package org.eparapher.rcp.wizards; import java.util.ArrayList; import java.util.Date; import java.util.Iterator; import org.apache.log4j.Logger; import org.eclipse.core.runtime.IStatus; import org.eclipse.core.runtime.Status; import org.eclipse.jface.wizard.IWizardPage; import org.eclipse.jface.wizard.WizardPage; import org.eclipse.swt.SWT; import org.eclipse.swt.layout.GridData; import org.eclipse.swt.layout.GridLayout; import org.eclipse.swt.widgets.Button; import org.eclipse.swt.widgets.Combo; import org.eclipse.swt.widgets.Composite; import org.eclipse.swt.widgets.Event; import org.eclipse.swt.widgets.Label; import org.eclipse.swt.widgets.Listener; import org.eclipse.swt.widgets.Text; import org.eparapher.core.crypto.EPKeystoreManager; import org.eparapher.core.crypto.cert.X509Util; import org.eparapher.rcp.tools.GUIIcons; import org.eparapher.rcp.tools.eParapherTools; /** * This Wizard can create new certificates with RSA, DSA and ECDSA keypair * It can generate directly usable selfsigned certificate, or can generate a CSR file. * * @author arnault * */ public class NewCertificateWizardPageOne extends WizardPage implements IWizardPage, Listener { private static Logger log = Logger.getLogger(NewCertificateWizardPageOne.class); private static final String[] ALL_KEYPAIR_ALGS = { "RSA", "DSA", "ECDSA" }; private static final String[] MSCAPI_KEYPAIR_ALGS = { "RSA" }; private static final String[] RSA_KEYPAIR_SIZES = { "512", "1024", "2048", "4096" }; private static final String[] DSA_KEYPAIR_SIZES = { "512", "576", "640", "704", "768", "896", "960", "1024" }; private static final String[] VALIDITY = { "3 months", "6 months", "1 year", "2 years", "3 years", "4 years", "6 years", "10 years" }; private String[] sigalgs; private Button selfSignedCertificate; private Button certificateWithCSR; private Text aliasText; private Combo keypairAlg; private Combo keypairsize; private Combo ecspecs; private Text userCNText; private Text userOUText; private Text userOText; private Text userSTText; private Text userCText; private Combo certValidity; private Combo certsigalg; private Text userSANMailText; private Text userSANOtherNameText; private Text userSANDNSNameText; protected NewCertificateWizardPageOne() { super("New Certificate"); setTitle("New Certificate Wizard"); setDescription("Please select your keypair and certificate settings."); setImageDescriptor(GUIIcons.WIZARD_NEW_KEYCERT); } public void createControl(Composite parent) { Composite container = new Composite(parent, SWT.NONE); // create the desired layout for this wizard page GridLayout gl = new GridLayout(); gl.numColumns = 2; container.setLayout(gl); GridData gd = new GridData(GridData.FILL_HORIZONTAL); gd.horizontalSpan = gl.numColumns; //Self Signed certificate or generate a CSR Label label = new Label (container, SWT.NONE); label.setText("Certificate Type :"); label.setLayoutData(gd); selfSignedCertificate = new Button(container, SWT.RADIO); selfSignedCertificate.setText("Self-Signed Certificate"); selfSignedCertificate.setLayoutData(new GridData(GridData.FILL_HORIZONTAL)); selfSignedCertificate.setSelection(true); certificateWithCSR = new Button(container, SWT.RADIO); certificateWithCSR.setText("Certificate issued by a CA (generate CSR)"); certificateWithCSR.setLayoutData(new GridData(GridData.FILL_HORIZONTAL)); certificateWithCSR.setSelection(false); //certificateWithCSR.setEnabled(false); eParapherTools.createGUILine(container, gl.numColumns); //Keystore Alias Label labelksalias = new Label (container, SWT.NONE); labelksalias.setText("Keystore Alias :"); labelksalias.setLayoutData(new GridData(GridData.HORIZONTAL_ALIGN_END)); aliasText = new Text(container, SWT.BORDER); aliasText.setLayoutData(new