Skip to content
Snippets Groups Projects
Commit 0fc217b9 authored by Felix Sidokhine's avatar Felix Sidokhine
Browse files

modified variable names

parent 8d010494
No related branches found
No related tags found
No related merge requests found
Showing
with 64 additions and 67 deletions
File moved
module cryptoengine {
exports net.jami.jams.cryptoengine;
module jams.ca {
exports net.jami.jams.ca;
requires jams.common;
requires org.bouncycastle.pkix;
requires lombok;
......
package net.jami.jams.cryptoengine;
package net.jami.jams.ca;
import lombok.extern.slf4j.Slf4j;
import net.jami.jams.common.cryptoengineapi.CertificateAuthority;
......@@ -6,21 +6,19 @@ import net.jami.jams.common.objects.devices.Device;
import net.jami.jams.common.objects.requests.RevocationRequest;
import net.jami.jams.common.objects.system.SystemAccount;
import net.jami.jams.common.objects.user.User;
import net.jami.jams.cryptoengine.workers.crl.CRLWorker;
import net.jami.jams.cryptoengine.workers.csr.CertificateWorker;
import net.jami.jams.cryptoengine.workers.ocsp.OCSPWorker;
import net.jami.jams.ca.workers.crl.CRLWorker;
import net.jami.jams.ca.workers.csr.CertificateWorker;
import net.jami.jams.ca.workers.ocsp.OCSPWorker;
import org.bouncycastle.cert.X509CRLHolder;
import org.bouncycastle.cert.ocsp.OCSPReq;
import org.bouncycastle.cert.ocsp.OCSPResp;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Hex;
import java.security.MessageDigest;
import java.security.Security;
import java.util.concurrent.atomic.AtomicReference;
@Slf4j
public class CryptoEngine implements CertificateAuthority {
public class JamsCA implements CertificateAuthority {
//These are the workers which are responsible for CRL/OCSP, they have an odd relationship.
......@@ -48,7 +46,7 @@ public class CryptoEngine implements CertificateAuthority {
serverDomain = domain;
CA = ca;
OCSP = ocsp;
CryptoEngine.signingAlgorithm = signingAlgorithm;
JamsCA.signingAlgorithm = signingAlgorithm;
crlWorker = new CRLWorker(CA.getPrivateKey(), CA.getCertificate());
}
......
package net.jami.jams.cryptoengine.workers;
package net.jami.jams.ca.workers;
import lombok.Getter;
import lombok.Setter;
......
package net.jami.jams.cryptoengine.workers.crl;
package net.jami.jams.ca.workers.crl;
import lombok.Getter;
import lombok.extern.slf4j.Slf4j;
import net.jami.jams.common.objects.requests.RevocationRequest;
import net.jami.jams.cryptoengine.CryptoEngine;
import net.jami.jams.cryptoengine.workers.X509Worker;
import net.jami.jams.ca.JamsCA;
import net.jami.jams.ca.workers.X509Worker;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.CRLReason;
import org.bouncycastle.cert.X509CRLHolder;
......@@ -59,7 +59,7 @@ public class CRLWorker extends X509Worker<RevocationRequest> {
needsRefresh = false;
}
synchronized (getInput()){
getInput().wait(CryptoEngine.crlLifetime - 10_000);
getInput().wait(JamsCA.crlLifetime - 10_000);
needsRefresh = true;
}
}
......
package net.jami.jams.cryptoengine.workers.csr;
package net.jami.jams.ca.workers.csr;
import lombok.extern.slf4j.Slf4j;
import net.jami.jams.common.objects.devices.Device;
import net.jami.jams.common.objects.system.SystemAccount;
import net.jami.jams.common.objects.user.User;
import net.jami.jams.cryptoengine.workers.csr.builders.DeviceBuilder;
import net.jami.jams.cryptoengine.workers.csr.builders.SystemAccountBuilder;
import net.jami.jams.cryptoengine.workers.csr.builders.UserBuilder;
import net.jami.jams.ca.workers.csr.builders.DeviceBuilder;
import net.jami.jams.ca.workers.csr.builders.SystemAccountBuilder;
import net.jami.jams.ca.workers.csr.builders.UserBuilder;
@Slf4j
public class CertificateWorker {
......
