Search in sources :

Example 6 with DViewCertificate

use of org.kse.gui.dialogs.DViewCertificate in project keystore-explorer by kaikramer.

the class ImportCaReplyFromFileAction method doAction.

/**
 * Do action.
 */
@Override
protected void doAction() {
    try {
        KeyStoreHistory history = kseFrame.getActiveKeyStoreHistory();
        KeyStoreState currentState = history.getCurrentState();
        String alias = kseFrame.getSelectedEntryAlias();
        Password password = getEntryPassword(alias, currentState);
        if (password == null) {
            return;
        }
        KeyStoreState newState = currentState.createBasisForNextState(this);
        KeyStore keyStore = newState.getKeyStore();
        KeyStoreType keyStoreType = KeyStoreType.resolveJce(keyStore.getType());
        Key privateKey = keyStore.getKey(alias, password.toCharArray());
        File caReplyFile = chooseCaFile();
        if (caReplyFile == null) {
            return;
        }
        X509Certificate[] certs = openCaReply(caReplyFile);
        if ((certs == null) || (certs.length == 0)) {
            return;
        }
        certs = X509CertUtil.orderX509CertChain(certs);
        X509Certificate[] exitingEntryCerts = X509CertUtil.orderX509CertChain(X509CertUtil.convertCertificates(keyStore.getCertificateChain(alias)));
        if (!exitingEntryCerts[0].getPublicKey().equals(certs[0].getPublicKey())) {
            JOptionPane.showMessageDialog(frame, res.getString("ImportCaReplyFromFileAction.NoMatchPubKeyCaReply.message"), res.getString("ImportCaReplyFromFileAction.ImportCaReply.Title"), JOptionPane.WARNING_MESSAGE);
            return;
        }
        // Holds the new certificate chain for the entry should the import succeed
        X509Certificate[] newCertChain = null;
        if (!applicationSettings.getEnableImportCaReplyTrustCheck()) {
            newCertChain = certs;
        } else {
            KeyStore caCertificates = getCaCertificates();
            KeyStore windowsTrustedRootCertificates = getWindowsTrustedRootCertificates();
            // of the certificates in the CA Certificates or current KeyStore
            if (certs.length > 1) {
                X509Certificate rootCert = certs[certs.length - 1];
                String matchAlias = null;
                if (// Match against CA Certificates KeyStore
                caCertificates != null) {
                    matchAlias = X509CertUtil.matchCertificate(caCertificates, rootCert);
                }
                // Match against Windows Trusted Root Certificates KeyStore
                if ((windowsTrustedRootCertificates != null) && (matchAlias == null)) {
                    matchAlias = X509CertUtil.matchCertificate(windowsTrustedRootCertificates, rootCert);
                }
                if (// Match against current KeyStore
                matchAlias == null) {
                    matchAlias = X509CertUtil.matchCertificate(keyStore, rootCert);
                }
                if (matchAlias == null) {
                    // No match for the root certificate - display the certificate to the user for confirmation
                    JOptionPane.showMessageDialog(frame, res.getString("ImportCaReplyFromFileAction.NoMatchRootCertCaReplyConfirm.message"), res.getString("ImportCaReplyFromFileAction.ImportCaReply.Title"), JOptionPane.INFORMATION_MESSAGE);
