Skip to content

Latest commit

 

History

History
58 lines (42 loc) · 1.72 KB

README.md

File metadata and controls

58 lines (42 loc) · 1.72 KB

olca-license

A licensing framework for openLCA that can certify, sign and encrypt data library.

Create the Certificate Authority (CA)

  • Create the Root CA - that has to later be stored offline - with root_ca.sh.
  • Create the server CA (Nexus) subordinated from the Root CA with nexus_ca.sh and store the nexus-ca folder into the server /etc/ssl/certs/ directory.

Certify a data library

Once the certificate authority is created and stored in the server, one can start certifying data libraries.

First, create a Licensor instance with the CA File folder as an input:

var ca = new File("path/to/the/certificate/authority");
var licensor = Licensor.getInstance(ca);

Then, certify the library by inputting the ZipInputStream of the compressed raw library, the destination ZipOutputStream, the password provided by the user of the library and the CertificateInfo object holding the start and expiration date and the subject and issuer information:

var info = licensor.createCertificateInfo(notBefore, notAfter, subject);
try (var output = new ZipOutputStream(new FileOutputStream(library))) {
    licensor.license(input, output, PASSWORD_LIB, info);
}

If the end date of the certificate is not determined, it is possible to omit it:

var info = licensor.createCertificateInfo(notBefore, subject);

Check the information of an issued certificate

An X.509 certificate can be stored with respect with the industry standard as a key encoded in Base64:

-----BEGIN CERTIFICATE-----
<certificate key>
-----END CERTIFICATE-----

This certificate can be converted in a more readable format by using the following command:

openssl x509 -text -in issued-cert.crt -noout