pkernel_jce 0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,221 @@
1
+
2
+ require_relative 'io_utils'
3
+
4
+ module PkernelJce
5
+ module CRL
6
+ def generate(identity, opts = {}, &block)
7
+
8
+ if identity.nil?
9
+ raise PkernelJce::Error, "Identity is nil in generating CRL"
10
+ end
11
+
12
+ tbpCerts = opts[:tbpCerts]
13
+ # allow empty CRL
14
+ tbpCerts = {} if tbpCerts.nil?
15
+
16
+ prov = opts[:provider]
17
+ if prov.nil?
18
+ prov = PkernelJce::Provider.add_default
19
+ else
20
+ PkernelJce::Provider.add_provider(prov)
21
+ end
22
+
23
+ validity = opts[:validity] || 1
24
+ validityUnit = opts[:validity_unit] || :days
25
+ signAlgo = opts[:hashAlgo]
26
+ if signAlgo.nil?
27
+ signAlgo = PkernelJce::KeyPair.derive_signing_algo(identity.privKey, "SHA256")
28
+ end
29
+ PkernelJce::GConf.instance.glog.debug "Signing algo for CRL is #{signAlgo}"
30
+
31
+ crlGen = org.bouncycastle.x509.X509V2CRLGenerator.new
32
+ validFrom = Time.now
33
+ validTo = validFrom.advance( validityUnit => validity )
34
+ # CRL validity should not be more then issuer's
35
+ if validFrom.to_java_date.before(identity.certificate.not_before)
36
+ PkernelJce::GConf.instance.glog.debug "CRL new valid from has adjusted to match with issuer valid from : #{validFrom} [Original] / #{identity.certificate.not_before} [Issuer's certificate not before]"
37
+ validFrom = identity.certificate.not_before
38
+ end
39
+
40
+ if validTo.to_java_date.after(identity.certificate.not_after)
41
+ PkernelJce::GConf.instance.glog.debug "CRL new valid until has adjusted to match with issuer validity to : #{validTo} [Original] / #{identity.certificate.not_after} [Issuer's certificate not after]"
42
+ validTo = identity.certificate.not_after
43
+ end
44
+ PkernelJce::GConf.instance.glog.debug "CRL validity #{validFrom} - #{validTo}"
45
+
46
+ crlGen.issuer_dn = identity.certificate.getSubjectX500Principal
47
+ crlGen.this_update = validFrom
48
+ crlGen.next_update = validTo
49
+ crlGen.signature_algorithm = signAlgo
50
+
51
+ tbpCerts.each do |k,v|
52
+ cert = k
53
+ opts = v
54
+ time = opts[:time] || java.util.Date.new
55
+ reason = opts[:reason] || Pkernel::CRLReason::UNSPECIFIED
56
+ crlGen.addCRLEntry(cert.getSerialNumber, time, reason)
57
+ PkernelJce::GConf.instance.glog.debug "Added cert into entry"
58
+ end
59
+
60
+ PkernelJce::GConf.instance.glog.debug "Generating CRL from issuer '#{identity.certificate.subjectDN.to_s}' [Provider #{prov.name}]"
61
+ crl = crlGen.generateX509CRL(identity.privKey, prov.name)
62
+ crl
63
+
64
+ end
65
+ # end generate
66
+
67
+ def ensure_java_crl(crl)
68
+ if crl.nil?
69
+ raise PkernelJce::Error, "CRL given to convert to java object is nil"
70
+ end
71
+
72
+ if crl.java_kind_of?(Java::OrgBouncycastleCert::X509CRLHolder)
73
+ org.bouncycastle.cert.jcajce.JcaX509CRLConverter.new.getCRL(crl)
74
+ else
75
+ crl
76
+ end
77
+ end
78
+ alias_method :to_java_crl, :ensure_java_crl
79
+ #
80
+ # end ensure_java_crl / to_java_crl
81
+ #
82
+
83
+ def ensure_bc_crl(crl)
84
+ if crl.nil?
85
+ raise PkernelJce::Error, "CRL given to convert to BC object is nil"
86
+ end
87
+
88
+ if crl.java_kind_of?(Java::OrgBouncycastleCert::X509CRLHolder)
89
+ crl
90
+ else
91
+ org.bouncycastle.cert.X509CRLHolder.new(java.io.ByteArrayInputStream.new(crl.encoded))
92
+ end
93
+ end
94
+ alias_method :to_bc_crl, :ensure_bc_crl
95
+ #
96
+ # end to_bc_crl / ensure_bc_crl
97
+ #
98
+
99
+ def is_signature_valid?(crl, opts = { }) #issuer)
100
+ if crl.nil?
