Example 6 with CryptoException
use of org.kse.crypto.CryptoException in project keystore-explorer by kaikramer.
the class X509CertUtil method loadCertificates.
/**
* Load one or more certificates from the specified stream.
*
* @param is
* Stream to load certificates from
* @return The certificates
* @throws CryptoException
* Problem encountered while loading the certificate(s)
*/
public static X509Certificate[] loadCertificates(InputStream is) throws CryptoException {
byte[] certsBytes = null;
try {
certsBytes = ReadUtil.readFully(is);
// fix common input certificate problems by converting PEM/B64 to DER
certsBytes = fixCommonInputCertProblems(certsBytes);
is = new ByteArrayInputStream(certsBytes);
CertificateFactory cf = CertificateFactory.getInstance(X509_CERT_TYPE, BOUNCY_CASTLE.jce());
Collection<? extends Certificate> certs = cf.generateCertificates(is);
ArrayList<X509Certificate> loadedCerts = new ArrayList<X509Certificate>();
for (Iterator<? extends Certificate> itr = certs.iterator(); itr.hasNext(); ) {
X509Certificate cert = (X509Certificate) itr.next();
if (cert != null) {
loadedCerts.add(cert);
}
}
return loadedCerts.toArray(new X509Certificate[loadedCerts.size()]);
} catch (IOException | NoSuchProviderException ex) {
throw new CryptoException(res.getString("NoLoadCertificate.exception.message"), ex);
} catch (CertificateException ex) {
// Failed to load certificates, may be pki path encoded - try loading as that
try {
return loadCertificatesPkiPath(new ByteArrayInputStream(certsBytes));
} catch (CryptoException ex2) {
throw new CryptoException(res.getString("NoLoadCertificate.exception.message"), ex);
}
} finally {
IOUtils.closeQuietly(is);
}
}
Also used :
ArrayList(java.util.ArrayList)
CertificateException(java.security.cert.CertificateException)
IOException(java.io.IOException)
CertificateFactory(java.security.cert.CertificateFactory)
X509Certificate(java.security.cert.X509Certificate)
ByteArrayInputStream(java.io.ByteArrayInputStream)
NoSuchProviderException(java.security.NoSuchProviderException)
CryptoException(org.kse.crypto.CryptoException)
Example 7 with CryptoException
use of org.kse.crypto.CryptoException in project keystore-explorer by kaikramer.
the class X509CertificateGenerator method generateVersion3.
private X509Certificate generateVersion3(X500Name subject, X500Name issuer, Date validityStart, Date validityEnd, PublicKey publicKey, PrivateKey privateKey, SignatureType signatureType, BigInteger serialNumber, X509Extension extensions, Provider provider) throws CryptoException, CertIOException {
Date notBefore = validityStart == null ? new Date() : validityStart;
Date notAfter = validityEnd == null ? new Date(notBefore.getTime() + TimeUnit.DAYS.toMillis(365)) : validityEnd;
JcaX509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(issuer, serialNumber, notBefore, notAfter, subject, publicKey);
if (extensions != null) {
for (String oid : extensions.getCriticalExtensionOIDs()) {
certBuilder.addExtension(new ASN1ObjectIdentifier(oid), true, getExtensionValue(extensions, oid));
}
for (String oid : extensions.getNonCriticalExtensionOIDs()) {
certBuilder.addExtension(new ASN1ObjectIdentifier(oid), false, getExtensionValue(extensions, oid));
}
}
try {
ContentSigner certSigner = null;
if (provider == null) {
certSigner = new JcaContentSignerBuilder(signatureType.jce()).setProvider("BC").build(privateKey);
} else {
certSigner = new JcaContentSignerBuilder(signatureType.jce()).setProvider(provider).build(privateKey);
}
return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certBuilder.build(certSigner));
} catch (CertificateException | IllegalStateException | OperatorCreationException ex) {
throw new CryptoException(res.getString("CertificateGenFailed.exception.message"), ex);
}
}
Also used :
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
ContentSigner(org.bouncycastle.operator.ContentSigner)
CertificateException(java.security.cert.CertificateException)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
CryptoException(org.kse.crypto.CryptoException)
Date(java.util.Date)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 8 with CryptoException
use of org.kse.crypto.CryptoException in project keystore-explorer by kaikramer.
the class ExamineClipboardAction method showCert.
private void showCert(InputStream is) throws CryptoException {
X509Certificate[] certs = null;
try {
certs = X509CertUtil.loadCertificates(is);
if (certs.length == 0) {
JOptionPane.showMessageDialog(frame, res.getString("ExamineClipboardAction.NoCertsFound.message"), res.getString("ExamineClipboardAction.OpenCertificate.Title"), JOptionPane.WARNING_MESSAGE);
}
} catch (Exception ex) {
String problemStr = res.getString("ExamineClipboardAction.NoOpenCert.Problem");
String[] causes = new String[] { res.getString("ExamineClipboardAction.NotCert.Cause"), res.getString("ExamineClipboardAction.CorruptedCert.Cause") };
Problem problem = new Problem(problemStr, causes, ex);
DProblem dProblem = new DProblem(frame, res.getString("ExamineClipboardAction.ProblemOpeningCert.Title"), problem);
dProblem.setLocationRelativeTo(frame);
dProblem.setVisible(true);
}
if (certs != null && certs.length > 0) {
DViewCertificate dViewCertificate = new DViewCertificate(frame, res.getString("ExamineClipboardAction.CertDetails.Title"), certs, kseFrame, DViewCertificate.IMPORT);
dViewCertificate.setLocationRelativeTo(frame);
dViewCertificate.setVisible(true);
}
}
Also used :
DViewCertificate(org.kse.gui.dialogs.DViewCertificate)
Problem(org.kse.gui.error.Problem)
DProblem(org.kse.gui.error.DProblem)
X509Certificate(java.security.cert.X509Certificate)
CryptoException(org.kse.crypto.CryptoException)
UnsupportedFlavorException(java.awt.datatransfer.UnsupportedFlavorException)
IOException(java.io.IOException)
DProblem(org.kse.gui.error.DProblem)
Example 9 with CryptoException
use of org.kse.crypto.CryptoException in project keystore-explorer by kaikramer.
