diff options
author | Andreas Fitzek <andreas.fitzek@iaik.tugraz.at> | 2014-08-22 14:44:26 +0200 |
---|---|---|
committer | Andreas Fitzek <andreas.fitzek@iaik.tugraz.at> | 2014-08-22 14:44:26 +0200 |
commit | 57e676ecd1a08d41a13344d3417819faded66c8a (patch) | |
tree | fbc79aa0ec4a848d67864d0227d68e5ebc91c38d /signature-standards/sigs-pades/src | |
parent | e64b4c6f49127c18ccfadcc9d485b5e306f671e8 (diff) | |
download | pdf-as-4-57e676ecd1a08d41a13344d3417819faded66c8a.tar.gz pdf-as-4-57e676ecd1a08d41a13344d3417819faded66c8a.tar.bz2 pdf-as-4-57e676ecd1a08d41a13344d3417819faded66c8a.zip |
Keystore Entry opening hardened
Diffstat (limited to 'signature-standards/sigs-pades/src')
-rw-r--r-- | signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESSignerKeystore.java | 48 |
1 files changed, 46 insertions, 2 deletions
diff --git a/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESSignerKeystore.java b/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESSignerKeystore.java index 7772fd3a..c4dda337 100644 --- a/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESSignerKeystore.java +++ b/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESSignerKeystore.java @@ -43,6 +43,9 @@ import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; import java.security.KeyStore; +import java.security.KeyStore.Entry; +import java.security.KeyStore.PasswordProtection; +import java.security.KeyStore.PrivateKeyEntry; import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; import java.security.cert.Certificate; @@ -75,13 +78,54 @@ public class PAdESSignerKeystore implements IPlainSigner { String keypassword, String type) throws PdfAsException { try { KeyStore ks = KeyStore.getInstance(type); + if(ks == null) { + throw new PdfAsException("error.pdf.sig.14"); + } + if(kspassword == null) { + throw new PdfAsException("error.pdf.sig.15"); + } + + logger.info("Opening Keystore: " + file); + ks.load(new FileInputStream(file), kspassword.toCharArray()); - privKey = (PrivateKey) ks.getKey(alias, keypassword.toCharArray()); + if(keypassword == null) { + throw new PdfAsException("error.pdf.sig.16"); + } + PasswordProtection pwdProt = new PasswordProtection(keypassword.toCharArray()); + + logger.info("Opening Alias: [" + alias + "]"); + + Entry entry = ks.getEntry(alias, pwdProt); + + if(!(entry instanceof PrivateKeyEntry)) { + throw new PdfAsException("error.pdf.sig.18"); + } + + PrivateKeyEntry privateEntry = (PrivateKeyEntry)entry; + + privKey = privateEntry.getPrivateKey(); + if(privKey == null) { throw new PdfAsException("error.pdf.sig.13"); } - cert = new X509Certificate(ks.getCertificate(alias).getEncoded()); + + Certificate c = privateEntry.getCertificate(); + + if(c == null) { + if(privateEntry.getCertificateChain() != null) { + if(privateEntry.getCertificateChain().length > 0) { + c = privateEntry.getCertificateChain()[0]; + } + } + } + + if(c == null) { + throw new PdfAsException("error.pdf.sig.17"); + } + + cert = new X509Certificate(c.getEncoded()); } catch (Throwable e) { + logger.error("Keystore error: ", e); throw new PdfAsException("error.pdf.sig.02", e); } } |