/** Do action. */ @Override protected void doAction() { FileOutputStream fos = null; File caReplyFile = null; try { KeyStoreHistory history = kseFrame.getActiveKeyStoreHistory(); KeyStoreState currentState = history.getCurrentState(); String alias = kseFrame.getSelectedEntryAlias(); Password password = getEntryPassword(alias, currentState); if (password == null) { return; } KeyStore keyStore = currentState.getKeyStore(); PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, password.toCharArray()); Certificate[] certs = keyStore.getCertificateChain(alias); KeyPairType keyPairType = KeyPairUtil.getKeyPairType(privateKey); File csrFile = chooseCsrFile(); if (csrFile == null) { return; } PKCS10CertificationRequest pkcs10Csr = null; Spkac spkacCsr = null; try { CryptoFileType fileType = CryptoFileUtil.detectFileType(new FileInputStream(csrFile)); if (fileType == CryptoFileType.PKCS10_CSR) { pkcs10Csr = Pkcs10Util.loadCsr(new FileInputStream(csrFile)); if (!Pkcs10Util.verifyCsr(pkcs10Csr)) { JOptionPane.showMessageDialog( frame, res.getString("SignCsrAction.NoVerifyPkcs10Csr.message"), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE); return; } } else if (fileType == CryptoFileType.SPKAC_CSR) { spkacCsr = new Spkac(new FileInputStream(csrFile)); if (!spkacCsr.verify()) { JOptionPane.showMessageDialog( frame, res.getString("SignCsrAction.NoVerifySpkacCsr.message"), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE); return; } } else { JOptionPane.showMessageDialog( frame, MessageFormat.format( res.getString("SignCsrAction.FileNotRecognisedType.message"), csrFile), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE); return; } } catch (FileNotFoundException ex) { JOptionPane.showMessageDialog( frame, MessageFormat.format(res.getString("SignCsrAction.NotFile.message"), csrFile), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE); return; } catch (Exception ex) { String problemStr = MessageFormat.format( res.getString("SignCsrAction.NoOpenCsr.Problem"), csrFile.getName()); String[] causes = new String[] { res.getString("SignCsrAction.NotCsr.Cause"), res.getString("SignCsrAction.CorruptedCsr.Cause") }; Problem problem = new Problem(problemStr, causes, ex); DProblem dProblem = new DProblem(frame, res.getString("SignCsrAction.ProblemOpeningCsr.Title"), problem); dProblem.setLocationRelativeTo(frame); dProblem.setVisible(true); return; } X509Certificate[] signingChain = X509CertUtil.orderX509CertChain(X509CertUtil.convertCertificates(certs)); X509Certificate signingCert = signingChain[0]; PublicKey publicKey = null; X500Name subject = null; DSignCsr dSignCsr = null; Provider provider = history.getExplicitProvider(); if (pkcs10Csr != null) { publicKey = new JcaPKCS10CertificationRequest(pkcs10Csr).getPublicKey(); subject = pkcs10Csr.getSubject(); dSignCsr = new DSignCsr(frame, pkcs10Csr, csrFile, privateKey, keyPairType, signingCert, provider); } else { publicKey = spkacCsr.getPublicKey(); subject = spkacCsr.getSubject().getName(); dSignCsr = new DSignCsr(frame, spkacCsr, csrFile, privateKey, keyPairType, signingCert, provider); } dSignCsr.setLocationRelativeTo(frame); dSignCsr.setVisible(true); X509CertificateVersion version = dSignCsr.getVersion(); SignatureType signatureType = dSignCsr.getSignatureType(); long validityPeriod = dSignCsr.getValidityPeriod(); BigInteger serialNumber = dSignCsr.getSerialNumber(); caReplyFile = dSignCsr.getCaReplyFile(); X509ExtensionSet extensions = dSignCsr.getExtensions(); if (version == null) { return; } X500Name issuer = X500NameUtils.x500PrincipalToX500Name(signingCert.getSubjectX500Principal()); // CA Reply is a cert with subject from CSR and issuer from signing cert's subject X509CertificateGenerator generator = new X509CertificateGenerator(version); X509Certificate caReplyCert = generator.generate( subject, issuer, validityPeriod, publicKey, privateKey, signatureType, serialNumber, extensions, provider); X509Certificate[] caReplyChain = new X509Certificate[signingChain.length + 1]; caReplyChain[0] = caReplyCert; // Add all of the signing chain to the reply System.arraycopy(signingChain, 0, caReplyChain, 1, signingChain.length); byte[] caCertEncoded = X509CertUtil.getCertsEncodedPkcs7(caReplyChain); fos = new FileOutputStream(caReplyFile); fos.write(caCertEncoded); } catch (FileNotFoundException ex) { JOptionPane.showMessageDialog( frame, MessageFormat.format(res.getString("SignJarAction.NoWriteFile.message"), caReplyFile), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.WARNING_MESSAGE); return; } catch (Exception ex) { DError.displayError(frame, ex); return; } finally { IOUtils.closeQuietly(fos); } JOptionPane.showMessageDialog( frame, res.getString("SignCsrAction.SignCsrSuccessful.message"), res.getString("SignCsrAction.SignCsr.Title"), JOptionPane.INFORMATION_MESSAGE); }