+ The Eclipse Foundation makes available all content in this plug-in
+ ("Content"). Unless otherwise indicated below, the Content
+ is provided to you under the terms and conditions of the Eclipse
+ Public License Version 2.0 ("EPL"). A copy of the EPL is
+ available at http://www.eclipse.org/legal/epl-2.0.
+ For purposes of the EPL, "Program" will mean the Content.
+
+
+
+ If you did not receive this Content directly from the Eclipse
+ Foundation, the Content is being redistributed by another party
+ ("Redistributor") and different terms and conditions may
+ apply to your use of any object code in the Content. Check the
+ Redistributor's license that was provided with the Content. If no such
+ license exists, contact the Redistributor. Unless otherwise indicated
+ below, the terms and conditions of the EPL still apply to any source
+ code in the Content and such source code may be obtained at http://www.eclipse.org.
+
+
+
+
\ No newline at end of file
diff --git a/team/bundles/org.eclipse.core.pki/build.properties b/team/bundles/org.eclipse.core.pki/build.properties
new file mode 100644
index 00000000000..7533524e526
--- /dev/null
+++ b/team/bundles/org.eclipse.core.pki/build.properties
@@ -0,0 +1,22 @@
+###############################################################################
+# Copyright (c) 2023 Security Team and others.
+#
+# This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License 2.0
+# which accompanies this distribution, and is available at
+# https://www.eclipse.org/legal/epl-2.0/
+#
+# SPDX-License-Identifier: EPL-2.0
+#
+# Contributors:
+# Security Team - initial API and implementation
+###############################################################################
+source.. = src/
+output.. = bin/
+bin.includes = META-INF/,\
+ .,\
+ plugin.properties,\
+ plugin.xml,\
+ icons/, \
+ about.html
+src.includes = about.html
diff --git a/team/bundles/org.eclipse.core.pki/icons/icons8-password-48.png b/team/bundles/org.eclipse.core.pki/icons/icons8-password-48.png
new file mode 100644
index 00000000000..3aefb07473c
Binary files /dev/null and b/team/bundles/org.eclipse.core.pki/icons/icons8-password-48.png differ
diff --git a/team/bundles/org.eclipse.core.pki/plugin.properties b/team/bundles/org.eclipse.core.pki/plugin.properties
new file mode 100644
index 00000000000..9a503da6054
--- /dev/null
+++ b/team/bundles/org.eclipse.core.pki/plugin.properties
@@ -0,0 +1,23 @@
+###############################################################################
+# Copyright (c) 2000, 2014 IBM Corporation and others.
+#
+# This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License 2.0
+# which accompanies this distribution, and is available at
+# https://www.eclipse.org/legal/epl-2.0/
+#
+# SPDX-License-Identifier: EPL-2.0
+#
+# Contributors:
+# IBM Corporation - initial API and implementation
+# yyyymmdd bug Email and other contact information
+# -------- -------- -----------------------------------------------------------
+# 20070201 154100 pmoogk@ca.ibm.com - Peter Moogk, Port internet code from WTP to Eclipse base.
+###############################################################################
+
+#
+# Messages in plugin.xml.
+#
+PLUGIN_NAME=Internet PKI Core Management
+PLUGIN_PROVIDER=Eclipse.org
+TRACE_COMPONENT_LABEL=Platform Core PKI
diff --git a/team/bundles/org.eclipse.core.pki/plugin.xml b/team/bundles/org.eclipse.core.pki/plugin.xml
new file mode 100644
index 00000000000..1d90d00cf3d
--- /dev/null
+++ b/team/bundles/org.eclipse.core.pki/plugin.xml
@@ -0,0 +1,36 @@
+
+
+
+
+
+
+
+
+
+
diff --git a/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/AuthenticationBase.java b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/AuthenticationBase.java
new file mode 100644
index 00000000000..48a28264a27
--- /dev/null
+++ b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/AuthenticationBase.java
@@ -0,0 +1,342 @@
+/*******************************************************************************
+ * Copyright (c) 2023 Eclipse Platform, Security Group and others.
+ *
+ * This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License 2.0
+ * which accompanies this distribution, and is available at
+ * https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *
+ * Contributors:
+ * Eclipse Platform - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.core.pki;
+
+import java.lang.reflect.Method;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.security.InvalidParameterException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchProviderException;
+import java.security.Provider;
+import java.security.ProviderException;
+import java.security.SecureRandom;
+import java.security.Security;
+import java.util.ArrayList;
+import java.util.Optional;
+
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
+
+import org.eclipse.core.pki.AuthenticationService;
+import org.eclipse.core.pki.util.ConfigureTrust;
+import org.eclipse.core.pki.util.KeyStoreManager;
+import org.eclipse.core.pki.util.LogUtil;
+
+public enum AuthenticationBase implements AuthenticationService {
+ INSTANCE;
+
+ protected SSLContext sslContext;
+ protected String pin;
+ static KeyStore.PasswordProtection pp = new KeyStore.PasswordProtection("".toCharArray()); //$NON-NLS-1$
+ // private static final String javaVersion = System.getProperty("java.version");
+ protected boolean is9;
+ protected String pkiProvider = "SunPKCS11"; // or could be FIPS provider :SunPKCS11-FIPS //$NON-NLS-1$
+ protected String providerName = null;
+ protected String cfgDirectory = null;
+ protected String fingerprint;
+ KeyStore keyStore = null;
+ @Override
+ public KeyStore initialize(char[] p) {
+ // TODO Auto-generated method stub
+ pp = new KeyStore.PasswordProtection(p);
+ String pin = new String(p);
+ try {
+
+ //LogUtil.logInfo("Before configure keyStore with PIN:"+pin); //$NON-NLS-1$
+
+ OptionalkeyStoreContainer = Optional.ofNullable(configure());
+ //LogUtil.logInfo("Before configured keyStore with PIN:"+pin); //$NON-NLS-1$
+ if (keyStoreContainer.isEmpty() ) {
+ return null;
+ } else {
+ keyStore=keyStoreContainer.get();
+ }
+ try {
+ /*
+ * Only load the store if the pin is a valuye other than the default setting of
+ * "pin" Otherwise the store will be preloaded by the default loading of the
+ * keystore, dynamically
+ */
+ if (!(pin.equalsIgnoreCase("pin"))) { //$NON-NLS-1$
+ PkiCallbackHandler pkiCB = new PkiCallbackHandler();
+ PkiLoadParameter lp = new PkiLoadParameter();
+ lp.setWaitForSlot(true);
+ lp.setProtectionParameter(pp);
+
+ lp.setEventHandler(pkiCB);
+ keyStore.load(lp);
+ sslContext=AuthenticationBase.INSTANCE.setSSLContext(keyStore);
+ System.out.println("AuthenticationBase SSL context PROTOCOL:" + sslContext.getProtocol()); //$NON-NLS-1$
+ }
+
+ } catch (Exception e) {
+ /*
+ * An incorrect PiN could have been entered. AND thats OK, they can try again.
+ */
+ LogUtil.logError("Unable to load KeyStore, Bad Pin?", e); //$NON-NLS-1$
+ return null;
+ }
+ // System.setProperty("javax.net.ssl.keyStoreProvider", "SunPKCS11");
+ System.setProperty("javax.net.ssl.keyStoreProvider", "SunPKCS11"); //$NON-NLS-1$ //$NON-NLS-2$
+ System.setProperty("https.protocols", "TLSv1.1,TLSv1.2,TLSv1.3"); //$NON-NLS-1$ //$NON-NLS-2$
+ } catch (Exception e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ /*
+ * TDB: TODO: Set the context AFTER you set the keystore...
+ */
+
+// this.sslContext= setSSLContext(keyStore );
+ return keyStore;
+ }
+
+ private KeyStore configure() {
+ Optional configurationDirectory = null;
+ OptionalproviderContainer = null;
+ Provider prototype = null;
+ String securityProvider = null;
+ //String cfgDirectory = "TBD"; //$NON-NLS-1$
+ KeyStore keyStore = null;
+ String errorMessage=null;
+ is9 = true;
+
+ // System.out.println("In configure CFG STORED FILE LOC:" +
+
+ configurationDirectory = Optional.ofNullable(System.getProperty("javax.net.ssl.cfgFileLocation")); //$NON-NLS-1$
+ if (configurationDirectory.isEmpty()) {
+ // Where is it for Windoz
+ //TBD: find default setting
+ setCfgDirectory(new String("/etc/opensc")); //$NON-NLS-1$
+ } else {
+ setCfgDirectory(configurationDirectory.get().toString());
+ }
+
+ if (Files.exists(Paths.get(getCfgDirectory()))) {
+ LogUtil.logInfo("AuthenticationBase - PKCS11 configure DIR:" + getCfgDirectory()); //$NON-NLS-1$
+ providerContainer=Optional.ofNullable(
+ System.getProperty("javax.net.ssl.keyStoreProvider")); //$NON-NLS-1$
+
+ if (providerContainer.isEmpty() ) {
+ securityProvider = pkiProvider;
+ } else {
+ securityProvider = providerContainer.get().toString();
+ }
+ prototype = Security.getProvider(securityProvider);
+ if (prototype == null) {
+ LogUtil.logInfo("In configure PROVIDER NOT FOUND"); //$NON-NLS-1$
+ }
+
+ try {
+ Provider provider = prototype.configure(getCfgDirectory());
+ providerName = provider.getName();
+ Security.addProvider(provider);
+ keyStore = KeyStore.getInstance("pkcs11", provider.getName() ); //$NON-NLS-1$
+ setPkiProvider(provider.getName());
+ } catch (KeyStoreException e) {
+ // TODO Auto-generated catch block
+ //e.printStackTrace();
+ errorMessage=e.getMessage()+" Problem loading the keystore.";
+ } catch (InvalidParameterException e) {
+ // TODO Auto-generated catch block
+ //e.printStackTrace();
+ errorMessage=e.getMessage()+" You have provided an invalid parameter.";
+ } catch (UnsupportedOperationException e) {
+ // TODO Auto-generated catch block
+ //e.printStackTrace();
+ errorMessage=e.getMessage()+" Operation is not supported at this time.";
+ } catch (NullPointerException e) {
+ // TODO Auto-generated catch block
+ //e.printStackTrace();
+ errorMessage=e.getMessage()+" A Null Pointer was found.";
+ } catch (NoSuchProviderException e) {
+ // TODO Auto-generated catch block
+ //e.printStackTrace();
+ errorMessage=e.getMessage()+" The PKCS11 provider could not be found.";
+ } catch (ProviderException e) {
+ // TODO Auto-generated catch block
+ //e.printStackTrace();
+ errorMessage=e.getMessage()+" No PKCS11 Configuration found.";
+ }
+ Optional errorContainer = Optional.ofNullable(errorMessage);
+ if ( !(errorContainer.isEmpty())) {
+ Security.removeProvider(providerName);
+ LogUtil.logError(errorMessage, null);
+ }
+ }
+
+ // listProviders();
+
+ return keyStore;
+ }
+ public KeyStore getKeyStore() {
+ return keyStore;
+ }
+
+ public SSLContext getSSLContext() {
+ return this.sslContext;
+ }
+
+
+ public boolean isPkcs11Setup() {
+
+ if ((getCfgDirectory() !=null ) && ( getPkiProvider() != null)) {
+ return true;
+ }
+ return false;
+
+ }
+
+ public SSLContext setSSLContext(KeyStore keyStore) {
+
+ try {
+ //System.out.println("In setSSLContext initialize TLS"); //$NON-NLS-1$
+ // sslContext = SSLContext.getInstance("TLS");
+ sslContext = SSLContext.getInstance("TLSv1.3"); //$NON-NLS-1$
+
+ Optional PKIXtrust = ConfigureTrust.MANAGER.setUp();
+ if (PKIXtrust.isEmpty()) {
+ LogUtil.logError("Invalid TrustManager Initialization.", null); //$NON-NLS-1$
+ } else {
+
+ KeyManager[] km = new KeyManager[] { KeyStoreManager.INSTANCE };
+ TrustManager[] tm = new TrustManager[] { ConfigureTrust.MANAGER };
+
+ sslContext.init(km, tm, new SecureRandom());
+ SSLContext.setDefault(sslContext);
+ HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
+ }
+ } catch (Exception e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ return sslContext;
+ }
+
+ public String getPkiProvider() {
+ return pkiProvider;
+ }
+
+ public void setPkiProvider(String pkiProvider) {
+ this.pkiProvider = pkiProvider;
+ }
+
+ public boolean isJava9() {
+ return is9;
+ }
+
+ public String getFingerprint() {
+ return fingerprint;
+ }
+
+ public static void setFingerprint(String fingerprint) {
+ AuthenticationBase.INSTANCE.fingerprint = fingerprint;
+ }
+
+ public KeyManager getCustomKeyManager(KeyStore keyStore) {
+ CustomKeyManager keyManager = null;
+ try {
+ keyManager = new CustomKeyManager(keyStore, "".toCharArray(), null); //$NON-NLS-1$
+ keyManager.setSelectedFingerprint(getFingerprint());
+ } catch (Exception e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ return keyManager;
+ }
+ public ArrayList getList() {
+ return EclipseKeyStoreCollection.PILE.getList(keyStore);
+ }
+
+ public boolean isJavaModulesBased() {
+ try {
+ Class.forName("java.lang.Module"); //$NON-NLS-1$
+ return true;
+ } catch (ClassNotFoundException e) {
+ return false;
+ }
+ }
+
+ public String getCfgDirectory() {
+ return cfgDirectory;
+ }
+
+ public void setCfgDirectory(String cfgDirectory) {
+ this.cfgDirectory = cfgDirectory;
+ }
+ public String getPin() {
+ return pin;
+ }
+ public void setPin(String pin) {
+ this.pin = pin;
+ pp = new KeyStore.PasswordProtection(pin.toCharArray());
+ }
+ public void logoff() {
+ try {
+ //System.out.println("SSLPkcs11Provider LOGOFF INVOKATION:");
+ //provider.clear();
+
+ //System.out.println("SSLPkcs11Provider LOGOFF DONE");
+ } catch (Exception e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+
+ }
+ public boolean login() {
+ //System.out.println("SSLPkcs11Provider LOGIN");
+ Provider provider = Security.getProvider(getPkiProvider());
+ if ( provider != null) {
+
+ try {
+ provider.clear();
+ return true;
+ } catch (SecurityException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
+
+ return false;
+ }
+
+ /*
+ * private static void listProviders() {
+ *
+ * Provider[] providers = Security.getProviders(); for (Provider provider :
+ * providers) { System.out.println("In configurejdk9 PROVIDER:" +
+ * provider.getName()); //$NON-NLS-1$
+ * System.out.println("In configurejdk9 PROVIDER INFO:" +
+ * provider.getInfo()); //$NON-NLS-1$ } }
+ */
+
+ /*
+ * private static boolean isFips() { boolean enabled = false; Provider[]
+ * providers = Security.getProviders(); for (Provider provider : providers) { if
+ * (provider.getName().contains("FIPS")) { //$NON-NLS-1$
+ *
+ * for (Provider.Service service : provider.getServices() ) {
+ * System.out.println("FIPS Algorithm:"+ service.getAlgorithm()); }
+ *
+ * System.out.println("FIPS Provider:" + provider.getName()); //$NON-NLS-1$
+ * enabled = true; }
+ *
+ * } return enabled; }
+ */
+}
diff --git a/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/AuthenticationService.java b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/AuthenticationService.java
new file mode 100644
index 00000000000..4c02a00cb46
--- /dev/null
+++ b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/AuthenticationService.java
@@ -0,0 +1,20 @@
+/*******************************************************************************
+ * Copyright (c) 2023 Eclipse Platform, Security Group and others.
+ *
+ * This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License 2.0
+ * which accompanies this distribution, and is available at
+ * https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *
+ * Contributors:
+ * Eclipse Platform - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.core.pki;
+
+import java.security.KeyStore;
+
+public interface AuthenticationService {
+ public KeyStore initialize(char[] p);
+}
diff --git a/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/CreateCFGfile.java b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/CreateCFGfile.java
new file mode 100644
index 00000000000..6cf670bd7a5
--- /dev/null
+++ b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/CreateCFGfile.java
@@ -0,0 +1,89 @@
+/*******************************************************************************
+ * Copyright (c) 2023 Eclipse Platform, Security Group and others.
+ *
+ * This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License 2.0
+ * which accompanies this distribution, and is available at
+ * https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *
+ * Contributors:
+ * Eclipse Platform - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.core.pki;
+
+import java.io.File;
+import java.io.IOException;
+import java.nio.charset.Charset;
+import java.nio.file.FileSystems;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.nio.file.StandardOpenOption;
+import java.text.MessageFormat;
+import java.util.ArrayList;
+
+
+public class CreateCFGfile {
+
+
+ private static final String charsetName = "UTF-8"; //$NON-NLS-1$
+ private static final String line1 = "name = Vendor Open Source "; //$NON-NLS-1$
+ private static final String bit64DLL = "opensc-pkcs11.dll"; //$NON-NLS-1$
+ private static final String line3 = "description = ISC_OpenSC"; //$NON-NLS-1$
+ private static final String line4 = "slot = 1"; //$NON-NLS-1$
+ private static final String line5 = "attributes = compatibility"; //$NON-NLS-1$
+ public static String initialize( String Pkcs11cfgHome ) {
+ StringBuffer sb = new StringBuffer();
+
+ try {
+ System.out.println("CreateCFGfile ---- Pkcs11cfgHome:" + Pkcs11cfgHome); //$NON-NLS-1$
+ Charset charset = Charset.forName(charsetName);
+ sb.append(System.getProperty("user.home")); //$NON-NLS-1$
+ sb.append(FileSystems.getDefault().getSeparator());
+ sb.append(".cspid"); //$NON-NLS-1$
+ sb.append(FileSystems.getDefault().getSeparator());
+ Path cspidDir = Paths.get (sb.toString() );
+ Files.createDirectories( cspidDir );
+ sb.append("java_pkcs11.cfg"); //$NON-NLS-1$
+ System.out.println("CreateCFGfile ---- NEW CFG FILE::" + sb.toString()); //$NON-NLS-1$
+ Path path = Paths.get (sb.toString() );
+
+ if (!(path.toFile().exists() )) {
+ Files.deleteIfExists(path);
+ Files.createFile(path);
+ ArrayList a = fileContents(Pkcs11cfgHome);
+ Files.write( path, a, charset, StandardOpenOption.TRUNCATE_EXISTING );
+ }
+
+ } catch (IOException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ return sb.toString();
+ }
+ private static ArrayList fileContents(String lib) {
+ ArrayLista = new ArrayList<>();
+
+ a.add(line1);
+ a.add(getLibraryLocation(lib));
+ a.add(line3);
+ a.add(line4);
+ a.add(line5);
+
+ return a;
+ }
+ private static String getLibraryLocation(String libraryLocation ) {
+ StringBuffer sb = new StringBuffer();
+ sb.append(libraryLocation);
+ sb.append(File.separator);
+ sb.append(File.separator);
+ sb.append(bit64DLL);
+ Object[] args = {sb.toString() };
+ String lib = "library = {0}"; //$NON-NLS-1$
+ MessageFormat mf = new MessageFormat(lib);
+ String location = mf.format(args);
+ return location;
+ }
+}
diff --git a/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/CustomKeyManager.java b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/CustomKeyManager.java
new file mode 100644
index 00000000000..5fcda303b93
--- /dev/null
+++ b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/CustomKeyManager.java
@@ -0,0 +1,235 @@
+/*******************************************************************************
+ * Copyright (c) 2023 Eclipse Platform, Security Group and others.
