Search in sources :

Example 11 with KeyStoreType

use of org.kse.crypto.keystore.KeyStoreType in project keystore-explorer by kaikramer.

the class ChangeTypeAction method doAction.

/**
 * Do action.
 */
@Override
protected void doAction() {
    KeyStoreType currentType = KeyStoreType.resolveJce(kseFrame.getActiveKeyStoreHistory().getCurrentState().getKeyStore().getType());
    if (currentType == newType) {
        return;
    }
    boolean changeResult = changeKeyStoreType(newType);
    if (!changeResult) {
        // Change type failed or cancelled - revert radio button menu item for KeyStore type
        kseFrame.updateControls(false);
    }
}
Also used : KeyStoreType(org.kse.crypto.keystore.KeyStoreType)

Example 12 with KeyStoreType

use of org.kse.crypto.keystore.KeyStoreType in project keystore-explorer by kaikramer.

the class GenerateKeyPairAction method generateKeyPair.

/**
 * Generate a key pair (with certificate) in the currently opened KeyStore.
 *
 * @param issuerCert
 *                 Issuer certificate for signing the new certificate
 * @param issuerCertChain
 *                 Chain of issuer certificate
 * @param issuerPrivateKey
 *                 Issuer's private key for signing
 * @return Alias of new key pair
 */
public String generateKeyPair(X509Certificate issuerCert, X509Certificate[] issuerCertChain, PrivateKey issuerPrivateKey) {
    String alias = "";
    try {
        int keyPairSize = applicationSettings.getGenerateKeyPairSize();
        KeyPairType keyPairType = applicationSettings.getGenerateKeyPairType();
        KeyStore activeKeyStore = kseFrame.getActiveKeyStore();
        KeyStoreType activeKeyStoreType = KeyStoreType.resolveJce(activeKeyStore.getType());
        KeyStoreHistory history = kseFrame.getActiveKeyStoreHistory();
        Provider provider = history.getExplicitProvider();
        DGenerateKeyPair dGenerateKeyPair = new DGenerateKeyPair(frame, activeKeyStoreType, keyPairType, keyPairSize);
        dGenerateKeyPair.setLocationRelativeTo(frame);
        dGenerateKeyPair.setVisible(true);
        if (!dGenerateKeyPair.isSuccessful()) {
            return "";
        }
        keyPairType = dGenerateKeyPair.getKeyPairType();
        DGeneratingKeyPair dGeneratingKeyPair;
        if (keyPairType != KeyPairType.EC) {
            keyPairSize = dGenerateKeyPair.getKeyPairSize();
            dGeneratingKeyPair = new DGeneratingKeyPair(frame, keyPairType, keyPairSize, provider);
            applicationSettings.setGenerateKeyPairSize(keyPairSize);
            applicationSettings.setGenerateKeyPairType(keyPairType);
        } else {
            String curveName = dGenerateKeyPair.getCurveName();
            dGeneratingKeyPair = new DGeneratingKeyPair(frame, keyPairType, curveName, provider);
        }
        dGeneratingKeyPair.setLocationRelativeTo(frame);
        dGeneratingKeyPair.startKeyPairGeneration();
        dGeneratingKeyPair.setVisible(true);
        KeyPair keyPair = dGeneratingKeyPair.getKeyPair();
        if (keyPair == null) {
            return "";
        }
        DGenerateKeyPairCert dGenerateKeyPairCert = new DGenerateKeyPairCert(frame, res.getString("GenerateKeyPairAction.GenerateKeyPairCert.Title"), keyPair, keyPairType, issuerCert, issuerPrivateKey, provider);
        dGenerateKeyPairCert.setLocationRelativeTo(frame);
        dGenerateKeyPairCert.setVisible(true);
        X509Certificate certificate = dGenerateKeyPairCert.getCertificate();
        if (certificate == null) {
            return "";
        }
        KeyStoreState currentState = history.getCurrentState();
        KeyStoreState newState = currentState.createBasisForNextState(this);