101
+ raise PkernelJce::Error, "CRL pass to test signature validity for CRL is nil"
102
+ end
103
+
104
+ issuer_cert = opts[:issuer_cert]
105
+ issuer_key = opts[:issuer_key]
106
+ if not issuer_cert.nil?
107
+ pubKey = PkernelJce::Certificate.public_key(issuer_cert)
108
+ elsif not issuer_key.nil?
109
+ pubKey = PkernelJce::KeyPair.public_key(issuer_key)
110
+ else
111
+ raise PkernelJce::Error, "Neither issuer cert or key is available for signature verification"
112
+ end
113
+ #if issuer.nil?
114
+ # raise PkernelJce::Error, "Issuer pass to test signature validity for CRL is nil"
115
+ #end
116
+
117
+ #if PkernelJce::Certificate.is_cert_object?(issuer)
118
+ # pubKey = PkernelJce::Certificate.public_key(issuer)
119
+ #else
120
+ # pubKey = PkernelJce::KeyPair.public_key(issuer)
121
+ #end
122
+
123
+ crl = ensure_java_crl(crl)
124
+ begin
125
+ crl.verify(pubKey)
126
+ true
127
+ rescue Exception => ex
128
+ PkernelJce::GConf.instance.glog.error ex
129
+ false
130
+ end
131
+ end
132
+
133
+ def is_revoked?(crl,cert,&block)
134
+ if crl.revoked_certificates.nil? or crl.revoked_certificates.length == 0
135
+ false
136
+ else
137
+ crl = ensure_java_crl(crl)
138
+ now = java.util.Date.new
139
+ if crl.next_update.before(now)
140
+ # expired
141
+ if block
142
+ cont = block.call(:expired, { valid_until: crl.next_update, issuer: crl.issuer_x500_principal })
143
+ if not cont
144
+ raise PkernelJce::Error, "CRL expired at #{crl.next_update}. Revocation check aborted."
145
+ else
146
+ PkernelJce::GConf.instance.glog.warn "Revocation checked against expired CRL [CRL Expired on #{crl.next_update} / Ref Date : #{now}] based on application request."
147
+ end
148
+ else
149
+ raise PkernelJce::Error, "CRL expired at #{crl.next_update}. Revocation check aborted."
150
+ end
151
+ end
152
+
153
+ c = PkernelJce::Certificate.to_bc_cert(cert)
154
+ revokedInfo = crl.get_revoked_certificate(c.serial_number)
155
+ if revokedInfo.nil?
156
+ [false,nil]
157
+ else
158
+ [true, { reason: revokedInfo.revocation_reason, on: revokedInfo.revocation_date, object: revokedInfo }]
159
+ end
160
+ end
161
+ end
162
+
163
+ def dump(crl, opts = {})
164
+
165
+ if crl.nil?
166
+ raise PkernelJce::Error, "Given CRL to dump is nil."
167
+ end
168
+
169
+ file = opts[:file]
170
+
171
+ if not (file.nil? or file.empty?)
172
+ os = java.io.FileOutputStream.new(file)
173
+ else
174
+ os = java.io.ByteArrayOutputStream.new
175
+ end
176
+
177
+ os.write(crl.encoded)
178
+ os.flush
179
+ os.close
180
+
181
+ if (file.nil? or file.empty?)
182
+ os.toByteArray
183
+ end
184
+
185
+ end
186
+ # end dump
187
+
188
+ def load(opts = {})
189
+ file = opts[:file]
190
+ bin = opts[:bin]
191
+
192
+ if not (file.nil? or file.empty?)
193
+ crlbin = PkernelJce::IoUtils.file_to_memory_byte_array(file)
194
+ elsif not bin.nil?
195
+ crlbin = PkernelJce::IoUtils.ensure_java_bytes(bin)
196
+ else
197
+ raise PkernelJce::Error, "No source to load CRL from"
198
+ end
199
+
200
+ # this option shall load the CRL in Java
201
+ #crl = java.security.cert.CertificateFactory.getInstance("X.509").generateCRL(java.io.ByteArrayInputStream.new(crlbin))
202
+
203
+ # this option shall load the CRL in BC but under Java interface
204
+ prov = PkernelJce::Provider.add_default
205
+ crl = java.security.cert.CertificateFactory.getInstance("X.509",prov).generateCRL(java.io.ByteArrayInputStream.new(crlbin))
206
+
207
+ # this option shall load the CRL in BC too but under BC interface
208
+ #crl = org.bouncycastle.cert.X509CRLHolder.new(crlbin)
209
+
210
+ crl
211
+ end
212
+ # end load
213
+
214
+ end
215
+ # end module CRL
216
+
217
+ class CRLCore
218
+ extend CRL
219
+ end
220
+
221
+ end
@@ -0,0 +1,126 @@
1
+
2
+ require 'pkernel'
3
+ require_relative 'provider'
4
+ require_relative 'utils'
5
+ require_relative 'global'
6
+ require_relative 'error'
7
+
8
+ module PkernelJce
9
+ module CSR
10
+
11
+ def generate(identity, opts = {} )
12
+
13
+ owner = opts[:owner]
14
+ if owner.nil? and identity.certificate.nil?
15
+ raise PkernelJce::Error, "Either Owner or Certificate must exist to issue CSR"
16
+ elsif not owner.nil?
17
+ subject = owner.to_x500_subject
18
+ elsif not identity.certificate.nil?
19
+ subject = PkernelJce::Certificate.ensure_java_cert(identity.certificate).subject_dn
20
+ end
21
+
22
+ signHash = opts[:signHash] || "SHA256"
23
+ signAlgo = opts[:signAlgo]
24
+ if signAlgo.nil?
25
+ signAlgo = PkernelJce::KeyPair.derive_signing_algo(identity.privKey,signHash)
26
+ end
27
+ provider = opts[:provider]
28
+ if provider.nil?
29
+ PkernelJce::GConf.instance.glog.debug "Adding default provider"
30
+ prov = PkernelJce::Provider.add_default
31
+ else
32
+ PkernelJce::GConf.instance.glog.debug "Adding provider #{provider.name}"
33
+ prov = PkernelJce::Provider.add_provider(provider)
34
+ end
35
+
36
+ #p10Builder = org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder.new(subject, PkernelJce::KeyPair.public_key(identity.privKey))
37
+ p10Builder = org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder.new(subject, identity.pubKey)
38
+ sign = org.bouncycastle.operator.jcajce.JcaContentSignerBuilder.new(signAlgo).setProvider(prov).build(identity.privKey)
39
+ csr = p10Builder.build(sign)
40
+ csr
41
+ end
42
+ # end generate()
43
+
44
+ def dump(csr, params = {})
45
+ if csr.nil?
46
+ raise PkernelJce::Error, "CSR object to be written is nil"
47
+ end
48
+
49
+ file = params[:file]
50
+ baos = java.io.ByteArrayOutputStream.new
51
+
52
+ if not file.nil?
53
+ PkernelJce::GConf.instance.glog.debug "Dump CRL to file '#{file}'"
54
+ writer = org.bouncycastle.openssl.jcajce.JcaPEMWriter.new(java.io.OutputStreamWriter.new(java.io.FileOutputStream.new(file)))
55
+ else
56
+ PkernelJce::GConf.instance.glog.debug "Dump CRL to memory"
57
+ writer = org.bouncycastle.openssl.jcajce.JcaPEMWriter.new(java.io.OutputStreamWriter.new(baos))
58
+ end
59
+
60
+ begin
61
+ writer.writeObject(csr)
62
+ ensure
63
+ writer.flush
64
+ writer.close
65
+ end
66
+
67
+ if file.nil?
68
+ baos.toByteArray
69
+ end
70
+
71
+ end
72
+ # end dump
73
+
74
+
75
+ def load(options = {})
76
+ #todo is this content pem or binary?
77
+ # now assumed is pem
78
+ file = options[:file]
79
+ bin = options[:bin]
80
+
81
+ if not file.nil? and not file.empty?
82
+ PkernelJce::GConf.instance.glog.debug "Load CSR from #{file}"
83
+ f = java.io.File.new(file)
84
+ if f.exists?
85
+ reader = org.bouncycastle.openssl.PEMParser.new(java.io.InputStreamReader.new(java.io.FileInputStream.new(f)))
86
+ else
87
+ raise PkernelJce::Error, "File '#{f.absolute_path}' not found"
88
+ end
89
+
90
+ elsif not bin.nil?
