Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- package implementation;
- import code.GuiException;
- import com.sun.corba.se.impl.orbutil.closure.Constant;
- import com.sun.org.apache.xpath.internal.operations.Bool;
- import com.sun.xml.internal.bind.v2.runtime.reflect.opt.Const;
- import gui.Constants;
- import gui.GuiInterfaceV3;
- import org.bouncycastle.asn1.*;
- import org.bouncycastle.asn1.cms.ContentInfo;
- import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
- import org.bouncycastle.asn1.pkcs.RSAPublicKey;
- import org.bouncycastle.asn1.pkcs.SignedData;
- import org.bouncycastle.asn1.x500.style.BCStrictStyle;
- import org.bouncycastle.asn1.x500.style.BCStyle;
- import org.bouncycastle.asn1.x500.style.IETFUtils;
- import org.bouncycastle.asn1.x509.*;
- import org.bouncycastle.asn1.x509.Extension;
- import org.bouncycastle.cert.CertIOException;
- import org.bouncycastle.cert.X509CertificateHolder;
- import org.bouncycastle.cert.X509ExtensionUtils;
- import org.bouncycastle.cert.X509v3CertificateBuilder;
- import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
- import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
- import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
- import org.bouncycastle.jcajce.provider.asymmetric.RSA;
- import org.bouncycastle.jce.provider.BouncyCastleProvider;
- import org.bouncycastle.openssl.PEMParser;
- import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
- import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
- import org.bouncycastle.operator.ContentSigner;
- import org.bouncycastle.operator.OperatorCreationException;
- import org.bouncycastle.operator.bc.BcSymmetricKeyUnwrapper;
- import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
- import org.bouncycastle.pkcs.PKCS10CertificationRequest;
- import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder;
- import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
- import org.bouncycastle.pqc.jcajce.provider.BouncyCastlePQCProvider;
- //import sun.security.x509.X500Name;
- import org.bouncycastle.util.io.pem.PemReader;
- import org.bouncycastle.x509.extension.X509ExtensionUtil;
- import x509.v3.CodeV3;
- import org.bouncycastle.asn1.x500.*;
- import x509.v3.GuiV3;
- import org.bouncycastle.asn1.x509.PolicyQualifierInfo;
- import javax.security.auth.Subject;
- import java.io.*;
- import java.math.BigInteger;
- import java.security.*;
- import java.security.cert.*;
- import java.security.cert.Certificate;
- import java.security.interfaces.DSAPublicKey;
- import java.security.interfaces.ECPublicKey;
- import java.security.interfaces.RSAKey;
- import java.security.spec.ECGenParameterSpec;
- import java.text.ParseException;
- import java.text.SimpleDateFormat;
- import java.util.*;
- public class MyCode extends CodeV3 {
- private PKCS10CertificationRequest myRequest = null;
- private KeyStore myKeystore;
- private File myFile;
- private static String myKeyStoreFileName;
- private static String myPassword;
- private static String myEntryPassword;
- private static final String BASIC_CONSTRAINTS = "2.5.29.19";
- private static final String CERTIFICATE_POLICY_OID = "2.5.29.32";
- private static final int _BC = 8;
- private static final int _KI = 0;
- private static final int _SDA = 7;
- private static Provider provider1;
- private static Provider provider2;
- public MyCode(boolean[] algorithm_conf, boolean[] extensions_conf, boolean extensions_rules) throws GuiException {
- super(algorithm_conf, extensions_conf, extensions_rules);
- }
- static {
- provider1 = new BouncyCastleProvider();
- provider2 = new BouncyCastlePQCProvider();
- Security.addProvider(provider1);
- Security.addProvider(provider2);
- myKeyStoreFileName = "test12.p12";
- myPassword = "root";
- myEntryPassword = "root";
- }
- @Override
- public Enumeration<String> loadLocalKeystore() {
