CERTivity® KeyStores Manager, developed by EduLib, is a commercial Java visual IDE for managing different KeyStore types (JKS, JCEKS, PKCS12, BKS, UBER, Windows Native), Keys in different formats, (e.g., PKCS, OpenSSL, using various algorithms), Certificates, and Certificates Chains.
CERTivity can perform many activities related to the KeyStore Management and Public Key Infrastructure domain. Actions are available to export KeyPairs and Private/Public Keys and Certificates, import SSL certificates from servers, extend the validity period for self-signed certificates, test given certificates on custom protocols, and obtain revocation status.
Here's a screenshot (click to enlarge it), with more at the end of this article. In this screenshot, CERTivity is seen at its full power, having many KeyStores of different types opened, a Certificate panel displaying the details of a certificate, and a panel for testing a certificate on a custom raw text protocol:
CERTivity also creates and verifies digital signatures on PDF, XM, JAR or CSR files. For PDF signatures, it covers all of the standard SubFilter values “adbe.x509.rsa_sha1”, “adbe.pkcs7.detached”, and “adbe.pkcs7.sha1”, as well as providing rich information on signature verification.
CERTivity is built on top of the NetBeans Platform, covering many functionalities otherwise available in diverse command line tools, combining them in an intuitive and productive manner, offering a rich GUI thanks to the NetBeans Platform, thus allowing users to maximize productivity.
Why We Use the NetBeans Platform
We decided to use the NetBeans Platform as the basis for CERTivity KeyStores Manager as a result of an internal evaluation and selection process from multiple possibilities.
We had the following requirements:
- A professional appearance for our desktop application(s);
- A rich-client platform that we could learn and use for more than one product because we target more desktop applications;
- A platform framework based on Swing, so that it could run on as much target systems as possible, practically anywhere Swing can run;
- Uniform components and modules, created on the same philosophy, easy to interconnect, not just Swing components from disparate sources;
- Constant development;
- Maven integration.
The NetBeans Platform proved to be the single platform satisfying all of these needs.
Besides that, there is an active community offering a lot of support for a better understanding and use of the NetBeans Platform and thus helping us to achieve optimal performance from the application that we have developed.
Back in 2001, we also used the NetBeans editor
module in an internal desktop application and we had a very nice
experience with that; this was a plus in the long lasting and constant
development and improvement of the NetBeans Platform and NetBeans IDE.
We also took into consideration the reviews of other developers who have successfully used it in their applications.
How We Use the NetBeans Platform
CERTivity KeyStores Manager is a relatively complex application
handling KeyStores, Certificates, and several type of keys (private,
public, secret), and other PKI related elements. For this reason, we
have used several NetBeans built-in facilities, such as the
modular application development methodology, the built-in GUI components, the
data management, the built-in file system, and the windows system.
Being an application which offers multiple features, we have grouped them into separate modules using the NetBeans module system, each one handling some important part of the application, thus making it easier to add or remove features, or allowing parallel development. Using the modular structure we have also separated the core parts from the GUI representation, allowing each one to be changed if necessary without affecting the others too much.
The interaction and communication between modules was realized mostly with the help of the Lookup feature of the NetBeans Platform which allows our modules to communicate in a type-safe manner, and so we reduced the degree of dependency between modules.
Although, for now, CERTivity KeyStores
Manager is a standalone application, because we devised the application
into modules we are ready for the possibility that we'll need to create
additional pluggable modules in the future, also depending on the marketing
direction of the product.
Below there are implementation specific details and facts:
- Maven. We are using Maven as the building infrastructure hence we involved the NBM Maven Plugin (version 3.5) and so we are using the Maven POM approach for the project definitions;
- NetBeans IDE Tools for Maven. We experienced good native Maven support in the NetBeans IDE and, although the NetBeans documentation and examples are described more via the classic project approach, we managed to use and configure everything we needed through the NBM Maven Plugin approach;
- GUI Components. Regarding the GUI, we have used many of the components offered by the NetBeans Platform such as the TopComponent, ExplorerManager, and TreeTableView components and the built-in dialogs. Because our application handles mainly KeyStores and Certificates, each opened KeyStore or Certificate is displayed using a TopComponent. This, together with the Window Management system offered by the NetBeans Platform, has allowed us to easily take advantage of the docking framework offered by the NetBeans Platform without writing additional code for this. The user can arrange the KeyStores and Certificates in any way desired by simply dragging and dropping the KeyStore or Certificate tabs;
- Nodes and Explorer Views. Because each KeyStore contains more entries (KeyPairs or Certificates), for representing each KeyStore, we have used the TreeTableView component together with the ExplorerManager to display the content of a KeyStore in a tree-like structure, where each direct child of the root is a KeyStore entry (certificate, key pair or secret key). This has also allowed us to display additional information regarding each entry, as the Nodes API provides a generic model for presenting the data. More than this, we have also used the sorting facility offered by the TreeTableView and we have managed to use a quick navigation through the nodes of the tree based on key-pressed events. In the next versions of CERTivity, we intend to replace TreeTableView with OutlineView, as it seems that the first will be deprecated and has some bugs which are solved in the OutlineView;
