Menu
▾
▴
[Neuclear-develop] neuclear-id/src/java/org/neuclear/id NeuclearKeyResolver.java,NONE,1.1 Identity.java,1.27,1.28 SignedNamedCore.java,1.8,1.9 SignedNamedObject.java,1.15,1.16 SignedObject.java,1.4,NONE
Update of /cvsroot/neuclear/neuclear-id/src/java/org/neuclear/id
In directory sc8-pr-cvs1:/tmp/cvs-serv8668/src/java/org/neuclear/id
Modified Files:
Identity.java SignedNamedCore.java SignedNamedObject.java
Added Files:
NeuclearKeyResolver.java
Removed Files:
SignedObject.java
Log Message:
XMLSignature can now give you the Signing key and the id of the signer.
SignedElement can now self verify using embedded public keys as well as KeyName's
Added NeuclearKeyResolver for resolving public key's from Identity certificates.
SignedNamedObjects can now generate their own name using the following format:
neu:sha1://[sha1 of PublicKey]![sha1 of full signed object]
The resulting object has a special internally generted Identity containing the PublicKey
Identity can now contain nothing but a public key
--- NEW FILE: NeuclearKeyResolver.java ---
package org.neuclear.id;
import org.neuclear.commons.crypto.keyresolvers.KeyResolver;
import org.neuclear.id.resolver.NSResolver;
import java.security.PublicKey;
/*
NeuClear Distributed Transaction Clearing Platform
(C) 2003 Pelle Braendgaard
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
$Id: NeuclearKeyResolver.java,v 1.1 2004/01/08 23:39:06 pelle Exp $
$Log: NeuclearKeyResolver.java,v $
Revision 1.1 2004/01/08 23:39:06 pelle
XMLSignature can now give you the Signing key and the id of the signer.
SignedElement can now self verify using embedded public keys as well as KeyName's
Added NeuclearKeyResolver for resolving public key's from Identity certificates.
SignedNamedObjects can now generate their own name using the following format:
neu:sha1://[sha1 of PublicKey]![sha1 of full signed object]
The resulting object has a special internally generted Identity containing the PublicKey
Identity can now contain nothing but a public key
*/
/**
* User: pelleb
* Date: Jan 8, 2004
* Time: 9:34:56 PM
*/
public class NeuclearKeyResolver implements KeyResolver{
public PublicKey resolve(String name) {
try {
return NSResolver.resolveIdentity(name).getPublicKey();
} catch (NameResolutionException e) {
return null;
} catch (InvalidNamedObjectException e) {
return null;
}
}
}
Index: Identity.java
===================================================================
RCS file: /cvsroot/neuclear/neuclear-id/src/java/org/neuclear/id/Identity.java,v
retrieving revision 1.27
retrieving revision 1.28
diff -C2 -d -r1.27 -r1.28
*** Identity.java 7 Jan 2004 23:12:20 -0000 1.27
--- Identity.java 8 Jan 2004 23:39:06 -0000 1.28
***************
*** 2,5 ****
--- 2,14 ----
* $Id$
* $Log$
+ * Revision 1.28 2004/01/08 23:39:06 pelle
+ * XMLSignature can now give you the Signing key and the id of the signer.
+ * SignedElement can now self verify using embedded public keys as well as KeyName's
+ * Added NeuclearKeyResolver for resolving public key's from Identity certificates.