- Enumeration<String> aliases = null;
- try {
- myKeystore = KeyStore.getInstance("PKCS12");
- } catch (KeyStoreException e) {
- e.printStackTrace();
- }
- myFile = new File(myKeyStoreFileName);
- if(!myFile.exists()){
- try {
- myFile.createNewFile();// ovo mozda ne treba
- } catch (IOException e) {
- e.printStackTrace();
- }
- try {
- myKeystore.load(null,null);
- myKeystore.store(new FileOutputStream(myKeyStoreFileName), myPassword.toCharArray());
- } catch (IOException | NoSuchAlgorithmException | CertificateException | KeyStoreException e) {
- e.printStackTrace();
- }
- }else{
- FileInputStream fileInputStream = null;
- try {
- fileInputStream = new FileInputStream(myKeyStoreFileName);
- myKeystore.load(fileInputStream, myPassword.toCharArray());
- aliases = myKeystore.aliases();
- if(!aliases.hasMoreElements())
- aliases = null;
- } catch (Exception e) {
- e.printStackTrace();
- }finally{
- if(fileInputStream!=null){
- try {
- fileInputStream.close();
- } catch (IOException e) {
- e.printStackTrace();
- }
- }
- }
- }
- return aliases;
- }
- @Override
- public void resetLocalKeystore() {
- if(myFile.exists())
- myFile.delete();
- try {
- myKeystore = KeyStore.getInstance("PKCS12");
- myKeystore.load(null,null);
- myKeystore.store(new FileOutputStream(myKeyStoreFileName),myPassword.toCharArray());
- } catch (NoSuchAlgorithmException | CertificateException | IOException | KeyStoreException e) {
- e.printStackTrace();
- }
- }
- @Override
- public int loadKeypair(String keypairName) {
- int retVal = -1; // error return value
- try {
- if(myKeystore.containsAlias(keypairName)){
- access.setVersion(Constants.V3);
- X509Certificate certificate = (X509Certificate)myKeystore.getCertificate(keypairName);
- //basic constraints
- if(certificate.getBasicConstraints()!=-1){
- retVal = 2;
- }else{
- Certificate[] certChain = myKeystore.getCertificateChain(keypairName);
- if(certChain.length ==1)
- retVal = 0;
- else
- retVal = 1;
- certificate.verify(certificate.getPublicKey());
- }
- do{
- System.out.println(certificate.getSigAlgName());
- }while(false);
- do{
- System.out.println(certificate);
- }while(false);
- X509CertificateHolder certificateHolder = new JcaX509CertificateHolder(certificate);
- X500Name myIssuer = certificateHolder.getIssuer();
- if(myIssuer!=null){
- String issuer = myIssuer.toString();
- access.setIssuer(issuer);
- access.setIssuerSignatureAlgorithm(certificate.getSigAlgName());
- }
- BigInteger serialNumber = certificateHolder.getSerialNumber();
- Date notBefore = certificateHolder.getNotBefore();
- Date notAfter = certificateHolder.getNotAfter();
- access.setSerialNumber(serialNumber.toString());
- access.setNotAfter(notAfter);
- access.setNotBefore(notBefore);
- X500Name mySubject = certificateHolder.getSubject();
- ASN1Encodable asn1Encodable;
- //if(mySubject.getRDNs(BCStyle.C).length!=0){
- // common name
- RDN commonName = mySubject.getRDNs(BCStyle.CN)[0];
- asn1Encodable = commonName.getFirst().getValue();
- access.setSubjectCommonName(IETFUtils.valueToString(asn1Encodable));
- RDN organizationUnit = mySubject.getRDNs(BCStyle.OU)[0];
- asn1Encodable = organizationUnit.getFirst().getValue();
- access.setSubjectOrganizationUnit(IETFUtils.valueToString(asn1Encodable));
- RDN organization = mySubject.getRDNs(BCStyle.O)[0];
- asn1Encodable = organization.getFirst().getValue();
- access.setSubjectOrganization(IETFUtils.valueToString(asn1Encodable));
- RDN locality = mySubject.getRDNs(BCStyle.L)[0];
- asn1Encodable = locality.getFirst().getValue();
- access.setSubjectLocality(IETFUtils.valueToString(asn1Encodable));
- RDN state = mySubject.getRDNs(BCStyle.ST)[0];
- asn1Encodable = state.getFirst().getValue();
- access.setSubjectState(IETFUtils.valueToString(asn1Encodable));
- // check length ==0;
- RDN country = mySubject.getRDNs(BCStyle.C)[0];
- asn1Encodable = country.getFirst().getValue();
