upgraded SKS/KeyGen2 scheme

cyberphone · Apr 7, 2019 · 0ae65c3 · 0ae65c3
1 parent f1a30f7
commit 0ae65c3
Show file tree

Hide file tree

Showing 71 changed files with 2,496 additions and 2,842 deletions.
diff --git a/json/build.xml b/json/build.xml
@@ -1,15 +1,17 @@
-<project name="JWS Clear-text Signature Demo" default="help">
+<project name="JSON Signature Format Demo" default="help">
 
   <!-- set properties for this build -->
   <property name="src.dir" value="src"/>
-  <property name="class_war_path" value="WEB-INF/classes/org/webpki/webapps/json/jws"/>
+  <property name="class_war_path" value="WEB-INF/classes/org/webpki/webapps/jsf"/>
 
-  <property name="appcorename" value="jws-ct"/>
+  <property name="appcorename" value="jsf"/>
   <property name="application" value="${appcorename}.war"/>
 
   <property name="keypassword" value="foo123"/>
   <property name="keyfilext" value=".p12"/>
   <property name="key.dir" location="keys"/>
+  <property name="dist.dir" value="location"/>
+  <property name="temp.dir" location=".tmp"/>
   <property name="logotype.dir" location="logotype"/>
 
   <property name="clientroot" value="mybank-clientroot"/>
@@ -18,30 +20,20 @@
 
   <property name="debug" value="on"/>
   <property environment="env"/>
-  <property name="third.party.lib.dir" location="../resources/third-party-jars"/>
+  <property name="bcprovider.lib.dir" location="../resources/third-party-jars"/>
   <property name="webpki.lib.dir" location="../library/dist"/>
   <property name="catalina.home" value="${env.CATALINA_HOME}"/>
+  <property name="bouncycastle" value="true"/>
+  <property name="javaversion" value="1.8"/>
 
   <property name="signature.dir" location="signature"/>
 
-	<resources id="jcs_application.xml">
-<string><![CDATA[    <!-- JWS Demo -->
-    <module>
-        <web>
-            <web-uri>${application}</web-uri>
-            <context-root>/${appcorename}</context-root>
-        </web>
-    </module>
-</application>]]></string>
-    </resources>
-  <property name="ejbca-app-xml-mod" refid="jcs_application.xml"/>
-
   <condition property="storetype" value="PKCS12" else="JKS">
     <matches pattern=".*\.p12$" string="${keyfilext}"/>
   </condition>
 
   <target name="help">
-      <echo message="build tomcat [-Djose=0] ejbca-jcs zip-distribution createcerts"/>
+      <echo message="build tomcat createcerts"/>
   </target>
 
   <target name="_init" unless="app_path">
@@ -53,14 +45,11 @@
 
   </target>
 
-  <target name="_delete_tmp" unless="${ejbca.tmp.path}">
+  <target name="build">
     <delete dir="${temp.dir}"/>
     <mkdir dir="${temp.dir}"/>
-  </target>
-
-  <target name="_build">
-    <property name="temp.dir" value=".tmp"/>
-    <antcall target="_delete_tmp"/>
+    <property name="zip.bcprovider.lib.dir" value="${bcprovider.lib.dir}"/>
+    <property name="zip.webpki.lib.dir" value="${webpki.lib.dir}"/>
     <fixcrlf srcdir="${src.dir}"
        tab="remove"
        tablength="4"
@@ -73,12 +62,19 @@
            target="${javaversion}"
            srcdir="${src.dir}"
            destdir="${temp.dir}"
-           classpath="${compile_classpath}"
-           includeAntRuntime="false"/>
+           includeAntRuntime="false">
+  		<classpath>
+  			 <fileset dir="${webpki.lib.dir}">
+  		        <include name="*.jar"/>
+  			 </fileset>
+  			 <fileset dir="${bcprovider.lib.dir}">
+  		        <include name="*.jar"/>
+  			 </fileset>
+  	    </classpath>
+    </javac>
     <property name="clientkey" value="${clientkey_rsa}"/>
-    <property name="bouncycastle.first" value="true"/>
     <replace file="${temp.dir}/web.xml">
-	  <replacefilter token="@bouncycastle-first@" value="${bouncycastle.first}"/>
+	  <replacefilter token="@bouncycastle-first@" value="${bouncycastle}"/>
 	  <replacefilter token="@key-password@" value="${keypassword}"/>
 	  <replacefilter token="@clientkey-rsa@" value="${clientkey_rsa}${keyfilext}"/>
 	  <replacefilter token="@clientkey-ec@" value="${clientkey_ec}${keyfilext}"/>
@@ -87,7 +83,7 @@
       <classes dir="${temp.dir}">
          <exclude name="web.xml"/>
       </classes>
-      <lib dir="${zip.third.party.lib.dir}">
+      <lib dir="${zip.bcprovider.lib.dir}">
          <include name="bcprov-*.jar"/>
       </lib>
       <lib dir="${zip.webpki.lib.dir}">
@@ -102,55 +98,10 @@
   </target>
 
