Example 6 with MutableKeyStoreProtectionManager
use of org.nhindirect.common.crypto.MutableKeyStoreProtectionManager in project nhin-d by DirectProject.
the class SplitDirectRecipientInformation_getDecryptedContentTest method testGetDecryptedContent_safeNetHSMKeyEncProvider_assertDecrypted.
public void testGetDecryptedContent_safeNetHSMKeyEncProvider_assertDecrypted() throws Exception {
/**
* This test is only run if a specific SafeNet eToken Pro HSM is connected to the testing
* system. This can be modified for another specific machine and/or token.
*/
pkcs11ProvName = TestUtils.setupSafeNetToken();
if (!StringUtils.isEmpty(pkcs11ProvName)) {
final PKCS11Credential cred = new BootstrappedPKCS11Credential("1Kingpuff");
final MutableKeyStoreProtectionManager mgr = new StaticPKCS11TokenKeyStoreProtectionManager(cred, "", "");
final CacheableKeyStoreManagerCertificateStore store = new CacheableKeyStoreManagerCertificateStore(mgr);
store.add(TestUtils.getInternalCert("user1"));
// get a certificate from the key store
final KeyStore ks = KeyStore.getInstance("PKCS11");
ks.load(null, "1Kingpuff".toCharArray());
// get the decryption cert
X509CertificateEx decryptCert = null;
final Enumeration<String> aliases = ks.aliases();
while (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
Certificate pkcs11Cert = ks.getCertificate(alias);
if (pkcs11Cert != null && pkcs11Cert instanceof X509Certificate) {
// check if there is private key
Key key = ks.getKey(alias, null);
if (key != null && key instanceof PrivateKey && CryptoExtensions.certSubjectContainsName((X509Certificate) pkcs11Cert, "user1@cerner.com")) {
decryptCert = X509CertificateEx.fromX509Certificate((X509Certificate) pkcs11Cert, (PrivateKey) key);
break;
}
}
}
final SMIMEEnveloped env = createSMIMEEnv();
final RecipientInformation recipient = (RecipientInformation) env.getRecipientInfos().getRecipients().iterator().next();
final SplitDirectRecipientInformationFactory factory = new SplitDirectRecipientInformationFactory(pkcs11ProvName, "BC");
final SplitDirectRecipientInformation recInfo = (SplitDirectRecipientInformation) factory.createInstance(recipient, env);
// this will be non-null if it works correctly
assertNotNull(recInfo.getDecryptedContent(decryptCert.getPrivateKey()));
}
}
Also used :
PKCS11Credential(org.nhindirect.common.crypto.PKCS11Credential)
BootstrappedPKCS11Credential(org.nhindirect.common.crypto.impl.BootstrappedPKCS11Credential)
PrivateKey(java.security.PrivateKey)
KeyStore(java.security.KeyStore)
SMIMEEnveloped(org.bouncycastle.mail.smime.SMIMEEnveloped)
X509Certificate(java.security.cert.X509Certificate)
CacheableKeyStoreManagerCertificateStore(org.nhindirect.stagent.cert.impl.CacheableKeyStoreManagerCertificateStore)
RecipientInformation(org.bouncycastle.cms.RecipientInformation)
X509CertificateEx(org.nhindirect.stagent.cert.X509CertificateEx)
MutableKeyStoreProtectionManager(org.nhindirect.common.crypto.MutableKeyStoreProtectionManager)
StaticPKCS11TokenKeyStoreProtectionManager(org.nhindirect.common.crypto.impl.StaticPKCS11TokenKeyStoreProtectionManager)
BootstrappedPKCS11Credential(org.nhindirect.common.crypto.impl.BootstrappedPKCS11Credential)
Key(java.security.Key)
PrivateKey(java.security.PrivateKey)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 7 with MutableKeyStoreProtectionManager
use of org.nhindirect.common.crypto.MutableKeyStoreProtectionManager in project nhin-d by DirectProject.
the class CertificatesController method removeCertificates.
