Example 31 with Password
use of org.kse.crypto.Password in project keystore-explorer by kaikramer.
the class ExportKeyPairPrivateKeyAction method exportAsOpenSsl.
private void exportAsOpenSsl(PrivateKey privateKey, String alias) throws CryptoException, IOException {
File exportFile = null;
try {
DExportPrivateKeyOpenSsl dExportPrivateKeyOpenSsl = new DExportPrivateKeyOpenSsl(frame, alias, applicationSettings.getPasswordQualityConfig());
dExportPrivateKeyOpenSsl.setLocationRelativeTo(frame);
dExportPrivateKeyOpenSsl.setVisible(true);
if (!dExportPrivateKeyOpenSsl.exportSelected()) {
return;
}
exportFile = dExportPrivateKeyOpenSsl.getExportFile();
boolean pemEncode = dExportPrivateKeyOpenSsl.pemEncode();
boolean encrypt = dExportPrivateKeyOpenSsl.encrypt();
OpenSslPbeType pbeAlgorithm = null;
Password exportPassword = null;
if (encrypt) {
pbeAlgorithm = dExportPrivateKeyOpenSsl.getPbeAlgorithm();
exportPassword = dExportPrivateKeyOpenSsl.getExportPassword();
}
byte[] encoded = getOpenSslEncodedPrivateKey(privateKey, pemEncode, pbeAlgorithm, exportPassword);
exportEncodedPrivateKey(encoded, exportFile);
JOptionPane.showMessageDialog(frame, res.getString("ExportKeyPairPrivateKeyAction.ExportPrivateKeyOpenSslSuccessful.message"), res.getString("ExportKeyPairPrivateKeyAction.ExportPrivateKeyOpenSsl.Title"), JOptionPane.INFORMATION_MESSAGE);
} catch (FileNotFoundException ex) {
String message = MessageFormat.format(res.getString("ExportKeyPairPrivateKeyAction.NoWriteFile.message"), exportFile);
JOptionPane.showMessageDialog(frame, message, res.getString("ExportKeyPairPrivateKeyAction.ExportPrivateKeyOpenSsl.Title"), JOptionPane.WARNING_MESSAGE);
}
}
Also used :
DExportPrivateKeyOpenSsl(org.kse.gui.dialogs.importexport.DExportPrivateKeyOpenSsl)
FileNotFoundException(java.io.FileNotFoundException)
OpenSslPbeType(org.kse.crypto.privatekey.OpenSslPbeType)
File(java.io.File)
Password(org.kse.crypto.Password)
Example 32 with Password
use of org.kse.crypto.Password in project keystore-explorer by kaikramer.
the class ExportKeyPairPrivateKeyAction method exportAsPkcs8.
private void exportAsPkcs8(PrivateKey privateKey, String alias) throws CryptoException, IOException {
File exportFile = null;
try {
DExportPrivateKeyPkcs8 dExportPrivateKeyPkcs8 = new DExportPrivateKeyPkcs8(frame, alias, applicationSettings.getPasswordQualityConfig());
dExportPrivateKeyPkcs8.setLocationRelativeTo(frame);
dExportPrivateKeyPkcs8.setVisible(true);
if (!dExportPrivateKeyPkcs8.exportSelected()) {
return;
}
exportFile = dExportPrivateKeyPkcs8.getExportFile();
boolean pemEncode = dExportPrivateKeyPkcs8.pemEncode();
boolean encrypt = dExportPrivateKeyPkcs8.encrypt();
Pkcs8PbeType pbeAlgorithm = null;
Password exportPassword = null;
if (encrypt) {
pbeAlgorithm = dExportPrivateKeyPkcs8.getPbeAlgorithm();
exportPassword = dExportPrivateKeyPkcs8.getExportPassword();
}
byte[] encoded = getPkcs8EncodedPrivateKey(privateKey, pemEncode, pbeAlgorithm, exportPassword);
exportEncodedPrivateKey(encoded, exportFile);
JOptionPane.showMessageDialog(frame, res.getString("ExportKeyPairPrivateKeyAction.ExportPrivateKeyPkcs8Successful.message"), res.getString("ExportKeyPairPrivateKeyAction.ExportPrivateKeyPkcs8.Title"), JOptionPane.INFORMATION_MESSAGE);
} catch (FileNotFoundException ex) {
String message = MessageFormat.format(res.getString("ExportKeyPairPrivateKeyAction.NoWriteFile.message"), exportFile);
JOptionPane.showMessageDialog(frame, message, res.getString("ExportKeyPairPrivateKeyAction.ExportPrivateKeyPkcs8.Title"), JOptionPane.WARNING_MESSAGE);
}
}
Also used :
DExportPrivateKeyPkcs8(org.kse.gui.dialogs.importexport.DExportPrivateKeyPkcs8)
Pkcs8PbeType(org.kse.crypto.privatekey.Pkcs8PbeType)
FileNotFoundException(java.io.FileNotFoundException)
File(java.io.File)
Password(org.kse.crypto.Password)
Example 33 with Password
use of org.kse.crypto.Password in project keystore-explorer by kaikramer.
