Search in sources :

Example 1 with IHisPrivacyCAWebService2

use of gov.niarl.his.webservices.hisPrivacyCAWebService2.IHisPrivacyCAWebService2 in project OpenAttestation by OpenAttestation.

the class CreateIdentity method createIdentity.

/**
	 * Entry point into the program. See class description for required properties file elements.
	 * 
	 */
public static void createIdentity() throws Exception {
    //Properties file
    // Define properties file strings
    final String OWNER_AUTH = "TpmOwnerAuth";
    final String HIS_IDENTITY_LABEL = "HisIdentityLabel";
    final String HIS_IDENTITY_INDEX = "HisIdentityIndex";
    final String HIS_IDENTITY_AUTH = "HisIdentityAuth";
    final String PRIVACY_CA_CERT = "PrivacyCaCertFile";
    final String PRIVACY_CA_URL = "PrivacyCaUrl";
    final String TRUST_STORE = "TrustStore";
    final String CLIENT_PATH = "ClientPath";
    final String EC_STORAGE = "ecStorage";
    final String EC_LOCATION = "ecLocation";
    // Instantiate variables to be set by properties file
    byte[] TpmOwnerAuth = null;
    String HisIdentityLabel = "";
    int HisIdentityIndex = 0;
    byte[] HisIdentityAuth = null;
    String PrivacyCaCertFile = "";
    String PrivacyCaUrl = "";
    String TrustStore = "";
    String ClientPath = "";
    String ecStorageFileName = "";
    String ecStorage = "";
    // Set properties file name
    String homeFolder = "";
    String tpmOwnerAuth = "";
    // Read the properties file, setting any defaults where it makes sense
    FileInputStream PropertyFile = null;
    try {
        File propFile = ResourceFinder.getFile("hisprovisioner.properties");
        PropertyFile = new FileInputStream(propFile);
        Properties HisProvisionerProperties = new Properties();
        HisProvisionerProperties.load(new InputStreamReader(PropertyFile, "UTF-8"));
        homeFolder = propFile.getAbsolutePath();
        homeFolder = homeFolder.substring(0, homeFolder.indexOf("hisprovisioner.properties"));
        log.info("Home folder : " + homeFolder);
        tpmOwnerAuth = HisProvisionerProperties.getProperty(OWNER_AUTH, "");
        if (tpmOwnerAuth != null) {
            TpmOwnerAuth = Hex.decodeHex(tpmOwnerAuth.toCharArray());
        }
        // else if (tpmOwnerAuth.length() == 40) {
        //    log.info("owner authentication is hex code formatted");
        //    TpmOwnerAuth = TpmUtils.hexStringToByteArray(tpmOwnerAuth);
        //} else {
        //    log.info("illegal owner authentication detected! accepted owner authentication is 20 or 40 long characters");
        //}
        //TpmOwnerAuth = TpmUtils.hexStringToByteArray(HisProvisionerProperties.getProperty(OWNER_AUTH));
        HisIdentityLabel = HisProvisionerProperties.getProperty(HIS_IDENTITY_LABEL, "");
        HisIdentityIndex = Integer.parseInt(HisProvisionerProperties.getProperty(HIS_IDENTITY_INDEX, "0"));
        HisIdentityAuth = TpmUtils.hexStringToByteArray(HisProvisionerProperties.getProperty(HIS_IDENTITY_AUTH, ""));
        PrivacyCaCertFile = HisProvisionerProperties.getProperty(PRIVACY_CA_CERT, "");
        PrivacyCaUrl = HisProvisionerProperties.getProperty(PRIVACY_CA_URL, "");
        //			TrustStore = HisProvisionerProperties.getProperty(TRUST_STORE, "TrustStore.jks");
        ClientPath = HisProvisionerProperties.getProperty(CLIENT_PATH, "");
        ecStorage = HisProvisionerProperties.getProperty(EC_STORAGE, "NVRAM");
        ecStorageFileName = HisProvisionerProperties.getProperty(EC_LOCATION, ".") + System.getProperty("file.separator") + "EC.cer";
    } catch (FileNotFoundException e) {
        // If the properties file is not found, display error
        throw new PrivacyCAException("Error finding HIS Provisioner properties file (HISprovisionier.properties); using defaults.", e);
    } catch (IOException e) {
        // If propertied file cannot be read, display error
        throw new PrivacyCAException("Error loading HIS Provisioner properties file (HISprovisionier.properties); using defaults.");
    } catch (NumberFormatException e) {
        throw new PrivacyCAException(e);
    } finally {
        if (PropertyFile != null)
            try {
                PropertyFile.close();
            } catch (IOException e) {