   <target name="tomcat" depends="_init">
-    <!-- Set path to application.  -->
-    <property name="dist.dir" value="dist"/>
     <antcall target="build"/>
     <copy file="${dist.dir}/${application}" todir="${env.CATALINA_HOME}/webapps" overwrite="true" preservelastmodified="true"/>
   </target>
 
-  <!-- ejbca plugin -->
-  <target name="jcs-ejbca">
-     <echo message="JCS Demo Plugin"/>
-     <property name="zip.third.party.lib.dir" value="empty.lib"/>
-     <property name="zip.webpki.lib.dir" value="empty.lib"/>
-     <property name="dist.dir" value="${ejbca.gen.path}"/>
-     <path id="compile.classpath.ejbca">
-	    <fileset dir="${plugin.ejbca.ant.custom.enrollment_plugin_directory}/lib.common">
-           <include name="*.jar"/>
-        </fileset>
-        <pathelement path="${ejbca.classpath}"/>
-	 </path>
-     <property name="compile_classpath" refid="compile.classpath.ejbca"/>
-     <property name="temp.dir" value="${ejbca.tmp.path}"/>
-     <property name="bouncycastle.first" value="false"/>
-     <antcall target="_build">
-        <param name="javaversion" value="1.6"/>
-     </antcall>
-     <!-- Update application.xml -->
-     <replace file="${ejbca.app.xml}" value="${ejbca-app-xml-mod}">
-	    <replacetoken><![CDATA[</application>]]></replacetoken>
-     </replace>
-  </target>
-
-  <target name="build">
-    <!-- Set path to application.  -->
-    <property name="dist.dir" value="dist"/>
-    <property name="zip.third.party.lib.dir" value="${third.party.lib.dir}"/>
-    <property name="zip.webpki.lib.dir" value="${webpki.lib.dir}"/>
-    <path id="compile.classpath">
-	  <fileset dir="${webpki.lib.dir}">
-        <include name="*.jar"/>
-     </fileset>
-     <fileset dir="${third.party.lib.dir}">
-	    <include name="*.jar"/>
-      </fileset>
-	</path>
-	<property name="compile_classpath" refid="compile.classpath"/>
-    <antcall target="_build">
-       <param name="javaversion" value="1.8"/>
-    </antcall>
-  </target>
-
   <target name="_createcert">
   	<java fork="yes"
   		  classname="org.webpki.ca.CommandLineCA"
@@ -160,7 +111,7 @@
   			 <fileset dir="${webpki.lib.dir}">
   		        <include name="*.jar"/>
   			 </fileset>
-  			 <fileset dir="${third.party.lib.dir}">
+  			 <fileset dir="${bcprovider.lib.dir}">
   		        <include name="*.jar"/>
   			 </fileset>
   	    </classpath>
@@ -180,32 +131,4 @@
     </antcall>
   </target>
 