+ *
+ * This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License 2.0
+ * which accompanies this distribution, and is available at
+ * https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *
+ * Contributors:
+ * Eclipse Platform - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.core.pki;
+
+import java.net.InetAddress;
+import java.net.Socket;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.Principal;
+import java.security.PrivateKey;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateExpiredException;
+import java.security.cert.CertificateNotYetValidException;
+import java.security.cert.X509Certificate;
+import java.util.Enumeration;
+import java.util.HashMap;
+
+import javax.net.ssl.X509ExtendedKeyManager;
+import javax.net.ssl.X509KeyManager;
+
+public class CustomKeyManager extends X509ExtendedKeyManager implements X509KeyManager {
+ private static final int KEY_ENCIPHERMENT = 2;
+ private static final int DIGITAL_SIGNATURE = 0;
+ private KeyStore keyStore;
+ private char[] password;
+ protected static String selectedFingerprint = "NOTSET"; //$NON-NLS-1$
+
+ public CustomKeyManager(KeyStore keyStore, char[] passwd, HashMap hosts) {
+ this.keyStore=keyStore;
+ this.setPassword(new String(passwd).toCharArray());
+ }
+
+ @Override
+ public String chooseClientAlias(String[] arg0, Principal[] arg1, Socket arg2) {
+ // TODO Auto-generated method stub
+ String message = "Presenting X509 fingerprint:"; //$NON-NLS-1$
+ String amessage = " using certificate alias:"; //$NON-NLS-1$
+ StringBuilder sb=new StringBuilder();
+ String selectedAlias=null;
+ String alias = null;
+ String fingerprint=null;
+ boolean isOK=true;
+
+ try {
+
+
+ Enumeration aliases = this.keyStore.aliases();
+ sb.append(message);
+ while ( aliases.hasMoreElements() ) {
+ alias = aliases.nextElement();
+ if ( this.getPrivateKey(alias) != null ) {
+ X509Certificate x509 = (X509Certificate) this.keyStore.getCertificate(alias);
+ try {
+ x509.checkValidity();
+ if (!(isKeyEncipherment(x509.getKeyUsage()))) {
+ //selectedAlias=alias;
+ fingerprint = FingerprintX509.INSTANCE.getFingerPrint(x509, "MD5"); //$NON-NLS-1$
+ System.out.println("KeyManager - SELECTED finger:" + getSelectedFingerprint()); //$NON-NLS-1$
+ //System.err.println("KeyManager - DUMP OUT DATA:"+info);
+
+ if ( getSelectedFingerprint() != null ) {
+ if (getSelectedFingerprint().equals("NOTSET")) { //$NON-NLS-1$
+ setSelectedFingerprint(fingerprint);
+ }
+ } else {
+ setSelectedFingerprint(fingerprint);
+ }
+ if ( getSelectedFingerprint().equals(fingerprint)) {
+ isOK=true;
+ selectedAlias=alias;
+ sb.append(fingerprint);
+ sb.append(amessage);
+ sb.append(alias);
+ message = sb.toString();
+ break;
+ }
+ }
+ } catch (CertificateExpiredException e) {
+ // TODO Auto-generated catch block
+ System.err.println("KeyManager: Please remove EXPIRED certificate:" + alias //$NON-NLS-1$
+ + " using your pkcs11 Manager."); //$NON-NLS-1$
+ //e.printStackTrace();
+ } catch (CertificateNotYetValidException e) {
+ // TODO Auto-generated catch block
+ System.err.println("KeyManager: Please check invalid certificate:" + alias //$NON-NLS-1$
+ + " using your pkcs11 Manager."); //$NON-NLS-1$
+ //e.printStackTrace();
+ }
+ }
+ }
+ } catch (Exception e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ if (!(isOK)) {
+ message = (selectedAlias == null) ? "PKI misconfiguration. Please check pkcs11" : message + selectedAlias; //$NON-NLS-1$
+ System.out.println("KeyManager: " + message); //$NON-NLS-1$
+ }
+ return selectedAlias;
+ }
+ private static boolean isDigitalSignature(boolean[] ba) {
+ if ( ba != null) {
+
+ return ba[DIGITAL_SIGNATURE];
+ } else {
+ return false;
+ }
+ }
+
+ private static boolean isKeyEncipherment(boolean[] ba) {
+ if ( ba != null) {
+
+ return ba[KEY_ENCIPHERMENT];
+ } else {
+ return false;
+ }
+ }
+
+ @Override
+ public String chooseServerAlias(String arg0, Principal[] arg1, Socket arg2) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public X509Certificate[] getCertificateChain(String alias) {
+ // TODO Auto-generated method stub
+
+ X509Certificate[] X509Certs=null;
+ X509Certificate X509Cert=null;
+ try {
+ Certificate[] certificates = this.keyStore.getCertificateChain(alias);
+ if ( certificates != null ) {
+ X509Certs = new X509Certificate[ certificates.length ];
+ for(int i=0; i < certificates.length; i++) {
+ X509Cert= (X509Certificate ) certificates[i];
+ if (!(isKeyEncipherment(X509Cert.getKeyUsage()))) {
+ X509Certs[i] = X509Cert;
+ } else {
+ if ((isKeyEncipherment(X509Cert.getKeyUsage())) && alias.contains("PKI")) { //$NON-NLS-1$
+ X509Certs[i] = X509Cert;
+ }
+ }
+ }
+
+ } else {
+ X509Cert = (X509Certificate) this.keyStore.getCertificate(alias);
+ if ( X509Cert != null ) {
+ X509Certs = new X509Certificate[1];
+ if (isDigitalSignature(X509Cert.getKeyUsage()) ) {
+ X509Certs[0] = X509Cert;
+ } else {
+ if (alias.contains("PKI")) { //$NON-NLS-1$
+ X509Certs[0] = X509Cert;
+ }
+ }
+ }
+
+ }
+
+ } catch (Exception e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ //return X509Certs;
+ try {
+ X509Certs = new X509Certificate[1];
+ X509Certs[0] = (X509Certificate) this.keyStore.getCertificate(alias);
+ } catch (KeyStoreException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ return X509Certs;
+ }
+
+ @Override
+ public String[] getClientAliases(String arg0, Principal[] arg1) {
+ // TODO Auto-generated method stub
+ //return null;
+ return new String[] {chooseClientAlias(null, arg1, null) };
+
+ }
+
+ @Override
+ public PrivateKey getPrivateKey(String alias) {
+ // TODO Auto-generated method stub
+ PrivateKey privateKey = null;
+ try {
+ privateKey = (PrivateKey) keyStore.getKey(alias, "".toCharArray()); //$NON-NLS-1$
+ } catch (UnrecoverableKeyException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (KeyStoreException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (NoSuchAlgorithmException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ return privateKey;
+ }
+
+ @Override
+ public String[] getServerAliases(String arg0, Principal[] arg1) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+ public static String getSelectedFingerprint() {
+ return selectedFingerprint;
+ }
+ public void setSelectedFingerprint(String selectedFingerprint) {
+ CustomKeyManager.selectedFingerprint = selectedFingerprint;
+ }
+
+ public char[] getPassword() {
+ return password;
+ }
+
+ public void setPassword(char[] password) {
+ this.password = password;
+ }
+}
diff --git a/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/CustomTrustManager.java b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/CustomTrustManager.java
new file mode 100644
index 00000000000..a901f78b391
--- /dev/null
+++ b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/CustomTrustManager.java
@@ -0,0 +1,145 @@
+/*******************************************************************************
+ * Copyright (c) 2023 Eclipse Platform, Security Group and others.
+ *
+ * This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License 2.0
+ * which accompanies this distribution, and is available at
+ * https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *
+ * Contributors:
+ * Eclipse Platform - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.core.pki;
+
+import java.net.Socket;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.Security;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Enumeration;
+import java.util.Iterator;
+
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509ExtendedTrustManager;
+import javax.net.ssl.X509TrustManager;
+
+
+public class CustomTrustManager extends X509ExtendedTrustManager implements TrustManager {
+ private KeyStore trustStore;
+ private CollectiontrustedCerts;
+ protected X509TrustManager trustManager;
+ protected CustomTrustManager() {}
+
+ public CustomTrustManager(KeyStore trustStore) {
+ super();
+ this.trustStore=trustStore;
+ System.out.println("CustomTrustManager -- CONSTRUCTOR ALG:" + TrustManagerFactory.getDefaultAlgorithm()); //$NON-NLS-1$
+ try {
+ Security.getAlgorithms("PKCS11"); //$NON-NLS-1$
+ TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509"); //$NON-NLS-1$
+ tmf.init(trustStore);
+ TrustManager tms[] = tmf.getTrustManagers();
+ for (TrustManager tm : tms) {
+ if (tm instanceof X509TrustManager) {
+ trustManager = (X509TrustManager) tm;
+ break;
+ }
+ }
+ } catch (NoSuchAlgorithmException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (KeyStoreException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+
+ }
+
+ @Override
+ public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
+ // TODO Auto-generated method stub
+ trustManager.checkClientTrusted(chain, authType);
+ }
+
+ @Override
+ public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
+ // TODO Auto-generated method stub
+ trustManager.checkClientTrusted(chain, authType);
+ }
+
+ @Override
+ public X509Certificate[] getAcceptedIssuers() {
+ // TODO Auto-generated method stub
+ X509Certificate X509cert=null;
+ X509Certificate[] X509certs=null;
+
+ this.trustedCerts = new ArrayList<>();
+
+ String alias=null;
+ try {
+ Enumeration aliases=this.trustStore.aliases();
+ while ( aliases.hasMoreElements() ) {
+ alias = aliases.nextElement();
+ if (alias.startsWith("IC")) { //$NON-NLS-1$
+ X509cert = (X509Certificate) this.trustStore.getCertificate(alias);
+ trustedCerts.add(X509cert);
+ System.out.println("CustomTrustManager-FOUND TRUSTORE FOR IC"); //$NON-NLS-1$
+ }
+ }
+ System.out.println("CustomTrustManager-COMPLETED TRUSTSTORE SEARCH"); //$NON-NLS-1$
+ int i = 0;
+ X509certs = new X509Certificate[ trustedCerts.size() ];
+ Iterator it = trustedCerts.iterator();
+ while ( it.hasNext() ) {
+ X509certs[i]=it.next();
+ i++;
+ }
+ } catch (KeyStoreException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ return X509certs;
+ }
+
+ @Override
+ public void checkClientTrusted(X509Certificate[] chain, String authType, Socket arg2) throws CertificateException {
+ // TODO Auto-generated method stub
+ trustManager.checkClientTrusted(chain, authType);
+ }
+
+ @Override
+ public void checkClientTrusted(X509Certificate[] arg0, String arg1, SSLEngine arg2) throws CertificateException {
+ // TODO Auto-generated method stub
+ System.out.println("CustomTrustManager -- checkClientTrusted"); //$NON-NLS-1$
+ }
+
+ @Override
+ public void checkServerTrusted(X509Certificate[] x509incoming, String arg1, Socket socket) throws CertificateException {
+ System.out.println("CustomTrustManager checkServerTrusted based on socket"); //$NON-NLS-1$
+ if (x509incoming != null) {
+ System.out.println("CustomTrustManager checkServerTrusted INCOMING SIZE:" + x509incoming.length); //$NON-NLS-1$
+ for(X509Certificate x509 : x509incoming) {
+ System.out.println("CustomTrustManager checkServerTrusted INCOMING:" + x509.getSubjectDN().getName()); //$NON-NLS-1$
+ x509.checkValidity();
+
+ }
+ return;
+ }
+
+ }
+
+ @Override
+ public void checkServerTrusted(X509Certificate[] arg0, String arg1, SSLEngine arg2) throws CertificateException {
+ // TODO Auto-generated method stub
+ System.out.println("CustomTrustManager checkServerTrusted with SSLEngine"); //$NON-NLS-1$
+ }
+
+}
diff --git a/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/DynamicFileFinder.java b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/DynamicFileFinder.java
new file mode 100644
index 00000000000..14b1cdc3247
--- /dev/null
+++ b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/DynamicFileFinder.java
@@ -0,0 +1,88 @@
+/*******************************************************************************
+ * Copyright (c) 2023 Eclipse Platform, Security Group and others.
+ *
+ * This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License 2.0
+ * which accompanies this distribution, and is available at
+ * https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *
+ * Contributors:
+ * Eclipse Platform - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.core.pki;
+
+import java.io.IOException;
+import java.nio.file.FileSystems;
+import java.nio.file.FileVisitResult;
+import java.nio.file.Path;
+import java.nio.file.PathMatcher;
+import java.nio.file.SimpleFileVisitor;
+import java.nio.file.attribute.BasicFileAttributes;
+import java.util.ArrayList;
+
+
+public class DynamicFileFinder extends SimpleFileVisitor {
+ private boolean found=false;
+ private String location= null;
+ private ArrayList list = new ArrayList<>();
+ private PathMatcher pathMatcher;
+ private String pattern = "glob:[s][u][n]*[1][1].jar"; //$NON-NLS-1$
+ public DynamicFileFinder(Path path) {
+ pathMatcher = FileSystems.getDefault().getPathMatcher ( pattern );
+ }
+
+ @Override
+ public FileVisitResult visitFile(Path file, BasicFileAttributes attr) {
+ Path name = file.getFileName();
+ if ( pathMatcher.matches(name)) {
+ System.out.println("FILE:" + name.toString()); //$NON-NLS-1$
+ System.out.println("path:" + file.toString()); //$NON-NLS-1$
+ list.add( file );
+ location = file.toString();
+ found=true;
+ }
+ System.out.println("NOT A MATCH FILE:" + name.toString()); //$NON-NLS-1$
+ return FileVisitResult.CONTINUE;
+ }
+ @Override
+ public FileVisitResult visitFileFailed( Path file, IOException e) {
+ return FileVisitResult.SKIP_SUBTREE;
+ }
+ @Override
+ public FileVisitResult preVisitDirectory( Path dir, BasicFileAttributes attr) {
+ System.out.println("SKIPPING dir:" + dir.toString()); //$NON-NLS-1$
+ Path name = dir.getFileName();
+ if ( pathMatcher.matches(name)) {
+ System.out.println("DIR FILE:" + name.toString()); //$NON-NLS-1$
+ System.out.println("DIR path:" + dir.toString()); //$NON-NLS-1$
+ }
+ System.out.println(" DIR NOT A MATCH FILE:" + name.toString()); //$NON-NLS-1$
+ return FileVisitResult.CONTINUE;
+ }
+ public boolean isFound() {
+ return found;
+ }
+ public String getLocation() {
+ return location;
+ }
+
+ public String getPattern() {
+ return pattern;
+ }
+
+ public void setPattern(String pattern) {
+ this.pattern = pattern;
+ pathMatcher = FileSystems.getDefault().getPathMatcher ( this.pattern );
+ }
+
+ public ArrayList getList() {
+ return list;
+ }
+
+ public void setList(ArrayList list) {
+ this.list = list;
+ }
+
+}
diff --git a/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/EclipseKeyStoreCollection.java b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/EclipseKeyStoreCollection.java
new file mode 100644
index 00000000000..7fc172d36d9
--- /dev/null
+++ b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/EclipseKeyStoreCollection.java
@@ -0,0 +1,77 @@
+package org.eclipse.core.pki;
+
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateExpiredException;
+import java.security.cert.CertificateNotYetValidException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Enumeration;
+import org.eclipse.core.pki.pkiselection.PKIProperties;
+import org.eclipse.core.pki.util.LogUtil;
+
+
+public enum EclipseKeyStoreCollection {
+ PILE;
+ protected final int DIGITAL_SIGNATURE=0;
+ private final int KEY_ENCIPHERMENT = 2;
+ protected static PKIProperties pkiProperties=PKIProperties.getInstance();;
+ public ArrayList getList(KeyStore keyStore) {
+ ArrayList list = new ArrayList();
+ try {
+ String alias=null;
+ Enumeration aliases = keyStore.aliases();
+ while (aliases.hasMoreElements()) {
+ alias = (String) aliases.nextElement();
+ X509Certificate certificate = (X509Certificate) keyStore.getCertificate(alias);
+ certificate.checkValidity();
+ if ( isDigitalSignature(certificate.getKeyUsage()) ) {
+ PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, null);
+ if ( privateKey != null) {
+ list.add( alias );
+ }
+ }
+ }
+ } catch (KeyStoreException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (CertificateExpiredException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (CertificateNotYetValidException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (UnrecoverableKeyException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (NoSuchAlgorithmException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ LogUtil.logInfo("EclipseKeyStoreCollection list COUNT:"+list.size() );
+ if (!( list.isEmpty())) {
+ LogUtil.logInfo("EclipseKeyStoreCollection list item:"+list.get(0));
+ }
+ return list;
+
+ }
+ private boolean isDigitalSignature(boolean[] ba) {
+ if ( ba != null) {
+
+ return ba[DIGITAL_SIGNATURE];
+ } else {
+ return false;
+ }
+ }
+ private boolean isKeyEncipherment(boolean[] ba) {
+ if ( ba != null) {
+
+ return ba[KEY_ENCIPHERMENT];
+ } else {
+ return false;
+ }
+ }
+}
diff --git a/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/FingerprintX509.java b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/FingerprintX509.java
new file mode 100644
index 00000000000..77d130673e3
--- /dev/null
+++ b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/FingerprintX509.java
@@ -0,0 +1,63 @@
+/*******************************************************************************
+ * Copyright (c) 2023 Eclipse Platform, Security Group and others.
+ *
+ * This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License 2.0
+ * which accompanies this distribution, and is available at
+ * https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *
+ * Contributors:
+ * Eclipse Platform - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.core.pki;
+
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateEncodingException;
+
+public enum FingerprintX509 {
+ INSTANCE;
+ private static final char[] HEX= {'0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f'};
+ private static final String cryptoAlg = "SHA-256"; //$NON-NLS-1$
+ public String getFingerPrint(Certificate cert, String alg) {
+ String fingerPrint=null;
+ byte[] encodedCert=null;
+
+ try {
+ alg = cryptoAlg;
+ encodedCert = cert.getEncoded();
+ MessageDigest md = MessageDigest.getInstance(alg);
+ md.update(encodedCert);
+ byte[] digest = md.digest();
+ fingerPrint = getHexValue(digest);
+
+ } catch (CertificateEncodingException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (NoSuchAlgorithmException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ //System.err.println("FingerprintX509 -----------------------------------PRINT:"+fingerPrint);
+ return fingerPrint;
+ }
+ protected String getHexValue( byte[] bytes ) {
+ StringBuffer sb = new StringBuffer(bytes.length * 2);
+ try {
+ for( int i=0; i < bytes.length; i++) {
+ sb.append(HEX[(bytes[i] & 0xf0) >> 4 ]);
+ sb.append(HEX[bytes[i] & 0xf]);
+ if ( i < bytes.length-1) {
+ sb.append(":"); //$NON-NLS-1$
+ }
+ }
+ } catch (Exception e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ return sb.toString();
+ }
+}
diff --git a/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/Pkcs11FixConfigFile.java b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/Pkcs11FixConfigFile.java
new file mode 100644
index 00000000000..889b0871e14
--- /dev/null
+++ b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/Pkcs11FixConfigFile.java
@@ -0,0 +1,172 @@
+/*******************************************************************************
+ * Copyright (c) 2023 Eclipse Platform, Security Group and others.