the class GenerateCsrAction method doAction.
/**
* Do action.
*/
@Override
protected void doAction() {
File csrFile = null;
FileOutputStream fos = null;
try {
KeyStoreHistory history = kseFrame.getActiveKeyStoreHistory();
KeyStoreState currentState = history.getCurrentState();
Provider provider = history.getExplicitProvider();
String alias = kseFrame.getSelectedEntryAlias();
Password password = getEntryPassword(alias, currentState);
if (password == null) {
return;
}
KeyStore keyStore = currentState.getKeyStore();
PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, password.toCharArray());
String keyPairAlg = privateKey.getAlgorithm();
KeyPairType keyPairType = KeyPairUtil.getKeyPairType(privateKey);
if (keyPairType == null) {
throw new CryptoException(MessageFormat.format(res.getString("GenerateCsrAction.NoCsrForKeyPairAlg.message"), keyPairAlg));
}
// determine dir of current keystore as proposal for CSR file location
String path = CurrentDirectory.get().getAbsolutePath();
File keyStoreFile = history.getFile();
if (keyStoreFile != null) {
path = keyStoreFile.getAbsoluteFile().getParent();
}
DGenerateCsr dGenerateCsr = new DGenerateCsr(frame, alias, privateKey, keyPairType, path, provider);
dGenerateCsr.setLocationRelativeTo(frame);
dGenerateCsr.setVisible(true);
if (!dGenerateCsr.generateSelected()) {
return;
}
CsrType format = dGenerateCsr.getFormat();
SignatureType signatureType = dGenerateCsr.getSignatureType();
String challenge = dGenerateCsr.getChallenge();
String unstructuredName = dGenerateCsr.getUnstructuredName();
boolean useCertificateExtensions = dGenerateCsr.isAddExtensionsWanted();
csrFile = dGenerateCsr.getCsrFile();
X509Certificate firstCertInChain = X509CertUtil.orderX509CertChain(X509CertUtil.convertCertificates(keyStore.getCertificateChain(alias)))[0];
fos = new FileOutputStream(csrFile);
if (format == CsrType.PKCS10) {
String csr = Pkcs10Util.getCsrEncodedDerPem(Pkcs10Util.generateCsr(firstCertInChain, privateKey, signatureType, challenge, unstructuredName, useCertificateExtensions, provider));
fos.write(csr.getBytes());
} else {
SpkacSubject subject = new SpkacSubject(X500NameUtils.x500PrincipalToX500Name(firstCertInChain.getSubjectX500Principal()));
PublicKey publicKey = firstCertInChain.getPublicKey();
// TODO handle other providers (PKCS11 etc)
Spkac spkac = new Spkac(challenge, signatureType, subject, publicKey, privateKey);
spkac.output(fos);
}
} catch (FileNotFoundException ex) {
JOptionPane.showMessageDialog(frame, MessageFormat.format(res.getString("GenerateCsrAction.NoWriteFile.message"), csrFile), res.getString("GenerateCsrAction.GenerateCsr.Title"), JOptionPane.WARNING_MESSAGE);
return;
} catch (Exception ex) {
DError.displayError(frame, ex);
return;
} finally {
IOUtils.closeQuietly(fos);
}
JOptionPane.showMessageDialog(frame, res.getString("GenerateCsrAction.CsrGenerationSuccessful.message"), res.getString("GenerateCsrAction.GenerateCsr.Title"), JOptionPane.INFORMATION_MESSAGE);
}
Also used :
KeyStoreState(org.kse.utilities.history.KeyStoreState)
SpkacSubject(org.kse.crypto.csr.spkac.SpkacSubject)
KeyStoreHistory(org.kse.utilities.history.KeyStoreHistory)
