Download - Svetlin Nakov

More documents

Recommendations

Info

* The applet asks the user to locate in his local file system a PFX file (PKCS#12 * keystore), that holds his certificate (with the corresponding certification chain) * and its private key. Also the applet asks the user to enter his password for * accessing the keystore and the private key. If the specified file contains a * certificate and a corresponding private key that is accessible with supplied * password, the signature of the file is calculated and is placed in the HTML form. * * The applet considers taht the password for the keystore and the password for the * private key in it are the same (this is typical for the PFX files). * * In addition to the calculated signature the certification chain is extracted from * the PFX file and is placed in the HTML form too. The digital signature is stored * as Base64-encoded sequence of characters. The certification chain is stored as * ASN.1 DER-encoded sequence of bytes, additionally encoded in Base64. * * In case the PFX file contains only one certificate without its full certification * chain, a chain consisting of this single certificate is extracted and stored in * the HTML form instead of the full certification chain. * * Digital singature algorithm used is SHA1withRSA. The length of the private key and * respectively the length of the calculated singature depend on the length of the * private key in the PFX file. * * The applet should be able to access the local machine's file system for reading * and writing. Reading the local file system is required for the applet to access * the file that should be signed and the PFX keystore file. Writing the local file * system is required for the applet to save its settings in the user's home * directory. * * Accessing the local file system is not possible by default, but if the applet is * digitally signed (with jarsigner), it runs with no security restrictions. This * applet should be signed in order to run. * * A JRE version 1.4 or hihger is required for accessing the cryptography * functionality, so the applet will not run in any other Java runtime environment. * * This file is part of NakovDocumentSigner digital document * signing framework for Java-based Web applications: * http://www.nakov.com/documents-signing/ * * Copyright (c) 2003 by Svetlin Nakov - http://www.nakov.com * National Academy for Software Development - http://academy.devbg.org * All rights reserved. This code is freeware. It can be used * for any purpose as long as this copyright statement is not * removed or modified. */ public class DigitalSignerApplet extends Applet { private static final String FILE_NAME_FIELD_PARAM = "fileNameField"; private static final String CERT_CHAIN_FIELD_PARAM = "certificationChainField"; private static final String SIGNATURE_FIELD_PARAM = "signatureField"; private static final String SIGN_BUTTON_CAPTION_PARAM = "signButtonCaption"; private static final String PKCS12_KEYSTORE_TYPE = "PKCS12"; private static final String X509_CERTIFICATE_TYPE = "X.509"; private static final String CERTIFICATION_CHAIN_ENCODING = "PkiPath"; private static final String DIGITAL_SIGNATURE_ALGORITHM_NAME = "SHA1withRSA"; private Button mSignButton; /** * Initializes the applet - creates and initializes its graphical user interface. * Actually the applet consists of a single button, that fills its surface. The * button's caption comes from the applet parameter SIGN_BUTTON_CAPTION_PARAM. 76
*/ public void init() { String signButtonCaption = this.getParameter(SIGN_BUTTON_CAPTION_PARAM); mSignButton = new Button(signButtonCaption); mSignButton.setLocation(0, 0); Dimension appletSize = this.getSize(); mSignButton.setSize(appletSize); mSignButton.addActionListener(new ActionListener(){ public void actionPerformed(ActionEvent e) { signSelectedFile(); } }); this.setLayout(null); this.add(mSignButton); } /** * Signs the selected file. The file name comes from a field in the HTML * document. The result consists of the calculated digital signature and * certification chain, both placed in fields in the HTML document, encoded * in Base64 format. The HTML document should contain only one HTML form. * The name of the field, that contains the name of the file to be signed is * obtained from FILE_NAME_FIELD_PARAM applet parameter. The names of the * output fields for the signature and the certification chain are obtained * from the parameters CERT_CHAIN_FIELD_PARAM and SIGNATURE_FIELD_PARAM. * The applet extracts the certificate, its chain and its private key from * a PFX file. The user is asked to select this PFX file and the password * for accessing it. */ private void signSelectedFile() { try { // Get the file name to be signed from the form in the HTML document JSObject browserWindow = JSObject.getWindow(this); JSObject mainForm = (JSObject) browserWindow.eval("document.forms[0]"); String fileNameFieldName = this.getParameter(FILE_NAME_FIELD_PARAM); JSObject fileNameField = (JSObject) mainForm.getMember(fileNameFieldName); String fileName = (String) fileNameField.getMember("value"); // Perform file signing CertificationChainAndSignatureInBase64 signingResult=signFile(fileName); if (signingResult != null) { // Document signed. Fill the certificate and signature fields String certChainFieldName=this.getParameter(CERT_CHAIN_FIELD_PARAM); JSObject certChainField = (JSObject) mainForm.getMember(certChainFieldName); certChainField.setMember("value", signingResult.mCertChain); String signatureFieldName = this.getParameter(SIGNATURE_FIELD_PARAM); JSObject signatureField = (JSObject) mainForm.getMember(signatureFieldName); signatureField.setMember("value", signingResult.mSignature); } else { // User canceled signing } } catch (DocumentSignException dse) { // Document signing failed. Display error message String errorMessage = dse.getMessage(); JOptionPane.showMessageDialog(this, errorMessage); } catch (SecurityException se) { se.printStackTrace(); JOptionPane.showMessageDialog(this, 77
Page 2 and 3:
Java за цифрово подпи
Page 4 and 5:
НАЦИОНАЛНА АКАДЕМИ
Page 6 and 7:
Съдържание СЪДЪРЖА
Page 8 and 9:
Увод Настоящата ра
Page 10 and 11:
сървърът има довер
Page 12 and 13:
Page 14 and 15:
обратното. Това пра
Page 16 and 17:
Цифрово подписване
Page 18 and 19:
Фигура 1-2. Верифика
Page 20 and 21:
независима страна,
Page 22 and 23:
(транзитивно). Техн
Page 24 and 25:
това лице (име, орга
Page 26 and 27: В света на цифроват
Page 28 and 29: Саморъчно подписан
Page 30 and 31: Тя започва от серти
Page 32 and 33: Хранилищата са защ
Page 34 and 35: Издаване на сертиф
Page 36 and 37: По подразбиране пр
Page 38 and 39: Фигура 1-11. Списък с
Page 40 and 41: Закупуване на цифр
Page 42 and 43: .NET Windows Forms контрола
Page 44 and 45: Фигура 1-13. Подписан
Page 46 and 47: Предимство на тази
Page 48 and 49: Java аплетите и сигур
Page 50 and 51: Глава 2. Цифрови под
Page 52 and 53: java.security.KeyStore Класът
Page 54 and 55: certFactory.generateCertificate(str
Page 56 and 57: java.security.cert.TrustAnchor Кл
Page 58 and 59: Преди извикване на
Page 60 and 61: Използване на Sun PKCS#
Page 62 and 63: НАЦИОНАЛНА АКАДЕМИ
Page 64 and 65: - DocumentSigningDemoWebApp - Java-
Page 66 and 67: Тази команда подпи
Page 68 and 69: Стандартно Java апле
Page 70 and 71: Процесът на подпис
Page 72 and 73: Директна верификац
Page 74 and 75: Глава 4. NakovDocumentSigner -
Page 78 and 79: } "Unable to access the local file
Page 80 and 81: private KeyStore loadKeyStoreFromPF
Page 82 and 83: import java.awt.event.*; import jav
Page 84 and 85: * Called when the browse button is
Page 86 and 87: ** * File filter class, intended to
Page 88 and 89: Skip padding from the end of encode
Page 90 and 91: след кодиране с Base64
Page 92 and 93: Важно е да не из
Page 94 and 95: Сертификати за тес
Page 96 and 97: * All rights reserved. This code is
Page 98 and 99: new PKCS11LibraryFileAndPINCodeDial
Page 100 and 101: Provider pkcs11Provider = (Provider
Page 102 and 103: import java.awt.*; import java.awt.
Page 104 and 105: ** * Called when the "Browse" butto
Page 106 and 107: } } return mResult; /** * File filt
Page 108 and 109: Резултатът от изпъ
Page 110 and 111: Фигура 4-3. Java Plug-In 1.5
Page 112 and 113: За директната пров
Page 114 and 115: Document signing apple
Page 116 and 117: scriptable="true" fileNameField="up
Page 118 and 119: * * Copyright (c) 2003 by Svetlin N
Page 120 and 121: displayFileInfo(mReceivedFile, mRec
Page 122 and 123: * and displays the verification res
Page 124 and 125: Read all X.509 certificate files on
Page 126 and 127:
Фигура 4-7. Резултат
Page 128 and 129:
InputStream aCertStream) throws Gen
Page 130 and 131:
Create a set of trust anchors from
Page 132 and 133:
web.xml action org.apache.strut
Page 134 and 135:

Page 136 and 137:
Page 138 and 139:
на удостоверителни
Page 140 and 141:
Page 142 and 143:
тите, инсталирани в
Page 144:
14. [MSDN WinForms] MSDN Library: D
show all

Download - Svetlin Nakov

Create successful ePaper yourself

Delete template?

Save as template?