API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 18th, 2018
84
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Java 38.32 KB | None | 0 0
raw download clone embed print report
  1. package implementation;
  2.  
  3. import code.GuiException;
  4. import com.sun.corba.se.impl.orbutil.closure.Constant;
  5. import com.sun.org.apache.xpath.internal.operations.Bool;
  6. import com.sun.xml.internal.bind.v2.runtime.reflect.opt.Const;
  7. import gui.Constants;
  8. import gui.GuiInterfaceV3;
  9. import org.bouncycastle.asn1.*;
  10. import org.bouncycastle.asn1.cms.ContentInfo;
  11. import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
  12. import org.bouncycastle.asn1.pkcs.RSAPublicKey;
  13. import org.bouncycastle.asn1.pkcs.SignedData;
  14. import org.bouncycastle.asn1.x500.style.BCStrictStyle;
  15. import org.bouncycastle.asn1.x500.style.BCStyle;
  16. import org.bouncycastle.asn1.x500.style.IETFUtils;
  17. import org.bouncycastle.asn1.x509.*;
  18. import org.bouncycastle.asn1.x509.Extension;
  19. import org.bouncycastle.cert.CertIOException;
  20. import org.bouncycastle.cert.X509CertificateHolder;
  21. import org.bouncycastle.cert.X509ExtensionUtils;
  22. import org.bouncycastle.cert.X509v3CertificateBuilder;
  23. import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
  24. import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
  25. import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
  26. import org.bouncycastle.jcajce.provider.asymmetric.RSA;
  27. import org.bouncycastle.jce.provider.BouncyCastleProvider;
  28. import org.bouncycastle.openssl.PEMParser;
  29. import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
  30. import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
  31. import org.bouncycastle.operator.ContentSigner;
  32. import org.bouncycastle.operator.OperatorCreationException;
  33. import org.bouncycastle.operator.bc.BcSymmetricKeyUnwrapper;
  34. import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
  35. import org.bouncycastle.pkcs.PKCS10CertificationRequest;
  36. import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder;
  37. import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
  38. import org.bouncycastle.pqc.jcajce.provider.BouncyCastlePQCProvider;
  39. //import sun.security.x509.X500Name;
  40. import org.bouncycastle.util.io.pem.PemReader;
  41. import org.bouncycastle.x509.extension.X509ExtensionUtil;
  42. import x509.v3.CodeV3;
  43. import org.bouncycastle.asn1.x500.*;
  44. import x509.v3.GuiV3;
  45. import org.bouncycastle.asn1.x509.PolicyQualifierInfo;
  46.  
  47. import javax.security.auth.Subject;
  48. import java.io.*;
  49. import java.math.BigInteger;
  50. import java.security.*;
  51. import java.security.cert.*;
  52. import java.security.cert.Certificate;
  53. import java.security.interfaces.DSAPublicKey;
  54. import java.security.interfaces.ECPublicKey;
  55. import java.security.interfaces.RSAKey;
  56. import java.security.spec.ECGenParameterSpec;
  57. import java.text.ParseException;
  58. import java.text.SimpleDateFormat;
  59. import java.util.*;
  60.  
  61. public class MyCode extends CodeV3 {
  62.  
  63.  
  64.     private PKCS10CertificationRequest myRequest = null;
  65.     private KeyStore myKeystore;
  66.     private File myFile;
  67.     private static String myKeyStoreFileName;
  68.     private static String myPassword;
  69.     private static String myEntryPassword;
  70.     private static final String BASIC_CONSTRAINTS = "2.5.29.19";
  71.     private static final String CERTIFICATE_POLICY_OID = "2.5.29.32";
  72.     private static final int _BC = 8;
  73.     private static final int _KI = 0;
  74.     private static final int _SDA = 7;
  75.     private static Provider provider1;
  76.     private static Provider provider2;
  77.  
  78.  
  79.  
  80.     public MyCode(boolean[] algorithm_conf, boolean[] extensions_conf, boolean extensions_rules) throws GuiException {
  81.         super(algorithm_conf, extensions_conf, extensions_rules);
  82.     }
  83.  
  84.  
  85.     static {
  86.  
  87.         provider1 = new BouncyCastleProvider();
  88.         provider2 = new BouncyCastlePQCProvider();
  89.         Security.addProvider(provider1);
  90.         Security.addProvider(provider2);
  91.         myKeyStoreFileName = "test12.p12";
  92.         myPassword = "root";
  93.         myEntryPassword = "root";
  94.     }
  95.  
  96.     @Override
  97.     public Enumeration<String> loadLocalKeystore() {
  98.         Enumeration<String> aliases = null;
  99.  
  100.         try {
  101.             myKeystore = KeyStore.getInstance("PKCS12");
  102.         } catch (KeyStoreException e) {
  103.             e.printStackTrace();
  104.         }
  105.         myFile = new File(myKeyStoreFileName);
  106.         if(!myFile.exists()){
  107.  
  108.             try {
  109.                 myFile.createNewFile();// ovo mozda ne treba
  110.             } catch (IOException e) {
  111.                 e.printStackTrace();
  112.             }
  113.             try {
  114.                 myKeystore.load(null,null);
  115.                 myKeystore.store(new FileOutputStream(myKeyStoreFileName), myPassword.toCharArray());
  116.  
