Package org.openmuc.jship.node

Class KeyManagement

  • public class KeyManagement
extends java.lang.Object
    everything related to key management and key encryption

    • Field Detail

      • log

        protected static final org.slf4j.Logger log

    • Constructor Detail

      • KeyManagement

        public KeyManagement​(java.nio.file.Path pathToKeyStore,
                     java.lang.String keystoreFileName,
                     char[] passphrase,
                     java.lang.String dn,
                     int days)
        creates a new key pair and certificate and stores it in the specified path
        Parameters:
        pathToKeyStore - path where the key store exists or should be created
        keystoreFileName - key store file name without file extension
        passphrase - passphrase for the key store
        dn - X.509 Distinguished Name, eg "CN=TEst, L=London, C=GB". For IoT devices, usually the DeviceID
        days - how many days the certificate should be valid for

      • KeyManagement

        public KeyManagement​(char[] passphrase,
                     java.lang.String dn,
                     int days)
        creates a new key pair and certificate based on the generated key pair and stores it in a keystore
        Parameters:
        passphrase - passphrase for the key store
        dn - the X.509 Distinguished Name, eg "CN=Test, L=London, C=GB". For IoT devices, usually the DeviceID
        days - how many days the Certificate is valid for

    • Method Detail

      • generateSki

        public static org.bouncycastle.asn1.x509.SubjectKeyIdentifier generateSki​(java.security.PublicKey publicKey)

      • parseSkiToString

        public static java.lang.String parseSkiToString​(org.bouncycastle.asn1.x509.SubjectKeyIdentifier ski)
        returns the hex string that represents the SKI value
        Returns:
        SKI value as hex string in lower case

      • isValidSki

        public static boolean isValidSki​(java.lang.String ski)
        checks if a given string represents a valid SKI. Note that this method removes whitespaces prior to checking
        Parameters:
        ski - the string to check
        Returns:
        true if the string only uses hex digits and has a length of exactly 40

      • addBCProvider

        public static void addBCProvider()
        adds provider only if it's not already in the JVM

      • addTrustedSki

        public static void addTrustedSki​(java.lang.String ski,
                                 java.lang.Integer trustLevel)

      • setTrustedSkiAuthenticated

        public static void setTrustedSkiAuthenticated​(java.lang.String ski)

      • removeTrustedSki

        public static boolean removeTrustedSki​(java.lang.String ski)
        removes a ski from the trustedSkis map
        Parameters:
        ski - the ski to remove
        Returns:
        true if the map contained the ski, otherwise false

      • getTrustedSkis

        public static java.util.Map<java.lang.String,​SkiManagementInfo> getTrustedSkis()

      • clearTrustedSkis

        public static void clearTrustedSkis()

      • storeKeyPairInKeyStore

        public void storeKeyPairInKeyStore​(java.lang.String alias)
                            throws java.security.NoSuchProviderException,
                                   java.security.KeyStoreException,
                                   java.security.cert.CertificateException,
                                   java.security.NoSuchAlgorithmException,
                                   java.io.IOException
        Throws:
        java.security.NoSuchProviderException
        java.security.KeyStoreException
        java.security.cert.CertificateException
        java.security.NoSuchAlgorithmException
        java.io.IOException

      • storeSymKeyInKeyStore

        public void storeSymKeyInKeyStore​(java.lang.String alias)
                           throws java.security.NoSuchProviderException,
                                  java.security.KeyStoreException,
                                  java.security.cert.CertificateException,
                                  java.security.NoSuchAlgorithmException,
                                  java.io.IOException
        Throws:
        java.security.NoSuchProviderException
        java.security.KeyStoreException
        java.security.cert.CertificateException
        java.security.NoSuchAlgorithmException
        java.io.IOException

      • createCertificate

        public CertificateInfo createCertificate​(java.security.KeyPair keyPair,
                                         java.lang.String dn,
                                         int days,
                                         CertificateInfo issuer)
                                  throws org.bouncycastle.operator.OperatorCreationException,
                                         org.bouncycastle.cert.CertIOException,
                                         java.security.cert.CertificateException
        generates a self-signed X.509 Certificate
        Parameters:
        dn - the X.509 Distinguished Name, eg "CN=TEst, L=London, C=GB". For IoT devices, usually the DeviceID
        days - how many days the Certificate is valid for
        Returns:
        A self-signed certificate
        Throws:
        org.bouncycastle.operator.OperatorCreationException - if certificate generation goes wrong
        org.bouncycastle.cert.CertIOException - if certificate generation goes wrong
        java.security.cert.CertificateException - if certificate generation goes wrong

      • getOwnSki

        public org.bouncycastle.asn1.x509.SubjectKeyIdentifier getOwnSki()

      • getOwnSkiAsStr

        public java.lang.String getOwnSkiAsStr()

      • getKeyPair

        public java.security.KeyPair getKeyPair()

      • setKeyPair

        public void setKeyPair​(java.security.KeyPair keyPair)

      • getPathToKeyStoreFile

        public java.nio.file.Path getPathToKeyStoreFile()

      • setPathToKeyStoreFile

        public void setPathToKeyStoreFile​(java.nio.file.Path pathToKeyStoreFile)

      • getKs

        public java.security.KeyStore getKs()

      • setKs

        public void setKs​(java.security.KeyStore ks)

      • getPassphrase

        public char[] getPassphrase()

      • setPassphrase

        public void setPassphrase​(char[] passphrase)