EldoS | Feel safer!

Software components for data protection, secure storage and transfer

TElMemoryCertStorage and TElX509Certificate in Mac OS, Linux..

Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.
#29442
Posted: 05/13/2014 07:43:47
by Vsevolod Ievgiienko (EldoS Corp.)

Quote
When using the OfficeBlackBox Sample of your 12th version, when I do _OfficeDocument.open("full_path.docx", false); it is thrown up an exception saying: "java.lang.StringIndexOutOfBoundsException: String index out of range: -1", regardless the file I choose.. In the 11th version, this error doesn't appear..

We've fixed the issue and the new build was uploaded to the server without changing the build number. You can download it here: https://www.eldos.com/sbb/download-pre...hp#product
#29443
Posted: 05/14/2014 06:25:48
by glinttgs sousa (Basic support level)
Joined: 02/27/2014
Posts: 51

Thank you for the fix.

By the way, I'm trying to use TElMemoryCertStorage.LoadFromFileJKS method, but it doesn't appear. I'm using the newest 12th version.. Do I need to include something more?
#29444
Posted: 05/14/2014 06:26:53
by Eugene Mayevski (EldoS Corp.)

It must be LoadFromStreamJKS , not LoadFromFileJKS.


Sincerely yours
Eugene Mayevski
#29456
Posted: 05/15/2014 05:20:30
by glinttgs sousa (Basic support level)
Joined: 02/27/2014
Posts: 51

Can you detail a little bit more how do I load a JKS file in Mac OSx or Linux?

The loadFromStreamJKS method requests an InputStream, String, int and TElJKSPasswordEvent.

I want to load all certificates in KeyChainStore (in OSx, for instance).
How do I get an inputStream from the certificates? And what are the meaning of the String, int and TElJKSPasswordEvent? What are the proper values of these parameters?
#29457
Posted: 05/15/2014 05:26:34
by Vsevolod Ievgiienko (EldoS Corp.)

Please refer to the documentation: https://www.eldos.com/documentation/sb...amjks.html

The stream can be created next way:

Code
InputStream is = new FileInputStream("path_to_jks_file");
#29458
Posted: 05/15/2014 05:31:01
by glinttgs sousa (Basic support level)
Joined: 02/27/2014
Posts: 51

Do you know what is the path to the certificate store of Mac or Linux? Does it depend of the computer?
#29460
Posted: 05/15/2014 05:47:48
by Vsevolod Ievgiienko (EldoS Corp.)

Quote
Does it depend of the computer?

Yes it depends.

If talking about java key stores, then you can use next code as a template (works for Windows and Linux):

Code
public class OS {
   public static final int OS_UNKNOWN = -1;
   public static final int OS_WINDOWS = 0;
   public static final int OS_MAC = 1;
   public static final int OS_LINUX = 2;
   public static final int OS_SOLARIS = 3;
   
   private static int detectOS() {
      String OS = System.getProperty("os.name").toLowerCase();
      
      if (OS.indexOf("win") >= 0)
         return OS_WINDOWS;
      else if (OS.indexOf("mac") >= 0)
         return OS_MAC;
      else if (OS.indexOf("nix") >= 0 || OS.indexOf("nux") >= 0 || OS.indexOf("aix") > 0 )
         return OS_LINUX;
      else if (OS.indexOf("sunos") >= 0)
         return OS_SOLARIS;
      else
         return OS_UNKNOWN;
   }
   
   public static String detectKeystorePath() {
      int os = detectOS();
      String home = System.getProperty("java.home");
      
      if (os == OS_WINDOWS) {
         return home + "\\lib\\security\\cacerts";
      } else if (os == OS_LINUX) {
         return home + "/lib/security/cacerts";
      } else
         return null;
   }
}
#29461
Posted: 05/15/2014 06:20:12
by glinttgs sousa (Basic support level)
Joined: 02/27/2014
Posts: 51

Thank you.

I try a lot of ways, but I always get the exception:

"java.security.PrivilegedActionException: SecureBlackbox.XML.EElXMLSecurityError: RSA key data expected."

If I convert a Certificate in JKS to a TElX509Certificate and that certificate is a certificate of a smart card it is always thrown this exception.

I try to change all my local settings to have all kind of permissions, but still no luck.. I guess I'll have to use TElWinCertStorage.. But for Mac and Linux there is no other way to do this, right?
#29462
Posted: 05/15/2014 06:24:19
by Vsevolod Ievgiienko (EldoS Corp.)

Code
But for Mac and Linux there is no other way to do this, right?

The 12th version of SecureBlackbox includes PKCS#11 support for Mac and Linux. You can access your smart cards directly on those systems.
#29475
Posted: 05/16/2014 05:17:49
by glinttgs sousa (Basic support level)
Joined: 02/27/2014
Posts: 51

I got a Java code that accesses to my certificate and requests smart card PIN to access the private key.

Code
String hash = "ab13fab13h453d453ab13f453de";

String pkcs11config = "name=GemPC" + "\n"
                         + "library=C:/WINDOWS/system32/pteidpkcs11.dll";

                 byte[] pkcs11configBytes = pkcs11config.getBytes();
                 ByteArrayInputStream configStream = new ByteArrayInputStream(pkcs11configBytes);

                 Provider p = new SunPKCS11(configStream);
                 Security.addProvider(p);
                
                 CallbackHandler cmdLineHdlr = new com.sun.security.auth.callback.TextCallbackHandler();
                 KeyStore.Builder builder = KeyStore.Builder.newInstance("PKCS11", p,
                                   new KeyStore.CallbackHandlerProtection(cmdLineHdlr));
                 KeyStore ks = builder.getKeyStore();
                 String assinaturaCertifLabel = "CITIZEN SIGNATURE CERTIFICATE";
                 Certificate[] chain = ks.getCertificateChain(assinaturaCertifLabel);
                 Key key = ks.getKey(assinaturaCertifLabel, null);
                 CK_MECHANISM mechanism = new CK_MECHANISM();
                 mechanism.mechanism = PKCS11Constants.CKM_RSA_PKCS;
                 mechanism.pParameter = null;
                

                 Signature sig = Signature.getInstance("SHA1withRSA",p);
                 sig.initSign((PrivateKey)key) ;  // --> REQUESTS SMARTCARD PIN!
                 sig.update(hash.getBytes());
                 byte[] signedHash = sig.sign();
                 return signedHash;

That's it for Windows. How can I integrate this kind of Signature with your library?
I want to obtain a TElX509Certificate that contains a private key.

Can you help me?
Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.

Reply

Statistics

Topic viewed 2794 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!