List of usage examples for org.bouncycastle.openssl PEMParser readObject
public Object readObject() throws IOException
From source file:org.apache.james.jwt.PublicKeyReader.java
License:Apache License
private Optional<PublicKey> publicKeyFrom(PEMParser reader) { try {/*from ww w.j ava 2 s .c om*/ Object readPEM = reader.readObject(); if (readPEM instanceof SubjectPublicKeyInfo) { return Optional.of(new JcaPEMKeyConverter().getPublicKey((SubjectPublicKeyInfo) readPEM)); } LOGGER.warn("Key is not an instance of SubjectPublicKeyInfo but of " + readPEM); return Optional.empty(); } catch (IOException e) { LOGGER.warn("Error when reading the PEM file", e); return Optional.empty(); } }
From source file:org.appenders.log4j2.elasticsearch.tls.KeyReader.java
License:Open Source License
public PKCS8EncodedKeySpec readPrivateKey(FileInputStream fis, Optional<String> keyPassword) throws IOException { PEMParser keyReader = new PEMParser(new InputStreamReader(fis)); PEMDecryptorProvider decryptorProvider = new JcePEMDecryptorProviderBuilder() .build(keyPassword.get().toCharArray()); Object keyPair = keyReader.readObject(); keyReader.close();/*w ww .ja v a 2 s . co m*/ PrivateKeyInfo keyInfo; if (keyPair instanceof PEMEncryptedKeyPair) { PEMKeyPair decryptedKeyPair = ((PEMEncryptedKeyPair) keyPair).decryptKeyPair(decryptorProvider); keyInfo = decryptedKeyPair.getPrivateKeyInfo(); } else { keyInfo = ((PEMKeyPair) keyPair).getPrivateKeyInfo(); } return new PKCS8EncodedKeySpec(keyInfo.getEncoded()); }
From source file:org.bitrepository.protocol.security.BasicSecurityManager.java
License:Open Source License
/** * Attempts to load the pillars private key and certificate from a PEM formatted file. * @param privateKeyFile, path to the file containing the components private key and certificate, may be null * @throws IOException if the file cannot be found or read. * @throws KeyStoreException if there is problems with adding the privateKeyEntry to keyStore * @throws CertificateException /*from www . j av a2 s.c o m*/ */ private void loadPrivateKey(String privateKeyFile) throws IOException, KeyStoreException, CertificateException { PrivateKey privKey = null; X509Certificate privCert = null; if (!(new File(privateKeyFile)).isFile()) { log.info("Key file '" + privateKeyFile + "' with private key and certificate does not exist!"); return; } BufferedReader bufferedReader = new BufferedReader(new FileReader(privateKeyFile)); PEMParser pemParser = new PEMParser(bufferedReader); Object pemObj = pemParser.readObject(); while (pemObj != null) { if (pemObj instanceof X509Certificate) { log.debug("Certificate for PrivateKeyEntry found"); privCert = (X509Certificate) pemObj; } else if (pemObj instanceof PrivateKey) { log.debug("Key for PrivateKeyEntry found"); privKey = (PrivateKey) pemObj; } else if (pemObj instanceof X509CertificateHolder) { log.debug("X509CertificateHolder found"); privCert = new JcaX509CertificateConverter().setProvider("BC") .getCertificate((X509CertificateHolder) pemObj); } else if (pemObj instanceof PrivateKeyInfo) { log.debug("PrivateKeyInfo found"); PrivateKeyInfo pki = (PrivateKeyInfo) pemObj; JcaPEMKeyConverter converter = new JcaPEMKeyConverter(); privKey = converter.getPrivateKey(pki); } else { log.debug("Got something, that we don't (yet) recognize. Class: " + pemObj.getClass().getSimpleName()); } pemObj = pemParser.readObject(); } pemParser.close(); if (privKey == null || privCert == null) { log.info("No material to create private key entry found!"); } else { privCert.checkValidity(); privateKeyEntry = new PrivateKeyEntry(privKey, new Certificate[] { privCert }); keyStore.setEntry(SecurityModuleConstants.privateKeyAlias, privateKeyEntry, new KeyStore.PasswordProtection(defaultPassword.toCharArray())); } }
From source file:org.cloudfoundry.security.PrivateKeyFactory.java
License:Apache License
static PrivateKey generate(Path path) throws IOException { try (Reader in = Files.newBufferedReader(path, StandardCharsets.UTF_8)) { PEMParser parser = new PEMParser(in); Object keyPair = parser.readObject(); if (!(keyPair instanceof PEMKeyPair)) { throw new IllegalStateException( String.format("%s contains an artifact that is not a key pair: %s", path, keyPair)); }/*from ww w . j a v a 2 s . c o m*/ PrivateKeyInfo privateKeyInfo = ((PEMKeyPair) keyPair).getPrivateKeyInfo(); if (privateKeyInfo == null) { throw new IllegalStateException(String.format("%s does not contain a private key", path)); } return CONVERTER.getPrivateKey(privateKeyInfo); } }
From source file:org.cloudfoundry.security.X509CertificateFactory.java
License:Apache License
static List<X509Certificate> generate(Path path) throws IOException, CertificateException { List<X509Certificate> certificates = new ArrayList<>(); try (Reader in = Files.newBufferedReader(path, StandardCharsets.UTF_8)) { PEMParser parser = new PEMParser(in); Object certificate;/*from w w w. j a va2s .c o m*/ while ((certificate = parser.readObject()) != null) { if (!(certificate instanceof X509CertificateHolder)) { throw new IllegalStateException(String .format("%s contains an artifact that is not a certificate: %s", path, certificate)); } certificates.add(CONVERTER.getCertificate((X509CertificateHolder) certificate)); } } return certificates; }
