Search in sources :

Example 1 with PrivateKeyType

use of org.nhindirect.config.ui.util.PrivateKeyType in project nhin-d by DirectProject.

the class CertificatesController method addCertificate.

@PreAuthorize("hasRole('ROLE_ADMIN')")
@RequestMapping(value = "/addcertificate", method = RequestMethod.POST)
public ModelAndView addCertificate(@RequestHeader(value = "X-Requested-With", required = false) String requestedWith, HttpSession session, @ModelAttribute CertificateForm certificateForm, Model model, @RequestParam(value = "submitType") String actionPath) {
    final ModelAndView mav = new ModelAndView();
    String strid = "";
    //if (log.isDebugEnabled()) 
    log.error("Enter domain/addcertificate");
    if (actionPath.equalsIgnoreCase("cancel")) {
        if (log.isDebugEnabled())
            log.debug("trying to cancel from saveupdate");
        final SearchDomainForm form2 = (SearchDomainForm) session.getAttribute("searchDomainForm");
        model.addAttribute(form2 != null ? form2 : new SearchDomainForm());
        model.addAttribute("ajaxRequest", AjaxUtils.isAjaxRequest(requestedWith));
        mav.setViewName("main");
        mav.addObject("privKeyTypeList", PrivateKeyType.getPrivKeyTypeList());
        mav.addObject("statusList", EntityStatus.getEntityStatusList());
        return mav;
    }
    if (actionPath.equalsIgnoreCase("newcertificate") || actionPath.equalsIgnoreCase("add certificate")) {
        log.debug("Attempting to add certificate");
        if (this.keyManager == null)
            log.debug("Key manager is null");
        else
            log.debug("Key manager is non-null");
        strid = "" + certificateForm.getId();
        // insert the new address into the Domain list of Addresses
        final EntityStatus estatus = certificateForm.getStatus();
        if (log.isDebugEnabled())
            log.debug("beginning to evaluate filedata");
        try {
            model.addAttribute("certerror", false);
            model.addAttribute("passphraseError", false);
            if (!certificateForm.getFileData().isEmpty()) {
                final String passphrase = (certificateForm.getKeyPassphrase() == null) ? "" : certificateForm.getKeyPassphrase();
                PrivateKeyType privKeyType = PrivateKeyType.fromString(certificateForm.getPrivKeyType());
                if ((privKeyType == PrivateKeyType.PKCS8_PASSPHRASE || privKeyType == PrivateKeyType.PKCS_12_PASSPHRASE) && StringUtils.isEmpty(passphrase)) {
                    // can't move on if a passphrase is required and one is not supplied
                    model.addAttribute("passphraseError", true);
                } else {
                    byte[] certOrP12Bytes = certificateForm.getFileData().getBytes();
                    byte[] privateKeyBytes = null;
                    if (privKeyType == PrivateKeyType.PKCS_12_PASSPHRASE || privKeyType == PrivateKeyType.PKCS_12_UNPROTECTED) {
                        log.debug("Converting byte stream to cert container");
                        // there is a private key present.. normalized it to an unproted format
                        //if (cont.getKey() != null)
                        //{
                        log.debug("Private key exists; normalizing to non-protected p12 format.");
                        certOrP12Bytes = CertUtils.changePkcs12Protection(certOrP12Bytes, passphrase.toCharArray(), passphrase.toCharArray(), "".toCharArray(), "".toCharArray());
                    //}
                    } else if (privKeyType != PrivateKeyType.NONE) {
                        // there is a private key file associated with this request
                        privateKeyBytes = certificateForm.getPrivKeyData().getBytes();
                        // get the private key... it may be different formats, so be on the watch
                        if (privKeyType == PrivateKeyType.PKCS8_PASSPHRASE) {
                            // key
                            try {
                                final EncryptedPrivateKeyInfo encryptPKInfo = new EncryptedPrivateKeyInfo(privateKeyBytes);
                                final Cipher cipher = Cipher.getInstance(encryptPKInfo.getAlgName());
                                final PBEKeySpec pbeKeySpec = new PBEKeySpec(passphrase.toCharArray());
                                final SecretKeyFactory secFac = SecretKeyFactory.getInstance(encryptPKInfo.getAlgName());
                                final Key pbeKey = secFac.generateSecret(pbeKeySpec);
                                final AlgorithmParameters algParams = encryptPKInfo.getAlgParameters();
                                cipher.init(Cipher.DECRYPT_MODE, pbeKey, algParams);
                                final KeySpec pkcs8KeySpec = encryptPKInfo.getKeySpec(cipher);
                                final KeyFactory kf = KeyFactory.getInstance("RSA");
                                privateKeyBytes = kf.generatePrivate(pkcs8KeySpec).getEncoded();
                            } catch (Exception e) {
                                return mav;
                            }
                        }
                    }
                    String owner = "";
                    final String fileType = certificateForm.getFileData().getContentType();
                    if (!fileType.matches("application/x-x509-ca-cert") && !fileType.matches("application/octet-stream") && !fileType.matches("application/x-pkcs12")) {
                        model.addAttribute("certerror", true);
                    } else {
                        final Certificate cert = new Certificate();
                        // convert the cert and key to the proper storage format
                        cert.setData(toCertDataFormat(certOrP12Bytes, privateKeyBytes, privKeyType));
                        cert.setOwner(owner);
                        cert.setStatus(org.nhindirect.config.model.EntityStatus.valueOf(estatus.toString()));
                        final ArrayList<Certificate> certlist = new ArrayList<Certificate>();
                        certlist.add(cert);
                        log.debug("Adding certificate to config store.");
                        certService.addCertificate(cert);
                        log.debug("Certificate add SUCCESSFUL");
                    }
                }
            } else {
                if (log.isDebugEnabled())
                    log.debug("DO NOT store the certificate into database BECAUSE THERE IS NO FILE");
            }
        } catch (ServiceException ed) {
            log.error(ed);
        } catch (Exception e) {
            log.error(e);
            e.printStackTrace();
        }
        // certificate form and result
        try {
            final Collection<Certificate> certs = certService.getAllCertificates();
            if (this.keyManager != null && this.keyManager instanceof MutableKeyStoreProtectionManager) {
                final KeyStore keyStore = ((MutableKeyStoreProtectionManager) keyManager).getKS();
                // the key store manager to see if they have private keys
                for (Certificate cert : certs) {
                    if (!cert.isPrivateKey()) {
                        try {
                            final X509Certificate checkCert = CertUtils.toX509Certificate(cert.getData());
                            final String alias = keyStore.getCertificateAlias(checkCert);
                            if (!StringUtils.isEmpty(alias)) {
                                // check if this entry has a private key associated with
                                // it
                                final PrivateKey privKey = (PrivateKey) keyStore.getKey(alias, "".toCharArray());
                                if (privKey != null)
                                    cert.setPrivateKey(true);
                            }
                        } catch (Exception e) {
                        }
                    }
                }
            }
            model.addAttribute("certificatesResults", certs);
            final CertificateForm cform = new CertificateForm();
            cform.setId(0);
            model.addAttribute("certificateForm", cform);
        } catch (ServiceException e1) {
            e1.printStackTrace();
        }
        model.addAttribute("ajaxRequest", AjaxUtils.isAjaxRequest(requestedWith));
        final SimpleForm simple = new SimpleForm();
        simple.setId(Long.parseLong(strid));
        model.addAttribute("simpleForm", simple);
        mav.setViewName("certificates");
        // the Form's default button action
        final String action = "Update";
        model.addAttribute("action", action);
        model.addAttribute("ajaxRequest", AjaxUtils.isAjaxRequest(requestedWith));
        mav.addObject("privKeyTypeList", PrivateKeyType.getPrivKeyTypeList());
        mav.addObject("statusList", EntityStatus.getEntityStatusList());
    }
    return mav;
}
Also used : PBEKeySpec(javax.crypto.spec.PBEKeySpec) CertificateForm(org.nhindirect.config.ui.form.CertificateForm) SimpleForm(org.nhindirect.config.ui.form.SimpleForm) PrivateKey(java.security.PrivateKey) KeySpec(java.security.spec.KeySpec) PBEKeySpec(javax.crypto.spec.PBEKeySpec) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) ModelAndView(org.springframework.web.servlet.ModelAndView) ArrayList(java.util.ArrayList) SearchDomainForm(org.nhindirect.config.ui.form.SearchDomainForm) MutableKeyStoreProtectionManager(org.nhindirect.common.crypto.MutableKeyStoreProtectionManager) EntityStatus(org.nhindirect.config.model.EntityStatus) SecretKeyFactory(javax.crypto.SecretKeyFactory) KeyFactory(java.security.KeyFactory) SecretKeyFactory(javax.crypto.SecretKeyFactory) KeyStore(java.security.KeyStore) ServiceException(org.nhindirect.common.rest.exceptions.ServiceException) IOException(java.io.IOException) CryptoException(org.nhindirect.common.crypto.exceptions.CryptoException) X509Certificate(java.security.cert.X509Certificate) PrivateKeyType(org.nhindirect.config.ui.util.PrivateKeyType) ServiceException(org.nhindirect.common.rest.exceptions.ServiceException) EncryptedPrivateKeyInfo(javax.crypto.EncryptedPrivateKeyInfo) Cipher(javax.crypto.Cipher) Key(java.security.Key) PrivateKey(java.security.PrivateKey) SecretKey(javax.crypto.SecretKey) AlgorithmParameters(java.security.AlgorithmParameters) X509Certificate(java.security.cert.X509Certificate) Certificate(org.nhindirect.config.model.Certificate) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Aggregations

