Example 1 with IHisPrivacyCAWebService2
use of gov.niarl.his.webservices.hisPrivacyCAWebService2.IHisPrivacyCAWebService2 in project OpenAttestation by OpenAttestation.
the class CreateIdentity method createIdentity.
/**
* Entry point into the program. See class description for required properties file elements.
*
*/
public static void createIdentity() throws Exception {
//Properties file
// Define properties file strings
final String OWNER_AUTH = "TpmOwnerAuth";
final String HIS_IDENTITY_LABEL = "HisIdentityLabel";
final String HIS_IDENTITY_INDEX = "HisIdentityIndex";
final String HIS_IDENTITY_AUTH = "HisIdentityAuth";
final String PRIVACY_CA_CERT = "PrivacyCaCertFile";
final String PRIVACY_CA_URL = "PrivacyCaUrl";
final String TRUST_STORE = "TrustStore";
final String CLIENT_PATH = "ClientPath";
final String EC_STORAGE = "ecStorage";
final String EC_LOCATION = "ecLocation";
// Instantiate variables to be set by properties file
byte[] TpmOwnerAuth = null;
String HisIdentityLabel = "";
int HisIdentityIndex = 0;
byte[] HisIdentityAuth = null;
String PrivacyCaCertFile = "";
String PrivacyCaUrl = "";
String TrustStore = "";
String ClientPath = "";
String ecStorageFileName = "";
String ecStorage = "";
// Set properties file name
String homeFolder = "";
String tpmOwnerAuth = "";
// Read the properties file, setting any defaults where it makes sense
FileInputStream PropertyFile = null;
try {
File propFile = ResourceFinder.getFile("hisprovisioner.properties");
PropertyFile = new FileInputStream(propFile);
Properties HisProvisionerProperties = new Properties();
HisProvisionerProperties.load(new InputStreamReader(PropertyFile, "UTF-8"));
homeFolder = propFile.getAbsolutePath();
homeFolder = homeFolder.substring(0, homeFolder.indexOf("hisprovisioner.properties"));
log.info("Home folder : " + homeFolder);
tpmOwnerAuth = HisProvisionerProperties.getProperty(OWNER_AUTH, "");
if (tpmOwnerAuth != null) {
TpmOwnerAuth = Hex.decodeHex(tpmOwnerAuth.toCharArray());
}
// else if (tpmOwnerAuth.length() == 40) {
// log.info("owner authentication is hex code formatted");
// TpmOwnerAuth = TpmUtils.hexStringToByteArray(tpmOwnerAuth);
//} else {
// log.info("illegal owner authentication detected! accepted owner authentication is 20 or 40 long characters");
//}
//TpmOwnerAuth = TpmUtils.hexStringToByteArray(HisProvisionerProperties.getProperty(OWNER_AUTH));
HisIdentityLabel = HisProvisionerProperties.getProperty(HIS_IDENTITY_LABEL, "");
HisIdentityIndex = Integer.parseInt(HisProvisionerProperties.getProperty(HIS_IDENTITY_INDEX, "0"));
HisIdentityAuth = TpmUtils.hexStringToByteArray(HisProvisionerProperties.getProperty(HIS_IDENTITY_AUTH, ""));
PrivacyCaCertFile = HisProvisionerProperties.getProperty(PRIVACY_CA_CERT, "");
PrivacyCaUrl = HisProvisionerProperties.getProperty(PRIVACY_CA_URL, "");
// TrustStore = HisProvisionerProperties.getProperty(TRUST_STORE, "TrustStore.jks");
ClientPath = HisProvisionerProperties.getProperty(CLIENT_PATH, "");
ecStorage = HisProvisionerProperties.getProperty(EC_STORAGE, "NVRAM");
ecStorageFileName = HisProvisionerProperties.getProperty(EC_LOCATION, ".") + System.getProperty("file.separator") + "EC.cer";
} catch (FileNotFoundException e) {
// If the properties file is not found, display error
throw new PrivacyCAException("Error finding HIS Provisioner properties file (HISprovisionier.properties); using defaults.", e);
} catch (IOException e) {
// If propertied file cannot be read, display error
throw new PrivacyCAException("Error loading HIS Provisioner properties file (HISprovisionier.properties); using defaults.");
} catch (NumberFormatException e) {
throw new PrivacyCAException(e);
} finally {
if (PropertyFile != null)
try {
PropertyFile.close();
} catch (IOException e) {
log.log(Level.SEVERE, "Error while closing the property file ", e);
}
}
// Check to see if any of the values were not populated with acceptable values
String errorString = "Properties file \"" + homeFolder + "hisprovisioner.properties contains errors:\n";
boolean hasErrors = false;
if (TpmOwnerAuth == null) {
// || TpmOwnerAuth.length != 20){
errorString += " - \"TpmOwnerAuth\" value must be set representing the TPM owner authentication\n";
hasErrors = true;
}
if (HisIdentityLabel.length() == 0) {
errorString += " - \"HisIdentityLabel\" value must be the subject name for the AIK certificate\n";
hasErrors = true;
}
if (HisIdentityIndex == 0) {
errorString += " - \"HisIdentityIndex\" value must be the index for AIK storage\n";
hasErrors = true;
}
if (HisIdentityAuth == null || HisIdentityAuth.length != 20) {
errorString += " - \"HisIdentityAuth\" value must be a 40 hexidecimal digit (20 byte) value representing the AIK authentication\n";
hasErrors = true;
}
if (PrivacyCaCertFile.length() == 0) {
errorString += " - \"PrivacyCaCertFile\" value must be the name of the Privacy CA certificate file\n";
hasErrors = true;
}
if (PrivacyCaUrl.length() == 0) {
errorString += " - \"PrivacyCaUrl\" value must be the name of the URL of the Privacy CA web service\n";
hasErrors = true;
}
// }
if (ClientPath.length() == 0) {
errorString += " - \"ClientPath\" value must be the path that will be used for installing the HIS Client\n";
hasErrors = true;
}
// If there were errors that prevent the rest of the class from running, display the error specifics and exit with an error code.
if (hasErrors) {
// System.out.println(errorString);
throw new PrivacyCAException(errorString);
}
//System.out.println("Trust store to use :" + System.getProperty("javax.net.ssl.trustStore"));
//System.setProperty("javax.net.ssl.trustStore", "./" + TrustStore);
/*
// looks like this is already being done somewhere else:
// check if an identity already exists; if so, do not attempt to create it. if administrator wants to create a new identity, the existing identity must first be deleted from disk. this version of trust agent supports only a single identity.
File aikcertFile = new File(homeFolder + ClientPath + File.separator+"aikcert.cer");
if( aikcertFile.exists() && aikcertFile.isFile() && aikcertFile.canRead() ) {
log.info("Identity already exists");
return;
}
*/
//Provision an identity for HIS
log.info("Performing HIS identity provisioning...");
FileOutputStream pcaFileOut = null;
try {
byte[] srkAuth = TpmUtils.hexStringToByteArray("0000000000000000000000000000000000000000");
boolean requiresAuthSha = false;
byte[] ownerAuthRaw = TpmOwnerAuth;
byte[] keyAuthRaw = HisIdentityAuth;
byte[] srkAuthRaw = srkAuth;
if (requiresAuthSha) {
ownerAuthRaw = TpmUtils.sha1hash(TpmOwnerAuth);
keyAuthRaw = TpmUtils.sha1hash(HisIdentityAuth);
srkAuthRaw = TpmUtils.sha1hash(srkAuth);
}
X509Certificate pcaCert = TpmUtils.certFromFile(homeFolder + PrivacyCaCertFile);
boolean shortcut = true;
byte[] ekCert = null;
if (ecStorage.equalsIgnoreCase("file")) {
File ecFile = new File(ecStorageFileName);
FileInputStream ecFileIn = new FileInputStream(ecFile);
ekCert = new byte[ecFileIn.available()];
ecFileIn.read(ekCert);
log.info("--read EC from file--");
ecFileIn.close();
} else {
ekCert = TpmModule.getCredential(TpmOwnerAuth, "EC");
}
TpmIdentityRequest encryptedEkCert = new TpmIdentityRequest(ekCert, (RSAPublicKey) pcaCert.getPublicKey(), false);
TpmIdentity newId = TpmModule.collateIdentityRequest(TpmOwnerAuth, HisIdentityAuth, HisIdentityLabel, new TpmPubKey((RSAPublicKey) pcaCert.getPublicKey(), 3, 1).toByteArray(), HisIdentityIndex, (X509Certificate) null, !shortcut);
// HttpsURLConnection.setDefaultHostnameVerifier(new NopX509HostnameVerifier()); // XXX TODO Bug #497 need to allow caller to specify a TlsPolicy // disabled for testing issue #541
IHisPrivacyCAWebService2 hisPrivacyCAWebService2 = HisPrivacyCAWebServices2ClientInvoker.getHisPrivacyCAWebService2(PrivacyCaUrl);
byte[] encrypted1 = hisPrivacyCAWebService2.identityRequestGetChallenge(newId.getIdentityRequest(), encryptedEkCert.toByteArray());
if (encrypted1.length == 1) {
throw new PrivacyCAException("Identity request was rejected by Privacy CA in phase 1 of process");
}
//TpmKey aik = new TpmKey(newId.getAikBlob());
//return os type. win:0; linux:1; other:-1
int os = IdentityOS.osType();
byte[] asym1 = new byte[256];
System.arraycopy(encrypted1, 0, asym1, 0, asym1.length);
byte[] sym1 = new byte[encrypted1.length - 256];
System.arraycopy(encrypted1, 256, sym1, 0, sym1.length);
byte[] decrypted1;
if (os == 1) {
//linux
decrypted1 = TpmModule.activateIdentity(ownerAuthRaw, keyAuthRaw, asym1, sym1, HisIdentityIndex);
} else
//decrypted1 = TpmModuleJava.ActivateIdentity(asym1, sym1, aik, keyAuthRaw, srkAuthRaw, ownerAuthRaw); //Comments temporarily due to TSSCoreService.jar compiling issue
decrypted1 = TpmModule.activateIdentity(ownerAuthRaw, keyAuthRaw, asym1, sym1, HisIdentityIndex);
TpmIdentityRequest encryptedChallenge = new TpmIdentityRequest(decrypted1, (RSAPublicKey) pcaCert.getPublicKey(), false);
byte[] encrypted2 = hisPrivacyCAWebService2.identityRequestSubmitResponse(encryptedChallenge.toByteArray());
if (encrypted2.length == 1) {
log.warning("Identity request was rejected by Privacy CA in phase 2 of process");
throw new Exception("Identity request was rejected by Privacy CA in phase 2 of process");
}
byte[] asym2 = new byte[256];
System.arraycopy(encrypted2, 0, asym2, 0, asym2.length);
byte[] sym2 = new byte[encrypted2.length - 256];
System.arraycopy(encrypted2, 256, sym2, 0, sym2.length);
byte[] decrypted2;
byte[] aikblob;
if (os == 1) {
//linux
decrypted2 = TpmModule.activateIdentity(ownerAuthRaw, keyAuthRaw, asym2, sym2, HisIdentityIndex);
aikblob = newId.getAikBlob();
writecert(homeFolder + ClientPath, decrypted2, "/aikcert.cer");
writeFile(homeFolder + ClientPath, aikblob, "/aikblob.dat");
} else {
//decrypted1 = TpmModuleJava.ActivateIdentity(asym1, sym1, aik, keyAuthRaw, srkAuthRaw, ownerAuthRaw);
//decrypted2 = TpmModuleJava.ActivateIdentity(asym2, sym2, aik, keyAuthRaw, srkAuthRaw, ownerAuthRaw);//Comments temporarily due to TSSCoreService.jar compiling issue
decrypted2 = TpmModule.activateIdentity(ownerAuthRaw, keyAuthRaw, asym2, sym2, HisIdentityIndex);
writecert(homeFolder + ClientPath, decrypted2, "/aikcert.cer");
}
} catch (Exception e) {
throw new PrivacyCAException("FAILED", e);
} finally {
if (pcaFileOut != null)
try {
pcaFileOut.close();
} catch (IOException e) {
log.log(Level.SEVERE, "Error while closing pcaFileOut", e);
}
}
log.info("DONE");
}
Also used :
IHisPrivacyCAWebService2(gov.niarl.his.webservices.hisPrivacyCAWebService2.IHisPrivacyCAWebService2)
InputStreamReader(java.io.InputStreamReader)
FileNotFoundException(java.io.FileNotFoundException)
IOException(java.io.IOException)
Properties(java.util.Properties)
FileInputStream(java.io.FileInputStream)
X509Certificate(java.security.cert.X509Certificate)
IOException(java.io.IOException)
FileNotFoundException(java.io.FileNotFoundException)
CertificateException(javax.security.cert.CertificateException)
TpmPubKey(gov.niarl.his.privacyca.TpmPubKey)
FileOutputStream(java.io.FileOutputStream)
File(java.io.File)
TpmIdentityRequest(gov.niarl.his.privacyca.TpmIdentityRequest)
TpmIdentity(gov.niarl.his.privacyca.TpmIdentity)
Example 2 with IHisPrivacyCAWebService2
use of gov.niarl.his.webservices.hisPrivacyCAWebService2.IHisPrivacyCAWebService2 in project OpenAttestation by OpenAttestation.
the class ProvisionTPM method takeOwnership.
/**
* Entry point into the program
* @throws Exception
*/
public static void takeOwnership() throws Exception {
// throws InvalidKeyException, CertificateEncodingException, UnrecoverableKeyException, NoSuchAlgorithmException, InvalidKeySpecException, SignatureException, NoSuchProviderException, KeyStoreException, CertificateException, IOException, javax.security.cert.CertificateException {
//get properties file info
final String OWNER_AUTH = "TpmOwnerAuth";
final String EC_VALIDITY = "EcValidityDays";
final String EC_STORAGE = "ecStorage";
final String PRIVACY_CA_URL = "PrivacyCaUrl";
final String TRUST_STORE = "TrustStore";
final String PRIVACY_CA_CERT = "PrivacyCaCertFile";
final String EC_LOCATION = "ecLocation";
String ecStorage = "";
String ecStorageFileName = "";
String PrivacyCaUrl = "";
int EcValidityDays = 0;
String PrivacyCaCertFile = "";
byte[] TpmOwnerAuth = null;
byte[] encryptCert = null;
byte[] pubEkMod = null;
X509Certificate pcaCert = null;
PublicKey publicKey = null;
//This is for logging purpose
String propertiesFileName = ResourceFinder.getLocation("hisprovisioner.properties");
FileInputStream PropertyFile = null;
String tpmOwnerAuth = "";
String homeFolder = "";
try {
File propFile = ResourceFinder.getFile("hisprovisioner.properties");
PropertyFile = new FileInputStream(propFile);
Properties HisProvisionerProperties = new Properties();
HisProvisionerProperties.load(new InputStreamReader(PropertyFile, "UTF-8"));
homeFolder = propFile.getAbsolutePath();
homeFolder = homeFolder.substring(0, homeFolder.indexOf("hisprovisioner.properties"));
log.info("Home folder : " + homeFolder);
EcValidityDays = Integer.parseInt(HisProvisionerProperties.getProperty(EC_VALIDITY, ""));
tpmOwnerAuth = HisProvisionerProperties.getProperty(OWNER_AUTH, "");
if (tpmOwnerAuth != null) {
TpmOwnerAuth = Hex.decodeHex(tpmOwnerAuth.toCharArray());
}
//else if (tpmOwnerAuth.length() == 40) {
// log.info("owner authentication is hex code formatted");
// TpmOwnerAuth = TpmUtils.hexStringToByteArray(tpmOwnerAuth);
//} else {
// log.info("illegal owner authentication detected! accepted owner authentication is 20 or 40 long characters");
//}
//TpmOwnerAuth = TpmUtils.hexStringToByteArray(HisProvisionerProperties.getProperty(OWNER_AUTH, ""));
PrivacyCaUrl = HisProvisionerProperties.getProperty(PRIVACY_CA_URL, "");
PrivacyCaCertFile = HisProvisionerProperties.getProperty(PRIVACY_CA_CERT, "");
ecStorage = HisProvisionerProperties.getProperty(EC_STORAGE, "NVRAM");
ecStorageFileName = HisProvisionerProperties.getProperty(EC_LOCATION, ".") + System.getProperty("file.separator") + "EC.cer";
log.info("ecStorageFileName:" + ecStorageFileName);
} catch (FileNotFoundException e) {
throw new PrivacyCAException("Error finding HIS Provisioner properties file (HISprovisionier.properties)", e);
} catch (IOException e) {
throw new PrivacyCAException("Error loading HIS Provisioner properties file (HISprovisionier.properties)", e);
} catch (NumberFormatException e) {
throw new PrivacyCAException("Error while reading EcValidityDays", e);
} finally {
if (PropertyFile != null) {
try {
PropertyFile.close();
} catch (IOException e) {
log.log(Level.SEVERE, "Error while closing the property file ", e);
}
}
}
String errorString = "Properties file \"" + propertiesFileName + "\" contains errors:\n";
boolean hasErrors = false;
if (EcValidityDays == 0) {
errorString += " - \"EcValidityDays\" value must be the number of validity days for the Endorsement Credential\n";
hasErrors = true;
}
if (TpmOwnerAuth == null) {
// || TpmOwnerAuth.length != 20){
errorString += " - \"TpmOwnerAuth\" value must be set representing the TPM owner auth\n";
hasErrors = true;
}
if (hasErrors) {
throw new PrivacyCAException(errorString);
}
//Provision the TPM
log.info("Performing TPM provisioning...");
Security.addProvider(new BouncyCastleProvider());
SecretKey deskey = TpmUtils.generateSecretKey();
// Take Ownership
byte[] nonce = null;
try {
nonce = TpmUtils.createRandomBytes(20);
TpmModule.takeOwnership(TpmOwnerAuth, nonce);
} catch (TpmModuleException e) {
if (e.toString().contains(".takeOwnership returned nonzero error: 4")) {
Logger.getLogger(ProvisionTPM.class.getName()).info("Ownership is already taken : ");