+ *
+ * This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License 2.0
+ * which accompanies this distribution, and is available at
+ * https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *
+ * Contributors:
+ * Eclipse Platform - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.core.pki;
+
+import java.io.IOException;
+import java.nio.charset.Charset;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.FileSystems;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.util.ArrayList;
+import java.util.List;
+
+
+public class Pkcs11FixConfigFile {
+ private static final String programFiles = "Program Files (x86)"; //$NON-NLS-1$
+ private static final CharSequence none = ""; //$NON-NLS-1$
+ private static final CharSequence quotes = "\""; //$NON-NLS-1$
+ private static final CharSequence sslash = "\\"; //$NON-NLS-1$
+ private static final CharSequence bslash = "\\\\"; //$NON-NLS-1$
+ private static final String biT32 = "cspid.dll"; //$NON-NLS-1$
+ private static final String biT64 = "cspidx64.dll"; //$NON-NLS-1$
+ private String cfgFilePath=null;
+ private static String cspidHome;
+ private static Pkcs11FixConfigFile configFile=null;
+ private static StringBuffer sb = new StringBuffer();
+ public static Pkcs11FixConfigFile getCfgInstance(String fileLocation) {
+ if ( configFile == null ) {
+ synchronized(Pkcs11FixConfigFile.class) {
+ if ( configFile == null ) {
+ configFile = new Pkcs11FixConfigFile();
+ cspidHome = fileLocation;
+ System.out.println("Pkcs11FixConfigFile -- incoming path:" + fileLocation); //$NON-NLS-1$
+ sb.append(fileLocation);
+ initialize();
+ }
+ }
+ }
+ return configFile;
+ }
+ public static void initialize() {
+ try {
+ sb.append(FileSystems.getDefault().getSeparator());
+ sb.append("java_pkcs11.cfg"); //$NON-NLS-1$
+ Path path = openFile( sb.toString());
+ Files.setAttribute(path, "dos:readonly", Boolean.valueOf(false)); //$NON-NLS-1$
+ List list = readFile(path);
+ List edit = editFile(list);
+ Path outputPath = setOutputDirectory();
+ saveFile(edit, outputPath);
+ //listEditedFile(edit);
+ } catch (IOException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
+ public static Path setOutputDirectory() {
+ Path path = null;
+ StringBuilder sb = new StringBuilder();
+ try {
+ String appData = System.getenv("AppData"); //$NON-NLS-1$
+ appData = Paths.get(appData).toAbsolutePath().toString().replace(sslash, bslash);
+ if ( appData != null ) {
+ sb.append(appData);
+ } else {
+ sb.append(System.getProperty("user.dir")); //$NON-NLS-1$
+ }
+ sb.append(FileSystems.getDefault().getSeparator());
+ sb.append(FileSystems.getDefault().getSeparator());
+ sb.append("cspid"); //$NON-NLS-1$
+ sb.append(FileSystems.getDefault().getSeparator());
+ sb.append(FileSystems.getDefault().getSeparator());
+ sb.append("java_pkcs11.cfg"); //$NON-NLS-1$
+
+ path = Paths.get(sb.toString());
+ //setCfgFilePath( sb.toString());
+ System.out.println("Pkcs11FixCOnfigFile ---- cspidHome:" + cspidHome); //$NON-NLS-1$
+ setCfgFilePath( CreateCFGfile.initialize( cspidHome ));
+ } catch (Exception e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+
+ return path;
+ }
+ public static Path openFile(String s) {
+ return FileSystems.getDefault().getPath(s);
+ }
+ public static List readFile(Path path) {
+ List list = null;
+ try {
+ list = Files.readAllLines(path, Charset.defaultCharset());
+ } catch (IOException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ return list;
+ }
+ public static List editFile(List list) {
+ ArrayList edit = new ArrayList<>();
+ StringBuffer sb = new StringBuffer();
+
+ for ( String s : list) {
+ CharSequence ch = "/"; //$NON-NLS-1$
+
+ if ((s.contains("library")) && (System.getenv("PKCS11_HOME") != null)) { //$NON-NLS-1$ //$NON-NLS-2$
+ sb.append("library="); //$NON-NLS-1$
+ sb.append(System.getenv("PKCS11_HOME")); //$NON-NLS-1$
+ sb.append(ch);
+ sb.append(biT64);
+ s=sb.toString();
+ }
+
+ if (!(s.startsWith("#"))) { //$NON-NLS-1$
+ if ((s.contains(biT32)) && (System.getProperty("os.arch").contains("64"))) { //$NON-NLS-1$ //$NON-NLS-2$
+ s = s.replaceAll(biT32, biT64);
+ }
+ }
+ if ( s.contains(quotes)) {
+ s=s.replace(quotes, none);
+ }
+
+ if ( s.contains(programFiles)) {
+ if (System.getenv("PKCS11_HOME") != null) { //$NON-NLS-1$
+ s = System.getenv("PKCS11_HOME"); //$NON-NLS-1$
+ } else {
+ s = s.replace(programFiles, "Progra~2"); //$NON-NLS-1$
+ }
+ edit.add(s);
+ } else {
+ if (!( s.trim().isEmpty() )) {
+ edit.add(s);
+ }
+ }
+ }
+ return edit;
+ }
+ public static void saveFile( List list , Path path) {
+ try {
+ Files.write(path, list, StandardCharsets.UTF_8);
+ } catch (IOException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
+
+ public String getCfgFilePath() {
+ return cfgFilePath;
+ }
+ public static void setCfgFilePath(String cfgFilePath) {
+ configFile.cfgFilePath = cfgFilePath;
+ }
+ /*
+ * private static void listEditedFile( List list ) {
+ * System.out.println("PKCS11FixConfigFile ---- ARCH:" +
+ * System.getProperty("os.arch")); //$NON-NLS-1$ //$NON-NLS-2$ for ( String s :
+ * list) { System.out.println("PKCS11FixConfigFile ---- edited line:" + s);
+ * //$NON-NLS-1$ } }
+ */
+}
diff --git a/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/PkiCallbackHandler.java b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/PkiCallbackHandler.java
new file mode 100644
index 00000000000..15dfc51e184
--- /dev/null
+++ b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/PkiCallbackHandler.java
@@ -0,0 +1,17 @@
+package org.eclipse.core.pki;
+
+import java.io.IOException;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+public class PkiCallbackHandler implements CallbackHandler {
+
+ @Override
+ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+ // TODO Auto-generated method stub
+
+ }
+
+}
diff --git a/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/PkiLoadParameter.java b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/PkiLoadParameter.java
new file mode 100644
index 00000000000..85978c239cd
--- /dev/null
+++ b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/PkiLoadParameter.java
@@ -0,0 +1,64 @@
+package org.eclipse.core.pki;
+
+import java.security.KeyStore.LoadStoreParameter;
+import java.security.KeyStore.ProtectionParameter;
+
+import javax.security.auth.callback.CallbackHandler;
+
+public class PkiLoadParameter implements LoadStoreParameter{
+ ProtectionParameter protectionParameter;
+ ProtectionParameter SOProtectionParameter;
+ CallbackHandler eventHandler;
+ boolean waitForSlot;
+ Long slotId;
+ boolean writeEnabled;
+ @Override
+ public ProtectionParameter getProtectionParameter() {
+ // TODO Auto-generated method stub
+ return protectionParameter;
+ }
+ public ProtectionParameter getSOProtectionParameter() {
+ return SOProtectionParameter;
+ }
+
+ public void setSOProtectionParameter(ProtectionParameter sOProtectionParameter) {
+ SOProtectionParameter = sOProtectionParameter;
+ }
+
+ public CallbackHandler getEventHandler() {
+ return eventHandler;
+ }
+
+ public void setEventHandler(CallbackHandler eventHandler) {
+ this.eventHandler = eventHandler;
+ }
+
+ public boolean isWaitForSlot() {
+ return waitForSlot;
+ }
+
+ public void setWaitForSlot(boolean waitForSlot) {
+ this.waitForSlot = waitForSlot;
+ }
+
+ public Long getSlotId() {
+ return slotId;
+ }
+
+ public void setSlotId(Long slotId) {
+ this.slotId = slotId;
+ }
+
+ public boolean isWriteEnabled() {
+ return writeEnabled;
+ }
+
+ public void setWriteEnabled(boolean writeEnabled) {
+ this.writeEnabled = writeEnabled;
+ }
+
+ public void setProtectionParameter(ProtectionParameter protectionParameter) {
+ this.protectionParameter = protectionParameter;
+ }
+
+}
diff --git a/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/SecurePKIVersionInfo.java b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/SecurePKIVersionInfo.java
new file mode 100644
index 00000000000..531fee964bb
--- /dev/null
+++ b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/SecurePKIVersionInfo.java
@@ -0,0 +1,86 @@
+/*******************************************************************************
+ * Copyright (c) 2023 Eclipse Platform, Security Group and others.
+ *
+ * This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License 2.0
+ * which accompanies this distribution, and is available at
+ * https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *
+ * Contributors:
+ * Eclipse Platform - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.core.pki;
+
+import java.nio.file.Files;
+import java.nio.file.LinkOption;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.util.jar.Attributes;
+import java.util.jar.JarFile;
+import java.util.jar.Manifest;
+
+//import org.eclipse.ui.pki.AuthenticationBase;
+
+
+public enum SecurePKIVersionInfo {
+ INSTANCE;
+
+ @SuppressWarnings("resource")
+ public static String getVersion() {
+ String version = null;
+ Path path = null;
+ //System.out.println("[GeT Version of this Build]");
+
+ try {
+
+ /*
+ * See if this is a valid path check to see if its eclipse testing
+ */
+ path = Paths.get("PKI.jar"); //$NON-NLS-1$
+
+ if (Files.exists(path, LinkOption.NOFOLLOW_LINKS)) {
+ //System.out.println(" GOOD PATH");
+ } else {
+
+ try {
+ /*
+ * path =
+ * Paths.get(AuthenticationBase.class.getProtectionDomain().getCodeSource().
+ * getLocation().toURI()); if (Files.exists(path, LinkOption.NOFOLLOW_LINKS)) {
+ * DebugLogger.printDebug("PKIVersionInfo -- PATH:"+path.toAbsolutePath()); }
+ * else { path = null; }
+ */
+ } catch (Exception e) {
+ // TODO Auto-generated catch block
+ //e.printStackTrace();
+ version = null;
+ }
+ }
+
+ if (path != null) {
+ try {
+ //System.out.println("PATH:" + path.toAbsolutePath());
+ Manifest manifest = new JarFile(path.toAbsolutePath().toString()).getManifest();
+ Attributes attributes = manifest.getMainAttributes();
+ version = attributes.getValue("Build-Label"); //$NON-NLS-1$
+ System.out.println(" VALUE:" + version); //$NON-NLS-1$
+ } catch (Exception e) {
+ // TODO Auto-generated catch block
+ //e.printStackTrace();
+ version = null;
+ }
+ }
+
+ if (version == null) {
+ version = "isEmbeded?"; //$NON-NLS-1$
+ }
+
+ } catch (Exception e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ return version;
+ }
+}
diff --git a/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/SpecialClassLoader.java b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/SpecialClassLoader.java
new file mode 100644
index 00000000000..eb8275b8d00
--- /dev/null
+++ b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/SpecialClassLoader.java
@@ -0,0 +1,50 @@
+/*******************************************************************************
+ * Copyright (c) 2023 Eclipse Platform, Security Group and others.
+ *
+ * This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License 2.0
+ * which accompanies this distribution, and is available at
+ * https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *
+ * Contributors:
+ * Eclipse Platform - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.core.pki;
+
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+
+public class SpecialClassLoader extends ClassLoader {
+
+ private String findThisClassAt = null;
+
+ public SpecialClassLoader(String classlocation){
+ findThisClassAt = classlocation;
+ }
+
+ @Override
+ protected Class findClass(String name) throws ClassNotFoundException{
+ try{
+ byte[] classBytes = null;
+ classBytes = loadClassbytes(name);
+ Class cl = defineClass(name, classBytes, 0, classBytes.length);
+ if (cl == null) throw new ClassNotFoundException(name);
+ return cl;
+ } catch (IOException e){
+ throw new ClassNotFoundException(name);
+ }
+ }
+
+ private byte[] loadClassbytes(String name) throws IOException {
+
+ return Files.readAllBytes(Paths.get(findThisClassAt));
+ }
+
+ public String getFindThisClassAtLocation() {
+ return findThisClassAt;
+ }
+
+}
diff --git a/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/auth/ContextObservable.java b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/auth/ContextObservable.java
new file mode 100644
index 00000000000..3d5e2eece09
--- /dev/null
+++ b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/auth/ContextObservable.java
@@ -0,0 +1,36 @@
+/**
+ * Copyright (c) 2014 Codetrails GmbH.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ *
+ * Contributors:
+ * Marcel Bruch - initial API and implementation.
+ */
+package org.eclipse.core.pki.auth;
+
+import java.util.Observable;
+import org.eclipse.core.pki.util.LogUtil;
+
+public class ContextObservable extends Observable {
+
+ public ContextObservable() {
+
+ }
+ public void onchange(String s) {
+ //LogUtil.logWarning("ContextObservable- BREAK for INPUT");
+
+ try {
+ setChanged();
+ // notify observers for change
+ notifyObservers(s);
+ } catch (Exception e) {
+ LogUtil.logError("ContextObservable - Failed to notify observers, PKI password input.", e); //$NON-NLS-1$
+ }
+ /*
+ * try { Thread.sleep(1000); } catch (InterruptedException e) {
+ * System.out.println("Error Occurred."); }
+ */
+ }
+}
diff --git a/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/auth/EventConstant.java b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/auth/EventConstant.java
new file mode 100644
index 00000000000..707d436c869
--- /dev/null
+++ b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/auth/EventConstant.java
@@ -0,0 +1,14 @@
+package org.eclipse.core.pki.auth;
+
+public enum EventConstant {
+ DONE(0),
+ CANCEL(2),
+ SETUP(10);
+ private int value;
+ EventConstant( int request ) {
+ value=request;
+ }
+ public int getValue() {
+ return value;
+ }
+}
diff --git a/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/auth/IncomingSystemProperty.java b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/auth/IncomingSystemProperty.java
new file mode 100644
index 00000000000..0fe92fcc3a2
--- /dev/null
+++ b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/auth/IncomingSystemProperty.java
@@ -0,0 +1,108 @@
+/*******************************************************************************
+ * Copyright (c) 2023 IBM Corporation and others.
+ *
+ * This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License 2.0
+ * which accompanies this distribution, and is available at
+ * https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *
+ * Contributors:
+ * IBM Corporation - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.core.pki.auth;
+
+import java.util.Optional;
+
+import org.eclipse.core.pki.util.LogUtil;
+import org.eclipse.core.pki.util.NormalizeGCM;
+
+public enum IncomingSystemProperty {
+ SETTINGS;
+
+ public boolean checkType() {
+ Optional type = null;
+
+ type = Optional.ofNullable(System.getProperty("javax.net.ssl.keyStoreType")); //$NON-NLS-1$
+ if (type.isEmpty()) {
+ LogUtil.logError("No incoming System Properties are set for PKI.", null); //$NON-NLS-1$
+ return false;
+ }
+ if (type.get().equalsIgnoreCase("PKCS11")) { //$NON-NLS-1$
+ PKIState.CONTROL.setPKCS11on(true);
+ return true;
+ }
+ if (type.get().equalsIgnoreCase("PKCS12")) { //$NON-NLS-1$
+ PKIState.CONTROL.setPKCS12on(true);
+ return true;
+ }
+ return false;
+ }
+
+ public boolean checkKeyStore(String pin) {
+ byte[] salt = new byte[16];
+ Optional keyStore = null;
+ Optional keyStorePassword = null;
+ Optional PasswordEncrypted = null;
+ Optional PasswordDecrypted = null;
+ keyStore = Optional.ofNullable(System.getProperty("javax.net.ssl.keyStore")); //$NON-NLS-1$
+ if (keyStore.isEmpty()) {
+ PKIState.CONTROL.setPKCS11on(false);
+ PKIState.CONTROL.setPKCS12on(false);
+ LogUtil.logError("No Keystore is set, javax.net.ssl.keyStore", null); //$NON-NLS-1$
+ return false;
+ }
+ keyStorePassword = Optional.ofNullable(System.getProperty("javax.net.ssl.keyStorePassword")); //$NON-NLS-1$
+ if (keyStorePassword.isEmpty()) {
+ LogUtil.logError("A Keystore Password is required, javax.net.ssl.keyStorePassword", null); //$NON-NLS-1$
+ return false;
+ } else {
+ PasswordDecrypted = Optional.ofNullable(System.getProperty("javax.net.ssl.decryptedPassword")); //$NON-NLS-1$
+ PasswordEncrypted = Optional.ofNullable(System.getProperty("javax.net.ssl.encryptedPassword")); //$NON-NLS-1$
+ if ((PasswordEncrypted.isEmpty()) || (!(PasswordDecrypted.isEmpty()))) {
+ // Password is not encrypted
+ // LogUtil.logInfo("IncomingSystemProperty - is DecryptedPasswd:" +
+ // PasswordDecrypted.get().toString()); //$NON-NLS-1$
+ } else {
+ if (PasswordEncrypted.get().toString().equalsIgnoreCase("true")) { //$NON-NLS-1$
+ salt = new String(System.getProperty("user.name") + pin).getBytes(); //$NON-NLS-1$
+ String passwd = NormalizeGCM.DECRYPT.decrypt(keyStorePassword.get().toString(), pin,
+ new String(salt));
+ LogUtil.logInfo("IncomingSystemProperty - decrypt passwd:" + passwd); //$NON-NLS-1$
+ System.setProperty("javax.net.ssl.keyStorePassword", passwd); //$NON-NLS-1$
+ }
+ }
+ }
+ return true;
+ }
+
+ public boolean checkTrustStoreType() {
+ Optional type = null;
+
+ type = Optional.ofNullable(System.getProperty("javax.net.ssl.trustStoreType")); //$NON-NLS-1$
+ if (type.isEmpty()) {
+ LogUtil.logError("No incoming System Properties are set for PKI.", null); //$NON-NLS-1$
+ return false;
+ }
+ return true;
+
+ }
+
+ public boolean checkTrustStore() {
+ Optional trustStore = null;
+ Optional trustStorePassword = null;
+ trustStore = Optional.ofNullable(System.getProperty("javax.net.ssl.trustStore")); //$NON-NLS-1$
+ if (trustStore.isEmpty()) {
+ LogUtil.logError("No truststore is set, javax.net.ssl.trustStore", null); //$NON-NLS-1$
+ return false;
+ }
+ trustStorePassword = Optional.ofNullable(System.getProperty("javax.net.ssl.trustStorePassword")); //$NON-NLS-1$
+ if (trustStorePassword.isEmpty()) {
+ LogUtil.logError("A truststore Password is required, javax.net.ssl.trustStorePassword", null); //$NON-NLS-1$
+ return false;
+ }
+ return true;
+ }
+
+}
diff --git a/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/auth/KeystoreSetup.java b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/auth/KeystoreSetup.java
new file mode 100644
index 00000000000..090f3fb7fc2
--- /dev/null
+++ b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/auth/KeystoreSetup.java
@@ -0,0 +1,251 @@
+/**
+ * Copyright (c) 2014 Codetrails GmbH.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ *
+ * Contributors:
+ * Marcel Bruch - initial API and implementation.