  117.             } catch (IOException | NoSuchAlgorithmException | CertificateException | KeyStoreException e) {
  118.                 e.printStackTrace();
  119.             }
  120.         }else{
  121.             FileInputStream fileInputStream = null;
  122.             try {
  123.                 fileInputStream = new FileInputStream(myKeyStoreFileName);
  124.                 myKeystore.load(fileInputStream, myPassword.toCharArray());
  125.                 aliases = myKeystore.aliases();
  126.                 if(!aliases.hasMoreElements())
  127.                     aliases = null;
  128.             } catch (Exception e) {
  129.                 e.printStackTrace();
  130.             }finally{
  131.                 if(fileInputStream!=null){
  132.                     try {
  133.                         fileInputStream.close();
  134.                     } catch (IOException e) {
  135.                         e.printStackTrace();
  136.                     }
  137.                 }
  138.             }
  139.         }
  140.         return aliases;
  141.     }
  142.  
  143.     @Override
  144.     public void resetLocalKeystore() {
  145.         if(myFile.exists())
  146.             myFile.delete();
  147.         try {
  148.             myKeystore = KeyStore.getInstance("PKCS12");
  149.             myKeystore.load(null,null);
  150.             myKeystore.store(new FileOutputStream(myKeyStoreFileName),myPassword.toCharArray());
  151.         } catch (NoSuchAlgorithmException | CertificateException | IOException | KeyStoreException e) {
  152.             e.printStackTrace();
  153.         }
  154.     }
  155.  
  156.     @Override
  157.     public int loadKeypair(String keypairName) {
  158.         int retVal = -1; // error return value
  159.  
  160.         try {
  161.             if(myKeystore.containsAlias(keypairName)){
  162.                 access.setVersion(Constants.V3);
  163.                 X509Certificate certificate =  (X509Certificate)myKeystore.getCertificate(keypairName);
  164.                 //basic constraints
  165.                 if(certificate.getBasicConstraints()!=-1){
  166.                     retVal = 2;
  167.                 }else{
  168.                     Certificate[] certChain = myKeystore.getCertificateChain(keypairName);
  169.                     if(certChain.length ==1)
  170.                         retVal = 0;
  171.                     else
  172.                         retVal = 1;
  173.                     certificate.verify(certificate.getPublicKey());
  174.                 }
  175.  
  176.                 do{
  177.                     System.out.println(certificate.getSigAlgName());
  178.  
  179.                 }while(false);
  180.  
  181.  
  182.                 do{
  183.                     System.out.println(certificate);
  184.                 }while(false);
  185.  
  186.                 X509CertificateHolder certificateHolder = new JcaX509CertificateHolder(certificate);
  187.  
  188.                 X500Name myIssuer = certificateHolder.getIssuer();
  189.                 if(myIssuer!=null){
  190.                     String issuer = myIssuer.toString();
  191.                     access.setIssuer(issuer);
  192.                     access.setIssuerSignatureAlgorithm(certificate.getSigAlgName());
  193.                 }
  194.  
  195.                 BigInteger serialNumber = certificateHolder.getSerialNumber();
  196.                 Date notBefore = certificateHolder.getNotBefore();
  197.                 Date notAfter = certificateHolder.getNotAfter();
  198.  
  199.                 access.setSerialNumber(serialNumber.toString());
  200.                 access.setNotAfter(notAfter);
  201.                 access.setNotBefore(notBefore);
  202.  
  203.  
  204.                 X500Name mySubject = certificateHolder.getSubject();
  205.                 ASN1Encodable asn1Encodable;
  206.                 //if(mySubject.getRDNs(BCStyle.C).length!=0){
  207.  
  208.                 // common name
  209.                 RDN commonName = mySubject.getRDNs(BCStyle.CN)[0];
  210.                 asn1Encodable = commonName.getFirst().getValue();
  211.                 access.setSubjectCommonName(IETFUtils.valueToString(asn1Encodable));
  212.  
  213.                 RDN organizationUnit = mySubject.getRDNs(BCStyle.OU)[0];
  214.                 asn1Encodable = organizationUnit.getFirst().getValue();
  215.                 access.setSubjectOrganizationUnit(IETFUtils.valueToString(asn1Encodable));
  216.  
  217.                 RDN organization = mySubject.getRDNs(BCStyle.O)[0];
  218.                 asn1Encodable = organization.getFirst().getValue();
  219.                 access.setSubjectOrganization(IETFUtils.valueToString(asn1Encodable));
  220.  
  221.                 RDN locality = mySubject.getRDNs(BCStyle.L)[0];
  222.                 asn1Encodable = locality.getFirst().getValue();
  223.                 access.setSubjectLocality(IETFUtils.valueToString(asn1Encodable));
  224.  
  225.                 RDN state = mySubject.getRDNs(BCStyle.ST)[0];
  226.                 asn1Encodable = state.getFirst().getValue();
  227.                 access.setSubjectState(IETFUtils.valueToString(asn1Encodable));
  228.  
  229.                 // check length ==0;
  230.                 RDN country = mySubject.getRDNs(BCStyle.C)[0];
  231.                 asn1Encodable = country.getFirst().getValue();
  232.                 access.setSubjectCountry(IETFUtils.valueToString(asn1Encodable));
  233.  
  234.                 //state length ==0
  235.  
  236.                 Set<String> critExtensions = certificate.getCriticalExtensionOIDs();
  237.  