if (!System.getProperty("forceCreateEk", "false").equals("true")) {
// feature to help with bug #554 and allow admin to force creating an ek (in case it failed the first time due to a non-tpm error such as java missing classes exception
return;
}
} else
throw e;
} catch (IOException e) {
e.printStackTrace();
}
// Create Endorsement Certificate
try {
nonce = TpmUtils.createRandomBytes(20);
pubEkMod = TpmModule.getEndorsementKeyModulus(TpmOwnerAuth, nonce);
} catch (TpmModuleException e) {
System.out.println("Error getting PubEK: " + e.toString());
} catch (Exception e) {
System.out.println("Error getting PubEK: " + e.toString());
}
try {
pcaCert = TpmUtils.certFromFile(homeFolder + PrivacyCaCertFile);
if (pcaCert != null) {
publicKey = (RSAPublicKey) pcaCert.getPublicKey();
}
} catch (Exception e) {
System.out.println("print out error message: " + e.toString());
e.printStackTrace();
}
try {
IHisPrivacyCAWebService2 hisPrivacyCAWebService2 = HisPrivacyCAWebServices2ClientInvoker.getHisPrivacyCAWebService2(PrivacyCaUrl);
encryptCert = hisPrivacyCAWebService2.requestGetEC(TpmUtils.encryptDES(pubEkMod, deskey), TpmUtils.encryptRSA(deskey.getEncoded(), publicKey), EcValidityDays);
} catch (Exception e) {
System.out.println("FAILED");
e.printStackTrace();
System.exit(1);
}
//Decrypt and generate endorsement certificate
X509Certificate ekCert = null;
try {
if (encryptCert != null) {
ekCert = TpmUtils.certFromBytes(TpmUtils.decryptDES(encryptCert, deskey));
}
} catch (java.security.cert.CertificateException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
}
// Store the new EC in NV-RAM or in the file
try {
if (ecStorage.equalsIgnoreCase("file")) {
File ecFile = new File(ecStorageFileName);
FileOutputStream ecFileOut = new FileOutputStream(ecFile);
ecFileOut.write(ekCert.getEncoded());
ecFileOut.flush();
ecFileOut.close();
} else {
TpmModule.setCredential(TpmOwnerAuth, "EC", ekCert.getEncoded());
}
System.out.println(ekCert.getEncoded().length);
} catch (TpmModuleException e) {
System.out.println("Error getting PubEK: " + e.toString());
} catch (CertificateEncodingException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
System.out.println("DONE");
//System.exit(0);
return;
}
Also used :
FileNotFoundException(java.io.FileNotFoundException)
CertificateException(javax.security.cert.CertificateException)
Properties(java.util.Properties)
BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)
IHisPrivacyCAWebService2(gov.niarl.his.webservices.hisPrivacyCAWebService2.IHisPrivacyCAWebService2)
InputStreamReader(java.io.InputStreamReader)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
PublicKey(java.security.PublicKey)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
IOException(java.io.IOException)
X509Certificate(java.security.cert.X509Certificate)
FileInputStream(java.io.FileInputStream)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
IOException(java.io.IOException)
TpmModuleException(gov.niarl.his.privacyca.TpmModule.TpmModuleException)
FileNotFoundException(java.io.FileNotFoundException)
CertificateException(javax.security.cert.CertificateException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
NoSuchProviderException(java.security.NoSuchProviderException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
SecretKey(javax.crypto.SecretKey)
FileOutputStream(java.io.FileOutputStream)
TpmModuleException(gov.niarl.his.privacyca.TpmModule.TpmModuleException)
File(java.io.File)
Example 3 with IHisPrivacyCAWebService2
use of gov.niarl.his.webservices.hisPrivacyCAWebService2.IHisPrivacyCAWebService2 in project OpenAttestation by OpenAttestation.
the class HisIdentityProvisioner method main.
/**
* Entry point into the program. See class description for required properties file elements.
*
*/
public static void main(String[] args) {
//Properties file
// Define properties file strings
final String OWNER_AUTH = "TpmOwnerAuth";
final String HIS_IDENTITY_LABEL = "HisIdentityLabel";
final String HIS_IDENTITY_INDEX = "HisIdentityIndex";
final String HIS_IDENTITY_AUTH = "HisIdentityAuth";
final String PRIVACY_CA_CERT = "PrivacyCaCertFile";
final String PRIVACY_CA_URL = "PrivacyCaUrl";
final String TRUST_STORE = "TrustStore";