+ */
+package org.eclipse.core.pki.auth;
+
+
+import java.util.Optional;
+import java.io.File;
+import java.util.Collection;
+import java.util.Enumeration;
+import java.util.List;
+import java.util.Properties;
+import java.security.SecureRandom;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import org.eclipse.core.runtime.RegistryFactory;
+import org.eclipse.core.runtime.spi.RegistryStrategy;
+import org.eclipse.core.runtime.IExtensionRegistry;
+import org.eclipse.core.resources.ResourcesPlugin;
+import org.eclipse.core.resources.IResource;
+import org.eclipse.core.runtime.IAdapterFactory;
+import org.eclipse.core.runtime.QualifiedName;
+import org.eclipse.core.runtime.Platform;
+import org.eclipse.core.runtime.CoreException;
+import org.eclipse.core.pki.util.LogUtil;
+import org.eclipse.core.pki.util.ConfigureTrust;
+import org.eclipse.core.pki.util.KeyStoreManager;
+import org.eclipse.core.pki.util.KeyStoreFormat;
+
+
+import org.eclipse.core.pki.pkiselection.PKIProperties;
+
+
+public class KeystoreSetup {
+ static boolean isPkcs11Installed = false;
+ static boolean isKeyStoreLoaded = false;
+ PKIProperties pkiInstance = null;
+ Properties pkiProperties = null;
+ SSLContext sslContext = null;
+ protected static KeyStore keyStore = null;
+ private static final int DIGITAL_SIGNATURE = 0;
+ private static final int KEY_CERT_SIGN = 5;
+ private static final int CRL_SIGN = 6;
+ private static KeystoreSetup INSTANCE;
+ public KeystoreSetup() {}
+ public static KeystoreSetup getInstance() {
+ if(INSTANCE == null) {
+ INSTANCE = new KeystoreSetup();
+ }
+
+ return INSTANCE;
+ }
+ public void installKeystore() {
+ Optional keystoreContainer = null;
+
+ //LogUtil.logWarning("KeystoreSetup- BREAK for INPUT:");
+
+ try {
+
+ keystoreContainer = Optional.ofNullable(
+ KeyStoreManager.INSTANCE.getKeyStore(System.getProperty("javax.net.ssl.keyStore"), //$NON-NLS-1$
+ System.getProperty("javax.net.ssl.keyStorePassword"), //$NON-NLS-1$
+ KeyStoreFormat.valueOf(System.getProperty("javax.net.ssl.keyStoreType")))); //$NON-NLS-1$
+
+ if ((keystoreContainer.isEmpty()) || (!(KeyStoreManager.INSTANCE.isKeyStoreInitialized()))) {
+ LogUtil.logError("PKISetup - Failed to Load a Keystore.", null); //$NON-NLS-1$
+ PKIState.CONTROL.setPKCS12on(false);
+ System.clearProperty("javax.net.ssl.keyStoreType"); //$NON-NLS-1$
+ System.clearProperty("javax.net.ssl.keyStore"); //$NON-NLS-1$
+ System.clearProperty("javax.net.ssl.keyStoreProvider"); //$NON-NLS-1$
+ System.clearProperty("javax.net.ssl.keyStorePassword"); //$NON-NLS-1$
+ SecurityFileSnapshot.INSTANCE.restoreProperties();
+ } else {
+ LogUtil.logError("A Keystore and Password are detected.", null); //$NON-NLS-1$
+ keyStore = keystoreContainer.get();
+ setKeyStoreLoaded(true);
+ setPkiContext();
+ }
+ } catch (Exception e) {
+ LogUtil.logError("Failed to Load Keystore.", e); //$NON-NLS-1$
+ }
+ }
+ public void setPkiContext() {
+ if ((IncomingSystemProperty.SETTINGS.checkTrustStoreType()) && (isKeyStoreLoaded())) {
+ if ((IncomingSystemProperty.SETTINGS.checkTrustStore())
+ && (KeyStoreManager.INSTANCE.isKeyStoreInitialized())) {
+ LogUtil.logInfo("A KeyStore and Truststore are detected."); //$NON-NLS-1$
+ Optional PKIXtrust = ConfigureTrust.MANAGER.setUp();
+
+ try {
+ KeyManager[] km = new KeyManager[] { KeyStoreManager.INSTANCE };
+ TrustManager[] tm = new TrustManager[] { ConfigureTrust.MANAGER };
+ if (PKIXtrust.isEmpty()) {
+ LogUtil.logError("Invalid TrustManager Initialization.", null); //$NON-NLS-1$
+ } else {
+ SSLContext ctx = SSLContext.getInstance("TLS");//$NON-NLS-1$
+ ctx.init(km, tm, null);
+ SSLContext.setDefault(ctx);
+ HttpsURLConnection.setDefaultSSLSocketFactory(ctx.getSocketFactory());
+ setSSLContext(ctx);
+ pkiInstance = PKIProperties.getInstance();
+ pkiInstance.load();
+ setUserEmail();
+ // Grab a handle to registry
+ //File[] storageDirs = null;
+ //boolean[] cacheReadOnly = null;
+ //String token = "core.pki";
+ /*
+ * try { IWorkspaceRoot root = ResourcesPlugin.getWorkspace().getRoot(); //
+ * IResource resource = //
+ * ResourcesPlugin.getWorkspace().getAdapter(IResource.class); IMarker marker =
+ * root.createMarker("virtual.core.pki.context"); marker.setAttribute(token,
+ * ctx); } catch (Exception imarkerErr) { imarkerErr.printStackTrace(); }
+ */
+ /*
+ * IExtensionRegistry registry = Platform.getExtensionRegistry();
+ * IConfigurationElement[] extensions =
+ * registry.getConfigurationElementsFor(EXTENSION_POINT); for
+ * (IConfigurationElement element : extensions) { [..] }
+ */
+
+ // InjectorFactory.getDefault().addBinding(MyPart.class).implementedBy(MyFactory.class)
+ // RegistryStrategy strategy = RegistryFactory.createOSGiStrategy(File[]
+ // storageDirs, boolean[] cacheReadOnly, Object token)
+// RegistryStrategy strategy = RegistryFactory.createOSGiStrategy(storageDirs,
+// cacheReadOnly, token);
+// // IExtensionRegistry registry = RegistryFactory.getRegistry();
+// IExtensionRegistry registry = RegistryFactory.createRegistry(strategy, token, ctx);
+//
+// setupAdapter();
+ LogUtil.logInfo("PKISetup default SSLContext has been configured."); //$NON-NLS-1$
+ }
+ } catch (NoSuchAlgorithmException e) {
+ // TODO Auto-generated catch block
+ LogUtil.logError("Initialization Error", e); //$NON-NLS-1$
+ } catch (KeyManagementException e) {
+ // TODO Auto-generated catch block
+ LogUtil.logError("Initialization Error", e); //$NON-NLS-1$
+ }
+ } else {
+ LogUtil.logError("Valid KeyStore and Truststore not found.", null); //$NON-NLS-1$
+ }
+ } else {
+ LogUtil.logError("Valid Truststore not found.", null); //$NON-NLS-1$
+ }
+ }
+ public SSLContext getSSLContext() {
+ return INSTANCE.sslContext;
+ }
+
+ public void setSSLContext(SSLContext context) {
+ this.sslContext = context;
+ }
+ public boolean isKeyStoreLoaded() {
+ return PKISetup.isKeyStoreLoaded;
+ }
+
+ private void setKeyStoreLoaded(boolean isKeyStoreLoaded) {
+ PKISetup.isKeyStoreLoaded = isKeyStoreLoaded;
+ }
+ private void setUserEmail() {
+ try {
+ Enumeration en = keyStore.aliases();
+ while (en.hasMoreElements()) {
+ String alias = en.nextElement();
+ // System.out.println(" " + alias);
+ Certificate cert = keyStore.getCertificate(alias);
+ if (cert.getType().equalsIgnoreCase("X.509")) {
+ X509Certificate X509 = (X509Certificate) cert;
+
+ //
+ // we need to make sure this is a digital certificate instead of a server
+ // cert or something
+ //
+ if (isDigitalSignature(X509.getKeyUsage())) {
+ Collection> altnames = X509.getSubjectAlternativeNames();
+ if (altnames != null) {
+ for (List item : altnames) {
+ Integer type = (Integer) item.get(0);
+ if (type == 1)
+ try {
+ String userEmail = item.toArray()[1].toString();
+ System.setProperty("mail.smtp.user", userEmail);
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+ }
+
+ }
+
+ }
+ }
+ } catch (Exception err) {
+
+ }
+ }
+
+ private static boolean isDigitalSignature(boolean[] ba) {
+ if (ba != null) {
+ return ba[DIGITAL_SIGNATURE] && !ba[KEY_CERT_SIGN] && !ba[CRL_SIGN];
+ } else {
+ return false;
+ }
+ }
+
+// private void setupAdapter() {
+//
+// IAdapterFactory pr = new IAdapterFactory() {
+// @Override
+// public Class[] getAdapterList() {
+// return new Class[] { SSLContext.class };
+// }
+//
+// @Override
+// public T getAdapter(Object adaptableObject, Class adapterType) {
+// IResource res = (IResource) adaptableObject;
+// SSLContext v = null;
+// QualifiedName key = new QualifiedName("org.eclipse.core.pki", "context");
+// try {
+// v = (SSLContext) res.getSessionProperty(key);
+// if (v == null) {
+// v = getSSLContext();
+// res.setSessionProperty(key, v);
+// }
+// } catch (CoreException e) {
+// // unable to access session property - ignore
+// }
+// return (T)v;
+// }
+// };
+// Platform.getAdapterManager().registerAdapters(pr,IResource.class);
+// }
+
+}
diff --git a/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/auth/PKISetup.java b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/auth/PKISetup.java
new file mode 100644
index 00000000000..d55ab8d1507
--- /dev/null
+++ b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/auth/PKISetup.java
@@ -0,0 +1,359 @@
+/*******************************************************************************
+ * Copyright (c) 2023 Eclipse Platform, Security Group and others.
+ *
+ * This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License 2.0
+ * which accompanies this distribution, and is available at
+ * https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *
+ * Contributors:
+ * Eclipse Platform - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.core.pki.auth;
+
+import org.eclipse.core.runtime.ServiceCaller;
+
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.NoSuchAlgorithmException;
+import java.util.Optional;
+import java.util.Properties;
+import java.util.Collection;
+import java.util.Enumeration;
+import java.util.List;
+import java.io.File;
+import java.security.SecureRandom;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
+
+import org.eclipse.core.pki.AuthenticationBase;
+import org.eclipse.core.pki.pkiselection.PKIProperties;
+import org.eclipse.core.pki.util.ConfigureTrust;
+import org.eclipse.core.pki.util.KeyStoreFormat;
+import org.eclipse.core.pki.util.KeyStoreManager;
+import org.eclipse.core.pki.util.LogUtil;
+
+import org.eclipse.core.resources.IWorkspaceRoot;
+import org.eclipse.core.resources.ResourcesPlugin;
+import org.eclipse.core.resources.IResource;
+import org.eclipse.core.resources.IMarker;
+import org.eclipse.core.runtime.RegistryFactory;
+import org.eclipse.core.runtime.spi.RegistryStrategy;
+import org.eclipse.core.runtime.IExtensionRegistry;
+import org.eclipse.core.runtime.CoreException;
+import org.eclipse.core.runtime.ILog;
+import org.eclipse.core.runtime.IProgressMonitor;
+import org.eclipse.core.runtime.IAdapterFactory;
+import org.eclipse.core.runtime.QualifiedName;
+import org.eclipse.core.runtime.Platform;
+//import org.eclipse.jface.preference.IPreferenceStore;
+//import org.eclipse.osgi.framework.eventmgr.EventManager;
+//import org.eclipse.osgi.framework.eventmgr.ListenerQueue;
+import org.eclipse.ui.IStartup;
+import org.eclipse.ui.IWorkbench;
+import org.eclipse.ui.PlatformUI;
+import org.osgi.framework.BundleActivator;
+import org.osgi.framework.BundleContext;
+
+public class PKISetup implements BundleActivator, IStartup {
+ public static final String ID = "org.eclipse.core.pki"; //$NON-NLS-1$
+ protected final String pin = "#Gone2Boat@Bay"; //$NON-NLS-1$
+ private static PKISetup instance;
+ static boolean isPkcs11Installed = false;
+ static boolean isKeyStoreLoaded = false;
+ private BundleContext context;
+ SSLContext sslContext = null;
+ private static final ServiceCaller logger = new ServiceCaller(PKISetup.class, ILog.class);
+ // ListenerQueue queue = null;
+ protected static KeyStore keyStore = null;
+ PKIProperties pkiInstance = null;
+ Properties pkiProperties = null;
+ Optional keystoreContainer = null;
+ private static final int DIGITAL_SIGNATURE = 0;
+ private static final int KEY_CERT_SIGN = 5;
+ private static final int CRL_SIGN = 6;
+
+ public PKISetup() {
+ super();
+ setInstance(this);
+ }
+
+ @Override
+ public void start(BundleContext context) throws Exception {
+ // TODO Auto-generated method stub
+ // System.out.println("PKISetup PKISetup ------------------- START");
+ this.context = context;
+
+ Startup();
+ }
+
+ @Override
+ public void earlyStartup() {
+ // TODO Auto-generated method stub
+ // System.out.println("PKISetup PKISetup -------------------early
+ // START");//$NON-NLS-1$
+ }
+
+ @Override
+ public void stop(BundleContext context) throws Exception {
+ // TODO Auto-generated method stub
+
+ }
+
+ public static PKISetup getInstance() {
+ return instance;
+ }
+
+ public static void setInstance(PKISetup instance) {
+ PKISetup.instance = instance;
+ }
+
+ public void log(String message) {
+ logger.call(logger -> logger.info(message));
+ }
+
+ public void Startup() {
+
+ // log("Startup method is now running"); //$NON-NLS-1$
+
+ Optional type = null;
+ Optional decryptedPw;
+
+ PKIState.CONTROL.setPKCS11on(false);
+ PKIState.CONTROL.setPKCS12on(false);
+ /*
+ * First see if parameters were passed into eclipse via the command line -D
+ */
+ type = Optional.ofNullable(System.getProperty("javax.net.ssl.keyStoreType")); //$NON-NLS-1$
+
+ if (type.isEmpty()) {
+ //
+ // Incoming parameter as -DkeystoreType was empty so CHECK in .pki file
+ //
+ PKIState.CONTROL.setPKCS11on(false);
+ PKIState.CONTROL.setPKCS12on(false);
+ if (PublicKeySecurity.INSTANCE.isTurnedOn()) {
+ PublicKeySecurity.INSTANCE.getPkiPropertyFile(pin);
+ }
+ }
+ // LogUtil.logInfo("PKISetup - now looking at incoming"); //$NON-NLS-1$
+ if (IncomingSystemProperty.SETTINGS.checkType()) {
+ if (IncomingSystemProperty.SETTINGS.checkKeyStore(pin)) {
+ KeystoreSetup setup = KeystoreSetup.getInstance();
+ if (PKIState.CONTROL.isPKCS12on()) {
+
+ setup.installKeystore();
+
+ }
+ if (PKIState.CONTROL.isPKCS11on()) {
+ String pkcs11Pin = "";
+ LogUtil.logInfo("PKISetup - Processing PKCS11"); //$NON-NLS-1$
+ decryptedPw = Optional.ofNullable(System.getProperty("javax.net.ssl.keyStorePassword"));
+ if (!decryptedPw.isEmpty()) {
+ pkcs11Pin = decryptedPw.get();
+ }
+ keystoreContainer = Optional
+ .ofNullable(AuthenticationBase.INSTANCE.initialize(pkcs11Pin.toCharArray()));// $NON-NLS-1$
+ if (keystoreContainer.isEmpty()) {
+ LogUtil.logError("PKISetup - Failed to Load a Keystore.", null); //$NON-NLS-1$
+ PKIState.CONTROL.setPKCS11on(false);
+ System.clearProperty("javax.net.ssl.keyStoreType"); //$NON-NLS-1$
+ System.clearProperty("javax.net.ssl.keyStore"); //$NON-NLS-1$
+ System.clearProperty("javax.net.ssl.keyStoreProvider"); //$NON-NLS-1$
+ System.clearProperty("javax.net.ssl.keyStorePassword"); //$NON-NLS-1$
+ SecurityFileSnapshot.INSTANCE.restoreProperties();
+ } else {
+ LogUtil.logError("A Keystore and Password are detected.", null); //$NON-NLS-1$
+ keyStore = keystoreContainer.get();
+ KeyStoreManager.INSTANCE.setKeyStore(keyStore);
+ setKeyStoreLoaded(true);
+ setup.setPkiContext();
+ }
+ }
+
+// if ((IncomingSystemProperty.SETTINGS.checkTrustStoreType()) && (isKeyStoreLoaded())) {
+// if ((IncomingSystemProperty.SETTINGS.checkTrustStore())
+// && (KeyStoreManager.INSTANCE.isKeyStoreInitialized())) {
+// LogUtil.logInfo("A KeyStore and Truststore are detected."); //$NON-NLS-1$
+// Optional PKIXtrust = ConfigureTrust.MANAGER.setUp();
+//
+// try {
+// KeyManager[] km = new KeyManager[] { KeyStoreManager.INSTANCE };
+// TrustManager[] tm = new TrustManager[] { ConfigureTrust.MANAGER };
+// if (PKIXtrust.isEmpty()) {
+// LogUtil.logError("Invalid TrustManager Initialization.", null); //$NON-NLS-1$
+// } else {
+// SSLContext ctx = SSLContext.getInstance("TLS");//$NON-NLS-1$
+// ctx.init(km, tm, new SecureRandom());
+// SSLContext.setDefault(ctx);
+// HttpsURLConnection.setDefaultSSLSocketFactory(ctx.getSocketFactory());
+// setSSLContext(ctx);
+// pkiInstance = PKIProperties.getInstance();
+// pkiInstance.load();
+// setUserEmail();
+// // Grab a handle to registry
+// File[] storageDirs = null;
+// boolean[] cacheReadOnly = null;
+// String token = "core.pki";
+// try {
+// IWorkspaceRoot root = ResourcesPlugin.getWorkspace().getRoot();
+// // IResource resource =
+// // ResourcesPlugin.getWorkspace().getAdapter(IResource.class);
+// IMarker marker = root.createMarker("virtual.core.pki.context");
+// marker.setAttribute(token, ctx);
+// } catch (Exception imarkerErr) {
+// imarkerErr.printStackTrace();
+// }
+// /*
+// * IExtensionRegistry registry = Platform.getExtensionRegistry();
+// * IConfigurationElement[] extensions =
+// * registry.getConfigurationElementsFor(EXTENSION_POINT); for
+// * (IConfigurationElement element : extensions) { [..] }
+// */
+//
+// // InjectorFactory.getDefault().addBinding(MyPart.class).implementedBy(MyFactory.class)
+// // RegistryStrategy strategy = RegistryFactory.createOSGiStrategy(File[]
+// // storageDirs, boolean[] cacheReadOnly, Object token)
+// RegistryStrategy strategy = RegistryFactory.createOSGiStrategy(storageDirs,
+// cacheReadOnly, token);
