Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.iids.aos.kernel
Class SecurityTools

java.lang.Object
  extended by org.iids.aos.kernel.SecurityTools

public class SecurityTools
extends java.lang.Object

Utility class for the major cryptographic operations in the kernel. See also AgentContainer.java

Author:
arno

Field Summary
static java.lang.String KEYSTORE_TYPE
           
 
Constructor Summary
SecurityTools()
           
 
Method Summary
static java.lang.String calculatePeerSCID(java.net.Socket socket)
          Calculate the SCID of a peer
static java.lang.String calculateSCID(java.security.PublicKey pubkey)
          Guido defined the SCID as the BASE32 encoded SHA-1 of the RSA public key.
static java.lang.String certificateToPEM(java.security.cert.Certificate cert)
          Converts a certificate to PEM-encoding
static boolean equalsSCID(java.lang.String a, java.lang.String b)
          Standardized comparison function for SCIDs.
static java.security.KeyStore generateKeyPair(java.lang.String Passphrase, int validityInterval)
          Generate a public/private key pair for the kernel with the public key in a self-signed certificate.
static java.security.KeyStore generateKeyStore(java.security.KeyPair KP, java.security.cert.Certificate[] Chain, java.lang.String Passphrase)
          Create a keystore containing a key pair
static java.security.KeyPair generatePubKeyPair()
          Generate a public/private key pair for the kernel.
static java.lang.String getZeroSCID()
          Returns BASE32 encoded version of a digest/SCID that consists of all 0 bytes
static java.lang.String[] selectUsableSuites(java.lang.String[] wantedSuites, java.lang.String[] supportedSuites)
          Return the list of usable security suites, i.e., suites that are both wanted and supported.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

KEYSTORE_TYPE

public static final java.lang.String KEYSTORE_TYPE
See Also:
Constant Field Values
Constructor Detail

SecurityTools

public SecurityTools()
Method Detail

generateKeyPair

public static java.security.KeyStore generateKeyPair(java.lang.String Passphrase,
                                                     int validityInterval)
                                              throws AuthenticationException
Generate a public/private key pair for the kernel with the public key in a self-signed certificate.

Throws:
AuthenticationException

generatePubKeyPair

public static java.security.KeyPair generatePubKeyPair()
                                                throws java.security.NoSuchAlgorithmException
Generate a public/private key pair for the kernel.

Throws:
java.security.NoSuchAlgorithmException

calculateSCID

public static java.lang.String calculateSCID(java.security.PublicKey pubkey)
                                      throws AuthenticationException
Guido defined the SCID as the BASE32 encoded SHA-1 of the RSA public key. To be more precise, it is equivalent to the X.509 Subject Key Identifier (see RFC3280, $4.2.1.2) which defines it as: (1) The keyIdentifier is composed of the 160-bit SHA-1 hash of the value of the BIT STRING subjectPublicKey (excluding the tag, length, and number of unused bits). The public key is defined as: SubjectPublicKeyInfo ::= SEQUENCE { algorithm AlgorithmIdentifier, subjectPublicKey BIT STRING } AlgorithmIdentifier ::= SEQUENCE { algorithm OBJECT IDENTIFIER, parameters ANY DEFINED BY algorithm OPTIONAL } -- contains a value of the type -- registered for use with the -- algorithm object identifier value The SubjectPublicKeyInfo structure is what Java's PublicKey.getEncoded() returns. So we must decode this structure. AlgorithmIdentifiers for RSA keys are defined in RFC3279 as: $2.3.1 RSA Keys The OID rsaEncryption identifies RSA public keys. pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 } rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1} The rsaEncryption OID is intended to be used in the algorithm field of a value of type AlgorithmIdentifier. The parameters field MUST have ASN.1 type NULL for this algorithm identifier. This is the theory, in practice I've been having some problems with the SubjectPublicKeyInfo, hence I'm using BouncyCastle's stuff that does seem to understand how this cr*p works.

Throws:
AuthenticationException

getZeroSCID

public static java.lang.String getZeroSCID()
Returns BASE32 encoded version of a digest/SCID that consists of all 0 bytes

equalsSCID

public static boolean equalsSCID(java.lang.String a,
                                 java.lang.String b)
Standardized comparison function for SCIDs. Is standardized because Base32 is case-insenstive and we might forget that.

generateKeyStore

public static java.security.KeyStore generateKeyStore(java.security.KeyPair KP,
                                                      java.security.cert.Certificate[] Chain,
                                                      java.lang.String Passphrase)
                                               throws java.security.KeyStoreException,
                                                      java.security.NoSuchAlgorithmException,
                                                      java.security.cert.CertificateException,
                                                      java.io.IOException
Create a keystore containing a key pair

Parameters:
Chain - in user -> root order
Throws:
java.security.KeyStoreException
java.security.NoSuchAlgorithmException
java.security.cert.CertificateException
java.io.IOException

certificateToPEM

public static java.lang.String certificateToPEM(java.security.cert.Certificate cert)
                                         throws java.security.cert.CertificateEncodingException
Converts a certificate to PEM-encoding

Parameters:
cert - The certificate to encode
Returns:
The certificate in PEM.
Throws:
java.security.cert.CertificateEncodingException

calculatePeerSCID

public static java.lang.String calculatePeerSCID(java.net.Socket socket)
                                          throws AuthenticationException
Calculate the SCID of a peer

Parameters:
socket - TLS socket to the peer
Returns:
peer's SCID
Throws:
AuthenticationException

selectUsableSuites

public static java.lang.String[] selectUsableSuites(java.lang.String[] wantedSuites,
                                                    java.lang.String[] supportedSuites)
                                             throws NoKnownSecuritySuiteException
Return the list of usable security suites, i.e., suites that are both wanted and supported.

Throws:
NoKnownSecuritySuiteException
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2003, 2004 IIDS Group. All Rights Reserved.