1
/*******************************************************************************
2
*Copyright (c) 2009 Eucalyptus Systems, Inc.
4
* This program is free software: you can redistribute it and/or modify
5
* it under the terms of the GNU General Public License as published by
6
* the Free Software Foundation, only version 3 of the License.
9
* This file is distributed in the hope that it will be useful, but WITHOUT
10
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14
* You should have received a copy of the GNU General Public License along
15
* with this program. If not, see <http://www.gnu.org/licenses/>.
17
* Please contact Eucalyptus Systems, Inc., 130 Castilian
18
* Dr., Goleta, CA 93101 USA or visit <http://www.eucalyptus.com/licenses/>
19
* if you need additional information or have any questions.
21
* This file may incorporate work covered under the following copyright and
24
* Software License Agreement (BSD License)
26
* Copyright (c) 2008, Regents of the University of California
27
* All rights reserved.
29
* Redistribution and use of this software in source and binary forms, with
30
* or without modification, are permitted provided that the following
33
* Redistributions of source code must retain the above copyright notice,
34
* this list of conditions and the following disclaimer.
36
* Redistributions in binary form must reproduce the above copyright
37
* notice, this list of conditions and the following disclaimer in the
38
* documentation and/or other materials provided with the distribution.
40
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
41
* IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
42
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
43
* PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
44
* OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
45
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
46
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
47
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
48
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
49
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
50
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. USERS OF
51
* THIS SOFTWARE ACKNOWLEDGE THE POSSIBLE PRESENCE OF OTHER OPEN SOURCE
52
* LICENSED MATERIAL, COPYRIGHTED MATERIAL OR PATENTED MATERIAL IN THIS
53
* SOFTWARE, AND IF ANY SUCH MATERIAL IS DISCOVERED THE PARTY DISCOVERING
54
* IT MAY INFORM DR. RICH WOLSKI AT THE UNIVERSITY OF CALIFORNIA, SANTA
55
* BARBARA WHO WILL THEN ASCERTAIN THE MOST APPROPRIATE REMEDY, WHICH IN
56
* THE REGENTS’ DISCRETION MAY INCLUDE, WITHOUT LIMITATION, REPLACEMENT
57
* OF THE CODE SO IDENTIFIED, LICENSING OF THE CODE SO IDENTIFIED, OR
58
* WITHDRAWAL OF THE CODE CAPABILITY TO THE EXTENT NEEDED TO COMPLY WITH
59
* ANY SUCH LICENSES OR RIGHTS.
60
*******************************************************************************/
65
* Author: chris grzegorczyk <grze@eucalyptus.com>
67
package com.eucalyptus.auth.util;
69
import org.apache.log4j.Logger;
70
import org.bouncycastle.asn1.x509.BasicConstraints;
71
import org.bouncycastle.asn1.x509.X509Extensions;
72
import org.bouncycastle.openssl.PEMWriter;
73
import org.bouncycastle.x509.X509V3CertificateGenerator;
75
import javax.security.auth.x500.X500Principal;
76
import java.io.FileWriter;
77
import java.io.IOException;
78
import java.math.BigInteger;
79
import java.security.KeyPair;
80
import java.security.KeyPairGenerator;
81
import java.security.SecureRandom;
82
import java.security.cert.X509Certificate;
83
import java.util.Calendar;
85
public class KeyTool {
86
private static Logger LOG = Logger.getLogger( KeyTool.class );
88
private String keyAlgorithm;
89
private String keySigningAlgorithm;
91
public static String PROVIDER = "BC";
94
this.keyAlgorithm = "RSA";
95
this.keySigningAlgorithm = "SHA512WithRSA";
99
public KeyTool( final String keyAlgorithm, final String keySigningAlgorithm, final int keySize ) {
100
this.keyAlgorithm = keyAlgorithm;
101
this.keySigningAlgorithm = keySigningAlgorithm;
102
this.keySize = keySize;
105
public KeyPair getKeyPair( ) throws Exception {
106
KeyPairGenerator keyGen = null;
108
LOG.debug( "Generating new keypair for thread=" + Thread.currentThread( ).getThreadGroup( ) + "." + Thread.currentThread( ).getName( ) );
109
keyGen = KeyPairGenerator.getInstance( this.keyAlgorithm, "BC" );
110
SecureRandom random = new SecureRandom( );
111
random.setSeed( System.currentTimeMillis( ) );
112
keyGen.initialize( this.keySize, random );
113
KeyPair keyPair = keyGen.generateKeyPair( );
115
} catch ( Exception e ) {
121
public X509Certificate getCertificate( KeyPair keyPair, String certDn ) {
122
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator( );
123
X500Principal dnName = new X500Principal( certDn );
125
certGen.setSerialNumber( BigInteger.valueOf( System.currentTimeMillis( ) ) );
126
certGen.setIssuerDN( dnName );
127
certGen.addExtension( X509Extensions.BasicConstraints, true, new BasicConstraints( true ) );
129
Calendar cal = Calendar.getInstance( );
130
certGen.setNotBefore( cal.getTime( ) );
131
cal.add( Calendar.YEAR, 5 );
132
certGen.setNotAfter( cal.getTime( ) );
133
certGen.setSubjectDN( dnName );
134
certGen.setPublicKey( keyPair.getPublic( ) );
135
certGen.setSignatureAlgorithm( this.keySigningAlgorithm );
137
X509Certificate cert = certGen.generate( keyPair.getPrivate( ), PROVIDER );
139
} catch ( Exception e ) {
146
public void writePem( String fileName, Object securityToken ) {
147
PEMWriter privOut = null;
149
privOut = new PEMWriter( new FileWriter( fileName ) );
150
privOut.writeObject( securityToken );
152
} catch ( IOException e ) {