        KeyStore keyStore = newState.getKeyStore();
        DGetAlias dGetAlias = new DGetAlias(frame, res.getString("GenerateKeyPairAction.NewKeyPairEntryAlias.Title"), X509CertUtil.getCertificateAlias(certificate));
        dGetAlias.setLocationRelativeTo(frame);
        dGetAlias.setVisible(true);
        alias = dGetAlias.getAlias();
        if (alias == null) {
            return "";
        }
        if (keyStore.containsAlias(alias)) {
            String message = MessageFormat.format(res.getString("GenerateKeyPairAction.OverWriteEntry.message"), alias);
            int selected = JOptionPane.showConfirmDialog(frame, message, res.getString("GenerateKeyPairAction.NewKeyPairEntryAlias.Title"), JOptionPane.YES_NO_OPTION);
            if (selected != JOptionPane.YES_OPTION) {
                return "";
            }
        }
        Password password = new Password((char[]) null);
        KeyStoreType keyStoreType = KeyStoreType.resolveJce(activeKeyStore.getType());
        if (keyStoreType.hasEntryPasswords()) {
            DGetNewPassword dGetNewPassword = new DGetNewPassword(frame, res.getString("GenerateKeyPairAction.NewKeyPairEntryPassword.Title"), applicationSettings.getPasswordQualityConfig());
            dGetNewPassword.setLocationRelativeTo(frame);
            dGetNewPassword.setVisible(true);
            password = dGetNewPassword.getPassword();
            if (password == null) {
                return "";
            }
        }
        if (keyStore.containsAlias(alias)) {
            keyStore.deleteEntry(alias);
            newState.removeEntryPassword(alias);
        }
        // create new chain with certificates from issuer chain
        X509Certificate[] newCertChain = null;
        if (issuerCertChain != null) {
            newCertChain = new X509Certificate[issuerCertChain.length + 1];
            System.arraycopy(issuerCertChain, 0, newCertChain, 1, issuerCertChain.length);
            newCertChain[0] = certificate;
        } else {
            newCertChain = new X509Certificate[] { certificate };
        }
        keyStore.setKeyEntry(alias, keyPair.getPrivate(), password.toCharArray(), newCertChain);
        newState.setEntryPassword(alias, password);
        currentState.append(newState);
        kseFrame.updateControls(true);
        JOptionPane.showMessageDialog(frame, res.getString("GenerateKeyPairAction.KeyPairGenerationSuccessful.message"), res.getString("GenerateKeyPairAction.GenerateKeyPair.Title"), JOptionPane.INFORMATION_MESSAGE);
    } catch (Exception ex) {
        DError.displayError(frame, ex);
    }
    return alias;
}
Also used : KeyPair(java.security.KeyPair) DGenerateKeyPair(org.kse.gui.dialogs.DGenerateKeyPair) DGeneratingKeyPair(org.kse.gui.dialogs.DGeneratingKeyPair) KeyStoreState(org.kse.utilities.history.KeyStoreState) KeyStoreHistory(org.kse.utilities.history.KeyStoreHistory) KeyStore(java.security.KeyStore) DGenerateKeyPairCert(org.kse.gui.dialogs.DGenerateKeyPairCert) X509Certificate(java.security.cert.X509Certificate) Provider(java.security.Provider) DGetAlias(org.kse.gui.dialogs.DGetAlias) KeyStoreType(org.kse.crypto.keystore.KeyStoreType) DGeneratingKeyPair(org.kse.gui.dialogs.DGeneratingKeyPair) KeyPairType(org.kse.crypto.keypair.KeyPairType) DGenerateKeyPair(org.kse.gui.dialogs.DGenerateKeyPair) DGetNewPassword(org.kse.gui.password.DGetNewPassword) DGetNewPassword(org.kse.gui.password.DGetNewPassword) Password(org.kse.crypto.Password)

Example 13 with KeyStoreType

use of org.kse.crypto.keystore.KeyStoreType in project keystore-explorer by kaikramer.

the class ImportCaReplyFromFileAction method doAction.