PrivateKey(java.security.PrivateKey)
PublicKey(java.security.PublicKey)
FileNotFoundException(java.io.FileNotFoundException)
SignatureType(org.kse.crypto.signing.SignatureType)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
CryptoException(org.kse.crypto.CryptoException)
FileNotFoundException(java.io.FileNotFoundException)
Provider(java.security.Provider)
CsrType(org.kse.crypto.csr.CsrType)
Spkac(org.kse.crypto.csr.spkac.Spkac)
FileOutputStream(java.io.FileOutputStream)
DGenerateCsr(org.kse.gui.dialogs.DGenerateCsr)
KeyPairType(org.kse.crypto.keypair.KeyPairType)
CryptoException(org.kse.crypto.CryptoException)
File(java.io.File)
Password(org.kse.crypto.Password)
Example 34 with Password
use of org.kse.crypto.Password in project keystore-explorer by kaikramer.
the class GenerateKeyPairAction method generateKeyPair.
/**
* Generate a key pair (with certificate) in the currently opened KeyStore.
*
* @param issuerCert
* Issuer certificate for signing the new certificate
* @param issuerCertChain
* Chain of issuer certificate
* @param issuerPrivateKey
* Issuer's private key for signing
* @return Alias of new key pair
*/
public String generateKeyPair(X509Certificate issuerCert, X509Certificate[] issuerCertChain, PrivateKey issuerPrivateKey) {
String alias = "";
try {
int keyPairSize = applicationSettings.getGenerateKeyPairSize();
KeyPairType keyPairType = applicationSettings.getGenerateKeyPairType();
KeyStore activeKeyStore = kseFrame.getActiveKeyStore();
KeyStoreType activeKeyStoreType = KeyStoreType.resolveJce(activeKeyStore.getType());
KeyStoreHistory history = kseFrame.getActiveKeyStoreHistory();
Provider provider = history.getExplicitProvider();
DGenerateKeyPair dGenerateKeyPair = new DGenerateKeyPair(frame, activeKeyStoreType, keyPairType, keyPairSize);
dGenerateKeyPair.setLocationRelativeTo(frame);
dGenerateKeyPair.setVisible(true);
if (!dGenerateKeyPair.isSuccessful()) {
return "";
}
keyPairType = dGenerateKeyPair.getKeyPairType();
DGeneratingKeyPair dGeneratingKeyPair;
if (keyPairType != KeyPairType.EC) {
keyPairSize = dGenerateKeyPair.getKeyPairSize();
dGeneratingKeyPair = new DGeneratingKeyPair(frame, keyPairType, keyPairSize, provider);
applicationSettings.setGenerateKeyPairSize(keyPairSize);
applicationSettings.setGenerateKeyPairType(keyPairType);
} else {
String curveName = dGenerateKeyPair.getCurveName();
dGeneratingKeyPair = new DGeneratingKeyPair(frame, keyPairType, curveName, provider);
}
dGeneratingKeyPair.setLocationRelativeTo(frame);
dGeneratingKeyPair.startKeyPairGeneration();
dGeneratingKeyPair.setVisible(true);
KeyPair keyPair = dGeneratingKeyPair.getKeyPair();
if (keyPair == null) {
return "";
}
DGenerateKeyPairCert dGenerateKeyPairCert = new DGenerateKeyPairCert(frame, res.getString("GenerateKeyPairAction.GenerateKeyPairCert.Title"), keyPair, keyPairType, issuerCert, issuerPrivateKey, provider);
dGenerateKeyPairCert.setLocationRelativeTo(frame);
dGenerateKeyPairCert.setVisible(true);
X509Certificate certificate = dGenerateKeyPairCert.getCertificate();
if (certificate == null) {
return "";
}
KeyStoreState currentState = history.getCurrentState();
