/*********************************************************************/ /* CS255 Project 2 */ /*********************************************************************/ I. Group Info: He, Changhua username: changhua SUID: 5155486 Jin, Weiyin username: lucyjin SUID: 5157548 II. Project Implementation: Part A: Obtain Long-Term Cerficates =================================== We first generated four keystores from the command line by using the "keytool -genkey -alias ... " command. The four keystores correspond to the client, the server, the privateCA, and the RegistrationCA. At this stage, all keystores only contain one entry which is the entity's key pair and the self signed certificate. We then used the "keytool -import ..." command to import to each KeyStore the appropriate trusted entities. Then we called the RegCA() to generate a certificate for each of the online entities. So the self-signed certificate of each entity is replaced by the Registration CA's signed certificate. File Created: Chat/RegCA.java: public RegCA(String appKeyStoreName, String appPassword, String alias, String aliasPassword) This function signs the entity with the given alias and appKeyStoreName using its public key. As a result, the KeyStores of client, server, and privateCA are modified. Client and Server should each have one key-entry and 2 trusted entities, namely Registration CA and the privacy CA. The private CA should only have Registration CA as the trusted entity, and finally the Registration CA should only has its keyentry in the KeyStore. Part B: Obtain Chat Certificates ================================ We first established SSL connection between client<->PCA, client<->server, and when offensive client appears, establish server<->PCA. For the implementation here, we just referred to the SSL example code provided by the project description. Note, when a party is making connection to another party, it uses its own keystore to establish the keyManagerFactory and the TrustedManagerFactory. So, upon connection, each pair of parties will verify the validity of the connecting party's certificate. The client waits for the PCA to generate a ChatCertificate and then once the signed certificate is generated, the client set that certificate in its own KeyStore using the function setKeyEntry. On the PCA's side, when it is generating the chat certificate, it replace the real name of the client by a random string which we call the pseudonym. We generated the pseudonym by simply generating a random number and convert it to a string. The PCA also keeps a table with records of the client's real identity with the corresponding pseudonym. Modified Files: Chat/PCA.java Chat/ChatClient.java Chat/ChatServer.java Chat/ChatServerThread.java Part C: Revoke Certificates =========================== Upon established all connections and checking all necessary certificates, we have a functioning system. We defined the word "bomb" as offensive, thus whenever the user types the word "bomb" we took the following actions: 1. The server close the connection, and that word would not be displayed in the Chat Room and will not be seen by other users. 2. The Server store the chat certificate of the client who sent this offensive word to its CRL and it will reject the future connection with the same certificate. 4. Server sends over the pseudonym to the PCA. 5. PCA looks up its table of record, figure out the corresponding real name of the offensive client. 6. PCA adds the general purpose certificate that the client got from RCA to its CRL. 7. PCA will reject further chat certificate request from the same client by checking if that general purpose certificate is in its CRL. =========================================================================== We created the new MyX509TrustedManager interface out of the TrustedManager, but with the added feature that we have to check to see if the client is banned or not by checking in the CRL the certificate of the client. If it is banned, then we need to throw a certificate exception indicating that it is banned. We replaced the original TrustedManager typed object in the SSL connection with this new interface in all files where SSL connection is involved. Modified Files: Chat/PCA.java Chat/ChatServer.java Chat/ClientRecord.java Created Files: Chat/myX509TrustedManager.java Also the Makefile is modified accordingly whenever a new .java file is created.