                log.log(Level.SEVERE, "Error while closing the property file ", e);
            }
    }
    // Check to see if any of the values were not populated with acceptable values
    String errorString = "Properties file \"" + homeFolder + "hisprovisioner.properties contains errors:\n";
    boolean hasErrors = false;
    if (TpmOwnerAuth == null) {
        // ||  TpmOwnerAuth.length != 20){
        errorString += " - \"TpmOwnerAuth\" value must be set representing the TPM owner authentication\n";
        hasErrors = true;
    }
    if (HisIdentityLabel.length() == 0) {
        errorString += " - \"HisIdentityLabel\" value must be the subject name for the AIK certificate\n";
        hasErrors = true;
    }
    if (HisIdentityIndex == 0) {
        errorString += " - \"HisIdentityIndex\" value must be the index for AIK storage\n";
        hasErrors = true;
    }
    if (HisIdentityAuth == null || HisIdentityAuth.length != 20) {
        errorString += " - \"HisIdentityAuth\" value must be a 40 hexidecimal digit (20 byte) value representing the AIK authentication\n";
        hasErrors = true;
    }
    if (PrivacyCaCertFile.length() == 0) {
        errorString += " - \"PrivacyCaCertFile\" value must be the name of the Privacy CA certificate file\n";
        hasErrors = true;
    }
    if (PrivacyCaUrl.length() == 0) {
        errorString += " - \"PrivacyCaUrl\" value must be the name of the URL of the Privacy CA web service\n";
        hasErrors = true;
    }
    //		}
    if (ClientPath.length() == 0) {
        errorString += " - \"ClientPath\" value must be the path that will be used for installing the HIS Client\n";
        hasErrors = true;
    }
    // If there were errors that prevent the rest of the class from running, display the error specifics and exit with an error code.
    if (hasErrors) {
        //			System.out.println(errorString);
        throw new PrivacyCAException(errorString);
    }
    //System.out.println("Trust store to use :" + System.getProperty("javax.net.ssl.trustStore"));
    //System.setProperty("javax.net.ssl.trustStore", "./" + TrustStore);
    /*
                // looks like this is already being done somewhere else:
                // check if an identity already exists; if so, do not attempt to create it. if administrator wants to create a new identity, the existing identity must first be deleted from disk.  this version of trust agent supports only a single identity.
		File aikcertFile = new File(homeFolder + ClientPath + File.separator+"aikcert.cer");
                if( aikcertFile.exists() && aikcertFile.isFile() && aikcertFile.canRead() ) {
                    log.info("Identity already exists");
                    return;
                }
                */
    //Provision an identity for HIS
    log.info("Performing HIS identity provisioning...");
    FileOutputStream pcaFileOut = null;
    try {
        byte[] srkAuth = TpmUtils.hexStringToByteArray("0000000000000000000000000000000000000000");
        boolean requiresAuthSha = false;
        byte[] ownerAuthRaw = TpmOwnerAuth;
        byte[] keyAuthRaw = HisIdentityAuth;
        byte[] srkAuthRaw = srkAuth;
        if (requiresAuthSha) {
            ownerAuthRaw = TpmUtils.sha1hash(TpmOwnerAuth);
            keyAuthRaw = TpmUtils.sha1hash(HisIdentityAuth);
            srkAuthRaw = TpmUtils.sha1hash(srkAuth);
        }
        X509Certificate pcaCert = TpmUtils.certFromFile(homeFolder + PrivacyCaCertFile);
        boolean shortcut = true;
        byte[] ekCert = null;
        if (ecStorage.equalsIgnoreCase("file")) {
            File ecFile = new File(ecStorageFileName);
            FileInputStream ecFileIn = new FileInputStream(ecFile);
            ekCert = new byte[ecFileIn.available()];
            ecFileIn.read(ekCert);
            log.info("--read EC from file--");
            ecFileIn.close();
        } else {
            ekCert = TpmModule.getCredential(TpmOwnerAuth, "EC");
        }
        TpmIdentityRequest encryptedEkCert = new TpmIdentityRequest(ekCert, (RSAPublicKey) pcaCert.getPublicKey(), false);
        TpmIdentity newId = TpmModule.collateIdentityRequest(TpmOwnerAuth, HisIdentityAuth, HisIdentityLabel, new TpmPubKey((RSAPublicKey) pcaCert.getPublicKey(), 3, 1).toByteArray(), HisIdentityIndex, (X509Certificate) null, !shortcut);