KeyStoreState newState = currentState.createBasisForNextState(this);
KeyStore keyStore = newState.getKeyStore();
DGetAlias dGetAlias = new DGetAlias(frame, res.getString("GenerateKeyPairAction.NewKeyPairEntryAlias.Title"), X509CertUtil.getCertificateAlias(certificate));
dGetAlias.setLocationRelativeTo(frame);
dGetAlias.setVisible(true);
alias = dGetAlias.getAlias();
if (alias == null) {
return "";
}
if (keyStore.containsAlias(alias)) {
String message = MessageFormat.format(res.getString("GenerateKeyPairAction.OverWriteEntry.message"), alias);
int selected = JOptionPane.showConfirmDialog(frame, message, res.getString("GenerateKeyPairAction.NewKeyPairEntryAlias.Title"), JOptionPane.YES_NO_OPTION);
if (selected != JOptionPane.YES_OPTION) {
return "";
}
}
Password password = new Password((char[]) null);
KeyStoreType keyStoreType = KeyStoreType.resolveJce(activeKeyStore.getType());
if (keyStoreType.hasEntryPasswords()) {
DGetNewPassword dGetNewPassword = new DGetNewPassword(frame, res.getString("GenerateKeyPairAction.NewKeyPairEntryPassword.Title"), applicationSettings.getPasswordQualityConfig());
dGetNewPassword.setLocationRelativeTo(frame);
dGetNewPassword.setVisible(true);
password = dGetNewPassword.getPassword();
if (password == null) {
return "";
}
}
if (keyStore.containsAlias(alias)) {
keyStore.deleteEntry(alias);
newState.removeEntryPassword(alias);
}
// create new chain with certificates from issuer chain
X509Certificate[] newCertChain = null;
if (issuerCertChain != null) {
newCertChain = new X509Certificate[issuerCertChain.length + 1];
System.arraycopy(issuerCertChain, 0, newCertChain, 1, issuerCertChain.length);
newCertChain[0] = certificate;
} else {
newCertChain = new X509Certificate[] { certificate };
}
keyStore.setKeyEntry(alias, keyPair.getPrivate(), password.toCharArray(), newCertChain);
newState.setEntryPassword(alias, password);
currentState.append(newState);
kseFrame.updateControls(true);
JOptionPane.showMessageDialog(frame, res.getString("GenerateKeyPairAction.KeyPairGenerationSuccessful.message"), res.getString("GenerateKeyPairAction.GenerateKeyPair.Title"), JOptionPane.INFORMATION_MESSAGE);
} catch (Exception ex) {
DError.displayError(frame, ex);
}
return alias;
}
Also used :
KeyPair(java.security.KeyPair)
DGenerateKeyPair(org.kse.gui.dialogs.DGenerateKeyPair)
DGeneratingKeyPair(org.kse.gui.dialogs.DGeneratingKeyPair)
KeyStoreState(org.kse.utilities.history.KeyStoreState)
KeyStoreHistory(org.kse.utilities.history.KeyStoreHistory)
KeyStore(java.security.KeyStore)
DGenerateKeyPairCert(org.kse.gui.dialogs.DGenerateKeyPairCert)
X509Certificate(java.security.cert.X509Certificate)
Provider(java.security.Provider)
DGetAlias(org.kse.gui.dialogs.DGetAlias)
KeyStoreType(org.kse.crypto.keystore.KeyStoreType)
DGeneratingKeyPair(org.kse.gui.dialogs.DGeneratingKeyPair)
KeyPairType(org.kse.crypto.keypair.KeyPairType)
DGenerateKeyPair(org.kse.gui.dialogs.DGenerateKeyPair)
DGetNewPassword(org.kse.gui.password.DGetNewPassword)
DGetNewPassword(org.kse.gui.password.DGetNewPassword)
Password(org.kse.crypto.Password)
Example 35 with Password
use of org.kse.crypto.Password in project keystore-explorer by kaikramer.