-  <target name="_unzipit" if="uu">
-    <delete dir="${dd}/${appcorename}"/>
-    <unzip src="${dd}/${appcorename}.zip" dest="${dd}"/>
-  </target>
-
-  <target name="zip-distribution">
-    <fail unless="dd" message="-&#10;
-***************************************************************&#10;
- You must define a distribution directory using the -D option:&#10;
- ant zip-distribution -Ddd=the_path_to_the_directory.&#10;
- Optionally you can specify -Duu=0 which deletes ${appcorename}&#10;
- and replaces the directory with the unzipped content&#10;
-***************************************************************&#10;"/>
-	<echo message="Producing ${appcorename} .zip and .zip.SHA1 files..."/> 
-   	<delete file="${dd}/${appcorename}.zip" failonerror="false"/>
-    <zip destfile="${dd}/${appcorename}.zip">
-      <zipfileset dir="." prefix="${appcorename}">
-       	<exclude name="/**/.*"/>
-        <exclude name="/.tmp/**"/>
-       	<exclude name="**/.settings/**"/>
-       	<exclude name="**/bin/**"/>
-       	<exclude name="dist/**"/>
-      </zipfileset>
-    </zip>
-    <checksum file="${dd}/${appcorename}.zip" fileext=".SHA1" algorithm="sha1" forceOverwrite="yes"/>
-    <antcall target="_unzipit"/>
-  </target>
-
 </project>
diff --git a/json/location/jsf.war b/json/location/jsf.war
diff --git a/...webapps/json/jws/AsymSignatureHelper.java → ...bpki/webapps/jsf/AsymSignatureHelper.java b/...webapps/json/jws/AsymSignatureHelper.java → ...bpki/webapps/jsf/AsymSignatureHelper.java
@@ -14,7 +14,7 @@
  *  limitations under the License.
  *
  */
-package org.webpki.webapps.json.jws;
+package org.webpki.webapps.jsf;
 
 import java.io.IOException;
 
@@ -30,7 +30,7 @@
 public class AsymSignatureHelper extends KeyStoreSigner implements  AsymKeySignerInterface {
     AsymSignatureHelper(KeyStore signer_keystore) throws IOException {
         super(signer_keystore, null);
-        setKey(null, JWSService.key_password);
+        setKey(null, JSFService.key_password);
     }
 
     @Override

diff --git a/...ebpki/webapps/json/jws/CreateServlet.java → ...org/webpki/webapps/jsf/CreateServlet.java b/...ebpki/webapps/json/jws/CreateServlet.java → ...org/webpki/webapps/jsf/CreateServlet.java
@@ -14,7 +14,7 @@
  *  limitations under the License.
  *
  */
-package org.webpki.webapps.json.jws;
+package org.webpki.webapps.jsf;
 
 import java.io.IOException;
 

diff --git a/...i/webapps/json/jws/GenerateSignature.java → ...webpki/webapps/jsf/GenerateSignature.java b/...i/webapps/json/jws/GenerateSignature.java → ...webpki/webapps/jsf/GenerateSignature.java
@@ -14,7 +14,7 @@
  *  limitations under the License.
  *
  */
-package org.webpki.webapps.json.jws;
+package org.webpki.webapps.jsf;
 
 import java.io.IOException;
 
@@ -80,12 +80,12 @@ public boolean verifyData(byte[] data, byte[] digest, MACAlgorithms algorithm, S
 
     byte[] sign(JSONObjectWriter wr) throws IOException {
         if (action == ACTION.X509) {
-            wr.setSignature(new JSONX509Signer(JWSService.clientkey_rsa.setExtendedCertPath(true)));
+            wr.setSignature(new JSONX509Signer(JSFService.clientkey_rsa.setExtendedCertPath(true)));
         } else if (action == ACTION.SYM) {
             wr.setSignature(new JSONSymKeySigner(new SymmetricOperations()).setKeyId(KEY_NAME));
         } else {
             wr.setSignature(new JSONAsymKeySigner(action == ACTION.RSA ? 
-                    JWSService.clientkey_rsa : JWSService.clientkey_ec).setOutputPublicKeyInfo(keyInlining));
+                    JSFService.clientkey_rsa : JSFService.clientkey_ec).setOutputPublicKeyInfo(keyInlining));
         }
         return wr.serializeToBytes(JSONOutputFormats.PRETTY_PRINT);
     }

