Example 6 with KeyAndCertCredential
use of eu.emi.security.authn.x509.impl.KeyAndCertCredential in project airavata by apache.
the class X509SecurityContext method getCACredential.
private KeyAndCertCredential getCACredential(String caCertPath, String caKeyPath, String password) throws Exception {
InputStream isKey, isCert;
isKey = isCert = null;
try {
isKey = new FileInputStream(caKeyPath);
PrivateKey pk = CertificateUtils.loadPrivateKey(isKey, Encoding.PEM, password.toCharArray());
isCert = new FileInputStream(caCertPath);
X509Certificate caCert = CertificateUtils.loadCertificate(isCert, Encoding.PEM);
return new KeyAndCertCredential(pk, new X509Certificate[] { caCert });
} finally {
if (isKey != null) {
isKey.close();
}
if (isCert != null) {
isCert.close();
}
}
}
Also used :
PrivateKey(java.security.PrivateKey)
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
KeyAndCertCredential(eu.emi.security.authn.x509.impl.KeyAndCertCredential)
FileInputStream(java.io.FileInputStream)
X509Certificate(java.security.cert.X509Certificate)
Example 7 with KeyAndCertCredential
use of eu.emi.security.authn.x509.impl.KeyAndCertCredential in project airavata by apache.
the class X509SecurityContext method generateShortLivedCredential.
public KeyAndCertCredential generateShortLivedCredential(String userDN, String caCertPath, String caKeyPath, String caPwd) throws Exception {
// 15 minutes
final long CredentialGoodFromOffset = 1000L * 60L * 15L;
// ago
final long startTime = System.currentTimeMillis() - CredentialGoodFromOffset;
final long endTime = startTime + 30 * 3600 * 1000;
String keyLengthProp = "1024";
int keyLength = Integer.parseInt(keyLengthProp);
String signatureAlgorithm = "SHA1withRSA";
KeyAndCertCredential caCred = getCACredential(caCertPath, caKeyPath, caPwd);
KeyPairGenerator kpg = KeyPairGenerator.getInstance(caCred.getKey().getAlgorithm());
kpg.initialize(keyLength);
KeyPair pair = kpg.generateKeyPair();
X500Principal subjectDN = new X500Principal(userDN);
Random rand = new Random();
SubjectPublicKeyInfo publicKeyInfo;
try {
publicKeyInfo = SubjectPublicKeyInfo.getInstance(new ASN1InputStream(pair.getPublic().getEncoded()).readObject());
} catch (IOException e) {
throw new InvalidKeyException("Can not parse the public key" + "being included in the short lived certificate", e);
}
X500Name issuerX500Name = CertificateHelpers.toX500Name(caCred.getCertificate().getSubjectX500Principal());
X500Name subjectX500Name = CertificateHelpers.toX500Name(subjectDN);
X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(issuerX500Name, new BigInteger(20, rand), new Date(startTime), new Date(endTime), subjectX500Name, publicKeyInfo);
AlgorithmIdentifier sigAlgId = X509v3CertificateBuilder.extractAlgorithmId(caCred.getCertificate());
X509Certificate certificate = certBuilder.build(caCred.getKey(), sigAlgId, signatureAlgorithm, null, null);
certificate.checkValidity(new Date());
certificate.verify(caCred.getCertificate().getPublicKey());
KeyAndCertCredential result = new KeyAndCertCredential(pair.getPrivate(), new X509Certificate[] { certificate, caCred.getCertificate() });
return result;
}
Also used :
KeyPair(java.security.KeyPair)
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
KeyPairGenerator(java.security.KeyPairGenerator)
IOException(java.io.IOException)
X500Name(org.bouncycastle.asn1.x500.X500Name)
InvalidKeyException(java.security.InvalidKeyException)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
Date(java.util.Date)
X509Certificate(java.security.cert.X509Certificate)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
Random(java.util.Random)
X509v3CertificateBuilder(eu.emi.security.authn.x509.helpers.proxy.X509v3CertificateBuilder)
KeyAndCertCredential(eu.emi.security.authn.x509.impl.KeyAndCertCredential)
X500Principal(javax.security.auth.x500.X500Principal)
BigInteger(java.math.BigInteger)
Example 8 with KeyAndCertCredential
use of eu.emi.security.authn.x509.impl.KeyAndCertCredential in project airavata by apache.
the class X509SecurityContext method getDefaultCredentials.
