Example 1 with Spkac
use of org.kse.crypto.csr.spkac.Spkac in project keystore-explorer by kaikramer.
the class SignCsrAction method doAction.
/**
* Do action.
*/
@Override
protected void doAction() {
FileOutputStream fos = null;
File caReplyFile = null;
try {
KeyStoreHistory history = kseFrame.getActiveKeyStoreHistory();
KeyStoreState currentState = history.getCurrentState();
String alias = kseFrame.getSelectedEntryAlias();
Password password = getEntryPassword(alias, currentState);
if (password == null) {
return;
}
KeyStore keyStore = currentState.getKeyStore();
PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, password.toCharArray());
Certificate[] certs = keyStore.getCertificateChain(alias);
KeyPairType keyPairType = KeyPairUtil.getKeyPairType(privateKey);
File csrFile = chooseCsrFile();
if (csrFile == null) {
return;
}
PKCS10CertificationRequest pkcs10Csr = null;
Spkac spkacCsr = null;
try {
CryptoFileType fileType = CryptoFileUtil.detectFileType(new FileInputStream(csrFile));
if (fileType == CryptoFileType.PKCS10_CSR) {
pkcs10Csr = Pkcs10Util.loadCsr(new FileInputStream(csrFile));
if (!Pkcs10Util.verifyCsr(pkcs10Csr)) {
JOptionPane.showMessageDialog(frame, res.getString("SignCsrAction.NoVerifyPkcs10Csr.message"), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE);
return;
}
} else if (fileType == CryptoFileType.SPKAC_CSR) {
spkacCsr = new Spkac(new FileInputStream(csrFile));
if (!spkacCsr.verify()) {
JOptionPane.showMessageDialog(frame, res.getString("SignCsrAction.NoVerifySpkacCsr.message"), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE);
return;
}
} else {
JOptionPane.showMessageDialog(frame, MessageFormat.format(res.getString("SignCsrAction.FileNotRecognisedType.message"), csrFile), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE);
return;
}
} catch (FileNotFoundException ex) {
JOptionPane.showMessageDialog(frame, MessageFormat.format(res.getString("SignCsrAction.NotFile.message"), csrFile), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE);
return;
} catch (Exception ex) {
String problemStr = MessageFormat.format(res.getString("SignCsrAction.NoOpenCsr.Problem"), csrFile.getName());
String[] causes = new String[] { res.getString("SignCsrAction.NotCsr.Cause"), res.getString("SignCsrAction.CorruptedCsr.Cause") };
Problem problem = new Problem(problemStr, causes, ex);
DProblem dProblem = new DProblem(frame, res.getString("SignCsrAction.ProblemOpeningCsr.Title"), problem);
dProblem.setLocationRelativeTo(frame);
dProblem.setVisible(true);
return;
}
X509Certificate[] signingChain = X509CertUtil.orderX509CertChain(X509CertUtil.convertCertificates(certs));
X509Certificate signingCert = signingChain[0];
PublicKey publicKey = null;
X500Name subject = null;
DSignCsr dSignCsr = null;
Provider provider = history.getExplicitProvider();
if (pkcs10Csr != null) {
publicKey = new JcaPKCS10CertificationRequest(pkcs10Csr).getPublicKey();
subject = pkcs10Csr.getSubject();
dSignCsr = new DSignCsr(frame, pkcs10Csr, csrFile, privateKey, keyPairType, signingCert, provider);
} else {
publicKey = spkacCsr.getPublicKey();
subject = spkacCsr.getSubject().getName();
dSignCsr = new DSignCsr(frame, spkacCsr, csrFile, privateKey, keyPairType, signingCert, provider);
}
dSignCsr.setLocationRelativeTo(frame);
dSignCsr.setVisible(true);
