException("The default signer has to include public keys"); pksource = (PublicKeySource) sig; identity = cmd.getOptionValue("n"); //final String cachedirpath = System.getProperty("user.home") + "/.neuclear/cache"; // final File cachedir = new File(cachedirpath); // if (!cachedir.exists()) // cachedir.mkdirs(); if (!Utility.isEmpty(identity)){ of = Utility.denullString(of, "_NEUID" + NSTools.name2path(identity) + "/root.id"); alias = Utility.denullString(alias, NSTools.getParentNSURI(identity)); } } public final NamedObjectBuilder build() throws Exception { NamedObjectBuilder subject=null; if (cmd.hasOption('i')) {//If we have an input file we load that instead of creating a new one subject= super.build(); identity=subject.getName(); } String store = NSTools.isHttpScheme(identity); boolean isTopLevel=!Utility.isEmpty(store); if (!isTopLevel) { // If this isn't a top level we will derive the repository from its parent. store=NSTools.isHttpScheme(NSTools.getParentNSURI(identity)); } alias=(isTopLevel)?identity:NSTools.getParentNSURI(identity); final String allow = Utility.denullString(cmd.getOptionValue("w"), identity); final String defaultstore = Utility.denullString(cmd.getOptionValue("r"), store); final String defaultsigner = Utility.denullString(cmd.getOptionValue("s"), "http://localhost:11870/Signer"); final String defaultlogger = Utility.denullString(cmd.getOptionValue("l"), LogSender.LOGGER); final String defaultreceiver = cmd.getOptionValue("b"); final PublicKey newkid = pksource.getPublicKey(allow); if (newkid == null) throw new CryptoException("PublicKey not available for: " + allow); return new IdentityBuilder(identity, newkid, defaultstore, defaultsigner, defaultlogger, defaultreceiver); } public static void main(final String[] args) { try { final IdentityCreator signer = new IdentityCreator(args); signer.execute(); } catch (Exception e) { e.printStackTrace(); } System.exit(0); } protected final String getExtraHelp() { return " --name neu://neu/one --receiver mailto:jo...@so... [--allow neuone --repository http://repository.neuclear.org -signer http://localhost:11870/Signer -logger http://logger.neuclear.org ]"; } protected final boolean hasArguments() { return (cmd.hasOption("i")||cmd.hasOption('v')||(cmd.hasOption("n") && cmd.hasOption("b"))); } protected final void getLocalOptions(final Options options) { options.addOption("n", "name", true, "specify name of new Identity"); options.addOption("w", "allow", true, "specify alias in keystore of public key of new Identity"); options.addOption("r", "repository", true, "Identity's default Repository"); options.addOption("s", "signer", true, "Identity's default Interactive Signer"); options.addOption("l", "logger", true, "Identity's default Logging Service"); options.addOption("b", "receiver", true, "Identity's default Receiver"); } private String identity; private final PublicKeySource pksource; } |
