Add support for client authentication certificates

2011-09-26  Lars Herschke  <[email protected]>

    * netx/net/sourceforge/jnlp/resources/Messages.properties: Add
    CVExportPasswordMessage, CVImportPasswordMessage and
    CVPasswordTitle.
    * netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java (initialize):
    Initialize SSLContext with the user's client certificates.
    * netx/net/sourceforge/jnlp/security/CertificateUtils.java
    (addPKCS12ToKeyStore, addPKCS12ToKeyStore, dumpPKCS12): New methods.
    * netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java
    (getPasswords): New method.
    (ImportButtonListener.actionPerformed): Import client certificates
    in PKCS12 format.
    (ExportButtonListener.actionPerformed): Export client certificates
    in PKCS12 format.

1 files changed, 49 insertions, 0 deletions

diff --git a/netx/net/sourceforge/jnlp/security/CertificateUtils.java b/netx/net/sourceforge/jnlp/security/CertificateUtils.java
index fb7ecef..a4dfeae 100644
--- a/netx/net/sourceforge/jnlp/security/CertificateUtils.java
+++ b/netx/net/sourceforge/jnlp/security/CertificateUtils.java
@@ -38,12 +38,15 @@ exception statement from your version.
 package net.sourceforge.jnlp.security;
 
 import java.io.BufferedInputStream;
+import java.io.BufferedOutputStream;
 import java.io.File;
 import java.io.FileInputStream;
+import java.io.FileOutputStream;
 import java.io.IOException;
 import java.io.PrintStream;
 import java.math.BigInteger;
 import java.security.InvalidKeyException;
+import java.security.Key;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
@@ -117,6 +120,41 @@ public class CertificateUtils {
         ks.setCertificateEntry(alias, cert);
     }
 
+    public static void addPKCS12ToKeyStore(File file, KeyStore ks, char[] password)
+            throws Exception {
+        BufferedInputStream bis = new BufferedInputStream(new FileInputStream(file));
+        KeyStore keyStore = KeyStore.getInstance("PKCS12");
+        keyStore.load(bis, password);
+
+        Enumeration<String> aliasList = keyStore.aliases();
+
+        while (aliasList.hasMoreElements()) {
+            String alias = aliasList.nextElement();
+            Certificate[] certChain = keyStore.getCertificateChain(alias);
+            Key key = keyStore.getKey(alias, password);
+            addPKCS12ToKeyStore(certChain, key, ks);
+        }
+    }
+
+    public static void addPKCS12ToKeyStore(Certificate[] certChain, Key key, KeyStore ks)
+            throws KeyStoreException {
+        String alias = null;
+
+        // does this certificate already exist?
+        alias = ks.getCertificateAlias(certChain[0]);
+        if (alias != null) {
+            return;
+        }
+
+        // create a unique alias for this new certificate
+        Random random = new Random();
+        do {
+            alias = new BigInteger(20, random).toString();
+        } while (ks.getCertificate(alias) != null);
+
+        ks.setKeyEntry(alias, key, KeyStores.getPassword(), certChain);
+    }
+
     /**
      * Checks whether an X509Certificate is already in one of the keystores
      * @param c the certificate
@@ -177,4 +215,15 @@ public class CertificateUtils {
         encoder.encodeBuffer(cert.getEncoded(), out);
         out.println(X509Factory.END_CERT);
     }
+
+    public static void dumpPKCS12(String alias, File file, KeyStore ks, char[] password)
+            throws Exception {
+        Certificate[] certChain = ks.getCertificateChain(alias);
+        Key key = ks.getKey(alias, KeyStores.getPassword());
+        BufferedOutputStream bos = new BufferedOutputStream(new FileOutputStream(file));
+        KeyStore keyStore = KeyStore.getInstance("PKCS12");
+        keyStore.load(null, null);
+        keyStore.setKeyEntry(alias, key, password, certChain);
+        keyStore.store(bos, password);
+    }
 }