Search in sources :

Example 1 with KeyPairType

use of org.kse.crypto.keypair.KeyPairType in project keystore-explorer by kaikramer.

the class SignCsrAction method doAction.

/**
 * Do action.
 */
@Override
protected void doAction() {
    FileOutputStream fos = null;
    File caReplyFile = null;
    try {
        KeyStoreHistory history = kseFrame.getActiveKeyStoreHistory();
        KeyStoreState currentState = history.getCurrentState();
        String alias = kseFrame.getSelectedEntryAlias();
        Password password = getEntryPassword(alias, currentState);
        if (password == null) {
            return;
        }
        KeyStore keyStore = currentState.getKeyStore();
        PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, password.toCharArray());
        Certificate[] certs = keyStore.getCertificateChain(alias);
        KeyPairType keyPairType = KeyPairUtil.getKeyPairType(privateKey);
        File csrFile = chooseCsrFile();
        if (csrFile == null) {
            return;
        }
        PKCS10CertificationRequest pkcs10Csr = null;
        Spkac spkacCsr = null;
        try {
            CryptoFileType fileType = CryptoFileUtil.detectFileType(new FileInputStream(csrFile));
            if (fileType == CryptoFileType.PKCS10_CSR) {
                pkcs10Csr = Pkcs10Util.loadCsr(new FileInputStream(csrFile));
                if (!Pkcs10Util.verifyCsr(pkcs10Csr)) {
                    JOptionPane.showMessageDialog(frame, res.getString("SignCsrAction.NoVerifyPkcs10Csr.message"), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE);
                    return;
                }
            } else if (fileType == CryptoFileType.SPKAC_CSR) {
                spkacCsr = new Spkac(new FileInputStream(csrFile));
                if (!spkacCsr.verify()) {
                    JOptionPane.showMessageDialog(frame, res.getString("SignCsrAction.NoVerifySpkacCsr.message"), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE);
                    return;
                }
            } else {
                JOptionPane.showMessageDialog(frame, MessageFormat.format(res.getString("SignCsrAction.FileNotRecognisedType.message"), csrFile), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE);
                return;
            }
        } catch (FileNotFoundException ex) {
            JOptionPane.showMessageDialog(frame, MessageFormat.format(res.getString("SignCsrAction.NotFile.message"), csrFile), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE);
            return;
        } catch (Exception ex) {
            String problemStr = MessageFormat.format(res.getString("SignCsrAction.NoOpenCsr.Problem"), csrFile.getName());
            String[] causes = new String[] { res.getString("SignCsrAction.NotCsr.Cause"), res.getString("SignCsrAction.CorruptedCsr.Cause") };
            Problem problem = new Problem(problemStr, causes, ex);
            DProblem dProblem = new DProblem(frame, res.getString("SignCsrAction.ProblemOpeningCsr.Title"), problem);
            dProblem.setLocationRelativeTo(frame);
            dProblem.setVisible(true);
            return;
        }
        X509Certificate[] signingChain = X509CertUtil.orderX509CertChain(X509CertUtil.convertCertificates(certs));
        X509Certificate signingCert = signingChain[0];
        PublicKey publicKey = null;
        X500Name subject = null;
        DSignCsr dSignCsr = null;
        Provider provider = history.getExplicitProvider();
        if (pkcs10Csr != null) {
            publicKey = new JcaPKCS10CertificationRequest(pkcs10Csr).getPublicKey();
            subject = pkcs10Csr.getSubject();
            dSignCsr = new DSignCsr(frame, pkcs10Csr, csrFile, privateKey, keyPairType, signingCert, provider);
        } else {
            publicKey = spkacCsr.getPublicKey();
            subject = spkacCsr.getSubject().getName();
            dSignCsr = new DSignCsr(frame, spkacCsr, csrFile, privateKey, keyPairType, signingCert, provider);
        }
        dSignCsr.setLocationRelativeTo(frame);
        dSignCsr.setVisible(true);
        X509CertificateVersion version = dSignCsr.getVersion();
        SignatureType signatureType = dSignCsr.getSignatureType();
        Date validityStart = dSignCsr.getValidityStart();
        Date validityEnd = dSignCsr.getValidityEnd();
        BigInteger serialNumber = dSignCsr.getSerialNumber();
        caReplyFile = dSignCsr.getCaReplyFile();
        X509ExtensionSet extensions = dSignCsr.getExtensions();
        if (version == null) {
            return;
        }
        X500Name issuer = X500NameUtils.x500PrincipalToX500Name(signingCert.getSubjectX500Principal());
        // CA Reply is a cert with subject from CSR and issuer from signing cert's subject
        X509CertificateGenerator generator = new X509CertificateGenerator(version);
        X509Certificate caReplyCert = generator.generate(subject, issuer, validityStart, validityEnd, publicKey, privateKey, signatureType, serialNumber, extensions, provider);
        X509Certificate[] caReplyChain = new X509Certificate[signingChain.length + 1];
        caReplyChain[0] = caReplyCert;
        // Add all of the signing chain to the reply
        System.arraycopy(signingChain, 0, caReplyChain, 1, signingChain.length);
        byte[] caCertEncoded = X509CertUtil.getCertsEncodedPkcs7(caReplyChain);
        fos = new FileOutputStream(caReplyFile);
        fos.write(caCertEncoded);
    } catch (FileNotFoundException ex) {
        JOptionPane.showMessageDialog(frame, MessageFormat.format(res.getString("SignJarAction.NoWriteFile.message"), caReplyFile), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE);
        return;
    } catch (Exception ex) {
        DError.displayError(frame, ex);
        return;
    } finally {
        IOUtils.closeQuietly(fos);
    }
    JOptionPane.showMessageDialog(frame, res.getString("SignCsrAction.SignCsrSuccessful.message"), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.INFORMATION_MESSAGE);
}
Also used : KeyStoreHistory(org.kse.utilities.history.KeyStoreHistory) PrivateKey(java.security.PrivateKey) FileNotFoundException(java.io.FileNotFoundException) X500Name(org.bouncycastle.asn1.x500.X500Name) X509CertificateGenerator(org.kse.crypto.x509.X509CertificateGenerator) X509CertificateVersion(org.kse.crypto.x509.X509CertificateVersion) KeyPairType(org.kse.crypto.keypair.KeyPairType) Password(org.kse.crypto.Password) PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest) JcaPKCS10CertificationRequest(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest) DSignCsr(org.kse.gui.dialogs.sign.DSignCsr) KeyStoreState(org.kse.utilities.history.KeyStoreState) JcaPKCS10CertificationRequest(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest) PublicKey(java.security.PublicKey) SignatureType(org.kse.crypto.signing.SignatureType) KeyStore(java.security.KeyStore) FileInputStream(java.io.FileInputStream) FileNotFoundException(java.io.FileNotFoundException) DProblem(org.kse.gui.error.DProblem) X509Certificate(java.security.cert.X509Certificate) Date(java.util.Date) Provider(java.security.Provider) X509ExtensionSet(org.kse.crypto.x509.X509ExtensionSet) Spkac(org.kse.crypto.csr.spkac.Spkac) FileOutputStream(java.io.FileOutputStream) CryptoFileType(org.kse.crypto.filetype.CryptoFileType) BigInteger(java.math.BigInteger) Problem(org.kse.gui.error.Problem) DProblem(org.kse.gui.error.DProblem) File(java.io.File) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 2 with KeyPairType