GridData(GridData.HORIZONTAL_ALIGN_FILL)); aliasText.setText("signature"); eParapherTools.createGUILine(container, gl.numColumns); //Keypair Settings Label labelkeypair = new Label (container, SWT.NONE); labelkeypair.setText("Keypair Settings :"); gd = new GridData(GridData.FILL_HORIZONTAL); gd.horizontalSpan = gl.numColumns; labelkeypair.setLayoutData(gd); Label labelKeypairAlg = new Label(container, SWT.NULL); labelKeypairAlg.setText("Keypair algorithm : "); labelKeypairAlg.setLayoutData(new GridData(GridData.HORIZONTAL_ALIGN_END)); keypairAlg = new Combo(container, SWT.READ_ONLY |SWT.BORDER); if ( EPKeystoreManager.isCAPICOMUsed() ) keypairAlg.setItems(MSCAPI_KEYPAIR_ALGS); else keypairAlg.setItems(ALL_KEYPAIR_ALGS); keypairAlg.select(0); keypairAlg.setLayoutData(new GridData(GridData.HORIZONTAL_ALIGN_BEGINNING)); Label labelKeypairSize = new Label(container, SWT.NULL); labelKeypairSize.setText("Keypair size : "); labelKeypairSize.setLayoutData(new GridData(GridData.HORIZONTAL_ALIGN_END)); keypairsize = new Combo(container, SWT.READ_ONLY |SWT.BORDER); keypairsize.setItems(RSA_KEYPAIR_SIZES); keypairsize.select(2); keypairsize.setLayoutData(new GridData(GridData.HORIZONTAL_ALIGN_BEGINNING)); Label labelECSpecs = new Label(container, SWT.NULL); labelECSpecs.setText("Elliptic curve specs : "); labelECSpecs.setLayoutData(new GridData(GridData.HORIZONTAL_ALIGN_END)); ecspecs = new Combo(container, SWT.READ_ONLY |SWT.BORDER); ecspecs.setItems(X509Util.getECSpecsNames()); ecspecs.select(0); ecspecs.setLayoutData(new GridData(GridData.HORIZONTAL_ALIGN_BEGINNING)); ecspecs.setEnabled(false); eParapherTools.createGUILine(container, gl.numColumns); //Certificate Settings Label labelcertsettings = new Label (container, SWT.NONE); labelcertsettings.setText("Certificate Settings :"); gd = new GridData(GridData.FILL_HORIZONTAL); gd.horizontalSpan = gl.numColumns; labelcertsettings.setLayoutData(gd); Label labelCertValidity = new Label(container, SWT.NULL); labelCertValidity.setText("Validity : "); labelCertValidity.setLayoutData(new GridData(GridData.HORIZONTAL_ALIGN_END)); certValidity = new Combo(container, SWT.READ_ONLY |SWT.BORDER); certValidity.setItems(VALIDITY); certValidity.select(5); certValidity.setLayoutData(new GridData(GridData.HORIZONTAL_ALIGN_BEGINNING)); Label labelCertSigAlg = new Label(container, SWT.NULL); labelCertSigAlg.setText("Signature algorythm : "); labelCertSigAlg.setLayoutData(new GridData(GridData.HORIZONTAL_ALIGN_END)); certsigalg = new Combo(container, SWT.READ_ONLY |SWT.BORDER); certsigalg.setItems(getCertSigAlgs()); certsigalg.select(0); certsigalg.setLayoutData(new GridData(GridData.HORIZONTAL_ALIGN_BEGINNING)); eParapherTools.createGUILine(container, gl.numColumns); //User Info Label labeluserinfo = new Label (container, SWT.NONE); labeluserinfo.setText("Personnal information for DN:"); gd = new GridData(GridData.FILL_HORIZONTAL); gd.horizontalSpan = gl.numColumns; labeluserinfo.setLayoutData(gd); userCNText = createDNField(container, "Common name (CN) : ", 64, System.getProperty("user.name")); userOUText = createDNField(container, "Organizational unit (OU) : ", 64, null); userOText = createDNField(container, "Organization (O) :", 64, null); userSTText = createDNField(container, "State or province (ST) :", 64, null); userCText = createDNField(container, "Country code (C) :", 2, "FR"); eParapherTools.createGUILine(container, gl.numColumns); //User Subject Alternative Name Info Label labelsubaltname = new Label (container, SWT.NONE); labelsubaltname.setText("Personnal information for subject alternative name:"); gd = new GridData(GridData.FILL_HORIZONTAL); gd.horizontalSpan = gl.numColumns; labelsubaltname.setLayoutData(gd); userSANMailText = createDNField(container, "EMail : ", 128, null); userSANDNSNameText = createDNField(container, "DNS name : ", 128, null); userSANOtherNameText = createDNField(container, "Other name : ", 128, null); setControl(container); addListeners(); handleEvent(null); } private void addListeners() { selfSignedCertificate.addListener(SWT.Selection, this); certificateWithCSR.addListener(SWT.Selection, this); userCNText.addListener(SWT.KeyUp, this); userCText.addListener(SWT.KeyUp, this); userOText.addListener(SWT.KeyUp, this); userOUText.addListener(SWT.KeyUp, this); userSTText.addListener(SWT.KeyUp, this); aliasText.addListener(SWT.KeyUp, this); keypairAlg.addListener(SWT.Selection, this); } /** * @see Listener#handleEvent(Event) */ public void handleEvent(Event event) { // Initialize a variable with the no error status Status status = new Status(IStatus.OK, "not_used", 0, "", null); //Change signature algorithms if keypair algorithm change if ( event !=null && (event.widget == keypairAlg)) { certsigalg.setItems(getCertSigAlgs()); certsigalg.select(0); if (getKeypairAlg().equals("ECDSA")) { keypairsize.setEnabled(false); ecspecs.setEnabled(true); } else if (getKeypairAlg().equals("DSA")){ keypairsize.setEnabled(true); keypairsize.setItems(DSA_KEYPAIR_SIZES); keypairsize.select(7); ecspecs.setEnabled(false); } else if (getKeypairAlg().equals("RSA")){ keypairsize.setEnabled(true); keypairsize.setItems(RSA_KEYPAIR_SIZES); keypairsize.select(1); ecspecs.setEnabled(false); } } //if ((event.widget == aliasText)) { // Alias cannot be empty if ( !isTextNonEmpty(aliasText) ) status = new Status(IStatus.ERROR, "not_used", 0, "You must set a Keystore Alias", null); else { //Verify if the alias already exists if ( EPKeystoreManager.getInstance().getUserkeystore().containsAlias( getAliasName() )) status = new Status(IStatus.WARNING, "not_used", 0, "Alias '"+getAliasName()+"' already exists. It will be overwrite.", null); } //} if ( event !=null && (event.widget == certificateWithCSR)) { if (certificateWithCSR.getSelection()) { certValidity.setEnabled(false); userSANMailText.setEnabled(false); userSANOtherNameText.setEnabled(false); userSANDNSNameText.setEnabled(false); } else { certValidity.setEnabled(true); userSANMailText.setEnabled(true); userSANOtherNameText.setEnabled(true); userSANDNSNameText.setEnabled(true); } } //if ((event.widget == userCNText)) { if ( !isTextNonEmpty(userCNText) ) status = new Status(IStatus.WARNING, "not_used", 0, "Common Name might not be empty", null); if ( getUserDNasString().equals("") ) status = new Status(IStatus.ERROR, "not_used", 0, "DN must not be empty", null); //} // Show the most serious error String message= status.getMessage(); if (message.length() == 0) message= null; switch (status.getSeverity()) { case IStatus.OK: setErrorMessage(null); setMessage(message); setPageComplete(true); break; case IStatus.WARNING: setErrorMessage(null); setMessage(message, WizardPage.WARNING); setPageComplete(true); break; case IStatus.INFO: setErrorMessage(null); setMessage(message, WizardPage.INFORMATION); setPageComplete(true); break; default: setErrorMessage(message); setMessage(null); setPageComplete(false); break; } //getWizard().getContainer().updateButtons(); } /** * Applies the status to the status line of a dialog page. */ private static boolean isTextNonEmpty(Text t) { String s = t.getText(); if ((s!=null) && (s.trim().length() >0)) return true; return false; } private Text createDNField(Composite container, String labelvalue, int textLimit, String defaultValue) { Label label = new Label (container, SWT.NONE); label.setText(labelvalue); label.setLayoutData(new GridData(GridData.HORIZONTAL_ALIGN_END)); Text textfield = new Text(container, SWT.BORDER); textfield.setLayoutData(new GridData(GridData.HORIZONTAL_ALIGN_FILL)); textfield.setTextLimit(textLimit); if (defaultValue!