package net.jami.jams.cryptoengine.workers.csr.builders;
package net.jami.jams.ca.workers.csr.builders;
import lombok.extern.slf4j.Slf4j;
import net.jami.jams.common.objects.devices.Device;
import net.jami.jams.common.objects.user.User;
import net.jami.jams.cryptoengine.CryptoEngine;
import net.jami.jams.cryptoengine.workers.csr.utils.CertificateSigner;
import net.jami.jams.cryptoengine.workers.csr.utils.ExtensionLibrary;
import net.jami.jams.ca.JamsCA;
import net.jami.jams.ca.workers.csr.utils.CertificateSigner;
import net.jami.jams.ca.workers.csr.utils.ExtensionLibrary;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
......@@ -22,7 +22,7 @@ public class DeviceBuilder {
new JcaX509CertificateHolder(user.getCertificate()).getSubject(),
new BigInteger(256, new SecureRandom()),
new Date(System.currentTimeMillis()),
new Date(System.currentTimeMillis() + CryptoEngine.deviceLifetime),
new Date(System.currentTimeMillis() + JamsCA.deviceLifetime),
device.getCertificationRequest().getSubject(),
device.getCertificationRequest().getSubjectPublicKeyInfo()
);
......
package net.jami.jams.cryptoengine.workers.csr.builders;
package net.jami.jams.ca.workers.csr.builders;
import lombok.extern.slf4j.Slf4j;
import net.jami.jams.common.objects.system.SystemAccount;
import net.jami.jams.cryptoengine.CryptoEngine;
import net.jami.jams.cryptoengine.workers.csr.utils.CertificateSigner;
import net.jami.jams.cryptoengine.workers.csr.utils.ExtensionLibrary;
import net.jami.jams.ca.JamsCA;
import net.jami.jams.ca.workers.csr.utils.CertificateSigner;
import net.jami.jams.ca.workers.csr.utils.ExtensionLibrary;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509v3CertificateBuilder;
......@@ -29,7 +29,7 @@ public class SystemAccountBuilder {
new X500Name("CN=" + systemAccount.getX509Fields().getDN()),
new BigInteger(256, new SecureRandom()),
new Date(System.currentTimeMillis()),
new Date(System.currentTimeMillis() + CryptoEngine.caLifetime),
new Date(System.currentTimeMillis() + JamsCA.caLifetime),
new X500Name("CN="+ systemAccount.getX509Fields().getDN()),
SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded())
);
......@@ -51,15 +51,15 @@ public class SystemAccountBuilder {
keyPairGenerator.initialize(4096);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
X509v3CertificateBuilder builder = new X509v3CertificateBuilder(
new JcaX509CertificateHolder(CryptoEngine.CA.getCertificate()).getSubject(),
new JcaX509CertificateHolder(JamsCA.CA.getCertificate()).getSubject(),
new BigInteger(256, new SecureRandom()),
new Date(System.currentTimeMillis()),
new Date(System.currentTimeMillis() + CryptoEngine.caLifetime),
new Date(System.currentTimeMillis() + JamsCA.caLifetime),
new X500Name("CN=" + systemAccount.getX509Fields().getDN()),
SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded())
);
systemAccount.setPrivateKey(keyPair.getPrivate());
systemAccount.setCertificate(CertificateSigner.signCertificate(CryptoEngine.CA.getPrivateKey(), builder, ExtensionLibrary.caExtensions));
systemAccount.setCertificate(CertificateSigner.signCertificate(JamsCA.CA.getPrivateKey(), builder, ExtensionLibrary.caExtensions));
return systemAccount;
}
catch (Exception e){
......