+// // IExtensionRegistry registry = RegistryFactory.getRegistry();
+// IExtensionRegistry registry = RegistryFactory.createRegistry(strategy, token, ctx);
+//
+// setupAdapter();
+// LogUtil.logInfo("PKISetup default SSLContext has been configured."); //$NON-NLS-1$
+// }
+// } catch (NoSuchAlgorithmException e) {
+// // TODO Auto-generated catch block
+// LogUtil.logError("Initialization Error", e); //$NON-NLS-1$
+// } catch (KeyManagementException e) {
+// // TODO Auto-generated catch block
+// LogUtil.logError("Initialization Error", e); //$NON-NLS-1$
+// }
+// } else {
+// LogUtil.logError("Valid KeyStore and Truststore not found.", null); //$NON-NLS-1$
+// }
+//
+// }
+ }
+ }
+ }
+
+ public SSLContext getSSLContext() {
+ return sslContext;
+ }
+
+ public void setSSLContext(SSLContext context) {
+ this.sslContext = context;
+ }
+
+ private boolean isKeyStoreLoaded() {
+ return isKeyStoreLoaded;
+ }
+
+ private void setKeyStoreLoaded(boolean isKeyStoreLoaded) {
+ PKISetup.isKeyStoreLoaded = isKeyStoreLoaded;
+ }
+
+ private static boolean isDigitalSignature(boolean[] ba) {
+ if (ba != null) {
+ return ba[DIGITAL_SIGNATURE] && !ba[KEY_CERT_SIGN] && !ba[CRL_SIGN];
+ } else {
+ return false;
+ }
+ }
+
+ private void setupAdapter() {
+
+ IAdapterFactory pr = new IAdapterFactory() {
+ @Override
+ public Class[] getAdapterList() {
+ return new Class[] { SSLContext.class };
+ }
+
+ @Override
+ public T getAdapter(Object adaptableObject, Class adapterType) {
+ IResource res = (IResource) adaptableObject;
+ SSLContext v = null;
+ QualifiedName key = new QualifiedName("org.eclipse.core.pki", "context");
+ try {
+ v = (SSLContext) res.getSessionProperty(key);
+ if (v == null) {
+ v = getSSLContext();
+ res.setSessionProperty(key, v);
+ }
+ } catch (CoreException e) {
+ // unable to access session property - ignore
+ }
+ return (T)v;
+ }
+ };
+ Platform.getAdapterManager().registerAdapters(pr,IResource.class);
+ }
+
+/**
+ * @see AuthenticationPlugin#setSystemProperties()
+ */
+
+/*
+ * private void installTrustStore() { final String USER_HOME =
+ * System.getProperty("user.home"); //$NON-NLS-1$ final File PKI_ECLIPSE_DIR =
+ * new File(USER_HOME, ".eclipse_pki"); //$NON-NLS-1$ final String PKI_DIR =
+ * "eclipse_pki"; //$NON-NLS-1$ //final Path pkiHome =
+ * Paths.get(PKI_ECLIPSE_DIR.getAbsolutePath() + File.separator + PKI_DIR);
+ *
+ * final Path pkiHome = Paths.get(PKI_ECLIPSE_DIR.getAbsolutePath() +
+ * File.separator + PKI_DIR); createSigintEclipseDir(pkiHome);
+ *
+ * TODO: Create an enum of the IC comms and utilize the correct trust
+ *
+ *
+ * String filename = "cacert"; //$NON-NLS-1$ File localTrustStore = new
+ * File(PKI_ECLIPSE_DIR, filename);
+ *
+ * // System.out.println("Install Truststore - local -> " + localTrustStore);
+ *
+ * // // we want to install the new one anyway // //
+ * if(!localTrustStore.exists()) { FileChannel fc = null; ReadableByteChannel
+ * rbc = null; FileOutputStream os = null; try {
+ * localTrustStore.createNewFile(); os = new FileOutputStream(localTrustStore);
+ * fc = os.getChannel();
+ *
+ *
+ * // //File ConfigurationFile = new
+ * File(ResourcesPlugin.getWorkspace().getRoot().getLocation().toOSString() +
+ * File.separator // + "configuration" + File.separator // + "cacert");
+ *
+ * File ConfigurationFile = new File(File.separator + "configuration" +
+ * File.separator //$NON-NLS-1$ + "cacert"); //$NON-NLS-1$ InputStream is = new
+ * FileInputStream(ConfigurationFile);
+ *
+ * // // copy the contents of the eclipse/ cacerts file to our .pki directory //
+ * rbc = Channels.newChannel(is); ByteBuffer buffer = ByteBuffer.allocate(1024);
+ * buffer.clear(); while (rbc.read(buffer) != -1) { buffer.flip();
+ * fc.write(buffer); buffer.compact(); }
+ *
+ * } catch (IOException e) {
+ * //LogUtil.logError("Issue writing default trust store to disk.", e); } // }
+ * //AuthenticationPlugin.getDefault().getPreferenceStore().setValue(
+ * AuthenticationPreferences.TRUST_STORE_LOCATION, //
+ * localTrustStore.getAbsolutePath());
+ *
+ * }
+ */
+
+/*
+ * private void createSigintEclipseDir(Path pkiHome) { Lock fsLock = new
+ * ReentrantLock(); fsLock.lock(); try { if (Files.notExists(pkiHome)) {
+ * Files.createDirectories(pkiHome); } } catch (IOException e) { // TODO
+ * Auto-generated catch block e.printStackTrace(); } finally { fsLock.unlock();
+ * } }
+ */
+}
\ No newline at end of file
diff --git a/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/auth/PKIState.java b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/auth/PKIState.java
new file mode 100644
index 00000000000..553b89465de
--- /dev/null
+++ b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/auth/PKIState.java
@@ -0,0 +1,33 @@
+/*******************************************************************************
+ * Copyright (c) 2023 Eclipse Platform, Security Group and others.
+ *
+ * This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License 2.0
+ * which accompanies this distribution, and is available at
+ * https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *
+ * Contributors:
+ * Eclipse Platform - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.core.pki.auth;
+
+public enum PKIState {
+ CONTROL;
+ private boolean isPKCS11on=false;
+ private boolean isPKCS12on=false;
+ public boolean isPKCS11on() {
+ return isPKCS11on;
+ }
+ public void setPKCS11on(boolean isPKCS11on) {
+ this.isPKCS11on = isPKCS11on;
+ }
+ public boolean isPKCS12on() {
+ return isPKCS12on;
+ }
+ public void setPKCS12on(boolean isPKCS12on) {
+ this.isPKCS12on = isPKCS12on;
+ }
+
+}
diff --git a/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/auth/PasswordObserver.java b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/auth/PasswordObserver.java
new file mode 100644
index 00000000000..0cd7790ae04
--- /dev/null
+++ b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/auth/PasswordObserver.java
@@ -0,0 +1,95 @@
+/**
+ * Copyright (c) 2014 Codetrails GmbH.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ *
+ * Contributors:
+ * Marcel Bruch - initial API and implementation.
+ */
+package org.eclipse.core.pki.auth;
+
+import java.util.Observable;
+import java.util.Observer;
+import java.util.Optional;
+import java.io.File;
+import java.util.Collection;
+import java.util.Enumeration;
+import java.util.List;
+import java.util.Properties;
+import java.security.SecureRandom;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.concurrent.Flow.Subscriber;
+import java.util.concurrent.Flow.Subscription;
+
+
+import org.eclipse.core.runtime.RegistryFactory;
+import org.eclipse.core.runtime.spi.RegistryStrategy;
+import org.eclipse.core.runtime.IExtensionRegistry;
+import org.eclipse.core.resources.ResourcesPlugin;
+import org.eclipse.core.resources.IResource;
+import org.eclipse.core.runtime.IAdapterFactory;
+import org.eclipse.core.runtime.QualifiedName;
+import org.eclipse.core.runtime.Platform;
+import org.eclipse.core.runtime.CoreException;
+import org.eclipse.core.pki.util.LogUtil;
+import org.eclipse.core.pki.util.ConfigureTrust;
+import org.eclipse.core.pki.util.KeyStoreManager;
+import org.eclipse.core.pki.util.KeyStoreFormat;
+import org.eclipse.core.pki.pkiselection.SecurityOpRequest;
+
+import org.eclipse.core.pki.pkiselection.PKIProperties;
+
+@SuppressWarnings("restriction")
+public class PasswordObserver implements Observer, Subscriber {
+ static boolean isPkcs11Installed = false;
+ static boolean isKeyStoreLoaded = false;
+ PKIProperties pkiInstance = null;
+ Properties pkiProperties = null;
+ //SSLContext sslContext = null;
+ private Subscription subscription;
+ protected static KeyStore keyStore = null;
+ private static final int DIGITAL_SIGNATURE = 0;
+ private static final int KEY_CERT_SIGN = 5;
+ private static final int CRL_SIGN = 6;
+ public PasswordObserver() {
+
+ }
+
+ public void update(Observable obj, Object arg) {
+ Optional keystoreContainer = null;
+ String pw = (String) arg;
+ //LogUtil.logWarning("PasswordObserver- BREAK for INPUT:"+pw);
+ System.setProperty("javax.net.ssl.keyStorePassword", pw); //$NON-NLS-1$
+ KeystoreSetup setup = KeystoreSetup.getInstance();
+ setup.installKeystore();
+ }
+ public void onSubscribe(Subscription subscription) {
+ // TODO Auto-generated method stub
+ this.subscription = subscription;
+ }
+
+ public void onNext(Object item) {
+ // TODO Auto-generated method stub
+ SecurityOpRequest.INSTANCE.setConnected(true);
+ }
+
+ public void onError(Throwable throwable) {
+ // TODO Auto-generated method stub
+ }
+
+ public void onComplete() {
+ // TODO Auto-generated method stub
+ }
+}
diff --git a/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/auth/PokeInConsole.java b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/auth/PokeInConsole.java
new file mode 100644
index 00000000000..701084912b0
--- /dev/null
+++ b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/auth/PokeInConsole.java
@@ -0,0 +1,47 @@
+package org.eclipse.core.pki.auth;
+
+import java.io.BufferedReader;
+import java.io.Console;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.io.Serializable;
+
+public enum PokeInConsole implements Serializable {
+ PASSWD;
+ protected static final String ENTER="Enter password:";
+ public void get() {
+ try {
+ Console console = System.console();
+ if (console == null) {
+
+ //System.out.println("PokeInConsole - Couldn't get Console instance");
+ BufferedReader reader = new BufferedReader(new InputStreamReader(System.in));
+ System.out.print(ENTER);
+ String name=new String();
+ try {
+ //System.out.println((char)27 + "[37mWHITE");
+ //System.out.println((char)27 + "[37m");
+ System.out.println((char)27 + "[8m");
+ name = reader.readLine();
+ System.out.flush();
+ //System.out.println((char)27 + "[30mBLACK");
+ System.out.println((char)27 + "[0m");
+ System.out.println((char)27 + "[30m");
+ } catch (IOException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+
+ System.setProperty("javax.net.ssl.keyStorePassword", name);
+ } else {
+ char[] ch = console.readPassword( ENTER );
+ String pw = new String(ch);
+ System.setProperty("javax.net.ssl.keyStorePassword", pw);
+ }
+
+ } catch (Exception e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
+}
diff --git a/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/auth/Proxies.java b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/auth/Proxies.java
new file mode 100644
index 00000000000..40019849455
--- /dev/null
+++ b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/auth/Proxies.java
@@ -0,0 +1,158 @@
+/**
+ * Copyright (c) 2014 Codetrails GmbH.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ *
+ * Contributors:
+ * Marcel Bruch - initial API and implementation.
+ */
+package org.eclipse.core.pki.auth;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.InetSocketAddress;
+import java.net.Proxy;
+import java.net.ProxySelector;
+import java.net.URI;
+import java.net.UnknownHostException;
+//import org.apache.commons.httpclient.HttpHost;
+//import org.apache.commons.lang3.StringUtils;
+import java.net.http.HttpClient;
+//import java.net.http.HttpClient.Builder;
+import java.util.Optional;
+import java.util.concurrent.Executor;
+
+import org.eclipse.core.net.proxy.IProxyData;
+
+@SuppressWarnings("restriction")
+public final class Proxies {
+
+ private Proxies() {
+ // Not meant to be instantiated
+ }
+
+ private static final String DOUBLEBACKSLASH = "\\\\"; //$NON-NLS-1$
+ private static final String ENV_USERDOMAIN = "USERDOMAIN"; //$NON-NLS-1$
+ private static final String PROP_HTTP_AUTH_NTLM_DOMAIN = "http.auth.ntlm.domain"; //$NON-NLS-1$
+
+ /**
+ * Returns the domain of the current machine- if any.
+ *
+ * @param userName
+ * the user name which may be null. On windows it may contain the domain name as prefix "domain\\username".
+ */
+ public static Optional getUserDomain(String userName) {
+
+ // check the app's system properties
+ String domain = System.getProperty(PROP_HTTP_AUTH_NTLM_DOMAIN);
+ if (domain != null) {
+ return Optional.of(domain);
+ }
+
+ // check the OS environment
+ domain = System.getenv(ENV_USERDOMAIN);
+ if (domain != null) {
+ return Optional.of(domain);
+ }
+
+ // test the user's name whether it may contain an information about the domain name
+ //if (StringUtils.contains(userName, DOUBLEBACKSLASH)) {
+ if (userName.contains(DOUBLEBACKSLASH)) {
+ //return Optional.of(substringBefore(userName, DOUBLEBACKSLASH));
+ userName.substring(0, userName.indexOf(DOUBLEBACKSLASH)-1);
+ return Optional.of(userName.substring(0, userName.indexOf(DOUBLEBACKSLASH)-1));
+ }
+
+ // no domain name found
+ return Optional.empty();
+ }
+
+ /**
+ * Returns the host name of this workstation (localhost)
+ */
+ public static Optional getWorkstation() {
+ try {
+ return Optional.of(InetAddress.getLocalHost().getHostName());
+ } catch (UnknownHostException e) {
+ return Optional.empty();
+ }
+ }
+
+ /**
+ * Returns the user name without a (potential) domain prefix
+ *
+ * @param userName
+ * a String that may look like "domain\\userName"
+ */
+ public static Optional getUserName(String userName) {
+ if (userName == null) {
+ return Optional.empty();
+ }
+ //return contains(userName, DOUBLEBACKSLASH) ? of(substringAfterLast(userName, DOUBLEBACKSLASH)) : of(userName);
+ return userName.contains(DOUBLEBACKSLASH) ?
+ Optional.of(userName.substring(userName.indexOf(DOUBLEBACKSLASH))) : Optional.of(userName);
+ }
+ //public static Optional getProxyHost(URI target) {
+ public static Optional getProxyHost(URI target) {
+ //IProxyData proxy = getProxyData(target).orNull();
+ IProxyData proxy = getProxyData(target).orElse(null);
+ if (proxy == null) {
+ return Optional.empty();
+ }
+ //return Optional.of(new HttpHost(proxy.getHost(), proxy.getPort()));
+ return Optional.of(HttpClient.newBuilder()
+ .proxy(ProxySelector.of(
+ new InetSocketAddress(proxy.getHost(), proxy.getPort()))).build());
+ }
+
+ public static Executor proxyAuthentication(Executor executor, URI target) throws IOException {
+ IProxyData proxy = getProxyData(target).orElse(null);
+ if (proxy != null) {
+ //HttpHost proxyHost = new HttpHost(proxy.getHost(), proxy.getPort());
+ HttpClient.newBuilder().proxy(ProxySelector.of(new InetSocketAddress(proxy.getHost(), proxy.getPort())));
+ if (proxy.getUserId() != null) {
+ // String userId = getUserName(proxy.getUserId()).orElse(null);
+ // String pass = proxy.getPassword();
+ // String workstation = getWorkstation().orElse(null);
+ // String domain = getUserDomain(proxy.getUserId()).orElse(null);
+
+ System.out.println("Proxies - proxyAuthentication needs to be FIXED"); //$NON-NLS-1$
+ //return executor.auth(proxyHost, userId, pass, workstation, domain);
+ //return executor. auth(proxyHost, userId, pass, workstation, domain);
+ } else {
+ return executor;
+ }
+ }
+ return executor;
+ }
+
+ private static Optional getProxyData(URI target) {
+ Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(target.getHost(), target.getPort()));
+ //IProxyData[] proxies = ProxyManager.getProxyManager().select(target);
+
+ Optional op = Optional.of(proxy);
+ if (op.isEmpty()) {
+ return Optional.empty();
+ }
+ //return Optional.of(proxies[0]);
+ return op;
+ }
+
+ public static Optional getProxyUser(URI target) {
+ IProxyData proxy = getProxyData(target).orElse(null);
+ if ((proxy == null) || (proxy.getUserId() == null)) {
+ return Optional.empty();
+ }
+ return getUserName(proxy.getUserId());
+ }
+
+ public static Optional getProxyPassword(URI target) {
+ IProxyData proxy = getProxyData(target).orElse(null);
+ if ((proxy == null) || (proxy.getUserId() == null)) {
+ return Optional.empty();
+ }
+ return Optional.ofNullable(proxy.getPassword());
+ }
+}
diff --git a/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/auth/PublicKeySecurity.java b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/auth/PublicKeySecurity.java
new file mode 100644
index 00000000000..00f00d3dbb9
--- /dev/null
+++ b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/auth/PublicKeySecurity.java
@@ -0,0 +1,34 @@
+/*******************************************************************************
+ * Copyright (c) 2023 Eclipse Platform, Security Group and others.
