Search in sources :

Example 1 with X509CertificateGenerator

use of org.kse.crypto.x509.X509CertificateGenerator in project keystore-explorer by kaikramer.

the class SignCsrAction method doAction.

/**
 * Do action.
 */
@Override
protected void doAction() {
    FileOutputStream fos = null;
    File caReplyFile = null;
    try {
        KeyStoreHistory history = kseFrame.getActiveKeyStoreHistory();
        KeyStoreState currentState = history.getCurrentState();
        String alias = kseFrame.getSelectedEntryAlias();
        Password password = getEntryPassword(alias, currentState);
        if (password == null) {
            return;
        }
        KeyStore keyStore = currentState.getKeyStore();
        PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, password.toCharArray());
        Certificate[] certs = keyStore.getCertificateChain(alias);
        KeyPairType keyPairType = KeyPairUtil.getKeyPairType(privateKey);
        File csrFile = chooseCsrFile();
        if (csrFile == null) {
            return;
        }
        PKCS10CertificationRequest pkcs10Csr = null;
        Spkac spkacCsr = null;
        try {
            CryptoFileType fileType = CryptoFileUtil.detectFileType(new FileInputStream(csrFile));
            if (fileType == CryptoFileType.PKCS10_CSR) {
                pkcs10Csr = Pkcs10Util.loadCsr(new FileInputStream(csrFile));
                if (!Pkcs10Util.verifyCsr(pkcs10Csr)) {
                    JOptionPane.showMessageDialog(frame, res.getString("SignCsrAction.NoVerifyPkcs10Csr.message"), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE);
                    return;
                }
            } else if (fileType == CryptoFileType.SPKAC_CSR) {
                spkacCsr = new Spkac(new FileInputStream(csrFile));
                if (!spkacCsr.verify()) {
                    JOptionPane.showMessageDialog(frame, res.getString("SignCsrAction.NoVerifySpkacCsr.message"), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE);
                    return;
                }
            } else {
                JOptionPane.showMessageDialog(frame, MessageFormat.format(res.getString("SignCsrAction.FileNotRecognisedType.message"), csrFile), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE);
                return;
            }
        } catch (FileNotFoundException ex) {
            JOptionPane.showMessageDialog(frame, MessageFormat.format(res.getString("SignCsrAction.NotFile.message"), csrFile), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE);
            return;
        } catch (Exception ex) {
            String problemStr = MessageFormat.format(res.getString("SignCsrAction.NoOpenCsr.Problem"), csrFile.getName());
            String[] causes = new String[] { res.getString("SignCsrAction.NotCsr.Cause"), res.getString("SignCsrAction.CorruptedCsr.Cause") };
            Problem problem = new Problem(problemStr, causes, ex);
            DProblem dProblem = new DProblem(frame, res.getString("SignCsrAction.ProblemOpeningCsr.Title"), problem);
            dProblem.setLocationRelativeTo(frame);
            dProblem.setVisible(true);
            return;
        }
        X509Certificate[] signingChain = X509CertUtil.orderX509CertChain(X509CertUtil.convertCertificates(certs));
        X509Certificate signingCert = signingChain[0];
        PublicKey publicKey = null;
        X500Name subject = null;
        DSignCsr dSignCsr = null;
        Provider provider = history.getExplicitProvider();
        if (pkcs10Csr != null) {
            publicKey = new JcaPKCS10CertificationRequest(pkcs10Csr).getPublicKey();
            subject = pkcs10Csr.getSubject();
            dSignCsr = new DSignCsr(frame, pkcs10Csr, csrFile, privateKey, keyPairType, signingCert, provider);
        } else {
            publicKey = spkacCsr.getPublicKey();
            subject = spkacCsr.getSubject().getName();
            dSignCsr = new DSignCsr(frame, spkacCsr, csrFile, privateKey, keyPairType, signingCert, provider);
        }
        dSignCsr.setLocationRelativeTo(frame);
        dSignCsr.setVisible(true);
        X509CertificateVersion version = dSignCsr.getVersion();
        SignatureType signatureType = dSignCsr.getSignatureType();
        Date validityStart = dSignCsr.getValidityStart();
        Date validityEnd = dSignCsr.getValidityEnd();
        BigInteger serialNumber = dSignCsr.getSerialNumber();
        caReplyFile = dSignCsr.getCaReplyFile();
        X509ExtensionSet extensions = dSignCsr.getExtensions();
        if (version == null) {
            return;
        }
        X500Name issuer = X500NameUtils.x500PrincipalToX500Name(signingCert.getSubjectX500Principal());
        // CA Reply is a cert with subject from CSR and issuer from signing cert's subject
        X509CertificateGenerator generator = new X509CertificateGenerator(version);
        X509Certificate caReplyCert = generator.generate(subject, issuer, validityStart, validityEnd, publicKey, privateKey, signatureType, serialNumber, extensions, provider);
        X509Certificate[] caReplyChain = new X509Certificate[signingChain.length + 1];
        caReplyChain[0] = caReplyCert;
        // Add all of the signing chain to the reply
        System.arraycopy(signingChain, 0, caReplyChain, 1, signingChain.length);
        byte[] caCertEncoded = X509CertUtil.getCertsEncodedPkcs7(caReplyChain);
        fos = new FileOutputStream(caReplyFile);
        fos.write(caCertEncoded);
    } catch (FileNotFoundException ex) {
        JOptionPane.showMessageDialog(frame, MessageFormat.format(res.getString("SignJarAction.NoWriteFile.message"), caReplyFile), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE);
        return;
    } catch (Exception ex) {
        DError.displayError(frame, ex);
        return;
    } finally {
        IOUtils.closeQuietly(fos);
    }
    JOptionPane.showMessageDialog(frame, res.getString("SignCsrAction.SignCsrSuccessful.message"), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.INFORMATION_MESSAGE);
}
Also used : KeyStoreHistory(org.kse.utilities.history.KeyStoreHistory) PrivateKey(java.security.PrivateKey) FileNotFoundException(java.io.FileNotFoundException) X500Name(org.bouncycastle.asn1.x500.X500Name) X509CertificateGenerator(org.kse.crypto.x509.X509CertificateGenerator) X509CertificateVersion(org.kse.crypto.x509.X509CertificateVersion) KeyPairType(org.kse.crypto.keypair.KeyPairType) Password(org.kse.crypto.Password) PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest) JcaPKCS10CertificationRequest(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest) DSignCsr(org.kse.gui.dialogs.sign.DSignCsr) KeyStoreState(org.kse.utilities.history.KeyStoreState) JcaPKCS10CertificationRequest(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest) PublicKey(java.security.PublicKey) SignatureType(org.kse.crypto.signing.SignatureType) KeyStore(java.security.KeyStore) FileInputStream(java.io.FileInputStream) FileNotFoundException(java.io.FileNotFoundException) DProblem(org.kse.gui.error.DProblem) X509Certificate(java.security.cert.X509Certificate) Date(java.util.Date) Provider(java.security.Provider) X509ExtensionSet(org.kse.crypto.x509.X509ExtensionSet) Spkac(org.kse.crypto.csr.spkac.Spkac) FileOutputStream(java.io.FileOutputStream) CryptoFileType(org.kse.crypto.filetype.CryptoFileType) BigInteger(java.math.BigInteger) Problem(org.kse.gui.error.Problem) DProblem(org.kse.gui.error.DProblem) File(java.io.File) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 2 with X509CertificateGenerator

use of org.kse.crypto.x509.X509CertificateGenerator in project keystore-explorer by kaikramer.

the class DGenerateKeyPairCert method generateCertificate.

private boolean generateCertificate() {
    Date validityStart = jdtValidityStart.getDateTime();
    Date validityEnd = jdtValidityEnd.getDateTime();
    String serialNumberStr = jtfSerialNumber.getText().trim();
    if (serialNumberStr.length() == 0) {
        JOptionPane.showMessageDialog(this, res.getString("DGenerateKeyPairCert.ValReqSerialNumber.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
        return false;
    }
    BigInteger serialNumber;
    try {
        serialNumber = new BigInteger(serialNumberStr);
        if (serialNumber.compareTo(BigInteger.ONE) < 0) {
            JOptionPane.showMessageDialog(this, res.getString("DGenerateKeyPairCert.SerialNumberNonZero.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
            return false;
        }
    } catch (NumberFormatException ex) {
        JOptionPane.showMessageDialog(this, res.getString("DGenerateKeyPairCert.SerialNumberNotInteger.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
        return false;
    }
    X500Name x500Name = jdnName.getDistinguishedName();
    if (x500Name == null || x500Name.toString().isEmpty()) {
        JOptionPane.showMessageDialog(this, res.getString("DGenerateKeyPairCert.NameValueReq.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
        return false;
    }
    try {
        SignatureType signatureType = ((SignatureType) jcbSignatureAlgorithm.getSelectedItem());
        X509CertificateGenerator generator;
        if (jrbVersion1.isSelected()) {
            generator = new X509CertificateGenerator(VERSION1);
        } else {
            generator = new X509CertificateGenerator(VERSION3);
        }
        // self-signed or signed by other key pair?
        if (issuerPrivateKey == null) {
            certificate = generator.generateSelfSigned(x500Name, validityStart, validityEnd, keyPair.getPublic(), keyPair.getPrivate(), signatureType, serialNumber, extensions, provider);
        } else {
            certificate = generator.generate(x500Name, X500NameUtils.x500PrincipalToX500Name(issuerCert.getSubjectX500Principal()), validityStart, validityEnd, keyPair.getPublic(), issuerPrivateKey, signatureType, serialNumber, extensions, provider);
        }
    } catch (CryptoException ex) {
        DError dError = new DError(this, ex);
        dError.setLocationRelativeTo(getParent());
        dError.setVisible(true);
        closeDialog();
    }
    return true;
}
Also used : BigInteger(java.math.BigInteger) X500Name(org.bouncycastle.asn1.x500.X500Name) SignatureType(org.kse.crypto.signing.SignatureType) CryptoException(org.kse.crypto.CryptoException) Date(java.util.Date) X509CertificateGenerator(org.kse.crypto.x509.X509CertificateGenerator) DError(org.kse.gui.error.DError)

Example 3 with X509CertificateGenerator

use of org.kse.crypto.x509.X509CertificateGenerator in project keystore-explorer by kaikramer.

the class SignatureAlgorithmsTest method setUp.

@BeforeAll
private static void setUp() throws Exception {
    rsaKeyPair = KeyPairUtil.generateKeyPair(RSA, 2048, BC);
    dsaKeyPair = KeyPairUtil.generateKeyPair(DSA, 1024, BC);
    ecKeyPair = KeyPairUtil.generateECKeyPair("prime192v1", BC);
    generatorv1 = new X509CertificateGenerator(VERSION1);
    generatorv3 = new X509CertificateGenerator(VERSION3);
}
Also used : X509CertificateGenerator(org.kse.crypto.x509.X509CertificateGenerator) BeforeAll(org.junit.jupiter.api.BeforeAll)

Aggregations

X509CertificateGenerator (org.kse.crypto.x509.X509CertificateGenerator)3 BigInteger (java.math.BigInteger)2 Date (java.util.Date)2 X500Name (org.bouncycastle.asn1.x500.X500Name)2 SignatureType (org.kse.crypto.signing.SignatureType)2 File (java.io.File)1 FileInputStream (java.io.FileInputStream)1 FileNotFoundException (java.io.FileNotFoundException)1 FileOutputStream (java.io.FileOutputStream)1 KeyStore (java.security.KeyStore)1 PrivateKey (java.security.PrivateKey)1 Provider (java.security.Provider)1 PublicKey (java.security.PublicKey)1 Certificate (java.security.cert.Certificate)1 X509Certificate (java.security.cert.X509Certificate)1 PKCS10CertificationRequest (org.bouncycastle.pkcs.PKCS10CertificationRequest)1 JcaPKCS10CertificationRequest (org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest)1 BeforeAll (org.junit.jupiter.api.BeforeAll)1 CryptoException (org.kse.crypto.CryptoException)1 Password (org.kse.crypto.Password)1