ServerKeys.java

Go to the documentation of this file.

/*
 * Turró i Cutiller Foundation. License notice.
 * Copyright (C) 2022 Lluis Turró Cutiller <http://www.turro.org/>
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
package org.turro.push.security;
 
import java.io.File;
import java.io.FileReader;
import java.io.FileWriter;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.spec.InvalidKeySpecException;
import java.util.Properties;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.commons.codec.binary.Base64;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.interfaces.ECPrivateKey;
import org.bouncycastle.jce.interfaces.ECPublicKey;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
import org.bouncycastle.jce.spec.ECParameterSpec;
import org.bouncycastle.jce.spec.ECPrivateKeySpec;
import org.bouncycastle.jce.spec.ECPublicKeySpec;
import org.bouncycastle.math.ec.ECCurve;
import org.bouncycastle.math.ec.ECPoint;
import org.bouncycastle.util.BigIntegers;
import org.turro.elephant.context.ElephantContext;
import org.turro.lock.Initializer;
 
public class ServerKeys {
 
  public static String publicKey() {
    return instance().getProperty("pk");
  }
 
  public static String privateKey() {
    return instance().getProperty("sk");
  }
 
  /* Factory */
  
  private static final Initializer<Properties> PUSH_KEYS = new Initializer<>();
          
  private static Properties instance() {
    return PUSH_KEYS.instance(() -> {
      Security.addProvider(new BouncyCastleProvider());
      File keyPair = pushKeyPairFile();
      if(!keyPair.exists()) generateKeyPair();
      if(keyPair.exists()) {
        try(FileReader reader = new FileReader(keyPair)) {
          Properties properties = new Properties();
          properties.load(reader);
          return properties;
        } catch (IOException ex) {
          Logger.getLogger(ServerKeys.class.getName()).log(Level.SEVERE, null, ex);
        }
      }
      return null;
    });
  }
  
  private static final String PUSH_KEYPAIR = "/WEB-INF/elephant/security/push.cipher";
  
  private static void generateKeyPair() {
    try {
      ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec(CURVE);
      KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(ALGORITHM, BouncyCastleProvider.PROVIDER_NAME);
      keyPairGenerator.initialize(parameterSpec);
      saveKeyPair(keyPairGenerator.generateKeyPair());
    } catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidAlgorithmParameterException ex) {
      Logger.getLogger(ServerKeys.class.getName()).log(Level.SEVERE, null, ex);
    }
 }
  
  private static void saveKeyPair(KeyPair serverKey) {
    try{
      ECPublicKey publicKey = (ECPublicKey) serverKey.getPublic();
      ECPrivateKey privateKey = (ECPrivateKey) serverKey.getPrivate();
      byte[] encodedPublicKey = encode(publicKey);
      byte[] encodedPrivateKey = encode(privateKey);
      String publicKeyBase64 = Base64.encodeBase64URLSafeString(encodedPublicKey); //Base64Encoder.encodeUrl(encodedPublicKey);
      String privateKeyBase64 = Base64.encodeBase64URLSafeString(encodedPrivateKey); //Base64Encoder.encodeUrl(encodedPrivateKey);
      if(verifyKeyPair(loadPrivateKey(privateKeyBase64), loadPublicKey(publicKeyBase64))) {
        Properties keypair = new Properties();
        keypair.put("sk", privateKeyBase64);
        keypair.put("pk", publicKeyBase64);
        try(FileWriter writer = new FileWriter(pushKeyPairFile())) {
          keypair.store(writer, "Elephant Push");
        } catch (IOException ex) {
          Logger.getLogger(ServerKeys.class.getName()).log(Level.SEVERE, null, ex);
        }
      }
    } catch (NoSuchProviderException | NoSuchAlgorithmException | InvalidKeySpecException ex) {
      Logger.getLogger(ServerKeys.class.getName()).log(Level.SEVERE, null, ex);
    }
  }
  
  private static File pushKeyPairFile() {
    return new File(ElephantContext.getRealPath(PUSH_KEYPAIR));
  }
  
  public static final String CURVE = "prime256v1";
  public static final String ALGORITHM = "ECDH";
    
  public static byte[] encode(ECPublicKey publicKey) {
    return publicKey.getQ().getEncoded(false);
  }
 
  public static byte[] encode(ECPrivateKey privateKey) {
    return privateKey.getD().toByteArray();
  }
 
  public static boolean verifyKeyPair(PrivateKey privateKey, PublicKey publicKey) {
    ECNamedCurveParameterSpec curveParameters = ECNamedCurveTable.getParameterSpec(CURVE);
    ECPoint g = curveParameters.getG();
    ECPoint sG = g.multiply(((java.security.interfaces.ECPrivateKey) privateKey).getS());
 
    return sG.equals(((ECPublicKey) publicKey).getQ());
  }
  
  public static PrivateKey loadPrivateKey(String encodedPrivateKey) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeySpecException {
    byte[] decodedPrivateKey = Base64.decodeBase64(encodedPrivateKey);
    return loadPrivateKey(decodedPrivateKey);
  }
  
  public static PrivateKey loadPrivateKey(byte[] decodedPrivateKey) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeySpecException {
    BigInteger s = BigIntegers.fromUnsignedByteArray(decodedPrivateKey);
    ECParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec(CURVE);
    ECPrivateKeySpec privateKeySpec = new ECPrivateKeySpec(s, parameterSpec);
    KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM, BouncyCastleProvider.PROVIDER_NAME);
 
    return keyFactory.generatePrivate(privateKeySpec);
  }
  
  public static PublicKey loadPublicKey(String encodedPublicKey) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeySpecException {
    byte[] decodedPublicKey = Base64.decodeBase64(encodedPublicKey);
    return loadPublicKey(decodedPublicKey);
  }
    
  public static PublicKey loadPublicKey(byte[] decodedPublicKey) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeySpecException {
    KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM, BouncyCastleProvider.PROVIDER_NAME);
    ECParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec(CURVE);
    ECCurve curve = parameterSpec.getCurve();
    ECPoint point = curve.decodePoint(decodedPublicKey);
    ECPublicKeySpec pubSpec = new ECPublicKeySpec(point, parameterSpec);
 
    return keyFactory.generatePublic(pubSpec);
  }
  
}