final String CLIENT_PATH = "ClientPath";
// Instantiate variables to be set by properties file
byte[] TpmOwnerAuth = null;
String HisIdentityLabel = "";
int HisIdentityIndex = 0;
byte[] HisIdentityAuth = null;
String PrivacyCaCertFile = "";
String PrivacyCaUrl = "";
String TrustStore = "";
String ClientPath = "";
// Set properties file name
String propertiesFileName = "./OATprovisioner.properties";
// Read the properties file, setting any defaults where it makes sense
FileInputStream PropertyFile = null;
try {
PropertyFile = new FileInputStream(propertiesFileName);
Properties HisProvisionerProperties = new Properties();
HisProvisionerProperties.load(PropertyFile);
TpmOwnerAuth = TpmUtils.hexStringToByteArray(HisProvisionerProperties.getProperty(OWNER_AUTH));
HisIdentityLabel = HisProvisionerProperties.getProperty(HIS_IDENTITY_LABEL, "");
HisIdentityIndex = Integer.parseInt(HisProvisionerProperties.getProperty(HIS_IDENTITY_INDEX, "0"));
HisIdentityAuth = TpmUtils.hexStringToByteArray(HisProvisionerProperties.getProperty(HIS_IDENTITY_AUTH, ""));
PrivacyCaCertFile = HisProvisionerProperties.getProperty(PRIVACY_CA_CERT, "");
PrivacyCaUrl = HisProvisionerProperties.getProperty(PRIVACY_CA_URL, "");
TrustStore = HisProvisionerProperties.getProperty(TRUST_STORE, "TrustStore.jks");
ClientPath = HisProvisionerProperties.getProperty(CLIENT_PATH, "");
} catch (FileNotFoundException e) {
// If the properties file is not found, display error
System.out.println("Error finding HIS Provisioner properties file (HISprovisionier.properties); using defaults.");
} catch (IOException e) {
// If propertied file cannot be read, display error
System.out.println("Error loading HIS Provisioner properties file (HISprovisionier.properties); using defaults.");
} catch (NumberFormatException e) {
e.printStackTrace();
} finally {
if (PropertyFile != null)
try {
PropertyFile.close();
} catch (IOException e) {
e.printStackTrace();
}
}
// Check to see if any of the values were not populated with acceptable values
String errorString = "Properties file \"" + propertiesFileName + "\" contains errors:\n";
boolean hasErrors = false;
if (TpmOwnerAuth == null || TpmOwnerAuth.length != 20) {
errorString += " - \"TpmOwnerAuth\" value must be a 40 hexidecimal digit (20 byte) value representing the TPM owner authentication\n";
hasErrors = true;
}
if (HisIdentityLabel.length() == 0) {
errorString += " - \"HisIdentityLabel\" value must be the subject name for the AIK certificate\n";
hasErrors = true;
}
if (HisIdentityIndex == 0) {
errorString += " - \"HisIdentityIndex\" value must be the index for AIK storage\n";
hasErrors = true;
}
if (HisIdentityAuth == null || HisIdentityAuth.length != 20) {
errorString += " - \"HisIdentityAuth\" value must be a 40 hexidecimal digit (20 byte) value representing the AIK authentication\n";
hasErrors = true;
}
if (PrivacyCaCertFile.length() == 0) {
errorString += " - \"PrivacyCaCertFile\" value must be the name of the Privacy CA certificate file\n";
hasErrors = true;
}
if (PrivacyCaUrl.length() == 0) {
errorString += " - \"PrivacyCaUrl\" value must be the name of the URL of the Privacy CA web service\n";
hasErrors = true;
}
if (TrustStore.length() == 0) {
errorString += " - \"TrustStore\" value must be the name of the trust store for using the registration web service\n";
hasErrors = true;
}
if (ClientPath.length() == 0) {
errorString += " - \"ClientPath\" value must be the path that will be used for installing the HIS Client\n";
hasErrors = true;
}
// If there were errors that prevent the rest of the class from running, display the error specifics and exit with an error code.
if (hasErrors) {
System.out.println(errorString);
System.exit(99);
return;
}
System.setProperty("javax.net.ssl.trustStore", "./" + TrustStore);
//Provision an identity for HIS
System.out.print("Performing HIS identity provisioning...");
FileOutputStream pcaFileOut = null;
try {
byte[] srkAuth = TpmUtils.hexStringToByteArray("0000000000000000000000000000000000000000");
boolean requiresAuthSha = false;
byte[] ownerAuthRaw = TpmOwnerAuth;
byte[] keyAuthRaw = HisIdentityAuth;
byte[] srkAuthRaw = srkAuth;
if (requiresAuthSha) {
ownerAuthRaw = TpmUtils.sha1hash(TpmOwnerAuth);