diff --git a/...src/org/webpki/webapps/json/jws/HTML.java → json/src/org/webpki/webapps/jsf/HTML.java b/...src/org/webpki/webapps/json/jws/HTML.java → json/src/org/webpki/webapps/jsf/HTML.java
@@ -14,16 +14,18 @@
  *  limitations under the License.
  *
  */
-package org.webpki.webapps.json.jws;
+package org.webpki.webapps.jsf;
 
 import java.io.IOException;
 
 import javax.servlet.ServletException;
+
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.webpki.crypto.AlgorithmPreferences;
 import org.webpki.crypto.AsymSignatureAlgorithms;
+
 import org.webpki.json.JSONCryptoHelper;
 import org.webpki.json.JSONObjectWriter;
 
@@ -47,7 +49,7 @@ public class HTML {
     static final String HTML_INIT = "<!DOCTYPE html>"
         + "<html><head><link rel=\"icon\" href=\"webpkiorg.png\" sizes=\"192x192\">"
         + "<meta name=\"viewport\" content=\"initial-scale=1.0\"/>"
-        + "<title>JSON Signature Demo</title>"
+        + "<title>JSON Signature Format - Demo</title>"
         + "<style type=\"text/css\">html {overflow:auto} html, body {margin:0px;padding:0px;height:100%} "
         + "body {font-size:8pt;color:#000000;font-family:verdana,arial;background-color:white} "
         + "h2 {font-weight:bold;font-size:12pt;color:#000000;font-family:arial,verdana,helvetica} "
@@ -122,7 +124,7 @@ static String getHTML(String javascript, String bodyscript, String box) {
                 "><div style=\"cursor:pointer;padding:2pt 0 0 0;position:absolute;top:15pt;left:15pt;z-index:5;visibility:visible;width:100pt;"
         + "height:47pt;border-width:1px;border-style:solid;border-color:black;box-shadow:3pt 3pt 3pt #D0D0D0\""
         + " onclick=\"document.location.href='https://github.com/cyberphone'\" title=\"Home of WebPKI.org\">")
-                .append(JWSService.logotype)
+                .append(JSFService.logotype)
                 .append("</div><table cellapdding=\"0\" cellspacing=\"0\" width=\"100%\" height=\"100%\">")
                 .append(box).append("</table></body></html>");
         return s.toString();
@@ -168,21 +170,18 @@ public static void homePage(HttpServletResponse response, String baseurl)
         + "<tr><td align=\"center\" style=\"font-weight:bolder;font-size:10pt;font-family:arial,verdana\">JSON Clear Text Signature<br>&nbsp;</td></tr>"
         + "<tr><td align=\"left\"><a href=\""
         + baseurl
-        + "/verify\">Verify a JWS-CT on the server</a></td></tr>"
+        + "/verify\">Verify a JSF on the server</a></td></tr>"
         + "<tr><td>&nbsp;</td></tr>"
         + "<tr><td align=\"left\"><a href=\""
         + baseurl
-        + "/create\">Create a JWS-CT on the server</a></td></tr>"
+        + "/create\">Create a JSF on the server</a></td></tr>"
         + "<tr><td>&nbsp;</td></tr>"
         + "<tr><td align=\"left\"><a href=\""
         + baseurl
-        + "/webcrypto\">Create a JWS-CT using WebCrypto</a></td></tr>"
+        + "/webcrypto\">Create a JSF using WebCrypto</a></td></tr>"
         + "<tr><td>&nbsp;</td></tr>"
-        + "<tr><td align=\"center\" colspan=\"2\"><b>JOSE Mode</b>=" +
-        JWSService.joseMode 
-        + "</td></tr>"
         + "<tr><td>&nbsp;</td></tr>"
-        + "<tr><td align=\"left\"><a target=\"_blank\" href=\"https://cyberphone.github.io/doc/security/jose-jcs.html\">JWS-CT Documentation</a></td></tr>"
+        + "<tr><td align=\"left\"><a target=\"_blank\" href=\"https://cyberphone.github.io/doc/security/jose-jcs.html\">JSF Documentation</a></td></tr>"
         + "</table></td></tr>"));
     }
 