From source file:org.codice.ddf.security.certificate.keystore.editor.KeystoreEditor.java
License:Open Source License
private synchronized void addToStore(String alias, String keyPassword, String storePassword, String data, String type, String fileName, String path, String storepass, KeyStore store) throws KeystoreEditorException { OutputStream fos = null;/*from w w w . ja v a 2 s . c o m*/ try (InputStream inputStream = new ByteArrayInputStream(Base64.getDecoder().decode(data))) { if (StringUtils.isBlank(alias)) { throw new IllegalArgumentException("Alias cannot be null."); } Path storeFile = Paths.get(path); //check the two most common key/cert stores first (pkcs12 and jks) if (PKCS12_TYPE.equals(type) || StringUtils.endsWithIgnoreCase(fileName, ".p12")) { //priv key + cert chain KeyStore pkcs12Store = KeyStore.getInstance("PKCS12"); pkcs12Store.load(inputStream, storePassword.toCharArray()); Certificate[] chain = pkcs12Store.getCertificateChain(alias); Key key = pkcs12Store.getKey(alias, keyPassword.toCharArray()); if (key != null) { store.setKeyEntry(alias, key, keyPassword.toCharArray(), chain); fos = Files.newOutputStream(storeFile); store.store(fos, storepass.toCharArray()); } } else if (JKS_TYPE.equals(type) || StringUtils.endsWithIgnoreCase(fileName, ".jks")) { //java keystore file KeyStore jks = KeyStore.getInstance("jks"); jks.load(inputStream, storePassword.toCharArray()); Enumeration<String> aliases = jks.aliases(); //we are going to store all entries from the jks regardless of the passed in alias while (aliases.hasMoreElements()) { String jksAlias = aliases.nextElement(); if (jks.isKeyEntry(jksAlias)) { Key key = jks.getKey(jksAlias, keyPassword.toCharArray()); Certificate[] certificateChain = jks.getCertificateChain(jksAlias); store.setKeyEntry(jksAlias, key, keyPassword.toCharArray(), certificateChain); } else { Certificate certificate = jks.getCertificate(jksAlias); store.setCertificateEntry(jksAlias, certificate); } } fos = Files.newOutputStream(storeFile); store.store(fos, storepass.toCharArray()); //need to parse der separately from pem, der has the same mime type but is binary hence checking both } else if (DER_TYPE.equals(type) && StringUtils.endsWithIgnoreCase(fileName, ".der")) { ASN1InputStream asn1InputStream = new ASN1InputStream(inputStream); ASN1Primitive asn1Primitive = asn1InputStream.readObject(); X509CertificateHolder x509CertificateHolder = new X509CertificateHolder(asn1Primitive.getEncoded()); CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC"); Certificate certificate = certificateFactory .generateCertificate(new ByteArrayInputStream(x509CertificateHolder.getEncoded())); X500Name x500name = new JcaX509CertificateHolder((X509Certificate) certificate).getSubject(); RDN cn = x500name.getRDNs(BCStyle.CN)[0]; String cnStr = IETFUtils.valueToString(cn.getFirst().getValue()); if (!store.isCertificateEntry(cnStr) && !store.isKeyEntry(cnStr)) { store.setCertificateEntry(cnStr, certificate); } store.setCertificateEntry(alias, certificate); fos = Files.newOutputStream(storeFile); store.store(fos, storepass.toCharArray()); //if it isn't one of the stores we support, it might be a key or cert by itself } else if (isPemParsable(type, fileName)) { //This is the catch all case for PEM, P7B, etc. with common file extensions if the mime type isn't read correctly in the browser Reader reader = new BufferedReader(new InputStreamReader(inputStream, StandardCharsets.UTF_8)); PEMParser pemParser = new PEMParser(reader); Object object; boolean setEntry = false; while ((object = pemParser.readObject()) != null) { if (object instanceof PEMEncryptedKeyPair || object instanceof PEMKeyPair) { PEMKeyPair pemKeyPair; if (object instanceof PEMEncryptedKeyPair) { PEMEncryptedKeyPair pemEncryptedKeyPairKeyPair = (PEMEncryptedKeyPair) object; JcePEMDecryptorProviderBuilder jcePEMDecryptorProviderBuilder = new JcePEMDecryptorProviderBuilder(); pemKeyPair = pemEncryptedKeyPairKeyPair.decryptKeyPair( jcePEMDecryptorProviderBuilder.build(keyPassword.toCharArray())); } else { pemKeyPair = (PEMKeyPair) object; } KeyPair keyPair = new JcaPEMKeyConverter().setProvider("BC").getKeyPair(pemKeyPair); PrivateKey privateKey = keyPair.getPrivate(); Certificate[] chain = store.getCertificateChain(alias); if (chain == null) { chain = buildCertChain(alias, store); } store.setKeyEntry(alias, privateKey, keyPassword.toCharArray(), chain); setEntry = true; } else if (object instanceof X509CertificateHolder) { X509CertificateHolder x509CertificateHolder = (X509CertificateHolder) object; CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC"); Certificate certificate = certificateFactory .generateCertificate(new ByteArrayInputStream(x509CertificateHolder.getEncoded())); X500Name x500name = new JcaX509CertificateHolder((X509Certificate) certificate) .getSubject(); RDN cn = x500name.getRDNs(BCStyle.CN)[0]; String cnStr = IETFUtils.valueToString(cn.getFirst().getValue()); if (!store.isCertificateEntry(cnStr) && !store.isKeyEntry(cnStr)) { store.setCertificateEntry(cnStr, certificate); } store.setCertificateEntry(alias, certificate); setEntry = true; } else if (object instanceof ContentInfo) { ContentInfo contentInfo = (ContentInfo) object; if (contentInfo.getContentType().equals(CMSObjectIdentifiers.envelopedData)) { CMSEnvelopedData cmsEnvelopedData = new CMSEnvelopedData(contentInfo); OriginatorInfo originatorInfo = cmsEnvelopedData.getOriginatorInfo().toASN1Structure(); ASN1Set certificates = originatorInfo.getCertificates(); setEntry = importASN1CertificatesToStore(store, setEntry, certificates); } else if (contentInfo.getContentType().equals(CMSObjectIdentifiers.signedData)) { SignedData signedData = SignedData.getInstance(contentInfo.getContent()); ASN1Set certificates = signedData.getCertificates(); setEntry = importASN1CertificatesToStore(store, setEntry, certificates); } } else if (object instanceof PKCS8EncryptedPrivateKeyInfo) { PKCS8EncryptedPrivateKeyInfo pkcs8EncryptedPrivateKeyInfo = (PKCS8EncryptedPrivateKeyInfo) object; Certificate[] chain = store.getCertificateChain(alias); if (chain == null) { chain = buildCertChain(alias, store); } try { store.setKeyEntry(alias, pkcs8EncryptedPrivateKeyInfo.getEncoded(), chain); setEntry = true; } catch (KeyStoreException keyEx) { try { PKCS8Key pkcs8Key = new PKCS8Key(pkcs8EncryptedPrivateKeyInfo.getEncoded(), keyPassword.toCharArray()); store.setKeyEntry(alias, pkcs8Key.getPrivateKey(), keyPassword.toCharArray(), chain); setEntry = true; } catch (GeneralSecurityException e) { LOGGER.info( "Unable to add PKCS8 key to keystore with secondary method. Throwing original exception.", e); throw keyEx; } } } } if (setEntry) { fos = Files.newOutputStream(storeFile); store.store(fos, storepass.toCharArray()); } } } catch (Exception e) { LOGGER.info("Unable to add entry {} to store", alias, e); throw new KeystoreEditorException("Unable to add entry " + alias + " to store", e); } finally { if (fos != null) { try { fos.close(); } catch (IOException ignore) { } } } init(); }
From source file:org.commonjava.util.jhttpc.INTERNAL.util.BouncyCastleUtils.java
License:Apache License
public static KeyStore readKeyAndCertFromPem(String pemContent, String keyPass) throws NoSuchAlgorithmException, CertificateException, KeyStoreException, IOException, JHttpCException { Logger logger = LoggerFactory.getLogger(BouncyCastleUtils.class); final KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(null);/* w ww . ja va 2s .co m*/ // final KeyManagerFactory kmfactory = KeyManagerFactory.getInstance( // KeyManagerFactory.getDefaultAlgorithm()); // // kmfactory.init(ks, keyPass.toCharArray()); // final CertificateFactory certFactory = CertificateFactory.getInstance( "X.509" ); // Pattern keyTypePattern = Pattern.compile( KEY_TYPE_PATTERN ); // Matcher matcher = keyTypePattern.matcher( pemContent ); // String keyType = "RSA"; // if ( matcher.find() ) // { // String type = matcher.group( 1 ); // if ( "ENCRYPTED".equals( type ) ) // { // keyType = "PKCS8"; // } // else // { // keyType = type; // } // } // // logger.trace( "Using key factory for type: {}", keyType ); // final KeyFactory keyFactory = KeyFactory.getInstance( keyType ); // final List<String> lines = SSLUtils.readLines( pemContent ); // // String currentHeader = null; // final StringBuilder current = new StringBuilder(); int certIdx = 0; BouncyCastleProvider bcProvider = new BouncyCastleProvider(); InputDecryptorProvider provider = new JcePKCSPBEInputDecryptorProviderBuilder().setProvider(bcProvider) .build(keyPass.toCharArray()); final List<Certificate> certs = new ArrayList<Certificate>(); PrivateKey key = null; PEMParser pemParser = new PEMParser(new StringReader(pemContent)); Object pemObj = null; while ((pemObj = pemParser.readObject()) != null) { logger.trace("Got PEM object: {}", pemObj); if (pemObj instanceof X509CertificateHolder) { X509CertificateHolder holder = (X509CertificateHolder) pemObj; X509Certificate certificate = new JcaX509CertificateConverter().setProvider(bcProvider) .getCertificate(holder); certs.add(certificate); Set<String> aliases = new HashSet<String>(); aliases.add("certificate" + certIdx); extractAliases(certificate, aliases); KeyStore.TrustedCertificateEntry ksEntry = new KeyStore.TrustedCertificateEntry(certificate); for (String alias : aliases) { ks.setEntry(alias, ksEntry, null); logger.trace("Storing trusted cert under alias: {}\n with DN: {}", alias, certificate.getSubjectDN().getName()); } certIdx++; } else if (pemObj instanceof PKCS8EncryptedPrivateKeyInfo) { PKCS8EncryptedPrivateKeyInfo keyInfo = (PKCS8EncryptedPrivateKeyInfo) pemObj; PrivateKeyInfo privateKeyInfo = null; try { privateKeyInfo = keyInfo.decryptPrivateKeyInfo(provider); } catch (PKCSException e) { throw new JHttpCException("Failed to decrypt key/certificate: %s", e, e.getMessage()); } key = new JcaPEMKeyConverter().getPrivateKey(privateKeyInfo); } else