        //                        HttpsURLConnection.setDefaultHostnameVerifier(new NopX509HostnameVerifier()); // XXX TODO Bug #497 need to allow caller to specify a TlsPolicy // disabled for testing issue #541
        IHisPrivacyCAWebService2 hisPrivacyCAWebService2 = HisPrivacyCAWebServices2ClientInvoker.getHisPrivacyCAWebService2(PrivacyCaUrl);
        byte[] encrypted1 = hisPrivacyCAWebService2.identityRequestGetChallenge(newId.getIdentityRequest(), encryptedEkCert.toByteArray());
        if (encrypted1.length == 1) {
            throw new PrivacyCAException("Identity request was rejected by Privacy CA in phase 1 of process");
        }
        //TpmKey aik = new TpmKey(newId.getAikBlob());
        //return os type. win:0; linux:1; other:-1
        int os = IdentityOS.osType();
        byte[] asym1 = new byte[256];
        System.arraycopy(encrypted1, 0, asym1, 0, asym1.length);
        byte[] sym1 = new byte[encrypted1.length - 256];
        System.arraycopy(encrypted1, 256, sym1, 0, sym1.length);
        byte[] decrypted1;
        if (os == 1) {
            //linux
            decrypted1 = TpmModule.activateIdentity(ownerAuthRaw, keyAuthRaw, asym1, sym1, HisIdentityIndex);
        } else
            //decrypted1 = TpmModuleJava.ActivateIdentity(asym1, sym1, aik, keyAuthRaw, srkAuthRaw, ownerAuthRaw); //Comments  temporarily due to TSSCoreService.jar compiling issue 
            decrypted1 = TpmModule.activateIdentity(ownerAuthRaw, keyAuthRaw, asym1, sym1, HisIdentityIndex);
        TpmIdentityRequest encryptedChallenge = new TpmIdentityRequest(decrypted1, (RSAPublicKey) pcaCert.getPublicKey(), false);
        byte[] encrypted2 = hisPrivacyCAWebService2.identityRequestSubmitResponse(encryptedChallenge.toByteArray());
        if (encrypted2.length == 1) {
            log.warning("Identity request was rejected by Privacy CA in phase 2 of process");
            throw new Exception("Identity request was rejected by Privacy CA in phase 2 of process");
        }
        byte[] asym2 = new byte[256];
        System.arraycopy(encrypted2, 0, asym2, 0, asym2.length);
        byte[] sym2 = new byte[encrypted2.length - 256];
        System.arraycopy(encrypted2, 256, sym2, 0, sym2.length);
        byte[] decrypted2;
        byte[] aikblob;
        if (os == 1) {
            //linux
            decrypted2 = TpmModule.activateIdentity(ownerAuthRaw, keyAuthRaw, asym2, sym2, HisIdentityIndex);
            aikblob = newId.getAikBlob();
            writecert(homeFolder + ClientPath, decrypted2, "/aikcert.cer");
            writeFile(homeFolder + ClientPath, aikblob, "/aikblob.dat");
        } else {
            //decrypted1 = TpmModuleJava.ActivateIdentity(asym1, sym1, aik, keyAuthRaw, srkAuthRaw, ownerAuthRaw); 
            //decrypted2 = TpmModuleJava.ActivateIdentity(asym2, sym2, aik, keyAuthRaw, srkAuthRaw, ownerAuthRaw);//Comments  temporarily due to TSSCoreService.jar compiling issue 
            decrypted2 = TpmModule.activateIdentity(ownerAuthRaw, keyAuthRaw, asym2, sym2, HisIdentityIndex);
            writecert(homeFolder + ClientPath, decrypted2, "/aikcert.cer");
        }
    } catch (Exception e) {
        throw new PrivacyCAException("FAILED", e);
    } finally {
        if (pcaFileOut != null)
            try {
                pcaFileOut.close();
            } catch (IOException e) {
                log.log(Level.SEVERE, "Error while closing pcaFileOut", e);
            }
    }
    log.info("DONE");
}
Also used : IHisPrivacyCAWebService2(gov.niarl.his.webservices.hisPrivacyCAWebService2.IHisPrivacyCAWebService2) InputStreamReader(java.io.InputStreamReader) FileNotFoundException(java.io.FileNotFoundException) IOException(java.io.IOException) Properties(java.util.Properties) FileInputStream(java.io.FileInputStream) X509Certificate(java.security.cert.X509Certificate) IOException(java.io.IOException) FileNotFoundException(java.io.FileNotFoundException) CertificateException(javax.security.cert.CertificateException) TpmPubKey(gov.niarl.his.privacyca.TpmPubKey) FileOutputStream(java.io.FileOutputStream) File(java.io.File) TpmIdentityRequest(gov.niarl.his.privacyca.TpmIdentityRequest) TpmIdentity(gov.niarl.his.privacyca.TpmIdentity)