X509CertificateVersion version = dSignCsr.getVersion();
SignatureType signatureType = dSignCsr.getSignatureType();
Date validityStart = dSignCsr.getValidityStart();
Date validityEnd = dSignCsr.getValidityEnd();
BigInteger serialNumber = dSignCsr.getSerialNumber();
caReplyFile = dSignCsr.getCaReplyFile();
X509ExtensionSet extensions = dSignCsr.getExtensions();
if (version == null) {
return;
}
X500Name issuer = X500NameUtils.x500PrincipalToX500Name(signingCert.getSubjectX500Principal());
// CA Reply is a cert with subject from CSR and issuer from signing cert's subject
X509CertificateGenerator generator = new X509CertificateGenerator(version);
X509Certificate caReplyCert = generator.generate(subject, issuer, validityStart, validityEnd, publicKey, privateKey, signatureType, serialNumber, extensions, provider);
X509Certificate[] caReplyChain = new X509Certificate[signingChain.length + 1];
caReplyChain[0] = caReplyCert;
// Add all of the signing chain to the reply
System.arraycopy(signingChain, 0, caReplyChain, 1, signingChain.length);
byte[] caCertEncoded = X509CertUtil.getCertsEncodedPkcs7(caReplyChain);
fos = new FileOutputStream(caReplyFile);
fos.write(caCertEncoded);
} catch (FileNotFoundException ex) {
JOptionPane.showMessageDialog(frame, MessageFormat.format(res.getString("SignJarAction.NoWriteFile.message"), caReplyFile), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE);
return;
} catch (Exception ex) {
DError.displayError(frame, ex);
return;
} finally {
IOUtils.closeQuietly(fos);
}
JOptionPane.showMessageDialog(frame, res.getString("SignCsrAction.SignCsrSuccessful.message"), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.INFORMATION_MESSAGE);
}
Also used :
KeyStoreHistory(org.kse.utilities.history.KeyStoreHistory)
PrivateKey(java.security.PrivateKey)
FileNotFoundException(java.io.FileNotFoundException)
X500Name(org.bouncycastle.asn1.x500.X500Name)
X509CertificateGenerator(org.kse.crypto.x509.X509CertificateGenerator)
X509CertificateVersion(org.kse.crypto.x509.X509CertificateVersion)
KeyPairType(org.kse.crypto.keypair.KeyPairType)
Password(org.kse.crypto.Password)
PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest)
JcaPKCS10CertificationRequest(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest)
DSignCsr(org.kse.gui.dialogs.sign.DSignCsr)
KeyStoreState(org.kse.utilities.history.KeyStoreState)
JcaPKCS10CertificationRequest(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest)
PublicKey(java.security.PublicKey)
SignatureType(org.kse.crypto.signing.SignatureType)
KeyStore(java.security.KeyStore)
FileInputStream(java.io.FileInputStream)
FileNotFoundException(java.io.FileNotFoundException)
DProblem(org.kse.gui.error.DProblem)
X509Certificate(java.security.cert.X509Certificate)
Date(java.util.Date)
Provider(java.security.Provider)
X509ExtensionSet(org.kse.crypto.x509.X509ExtensionSet)
Spkac(org.kse.crypto.csr.spkac.Spkac)
FileOutputStream(java.io.FileOutputStream)
CryptoFileType(org.kse.crypto.filetype.CryptoFileType)
BigInteger(java.math.BigInteger)
Problem(org.kse.gui.error.Problem)
DProblem(org.kse.gui.error.DProblem)
File(java.io.File)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 2 with Spkac
use of org.kse.crypto.csr.spkac.Spkac in project keystore-explorer by kaikramer.
the class SignatureAlgorithmsTest method doTest.