IOException (java.io.IOException)1 AlgorithmParameters (java.security.AlgorithmParameters)1 Key (java.security.Key)1 KeyFactory (java.security.KeyFactory)1 KeyStore (java.security.KeyStore)1 PrivateKey (java.security.PrivateKey)1 X509Certificate (java.security.cert.X509Certificate)1 KeySpec (java.security.spec.KeySpec)1 PKCS8EncodedKeySpec (java.security.spec.PKCS8EncodedKeySpec)1 ArrayList (java.util.ArrayList)1 Cipher (javax.crypto.Cipher)1 EncryptedPrivateKeyInfo (javax.crypto.EncryptedPrivateKeyInfo)1 SecretKey (javax.crypto.SecretKey)1 SecretKeyFactory (javax.crypto.SecretKeyFactory)1 PBEKeySpec (javax.crypto.spec.PBEKeySpec)1 MutableKeyStoreProtectionManager (org.nhindirect.common.crypto.MutableKeyStoreProtectionManager)1 CryptoException (org.nhindirect.common.crypto.exceptions.CryptoException)1 ServiceException (org.nhindirect.common.rest.exceptions.ServiceException)1 Certificate (org.nhindirect.config.model.Certificate)1 EntityStatus (org.nhindirect.config.model.EntityStatus)1