- access.setSubjectCountry(IETFUtils.valueToString(asn1Encodable));
- //state length ==0
- Set<String> critExtensions = certificate.getCriticalExtensionOIDs();
- if(critExtensions.contains(Extension.certificatePolicies.toString()))
- access.setCritical(Constants.CP, true);
- if(critExtensions.contains(Extension.subjectDirectoryAttributes.toString()))
- access.setCritical(Constants.SDA, true);
- if(critExtensions.contains(Extension.basicConstraints.toString()))
- access.setCritical(Constants.BC, true);
- String certificatePoliciesString = Extension.certificatePolicies.toString();
- //policies
- byte[] certificatePolicyNames = certificate.getExtensionValue(certificatePoliciesString);
- if(certificatePolicyNames!=null){
- CertificatePolicies cp = CertificatePolicies.getInstance((X509ExtensionUtil.fromExtensionValue(certificatePolicyNames)));
- PolicyInformation[] pInfos = cp.getPolicyInformation();
- for(int i =0;i<pInfos.length;i++){
- PolicyInformation pInfo = pInfos[i];
- ASN1Sequence asn = (ASN1Sequence)pInfo.getPolicyQualifiers().getObjectAt(0);
- String cpsUri = asn.getObjectAt(1).toString();
- access.setCpsUri(cpsUri);
- access.setAnyPolicy(true);
- }
- }
- //sda
- byte[] sda = certificate.getExtensionValue(Extension.subjectDirectoryAttributes.toString());
- if(sda!=null){
- SubjectDirectoryAttributes subDirAttr = SubjectDirectoryAttributes.getInstance(X509ExtensionUtil.fromExtensionValue(sda));
- Vector<Attribute> attrs;
- attrs = subDirAttr.getAttributes();
- for (Attribute attr:attrs) {
- String sGender = BCStyle.GENDER.toString();
- String sPlaceOfBirth = BCStyle.PLACE_OF_BIRTH.toString();
- if(attr.getAttrType().toString().equals(BCStyle.GENDER.toString())){
- DERPrintableString gender = (DERPrintableString) attr.getAttrValues().getObjectAt(0);
- access.setGender(gender.getString());
- }else if(attr.getAttrType().toString().equals(BCStyle.PLACE_OF_BIRTH.toString())){
- DERPrintableString placeOfBirth = (DERPrintableString) attr.getAttrValues().getObjectAt(0);
- access.setSubjectDirectoryAttribute(Constants.POB,placeOfBirth.getString());
- }else if(attr.getAttrType().toString().equals(BCStyle.COUNTRY_OF_CITIZENSHIP.toString())){
- DERPrintableString countryName = (DERPrintableString) attr.getAttrValues().getObjectAt(0);
- access.setSubjectDirectoryAttribute(Constants.COC, countryName.getString());
- }else if(attr.getAttrType().toString().equals(BCStyle.DATE_OF_BIRTH.toString())){
- ASN1GeneralizedTime dateOfBirth = (ASN1GeneralizedTime)attr.getAttrValues().getObjectAt(0);
- SimpleDateFormat sDate = new SimpleDateFormat("yyyyMMdd");
- access.setDateOfBirth(sDate.format(dateOfBirth.getDate()));
- }
- }
- }
- }
- } catch (Exception e) {
- retVal = 0;
- e.printStackTrace();
- }
- return retVal;
- }
- @Override
- public boolean saveKeypair(String keyPairName) {// ovo napisi :D
- if(access.getVersion()!=Constants.V3){
- GuiInterfaceV3.reportError("Incompatible version, choose v3");
- return false;
- }
- try {
- String myCountry = access.getSubjectCountry();
- String myState = access.getSubjectState();
- String myLocality = access.getSubjectLocality();
- String myOrg = access.getSubjectOrganization();
- String myOrgUnit = access.getSubjectOrganizationUnit();
- String myCommonName = access.getSubjectCommonName();
- Boolean emptyFields = myCountry.isEmpty() || myState.isEmpty() || myLocality.isEmpty() || myOrg.isEmpty() || myOrg.isEmpty() || myOrgUnit.isEmpty() || myCommonName.isEmpty();
- Date notBefore = access.getNotBefore();
- Date notAfter = access.getNotAfter();
- BigInteger serialNumber = new BigInteger(access.getSerialNumber());
- if(emptyFields){
- GuiInterfaceV3.reportError("All subject fields must be filled");
- return false;
- }
- X500NameBuilder subjectInfo = new X500NameBuilder(BCStyle.INSTANCE);
- subjectInfo.addRDN(BCStyle.C,myCountry);
- subjectInfo.addRDN(BCStyle.ST,myState);