private void doTest(KeyPairType keyPairType, SignatureType signatureType, CsrType csrType, X509CertificateVersion version) throws Exception {
KeyPair keyPair = null;
switch(keyPairType) {
case RSA:
keyPair = rsaKeyPair;
break;
case DSA:
keyPair = dsaKeyPair;
break;
case EC:
keyPair = ecKeyPair;
break;
default:
throw new InvalidParameterException();
}
X500Name name = new X500Name("cn=this");
PublicKey publicKey = keyPair.getPublic();
PrivateKey privateKey = keyPair.getPrivate();
X509Certificate cert = null;
if (version == X509CertificateVersion.VERSION1) {
cert = generatorv1.generateSelfSigned(name, 1000, publicKey, privateKey, signatureType, BigInteger.ONE);
} else {
cert = generatorv3.generateSelfSigned(name, 1000, publicKey, privateKey, signatureType, BigInteger.ONE);
}
if (csrType == CsrType.SPKAC) {
Spkac spkac = new Spkac("whatever", signatureType, new SpkacSubject(name), publicKey, privateKey);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
spkac.output(baos);
spkac = new Spkac(new ByteArrayInputStream(baos.toByteArray()));
assertThat(spkac.verify()).isTrue();
} else {
PKCS10CertificationRequest pkcs10 = Pkcs10Util.generateCsr(cert, privateKey, signatureType, "w/e", "w/e", false, new BouncyCastleProvider());
byte[] encoded = Pkcs10Util.getCsrEncodedDer(pkcs10);
pkcs10 = Pkcs10Util.loadCsr(new ByteArrayInputStream(encoded));
assertThat(Pkcs10Util.verifyCsr(pkcs10)).isTrue();
}
}
Also used :
PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest)
KeyPair(java.security.KeyPair)
SpkacSubject(org.kse.crypto.csr.spkac.SpkacSubject)
PrivateKey(java.security.PrivateKey)
PublicKey(java.security.PublicKey)
X500Name(org.bouncycastle.asn1.x500.X500Name)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
X509Certificate(java.security.cert.X509Certificate)
InvalidParameterException(java.security.InvalidParameterException)
ByteArrayInputStream(java.io.ByteArrayInputStream)
Spkac(org.kse.crypto.csr.spkac.Spkac)
BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)
Example 3 with Spkac
use of org.kse.crypto.csr.spkac.Spkac in project keystore-explorer by kaikramer.
the class GenerateCsrAction method doAction.
/**
* Do action.
*/
@Override
protected void doAction() {
File csrFile = null;
FileOutputStream fos = null;
try {
KeyStoreHistory history = kseFrame.getActiveKeyStoreHistory();
KeyStoreState currentState = history.getCurrentState();
Provider provider = history.getExplicitProvider();
String alias = kseFrame.getSelectedEntryAlias();
Password password = getEntryPassword(alias, currentState);
if (password == null) {
return;
}
KeyStore keyStore = currentState.getKeyStore();
PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, password.toCharArray());
String keyPairAlg = privateKey.getAlgorithm();
KeyPairType keyPairType = KeyPairUtil.getKeyPairType(privateKey);
if (keyPairType == null) {
throw new CryptoException(MessageFormat.format(res.getString("GenerateCsrAction.NoCsrForKeyPairAlg.message"), keyPairAlg));
}
// determine dir of current keystore as proposal for CSR file location
String path = CurrentDirectory.get().getAbsolutePath();
File keyStoreFile = history.getFile();
if (keyStoreFile != null) {
path = keyStoreFile.getAbsoluteFile().getParent();
}
DGenerateCsr dGenerateCsr = new DGenerateCsr(frame, alias, privateKey, keyPairType, path, provider);
dGenerateCsr.setLocationRelativeTo(frame);
dGenerateCsr.setVisible(true);
if (!dGenerateCsr.generateSelected()) {
return;
}
CsrType format = dGenerateCsr.getFormat();
SignatureType signatureType = dGenerateCsr.getSignatureType();
String challenge = dGenerateCsr.getChallenge();
String unstructuredName = dGenerateCsr.getUnstructuredName();
boolean useCertificateExtensions = dGenerateCsr.isAddExtensionsWanted();
csrFile = dGenerateCsr.getCsrFile();
X509Certificate firstCertInChain = X509CertUtil.orderX509CertChain(X509CertUtil.convertCertificates(keyStore.getCertificateChain(alias)))[0];
fos = new FileOutputStream(csrFile);
