Search in sources :

Example 41 with KeyStoreHistory

use of org.kse.utilities.history.KeyStoreHistory in project keystore-explorer by kaikramer.

the class ImportCaReplyFromFileAction method doAction.

/**
 * Do action.
 */
@Override
protected void doAction() {
    try {
        KeyStoreHistory history = kseFrame.getActiveKeyStoreHistory();
        KeyStoreState currentState = history.getCurrentState();
        String alias = kseFrame.getSelectedEntryAlias();
        Password password = getEntryPassword(alias, currentState);
        if (password == null) {
            return;
        }
        KeyStoreState newState = currentState.createBasisForNextState(this);
        KeyStore keyStore = newState.getKeyStore();
        KeyStoreType keyStoreType = KeyStoreType.resolveJce(keyStore.getType());
        Key privateKey = keyStore.getKey(alias, password.toCharArray());
        File caReplyFile = chooseCaFile();
        if (caReplyFile == null) {
            return;
        }
        X509Certificate[] certs = openCaReply(caReplyFile);
        if ((certs == null) || (certs.length == 0)) {
            return;
        }
        certs = X509CertUtil.orderX509CertChain(certs);
        X509Certificate[] exitingEntryCerts = X509CertUtil.orderX509CertChain(X509CertUtil.convertCertificates(keyStore.getCertificateChain(alias)));
        if (!exitingEntryCerts[0].getPublicKey().equals(certs[0].getPublicKey())) {
            JOptionPane.showMessageDialog(frame, res.getString("ImportCaReplyFromFileAction.NoMatchPubKeyCaReply.message"), res.getString("ImportCaReplyFromFileAction.ImportCaReply.Title"), JOptionPane.WARNING_MESSAGE);
            return;
        }
        // Holds the new certificate chain for the entry should the import succeed
        X509Certificate[] newCertChain = null;
        if (!applicationSettings.getEnableImportCaReplyTrustCheck()) {
            newCertChain = certs;
        } else {
            KeyStore caCertificates = getCaCertificates();
            KeyStore windowsTrustedRootCertificates = getWindowsTrustedRootCertificates();
            // of the certificates in the CA Certificates or current KeyStore
            if (certs.length > 1) {
                X509Certificate rootCert = certs[certs.length - 1];
                String matchAlias = null;
                if (// Match against CA Certificates KeyStore
                caCertificates != null) {
                    matchAlias = X509CertUtil.matchCertificate(caCertificates, rootCert);
                }
                // Match against Windows Trusted Root Certificates KeyStore
                if ((windowsTrustedRootCertificates != null) && (matchAlias == null)) {
                    matchAlias = X509CertUtil.matchCertificate(windowsTrustedRootCertificates, rootCert);
                }
                if (// Match against current KeyStore
                matchAlias == null) {
                    matchAlias = X509CertUtil.matchCertificate(keyStore, rootCert);
                }
                if (matchAlias == null) {
                    // No match for the root certificate - display the certificate to the user for confirmation
                    JOptionPane.showMessageDialog(frame, res.getString("ImportCaReplyFromFileAction.NoMatchRootCertCaReplyConfirm.message"), res.getString("ImportCaReplyFromFileAction.ImportCaReply.Title"), JOptionPane.INFORMATION_MESSAGE);
                    DViewCertificate dViewCertificate = new DViewCertificate(frame, MessageFormat.format(res.getString("ImportCaReplyFromFileAction.CertDetailsFile.Title"), caReplyFile.getName()), new X509Certificate[] { rootCert }, null, DViewCertificate.NONE);
                    dViewCertificate.setLocationRelativeTo(frame);
                    dViewCertificate.setVisible(true);
                    int selected = JOptionPane.showConfirmDialog(frame, res.getString("ImportCaReplyFromFileAction.AcceptCaReply.message"), res.getString("ImportCaReplyFromFileAction.ImportCaReply.Title"), JOptionPane.YES_NO_OPTION);
                    if (selected != JOptionPane.YES_OPTION) {
                        return;
                    }
                    newCertChain = certs;
                } else {
                    newCertChain = certs;
                }
            } else // Single X.509 certificate reply - try and establish a chain of
            // trust from the certificate and ending with a root CA self-signed certificate
            {
                // Establish trust against current KeyStore
                ArrayList<KeyStore> compKeyStores = new ArrayList<KeyStore>();
                compKeyStores.add(keyStore);
                if (caCertificates != null) {
                    // Establish trust against CA Certificates KeyStore
                    compKeyStores.add(caCertificates);
                }
                if (windowsTrustedRootCertificates != null) {
                    // Establish trust against Windows Trusted Root Certificates KeyStore
                    compKeyStores.add(windowsTrustedRootCertificates);
                }
                X509Certificate[] trustChain = X509CertUtil.establishTrust(certs[0], compKeyStores.toArray(new KeyStore[compKeyStores.size()]));
                if (trustChain != null) {
                    newCertChain = trustChain;
                } else {
                    // Cannot establish trust for the certificate - fail
                    JOptionPane.showMessageDialog(frame, res.getString("ImportCaReplyFromFileAction.NoTrustCaReply.message"), res.getString("ImportCaReplyFromFileAction.ImportCaReply.Title"), JOptionPane.WARNING_MESSAGE);
                    return;
                }
            }
        }
        if (keyStoreType.isFileBased()) {
            // TODO: why or when is delete actually necessary???
            keyStore.deleteEntry(alias);
            keyStore.setKeyEntry(alias, privateKey, password.toCharArray(), newCertChain);
        } else {
            keyStore.setKeyEntry(alias, privateKey, password.toCharArray(), newCertChain);
        }
        currentState.append(newState);
        kseFrame.updateControls(true);
        JOptionPane.showMessageDialog(frame, res.getString("ImportCaReplyFromFileAction.ImportCaReplySuccessful.message"), res.getString("ImportCaReplyFromFileAction.ImportCaReply.Title"), JOptionPane.INFORMATION_MESSAGE);
    } catch (Exception ex) {
        DError.displayError(frame, ex);
    }
}
Also used : KeyStoreState(org.kse.utilities.history.KeyStoreState) KeyStoreHistory(org.kse.utilities.history.KeyStoreHistory) ArrayList(java.util.ArrayList) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) FileNotFoundException(java.io.FileNotFoundException) KeyStoreType(org.kse.crypto.keystore.KeyStoreType) DViewCertificate(org.kse.gui.dialogs.DViewCertificate) File(java.io.File) Key(java.security.Key) Password(org.kse.crypto.Password)