- subjectInfo.addRDN(BCStyle.L,myLocality);
- subjectInfo.addRDN(BCStyle.O,myOrg);
- subjectInfo.addRDN(BCStyle.OU,myOrgUnit);
- subjectInfo.addRDN(BCStyle.CN, myCommonName);
- X500Name mySubject = subjectInfo.build();
- X500Name myIssuer = mySubject;
- String str = access.getPublicKeyECCurve();
- ECGenParameterSpec gen = new ECGenParameterSpec(str);
- KeyPairGenerator kpg;
- kpg = KeyPairGenerator.getInstance("EC", provider1);
- kpg.initialize(gen);
- KeyPair keyPair = kpg.generateKeyPair();
- PublicKey publicKey = keyPair.getPublic();
- X509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(myIssuer,serialNumber,notBefore, notAfter,mySubject, publicKey);
- if(access.isCritical(Constants.SDA)){// start funkcije **********************************
- GuiInterfaceV3.reportError("SDA cannot be critical");
- return false;
- }
- Vector<Attribute> attrs = new Vector<Attribute>();
- String dateOfBirth = access.getDateOfBirth();
- String placeOfBirth = access.getSubjectDirectoryAttribute(Constants.POB);
- String country = access.getSubjectDirectoryAttribute(Constants.COC);
- String gender = access.getGender();
- Boolean emptyInfoFields = dateOfBirth.isEmpty() || placeOfBirth.isEmpty() || country.isEmpty() || gender.isEmpty();
- if(emptyInfoFields){
- GuiInterfaceV3.reportError("SDA attributes not filled");
- return false;
- }
- //add date of birth
- SimpleDateFormat sdf = new SimpleDateFormat("yyyyMMdd");
- Date date = sdf.parse(dateOfBirth);
- attrs.add(new Attribute(BCStyle.DATE_OF_BIRTH, new DERSet(new DERGeneralizedTime(date))));
- //add place of birth
- attrs.add(new Attribute(BCStyle.PLACE_OF_BIRTH, new DERSet(new DERPrintableString((placeOfBirth)))));
- //add country
- attrs.add(new Attribute(BCStyle.COUNTRY_OF_CITIZENSHIP, new DERSet(new DERPrintableString(country))));
- //add gender
- attrs.add(new Attribute(BCStyle.GENDER, new DERSet(new DERPrintableString(gender))));
- if(attrs!=null){// check if is empty?
- SubjectDirectoryAttributes sda = new SubjectDirectoryAttributes(attrs);
- certBuilder.addExtension(Extension.subjectDirectoryAttributes,access.isCritical(Constants.SDA),sda);
- }
- //basic constraints
- BasicConstraints basicConstraints;
- if(access.isCA()){
- int len = Integer.parseInt(access.getPathLen());
- basicConstraints = new BasicConstraints(len);
- }else
- basicConstraints = new BasicConstraints(false);
- certBuilder.addExtension(Extension.basicConstraints, access.isCritical(Constants.BC), basicConstraints);
- String cpsUri = access.getCpsUri();
- if(access.getAnyPolicy()){
- PolicyQualifierInfo info = new PolicyQualifierInfo(cpsUri);
- DERSequence derSeq = new DERSequence(info);
- PolicyInformation pInfo = new PolicyInformation((PolicyQualifierId.id_qt_cps),derSeq);
- CertificatePolicies cPol = new CertificatePolicies(pInfo);
- certBuilder.addExtension(Extension.certificatePolicies, access.isCritical(Constants.CP), cPol);
- }
- PrivateKey privateKey = keyPair.getPrivate();
- String publicAlgorithm = access.getPublicKeyDigestAlgorithm();
- JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder(publicAlgorithm);
- ContentSigner cSigner = signerBuilder.build(privateKey);
- X509CertificateHolder certHolder = certBuilder.build(cSigner);
- X509Certificate cert = new JcaX509CertificateConverter().getCertificate(certHolder);
- do{
- System.out.println(cert);
- for(int i = 0;i<-1;i++);
- }while(false);
- //chain
- File myFile = new File(myKeyStoreFileName);
- FileOutputStream fos = new FileOutputStream(myFile);
- X509Certificate[] certChain = new X509Certificate[]{cert};
- myKeystore.setKeyEntry(keyPairName,privateKey, myPassword.toCharArray(),certChain);
- myKeystore.store(fos, myPassword.toCharArray());
- fos.close();
- return true;
- } catch (KeyStoreException | CertificateException | NoSuchAlgorithmException | ParseException | InvalidAlgorithmParameterException | IOException | OperatorCreationException e) {