91
+ PkernelJce::GConf.instance.glog.debug "Load CSR from memory"
92
+ reader = org.bouncycastle.openssl.PEMParser.new(java.io.InputStreamReader.new(java.io.ByteArrayInputStream.new(bin)))
93
+ else
94
+ raise PkernelJce::Error, "No bin or file input is given to load"
95
+ end
96
+
97
+ obj = reader.readObject
98
+ end
99
+ # end load
100
+
101
+ def is_signature_valid?(csr)
102
+ cvProv = org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder.new.build(csr.getSubjectPublicKeyInfo)
103
+ csr.isSignatureValid(cvProv)
104
+ end
105
+ # end is_signature_valid?
106
+
107
+ def public_key(csr)
108
+ if csr.nil?
109
+ raise PkernelJce::Error, "CSR given to extract public key is nil"
110
+ end
111
+
112
+ org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter.new.getPublicKey(csr.getSubjectPublicKeyInfo)
113
+ end
114
+ # end public_key
115
+
116
+ end
117
+ # end module csr
118
+
119
+
120
+ class CSRProxy
121
+ extend CSR
122
+ end
123
+
124
+ end
125
+
126
+
@@ -0,0 +1,7 @@
1
+
2
+
3
+
4
+ module PkernelJce
5
+ class Error < StandardError; end
6
+ end
7
+
@@ -0,0 +1,17 @@
1
+
2
+ require 'singleton'
3
+ require 'tlogger'
4
+
5
+ module PkernelJce
6
+ class GConf
7
+ include Singleton
8
+ attr_reader :logger_params, :glog
9
+ def initialize
10
+ @logger_params = STDOUT
11
+ @glog = Tlogger.new(STDOUT)
12
+ @glog.tag = :pkernel_jce
13
+ @glog.show_source
14
+ end
15
+ end
16
+ end
17
+
@@ -0,0 +1,333 @@
1
+
2
+ require_relative 'provider'
3
+ require_relative 'csr'
4
+
5
+ module PkernelJce
6
+
7
+ #
8
+ # Identity
9
+ # Identity is abstraction consist of keypair + certificate, stored separately
10
+ #
11
+ #class Identity
12
+ # attr_reader :priv_key, :cert, :keystore, :chain
13
+ # def initialize(opts = {})
14
+ # @priv_key = opts[:priv_key]
15
+ # @cert = opts[:cert]
16
+ # @keystore = opts[:keystore]
17
+ # @chain = opts[:chain]
18
+ # end
19
+ #end
20
+ # end Identity
21
+ #
22
+
23
+ class Pkernel::Identity
24
+
25
+ def key=(val)
26
+ @key = val
27
+ if not @key.nil?
28
+ @privKey = PkernelJce::KeyPair.private_key(@key)
29
+ @pubKey = PkernelJce::KeyPair.public_key(@key)
30
+ end
31
+ end
32
+
33
+ def key
34
+ if @key.nil?
35
+ if not @privKey.nil?
36
+ if not @pubKey.nil?
37
+ @key = java.security.KeyPair.new(@pubKey,@privKey)
38
+ elsif not @certificate.nil?
39
+ @key = java.security.KeyPair.new(@certificate.public_key,@privKey)
40
+ else
41
+ # no possible to generate without public key
42
+ end
43
+ else
44
+ # not possible to generate without private key
45
+ end
46
+ else
47
+ # key is not nil...
48
+ end
49
+
50
+ @key
51
+ end
52
+
53
+ def privKey
54
+ if @privKey.nil? and not @key.nil?
55
+ @privKey = PkernelJce::KeyPair.private_key(@key)
56
+ end
57
+ @privKey
58
+ end
59
+
60
+ def pubKey
61
+ if @pubKey.nil?
62
+ if not @key.nil?
63
+ @pubKey = PkernelJce::KeyPair.public_key(@key)
64
+ elsif not @certificate.nil?
65
+ @pubKey = PkernelJce::KeyPair.public_key(@certificate)
66
+ end
67
+ end
68
+
69
+ @pubKey
70
+ end
71
+
72
+ def certificate
73
+ if not @certificate.nil? and @certificate.java_kind_of?(Java::OrgBouncycastleCert::X509CertificateHolder)
74
+ @certificate = @certificate.to_java_cert
75
+ end
76
+ @certificate
77
+ end
78
+
79
+ # In java world, JCE/JCA provides switchable engine to call if it is software/hardware
80
+ # This provider is tightly related to private key.
81
+ # Since private key is encapsulated in this object, might as well keep the pointer here.
82
+ # Whoever want to use the private key, also should check the provider to load correct
83
+ # signing engine
84
+ def provider=(val)
85
+ if not val.nil?
86
+ if val.is_a?(String) and not val.empty?
87
+ @provider = PkernelJce::Provider.add_provider(val)
88
+ else
89
+ @provider = PkernelJce::Provider.add_provider(val)
90
+ end
91
+ end
92
+ end
93
+
94
+ def provider
95
+ if @provider.nil?
96
+ PkernelJce::GConf.instance.glog.debug "Provider is nil in Identity object. Setting it to default provider '#{PkernelJce::Provider::DefProvider.name}'"
97
+ @provider = PkernelJce::Provider.add_default
98
+ end
99
+
100
+ @provider
101
+ end
102
+ end
103
+
104
+ #
105
+ # IdentityFactory
106
+ #
107
+ module IdentityFactory
108
+
109
+ def build_from_components(key, cert = nil, chain = [], provider = nil)
110
+ if key.nil?
111
+ raise PkernelJce::Error, "Key cannot be nil to build identity"
112
+ end
113
+
114
+ id = Pkernel::Identity.new( { key: key, certificate: cert, chain: chain } )
115
+ if cert.nil?
116
+ class_eval do
117
+ include PkernelJce::IdentityManagement
118
+ end
119
+ else
120
+ c = PkernelJce::Certificate.ensure_java_cert(cert)
121
+ if PkernelJce::Certificate.is_issuer_cert?(c)
122
+ class_eval do
123
+ include PkernelJce::IdentityIssuer
124
+ include PkernelJce::IdentityManagement
125
+ end
126
+ else
127
+ class_eval do
128
+ include PkernelJce::IdentityManagement
129
+ end
130
+ end
131
+ end
132
+
133
+ id.provider = provider
134
+
135
+ id
136
+ end
137
+ alias_method :build, :build_from_components
138
+ # end build_from_components
139
+
140
+ def dump(id, opts = {})
141
+
142
+ if id.nil?
143
+ raise PkernelJce::Error, "Identity object is nil in write to keystore"
144
+ end
145
+
146
+ prov = opts[:provider]
147
+ if prov.nil?
148
+ prov = PkernelJce::Provider.add_default
149
+ else
150
+ prov = PkernelJce::Provider.add_provider(prov)
151
+ end
152
+
153
+ format = opts[:format]
154
+ format = :p12 if format.nil?
155
+ sFormat = format
156
+ case format
157
+ when :p12, :pkcs12
158
+ PkernelJce::GConf.instance.glog.debug "Loading PKCS12 keystore"
159
+ ks = java.security.KeyStore.getInstance("PKCS12",prov)
160
+ sFormat = :p12
161
+ when :jks
162
+ PkernelJce::GConf.instance.glog.debug "Loading JKS keystore"
163
+ ks = java.security.KeyStore.getInstance("JKS")
164
+ sFormat = :jks
165
+ else
166
+ PkernelJce::GConf.instance.glog.debug "Loading '#{format}' keystore"
167
+ if prov.nil?
168
+ ks = java.security.KeyStore.getInstance(format)
169
+ else
170
+ ks = java.security.KeyStore.getInstance(format, prov)
171
+ end
172
+ sFormat = format
173
+ end
174
+
175
+ result = { }
176
+ pass = opts[:password]
177
+ if pass.nil? or pass.empty?
178
+ PkernelJce::GConf.instance.glog.warn "Password is not given to dump identity. Random password shall be generated."
179
+ pass = SecureRandom.hex(8)
180
+ result[:password] = pass
181
+ #raise PkernelJce::Error, "Password should not be empty for identity storage"
182
+ end
183
+
184
+ chain = id.chain.map do |c|
185
+ if c.java_kind_of?(org.bouncycastle.cert.X509CertificateHolder)
186
+ c.to_java_cert
187
+ else
188
+ c
189
+ end
190
+ end
191
+
192
+ name = opts[:key_name] || "Pkernel JCE"
193
+
194
+ ks.load(nil,nil)
195
+ ks.setKeyEntry(name, id.privKey, pass.to_java.toCharArray, chain.to_java(java.security.cert.Certificate))
196
+ baos = java.io.ByteArrayOutputStream.new
197
+
198
+ file = opts[:file]
199
+ if file.nil? or file.empty?
200
+ ks.store(baos, pass.to_java.toCharArray)
201
+ baos.toByteArray
202
+ else
203
+ fos = java.io.FileOutputStream.new(file)
204
+ ks.store(fos, pass.to_java.toCharArray)
205
+ fos.flush
206
+ fos.close
207
+ end
208
+
209
+ result
210
+ end
211
+
212
+ def load(opts = {})
213
+
214
+ prov = opts[:provider]
215
+ if prov.nil?
216
+ prov = PkernelJce::Provider.add_default
217
+ else
218
+ prov = PkernelJce::Provider.add_provider(prov)
219
+ end
220
+
221
+ format = opts[:format]
222
+ format = :p12 if format.nil?
223
+ sFormat = format
224
+ case format
225
+ when :p12, :pkcs12
226
+ PkernelJce::GConf.instance.glog.debug "Loading PKCS12 keystore"
227
+ ks = java.security.KeyStore.getInstance("PKCS12",prov)
228
+ sFormat = :p12
229
+ when :jks
230
+ PkernelJce::GConf.instance.glog.debug "Loading JKS keystore"
231
+ ks = java.security.KeyStore.getInstance("JKS")
232
+ sFormat = :jks
233
+ else
234
+ PkernelJce::GConf.instance.glog.debug "Loading '#{format}' keystore"
235
+ if prov.nil?
236
+ ks = java.security.KeyStore.getInstance(format.to_s)
237
+ else
238
+ ks = java.security.KeyStore.getInstance(format.to_s, prov)
239
+ end
240
+ end
241
+
242
+ pass = opts[:password] || ''
243
+
244
+ file = opts[:file]
245
+ bin = opts[:bin]
246
+ baos = java.io.ByteArrayOutputStream.new
247
+
248
+ if not file.nil? or not file.empty?
249
+ fis = java.io.FileInputStream.new(file)
250
+ ks.load(fis,pass.to_java.toCharArray)
251
+ fis.close
252
+ elsif bin.nil?
253
+ ks.load(java.io.ByteArrayInputStream.new(bin),pass.to_java.toCharArray)
254
+ else
255
+ raise PkernelJce::Error, "No file or bin is given to load identity"
256
+ end
257
+
258
+ name = opts[:key_name] || ks.aliases.to_a[0]
259
+
260
+ key = ks.getKey(name,pass.to_java.toCharArray)
261
+ cert = ks.getCertificate(name)
262
+ chain = ks.getCertificateChain(name)
263
+
264
+ id = Pkernel::Identity.new( { privKey: key, certificate: cert, chain: chain } )
265
+ id
266
+ end
267
+
268
+ end
269
+ # end IdentityFactory
270
+
271
+
272
+ module IdentityIssuer
273
+
274
+ #def issue_cert(identity, opts = {})
275
+ # src = opts[:source]
276
+ # if src.nil? or src.empty?
277
+ # raise PkernelJce::Error, "Issue cert requires source key indicating either from CSR or Owner structure"
278
+ # end
279
+
280
+ # conf = opts[:config]
281
+ # if conf.nil? or conf.empty?
282
+ # raise PkernelJce::Error, "Config for certificate generation is not given!"
283
+ # end
284
+
285
+ # if src[:csr_file].nil?
286
+ # csrBin = PkernelJce::CSRCore.load({ file: src[:csr_file] })
287
+ # elsif src[:csr].nil?
288
+ # owner = Pkernel::Certificate::Owner.load_from_csr(src[:csr])
289
+ # elsif src[:owner].nil?
290
+ #
291
+ # else
292
+ # raise PkernelJce::Error, "No CSR or Owner is given to issue certificate"
293
+ # end
294
+
295
+ # issuerKey = PkernelJce::KeyPair.private_key(identity.privKey)
296
+
297
+ # conf[:owner] = owner
298
+
299
+ # cert = @cdriver.generate(conf) do |v|
300
+ # case v
301
+ # when :signAlgo
302
+ # PkernelJce::KeyPair.derive_signing_algo(issuerKey, "SHA256")
303
+ # when :issuerKey
304
+ # issuerKey
305
+ # when :issuerCert
306
+ # when :keyUsage
307
+ # when :extKeyUsage
308
+ # end
309
+ # end
310
+
311
+ #end
312
+
313
+ end
314
+ # end IdentityIssuer
315
+
316
+ module IdentityManagement
317
+
318
+ def destroy
319
+ PkernelJce::GConf.instance.glog.warn "Destroy not implemented for JCE context"
320
+ end
321
+
322
+
323
+ end
324
+
325
+
326
+ class IdentityEngine
327
+ extend IdentityFactory
328
+ end
329
+
330
+ end
331
+
332
+
333
+