package net.jami.jams.cryptoengine.workers.csr.builders;
package net.jami.jams.ca.workers.csr.builders;
import lombok.extern.slf4j.Slf4j;
import net.jami.jams.common.objects.user.User;
import net.jami.jams.cryptoengine.CryptoEngine;
import net.jami.jams.cryptoengine.workers.csr.utils.CertificateSigner;
import net.jami.jams.cryptoengine.workers.csr.utils.ExtensionLibrary;
import net.jami.jams.ca.JamsCA;
import net.jami.jams.ca.workers.csr.utils.CertificateSigner;
import net.jami.jams.ca.workers.csr.utils.ExtensionLibrary;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509v3CertificateBuilder;
......@@ -25,15 +25,15 @@ public class UserBuilder {
keyPairGenerator.initialize(4096);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
X509v3CertificateBuilder builder = new X509v3CertificateBuilder(
new JcaX509CertificateHolder(CryptoEngine.CA.getCertificate()).getSubject(),
new JcaX509CertificateHolder(JamsCA.CA.getCertificate()).getSubject(),
new BigInteger(256, new SecureRandom()),
new Date(System.currentTimeMillis()),
new Date(System.currentTimeMillis() + CryptoEngine.userLifetime),
new Date(System.currentTimeMillis() + JamsCA.userLifetime),
new X500Name(user.getX509Fields().getDN()),
SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded())
);
user.setPrivateKey(keyPair.getPrivate());
user.setCertificate(CertificateSigner.signCertificate(CryptoEngine.CA.getPrivateKey(),builder, ExtensionLibrary.userExtensions));
user.setCertificate(CertificateSigner.signCertificate(JamsCA.CA.getPrivateKey(),builder, ExtensionLibrary.userExtensions));
return user;
}
catch (Exception e){
......
package net.jami.jams.cryptoengine.workers.csr.utils;
package net.jami.jams.ca.workers.csr.utils;
import lombok.Getter;
import lombok.Setter;
......
package net.jami.jams.cryptoengine.workers.csr.utils;
package net.jami.jams.ca.workers.csr.utils;
import lombok.extern.slf4j.Slf4j;
import net.jami.jams.cryptoengine.CryptoEngine;
import net.jami.jams.ca.JamsCA;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
......@@ -30,7 +30,7 @@ public class CertificateSigner {
certificateBuilder.addExtension((ASN1ObjectIdentifier) extensions[0],(boolean) extensions[1],(ASN1Encodable) extensions[2]);
}
//Initialize the signing.
AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(CryptoEngine.signingAlgorithm);
AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(JamsCA.signingAlgorithm);
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
AsymmetricKeyParameter asymmetricKeyParameter = PrivateKeyFactory.createKey(privateKey.getEncoded());
//Sign the certificate.
......
package net.jami.jams.cryptoengine.workers.csr.utils;
package net.jami.jams.ca.workers.csr.utils;
import net.jami.jams.cryptoengine.CryptoEngine;
import net.jami.jams.ca.JamsCA;
import org.bouncycastle.asn1.x509.*;
public class ExtensionLibrary {
......@@ -16,14 +16,14 @@ public class ExtensionLibrary {
//Pre-Define the CRL Distribution Point
DistributionPoint[] distPoints = new DistributionPoint[1];
distPoints[0] = new DistributionPoint(new DistributionPointName(
new GeneralNames(new GeneralName(SCHEMA, CryptoEngine.serverDomain + "/api/auth/crl")))
new GeneralNames(new GeneralName(SCHEMA, JamsCA.serverDomain + "/api/auth/crl")))
, null, null
);
//Pre-Define the AIA Point
AccessDescription accessDescription = new AccessDescription(
AccessDescription.id_ad_ocsp,
new GeneralName(SCHEMA,CryptoEngine.serverDomain + "/api/auth/ocsp")
new GeneralName(SCHEMA, JamsCA.serverDomain + "/api/auth/ocsp")
);
//CA Extensions.
......
package net.jami.jams.cryptoengine.workers.ocsp;
package net.jami.jams.ca.workers.ocsp;
import lombok.extern.slf4j.Slf4j;
import net.jami.jams.cryptoengine.workers.X509Worker;
import net.jami.jams.ca.workers.X509Worker;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
......