- Lookup. We have used the built-in event system to communicate between the modules of the application, providing a standard application context. For CERTivity, this is necessary for performing actions on specific entries. For example, when selecting a KeyStore entry in the KeyStore view, additional details can be displayed for the selected entry, or other actions from the context menu of the selected entry can be initiated using this system;
- Actions. The actions used for performing different operations are based on the AbstractAction class from the NetBeans Platform, and most of the tasks which may take longer to execute (like signing or verifying JAR, PDF or XML files for example) are run on separate threads using the RequestProcessor component from the NetBeans Platform;
- Undo/Redo. We have used the framework offered in the NetBeans Platform for Undo/Redo to implement the undo / redo functionality via extending the AbstractUndoableEdit for the tasks that can be performed on the KeyStores and the KeyStore entries, some storing the whole state, some storing just the change;
- File System. Another useful aspect of the NetBeans Platform that we have used is the File System which allowed us a better handling of the files in which the KeyStores and Certificates are stored, thus allowing us to easily load from or save them back to disk. This was achieved using the built-in DataObject and FileObject components. This facilitated the process of marking the files which contain changes to be saved, without us having to implement additional support only for that;
- Dialogs. For displaying information, message dialogs, or other dialogs for some features (e.g., when displaying the results of the signature verification process for JAR, PDF or XML files, or when displaying the SSL certificate retriever functionality), we have used the built-in dialog system using components such as DialogDescriptor, MessageDescriptor, or DialogDisplayer, because they already handle most of the displaying process, so that we only had to set the messages or the panels to be displayed in the dialog. Also, for similar reasons, we used, for creating and displaying file choosers, the FileChooserBuilder instead of creating the FileChoosers in the standard Swing manner;
- Options Window & Status Bar. We have used many other GUI components which were already built in, such as the Tools -> Options dialog, which we have customized to fit our needs, starting from the existing component, or the status line provider which we used to display statistical information about the currently opened KeyStore such as the number of entries, KeyPair entries, SecretKey entries or Certificate entries, the number of selected entries and others;
- JavaHelp and More. We've also done some nice work on aspects such as having menu items hidden for certain OS platforms, changing the Application version dynamically at build time based on the Maven version, or having the JavaHelp (org-netbeans-modules-javahelp) available with TOC entries synchronized with contextual help topics.
- Obfuscation. We are using Obfuscation and we have followed the NetBeans Guide on Proguard (http://wiki.netbeans.org/DevFaqModuleObfuscation);
- As we started with NetBeans Platform 6.9 and then switched to NetBeans Platform 7.0 which makes extensive use of Annotations for the layer.xml, we tried to cope with this as that will be the direction going forward. There are still some items remaining in the layer.xml, as we didn't find a place for them at that time. Such items relate to hiding menu items, dealing with Submenus, and the handling of toolbars;
- Branding. We used branding customizations such as the Splash Screen while loading the modules, versions, and About screen;
- Persistence. We successfully implemented persistence options, so that if there are opened KeyStores/Certificates when the application is closed, they will be remembered and reopened on the next launch, the user having the possibility to choose if the passwords of the KeyStores will also be remembered by the persistence mechanism or not.
Overall, we have used many components of the NetBeans Platform which eased our development work and ensured a professional aspect for our application, allowing us to offer the users plenty of features grouped in an easy to use application.
CERTivity KeyStores Manager 1.0 was built using NetBeans Platform 7.0.1 via the NBM Maven Plugin (version 3.5). It was developed using NetBeans IDE, on systems running Windows XP & 7.
The build machine is Linux and our production is multiplatform; the recommended JRE is 1.6 from Oracle (Sun). We target end-users running all the main platforms Windows, Linux, and Mac OS X. For future CERTivity versions, we will keep up with the NetBeans Platform and the NBM Maven Plugin versions.
The screenshot below shows how SSL certificates can be obtained from a given server, analyzed, and then either imported into the current KeyStore, or exported to a file. The screenshot shows the details of the certificates available through the View Details button. Any certificate from the certificate hierarchy can be analyzed, imported in the current KeyStore, or exported to a file as a standalone certificate in various formats: X.509 (with/without PEM encryption), PKCS #7 (with/without PEM encryption), or PKI Path.
In the next screenshot, CERTivity is shown displaying multiple KeyStore types, having the first KeyStore active, and one KeyPair entry selected for which details are shown in the bottom panel. The KeyStore is represented in a Tree fashion, currently using NetBeans TreeTableView component (for the future we will switch to the NetBeans OutlineView component). Also, most of the entries of the KeyStore can be seen expanded, showing their inner components (Private Key, Certificate Chain, Certificates, Public Key), as well as providing a contextual menu.
In the final screenshot, the PDF verification results dialog is depicted, showing the verification status and additional details about a PDF document and its signatures and embedded certificates. The certificates associated with the signatures can be viewed and exported as standalone certificate files in various formats. Valuable information such as the SubFilter type or the reason why the signature is or is not valid are presented. For example, depending on the SubFiter type, there may be two digests to be verified, and if one of these fails the validation fails, and this could be visible by inspecting the Details section, while such details are not usually available through PDF Readers.