the class ImportCaReplyFromFileAction method doAction.
/**
* Do action.
*/
@Override
protected void doAction() {
try {
KeyStoreHistory history = kseFrame.getActiveKeyStoreHistory();
KeyStoreState currentState = history.getCurrentState();
String alias = kseFrame.getSelectedEntryAlias();
Password password = getEntryPassword(alias, currentState);
if (password == null) {
return;
}
KeyStoreState newState = currentState.createBasisForNextState(this);
KeyStore keyStore = newState.getKeyStore();
KeyStoreType keyStoreType = KeyStoreType.resolveJce(keyStore.getType());
Key privateKey = keyStore.getKey(alias, password.toCharArray());
File caReplyFile = chooseCaFile();
if (caReplyFile == null) {
return;
}
X509Certificate[] certs = openCaReply(caReplyFile);
if ((certs == null) || (certs.length == 0)) {
return;
}
certs = X509CertUtil.orderX509CertChain(certs);
X509Certificate[] exitingEntryCerts = X509CertUtil.orderX509CertChain(X509CertUtil.convertCertificates(keyStore.getCertificateChain(alias)));
if (!exitingEntryCerts[0].getPublicKey().equals(certs[0].getPublicKey())) {
JOptionPane.showMessageDialog(frame, res.getString("ImportCaReplyFromFileAction.NoMatchPubKeyCaReply.message"), res.getString("ImportCaReplyFromFileAction.ImportCaReply.Title"), JOptionPane.WARNING_MESSAGE);
return;
}
// Holds the new certificate chain for the entry should the import succeed
X509Certificate[] newCertChain = null;
if (!applicationSettings.getEnableImportCaReplyTrustCheck()) {
newCertChain = certs;
} else {
KeyStore caCertificates = getCaCertificates();
KeyStore windowsTrustedRootCertificates = getWindowsTrustedRootCertificates();
// of the certificates in the CA Certificates or current KeyStore
if (certs.length > 1) {
X509Certificate rootCert = certs[certs.length - 1];
String matchAlias = null;
if (// Match against CA Certificates KeyStore
caCertificates != null) {
matchAlias = X509CertUtil.matchCertificate(caCertificates, rootCert);
}
// Match against Windows Trusted Root Certificates KeyStore
if ((windowsTrustedRootCertificates != null) && (matchAlias == null)) {
matchAlias = X509CertUtil.matchCertificate(windowsTrustedRootCertificates, rootCert);
}
if (// Match against current KeyStore
matchAlias == null) {
matchAlias = X509CertUtil.matchCertificate(keyStore, rootCert);
}
if (matchAlias == null) {
// No match for the root certificate - display the certificate to the user for confirmation
JOptionPane.showMessageDialog(frame, res.getString("ImportCaReplyFromFileAction.NoMatchRootCertCaReplyConfirm.message"), res.getString("ImportCaReplyFromFileAction.ImportCaReply.Title"), JOptionPane.INFORMATION_MESSAGE);
DViewCertificate dViewCertificate = new DViewCertificate(frame, MessageFormat.format(res.getString("ImportCaReplyFromFileAction.CertDetailsFile.Title"), caReplyFile.getName()), new X509Certificate[] { rootCert }, null, DViewCertificate.NONE);
dViewCertificate.setLocationRelativeTo(frame);
dViewCertificate.setVisible(true);
int selected = JOptionPane.showConfirmDialog(frame, res.getString("ImportCaReplyFromFileAction.AcceptCaReply.message"), res.getString("ImportCaReplyFromFileAction.ImportCaReply.Title"), JOptionPane.YES_NO_OPTION);
