Search in sources :

Example 1 with DSignCsr

use of org.kse.gui.dialogs.sign.DSignCsr in project keystore-explorer by kaikramer.

the class SignCsrAction method doAction.

/**
 * Do action.
 */
@Override
protected void doAction() {
    FileOutputStream fos = null;
    File caReplyFile = null;
    try {
        KeyStoreHistory history = kseFrame.getActiveKeyStoreHistory();
        KeyStoreState currentState = history.getCurrentState();
        String alias = kseFrame.getSelectedEntryAlias();
        Password password = getEntryPassword(alias, currentState);
        if (password == null) {
            return;
        }
        KeyStore keyStore = currentState.getKeyStore();
        PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, password.toCharArray());
        Certificate[] certs = keyStore.getCertificateChain(alias);
        KeyPairType keyPairType = KeyPairUtil.getKeyPairType(privateKey);
        File csrFile = chooseCsrFile();
        if (csrFile == null) {
            return;
        }
        PKCS10CertificationRequest pkcs10Csr = null;
        Spkac spkacCsr = null;
        try {
            CryptoFileType fileType = CryptoFileUtil.detectFileType(new FileInputStream(csrFile));
            if (fileType == CryptoFileType.PKCS10_CSR) {
                pkcs10Csr = Pkcs10Util.loadCsr(new FileInputStream(csrFile));
                if (!Pkcs10Util.verifyCsr(pkcs10Csr)) {
                    JOptionPane.showMessageDialog(frame, res.getString("SignCsrAction.NoVerifyPkcs10Csr.message"), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE);
                    return;
                }
            } else if (fileType == CryptoFileType.SPKAC_CSR) {
                spkacCsr = new Spkac(new FileInputStream(csrFile));
                if (!spkacCsr.verify()) {
                    JOptionPane.showMessageDialog(frame, res.getString("SignCsrAction.NoVerifySpkacCsr.message"), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE);
                    return;
                }
            } else {
                JOptionPane.showMessageDialog(frame, MessageFormat.format(res.getString("SignCsrAction.FileNotRecognisedType.message"), csrFile), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE);
                return;
            }
        } catch (FileNotFoundException ex) {
            JOptionPane.showMessageDialog(frame, MessageFormat.format(res.getString("SignCsrAction.NotFile.message"), csrFile), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE);
            return;
        } catch (Exception ex) {
            String problemStr = MessageFormat.format(res.getString("SignCsrAction.NoOpenCsr.Problem"), csrFile.getName());
            String[] causes = new String[] { res.getString("SignCsrAction.NotCsr.Cause"), res.getString("SignCsrAction.CorruptedCsr.Cause") };
            Problem problem = new Problem(problemStr, causes, ex);
            DProblem dProblem = new DProblem(frame, res.getString("SignCsrAction.ProblemOpeningCsr.Title"), problem);
            dProblem.setLocationRelativeTo(frame);
            dProblem.setVisible(true);
            return;
        }
        X509Certificate[] signingChain = X509CertUtil.orderX509CertChain(X509CertUtil.convertCertificates(certs));
        X509Certificate signingCert = signingChain[0];
        PublicKey publicKey = null;
        X500Name subject = null;
        DSignCsr dSignCsr = null;
        Provider provider = history.getExplicitProvider();
        if (pkcs10Csr != null) {
            publicKey = new JcaPKCS10CertificationRequest(pkcs10Csr).getPublicKey();
            subject = pkcs10Csr.getSubject();
            dSignCsr = new DSignCsr(frame, pkcs10Csr, csrFile, privateKey, keyPairType, signingCert, provider);
        } else {
            publicKey = spkacCsr.getPublicKey();
            subject = spkacCsr.getSubject().getName();
            dSignCsr = new DSignCsr(frame, spkacCsr, csrFile, privateKey, keyPairType, signingCert, provider);
        }
        dSignCsr.setLocationRelativeTo(frame);
        dSignCsr.setVisible(true);
        X509CertificateVersion version = dSignCsr.getVersion();
        SignatureType signatureType = dSignCsr.getSignatureType();