  238.                 if(critExtensions.contains(Extension.certificatePolicies.toString()))
  239.                     access.setCritical(Constants.CP, true);
  240.                 if(critExtensions.contains(Extension.subjectDirectoryAttributes.toString()))
  241.                     access.setCritical(Constants.SDA, true);
  242.                 if(critExtensions.contains(Extension.basicConstraints.toString()))
  243.                     access.setCritical(Constants.BC, true);
  244.  
  245.                 String certificatePoliciesString = Extension.certificatePolicies.toString();
  246.                 //policies
  247.                 byte[] certificatePolicyNames = certificate.getExtensionValue(certificatePoliciesString);
  248.  
  249.                 if(certificatePolicyNames!=null){
  250.                     CertificatePolicies cp = CertificatePolicies.getInstance((X509ExtensionUtil.fromExtensionValue(certificatePolicyNames)));
  251.                     PolicyInformation[] pInfos = cp.getPolicyInformation();
  252.  
  253.                     for(int i =0;i<pInfos.length;i++){
  254.                         PolicyInformation pInfo = pInfos[i];
  255.                         ASN1Sequence asn = (ASN1Sequence)pInfo.getPolicyQualifiers().getObjectAt(0);
  256.                         String cpsUri = asn.getObjectAt(1).toString();
  257.                         access.setCpsUri(cpsUri);
  258.                         access.setAnyPolicy(true);
  259.                     }
  260.                 }
  261.  
  262.                 //sda
  263.                 byte[] sda = certificate.getExtensionValue(Extension.subjectDirectoryAttributes.toString());
  264.  
  265.                 if(sda!=null){
  266.                     SubjectDirectoryAttributes subDirAttr = SubjectDirectoryAttributes.getInstance(X509ExtensionUtil.fromExtensionValue(sda));
  267.                     Vector<Attribute> attrs;
  268.  
  269.                     attrs = subDirAttr.getAttributes();
  270.                     for (Attribute attr:attrs) {
  271.                         String sGender = BCStyle.GENDER.toString();
  272.                         String sPlaceOfBirth = BCStyle.PLACE_OF_BIRTH.toString();
  273.                         if(attr.getAttrType().toString().equals(BCStyle.GENDER.toString())){
  274.                             DERPrintableString gender = (DERPrintableString) attr.getAttrValues().getObjectAt(0);
  275.                             access.setGender(gender.getString());
  276.                         }else if(attr.getAttrType().toString().equals(BCStyle.PLACE_OF_BIRTH.toString())){
  277.                             DERPrintableString placeOfBirth = (DERPrintableString) attr.getAttrValues().getObjectAt(0);
  278.                             access.setSubjectDirectoryAttribute(Constants.POB,placeOfBirth.getString());
  279.                         }else if(attr.getAttrType().toString().equals(BCStyle.COUNTRY_OF_CITIZENSHIP.toString())){
  280.                             DERPrintableString countryName = (DERPrintableString) attr.getAttrValues().getObjectAt(0);
  281.                             access.setSubjectDirectoryAttribute(Constants.COC, countryName.getString());
  282.                         }else if(attr.getAttrType().toString().equals(BCStyle.DATE_OF_BIRTH.toString())){
  283.                             ASN1GeneralizedTime dateOfBirth = (ASN1GeneralizedTime)attr.getAttrValues().getObjectAt(0);
  284.                             SimpleDateFormat sDate = new SimpleDateFormat("yyyyMMdd");
  285.                             access.setDateOfBirth(sDate.format(dateOfBirth.getDate()));
  286.                         }
  287.                     }
  288.                 }
  289.             }
  290.         } catch (Exception e) {
  291.             retVal = 0;
  292.             e.printStackTrace();
  293.         }
  294.         return retVal;
  295.     }
  296.  
  297.     @Override
  298.     public boolean saveKeypair(String keyPairName) {// ovo napisi :D
  299.  
  300.         if(access.getVersion()!=Constants.V3){
  301.             GuiInterfaceV3.reportError("Incompatible version, choose v3");
  302.             return false;
  303.         }
  304.         try {
  305.             String myCountry = access.getSubjectCountry();
  306.             String myState = access.getSubjectState();
  307.             String myLocality = access.getSubjectLocality();
  308.             String myOrg = access.getSubjectOrganization();
  309.             String myOrgUnit = access.getSubjectOrganizationUnit();
  310.             String myCommonName = access.getSubjectCommonName();
  311.             Boolean emptyFields = myCountry.isEmpty() || myState.isEmpty() || myLocality.isEmpty() || myOrg.isEmpty() || myOrg.isEmpty() || myOrgUnit.isEmpty() || myCommonName.isEmpty();
  312.  
  313.             Date notBefore = access.getNotBefore();
  314.             Date notAfter = access.getNotAfter();
  315.             BigInteger serialNumber = new BigInteger(access.getSerialNumber());
  316.  
  317.  
  318.  
  319.  
  320.             if(emptyFields){
  321.                 GuiInterfaceV3.reportError("All subject fields must be filled");
  322.                 return false;
  323.             }
  324.             X500NameBuilder subjectInfo = new X500NameBuilder(BCStyle.INSTANCE);
  325.             subjectInfo.addRDN(BCStyle.C,myCountry);
  326.             subjectInfo.addRDN(BCStyle.ST,myState);
  327.             subjectInfo.addRDN(BCStyle.L,myLocality);
  328.             subjectInfo.addRDN(BCStyle.O,myOrg);
  329.             subjectInfo.addRDN(BCStyle.OU,myOrgUnit);
  330.             subjectInfo.addRDN(BCStyle.CN, myCommonName);
  331.  