/**
* Gets the default proxy certificate.
* @return Default my proxy credentials.
* @throws org.apache.airavata.common.exception.ApplicationSettingsException
*/
public X509Credential getDefaultCredentials() throws GFacException, ApplicationSettingsException {
MyProxyLogon logon = new MyProxyLogon();
logon.setValidator(dcValidator);
logon.setHost(getRequestData().getMyProxyServerUrl());
logon.setPort(getRequestData().getMyProxyPort());
logon.setUsername(getRequestData().getMyProxyUserName());
logon.setPassphrase(getRequestData().getMyProxyPassword().toCharArray());
logon.setLifetime(getRequestData().getMyProxyLifeTime());
try {
logon.connect();
logon.logon();
logon.getCredentials();
logon.disconnect();
PrivateKey pk = logon.getPrivateKey();
return new KeyAndCertCredential(pk, new X509Certificate[] { logon.getCertificate() });
} catch (Exception e) {
throw new GFacException("An error occurred while retrieving default security credentials.", e);
}
}
Also used :
PrivateKey(java.security.PrivateKey)
GFacException(org.apache.airavata.gfac.core.GFacException)
KeyAndCertCredential(eu.emi.security.authn.x509.impl.KeyAndCertCredential)
GFacException(org.apache.airavata.gfac.core.GFacException)
IOException(java.io.IOException)
InvalidKeyException(java.security.InvalidKeyException)
ApplicationSettingsException(org.apache.airavata.common.exception.ApplicationSettingsException)
Example 9 with KeyAndCertCredential
use of eu.emi.security.authn.x509.impl.KeyAndCertCredential in project airavata by apache.
the class X509SecurityContext method getCredentialsFromStore.
/**
* Reads the credentials from credential store.
* @return If token is found in the credential store, will return a valid credential. Else returns null.
* @throws Exception If an error occurred while retrieving credentials.
*/
public X509Credential getCredentialsFromStore() throws Exception {
if (getCredentialReader() == null) {
return null;
}
Credential credential = getCredentialReader().getCredential(getRequestData().getGatewayId(), getRequestData().getTokenId());
if (credential != null) {
if (credential instanceof CertificateCredential) {
log.info("Successfully found credentials for token id - " + getRequestData().getTokenId() + " gateway id - " + getRequestData().getGatewayId());
CertificateCredential certificateCredential = (CertificateCredential) credential;
X509Certificate[] certificates = certificateCredential.getCertificates();
KeyAndCertCredential keyAndCert = new KeyAndCertCredential(certificateCredential.getPrivateKey(), certificates);
return keyAndCert;
// return new GlobusGSSCredentialImpl(newCredential,
// GSSCredential.INITIATE_AND_ACCEPT);
} else {
log.info("Credential type is not CertificateCredential. Cannot create mapping globus credentials. " + "Credential type - " + credential.getClass().getName());
}
} else {
log.info("Could not find credentials for token - " + getRequestData().getTokenId() + " and " + "gateway id - " + getRequestData().getGatewayId());
}
return null;
}
Also used :
CertificateCredential(org.apache.airavata.credential.store.credential.impl.certificate.CertificateCredential)
CertificateCredential(org.apache.airavata.credential.store.credential.impl.certificate.CertificateCredential)
Credential(org.apache.airavata.credential.store.credential.Credential)
KeyAndCertCredential(eu.emi.security.authn.x509.impl.KeyAndCertCredential)
X509Credential(eu.emi.security.authn.x509.X509Credential)
KeyAndCertCredential(eu.emi.security.authn.x509.impl.KeyAndCertCredential)
X509Certificate(java.security.cert.X509Certificate)
Example 10 with KeyAndCertCredential
use of eu.emi.security.authn.x509.impl.KeyAndCertCredential in project airavata by apache.