- e.printStackTrace();
- }
- return false;
- }
- @Override
- public boolean removeKeypair(String s) {
- try {
- if(myKeystore.containsAlias(s)){
- myKeystore.deleteEntry(s);
- return true;
- }
- } catch (KeyStoreException e) {
- e.printStackTrace();
- }
- return false;
- }
- @Override
- public boolean importKeypair(String keypairName, String file, String password) {
- try {
- FileInputStream fis = new FileInputStream(file);
- KeyStore ks = KeyStore.getInstance("PKCS12");
- ks.load(fis,password.toCharArray());
- Key key = ks.getKey(keypairName, password.toCharArray());
- if(key instanceof PrivateKey){
- Certificate certificate = ks.getCertificate(keypairName);
- PublicKey publicKey = certificate.getPublicKey();
- KeyPair keyPair = new KeyPair(publicKey,(PrivateKey)key);
- Certificate[] chain = ks.getCertificateChain(keypairName);
- myKeystore.setKeyEntry(keypairName, key, myEntryPassword.toCharArray(),chain);
- myKeystore.store(new FileOutputStream(myFile), myPassword.toCharArray());
- return true;
- }
- } catch (KeyStoreException | CertificateException | NoSuchAlgorithmException | IOException | UnrecoverableKeyException e) {
- e.printStackTrace();
- }
- return false;
- }
- @Override
- public boolean exportKeypair(String keypairName, String file, String password) {
- KeyStore ks;
- //if(file.contains(".p12"); file+=".p12";
- try {
- ks = KeyStore.getInstance("PKCS12");
- if(!new File(file).exists()){
- ks.load(null,null);
- }else
- ks.load(new FileInputStream(file), password.toCharArray());
- Key key = myKeystore.getKey(keypairName, myEntryPassword.toCharArray());
- if(key instanceof PrivateKey){
- Certificate certificate = myKeystore.getCertificate(keypairName);
- PublicKey publicKey = certificate.getPublicKey();
- Certificate[] chain = myKeystore.getCertificateChain(keypairName);
- ks.setKeyEntry(keypairName, key, myEntryPassword.toCharArray(), chain);
- ks.store(new FileOutputStream(myFile), myPassword.toCharArray());
- return true;
- }
- } catch (KeyStoreException | CertificateException | NoSuchAlgorithmException | IOException | UnrecoverableKeyException e) {
- e.printStackTrace();
- }
- return false;
- }
- @Override
- public boolean importCertificate(String filename, String keypairName) {
- if(!new File(filename).exists()){
- return false;
- }
- File file = new File(filename);
- try {
- BufferedInputStream bis = new BufferedInputStream(new FileInputStream(file));
- CertificateFactory cf = CertificateFactory.getInstance("X.509");
- while(bis.available()>0){
- Certificate certificate = cf.generateCertificate(bis);
- myKeystore.setCertificateEntry(keypairName,certificate);
- }
- myKeystore.store(new FileOutputStream(myFile), myPassword.toCharArray());
- } catch (CertificateException | KeyStoreException | NoSuchAlgorithmException | IOException e) {
- e.printStackTrace();
- return false;
- }
- return true;
- }
- public Certificate findCertificate(String serial){
- try {
- Enumeration<String> aliases = myKeystore.aliases();
- while(aliases.hasMoreElements()){
- String alias = aliases.nextElement();
- X509Certificate certificate = (X509Certificate) myKeystore.getCertificate(alias);
- if(certificate.getSerialNumber().toString().compareTo(access.getSerialNumber()) == 0){
- return certificate;
- }
- }
- } catch (KeyStoreException e) {
- e.printStackTrace();
- }
- return null;
- }
- @Override
- public boolean exportCertificate(String filename, String keypairName, int encoding, int format) {
- Certificate[] chain = null;
- X509Certificate certificate = null;
- try {
- if(format == 0)
- certificate = (X509Certificate) myKeystore.getCertificate(keypairName);
- else
- chain = myKeystore.getCertificateChain(keypairName);
- if(encoding!=0){
- //PEM
- FileWriter fileWriter = new FileWriter(filename);
- JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(fileWriter);
- if(certificate!=null)
