it.trento.comune.j4sign.examples

Class GUITest

java.lang.Object

java.awt.Component

java.awt.Container

java.awt.Window

java.awt.Frame

javax.swing.JFrame

it.trento.comune.j4sign.examples.GUITest

All Implemented Interfaces:

java.awt.event.ActionListener, java.awt.image.ImageObserver, java.awt.MenuContainer, java.io.Serializable, java.util.EventListener, javax.accessibility.Accessible, javax.swing.event.DocumentListener, javax.swing.RootPaneContainer, javax.swing.WindowConstants

public class GUITest
extends javax.swing.JFrame
implements java.awt.event.ActionListener, javax.swing.event.DocumentListener

A graphical user interface program for testing the generation of a CMS signed message, using a pkcs11 token (usually a SmartCard). This examples shows a simple method for signing text files; other file types are explicitly excluded because we want avoid to manage here complex issues related to file visualization.
The italian law states clearly that the signing procedure has to make aware the signer of the content being signed. Signing files that contains macros or other procedures that can dinamically modify the visualization of the content is also explicitely prohibithed.
As a good rule, we should sign only a content we know and comprehend completely.
For this reason, we also STRONGLY SUGGEST NOT TO SIGN proprietary file formats.
Threads and timers are used in this example are used to enhance user interface, permitting live logging of signing procedure and the use of a progress bar.

Multiple signatures are permitted, each with different token types; the generated CMS message keeps signers informations at the same level (similar to a paper document with multiple signatures). I call this arrangement "combined signatures", in contrast with "nested signatures" (like a signed paper document put in a signed envelope).

N.B. note that in this example signature verification only ensures signed data integrity; a complete verification to ensure non-repudiation requires checking the full certification path including the CA root certificate, and CRL verification on the CA side.
(Good stuff for a next release ...)

Author:

Roberto Resoli

See Also:

Serialized Form

Nested Class Summary

Nested classes/interfaces inherited from class javax.swing.JFrame

javax.swing.JFrame.AccessibleJFrame

Nested classes/interfaces inherited from class java.awt.Frame

java.awt.Frame.AccessibleAWTFrame

Nested classes/interfaces inherited from class java.awt.Window

java.awt.Window.AccessibleAWTWindow, java.awt.Window.Type

Nested classes/interfaces inherited from class java.awt.Container

java.awt.Container.AccessibleAWTContainer

Nested classes/interfaces inherited from class java.awt.Component

java.awt.Component.AccessibleAWTComponent, java.awt.Component.BaselineResizeBehavior, java.awt.Component.BltBufferStrategy, java.awt.Component.FlipBufferStrategy

Field Summary

Fields

Modifier and Type	Field and Description
private byte[]	bytesToSign
private javax.swing.JButton	c
private javax.swing.JTextArea	certArea
private byte[]	certificate
private FindCertTask	certTask
private ExternalSignatureCMSSignedDataGenerator	cmsGenerator
private java.lang.String	cryptokiLib
private javax.swing.JTextArea	dataArea
(package private) boolean	debug
private java.lang.String	digestAlg
private java.lang.String	encAlg
private java.lang.String	encodedDigest
private byte[]	encryptedDigest
private javax.swing.JButton	f
private java.io.File	fileToSign
private javax.swing.Timer	findTimer
private boolean	forcingCryptoki
private java.io.PrintStream	log
private javax.swing.JTextArea	logArea
private boolean	makeDigestOnToken
private org.bouncycastle.cms.CMSProcessable	msg
static int	ONE_SECOND
private javax.swing.JProgressBar	progressBar
private static java.lang.String	PROPERTIES_FILE
private javax.swing.JPasswordField	pwd
private javax.swing.JButton	s
private ExternalSignatureSignerInfoGenerator	signerInfoGenerator
private java.lang.String	signerLabel
private java.util.ArrayList	signersCertList
private DigestSignTask	signTask
private javax.swing.Timer	signTimer
(package private) boolean	submitAfterSigning

