package net.curisit.securis; import java.io.File; import java.io.IOException; import java.io.UnsupportedEncodingException; import java.security.InvalidKeyException; import java.security.KeyFactory; import java.security.KeyPair; import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; import java.security.PublicKey; import java.security.Signature; import java.security.SignatureException; import java.security.spec.InvalidKeySpecException; import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.X509EncodedKeySpec; import java.util.Date; import java.util.HashMap; import java.util.Map; import net.curisit.securis.beans.LicenseBean; import net.curisit.securis.beans.RequestBean; import net.curisit.securis.beans.SignedLicenseBean; import net.curisit.securis.utils.JsonUtils; import net.curisit.securis.utils.Params; import org.apache.commons.io.FileUtils; import org.apache.commons.net.util.Base64; import org.apache.log4j.xml.DOMConfigurator; import org.slf4j.Logger; import org.slf4j.LoggerFactory; //import net.curisit.common.ui.Dialogs; /** * digital Signature utilities * * @author roberto */ public class SignatureHelper { private static final Logger log = LoggerFactory.getLogger(SignatureHelper.class); private static String AUX = "hEDhryRjs2QRE"; private static SignatureHelper singleton = new SignatureHelper(); private static final String DEFAULT_ALGORITHM = "RSA"; protected static final String SIGNATURE_GENERATION_ALGORITHM = "SHA256withRSA"; private SignatureHelper() { } public static SignatureHelper getInstance() { return singleton; } protected void prepareSignature(Signature signature, LicenseBean licBean) throws SeCurisException { try { log.info("JSON: {}", JsonUtils.toJSON(licBean)); signature.update(JsonUtils.toJSON(licBean).getBytes("utf-8")); signature.update(AUX.getBytes("utf-8")); } catch (SignatureException | UnsupportedEncodingException e) { throw new SeCurisException("Error generating or validating signature", e); } } public void validateSignature(LicenseBean licBean) throws SeCurisException { Signature signature; try { signature = Signature.getInstance(SIGNATURE_GENERATION_ALGORITHM); signature.initVerify(generatePublicKey()); prepareSignature(signature, licBean); if (signature.verify(Base64.decodeBase64(licBean.getSignature()))) return; } catch (NoSuchAlgorithmException e) { log.error("Error validating license for " + licBean, e); } catch (InvalidKeyException e) { log.error("Error validating license for " + licBean, e); } catch (InvalidKeySpecException e) { log.error("Error validating license for " + licBean, e); } catch (IOException e) { log.error("Error validating license for " + licBean, e); } catch (SignatureException e) { log.error("Error validating license for " + licBean, e); } throw new SeCurisException("License could not be validated"); } private PublicKey generatePublicKey() throws NoSuchAlgorithmException, InvalidKeySpecException, IOException { return generatePublicKey(new File(Params.get(Params.KEYS.PUBLIC_KEY_FILE, System.getenv("SECURIS_PUBLIC_KEY_FILE")))); } private PublicKey generatePublicKey(File publicKeyFile) throws NoSuchAlgorithmException, InvalidKeySpecException, IOException { String pubKeyBase64 = FileUtils.readFileToString(publicKeyFile); int from = pubKeyBase64.indexOf('\n'); int to = pubKeyBase64.indexOf("-----END", from); pubKeyBase64 = pubKeyBase64.substring(from, to); KeyFactory keyFactory = KeyFactory.getInstance(DEFAULT_ALGORITHM); X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(Base64.decodeBase64(pubKeyBase64)); PublicKey publicKey = keyFactory.generatePublic(publicKeySpec); log.info("Public key read sucessfully from file: {}", publicKeyFile.getAbsolutePath()); return publicKey; } protected PrivateKey generatePrivateKey(File privateKeyFile) throws NoSuchAlgorithmException, InvalidKeySpecException, IOException { String privKeyBase64 = FileUtils.readFileToString(privateKeyFile); int from = privKeyBase64.indexOf('\n'); int to = privKeyBase64.indexOf("-----END", from); privKeyBase64 = privKeyBase64.substring(from, to); KeyFactory keyFactory = KeyFactory.getInstance(DEFAULT_ALGORITHM); PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec(Base64.decodeBase64(privKeyBase64)); PrivateKey privateKey = keyFactory.generatePrivate(privateKeySpec); return privateKey; } private KeyPair generateKeyPair(File privateKeyFile, File publicKeyFile) throws NoSuchAlgorithmException, InvalidKeySpecException, IOException { PublicKey publicKey = generatePublicKey(publicKeyFile); PrivateKey privateKey = generatePrivateKey(privateKeyFile); KeyPair kp = new KeyPair(publicKey, privateKey); return kp; } public static void main(String[] args) throws SeCurisException { // org.apache.log4j.Logger.getRootLogger().addAppender(new Appender); DOMConfigurator.configure("/Users/cproberto/Documents/wsCurisIT/SeCurisClient/src/main/resources/log4j.xml"); RequestBean req = ReqGenerator.getInstance().createRequest("CI", "Roberto"); LicenseGenerator lg = LicenseGenerator.getInstance(); Map metadata = new HashMap<>(); metadata.put("maxUsers", 14); metadata.put("timeThreshold", 5000); metadata.put("123", 5000); metadata.put("Basdads", 5000); metadata.put("aasdads", 5000); metadata.put("maxInstances", 50); LicenseBean lic = lg.generateLicense(req, metadata, new Date(new Date().getTime() + 24 * 3600 * 1000 * 10), "LIC-TEST-001"); System.out.println(JsonUtils.toJSON(lic, true)); System.out.println(JsonUtils.toJSON(new SignedLicenseBean(lic), true)); } static { byte[] s = new byte[] { 64, -31, -81, 36, 99, -77, 100, 17, 16, -119, 31, 72, 123, -88, -32, 51, 39, -96, -35, 116, -65, 8, 41, -119, -108, -34, 41, 19, 26, -102, -16, -120, -96, 1, -5, -26, -13, 61, -121, 94, 59, 54, 110, 110, -55, 127, -106 }; AUX = Base64.encodeBase64String(s); } }