@PreAuthorize("hasRole('ROLE_ADMIN')")
@RequestMapping(value = "/removecertifcates", method = RequestMethod.POST)
public ModelAndView removeCertificates(@RequestHeader(value = "X-Requested-With", required = false) String requestedWith, HttpSession session, @ModelAttribute CertificateForm simpleForm, Model model, @RequestParam(value = "submitType") String actionPath) {
final ModelAndView mav = new ModelAndView();
if (log.isDebugEnabled())
log.debug("Enter domain/removecertificates");
if (simpleForm.getRemove() != null) {
if (log.isDebugEnabled())
log.debug("the list of checkboxes checked or not is: " + simpleForm.getRemove().toString());
}
if (certService != null && simpleForm != null && actionPath != null && (actionPath.equalsIgnoreCase("deletecertificate") || actionPath.equalsIgnoreCase("Remove Selected")) && simpleForm.getRemove() != null) {
int cnt = simpleForm.getRemove().size();
if (log.isDebugEnabled())
log.debug("removing certificates");
try {
// get list of certificates for this domain
final Collection<Certificate> certs = certService.getAllCertificates();
final ArrayList<Long> certtoberemovedlist = new ArrayList<Long>();
// now iterate over each one and remove the appropriate ones
for (int x = 0; x < cnt; x++) {
final String removeid = simpleForm.getRemove().get(x);
for (Certificate t : certs) {
//rest of the code block removed
if (t.getId() == Long.parseLong(removeid)) {
if (log.isDebugEnabled()) {
log.debug(" ");
log.debug("domain address id: " + t.getId());
log.debug(" ");
}
// create a collection of matching anchor ids
certtoberemovedlist.add(t.getId());
break;
}
}
}
// with the collection of anchor ids now remove them from the anchorService
if (log.isDebugEnabled())
log.debug(" Trying to remove certificates from database");
certService.deleteCertificatesByIds(certtoberemovedlist);
if (log.isDebugEnabled())
log.debug(" SUCCESS Trying to update certificates");
} catch (ServiceException e) {
if (log.isDebugEnabled())
log.error(e);
}
}
model.addAttribute("ajaxRequest", AjaxUtils.isAjaxRequest(requestedWith));
// BEGIN: temporary code for mocking purposes
final CertificateForm cform = new CertificateForm();
cform.setId(0);
model.addAttribute("certificateForm", cform);
mav.setViewName("certificates");
// the Form's default button action
final String action = "Update";
model.addAttribute("action", action);
model.addAttribute("ajaxRequest", AjaxUtils.isAjaxRequest(requestedWith));
mav.addObject("action", action);
Collection<Certificate> certlist = null;
try {
certlist = certService.getAllCertificates();
if (this.keyManager != null && this.keyManager instanceof MutableKeyStoreProtectionManager) {
final KeyStore keyStore = ((MutableKeyStoreProtectionManager) keyManager).getKS();
// the key store manager to see if they have private keys
for (Certificate cert : certlist) {
if (!cert.isPrivateKey()) {
try {
final X509Certificate checkCert = CertUtils.toX509Certificate(cert.getData());
final String alias = keyStore.getCertificateAlias(checkCert);
if (!StringUtils.isEmpty(alias)) {
// check if this entry has a private key associated with
// it
final PrivateKey privKey = (PrivateKey) keyStore.getKey(alias, "".toCharArray());
if (privKey != null)
cert.setPrivateKey(true);
}
} catch (Exception e) {
}
}
}
}
} catch (ServiceException e) {
e.printStackTrace();
}
model.addAttribute("certificatesResults", certlist);
// END: temporary code for mocking purposes
mav.addObject("privKeyTypeList", PrivateKeyType.getPrivKeyTypeList());
mav.addObject("statusList", EntityStatus.getEntityStatusList());
model.addAttribute("simpleForm", simpleForm);
final String strid = "" + simpleForm.getId();
if (log.isDebugEnabled())
log.debug(" the value of id of simpleform is: " + strid);
return mav;
}
Also used :
CertificateForm(org.nhindirect.config.ui.form.CertificateForm)
PrivateKey(java.security.PrivateKey)
ModelAndView(org.springframework.web.servlet.ModelAndView)
ArrayList(java.util.ArrayList)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
ServiceException(org.nhindirect.common.rest.exceptions.ServiceException)
IOException(java.io.IOException)
CryptoException(org.nhindirect.common.crypto.exceptions.CryptoException)
ServiceException(org.nhindirect.common.rest.exceptions.ServiceException)
MutableKeyStoreProtectionManager(org.nhindirect.common.crypto.MutableKeyStoreProtectionManager)
X509Certificate(java.security.cert.X509Certificate)
Certificate(org.nhindirect.config.model.Certificate)
PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Example 8 with MutableKeyStoreProtectionManager
use of org.nhindirect.common.crypto.MutableKeyStoreProtectionManager in project nhin-d by DirectProject.