Example 2 with IHisPrivacyCAWebService2

use of gov.niarl.his.webservices.hisPrivacyCAWebService2.IHisPrivacyCAWebService2 in project OpenAttestation by OpenAttestation.

the class ProvisionTPM method takeOwnership.

/**
	 * Entry point into the program
	 * @throws Exception 
	 */
public static void takeOwnership() throws Exception {
    // throws InvalidKeyException, CertificateEncodingException, UnrecoverableKeyException, NoSuchAlgorithmException, InvalidKeySpecException, SignatureException, NoSuchProviderException, KeyStoreException, CertificateException, IOException, javax.security.cert.CertificateException {
    //get properties file info
    final String OWNER_AUTH = "TpmOwnerAuth";
    final String EC_VALIDITY = "EcValidityDays";
    final String EC_STORAGE = "ecStorage";
    final String PRIVACY_CA_URL = "PrivacyCaUrl";
    final String TRUST_STORE = "TrustStore";
    final String PRIVACY_CA_CERT = "PrivacyCaCertFile";
    final String EC_LOCATION = "ecLocation";
    String ecStorage = "";
    String ecStorageFileName = "";
    String PrivacyCaUrl = "";
    int EcValidityDays = 0;
    String PrivacyCaCertFile = "";
    byte[] TpmOwnerAuth = null;
    byte[] encryptCert = null;
    byte[] pubEkMod = null;
    X509Certificate pcaCert = null;
    PublicKey publicKey = null;
    //This is for logging purpose
    String propertiesFileName = ResourceFinder.getLocation("hisprovisioner.properties");
    FileInputStream PropertyFile = null;
    String tpmOwnerAuth = "";
    String homeFolder = "";
    try {
        File propFile = ResourceFinder.getFile("hisprovisioner.properties");
        PropertyFile = new FileInputStream(propFile);
        Properties HisProvisionerProperties = new Properties();
        HisProvisionerProperties.load(new InputStreamReader(PropertyFile, "UTF-8"));
        homeFolder = propFile.getAbsolutePath();
        homeFolder = homeFolder.substring(0, homeFolder.indexOf("hisprovisioner.properties"));
        log.info("Home folder : " + homeFolder);
        EcValidityDays = Integer.parseInt(HisProvisionerProperties.getProperty(EC_VALIDITY, ""));
        tpmOwnerAuth = HisProvisionerProperties.getProperty(OWNER_AUTH, "");
        if (tpmOwnerAuth != null) {
            TpmOwnerAuth = Hex.decodeHex(tpmOwnerAuth.toCharArray());
        }
        //else if (tpmOwnerAuth.length() == 40) {
        //    log.info("owner authentication is hex code formatted");
        //    TpmOwnerAuth = TpmUtils.hexStringToByteArray(tpmOwnerAuth);
        //} else {
        //    log.info("illegal owner authentication detected! accepted owner authentication is 20 or 40 long characters");
        //}
        //TpmOwnerAuth = TpmUtils.hexStringToByteArray(HisProvisionerProperties.getProperty(OWNER_AUTH, ""));
        PrivacyCaUrl = HisProvisionerProperties.getProperty(PRIVACY_CA_URL, "");
        PrivacyCaCertFile = HisProvisionerProperties.getProperty(PRIVACY_CA_CERT, "");
        ecStorage = HisProvisionerProperties.getProperty(EC_STORAGE, "NVRAM");
        ecStorageFileName = HisProvisionerProperties.getProperty(EC_LOCATION, ".") + System.getProperty("file.separator") + "EC.cer";
        log.info("ecStorageFileName:" + ecStorageFileName);
    } catch (FileNotFoundException e) {
        throw new PrivacyCAException("Error finding HIS Provisioner properties file (HISprovisionier.properties)", e);
    } catch (IOException e) {
        throw new PrivacyCAException("Error loading HIS Provisioner properties file (HISprovisionier.properties)", e);
    } catch (NumberFormatException e) {
        throw new PrivacyCAException("Error while reading EcValidityDays", e);
    } finally {
        if (PropertyFile != null) {
            try {
                PropertyFile.close();
            } catch (IOException e) {
                log.log(Level.SEVERE, "Error while closing the property file ", e);
            }
        }
    }
    String errorString = "Properties file \"" + propertiesFileName + "\" contains errors:\n";
    boolean hasErrors = false;
    if (EcValidityDays == 0) {
        errorString += " - \"EcValidityDays\" value must be the number of validity days for the Endorsement Credential\n";
        hasErrors = true;
    }
    if (TpmOwnerAuth == null) {
        // || TpmOwnerAuth.length != 20){
        errorString += " - \"TpmOwnerAuth\" value must be set representing the TPM owner auth\n";
        hasErrors = true;
    }
    if (hasErrors) {
        throw new PrivacyCAException(errorString);
    }
    //Provision the TPM
    log.info("Performing TPM provisioning...");