- jcaPEMWriter.writeObject(certificate);
- else
- for(int i = 0;i<chain.length;i++)
- jcaPEMWriter.writeObject(chain[i]);
- jcaPEMWriter.close();
- }else{
- //DER
- File file = new File(filename);
- FileOutputStream fileOutputStream = new FileOutputStream(file);
- if(certificate!=null)
- fileOutputStream.write(certificate.getEncoded());
- else
- for(int i = 0;i<chain.length;i++)
- fileOutputStream.write(chain[i].getEncoded());
- fileOutputStream.close();
- }
- return true;
- } catch (Exception e) {
- e.printStackTrace();
- return false;
- }
- }
- @Override
- public boolean exportCSR(String file, String keypairName, String algorithm) {
- try {
- X509Certificate certificate = (X509Certificate) myKeystore.getCertificate(keypairName);
- X509CertificateHolder holder = new JcaX509CertificateHolder(certificate);
- List<ASN1ObjectIdentifier> listOIds = holder.getExtensionOIDs();
- PublicKey publicKey = certificate.getPublicKey();
- PrivateKey privateKey = (PrivateKey) myKeystore.getKey(file, myPassword.toCharArray());
- X500Name subjectName = holder.getSubject();
- PKCS10CertificationRequestBuilder requestBuilder = new JcaPKCS10CertificationRequestBuilder(subjectName,publicKey);
- ExtensionsGenerator eGen = new ExtensionsGenerator();
- for(int i =0;i<listOIds.size();i++)
- eGen.addExtension(holder.getExtension(listOIds.get(i)));
- /*
- for (int i = 0; i < extensionOIDs.size(); i++) {
- ASN1ObjectIdentifier identifier = extensionOIDs.get(i);
- Extension extension = certificateHolder.getExtension(identifier);
- extGenerator.addExtension(extension);
- }
- */
- if(!eGen.isEmpty())
- requestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest,eGen.generate());
- JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder(algorithm);
- ContentSigner contentSigner = signerBuilder.build(privateKey);
- PKCS10CertificationRequest request = requestBuilder.build(contentSigner);
- FileWriter fw = new FileWriter(file);
- JcaPEMWriter writer = new JcaPEMWriter(fw);
- writer.writeObject(request);
- writer.flush();
- writer.close();
- return true;
- } catch (Exception e) {
- e.printStackTrace();
- return false;
- }
- }
- @Override
- public String importCSR(String filename) {
- try{
- PEMParser parser = new PEMParser(new PemReader(new FileReader(filename)));
- Object object = parser.readObject();
- parser.close();
- if(object instanceof PKCS10CertificationRequest) {
- myRequest = (PKCS10CertificationRequest) object;
- return myRequest.getSubject().toString() + ",SA=" + myRequest.getSignatureAlgorithm().toString();
- }
- } catch (Exception e) {
- e.printStackTrace();
- return null;
- }
- return null;
- }
- @Override
- public boolean signCSR(String filename, String keypairName, String algorithm) {
- try {
- X509Certificate certificate = (X509Certificate) myKeystore.getCertificate(keypairName);
- X509CertificateHolder holder = new JcaX509CertificateHolder(certificate);
- if(access.getVersion()!=Constants.V3 || holder.getNotAfter().before(new Date())){
- GuiV3.reportError("Niste izabrali verziju 3 ili je istekao sertifikat");
- return false;
- }
- //basic constraints
- byte[] basicConstraints1 = certificate.getExtensionValue(Extension.basicConstraints.toString());
- BigInteger pathLen = BigInteger.valueOf(0);
- if(basicConstraints1==null){
- GuiV3.reportError("Nije autoritet");
- return false;
- }else
- pathLen = BasicConstraints.getInstance(X509ExtensionUtil.fromExtensionValue(basicConstraints1)).getPathLenConstraint();
- if(access.getPathLen().equals("")){
- if(access.isCA()){
- GuiV3.reportError("Path len polje prazno");
- return false;
- }
- }else{
- if((new BigInteger(access.getPathLen())).compareTo(pathLen)==1){
- GuiV3.reportError("path len mora biti manji od path len issuer-a koji je "+ pathLen);
- return false;
- }
- }
- X500Name issuer = holder.getSubject();
- BigInteger serialNumber = new BigInteger(access.getSerialNumber());