+ * SignedNamedObjects can now generate their own name using the following format:
+ * neu:sha1://[sha1 of PublicKey]![sha1 of full signed object]
+ * The resulting object has a special internally generted Identity containing the PublicKey
+ * Identity can now contain nothing but a public key
+ *
* Revision 1.27 2004/01/07 23:12:20 pelle
* XMLSig now has various added features:
***************
*** 342,357 ****
- /**
- * @param repository URL of Default Store for Identity. (Note. A Identity object is stored in the default repository of it's parent namespace)
- * @param signer URL of default interactive signing service for namespace. If null it doesnt allow interactive signing
- * @param receiver URL of default receiver for namespace
- */
! protected Identity(final SignedNamedCore core, final String repository, final String signer, final String logger, final String receiver, final PublicKey pub) {
super(core);
- this.repository = repository;
- this.logger = logger;
- this.signer = signer;
- this.receiver = receiver;
this.pub = pub;
}
--- 351,357 ----
! protected Identity(final SignedNamedCore core, final PublicKey pub) {
super(core);
this.pub = pub;
}
***************
*** 359,387 ****
public final String getRepository() {
! return repository;
}
public final String getSigner() {
! return signer;
}
public final String getLogger() {
! return logger;
}
public final String getReceiver() {
! return receiver;
}
public final SignedNamedObject receive(final SignedNamedObject obj) throws NeuClearException {
if (!Utility.isEmpty(receiver))
return Sender.quickSend(receiver, obj);
else
throw new NeuClearException("Cant receive object, " + getName() + " doesnt have a registered Receiver");
}
final void log(final SignedNamedObject obj) throws NeuClearException {
if (!Utility.isEmpty(logger))
Sender.quickSend(logger, obj);
}
--- 359,391 ----
public final String getRepository() {
! return null;
}
public final String getSigner() {
! return null;
}
public final String getLogger() {
! return null;
}
public final String getReceiver() {
! return null;
}
public final SignedNamedObject receive(final SignedNamedObject obj) throws NeuClearException {
+ /*
if (!Utility.isEmpty(receiver))
return Sender.quickSend(receiver, obj);
else
+ */
throw new NeuClearException("Cant receive object, " + getName() + " doesnt have a registered Receiver");
}
final void log(final SignedNamedObject obj) throws NeuClearException {
+ /*
if (!Utility.isEmpty(logger))
Sender.quickSend(logger, obj);
+ */
}
***************
*** 394,401 ****
}
- private final String repository;
- private final String signer;
- private final String logger;
- private final String receiver;
private final PublicKey pub;
--- 398,401 ----
***************
*** 405,410 ****
try {
final PublicKey rootpk = CryptoTools.createPK(NSROOTPKMOD, NSROOTPKEXP);
! return new Identity(SignedNamedCore.createRootCore(), NSResolver.NSROOTSTORE,
! null, null, null, rootpk);
} catch (NeuClearException e) {
e.printStackTrace();
--- 405,409 ----
try {
final PublicKey rootpk = CryptoTools.createPK(NSROOTPKMOD, NSROOTPKEXP);
! return new Identity(SignedNamedCore.createRootCore(), rootpk);
} catch (NeuClearException e) {
e.printStackTrace();
***************
*** 417,436 ****
public final java.security.cert.Certificate[] getCertificateChain() {
return new Certificate[]{getCertificate()};
- // final ArrayList certs = new ArrayList(3);
- // Identity id = this;
- // while (id != null) {
- // certs.add(id.getCertificate());
- // id = id.getSignatory();
- // }
- // certs.add(NEUROOT.getCertificate());
- // certs.trimToSize();
- // final Certificate[] cert = new Certificate[certs.size()];
- // final Iterator iter = certs.iterator();
- // int i = 0;
- // while (iter.hasNext()) {
- // final Certificate certificate = (java.security.cert.Certificate) iter.next();
- // cert[i++] = certificate;