        Date validityStart = dSignCsr.getValidityStart();
        Date validityEnd = dSignCsr.getValidityEnd();
        BigInteger serialNumber = dSignCsr.getSerialNumber();
        caReplyFile = dSignCsr.getCaReplyFile();
        X509ExtensionSet extensions = dSignCsr.getExtensions();
        if (version == null) {
            return;
        }
        X500Name issuer = X500NameUtils.x500PrincipalToX500Name(signingCert.getSubjectX500Principal());
        // CA Reply is a cert with subject from CSR and issuer from signing cert's subject
        X509CertificateGenerator generator = new X509CertificateGenerator(version);
        X509Certificate caReplyCert = generator.generate(subject, issuer, validityStart, validityEnd, publicKey, privateKey, signatureType, serialNumber, extensions, provider);
        X509Certificate[] caReplyChain = new X509Certificate[signingChain.length + 1];
        caReplyChain[0] = caReplyCert;
        // Add all of the signing chain to the reply
        System.arraycopy(signingChain, 0, caReplyChain, 1, signingChain.length);
        byte[] caCertEncoded = X509CertUtil.getCertsEncodedPkcs7(caReplyChain);
        fos = new FileOutputStream(caReplyFile);
        fos.write(caCertEncoded);
    } catch (FileNotFoundException ex) {
        JOptionPane.showMessageDialog(frame, MessageFormat.format(res.getString("SignJarAction.NoWriteFile.message"), caReplyFile), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE);
        return;
    } catch (Exception ex) {
        DError.displayError(frame, ex);
        return;
    } finally {
        IOUtils.closeQuietly(fos);
    }
    JOptionPane.showMessageDialog(frame, res.getString("SignCsrAction.SignCsrSuccessful.message"), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.INFORMATION_MESSAGE);
}
Also used : KeyStoreHistory(org.kse.utilities.history.KeyStoreHistory) PrivateKey(java.security.PrivateKey) FileNotFoundException(java.io.FileNotFoundException) X500Name(org.bouncycastle.asn1.x500.X500Name) X509CertificateGenerator(org.kse.crypto.x509.X509CertificateGenerator) X509CertificateVersion(org.kse.crypto.x509.X509CertificateVersion) KeyPairType(org.kse.crypto.keypair.KeyPairType) Password(org.kse.crypto.Password) PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest) JcaPKCS10CertificationRequest(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest) DSignCsr(org.kse.gui.dialogs.sign.DSignCsr) KeyStoreState(org.kse.utilities.history.KeyStoreState) JcaPKCS10CertificationRequest(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest) PublicKey(java.security.PublicKey) SignatureType(org.kse.crypto.signing.SignatureType) KeyStore(java.security.KeyStore) FileInputStream(java.io.FileInputStream) FileNotFoundException(java.io.FileNotFoundException) DProblem(org.kse.gui.error.DProblem) X509Certificate(java.security.cert.X509Certificate) Date(java.util.Date) Provider(java.security.Provider) X509ExtensionSet(org.kse.crypto.x509.X509ExtensionSet) Spkac(org.kse.crypto.csr.spkac.Spkac) FileOutputStream(java.io.FileOutputStream) CryptoFileType(org.kse.crypto.filetype.CryptoFileType) BigInteger(java.math.BigInteger) Problem(org.kse.gui.error.Problem) DProblem(org.kse.gui.error.DProblem) File(java.io.File) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Aggregations

File (java.io.File)1 FileInputStream (java.io.FileInputStream)1 FileNotFoundException (java.io.FileNotFoundException)1 FileOutputStream (java.io.FileOutputStream)1 BigInteger (java.math.BigInteger)1 KeyStore (java.security.KeyStore)1 PrivateKey (java.security.PrivateKey)1 Provider (java.security.Provider)1 PublicKey (java.security.PublicKey)1 Certificate (java.security.cert.Certificate)1 X509Certificate (java.security.cert.X509Certificate)1 Date (java.util.Date)1 X500Name (org.bouncycastle.asn1.x500.X500Name)1 PKCS10CertificationRequest (org.bouncycastle.pkcs.PKCS10CertificationRequest)1 JcaPKCS10CertificationRequest (org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest)1 Password (org.kse.crypto.Password)1 Spkac (org.kse.crypto.csr.spkac.Spkac)1 CryptoFileType (org.kse.crypto.filetype.CryptoFileType)1 KeyPairType (org.kse.crypto.keypair.KeyPairType)1 SignatureType (org.kse.crypto.signing.SignatureType)1