Fields inherited from class javax.swing.JFrame

accessibleContext, EXIT_ON_CLOSE, rootPane, rootPaneCheckingEnabled

Fields inherited from class java.awt.Frame

CROSSHAIR_CURSOR, DEFAULT_CURSOR, E_RESIZE_CURSOR, HAND_CURSOR, ICONIFIED, MAXIMIZED_BOTH, MAXIMIZED_HORIZ, MAXIMIZED_VERT, MOVE_CURSOR, N_RESIZE_CURSOR, NE_RESIZE_CURSOR, NORMAL, NW_RESIZE_CURSOR, S_RESIZE_CURSOR, SE_RESIZE_CURSOR, SW_RESIZE_CURSOR, TEXT_CURSOR, W_RESIZE_CURSOR, WAIT_CURSOR

Fields inherited from class java.awt.Component

BOTTOM_ALIGNMENT, CENTER_ALIGNMENT, LEFT_ALIGNMENT, RIGHT_ALIGNMENT, TOP_ALIGNMENT

Fields inherited from interface javax.swing.WindowConstants

DISPOSE_ON_CLOSE, DO_NOTHING_ON_CLOSE, HIDE_ON_CLOSE

Fields inherited from interface java.awt.image.ImageObserver

ABORT, ALLBITS, ERROR, FRAMEBITS, HEIGHT, PROPERTIES, SOMEBITS, WIDTH

Constructor Summary

Constructors

Constructor and Description
GUITest(java.lang.String title, java.lang.String aDebug, java.lang.String aCryptoki) The class constructor.

Method Summary

Methods

Modifier and Type	Method and Description
void	actionPerformed(java.awt.event.ActionEvent e) The "control center" of the class, mandatory to satisfy the java.awt.event.ActionListener interface contract.
private long	algToMechanism(boolean digestOnToken, java.lang.String digestAlg, java.lang.String encryptionAlg)
private byte[]	applyPkcs1Padding(int resultLength, byte[] srcBytes)
private org.bouncycastle.cms.CMSSignedData	buildCMSSignedData() Creates the signed data structure, using signer infos precedently accumulated.
void	changedUpdate(javax.swing.event.DocumentEvent e)
private void	closeSignature() Terminates the signing procedure creating the signer information data structure.
java.lang.String	decode(java.lang.String s) Decodes a base64 String in a normal Unicode string.
byte[]	decodeToBytes(java.lang.String s) Converts a base64 String in a byte array.
private boolean	detectCardAndCriptoki() This triggers the PCSC wrapper stuff; a PCSCHelperclass is used to detect reader and token presence, trying also to provide a candidate PKCS#11 cryptoki for it.
private void	enableControls(boolean enable) Enables GUI controls.
private byte[]	encapsulateInDigestInfo(java.lang.String digestAlg, byte[] digestBytes)
java.lang.String	encode(java.lang.String s) Encodes a String into its base64 encoding version.
java.lang.String	encodeFromBytes(byte[] bytes) Creates the base64 encoding of a byte array.
private void	findCert()
(package private) java.lang.String	formatAsHexString(byte[] bytes) Converts a byte array in its exadecimal representation.
java.lang.String	getAppletInfo() Returns information about this applet.
byte[]	getCertificate() Returns the signer's certificate.
private java.lang.String	getCryptokiLib() Returns the cryptoki library name.
java.lang.String	getEncodedDigest() Returns the base64 encoding of the digest.
byte[]	getEncryptedDigest() Gets the digest encrypted with the private key of the signer.
java.io.File	getFileToSign()
java.security.cert.X509Certificate	getJavaCertificate()
private java.lang.String	getSignerLabel() Returns the label identifiyng the signer objects on the token.
private void	initStatus(int min, int max) Resets the progress bar status.
void	insertUpdate(javax.swing.event.DocumentEvent e)
private boolean	isDebugMode() Tests if the program is in debug mode
boolean	isForcingCryptoki()
private boolean	isTextFile(java.io.File f) Tests if a file is a text file; this method probably works only in a unicode system (fixme).
private void	loadProperties()
static void	main(java.lang.String[] args)
private void	openSignature(java.lang.String digestAlg, java.lang.String encryptionAlg, boolean digestOnToken) Prepares a signing procedure.
private void	prepareDigestFromTextArea() Takes text from data area and digests it.
void	removeUpdate(javax.swing.event.DocumentEvent e)
private void	setCertificate(byte[] newCertificate) Sets the signer certificate
private void	setCryptokiLib(java.lang.String newCryptokiLib) Sets the cryptoki library name.
void	setEncodedDigest(java.lang.String data) Sets the base64 encoded digest.
void	setEncryptedDigest(byte[] newEncryptedDigest) Sets the private-key encrypted digest
void	setFileToSign(java.io.File fileToSign)
private void	setSignerLabel(java.lang.String newSignerLabel) Sets the label identifiyng the signer objects on the token.
private void	setStatus(int code, java.lang.String statusString) Sets the current status of the program (shown in the progress bar and with alerts in case of error.
private void	sign() Starts a signing task in a separate thread.