  332.             X500Name mySubject = subjectInfo.build();
  333.             X500Name myIssuer = mySubject;
  334.  
  335.             String str = access.getPublicKeyECCurve();
  336.             ECGenParameterSpec gen = new ECGenParameterSpec(str);
  337.             KeyPairGenerator kpg;
  338.  
  339.  
  340.  
  341.  
  342.             kpg = KeyPairGenerator.getInstance("EC", provider1);
  343.             kpg.initialize(gen);
  344.             KeyPair keyPair = kpg.generateKeyPair();
  345.  
  346.             PublicKey publicKey = keyPair.getPublic();
  347.  
  348.             X509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(myIssuer,serialNumber,notBefore, notAfter,mySubject, publicKey);
  349.  
  350.  
  351.             if(access.isCritical(Constants.SDA)){// start funkcije **********************************
  352.                 GuiInterfaceV3.reportError("SDA cannot be critical");
  353.                 return false;
  354.             }
  355.  
  356.             Vector<Attribute> attrs = new Vector<Attribute>();
  357.  
  358.             String dateOfBirth = access.getDateOfBirth();
  359.             String placeOfBirth = access.getSubjectDirectoryAttribute(Constants.POB);
  360.             String country = access.getSubjectDirectoryAttribute(Constants.COC);
  361.             String gender = access.getGender();
  362.             Boolean emptyInfoFields = dateOfBirth.isEmpty() || placeOfBirth.isEmpty() || country.isEmpty() || gender.isEmpty();
  363.  
  364.             if(emptyInfoFields){
  365.                 GuiInterfaceV3.reportError("SDA attributes not filled");
  366.                 return false;
  367.             }
  368.             //add date of birth
  369.             SimpleDateFormat sdf = new SimpleDateFormat("yyyyMMdd");
  370.             Date date = sdf.parse(dateOfBirth);
  371.             attrs.add(new Attribute(BCStyle.DATE_OF_BIRTH, new DERSet(new DERGeneralizedTime(date))));
  372.  
  373.             //add place of birth
  374.             attrs.add(new Attribute(BCStyle.PLACE_OF_BIRTH, new DERSet(new DERPrintableString((placeOfBirth)))));
  375.  
  376.             //add country
  377.             attrs.add(new Attribute(BCStyle.COUNTRY_OF_CITIZENSHIP, new DERSet(new DERPrintableString(country))));
  378.  
  379.             //add gender
  380.             attrs.add(new Attribute(BCStyle.GENDER, new DERSet(new DERPrintableString(gender))));
  381.  
  382.             if(attrs!=null){// check if is empty?
  383.                 SubjectDirectoryAttributes sda = new SubjectDirectoryAttributes(attrs);
  384.                 certBuilder.addExtension(Extension.subjectDirectoryAttributes,access.isCritical(Constants.SDA),sda);
  385.             }
  386.  
  387.             //basic constraints
  388.             BasicConstraints basicConstraints;
  389.             if(access.isCA()){
  390.                 int len = Integer.parseInt(access.getPathLen());
  391.                 basicConstraints = new BasicConstraints(len);
  392.             }else
  393.                 basicConstraints = new BasicConstraints(false);
  394.             certBuilder.addExtension(Extension.basicConstraints, access.isCritical(Constants.BC), basicConstraints);
  395.  
  396.  
  397.  
  398.             String cpsUri = access.getCpsUri();
  399.             if(access.getAnyPolicy()){
  400.                 PolicyQualifierInfo info = new PolicyQualifierInfo(cpsUri);
  401.                 DERSequence derSeq = new DERSequence(info);
  402.  
  403.                 PolicyInformation pInfo = new PolicyInformation((PolicyQualifierId.id_qt_cps),derSeq);
  404.                 CertificatePolicies cPol = new CertificatePolicies(pInfo);
  405.                 certBuilder.addExtension(Extension.certificatePolicies, access.isCritical(Constants.CP), cPol);
  406.             }
  407.  
  408.             PrivateKey privateKey = keyPair.getPrivate();
  409.  
  410.             String publicAlgorithm = access.getPublicKeyDigestAlgorithm();
  411.             JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder(publicAlgorithm);
  412.             ContentSigner cSigner = signerBuilder.build(privateKey);
  413.  
  414.             X509CertificateHolder certHolder = certBuilder.build(cSigner);
  415.             X509Certificate cert = new JcaX509CertificateConverter().getCertificate(certHolder);
  416.  
  417.  
  418.             do{
  419.                 System.out.println(cert);
  420.                 for(int i = 0;i<-1;i++);
  421.             }while(false);
  422.             //chain
  423.  
  424.             File myFile = new File(myKeyStoreFileName);
  425.             FileOutputStream fos = new FileOutputStream(myFile);
  426.  
  427.  
  428.             X509Certificate[] certChain = new X509Certificate[]{cert};
  429.             myKeystore.setKeyEntry(keyPairName,privateKey, myPassword.toCharArray(),certChain);
  430.  
  431.  
  432.             myKeystore.store(fos, myPassword.toCharArray());
  433.             fos.close();
  434.             return true;
  435.  
  436.  
  437.         } catch (KeyStoreException | CertificateException | NoSuchAlgorithmException | ParseException | InvalidAlgorithmParameterException | IOException | OperatorCreationException e) {
  438.             e.printStackTrace();
  439.         }
  440.  
  441.         return false;
  442.     }
  443.  
  444.  
  445.  
  446.  
  447.     @Override
  448.     public boolean removeKeypair(String s) {
  449.  
  450.         try {
  451.             if(myKeystore.containsAlias(s)){
  452.                 myKeystore.deleteEntry(s);
  453.                 return true;
  454.             }
  455.         } catch (KeyStoreException e) {
  456.             e.printStackTrace();
  457.         }
  458.         return false;
  459.     }
  460.  
  461.     @Override
  462.     public boolean importKeypair(String keypairName, String file, String password) {
  463.  
  464.         try {
  465.             FileInputStream fis =  new FileInputStream(file);
  466.             KeyStore ks = KeyStore.getInstance("PKCS12");
  467.             ks.load(fis,password.toCharArray());
  468.  
  469.             Key key = ks.getKey(keypairName, password.toCharArray());
  470.             if(key instanceof PrivateKey){
  471.                 Certificate certificate = ks.getCertificate(keypairName);
  472.                 PublicKey publicKey = certificate.getPublicKey();
  473.                 KeyPair keyPair = new KeyPair(publicKey,(PrivateKey)key);
  474.  
  475.                 Certificate[] chain = ks.getCertificateChain(keypairName);
  476.                 myKeystore.setKeyEntry(keypairName, key, myEntryPassword.toCharArray(),chain);
  477.                 myKeystore.store(new FileOutputStream(myFile), myPassword.toCharArray());
  478.  
  479.                 return true;
  480.             }
  481.  
  482.         } catch (KeyStoreException | CertificateException | NoSuchAlgorithmException |  IOException | UnrecoverableKeyException  e) {
  483.             e.printStackTrace();
  484.         }
  485.  
  486.         return false;
  487.     }
  488.  
  489.     @Override
  490.     public boolean exportKeypair(String keypairName, String file, String password) {
  491.        KeyStore ks;
  492.        //if(file.contains(".p12"); file+=".p12";
  493.  
  494.         try {
  495.             ks = KeyStore.getInstance("PKCS12");
  496.             if(!new File(file).exists()){
  497.                 ks.load(null,null);
  498.  
  499.             }else
  500.                 ks.load(new FileInputStream(file), password.toCharArray());
  501.  
  502.             Key key = myKeystore.getKey(keypairName, myEntryPassword.toCharArray());
  503.             if(key instanceof PrivateKey){
  504.                 Certificate certificate = myKeystore.getCertificate(keypairName);
  505.                 PublicKey publicKey = certificate.getPublicKey();
  506.                 Certificate[] chain = myKeystore.getCertificateChain(keypairName);
  507.                 ks.setKeyEntry(keypairName, key, myEntryPassword.toCharArray(), chain);
  508.                 ks.store(new FileOutputStream(myFile), myPassword.toCharArray());
  509.                 return true;
  510.             }
  511.         } catch (KeyStoreException | CertificateException | NoSuchAlgorithmException | IOException | UnrecoverableKeyException e) {
  512.             e.printStackTrace();
  513.         }
  514.         return false;
  515.     }
  516.  
  517.     @Override
  518.     public boolean importCertificate(String filename, String keypairName) {
  519.         if(!new File(filename).exists()){
  520.             return false;
  521.         }
  522.         File file = new File(filename);
  523.         try {
  524.             BufferedInputStream bis = new BufferedInputStream(new FileInputStream(file));
  525.             CertificateFactory cf = CertificateFactory.getInstance("X.509");
  526.             while(bis.available()>0){
  527.                 Certificate certificate = cf.generateCertificate(bis);
  528.                 myKeystore.setCertificateEntry(keypairName,certificate);
  529.             }
  530.             myKeystore.store(new FileOutputStream(myFile), myPassword.toCharArray());
  531.  
  532.         } catch (CertificateException | KeyStoreException | NoSuchAlgorithmException | IOException e) {
  533.             e.printStackTrace();
  534.             return false;
  535.         }
  536.         return true;
  537.     }
  538.  
  539.     public Certificate findCertificate(String serial){
  540.  
  541.         try {
  542.             Enumeration<String> aliases = myKeystore.aliases();
  543.             while(aliases.hasMoreElements()){
  544.                 String alias = aliases.nextElement();
  545.                 X509Certificate certificate = (X509Certificate) myKeystore.getCertificate(alias);
  546.                 if(certificate.getSerialNumber().toString().compareTo(access.getSerialNumber()) == 0){
  547.                     return certificate;
  548.                 }
  549.             }
  550.         } catch (KeyStoreException e) {
  551.             e.printStackTrace();
  552.         }
  553.         return null;
  554.     }
  555.  
  556.     @Override
  557.     public boolean exportCertificate(String filename, String keypairName, int encoding, int format) {
  558.         Certificate[] chain = null;
  559.         X509Certificate certificate = null;
  560.  
  561.         try {
  562.             if(format == 0)
  563.                 certificate =  (X509Certificate) myKeystore.getCertificate(keypairName);
  564.             else
  565.                 chain = myKeystore.getCertificateChain(keypairName);
  566.  
