Skip to content

Commit fc8879b

Browse files
Merge pull request #10 from FrancescoValentini/1.0.13
1.0.13 AES 256 GCM set as default algorithm Improved automatic algorithm detection system Added validation of certificate key usages Added form to import keys
2 parents de29579 + 08c8b83 commit fc8879b

23 files changed

Lines changed: 935 additions & 159 deletions

pom.xml

Lines changed: 15 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
<modelVersion>4.0.0</modelVersion>
55
<groupId>HackerInside_EncryptionToolkit</groupId>
66
<artifactId>HackerInside_EncryptionToolkit</artifactId>
7-
<version>1.0.12</version>
7+
<version>1.0.13</version>
88
<name>HackerInside EncryptionToolkit</name>
99
<properties>
1010
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
@@ -28,14 +28,25 @@
2828
<plugin>
2929
<groupId>org.springframework.boot</groupId>
3030
<artifactId>spring-boot-maven-plugin</artifactId>
31-
<version>4.0.1</version> <executions>
31+
<version>4.0.1</version>
32+
<executions>
3233
<execution>
3334
<goals>
3435
<goal>repackage</goal>
3536
</goals>
3637
<configuration>
3738
<mainClass>it.hackerinside.etk.GUI.forms.ETKMain</mainClass>
3839
<layout>JAR</layout>
40+
<requiresUnpack>
41+
<dependency>
42+
<groupId>org.bouncycastle</groupId>
43+
<artifactId>bcprov-jdk18on</artifactId>
44+
</dependency>
45+
<dependency>
46+
<groupId>org.bouncycastle</groupId>
47+
<artifactId>bcpkix-jdk18on</artifactId>
48+
</dependency>
49+
</requiresUnpack>
3950
</configuration>
4051
</execution>
4152
</executions>
@@ -47,13 +58,13 @@
4758
<dependency>
4859
<groupId>org.bouncycastle</groupId>
4960
<artifactId>bcprov-jdk18on</artifactId>
50-
<version>1.83</version>
61+
<version>1.84</version>
5162
</dependency>
5263
<!-- https://mvnrepository.com/artifact/org.bouncycastle/bcpkix-jdk18on -->
5364
<dependency>
5465
<groupId>org.bouncycastle</groupId>
5566
<artifactId>bcpkix-jdk18on</artifactId>
56-
<version>1.83</version>
67+
<version>1.84</version>
5768
</dependency>
5869
<!-- https://mvnrepository.com/artifact/com.formdev/flatlaf -->
5970
<dependency>

src/it/hackerinside/etk/GUI/ETKContext.java

Lines changed: 27 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@
2828
*/
2929
public class ETKContext {
3030

31-
public static final String ETK_VERSION = "1.0.12";
31+
public static final String ETK_VERSION = "1.0.13";
3232

3333
/**
3434
* Singleton instance of ETKContext.
@@ -671,7 +671,29 @@ public boolean useRsaOaep() {
671671
);
672672
return Boolean.parseBoolean(vUseRsaOaep);
673673
}
674-
674+
675+
/**
676+
* Sets whether x.509 key usages should be validated
677+
* @param vValKeyUsage
678+
*/
679+
public void setValidateKeyUsages(boolean vValKeyUsage) {
680+
preferences.put(
681+
ApplicationPreferences.VALIDATE_KEY_USAGES.getKey(),
682+
Boolean.toString(vValKeyUsage)
683+
);
684+
}
685+
686+
/**
687+
* Return whether x.509 key usages should be validated
688+
* @return
689+
*/
690+
public boolean validateKeyUsages() {
691+
String vValKeyUsage = preferences.get(
692+
ApplicationPreferences.VALIDATE_KEY_USAGES.getKey(),
693+
ApplicationPreferences.VALIDATE_KEY_USAGES.getValue()
694+
);
695+
return Boolean.parseBoolean(vValKeyUsage);
696+
}
675697

676698

677699
/**
@@ -752,6 +774,7 @@ public String toString() {
752774
- getTrustStore()=%s
753775
- isPkcs11SignOnly()=%s
754776
- useRsaOaep()=%s
777+
- validateKeyUsages()=%s
755778
""".formatted(
756779
keystore,
757780
knownCerts,
@@ -773,7 +796,8 @@ public String toString() {
773796
getTrustStorePath(),
774797
getTrustStore(),
775798
isPkcs11SignOnly(),
776-
useRsaOaep()
799+
useRsaOaep(),
800+
validateKeyUsages()
777801
);
778802
}
779803

src/it/hackerinside/etk/GUI/Utils.java

Lines changed: 16 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,8 @@
1515
import org.bouncycastle.util.Arrays;
1616

1717
import it.hackerinside.etk.GUI.DTOs.CertificateWrapper;
18+
import it.hackerinside.etk.Utils.X509KeyUsageValidator;
19+
import it.hackerinside.etk.core.Models.KeyUsageProfile;
1820
import it.hackerinside.etk.core.keystore.AbstractKeystore;
1921

