Example 1 with PrivateKeyType
use of org.nhindirect.config.ui.util.PrivateKeyType in project nhin-d by DirectProject.
the class CertificatesController method addCertificate.
@PreAuthorize("hasRole('ROLE_ADMIN')")
@RequestMapping(value = "/addcertificate", method = RequestMethod.POST)
public ModelAndView addCertificate(@RequestHeader(value = "X-Requested-With", required = false) String requestedWith, HttpSession session, @ModelAttribute CertificateForm certificateForm, Model model, @RequestParam(value = "submitType") String actionPath) {
final ModelAndView mav = new ModelAndView();
String strid = "";
//if (log.isDebugEnabled())
log.error("Enter domain/addcertificate");
if (actionPath.equalsIgnoreCase("cancel")) {
if (log.isDebugEnabled())
log.debug("trying to cancel from saveupdate");
final SearchDomainForm form2 = (SearchDomainForm) session.getAttribute("searchDomainForm");
model.addAttribute(form2 != null ? form2 : new SearchDomainForm());
model.addAttribute("ajaxRequest", AjaxUtils.isAjaxRequest(requestedWith));
mav.setViewName("main");
mav.addObject("privKeyTypeList", PrivateKeyType.getPrivKeyTypeList());
mav.addObject("statusList", EntityStatus.getEntityStatusList());
return mav;
}
if (actionPath.equalsIgnoreCase("newcertificate") || actionPath.equalsIgnoreCase("add certificate")) {
log.debug("Attempting to add certificate");
if (this.keyManager == null)
log.debug("Key manager is null");
else
log.debug("Key manager is non-null");
strid = "" + certificateForm.getId();
// insert the new address into the Domain list of Addresses
final EntityStatus estatus = certificateForm.getStatus();
if (log.isDebugEnabled())
log.debug("beginning to evaluate filedata");
try {
model.addAttribute("certerror", false);
model.addAttribute("passphraseError", false);
if (!certificateForm.getFileData().isEmpty()) {
final String passphrase = (certificateForm.getKeyPassphrase() == null) ? "" : certificateForm.getKeyPassphrase();
PrivateKeyType privKeyType = PrivateKeyType.fromString(certificateForm.getPrivKeyType());
if ((privKeyType == PrivateKeyType.PKCS8_PASSPHRASE || privKeyType == PrivateKeyType.PKCS_12_PASSPHRASE) && StringUtils.isEmpty(passphrase)) {
// can't move on if a passphrase is required and one is not supplied
model.addAttribute("passphraseError", true);
} else {
byte[] certOrP12Bytes = certificateForm.getFileData().getBytes();
byte[] privateKeyBytes = null;
if (privKeyType == PrivateKeyType.PKCS_12_PASSPHRASE || privKeyType == PrivateKeyType.PKCS_12_UNPROTECTED) {
log.debug("Converting byte stream to cert container");
// there is a private key present.. normalized it to an unproted format
//if (cont.getKey() != null)
//{
log.debug("Private key exists; normalizing to non-protected p12 format.");
certOrP12Bytes = CertUtils.changePkcs12Protection(certOrP12Bytes, passphrase.toCharArray(), passphrase.toCharArray(), "".toCharArray(), "".toCharArray());
//}
} else if (privKeyType != PrivateKeyType.NONE) {
// there is a private key file associated with this request
privateKeyBytes = certificateForm.getPrivKeyData().getBytes();
// get the private key... it may be different formats, so be on the watch
if (privKeyType == PrivateKeyType.PKCS8_PASSPHRASE) {
// key
try {
final EncryptedPrivateKeyInfo encryptPKInfo = new EncryptedPrivateKeyInfo(privateKeyBytes);
final Cipher cipher = Cipher.getInstance(encryptPKInfo.getAlgName());
final PBEKeySpec pbeKeySpec = new PBEKeySpec(passphrase.toCharArray());
final SecretKeyFactory secFac = SecretKeyFactory.getInstance(encryptPKInfo.getAlgName());
final Key pbeKey = secFac.generateSecret(pbeKeySpec);
final AlgorithmParameters algParams = encryptPKInfo.getAlgParameters();
cipher.init(Cipher.DECRYPT_MODE, pbeKey, algParams);
final KeySpec pkcs8KeySpec = encryptPKInfo.getKeySpec(cipher);
final KeyFactory kf = KeyFactory.getInstance("RSA");
privateKeyBytes = kf.generatePrivate(pkcs8KeySpec).getEncoded();
} catch (Exception e) {
return mav;
}
}
}
String owner = "";
final String fileType = certificateForm.getFileData().getContentType();
if (!fileType.matches("application/x-x509-ca-cert") && !fileType.matches("application/octet-stream") && !fileType.matches("application/x-pkcs12")) {
model.addAttribute("certerror", true);
} else {
final Certificate cert = new Certificate();
// convert the cert and key to the proper storage format
cert.setData(toCertDataFormat(certOrP12Bytes, privateKeyBytes, privKeyType));
cert.setOwner(owner);
cert.setStatus(org.nhindirect.config.model.EntityStatus.valueOf(estatus.toString()));
final ArrayList<Certificate> certlist = new ArrayList<Certificate>();
