Java tutorial
/** Copyright 2014-2015 Center for TeleInFrastruktur (CTIF), Aalborg University Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */ package eu.betaas.taas.securitymanager.core.service.impl; import java.security.Security; import org.apache.log4j.Logger; import org.bouncycastle.asn1.x500.X500Name; import org.bouncycastle.asn1.x500.X500NameBuilder; import org.bouncycastle.asn1.x500.style.BCStyle; import org.bouncycastle.cert.X509CertificateHolder; import org.bouncycastle.crypto.AsymmetricCipherKeyPair; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.pkcs.PKCS10CertificationRequest; import org.osgi.framework.BundleContext; import org.osgi.framework.ServiceReference; import org.osgi.util.tracker.ServiceTracker; import eu.betaas.taas.securitymanager.certificate.service.IGatewayCertificateService; import eu.betaas.taas.securitymanager.certificate.service.IGatewayStarCertificateExtService; import eu.betaas.taas.securitymanager.common.ec.ECKeyPairGen; import eu.betaas.taas.securitymanager.common.model.ArrayOfCertificate; //import eu.betaas.taas.securitymanager.core.activator.SecMTaasCoreActivator; import eu.betaas.taas.securitymanager.core.service.IJoinInstanceService; /** * Class implementation of IJoinInstanceService interface * * @author Bayu Anggorojati [ba@es.aau.dk] * Center for TeleInFrastruktur, Aalborg University, Denmark * */ public class JoinInstanceService implements IJoinInstanceService { Logger log = Logger.getLogger("betaas.taas.securitymanager"); /** Bundle Context used in the Activator class */ private BundleContext context; /** Reference to GWCertificateService */ private IGatewayCertificateService gwCertificateService; /** ServiceTracker of GWStarCertificateExtService... */ private ServiceTracker extCertTracker; public JoinInstanceService() { } public boolean requestGwCertificate(String countryCode, String state, String location, String orgName, String gwId) throws Exception { Security.addProvider(new BouncyCastleProvider()); boolean ok = false; log.info("Start the request certificate instance..."); ArrayOfCertificate certsArray = null; // initiate a CertificationRequest message X500NameBuilder x500NameBld = new X500NameBuilder(BCStyle.INSTANCE); x500NameBld.addRDN(BCStyle.C, countryCode); x500NameBld.addRDN(BCStyle.ST, state); x500NameBld.addRDN(BCStyle.L, location); x500NameBld.addRDN(BCStyle.O, orgName); x500NameBld.addRDN(BCStyle.CN, "BETaaS Gateway Certificate"); X500Name subject = x500NameBld.build(); AsymmetricCipherKeyPair kp = ECKeyPairGen.generateECKeyPair192(); // log.info("intServ: "+intServ.toString()); // get the certification request message PKCS10CertificationRequest gwCertReq = gwCertificateService.buildCertificationRequest(subject, kp, gwId); log.info("Successfully generate PKCS10CertificationRequest!!"); // get the GW* external cert. service via ServiceTracker IGatewayStarCertificateExtService extServ = null; extCertTracker = new ServiceTracker(context, IGatewayStarCertificateExtService.class.getName(), null); extCertTracker.open(); // give time to the tracker to find CertificateExtService Thread.sleep(2500); ServiceReference[] refs = extCertTracker.getServiceReferences(); // iterating through the service references for (ServiceReference ref : refs) { log.debug("GW ID: " + ref.getProperty("gwId")); log.debug("Is it GW*: " + ((IGatewayStarCertificateExtService) context.getService(ref)).isGWStar()); // check if the gatewayId of remote GW equals gwStar if (((IGatewayStarCertificateExtService) context.getService(ref)).isGWStar()) { log.debug("Found the ExtCert service of GW*"); extServ = (IGatewayStarCertificateExtService) context.getService(ref); } } // send a request to issue a certificate for me (this GW) to GW* if (gwCertReq != null && extServ != null) { certsArray = extServ.issueGwCertificate(gwCertReq.getEncoded()); X509CertificateHolder[] certs = new X509CertificateHolder[certsArray.getCertificate().size()]; // decode the received array of certificates (consists of intermediate // and my own certificates) from array byte[] to X509Certificate for (int i = 0; i < certsArray.getCertificate().size(); i++) { byte[] cert = certsArray.getCertificate().get(i); certs[i] = new X509CertificateHolder(cert); } log.debug("Start storing the newly created certificate from GW*..."); // now store the certificates in a .p12 file gwCertificateService.storeMyCertificate(kp.getPrivate(), certs); ok = true; log.info("Successfully requesting certificate from GW* and store it"); // closing the service tracker extCertTracker.close(); } return ok; } /** * Blueprint set reference to BundleContext * @param context BundleContext */ public void setContext(BundleContext context) { this.context = context; log.info("Got BundleContext from the blueprint..."); } /** * Blueprint set reference to IGatewayCertificateService * @param gwCertificateService */ public void setGwCertificateService(IGatewayCertificateService gwCertificateService) { this.gwCertificateService = gwCertificateService; } }