the class MsPvkUtil method decryptPrivateKeyBlob.
private static byte[] decryptPrivateKeyBlob(byte[] encryptedPvk, byte[] rc4Key) throws CryptoException {
try {
SecretKeySpec rc4KeySpec = new SecretKeySpec(rc4Key, "RC4");
Cipher rc42 = Cipher.getInstance("RC4");
rc42.init(Cipher.DECRYPT_MODE, rc4KeySpec);
byte[] decryptedKeyBlob = rc42.doFinal(encryptedPvk);
// First four bytes will be "RSA2" if successful for an RSA private key
if (// R
(decryptedKeyBlob[0] == 82) && // S
(decryptedKeyBlob[1] == 83) && // A
(decryptedKeyBlob[2] == 65) && // 2
(decryptedKeyBlob[3] == 50)) {
return decryptedKeyBlob;
} else // First four bytes will be "DSS2" if successful for a DSA private key
if (// D
(decryptedKeyBlob[0] == 68) && // S
(decryptedKeyBlob[1] == 83) && // S
(decryptedKeyBlob[2] == 83) && // 2
(decryptedKeyBlob[3] == 50)) {
return decryptedKeyBlob;
} else {
return null;
}
} catch (GeneralSecurityException ex) {
throw new CryptoException(res.getString("PrivateKeyBlobRc4DecryptionFailed.exception.message"), ex);
}
}
Also used :
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
GeneralSecurityException(java.security.GeneralSecurityException)
Cipher(javax.crypto.Cipher)
CryptoException(org.kse.crypto.CryptoException)
Example 10 with CryptoException
use of org.kse.crypto.CryptoException in project keystore-explorer by kaikramer.
the class MsPvkUtil method getInternal.
private static byte[] getInternal(PrivateKey privateKey, int keyType) throws CryptoException {
try {
// Write PVK to a byte buffer set up to write little endian
ByteBuffer bb = ByteBuffer.wrap(new byte[PVK_BUFFER_LENGTH]);
bb.order(ByteOrder.LITTLE_ENDIAN);
// Write magic number, reserved and and key type fields
writeReservedMagicKeyType(bb, keyType);
// Get unencrypted private key blob
byte[] privateKeyBlob = null;
if (privateKey instanceof RSAPrivateCrtKey) {
privateKeyBlob = rsaPrivateKeyToBlob((RSAPrivateCrtKey) privateKey);
} else {
privateKeyBlob = dsaPrivateKeyToBlob((DSAPrivateKey) privateKey);
}
// Write type field - unencrypted
UnsignedUtil.putInt(bb, PVK_UNENCRYPTED);
// Write salt length - unencrypted so no salt, length = 0
UnsignedUtil.putInt(bb, UNENCRYPTED_SALT_LENGTH);
// Write key length field - length of the blob plus length of blob header
long keyLength = privateKeyBlob.length + BLOB_HEADER_LENGTH;
UnsignedUtil.putInt(bb, keyLength);
// Write private key blob header
writePrivateKeyBlobHeader(bb, keyType, privateKey);
// Write private key blob
bb.put(privateKeyBlob);
byte[] pvk = getBufferBytes(bb);
return pvk;
} catch (IOException ex) {
throw new CryptoException(res.getString("NoGetMsPvk.exception.message"), ex);
}
}
Also used :
RSAPrivateCrtKey(java.security.interfaces.RSAPrivateCrtKey)
DSAPrivateKey(java.security.interfaces.DSAPrivateKey)
IOException(java.io.IOException)
CryptoException(org.kse.crypto.CryptoException)
ByteBuffer(java.nio.ByteBuffer)
Aggregations
CryptoException (org.kse.crypto.CryptoException)80
GeneralSecurityException (java.security.GeneralSecurityException)22
IOException (java.io.IOException)21
X509Certificate (java.security.cert.X509Certificate)21
KeyStore (java.security.KeyStore)16
KeyStoreException (java.security.KeyStoreException)13
BigInteger (java.math.BigInteger)11
DError (org.kse.gui.error.DError)10
ByteArrayInputStream (java.io.ByteArrayInputStream)9
File (java.io.File)9
DefaultMutableTreeNode (javax.swing.tree.DefaultMutableTreeNode)9
ByteBuffer (java.nio.ByteBuffer)8
CertificateException (java.security.cert.CertificateException)8
PrivateKey (java.security.PrivateKey)7
KeyFactory (java.security.KeyFactory)6
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)6
CertificateFactory (java.security.cert.CertificateFactory)6
DSAPrivateKey (java.security.interfaces.DSAPrivateKey)6
RSAPrivateCrtKey (java.security.interfaces.RSAPrivateCrtKey)6
Cipher (javax.crypto.Cipher)6