  567.             if(encoding!=0){
  568.                 //PEM
  569.                 FileWriter fileWriter = new FileWriter(filename);
  570.                 JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(fileWriter);
  571.                 if(certificate!=null)
  572.                     jcaPEMWriter.writeObject(certificate);
  573.                 else
  574.                     for(int i = 0;i<chain.length;i++)
  575.                         jcaPEMWriter.writeObject(chain[i]);
  576.                 jcaPEMWriter.close();
  577.             }else{
  578.                 //DER
  579.                 File file = new File(filename);
  580.                 FileOutputStream fileOutputStream = new FileOutputStream(file);
  581.  
  582.                 if(certificate!=null)
  583.                     fileOutputStream.write(certificate.getEncoded());
  584.                 else
  585.                     for(int i = 0;i<chain.length;i++)
  586.                         fileOutputStream.write(chain[i].getEncoded());
  587.                 fileOutputStream.close();
  588.             }
  589.             return true;
  590.         } catch (Exception e) {
  591.             e.printStackTrace();
  592.             return false;
  593.         }
  594.     }
  595.  
  596.     @Override
  597.     public boolean exportCSR(String file, String keypairName, String algorithm) {
  598.         try {
  599.             X509Certificate certificate = (X509Certificate) myKeystore.getCertificate(keypairName);
  600.             X509CertificateHolder holder = new JcaX509CertificateHolder(certificate);
  601.             List<ASN1ObjectIdentifier> listOIds = holder.getExtensionOIDs();
  602.  
  603.             PublicKey publicKey = certificate.getPublicKey();
  604.             PrivateKey privateKey = (PrivateKey) myKeystore.getKey(file, myPassword.toCharArray());
  605.             X500Name subjectName = holder.getSubject();
  606.             PKCS10CertificationRequestBuilder requestBuilder = new JcaPKCS10CertificationRequestBuilder(subjectName,publicKey);
  607.  
  608.             ExtensionsGenerator eGen = new ExtensionsGenerator();
  609.             for(int i =0;i<listOIds.size();i++)
  610.                 eGen.addExtension(holder.getExtension(listOIds.get(i)));
  611.             /*
  612.             for (int i = 0; i < extensionOIDs.size(); i++) {
  613.                 ASN1ObjectIdentifier identifier = extensionOIDs.get(i);
  614.                 Extension extension = certificateHolder.getExtension(identifier);
  615.                 extGenerator.addExtension(extension);
  616.             }
  617.             */
  618.  
  619.             if(!eGen.isEmpty())
  620.                 requestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest,eGen.generate());
  621.  
  622.             JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder(algorithm);
  623.             ContentSigner contentSigner = signerBuilder.build(privateKey);
  624.             PKCS10CertificationRequest request = requestBuilder.build(contentSigner);
  625.  
  626.             FileWriter fw = new FileWriter(file);
  627.             JcaPEMWriter writer = new JcaPEMWriter(fw);
  628.             writer.writeObject(request);
  629.             writer.flush();
  630.             writer.close();
  631.             return true;
  632.         } catch (Exception e) {
  633.             e.printStackTrace();
  634.             return false;
  635.         }
  636.     }
  637.  
  638.     @Override
  639.     public String importCSR(String filename) {
  640.  
  641.         try{
  642.             PEMParser parser = new PEMParser(new PemReader(new FileReader(filename)));
  643.             Object object = parser.readObject();
  644.             parser.close();
  645.  
  646.             if(object instanceof PKCS10CertificationRequest) {
  647.                 myRequest = (PKCS10CertificationRequest) object;
  648.                 return myRequest.getSubject().toString() + ",SA=" + myRequest.getSignatureAlgorithm().toString();
  649.             }
  650.         } catch (Exception e) {
  651.             e.printStackTrace();
  652.             return null;
  653.         }
  654.         return null;
  655.     }
  656.  
  657.     @Override
  658.     public boolean signCSR(String filename, String keypairName, String algorithm) {
  659.         try {
  660.             X509Certificate certificate = (X509Certificate) myKeystore.getCertificate(keypairName);
  661.             X509CertificateHolder holder = new JcaX509CertificateHolder(certificate);
  662.  
  663.             if(access.getVersion()!=Constants.V3 || holder.getNotAfter().before(new Date())){
  664.                 GuiV3.reportError("Niste izabrali verziju 3 ili je istekao sertifikat");
  665.                 return false;
  666.             }
  667.             //basic constraints
  668.             byte[] basicConstraints1 = certificate.getExtensionValue(Extension.basicConstraints.toString());
  669.             BigInteger pathLen = BigInteger.valueOf(0);
  670.             if(basicConstraints1==null){
  671.                 GuiV3.reportError("Nije autoritet");
  672.                 return false;
  673.             }else
  674.                 pathLen = BasicConstraints.getInstance(X509ExtensionUtil.fromExtensionValue(basicConstraints1)).getPathLenConstraint();
  675.  