    Security.addProvider(new BouncyCastleProvider());
    SecretKey deskey = TpmUtils.generateSecretKey();
    // Take Ownership
    byte[] nonce = null;
    try {
        nonce = TpmUtils.createRandomBytes(20);
        TpmModule.takeOwnership(TpmOwnerAuth, nonce);
    } catch (TpmModuleException e) {
        if (e.toString().contains(".takeOwnership returned nonzero error: 4")) {
            Logger.getLogger(ProvisionTPM.class.getName()).info("Ownership is already taken : ");
            if (!System.getProperty("forceCreateEk", "false").equals("true")) {
                // feature to help with bug #554 and allow admin to force creating an ek (in case it failed the first time due to a non-tpm error such as java missing classes exception
                return;
            }
        } else
            throw e;
    } catch (IOException e) {
        e.printStackTrace();
    }
    // Create Endorsement Certificate
    try {
        nonce = TpmUtils.createRandomBytes(20);
        pubEkMod = TpmModule.getEndorsementKeyModulus(TpmOwnerAuth, nonce);
    } catch (TpmModuleException e) {
        System.out.println("Error getting PubEK: " + e.toString());
    } catch (Exception e) {
        System.out.println("Error getting PubEK: " + e.toString());
    }
    try {
        pcaCert = TpmUtils.certFromFile(homeFolder + PrivacyCaCertFile);
        if (pcaCert != null) {
            publicKey = (RSAPublicKey) pcaCert.getPublicKey();
        }
    } catch (Exception e) {
        System.out.println("print out error message: " + e.toString());
        e.printStackTrace();
    }
    try {
        IHisPrivacyCAWebService2 hisPrivacyCAWebService2 = HisPrivacyCAWebServices2ClientInvoker.getHisPrivacyCAWebService2(PrivacyCaUrl);
        encryptCert = hisPrivacyCAWebService2.requestGetEC(TpmUtils.encryptDES(pubEkMod, deskey), TpmUtils.encryptRSA(deskey.getEncoded(), publicKey), EcValidityDays);
    } catch (Exception e) {
        System.out.println("FAILED");
        e.printStackTrace();
        System.exit(1);
    }
    //Decrypt and generate endorsement certificate 
    X509Certificate ekCert = null;
    try {
        if (encryptCert != null) {
            ekCert = TpmUtils.certFromBytes(TpmUtils.decryptDES(encryptCert, deskey));
        }
    } catch (java.security.cert.CertificateException e) {
        e.printStackTrace();
    } catch (CertificateException e) {
        e.printStackTrace();
    } catch (Exception e) {
        e.printStackTrace();
    }
    // Store the new EC in NV-RAM or in the file
    try {
        if (ecStorage.equalsIgnoreCase("file")) {
            File ecFile = new File(ecStorageFileName);
            FileOutputStream ecFileOut = new FileOutputStream(ecFile);
            ecFileOut.write(ekCert.getEncoded());
            ecFileOut.flush();
            ecFileOut.close();
        } else {
            TpmModule.setCredential(TpmOwnerAuth, "EC", ekCert.getEncoded());
        }
        System.out.println(ekCert.getEncoded().length);
    } catch (TpmModuleException e) {
        System.out.println("Error getting PubEK: " + e.toString());
    } catch (CertificateEncodingException e) {
        e.printStackTrace();
    } catch (IOException e) {
        e.printStackTrace();
    }
    System.out.println("DONE");
    //System.exit(0);
    return;
}
Also used : FileNotFoundException(java.io.FileNotFoundException) CertificateException(javax.security.cert.CertificateException) Properties(java.util.Properties) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider) IHisPrivacyCAWebService2(gov.niarl.his.webservices.hisPrivacyCAWebService2.IHisPrivacyCAWebService2) InputStreamReader(java.io.InputStreamReader) RSAPublicKey(java.security.interfaces.RSAPublicKey) PublicKey(java.security.PublicKey) CertificateEncodingException(java.security.cert.CertificateEncodingException) IOException(java.io.IOException) X509Certificate(java.security.cert.X509Certificate) FileInputStream(java.io.FileInputStream) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) IOException(java.io.IOException) TpmModuleException(gov.niarl.his.privacyca.TpmModule.TpmModuleException) FileNotFoundException(java.io.FileNotFoundException) CertificateException(javax.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) NoSuchProviderException(java.security.NoSuchProviderException) CertificateEncodingException(java.security.cert.CertificateEncodingException) SecretKey(javax.crypto.SecretKey) FileOutputStream(java.io.FileOutputStream) TpmModuleException(gov.niarl.his.privacyca.TpmModule.TpmModuleException) File(java.io.File)

