use of org.kse.crypto.keypair.KeyPairType in project keystore-explorer by kaikramer.
the class SignCsrAction method doAction.
/**
* Do action.
*/
@Override
protected void doAction() {
FileOutputStream fos = null;
File caReplyFile = null;
try {
KeyStoreHistory history = kseFrame.getActiveKeyStoreHistory();
KeyStoreState currentState = history.getCurrentState();
String alias = kseFrame.getSelectedEntryAlias();
Password password = getEntryPassword(alias, currentState);
if (password == null) {
return;
}
KeyStore keyStore = currentState.getKeyStore();
PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, password.toCharArray());
Certificate[] certs = keyStore.getCertificateChain(alias);
KeyPairType keyPairType = KeyPairUtil.getKeyPairType(privateKey);
File csrFile = chooseCsrFile();
if (csrFile == null) {
return;
}
PKCS10CertificationRequest pkcs10Csr = null;
Spkac spkacCsr = null;
try {
CryptoFileType fileType = CryptoFileUtil.detectFileType(new FileInputStream(csrFile));
if (fileType == CryptoFileType.PKCS10_CSR) {
pkcs10Csr = Pkcs10Util.loadCsr(new FileInputStream(csrFile));
if (!Pkcs10Util.verifyCsr(pkcs10Csr)) {
JOptionPane.showMessageDialog(frame, res.getString("SignCsrAction.NoVerifyPkcs10Csr.message"), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE);
return;
}
} else if (fileType == CryptoFileType.SPKAC_CSR) {
spkacCsr = new Spkac(new FileInputStream(csrFile));
if (!spkacCsr.verify()) {
JOptionPane.showMessageDialog(frame, res.getString("SignCsrAction.NoVerifySpkacCsr.message"), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE);
return;
}
} else {
JOptionPane.showMessageDialog(frame, MessageFormat.format(res.getString("SignCsrAction.FileNotRecognisedType.message"), csrFile), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE);
return;
}
} catch (FileNotFoundException ex) {
JOptionPane.showMessageDialog(frame, MessageFormat.format(res.getString("SignCsrAction.NotFile.message"), csrFile), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE);
return;
} catch (Exception ex) {
String problemStr = MessageFormat.format(res.getString("SignCsrAction.NoOpenCsr.Problem"), csrFile.getName());
String[] causes = new String[] { res.getString("SignCsrAction.NotCsr.Cause"), res.getString("SignCsrAction.CorruptedCsr.Cause") };
Problem problem = new Problem(problemStr, causes, ex);
DProblem dProblem = new DProblem(frame, res.getString("SignCsrAction.ProblemOpeningCsr.Title"), problem);
dProblem.setLocationRelativeTo(frame);
dProblem.setVisible(true);
return;
}
X509Certificate[] signingChain = X509CertUtil.orderX509CertChain(X509CertUtil.convertCertificates(certs));
X509Certificate signingCert = signingChain[0];
PublicKey publicKey = null;
X500Name subject = null;
DSignCsr dSignCsr = null;
Provider provider = history.getExplicitProvider();
if (pkcs10Csr != null) {
publicKey = new JcaPKCS10CertificationRequest(pkcs10Csr).getPublicKey();
subject = pkcs10Csr.getSubject();
dSignCsr = new DSignCsr(frame, pkcs10Csr, csrFile, privateKey, keyPairType, signingCert, provider);
} else {
publicKey = spkacCsr.getPublicKey();
subject = spkacCsr.getSubject().getName();
dSignCsr = new DSignCsr(frame, spkacCsr, csrFile, privateKey, keyPairType, signingCert, provider);
