package at.acdp.opcur; /* ======================================================================== * Copyright (c) 2005-2015 The OPC Foundation, Inc. All rights reserved. * * OPC Foundation MIT License 1.00 * * Permission is hereby granted, free of charge, to any person * obtaining a copy of this software and associated documentation * files (the "Software"), to deal in the Software without * restriction, including without limitation the rights to use, * copy, modify, merge, publish, distribute, sublicense, and/or sell * copies of the Software, and to permit persons to whom the * Software is furnished to do so, subject to the following * conditions: * * The above copyright notice and this permission notice shall be * included in all copies or substantial portions of the Software. * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR * OTHER DEALINGS IN THE SOFTWARE. * * The complete license agreement can be found here: * http://opcfoundation.org/License/MIT/1.00/ * ======================================================================*/ import java.io.File; import java.io.IOException; import java.io.InputStream; import java.net.InetAddress; import java.security.InvalidAlgorithmParameterException; import java.security.InvalidKeyException; import java.security.Key; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.UnrecoverableKeyException; import java.security.cert.Certificate; import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.security.interfaces.RSAPrivateKey; import java.security.spec.InvalidKeySpecException; import java.security.spec.InvalidParameterSpecException; import javax.crypto.BadPaddingException; import javax.crypto.IllegalBlockSizeException; import javax.crypto.NoSuchPaddingException; import org.opcfoundation.ua.common.ServiceResultException; import org.opcfoundation.ua.transport.security.Cert; import org.opcfoundation.ua.transport.security.KeyPair; import org.opcfoundation.ua.transport.security.PrivKey; import org.opcfoundation.ua.utils.CertificateUtils; import org.opcfoundation.ua.utils.CryptoUtil; /** * Keys for examples * Keystore.p12 contains 20 RSA keypairs with the following aliases * * alias dname * * server_8192 CN=server * server_4096 CN=server * server_2048 CN=server * server_1024 CN=server * server_512 CN=server * * client_8192 CN=client * client_4096 CN=client * client_2048 CN=client * client_1024 CN=client * client_512 CN=client * * https_server_8192 CN=https_server * https_server_4096 CN=https_server * https_server_2048 CN=https_server * https_server_1024 CN=https_server * https_server_512 CN=https_server * * https_client_8192 CN=https_client * https_client_4096 CN=https_client * https_client_2048 CN=https_client * https_client_1024 CN=https_client * https_client_512 CN=https_client * * Keystore password is "password". * Private key passwords are "password". * */ public class ExampleKeys { /** * Load file certificate and private key from applicationName.der & .pfx - or create ones if they do not exist * @return the KeyPair composed of the certificate and private key * @throws ServiceResultException */ public static KeyPair getCert(String applicationName) throws ServiceResultException { File certFile = new File(applicationName + ".der"); File privKeyFile = new File(applicationName+ ".pem"); try { Cert myCertificate = Cert.load( certFile ); PrivKey myPrivateKey = PrivKey.load( privKeyFile); return new KeyPair(myCertificate, myPrivateKey); } catch (CertificateException e) { throw new ServiceResultException( e ); } catch (IOException e) { try { String hostName = InetAddress.getLocalHost().getHostName(); String applicationUri = "urn:"+hostName+":"+applicationName; KeyPair keys = CertificateUtils.createApplicationInstanceCertificate(applicationName, null, applicationUri, 3650, hostName); keys.getCertificate().save(certFile); keys.getPrivateKey().save(privKeyFile); return keys; } catch (Exception e1) { throw new ServiceResultException( e1 ); } } catch (NoSuchAlgorithmException e) { throw new ServiceResultException( e ); } catch (InvalidKeySpecException e) { throw new ServiceResultException( e ); } } /** * Load CA certificate and private key from SampleCA.der & .pfx - or create ones if they do not exist * @return the KeyPair composed of the certificate and private key * @throws ServiceResultException */ public static KeyPair getCACert() throws ServiceResultException { File certFile = new File("SampleCA.der"); File privKeyFile = new File("SampleCA.pem"); try { Cert myCertificate = Cert.load( certFile ); PrivKey myPrivateKey = PrivKey.load( privKeyFile); return new KeyPair(myCertificate, myPrivateKey); } catch (CertificateException e) { throw new ServiceResultException( e ); } catch (IOException e) { try { KeyPair keys = CertificateUtils.createIssuerCertificate("SampleCA", 3650, null); keys.getCertificate().save(certFile); keys.getPrivateKey().save(privKeyFile); return keys; } catch (Exception e1) { throw new ServiceResultException( e1 ); } } catch (NoSuchAlgorithmException e) { throw new ServiceResultException( e ); } catch (InvalidKeySpecException e) { throw new ServiceResultException( e ); } } /** * Load file certificate and private key from applicationName.der & .pfx - or create ones if they do not exist * @param applicationName * @return the KeyPair composed of the certificate and private key * @throws ServiceResultException */ public static KeyPair getHttpsCert(String applicationName) throws ServiceResultException { File certFile = new File(applicationName + "_https.der"); File privKeyFile = new File(applicationName+ "_https.pem"); try { Cert myCertificate = Cert.load( certFile ); PrivKey myPrivateKey = PrivKey.load( privKeyFile); return new KeyPair(myCertificate, myPrivateKey); } catch (CertificateException e) { throw new ServiceResultException( e ); } catch (IOException e) { try { KeyPair caCert = getCACert(); String hostName = InetAddress.getLocalHost().getHostName(); String applicationUri = "urn:"+hostName+":"+applicationName; KeyPair keys = CertificateUtils.createHttpsCertificate(hostName, applicationUri, 3650, caCert); keys.getCertificate().save(certFile); keys.getPrivateKey().save(privKeyFile); return keys; } catch (Exception e1) { throw new ServiceResultException( e1 ); } } catch (NoSuchAlgorithmException e) { throw new ServiceResultException( e ); } catch (InvalidKeySpecException e) { throw new ServiceResultException( e ); } } /** * Open keypair from keystore.p12 used in some of these examples. * * Usable aliases are : "server", "client", "https_server", "https_client" * Usable keysizes are : 8192, 4096, 2048, 1024 * * @param alias * @param keysize * @return * @throws KeyStoreException * @throws IOException * @throws CertificateException * @throws NoSuchAlgorithmException * @throws UnrecoverableKeyException */ // public static KeyPair getKeyPair(String alias, int keysize) throws ServiceResultException { // try { // Certificate cert = ks.getCertificate(alias+"_"+keysize); // Key key = ks.getKey(alias+"_"+keysize, "password".toCharArray()); // KeyPair pair = new KeyPair( new Cert( (X509Certificate) cert ), new PrivKey( (RSAPrivateKey) key ) ); // return pair; // } catch (KeyStoreException e) { // throw new ServiceResultException( e ); // } catch (UnrecoverableKeyException e) { // throw new ServiceResultException( e ); // } catch (NoSuchAlgorithmException e) { // throw new ServiceResultException( e ); // } catch (CertificateEncodingException e) { // throw new ServiceResultException( e ); // } // } //static KeyStore ks; // static { // try { // ks = KeyStore.getInstance("pkcs12"); // InputStream is = ExampleKeys.class.getResourceAsStream("keystore.p12"); // try { // ks.load( is, "password".toCharArray() ); // } catch (NoSuchAlgorithmException e) { // throw new RuntimeException(e); // } catch (CertificateException e) { // throw new RuntimeException(e); // } catch (IOException e) { // throw new RuntimeException(e); // } finally { // try { // is.close(); // } catch (IOException e) { // } // } // } catch (KeyStoreException e) { // throw new RuntimeException(e); // } // } }