keyAuthRaw = TpmUtils.sha1hash(HisIdentityAuth);
srkAuthRaw = TpmUtils.sha1hash(srkAuth);
}
X509Certificate pcaCert = TpmUtils.certFromFile(PrivacyCaCertFile);
boolean shortcut = true;
if (TpmOwnerAuth == null) {
System.exit(99);
return;
}
byte[] ekCert = TpmModule.getCredential(TpmOwnerAuth, "EC");
TpmIdentityRequest encryptedEkCert = new TpmIdentityRequest(ekCert, (RSAPublicKey) pcaCert.getPublicKey(), false);
if (HisIdentityAuth == null) {
System.exit(99);
return;
}
TpmIdentity newId = TpmModule.collateIdentityRequest(TpmOwnerAuth, HisIdentityAuth, HisIdentityLabel, new TpmPubKey((RSAPublicKey) pcaCert.getPublicKey(), 3, 1).toByteArray(), HisIdentityIndex, (X509Certificate) null, !shortcut);
IHisPrivacyCAWebService2 hisPrivacyCAWebService2 = HisPrivacyCAWebServices2ClientInvoker.getHisPrivacyCAWebService2(PrivacyCaUrl);
byte[] encrypted1 = hisPrivacyCAWebService2.identityRequestGetChallenge(newId.getIdentityRequest(), encryptedEkCert.toByteArray());
if (encrypted1.length == 1) {
System.out.println("Identity request was rejected by Privacy CA in phase 1 of process");
System.exit(1);
return;
}
TpmKey aik = new TpmKey(newId.getAikBlob());
//return os type. win:0; linux:1; other:-1
int os = IdentityOS.osType();
byte[] asym1 = new byte[256];
System.arraycopy(encrypted1, 0, asym1, 0, asym1.length);
byte[] sym1 = new byte[encrypted1.length - 256];
System.arraycopy(encrypted1, 256, sym1, 0, sym1.length);
byte[] decrypted1;
if (//linux
os == 1)
decrypted1 = TpmModule.activateIdentity(ownerAuthRaw, keyAuthRaw, asym1, sym1, HisIdentityIndex);
else
//decrypted1 = TpmModuleJava.ActivateIdentity(asym1, sym1, aik, keyAuthRaw, srkAuthRaw, ownerAuthRaw); //Comments temporarily due to TSSCoreService.jar compiling issue
decrypted1 = TpmModule.activateIdentity(ownerAuthRaw, keyAuthRaw, asym1, sym1, HisIdentityIndex);
TpmIdentityRequest encryptedChallenge = new TpmIdentityRequest(decrypted1, (RSAPublicKey) pcaCert.getPublicKey(), false);
byte[] encrypted2 = hisPrivacyCAWebService2.identityRequestSubmitResponse(encryptedChallenge.toByteArray());
if (encrypted2.length == 1) {
System.out.println("Identity request was rejected by Privacy CA in phase 2 of process");
System.exit(2);
return;
}
byte[] asym2 = new byte[256];
System.arraycopy(encrypted2, 0, asym2, 0, asym2.length);
byte[] sym2 = new byte[encrypted2.length - 256];
System.arraycopy(encrypted2, 256, sym2, 0, sym2.length);
byte[] decrypted2;
if (//linux
os == 1)
decrypted2 = TpmModule.activateIdentity(ownerAuthRaw, keyAuthRaw, asym2, sym2, HisIdentityIndex);
else
//decrypted1 = TpmModuleJava.ActivateIdentity(asym1, sym1, aik, keyAuthRaw, srkAuthRaw, ownerAuthRaw);
//decrypted2 = TpmModuleJava.ActivateIdentity(asym2, sym2, aik, keyAuthRaw, srkAuthRaw, ownerAuthRaw);//Comments temporarily due to TSSCoreService.jar compiling issue
decrypted2 = TpmModule.activateIdentity(ownerAuthRaw, keyAuthRaw, asym2, sym2, HisIdentityIndex);
File outPath = new File(ClientPath);
File outFile = new File(ClientPath + "/aik.cer");
if (!outPath.isDirectory()) {
if (!outPath.mkdirs()) {
System.out.println("Failed to create client installation path!");
System.exit(5);
}
}
pcaFileOut = new FileOutputStream(outFile);
pcaFileOut.write(decrypted2);
pcaFileOut.flush();
pcaFileOut.close();
} catch (Exception e) {
System.out.println("FAILED");
e.printStackTrace();
System.exit(1);
} finally {
if (pcaFileOut != null)
try {
pcaFileOut.close();
} catch (IOException e) {
e.printStackTrace();
}
}
System.out.println("DONE");
System.exit(0);
return;
}
Also used :
IHisPrivacyCAWebService2(gov.niarl.his.webservices.hisPrivacyCAWebService2.IHisPrivacyCAWebService2)
FileNotFoundException(java.io.FileNotFoundException)
IOException(java.io.IOException)
Properties(java.util.Properties)
FileInputStream(java.io.FileInputStream)
X509Certificate(java.security.cert.X509Certificate)
IOException(java.io.IOException)
FileNotFoundException(java.io.FileNotFoundException)
FileOutputStream(java.io.FileOutputStream)
File(java.io.File)
Example 4 with IHisPrivacyCAWebService2
use of gov.niarl.his.webservices.hisPrivacyCAWebService2.IHisPrivacyCAWebService2 in project OpenAttestation by OpenAttestation.
the class HisPrivacyCAWebServices2ClientImpl method getHisPrivacyCAWebService2.