- X500Name subjectName = myRequest.getSubject();
- JcaPEMKeyConverter pemKeyConverter = new JcaPEMKeyConverter();
- PublicKey publicKey = pemKeyConverter.getPublicKey(myRequest.getSubjectPublicKeyInfo());
- X509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(issuer, serialNumber, access.getNotBefore(), access.getNotAfter(), subjectName, publicKey);
- if(access.isCritical(Constants.SDA)){// start funkcije **********************************
- GuiInterfaceV3.reportError("SDA cannot be critical");
- return false;
- }
- Vector<Attribute> attrs = new Vector<Attribute>();
- String dateOfBirth = access.getDateOfBirth();
- String placeOfBirth = access.getSubjectDirectoryAttribute(Constants.POB);
- String country = access.getSubjectDirectoryAttribute(Constants.COC);
- String gender = access.getGender();
- Boolean emptyInfoFields = dateOfBirth.isEmpty() || placeOfBirth.isEmpty() || country.isEmpty() || gender.isEmpty();
- if(emptyInfoFields){
- GuiInterfaceV3.reportError("SDA attributes not filled");
- return false;
- }
- //add date of birth
- SimpleDateFormat sdf = new SimpleDateFormat("yyyyMMdd");
- Date date = sdf.parse(dateOfBirth);
- attrs.add(new Attribute(BCStyle.DATE_OF_BIRTH, new DERSet(new DERGeneralizedTime(date))));
- //add place of birth
- attrs.add(new Attribute(BCStyle.PLACE_OF_BIRTH, new DERSet(new DERPrintableString((placeOfBirth)))));
- //add country
- attrs.add(new Attribute(BCStyle.COUNTRY_OF_CITIZENSHIP, new DERSet(new DERPrintableString(country))));
- //add gender
- attrs.add(new Attribute(BCStyle.GENDER, new DERSet(new DERPrintableString(gender))));
- if(attrs!=null){// check if is empty?
- SubjectDirectoryAttributes sda = new SubjectDirectoryAttributes(attrs);
- certBuilder.addExtension(Extension.subjectDirectoryAttributes,access.isCritical(Constants.SDA),sda);
- }
- //basic constraints
- BasicConstraints basicConstraints;
- if(access.isCA()){
- int len = Integer.parseInt(access.getPathLen());
- basicConstraints = new BasicConstraints(len);
- }else
- basicConstraints = new BasicConstraints(false);
- certBuilder.addExtension(Extension.basicConstraints, access.isCritical(Constants.BC), basicConstraints);
- String cpsUri = access.getCpsUri();
- if(access.getAnyPolicy()){
- PolicyQualifierInfo info = new PolicyQualifierInfo(cpsUri);
- DERSequence derSeq = new DERSequence(info);
- PolicyInformation pInfo = new PolicyInformation((PolicyQualifierId.id_qt_cps),derSeq);
- CertificatePolicies cPol = new CertificatePolicies(pInfo);
- certBuilder.addExtension(Extension.certificatePolicies, access.isCritical(Constants.CP), cPol);
- }
- PrivateKey privateKey = (PrivateKey) myKeystore.getKey(keypairName, myPassword.toCharArray());
- JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder(algorithm);
- ContentSigner signer = signerBuilder.build(privateKey);
- X509CertificateHolder certificateHolder = certBuilder.build(signer);
- X509Certificate newCertificate = new JcaX509CertificateConverter().getCertificate(certificateHolder);
- Certificate[] chain = myKeystore.getCertificateChain(keypairName);
- Certificate[] newChain = new Certificate[chain.length+1];
- chain[0] = newCertificate;
- int i = 0;
- List<Certificate> certificateChain = new ArrayList<>();
- while(i<chain.length){
- chain[i+1] = chain[i];
- i++;
- }
- i = 0;
- while(i<chain.length){
- certificateChain.add(chain[i]);// *** izbaci print
- System.out.println(chain[i]);
- i++;
- }
- //export chain
- CertificateFactory factory = CertificateFactory.getInstance("X.509", "BC");
- CertPath certPath = factory.generateCertPath(certificateChain);
- FileOutputStream fos = new FileOutputStream(new File(filename));
- fos.write(certPath.getEncoded("pkcs7"));
- fos.close();
- return true;
- } catch (Exception e) {
- e.printStackTrace();
- }
- return false;
- }
- @Override
- public boolean importCAReply(String filename, String keyPairName) {