the class CryptographerTest method testEncryptAndDecryptMimeEntity_hsmDecryption.
private void testEncryptAndDecryptMimeEntity_hsmDecryption(EncryptionAlgorithm encAlg) throws Exception {
OptionsManager.destroyInstance();
CryptoExtensions.registerJCEProviders();
try {
final PKCS11Credential cred = new BootstrappedPKCS11Credential("1Kingpuff");
final MutableKeyStoreProtectionManager mgr = new StaticPKCS11TokenKeyStoreProtectionManager(cred, "", "");
final CacheableKeyStoreManagerCertificateStore store = new CacheableKeyStoreManagerCertificateStore(mgr);
store.add(TestUtils.getInternalCert("user1"));
X509Certificate cert = TestUtils.getExternalCert("user1");
SMIMECryptographerImpl cryptographer = new SMIMECryptographerImpl();
cryptographer.setRecipientInformationFactory(new SplitDirectRecipientInformationFactory(pkcs11ProviderName, ""));
cryptographer.setEncryptionAlgorithm(encAlg);
MimeEntity entity = new MimeEntity();
entity.setText("Hello world.");
entity.setHeader(MimeStandard.ContentTypeHeader, "text/plain");
entity.setHeader(MimeStandard.ContentTransferEncodingHeader, "7bit");
MimeEntity encEntity = cryptographer.encrypt(entity, cert);
assertNotNull(encEntity);
// open up the pkcs11 store and find the private key
KeyStore ks = KeyStore.getInstance("PKCS11");
ks.load(null, "1Kingpuff".toCharArray());
X509CertificateEx decryptCert = null;
final Enumeration<String> aliases = ks.aliases();
while (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
Certificate pkcs11Cert = ks.getCertificate(alias);
if (pkcs11Cert != null && pkcs11Cert instanceof X509Certificate) {
// check if there is private key
Key key = ks.getKey(alias, null);
if (key != null && key instanceof PrivateKey && CryptoExtensions.certSubjectContainsName((X509Certificate) pkcs11Cert, "user1@cerner.com")) {
decryptCert = X509CertificateEx.fromX509Certificate((X509Certificate) pkcs11Cert, (PrivateKey) key);
break;
}
}
}
MimeEntity decryEntity = cryptographer.decrypt(encEntity, decryptCert);
assertNotNull(decryEntity);
byte[] decryEntityBytes = EntitySerializer.Default.serializeToBytes(decryEntity);
byte[] entityBytes = EntitySerializer.Default.serializeToBytes(entity);
assertTrue(Arrays.equals(decryEntityBytes, entityBytes));
} finally {
System.setProperty("org.nhindirect.stagent.cryptography.JCESensitiveProviderName", "");
System.setProperty("org.nhindirect.stagent.cryptography.JCESensitiveProviderClassNames", "");
OptionsManager.destroyInstance();
}
}
Also used :
PKCS11Credential(org.nhindirect.common.crypto.PKCS11Credential)
BootstrappedPKCS11Credential(org.nhindirect.common.crypto.impl.BootstrappedPKCS11Credential)
PrivateKey(java.security.PrivateKey)
SMIMECryptographerImpl(org.nhindirect.stagent.cryptography.SMIMECryptographerImpl)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
SplitDirectRecipientInformationFactory(org.nhindirect.stagent.cryptography.activekeyops.SplitDirectRecipientInformationFactory)
CacheableKeyStoreManagerCertificateStore(org.nhindirect.stagent.cert.impl.CacheableKeyStoreManagerCertificateStore)
X509CertificateEx(org.nhindirect.stagent.cert.X509CertificateEx)
MutableKeyStoreProtectionManager(org.nhindirect.common.crypto.MutableKeyStoreProtectionManager)
StaticPKCS11TokenKeyStoreProtectionManager(org.nhindirect.common.crypto.impl.StaticPKCS11TokenKeyStoreProtectionManager)
MimeEntity(org.nhindirect.stagent.mail.MimeEntity)
BootstrappedPKCS11Credential(org.nhindirect.common.crypto.impl.BootstrappedPKCS11Credential)
Key(java.security.Key)
PrivateKey(java.security.PrivateKey)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 9 with MutableKeyStoreProtectionManager
use of org.nhindirect.common.crypto.MutableKeyStoreProtectionManager in project nhin-d by DirectProject.
the class CertificatesController method addCertificate.
@PreAuthorize("hasRole('ROLE_ADMIN')")
@RequestMapping(value = "/addcertificate", method = RequestMethod.POST)
public ModelAndView addCertificate(@RequestHeader(value = "X-Requested-With", required = false) String requestedWith, HttpSession session, @ModelAttribute CertificateForm certificateForm, Model model, @RequestParam(value = "submitType") String actionPath) {
final ModelAndView mav = new ModelAndView();
String strid = "";
//if (log.isDebugEnabled())
log.error("Enter domain/addcertificate");
if (actionPath.equalsIgnoreCase("cancel")) {
if (log.isDebugEnabled())
log.debug("trying to cancel from saveupdate");
final SearchDomainForm form2 = (SearchDomainForm) session.getAttribute("searchDomainForm");
model.addAttribute(form2 != null ? form2 : new SearchDomainForm());
model.addAttribute("ajaxRequest", AjaxUtils.isAjaxRequest(requestedWith));
mav.setViewName("main");
mav.addObject("privKeyTypeList", PrivateKeyType.getPrivKeyTypeList());
mav.addObject("statusList", EntityStatus.getEntityStatusList());
return mav;
}
if (actionPath.equalsIgnoreCase("newcertificate") || actionPath.equalsIgnoreCase("add certificate")) {
log.debug("Attempting to add certificate");
if (this.keyManager == null)
log.debug("Key manager is null");
else
log.debug("Key manager is non-null");
strid = "" + certificateForm.getId();
// insert the new address into the Domain list of Addresses
final EntityStatus estatus = certificateForm.getStatus();
if (log.isDebugEnabled())
log.debug("beginning to evaluate filedata");
try {
model.addAttribute("certerror", false);
model.addAttribute("passphraseError", false);
if (!certificateForm.getFileData().isEmpty()) {
final String passphrase = (certificateForm.getKeyPassphrase() == null) ? "" : certificateForm.getKeyPassphrase();
PrivateKeyType privKeyType = PrivateKeyType.fromString(certificateForm.getPrivKeyType());
if ((privKeyType == PrivateKeyType.PKCS8_PASSPHRASE || privKeyType == PrivateKeyType.PKCS_12_PASSPHRASE) && StringUtils.isEmpty(passphrase)) {
// can't move on if a passphrase is required and one is not supplied
model.addAttribute("passphraseError", true);
} else {
byte[] certOrP12Bytes = certificateForm.getFileData().getBytes();
byte[] privateKeyBytes = null;
if (privKeyType == PrivateKeyType.PKCS_12_PASSPHRASE || privKeyType == PrivateKeyType.PKCS_12_UNPROTECTED) {
log.debug("Converting byte stream to cert container");
// there is a private key present.. normalized it to an unproted format
//if (cont.getKey() != null)
//{
log.debug("Private key exists; normalizing to non-protected p12 format.");
certOrP12Bytes = CertUtils.changePkcs12Protection(certOrP12Bytes, passphrase.toCharArray(), passphrase.toCharArray(), "".toCharArray(), "".toCharArray());
//}
} else if (privKeyType != PrivateKeyType.NONE) {
// there is a private key file associated with this request
privateKeyBytes = certificateForm.getPrivKeyData().getBytes();
// get the private key... it may be different formats, so be on the watch
if (privKeyType == PrivateKeyType.PKCS8_PASSPHRASE) {
// key
try {
final EncryptedPrivateKeyInfo encryptPKInfo = new EncryptedPrivateKeyInfo(privateKeyBytes);
final Cipher cipher = Cipher.getInstance(encryptPKInfo.getAlgName());
final PBEKeySpec pbeKeySpec = new PBEKeySpec(passphrase.toCharArray());
final SecretKeyFactory secFac = SecretKeyFactory.getInstance(encryptPKInfo.getAlgName());
final Key pbeKey = secFac.generateSecret(pbeKeySpec);
final AlgorithmParameters algParams = encryptPKInfo.getAlgParameters();
cipher.init(Cipher.DECRYPT_MODE, pbeKey, algParams);
final KeySpec pkcs8KeySpec = encryptPKInfo.getKeySpec(cipher);
final KeyFactory kf = KeyFactory.getInstance("RSA");
privateKeyBytes = kf.generatePrivate(pkcs8KeySpec).getEncoded();
} catch (Exception e) {
return mav;
}
}
}
String owner = "";
final String fileType = certificateForm.getFileData().getContentType();
if (!fileType.matches("application/x-x509-ca-cert") && !fileType.matches("application/octet-stream") && !fileType.matches("application/x-pkcs12")) {
model.addAttribute("certerror", true);
} else {
final Certificate cert = new Certificate();
// convert the cert and key to the proper storage format
cert.setData(toCertDataFormat(certOrP12Bytes, privateKeyBytes, privKeyType));
cert.setOwner(owner);
cert.setStatus(org.nhindirect.config.model.EntityStatus.valueOf(estatus.toString()));
final ArrayList<Certificate> certlist = new ArrayList<Certificate>();
certlist.add(cert);
log.debug("Adding certificate to config store.");
certService.addCertificate(cert);
log.debug("Certificate add SUCCESSFUL");
}
}
} else {
if (log.isDebugEnabled())
log.debug("DO NOT store the certificate into database BECAUSE THERE IS NO FILE");
}
} catch (ServiceException ed) {
log.error(ed);
} catch (Exception e) {
log.error(e);
e.printStackTrace();
}
// certificate form and result
try {
final Collection<Certificate> certs = certService.getAllCertificates();
if (this.keyManager != null && this.keyManager instanceof MutableKeyStoreProtectionManager) {
final KeyStore keyStore = ((MutableKeyStoreProtectionManager) keyManager).getKS();
// the key store manager to see if they have private keys
for (Certificate cert : certs) {
if (!cert.isPrivateKey()) {
try {
final X509Certificate checkCert = CertUtils.toX509Certificate(cert.getData());
final String alias = keyStore.getCertificateAlias(checkCert);
if (!StringUtils.isEmpty(alias)) {
// check if this entry has a private key associated with
// it
final PrivateKey privKey = (PrivateKey) keyStore.getKey(alias, "".toCharArray());
if (privKey != null)
cert.setPrivateKey(true);
}
} catch (Exception e) {
}
}
}
}
model.addAttribute("certificatesResults", certs);
final CertificateForm cform = new CertificateForm();
cform.setId(0);
model.addAttribute("certificateForm", cform);
} catch (ServiceException e1) {
e1.printStackTrace();
}
model.addAttribute("ajaxRequest", AjaxUtils.isAjaxRequest(requestedWith));
final SimpleForm simple = new SimpleForm();
simple.setId(Long.parseLong(strid));
model.addAttribute("simpleForm", simple);
mav.setViewName("certificates");
// the Form's default button action
final String action = "Update";
model.addAttribute("action", action);
model.addAttribute("ajaxRequest", AjaxUtils.isAjaxRequest(requestedWith));
mav.addObject("privKeyTypeList", PrivateKeyType.getPrivKeyTypeList());
mav.addObject("statusList", EntityStatus.getEntityStatusList());
}
return mav;
}
Also used :
PBEKeySpec(javax.crypto.spec.PBEKeySpec)
CertificateForm(org.nhindirect.config.ui.form.CertificateForm)
SimpleForm(org.nhindirect.config.ui.form.SimpleForm)
PrivateKey(java.security.PrivateKey)
KeySpec(java.security.spec.KeySpec)
PBEKeySpec(javax.crypto.spec.PBEKeySpec)
PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec)
ModelAndView(org.springframework.web.servlet.ModelAndView)
ArrayList(java.util.ArrayList)
SearchDomainForm(org.nhindirect.config.ui.form.SearchDomainForm)
MutableKeyStoreProtectionManager(org.nhindirect.common.crypto.MutableKeyStoreProtectionManager)
EntityStatus(org.nhindirect.config.model.EntityStatus)
SecretKeyFactory(javax.crypto.SecretKeyFactory)
KeyFactory(java.security.KeyFactory)
SecretKeyFactory(javax.crypto.SecretKeyFactory)
KeyStore(java.security.KeyStore)
ServiceException(org.nhindirect.common.rest.exceptions.ServiceException)
IOException(java.io.IOException)
CryptoException(org.nhindirect.common.crypto.exceptions.CryptoException)
X509Certificate(java.security.cert.X509Certificate)
PrivateKeyType(org.nhindirect.config.ui.util.PrivateKeyType)
ServiceException(org.nhindirect.common.rest.exceptions.ServiceException)
EncryptedPrivateKeyInfo(javax.crypto.EncryptedPrivateKeyInfo)
Cipher(javax.crypto.Cipher)
Key(java.security.Key)
PrivateKey(java.security.PrivateKey)
SecretKey(javax.crypto.SecretKey)
AlgorithmParameters(java.security.AlgorithmParameters)
X509Certificate(java.security.cert.X509Certificate)
Certificate(org.nhindirect.config.model.Certificate)
PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Example 10 with MutableKeyStoreProtectionManager
use of org.nhindirect.common.crypto.MutableKeyStoreProtectionManager in project nhin-d by DirectProject.
the class DNSController method navigate.
@PreAuthorize("hasRole('ROLE_ADMIN')")
@RequestMapping(value = "/navigate", method = RequestMethod.GET)
public ModelAndView navigate(@RequestHeader(value = "X-Requested-With", required = false) String requestedWith, HttpSession session, @ModelAttribute DNSEntryForm entryForm, Model model, @RequestParam(value = "submitType") String actionPath) {
if (log.isDebugEnabled())
log.debug("Enter: " + actionPath);
final ModelAndView mav = new ModelAndView();
if ("gotodomains".equalsIgnoreCase(actionPath) || "domains".equalsIgnoreCase(actionPath)) {
final SearchDomainForm form2 = (SearchDomainForm) session.getAttribute("searchDomainForm");
model.addAttribute(form2 != null ? form2 : new SearchDomainForm());
model.addAttribute("ajaxRequest", AjaxUtils.isAjaxRequest(requestedWith));
mav.setViewName("main");
mav.addObject("privKeyTypeList", PrivateKeyType.getPrivKeyTypeList());
mav.addObject("statusList", EntityStatus.getEntityStatusList());
} else if ("gotosettings".equalsIgnoreCase(actionPath) || "settings".equalsIgnoreCase(actionPath)) {
final String action = "add";
model.addAttribute("action", action);
mav.setViewName("settings");
mav.addObject("actionPath", actionPath);
SettingsForm form = (SettingsForm) session.getAttribute("settingsForm");
if (form == null) {
form = new SettingsForm();
}
model.addAttribute("settingsForm", form);
// retrieve list of settings for settingsResults
List<Setting> results = null;
if (settingsService != null) {
try {
final Collection<Setting> settings = settingsService.getSettings();
if (settings != null)
results = new ArrayList<Setting>(settings);
else
results = new ArrayList<Setting>();
} catch (ServiceException e) {
e.printStackTrace();
}
}
model.addAttribute("simpleForm", new SimpleForm());
model.addAttribute("settingsResults", results);
} else if (actionPath.equalsIgnoreCase("gotocertificates") || actionPath.equalsIgnoreCase("certificates")) {
final String action = "Update";
model.addAttribute("action", action);
mav.setViewName("certificates");
mav.addObject("actionPath", actionPath);
CertificateForm form = (CertificateForm) session.getAttribute("certificateForm");
if (form == null) {
form = new CertificateForm();
}
model.addAttribute("certificateForm", form);
// retrieve list of settings for settingsResults
List<Certificate> results = null;
if (certService != null) {
try {
final Collection<Certificate> certs = certService.getAllCertificates();
if (certs != null) {
if (this.keyManager != null && this.keyManager instanceof MutableKeyStoreProtectionManager) {
final KeyStore keyStore = ((MutableKeyStoreProtectionManager) keyManager).getKS();
// the key store manager to see if they have private keys
for (Certificate cert : certs) {
if (!cert.isPrivateKey()) {
try {
final X509Certificate checkCert = CertUtils.toX509Certificate(cert.getData());
final String alias = keyStore.getCertificateAlias(checkCert);
if (!StringUtils.isEmpty(alias)) {
// check if this entry has a private key associated with
// it
final PrivateKey privKey = (PrivateKey) keyStore.getKey(alias, "".toCharArray());
if (privKey != null)
cert.setPrivateKey(true);
}
} catch (Exception e) {
}
}
}
}
results = new ArrayList<Certificate>(certs);
} else
results = new ArrayList<Certificate>();
} catch (ServiceException e) {
e.printStackTrace();
}
}
model.addAttribute("simpleForm", new SimpleForm());
model.addAttribute("certificatesResults", results);
}
if (log.isDebugEnabled())
log.debug("Exit");
return mav;
}
Also used :
SimpleForm(org.nhindirect.config.ui.form.SimpleForm)
CertificateForm(org.nhindirect.config.ui.form.CertificateForm)
PrivateKey(java.security.PrivateKey)
Setting(org.nhindirect.config.model.Setting)
ModelAndView(org.springframework.web.servlet.ModelAndView)
ArrayList(java.util.ArrayList)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
CertificateEncodingException(javax.security.cert.CertificateEncodingException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
TextParseException(org.xbill.DNS.TextParseException)
ServiceException(org.nhindirect.common.rest.exceptions.ServiceException)
IOException(java.io.IOException)
ConfigurationServiceException(org.nhindirect.config.service.ConfigurationServiceException)
SearchDomainForm(org.nhindirect.config.ui.form.SearchDomainForm)
ServiceException(org.nhindirect.common.rest.exceptions.ServiceException)
ConfigurationServiceException(org.nhindirect.config.service.ConfigurationServiceException)
MutableKeyStoreProtectionManager(org.nhindirect.common.crypto.MutableKeyStoreProtectionManager)
SettingsForm(org.nhindirect.config.ui.form.SettingsForm)
Collection(java.util.Collection)
List(java.util.List)
ArrayList(java.util.ArrayList)
X509Certificate(java.security.cert.X509Certificate)
Certificate(org.nhindirect.config.model.Certificate)
PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Aggregations
MutableKeyStoreProtectionManager (org.nhindirect.common.crypto.MutableKeyStoreProtectionManager)11
KeyStore (java.security.KeyStore)7
PrivateKey (java.security.PrivateKey)7
X509Certificate (java.security.cert.X509Certificate)7
IOException (java.io.IOException)5
Key (java.security.Key)4
ArrayList (java.util.ArrayList)4
ServiceException (org.nhindirect.common.rest.exceptions.ServiceException)4
Certificate (org.nhindirect.config.model.Certificate)4
CertificateForm (org.nhindirect.config.ui.form.CertificateForm)4
PreAuthorize (org.springframework.security.access.prepost.PreAuthorize)4
RequestMapping (org.springframework.web.bind.annotation.RequestMapping)4
ModelAndView (org.springframework.web.servlet.ModelAndView)4
PKCS11Credential (org.nhindirect.common.crypto.PKCS11Credential)3
CryptoException (org.nhindirect.common.crypto.exceptions.CryptoException)3
BootstrappedPKCS11Credential (org.nhindirect.common.crypto.impl.BootstrappedPKCS11Credential)3
StaticPKCS11TokenKeyStoreProtectionManager (org.nhindirect.common.crypto.impl.StaticPKCS11TokenKeyStoreProtectionManager)3
SearchDomainForm (org.nhindirect.config.ui.form.SearchDomainForm)3
SimpleForm (org.nhindirect.config.ui.form.SimpleForm)3
NHINDException (org.nhindirect.stagent.NHINDException)3