public static IHisPrivacyCAWebService2 getHisPrivacyCAWebService2(String url) {
try {
HisPrivacyCAWebService2FactoryServiceService hisPrivacyCAWebService2FactoryServiceService = new HisPrivacyCAWebService2FactoryServiceService(new URL(url + "/hisPrivacyCAWebService2FactoryService?wsdl"), new QName("http://server.hisPrivacyCAWebService2.webservices.his.niarl.gov/", "HisPrivacyCAWebService2FactoryServiceService"));
HisPrivacyCAWebService2FactoryService hisPrivacyCAWebService2FactoryService = hisPrivacyCAWebService2FactoryServiceService.getHisPrivacyCAWebService2FactoryServicePort();
HisPrivacyCAWebService2Service hisPrivacyCAWebService2Service = new HisPrivacyCAWebService2Service(new URL(url + "/hisPrivacyCAWebService2?wsdl"), new QName("http://server.hisPrivacyCAWebService2.webservices.his.niarl.gov/", "HisPrivacyCAWebService2Service"));
return new HisPrivacyCAWebServices2ClientImpl(hisPrivacyCAWebService2Service.getPort(hisPrivacyCAWebService2FactoryService.getHisPrivacyCAWebService2(), HisPrivacyCAWebService2.class));
} catch (MalformedURLException e) {
e.printStackTrace();
throw new RuntimeException(e);
}
}
Also used :
MalformedURLException(java.net.MalformedURLException)
HisPrivacyCAWebService2FactoryServiceService(gov.niarl.his.webservices.hisPrivacyCAWebServices2.clientWsImport.HisPrivacyCAWebService2FactoryServiceService)
QName(javax.xml.namespace.QName)
HisPrivacyCAWebService2(gov.niarl.his.webservices.hisPrivacyCAWebServices2.clientWsImport.HisPrivacyCAWebService2)
IHisPrivacyCAWebService2(gov.niarl.his.webservices.hisPrivacyCAWebService2.IHisPrivacyCAWebService2)
HisPrivacyCAWebService2Service(gov.niarl.his.webservices.hisPrivacyCAWebServices2.clientWsImport.HisPrivacyCAWebService2Service)
HisPrivacyCAWebService2FactoryService(gov.niarl.his.webservices.hisPrivacyCAWebServices2.clientWsImport.HisPrivacyCAWebService2FactoryService)
URL(java.net.URL)
Example 5 with IHisPrivacyCAWebService2
use of gov.niarl.his.webservices.hisPrivacyCAWebService2.IHisPrivacyCAWebService2 in project OpenAttestation by OpenAttestation.
the class Main method main.
/**
* Entry point into the program.
*/
public static void main(String[] args) {
//System.setProperty("javax.net.ssl.trustStore", "\\\\Toc\\Shared\\TrustStore.jks");
try {
IHisPrivacyCAWebService2 hisPrivacyCAWebService2 = HisPrivacyCAWebServices2ClientInvoker.getHisPrivacyCAWebService2("http://localhost:8080/HisPrivacyCAWebServices2");
byte[] received = hisPrivacyCAWebService2.identityRequestGetChallenge("identityRequest".getBytes(), "endorsementCertificate".getBytes());
//System.out.println(new String(hisPrivacyCAWebService2.identityRequestGetChallenge("identityRequest".getBytes(), "endorsementCertificate".getBytes())));
System.out.println(TpmUtils.byteArrayToHexString(received));
byte[] received2 = hisPrivacyCAWebService2.identityRequestSubmitResponse(received);
//System.out.println(new String(hisPrivacyCAWebService2.identityRequestSubmitResponse("identityRequestResponseToChallenge".getBytes())));
System.out.println(TpmUtils.byteArrayToHexString(received2));
} catch (Exception e) {
e.printStackTrace();
}
}
Also used :
IHisPrivacyCAWebService2(gov.niarl.his.webservices.hisPrivacyCAWebService2.IHisPrivacyCAWebService2)
Aggregations
IHisPrivacyCAWebService2 (gov.niarl.his.webservices.hisPrivacyCAWebService2.IHisPrivacyCAWebService2)5
File (java.io.File)3
FileInputStream (java.io.FileInputStream)3
FileNotFoundException (java.io.FileNotFoundException)3
FileOutputStream (java.io.FileOutputStream)3
IOException (java.io.IOException)3
X509Certificate (java.security.cert.X509Certificate)3
Properties (java.util.Properties)3
InputStreamReader (java.io.InputStreamReader)2
CertificateException (javax.security.cert.CertificateException)2
TpmIdentity (gov.niarl.his.privacyca.TpmIdentity)1
TpmIdentityRequest (gov.niarl.his.privacyca.TpmIdentityRequest)1
TpmModuleException (gov.niarl.his.privacyca.TpmModule.TpmModuleException)1
TpmPubKey (gov.niarl.his.privacyca.TpmPubKey)1
HisPrivacyCAWebService2 (gov.niarl.his.webservices.hisPrivacyCAWebServices2.clientWsImport.HisPrivacyCAWebService2)1
HisPrivacyCAWebService2FactoryService (gov.niarl.his.webservices.hisPrivacyCAWebServices2.clientWsImport.HisPrivacyCAWebService2FactoryService)1
HisPrivacyCAWebService2FactoryServiceService (gov.niarl.his.webservices.hisPrivacyCAWebServices2.clientWsImport.HisPrivacyCAWebService2FactoryServiceService)1
HisPrivacyCAWebService2Service (gov.niarl.his.webservices.hisPrivacyCAWebServices2.clientWsImport.HisPrivacyCAWebService2Service)1
MalformedURLException (java.net.MalformedURLException)1
URL (java.net.URL)1