+ *
+ * This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License 2.0
+ * which accompanies this distribution, and is available at
+ * https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *
+ * Contributors:
+ * Eclipse Platform - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.core.pki.auth;
+
+import java.util.Properties;
+
+public enum PublicKeySecurity {
+ INSTANCE;
+ protected byte[] salt = new byte[16];
+ public boolean isTurnedOn() {
+ return SecurityFileSnapshot.INSTANCE.image();
+ }
+ public void setupPKIfile() {
+
+ SecurityFileSnapshot.INSTANCE.createPKI();
+
+ }
+
+ public Properties getPkiPropertyFile(String pin) {
+ salt = new String(System.getProperty("user.name") + pin).getBytes(); //$NON-NLS-1$
+ return SecurityFileSnapshot.INSTANCE.load(pin, new String(salt));
+ }
+}
\ No newline at end of file
diff --git a/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/auth/PublishPasswordUpdate.java b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/auth/PublishPasswordUpdate.java
new file mode 100644
index 00000000000..5b3a288a5f0
--- /dev/null
+++ b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/auth/PublishPasswordUpdate.java
@@ -0,0 +1,48 @@
+/**
+ * Copyright (c) 2014 Codetrails GmbH.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ *
+ * Contributors:
+ * Marcel Bruch - initial API and implementation.
+ */
+package org.eclipse.core.pki.auth;
+
+import java.util.Observable;
+import java.util.ArrayList;
+import java.util.List;
+import org.eclipse.core.pki.util.LogUtil;
+import java.util.concurrent.Flow.*;
+import java.util.concurrent.Executors;
+import java.util.concurrent.ExecutorService;
+
+public enum PublishPasswordUpdate implements PublishPasswordUpdateIfc {
+ INSTANCE;
+ private final ExecutorService executor = Executors.newFixedThreadPool(10);
+ private List> subscribers = new ArrayList<>();
+
+ public void subscribe(Subscriber subscriber) {
+ //LogUtil.logWarning(" PublishPasswordUpdate-------subscribe"); //$NON-NLS-1$
+ subscribers.add(subscriber);
+ System.out.println("PublishPasswordUpdate adding subscriber COUNT:"+subscribers.size());
+ //return subscribers.size();
+ }
+ public int getSubscriberCount() {
+ return subscribers.size();
+ }
+
+ public void publishMessage(String message) {
+ System.out.println("PublishPasswordUpdate publish");
+ subscribers.forEach(subscriber -> {
+ executor.submit(() -> {
+ subscriber.onNext(message);
+ });
+ });
+ }
+ public void close() {
+ subscribers.forEach(Subscriber::onComplete);
+ executor.shutdown();
+ }
+}
diff --git a/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/auth/PublishPasswordUpdateIfc.java b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/auth/PublishPasswordUpdateIfc.java
new file mode 100644
index 00000000000..b6d18a0eb3d
--- /dev/null
+++ b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/auth/PublishPasswordUpdateIfc.java
@@ -0,0 +1,13 @@
+package org.eclipse.core.pki.auth;
+
+import java.util.concurrent.Flow.Publisher;
+import java.util.concurrent.Flow.Subscriber;
+
+public interface PublishPasswordUpdateIfc extends Publisher{
+
+ //public static PublishPasswordUpdate getInstance();
+ public void subscribe(Subscriber subscriber);
+ public int getSubscriberCount();
+ public void publishMessage(String message);
+ public void close();
+}
diff --git a/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/auth/SecurityFileSnapshot.java b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/auth/SecurityFileSnapshot.java
new file mode 100644
index 00000000000..c5e3a4c68ef
--- /dev/null
+++ b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/auth/SecurityFileSnapshot.java
@@ -0,0 +1,327 @@
+/*******************************************************************************
+ * Copyright (c) 2023 Eclipse Platform, Security Group and others.
+ *
+ * This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License 2.0
+ * which accompanies this distribution, and is available at
+ * https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *
+ * Contributors:
+ * Eclipse Platform - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.core.pki.auth;
+
+import java.io.IOException;
+import java.io.OutputStream;
+import java.io.InputStream;
+import java.nio.channels.Channels;
+import java.nio.channels.FileChannel;
+import java.nio.channels.FileLock;
+import java.nio.charset.Charset;
+import java.nio.file.FileSystems;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.nio.file.StandardOpenOption;
+import java.nio.file.attribute.PosixFileAttributeView;
+import java.nio.file.attribute.PosixFilePermission;
+import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.Map.Entry;
+import java.util.Optional;
+import java.util.Properties;
+import java.util.Set;
+
+import org.eclipse.core.pki.util.DotPkiPropertiesRequired;
+import org.eclipse.core.pki.util.LogUtil;
+import org.eclipse.core.pki.util.NormalizeGCM;
+import org.eclipse.core.pki.util.SecureGCM;
+import org.eclipse.core.pki.util.TemplateForPKIfile;
+import org.eclipse.core.pki.pkiselection.PkiPasswordInputUI;
+import org.eclipse.core.pki.pkiselection.PkiPasswordGrabberWidget;
+import org.eclipse.core.pki.pkiselection.SecurityOpRequest;
+
+public enum SecurityFileSnapshot {
+ INSTANCE;
+
+ Path pkiFile = null;
+ Path userM2Home = null;
+ Path userHome = null;
+ Path userDotEclipseHome = null;
+ Properties originalProperties = new Properties();
+ public static final String DotEclipse = ".eclipse";
+ public static final String USER_HOME = System.getProperty("user.home"); //$NON-NLS-1$
+
+ public boolean image() {
+ /*
+ * CHeck if .pki file is present.
+ */
+ try {
+ Optional eclipseHome = Optional.ofNullable(Files.exists(Paths.get(USER_HOME))); // $NON-NLS-1$
+ if (!(eclipseHome.isEmpty())) {
+ if (Files.exists(Paths.get(USER_HOME + FileSystems.getDefault().getSeparator() + DotEclipse
+ + FileSystems.getDefault().getSeparator() + ".pki"))) {
+
+ userDotEclipseHome = Paths.get(USER_HOME + FileSystems.getDefault().getSeparator() + DotEclipse
+ + FileSystems.getDefault().getSeparator() + ".pki");
+ if (!DotPkiPropertiesRequired.CHECKER.testFile(userDotEclipseHome)) {
+ TemplateForPKIfile.CREATION.setup();
+ return false;
+ }
+ } else {
+ LogUtil.logWarning("NO PKI file detected");
+ /*
+ * Files.createFile(Paths.get(USER_HOME+
+ * FileSystems.getDefault().getSeparator()+DotEclipse+
+ * FileSystems.getDefault().getSeparator()+ ".pki"));
+ */
+ TemplateForPKIfile.CREATION.setup();
+ return false;
+ }
+ }
+
+ } catch (Exception e1) {
+ // TODO Auto-generated catch block
+ e1.printStackTrace();
+ }
+ //isSecurityFileRequired(""); //$NON-NLS-1$
+ if (Files.exists(userDotEclipseHome)) {
+ LogUtil.logWarning("A PKI file detected;" + userDotEclipseHome.toString()); //$NON-NLS-1$
+ return true;
+ }
+ return false;
+ }
+ public boolean createPKI() {
+ Optional eclipseHome = Optional.ofNullable(Files.exists(Paths.get(USER_HOME))); // $NON-NLS-1$
+ if (!(eclipseHome.isEmpty())) {
+ if (!(Files.exists(Paths.get(USER_HOME + FileSystems.getDefault().getSeparator() + DotEclipse
+ + FileSystems.getDefault().getSeparator() + ".pki")))) {
+ String pkiFileFQN=USER_HOME + FileSystems.getDefault().getSeparator() + DotEclipse
+ + FileSystems.getDefault().getSeparator() + ".pki";
+
+ userDotEclipseHome = Paths.get(pkiFileFQN);
+ // create the PKI file
+ try {
+ Files.createFile(userDotEclipseHome);
+ } catch (IOException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ isSecurityFileRequired(pkiFileFQN);
+ return true;
+ } else {
+ //PKI file already exists
+ return false;
+ }
+ }
+ return false;
+ }
+
+ public Properties load(String password, String salt) {
+ Properties properties = new Properties();
+ String passwd = null;
+ try {
+ FileChannel fileChannel = FileChannel.open(userDotEclipseHome, StandardOpenOption.READ);
+ FileChannel updateChannel = FileChannel.open(userDotEclipseHome, StandardOpenOption.WRITE);
+ FileLock lock = fileChannel.lock(0L, Long.MAX_VALUE, true);
+ InputStream fileInputStream = Channels.newInputStream(fileChannel);
+ properties.load(fileInputStream);
+ originalProperties.putAll(properties);
+ for (Entry entry : properties.entrySet()) {
+ entry.setValue(entry.getValue().toString().trim());
+ }
+
+ Optional passwdContainer = Optional
+ .ofNullable(properties.getProperty("javax.net.ssl.keyStorePassword")); //$NON-NLS-1$
+ Optional encryptedPasswd = Optional
+ .ofNullable(properties.getProperty("javax.net.ssl.encryptedPassword")); //$NON-NLS-1$
+ if (passwdContainer.isEmpty()) {
+ Optional keyStoreContainer = Optional.ofNullable(
+ properties.getProperty("javax.net.ssl.keyStore")); //$NON-NLS-1$
+ if (!(keyStoreContainer.isEmpty() )) {
+ System.setProperty("javax.net.ssl.keyStore", keyStoreContainer.get().toString().trim());
+ }
+ Optional keyStoreTypeContainer = Optional.ofNullable(
+ properties.getProperty("javax.net.ssl.keyStoreType")); //$NON-NLS-1$
+ if (!(keyStoreTypeContainer.isEmpty() )) {
+ String keyStoreType = keyStoreTypeContainer.get().toString().trim();
+ if (keyStoreType.equalsIgnoreCase("PKCS12" )) { //$NON-NLS-1$
+ System.setProperty("javax.net.ssl.keyStoreType", keyStoreType);//$NON-NLS-1$
+ // get the passwd from console
+ //PokeInConsole.PASSWD.get();
+ //String pw=PkiPasswordInputUI.DO.get();
+ try {
+ try {
+ Optional testKeyContainer = Optional.ofNullable(
+ System.getProperty("core.key"));
+ if (!(testKeyContainer.isEmpty() )) {
+ String testKey = testKeyContainer.get().toString().trim();
+ System.out.println("SecurityFileSnapshot TESTING:"+testKey);
+ if (testKey.equalsIgnoreCase("eclipse.core.pki.testing")) {
+ return properties;
+ }
+ }
+ } catch (Exception e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ String pw=PkiPasswordGrabberWidget.INSTANCE.getInput();
+
+ LogUtil.logWarning("SecurityFileSnapshot - PASSWORD HAS BEEN INPUT");//$NON-NLS-1$
+
+ //System.out.println("SecurityFileSnapshot PASSWD:"+pw);
+ System.setProperty("javax.net.ssl.keyStorePassword", pw);//$NON-NLS-1$
+ } catch(Exception xe) {
+ // User may have said cancel
+ }
+
+
+ } else {
+ System.setProperty("javax.net.ssl.keyStorePassword", "");//$NON-NLS-1$
+ }
+ }
+ } else {
+ if ((encryptedPasswd.isEmpty()) && (!(passwdContainer.isEmpty()))) {
+ // System.out.println("ILoadProperties empty encrypted passwd NOT found");
+ // //$NON-NLS-1$
+
+ properties.setProperty("javax.net.ssl.encryptedPassword", "true"); //$NON-NLS-1$ //$NON-NLS-2$
+ passwd = passwdContainer.get();
+ properties.setProperty("javax.net.ssl.keyStorePassword", //$NON-NLS-1$
+ // SecureAES256.ENCRYPT.encrypt(passwd, password, salt));
+ SecureGCM.ENCRYPT.encrypt(passwd, password, salt));
+ OutputStream os = Channels.newOutputStream(updateChannel);
+ properties.save(os, null);
+ // After saving encrypted passwd to properties file, switch to unencrypted
+ properties.setProperty("javax.net.ssl.keyStorePassword", passwd); //$NON-NLS-1$
+ SecurityOpRequest.INSTANCE.setConnected(true);
+ //PublishPasswordUpdateImpl publisher = PublishPasswordUpdateImpl.getInstance();
+ //publisher.publishMessage(passwd);
+ PublishPasswordUpdate.INSTANCE.publishMessage(passwd);
+ } else {
+
+ // String ePasswd = properties.getProperty("javax.net.ssl.keyStorePassword");
+ // //$NON-NLS-1$
+ String ePasswd = passwdContainer.get();
+ passwd = NormalizeGCM.DECRYPT.decrypt(ePasswd, password, salt);
+ System.setProperty("javax.net.ssl.decryptedPassword", "true"); //$NON-NLS-1$ //$NON-NLS-2$
+ properties.setProperty("javax.net.ssl.keyStorePassword", passwd); //$NON-NLS-1$
+ properties.setProperty("javax.net.ssl.decryptedPassword", "true"); //$NON-NLS-1$ //$NON-NLS-2$
+
+ }
+ }
+
+ properties.setProperty("javax.net.ssl.decryptedPassword", "true"); //$NON-NLS-1$ //$NON-NLS-2$
+
+ System.getProperties().putAll(properties);
+
+ lock.release();
+ LogUtil.logWarning("SecurityFileSnapshot - Loaded PKI System Properties"); //$NON-NLS-1$
+ } catch (IOException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ return properties;
+
+ }
+
+ public void restoreProperties() {
+ try {
+ Files.deleteIfExists(userDotEclipseHome);
+ Files.createFile(userDotEclipseHome);
+ FileChannel updateChannel = FileChannel.open(userDotEclipseHome, StandardOpenOption.WRITE);
+ OutputStream os = Channels.newOutputStream(updateChannel);
+ String date = new SimpleDateFormat("dd-MM-yyyy").format(new Date());
+ originalProperties.store(os, "Restored to Original:" + date);
+ os.flush();
+ os.close();
+ } catch (Exception e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+
+ }
+
+ private static void isSecurityFileRequired(String securityFileLocation) {
+ Path dir = null;
+ StringBuilder sb = new StringBuilder();
+
+ try {
+ sb.append(securityFileLocation);
+ sb.append(FileSystems.getDefault().getSeparator());
+ // sb.append("TESTDIR"); // testing
+ // sb.append(FileSystems.getDefault().getSeparator());
+ dir = Paths.get(sb.toString());
+ try {
+ //just in case it hasnt been created yet
+ Files.createDirectories(dir);
+ } catch(Exception createFileErr) {}
+
+ Path path = Paths.get(sb.toString());
+
+ if (!(path.toFile().exists())) {
+ Files.deleteIfExists(path);
+ Files.createFile(path);
+ Charset charset = Charset.forName("UTF-8");//$NON-NLS-1$
+ LogUtil.logWarning("SecurityFileSnapshot - loading Properties"); //$NON-NLS-1$
+ ArrayList a = fileContents();
+ if (FileSystems.getDefault().supportedFileAttributeViews().contains("posix")) { //$NON-NLS-1$
+ LogUtil.logWarning("SecurityFileSnapshot - posix save properties"); //$NON-NLS-1$
+ PosixFileAttributeView posixAttributes = Files.getFileAttributeView(path,
+ PosixFileAttributeView.class);
+ Set permissions = posixAttributes.readAttributes().permissions();
+ permissions.remove(PosixFilePermission.GROUP_READ);
+ posixAttributes.setPermissions(permissions);
+ Files.write(path, a, charset, StandardOpenOption.TRUNCATE_EXISTING);
+
+ permissions.remove(PosixFilePermission.OWNER_WRITE);
+ posixAttributes.setPermissions(permissions);
+ } else {
+ LogUtil.logWarning("SecurityFileSnapshot - non-posix save properties"); //$NON-NLS-1$
+ // Windoerz
+ // DosFileAttributeView dosAttributes = Files.getFileAttributeView(path,
+ // DosFileAttributeView.class);
+ // DosFileAttributes standardPermissions = dosAttributes.readAttributes();
+ Files.write(path, a, charset, StandardOpenOption.TRUNCATE_EXISTING);
+ Files.setAttribute(path, "dos:hidden", Boolean.valueOf(true));//$NON-NLS-1$
+ }
+ }
+
+ } catch (IOException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
+
+ private static ArrayList fileContents() {
+
+ ArrayList a = new ArrayList<>();
+
+ try {
+ a.add("javax.net.ssl.trustStoreType=" + System.getProperty("javax.net.ssl.trustStoreType"));//$NON-NLS-1$ //$NON-NLS-2$
+ a.add("javax.net.ssl.trustStorePassword=" + System.getProperty("javax.net.ssl.trustStorePassword"));//$NON-NLS-1$ //$NON-NLS-2$
+ a.add("javax.net.ssl.trustStore=" + System.getProperty("javax.net.ssl.trustStore"));//$NON-NLS-1$ //$NON-NLS-2$
+ a.add("");//$NON-NLS-1$
+
+ if (System.getProperty("javax.net.ssl.keyStoreType") != null) {//$NON-NLS-1$
+ a.add("javax.net.ssl.keyStoreType=" + System.getProperty("javax.net.ssl.keyStoreType"));//$NON-NLS-1$ //$NON-NLS-2$
+ a.add("javax.net.ssl.keyStore=" + System.getProperty("javax.net.ssl.keyStore")); //$NON-NLS-1$ //$NON-NLS-2$
+ if (System.getProperty("javax.net.ssl.keyStoreType").equalsIgnoreCase("PKCS12")) { //$NON-NLS-1$ //$NON-NLS-2$
+ // a.add("javax.net.ssl.keyStorePassword="+
+ // System.getProperty("javax.net.ssl.keyStorePassword"));
+ } else {
+ a.add("javax.net.ssl.keyStorePassword=");//$NON-NLS-1$
+ a.add("javax.net.ssl.keyStoreProvider=" + System.getProperty("javax.net.ssl.keyStoreProvider")); //$NON-NLS-1$ //$NON-NLS-2$
+ }
+ }
+
+ } catch (Exception e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ return a;
+ }
+}
diff --git a/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/exception/CertificateDoesNotExistException.java b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/exception/CertificateDoesNotExistException.java
new file mode 100644
index 00000000000..61e3a931346
--- /dev/null
+++ b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/exception/CertificateDoesNotExistException.java
@@ -0,0 +1,36 @@
+package org.eclipse.core.pki.exception;
+/*******************************************************************************
+ * Copyright (c) 2023 Eclipse Platform, Security Group and others.
+ *
+ * This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License 2.0
+ * which accompanies this distribution, and is available at
+ * https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *
+ * Contributors:
+ * Eclipse Platform - initial API and implementation
+ *******************************************************************************/
+
+
+public class CertificateDoesNotExistException extends InvalidPkcs12StreamException {
+
+ private static final long serialVersionUID = -2415838781812652429L;
+
+ public CertificateDoesNotExistException() {
+ super();
+ }
+
+ public CertificateDoesNotExistException( String arg0 ) {
+ super( arg0 );
+ }
+
+ public CertificateDoesNotExistException( Throwable arg0 ) {
+ super( arg0 );
+ }
+
+ public CertificateDoesNotExistException( String arg0, Throwable arg1 ) {
+ super( arg0, arg1 );
+ }
+}
diff --git a/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/exception/InvalidPkcs12StreamException.java b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/exception/InvalidPkcs12StreamException.java
new file mode 100644
index 00000000000..aaef0fda94a
--- /dev/null
+++ b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/exception/InvalidPkcs12StreamException.java
@@ -0,0 +1,38 @@
+/*******************************************************************************
+ * Copyright (c) 2023 Eclipse Platform, Security Group and others.