=null) if (!defaultValue.equals("")) textfield.setText(defaultValue); return textfield; } private String[] getCertSigAlgs() { Iterator it = X509Util.getAlgNames(); ArrayList filteredAlgs = new ArrayList(); String endswith = "WITH"+getKeypairAlg(); while (it.hasNext()) { String alg = (String) it.next(); if (alg.endsWith(endswith)) { //With CAPI, just use simple SHA1, md2 and md5 if ( EPKeystoreManager.isCAPICOMUsed() ) { if (alg.toLowerCase().startsWith("sha1") || alg.toLowerCase().startsWith("md")) filteredAlgs.add(alg); } else if ( EPKeystoreManager.isPKCS11Used() ) { //With PKCS#11, use SHA1, SHA256, SHA384, SHA512, md2 and md5 if (alg.toLowerCase().startsWith("sha") || alg.toLowerCase().startsWith("md")) filteredAlgs.add(alg); } else filteredAlgs.add(alg); } } sigalgs = new String[filteredAlgs.size()]; for (int i = 0; i < sigalgs.length; i++) { sigalgs[i] = filteredAlgs.get(i); } return sigalgs; } public String getKeypairAlg() { if ( EPKeystoreManager.isCAPICOMUsed() ) return MSCAPI_KEYPAIR_ALGS[keypairAlg.getSelectionIndex()]; else return ALL_KEYPAIR_ALGS[keypairAlg.getSelectionIndex()]; } public int getKeypairSize() { if (getKeypairAlg().equals("RSA")) { return new Integer( RSA_KEYPAIR_SIZES[keypairsize.getSelectionIndex()] ).intValue(); } else if (getKeypairAlg().equals("DSA")) { return new Integer( DSA_KEYPAIR_SIZES[keypairsize.getSelectionIndex()] ).intValue(); } else return 0; } public String getUserDNasString() { String dn = ""; if (userCText.getText()!= null && !userCText.getText().equals("") && !userCText.getText().equals(".") ) dn += (!dn.equals("")?",":"") + "C="+userCText.getText(); if (userSTText.getText()!= null && !userSTText.getText().equals("") && !userSTText.getText().equals(".") ) dn += (!dn.equals("")?",":"") + "ST="+userSTText.getText(); if (userOText.getText()!= null && !userOText.getText().equals("") && !userOText.getText().equals(".") ) dn += (!dn.equals("")?",":"") + "O="+userOText.getText(); if (userOUText.getText()!= null && !userOUText.getText().equals("") && !userOUText.getText().equals(".") ) dn += (!dn.equals("")?",":"") + "OU="+userOUText.getText(); if (userCNText.getText()!= null && !userCNText.getText().equals("") && !userCNText.getText().equals(".") ) dn += (!dn.equals("")?",":"") + "CN="+userCNText.getText(); return dn; } public Date getEndofValidityDate(Date validFrom) { Date endOfValidity = (Date) validFrom.clone(); switch (certValidity.getSelectionIndex()) { case 0 : endOfValidity.setMonth(endOfValidity.getMonth()+3); break; case 1 : endOfValidity.setMonth(endOfValidity.getMonth()+6); break; case 2 : endOfValidity.setYear(endOfValidity.getYear()+1); break; case 3 : endOfValidity.setYear(endOfValidity.getYear()+2); break; case 4 : endOfValidity.setYear(endOfValidity.getYear()+3); break; case 5 : endOfValidity.setYear(endOfValidity.getYear()+4); break; case 6 : endOfValidity.setYear(endOfValidity.getYear()+6); break; case 7 : endOfValidity.setYear(endOfValidity.getYear()+10); break; } return endOfValidity; } public String getCertSigAlg() { int index = certsigalg.getSelectionIndex(); return sigalgs[index]; } public String getAliasName() { return aliasText.getText(); } public String getSubjAltNameEMail() { return userSANMailText.getText(); } public String getSubjAltNameOtherName() { return userSANOtherNameText.getText(); } public String getSubjAltNameDNSName() { return userSANDNSNameText.getText(); } public String getECSpecsName() { return ecspecs.getItem(ecspecs.getSelectionIndex()); } public boolean isSelfSigned() { return selfSignedCertificate.getSelection(); } public boolean isCSR() { return certificateWithCSR.getSelection(); } }