- // }
- // return cert;
}
--- 416,419 ----
***************
*** 438,445 ****
* Returns the fixed Root PublicKey
*/
! final static PublicKey getRootPK() throws CryptoException {
! if (nsrootpk == null)
! nsrootpk = CryptoTools.createPK(NSROOTPKMOD, NSROOTPKEXP);
! return nsrootpk;
}
--- 421,432 ----
* Returns the fixed Root PublicKey
*/
! final static synchronized PublicKey getRootPK() {
! try {
! if (nsrootpk == null)
! nsrootpk = CryptoTools.createPK(NSROOTPKMOD, NSROOTPKEXP);
! return nsrootpk;
! } catch (CryptoException e) {
! throw new RuntimeException(e);
! }
}
***************
*** 506,513 ****
*/
public final SignedNamedObject read(final SignedNamedCore core, final Element elem) throws InvalidNamedObjectException {
- final String repository = elem.attributeValue(createNEUIDQName("repository"));
- final String signer = elem.attributeValue(createNEUIDQName("signer"));
- final String logger = elem.attributeValue(createNEUIDQName("logger"));
- final String receiver = elem.attributeValue(createNEUIDQName("receiver"));
final Element allowElement = InvalidNamedObjectException.assertContainsElementQName(core,elem,createNEUIDQName("Allow"));
--- 493,496 ----
***************
*** 515,519 ****
final KeyInfo ki = new KeyInfo(InvalidNamedObjectException.assertContainsElementQName(allowElement, XMLSecTools.createQName("KeyInfo")));
final PublicKey pub = ki.getPublicKey();
! return new Identity(core, repository, signer, logger, receiver, pub);
} catch (XMLSecurityException e) {
throw new InvalidNamedObjectException(core.getName(),e);
--- 498,502 ----
final KeyInfo ki = new KeyInfo(InvalidNamedObjectException.assertContainsElementQName(allowElement, XMLSecTools.createQName("KeyInfo")));
final PublicKey pub = ki.getPublicKey();
! return new Identity(core, pub);
} catch (XMLSecurityException e) {
throw new InvalidNamedObjectException(core.getName(),e);
Index: SignedNamedCore.java
===================================================================
RCS file: /cvsroot/neuclear/neuclear-id/src/java/org/neuclear/id/SignedNamedCore.java,v
retrieving revision 1.8
retrieving revision 1.9
diff -C2 -d -r1.8 -r1.9
*** SignedNamedCore.java 20 Dec 2003 00:21:19 -0000 1.8
--- SignedNamedCore.java 8 Jan 2004 23:39:06 -0000 1.9
***************
*** 2,5 ****
--- 2,14 ----
* $Id$
* $Log$
+ * Revision 1.9 2004/01/08 23:39:06 pelle
+ * XMLSignature can now give you the Signing key and the id of the signer.
+ * SignedElement can now self verify using embedded public keys as well as KeyName's
+ * Added NeuclearKeyResolver for resolving public key's from Identity certificates.
+ * SignedNamedObjects can now generate their own name using the following format:
+ * neu:sha1://[sha1 of PublicKey]![sha1 of full signed object]
+ * The resulting object has a special internally generted Identity containing the PublicKey
+ * Identity can now contain nothing but a public key
+ *
* Revision 1.8 2003/12/20 00:21:19 pelle
* overwrote the standard Object.toString(), hashCode() and equals() methods for SignedNamedObject/Core
***************
*** 236,239 ****
--- 245,250 ----
import org.neuclear.commons.NeuClearException;
import org.neuclear.commons.crypto.CryptoTools;
+ import org.neuclear.commons.crypto.Base64;
+ import org.neuclear.commons.crypto.CryptoException;
import org.neuclear.commons.time.TimeTools;
import org.neuclear.id.resolver.NSResolver;
***************
*** 242,245 ****
--- 253,257 ----
import org.neuclear.xml.xmlsec.XMLSecTools;
import org.neuclear.xml.xmlsec.XMLSecurityException;
+ import org.neuclear.xml.xmlsec.XMLSignature;
import java.security.PublicKey;
***************
*** 248,265 ****
/**
! * The SignedNamedObject is a <i>secure</i> object normally encapsulating a Digitally signed contract of some
! * sort.<p>
! * Instances of SignedNamedObject and its sub classes are never instantiated directly by client code.