+ *
+ * This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License 2.0
+ * which accompanies this distribution, and is available at
+ * https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *
+ * Contributors:
+ * Eclipse Platform - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.core.pki.exception;
+
+import java.security.cert.CertificateException;
+
+public class InvalidPkcs12StreamException extends
+ CertificateException {
+
+ private static final long serialVersionUID = 548968883742412291L;
+
+ public InvalidPkcs12StreamException() {
+ }
+
+ public InvalidPkcs12StreamException( String arg0 ) {
+ super( arg0 );
+ }
+
+ public InvalidPkcs12StreamException( Throwable arg0 ) {
+ super( arg0 );
+ }
+
+ public InvalidPkcs12StreamException( String arg0, Throwable arg1 ) {
+ super( arg0, arg1 );
+ }
+
+}
diff --git a/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/exception/NonDigitalSignatureCertificateException.java b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/exception/NonDigitalSignatureCertificateException.java
new file mode 100644
index 00000000000..5dbcfff63ea
--- /dev/null
+++ b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/exception/NonDigitalSignatureCertificateException.java
@@ -0,0 +1,25 @@
+package org.eclipse.core.pki.exception;
+
+import java.security.cert.CertificateException;
+
+public class NonDigitalSignatureCertificateException extends
+ CertificateException {
+
+ private static final long serialVersionUID = 8626994851137646007L;
+
+ public NonDigitalSignatureCertificateException() {
+ }
+
+ public NonDigitalSignatureCertificateException( String arg0 ) {
+ super( arg0 );
+ }
+
+ public NonDigitalSignatureCertificateException( Throwable arg0 ) {
+ super( arg0 );
+ }
+
+ public NonDigitalSignatureCertificateException( String arg0, Throwable arg1 ) {
+ super( arg0, arg1 );
+ }
+
+}
diff --git a/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/exception/UserCanceledException.java b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/exception/UserCanceledException.java
new file mode 100644
index 00000000000..657356900e0
--- /dev/null
+++ b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/exception/UserCanceledException.java
@@ -0,0 +1,41 @@
+package org.eclipse.core.pki.exception;
+
+public class UserCanceledException extends Exception {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 1L;
+
+ /**
+ *
+ */
+ public UserCanceledException() {
+ super();
+ }
+
+ /**
+ * @param message
+ * @param cause
+ */
+ public UserCanceledException(String message, Throwable cause) {
+ super(message, cause);
+ }
+
+ /**
+ * @param message
+ */
+ public UserCanceledException(String message) {
+ super(message);
+ }
+
+ /**
+ * @param cause
+ */
+ public UserCanceledException(Throwable cause) {
+ super(cause);
+ }
+
+
+
+}
diff --git a/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/exception/WrongPasswordException.java b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/exception/WrongPasswordException.java
new file mode 100644
index 00000000000..850f218d18d
--- /dev/null
+++ b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/exception/WrongPasswordException.java
@@ -0,0 +1,25 @@
+package org.eclipse.core.pki.exception;
+
+import java.security.cert.CertificateException;
+
+public class WrongPasswordException extends
+ CertificateException {
+
+ private static final long serialVersionUID = 6845666941431518872L;
+
+ public WrongPasswordException() {
+ }
+
+ public WrongPasswordException( String arg0 ) {
+ super( arg0 );
+ }
+
+ public WrongPasswordException( Throwable arg0 ) {
+ super( arg0 );
+ }
+
+ public WrongPasswordException( String arg0, Throwable arg1 ) {
+ super( arg0, arg1 );
+ }
+
+}
diff --git a/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/pkiselection/PKI.java b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/pkiselection/PKI.java
new file mode 100644
index 00000000000..311c883b0c1
--- /dev/null
+++ b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/pkiselection/PKI.java
@@ -0,0 +1,92 @@
+/*******************************************************************************
+ * Copyright (c) 2023 Eclipse Platform, Security Group and others.
+ *
+ * This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License 2.0
+ * which accompanies this distribution, and is available at
+ * https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *
+ * Contributors:
+ * Eclipse Platform - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.core.pki.pkiselection;
+
+public class PKI {
+ private String keyStore = ""; //$NON-NLS-1$
+ private String keyStoreType = ""; //$NON-NLS-1$
+ private String keyStoreProvider = ""; //$NON-NLS-1$
+ private transient String keyStorePassword = ""; //$NON-NLS-1$
+ private boolean isSecureStorage=false;
+ public PKI() {}
+ public String getKeyStore() {
+ return keyStore;
+ }
+ public void setKeyStore(String keyStore) {
+ this.keyStore = keyStore;
+ }
+ public String getKeyStoreType() {
+ return keyStoreType;
+ }
+ public void setKeyStoreType(String keyStoreType) {
+ this.keyStoreType = keyStoreType;
+ }
+ public String getKeyStoreProvider() {
+ return keyStoreProvider;
+ }
+ public void setKeyStoreProvider(String keyStoreProvider) {
+ this.keyStoreProvider = keyStoreProvider;
+ }
+ public String getKeyStorePassword() {
+ return keyStorePassword;
+ }
+ public void setKeyStorePassword(String keyStorePassword) {
+ this.keyStorePassword = keyStorePassword;
+ }
+
+ public boolean isSecureStorage() {
+ return isSecureStorage;
+ }
+ public void setSecureStorage(boolean isSecureStorage) {
+ this.isSecureStorage = isSecureStorage;
+ }
+ public void reSetSystem() {
+ try {
+ if ( this.getKeyStore() != null ) {
+ System.setProperty("javax.net.ssl.keyStore", this.getKeyStore()); //$NON-NLS-1$
+ } else {
+ System.clearProperty("javax.net.ssl.keyStore"); //$NON-NLS-1$
+ }
+
+ if ( this.getKeyStoreType() != null ) {
+ System.setProperty("javax.net.ssl.keyStoreType", this.getKeyStoreType()); //$NON-NLS-1$
+ } else {
+ System.clearProperty("javax.net.ssl.keyStoreType"); //$NON-NLS-1$
+ }
+
+ if( this.getKeyStoreProvider() != null) {
+ // System.out.println("PKI - CLEARING keystoreprovider"); //$NON-NLS-1$
+ if ( this.getKeyStoreProvider().isEmpty()) {
+ System.clearProperty("javax.net.ssl.keyStoreProvider"); //$NON-NLS-1$
+ } else {
+ if (this.getKeyStoreType().equalsIgnoreCase("PKCS12")) { //$NON-NLS-1$
+ System.clearProperty("javax.net.ssl.keyStoreProvider"); //$NON-NLS-1$
+ } else {
+ System.setProperty("javax.net.ssl.keyStoreProvider", this.getKeyStoreProvider()); //$NON-NLS-1$
+ }
+ }
+ } else {
+ System.clearProperty("javax.net.ssl.keyStoreProvider"); //$NON-NLS-1$
+ }
+
+ if ( this.getKeyStorePassword() != null) {
+ System.setProperty("javax.net.ssl.keyStorePassword", getKeyStorePassword()); //$NON-NLS-1$
+ } else {
+ System.clearProperty("javax.net.ssl.keyStorePassword"); //$NON-NLS-1$
+ }
+ } catch(Exception e) {
+ e.printStackTrace();
+ }
+ }
+}
\ No newline at end of file
diff --git a/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/pkiselection/PKIProperties.java b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/pkiselection/PKIProperties.java
new file mode 100644
index 00000000000..e32567f8667
--- /dev/null
+++ b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/pkiselection/PKIProperties.java
@@ -0,0 +1,201 @@
+/*******************************************************************************
+ * Copyright (c) 2023 Eclipse Platform, Security Group and others.
+ *
+ * This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License 2.0
+ * which accompanies this distribution, and is available at
+ * https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *
+ * Contributors:
+ * Eclipse Platform - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.core.pki.pkiselection;
+
+import java.net.Authenticator;
+import java.net.PasswordAuthentication;
+import java.util.Optional;
+
+import org.eclipse.core.pki.util.LogUtil;
+//import org.eclipse.core.runtime.IStatus;
+//import org.eclipse.core.runtime.Status;
+
+public class PKIProperties extends Authenticator {
+
+
+ private String keyStore = ""; //$NON-NLS-1$
+ private String keyStoreType = ""; //$NON-NLS-1$
+ private String keyStoreProvider = ""; //$NON-NLS-1$
+ private String username = null;
+ private transient String keyStorePassword = ""; //$NON-NLS-1$
+ private static PKI lastPKI=null;
+ private static PKIProperties sslProperties=null;
+ public static PKIProperties getNewInstance() {
+ return new PKIProperties();
+ }
+ public static PKIProperties getInstance() {
+ if ( sslProperties == null ) {
+ synchronized(PKIProperties.class) {
+ if ( sslProperties == null ) {
+ sslProperties = new PKIProperties();
+ try {
+ sslProperties.load();
+ } catch(Exception ignoreException) {
+ ignoreException.printStackTrace();
+ }
+ }
+ }
+ }
+ return sslProperties;
+ }
+ private PKIProperties() {}
+ @Override
+ public PasswordAuthentication getPasswordAuthentication() {
+ PasswordAuthentication auth = null;
+
+ try {
+ auth = new PasswordAuthentication(this.getUsername(), this.getKeyStorePassword().toCharArray() );
+ } catch (Exception e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+
+ return auth;
+ }
+ public String getKeyStore() {
+ return keyStore;
+ }
+ public void setKeyStore(String keyStore) {
+ this.keyStore = keyStore;
+ }
+ public String getKeyStoreType() {
+ return keyStoreType;
+ }
+ public void setKeyStoreType(String keyStoreType) {
+ this.keyStoreType = keyStoreType;
+ }
+ public String getKeyStoreProvider() {
+ return keyStoreProvider;
+ }
+ public void setKeyStoreProvider(String keyStoreProvider) {
+ this.keyStoreProvider = keyStoreProvider;
+ }
+ public String getKeyStorePassword() {
+ return keyStorePassword;
+ }
+ public void setKeyStorePassword(String keyStorePassword) {
+ this.keyStorePassword = keyStorePassword;
+ }
+ public String getUsername() {
+ return username;
+ }
+ public void setUsername(String username) {
+ this.username = username;
+ }
+ public void restore() {
+ // System.out.println("PKIProperties - restore"); //$NON-NLS-1$
+ try {
+ if (( this.getKeyStore() != null ) &&
+ ( this.getKeyStoreType() != null ) &&
+ ( this.getKeyStoreProvider() != null) &&
+ ( this.getKeyStorePassword() != null) ) {
+
+ if ( !(this.getKeyStore().isEmpty()) ) {
+ System.setProperty("javax.net.ssl.keyStore", this.getKeyStore()); //$NON-NLS-1$
+ }
+
+ if ( !(this.getKeyStoreType().isEmpty()) ) {
+ System.setProperty("javax.net.ssl.keyStoreType", this.getKeyStoreType()); //$NON-NLS-1$
+ }
+
+ if ( !(this.getKeyStoreProvider().isEmpty() )) {
+ System.setProperty("javax.net.ssl.keyStoreProvider", this.getKeyStoreProvider()); //$NON-NLS-1$
+ }
+
+ if ( !(this.getKeyStorePassword().isEmpty() )) {
+ if ( lastPKI != null ) {
+ if ( lastPKI.getKeyStorePassword().isEmpty() ) {
+ System.clearProperty("javax.net.ssl.keyStorePassword"); //$NON-NLS-1$
+ }
+ } else {
+ System.setProperty("javax.net.ssl.keyStorePassword", getKeyStorePassword()); //$NON-NLS-1$
+ }
+ }
+ } else {
+ clear();
+ }
+
+ } catch (Exception e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
+ public void load() {
+ Optional keyStoreType = null;
+ Optional keyStore = null;
+ Optional keyStorePassword = null;
+ Optional keyStoreProvider = null;
+ LogUtil.logInfo("PKIProperties loading....");
+ keyStore = Optional.ofNullable(System.getProperty("javax.net.ssl.keyStore")); //$NON-NLS-1$
+ if (keyStore.isEmpty()) {
+ sslProperties.setKeyStore(""); //$NON-NLS-1$
+ } else {
+ // LogUtil.logInfo("PKIProperties keystorePKI" +
+ // System.getProperty("javax.net.ssl.keyStore")); //$NON-NLS-1$ //$NON-NLS-2$
+ sslProperties.setKeyStore(keyStore.get().toString());
+ }
+
+ keyStoreType = Optional.ofNullable(System.getProperty("javax.net.ssl.keyStoreType")); //$NON-NLS-1$
+ if (keyStoreType.isEmpty()) {
+ sslProperties.setKeyStoreType(""); //$NON-NLS-1$
+ } else {
+ sslProperties.setKeyStoreType(keyStoreType.get().toString());
+ }
+ keyStoreProvider = Optional.ofNullable(System.getProperty("javax.net.ssl.keyStoreProvider")); //$NON-NLS-1$
+ if (keyStoreProvider.isEmpty()) {
+ sslProperties.setKeyStoreProvider(""); //$NON-NLS-1$
+ } else {
+ sslProperties.setKeyStoreProvider(keyStoreType.get().toString());
+ if (sslProperties.getKeyStoreType().equalsIgnoreCase("pkcs12")) {//$NON-NLS-1$
+ System.clearProperty("javax.net.ssl.keyStoreProvider"); //$NON-NLS-1$
+ sslProperties.setKeyStoreProvider(""); //$NON-NLS-1$
+ }
+ }
+
+
+ keyStorePassword = Optional.ofNullable(System.getProperty("javax.net.ssl.keyStorePassword")); //$NON-NLS-1$
+ if (keyStoreType.isEmpty()) {
+ sslProperties.setKeyStorePassword(""); //$NON-NLS-1$
+ } else {
+ sslProperties.setKeyStorePassword(keyStorePassword.get().toString());
+ }
+
+ sslProperties.setUsername(System.getProperty("user.name")); //$NON-NLS-1$
+ }
+ public void setLastPkiValue( PKI pki ) {
+ lastPKI = pki;
+ }
+ public void clear() {
+ // System.out.println("PKIProperties - CLESAR ALL PROPR"); //$NON-NLS-1$
+ System.clearProperty("javax.net.ssl.keyStoreProvider"); //$NON-NLS-1$
+ System.clearProperty("javax.net.ssl.keyStore"); //$NON-NLS-1$
+ System.clearProperty("javax.net.ssl.keyStoreProvider"); //$NON-NLS-1$
+ System.clearProperty("javax.net.ssl.keyStorePassword"); //$NON-NLS-1$
+ }
+ public void dump() {
+ StringBuffer sb = new StringBuffer();
+ sb.append("javax.net.ssl.keyStore="); //$NON-NLS-1$
+ sb.append(sslProperties.getKeyStore());
+ sb.append("\n"); //$NON-NLS-1$
+ sb.append("javax.net.ssl.keyStoreType="); //$NON-NLS-1$
+ sb.append(sslProperties.getKeyStoreType());
+ sb.append("\n"); //$NON-NLS-1$
+ sb.append("javax.net.ssl.keyStoreProvider="); //$NON-NLS-1$
+ sb.append(sslProperties.getKeyStoreProvider());
+ sb.append("\n"); //$NON-NLS-1$
+
+ // Status status = new Status(IStatus.INFO, sb.toString(), null);
+ LogUtil.logInfo(sb.toString());
+ }
+}
diff --git a/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/pkiselection/PkiPasswordDialog.java b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/pkiselection/PkiPasswordDialog.java
new file mode 100644
index 00000000000..c25ee84721b
--- /dev/null
+++ b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/pkiselection/PkiPasswordDialog.java
@@ -0,0 +1,207 @@
+/*******************************************************************************
+ * Copyright (c) 2023 Eclipse Platform, Security Group and others.