  676.             if(access.getPathLen().equals("")){
  677.                 if(access.isCA()){
  678.                     GuiV3.reportError("Path len polje prazno");
  679.                     return false;
  680.                 }
  681.             }else{
  682.                 if((new BigInteger(access.getPathLen())).compareTo(pathLen)==1){
  683.                     GuiV3.reportError("path len mora biti manji od path len issuer-a koji je "+ pathLen);
  684.                     return false;
  685.                 }
  686.             }
  687.             X500Name issuer = holder.getSubject();
  688.             BigInteger serialNumber = new BigInteger(access.getSerialNumber());
  689.             X500Name subjectName = myRequest.getSubject();
  690.             JcaPEMKeyConverter pemKeyConverter = new JcaPEMKeyConverter();
  691.             PublicKey publicKey = pemKeyConverter.getPublicKey(myRequest.getSubjectPublicKeyInfo());
  692.  
  693.             X509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(issuer, serialNumber, access.getNotBefore(), access.getNotAfter(), subjectName, publicKey);
  694.  
  695.             if(access.isCritical(Constants.SDA)){// start funkcije **********************************
  696.                 GuiInterfaceV3.reportError("SDA cannot be critical");
  697.                 return false;
  698.             }
  699.  
  700.             Vector<Attribute> attrs = new Vector<Attribute>();
  701.  
  702.             String dateOfBirth = access.getDateOfBirth();
  703.             String placeOfBirth = access.getSubjectDirectoryAttribute(Constants.POB);
  704.             String country = access.getSubjectDirectoryAttribute(Constants.COC);
  705.             String gender = access.getGender();
  706.             Boolean emptyInfoFields = dateOfBirth.isEmpty() || placeOfBirth.isEmpty() || country.isEmpty() || gender.isEmpty();
  707.  
  708.             if(emptyInfoFields){
  709.                 GuiInterfaceV3.reportError("SDA attributes not filled");
  710.                 return false;
  711.             }
  712.             //add date of birth
  713.             SimpleDateFormat sdf = new SimpleDateFormat("yyyyMMdd");
  714.             Date date = sdf.parse(dateOfBirth);
  715.             attrs.add(new Attribute(BCStyle.DATE_OF_BIRTH, new DERSet(new DERGeneralizedTime(date))));
  716.  
  717.             //add place of birth
  718.             attrs.add(new Attribute(BCStyle.PLACE_OF_BIRTH, new DERSet(new DERPrintableString((placeOfBirth)))));
  719.  
  720.             //add country
  721.             attrs.add(new Attribute(BCStyle.COUNTRY_OF_CITIZENSHIP, new DERSet(new DERPrintableString(country))));
  722.  
  723.             //add gender
  724.             attrs.add(new Attribute(BCStyle.GENDER, new DERSet(new DERPrintableString(gender))));
  725.  
  726.             if(attrs!=null){// check if is empty?
  727.                 SubjectDirectoryAttributes sda = new SubjectDirectoryAttributes(attrs);
  728.                 certBuilder.addExtension(Extension.subjectDirectoryAttributes,access.isCritical(Constants.SDA),sda);
  729.             }
  730.  
  731.             //basic constraints
  732.             BasicConstraints basicConstraints;
  733.             if(access.isCA()){
  734.                 int len = Integer.parseInt(access.getPathLen());
  735.                 basicConstraints = new BasicConstraints(len);
  736.             }else
  737.                 basicConstraints = new BasicConstraints(false);
  738.             certBuilder.addExtension(Extension.basicConstraints, access.isCritical(Constants.BC), basicConstraints);
  739.  
  740.  
  741.  
  742.             String cpsUri = access.getCpsUri();
  743.             if(access.getAnyPolicy()){
  744.                 PolicyQualifierInfo info = new PolicyQualifierInfo(cpsUri);
  745.                 DERSequence derSeq = new DERSequence(info);
  746.  
  747.                 PolicyInformation pInfo = new PolicyInformation((PolicyQualifierId.id_qt_cps),derSeq);
  748.                 CertificatePolicies cPol = new CertificatePolicies(pInfo);
  749.                 certBuilder.addExtension(Extension.certificatePolicies, access.isCritical(Constants.CP), cPol);
  750.             }
  751.  
  752.             PrivateKey privateKey = (PrivateKey) myKeystore.getKey(keypairName, myPassword.toCharArray());
  753.  
  754.             JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder(algorithm);
  755.             ContentSigner signer = signerBuilder.build(privateKey);
  756.  
  757.             X509CertificateHolder certificateHolder = certBuilder.build(signer);
  758.             X509Certificate newCertificate = new JcaX509CertificateConverter().getCertificate(certificateHolder);
  759.  
  760.             Certificate[] chain = myKeystore.getCertificateChain(keypairName);
  761.             Certificate[] newChain = new Certificate[chain.length+1];
  762.             chain[0] = newCertificate;
  763.  
  764.             int i = 0;
  765.             List<Certificate> certificateChain = new ArrayList<>();
  766.             while(i<chain.length){
  767.                 chain[i+1] = chain[i];
  768.                 i++;
  769.             }
  770.             i = 0;
  771.             while(i<chain.length){
  772.                 certificateChain.add(chain[i]);// *** izbaci print
  773.                 System.out.println(chain[i]);
  774.                 i++;
  775.             }
  776.             //export chain
  777.             CertificateFactory factory = CertificateFactory.getInstance("X.509", "BC");
  778.             CertPath certPath = factory.generateCertPath(certificateChain);
  779.  
  780.             FileOutputStream fos = new FileOutputStream(new File(filename));
  781.             fos.write(certPath.getEncoded("pkcs7"));
  782.             fos.close();
  783.             return true;
  784.         } catch (Exception e) {
  785.             e.printStackTrace();
  786.         }
  787.         return false;
  788.     }
  789.  
