diff options
author | Yuuta Liang <yuutaw@student.cs.ubc.ca> | 2023-10-26 05:00:12 +0800 |
---|---|---|
committer | Yuuta Liang <yuutaw@student.cs.ubc.ca> | 2023-10-26 05:00:12 +0800 |
commit | 578b7d1db256d9a582cef45ae5d13d858a977416 (patch) | |
tree | b856cc5af32a0d649321f501f2966d013cade6c0 /src/main/model/ca | |
parent | f73bca3372a31f360d894dcbe8580cef779af739 (diff) | |
download | jca-578b7d1db256d9a582cef45ae5d13d858a977416.tar jca-578b7d1db256d9a582cef45ae5d13d858a977416.tar.gz jca-578b7d1db256d9a582cef45ae5d13d858a977416.tar.bz2 jca-578b7d1db256d9a582cef45ae5d13d858a977416.zip |
Add persistence
Signed-off-by: Yuuta Liang <yuutaw@student.cs.ubc.ca>
Diffstat (limited to 'src/main/model/ca')
-rw-r--r-- | src/main/model/ca/CertificationAuthority.java | 80 |
1 files changed, 71 insertions, 9 deletions
diff --git a/src/main/model/ca/CertificationAuthority.java b/src/main/model/ca/CertificationAuthority.java index feb557c..038d209 100644 --- a/src/main/model/ca/CertificationAuthority.java +++ b/src/main/model/ca/CertificationAuthority.java @@ -35,6 +35,8 @@ import java.util.stream.Stream; * Holds a CA private key, its certificate, signed / revoked list, template list, and logs list. */ public class CertificationAuthority { + public static final int SERIAL_DEFAULT = 1; + /** * The RSA2048 private key. */ @@ -81,14 +83,45 @@ public class CertificationAuthority { private final String user; /** - * EFFECT: Init with a null key and null certificate, empty signed, revoked template, and log list, serial at 1, and - * user "yuuta". + * EFFECT: Init with the given parameters and user "yuuta". + * Throws {@link NoSuchAlgorithmException} if the key is specified but RSA is not supported. + * Throws {@link InvalidKeySpecException} if the key specified is invalid. + * Throws {@link InvalidCAException} or {@link ParseException} if the CA specified is invalid. + * REQUIRES: n / p / e must be either all null or all non-null containing RSA2048 module and exponents. + * If certificate is non-null, n / p / e must be non-null. + */ + public CertificationAuthority(BigInteger n, BigInteger p, BigInteger e, + Certificate certificate, + List<Certificate> signed, + int serial, + List<RevokedCertificate> revoked, + List<Template> templates, + List<AuditLogEntry> logs) + throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidCAException, ParseException { + if (n != null) { + setKey(n, p, e); + } + if (certificate != null) { + validateCertificate(certificate); + } + this.certificate = certificate; + this.signed = new ArrayList<>(signed); + this.serial = serial; + this.revoked = new ArrayList<>(revoked); + this.templates = new ArrayList<>(templates); + this.logs = new ArrayList<>(logs); + this.user = "yuuta"; + } + + /** + * EFFECT: Init with a null key and null certificate, empty signed, revoked template, and log list, + * serial at SERIAL_DEFAULT, and user "yuuta". */ public CertificationAuthority() { this.key = null; this.publicKey = null; this.certificate = null; - this.serial = 1; + this.serial = SERIAL_DEFAULT; this.signed = new ArrayList<>(); this.revoked = new ArrayList<>(); this.templates = new ArrayList<>(); @@ -111,17 +144,29 @@ public class CertificationAuthority { } /** - * EFFECTS: Load the RSA private and public exponents. This action will be logged. + * EFFECTS: Load the RSA private and public exponents. * Throws {@link NoSuchAlgorithmException} if RSA is not available on the platform. * Throws {@link InvalidKeySpecException} if the input is invalid. * REQUIRES: getPublicKey() is null (i.e., no private key had been installed) * MODIFIES: this */ - public void loadKey(BigInteger n, BigInteger p, BigInteger e) + private void setKey(BigInteger n, BigInteger p, BigInteger e) throws NoSuchAlgorithmException, InvalidKeySpecException { this.key = (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new RSAPrivateKeySpec(n, p)); this.publicKey = (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(n, e)); + } + + /** + * EFFECTS: Load the RSA private and public exponents. This action will be logged. + * Throws {@link NoSuchAlgorithmException} if RSA is not available on the platform. + * Throws {@link InvalidKeySpecException} if the input is invalid. + * REQUIRES: getPublicKey() is null (i.e., no private key had been installed) + * MODIFIES: this + */ + public void loadKey(BigInteger n, BigInteger p, BigInteger e) + throws NoSuchAlgorithmException, InvalidKeySpecException { + setKey(n, p, e); log("Installed CA private key."); } @@ -185,6 +230,22 @@ public class CertificationAuthority { } /** + * EFFECT: Validate the CA certificate. Throws {@link InvalidCAException} if any of the + * following are violated: + * - It must be a v3 certificate + * - The new certificate must have the same algorithm and public key as getPublicKey() + * - It must have basicConstraints { cA = TRUE } + * - It must contain key usage Digital Signature, Certificate Sign, CRL Sign + * Throws {@link ParseException} if the cert has invalid extension values. + */ + private void validateCertificate(Certificate certificate) throws InvalidCAException, ParseException { + validateCACertificateVersion(certificate); + validateCACertificatePublicKey(certificate); + validateCACertificateBasicConstraints(certificate); + validateCACertificateKeyUsage(certificate); + } + + /** * EFFECT: Install the CA certificate. Throws {@link InvalidCAException} if any of the * following are violated: * - It must be a v3 certificate @@ -198,10 +259,7 @@ public class CertificationAuthority { * MODIFIES: this */ public void installCertificate(Certificate certificate) throws InvalidCAException, ParseException { - validateCACertificateVersion(certificate); - validateCACertificatePublicKey(certificate); - validateCACertificateBasicConstraints(certificate); - validateCACertificateKeyUsage(certificate); + validateCertificate(certificate); this.certificate = certificate; log("CA certificate is installed."); } @@ -477,4 +535,8 @@ public class CertificationAuthority { public RSAPublicKey getPublicKey() { return publicKey; } + + public RSAPrivateKey getKey() { + return key; + } } |