if (pemObj instanceof PEMEncryptedKeyPair) { PEMEncryptedKeyPair keyPair = (PEMEncryptedKeyPair) pemObj; PEMKeyPair decryptedKeyPair = keyPair .decryptKeyPair(new BcPEMDecryptorProvider(keyPass.toCharArray())); PrivateKeyInfo privateKeyInfo = decryptedKeyPair.getPrivateKeyInfo(); key = new JcaPEMKeyConverter().getPrivateKey(privateKeyInfo); } else { logger.trace("Got unrecognized PEM object: {} (class: {})", pemObj, (pemObj == null ? "NULL" : pemObj.getClass().getName())); } logger.trace("Got private key:\n{}\n", key); } if (key != null && !certs.isEmpty()) { logger.trace("Setting key entry: {}", key); ks.setKeyEntry(MonolithicKeyStrategy.KEY, key, keyPass.toCharArray(), certs.toArray(new Certificate[certs.size()])); } else { logger.warn("No private key found in PEM!"); } return ks; }
From source file:org.crsh.ssh.util.KeyPairUtils.java
License:Open Source License
public static Object readKey(Reader reader) throws Exception { try {/*w w w . ja va 2 s. c o m*/ PEMParser pemParser = new PEMParser(reader); try { return pemParser.readObject(); } finally { pemParser.close(); } } catch (NoClassDefFoundError e) { //. We use reflection here to keep compatible with old library of bouncycastle Class<?> pemReaderClass = Class.forName("org.bouncycastle.openssl.PEMReader"); PemReader r = (PemReader) pemReaderClass.getConstructor(Reader.class).newInstance(reader); try { return pemReaderClass.getMethod("readObject").invoke(r); } finally { r.close(); } } }
From source file:org.cryptoworkshop.ximix.console.applet.CommandApplet.java
License:Apache License
public void init() { if (Security.getProvider("BC") == null) { Security.addProvider(new BouncyCastleProvider()); }//from w w w.j a v a 2s. com final URL mixnetConf = getConfURL(); final URL trustCa = getCaURL(); JPanel topPanel = new JPanel(); topPanel.setLayout(new BoxLayout(topPanel, BoxLayout.X_AXIS)); JPanel uploadPanel = new JPanel(); uploadPanel.setBorder(BorderFactory.createTitledBorder("Upload Source Directory")); JButton uploadBrowseButton = new JButton("..."); final JTextField uploadDirField = new JTextField(20); final XimixRegistrar adminRegistrar; try { PEMParser pemParser = new PEMParser(new InputStreamReader(trustCa.openStream())); trustAnchor = new JcaX509CertificateConverter().setProvider("BC") .getCertificate((X509CertificateHolder) pemParser.readObject()); adminRegistrar = XimixRegistrarFactory.createAdminServiceRegistrar(mixnetConf.openStream(), new EventNotifier() { @Override public void notify(Level level, Throwable throwable) { System.err.print(level + " " + throwable.getMessage()); throwable.printStackTrace(System.err); } @Override public void notify(Level level, Object detail) { System.err.println(level + " " + detail.toString()); } @Override public void notify(Level level, Object detail, Throwable throwable) { System.err.println(level + " " + detail.toString()); throwable.printStackTrace(System.err); } }); } catch (Exception e) { throw new IllegalStateException("Can't parse trust anchor.", e); } uploadBrowseButton.addActionListener(new ActionListener() { @Override public void actionPerformed(ActionEvent actionEvent) { JFileChooser chooser = new JFileChooser(); chooser.setFileSelectionMode(JFileChooser.DIRECTORIES_ONLY); int result = chooser.showDialog(CommandApplet.this, "Select"); if (result == JFileChooser.APPROVE_OPTION) { uploadDirField.setText(chooser.getSelectedFile().getAbsolutePath()); } } }); uploadPanel.add(uploadDirField); uploadPanel.add(uploadBrowseButton); JPanel downloadPanel = new JPanel(); downloadPanel.setBorder(BorderFactory.createTitledBorder("Download Directory")); JButton downloadBrowseButton = new JButton("..."); final JTextField downloadDirField = new JTextField(20); downloadBrowseButton.addActionListener(new ActionListener() { @Override public void actionPerformed(ActionEvent actionEvent) { JFileChooser chooser = new JFileChooser(); chooser.setFileSelectionMode(JFileChooser.DIRECTORIES_ONLY); int result = chooser.showDialog(CommandApplet.this, "Select"); if (result == JFileChooser.APPROVE_OPTION) { downloadDirField.setText(chooser.getSelectedFile().getAbsolutePath()); } } }); downloadPanel.add(downloadDirField); downloadPanel.add(downloadBrowseButton); JPanel tablePanel = new JPanel(); tablePanel.setLayout(new BoxLayout(tablePanel, BoxLayout.Y_AXIS)); JPanel topTablePanel = new JPanel(); topTablePanel.setLayout(new BoxLayout(topTablePanel, BoxLayout.X_AXIS)); final JTextField shufflePlan = new JTextField(30); final EventNotifier eventNotifier = new EventNotifier() { @Override public void notify(Level level, Throwable throwable) { System.err.print(level + " " + throwable.getMessage()); throwable.printStackTrace(System.err); } @Override public void notify(Level level, Object detail) { System.err.println(level + " " + detail.toString()); } @Override public void notify(Level level, Object detail, Throwable throwable) { System.err.println(level + " " + detail.toString()); throwable.printStackTrace(System.err); } }; final JTable boardTable = new JTable(new BoardTableModel()); JButton