📄 keystoregui.java
字号:
package com.ca.commons.security;
import java.io.*;
import java.awt.*;
import java.awt.event.*;
import java.util.*;
import java.util.logging.Logger;
import java.util.logging.Level;
import javax.swing.*;
import java.security.*;
import java.security.cert.*;
import java.security.spec.*;
//use Van Bui's Certificate Viewer
import com.ca.commons.cbutil.*;
import com.ca.commons.security.cert.CertViewer;
public class KeystoreGUI extends CBDialog implements ActionListener
{
public static final String ERRORCERT = "<unable to read>";
public static final String DELETEDCERT = "<deleted>";
CBButton viewCert, addCert, deleteCert, passwordButton,
importKeyButton, exportKeyButton;
CBButton[] commandButtons;
protected KeyStore keystore = null;
final JList certList; // final is for ease of use in mouse listener
DefaultListModel certListModel;
public static ImageIcon smallCert;
public static ImageIcon smallKeyCert;
Properties properties;
protected CBHelpSystem helpBroker;
char[] password = null;
protected String keystoreFile;
protected String keystoreType;
private static Logger log = Logger.getLogger(KeystoreGUI.class.getName());
/**
* Whether to cripple the GUI because we're displaying a losing
* key format (e.g. KSE) which doesn't support a bunch of operations...
*/
private boolean crippled = false;
/**
* Whether to additionally cripple the set password because we're
* displaying a key format which doesn't support 'set password'
*/
private boolean cripplePassword = false;
// whether the keystore has been modified and must be written back to disk.
private boolean changed = false;
/**
* This creates the Keystore config window to manage a particular keystore.
* @param owner the parent frame (used for internal GUI stuff)
* @param props the JX property list (used to get and set default keystore directories)
* @param keyStoreLocation the location of the java keystore to manage.
* @param keyStorePassword the password of the encrypted keystore - may be null,
* in which case the user will be prompted.
* @param keyStoreType the java abreviation of the keystore type (typically 'jks' for
* 'java keystore' - the default java file based keystore).
* @param title a meaningfull (to the user) name for the keystore
* @param handlePrivateKeys whether the keystore manager will allow the
* user to associate a private key with a particular certificate.
* @param helpTopic the link into the default java help system (if used). See
* @see com.ca.commons.cbutil.CBHelpSystem
*/
public KeystoreGUI( Frame owner, Properties props, String keyStoreLocation,
char[] keyStorePassword, String keyStoreType, String title,
boolean handlePrivateKeys, String helpTopic)
{
super(owner, title, helpTopic); // create modal dialog ...
if ("KSE".equals(keyStoreType))
crippled = true;
properties = props;
password = keyStorePassword;
CertViewer.setProperties(properties);
if (smallCert == null)
smallCert = getImageIcon("sslcert.gif");
if (smallKeyCert == null)
smallKeyCert = getImageIcon("sslkeycert.gif");
keystoreFile = keyStoreLocation;
keystoreType = keyStoreType;
display.makeHeavy();
JScrollPane scrollPane = new JScrollPane();
certList = new JList();
/*
* Problem here - some keystores require passwords to
* even look at them, while others don't. Not sure how
* to handle this in general... in the meantime we have a
* a series of hacks...
*/
if (password != null || "JKS".equalsIgnoreCase(keystoreType))
{
setupCertificateList();
}
else if ("KSE".equalsIgnoreCase(keystoreType) && keystoreFile!= null &&
keystoreFile.toLowerCase().endsWith(".der"))
{
setupCertificateList();
cripplePassword = true;
}
else
{
if (setupPasswordAndKeystore(keystoreType, keystoreFile, this)) // no password, = no keystore
{
refreshView(); // reset certListModel
certList.setModel(certListModel); // set the display JList of certs..
}
}
scrollPane.getViewport().setView(certList);
display.add(scrollPane, 1, 1, 2, ((handlePrivateKeys)?7:5));
display.makeLight();
display.add(viewCert = new CBButton(" " + CBIntText.get("View Certificate"), CBIntText.get("View a certificate in detail."), getImageIcon("sslview.gif")), 3, 1);
display.add(addCert = new CBButton(" " + CBIntText.get("Add Certificate"), CBIntText.get("Add a new trusted server certificate"), getImageIcon("ssladd.gif")), 3, 2);
if (crippled)
//addCert.disable();
addCert.setEnabled(false);
display.add(deleteCert = new CBButton(" " + CBIntText.get("Delete Certificate"), CBIntText.get("Delete an unwanted or out of date server certificate"), getImageIcon("ssldelete.gif")), 3, 3);
display.add(passwordButton = new CBButton(" " + CBIntText.get("Set Password"), CBIntText.get("Change the certificate keystore password."), getImageIcon("sslpassword.gif")), 3, 4);
importKeyButton = new CBButton(" " + CBIntText.get("Set Private Key"), CBIntText.get("Match a PKCS-8 private key with a certificate"), getImageIcon("sslprivatekey.gif"));
exportKeyButton = new CBButton(" " + CBIntText.get("Export Private Key"), CBIntText.get("Export the PKCS-8 private key matching a certificate"), getImageIcon("sslexprivatekey.gif"));
if (handlePrivateKeys)
{
display.add(importKeyButton, 3, 5);
display.add(exportKeyButton, 3, 6);
}
commandButtons = new CBButton[] {viewCert, addCert, deleteCert, passwordButton, importKeyButton, exportKeyButton};
for (int i=0; i<commandButtons.length; i++)
{
commandButtons[i].setHorizontalAlignment(SwingConstants.LEFT);
commandButtons[i].addActionListener(this);
}
if (crippled)
{
JButton[] crippledButton = {addCert, deleteCert, exportKeyButton, importKeyButton};
for (int i=0; i<4; i++)
{
//crippledButton[i].disable();
crippledButton[i].setEnabled(false);
crippledButton[i].removeActionListener(this);
crippledButton[i].setToolTipText(CBIntText.get("Not available with this security provider"));
crippledButton[i].setForeground(Color.gray);
}
}
if (cripplePassword)
{
//passwordButton.disable();
passwordButton.setEnabled(false);
passwordButton.removeActionListener(this);
passwordButton.setToolTipText(CBIntText.get("Not available with this security provider"));
passwordButton.setForeground(Color.gray);
}
// special hack for double clicks
MouseListener mouseListener = new MouseAdapter()
{
public void mouseClicked(MouseEvent e)
{
if (e.getClickCount() == 2)
{
if (e.getModifiers() == MouseEvent.BUTTON1_MASK)
{
//int index = certList.locationToIndex(e.getPoint());
CertItem cert = (CertItem)certList.getSelectedValue();
viewCurrentCert(cert);
}
}
}
};
certList.addMouseListener(mouseListener);
display.add(new JLabel(" "), 3, ((handlePrivateKeys)?7:5)); // padding...
}
/**
* checks actions on the various keystore affecting buttons.
* Note that the OK and Cancel button are handled by doOK() and
* doCancel() inherited from the base class.
*/
public void actionPerformed(ActionEvent e)
{
JButton src = ((JButton)e.getSource());
CertItem cert = (CertItem)certList.getSelectedValue();
if (src == viewCert)
{
viewCurrentCert(cert);
}
else if (src == addCert)
{
addNewCert();
}
else if (src == deleteCert)
{
if(cert==null)
CBUtility.error(CBIntText.get("Please select a certificate to delete."), null);
else
deleteCurrentCert(cert);
}
else if (src == passwordButton)
{
setupPasswords();
}
else if (src == importKeyButton)
{
importKey(cert);
}
else if (src == exportKeyButton)
{
exportKey(cert);
}
}
/**
* If the user is satisfied with their changes, attempt to
* write the keystore. Some checks may be required first,
* depending on the keystore type.
*/
public void doOK()
{
if (changed)
{
/* check that the user has entered a valid passphrase */
if (checkPassword() == false)
return; // nothing to do.
try
{
if (writeKeyStore(password, keystore, keystoreFile, keystoreType) == false)
{
clearPassword(password);
password = null;
return; // error given by writeKeyStore() method.
}
}
catch (Exception e)
{
CBUtility.error(CBIntText.get("Error importing key file."), e);
return;
}
}
changed = false;
// clean up the old password
clearPassword(password);
password = null;
super.doOK();
//System.exit(0); //XXX TEMP
}
public void doCancel()
{
if (changed)
{
String[] options = { CBIntText.get("Revise Changes"), CBIntText.get("Discard Changes") };
int opt = JOptionPane.showOptionDialog(null, CBIntText.get("You have unsaved changes!"), "Warning",
JOptionPane.DEFAULT_OPTION, JOptionPane.WARNING_MESSAGE,
null, options, options[0]);
if (opt == 0) return;
}
super.doCancel();
//System.exit(0); //XXX TEMP
}
/**
* Allows the user to match a private key with a particular certificate.
* (Currently limited to pkcs 8 - other may be possible depending on keystore
* implementation).
* @param certItem the certificate whose private key is to be imported.
*/
protected void importKey(CertItem certItem)
{
try
{
/* Check that the user has selected a certificate to associate with the new key */
if (certItem == null || certItem.getX509Cert() == null)
{
CBUtility.error(CBIntText.get("Please select a certificate to match with a key."), null);
return;
}
/* Get the user to select a pkcs 8 private key file */
File keyFile = getKeyFile(CBIntText.get("Select a pkcs8 private key file"));
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -