add: add some function 2 IdentityManager (without test)

src/main/java/security/IdentifyManager.java

@@ -1,6 +1,9 @@
 package security;
 
 import minsecurity.Common;
+import minsecurity.certificate.cert.CertException;
+import minsecurity.certificate.cert.CertUtils;
+import minsecurity.certificate.cert.Certificate;
 import minsecurity.crypto.sm2.SM2Base;
 import minsecurity.crypto.sm2.SM2KeyPair;
 import minsecurity.identity.Identity;
@@ -9,7 +12,15 @@ import minsecurity.identity.KeyParam;
 //import minsecurity.identity.persist.MapDB;
 import minsecurity.identity.persist.Persist;
 import minsecurity.identity.persist.sqlite.Sqlite;
+import org.omg.CORBA.PUBLIC_MEMBER;
 
+import javax.crypto.BadPaddingException;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
 import java.util.ArrayList;
 import java.util.Iterator;
 import java.util.List;
@@ -26,13 +37,20 @@ import java.util.concurrent.ConcurrentMap;
 // TODO: 测试
 public class IdentifyManager {
 
+    public static String DefaultIdentityDBPath = "/usr/local/.mir/identity/";
     public void setIdentifies(ConcurrentMap<String, Identity> identifies) {
         this.identifies = identifies;
     }
 
-    private ConcurrentMap<String, Identity> identifies;   // 一个map，存储了身份名字和网络身份实体的映射
+    private ConcurrentMap<String, Identity> identifies;         // 一个map，存储了身份名字和网络身份实体的映射
     private Identity defaultIdentity;                           // 默认网络身份
     private int privateKeyEncryptionAlgorithm;                  // 对秘钥加密所使用的加密算法
+    // 一个map，存储了身份名字和对应身份的版本号
+    // 1. 初始加载到内存中时，所有身份的版本号均为0
+    // 2. 接着每次对该网络身份进行了任何的修改，对应版本号都会++
+    private ConcurrentMap<String, Long> versionMap;
+    private long version;                                     	// 版本号，每次创建一个对象，version从0开始，对身份的任何增删改都会导致版本号的增加
+
 
 
     /**
@@ -44,6 +62,19 @@ public class IdentifyManager {
      * @date 2021/3/11
     **/
     public IdentifyManager(){
+        init();
+    }
+
+    public IdentifyManager(String dbPath) {
+        try {
+            Sqlite.getInstance().open(dbPath);
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+        init();
+    }
+
+    public void init() {
         try{
             this.identifies = loadAllIdentifies();
             this.defaultIdentity = Persist.getDefaultIdentityFromStorage("");
@@ -53,6 +84,8 @@ public class IdentifyManager {
         }
     }
 
+
+
     /**
      * 从sqlite中加载全部网络身份信息并封装成ConcurrentMap
      * @return {ConcurrentMap}
@@ -102,6 +135,7 @@ public class IdentifyManager {
         this.identifies.remove(name);
         // 从sqlite中删除掉它
         Persist.deleteIdentityByNameFromStorage(name);
+        version++;
         return true;
     }
 
@@ -128,10 +162,17 @@ public class IdentifyManager {
 
         // 将新的网络身份进行持久化存储
         // TODO 目前的Persist模块无法实现强制覆盖，因为会抛出重名异常
+        if(force)
+            Persist.deleteIdentityByNameFromStorage(newIdentity.getName());
         Persist.persistIdentity(newIdentity);
 
         // 同时更新内存中数据
         this.identifies.put(newIdentity.getName(), newIdentity);
+        long curVersion = 0;
+        if(versionMap.containsKey(newIdentity.getName())) {
+            curVersion = versionMap.get(newIdentity.getName()) + 1;
+        }
+        versionMap.put(newIdentity.getName(), curVersion);
         return true;
     }
 
@@ -171,6 +212,8 @@ public class IdentifyManager {
         Persist.persistIdentity(newIdentity);
         // 持久化存储成功则在内存中也存储一份
         this.identifies.put(name, newIdentity);
+        versionMap.put(name, 0L);
+        version++;
         return newIdentity;
     }
 
@@ -228,6 +271,147 @@ public class IdentifyManager {
              return false;
         return identifies.containsKey(name);
     }
+    /**
+     * 返回当前版本号
+     * @param
+     * @return long 返回当前版本号
+     * @throws
+     * @author hongyu guo
+     * @date 2021/5/21
+    **/
+    public long getCurrentVersion() {
+        return getVersion();
+    }
+
+    /***
+     * 获取某个网络身份的版本号
+     * @return long 没有该Identity，返回-1
+     * @throws
+     * @author hongyu guo
+     * @date 2021/5/21
+    **/
+    public long getIdentityVersion(String identityName) {
+        if(versionMap.containsKey(identityName)) {
+            return versionMap.get(identityName);
+        }
+        return -1L;
+    }
+
+    /**
+     * 加载证书
+     * @param identityName
+	 * @param cert
+     * @return boolean
+     * @throws Exception
+     * @author hongyu guo
+     * @date 2021/5/21
+    **/
+    public boolean loadCert(String identityName, Certificate cert) throws Exception {
+        if(existIdentity(identityName)) {
+            // 已经存在
+            Identity id = Persist.getIdentityByNameFromStorage(identityName, "");
+            if(id == null)
+                throw new IdentifyManagerException("can not find identity by name [" + identityName + "] in sqlite");
+            Certificate oldCert = id.getCert();
+            id.setCert(cert);
+            boolean succ = saveIdentity(id, true, true);
+            if(!succ) {
+                return false;
+            }
+
+            getIdentityByName(identityName).setCert(cert);
+        } else {
+            Identity id = new Identity();
+            id.setName(cert.getIssueTo());
+            id.setCert(cert);
+            id.setKeyParam(new KeyParam(cert.getPublicKeyAlgorithm(), cert.getSignatureAlgorithm()));
+            id.setPubkey(cert.getPublicKey());
+            boolean succ = saveIdentity(id, true, true);
+            if(!succ)
+                return false;
+            identifies.put(id.getName(), id);
+        }
+        return true;
+    }
+
+    /**
+     * 使用指定的网络身份给自己签发一个自签证书
+     * @param identityName
+	 * @param passwd
+     * @return boolean
+     * @throws
+     * @author hongyu guo
+     * @date 2021/5/21
+    **/
+    public boolean selfIssue(String identityName, String passwd) throws Exception {
+        if(!existIdentity(identityName)) {
+            throw new IdentifyManagerException("Target identity [" + identityName + "] not exists!");
+        }
+
+        Identity identity = Persist.getIdentityByNameFromStorage(identityName, "");
+        if(identity == null) {
+            throw new IdentifyManagerException("can not find identity by name [" + identityName + "] in sqlite");
+        }
+
+        if(identity.isLocked()) {
+            boolean succ = identity.unLock(passwd, Common.SM4ECB);
+            if(!succ) {
+                throw new IdentifyManagerException("can not unlock identity [" + identityName +  "]");
+            }
+        }
+
+        Certificate cert = new Certificate();
+        cert.setVersion(0);
+        cert.setSerialNumber(1);
+        cert.setPublicKey(identity.getPubkey());
+        cert.setSignatureAlgorithm(identity.getKeyParam().SignatureAlgorithm);
+        cert.setPublicKeyAlgorithm(identity.getKeyParam().PublicKeyAlgorithm);
+        cert.setIssueTo(identity.getName());
+        cert.setIssuer(identity.getName());
+        cert.setNotBefore(System.currentTimeMillis());
+        cert.setNotAfter(System.currentTimeMillis() + 365 * 24 * 60 * 60 * 1000L);
+        cert.setKeyUsage(Common.CertSign);
+        cert.setCA(true);
+        cert.setTimestamp(System.currentTimeMillis());
+
+        CertUtils.signCert(cert, identity.getPrikey());
+        return loadCert(identity.getName(), cert);
+
+    }
+
+    /**
+     * 导出证书
+     * @param identityName
+     * @return java.lang.String
+     * @throws
+     * @author hongyu guo
+     * @date 2021/5/21
+    **/
+    public String dumpCert(String identityName) throws NoSuchPaddingException, InvalidKeyException, CertException, IllegalBlockSizeException, BadPaddingException, NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {
+        Identity targetIdentity = getIdentityByName(identityName);
+        if(targetIdentity == null) {
+            return "";
+        }
+
+        if (targetIdentity.getCert() == null ||
+                (targetIdentity.getCert().getIssuer().equals("") && targetIdentity.getCert().getSignature() == null)) {
+            return "";
+        }
+        return CertUtils.toPem(targetIdentity.getCert(), "".getBytes(), Common.SM4ECB);
+    }
+
+    /**
+     * 导入证书
+     * @param bytesOfCert
+     * @return boolean
+     * @throws
+     * @author hongyu guo
+     * @date 2021/5/21
+    **/
+    public boolean importCert(byte[] bytesOfCert) throws Exception {
+        Certificate cert = CertUtils.fromPem(new String(bytesOfCert), null, Common.SM4ECB);
+        return loadCert(cert.getIssueTo(), cert);
+    }
 
     public ConcurrentMap<String, Identity> getIdentifies() {
         return identifies;
@@ -248,4 +432,20 @@ public class IdentifyManager {
     public void setPrivateKeyEncryptionAlgorithm(int privateKeyEncryptionAlgorithm) {
         this.privateKeyEncryptionAlgorithm = privateKeyEncryptionAlgorithm;
     }
+
+    public ConcurrentMap<String, Long> getVersionMap() {
+        return versionMap;
+    }
+
+    public void setVersionMap(ConcurrentMap<String, Long> versionMap) {
+        this.versionMap = versionMap;
+    }
+
+    public long getVersion() {
+        return version;
+    }
+
+    public void setVersion(long version) {
+        this.version = version;
+    }
 }

src/main/java/security/IdentifyManagerException.java

@@ -0,0 +1,15 @@
+package security;
+
+/*
+ * @Author: hongyu guo
+ * @Description:
+ * @Version: 1.0.0
+ * @Date: 11:19 2021/05/21
+ * @Copyright: MIN-Group；国家重大科技基础设施——未来网络北大实验室；深圳市信息论与未来网络重点实验室
+ */
+public class IdentifyManagerException  extends Exception{
+    public IdentifyManagerException(String msg){
+        super(msg);
+    }
+
+}