certlist.add(cert);
log.debug("Adding certificate to config store.");
certService.addCertificate(cert);
log.debug("Certificate add SUCCESSFUL");
}
}
} else {
if (log.isDebugEnabled())
log.debug("DO NOT store the certificate into database BECAUSE THERE IS NO FILE");
}
} catch (ServiceException ed) {
log.error(ed);
} catch (Exception e) {
log.error(e);
e.printStackTrace();
}
// certificate form and result
try {
final Collection<Certificate> certs = certService.getAllCertificates();
if (this.keyManager != null && this.keyManager instanceof MutableKeyStoreProtectionManager) {
final KeyStore keyStore = ((MutableKeyStoreProtectionManager) keyManager).getKS();
// the key store manager to see if they have private keys
for (Certificate cert : certs) {
if (!cert.isPrivateKey()) {
try {
final X509Certificate checkCert = CertUtils.toX509Certificate(cert.getData());
final String alias = keyStore.getCertificateAlias(checkCert);
if (!StringUtils.isEmpty(alias)) {
// check if this entry has a private key associated with
// it
final PrivateKey privKey = (PrivateKey) keyStore.getKey(alias, "".toCharArray());
if (privKey != null)
cert.setPrivateKey(true);
}
} catch (Exception e) {
}
}
}
}
model.addAttribute("certificatesResults", certs);
final CertificateForm cform = new CertificateForm();
cform.setId(0);
model.addAttribute("certificateForm", cform);
} catch (ServiceException e1) {
e1.printStackTrace();
}
model.addAttribute("ajaxRequest", AjaxUtils.isAjaxRequest(requestedWith));
final SimpleForm simple = new SimpleForm();
simple.setId(Long.parseLong(strid));
model.addAttribute("simpleForm", simple);
mav.setViewName("certificates");
// the Form's default button action
final String action = "Update";
model.addAttribute("action", action);
model.addAttribute("ajaxRequest", AjaxUtils.isAjaxRequest(requestedWith));
mav.addObject("privKeyTypeList", PrivateKeyType.getPrivKeyTypeList());
mav.addObject("statusList", EntityStatus.getEntityStatusList());
}
return mav;
}
Also used :
PBEKeySpec(javax.crypto.spec.PBEKeySpec)
CertificateForm(org.nhindirect.config.ui.form.CertificateForm)
SimpleForm(org.nhindirect.config.ui.form.SimpleForm)
PrivateKey(java.security.PrivateKey)
KeySpec(java.security.spec.KeySpec)
PBEKeySpec(javax.crypto.spec.PBEKeySpec)
PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec)
ModelAndView(org.springframework.web.servlet.ModelAndView)
ArrayList(java.util.ArrayList)
SearchDomainForm(org.nhindirect.config.ui.form.SearchDomainForm)
MutableKeyStoreProtectionManager(org.nhindirect.common.crypto.MutableKeyStoreProtectionManager)
EntityStatus(org.nhindirect.config.model.EntityStatus)
SecretKeyFactory(javax.crypto.SecretKeyFactory)
KeyFactory(java.security.KeyFactory)
SecretKeyFactory(javax.crypto.SecretKeyFactory)
KeyStore(java.security.KeyStore)
ServiceException(org.nhindirect.common.rest.exceptions.ServiceException)
IOException(java.io.IOException)
CryptoException(org.nhindirect.common.crypto.exceptions.CryptoException)
X509Certificate(java.security.cert.X509Certificate)
PrivateKeyType(org.nhindirect.config.ui.util.PrivateKeyType)
ServiceException(org.nhindirect.common.rest.exceptions.ServiceException)
EncryptedPrivateKeyInfo(javax.crypto.EncryptedPrivateKeyInfo)
Cipher(javax.crypto.Cipher)
Key(java.security.Key)
PrivateKey(java.security.PrivateKey)
SecretKey(javax.crypto.SecretKey)
AlgorithmParameters(java.security.AlgorithmParameters)
X509Certificate(java.security.cert.X509Certificate)
Certificate(org.nhindirect.config.model.Certificate)
PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Aggregations
IOException (java.io.IOException)1
AlgorithmParameters (java.security.AlgorithmParameters)1
Key (java.security.Key)1
KeyFactory (java.security.KeyFactory)1
KeyStore (java.security.KeyStore)1
PrivateKey (java.security.PrivateKey)1
X509Certificate (java.security.cert.X509Certificate)1
KeySpec (java.security.spec.KeySpec)1
PKCS8EncodedKeySpec (java.security.spec.PKCS8EncodedKeySpec)1
ArrayList (java.util.ArrayList)1
Cipher (javax.crypto.Cipher)1
EncryptedPrivateKeyInfo (javax.crypto.EncryptedPrivateKeyInfo)1
SecretKey (javax.crypto.SecretKey)1
SecretKeyFactory (javax.crypto.SecretKeyFactory)1
PBEKeySpec (javax.crypto.spec.PBEKeySpec)1
MutableKeyStoreProtectionManager (org.nhindirect.common.crypto.MutableKeyStoreProtectionManager)1
CryptoException (org.nhindirect.common.crypto.exceptions.CryptoException)1
ServiceException (org.nhindirect.common.rest.exceptions.ServiceException)1
Certificate (org.nhindirect.config.model.Certificate)1
EntityStatus (org.nhindirect.config.model.EntityStatus)1