package net.jami.jams.cryptoengine.workers.csr.builders;
package net.jami.jams.ca.workers.csr.builders;
import net.jami.jams.common.authentication.AuthenticationSourceType;
import net.jami.jams.common.objects.devices.Device;
......@@ -9,7 +9,7 @@ import net.jami.jams.common.objects.system.SystemAccount;
import net.jami.jams.common.objects.system.SystemAccountType;
import net.jami.jams.common.objects.user.User;
import net.jami.jams.common.utils.X509Utils;
import net.jami.jams.cryptoengine.CryptoEngine;
import net.jami.jams.ca.JamsCA;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
......@@ -23,8 +23,8 @@ class SystemAccountBuilderTest {
@BeforeAll
static void setUp() throws Exception{
CryptoEngine.serverDomain = "https://localhost";
CryptoEngine.signingAlgorithm = "SHA512WITHRSA";
JamsCA.serverDomain = "https://localhost";
JamsCA.signingAlgorithm = "SHA512WITHRSA";
InputStream path;
ClassLoader classLoader = Thread.currentThread().getContextClassLoader();
path = classLoader.getResourceAsStream("pkcs10request.txt");
......@@ -41,7 +41,7 @@ class SystemAccountBuilderTest {
caAccount = SystemAccountBuilder.generateCA(caAccount);
Assertions.assertNotNull(caAccount.getCertificate(),"CA Certificate was not generated!");
CryptoEngine.CA = caAccount;
JamsCA.CA = caAccount;
//Generate OCSP
SystemAccount ocspAccount = new SystemAccount();
......@@ -77,27 +77,27 @@ class SystemAccountBuilderTest {
caAccount = SystemAccountBuilder.generateCA(caAccount);
Assertions.assertNotNull(caAccount.getCertificate(),"CA Certificate was not generated!");
CryptoEngine cryptoEngine = new CryptoEngine();
cryptoEngine.init("http://localhost","SHA512WITHRSA",caAccount,null);
JamsCA jamsCA = new JamsCA();
jamsCA.init("http://localhost","SHA512WITHRSA",caAccount,null);
RevocationRequest revocationRequest = new RevocationRequest();
revocationRequest.setIdentifier(new BigInteger("91828882"));
revocationRequest.setRevocationType(RevocationType.USER);
cryptoEngine.revokeCertificate(revocationRequest);
jamsCA.revokeCertificate(revocationRequest);
synchronized (this){
this.wait(2_000);
}
Assertions.assertNotNull(cryptoEngine.getLatestCRL());
Assertions.assertEquals(cryptoEngine.getLatestCRL().get().getRevokedCertificates().toArray().length,1,"Expected only 1 certificate!");
Assertions.assertNotNull(jamsCA.getLatestCRL());
Assertions.assertEquals(jamsCA.getLatestCRL().get().getRevokedCertificates().toArray().length,1,"Expected only 1 certificate!");
revocationRequest = new RevocationRequest();
revocationRequest.setIdentifier(new BigInteger("17262653"));
revocationRequest.setRevocationType(RevocationType.USER);
cryptoEngine.revokeCertificate(revocationRequest);
jamsCA.revokeCertificate(revocationRequest);
synchronized (this){
this.wait(2_000);
}
Assertions.assertNotNull(cryptoEngine.getLatestCRL());
Assertions.assertEquals(cryptoEngine.getLatestCRL().get().getRevokedCertificates().toArray().length,2,"Expected only 2 certificates!");
Assertions.assertNotNull(jamsCA.getLatestCRL());
Assertions.assertEquals(jamsCA.getLatestCRL().get().getRevokedCertificates().toArray().length,2,"Expected only 2 certificates!");
......
module jams.server {
requires cryptoengine;
requires jams.ca;
requires jams.common;
requires java.management;
requires lombok;
......
......@@ -48,7 +48,7 @@ public class Server {
userAuthenticationModule = new UserAuthenticationModule();
//Test block
//Step 2: if the server is initialized,
certificateAuthority = CryptoEngineLoader.loadCryptoEngine(dataStore);
certificateAuthority = CryptoEngineLoader.loadCertificateAuthority(dataStore);
isInstalled.set(new File(System.getProperty("user.dir") + File.separator + "config.json").exists());
log.info("Server is already installed: " + isInstalled.get());
......
......@@ -6,16 +6,15 @@ import net.jami.jams.common.cryptoengineapi.CertificateAuthority;
import net.jami.jams.common.dao.StatementElement;
import net.jami.jams.common.dao.StatementList;
import net.jami.jams.common.objects.system.SystemAccount;
import net.jami.jams.server.Server;
import java.util.List;
@Slf4j
public class CryptoEngineLoader {
public static CertificateAuthority loadCryptoEngine(DataStore dataStore){
public static CertificateAuthority loadCertificateAuthority(DataStore dataStore){
try {
Class<?> cls = LibraryLoader.classLoader.loadClass("net.jami.jams.cryptoengine.CryptoEngine");
Class<?> cls = LibraryLoader.classLoader.loadClass("net.jami.jams.ca.JamsCA");
CertificateAuthority certificateAuthority = (CertificateAuthority) cls.getConstructor().newInstance();
StatementList statementList = new StatementList();
statementList.addStatement(new StatementElement("entity","=","CA",""));
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment