Example 41 with KeyStoreHistory
use of org.kse.utilities.history.KeyStoreHistory in project keystore-explorer by kaikramer.
the class ImportCaReplyFromFileAction method doAction.
/**
* Do action.
*/
@Override
protected void doAction() {
try {
KeyStoreHistory history = kseFrame.getActiveKeyStoreHistory();
KeyStoreState currentState = history.getCurrentState();
String alias = kseFrame.getSelectedEntryAlias();
Password password = getEntryPassword(alias, currentState);
if (password == null) {
return;
}
KeyStoreState newState = currentState.createBasisForNextState(this);
KeyStore keyStore = newState.getKeyStore();
KeyStoreType keyStoreType = KeyStoreType.resolveJce(keyStore.getType());
Key privateKey = keyStore.getKey(alias, password.toCharArray());
File caReplyFile = chooseCaFile();
if (caReplyFile == null) {
return;
}
X509Certificate[] certs = openCaReply(caReplyFile);
if ((certs == null) || (certs.length == 0)) {
return;
}
certs = X509CertUtil.orderX509CertChain(certs);
X509Certificate[] exitingEntryCerts = X509CertUtil.orderX509CertChain(X509CertUtil.convertCertificates(keyStore.getCertificateChain(alias)));
if (!exitingEntryCerts[0].getPublicKey().equals(certs[0].getPublicKey())) {
JOptionPane.showMessageDialog(frame, res.getString("ImportCaReplyFromFileAction.NoMatchPubKeyCaReply.message"), res.getString("ImportCaReplyFromFileAction.ImportCaReply.Title"), JOptionPane.WARNING_MESSAGE);
return;
}
// Holds the new certificate chain for the entry should the import succeed
X509Certificate[] newCertChain = null;
if (!applicationSettings.getEnableImportCaReplyTrustCheck()) {
newCertChain = certs;
} else {
KeyStore caCertificates = getCaCertificates();
KeyStore windowsTrustedRootCertificates = getWindowsTrustedRootCertificates();
// of the certificates in the CA Certificates or current KeyStore
if (certs.length > 1) {
X509Certificate rootCert = certs[certs.length - 1];
String matchAlias = null;
if (// Match against CA Certificates KeyStore
caCertificates != null) {
matchAlias = X509CertUtil.matchCertificate(caCertificates, rootCert);
}
// Match against Windows Trusted Root Certificates KeyStore
if ((windowsTrustedRootCertificates != null) && (matchAlias == null)) {
matchAlias = X509CertUtil.matchCertificate(windowsTrustedRootCertificates, rootCert);
}
if (// Match against current KeyStore
matchAlias == null) {
matchAlias = X509CertUtil.matchCertificate(keyStore, rootCert);
}
if (matchAlias == null) {
// No match for the root certificate - display the certificate to the user for confirmation
JOptionPane.showMessageDialog(frame, res.getString("ImportCaReplyFromFileAction.NoMatchRootCertCaReplyConfirm.message"), res.getString("ImportCaReplyFromFileAction.ImportCaReply.Title"), JOptionPane.INFORMATION_MESSAGE);
DViewCertificate dViewCertificate = new DViewCertificate(frame, MessageFormat.format(res.getString("ImportCaReplyFromFileAction.CertDetailsFile.Title"), caReplyFile.getName()), new X509Certificate[] { rootCert }, null, DViewCertificate.NONE);
dViewCertificate.setLocationRelativeTo(frame);
dViewCertificate.setVisible(true);
int selected = JOptionPane.showConfirmDialog(frame, res.getString("ImportCaReplyFromFileAction.AcceptCaReply.message"), res.getString("ImportCaReplyFromFileAction.ImportCaReply.Title"), JOptionPane.YES_NO_OPTION);
if (selected != JOptionPane.YES_OPTION) {
return;
}
newCertChain = certs;
} else {
newCertChain = certs;
}
} else // Single X.509 certificate reply - try and establish a chain of
// trust from the certificate and ending with a root CA self-signed certificate
{
// Establish trust against current KeyStore
ArrayList<KeyStore> compKeyStores = new ArrayList<KeyStore>();
compKeyStores.add(keyStore);
if (caCertificates != null) {
// Establish trust against CA Certificates KeyStore
compKeyStores.add(caCertificates);
}
if (windowsTrustedRootCertificates != null) {
// Establish trust against Windows Trusted Root Certificates KeyStore
compKeyStores.add(windowsTrustedRootCertificates);
}
X509Certificate[] trustChain = X509CertUtil.establishTrust(certs[0], compKeyStores.toArray(new KeyStore[compKeyStores.size()]));
if (trustChain != null) {
newCertChain = trustChain;
} else {
// Cannot establish trust for the certificate - fail
JOptionPane.showMessageDialog(frame, res.getString("ImportCaReplyFromFileAction.NoTrustCaReply.message"), res.getString("ImportCaReplyFromFileAction.ImportCaReply.Title"), JOptionPane.WARNING_MESSAGE);
return;
}
}
}
if (keyStoreType.isFileBased()) {
// TODO: why or when is delete actually necessary???
keyStore.deleteEntry(alias);
keyStore.setKeyEntry(alias, privateKey, password.toCharArray(), newCertChain);
} else {
keyStore.setKeyEntry(alias, privateKey, password.toCharArray(), newCertChain);
}
currentState.append(newState);
kseFrame.updateControls(true);
JOptionPane.showMessageDialog(frame, res.getString("ImportCaReplyFromFileAction.ImportCaReplySuccessful.message"), res.getString("ImportCaReplyFromFileAction.ImportCaReply.Title"), JOptionPane.INFORMATION_MESSAGE);
} catch (Exception ex) {
DError.displayError(frame, ex);
}
}
Also used :
KeyStoreState(org.kse.utilities.history.KeyStoreState)
KeyStoreHistory(org.kse.utilities.history.KeyStoreHistory)
ArrayList(java.util.ArrayList)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
FileNotFoundException(java.io.FileNotFoundException)
KeyStoreType(org.kse.crypto.keystore.KeyStoreType)
DViewCertificate(org.kse.gui.dialogs.DViewCertificate)
File(java.io.File)
Key(java.security.Key)
Password(org.kse.crypto.Password)
Example 42 with KeyStoreHistory
use of org.kse.utilities.history.KeyStoreHistory in project keystore-explorer by kaikramer.
the class PasteAction method pasteEntry.
private boolean pasteEntry(BufferEntry bufferEntry) {
try {
KeyStoreHistory history = kseFrame.getActiveKeyStoreHistory();
KeyStoreState currentState = history.getCurrentState();
KeyStoreState newState = currentState.createBasisForNextState(this);
KeyStore keyStore = newState.getKeyStore();
String alias = bufferEntry.getName();
if (keyStore.containsAlias(alias)) {
if (bufferEntry.isCut()) {
int selected = JOptionPane.showConfirmDialog(frame, MessageFormat.format(res.getString("PasteAction.PasteExistsReplace.message"), alias), res.getString("PasteAction.Paste.Title"), JOptionPane.YES_NO_OPTION);
if (selected != JOptionPane.YES_OPTION) {
return false;
}
keyStore.deleteEntry(alias);
newState.removeEntryPassword(alias);
} else {
alias = getUniqueEntryName(alias, keyStore);
}
}
if (bufferEntry instanceof KeyBufferEntry) {
KeyStoreType keyStoreType = KeyStoreType.resolveJce(keyStore.getType());
if (!keyStoreType.supportsKeyEntries()) {
JOptionPane.showMessageDialog(frame, MessageFormat.format(res.getString("PasteAction.NoPasteKeyEntry.message"), keyStoreType.friendly()), res.getString("PasteAction.Paste.Title"), JOptionPane.WARNING_MESSAGE);
return false;
}
KeyBufferEntry keyBufferEntry = (KeyBufferEntry) bufferEntry;
Key key = keyBufferEntry.getKey();
Password password = keyBufferEntry.getPassword();
keyStore.setKeyEntry(alias, key, password.toCharArray(), null);
newState.setEntryPassword(alias, password);
} else if (bufferEntry instanceof KeyPairBufferEntry) {
KeyPairBufferEntry keyPairBufferEntry = (KeyPairBufferEntry) bufferEntry;
PrivateKey privateKey = keyPairBufferEntry.getPrivateKey();
Password password = keyPairBufferEntry.getPassword();
Certificate[] certificateChain = keyPairBufferEntry.getCertificateChain();
keyStore.setKeyEntry(alias, privateKey, password.toCharArray(), certificateChain);
newState.setEntryPassword(alias, password);
} else {
TrustedCertificateBufferEntry certBufferEntry = (TrustedCertificateBufferEntry) bufferEntry;
keyStore.setCertificateEntry(alias, certBufferEntry.getTrustedCertificate());
}
if (bufferEntry.isCut()) {
Buffer.clear();
}
currentState.append(newState);
kseFrame.updateControls(true);
return true;
} catch (Exception ex) {
DError.displayError(frame, ex);
return false;
}
}
Also used :
KeyStoreState(org.kse.utilities.history.KeyStoreState)
KeyStoreHistory(org.kse.utilities.history.KeyStoreHistory)
PrivateKey(java.security.PrivateKey)
KeyStore(java.security.KeyStore)
KeyStoreException(java.security.KeyStoreException)
KeyBufferEntry(org.kse.utilities.buffer.KeyBufferEntry)
KeyPairBufferEntry(org.kse.utilities.buffer.KeyPairBufferEntry)
KeyStoreType(org.kse.crypto.keystore.KeyStoreType)
TrustedCertificateBufferEntry(org.kse.utilities.buffer.TrustedCertificateBufferEntry)
Key(java.security.Key)
PrivateKey(java.security.PrivateKey)
Password(org.kse.crypto.Password)
Example 43 with KeyStoreHistory
use of org.kse.utilities.history.KeyStoreHistory in project keystore-explorer by kaikramer.
the class PropertiesAction method doAction.
/**
* Do action.
*/
@Override
protected void doAction() {
try {
KeyStoreHistory history = kseFrame.getActiveKeyStoreHistory();
DProperties dProperties = new DProperties(frame, history);
dProperties.setLocationRelativeTo(frame);
dProperties.setVisible(true);
} catch (Exception ex) {
DError.displayError(frame, ex);
}
}
Also used :
KeyStoreHistory(org.kse.utilities.history.KeyStoreHistory)
DProperties(org.kse.gui.dialogs.DProperties)
Example 44 with KeyStoreHistory
use of org.kse.utilities.history.KeyStoreHistory in project keystore-explorer by kaikramer.
the class RemoveFromCertificateChainAction method doAction.
/**
* Do action.
*/
@Override
protected void doAction() {
try {
KeyStoreHistory history = kseFrame.getActiveKeyStoreHistory();
KeyStoreState currentState = history.getCurrentState();
String alias = kseFrame.getSelectedEntryAlias();
Password password = getEntryPassword(alias, currentState);
if (password == null) {
return;
}
KeyStoreState newState = currentState.createBasisForNextState(this);
KeyStore keyStore = newState.getKeyStore();
Key privKey = keyStore.getKey(alias, password.toCharArray());
X509Certificate[] certChain = X509CertUtil.orderX509CertChain(X509CertUtil.convertCertificates(keyStore.getCertificateChain(alias)));
if (certChain.length == 1) {
JOptionPane.showMessageDialog(frame, res.getString("RemoveFromCertificateChainAction.CannotRemoveOnlyCert.message"), res.getString("RemoveFromCertificateChainAction.RemoveFromCertificateChain.Title"), JOptionPane.WARNING_MESSAGE);
return;
}
// Certificate to remove is the end one in the chain
X509Certificate[] newCertChain = new X509Certificate[certChain.length - 1];
System.arraycopy(certChain, 0, newCertChain, 0, newCertChain.length);
keyStore.deleteEntry(alias);
keyStore.setKeyEntry(alias, privKey, password.toCharArray(), newCertChain);
currentState.append(newState);
kseFrame.updateControls(true);
JOptionPane.showMessageDialog(frame, res.getString("RemoveFromCertificateChainAction.RemoveFromCertificateChainSuccessful.message"), res.getString("RemoveFromCertificateChainAction.RemoveFromCertificateChain.Title"), JOptionPane.INFORMATION_MESSAGE);
} catch (Exception ex) {
DError.displayError(frame, ex);
}
}
Also used :
KeyStoreState(org.kse.utilities.history.KeyStoreState)
KeyStoreHistory(org.kse.utilities.history.KeyStoreHistory)
KeyStore(java.security.KeyStore)
Key(java.security.Key)
X509Certificate(java.security.cert.X509Certificate)
Password(org.kse.crypto.Password)
Example 45 with KeyStoreHistory
use of org.kse.utilities.history.KeyStoreHistory in project keystore-explorer by kaikramer.
the class RenameKeyAction method doAction.
/**
* Do action.
*/
@Override
protected void doAction() {
try {
KeyStoreHistory history = kseFrame.getActiveKeyStoreHistory();
KeyStoreState currentState = history.getCurrentState();
String alias = kseFrame.getSelectedEntryAlias();
Password password = getEntryPassword(alias, currentState);
if (password == null) {
return;
}
KeyStoreState newState = currentState.createBasisForNextState(this);
KeyStore keyStore = newState.getKeyStore();
Key key = keyStore.getKey(alias, password.toCharArray());
DGetAlias dGetAlias = new DGetAlias(frame, res.getString("RenameKeyAction.NewEntryAlias.Title"), alias);
dGetAlias.setLocationRelativeTo(frame);
dGetAlias.setVisible(true);
String newAlias = dGetAlias.getAlias();
if (newAlias == null) {
return;
}
if (newAlias.equalsIgnoreCase(alias)) {
JOptionPane.showMessageDialog(frame, MessageFormat.format(res.getString("RenameKeyAction.RenameAliasIdentical.message"), alias), res.getString("RenameKeyAction.RenameEntry.Title"), JOptionPane.WARNING_MESSAGE);
return;
}
if (keyStore.containsAlias(newAlias)) {
String message = MessageFormat.format(res.getString("RenameKeyAction.OverWriteEntry.message"), newAlias);
int selected = JOptionPane.showConfirmDialog(frame, message, res.getString("RenameKeyAction.RenameEntry.Title"), JOptionPane.YES_NO_OPTION);
if (selected != JOptionPane.YES_OPTION) {
return;
}
keyStore.deleteEntry(newAlias);
newState.removeEntryPassword(newAlias);
}
keyStore.setKeyEntry(newAlias, key, password.toCharArray(), null);
newState.setEntryPassword(newAlias, new Password(password));
keyStore.deleteEntry(alias);
newState.removeEntryPassword(alias);
currentState.append(newState);
kseFrame.updateControls(true);
} catch (Exception ex) {
DError.displayError(frame, ex);
}
}
Also used :
DGetAlias(org.kse.gui.dialogs.DGetAlias)
KeyStoreState(org.kse.utilities.history.KeyStoreState)
KeyStoreHistory(org.kse.utilities.history.KeyStoreHistory)
KeyStore(java.security.KeyStore)
Key(java.security.Key)
Password(org.kse.crypto.Password)
Aggregations
KeyStoreHistory (org.kse.utilities.history.KeyStoreHistory)60
KeyStore (java.security.KeyStore)45
KeyStoreState (org.kse.utilities.history.KeyStoreState)41
Password (org.kse.crypto.Password)31
X509Certificate (java.security.cert.X509Certificate)21
PrivateKey (java.security.PrivateKey)17
Certificate (java.security.cert.Certificate)13
Key (java.security.Key)12
CryptoException (org.kse.crypto.CryptoException)11
KeyStoreType (org.kse.crypto.keystore.KeyStoreType)11
DGetAlias (org.kse.gui.dialogs.DGetAlias)10
KeyStoreException (java.security.KeyStoreException)9
File (java.io.File)7
GeneralSecurityException (java.security.GeneralSecurityException)6
DViewCertificate (org.kse.gui.dialogs.DViewCertificate)6
DGetNewPassword (org.kse.gui.password.DGetNewPassword)6
FileNotFoundException (java.io.FileNotFoundException)5
PublicKey (java.security.PublicKey)5
Provider (java.security.Provider)4
ArrayList (java.util.ArrayList)3