! * Instead it is created by its Reader inner class. This Reader implements NamedObjectReader and is called by
! * VerifyingReader.<p>
! * In most cases a user will load NamedObject through one of two methods:
! * <ul><li>NSResolver for permanent contracts stored on the internet, such as Identity Certificates</li>
! * <li>The other way they are often received are as return values when sending your own objects to WebServices.</l>
! * </ul>
! * To actually create and sign your own object use the NamedObjectBuilder or its subclasses. Each subclass of
! * SignedNamedObject should have a corresponding subclass of NamedObjectBuilder.<p>
! * These NamedObjectBuilder objects should be signed using your Signer, before being sent on to a web service.
! *
* @see NamedObjectReader
* @see org.neuclear.id.builders.NamedObjectBuilder
* @see org.neuclear.id.verifier.VerifyingReader
--- 260,269 ----
/**
! * <p>The SignedNamedCore is a non extendible core object used when building SignedNamedObjects.
! * All implementations of SignedNamedObject, must contain this core which implements all the basic features.
! * </p><p>
! * The SignedNamedCore has
* @see NamedObjectReader
+ * @see SignedNamedObject
* @see org.neuclear.id.builders.NamedObjectBuilder
* @see org.neuclear.id.verifier.VerifyingReader
***************
*** 269,273 ****
--- 273,307 ----
*/
public final class SignedNamedCore {
+ /**
+ * SignedNamedCore for use in creating Identities for anonymous keys
+ * @param pub
+ */
+ private SignedNamedCore(final PublicKey pub){
+ this.digest=CryptoTools.formatAsBase36(CryptoTools.digest(pub.getEncoded()));
+ this.name="neu:sha1:"+digest;
+ this.timestamp=System.currentTimeMillis();
+ this.encoded=new String(pub.getEncoded());
+ this.signer = null;//new Identity(this,pub);
+ }
+ /**
+ * SignedNamedCore for creating SignedNamedObjects from Nymous sources
+ * @param pub
+ * @param encoded
+ */
+ private SignedNamedCore(final PublicKey pub, final String encoded){
+ this.signer = new Identity(new SignedNamedCore(pub),pub);
+ this.digest=CryptoTools.formatAsBase36(CryptoTools.digest(encoded.getBytes()));
+ this.name=signer.getName()+"!"+digest;
+ this.timestamp=System.currentTimeMillis();
+ this.encoded=encoded;
+ }
+ /**
+ * SignedNamedCore for normal signed named objects
+ * @param name
+ * @param signer
+ * @param timestamp
+ * @param encoded
+ */
private SignedNamedCore(final String name, final Identity signer, final Timestamp timestamp, final String encoded) {
this.name = name;
***************
*** 275,278 ****
--- 309,322 ----
this.timestamp = timestamp.getTime();
this.encoded = encoded;
+ this.digest=CryptoTools.formatAsBase36(CryptoTools.digest(encoded.getBytes()));
+ }
+
+ private SignedNamedCore() {
+ this.name="neu://";
+ this.signer=null;//new Identity(this,Identity.getRootPK());
+ final byte[] encoded = Identity.getRootPK().getEncoded();
+ this.digest=CryptoTools.formatAsBase36(CryptoTools.digest(encoded));
+ this.timestamp=System.currentTimeMillis();
+ this.encoded=new String(encoded);
}
***************
*** 285,290 ****
*/
public final static SignedNamedCore read(final Element elem) throws InvalidNamedObjectException, NameResolutionException {
! final String name = NSTools.normalizeNameURI(InvalidNamedObjectException.assertAttributeQName(elem,getNameAttrQName()));
try {
final String signatoryName = NSTools.getSignatoryURI(name);
final Identity signatory = NSResolver.resolveIdentity(signatoryName);
--- 329,338 ----
*/
public final static SignedNamedCore read(final Element elem) throws InvalidNamedObjectException, NameResolutionException {
! final String name = getSignatoryName(elem);
try {
+ if (name==null){ // We have an unnamed object
+ return readUnnamed(elem);
+ }
+
final String signatoryName = NSTools.getSignatoryURI(name);