diff --git a/.../webpki/webapps/json/jws/HomeServlet.java → ...c/org/webpki/webapps/jsf/HomeServlet.java b/.../webpki/webapps/json/jws/HomeServlet.java → ...c/org/webpki/webapps/jsf/HomeServlet.java
@@ -14,7 +14,7 @@
  *  limitations under the License.
  *
  */
-package org.webpki.webapps.json.jws;
+package org.webpki.webapps.jsf;
 
 import java.io.IOException;
 

diff --git a/...g/webpki/webapps/json/jws/JWSService.java → ...rc/org/webpki/webapps/jsf/JSFService.java b/...g/webpki/webapps/json/jws/JWSService.java → ...rc/org/webpki/webapps/jsf/JSFService.java
@@ -14,7 +14,7 @@
  *  limitations under the License.
  *
  */
-package org.webpki.webapps.json.jws;
+package org.webpki.webapps.jsf;
 
 import java.io.IOException;
 import java.io.InputStream;
@@ -32,9 +32,9 @@
 
 import org.webpki.webutil.InitPropertyReader;
 
-public class JWSService extends InitPropertyReader implements
-        ServletContextListener {
-    static Logger logger = Logger.getLogger(JWSService.class.getName());
+public class JSFService extends InitPropertyReader implements  ServletContextListener {
+
+    static Logger logger = Logger.getLogger(JSFService.class.getName());
 
     static String key_password;
 
@@ -46,8 +46,6 @@ public class JWSService extends InitPropertyReader implements
 
     static String testSignature;
 
-    static boolean joseMode;
-
     InputStream getResource(String name) throws IOException {
         InputStream is = this.getClass().getResourceAsStream(name);
         if (is == null) {
@@ -84,8 +82,9 @@ public void contextInitialized(ServletContextEvent event) {
             // //////////////////////////////////////////////////////////////////////////////////////////
             // Keys
             // //////////////////////////////////////////////////////////////////////////////////////////
-            CustomCryptoProvider
-                    .forcedLoad(getPropertyBoolean("bouncycastle_first"));
+            if (!getPropertyString("bouncycastle_first").isEmpty()) {
+                CustomCryptoProvider.forcedLoad(true);
+            }
             key_password = getPropertyString("key_password");
             clientkey_rsa = new AsymSignatureHelper(KeyStoreReader.loadKeyStore(
                     getResource(getPropertyString("clientkey_rsa")),
@@ -94,7 +93,7 @@ public void contextInitialized(ServletContextEvent event) {
                     getResource(getPropertyString("clientkey_ec")),
                     key_password));
 
-            logger.info("JWS-CT Demo Successfully Initiated");
+            logger.info("JSF Demo Successfully Initiated");
         } catch (Exception e) {
             logger.log(Level.SEVERE, "********\n" + e.getMessage()
                     + "\n********", e);

diff --git a/.../json/jws/JavaScriptSignatureServlet.java → ...bapps/jsf/JavaScriptSignatureServlet.java b/.../json/jws/JavaScriptSignatureServlet.java → ...bapps/jsf/JavaScriptSignatureServlet.java
@@ -14,7 +14,7 @@
  *  limitations under the License.
  *
  */
-package org.webpki.webapps.json.jws;
+package org.webpki.webapps.jsf;
 
 import java.io.IOException;
 

diff --git a/.../webapps/json/jws/NoWebCryptoServlet.java → ...ebpki/webapps/jsf/NoWebCryptoServlet.java b/.../webapps/json/jws/NoWebCryptoServlet.java → ...ebpki/webapps/jsf/NoWebCryptoServlet.java
@@ -14,7 +14,7 @@
  *  limitations under the License.
  *
  */
-package org.webpki.webapps.json.jws;
+package org.webpki.webapps.jsf;
 
 import java.io.IOException;