/**
 * Do action.
 */
@Override
protected void doAction() {
    try {
        KeyStoreHistory history = kseFrame.getActiveKeyStoreHistory();
        KeyStoreState currentState = history.getCurrentState();
        String alias = kseFrame.getSelectedEntryAlias();
        Password password = getEntryPassword(alias, currentState);
        if (password == null) {
            return;
        }
        KeyStoreState newState = currentState.createBasisForNextState(this);
        KeyStore keyStore = newState.getKeyStore();
        KeyStoreType keyStoreType = KeyStoreType.resolveJce(keyStore.getType());
        Key privateKey = keyStore.getKey(alias, password.toCharArray());
        File caReplyFile = chooseCaFile();
        if (caReplyFile == null) {
            return;
        }
        X509Certificate[] certs = openCaReply(caReplyFile);
        if ((certs == null) || (certs.length == 0)) {
            return;
        }
        certs = X509CertUtil.orderX509CertChain(certs);
        X509Certificate[] exitingEntryCerts = X509CertUtil.orderX509CertChain(X509CertUtil.convertCertificates(keyStore.getCertificateChain(alias)));
        if (!exitingEntryCerts[0].getPublicKey().equals(certs[0].getPublicKey())) {
            JOptionPane.showMessageDialog(frame, res.getString("ImportCaReplyFromFileAction.NoMatchPubKeyCaReply.message"), res.getString("ImportCaReplyFromFileAction.ImportCaReply.Title"), JOptionPane.WARNING_MESSAGE);
            return;
        }
        // Holds the new certificate chain for the entry should the import succeed
        X509Certificate[] newCertChain = null;
        if (!applicationSettings.getEnableImportCaReplyTrustCheck()) {
            newCertChain = certs;
        } else {
            KeyStore caCertificates = getCaCertificates();
            KeyStore windowsTrustedRootCertificates = getWindowsTrustedRootCertificates();
            // of the certificates in the CA Certificates or current KeyStore
            if (certs.length > 1) {
                X509Certificate rootCert = certs[certs.length - 1];
                String matchAlias = null;
                if (// Match against CA Certificates KeyStore
                caCertificates != null) {
                    matchAlias = X509CertUtil.matchCertificate(caCertificates, rootCert);
                }
                // Match against Windows Trusted Root Certificates KeyStore
                if ((windowsTrustedRootCertificates != null) && (matchAlias == null)) {
                    matchAlias = X509CertUtil.matchCertificate(windowsTrustedRootCertificates, rootCert);
                }
                if (// Match against current KeyStore
                matchAlias == null) {
                    matchAlias = X509CertUtil.matchCertificate(keyStore, rootCert);
                }
                if (matchAlias == null) {
                    // No match for the root certificate - display the certificate to the user for confirmation
                    JOptionPane.showMessageDialog(frame, res.getString("ImportCaReplyFromFileAction.NoMatchRootCertCaReplyConfirm.message"), res.getString("ImportCaReplyFromFileAction.ImportCaReply.Title"), JOptionPane.INFORMATION_MESSAGE);
                    DViewCertificate dViewCertificate = new DViewCertificate(frame, MessageFormat.format(res.getString("ImportCaReplyFromFileAction.CertDetailsFile.Title"), caReplyFile.getName()), new X509Certificate[] { rootCert }, null, DViewCertificate.NONE);
                    dViewCertificate.setLocationRelativeTo(frame);
                    dViewCertificate.setVisible(true);
                    int selected = JOptionPane.showConfirmDialog(frame, res.getString("ImportCaReplyFromFileAction.AcceptCaReply.message"), res.getString("ImportCaReplyFromFileAction.ImportCaReply.Title"), JOptionPane.YES_NO_OPTION);
                    if (selected != JOptionPane.YES_OPTION) {
                        return;
                    }
                    newCertChain = certs;
                } else {
                    newCertChain = certs;
                }
            } else // Single X.509 certificate reply - try and establish a chain of
            // trust from the certificate and ending with a root CA self-signed certificate
            {
                // Establish trust against current KeyStore
                ArrayList<KeyStore> compKeyStores = new ArrayList<KeyStore>();
                compKeyStores.add(keyStore);
                if (caCertificates != null) {
                    // Establish trust against CA Certificates KeyStore
                    compKeyStores.add(caCertificates);
                }
                if (windowsTrustedRootCertificates != null) {
                    // Establish trust against Windows Trusted Root Certificates KeyStore
                    compKeyStores.add(windowsTrustedRootCertificates);
                }
                X509Certificate[] trustChain = X509CertUtil.establishTrust(certs[0], compKeyStores.toArray(new KeyStore[compKeyStores.size()]));
                if (trustChain != null) {
                    newCertChain = trustChain;
                } else {
                    // Cannot establish trust for the certificate - fail
                    JOptionPane.showMessageDialog(frame, res.getString("ImportCaReplyFromFileAction.NoTrustCaReply.message"), res.getString("ImportCaReplyFromFileAction.ImportCaReply.Title"), JOptionPane.WARNING_MESSAGE);
                    return;
                }
            }
        }
        if (keyStoreType.isFileBased()) {
            // TODO: why or when is delete actually necessary???
            keyStore.deleteEntry(alias);
            keyStore.setKeyEntry(alias, privateKey, password.toCharArray(), newCertChain);
        } else {
            keyStore.setKeyEntry(alias, privateKey, password.toCharArray(), newCertChain);
        }
        currentState.append(newState);
        kseFrame.updateControls(true);
        JOptionPane.showMessageDialog(frame, res.getString("ImportCaReplyFromFileAction.ImportCaReplySuccessful.message"), res.getString("ImportCaReplyFromFileAction.ImportCaReply.Title"), JOptionPane.INFORMATION_MESSAGE);
    } catch (Exception ex) {
        DError.displayError(frame, ex);
    }
}
Also used : KeyStoreState(org.kse.utilities.history.KeyStoreState) KeyStoreHistory(org.kse.utilities.history.KeyStoreHistory) ArrayList(java.util.ArrayList) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) FileNotFoundException(java.io.FileNotFoundException) KeyStoreType(org.kse.crypto.keystore.KeyStoreType) DViewCertificate(org.kse.gui.dialogs.DViewCertificate) File(java.io.File) Key(java.security.Key) Password(org.kse.crypto.Password)

Example 14 with KeyStoreType

use of org.kse.crypto.keystore.KeyStoreType in project keystore-explorer by kaikramer.

the class OpenDefaultAction method doAction.

/**
 * Do action.
 */
@Override
protected void doAction() {
    File defaultKeyStoreFile = new File(System.getProperty("user.home"), ".keystore");
    if (defaultKeyStoreFile.isFile()) {
        openKeyStore(defaultKeyStoreFile);
        return;
    }
    int selected = JOptionPane.showConfirmDialog(frame, res.getString("OpenDefaultAction.NoDefaultKeyStoreCreate.message"), res.getString("OpenDefaultAction.OpenDefaultKeyStore.Title"), JOptionPane.YES_NO_OPTION);
    if (selected != JOptionPane.YES_OPTION) {
        return;
    }
    try {
        DNewKeyStoreType dNewKeyStoreType = new DNewKeyStoreType(frame);
        dNewKeyStoreType.setLocationRelativeTo(frame);
        dNewKeyStoreType.setVisible(true);
        KeyStoreType keyStoreType = dNewKeyStoreType.getKeyStoreType();
        if (keyStoreType == null) {
            return;
        }
        Password password = getNewKeyStorePassword();
        if (password == null) {
            return;
        }
        KeyStore defaultKeyStore = KeyStoreUtil.create(keyStoreType);
        KeyStoreUtil.save(defaultKeyStore, defaultKeyStoreFile, password);
        kseFrame.addKeyStore(defaultKeyStore, defaultKeyStoreFile, password);
    } catch (Exception ex) {
        DError.displayError(frame, ex);
    }
}
Also used : DNewKeyStoreType(org.kse.gui.dialogs.DNewKeyStoreType) KeyStoreType(org.kse.crypto.keystore.KeyStoreType) DNewKeyStoreType(org.kse.gui.dialogs.DNewKeyStoreType) File(java.io.File) KeyStore(java.security.KeyStore) Password(org.kse.crypto.Password)

Example 15 with KeyStoreType

use of org.kse.crypto.keystore.KeyStoreType in project keystore-explorer by kaikramer.

the class PasteAction method pasteEntry.

private boolean pasteEntry(BufferEntry bufferEntry) {
    try {
        KeyStoreHistory history = kseFrame.getActiveKeyStoreHistory();
        KeyStoreState currentState = history.getCurrentState();
        KeyStoreState newState = currentState.createBasisForNextState(this);
        KeyStore keyStore = newState.getKeyStore();
        String alias = bufferEntry.getName();
        if (keyStore.containsAlias(alias)) {
            if (bufferEntry.isCut()) {
                int selected = JOptionPane.showConfirmDialog(frame, MessageFormat.format(res.getString("PasteAction.PasteExistsReplace.message"), alias), res.getString("PasteAction.Paste.Title"), JOptionPane.YES_NO_OPTION);
                if (selected != JOptionPane.YES_OPTION) {
                    return false;
                }
                keyStore.deleteEntry(alias);
                newState.removeEntryPassword(alias);
            } else {
                alias = getUniqueEntryName(alias, keyStore);
            }
        }
        if (bufferEntry instanceof KeyBufferEntry) {
            KeyStoreType keyStoreType = KeyStoreType.resolveJce(keyStore.getType());
            if (!keyStoreType.supportsKeyEntries()) {
                JOptionPane.showMessageDialog(frame, MessageFormat.format(res.getString("PasteAction.NoPasteKeyEntry.message"), keyStoreType.friendly()), res.getString("PasteAction.Paste.Title"), JOptionPane.WARNING_MESSAGE);
                return false;
            }
            KeyBufferEntry keyBufferEntry = (KeyBufferEntry) bufferEntry;
            Key key = keyBufferEntry.getKey();
            Password password = keyBufferEntry.getPassword();
            keyStore.setKeyEntry(alias, key, password.toCharArray(), null);
            newState.setEntryPassword(alias, password);
        } else if (bufferEntry instanceof KeyPairBufferEntry) {
            KeyPairBufferEntry keyPairBufferEntry = (KeyPairBufferEntry) bufferEntry;
            PrivateKey privateKey = keyPairBufferEntry.getPrivateKey();
            Password password = keyPairBufferEntry.getPassword();
            Certificate[] certificateChain = keyPairBufferEntry.getCertificateChain();
            keyStore.setKeyEntry(alias, privateKey, password.toCharArray(), certificateChain);
            newState.setEntryPassword(alias, password);
        } else {
            TrustedCertificateBufferEntry certBufferEntry = (TrustedCertificateBufferEntry) bufferEntry;
            keyStore.setCertificateEntry(alias, certBufferEntry.getTrustedCertificate());
        }
        if (bufferEntry.isCut()) {
            Buffer.clear();
        }
        currentState.append(newState);
        kseFrame.updateControls(true);
        return true;
    } catch (Exception ex) {
        DError.displayError(frame, ex);
        return false;
    }
}
Also used : KeyStoreState(org.kse.utilities.history.KeyStoreState) KeyStoreHistory(org.kse.utilities.history.KeyStoreHistory) PrivateKey(java.security.PrivateKey) KeyStore(java.security.KeyStore) KeyStoreException(java.security.KeyStoreException) KeyBufferEntry(org.kse.utilities.buffer.KeyBufferEntry) KeyPairBufferEntry(org.kse.utilities.buffer.KeyPairBufferEntry) KeyStoreType(org.kse.crypto.keystore.KeyStoreType) TrustedCertificateBufferEntry(org.kse.utilities.buffer.TrustedCertificateBufferEntry) Key(java.security.Key) PrivateKey(java.security.PrivateKey) Password(org.kse.crypto.Password)

Aggregations

KeyStoreType (org.kse.crypto.keystore.KeyStoreType)19 KeyStore (java.security.KeyStore)16 KeyStoreState (org.kse.utilities.history.KeyStoreState)13 Password (org.kse.crypto.Password)12 KeyStoreHistory (org.kse.utilities.history.KeyStoreHistory)11 X509Certificate (java.security.cert.X509Certificate)7 PrivateKey (java.security.PrivateKey)6 DGetAlias (org.kse.gui.dialogs.DGetAlias)6 DGetNewPassword (org.kse.gui.password.DGetNewPassword)6 Certificate (java.security.cert.Certificate)4 Point (java.awt.Point)3 File (java.io.File)3 Key (java.security.Key)3 KeyStoreException (java.security.KeyStoreException)3 DNewKeyStoreType (org.kse.gui.dialogs.DNewKeyStoreType)3 FileNotFoundException (java.io.FileNotFoundException)2 GeneralSecurityException (java.security.GeneralSecurityException)2 ArrayList (java.util.ArrayList)2 CryptoException (org.kse.crypto.CryptoException)2 DViewCertificate (org.kse.gui.dialogs.DViewCertificate)2