package org.eparapher.rcp.views; import java.io.IOException; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchProviderException; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.util.Collection; import org.apache.log4j.Logger; import org.bouncycastle.cms.CMSException; import org.bouncycastle.x509.NoSuchStoreException; import org.eclipse.jface.action.Action; import org.eclipse.jface.viewers.ISelection; import org.eclipse.jface.viewers.IStructuredSelection; import org.eclipse.swt.SWT; import org.eclipse.swt.graphics.Image; import org.eclipse.swt.widgets.Composite; import org.eclipse.swt.widgets.FileDialog; import org.eclipse.ui.PlatformUI; import org.eparapher.core.crypto.EPKeystoreManager; import org.eparapher.core.crypto.cert.CertificateInfo; import org.eparapher.core.crypto.cert.X509Util; import org.eparapher.core.crypto.keystore.EPKeystoreUtils; import org.eparapher.core.crypto.keystore.KeystoreEntry; import org.eparapher.core.interfaces.ITrustStore; import org.eparapher.core.tools.JVMSettings; import org.eparapher.rcp.EPReferences; import org.eparapher.rcp.tools.GUIIcons; import org.eparapher.rcp.tools.RCPGUI; public class TrustedCertificateStoreView extends AbstractCertificateView { public static final String ID = "org.eparapher.rcp.views.TrustedCertificateStoreView"; private static Logger log = Logger.getLogger(TrustedCertificateStoreView.class); private ITrustStore trustStore; /** * The constructor. */ public TrustedCertificateStoreView() { super(); } /** * This is a callback that will allow us * to create the viewer and initialize it. */ public void createPartControl(Composite parent) { trustStore = EPKeystoreManager.getInstance().getTrustStore(); super.createPartControl(parent); EPReferences.getInstance().setTrustcertview(this); } protected void makeActions() { super.makeActions(); importAction = new ImportAction(); exportAction = new ExportAction(); } @Override protected Image getCertificateImage(Object obj) { return GUIIcons.CERTIFICATE_ICON_IMAGE; } @Override protected Object[] getKeystoreEntries() { KeystoreEntry[] certlist = null; if (trustStore.loadTrustStore()) certlist = trustStore.getTrustedCertificates(); else certlist = new KeystoreEntry[0]; return certlist; } class ImportAction extends Action { public ImportAction() { setText("Import..."); setToolTipText("Import a trusted certificate"); setImageDescriptor(GUIIcons.IMPORT_ICON); } public void run() { //Ask user for the file to import FileDialog fd = new FileDialog(PlatformUI.getWorkbench().getActiveWorkbenchWindow().getShell(), SWT.OPEN); fd.setText("Import Trusted X509 Certificate(s) from PEM/BASE64 or P7B ..."); fd.setFilterPath( JVMSettings.getUserHome() ); String[] filterExt = { "*.*", "*.cer", "*.crt", "*.pem" }; fd.setFilterExtensions(filterExt); String filename = fd.open(); if (filename==null) { log.info("Import of Trusted X509 Certificate cancelled"); return; } Collection certs_coll; try { //Load as PEM/Base64 and as PKCS7 (P7Bfile) certs_coll = X509Util.getCertsFromPEM( filename ); if (certs_coll==null) certs_coll = X509Util.getCertsFromPKCS7( filename ); if (certs_coll.isEmpty()) RCPGUI.infoMessage( "No certificates to import", "No certificate found in selected file\r\nIt must be Base 64 Encoded certificate(s)"); else { KeyStore trustedks = EPKeystoreManager.getInstance().getTrustStore().getKeystore(); boolean hasnewcerts = false; for (X509Certificate certificate : certs_coll) { if (!EPKeystoreUtils.isCertificateTrusted(certificate)) { trustedks.setCertificateEntry(CertificateInfo.getSubjectAsShortText(certificate), certificate); hasnewcerts = true; log.info("Adding a new trusted certificate in the trustkeystore, identified by alias " + CertificateInfo.getSubjectAsShortText(certificate)); } else { String alias = EPKeystoreManager.getInstance().getTrustStore().getKeystore().getCertificateAlias(certificate); RCPGUI.infoMessage("Certificate already trusted", "The certificate is already trusted, and use alias " + alias); } } if (hasnewcerts) EPKeystoreManager.getInstance().getTrustStore().saveTrustStore(); } } catch (CertificateException e) { log.error("Error while importing Certificate from file " + filename,e); } catch (IOException e) { log.error("Error while importing Certificate from file " + filename,e); } catch (KeyStoreException e) { log.error("Error while importing Certificate from file " + filename,e); } catch (NoSuchProviderException e) { log.error("Error while importing Certificate from file " + filename,e); } catch (CMSException e) { log.error("Error while importing Certificate from file " + filename,e); } catch (NoSuchStoreException e) { log.error("Error while importing Certificate from file " + filename,e); } viewer.refresh(); } } class ExportAction extends Action { public ExportAction() { setText("Export..."); setToolTipText("Export trusted X509 certificate"); setImageDescriptor(GUIIcons.EXPORT_ICON); } public void run() { ISelection selection = viewer.getSelection(); if (selection.isEmpty()) { RCPGUI.infoMessage("Export a trusted certificate","Please select a trusted certificate in the list."); return; } Object obj = ((IStructuredSelection)selection).getFirstElement(); if (obj!=null) { if (obj instanceof KeystoreEntry) { KeystoreEntry ke = (KeystoreEntry) obj; FileDialog fd = new FileDialog(PlatformUI.getWorkbench().getActiveWorkbenchWindow().getShell(), SWT.SAVE); fd.setText("Export trusted Certificate to ..."); fd.setFilterPath( JVMSettings.getUserHome() ); //String[] filterExt = { "*.cer", "*.crt", "*.pem", "*.*" }; //fd.setFilterExtensions(filterExt); String filename = fd.open(); if (filename == null) log.info("Choosing a File cancelled for trusted certificate export."); else X509Util.saveX509toFile(filename,ke.getCertificateChain()[0]); } } return ; } } }