if (format == CsrType.PKCS10) {
String csr = Pkcs10Util.getCsrEncodedDerPem(Pkcs10Util.generateCsr(firstCertInChain, privateKey, signatureType, challenge, unstructuredName, useCertificateExtensions, provider));
fos.write(csr.getBytes());
} else {
SpkacSubject subject = new SpkacSubject(X500NameUtils.x500PrincipalToX500Name(firstCertInChain.getSubjectX500Principal()));
PublicKey publicKey = firstCertInChain.getPublicKey();
// TODO handle other providers (PKCS11 etc)
Spkac spkac = new Spkac(challenge, signatureType, subject, publicKey, privateKey);
spkac.output(fos);
}
} catch (FileNotFoundException ex) {
JOptionPane.showMessageDialog(frame, MessageFormat.format(res.getString("GenerateCsrAction.NoWriteFile.message"), csrFile), res.getString("GenerateCsrAction.GenerateCsr.Title"), JOptionPane.WARNING_MESSAGE);
return;
} catch (Exception ex) {
DError.displayError(frame, ex);
return;
} finally {
IOUtils.closeQuietly(fos);
}
JOptionPane.showMessageDialog(frame, res.getString("GenerateCsrAction.CsrGenerationSuccessful.message"), res.getString("GenerateCsrAction.GenerateCsr.Title"), JOptionPane.INFORMATION_MESSAGE);
}
Also used :
KeyStoreState(org.kse.utilities.history.KeyStoreState)
SpkacSubject(org.kse.crypto.csr.spkac.SpkacSubject)
KeyStoreHistory(org.kse.utilities.history.KeyStoreHistory)
PrivateKey(java.security.PrivateKey)
PublicKey(java.security.PublicKey)
FileNotFoundException(java.io.FileNotFoundException)
SignatureType(org.kse.crypto.signing.SignatureType)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
CryptoException(org.kse.crypto.CryptoException)
FileNotFoundException(java.io.FileNotFoundException)
Provider(java.security.Provider)
CsrType(org.kse.crypto.csr.CsrType)
Spkac(org.kse.crypto.csr.spkac.Spkac)
FileOutputStream(java.io.FileOutputStream)
DGenerateCsr(org.kse.gui.dialogs.DGenerateCsr)
KeyPairType(org.kse.crypto.keypair.KeyPairType)
CryptoException(org.kse.crypto.CryptoException)
File(java.io.File)
Password(org.kse.crypto.Password)
Example 4 with Spkac
use of org.kse.crypto.csr.spkac.Spkac in project keystore-explorer by kaikramer.
the class ExamineClipboardAction method showCsr.
private void showCsr(InputStream is, CryptoFileType fileType) {
if (is == null) {
return;
}
try {
PKCS10CertificationRequest pkcs10Csr = null;
Spkac spkacCsr = null;
try {
if (fileType == CryptoFileType.PKCS10_CSR) {
pkcs10Csr = Pkcs10Util.loadCsr(is);
} else if (fileType == CryptoFileType.SPKAC_CSR) {
spkacCsr = new Spkac(is);
}
} catch (Exception ex) {
String problemStr = res.getString("ExamineClipboardAction.NoOpenCsr.Problem");
String[] causes = new String[] { res.getString("ExamineClipboardAction.NotCsr.Cause"), res.getString("ExamineClipboardAction.CorruptedCsr.Cause") };
Problem problem = new Problem(problemStr, causes, ex);
DProblem dProblem = new DProblem(frame, res.getString("ExamineClipboardAction.ProblemOpeningCsr.Title"), problem);
dProblem.setLocationRelativeTo(frame);
dProblem.setVisible(true);
return;
}
if (pkcs10Csr != null) {
DViewCsr dViewCsr = new DViewCsr(frame, res.getString("ExamineClipboardAction.CsrDetails.Title"), pkcs10Csr);
dViewCsr.setLocationRelativeTo(frame);
dViewCsr.setVisible(true);
} else {
DViewCsr dViewCsr = new DViewCsr(frame, res.getString("ExamineClipboardAction.CsrDetails.Title"), spkacCsr);
dViewCsr.setLocationRelativeTo(frame);
dViewCsr.setVisible(true);
}
} catch (Exception ex) {
DError.displayError(frame, ex);
}
}
Also used :
PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest)
DViewCsr(org.kse.gui.dialogs.DViewCsr)
Spkac(org.kse.crypto.csr.spkac.Spkac)
Problem(org.kse.gui.error.Problem)
DProblem(org.kse.gui.error.DProblem)
CryptoException(org.kse.crypto.CryptoException)
UnsupportedFlavorException(java.awt.datatransfer.UnsupportedFlavorException)
IOException(java.io.IOException)
DProblem(org.kse.gui.error.DProblem)
Example 5 with Spkac
use of org.kse.crypto.csr.spkac.Spkac in project keystore-explorer by kaikramer.