2022
public class Utils {
@@ -40,7 +42,20 @@ public static boolean acceptX509Certificate(X509Certificate cert) {
4042
);
4143
}
4244
}
43-
45+
46+
public static boolean validateCertFlags(X509Certificate cert, KeyUsageProfile keyProfile) {
47+
if(!X509KeyUsageValidator.hasKeyUsage(cert, X509KeyUsageValidator.Mode.ANY, keyProfile)) {
48+
return DialogUtils.showConfirmBox(
49+
null,
50+
"Invalid certificate!",
51+
"The certificate has INVALID key usages, accept the risk?",
52+
"Press OK to accept the certificate, cancel otherwise.",
53+
JOptionPane.WARNING_MESSAGE
54+
);
55+
}
56+
return true;
57+
}
58+
4459
/**
4560
* Retrieves the password for the given alias.
4661
* This method checks if the password is already cached for the given alias.

src/it/hackerinside/etk/GUI/forms/ETKMain.java

Lines changed: 4 additions & 37 deletions
Original file line numberDiff line numberDiff line change
@@ -865,43 +865,10 @@ private void importKeypair() {
865865
}
866866

867867
if(ctx.getKeystore() == null) return;
868-
File sourceKeystore = FileDialogUtils.openFileDialog(
869-
null,
870-
"Import KeyPairs",
871-
".",
872-
DefaultExtensions.CRYPTO_P12,
873-
DefaultExtensions.CRYPTO_PFX
874-
);
875868

876-
if(sourceKeystore == null) return;
877-
kms.setCertificateValidationProvider((crt) -> Utils.acceptX509Certificate(crt));
878-
kms.setPwdProvider(() -> DialogUtils.showPasswordInputBox(
879-
null,
880-
"Unlock Source Keystore",
881-
sourceKeystore.getName(),
882-
"Password:"
883-
));
884-
885-
kms.setPwdProvider((alias) -> askUnlockPrivateKey(alias));
886-
try {
887-
kms.importKeyPair(sourceKeystore);
888-
889-
} catch (UnsupportedOperationException e) {
890-
DialogUtils.showMessageBox(
891-
null,
892-
"Operation not supported!",
893-
e.getMessage(),
894-
"",
895-
JOptionPane.WARNING_MESSAGE
896-
);
897-
}catch (Exception e) {
898-
e.printStackTrace();
899-
DialogUtils.showMessageBox(null, "Error importing Keys!", "Error importing Keys!",
900-
e.getMessage(),
901-
JOptionPane.ERROR_MESSAGE);
902-
}
903-
904-
updateTable();
869+
KeyPairImportForm kpImport = new KeyPairImportForm(null);
870+
kpImport.setVisible();
871+
kpImport.setCallback(() -> {updateTable();});
905872
}
906873

907874
/**
@@ -1142,7 +1109,7 @@ private void newKeyPair() {
11421109
private void filesChecksum() {
11431110
FileHashForm fh = new FileHashForm();
11441111
fh.setVisible();
1145-
1112+
11461113
}
11471114

11481115
private void notLoggedInError() {

src/it/hackerinside/etk/GUI/forms/EncryptForm.java

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -33,9 +33,11 @@
3333
import it.hackerinside.etk.GUI.DTOs.CertificateTableRow;
3434
import it.hackerinside.etk.GUI.DTOs.CertificateWrapper;
3535
import it.hackerinside.etk.Utils.X509CertificateLoader;
36+
import it.hackerinside.etk.Utils.X509KeyUsageValidator;
3637
import it.hackerinside.etk.Utils.X509Utils;
3738
import it.hackerinside.etk.core.Models.DefaultExtensions;
3839
import it.hackerinside.etk.core.Models.EncodingOption;
40+
import it.hackerinside.etk.core.Models.KeyUsageProfile;
3941
import it.hackerinside.etk.core.Models.SymmetricAlgorithms;
4042
import it.hackerinside.etk.core.Services.EncryptionService;
4143
import it.hackerinside.etk.core.keystore.AbstractKeystore;
@@ -330,7 +332,7 @@ public void actionPerformed(ActionEvent e) {
330332

331333
btnAddRecipient.addActionListener(new ActionListener() {
332334
public void actionPerformed(ActionEvent e) {
333-
if(recipient != null && Utils.acceptX509Certificate(recipient)) {
335+
if(recipient != null && Utils.acceptX509Certificate(recipient) && (ctx.validateKeyUsages() ? Utils.validateCertFlags(recipient, KeyUsageProfile.ENCRYPTION) : true)) {
334336
recipients.add(recipient);
335337
Object selectedCert = cmbRecipientCert.getSelectedItem();
336338
if(selectedCert != null) {
@@ -402,7 +404,8 @@ private void populateKnowCerts(JComboBox<CertificateWrapper> combo) {
402404
cert -> {
403405
String alg = cert.getPublicKey().getAlgorithm();
404406
boolean validCert = ctx.hideInvalidCerts() ? X509Utils.checkTimeValidity(cert) : true;
405-
return alg != null && validCert && !alg.toUpperCase().contains("DSA");
407+
boolean validKeyUsages = ctx.validateKeyUsages() ? X509KeyUsageValidator.hasKeyUsage(cert, X509KeyUsageValidator.Mode.ANY, KeyUsageProfile.ENCRYPTION) : true;
408+
return alg != null && validCert && !alg.toUpperCase().contains("DSA") && validKeyUsages;
406409
}
407410
);
408411
}

0 commit comments

Comments
 (0)