Search in sources :

Example 1 with DViewCertificate

use of org.kse.gui.dialogs.DViewCertificate in project keystore-explorer by kaikramer.

the class ImportCaReplyFromClipboardAction method doAction.

/**
 * Do action.
 */
@Override
protected void doAction() {
    try {
        KeyStoreHistory history = kseFrame.getActiveKeyStoreHistory();
        KeyStoreState currentState = history.getCurrentState();
        String alias = kseFrame.getSelectedEntryAlias();
        Password password = getEntryPassword(alias, currentState);
        if (password == null) {
            return;
        }
        KeyStoreState newState = currentState.createBasisForNextState(this);
        KeyStore keyStore = newState.getKeyStore();
        KeyStoreType keyStoreType = KeyStoreType.resolveJce(keyStore.getType());
        Key privateKey = keyStore.getKey(alias, password.toCharArray());
        X509Certificate[] certs = openCaReply();
        if (certs == null || certs.length == 0) {
            return;
        }
        certs = X509CertUtil.orderX509CertChain(certs);
        X509Certificate[] exitingEntryCerts = X509CertUtil.orderX509CertChain(X509CertUtil.convertCertificates(keyStore.getCertificateChain(alias)));
        if (!exitingEntryCerts[0].getPublicKey().equals(certs[0].getPublicKey())) {
            JOptionPane.showMessageDialog(frame, res.getString("ImportCaReplyFromClipboardAction.NoMatchPubKeyCaReply.message"), res.getString("ImportCaReplyFromClipboardAction.ImportCaReply.Title"), JOptionPane.WARNING_MESSAGE);
            return;
        }
        // Holds the new certificate chain for the entry should the import succeed
        X509Certificate[] newCertChain = null;
        if (!applicationSettings.getEnableImportCaReplyTrustCheck()) {
            newCertChain = certs;
        } else {
            KeyStore caCertificates = getCaCertificates();
            KeyStore windowsTrustedRootCertificates = getWindowsTrustedRootCertificates();
            // of the certificates in the CA Certificates or current KeyStore
            if (certs.length > 1) {
                X509Certificate rootCert = certs[certs.length - 1];
                String matchAlias = null;
                if (caCertificates != null) {
                    // Match against CA Certificates KeyStore
                    matchAlias = X509CertUtil.matchCertificate(caCertificates, rootCert);
                }
                // Match against Windows Trusted Root Certificates KeyStore
                if (windowsTrustedRootCertificates != null && matchAlias == null) {
                    matchAlias = X509CertUtil.matchCertificate(windowsTrustedRootCertificates, rootCert);
                }
                if (matchAlias == null) {
                    // Match against current KeyStore
                    matchAlias = X509CertUtil.matchCertificate(keyStore, rootCert);
                }
                if (matchAlias == null) {
                    // No match for the root certificate - display the certificate to the user for confirmation
                    JOptionPane.showMessageDialog(frame, res.getString("ImportCaReplyFromClipboardAction.NoMatchRootCertCaReplyConfirm.message"), res.getString("ImportCaReplyFromClipboardAction.ImportCaReply.Title"), JOptionPane.INFORMATION_MESSAGE);
                    DViewCertificate dViewCertificate = new DViewCertificate(frame, MessageFormat.format(res.getString("ImportCaReplyFromClipboardAction.CertDetailsFile.Title"), "Clipboard"), new X509Certificate[] { rootCert }, null, DViewCertificate.NONE);
                    dViewCertificate.setLocationRelativeTo(frame);
                    dViewCertificate.setVisible(true);
                    int selected = JOptionPane.showConfirmDialog(frame, res.getString("ImportCaReplyFromClipboardAction.AcceptCaReply.message"), res.getString("ImportCaReplyFromClipboardAction.ImportCaReply.Title"), JOptionPane.YES_NO_OPTION);
                    if (selected != JOptionPane.YES_OPTION) {
                        return;
                    }
                    newCertChain = certs;
                } else {
                    newCertChain = certs;
                }
            } else // Single X.509 certificate reply - try and establish a chain of
            // trust from the certificate and ending with a root CA self-signed certificate
            {
                // Establish trust against current KeyStore
                ArrayList<KeyStore> compKeyStores = new ArrayList<KeyStore>();
                compKeyStores.add(keyStore);
                if (caCertificates != null) {
                    // Establish trust against CA Certificates KeyStore
                    compKeyStores.add(caCertificates);
                }
                if (windowsTrustedRootCertificates != null) {
                    // Establish trust against Windows Trusted Root Certificates KeyStore
                    compKeyStores.add(windowsTrustedRootCertificates);
                }
                X509Certificate[] trustChain = X509CertUtil.establishTrust(certs[0], compKeyStores.toArray(new KeyStore[compKeyStores.size()]));
                if (trustChain != null) {
                    newCertChain = trustChain;
                } else {
                    // Cannot establish trust for the certificate - fail
                    JOptionPane.showMessageDialog(frame, res.getString("ImportCaReplyFromClipboardAction.NoTrustCaReply.message"), res.getString("ImportCaReplyFromClipboardAction.ImportCaReply.Title"), JOptionPane.WARNING_MESSAGE);
                    return;
                }
            }
        }
        if (keyStoreType.isFileBased()) {
            // TODO: why or when is delete actually necessary???
            keyStore.deleteEntry(alias);
            keyStore.setKeyEntry(alias, privateKey, password.toCharArray(), newCertChain);
        } else {
            keyStore.setKeyEntry(alias, privateKey, password.toCharArray(), newCertChain);
        }
        currentState.append(newState);
        kseFrame.updateControls(true);
        JOptionPane.showMessageDialog(frame, res.getString("ImportCaReplyFromClipboardAction.ImportCaReplySuccessful.message"), res.getString("ImportCaReplyFromClipboardAction.ImportCaReply.Title"), JOptionPane.INFORMATION_MESSAGE);
    } catch (Exception ex) {
        DError.displayError(frame, ex);
    }
}
Also used : KeyStoreState(org.kse.utilities.history.KeyStoreState) KeyStoreHistory(org.kse.utilities.history.KeyStoreHistory) ArrayList(java.util.ArrayList) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) KeyStoreType(org.kse.crypto.keystore.KeyStoreType) DViewCertificate(org.kse.gui.dialogs.DViewCertificate) Key(java.security.Key) Password(org.kse.crypto.Password)

Example 2 with DViewCertificate

use of org.kse.gui.dialogs.DViewCertificate in project keystore-explorer by kaikramer.

the class ExamineClipboardAction method showCert.

private void showCert(InputStream is) throws CryptoException {
    X509Certificate[] certs = null;
    try {
        certs = X509CertUtil.loadCertificates(is);
        if (certs.length == 0) {
            JOptionPane.showMessageDialog(frame, res.getString("ExamineClipboardAction.NoCertsFound.message"), res.getString("ExamineClipboardAction.OpenCertificate.Title"), JOptionPane.WARNING_MESSAGE);
        }
    } catch (Exception ex) {
        String problemStr = res.getString("ExamineClipboardAction.NoOpenCert.Problem");
        String[] causes = new String[] { res.getString("ExamineClipboardAction.NotCert.Cause"), res.getString("ExamineClipboardAction.CorruptedCert.Cause") };
        Problem problem = new Problem(problemStr, causes, ex);
        DProblem dProblem = new DProblem(frame, res.getString("ExamineClipboardAction.ProblemOpeningCert.Title"), problem);
        dProblem.setLocationRelativeTo(frame);
        dProblem.setVisible(true);
    }
    if (certs != null && certs.length > 0) {
        DViewCertificate dViewCertificate = new DViewCertificate(frame, res.getString("ExamineClipboardAction.CertDetails.Title"), certs, kseFrame, DViewCertificate.IMPORT);
        dViewCertificate.setLocationRelativeTo(frame);
        dViewCertificate.setVisible(true);
    }
}
Also used : DViewCertificate(org.kse.gui.dialogs.DViewCertificate) Problem(org.kse.gui.error.Problem) DProblem(org.kse.gui.error.DProblem) X509Certificate(java.security.cert.X509Certificate) CryptoException(org.kse.crypto.CryptoException) UnsupportedFlavorException(java.awt.datatransfer.UnsupportedFlavorException) IOException(java.io.IOException) DProblem(org.kse.gui.error.DProblem)

Example 3 with DViewCertificate

use of org.kse.gui.dialogs.DViewCertificate in project keystore-explorer by kaikramer.

the class ExamineSslAction method doAction.

/**
 * Do action.
 */
@Override
protected void doAction() {
    try {
        DExamineSsl dExamineSsl = new DExamineSsl(frame, kseFrame);
        dExamineSsl.setLocationRelativeTo(frame);
        dExamineSsl.setVisible(true);
        String sslHost = dExamineSsl.getSslHost();
        int sslPort = dExamineSsl.getSslPort();
        boolean useClientAuth = dExamineSsl.useClientAuth();
        KeyStoreHistory ksh = dExamineSsl.getKeyStore();
        if (dExamineSsl.wasCancelled()) {
            return;
        }
        DExaminingSsl dExaminingSsl = new DExaminingSsl(frame, sslHost, sslPort, useClientAuth, ksh);
        dExaminingSsl.setLocationRelativeTo(frame);
        dExaminingSsl.startExamination();
        dExaminingSsl.setVisible(true);
        SslConnectionInfos sslInfos = dExaminingSsl.getSSLConnectionInfos();
        if (sslInfos == null || sslInfos.getServerCertificates() == null) {
            return;
        }
        DViewCertificate dViewCertificate = new DViewCertificate(frame, MessageFormat.format(res.getString("ExamineSslAction.CertDetailsSsl.Title"), sslHost, Integer.toString(sslPort)), sslInfos.getServerCertificates(), kseFrame, DViewCertificate.IMPORT);
        dViewCertificate.setLocationRelativeTo(frame);
        dViewCertificate.setVisible(true);
    } catch (Exception ex) {
        DError.displayError(frame, ex);
    }
}
Also used : KeyStoreHistory(org.kse.utilities.history.KeyStoreHistory) DViewCertificate(org.kse.gui.dialogs.DViewCertificate) SslConnectionInfos(org.kse.utilities.ssl.SslConnectionInfos) DExaminingSsl(org.kse.gui.dialogs.DExaminingSsl) DExamineSsl(org.kse.gui.dialogs.DExamineSsl)

Example 4 with DViewCertificate

use of org.kse.gui.dialogs.DViewCertificate in project keystore-explorer by kaikramer.

the class DImportKeyPairPkcs8 method certificateDetailsPressed.

private void certificateDetailsPressed() {
    try {
        X509Certificate[] certs = loadCertificates();
        if ((certs != null) && (certs.length != 0)) {
            String path = new File(jtfCertificatePath.getText()).getName();
            DViewCertificate dViewCertificate = new DViewCertificate(this, MessageFormat.format(res.getString("DImportKeyPairPkcs8.ViewCertificateDetails.Title"), path), certs, null, DViewCertificate.NONE);
            dViewCertificate.setLocationRelativeTo(this);
            dViewCertificate.setVisible(true);
        }
    } catch (CryptoException ex) {
        DError.displayError(this, ex);
    }
}
Also used : DViewCertificate(org.kse.gui.dialogs.DViewCertificate) CryptoException(org.kse.crypto.CryptoException) File(java.io.File) X509Certificate(java.security.cert.X509Certificate)

Example 5 with DViewCertificate

use of org.kse.gui.dialogs.DViewCertificate in project keystore-explorer by kaikramer.

the class DViewExtensions method hyperlinkUpdate.

@Override
public void hyperlinkUpdate(HyperlinkEvent e) {
    if (e.getEventType() == HyperlinkEvent.EventType.ACTIVATED) {
        try {
            URL url = e.getURL();
            if (url != null) {
                if (url.getPath().endsWith(".cer") || url.getPath().endsWith(".crt")) {
                    X509Certificate[] certs = downloadCert(url);
                    if (certs != null && certs.length > 0) {
                        DViewCertificate dViewCertificate = new DViewCertificate(this, MessageFormat.format(res.getString("DViewExtensions.ViewCert.Title"), url.toString()), certs, null, DViewCertificate.NONE);
                        dViewCertificate.setLocationRelativeTo(this);
                        dViewCertificate.setVisible(true);
                    }
                } else if (url.getPath().endsWith(".crl")) {
                    X509CRL crl = downloadCrl(url);
                    if (crl != null) {
                        DViewCrl dViewCrl = new DViewCrl(this, MessageFormat.format(res.getString("DViewExtensions.ViewCrl.Title"), url.toString()), ModalityType.DOCUMENT_MODAL, crl);
                        dViewCrl.setLocationRelativeTo(this);
                        dViewCrl.setVisible(true);
                    }
                } else {
                    Desktop.getDesktop().browse(url.toURI());
                }
            }
        } catch (Exception ex) {
            ex.printStackTrace();
        }
    }
}
Also used : X509CRL(java.security.cert.X509CRL) DViewCertificate(org.kse.gui.dialogs.DViewCertificate) URL(java.net.URL) X509Certificate(java.security.cert.X509Certificate) CryptoException(org.kse.crypto.CryptoException) Asn1Exception(org.kse.utilities.asn1.Asn1Exception) IOException(java.io.IOException) DViewCrl(org.kse.gui.dialogs.DViewCrl)

Aggregations

DViewCertificate (org.kse.gui.dialogs.DViewCertificate)12 X509Certificate (java.security.cert.X509Certificate)11 KeyStoreHistory (org.kse.utilities.history.KeyStoreHistory)6 KeyStore (java.security.KeyStore)5 CryptoException (org.kse.crypto.CryptoException)5 File (java.io.File)4 ArrayList (java.util.ArrayList)3 KeyStoreState (org.kse.utilities.history.KeyStoreState)3 IOException (java.io.IOException)2 Key (java.security.Key)2 Password (org.kse.crypto.Password)2 KeyStoreType (org.kse.crypto.keystore.KeyStoreType)2 UnsupportedFlavorException (java.awt.datatransfer.UnsupportedFlavorException)1 FileNotFoundException (java.io.FileNotFoundException)1 URL (java.net.URL)1 X509CRL (java.security.cert.X509CRL)1 DExamineSsl (org.kse.gui.dialogs.DExamineSsl)1 DExaminingSsl (org.kse.gui.dialogs.DExaminingSsl)1 DGetAlias (org.kse.gui.dialogs.DGetAlias)1 DViewCrl (org.kse.gui.dialogs.DViewCrl)1