Example 3 with IHisPrivacyCAWebService2

use of gov.niarl.his.webservices.hisPrivacyCAWebService2.IHisPrivacyCAWebService2 in project OpenAttestation by OpenAttestation.

the class HisIdentityProvisioner method main.

/**
	 * Entry point into the program. See class description for required properties file elements.
	 * 
	 */
public static void main(String[] args) {
    //Properties file
    // Define properties file strings
    final String OWNER_AUTH = "TpmOwnerAuth";
    final String HIS_IDENTITY_LABEL = "HisIdentityLabel";
    final String HIS_IDENTITY_INDEX = "HisIdentityIndex";
    final String HIS_IDENTITY_AUTH = "HisIdentityAuth";
    final String PRIVACY_CA_CERT = "PrivacyCaCertFile";
    final String PRIVACY_CA_URL = "PrivacyCaUrl";
    final String TRUST_STORE = "TrustStore";
    final String CLIENT_PATH = "ClientPath";
    // Instantiate variables to be set by properties file
    byte[] TpmOwnerAuth = null;
    String HisIdentityLabel = "";
    int HisIdentityIndex = 0;
    byte[] HisIdentityAuth = null;
    String PrivacyCaCertFile = "";
    String PrivacyCaUrl = "";
    String TrustStore = "";
    String ClientPath = "";
    // Set properties file name
    String propertiesFileName = "./OATprovisioner.properties";
    // Read the properties file, setting any defaults where it makes sense
    FileInputStream PropertyFile = null;
    try {
        PropertyFile = new FileInputStream(propertiesFileName);
        Properties HisProvisionerProperties = new Properties();
        HisProvisionerProperties.load(PropertyFile);
        TpmOwnerAuth = TpmUtils.hexStringToByteArray(HisProvisionerProperties.getProperty(OWNER_AUTH));
        HisIdentityLabel = HisProvisionerProperties.getProperty(HIS_IDENTITY_LABEL, "");
        HisIdentityIndex = Integer.parseInt(HisProvisionerProperties.getProperty(HIS_IDENTITY_INDEX, "0"));
        HisIdentityAuth = TpmUtils.hexStringToByteArray(HisProvisionerProperties.getProperty(HIS_IDENTITY_AUTH, ""));
        PrivacyCaCertFile = HisProvisionerProperties.getProperty(PRIVACY_CA_CERT, "");
        PrivacyCaUrl = HisProvisionerProperties.getProperty(PRIVACY_CA_URL, "");
        TrustStore = HisProvisionerProperties.getProperty(TRUST_STORE, "TrustStore.jks");
        ClientPath = HisProvisionerProperties.getProperty(CLIENT_PATH, "");
    } catch (FileNotFoundException e) {
        // If the properties file is not found, display error
        System.out.println("Error finding HIS Provisioner properties file (HISprovisionier.properties); using defaults.");
    } catch (IOException e) {
        // If propertied file cannot be read, display error
        System.out.println("Error loading HIS Provisioner properties file (HISprovisionier.properties); using defaults.");
    } catch (NumberFormatException e) {
        e.printStackTrace();
    } finally {
        if (PropertyFile != null)
            try {
                PropertyFile.close();
            } catch (IOException e) {
                e.printStackTrace();
            }
    }
    // Check to see if any of the values were not populated with acceptable values
    String errorString = "Properties file \"" + propertiesFileName + "\" contains errors:\n";
    boolean hasErrors = false;
    if (TpmOwnerAuth == null || TpmOwnerAuth.length != 20) {
        errorString += " - \"TpmOwnerAuth\" value must be a 40 hexidecimal digit (20 byte) value representing the TPM owner authentication\n";
        hasErrors = true;
    }
    if (HisIdentityLabel.length() == 0) {
        errorString += " - \"HisIdentityLabel\" value must be the subject name for the AIK certificate\n";
        hasErrors = true;
    }
    if (HisIdentityIndex == 0) {
        errorString += " - \"HisIdentityIndex\" value must be the index for AIK storage\n";
        hasErrors = true;
    }
    if (HisIdentityAuth == null || HisIdentityAuth.length != 20) {
        errorString += " - \"HisIdentityAuth\" value must be a 40 hexidecimal digit (20 byte) value representing the AIK authentication\n";
        hasErrors = true;
    }
    if (PrivacyCaCertFile.length() == 0) {
        errorString += " - \"PrivacyCaCertFile\" value must be the name of the Privacy CA certificate file\n";
        hasErrors = true;
    }
    if (PrivacyCaUrl.length() == 0) {
        errorString += " - \"PrivacyCaUrl\" value must be the name of the URL of the Privacy CA web service\n";
        hasErrors = true;
    }
    if (TrustStore.length() == 0) {
        errorString += " - \"TrustStore\" value must be the name of the trust store for using the registration web service\n";
        hasErrors = true;
    }
    if (ClientPath.length() == 0) {
        errorString += " - \"ClientPath\" value must be the path that will be used for installing the HIS Client\n";
        hasErrors = true;
    }
    // If there were errors that prevent the rest of the class from running, display the error specifics and exit with an error code.
    if (hasErrors) {
        System.out.println(errorString);
        System.exit(99);
        return;
    }
    System.setProperty("javax.net.ssl.trustStore", "./" + TrustStore);
    //Provision an identity for HIS
    System.out.print("Performing HIS identity provisioning...");
