use of org.kse.crypto.x509.X509CertificateGenerator in project keystore-explorer by kaikramer.
the class SignCsrAction method doAction.
/**
* Do action.
*/
@Override
protected void doAction() {
FileOutputStream fos = null;
File caReplyFile = null;
try {
KeyStoreHistory history = kseFrame.getActiveKeyStoreHistory();
KeyStoreState currentState = history.getCurrentState();
String alias = kseFrame.getSelectedEntryAlias();
Password password = getEntryPassword(alias, currentState);
if (password == null) {
return;
}
KeyStore keyStore = currentState.getKeyStore();
PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, password.toCharArray());
Certificate[] certs = keyStore.getCertificateChain(alias);
KeyPairType keyPairType = KeyPairUtil.getKeyPairType(privateKey);
File csrFile = chooseCsrFile();
if (csrFile == null) {
return;
}
PKCS10CertificationRequest pkcs10Csr = null;
Spkac spkacCsr = null;
try {
CryptoFileType fileType = CryptoFileUtil.detectFileType(new FileInputStream(csrFile));
if (fileType == CryptoFileType.PKCS10_CSR) {
pkcs10Csr = Pkcs10Util.loadCsr(new FileInputStream(csrFile));
if (!Pkcs10Util.verifyCsr(pkcs10Csr)) {
JOptionPane.showMessageDialog(frame, res.getString("SignCsrAction.NoVerifyPkcs10Csr.message"), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE);
return;
}
} else if (fileType == CryptoFileType.SPKAC_CSR) {
spkacCsr = new Spkac(new FileInputStream(csrFile));
if (!spkacCsr.verify()) {
JOptionPane.showMessageDialog(frame, res.getString("SignCsrAction.NoVerifySpkacCsr.message"), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE);
return;
}
} else {
JOptionPane.showMessageDialog(frame, MessageFormat.format(res.getString("SignCsrAction.FileNotRecognisedType.message"), csrFile), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE);
return;
}
} catch (FileNotFoundException ex) {
JOptionPane.showMessageDialog(frame, MessageFormat.format(res.getString("SignCsrAction.NotFile.message"), csrFile), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE);
return;
} catch (Exception ex) {
String problemStr = MessageFormat.format(res.getString("SignCsrAction.NoOpenCsr.Problem"), csrFile.getName());
String[] causes = new String[] { res.getString("SignCsrAction.NotCsr.Cause"), res.getString("SignCsrAction.CorruptedCsr.Cause") };
Problem problem = new Problem(problemStr, causes, ex);
DProblem dProblem = new DProblem(frame, res.getString("SignCsrAction.ProblemOpeningCsr.Title"), problem);
dProblem.setLocationRelativeTo(frame);
dProblem.setVisible(true);
return;
}
X509Certificate[] signingChain = X509CertUtil.orderX509CertChain(X509CertUtil.convertCertificates(certs));
X509Certificate signingCert = signingChain[0];
PublicKey publicKey = null;
X500Name subject = null;
DSignCsr dSignCsr = null;
Provider provider = history.getExplicitProvider();
if (pkcs10Csr != null) {
publicKey = new JcaPKCS10CertificationRequest(pkcs10Csr).getPublicKey();
subject = pkcs10Csr.getSubject();
dSignCsr = new DSignCsr(frame, pkcs10Csr, csrFile, privateKey, keyPairType, signingCert, provider);
} else {
publicKey = spkacCsr.getPublicKey();
subject = spkacCsr.getSubject().getName();
dSignCsr = new DSignCsr(frame, spkacCsr, csrFile, privateKey, keyPairType, signingCert, provider);
}
dSignCsr.setLocationRelativeTo(frame);
dSignCsr.setVisible(true);
X509CertificateVersion version = dSignCsr.getVersion();
SignatureType signatureType = dSignCsr.getSignatureType();
Date validityStart = dSignCsr.getValidityStart();
Date validityEnd = dSignCsr.getValidityEnd();
BigInteger serialNumber = dSignCsr.getSerialNumber();
caReplyFile = dSignCsr.getCaReplyFile();
X509ExtensionSet extensions = dSignCsr.getExtensions();
if (version == null) {
return;
}
X500Name issuer = X500NameUtils.x500PrincipalToX500Name(signingCert.getSubjectX500Principal());
// CA Reply is a cert with subject from CSR and issuer from signing cert's subject
X509CertificateGenerator generator = new X509CertificateGenerator(version);
X509Certificate caReplyCert = generator.generate(subject, issuer, validityStart, validityEnd, publicKey, privateKey, signatureType, serialNumber, extensions, provider);
X509Certificate[] caReplyChain = new X509Certificate[signingChain.length + 1];
caReplyChain[0] = caReplyCert;
// Add all of the signing chain to the reply
System.arraycopy(signingChain, 0, caReplyChain, 1, signingChain.length);
byte[] caCertEncoded = X509CertUtil.getCertsEncodedPkcs7(caReplyChain);
fos = new FileOutputStream(caReplyFile);
fos.write(caCertEncoded);
} catch (FileNotFoundException ex) {
JOptionPane.showMessageDialog(frame, MessageFormat.format(res.getString("SignJarAction.NoWriteFile.message"), caReplyFile), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE);
return;
} catch (Exception ex) {
DError.displayError(frame, ex);
return;
} finally {
IOUtils.closeQuietly(fos);
}
JOptionPane.showMessageDialog(frame, res.getString("SignCsrAction.SignCsrSuccessful.message"), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.INFORMATION_MESSAGE);
}
use of org.kse.crypto.x509.X509CertificateGenerator in project keystore-explorer by kaikramer.
the class DGenerateKeyPairCert method generateCertificate.
private boolean generateCertificate() {
Date validityStart = jdtValidityStart.getDateTime();
Date validityEnd = jdtValidityEnd.getDateTime();
String serialNumberStr = jtfSerialNumber.getText().trim();
if (serialNumberStr.length() == 0) {
JOptionPane.showMessageDialog(this, res.getString("DGenerateKeyPairCert.ValReqSerialNumber.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
return false;
}
BigInteger serialNumber;
try {
serialNumber = new BigInteger(serialNumberStr);
if (serialNumber.compareTo(BigInteger.ONE) < 0) {
JOptionPane.showMessageDialog(this, res.getString("DGenerateKeyPairCert.SerialNumberNonZero.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
return false;
}
} catch (NumberFormatException ex) {
JOptionPane.showMessageDialog(this, res.getString("DGenerateKeyPairCert.SerialNumberNotInteger.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
return false;
}
X500Name x500Name = jdnName.getDistinguishedName();
if (x500Name == null || x500Name.toString().isEmpty()) {
JOptionPane.showMessageDialog(this, res.getString("DGenerateKeyPairCert.NameValueReq.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
return false;
}
try {
SignatureType signatureType = ((SignatureType) jcbSignatureAlgorithm.getSelectedItem());
X509CertificateGenerator generator;
if (jrbVersion1.isSelected()) {
generator = new X509CertificateGenerator(VERSION1);
} else {
generator = new X509CertificateGenerator(VERSION3);
}
// self-signed or signed by other key pair?
if (issuerPrivateKey == null) {
certificate = generator.generateSelfSigned(x500Name, validityStart, validityEnd, keyPair.getPublic(), keyPair.getPrivate(), signatureType, serialNumber, extensions, provider);
} else {
certificate = generator.generate(x500Name, X500NameUtils.x500PrincipalToX500Name(issuerCert.getSubjectX500Principal()), validityStart, validityEnd, keyPair.getPublic(), issuerPrivateKey, signatureType, serialNumber, extensions, provider);
}
} catch (CryptoException ex) {
DError dError = new DError(this, ex);
dError.setLocationRelativeTo(getParent());
dError.setVisible(true);
closeDialog();
}
return true;
}
use of org.kse.crypto.x509.X509CertificateGenerator in project keystore-explorer by kaikramer.
the class SignatureAlgorithmsTest method setUp.
@BeforeAll
private static void setUp() throws Exception {
rsaKeyPair = KeyPairUtil.generateKeyPair(RSA, 2048, BC);
dsaKeyPair = KeyPairUtil.generateKeyPair(DSA, 1024, BC);
ecKeyPair = KeyPairUtil.generateECKeyPair("prime192v1", BC);
generatorv1 = new X509CertificateGenerator(VERSION1);
generatorv3 = new X509CertificateGenerator(VERSION3);
}
Aggregations