use of org.kse.crypto.keypair.KeyPairType in project keystore-explorer by kaikramer.

the class DGenerateKeyPair method enableDisableElements.

protected void enableDisableElements() {
    KeyPairType keyPairType = getKeyPairType();
    jlRSAKeySize.setEnabled(keyPairType == KeyPairType.RSA);
    jspRSAKeySize.setEnabled(keyPairType == KeyPairType.RSA);
    jlDSAKeySize.setEnabled(keyPairType == KeyPairType.DSA);
    jspDSAKeySize.setEnabled(keyPairType == KeyPairType.DSA);
    jlECCurve.setEnabled(keyPairType == KeyPairType.EC);
    jcbECCurve.setEnabled(keyPairType == KeyPairType.EC);
    jlECCurveSet.setEnabled(keyPairType == KeyPairType.EC);
    jcbECCurveSet.setEnabled(keyPairType == KeyPairType.EC);
}
Also used : KeyPairType(org.kse.crypto.keypair.KeyPairType)

Example 3 with KeyPairType

use of org.kse.crypto.keypair.KeyPairType in project keystore-explorer by kaikramer.

the class DGenerateKeyPair method correctKeyPairSize.

private void correctKeyPairSize() {
    KeyPairType keyPairType = getKeyPairType();
    int keyPairSize = getKeyPairSize();
    int validatedKeyPairSize = validateKeyPairSize(keyPairType, keyPairSize);
    if (validatedKeyPairSize != keyPairSize) {
        if (keyPairType == KeyPairType.RSA) {
            jspRSAKeySize.getModel().setValue(validatedKeyPairSize);
        } else if (keyPairType == KeyPairType.DSA) {
            jspDSAKeySize.getModel().setValue(validatedKeyPairSize);
        }
    }
}
Also used : KeyPairType(org.kse.crypto.keypair.KeyPairType)

Example 4 with KeyPairType

use of org.kse.crypto.keypair.KeyPairType in project keystore-explorer by kaikramer.

the class GenerateCsrAction method doAction.