if (selected != JOptionPane.YES_OPTION) {
return;
}
newCertChain = certs;
} else {
newCertChain = certs;
}
} else // Single X.509 certificate reply - try and establish a chain of
// trust from the certificate and ending with a root CA self-signed certificate
{
// Establish trust against current KeyStore
ArrayList<KeyStore> compKeyStores = new ArrayList<KeyStore>();
compKeyStores.add(keyStore);
if (caCertificates != null) {
// Establish trust against CA Certificates KeyStore
compKeyStores.add(caCertificates);
}
if (windowsTrustedRootCertificates != null) {
// Establish trust against Windows Trusted Root Certificates KeyStore
compKeyStores.add(windowsTrustedRootCertificates);
}
X509Certificate[] trustChain = X509CertUtil.establishTrust(certs[0], compKeyStores.toArray(new KeyStore[compKeyStores.size()]));
if (trustChain != null) {
newCertChain = trustChain;
} else {
// Cannot establish trust for the certificate - fail
JOptionPane.showMessageDialog(frame, res.getString("ImportCaReplyFromFileAction.NoTrustCaReply.message"), res.getString("ImportCaReplyFromFileAction.ImportCaReply.Title"), JOptionPane.WARNING_MESSAGE);
return;
}
}
}
if (keyStoreType.isFileBased()) {
// TODO: why or when is delete actually necessary???
keyStore.deleteEntry(alias);
keyStore.setKeyEntry(alias, privateKey, password.toCharArray(), newCertChain);
} else {
keyStore.setKeyEntry(alias, privateKey, password.toCharArray(), newCertChain);
}
currentState.append(newState);
kseFrame.updateControls(true);
JOptionPane.showMessageDialog(frame, res.getString("ImportCaReplyFromFileAction.ImportCaReplySuccessful.message"), res.getString("ImportCaReplyFromFileAction.ImportCaReply.Title"), JOptionPane.INFORMATION_MESSAGE);
} catch (Exception ex) {
DError.displayError(frame, ex);
}
}
Also used :
KeyStoreState(org.kse.utilities.history.KeyStoreState)
KeyStoreHistory(org.kse.utilities.history.KeyStoreHistory)
ArrayList(java.util.ArrayList)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
FileNotFoundException(java.io.FileNotFoundException)
KeyStoreType(org.kse.crypto.keystore.KeyStoreType)
DViewCertificate(org.kse.gui.dialogs.DViewCertificate)
File(java.io.File)
Key(java.security.Key)
Password(org.kse.crypto.Password)
Aggregations
Password (org.kse.crypto.Password)60
KeyStore (java.security.KeyStore)35
KeyStoreState (org.kse.utilities.history.KeyStoreState)32
KeyStoreHistory (org.kse.utilities.history.KeyStoreHistory)31
PrivateKey (java.security.PrivateKey)24
File (java.io.File)23
FileNotFoundException (java.io.FileNotFoundException)16
Key (java.security.Key)15
X509Certificate (java.security.cert.X509Certificate)15
Certificate (java.security.cert.Certificate)13
KeyStoreType (org.kse.crypto.keystore.KeyStoreType)12
CryptoException (org.kse.crypto.CryptoException)9
DProblem (org.kse.gui.error.DProblem)9
Problem (org.kse.gui.error.Problem)9
DGetAlias (org.kse.gui.dialogs.DGetAlias)8
DGetNewPassword (org.kse.gui.password.DGetNewPassword)8
JPasswordField (javax.swing.JPasswordField)6
DViewPrivateKey (org.kse.gui.dialogs.DViewPrivateKey)6
DGetPassword (org.kse.gui.password.DGetPassword)6
FileInputStream (java.io.FileInputStream)5
