LAMPIRAN
LAMPIRAN 1 Tabel Hasil pengujian
No
Deskripsi Uji
Kondisi Awal
Skenario Uji
Hasil yang diharapkan
Hasil Uji
1
Membangkitkan pasangan kunci untuk root
root tidak running file root memiliki memiliki PrototypeCA.jar pasangan kunci pasangan kunci publik/pribadi
2
Membangkitkan self signed sertifikat untuk root
root memiliki running file pasangan PrototypeCA.jar kunci, tapi belum memiliki sertifikat untuk pasangan kunci tersebut
root memiliki Berhasil sertifikat yang ditandatangani oleh root sendiri
3
Membangkitkan private credential untuk root
Pasangan kunci running file untuk root dan PrototypeCA.jar sertifikatnya masih terpisah, belum disimpan dalam satu tempat
Pasangan kunci Berhasil root dan sertifikatnya disimpan dalam satu private credential dengan alias root
4
Membangkitkan pasangan kunci untuk intermediate
intermediate running file intermediate belum PrototypeCA.jar memiliki memiliki pasangan kunci pasangan kunci publik/pribadi
5
Membangkitkan sertifikat Pasangan kunci running file digital untuk intermediate PrototypeCA.jar intermediate belum memiliki sertifikat digital
Pasangan kunci Berhasil intermediate disertifikasi oleh root
6
Membangkitkan private credential untuk intermediate
Pasangan kunci running file dan sertifikat PrototypeCA.jar untuk intermediate terpisah, belum disimpan dalam sebuah tempat
Pasangan kunci Berhasil dan sertifikat untuk intermediate disimpan dalam satu private credential dengan alias intermediate
7
Membangkitkan pasangan kunci untuk end/pelanggan
end belum running end memiliki memiliki PrototypeCA.jar pasangan kunci pasangan kunci
8
Membangkitkan sertifikat Pasangan kunci running untuk end/pelanggan untuk end PrototypeCA.jar belum disertifikasi
Pasangan kunci untuk end disertifikasi dengan adanya
Berhasil
Berhasil
Berhasil
Berhasil
20
No
Deskripsi Uji
Kondisi Awal
Skenario Uji
Hasil yang diharapkan
Hasil Uji
sertifikat 9
Membangkitkan private credential untuk end
Pasangan kunci running dan sertifikat PrototypeCA.jar untuk end masih disimpan terpisah
Pasangan kunci Berhasil dan sertifikatnya disimpan dalam private credential dengan alias end
10
Membangkitkan keystore untuk menyimpan private credential root, intermediate, dan end
keystore untuk running menyimpan PrototypeCA.jar private credential belum ada
private Berhasil credential root, intermediate, dan end disimpan dalam sebuah keystore
11
Menyimpan keystore dalam sebuah file dengan nama file <nomor_telepon>.cert
file keystore running file <nomor_telepo PrototypeCA.jar n>.cert tidak terdapat dalam root folder CA
Terdapat file Berhasil dengan nama <nomor_telepon >.cert dalam root folder CA
12
Menyimpan path menuju record dengan running file file keystore dalam tabel subject_name PrototypeCA.jar sertifikat <nomor_telepo n> dan ID <serial_number > tidak terdapat dalam tabel sertifikat
Terdapat record Berhasil dengan id <serial_number > dan subject_name <nomor_telepon > dalam tabel sertifikat
13
Membangkitkan pasangan kunci root
root tidak running file CA memiliki memiliki PrototypeCA.jar pasangan kunci pasangan kunci pribadi
Berhasil
14
Membangkitkan CRL untuk pasangan kunci yang akan di-revoke
CRL untuk running file Terdapat file pasangan kunci PrototypeCA.jar CRL dengan belum ada nama <serial_number >.crl dalam folder crl di root CA
Berhasil
15
Menyimpan path menuju record dengan Running file CRL dalam basis data serial PrototypeCA.jar <serial_number > sertifikat yang di-revoke tidak terdapat dalam tabel crl dalam basis data
Terdapat record Berhasil dengan serial <serial_number > sertifikat dalam tabel crl di basis data.
21
LAMPIRAN 2 Format X509 Certificate X509 Sertifikat v1 Certificate fields Version Serial Number Signature Algorithm Issuer Validity period Subject name Subject public-key information Issuer's signature X509 Sertifikat v2 Certificate fields v1=v2 (for seven fields ) Issuer unique identifier Subject unique identifier v1=v2 (for last field) X509 Sertifikat v3 Certificate fields v1=v2=v3 (for seven fields) v2=v3 (for two fields) Extension
v1=v2=v3 (for last fields)
Interpretation of contents Version of certificate format Certificate Serial Number Signature Algorithm identifier for certificate issuer's signature CA's X509 name Start and Expiry dates/times Subject X509 name Algorothm identifier and subject public-key value Certificate authoritys' digital signature
Interpretation of two more added fields Version, serial number, signature Algorithm, issuer, validity period, subject name, subject's public-key information To handle the possibility of reuse of issuer and/or subject names through time Issuer's signature
Interpretation of contents Version, serial number, signature Algorithm, issuer, validity period, subject name, subject's public-key information Issuer unique identifier, subject unique identifier Key and policy information, subject and issuerattributes, certificateion path constraints, extension related CRL's Issuer's signature
22
LAMPIRAN 3 Implementasi Utils.java /* * To change this template, choose Tools | Templates * and open the template in the editor. */ package ui; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import java.security.SecureRandom; import java.security.MessageDigest; import java.security.KeyPair; import java.security.PublicKey; import java.security.PrivateKey; import java.security.KeyPairGenerator; import java.math.BigInteger; //import java.security.*; import java.security.cert.X509Certificate; import java.util.Date; //import java.security.KeyPair; //import java.security.PrivateKey; //import java.security.cert.X509Certificate; import javax.security.auth.x500.X500PrivateCredential; import javax.security.auth.x500.X500Principal; import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; import javax.crypto.spec.IvParameterSpec; import org.bouncycastle.asn1.x509.*; import org.bouncycastle.x509.*; import org.bouncycastle.x509.extension.*; /** * * @author aboy */ public class Utils { //from chapter2 utils private static String digits="0123456789abcdef"; public static String toHex(byte[] data, int length) { StringBuffer buff=new StringBuffer(); for (int i=0;i!=length; i++) { int v=data[i] & 0xff; buff.append(digits.charAt(v>>4)); buff.append(digits.charAt(v&0xf)); } return buff.toString(); } public static String toHex(byte[] data) { return toHex(data, data.length); } //chapter3 utils public static SecretKey createKeyForAES(int bitLength, SecureRandom random) throws NoSuchAlgorithmException, NoSuchProviderException { KeyGenerator generator=KeyGenerator.getInstance("AES","BC"); generator.init(256, random); return generator.generateKey(); } public static IvParameterSpec createCtrIvForAES(int messageNumber, SecureRandom random) { byte[] ivBytes=new byte[16]; random.nextBytes(ivBytes); ivBytes[0]=(byte)(messageNumber >>24);
23
ivBytes[1]=(byte)(messageNumber >>16); ivBytes[2]=(byte)(messageNumber >>8); ivBytes[3]=(byte)(messageNumber >>0); for (int i=0;i!=7;i++) { ivBytes[8+i]=0; } ivBytes[15]=1; return new IvParameterSpec(ivBytes); } public static String toString(byte[] bytes, int Length) { char[] chars=new char[Length]; for (int i=0;i!=chars.length;i++) { chars[i]=(char)(bytes[i] &0xff); } return new String(chars); } public static String toString(byte[] bytes) { return toString(bytes, bytes.length); } public static byte[] toByteArray(String string) { byte[] bytes=new byte[string.length()]; char[] chars=string.toCharArray(); for (int i=0;i!=chars.length;i++) { bytes[i]=(byte)chars[i]; } return bytes; } //chapter 4 private static class FixedRand extends SecureRandom { MessageDigest sha; byte[] state; FixedRand() { try { this.sha=MessageDigest.getInstance("SHA1","BC"); this.state=sha.digest(); } catch(Exception e) { throw new RuntimeException("Cant find SHA1"); } } public void nextBytes(byte[] bytes) { int off=0; sha.update(state); while (off < bytes.length) { state=sha.digest(); if (bytes.lengthoff>state.length) { System.arraycopy(state, 0, bytes, off, state.length); } else { System.arraycopy(state, 0, bytes, off, bytes.lengthoff); } off+= state.length; sha.update(state); } }
24
} public static SecureRandom createFixedRandom() { return new FixedRand(); } //chapter5 public static KeyPair generateRSAKeyPair() throws Exception { KeyPairGenerator kpGen=KeyPairGenerator.getInstance("RSA","BC" ); kpGen.initialize(1024, new SecureRandom()); return kpGen.generateKeyPair(); } public static KeyPair generateElGamalKeyPair() throws Exception { KeyPairGenerator kpGen=KeyPairGenerator.getInstance("ElGamal","BC"); kpGen.initialize(256,new SecureRandom()); return kpGen.generateKeyPair(); } public static KeyPair generateDSAKeyPair() throws Exception { KeyPairGenerator kpGen=KeyPairGenerator.getInstance("DSA", "BC"); kpGen.initialize(512, new SecureRandom()); return kpGen.generateKeyPair(); } public static KeyPair generaterootDSAKeyPair()throws Exception { KeyPairGenerator kpGen=KeyPairGenerator.getInstance("DSA","BC"); kpGen.initialize(512, Utils.createFixedRandom()); return kpGen.generateKeyPair(); } //chapter7 private static final int VALIDITY_PERIOD=7*24*60*60*1000; public static X509Certificate generateRootCert(KeyPair pair) throws Exception { X509V1CertificateGenerator certGen=new X509V1CertificateGenerator(); certGen.setSerialNumber(BigInteger.valueOf(1)); certGen.setIssuerDN(new X500Principal("CN=Test CA Certificate")); certGen.setNotBefore(new Date(System.currentTimeMillis())); certGen.setNotAfter(new Date(System.currentTimeMillis()+VALIDITY_PERIOD)); certGen.setSubjectDN(new X500Principal("CN=Test CA Certificate")); certGen.setPublicKey(pair.getPublic()); certGen.setSignatureAlgorithm("SHA1WithDSA"); return certGen.generateX509Certificate(pair.getPrivate(),"BC"); } public static X509Certificate generateIntermediateCert(PublicKey intKey, PrivateKey caKey, X509Certificate caCert ) throws Exception { X509V3CertificateGenerator certGen=new X509V3CertificateGenerator(); certGen.setSerialNumber(BigInteger.valueOf(1)); certGen.setIssuerDN(caCert.getSubjectX500Principal()); certGen.setNotBefore(new Date(System.currentTimeMillis())); certGen.setNotAfter(new Date(System.currentTimeMillis()+VALIDITY_PERIOD)); certGen.setSubjectDN(new X500Principal("CN=TEST Intermediate Certificate")); certGen.setPublicKey(intKey); certGen.setSignatureAlgorithm("SHA1WithDSA"); certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert)); certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(intKey)); certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(0)); certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature|KeyUsage.keyCertSign|KeyUsage.cRLSign));
25
return certGen.generateX509Certificate(caKey, "BC"); } public static X509Certificate generateEndEntityCert(PublicKey entityKey, PrivateKey caKey, X509Certificate caCert)throws Exception { X509V3CertificateGenerator certGen=new X509V3CertificateGenerator(); certGen.setSerialNumber(BigInteger.valueOf(1)); certGen.setIssuerDN(caCert.getSubjectX500Principal()); certGen.setNotBefore(new Date(System.currentTimeMillis())); certGen.setNotAfter(new Date(System.currentTimeMillis()+VALIDITY_PERIOD)); certGen.setSubjectDN(new X500Principal("CN=test end Certificate")); certGen.setPublicKey(entityKey); certGen.setSignatureAlgorithm("SHA1WithDSA"); certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert)); certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(entityKey)); certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false)); certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature|KeyUsage.keyEncipherment)); return certGen.generateX509Certificate(caKey,"BC"); } //chapter 8 public static String ROOT_ALIAS="root"; public static String INTERMEDIATE_ALIAS="intermediate"; public static String END_ENTITY_ALIAS="end"; //generate a x500privatecredential for the root entity. public static X500PrivateCredential createRootCredential()throws Exception { KeyPair rootPair=generateDSAKeyPair(); X509Certificate rootCert=generateRootCert(rootPair); return new X500PrivateCredential(rootCert, rootPair.getPrivate(), ROOT_ALIAS); } //generate a x500Privatecredential for the intermediate centity public static X500PrivateCredential createIntermediateCredential(PrivateKey caKey, X509Certificate caCert) throws Exception { KeyPair interPair=generateDSAKeyPair(); X509Certificate interCert=generateIntermediateCert(interPair.getPublic(), caKey, caCert); return new X500PrivateCredential(interCert, interPair.getPrivate(), INTERMEDIATE_ALIAS); } //generate a x500Privatecredential for the end entity public static X500PrivateCredential createEndEntityCredential(PrivateKey caKey,X509Certificate caCert) throws Exception { KeyPair endPair=generateDSAKeyPair(); X509Certificate endCert=generateEndEntityCert(endPair.getPublic(), caKey, caCert); return new X500PrivateCredential(endCert, endPair.getPrivate(), END_ENTITY_ALIAS); } }
26