    FileOutputStream pcaFileOut = null;
    try {
        byte[] srkAuth = TpmUtils.hexStringToByteArray("0000000000000000000000000000000000000000");
        boolean requiresAuthSha = false;
        byte[] ownerAuthRaw = TpmOwnerAuth;
        byte[] keyAuthRaw = HisIdentityAuth;
        byte[] srkAuthRaw = srkAuth;
        if (requiresAuthSha) {
            ownerAuthRaw = TpmUtils.sha1hash(TpmOwnerAuth);
            keyAuthRaw = TpmUtils.sha1hash(HisIdentityAuth);
            srkAuthRaw = TpmUtils.sha1hash(srkAuth);
        }
        X509Certificate pcaCert = TpmUtils.certFromFile(PrivacyCaCertFile);
        boolean shortcut = true;
        if (TpmOwnerAuth == null) {
            System.exit(99);
            return;
        }
        byte[] ekCert = TpmModule.getCredential(TpmOwnerAuth, "EC");
        TpmIdentityRequest encryptedEkCert = new TpmIdentityRequest(ekCert, (RSAPublicKey) pcaCert.getPublicKey(), false);
        if (HisIdentityAuth == null) {
            System.exit(99);
            return;
        }
        TpmIdentity newId = TpmModule.collateIdentityRequest(TpmOwnerAuth, HisIdentityAuth, HisIdentityLabel, new TpmPubKey((RSAPublicKey) pcaCert.getPublicKey(), 3, 1).toByteArray(), HisIdentityIndex, (X509Certificate) null, !shortcut);
        IHisPrivacyCAWebService2 hisPrivacyCAWebService2 = HisPrivacyCAWebServices2ClientInvoker.getHisPrivacyCAWebService2(PrivacyCaUrl);
        byte[] encrypted1 = hisPrivacyCAWebService2.identityRequestGetChallenge(newId.getIdentityRequest(), encryptedEkCert.toByteArray());
        if (encrypted1.length == 1) {
            System.out.println("Identity request was rejected by Privacy CA in phase 1 of process");
            System.exit(1);
            return;
        }
        TpmKey aik = new TpmKey(newId.getAikBlob());
        //return os type. win:0; linux:1; other:-1
        int os = IdentityOS.osType();
        byte[] asym1 = new byte[256];
        System.arraycopy(encrypted1, 0, asym1, 0, asym1.length);
        byte[] sym1 = new byte[encrypted1.length - 256];
        System.arraycopy(encrypted1, 256, sym1, 0, sym1.length);
        byte[] decrypted1;
        if (//linux
        os == 1)
            decrypted1 = TpmModule.activateIdentity(ownerAuthRaw, keyAuthRaw, asym1, sym1, HisIdentityIndex);
        else
            //decrypted1 = TpmModuleJava.ActivateIdentity(asym1, sym1, aik, keyAuthRaw, srkAuthRaw, ownerAuthRaw); //Comments  temporarily due to TSSCoreService.jar compiling issue 
            decrypted1 = TpmModule.activateIdentity(ownerAuthRaw, keyAuthRaw, asym1, sym1, HisIdentityIndex);
        TpmIdentityRequest encryptedChallenge = new TpmIdentityRequest(decrypted1, (RSAPublicKey) pcaCert.getPublicKey(), false);
        byte[] encrypted2 = hisPrivacyCAWebService2.identityRequestSubmitResponse(encryptedChallenge.toByteArray());
        if (encrypted2.length == 1) {
            System.out.println("Identity request was rejected by Privacy CA in phase 2 of process");
            System.exit(2);
            return;
        }
        byte[] asym2 = new byte[256];
        System.arraycopy(encrypted2, 0, asym2, 0, asym2.length);
        byte[] sym2 = new byte[encrypted2.length - 256];
        System.arraycopy(encrypted2, 256, sym2, 0, sym2.length);
        byte[] decrypted2;
        if (//linux
        os == 1)
            decrypted2 = TpmModule.activateIdentity(ownerAuthRaw, keyAuthRaw, asym2, sym2, HisIdentityIndex);
        else
            //decrypted1 = TpmModuleJava.ActivateIdentity(asym1, sym1, aik, keyAuthRaw, srkAuthRaw, ownerAuthRaw); 
            //decrypted2 = TpmModuleJava.ActivateIdentity(asym2, sym2, aik, keyAuthRaw, srkAuthRaw, ownerAuthRaw);//Comments  temporarily due to TSSCoreService.jar compiling issue 
            decrypted2 = TpmModule.activateIdentity(ownerAuthRaw, keyAuthRaw, asym2, sym2, HisIdentityIndex);
        File outPath = new File(ClientPath);
        File outFile = new File(ClientPath + "/aik.cer");
        if (!outPath.isDirectory()) {
            if (!outPath.mkdirs()) {
                System.out.println("Failed to create client installation path!");
                System.exit(5);
            }
        }
        pcaFileOut = new FileOutputStream(outFile);
        pcaFileOut.write(decrypted2);
        pcaFileOut.flush();
        pcaFileOut.close();
    } catch (Exception e) {
        System.out.println("FAILED");
        e.printStackTrace();
        System.exit(1);
    } finally {
        if (pcaFileOut != null)
            try {
                pcaFileOut.close();
            } catch (IOException e) {
                e.printStackTrace();
            }
    }
    System.out.println("DONE");
    System.exit(0);
    return;
}
Also used : IHisPrivacyCAWebService2(gov.niarl.his.webservices.hisPrivacyCAWebService2.IHisPrivacyCAWebService2) FileNotFoundException(java.io.FileNotFoundException) IOException(java.io.IOException) Properties(java.util.Properties) FileInputStream(java.io.FileInputStream) X509Certificate(java.security.cert.X509Certificate) IOException(java.io.IOException) FileNotFoundException(java.io.FileNotFoundException) FileOutputStream(java.io.FileOutputStream) File(java.io.File)

Example 4 with IHisPrivacyCAWebService2

use of gov.niarl.his.webservices.hisPrivacyCAWebService2.IHisPrivacyCAWebService2 in project OpenAttestation by OpenAttestation.

the class HisPrivacyCAWebServices2ClientImpl method getHisPrivacyCAWebService2.

public static IHisPrivacyCAWebService2 getHisPrivacyCAWebService2(String url) {
    try {
        HisPrivacyCAWebService2FactoryServiceService hisPrivacyCAWebService2FactoryServiceService = new HisPrivacyCAWebService2FactoryServiceService(new URL(url + "/hisPrivacyCAWebService2FactoryService?wsdl"), new QName("http://server.hisPrivacyCAWebService2.webservices.his.niarl.gov/", "HisPrivacyCAWebService2FactoryServiceService"));
        HisPrivacyCAWebService2FactoryService hisPrivacyCAWebService2FactoryService = hisPrivacyCAWebService2FactoryServiceService.getHisPrivacyCAWebService2FactoryServicePort();
        HisPrivacyCAWebService2Service hisPrivacyCAWebService2Service = new HisPrivacyCAWebService2Service(new URL(url + "/hisPrivacyCAWebService2?wsdl"), new QName("http://server.hisPrivacyCAWebService2.webservices.his.niarl.gov/", "HisPrivacyCAWebService2Service"));
        return new HisPrivacyCAWebServices2ClientImpl(hisPrivacyCAWebService2Service.getPort(hisPrivacyCAWebService2FactoryService.getHisPrivacyCAWebService2(), HisPrivacyCAWebService2.class));
    } catch (MalformedURLException e) {
        e.printStackTrace();
        throw new RuntimeException(e);
    }
}
Also used : MalformedURLException(java.net.MalformedURLException) HisPrivacyCAWebService2FactoryServiceService(gov.niarl.his.webservices.hisPrivacyCAWebServices2.clientWsImport.HisPrivacyCAWebService2FactoryServiceService) QName(javax.xml.namespace.QName) HisPrivacyCAWebService2(gov.niarl.his.webservices.hisPrivacyCAWebServices2.clientWsImport.HisPrivacyCAWebService2) IHisPrivacyCAWebService2(gov.niarl.his.webservices.hisPrivacyCAWebService2.IHisPrivacyCAWebService2) HisPrivacyCAWebService2Service(gov.niarl.his.webservices.hisPrivacyCAWebServices2.clientWsImport.HisPrivacyCAWebService2Service) HisPrivacyCAWebService2FactoryService(gov.niarl.his.webservices.hisPrivacyCAWebServices2.clientWsImport.HisPrivacyCAWebService2FactoryService) URL(java.net.URL)

Example 5 with IHisPrivacyCAWebService2

use of gov.niarl.his.webservices.hisPrivacyCAWebService2.IHisPrivacyCAWebService2 in project OpenAttestation by OpenAttestation.

the class Main method main.

/**
	 * Entry point into the program.
	 */
public static void main(String[] args) {
    //System.setProperty("javax.net.ssl.trustStore", "\\\\Toc\\Shared\\TrustStore.jks");
    try {
        IHisPrivacyCAWebService2 hisPrivacyCAWebService2 = HisPrivacyCAWebServices2ClientInvoker.getHisPrivacyCAWebService2("http://localhost:8080/HisPrivacyCAWebServices2");
        byte[] received = hisPrivacyCAWebService2.identityRequestGetChallenge("identityRequest".getBytes(), "endorsementCertificate".getBytes());
        //System.out.println(new String(hisPrivacyCAWebService2.identityRequestGetChallenge("identityRequest".getBytes(), "endorsementCertificate".getBytes())));
        System.out.println(TpmUtils.byteArrayToHexString(received));
        byte[] received2 = hisPrivacyCAWebService2.identityRequestSubmitResponse(received);
        //System.out.println(new String(hisPrivacyCAWebService2.identityRequestSubmitResponse("identityRequestResponseToChallenge".getBytes())));
        System.out.println(TpmUtils.byteArrayToHexString(received2));
    } catch (Exception e) {
        e.printStackTrace();
    }
}
Also used : IHisPrivacyCAWebService2(gov.niarl.his.webservices.hisPrivacyCAWebService2.IHisPrivacyCAWebService2)

Aggregations

IHisPrivacyCAWebService2 (gov.niarl.his.webservices.hisPrivacyCAWebService2.IHisPrivacyCAWebService2)5 File (java.io.File)3 FileInputStream (java.io.FileInputStream)3 FileNotFoundException (java.io.FileNotFoundException)3 FileOutputStream (java.io.FileOutputStream)3 IOException (java.io.IOException)3 X509Certificate (java.security.cert.X509Certificate)3 Properties (java.util.Properties)3 InputStreamReader (java.io.InputStreamReader)2 CertificateException (javax.security.cert.CertificateException)2 TpmIdentity (gov.niarl.his.privacyca.TpmIdentity)1 TpmIdentityRequest (gov.niarl.his.privacyca.TpmIdentityRequest)1 TpmModuleException (gov.niarl.his.privacyca.TpmModule.TpmModuleException)1 TpmPubKey (gov.niarl.his.privacyca.TpmPubKey)1 HisPrivacyCAWebService2 (gov.niarl.his.webservices.hisPrivacyCAWebServices2.clientWsImport.HisPrivacyCAWebService2)1 HisPrivacyCAWebService2FactoryService (gov.niarl.his.webservices.hisPrivacyCAWebServices2.clientWsImport.HisPrivacyCAWebService2FactoryService)1 HisPrivacyCAWebService2FactoryServiceService (gov.niarl.his.webservices.hisPrivacyCAWebServices2.clientWsImport.HisPrivacyCAWebService2FactoryServiceService)1 HisPrivacyCAWebService2Service (gov.niarl.his.webservices.hisPrivacyCAWebServices2.clientWsImport.HisPrivacyCAWebService2Service)1 MalformedURLException (java.net.MalformedURLException)1 URL (java.net.URL)1