the class SecurityUtils method generateShortLivedCertificate.
public static final KeyAndCertCredential generateShortLivedCertificate(String userDN, String caCertPath, String caKeyPath, String caPwd) throws Exception {
// 15 minutes
final long CredentialGoodFromOffset = 1000L * 60L * 15L;
// ago
final long startTime = System.currentTimeMillis() - CredentialGoodFromOffset;
final long endTime = startTime + 30 * 3600 * 1000;
final String keyLengthProp = "1024";
int keyLength = Integer.parseInt(keyLengthProp);
final String signatureAlgorithm = "SHA1withRSA";
KeyAndCertCredential caCred = getCACredential(caCertPath, caKeyPath, caPwd);
KeyPairGenerator kpg = KeyPairGenerator.getInstance(caCred.getKey().getAlgorithm());
kpg.initialize(keyLength);
KeyPair pair = kpg.generateKeyPair();
X500Principal subjectDN = new X500Principal(userDN);
Random rand = new Random();
SubjectPublicKeyInfo publicKeyInfo;
try {
publicKeyInfo = SubjectPublicKeyInfo.getInstance(new ASN1InputStream(pair.getPublic().getEncoded()).readObject());
} catch (IOException e) {
throw new InvalidKeyException("Can not parse the public key" + "being included in the short lived certificate", e);
}
X500Name issuerX500Name = CertificateHelpers.toX500Name(caCred.getCertificate().getSubjectX500Principal());
X500Name subjectX500Name = CertificateHelpers.toX500Name(subjectDN);
X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(issuerX500Name, new BigInteger(20, rand), new Date(startTime), new Date(endTime), subjectX500Name, publicKeyInfo);
AlgorithmIdentifier sigAlgId = X509v3CertificateBuilder.extractAlgorithmId(caCred.getCertificate());
X509Certificate certificate = certBuilder.build(caCred.getKey(), sigAlgId, signatureAlgorithm, null, null);
certificate.checkValidity(new Date());
certificate.verify(caCred.getCertificate().getPublicKey());
KeyAndCertCredential result = new KeyAndCertCredential(pair.getPrivate(), new X509Certificate[] { certificate, caCred.getCertificate() });
return result;
}
Also used :
KeyPair(java.security.KeyPair)
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
KeyPairGenerator(java.security.KeyPairGenerator)
IOException(java.io.IOException)
X500Name(org.bouncycastle.asn1.x500.X500Name)
InvalidKeyException(java.security.InvalidKeyException)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
Date(java.util.Date)
X509Certificate(java.security.cert.X509Certificate)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
Random(java.util.Random)
X509v3CertificateBuilder(eu.emi.security.authn.x509.helpers.proxy.X509v3CertificateBuilder)
KeyAndCertCredential(eu.emi.security.authn.x509.impl.KeyAndCertCredential)
X500Principal(javax.security.auth.x500.X500Principal)
BigInteger(java.math.BigInteger)
Aggregations
KeyAndCertCredential (eu.emi.security.authn.x509.impl.KeyAndCertCredential)14
X509Certificate (java.security.cert.X509Certificate)10
ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)8
IOException (java.io.IOException)6
InvalidKeyException (java.security.InvalidKeyException)6
PrivateKey (java.security.PrivateKey)6
X509v3CertificateBuilder (eu.emi.security.authn.x509.helpers.proxy.X509v3CertificateBuilder)4
FileInputStream (java.io.FileInputStream)4
InputStream (java.io.InputStream)4
BigInteger (java.math.BigInteger)4
KeyPair (java.security.KeyPair)4
KeyPairGenerator (java.security.KeyPairGenerator)4
Date (java.util.Date)4
Random (java.util.Random)4
X500Principal (javax.security.auth.x500.X500Principal)4
ApplicationSettingsException (org.apache.airavata.common.exception.ApplicationSettingsException)4
GFacException (org.apache.airavata.gfac.core.GFacException)4
X500Name (org.bouncycastle.asn1.x500.X500Name)4
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)4
SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)4
