diff options
Diffstat (limited to 'bin/caservicecontainer/CaSignMultiThread.java')
-rwxr-xr-x | bin/caservicecontainer/CaSignMultiThread.java | 308 |
1 files changed, 308 insertions, 0 deletions
diff --git a/bin/caservicecontainer/CaSignMultiThread.java b/bin/caservicecontainer/CaSignMultiThread.java new file mode 100755 index 0000000..93be446 --- /dev/null +++ b/bin/caservicecontainer/CaSignMultiThread.java @@ -0,0 +1,308 @@ +/* + * Copyright 2018 Intel Corporation, Inc + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +import java.security.*; +import sun.security.pkcs11.*; +import javax.crypto.spec.SecretKeySpec; +import java.util.*; +import sun.security.pkcs11.*; +import java.security.interfaces.*; +import javax.net.ssl.*; +import javax.crypto.spec.*; +import java.io.*; +import java.security.cert.*; +import java.security.spec.*; +import sun.security.x509.*; +import java.security.KeyStore.PrivateKeyEntry; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.math.BigInteger; +import java.security.InvalidKeyException; +import java.security.Key; +import java.security.KeyManagementException; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.SecureRandom; +import java.security.Security; +import java.security.SignatureException; +import java.security.UnrecoverableKeyException; +import java.security.cert.Certificate; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; +import java.util.Date; +import java.util.Random; + +import org.bouncycastle.pkcs.PKCS10CertificationRequest; +import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1InputStream; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.DERSequence; +import org.bouncycastle.asn1.x500.X500Name; +import org.bouncycastle.asn1.x500.X500NameBuilder; +import org.bouncycastle.asn1.x500.style.BCStyle; +import org.bouncycastle.asn1.x509.BasicConstraints; +import org.bouncycastle.asn1.x509.Extension; +import org.bouncycastle.asn1.x509.KeyPurposeId; +import org.bouncycastle.asn1.x509.KeyUsage; +import org.bouncycastle.asn1.x509.SubjectKeyIdentifier; +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; +import org.bouncycastle.cert.CertIOException; +import org.bouncycastle.cert.X509CertificateHolder; +import org.bouncycastle.cert.X509v3CertificateBuilder; +import org.bouncycastle.cert.bc.BcX509ExtensionUtils; +import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; +import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.bouncycastle.operator.ContentSigner; +import org.bouncycastle.operator.OperatorCreationException; +import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; +import org.bouncycastle.util.io.pem.PemReader; +import org.bouncycastle.util.io.pem.PemObject; +import org.bouncycastle.asn1.pkcs.CertificationRequest; +import org.bouncycastle.asn1.x509.ExtendedKeyUsage; +import org.bouncycastle.asn1.x509.Extension; +import org.bouncycastle.asn1.x509.GeneralName; +import org.bouncycastle.asn1.x509.GeneralNames; +import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils; + +import javax.xml.bind.DatatypeConverter; +import java.security.cert.X509Certificate; +import java.io.StringWriter; + +import java.nio.file.Files; +import java.nio.file.Path; +import java.nio.file.Paths; +import static java.nio.file.StandardCopyOption.*; + +class ThreadDemo extends Thread { + private String threadName; + private PrivateKey key; + private X509Certificate caCert; + + ThreadDemo( String name, PrivateKey privateKey, X509Certificate cacert) { + threadName = name; + key = privateKey; + caCert = cacert; + } + + public static final KeyPurposeId[] ASN_WebUsage = new KeyPurposeId[] { + KeyPurposeId.id_kp_serverAuth, + KeyPurposeId.id_kp_clientAuth}; + + public void run() { + + System.out.println("Running " + threadName); + try { + String threadname = threadName+".csr"; + System.out.println(threadName); + File csrf = new File(threadname); + Reader pemcsr = new FileReader(csrf); + PemReader reader = new PemReader(pemcsr); + PemObject pem = reader.readPemObject(); + PKCS10CertificationRequest csr = new PKCS10CertificationRequest(pem.getContent()); + + X500NameBuilder x500NameBld = new X500NameBuilder(BCStyle.INSTANCE); + x500NameBld.addRDN(BCStyle.C, "US"); + x500NameBld.addRDN(BCStyle.ST, "CA"); + x500NameBld.addRDN(BCStyle.L, "local"); + x500NameBld.addRDN(BCStyle.O, "onap"); + x500NameBld.addRDN(BCStyle.CN, "test.onap.ca"); + X500Name issuer = x500NameBld.build(); + + GregorianCalendar gc = new GregorianCalendar(); + Date start = gc.getTime(); + gc.add(GregorianCalendar.DAY_OF_MONTH, 1000); + Date end = gc.getTime(); + + X509Certificate x509; + byte[] serialish = new byte[24]; + SecureRandom random = new SecureRandom(); + BigInteger bi; + bi = new BigInteger(serialish); + X509v3CertificateBuilder xcb = new X509v3CertificateBuilder(issuer, bi, + start, end, csr.getSubject(), csr.getSubjectPublicKeyInfo()); + + JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils(); + xcb.addExtension(Extension.basicConstraints, + false, new BasicConstraints(false)) + .addExtension(Extension.keyUsage, + true, new KeyUsage(KeyUsage.digitalSignature + | KeyUsage.keyEncipherment)) + .addExtension(Extension.extendedKeyUsage, + true, new ExtendedKeyUsage(ASN_WebUsage)) + + .addExtension(Extension.authorityKeyIdentifier, + false, extUtils.createAuthorityKeyIdentifier(caCert)) + .addExtension(Extension.subjectKeyIdentifier, + false, extUtils.createSubjectKeyIdentifier(caCert.getPublicKey())); + + ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSA").build(key); + + x509 = new JcaX509CertificateConverter().getCertificate(xcb.build(sigGen)); + StringWriter sw = new StringWriter(); + sw.write("-----BEGIN CERTIFICATE-----\n"); + sw.write(DatatypeConverter.printBase64Binary(x509.getEncoded()).replaceAll("(.