}
dSignCsr.setLocationRelativeTo(frame);
dSignCsr.setVisible(true);
X509CertificateVersion version = dSignCsr.getVersion();
SignatureType signatureType = dSignCsr.getSignatureType();
Date validityStart = dSignCsr.getValidityStart();
Date validityEnd = dSignCsr.getValidityEnd();
BigInteger serialNumber = dSignCsr.getSerialNumber();
caReplyFile = dSignCsr.getCaReplyFile();
X509ExtensionSet extensions = dSignCsr.getExtensions();
if (version == null) {
return;
}
X500Name issuer = X500NameUtils.x500PrincipalToX500Name(signingCert.getSubjectX500Principal());
// CA Reply is a cert with subject from CSR and issuer from signing cert's subject
X509CertificateGenerator generator = new X509CertificateGenerator(version);
X509Certificate caReplyCert = generator.generate(subject, issuer, validityStart, validityEnd, publicKey, privateKey, signatureType, serialNumber, extensions, provider);
X509Certificate[] caReplyChain = new X509Certificate[signingChain.length + 1];
caReplyChain[0] = caReplyCert;
// Add all of the signing chain to the reply
System.arraycopy(signingChain, 0, caReplyChain, 1, signingChain.length);
byte[] caCertEncoded = X509CertUtil.getCertsEncodedPkcs7(caReplyChain);
fos = new FileOutputStream(caReplyFile);
fos.write(caCertEncoded);
} catch (FileNotFoundException ex) {
JOptionPane.showMessageDialog(frame, MessageFormat.format(res.getString("SignJarAction.NoWriteFile.message"), caReplyFile), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE);
return;
} catch (Exception ex) {
DError.displayError(frame, ex);
return;
} finally {
IOUtils.closeQuietly(fos);
}
JOptionPane.showMessageDialog(frame, res.getString("SignCsrAction.SignCsrSuccessful.message"), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.INFORMATION_MESSAGE);
}
use of org.kse.crypto.keypair.KeyPairType in project keystore-explorer by kaikramer.
the class DGenerateKeyPair method enableDisableElements.
protected void enableDisableElements() {
KeyPairType keyPairType = getKeyPairType();
jlRSAKeySize.setEnabled(keyPairType == KeyPairType.RSA);
jspRSAKeySize.setEnabled(keyPairType == KeyPairType.RSA);
jlDSAKeySize.setEnabled(keyPairType == KeyPairType.DSA);
jspDSAKeySize.setEnabled(keyPairType == KeyPairType.DSA);
jlECCurve.setEnabled(keyPairType == KeyPairType.EC);
jcbECCurve.setEnabled(keyPairType == KeyPairType.EC);
jlECCurveSet.setEnabled(keyPairType == KeyPairType.EC);
jcbECCurveSet.setEnabled(keyPairType == KeyPairType.EC);
}
use of org.kse.crypto.keypair.KeyPairType in project keystore-explorer by kaikramer.
the class DGenerateKeyPair method correctKeyPairSize.
private void correctKeyPairSize() {
KeyPairType keyPairType = getKeyPairType();
int keyPairSize = getKeyPairSize();
int validatedKeyPairSize = validateKeyPairSize(keyPairType, keyPairSize);
if (validatedKeyPairSize != keyPairSize) {
if (keyPairType == KeyPairType.RSA) {
jspRSAKeySize.getModel().setValue(validatedKeyPairSize);
} else if (keyPairType == KeyPairType.DSA) {
jspDSAKeySize.getModel().setValue(validatedKeyPairSize);
}
}
}
use of org.kse.crypto.keypair.KeyPairType in project keystore-explorer by kaikramer.
the class GenerateCsrAction method doAction.
/**
* Do action.
*/
@Override
protected void doAction() {
File csrFile = null;
FileOutputStream fos = null;
try {
KeyStoreHistory history = kseFrame.getActiveKeyStoreHistory();
KeyStoreState currentState = history.getCurrentState();
Provider provider = history.getExplicitProvider();
String alias = kseFrame.getSelectedEntryAlias();
Password password = getEntryPassword(alias, currentState);
if (password == null) {
return;
}
KeyStore keyStore = currentState.getKeyStore();
PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, password.toCharArray());
String keyPairAlg = privateKey.getAlgorithm();
KeyPairType keyPairType = KeyPairUtil.getKeyPairType(privateKey);
if (keyPairType == null) {
throw new CryptoException(MessageFormat.format(res.getString("GenerateCsrAction.NoCsrForKeyPairAlg.message"), keyPairAlg));
}
// determine dir of current keystore as proposal for CSR file location
String path = CurrentDirectory.get().getAbsolutePath();
File keyStoreFile = history.getFile();
if (keyStoreFile != null) {
path = keyStoreFile.getAbsoluteFile().getParent();
}
DGenerateCsr dGenerateCsr = new DGenerateCsr(frame, alias, privateKey, keyPairType, path, provider);
dGenerateCsr.setLocationRelativeTo(frame);
dGenerateCsr.setVisible(true);
if (!dGenerateCsr.generateSelected()) {
return;
}
CsrType format = dGenerateCsr.getFormat();
SignatureType signatureType = dGenerateCsr.getSignatureType();
String challenge = dGenerateCsr.getChallenge();
String unstructuredName = dGenerateCsr.getUnstructuredName();
boolean useCertificateExtensions = dGenerateCsr.isAddExtensionsWanted();
csrFile = dGenerateCsr.getCsrFile();
X509Certificate firstCertInChain = X509CertUtil.orderX509CertChain(X509CertUtil.convertCertificates(keyStore.getCertificateChain(alias)))[0];
fos = new FileOutputStream(csrFile);
if (format == CsrType.PKCS10) {
String csr = Pkcs10Util.getCsrEncodedDerPem(Pkcs10Util.generateCsr(firstCertInChain, privateKey, signatureType, challenge, unstructuredName, useCertificateExtensions, provider));
fos.write(csr.getBytes());
} else {
SpkacSubject subject = new SpkacSubject(X500NameUtils.x500PrincipalToX500Name(firstCertInChain.getSubjectX500Principal()));
PublicKey publicKey = firstCertInChain.getPublicKey();
// TODO handle other providers (PKCS11 etc)
Spkac spkac = new Spkac(challenge, signatureType, subject, publicKey, privateKey);
spkac.output(fos);
}
} catch (FileNotFoundException ex) {
JOptionPane.showMessageDialog(frame, MessageFormat.format(res.getString("GenerateCsrAction.NoWriteFile.message"), csrFile), res.getString("GenerateCsrAction.GenerateCsr.Title"), JOptionPane.WARNING_MESSAGE);
return;
} catch (Exception ex) {
DError.displayError(frame, ex);
return;
} finally {
IOUtils.closeQuietly(fos);
}
JOptionPane.showMessageDialog(frame, res.getString("GenerateCsrAction.CsrGenerationSuccessful.message"), res.getString("GenerateCsrAction.GenerateCsr.Title"), JOptionPane.INFORMATION_MESSAGE);
}
use of org.kse.crypto.keypair.KeyPairType in project keystore-explorer by kaikramer.
the class GenerateKeyPairAction method generateKeyPair.
/**
* Generate a key pair (with certificate) in the currently opened KeyStore.
*
* @param issuerCert
* Issuer certificate for signing the new certificate
* @param issuerCertChain
* Chain of issuer certificate
* @param issuerPrivateKey
* Issuer's private key for signing
* @return Alias of new key pair
*/
public String generateKeyPair(X509Certificate issuerCert, X509Certificate[] issuerCertChain, PrivateKey issuerPrivateKey) {
String alias = "";
try {
int keyPairSize = applicationSettings.getGenerateKeyPairSize();
KeyPairType keyPairType = applicationSettings.getGenerateKeyPairType();
KeyStore activeKeyStore = kseFrame.getActiveKeyStore();
KeyStoreType activeKeyStoreType = KeyStoreType.resolveJce(activeKeyStore.getType());
KeyStoreHistory history = kseFrame.getActiveKeyStoreHistory();
Provider provider = history.getExplicitProvider();
DGenerateKeyPair dGenerateKeyPair = new DGenerateKeyPair(frame, activeKeyStoreType, keyPairType, keyPairSize);
dGenerateKeyPair.setLocationRelativeTo(frame);
dGenerateKeyPair.setVisible(true);
if (!dGenerateKeyPair.isSuccessful()) {
return "";
}
keyPairType = dGenerateKeyPair.getKeyPairType();
DGeneratingKeyPair dGeneratingKeyPair;
if (keyPairType != KeyPairType.EC) {
keyPairSize = dGenerateKeyPair.getKeyPairSize();
dGeneratingKeyPair = new DGeneratingKeyPair(frame, keyPairType, keyPairSize, provider);
applicationSettings.setGenerateKeyPairSize(keyPairSize);
applicationSettings.setGenerateKeyPairType(keyPairType);
} else {
String curveName = dGenerateKeyPair.getCurveName();
dGeneratingKeyPair = new DGeneratingKeyPair(frame, keyPairType, curveName, provider);
}
dGeneratingKeyPair.setLocationRelativeTo(frame);
dGeneratingKeyPair.startKeyPairGeneration();
dGeneratingKeyPair.setVisible(true);
KeyPair keyPair = dGeneratingKeyPair.getKeyPair();
if (keyPair == null) {
return "";
}
DGenerateKeyPairCert dGenerateKeyPairCert = new DGenerateKeyPairCert(frame, res.getString("GenerateKeyPairAction.GenerateKeyPairCert.Title"), keyPair, keyPairType, issuerCert, issuerPrivateKey, provider);
dGenerateKeyPairCert.setLocationRelativeTo(frame);
dGenerateKeyPairCert.setVisible(true);
X509Certificate certificate = dGenerateKeyPairCert.getCertificate();
if (certificate == null) {
return "";
}
KeyStoreState currentState = history.getCurrentState();
KeyStoreState newState = currentState.createBasisForNextState(this);
KeyStore keyStore = newState.getKeyStore();
DGetAlias dGetAlias = new DGetAlias(frame, res.getString("GenerateKeyPairAction.NewKeyPairEntryAlias.Title"), X509CertUtil.getCertificateAlias(certificate));
dGetAlias.setLocationRelativeTo(frame);
dGetAlias.setVisible(true);
alias = dGetAlias.getAlias();
if (alias == null) {
return "";
}
if (keyStore.containsAlias(alias)) {
String message = MessageFormat.format(res.getString("GenerateKeyPairAction.OverWriteEntry.message"), alias);
int selected = JOptionPane.showConfirmDialog(frame, message, res.getString("GenerateKeyPairAction.NewKeyPairEntryAlias.Title"), JOptionPane.YES_NO_OPTION);
if (selected != JOptionPane.YES_OPTION) {
return "";
}
}
Password password = new Password((char[]) null);
KeyStoreType keyStoreType = KeyStoreType.resolveJce(activeKeyStore.getType());
if (keyStoreType.hasEntryPasswords()) {
DGetNewPassword dGetNewPassword = new DGetNewPassword(frame, res.getString("GenerateKeyPairAction.NewKeyPairEntryPassword.Title"), applicationSettings.getPasswordQualityConfig());
dGetNewPassword.setLocationRelativeTo(frame);
dGetNewPassword.setVisible(true);
password = dGetNewPassword.getPassword();
if (password == null) {
return "";
}
}
if (keyStore.containsAlias(alias)) {
keyStore.deleteEntry(alias);
newState.removeEntryPassword(alias);
}
// create new chain with certificates from issuer chain
X509Certificate[] newCertChain = null;
if (issuerCertChain != null) {
newCertChain = new X509Certificate[issuerCertChain.length + 1];
System.arraycopy(issuerCertChain, 0, newCertChain, 1, issuerCertChain.length);
newCertChain[0] = certificate;
} else {
newCertChain = new X509Certificate[] { certificate };
}
keyStore.setKeyEntry(alias, keyPair.getPrivate(), password.toCharArray(), newCertChain);
newState.setEntryPassword(alias, password);
currentState.append(newState);
kseFrame.updateControls(true);
JOptionPane.showMessageDialog(frame, res.getString("GenerateKeyPairAction.KeyPairGenerationSuccessful.message"), res.getString("GenerateKeyPairAction.GenerateKeyPair.Title"), JOptionPane.INFORMATION_MESSAGE);
} catch (Exception ex) {
DError.displayError(frame, ex);
}
return alias;
}
Aggregations