the class ExamineFileAction method openCsr.
private void openCsr(File file, CryptoFileType fileType) throws CryptoException {
if (file == null) {
return;
}
PKCS10CertificationRequest pkcs10Csr = null;
Spkac spkacCsr = null;
try {
if (fileType == CryptoFileType.PKCS10_CSR) {
pkcs10Csr = Pkcs10Util.loadCsr(new FileInputStream(file));
} else if (fileType == CryptoFileType.SPKAC_CSR) {
spkacCsr = new Spkac(new FileInputStream(file));
}
} catch (Exception ex) {
String problemStr = MessageFormat.format(res.getString("ExamineFileAction.NoOpenCsr.Problem"), file.getName());
String[] causes = new String[] { res.getString("ExamineFileAction.NotCsr.Cause"), res.getString("ExamineFileAction.CorruptedCsr.Cause") };
Problem problem = new Problem(problemStr, causes, ex);
DProblem dProblem = new DProblem(frame, res.getString("ExamineFileAction.ProblemOpeningCsr.Title"), problem);
dProblem.setLocationRelativeTo(frame);
dProblem.setVisible(true);
return;
}
if (pkcs10Csr != null) {
DViewCsr dViewCsr = new DViewCsr(frame, MessageFormat.format(res.getString("ExamineFileAction.CsrDetailsFile.Title"), file.getName()), pkcs10Csr);
dViewCsr.setLocationRelativeTo(frame);
dViewCsr.setVisible(true);
} else {
DViewCsr dViewCsr = new DViewCsr(frame, MessageFormat.format(res.getString("ExamineFileAction.CsrDetailsFile.Title"), file.getName()), spkacCsr);
dViewCsr.setLocationRelativeTo(frame);
dViewCsr.setVisible(true);
}
}
Also used :
PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest)
DViewCsr(org.kse.gui.dialogs.DViewCsr)
Spkac(org.kse.crypto.csr.spkac.Spkac)
Problem(org.kse.gui.error.Problem)
DProblem(org.kse.gui.error.DProblem)
FileInputStream(java.io.FileInputStream)
CryptoException(org.kse.crypto.CryptoException)
IOException(java.io.IOException)
FileNotFoundException(java.io.FileNotFoundException)
DProblem(org.kse.gui.error.DProblem)
Aggregations
Spkac (org.kse.crypto.csr.spkac.Spkac)5
PKCS10CertificationRequest (org.bouncycastle.pkcs.PKCS10CertificationRequest)4
FileNotFoundException (java.io.FileNotFoundException)3
PrivateKey (java.security.PrivateKey)3
PublicKey (java.security.PublicKey)3
X509Certificate (java.security.cert.X509Certificate)3
CryptoException (org.kse.crypto.CryptoException)3
DProblem (org.kse.gui.error.DProblem)3
Problem (org.kse.gui.error.Problem)3
File (java.io.File)2
FileInputStream (java.io.FileInputStream)2
FileOutputStream (java.io.FileOutputStream)2
IOException (java.io.IOException)2
KeyStore (java.security.KeyStore)2
Provider (java.security.Provider)2
X500Name (org.bouncycastle.asn1.x500.X500Name)2
Password (org.kse.crypto.Password)2
SpkacSubject (org.kse.crypto.csr.spkac.SpkacSubject)2
KeyPairType (org.kse.crypto.keypair.KeyPairType)2
SignatureType (org.kse.crypto.signing.SignatureType)2