                    DViewCertificate dViewCertificate = new DViewCertificate(frame, MessageFormat.format(res.getString("ImportCaReplyFromFileAction.CertDetailsFile.Title"), caReplyFile.getName()), new X509Certificate[] { rootCert }, null, DViewCertificate.NONE);
                    dViewCertificate.setLocationRelativeTo(frame);
                    dViewCertificate.setVisible(true);
                    int selected = JOptionPane.showConfirmDialog(frame, res.getString("ImportCaReplyFromFileAction.AcceptCaReply.message"), res.getString("ImportCaReplyFromFileAction.ImportCaReply.Title"), JOptionPane.YES_NO_OPTION);
                    if (selected != JOptionPane.YES_OPTION) {
                        return;
                    }
                    newCertChain = certs;
                } else {
                    newCertChain = certs;
                }
            } else // Single X.509 certificate reply - try and establish a chain of
            // trust from the certificate and ending with a root CA self-signed certificate
            {
                // Establish trust against current KeyStore
                ArrayList<KeyStore> compKeyStores = new ArrayList<KeyStore>();
                compKeyStores.add(keyStore);
                if (caCertificates != null) {
                    // Establish trust against CA Certificates KeyStore
                    compKeyStores.add(caCertificates);
                }
                if (windowsTrustedRootCertificates != null) {
                    // Establish trust against Windows Trusted Root Certificates KeyStore
                    compKeyStores.add(windowsTrustedRootCertificates);
                }
                X509Certificate[] trustChain = X509CertUtil.establishTrust(certs[0], compKeyStores.toArray(new KeyStore[compKeyStores.size()]));
                if (trustChain != null) {
                    newCertChain = trustChain;
                } else {
                    // Cannot establish trust for the certificate - fail
                    JOptionPane.showMessageDialog(frame, res.getString("ImportCaReplyFromFileAction.NoTrustCaReply.message"), res.getString("ImportCaReplyFromFileAction.ImportCaReply.Title"), JOptionPane.WARNING_MESSAGE);
                    return;
                }
            }
        }
        if (keyStoreType.isFileBased()) {
            // TODO: why or when is delete actually necessary???
            keyStore.deleteEntry(alias);
            keyStore.setKeyEntry(alias, privateKey, password.toCharArray(), newCertChain);
        } else {
            keyStore.setKeyEntry(alias, privateKey, password.toCharArray(), newCertChain);
        }
        currentState.append(newState);
        kseFrame.updateControls(true);
        JOptionPane.showMessageDialog(frame, res.getString("ImportCaReplyFromFileAction.ImportCaReplySuccessful.message"), res.getString("ImportCaReplyFromFileAction.ImportCaReply.Title"), JOptionPane.INFORMATION_MESSAGE);
    } catch (Exception ex) {
        DError.displayError(frame, ex);
    }
}
Also used : KeyStoreState(org.kse.utilities.history.KeyStoreState) KeyStoreHistory(org.kse.utilities.history.KeyStoreHistory) ArrayList(java.util.ArrayList) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) FileNotFoundException(java.io.FileNotFoundException) KeyStoreType(org.kse.crypto.keystore.KeyStoreType) DViewCertificate(org.kse.gui.dialogs.DViewCertificate) File(java.io.File) Key(java.security.Key) Password(org.kse.crypto.Password)