{64})", "$1\n")); + sw.write("\n-----END CERTIFICATE-----\n"); + FileWriter fw = new FileWriter(threadName +".cert"); + fw.write(sw.toString()); + fw.close(); + + System.out.println("Done - Signed certificate is "+ threadName +".cert"); + System.out.println("Thread: " + threadName); + } + catch (Exception e) { + System.out.println("Thread " + threadName + " interrupted."); + e.printStackTrace(); + System.exit(-1); + } + System.out.println("Thread " + threadName + " exiting." + " upon Successful completion"); + } +} + +public class CaSignMultiThread { + + public static void main(String[] args) throws Exception { + + if ( args.length < 2 ) + System.out.println("Arguments mismatch, Usage: CaSign <pin> <alias>"); + for(int i = 0; i < args.length; i++) { + System.out.println(args[i]); + } + // Set up the Sun PKCS 11 provider + String configName = "pkcs11.cfg"; + Provider p = new SunPKCS11(configName); + //Provider p = Security.getProvider("SunPKCS11-pkcs11Test"); + if (p==null) { + throw new RuntimeException("could not get security provider for"); + } + Security.addProvider(p); + // Load the key store + char[] pin = args[0].toCharArray(); + KeyStore keyStore = KeyStore.getInstance("PKCS11", p); + keyStore.load(null, pin); + + Enumeration<String> aliases = keyStore.aliases(); + while(aliases.hasMoreElements()){ + String alias = aliases.nextElement(); + System.out.println(alias + ": " + keyStore.getKey(alias,args[0].toCharArray())); + } + PrivateKeyEntry privateKeyEntry = (PrivateKeyEntry) keyStore.getEntry(args[1], null); + PrivateKey privateKey = privateKeyEntry.getPrivateKey(); + + X509Certificate caCert = (X509Certificate) privateKeyEntry.getCertificate(); + RSAPublicKey publicKey = (RSAPublicKey) caCert.getPublicKey(); + + Security.addProvider(new BouncyCastleProvider()); + + // Set the number of thread that application need to create + int threadCount = 9; + ThreadDemo[] T = new ThreadDemo[threadCount]; + + for (int i = 0; i<threadCount; i++) { + + String command0 = "./gencsr.sh "+ i; + System.out.println(command0); + try { + Process p0 = Runtime.getRuntime().exec(command0); + BufferedReader stdInput = new BufferedReader(new + InputStreamReader(p0.getInputStream())); + BufferedReader stdError = new BufferedReader(new + InputStreamReader(p0.getErrorStream())); + } catch (IOException e) { + System.out.println("The Error is : "); + e.printStackTrace(); + } + } + + String command1 = "chmod 777 *.csr"; + System.out.println(command1); + try { + Process p1 = Runtime.getRuntime().exec(command1); + BufferedReader stdInput = new BufferedReader(new + InputStreamReader(p1.getInputStream())); + BufferedReader stdError = new BufferedReader(new + InputStreamReader(p1.getErrorStream())); + } catch (IOException e) { + System.out.println("The Error is : "); + e.printStackTrace(); + } + + for (int i = 0; i<threadCount; i++) { + + T[i] = new ThreadDemo("Thread" + Integer.toString(i), privateKey, caCert); + T[i].start(); + System.out.println("THe threads are started with execution"); + } + + int count = Thread.activeCount(); + System.out.println("-------------currently active threads = " + count); + + for (int i = 0; i<threadCount; i++) { + T[i].join(); + System.out.println("The Threads are being joined"); + } + + String command2 = "chmod 777 *.cert"; + System.out.println(command2); + try { + + Process p2 = Runtime.getRuntime().exec(command2); + BufferedReader stdInput = new BufferedReader(new + InputStreamReader(p2.getInputStream())); + BufferedReader stdError = new BufferedReader(new + InputStreamReader(p2.getErrorStream())); + } + catch (IOException e) { + System.out.println("The Error is : "); + e.printStackTrace(); + } + + for (int i = 0; i<threadCount; i++) { + + String command3 = "openssl verify -verbose -CAfile ca.cert " + "Thread" + Integer.toString(i) + ".cert"; + try { + Process p3 = Runtime.getRuntime().exec(command3); + + BufferedReader stdInput = new BufferedReader(new + InputStreamReader(p3.getInputStream())); + + BufferedReader stdError = new BufferedReader(new + InputStreamReader(p3.getErrorStream())); + + // read the output from the command + while ((command3 = stdInput.readLine()) != null) { + System.out.println(command3); + } + // read any errors from the attempted command + while ((command3 = stdError.readLine()) != null) { + System.out.println(command3); + System.out.println("Here is the standard error of the command (if any):\n"); + } + } catch (IOException e) { + System.out.println("The exception is "); + e.printStackTrace(); + } + } + } +} + |