Example 42 with KeyStoreHistory

use of org.kse.utilities.history.KeyStoreHistory in project keystore-explorer by kaikramer.

the class PasteAction method pasteEntry.

private boolean pasteEntry(BufferEntry bufferEntry) {
    try {
        KeyStoreHistory history = kseFrame.getActiveKeyStoreHistory();
        KeyStoreState currentState = history.getCurrentState();
        KeyStoreState newState = currentState.createBasisForNextState(this);
        KeyStore keyStore = newState.getKeyStore();
        String alias = bufferEntry.getName();
        if (keyStore.containsAlias(alias)) {
            if (bufferEntry.isCut()) {
                int selected = JOptionPane.showConfirmDialog(frame, MessageFormat.format(res.getString("PasteAction.PasteExistsReplace.message"), alias), res.getString("PasteAction.Paste.Title"), JOptionPane.YES_NO_OPTION);
                if (selected != JOptionPane.YES_OPTION) {
                    return false;
                }
                keyStore.deleteEntry(alias);
                newState.removeEntryPassword(alias);
            } else {
                alias = getUniqueEntryName(alias, keyStore);
            }
        }
        if (bufferEntry instanceof KeyBufferEntry) {
            KeyStoreType keyStoreType = KeyStoreType.resolveJce(keyStore.getType());
            if (!keyStoreType.supportsKeyEntries()) {
                JOptionPane.showMessageDialog(frame, MessageFormat.format(res.getString("PasteAction.NoPasteKeyEntry.message"), keyStoreType.friendly()), res.getString("PasteAction.Paste.Title"), JOptionPane.WARNING_MESSAGE);
                return false;
            }
            KeyBufferEntry keyBufferEntry = (KeyBufferEntry) bufferEntry;
            Key key = keyBufferEntry.getKey();
            Password password = keyBufferEntry.getPassword();
            keyStore.setKeyEntry(alias, key, password.toCharArray(), null);
            newState.setEntryPassword(alias, password);
        } else if (bufferEntry instanceof KeyPairBufferEntry) {
            KeyPairBufferEntry keyPairBufferEntry = (KeyPairBufferEntry) bufferEntry;
            PrivateKey privateKey = keyPairBufferEntry.getPrivateKey();
            Password password = keyPairBufferEntry.getPassword();
            Certificate[] certificateChain = keyPairBufferEntry.getCertificateChain();
            keyStore.setKeyEntry(alias, privateKey, password.toCharArray(), certificateChain);
            newState.setEntryPassword(alias, password);
        } else {
            TrustedCertificateBufferEntry certBufferEntry = (TrustedCertificateBufferEntry) bufferEntry;
            keyStore.setCertificateEntry(alias, certBufferEntry.getTrustedCertificate());
        }
        if (bufferEntry.isCut()) {
            Buffer.clear();
        }
        currentState.append(newState);
        kseFrame.updateControls(true);
        return true;
    } catch (Exception ex) {
        DError.displayError(frame, ex);
        return false;
    }
}
Also used : KeyStoreState(org.kse.utilities.history.KeyStoreState) KeyStoreHistory(org.kse.utilities.history.KeyStoreHistory) PrivateKey(java.security.PrivateKey) KeyStore(java.security.KeyStore) KeyStoreException(java.security.KeyStoreException) KeyBufferEntry(org.kse.utilities.buffer.KeyBufferEntry) KeyPairBufferEntry(org.kse.utilities.buffer.KeyPairBufferEntry) KeyStoreType(org.kse.crypto.keystore.KeyStoreType) TrustedCertificateBufferEntry(org.kse.utilities.buffer.TrustedCertificateBufferEntry) Key(java.security.Key) PrivateKey(java.security.PrivateKey) Password(org.kse.crypto.Password)

Example 43 with KeyStoreHistory

use of org.kse.utilities.history.KeyStoreHistory in project keystore-explorer by kaikramer.

the class PropertiesAction method doAction.

/**
 * Do action.
 */
@Override
protected void doAction() {
    try {
        KeyStoreHistory history = kseFrame.getActiveKeyStoreHistory();
        DProperties dProperties = new DProperties(frame, history);
        dProperties.setLocationRelativeTo(frame);
        dProperties.setVisible(true);
    } catch (Exception ex) {
        DError.displayError(frame, ex);
    }
}
Also used : KeyStoreHistory(org.kse.utilities.history.KeyStoreHistory) DProperties(org.kse.gui.dialogs.DProperties)

Example 44 with KeyStoreHistory

use of org.kse.utilities.history.KeyStoreHistory in project keystore-explorer by kaikramer.

the class RemoveFromCertificateChainAction method doAction.

/**
 * Do action.
 */
@Override
protected void doAction() {
    try {
        KeyStoreHistory history = kseFrame.getActiveKeyStoreHistory();
        KeyStoreState currentState = history.getCurrentState();
        String alias = kseFrame.getSelectedEntryAlias();
        Password password = getEntryPassword(alias, currentState);
        if (password == null) {
            return;
        }
        KeyStoreState newState = currentState.createBasisForNextState(this);
        KeyStore keyStore = newState.getKeyStore();
        Key privKey = keyStore.getKey(alias, password.toCharArray());
        X509Certificate[] certChain = X509CertUtil.orderX509CertChain(X509CertUtil.convertCertificates(keyStore.getCertificateChain(alias)));
        if (certChain.length == 1) {
            JOptionPane.showMessageDialog(frame, res.getString("RemoveFromCertificateChainAction.CannotRemoveOnlyCert.message"), res.getString("RemoveFromCertificateChainAction.RemoveFromCertificateChain.Title"), JOptionPane.WARNING_MESSAGE);
            return;
        }
        // Certificate to remove is the end one in the chain
        X509Certificate[] newCertChain = new X509Certificate[certChain.length - 1];
        System.arraycopy(certChain, 0, newCertChain, 0, newCertChain.length);
        keyStore.deleteEntry(alias);
        keyStore.setKeyEntry(alias, privKey, password.toCharArray(), newCertChain);
        currentState.append(newState);
        kseFrame.updateControls(true);
        JOptionPane.showMessageDialog(frame, res.getString("RemoveFromCertificateChainAction.RemoveFromCertificateChainSuccessful.message"), res.getString("RemoveFromCertificateChainAction.RemoveFromCertificateChain.Title"), JOptionPane.INFORMATION_MESSAGE);
    } catch (Exception ex) {
        DError.displayError(frame, ex);
    }
}
Also used : KeyStoreState(org.kse.utilities.history.KeyStoreState) KeyStoreHistory(org.kse.utilities.history.KeyStoreHistory) KeyStore(java.security.KeyStore) Key(java.security.Key) X509Certificate(java.security.cert.X509Certificate) Password(org.kse.crypto.Password)

Example 45 with KeyStoreHistory

use of org.kse.utilities.history.KeyStoreHistory in project keystore-explorer by kaikramer.

the class RenameKeyAction method doAction.

/**
 * Do action.
 */
@Override
protected void doAction() {
    try {
        KeyStoreHistory history = kseFrame.getActiveKeyStoreHistory();
        KeyStoreState currentState = history.getCurrentState();
        String alias = kseFrame.getSelectedEntryAlias();
        Password password = getEntryPassword(alias, currentState);
        if (password == null) {
            return;
        }
        KeyStoreState newState = currentState.createBasisForNextState(this);
        KeyStore keyStore = newState.getKeyStore();
        Key key = keyStore.getKey(alias, password.toCharArray());
        DGetAlias dGetAlias = new DGetAlias(frame, res.getString("RenameKeyAction.NewEntryAlias.Title"), alias);
        dGetAlias.setLocationRelativeTo(frame);
        dGetAlias.setVisible(true);
        String newAlias = dGetAlias.getAlias();
        if (newAlias == null) {
            return;
        }
        if (newAlias.equalsIgnoreCase(alias)) {
            JOptionPane.showMessageDialog(frame, MessageFormat.format(res.getString("RenameKeyAction.RenameAliasIdentical.message"), alias), res.getString("RenameKeyAction.RenameEntry.Title"), JOptionPane.WARNING_MESSAGE);
            return;
        }
        if (keyStore.containsAlias(newAlias)) {
            String message = MessageFormat.format(res.getString("RenameKeyAction.OverWriteEntry.message"), newAlias);
            int selected = JOptionPane.showConfirmDialog(frame, message, res.getString("RenameKeyAction.RenameEntry.Title"), JOptionPane.YES_NO_OPTION);
            if (selected != JOptionPane.YES_OPTION) {
                return;
            }
            keyStore.deleteEntry(newAlias);
            newState.removeEntryPassword(newAlias);
        }
        keyStore.setKeyEntry(newAlias, key, password.toCharArray(), null);
        newState.setEntryPassword(newAlias, new Password(password));
        keyStore.deleteEntry(alias);
        newState.removeEntryPassword(alias);
        currentState.append(newState);
        kseFrame.updateControls(true);
    } catch (Exception ex) {
        DError.displayError(frame, ex);
    }
}
Also used : DGetAlias(org.kse.gui.dialogs.DGetAlias) KeyStoreState(org.kse.utilities.history.KeyStoreState) KeyStoreHistory(org.kse.utilities.history.KeyStoreHistory) KeyStore(java.security.KeyStore) Key(java.security.Key) Password(org.kse.crypto.Password)

Aggregations

KeyStoreHistory (org.kse.utilities.history.KeyStoreHistory)60 KeyStore (java.security.KeyStore)45 KeyStoreState (org.kse.utilities.history.KeyStoreState)41 Password (org.kse.crypto.Password)31 X509Certificate (java.security.cert.X509Certificate)21 PrivateKey (java.security.PrivateKey)17 Certificate (java.security.cert.Certificate)13 Key (java.security.Key)12 CryptoException (org.kse.crypto.CryptoException)11 KeyStoreType (org.kse.crypto.keystore.KeyStoreType)11 DGetAlias (org.kse.gui.dialogs.DGetAlias)10 KeyStoreException (java.security.KeyStoreException)9 File (java.io.File)7 GeneralSecurityException (java.security.GeneralSecurityException)6 DViewCertificate (org.kse.gui.dialogs.DViewCertificate)6 DGetNewPassword (org.kse.gui.password.DGetNewPassword)6 FileNotFoundException (java.io.FileNotFoundException)5 PublicKey (java.security.PublicKey)5 Provider (java.security.Provider)4 ArrayList (java.util.ArrayList)3