Example 7 with DViewCertificate

use of org.kse.gui.dialogs.DViewCertificate in project keystore-explorer by kaikramer.

the class ImportTrustedCertificateAction method doAction.

/**
 * Do action.
 */
@Override
protected void doAction() {
    try {
        KeyStoreHistory history = kseFrame.getActiveKeyStoreHistory();
        // handle case that no keystore is currently opened (-> create new keystore)
        if (history == null) {
            new NewAction(kseFrame).actionPerformed(null);
            history = kseFrame.getActiveKeyStoreHistory();
            // cancel pressed => abort
            if (history == null) {
                return;
            }
        }
        KeyStoreState currentState = history.getCurrentState();
        KeyStoreState newState = currentState.createBasisForNextState(this);
        KeyStore keyStore = newState.getKeyStore();
        // use either cert that was passed to c-tor or the one from file selection dialog
        X509Certificate trustCert = null;
        if (trustCertFromConstructor == null) {
            trustCert = showFileSelectionDialog();
            if (trustCert == null) {
                return;
            }
        } else {
            trustCert = trustCertFromConstructor;
        }
        if (applicationSettings.getEnableImportTrustedCertTrustCheck()) {
            String matchAlias = X509CertUtil.matchCertificate(keyStore, trustCert);
            if (matchAlias != null) {
                int selected = JOptionPane.showConfirmDialog(frame, MessageFormat.format(res.getString("ImportTrustedCertificateAction.TrustCertExistsConfirm.message"), matchAlias), res.getString("ImportTrustedCertificateAction.ImportTrustCert.Title"), JOptionPane.YES_NO_OPTION);
                if (selected != JOptionPane.YES_OPTION) {
                    return;
                }
            }
            KeyStore caCertificates = getCaCertificates();
            KeyStore windowsTrustedRootCertificates = getWindowsTrustedRootCertificates();
            // Establish against current KeyStore
            ArrayList<KeyStore> compKeyStores = new ArrayList<KeyStore>();
            compKeyStores.add(keyStore);
            if (caCertificates != null) {
                // Establish trust against CA Certificates KeyStore
                compKeyStores.add(caCertificates);
            }
            if (windowsTrustedRootCertificates != null) {
                // Establish trust against Windows Trusted Root Certificates KeyStore
                compKeyStores.add(windowsTrustedRootCertificates);
            }
            // Can we establish trust for the certificate?
            if (X509CertUtil.establishTrust(trustCert, compKeyStores.toArray(new KeyStore[compKeyStores.size()])) == null) {
                // there is no need to present it again to the user
                if (certFile != null) {
                    // display the certificate to the user for confirmation
                    JOptionPane.showMessageDialog(frame, res.getString("ImportTrustedCertificateAction.NoTrustPathCertConfirm.message"), res.getString("ImportTrustedCertificateAction.ImportTrustCert.Title"), JOptionPane.INFORMATION_MESSAGE);
                    DViewCertificate dViewCertificate = new DViewCertificate(frame, MessageFormat.format(res.getString("ImportTrustedCertificateAction.CertDetailsFile.Title"), certFile.getName()), new X509Certificate[] { trustCert }, null, DViewCertificate.NONE);
                    dViewCertificate.setLocationRelativeTo(frame);
                    dViewCertificate.setVisible(true);
                }
                int selected = JOptionPane.showConfirmDialog(frame, res.getString("ImportTrustedCertificateAction.AcceptTrustCert.message"), res.getString("ImportTrustedCertificateAction.ImportTrustCert.Title"), JOptionPane.YES_NO_OPTION);
                if (selected != JOptionPane.YES_OPTION) {
                    return;
                }
            }
        }
        DGetAlias dGetAlias = new DGetAlias(frame, res.getString("ImportTrustedCertificateAction.TrustCertEntryAlias.Title"), X509CertUtil.getCertificateAlias(trustCert));
        dGetAlias.setLocationRelativeTo(frame);
        dGetAlias.setVisible(true);
        String alias = dGetAlias.getAlias();
        if (alias == null) {
            return;
        }
        if (keyStore.containsAlias(alias)) {
            String message = MessageFormat.format(res.getString("ImportTrustedCertificateAction.OverWriteEntry.message"), alias);
            int selected = JOptionPane.showConfirmDialog(frame, message, res.getString("ImportTrustedCertificateAction.ImportTrustCert.Title"), JOptionPane.YES_NO_OPTION);
            if (selected != JOptionPane.YES_OPTION) {
                return;
            }
            keyStore.deleteEntry(alias);
            newState.removeEntryPassword(alias);
        }
        keyStore.setCertificateEntry(alias, trustCert);
        currentState.append(newState);
        kseFrame.updateControls(true);
        JOptionPane.showMessageDialog(frame, res.getString("ImportTrustedCertificateAction.ImportTrustCertSuccessful.message"), res.getString("ImportTrustedCertificateAction.ImportTrustCert.Title"), JOptionPane.INFORMATION_MESSAGE);
    } catch (Exception ex) {
        DError.displayError(frame, ex);
    }
}
Also used : DGetAlias(org.kse.gui.dialogs.DGetAlias) KeyStoreState(org.kse.utilities.history.KeyStoreState) KeyStoreHistory(org.kse.utilities.history.KeyStoreHistory) DViewCertificate(org.kse.gui.dialogs.DViewCertificate) ArrayList(java.util.ArrayList) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate)

Example 8 with DViewCertificate

use of org.kse.gui.dialogs.DViewCertificate in project keystore-explorer by kaikramer.

the class KeyPairCertificateChainDetailsAction method showCertificateSelectedEntry.

/**
 * Show the certificate details of the selected KeyStore entry.
 */
public void showCertificateSelectedEntry() {
    try {
        KeyStoreHistory history = kseFrame.getActiveKeyStoreHistory();
        KeyStore keyStore = history.getCurrentState().getKeyStore();
        String alias = kseFrame.getSelectedEntryAlias();
        X509Certificate[] certs = X509CertUtil.convertCertificates(keyStore.getCertificateChain(alias));
        DViewCertificate dViewCertificate = new DViewCertificate(frame, MessageFormat.format(res.getString("KeyPairCertificateChainDetailsAction.CertDetailsEntry.Title"), alias), certs, kseFrame, DViewCertificate.EXPORT);
        dViewCertificate.setLocationRelativeTo(frame);
        dViewCertificate.setVisible(true);
    } catch (Exception ex) {
        DError.displayError(frame, ex);
    }
}
Also used : KeyStoreHistory(org.kse.utilities.history.KeyStoreHistory) DViewCertificate(org.kse.gui.dialogs.DViewCertificate) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate)

Example 9 with DViewCertificate

use of org.kse.gui.dialogs.DViewCertificate in project keystore-explorer by kaikramer.

the class ExamineFileAction method openCert.

private void openCert(File file) throws CryptoException {
    X509Certificate[] certs = openCertificate(file);
    if ((certs != null) && (certs.length > 0)) {
        DViewCertificate dViewCertificate = new DViewCertificate(frame, MessageFormat.format(res.getString("ExamineFileAction.CertDetailsFile.Title"), file.getName()), certs, kseFrame, DViewCertificate.IMPORT);
        dViewCertificate.setLocationRelativeTo(frame);
        dViewCertificate.setVisible(true);
    }
}
Also used : DViewCertificate(org.kse.gui.dialogs.DViewCertificate) X509Certificate(java.security.cert.X509Certificate)

Example 10 with DViewCertificate

use of org.kse.gui.dialogs.DViewCertificate in project keystore-explorer by kaikramer.

the class TrustedCertificateDetailsAction method showCertificateSelectedEntry.

/**
 * Show the certificate details of the selected KeyStore entry.
 */
public void showCertificateSelectedEntry() {
    try {
        KeyStoreHistory history = kseFrame.getActiveKeyStoreHistory();
        KeyStore keyStore = history.getCurrentState().getKeyStore();
        String alias = kseFrame.getSelectedEntryAlias();
        X509Certificate[] certs = new X509Certificate[1];
        certs[0] = X509CertUtil.convertCertificate(keyStore.getCertificate(alias));
        DViewCertificate dViewCertificate = new DViewCertificate(frame, MessageFormat.format(res.getString("TrustedCertificateDetailsAction.CertDetailsEntry.Title"), alias), certs, kseFrame, DViewCertificate.EXPORT);
        dViewCertificate.setLocationRelativeTo(frame);
        dViewCertificate.setVisible(true);
    } catch (Exception ex) {
        DError.displayError(frame, ex);
    }
}
Also used : KeyStoreHistory(org.kse.utilities.history.KeyStoreHistory) DViewCertificate(org.kse.gui.dialogs.DViewCertificate) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate)

Aggregations

DViewCertificate (org.kse.gui.dialogs.DViewCertificate)12 X509Certificate (java.security.cert.X509Certificate)11 KeyStoreHistory (org.kse.utilities.history.KeyStoreHistory)6 KeyStore (java.security.KeyStore)5 CryptoException (org.kse.crypto.CryptoException)5 File (java.io.File)4 ArrayList (java.util.ArrayList)3 KeyStoreState (org.kse.utilities.history.KeyStoreState)3 IOException (java.io.IOException)2 Key (java.security.Key)2 Password (org.kse.crypto.Password)2 KeyStoreType (org.kse.crypto.keystore.KeyStoreType)2 UnsupportedFlavorException (java.awt.datatransfer.UnsupportedFlavorException)1 FileNotFoundException (java.io.FileNotFoundException)1 URL (java.net.URL)1 X509CRL (java.security.cert.X509CRL)1 DExamineSsl (org.kse.gui.dialogs.DExamineSsl)1 DExaminingSsl (org.kse.gui.dialogs.DExaminingSsl)1 DGetAlias (org.kse.gui.dialogs.DGetAlias)1 DViewCrl (org.kse.gui.dialogs.DViewCrl)1