/**
 * Do action.
 */
@Override
protected void doAction() {
    File csrFile = null;
    FileOutputStream fos = null;
    try {
        KeyStoreHistory history = kseFrame.getActiveKeyStoreHistory();
        KeyStoreState currentState = history.getCurrentState();
        Provider provider = history.getExplicitProvider();
        String alias = kseFrame.getSelectedEntryAlias();
        Password password = getEntryPassword(alias, currentState);
        if (password == null) {
            return;
        }
        KeyStore keyStore = currentState.getKeyStore();
        PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, password.toCharArray());
        String keyPairAlg = privateKey.getAlgorithm();
        KeyPairType keyPairType = KeyPairUtil.getKeyPairType(privateKey);
        if (keyPairType == null) {
            throw new CryptoException(MessageFormat.format(res.getString("GenerateCsrAction.NoCsrForKeyPairAlg.message"), keyPairAlg));
        }
        // determine dir of current keystore as proposal for CSR file location
        String path = CurrentDirectory.get().getAbsolutePath();
        File keyStoreFile = history.getFile();
        if (keyStoreFile != null) {
            path = keyStoreFile.getAbsoluteFile().getParent();
        }
        DGenerateCsr dGenerateCsr = new DGenerateCsr(frame, alias, privateKey, keyPairType, path, provider);
        dGenerateCsr.setLocationRelativeTo(frame);
        dGenerateCsr.setVisible(true);
        if (!dGenerateCsr.generateSelected()) {
            return;
        }
        CsrType format = dGenerateCsr.getFormat();
        SignatureType signatureType = dGenerateCsr.getSignatureType();
        String challenge = dGenerateCsr.getChallenge();
        String unstructuredName = dGenerateCsr.getUnstructuredName();
        boolean useCertificateExtensions = dGenerateCsr.isAddExtensionsWanted();
        csrFile = dGenerateCsr.getCsrFile();
        X509Certificate firstCertInChain = X509CertUtil.orderX509CertChain(X509CertUtil.convertCertificates(keyStore.getCertificateChain(alias)))[0];
        fos = new FileOutputStream(csrFile);
        if (format == CsrType.PKCS10) {
            String csr = Pkcs10Util.getCsrEncodedDerPem(Pkcs10Util.generateCsr(firstCertInChain, privateKey, signatureType, challenge, unstructuredName, useCertificateExtensions, provider));
            fos.write(csr.getBytes());
        } else {
            SpkacSubject subject = new SpkacSubject(X500NameUtils.x500PrincipalToX500Name(firstCertInChain.getSubjectX500Principal()));
            PublicKey publicKey = firstCertInChain.getPublicKey();
            // TODO handle other providers (PKCS11 etc)
            Spkac spkac = new Spkac(challenge, signatureType, subject, publicKey, privateKey);
            spkac.output(fos);
        }
    } catch (FileNotFoundException ex) {
        JOptionPane.showMessageDialog(frame, MessageFormat.format(res.getString("GenerateCsrAction.NoWriteFile.message"), csrFile), res.getString("GenerateCsrAction.GenerateCsr.Title"), JOptionPane.WARNING_MESSAGE);
        return;
    } catch (Exception ex) {
        DError.displayError(frame, ex);
        return;
    } finally {
        IOUtils.closeQuietly(fos);
    }
    JOptionPane.showMessageDialog(frame, res.getString("GenerateCsrAction.CsrGenerationSuccessful.message"), res.getString("GenerateCsrAction.GenerateCsr.Title"), JOptionPane.INFORMATION_MESSAGE);
}
Also used : KeyStoreState(org.kse.utilities.history.KeyStoreState) SpkacSubject(org.kse.crypto.csr.spkac.SpkacSubject) KeyStoreHistory(org.kse.utilities.history.KeyStoreHistory) PrivateKey(java.security.PrivateKey) PublicKey(java.security.PublicKey) FileNotFoundException(java.io.FileNotFoundException) SignatureType(org.kse.crypto.signing.SignatureType) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) CryptoException(org.kse.crypto.CryptoException) FileNotFoundException(java.io.FileNotFoundException) Provider(java.security.Provider) CsrType(org.kse.crypto.csr.CsrType) Spkac(org.kse.crypto.csr.spkac.Spkac) FileOutputStream(java.io.FileOutputStream) DGenerateCsr(org.kse.gui.dialogs.DGenerateCsr) KeyPairType(org.kse.crypto.keypair.KeyPairType) CryptoException(org.kse.crypto.CryptoException) File(java.io.File) Password(org.kse.crypto.Password)