candidateMapBrowseButton = new JButton("..."); final JTextField configField = new JTextField(20); candidateMapBrowseButton.addActionListener(new ActionListener() { @Override public void actionPerformed(ActionEvent actionEvent) { JFileChooser chooser = new JFileChooser(); chooser.setFileSelectionMode(JFileChooser.FILES_ONLY); int result = chooser.showDialog(CommandApplet.this, "Select"); if (result == JFileChooser.APPROVE_OPTION) { configField.setText(chooser.getSelectedFile().getAbsolutePath()); } } }); JButton uploadButton = new JButton("Do Upload"); final URL finalMixnetConf = mixnetConf; uploadButton.addActionListener(new ActionListener() { @Override public void actionPerformed(ActionEvent actionEvent) { String dirName = uploadDirField.getText().trim(); if (dirName.length() > 0) { Thread taskThread = new Thread(new FullUploadTask((BoardTableModel) boardTable.getModel(), dirName, finalMixnetConf, eventNotifier)); taskThread.setPriority(Thread.NORM_PRIORITY); taskThread.start(); } else { JOptionPane.showMessageDialog(SwingUtilities.windowForComponent(CommandApplet.this), "Please enter an upload source directory.", "Missing Field Error", JOptionPane.ERROR_MESSAGE); return; } } }); topTablePanel.add(uploadButton); JPanel shufflePanel = new JPanel(new FlowLayout(FlowLayout.LEFT)); shufflePanel.add(new JLabel("Shuffle Plan:")); shufflePanel.add(shufflePlan); topTablePanel.add(shufflePanel); final JTextField keyID = new JTextField(15); JTextField threshold = new JTextField(3); keyID.setText("ECENCKEY"); threshold.setText("4"); JButton shuffleButton = new JButton("Shuffle and Download Selected"); shuffleButton.addActionListener(new ActionListener() { @Override public void actionPerformed(ActionEvent actionEvent) { String planStr = shufflePlan.getText().trim(); String dirName = downloadDirField.getText().trim(); String configName = configField.getText().trim(); if (dirName.length() == 0) { JOptionPane.showMessageDialog(SwingUtilities.windowForComponent(CommandApplet.this), "Please enter a download directory.", "Missing Field Error", JOptionPane.ERROR_MESSAGE); return; } if (configName.length() == 0) { JOptionPane.showMessageDialog(SwingUtilities.windowForComponent(CommandApplet.this), "Please enter a candidate configuration file name.", "Missing Field Error", JOptionPane.ERROR_MESSAGE); return; } if (planStr.length() > 0) { String[] plan = planStr.split(","); for (int i = 0; i != plan.length; i++) { plan[i] = plan[i].trim(); if (plan[i].length() == 0) { JOptionPane.showMessageDialog(SwingUtilities.windowForComponent(CommandApplet.this), "Empty node name found.", "Syntax Error", JOptionPane.ERROR_MESSAGE); return; } } Thread taskThread = new Thread(new FullShuffleTask(new File(dirName), keyID.getText().trim(), (BoardTableModel) boardTable.getModel(), plan, finalMixnetConf, configField.getText().trim(), eventNotifier)); taskThread.setPriority(Thread.NORM_PRIORITY); taskThread.start(); } else { JOptionPane.showMessageDialog(SwingUtilities.windowForComponent(CommandApplet.this), "Please enter a shuffle plan.", "Missing Field Error", JOptionPane.ERROR_MESSAGE); } } }); JPanel downloadControlPanel = new JPanel(); downloadControlPanel.setLayout(new BoxLayout(downloadControlPanel, BoxLayout.Y_AXIS)); JPanel downloadKeyPanel = new JPanel(); downloadKeyPanel.setLayout(new BoxLayout(downloadKeyPanel, BoxLayout.X_AXIS)); JButton exportButton = new JButton("Export Key"); exportButton.addActionListener(new ActionListener() { @Override public void actionPerformed(ActionEvent event) { JFileChooser chooser = new JFileChooser(); chooser.setFileSelectionMode(JFileChooser.FILES_ONLY); int result = chooser.showDialog(CommandApplet.this, "Save"); if (result == JFileChooser.APPROVE_OPTION) { try { KeyService keyService = adminRegistrar.connect(KeyService.class); byte[] encPubKey = keyService.fetchPublicKey(keyID.getText().trim()); PEMWriter pWrt = new PEMWriter(new FileWriter(chooser.getSelectedFile().getAbsolutePath())); pWrt.writeObject(new MiscPEMGenerator(SubjectPublicKeyInfo.getInstance(encPubKey))); pWrt.close(); keyService.shutdown(); } catch (Exception e) { // TODO: e.printStackTrace(); } } } }); JPanel keyIDPanel = new JPanel(new FlowLayout(FlowLayout.LEFT)); keyIDPanel.add(new JLabel("Key ID: ")); keyIDPanel.add(keyID); JPanel thresholdPanel = new JPanel(new FlowLayout(FlowLayout.LEFT)); thresholdPanel.add(new JLabel("Threshold")); thresholdPanel.add(threshold); downloadKeyPanel.add(keyIDPanel); downloadKeyPanel.add(thresholdPanel); downloadKeyPanel.add(exportButton); JPanel candidateMapPanel = new JPanel(); candidateMapPanel.add(new JLabel("Candidate Config: ")); candidateMapPanel.add(configField); candidateMapPanel.add(candidateMapBrowseButton); JPanel downloadButtonPanel = new JPanel(); downloadButtonPanel.setLayout(new BoxLayout(downloadButtonPanel, BoxLayout.X_AXIS)); final JButton selectAllButton = new JButton("Select All"); selectAllButton.addActionListener(new ActionListener() { @Override public void actionPerformed(ActionEvent actionEvent) { BoardTableModel tableModel = (BoardTableModel) boardTable.getModel(); if (selectAllButton.getText().startsWith("Sele")) { selectAllButton.setText("Deselect All"); for (BoardEntry entry : tableModel.getEntries()) { entry.setSelected(true); } } else { selectAllButton.setText("Select All"); for (BoardEntry entry : tableModel.getEntries()) { entry.setSelected(false); } } } }); downloadButtonPanel.add(selectAllButton); downloadButtonPanel.add(shuffleButton); downloadControlPanel.add(downloadKeyPanel); downloadControlPanel.add(candidateMapPanel); downloadControlPanel.add(downloadButtonPanel); topTablePanel.add(downloadControlPanel); topTablePanel.add(Box.createHorizontalGlue()); boardTable.getTableHeader().setPreferredSize( new Dimension(boardTable.getColumnModel().getTotalColumnWidth(), boardTable.getRowHeight(0) * 2)); tablePanel.add(topTablePanel); tablePanel.add(new JScrollPane(boardTable)); JPanel basePanel = new JPanel(); basePanel.setLayout(new BoxLayout(basePanel, BoxLayout.Y_AXIS)); topPanel.add(uploadPanel); topPanel.add(Box.createHorizontalGlue()); topPanel.add(downloadPanel); basePanel.add(topPanel); basePanel.add(tablePanel); try { MonitorService monitor = adminRegistrar.connect(MonitorService.class); monitor.addBulletinBoardListener(new NetworkBoardListener() { @Override public void boardChanged(String boardName, BoardDetail boardDetail) { BoardTableModel tableModel = (BoardTableModel) boardTable.getModel(); BoardEntry entry = tableModel.getEntry(boardName, boardDetail.getHost(), boardDetail.getBackupHost()); entry.setMessageCount(boardDetail.getMessageCount()); } }); } catch (RegistrarServiceException e) { // TODO: e.printStackTrace(); } this.getContentPane().add(basePanel); }
From source file:org.cryptoworkshop.ximix.demo.admin.Main.java
License:Apache License
public static void main(String[] args) throws Exception { Security.addProvider(new BouncyCastleProvider()); XimixRegistrar adminRegistrar = XimixRegistrarFactory.createAdminServiceRegistrar(new File(args[0]), new EventNotifier() { @Override/*w w w . java 2s. c om*/ public void notify(Level level, Throwable throwable) { System.err.print(level + " " + throwable.getMessage()); throwable.printStackTrace(System.err); } @Override public void notify(Level level, Object detail) { System.err.println(level + " " + detail.toString()); } @Override public void notify(Level level, Object detail, Throwable throwable) { System.err.println(level + " " + detail.toString()); throwable.printStackTrace(System.err); } }); PEMParser pParse = new PEMParser(new FileReader(args[1])); X509Certificate trustAnchor = new JcaX509CertificateConverter().setProvider("BC") .getCertificate((X509CertificateHolder) pParse.readObject()); pParse.close(); KeyGenerationService keyGenerationService = adminRegistrar.connect(KeyGenerationService.class); byte[] encPubKey = keyGenerationService.fetchPublicKey("ECENCKEY"); if (encPubKey == null) { KeyGenerationOptions keyGenOptions = new KeyGenerationOptions.Builder(Algorithm.EC_ELGAMAL, "secp256r1") .withThreshold(4).withNodes("A", "B", "C", "D", "E").build(); encPubKey = keyGenerationService.generatePublicKey("ECENCKEY", keyGenOptions); } byte[] sigPubKey = keyGenerationService.fetchPublicKey("ECSIGKEY"); if (sigPubKey == null) { KeyGenerationOptions keyGenOptions = new KeyGenerationOptions.Builder(Algorithm.ECDSA, "secp256r1") .withThreshold(2).withNodes("A", "B", "C", "D", "E").build(); sigPubKey = keyGenerationService.generatePublicKey("ECSIGKEY", keyGenOptions); } byte[] blsPubKey = keyGenerationService.fetchPublicKey("BLSSIGKEY"); if (blsPubKey == null) { KeyGenerationOptions keyGenOptions = new KeyGenerationOptions.Builder(Algorithm.BLS, "d62003-159-158.param").withThreshold(3).withNodes("A", "B", "C", "D", "E").build(); blsPubKey = keyGenerationService.generatePublicKey("BLSSIGKEY", keyGenOptions); } CommandService commandService = adminRegistrar.connect(CommandService.class); if (!commandService.isBoardExisting("FRED")) { commandService.createBoard("FRED", new BoardCreationOptions.Builder("B").withBackUpHost("A").build()); } UploadService client = adminRegistrar.connect(UploadService.class); final ECPublicKeyParameters pubKey = (ECPublicKeyParameters) PublicKeyFactory.createKey(encPubKey); final ECElGamalEncryptor encryptor = new ECElGamalEncryptor(); encryptor.init(pubKey); // set up 100 "random" messages we use a seeded random here to make reload testing easier. SecureRandom pointRandom = new SecureRandom() { int counter = 1; public void nextBytes(byte[] data) { data[0] = (byte) counter++; } }; final int numMessages = 100; final Set<ECPoint> part1 = new HashSet<>(); final Set<ECPoint> part2 = new HashSet<>(); final ECPoint[] plainText1 = new ECPoint[numMessages]; final ECPoint[] plainText2 = new ECPoint[numMessages]; for (int i = 0; i != plainText1.length; i++) { plainText1[i] = generatePoint(pubKey.getParameters(), pointRandom); plainText2[i] = generatePoint(pubKey.getParameters(), pointRandom); part1.add(plainText1[i]); part2.add(plainText2[i]); PairSequence encrypted = new PairSequence( new ECPair[] { encryptor.encrypt(plainText1[i]), encryptor.encrypt(plainText2[i]) }); // two column ballot client.uploadMessage("FRED", encrypted.getEncoded()); } final Set<ECPoint> verifiedPart1 = new HashSet<>(part1); final Set<ECPoint> verifiedPart2 = new HashSet<>(part2); // board is hosted on "B" move to "A" then to "C" then back to "B" final CountDownLatch shuffleLatch = new CountDownLatch(1); final Map<String, byte[]> seedCommitmentMap = new HashMap<>(); ShuffleOperationListener shuffleListener = new ShuffleOperationListener() { @Override public void commit(Map<String, byte[]> seedCommitments) { seedCommitmentMap.putAll(seedCommitments); } @Override public void status(ShuffleStatus statusObject) { System.err.println("status: " + statusObject.getMessage()); } @Override public void completed() { shuffleLatch.countDown(); System.err.println("done"); } @Override public void failed(ShuffleStatus errorObject) { shuffleLatch.countDown(); System.err.println("failed: " + errorObject.getMessage()); } }; Operation<ShuffleOperationListener> shuffleOp = commandService.doShuffleAndMove("FRED", new ShuffleOptions.Builder(MultiColumnRowTransform.NAME).withKeyID("ECENCKEY").build(), shuffleListener, "A", "A", "C", "C", "E"); shuffleLatch.await(); // Commented out as this service not available on VEC // final CountDownLatch downloadLatch = new CountDownLatch(1); // // final ByteArrayOutputStream challengeLogStream = new ByteArrayOutputStream(); // // Operation<DownloadOperationListener> op = commandService.downloadBoardContents("FRED", // new DownloadOptions.Builder() // .withKeyID("ECENCKEY") // .withThreshold(4) // .withNodes("A", "B", "C", "D") // .build(), new DownloadOperationListener() // { // int counter = 0; // // @Override // public void messageDownloaded(int index, byte[] message, List<byte[]> proofs) // { // PointSequence decrypted = PointSequence.getInstance(pubKey.getParameters().getCurve(), message); // // if (part1.remove(decrypted.getECPoints()[0]) && part2.remove(decrypted.getECPoints()[1])) // { // System.err.println(index + " message downloaded successfully"); // } // else // { // System.err.println(index + " decryption failed"); // } // // for (int i = 0; i != proofs.size(); i++) // { // try // { // challengeLogStream.write(proofs.get(i)); // } // catch (IOException e) // { // e.printStackTrace(); // } // } // counter++; // } // // @Override // public void completed() // { // downloadLatch.countDown(); // System.err.println("completed " + (numMessages == counter)); // } // // @Override // public void status(String statusObject) // { // System.err.println("status: " + statusObject); // } // // @Override // public void failed(String errorObject) // { // downloadLatch.countDown(); // System.err.println("failed"); // } // }); // // downloadLatch.await(); // // // // // verify the decryption challenge log. // // // ECDecryptionChallengeVerifier challengeVerifier = new ECDecryptionChallengeVerifier(pubKey, new ByteArrayInputStream(challengeLogStream.toByteArray())); // // challengeVerifier.verify(); Map<String, byte[][]> seedAndWitnessesMap = commandService.downloadShuffleSeedsAndWitnesses("FRED", shuffleOp.getOperationNumber(), "A", "C", "E"); SignedDataVerifier signatureVerifier = new SignedDataVerifier(trustAnchor); final CountDownLatch transcriptCompleted = new CountDownLatch(1); final Map<Integer, byte[]> generalTranscripts = new TreeMap<>(); ShuffleTranscriptsDownloadOperationListener transcriptListener = new ShuffleTranscriptsDownloadOperationListener() { @Override public void shuffleTranscriptArrived(long operationNumber, int stepNumber, InputStream transcript) { try { ByteArrayOutputStream bOut = new ByteArrayOutputStream(); BufferedInputStream bIn = new BufferedInputStream(transcript); int ch; while ((ch = bIn.read()) >= 0) { bOut.write(ch); } bOut.close(); generalTranscripts.put(stepNumber, bOut.toByteArray()); } catch (IOException e) { e.printStackTrace(); } } @Override public void completed() { transcriptCompleted.countDown(); } @Override public void status(String statusObject) { //To change body of implemented methods use File | Settings | File Templates. } @Override public void failed(String errorObject) { System.err.println("failed: " + errorObject); transcriptCompleted.countDown(); } }; commandService.downloadShuffleTranscripts("FRED", shuffleOp.getOperationNumber(), new ShuffleTranscriptOptions.Builder(TranscriptType.GENERAL).build(), transcriptListener, "A", "C", "E"); transcriptCompleted.await(); LinkIndexVerifier.Builder builder = new LinkIndexVerifier.Builder(numMessages); builder.setNetworkSeeds(seedCommitmentMap, seedAndWitnessesMap); for (Integer step : generalTranscripts.keySet()) { byte[] bytes = generalTranscripts.get(step); if (signatureVerifier.signatureVerified(new CMSSignedDataParser( new JcaDigestCalculatorProviderBuilder().setProvider("BC").build(), bytes))) { builder.addTranscript(new ByteArrayInputStream(bytes)); } else { System.err.println("General commitment check signature failed"); } } LinkIndexVerifier linkVerifier = builder.build(); byte[] challengeSeed = linkVerifier.getChallengeSeed(); System.err.println("network seed: " + new String(Hex.encode(challengeSeed))); for (Integer step : generalTranscripts.keySet()) { byte[] bytes = generalTranscripts.get(step); if (!signatureVerifier.signatureVerified(new CMSSignedDataParser( new JcaDigestCalculatorProviderBuilder().setProvider("BC").build(), bytes))) { System.err.println("General commitment check signature failed"); } } // // added the distributed seed // final Map<Integer, byte[]> witnessTranscripts = new TreeMap<>(); final CountDownLatch witnessTranscriptCompleted = new CountDownLatch(1); transcriptListener = new ShuffleTranscriptsDownloadOperationListener() { @Override public void shuffleTranscriptArrived(long operationNumber, int stepNumber, InputStream transcript) { try { ByteArrayOutputStream bOut = new ByteArrayOutputStream(); BufferedInputStream bIn = new BufferedInputStream(transcript); int ch; while ((ch = bIn.read()) >= 0) { bOut.write(ch); } bOut.close(); witnessTranscripts.put(stepNumber, bOut.toByteArray()); } catch (IOException e) { e.printStackTrace(); } } @Override public void completed() { witnessTranscriptCompleted.countDown(); } @Override public void status(String statusObject) { //To change body of implemented methods use File | Settings | File Templates. } @Override public void failed(String errorObject) { witnessTranscriptCompleted.countDown(); } }; commandService .downloadShuffleTranscripts("FRED", shuffleOp.getOperationNumber(), new ShuffleTranscriptOptions.Builder(TranscriptType.WITNESSES) .withChallengeSeed(challengeSeed).withPairingEnabled(true).build(), transcriptListener, "A", "C", "E"); witnessTranscriptCompleted.await(); for (Integer step : witnessTranscripts.keySet()) { byte[] bytes = witnessTranscripts.get(step); if (!signatureVerifier.signatureVerified(new CMSSignedDataParser( new JcaDigestCalculatorProviderBuilder().setProvider("BC").build(), bytes))) { System.err.println("Witness commitment check signature failed"); } } // // verify the witness transcripts are correctly generated // for (Integer step : witnessTranscripts.keySet()) { byte[] bytes = witnessTranscripts.get(step); linkVerifier.verify(step, true, new ByteArrayInputStream(bytes)); } // // verify the revealed commitments. // for (Integer key : witnessTranscripts.keySet()) { byte[] transcript = witnessTranscripts.get(key); byte[] initialTranscript = generalTranscripts.get(key); byte[] nextTranscript = generalTranscripts.get(key + 1); ECShuffledTranscriptVerifier verifier = new ECShuffledTranscriptVerifier(pubKey, new ByteArrayInputStream(transcript), new ByteArrayInputStream(initialTranscript), new ByteArrayInputStream(nextTranscript)); verifier.verify(); } System.err.println("transcripts verified"); Map<String, InputStream> streamSeedCommitments = new HashMap<>(); for (String key : seedCommitmentMap.keySet()) { streamSeedCommitments.put(key, new ByteArrayInputStream(seedCommitmentMap.get(key))); } Map<String, InputStream> streamSeedsAndWitnesses = new HashMap<>(); for (String key : seedAndWitnessesMap.keySet()) { byte[][] sAndW = seedAndWitnessesMap.get(key); streamSeedsAndWitnesses.put(key, new ByteArrayInputStream(new SeedAndWitnessMessage(sAndW[0], sAndW[1]).getEncoded())); } Map<Integer, InputStream> streamWitnessTranscripts = new HashMap<>(); for (Integer key : witnessTranscripts.keySet()) { streamWitnessTranscripts.put(key, new ByteArrayInputStream(witnessTranscripts.get(key))); } Map<Integer, InputStream> streamGeneralTranscripts = new HashMap<>(); for (Integer key : generalTranscripts.keySet()) { streamGeneralTranscripts.put(key, new ByteArrayInputStream(generalTranscripts.get(key))); } final CountDownLatch shuffleOutputDownloadCompleted = new CountDownLatch(1); commandService.downloadShuffleResult("FRED", new DownloadShuffleResultOptions.Builder().withKeyID("ECENCKEY").withThreshold(4) .withPairingEnabled(true).withNodes("A", "B", "C", "D", "E").build(), streamSeedCommitments, streamSeedsAndWitnesses, streamGeneralTranscripts, streamWitnessTranscripts, new DownloadOperationListener() { int counter = 0; @Override public void messageDownloaded(int index, byte[] message, List<byte[]> proofs) { PointSequence decrypted = PointSequence.getInstance(pubKey.getParameters().getCurve(), message); if (verifiedPart1.remove(decrypted.getECPoints()[0]) && verifiedPart2.remove(decrypted.getECPoints()[1])) { System.err.println(index + " message downloaded successfully"); } else { System.err.println(index + " decryption failed"); } counter++; } @Override public void completed() { shuffleOutputDownloadCompleted.countDown(); System.err.println("completed " + (numMessages == counter)); } @Override public void status(String statusObject) { System.err.println("status: " + statusObject); } @Override public void failed(String errorObject) { shuffleOutputDownloadCompleted.countDown(); System.err.println("failed " + errorObject); } }); shuffleOutputDownloadCompleted.await(); keyGenerationService.shutdown(); client.shutdown(); commandService.shutdown(); adminRegistrar.shutdown(); }