From 578b7d1db256d9a582cef45ae5d13d858a977416 Mon Sep 17 00:00:00 2001
From: Yuuta Liang <yuutaw@student.cs.ubc.ca>
Date: Thu, 26 Oct 2023 05:00:12 +0800
Subject: Add persistence

Signed-off-by: Yuuta Liang <yuutaw@student.cs.ubc.ca>
---
 .../model/asn1/exceptions/InvalidDBException.java  | 10 +++
 src/main/model/ca/CertificationAuthority.java      | 80 +++++++++++++++++++---
 2 files changed, 81 insertions(+), 9 deletions(-)
 create mode 100644 src/main/model/asn1/exceptions/InvalidDBException.java

(limited to 'src/main/model')

diff --git a/src/main/model/asn1/exceptions/InvalidDBException.java b/src/main/model/asn1/exceptions/InvalidDBException.java
new file mode 100644
index 0000000..4068a4b
--- /dev/null
+++ b/src/main/model/asn1/exceptions/InvalidDBException.java
@@ -0,0 +1,10 @@
+package model.asn1.exceptions;
+
+/**
+ * The database is invalid.
+ */
+public class InvalidDBException extends RuntimeException {
+    public InvalidDBException(String message, Throwable cause) {
+        super(message, cause);
+    }
+}
diff --git a/src/main/model/ca/CertificationAuthority.java b/src/main/model/ca/CertificationAuthority.java
index feb557c..038d209 100644
--- a/src/main/model/ca/CertificationAuthority.java
+++ b/src/main/model/ca/CertificationAuthority.java
@@ -35,6 +35,8 @@ import java.util.stream.Stream;
  * Holds a CA private key, its certificate, signed / revoked list, template list, and logs list.
  */
 public class CertificationAuthority {
+    public static final int SERIAL_DEFAULT = 1;
+
     /**
      * The RSA2048 private key.
      */
@@ -81,14 +83,45 @@ public class CertificationAuthority {
     private final String user;
 
     /**
-     * EFFECT: Init with a null key and null certificate, empty signed, revoked template, and log list, serial at 1, and
-     * user "yuuta".
+     * EFFECT: Init with the given parameters and user "yuuta".
+     * Throws {@link NoSuchAlgorithmException} if the key is specified but RSA is not supported.
+     * Throws {@link InvalidKeySpecException} if the key specified is invalid.
+     * Throws {@link InvalidCAException} or {@link ParseException} if the CA specified is invalid.
+     * REQUIRES: n / p / e must be either all null or all non-null containing RSA2048 module and exponents.
+     * If certificate is non-null, n / p / e must be non-null.
+     */
+    public CertificationAuthority(BigInteger n, BigInteger p, BigInteger e,
+                                  Certificate certificate,
+                                  List<Certificate> signed,
+                                  int serial,
+                                  List<RevokedCertificate> revoked,
+                                  List<Template> templates,
+                                  List<AuditLogEntry> logs)
+            throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidCAException, ParseException {
+        if (n != null) {
+            setKey(n, p, e);
+        }
+        if (certificate != null) {
+            validateCertificate(certificate);
+        }
+        this.certificate = certificate;
+        this.signed = new ArrayList<>(signed);
+        this.serial = serial;
+        this.revoked = new ArrayList<>(revoked);
+        this.templates = new ArrayList<>(templates);
+        this.logs = new ArrayList<>(logs);
+        this.user = "yuuta";
+    }
+
+    /**
+     * EFFECT: Init with a null key and null certificate, empty signed, revoked template, and log list,
+     * serial at SERIAL_DEFAULT, and user "yuuta".
      */
     public CertificationAuthority() {
         this.key = null;
         this.publicKey = null;
         this.certificate = null;
-        this.serial = 1;
+        this.serial = SERIAL_DEFAULT;
         this.signed = new ArrayList<>();
         this.revoked = new ArrayList<>();
         this.templates = new ArrayList<>();
@@ -111,17 +144,29 @@ public class CertificationAuthority {
     }
 
     /**
-     * EFFECTS: Load the RSA private and public exponents. This action will be logged.
+     * EFFECTS: Load the RSA private and public exponents.
      * Throws {@link NoSuchAlgorithmException} if RSA is not available on the platform.
      * Throws {@link InvalidKeySpecException} if the input is invalid.
      * REQUIRES: getPublicKey() is null (i.e., no private key had been installed)
      * MODIFIES: this
      */
-    public void loadKey(BigInteger n, BigInteger p, BigInteger e)
+    private void setKey(BigInteger n, BigInteger p, BigInteger e)
             throws NoSuchAlgorithmException, InvalidKeySpecException {
         this.key = (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new RSAPrivateKeySpec(n, p));
         this.publicKey =
                 (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(n, e));
+    }
+
+    /**
+     * EFFECTS: Load the RSA private and public exponents. This action will be logged.
+     * Throws {@link NoSuchAlgorithmException} if RSA is not available on the platform.
+     * Throws {@link InvalidKeySpecException} if the input is invalid.
+     * REQUIRES: getPublicKey() is null (i.e., no private key had been installed)
+     * MODIFIES: this
+     */
+    public void loadKey(BigInteger n, BigInteger p, BigInteger e)
+            throws NoSuchAlgorithmException, InvalidKeySpecException {
+        setKey(n, p, e);
         log("Installed CA private key.");
     }
 
@@ -184,6 +229,22 @@ public class CertificationAuthority {
         }
     }
 
+    /**
+     * EFFECT: Validate the CA certificate. Throws {@link InvalidCAException} if any of the
+     * following are violated:
+     * - It must be a v3 certificate
+     * - The new certificate must have the same algorithm and public key as getPublicKey()
+     * - It must have basicConstraints { cA = TRUE }
+     * - It must contain key usage Digital Signature, Certificate Sign, CRL Sign
+     * Throws {@link ParseException} if the cert has invalid extension values.
+     */
+    private void validateCertificate(Certificate certificate) throws InvalidCAException, ParseException {
+        validateCACertificateVersion(certificate);
+        validateCACertificatePublicKey(certificate);
+        validateCACertificateBasicConstraints(certificate);
+        validateCACertificateKeyUsage(certificate);
+    }
+
     /**
      * EFFECT: Install the CA certificate. Throws {@link InvalidCAException} if any of the
      * following are violated:
@@ -198,10 +259,7 @@ public class CertificationAuthority {
      * MODIFIES: this
      */
     public void installCertificate(Certificate certificate) throws InvalidCAException, ParseException {
-        validateCACertificateVersion(certificate);
-        validateCACertificatePublicKey(certificate);
-        validateCACertificateBasicConstraints(certificate);
-        validateCACertificateKeyUsage(certificate);
+        validateCertificate(certificate);
         this.certificate = certificate;
         log("CA certificate is installed.");
     }
@@ -477,4 +535,8 @@ public class CertificationAuthority {
     public RSAPublicKey getPublicKey() {
         return publicKey;
     }
+
+    public RSAPrivateKey getKey() {
+        return key;
+    }
 }
-- 
cgit v1.2.3