Example 5 with KeyPairType

use of org.kse.crypto.keypair.KeyPairType in project keystore-explorer by kaikramer.

the class GenerateKeyPairAction method generateKeyPair.

/**
 * Generate a key pair (with certificate) in the currently opened KeyStore.
 *
 * @param issuerCert
 *                 Issuer certificate for signing the new certificate
 * @param issuerCertChain
 *                 Chain of issuer certificate
 * @param issuerPrivateKey
 *                 Issuer's private key for signing
 * @return Alias of new key pair
 */
public String generateKeyPair(X509Certificate issuerCert, X509Certificate[] issuerCertChain, PrivateKey issuerPrivateKey) {
    String alias = "";
    try {
        int keyPairSize = applicationSettings.getGenerateKeyPairSize();
        KeyPairType keyPairType = applicationSettings.getGenerateKeyPairType();
        KeyStore activeKeyStore = kseFrame.getActiveKeyStore();
        KeyStoreType activeKeyStoreType = KeyStoreType.resolveJce(activeKeyStore.getType());
        KeyStoreHistory history = kseFrame.getActiveKeyStoreHistory();
        Provider provider = history.getExplicitProvider();
        DGenerateKeyPair dGenerateKeyPair = new DGenerateKeyPair(frame, activeKeyStoreType, keyPairType, keyPairSize);
        dGenerateKeyPair.setLocationRelativeTo(frame);
        dGenerateKeyPair.setVisible(true);
        if (!dGenerateKeyPair.isSuccessful()) {
            return "";
        }
        keyPairType = dGenerateKeyPair.getKeyPairType();
        DGeneratingKeyPair dGeneratingKeyPair;
        if (keyPairType != KeyPairType.EC) {
            keyPairSize = dGenerateKeyPair.getKeyPairSize();
            dGeneratingKeyPair = new DGeneratingKeyPair(frame, keyPairType, keyPairSize, provider);
            applicationSettings.setGenerateKeyPairSize(keyPairSize);
            applicationSettings.setGenerateKeyPairType(keyPairType);
        } else {
            String curveName = dGenerateKeyPair.getCurveName();
            dGeneratingKeyPair = new DGeneratingKeyPair(frame, keyPairType, curveName, provider);
        }
        dGeneratingKeyPair.setLocationRelativeTo(frame);
        dGeneratingKeyPair.startKeyPairGeneration();
        dGeneratingKeyPair.setVisible(true);
        KeyPair keyPair = dGeneratingKeyPair.getKeyPair();
        if (keyPair == null) {
            return "";
        }
        DGenerateKeyPairCert dGenerateKeyPairCert = new DGenerateKeyPairCert(frame, res.getString("GenerateKeyPairAction.GenerateKeyPairCert.Title"), keyPair, keyPairType, issuerCert, issuerPrivateKey, provider);
        dGenerateKeyPairCert.setLocationRelativeTo(frame);
        dGenerateKeyPairCert.setVisible(true);
        X509Certificate certificate = dGenerateKeyPairCert.getCertificate();
        if (certificate == null) {
            return "";
        }
        KeyStoreState currentState = history.getCurrentState();
        KeyStoreState newState = currentState.createBasisForNextState(this);
        KeyStore keyStore = newState.getKeyStore();
        DGetAlias dGetAlias = new DGetAlias(frame, res.getString("GenerateKeyPairAction.NewKeyPairEntryAlias.Title"), X509CertUtil.getCertificateAlias(certificate));
        dGetAlias.setLocationRelativeTo(frame);
        dGetAlias.setVisible(true);
        alias = dGetAlias.getAlias();
        if (alias == null) {
            return "";
        }
        if (keyStore.containsAlias(alias)) {
            String message = MessageFormat.format(res.getString("GenerateKeyPairAction.OverWriteEntry.message"), alias);
            int selected = JOptionPane.showConfirmDialog(frame, message, res.getString("GenerateKeyPairAction.NewKeyPairEntryAlias.Title"), JOptionPane.YES_NO_OPTION);
            if (selected != JOptionPane.YES_OPTION) {
                return "";
            }
        }
        Password password = new Password((char[]) null);
        KeyStoreType keyStoreType = KeyStoreType.resolveJce(activeKeyStore.getType());
        if (keyStoreType.hasEntryPasswords()) {
            DGetNewPassword dGetNewPassword = new DGetNewPassword(frame, res.getString("GenerateKeyPairAction.NewKeyPairEntryPassword.Title"), applicationSettings.getPasswordQualityConfig());
            dGetNewPassword.setLocationRelativeTo(frame);
            dGetNewPassword.setVisible(true);
            password = dGetNewPassword.getPassword();
            if (password == null) {
                return "";
            }
        }
        if (keyStore.containsAlias(alias)) {
            keyStore.deleteEntry(alias);
            newState.removeEntryPassword(alias);
        }
        // create new chain with certificates from issuer chain
        X509Certificate[] newCertChain = null;
        if (issuerCertChain != null) {
            newCertChain = new X509Certificate[issuerCertChain.length + 1];
            System.arraycopy(issuerCertChain, 0, newCertChain, 1, issuerCertChain.length);
            newCertChain[0] = certificate;
        } else {
            newCertChain = new X509Certificate[] { certificate };
        }
        keyStore.setKeyEntry(alias, keyPair.getPrivate(), password.toCharArray(), newCertChain);
        newState.setEntryPassword(alias, password);
        currentState.append(newState);
        kseFrame.updateControls(true);
        JOptionPane.showMessageDialog(frame, res.getString("GenerateKeyPairAction.KeyPairGenerationSuccessful.message"), res.getString("GenerateKeyPairAction.GenerateKeyPair.Title"), JOptionPane.INFORMATION_MESSAGE);
    } catch (Exception ex) {
        DError.displayError(frame, ex);
    }
    return alias;
}
Also used : KeyPair(java.security.KeyPair) DGenerateKeyPair(org.kse.gui.dialogs.DGenerateKeyPair) DGeneratingKeyPair(org.kse.gui.dialogs.DGeneratingKeyPair) KeyStoreState(org.kse.utilities.history.KeyStoreState) KeyStoreHistory(org.kse.utilities.history.KeyStoreHistory) KeyStore(java.security.KeyStore) DGenerateKeyPairCert(org.kse.gui.dialogs.DGenerateKeyPairCert) X509Certificate(java.security.cert.X509Certificate) Provider(java.security.Provider) DGetAlias(org.kse.gui.dialogs.DGetAlias) KeyStoreType(org.kse.crypto.keystore.KeyStoreType) DGeneratingKeyPair(org.kse.gui.dialogs.DGeneratingKeyPair) KeyPairType(org.kse.crypto.keypair.KeyPairType) DGenerateKeyPair(org.kse.gui.dialogs.DGenerateKeyPair) DGetNewPassword(org.kse.gui.password.DGetNewPassword) DGetNewPassword(org.kse.gui.password.DGetNewPassword) Password(org.kse.crypto.Password)

Aggregations

KeyPairType (org.kse.crypto.keypair.KeyPairType)8 KeyStore (java.security.KeyStore)4 Provider (java.security.Provider)4 X509Certificate (java.security.cert.X509Certificate)4 Password (org.kse.crypto.Password)4 SignatureType (org.kse.crypto.signing.SignatureType)4 KeyStoreHistory (org.kse.utilities.history.KeyStoreHistory)4 KeyStoreState (org.kse.utilities.history.KeyStoreState)4 File (java.io.File)3 PrivateKey (java.security.PrivateKey)3 FileNotFoundException (java.io.FileNotFoundException)2 FileOutputStream (java.io.FileOutputStream)2 PublicKey (java.security.PublicKey)2 Date (java.util.Date)2 Spkac (org.kse.crypto.csr.spkac.Spkac)2 BorderLayout (java.awt.BorderLayout)1 GridBagConstraints (java.awt.GridBagConstraints)1 GridBagLayout (java.awt.GridBagLayout)1 Insets (java.awt.Insets)1 ActionEvent (java.awt.event.ActionEvent)1