Methods inherited from class javax.swing.JFrame

addImpl, createRootPane, frameInit, getAccessibleContext, getContentPane, getDefaultCloseOperation, getGlassPane, getGraphics, getJMenuBar, getLayeredPane, getRootPane, getTransferHandler, isDefaultLookAndFeelDecorated, isRootPaneCheckingEnabled, paramString, processWindowEvent, remove, repaint, setContentPane, setDefaultCloseOperation, setDefaultLookAndFeelDecorated, setGlassPane, setIconImage, setJMenuBar, setLayeredPane, setLayout, setRootPane, setRootPaneCheckingEnabled, setTransferHandler, update

Methods inherited from class java.awt.Frame

addNotify, getCursorType, getExtendedState, getFrames, getIconImage, getMaximizedBounds, getMenuBar, getState, getTitle, isResizable, isUndecorated, remove, removeNotify, setBackground, setCursor, setExtendedState, setMaximizedBounds, setMenuBar, setOpacity, setResizable, setShape, setState, setTitle, setUndecorated

Methods inherited from class java.awt.Window

addPropertyChangeListener, addPropertyChangeListener, addWindowFocusListener, addWindowListener, addWindowStateListener, applyResourceBundle, applyResourceBundle, createBufferStrategy, createBufferStrategy, dispose, getBackground, getBufferStrategy, getFocusableWindowState, getFocusCycleRootAncestor, getFocusOwner, getFocusTraversalKeys, getIconImages, getInputContext, getListeners, getLocale, getModalExclusionType, getMostRecentFocusOwner, getOpacity, getOwnedWindows, getOwner, getOwnerlessWindows, getShape, getToolkit, getType, getWarningString, getWindowFocusListeners, getWindowListeners, getWindows, getWindowStateListeners, hide, isActive, isAlwaysOnTop, isAlwaysOnTopSupported, isAutoRequestFocus, isFocusableWindow, isFocusCycleRoot, isFocused, isLocationByPlatform, isOpaque, isShowing, isValidateRoot, pack, paint, postEvent, processEvent, processWindowFocusEvent, processWindowStateEvent, removeWindowFocusListener, removeWindowListener, removeWindowStateListener, reshape, setAlwaysOnTop, setAutoRequestFocus, setBounds, setBounds, setCursor, setFocusableWindowState, setFocusCycleRoot, setIconImages, setLocation, setLocation, setLocationByPlatform, setLocationRelativeTo, setMinimumSize, setModalExclusionType, setSize, setSize, setType, setVisible, show, toBack, toFront

Methods inherited from class java.awt.Container

add, add, add, add, add, addContainerListener, applyComponentOrientation, areFocusTraversalKeysSet, countComponents, deliverEvent, doLayout, findComponentAt, findComponentAt, getAlignmentX, getAlignmentY, getComponent, getComponentAt, getComponentAt, getComponentCount, getComponents, getComponentZOrder, getContainerListeners, getFocusTraversalPolicy, getInsets, getLayout, getMaximumSize, getMinimumSize, getMousePosition, getPreferredSize, insets, invalidate, isAncestorOf, isFocusCycleRoot, isFocusTraversalPolicyProvider, isFocusTraversalPolicySet, layout, list, list, locate, minimumSize, paintComponents, preferredSize, print, printComponents, processContainerEvent, remove, removeAll, removeContainerListener, setComponentZOrder, setFocusTraversalKeys, setFocusTraversalPolicy, setFocusTraversalPolicyProvider, setFont, transferFocusDownCycle, validate, validateTree