final Identity signatory = NSResolver.resolveIdentity(signatoryName);
***************
*** 299,303 ****
if (XMLSecTools.verifySignature(elem, publicKey)) {
final Timestamp timestamp = TimeTools.parseTimeStamp(InvalidNamedObjectException.assertAttributeQName(elem,createQName("timestamp")));
! return new SignedNamedCore(name, signatory, timestamp, new String(XMLSecTools.canonicalize(elem)));
} else
throw new InvalidNamedObjectException(name);
--- 347,351 ----
if (XMLSecTools.verifySignature(elem, publicKey)) {
final Timestamp timestamp = TimeTools.parseTimeStamp(InvalidNamedObjectException.assertAttributeQName(elem,createQName("timestamp")));
! return new SignedNamedCore(name, signatory, timestamp, encodeElement(elem));
} else
throw new InvalidNamedObjectException(name);
***************
*** 309,312 ****
--- 357,380 ----
}
+ private static String encodeElement(final Element elem) {
+ return new String(XMLSecTools.canonicalize(elem));
+ }
+
+ private static SignedNamedCore readUnnamed(final Element elem) throws XMLSecurityException, InvalidNamedObjectException {
+ final XMLSignature sig=XMLSecTools.getXMLSignature(elem);
+ final PublicKey pub = sig.getSignersKey();
+ if (sig.verifySignature(pub))
+ return new SignedNamedCore(pub,encodeElement(elem));
+ else
+ throw new InvalidNamedObjectException("Unnamed object failed Signature verification");
+ }
+
+ private static String getSignatoryName(final Element elem) throws InvalidNamedObjectException {
+ final String name = elem.attributeValue(getNameAttrQName());
+ if (name==null)
+ return null;
+ return NSTools.normalizeNameURI(name);
+ }
+
/**
* Solely used by RootIdentity
***************
*** 315,319 ****
*/
final static SignedNamedCore createRootCore() {
! return new SignedNamedCore("neu://", null, new Timestamp(0), null);
}
--- 383,387 ----
*/
final static SignedNamedCore createRootCore() {
! return new SignedNamedCore();
}
***************
*** 381,386 ****
}
! public final byte[] getDigest() {
! return CryptoTools.digest(encoded.getBytes());
}
--- 449,454 ----
}
! public final String getDigest() {
! return digest;
}
***************
*** 405,408 ****
--- 473,477 ----
private final long timestamp;
private final String encoded;
+ private final String digest;
Index: SignedNamedObject.java
===================================================================
RCS file: /cvsroot/neuclear/neuclear-id/src/java/org/neuclear/id/SignedNamedObject.java,v
retrieving revision 1.15
retrieving revision 1.16
diff -C2 -d -r1.15 -r1.16
*** SignedNamedObject.java 20 Dec 2003 00:21:19 -0000 1.15
--- SignedNamedObject.java 8 Jan 2004 23:39:06 -0000 1.16
***************
*** 2,5 ****
--- 2,14 ----
* $Id$
* $Log$
+ * Revision 1.16 2004/01/08 23:39:06 pelle
+ * XMLSignature can now give you the Signing key and the id of the signer.
+ * SignedElement can now self verify using embedded public keys as well as KeyName's
+ * Added NeuclearKeyResolver for resolving public key's from Identity certificates.
+ * SignedNamedObjects can now generate their own name using the following format:
+ * neu:sha1://[sha1 of PublicKey]![sha1 of full signed object]
+ * The resulting object has a special internally generted Identity containing the PublicKey
+ * Identity can now contain nothing but a public key
+ *
* Revision 1.15 2003/12/20 00:21:19 pelle
* overwrote the standard Object.toString(), hashCode() and equals() methods for SignedNamedObject/Core
***************
*** 250,254 ****
* @see org.neuclear.commons.crypto.signers.Signer
*/
! public class SignedNamedObject implements SignedObject {
protected SignedNamedObject(final SignedNamedCore core) {
--- 259,263 ----
* @see org.neuclear.commons.crypto.signers.Signer
*/
! public class SignedNamedObject {
protected SignedNamedObject(final SignedNamedCore core) {
--- SignedObject.java DELETED ---
|
