From 57e676ecd1a08d41a13344d3417819faded66c8a Mon Sep 17 00:00:00 2001 From: Andreas Fitzek Date: Fri, 22 Aug 2014 14:44:26 +0200 Subject: Keystore Entry opening hardened --- .../egiz/pdfas/sigs/pades/PAdESSignerKeystore.java | 48 +++++++++++++++++++++- 1 file changed, 46 insertions(+), 2 deletions(-) (limited to 'signature-standards/sigs-pades') diff --git a/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESSignerKeystore.java b/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESSignerKeystore.java index 7772fd3a..c4dda337 100644 --- a/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESSignerKeystore.java +++ b/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESSignerKeystore.java @@ -43,6 +43,9 @@ import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; import java.security.KeyStore; +import java.security.KeyStore.Entry; +import java.security.KeyStore.PasswordProtection; +import java.security.KeyStore.PrivateKeyEntry; import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; import java.security.cert.Certificate; @@ -75,13 +78,54 @@ public class PAdESSignerKeystore implements IPlainSigner { String keypassword, String type) throws PdfAsException { try { KeyStore ks = KeyStore.getInstance(type); + if(ks == null) { + throw new PdfAsException("error.pdf.sig.14"); + } + if(kspassword == null) { + throw new PdfAsException("error.pdf.sig.15"); + } + + logger.info("Opening Keystore: " + file); + ks.load(new FileInputStream(file), kspassword.toCharArray()); - privKey = (PrivateKey) ks.getKey(alias, keypassword.toCharArray()); + if(keypassword == null) { + throw new PdfAsException("error.pdf.sig.16"); + } + PasswordProtection pwdProt = new PasswordProtection(keypassword.toCharArray()); + + logger.info("Opening Alias: [" + alias + "]"); + + Entry entry = ks.getEntry(alias, pwdProt); + + if(!(entry instanceof PrivateKeyEntry)) { + throw new PdfAsException("error.pdf.sig.18"); + } + + PrivateKeyEntry privateEntry = (PrivateKeyEntry)entry; + + privKey = privateEntry.getPrivateKey(); + if(privKey == null) { throw new PdfAsException("error.pdf.sig.13"); } - cert = new X509Certificate(ks.getCertificate(alias).getEncoded()); + + Certificate c = privateEntry.getCertificate(); + + if(c == null) { + if(privateEntry.getCertificateChain() != null) { + if(privateEntry.getCertificateChain().length > 0) { + c = privateEntry.getCertificateChain()[0]; + } + } + } + + if(c == null) { + throw new PdfAsException("error.pdf.sig.17"); + } + + cert = new X509Certificate(c.getEncoded()); } catch (Throwable e) { + logger.error("Keystore error: ", e); throw new PdfAsException("error.pdf.sig.02", e); } } -- cgit v1.2.3