+ *
+ * This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License 2.0
+ * which accompanies this distribution, and is available at
+ * https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *
+ * Contributors:
+ * Eclipse Platform - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.core.pki.pkiselection;
+
+import java.util.Optional;
+import org.eclipse.swt.SWT;
+import org.eclipse.swt.events.SelectionAdapter;
+import org.eclipse.swt.events.SelectionEvent;
+import org.eclipse.swt.widgets.Button;
+import org.eclipse.swt.graphics.Font;
+import org.eclipse.swt.graphics.FontData;
+import org.eclipse.swt.graphics.Point;
+import org.eclipse.swt.widgets.Display;
+import org.eclipse.jface.dialogs.Dialog;
+import org.eclipse.swt.widgets.MessageBox;
+//import org.eclipse.swt.widgets.Dialog;
+import org.eclipse.swt.widgets.Label;
+import org.eclipse.swt.widgets.Shell;
+import org.eclipse.swt.widgets.Text;
+import org.eclipse.swt.layout.GridLayout;
+import org.eclipse.swt.layout.GridData;
+import org.eclipse.swt.widgets.Composite;
+import org.eclipse.swt.widgets.Control;
+import org.eclipse.swt.internal.Callback;
+import org.eclipse.core.pki.auth.ContextObservable;
+import org.eclipse.core.pki.auth.PublishPasswordUpdate;
+import org.eclipse.core.pki.util.LogUtil;
+import org.eclipse.core.pki.util.KeyStoreManager;
+import org.eclipse.core.pki.util.KeyStoreFormat;
+
+public class PkiPasswordDialog extends Dialog implements Runnable {
+
+ protected Object result;
+ protected Shell shell;
+ protected Text passwdField;
+ protected String pw = null;
+ boolean uninitialzed = true;
+ boolean isReady = true;
+ ContextObservable observable = null;
+ //PublishPasswordUpdateImpl publisher = null;
+
+ //public PkiPasswordDialog(Shell parent, ContextObservable ob,PublishPasswordUpdate pwu ) {
+ public PkiPasswordDialog(Shell parent, ContextObservable ob) {
+ super(parent);
+ observable = ob;
+ //publisher=pwu;
+ // LogUtil.logWarning("PkiPasswordDialog CONSTRUCTOR");
+ // Display.getDefault().asyncExec(this);
+ Display.getDefault().asyncExec(this); // main thread waits
+ }
+
+ @Override
+ protected void okPressed() {
+ Optional keystoreContainer = null;
+ // LogUtil.logWarning("PkiPasswordDialog OK pressed");
+ String _passphrase = passwdField.getText();
+ // LogUtil.logWarning("PkiPasswordDialog OK pressed TEXT:"+_passphrase);
+ if (_passphrase == null || _passphrase.length() == 0) {
+ return;
+ }
+ pw = _passphrase;
+ System.setProperty("javax.net.ssl.keyStorePassword", pw); //$NON-NLS-1$
+ keystoreContainer = Optional
+ .ofNullable(KeyStoreManager.INSTANCE.getKeyStore(System.getProperty("javax.net.ssl.keyStore"), //$NON-NLS-1$
+ System.getProperty("javax.net.ssl.keyStorePassword"), //$NON-NLS-1$
+ KeyStoreFormat.valueOf(System.getProperty("javax.net.ssl.keyStoreType")))); //$NON-NLS-1$
+ if ((keystoreContainer.isEmpty()) || (!(KeyStoreManager.INSTANCE.isKeyStoreInitialized()))) {
+ passwdField.setText("");
+ MessageBox boxDialog = new MessageBox(shell, SWT.ICON_QUESTION | SWT.OK | SWT.CANCEL);
+ boxDialog.setText("Password Error Message");
+ boxDialog.setMessage("The password you entered is incorrect?");
+ System.clearProperty("javax.net.ssl.keyStorePassword"); //$NON-NLS-1$
+ int returnCode = boxDialog.open();
+ } else {
+ PublishPasswordUpdate.INSTANCE.publishMessage(pw);
+ observable.onchange(pw);
+ setReturnCode(OK);
+ super.okPressed();
+
+ close();
+ }
+ }
+
+ @Override
+ protected void cancelPressed() {
+ // LogUtil.logWarning("PkiPasswordDialog CANCEL pressed");
+ pw = null;
+ super.cancelPressed();
+ close();
+ }
+
+ @Override
+ protected void configureShell(Shell shell) {
+ super.configureShell(shell);
+
+ Font font = new Font(shell.getDisplay(), new FontData("Arial", 25, SWT.BOLD));
+ shell.setFont(font);
+ shell.setText("PKCS12 PKI Password Input Field");
+
+ // LogUtil.logWarning("PkiPasswordDialog configureShell");
+ }
+
+ @Override
+ public void create() {
+ super.create();
+ passwdField.setFocus();
+ // LogUtil.logWarning("PkiPasswordDialog create");
+ }
+
+ public String getPW() {
+ // LogUtil.logWarning("PkiPasswordDialog getPW");
+ return pw;
+ }
+
+ protected Control createDialogArea(Composite parent) {
+ // LogUtil.logWarning("PkiPasswordDialog createDialogArea");
+ initializeDialogUnits(parent);
+ // Composite main = new Composite(parent, SWT.NONE);
+ Composite main = new Composite(parent, SWT.BORDER);
+ GridLayout gridLayout = new GridLayout();
+ gridLayout.numColumns = 5;
+ gridLayout.marginTop = 20;
+ // main.setSize(800, 500);
+ main.setLayout(gridLayout);
+ main.setLayoutData(new GridData(GridData.FILL_BOTH));
+ // main.setLayoutData(new GridData(SWT.BEGINNING, SWT.CENTER, false, false));
+ // main.pack();
+ setup(main);
+ Dialog.applyDialogFont(main);
+
+ return main;
+
+ }
+
+ public void run() {
+ // LogUtil.logWarning("PkiPasswordDialog run methid top");
+ try {
+ if (uninitialzed) {
+ uninitialzed = false;
+ this.create();
+ shell = createShell();
+ shell.layout();
+ // configureShell(shell);
+ Control control = createDialogArea(getContents().getParent());
+
+ control.pack();
+
+ // LogUtil.logWarning("PkiPasswordDialog run methid NOW OPEN");
+
+ open();
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+ @Override
+ protected Point getInitialSize() {
+ return new Point(500, 200);
+ }
+
+ public void setup(Composite parent) {
+ if (isReady) {
+ isReady = false;
+ // LogUtil.logWarning("PkiPasswordDialog setup");
+
+ passwdField = new Text(parent, SWT.SINGLE | SWT.BORDER | SWT.PASSWORD);
+ passwdField.setTextLimit(25);
+ Font font = new Font(parent.getDisplay(), new FontData("Arial", 12, SWT.BOLD));
+ passwdField.setFont(font);
+
+ passwdField.setText("");
+ passwdField.setEchoChar('*');
+ GridData data = new GridData(GridData.BEGINNING, GridData.FILL, false, false);
+ data.widthHint = 130;
+ passwdField.setLayoutData(data);
+
+ Button button = new Button(parent, SWT.PUSH);
+ button.setText("Show Password");
+
+ Label labelInfo = new Label(parent, SWT.NONE);
+ labelInfo.setText("*");
+
+ button.addSelectionListener(new SelectionAdapter() {
+
+ @Override
+ public void widgetSelected(SelectionEvent e) {
+ // LogUtil.logWarning("PkiPasswordDialog WIDGET pressed");
+ labelInfo.setText(passwdField.getText());
+ labelInfo.pack();
+ }
+ });
+
+ }
+ }
+}
diff --git a/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/pkiselection/PkiPasswordGrabberWidget.java b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/pkiselection/PkiPasswordGrabberWidget.java
new file mode 100644
index 00000000000..d2ddaba5a56
--- /dev/null
+++ b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/pkiselection/PkiPasswordGrabberWidget.java
@@ -0,0 +1,111 @@
+/*******************************************************************************
+ * Copyright (c) 2023 Eclipse Platform, Security Group and others.
+ *
+ * This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License 2.0
+ * which accompanies this distribution, and is available at
+ * https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *
+ * Contributors:
+ * Eclipse Platform - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.core.pki.pkiselection;
+
+import java.util.Optional;
+
+import javax.swing.Icon;
+import javax.swing.ImageIcon;
+import javax.swing.JFrame;
+import javax.swing.JLabel;
+import javax.swing.JOptionPane;
+import javax.swing.JPanel;
+import javax.swing.JPasswordField;
+import javax.swing.SwingConstants;
+
+import org.eclipse.core.pki.auth.PublishPasswordUpdate;
+import org.eclipse.core.pki.util.KeyStoreFormat;
+import org.eclipse.core.pki.util.KeyStoreManager;
+import org.eclipse.core.runtime.IConfigurationElement;
+import org.eclipse.core.runtime.Platform;
+
+public enum PkiPasswordGrabberWidget {
+ INSTANCE;
+ JFrame frame = null;
+ Icon icon = null;
+
+ JPasswordField pword = null;
+
+ public String getInput() {
+
+ //PublishPasswordUpdateImpl publisher = PublishPasswordUpdateImpl.getInstance();
+
+ Optional keystoreContainer = null;
+ JPanel panel = new JPanel();
+ JLabel label = new JLabel("Enter Password:");
+ JLabel blankie = new JLabel("\n", SwingConstants.CENTER);
+ pword = new JPasswordField(17);
+ String pw=null;
+ panel.add(label);
+ panel.add(blankie);
+ panel.add(pword);
+ try {
+
+ icon = new ImageIcon(getClass().getResource("/icons/icons8-password-48.png"));
+ } catch (Exception iconErr) {
+ //iconErr.printStackTrace();
+ }
+
+ panel.requestFocus();
+ char[] password = null;
+ while (true) {
+ String[] options = new String[] {"cancel", "submit"};
+
+ //showOptionDialog(Component parentComponent,
+ // Object message, String title, int optionType,
+ // int messageType, Icon icon, Object[] options,
+ // Object initialValue)
+
+ int option = JOptionPane.showOptionDialog(null, panel, "Eclipse PKI Password/PiN Entry",
+ JOptionPane.INFORMATION_MESSAGE, JOptionPane.PLAIN_MESSAGE,
+ icon, options, options[1]);
+
+ //System.out.println("Your ENTRY OPTION is: " + option);
+
+ if (option == 0) {
+ //System.out.println("PkiPasswordGrabberWidget CANCEL value NO_OPTION ");
+ JOptionPane.showMessageDialog(null,"CANCELED",null,
+ JOptionPane.ERROR_MESSAGE);
+
+ break;
+ } else if(option == 1) {
+ password = pword.getPassword();
+ pw=new String(password);
+ //System.out.println("Your password is: " + new String(password));
+
+ System.setProperty("javax.net.ssl.keyStorePassword", pw); //$NON-NLS-1$
+
+ keystoreContainer = Optional
+ .ofNullable(KeyStoreManager.INSTANCE.getKeyStore(System.getProperty("javax.net.ssl.keyStore"), //$NON-NLS-1$
+ System.getProperty("javax.net.ssl.keyStorePassword"), //$NON-NLS-1$
+ KeyStoreFormat.valueOf(System.getProperty("javax.net.ssl.keyStoreType")))); //$NON-NLS-1$
+ if ((keystoreContainer.isEmpty()) || (!(KeyStoreManager.INSTANCE.isKeyStoreInitialized()))) {
+ JOptionPane.showMessageDialog(null,"Incorrect Password",null,
+ JOptionPane.ERROR_MESSAGE);
+ System.clearProperty("javax.net.ssl.keyStorePassword"); //$NON-NLS-1$
+ pword.setText("");
+ } else {
+ //System.out.println("Your password is GOOD");
+ PublishPasswordUpdate.INSTANCE.publishMessage(pw);
+ break;
+ }
+ } else {
+ System.out.println("wtf");
+ break;
+ }
+
+ }
+ return pw;
+ }
+}
diff --git a/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/pkiselection/PkiPasswordInputUI.java b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/pkiselection/PkiPasswordInputUI.java
new file mode 100644
index 00000000000..f13583e2b2b
--- /dev/null
+++ b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/pkiselection/PkiPasswordInputUI.java
@@ -0,0 +1,90 @@
+/*******************************************************************************
+ * Copyright (c) 2023 Eclipse Platform, Security Group and others.
+ *
+ * This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License 2.0
+ * which accompanies this distribution, and is available at
+ * https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *
+ * Contributors:
+ * Eclipse Platform - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.core.pki.pkiselection;
+
+import java.lang.reflect.*;
+import java.util.concurrent.Flow.Subscriber;
+import org.eclipse.swt.widgets.Dialog;
+import org.eclipse.swt.SWT;
+import org.eclipse.swt.events.SelectionAdapter;
+import org.eclipse.swt.events.SelectionEvent;
+import org.eclipse.swt.layout.RowLayout;
+import org.eclipse.swt.widgets.Button;
+import org.eclipse.swt.widgets.Display;
+import org.eclipse.swt.widgets.Label;
+import org.eclipse.swt.widgets.Shell;
+import org.eclipse.swt.widgets.Text;
+import org.eclipse.swt.layout.GridLayout;
+import org.eclipse.ui.IWorkbenchWindow;
+import org.eclipse.ui.PlatformUI;
+
+import org.eclipse.core.pki.auth.PublishPasswordUpdate;
+import org.eclipse.core.pki.auth.ContextObservable;
+import org.eclipse.core.pki.auth.PasswordObserver;
+import org.eclipse.core.pki.util.LogUtil;
+
+public enum PkiPasswordInputUI {
+ DO;
+ PkiPasswordDialog dialog=null;
+ String passwordString = "NOPASSWD";
+
+ public String get() {
+ // prompt for password
+ //System.out.println("PkiPasswordInputUI get method running");
+ //LogUtil.logWarning("PkiPasswordInputUI - get method running"); //$NON-NLS-1$
+ /*
+ * Display.getDefault().asyncExec(new Runnable() {
+ *
+ * @Override public void run() {
+ * System.out.println("PkiPasswordInputUI RUN RUN RUN RUN"); dialog = new
+ * PkiPasswordDialog(null); if (dialog.open() == 0) { passwordString =
+ * dialog.getPW(); } } });
+ */
+ //Display.getDefault().asyncExec(runner);
+
+
+ ContextObservable ob = new ContextObservable();
+ //PublishPasswordUpdateImpl up = PublishPasswordUpdateImpl.getInstance();
+
+ PasswordObserver observer = new PasswordObserver();
+
+ try {
+ Class pubClass = Class.forName("org.eclipse.ecf.internal.ssl.ECFpwSubscriber"); //$NON-NLS-1$
+ Constructor constructor = pubClass.getDeclaredConstructor();
+ constructor.setAccessible(true);
+ Object obj = constructor.newInstance();
+ try {
+ Subscriber ecfSubscriber = (Subscriber) obj;
+ PublishPasswordUpdate.INSTANCE.subscribe(ecfSubscriber);
+ } catch (Exception e) {
+
+ LogUtil.logError("PkiPasswordInputUI - ECF Object Failed", e); //$NON-NLS-1$
+ }
+ LogUtil.logInfo("PkiPasswordInputUI - Loaded ECF SUBSCRIBER."); //$NON-NLS-1$
+ } catch (Exception e) {
+
+ LogUtil.logError("PkiPasswordInputUI - Cant get ECF:", e); //$NON-NLS-1$
+ }
+ PublishPasswordUpdate.INSTANCE.subscribe(observer);
+ ob.addObserver(observer);
+ //dialog=new PkiPasswordDialog(null, ob, PublishPasswordUpdate);
+ dialog=new PkiPasswordDialog(null, ob);
+ passwordString=dialog.getPW();
+ passwordString = "NOPASSWD";
+ return passwordString;
+ }
+ public void set(String pw) {
+ //LogUtil.logWarning("PkiPasswordInputUI - set method running"); //$NON-NLS-1$
+ }
+}
diff --git a/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/pkiselection/SecurityOpRequest.java b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/pkiselection/SecurityOpRequest.java
new file mode 100644
index 00000000000..c2ff76a02c8
--- /dev/null
+++ b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/pkiselection/SecurityOpRequest.java
@@ -0,0 +1,23 @@
+/**
+ * Copyright (c) 2014 Codetrails GmbH.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ *
+ * Contributors:
+ * Delmarva Security - implementation.
+ */
+package org.eclipse.core.pki.pkiselection;
+
+public enum SecurityOpRequest {
+ INSTANCE;
+ public boolean isConnected=false;
+
+ public boolean getConnected() {
+ return isConnected;
+ }
+ public void setConnected(boolean b) {
+ isConnected=b;
+ }
+}
diff --git a/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/util/ConfigureTrust.java b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/util/ConfigureTrust.java
new file mode 100644
index 00000000000..f248a60d892
--- /dev/null
+++ b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/util/ConfigureTrust.java
@@ -0,0 +1,127 @@
+/*******************************************************************************
+ * Copyright (c) 2023 IBM Corporation and others.
+ *
+ * This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License 2.0
+ * which accompanies this distribution, and is available at
+ * https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *
+ * Contributors:
+ * IBM Corporation - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.core.pki.util;
+
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.file.FileSystems;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.Optional;
+
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509TrustManager;
+
+public enum ConfigureTrust implements X509TrustManager {
+ MANAGER;
+
+ protected X509TrustManager pkixTrustManager = null;
+
+ public Optional setUp() {
+ KeyStore keyStore = null;
+ String storeLocation = null;
+ String trustType = null;
+ String passwd = "changeit"; //$NON-NLS-1$
+ try {
+ Optional trustStoreFile = Optional.ofNullable(System.getProperty("javax.net.ssl.trustStore")); //$NON-NLS-1$
+ if (trustStoreFile.isEmpty()) {
+ storeLocation = System.getProperty("java.home") + //$NON-NLS-1$
+ "/lib/security/cacerts" //$NON-NLS-1$
+ .replace("/", FileSystems.getDefault().getSeparator()); //$NON-NLS-1$
+ } else {
+ storeLocation = trustStoreFile.get().toString();
+ }
+ //FileInputStream fs = new FileInputStream(storeLocation);
+
+ InputStream fs = Files.newInputStream(Paths.get(storeLocation));
+
+ Optional trustStoreFileType = Optional
+ .ofNullable(System.getProperty("javax.net.ssl.trustStoreType")); //$NON-NLS-1$
+ if (trustStoreFileType.isEmpty()) {
+ trustType = KeyStore.getDefaultType();
+ } else {
+ trustType = trustStoreFileType.get().toString();
+ }
+ keyStore = KeyStore.getInstance(trustType);
+
+ Optional trustStorePassword = Optional
+ .ofNullable(System.getProperty("javax.net.ssl.trustStorePassword")); //$NON-NLS-1$
+ if (trustStorePassword.isEmpty()) {
+ LogUtil.logInfo("ConfigureTrust using default Password since none provided.");
+ passwd="changeit";
+ } else {
+ passwd = trustStorePassword.get().toString();
+ }
+
+ keyStore.load(fs, passwd.toCharArray());
+
+ TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX"); //$NON-NLS-1$
+ tmf.init(keyStore);
+ TrustManager tms[] = tmf.getTrustManagers();
+ for (TrustManager tm : tms) {
+ if (tm instanceof X509TrustManager) {
+ pkixTrustManager = (X509TrustManager) tm;
+ LogUtil.logInfo("Initialization PKIX Trust Manager Complete"); //$NON-NLS-1$
+ break;
+ }
+ }
+
+
+ } catch (NoSuchAlgorithmException e) {
+ // TODO Auto-generated catch block
+ LogUtil.logError("ConfigureTrust - No algorythm found, ", e); //$NON-NLS-1$
+ } catch (KeyStoreException e) {
+ // TODO Auto-generated catch block
+ LogUtil.logError("ConfigureTrust - Initialize keystore Error, ", e); //$NON-NLS-1$
+ } catch (FileNotFoundException e) {
+ // TODO Auto-generated catch block
+ LogUtil.logError("ConfigureTrust - No File Found:", e); //$NON-NLS-1$
+ } catch (CertificateException e) {
+ // TODO Auto-generated catch block
+ LogUtil.logError("ConfigureTrust - Certificate Error", e); //$NON-NLS-1$
+ } catch (IOException e) {
+ // TODO Auto-generated catch block
+ LogUtil.logError("ConfigureTrust - I/O Error, bad password?", e); //$NON-NLS-1$
+ }
+ return Optional.ofNullable(pkixTrustManager);
+ }
+
+ @Override
+ public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
+ // TODO Auto-generated method stub
+ pkixTrustManager.checkClientTrusted(chain, authType);
+ }
+
+ @Override
+ public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
+ // TODO Auto-generated method stub
+ pkixTrustManager.checkServerTrusted(chain, authType);
+ }
+
+ @Override
+ public X509Certificate[] getAcceptedIssuers() {
+ // TODO Auto-generated method stub
+ return pkixTrustManager.getAcceptedIssuers();
+
+ }
+
+}
diff --git a/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/util/DotPkiPropertiesRequired.java b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/util/DotPkiPropertiesRequired.java
new file mode 100644
index 00000000000..066030f95fd
--- /dev/null
+++ b/team/bundles/org.eclipse.core.pki/src/org/eclipse/core/pki/util/DotPkiPropertiesRequired.java
@@ -0,0 +1,76 @@
+package org.eclipse.core.pki.util;
+
+import java.nio.channels.Channels;
+import java.nio.channels.FileChannel;
+import java.nio.channels.FileLock;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.StandardOpenOption;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Optional;
+import java.util.Properties;
+import java.util.Set;
+
+public enum DotPkiPropertiesRequired {
+ CHECKER;
+ List list = get();
+ public boolean testFile(Path path) {
+ Properties properties=new Properties();
+ //System.out.println("DotPkiPropertiesRequired testFile:"+path.toString());
+ try {
+ if (Files.exists(path)) {
+ final FileChannel channel = FileChannel.open(path, StandardOpenOption.READ);
+ final FileLock lock = channel.lock(0L, Long.MAX_VALUE, true);
+ properties.load(Channels.newInputStream(channel));
+ Set