Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/greendelta/olca-license

A data library licensing framework for openLCA.
https://github.com/greendelta/olca-license

Last synced: 7 days ago
JSON representation

A data library licensing framework for openLCA.

Awesome Lists containing this project

README

        

# olca-license

A licensing framework for openLCA that can certify, sign and encrypt data library.

## Create the Certificate Authority (CA)

- Create the Root CA - that has to later be stored offline - with `root_ca.sh`.
- Create the server CA (Nexus) subordinated from the Root CA with
`nexus_ca.sh` and store the `nexus-ca` folder into the server
`/etc/ssl/certs/` directory.

## Certify a data library

Once the certificate authority is created and stored in the server, one can
start certifying data libraries.

First, create a `Licensor` instance with the CA `File` folder as an input:

```java
var ca = new File("path/to/the/certificate/authority");
var licensor = Licensor.getInstance(ca);
```

Then, certify the library by inputting the `ZipInputStream` of the compressed
raw library, the destination `ZipOutputStream`, the password provided by the
user of the library and the `CertificateInfo` object holding the start and
expiration date and the subject and issuer information:

```java
var info = licensor.createCertificateInfo(notBefore, notAfter, subject);
try (var output = new ZipOutputStream(new FileOutputStream(library))) {
licensor.license(input, output, PASSWORD_LIB, info);
}
```
If the end date of the certificate is not determined, it is possible to omit it:

```java
var info = licensor.createCertificateInfo(notBefore, subject);
```

## Check the information of an issued certificate

An X.509 certificate can be stored with respect with the industry standard as a
key encoded in `Base64`:

```bash
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
```

This certificate can be converted in a more readable format by using the
following command:

```bash
openssl x509 -text -in issued-cert.crt -noout
```