  790.     @Override
  791.     public boolean importCAReply(String filename, String keyPairName) {
  792.         try{
  793.             File file = new File(filename);
  794.             FileInputStream fis = new FileInputStream(new File(filename));
  795.             byte[] fileContent = new byte[(int)file.length()];
  796.             fis.read(fileContent);
  797.             fis.close();
  798.  
  799.             InputStream inputStream = new ByteArrayInputStream(fileContent);
  800.             ASN1InputStream asn1InputStream = new ASN1InputStream(inputStream);
  801.             ASN1Object object = asn1InputStream.readObject();
  802.             asn1InputStream.close();
  803.             inputStream.close();
  804.             ContentInfo contentInfo = ContentInfo.getInstance(object);
  805.  
  806.             List<Certificate> certificatesList = new ArrayList<>();
  807.             int size = 0;
  808.             SignedData signedData = SignedData.getInstance(contentInfo.getContent());
  809.             Enumeration<?> certificates = signedData.getCertificates().getObjects();
  810.  
  811.             CertificateFactory factory = CertificateFactory.getInstance("X.509", "BC");
  812.             Certificate[] chain = null;
  813.             while(certificates.hasMoreElements()){
  814.                 InputStream inputStream1 = new ByteArrayInputStream(((ASN1Object)certificates.nextElement()).getEncoded());
  815.                 Certificate cert = factory.generateCertificate(inputStream1);
  816.                 certificatesList.add(cert);
  817.                 ++size;
  818.                 System.out.println(size);
  819.             }
  820.             chain = new Certificate[size];
  821.             int i = 0;
  822.             while(i<size){
  823.                 chain[i] = certificatesList.get(i);
  824.                 System.out.println(chain[i]);
  825.                 ++i;
  826.             }
  827.             PrivateKey privateKey = (PrivateKey) myKeystore.getKey(keyPairName, myPassword.toCharArray());
  828.             myKeystore.setKeyEntry(keyPairName, privateKey, myPassword.toCharArray(), chain);
  829.  
  830.             myFile = new File(myKeyStoreFileName);
  831.             FileOutputStream fos = new FileOutputStream(myFile);
  832.             myKeystore.store(fos,myPassword.toCharArray());
  833.             fos.close();
  834.             return true;
  835.         }catch(Exception e){
  836.             e.printStackTrace();
  837.             return false;
  838.         }
  839.     }
  840.  
  841.     @Override
  842.     public boolean canSign(String keypairName) {
  843.         try{
  844.             X509Certificate certificate = (X509Certificate) myKeystore.getCertificate(keypairName);
  845.             byte[] basicConstraints = certificate.getExtensionValue(Extension.basicConstraints.toString());
  846.             if(basicConstraints==null){
  847.                 return false;
  848.             }else{
  849.                 BasicConstraints bc = BasicConstraints.getInstance(X509ExtensionUtil.fromExtensionValue(basicConstraints));
  850.                 if(bc.isCA())
  851.                     return true;
  852.                 else
  853.                     return false;
  854.             }
  855.         }catch(Exception e){
  856.             e.printStackTrace();
  857.             return false;
  858.         }
  859.     }
  860.  
  861.     @Override
  862.     public String getSubjectInfo(String keypairName) {
  863.         try{
  864.             X509Certificate cert = (X509Certificate) myKeystore.getCertificate(keypairName);
  865.             X509CertificateHolder holder = new JcaX509CertificateHolder(cert);
  866.             String subject = holder.getSubject().toString();
  867.             do{
  868.                 System.out.println(subject + ",SA=" + holder.getSignatureAlgorithm().toString());
  869.             }while(false);
  870.  
  871.             return subject + ",SA=" + holder.getSignatureAlgorithm().toString();
  872.  
  873.         } catch (Exception e) {
  874.             e.printStackTrace();
  875.             return null;
  876.         }
  877.     }
  878.  
  879.     @Override
  880.     public String getCertPublicKeyAlgorithm(String keypairName) {
  881.  
  882.         try{
  883.             X509Certificate certificate = (X509Certificate) myKeystore.getCertificate(keypairName);
  884.             return certificate.getPublicKey().getAlgorithm();
  885.         } catch (KeyStoreException e) {
  886.             e.printStackTrace();
  887.             return null;
  888.         }
  889.     }
  890.  
  891.     @Override
  892.     public String getCertPublicKeyParameter(String keypairName) {
  893.         try{
  894.             X509Certificate certificate = (X509Certificate) myKeystore.getCertificate(keypairName);
  895.             PublicKey publicKey = certificate.getPublicKey();
  896.             String result = null;
  897.             if(publicKey instanceof RSAPublicKey)
  898.                 result = Integer.toString(((RSAPublicKey) publicKey).getModulus().bitLength());
  899.  
  900.             if(publicKey instanceof DSAPublicKey)
  901.                 result = Integer.toString(((DSAPublicKey) publicKey).getParams().getP().bitLength());
  902.  
  903.             if(publicKey instanceof ECPublicKey)
  904.                 result = ((ECPublicKey) publicKey).getParams().getCurve().toString();
  905.  
  906.             System.out.println(result);
  907.             return result;
  908.         }catch(Exception e){
  909.             e.printStackTrace();
  910.             return null;
  911.         }
  912.     }
  913. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!