Methods inherited from class java.awt.Component

action, add, addComponentListener, addFocusListener, addHierarchyBoundsListener, addHierarchyListener, addInputMethodListener, addKeyListener, addMouseListener, addMouseMotionListener, addMouseWheelListener, bounds, checkImage, checkImage, coalesceEvents, contains, contains, createImage, createImage, createVolatileImage, createVolatileImage, disable, disableEvents, dispatchEvent, enable, enable, enableEvents, enableInputMethods, firePropertyChange, firePropertyChange, firePropertyChange, firePropertyChange, firePropertyChange, firePropertyChange, firePropertyChange, firePropertyChange, firePropertyChange, getBaseline, getBaselineResizeBehavior, getBounds, getBounds, getColorModel, getComponentListeners, getComponentOrientation, getCursor, getDropTarget, getFocusListeners, getFocusTraversalKeysEnabled, getFont, getFontMetrics, getForeground, getGraphicsConfiguration, getHeight, getHierarchyBoundsListeners, getHierarchyListeners, getIgnoreRepaint, getInputMethodListeners, getInputMethodRequests, getKeyListeners, getLocation, getLocation, getLocationOnScreen, getMouseListeners, getMouseMotionListeners, getMousePosition, getMouseWheelListeners, getName, getParent, getPeer, getPropertyChangeListeners, getPropertyChangeListeners, getSize, getSize, getTreeLock, getWidth, getX, getY, gotFocus, handleEvent, hasFocus, imageUpdate, inside, isBackgroundSet, isCursorSet, isDisplayable, isDoubleBuffered, isEnabled, isFocusable, isFocusOwner, isFocusTraversable, isFontSet, isForegroundSet, isLightweight, isMaximumSizeSet, isMinimumSizeSet, isPreferredSizeSet, isValid, isVisible, keyDown, keyUp, list, list, list, location, lostFocus, mouseDown, mouseDrag, mouseEnter, mouseExit, mouseMove, mouseUp, move, nextFocus, paintAll, prepareImage, prepareImage, printAll, processComponentEvent, processFocusEvent, processHierarchyBoundsEvent, processHierarchyEvent, processInputMethodEvent, processKeyEvent, processMouseEvent, processMouseMotionEvent, processMouseWheelEvent, removeComponentListener, removeFocusListener, removeHierarchyBoundsListener, removeHierarchyListener, removeInputMethodListener, removeKeyListener, removeMouseListener, removeMouseMotionListener, removeMouseWheelListener, removePropertyChangeListener, removePropertyChangeListener, repaint, repaint, repaint, requestFocus, requestFocus, requestFocusInWindow, requestFocusInWindow, resize, resize, revalidate, setComponentOrientation, setDropTarget, setEnabled, setFocusable, setFocusTraversalKeysEnabled, setForeground, setIgnoreRepaint, setLocale, setMaximumSize, setName, setPreferredSize, show, size, toString, transferFocus, transferFocusBackward, transferFocusUpCycle

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface java.awt.MenuContainer

getFont, postEvent

Field Detail

logArea

private javax.swing.JTextArea logArea

dataArea

private javax.swing.JTextArea dataArea

pwd

private javax.swing.JPasswordField pwd

certArea

private javax.swing.JTextArea certArea

signTask

private DigestSignTask signTask

signTimer

private javax.swing.Timer signTimer

certTask

private FindCertTask certTask

findTimer

private javax.swing.Timer findTimer

f

private javax.swing.JButton f

c

private javax.swing.JButton c

s

private javax.swing.JButton s

progressBar

private javax.swing.JProgressBar progressBar

debug

boolean debug

submitAfterSigning

boolean submitAfterSigning

bytesToSign

private byte[] bytesToSign

encodedDigest

private java.lang.String encodedDigest

encryptedDigest

private byte[] encryptedDigest

log

private java.io.PrintStream log

ONE_SECOND

public static final int ONE_SECOND

See Also:

Constant Field Values

cryptokiLib

private java.lang.String cryptokiLib

signerLabel

private java.lang.String signerLabel

certificate

private byte[] certificate

msg

private org.bouncycastle.cms.CMSProcessable msg

cmsGenerator

private ExternalSignatureCMSSignedDataGenerator cmsGenerator

signerInfoGenerator

private ExternalSignatureSignerInfoGenerator signerInfoGenerator

signersCertList

private java.util.ArrayList signersCertList

fileToSign

private java.io.File fileToSign

forcingCryptoki

private boolean forcingCryptoki

PROPERTIES_FILE

private static java.lang.String PROPERTIES_FILE

makeDigestOnToken

private boolean makeDigestOnToken

digestAlg

private java.lang.String digestAlg

encAlg

private java.lang.String encAlg

Constructor Detail

GUITest

public GUITest(java.lang.String title,
       java.lang.String aDebug,
       java.lang.String aCryptoki)

The class constructor.

Parameters:

title - , shown on the window title bar.

aDebug - if True, causes operation log to be shown in the GUI, in a dedicated pane.

Throws:

java.awt.HeadlessException

Method Detail

isForcingCryptoki

public boolean isForcingCryptoki()

Returns:

Returns the forcingCryptoki.

loadProperties

private void loadProperties()

findCert

private void findCert()

main

public static void main(java.lang.String[] args)

openSignature

private void openSignature(java.lang.String digestAlg,
                 java.lang.String encryptionAlg,
                 boolean digestOnToken)
                    throws java.security.InvalidKeyException,
                           java.security.SignatureException,
                           java.security.NoSuchProviderException,
                           java.security.NoSuchAlgorithmException,
                           java.io.IOException,
                           org.bouncycastle.cms.CMSException,
                           java.security.cert.CertificateException

Prepares a signing procedure.

Parameters:

digestAlg -

encryptionAlg -

digestOnToken -

Throws:

java.security.InvalidKeyException

java.security.SignatureException

java.security.NoSuchProviderException

java.security.NoSuchAlgorithmException

java.io.IOException

org.bouncycastle.cms.CMSException

java.security.cert.CertificateException

sign

private void sign()

Starts a signing task in a separate thread.

Parameters:

digestOnToken - if true, the cryptoki - card takes care of digesting; raw bytes to sign are passed to cryptoki functions.

closeSignature

private void closeSignature()
                     throws java.security.cert.CertificateException

Terminates the signing procedure creating the signer information data structure.

Throws:

java.security.cert.CertificateException

buildCMSSignedData

private org.bouncycastle.cms.CMSSignedData buildCMSSignedData()
                                                       throws java.security.cert.CertStoreException,
                                                              java.security.InvalidAlgorithmParameterException,
                                                              java.security.cert.CertificateExpiredException,
                                                              java.security.cert.CertificateNotYetValidException,
                                                              java.security.NoSuchAlgorithmException,
                                                              java.security.NoSuchProviderException,
                                                              org.bouncycastle.cms.CMSException

Creates the signed data structure, using signer infos precedently accumulated.

Returns:

Throws:

java.security.cert.CertStoreException

java.security.InvalidAlgorithmParameterException

java.security.cert.CertificateExpiredException

java.security.cert.CertificateNotYetValidException

java.security.NoSuchAlgorithmException

java.security.NoSuchProviderException

org.bouncycastle.cms.CMSException

actionPerformed

public void actionPerformed(java.awt.event.ActionEvent e)

The "control center" of the class, mandatory to satisfy the java.awt.event.ActionListener interface contract.

Specified by:

actionPerformed in interface java.awt.event.ActionListener

See Also:

ActionListener.actionPerformed(java.awt.event.ActionEvent)

isTextFile

private boolean isTextFile(java.io.File f)
                    throws java.io.IOException

Tests if a file is a text file; this method probably works only in a unicode system (fixme).

Parameters:

f -

Returns:

Throws:

java.io.IOException

prepareDigestFromTextArea

private void prepareDigestFromTextArea()
                                throws java.security.NoSuchAlgorithmException,
                                       java.io.UnsupportedEncodingException

Takes text from data area and digests it.

Throws:

java.security.NoSuchAlgorithmException

java.io.UnsupportedEncodingException

decode

public java.lang.String decode(java.lang.String s)

Decodes a base64 String in a normal Unicode string.

Parameters:

s -

Returns:

decodeToBytes

public byte[] decodeToBytes(java.lang.String s)

Converts a base64 String in a byte array.

Parameters:

s -

Returns:

enableControls

private void enableControls(boolean enable)

Enables GUI controls.

Parameters:

enable - boolean

encode

public java.lang.String encode(java.lang.String s)

Encodes a String into its base64 encoding version.

Parameters:

s -

Returns:

encodeFromBytes

public java.lang.String encodeFromBytes(byte[] bytes)

Creates the base64 encoding of a byte array.

Parameters:

bytes -

Returns:

getAppletInfo

public java.lang.String getAppletInfo()

Returns information about this applet.

Returns:

a string of information about this applet

getCertificate

public byte[] getCertificate()

Returns the signer's certificate.

Returns:

byte

getJavaCertificate

public java.security.cert.X509Certificate getJavaCertificate()
                                                      throws java.security.cert.CertificateException

Throws:

java.security.cert.CertificateException

getCryptokiLib

private java.lang.String getCryptokiLib()

Returns the cryptoki library name.

Returns:

java.lang.String

getEncodedDigest

public java.lang.String getEncodedDigest()

Returns the base64 encoding of the digest.

Returns:

the base64 encoding.

getEncryptedDigest

public byte[] getEncryptedDigest()

Gets the digest encrypted with the private key of the signer.

Returns:

getSignerLabel

private java.lang.String getSignerLabel()

Returns the label identifiyng the signer objects on the token.

Returns:

initStatus

private void initStatus(int min,
              int max)

Resets the progress bar status.

Parameters:

min -

max -

isDebugMode

private boolean isDebugMode()

Tests if the program is in debug mode

Returns:

boolean

setCertificate

private void setCertificate(byte[] newCertificate)

Sets the signer certificate

Parameters:

newCertificate -

setCryptokiLib

private void setCryptokiLib(java.lang.String newCryptokiLib)

Sets the cryptoki library name.

Parameters:

newCryptokiLib -

setEncodedDigest

public void setEncodedDigest(java.lang.String data)

Sets the base64 encoded digest.

Parameters:

data -

setEncryptedDigest

public void setEncryptedDigest(byte[] newEncryptedDigest)

Sets the private-key encrypted digest

Parameters:

newEncryptedDigest -

setSignerLabel

private void setSignerLabel(java.lang.String newSignerLabel)

Sets the label identifiyng the signer objects on the token.

Parameters:

newSignerLabel -

setStatus

private void setStatus(int code,
             java.lang.String statusString)

Sets the current status of the program (shown in the progress bar and with alerts in case of error.

Parameters:

code -

statusString -

algToMechanism

private long algToMechanism(boolean digestOnToken,
                  java.lang.String digestAlg,
                  java.lang.String encryptionAlg)

formatAsHexString

java.lang.String formatAsHexString(byte[] bytes)

Converts a byte array in its exadecimal representation.

Parameters:

bytes -

Returns:

detectCardAndCriptoki

private boolean detectCardAndCriptoki()
                               throws java.io.IOException

This triggers the PCSC wrapper stuff; a PCSCHelperclass is used to detect reader and token presence, trying also to provide a candidate PKCS#11 cryptoki for it.

Returns:

true if a token with corresponding candidate cryptoki was detected.

Throws:

java.io.IOException

getFileToSign

public java.io.File getFileToSign()

setFileToSign

public void setFileToSign(java.io.File fileToSign)

applyPkcs1Padding

private byte[] applyPkcs1Padding(int resultLength,
                       byte[] srcBytes)

encapsulateInDigestInfo

private byte[] encapsulateInDigestInfo(java.lang.String digestAlg,
                             byte[] digestBytes)
                                throws java.io.IOException

Throws:

java.io.IOException

changedUpdate

public void changedUpdate(javax.swing.event.DocumentEvent e)

Specified by:

changedUpdate in interface javax.swing.event.DocumentListener

insertUpdate

public void insertUpdate(javax.swing.event.DocumentEvent e)

Specified by:

insertUpdate in interface javax.swing.event.DocumentListener

removeUpdate

public void removeUpdate(javax.swing.event.DocumentEvent e)

Specified by:

removeUpdate in interface javax.swing.event.DocumentListener