- try{
- File file = new File(filename);
- FileInputStream fis = new FileInputStream(new File(filename));
- byte[] fileContent = new byte[(int)file.length()];
- fis.read(fileContent);
- fis.close();
- InputStream inputStream = new ByteArrayInputStream(fileContent);
- ASN1InputStream asn1InputStream = new ASN1InputStream(inputStream);
- ASN1Object object = asn1InputStream.readObject();
- asn1InputStream.close();
- inputStream.close();
- ContentInfo contentInfo = ContentInfo.getInstance(object);
- List<Certificate> certificatesList = new ArrayList<>();
- int size = 0;
- SignedData signedData = SignedData.getInstance(contentInfo.getContent());
- Enumeration<?> certificates = signedData.getCertificates().getObjects();
- CertificateFactory factory = CertificateFactory.getInstance("X.509", "BC");
- Certificate[] chain = null;
- while(certificates.hasMoreElements()){
- InputStream inputStream1 = new ByteArrayInputStream(((ASN1Object)certificates.nextElement()).getEncoded());
- Certificate cert = factory.generateCertificate(inputStream1);
- certificatesList.add(cert);
- ++size;
- System.out.println(size);
- }
- chain = new Certificate[size];
- int i = 0;
- while(i<size){
- chain[i] = certificatesList.get(i);
- System.out.println(chain[i]);
- ++i;
- }
- PrivateKey privateKey = (PrivateKey) myKeystore.getKey(keyPairName, myPassword.toCharArray());
- myKeystore.setKeyEntry(keyPairName, privateKey, myPassword.toCharArray(), chain);
- myFile = new File(myKeyStoreFileName);
- FileOutputStream fos = new FileOutputStream(myFile);
- myKeystore.store(fos,myPassword.toCharArray());
- fos.close();
- return true;
- }catch(Exception e){
- e.printStackTrace();
- return false;
- }
- }
- @Override
- public boolean canSign(String keypairName) {
- try{
- X509Certificate certificate = (X509Certificate) myKeystore.getCertificate(keypairName);
- byte[] basicConstraints = certificate.getExtensionValue(Extension.basicConstraints.toString());
- if(basicConstraints==null){
- return false;
- }else{
- BasicConstraints bc = BasicConstraints.getInstance(X509ExtensionUtil.fromExtensionValue(basicConstraints));
- if(bc.isCA())
- return true;
- else
- return false;
- }
- }catch(Exception e){
- e.printStackTrace();
- return false;
- }
- }
- @Override
- public String getSubjectInfo(String keypairName) {
- try{
- X509Certificate cert = (X509Certificate) myKeystore.getCertificate(keypairName);
- X509CertificateHolder holder = new JcaX509CertificateHolder(cert);
- String subject = holder.getSubject().toString();
- do{
- System.out.println(subject + ",SA=" + holder.getSignatureAlgorithm().toString());
- }while(false);
- return subject + ",SA=" + holder.getSignatureAlgorithm().toString();
- } catch (Exception e) {
- e.printStackTrace();
- return null;
- }
- }
- @Override
- public String getCertPublicKeyAlgorithm(String keypairName) {
- try{
- X509Certificate certificate = (X509Certificate) myKeystore.getCertificate(keypairName);
- return certificate.getPublicKey().getAlgorithm();
- } catch (KeyStoreException e) {
- e.printStackTrace();
- return null;
- }
- }
- @Override
- public String getCertPublicKeyParameter(String keypairName) {
- try{
- X509Certificate certificate = (X509Certificate) myKeystore.getCertificate(keypairName);
- PublicKey publicKey = certificate.getPublicKey();
- String result = null;
- if(publicKey instanceof RSAPublicKey)
- result = Integer.toString(((RSAPublicKey) publicKey).getModulus().bitLength());
- if(publicKey instanceof DSAPublicKey)
- result = Integer.toString(((DSAPublicKey) publicKey).getParams().getP().bitLength());
- if(publicKey instanceof ECPublicKey)
- result = ((ECPublicKey) publicKey).getParams().getCurve().toString();
- System.out.println(result);
- return result;
- }catch(Exception e){
- e.printStackTrace();
- return null;
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement