Java Examples for org.bouncycastle.openssl.PEMParser
The following java examples will help you to understand the usage of org.bouncycastle.openssl.PEMParser. These source code samples are taken from different open source projects.
Example 1
| Project: urmia-master File: HttpSigner.java View source code |
private PrivateKey readPrivateKey(String privateKeyPath, String keyPassword) throws IOException {
FileReader fileReader = new FileReader(privateKeyPath);
PEMParser keyReader = new PEMParser(fileReader);
JcaPEMKeyConverter converter = new JcaPEMKeyConverter();
PEMDecryptorProvider decryptionProv = new JcePEMDecryptorProviderBuilder().build(keyPassword.toCharArray());
Object keyPair = keyReader.readObject();
PrivateKeyInfo keyInfo;
if (keyPair instanceof PEMEncryptedKeyPair) {
PEMKeyPair decryptedKeyPair = ((PEMEncryptedKeyPair) keyPair).decryptKeyPair(decryptionProv);
keyInfo = decryptedKeyPair.getPrivateKeyInfo();
} else {
keyInfo = ((PEMKeyPair) keyPair).getPrivateKeyInfo();
}
keyReader.close();
return converter.getPrivateKey(keyInfo);
}Example 2
| Project: crash-master File: KeyPairUtils.java View source code |
public static Object readKey(Reader reader) throws Exception {
try {
PEMParser pemParser = new PEMParser(reader);
try {
return pemParser.readObject();
} finally {
pemParser.close();
}
} catch (NoClassDefFoundError e) {
Class<?> pemReaderClass = Class.forName("org.bouncycastle.openssl.PEMReader");
PemReader r = (PemReader) pemReaderClass.getConstructor(Reader.class).newInstance(reader);
try {
return pemReaderClass.getMethod("readObject").invoke(r);
} finally {
r.close();
}
}
}Example 3
| Project: liferay-portal-master File: LanPEMParserUtil.java View source code |
public static PrivateKey parsePrivateKey(String privateKey) throws Exception {
StringBuilder sb = new StringBuilder();
sb.append("-----BEGIN PRIVATE KEY-----\n");
sb.append(privateKey);
if (!privateKey.endsWith("\n")) {
sb.append("\n");
}
sb.append("-----END PRIVATE KEY-----");
PEMParser pemParser = new PEMParser(new StringReader(sb.toString()));
JcaPEMKeyConverter jcaPEMKeyConverter = new JcaPEMKeyConverter();
return jcaPEMKeyConverter.getPrivateKey((PrivateKeyInfo) pemParser.readObject());
}Example 4
| Project: oxAuth-master File: JwtUtil.java View source code |
public static PublicKey getPublicKey(String jwksUri, String jwks, SignatureAlgorithm signatureAlgorithm, String keyId) {
log.debug("Retrieving JWK...");
JSONObject jsonKeyValue = getJsonKey(jwksUri, jwks, keyId);
if (jsonKeyValue == null) {
return null;
}
org.xdi.oxauth.model.crypto.PublicKey publicKey = null;
try {
String resultKeyId = jsonKeyValue.getString(KEY_ID);
if (signatureAlgorithm == null) {
signatureAlgorithm = SignatureAlgorithm.fromString(jsonKeyValue.getString(ALGORITHM));
if (signatureAlgorithm == null) {
log.error(String.format("Failed to determine key '%s' signature algorithm", resultKeyId));
return null;
}
}
JSONObject jsonPublicKey = jsonKeyValue;
if (jsonKeyValue.has(PUBLIC_KEY)) {
// Use internal jwks.json format
jsonPublicKey = jsonKeyValue.getJSONObject(PUBLIC_KEY);
}
if (signatureAlgorithm == SignatureAlgorithm.RS256 || signatureAlgorithm == SignatureAlgorithm.RS384 || signatureAlgorithm == SignatureAlgorithm.RS512) {
//String alg = jsonKeyValue.getString(ALGORITHM);
//String use = jsonKeyValue.getString(KEY_USE);
String exp = jsonPublicKey.getString(EXPONENT);
String mod = jsonPublicKey.getString(MODULUS);
BigInteger publicExponent = new BigInteger(1, Base64Util.base64urldecode(exp));
BigInteger modulus = new BigInteger(1, Base64Util.base64urldecode(mod));
publicKey = new RSAPublicKey(modulus, publicExponent);
} else if (signatureAlgorithm == SignatureAlgorithm.ES256 || signatureAlgorithm == SignatureAlgorithm.ES384 || signatureAlgorithm == SignatureAlgorithm.ES512) {
//String alg = jsonKeyValue.getString(ALGORITHM);
//String use = jsonKeyValue.getString(KEY_USE);
//String crv = jsonKeyValue.getString(CURVE);
String xx = jsonPublicKey.getString(X);
String yy = jsonPublicKey.getString(Y);
BigInteger x = new BigInteger(1, Base64Util.base64urldecode(xx));
BigInteger y = new BigInteger(1, Base64Util.base64urldecode(yy));
publicKey = new ECDSAPublicKey(signatureAlgorithm, x, y);
}
if (publicKey != null && jsonKeyValue.has(CERTIFICATE_CHAIN)) {
final String BEGIN = "-----BEGIN CERTIFICATE-----";
final String END = "-----END CERTIFICATE-----";
JSONArray certChain = jsonKeyValue.getJSONArray(CERTIFICATE_CHAIN);
String certificateString = BEGIN + "\n" + certChain.getString(0) + "\n" + END;
StringReader sr = new StringReader(certificateString);
PEMParser pemReader = new PEMParser(sr);
X509Certificate cert = (X509CertificateObject) pemReader.readObject();
Certificate certificate = new Certificate(signatureAlgorithm, cert);
publicKey.setCertificate(certificate);
}
if (publicKey != null) {
publicKey.setKeyId(resultKeyId);
publicKey.setSignatureAlgorithm(signatureAlgorithm);
}
} catch (Exception ex) {
log.error(ex.getMessage(), ex);
}
return publicKey;
}Example 5
| Project: uma-master File: JwtUtil.java View source code |
public static PublicKey getPublicKey(String jwksUri, String jwks, SignatureAlgorithm signatureAlgorithm, String keyId) {
log.debug("Retrieving JWK...");
JSONObject jsonKeyValue = getJsonKey(jwksUri, jwks, keyId);
if (jsonKeyValue == null) {
return null;
}
org.xdi.oxauth.model.crypto.PublicKey publicKey = null;
try {
String resultKeyId = jsonKeyValue.getString(KEY_ID);
if (signatureAlgorithm == null) {
signatureAlgorithm = SignatureAlgorithm.fromString(jsonKeyValue.getString(ALGORITHM));
if (signatureAlgorithm == null) {
log.error(String.format("Failed to determine key '%s' signature algorithm", resultKeyId));
return null;
}
}
JSONObject jsonPublicKey = jsonKeyValue;
if (jsonKeyValue.has(PUBLIC_KEY)) {
// Use internal jwks.json format
jsonPublicKey = jsonKeyValue.getJSONObject(PUBLIC_KEY);
}
if (signatureAlgorithm == SignatureAlgorithm.RS256 || signatureAlgorithm == SignatureAlgorithm.RS384 || signatureAlgorithm == SignatureAlgorithm.RS512) {
//String alg = jsonKeyValue.getString(ALGORITHM);
//String use = jsonKeyValue.getString(KEY_USE);
String exp = jsonPublicKey.getString(EXPONENT);
String mod = jsonPublicKey.getString(MODULUS);
BigInteger publicExponent = new BigInteger(1, Base64Util.base64urldecode(exp));
BigInteger modulus = new BigInteger(1, Base64Util.base64urldecode(mod));
publicKey = new RSAPublicKey(modulus, publicExponent);
} else if (signatureAlgorithm == SignatureAlgorithm.ES256 || signatureAlgorithm == SignatureAlgorithm.ES384 || signatureAlgorithm == SignatureAlgorithm.ES512) {
//String alg = jsonKeyValue.getString(ALGORITHM);
//String use = jsonKeyValue.getString(KEY_USE);
//String crv = jsonKeyValue.getString(CURVE);
String xx = jsonPublicKey.getString(X);
String yy = jsonPublicKey.getString(Y);
BigInteger x = new BigInteger(1, Base64Util.base64urldecode(xx));
BigInteger y = new BigInteger(1, Base64Util.base64urldecode(yy));
publicKey = new ECDSAPublicKey(signatureAlgorithm, x, y);
}
if (publicKey != null && jsonKeyValue.has(CERTIFICATE_CHAIN)) {
final String BEGIN = "-----BEGIN CERTIFICATE-----";
final String END = "-----END CERTIFICATE-----";
JSONArray certChain = jsonKeyValue.getJSONArray(CERTIFICATE_CHAIN);
String certificateString = BEGIN + "\n" + certChain.getString(0) + "\n" + END;
StringReader sr = new StringReader(certificateString);
PEMParser pemReader = new PEMParser(sr);
X509Certificate cert = (X509CertificateObject) pemReader.readObject();
Certificate certificate = new Certificate(signatureAlgorithm, cert);
publicKey.setCertificate(certificate);
}
if (publicKey != null) {
publicKey.setKeyId(resultKeyId);
publicKey.setSignatureAlgorithm(signatureAlgorithm);
}
} catch (Exception ex) {
log.error(ex.getMessage(), ex);
}
return publicKey;
}Example 6
| Project: cas-master File: WsFederationHelper.java View source code |
private static Credential getEncryptionCredential(final WsFederationConfiguration config) {
try {
// This will need to contain the private keypair in PEM format
LOGGER.debug("Locating encryption credential private key [{}]", config.getEncryptionPrivateKey());
final BufferedReader br = new BufferedReader(new InputStreamReader(config.getEncryptionPrivateKey().getInputStream(), StandardCharsets.UTF_8));
Security.addProvider(new BouncyCastleProvider());
LOGGER.debug("Parsing credential private key");
final PEMParser pemParser = new PEMParser(br);
final Object privateKeyPemObject = pemParser.readObject();
final JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider(new BouncyCastleProvider());
final KeyPair kp;
if (privateKeyPemObject instanceof PEMEncryptedKeyPair) {
LOGGER.debug("Encryption private key is an encrypted keypair");
final PEMEncryptedKeyPair ckp = (PEMEncryptedKeyPair) privateKeyPemObject;
final PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(config.getEncryptionPrivateKeyPassword().toCharArray());
LOGGER.debug("Attempting to decrypt the encrypted keypair based on the provided encryption private key password");
kp = converter.getKeyPair(ckp.decryptKeyPair(decProv));
} else {
LOGGER.debug("Extracting a keypair from the private key");
kp = converter.getKeyPair((PEMKeyPair) privateKeyPemObject);
}
final X509CertParser certParser = new X509CertParser();
// This is the certificate shared with ADFS in DER format, i.e certificate.crt
LOGGER.debug("Locating encryption certificate [{}]", config.getEncryptionCertificate());
certParser.engineInit(config.getEncryptionCertificate().getInputStream());
LOGGER.debug("Invoking certificate engine to parse the certificate [{}]", config.getEncryptionCertificate());
final X509CertificateObject cert = (X509CertificateObject) certParser.engineRead();
LOGGER.debug("Creating final credential based on the certificate [{}] and the private key", cert.getIssuerDN());
return new BasicX509Credential(cert, kp.getPrivate());
} catch (final Exception e) {
throw Throwables.propagate(e);
}
}Example 7
| Project: ISP-ng-master File: VPNClientCertificate.java View source code |
@Put
public Representation storeCSR(Representation csrstream) {
if (!getRequestAttributes().containsKey("client")) {
return clientError("MALFORMED_REQUEST", Status.CLIENT_ERROR_BAD_REQUEST);
}
StreamRepresentation sr = (StreamRepresentation) csrstream;
// Do all kinds of security checks
try {
Client client = Clients.dao.queryForId(getAttribute("client").toString());
PEMParser parser = new PEMParser(sr.getReader());
PKCS10CertificationRequest csr = (PKCS10CertificationRequest) parser.readObject();
SubjectPublicKeyInfo pkInfo = csr.getSubjectPublicKeyInfo();
RSAKeyParameters rsa = (RSAKeyParameters) PublicKeyFactory.createKey(pkInfo);
// http://stackoverflow.com/a/20622933
if (!(rsa.getModulus().bitLength() > 2048)) {
ClientError err = new ClientError("ILLEGAL_KEY_SIZE");
return new JacksonRepresentation(err);
}
X500Name subject = X500Name.getInstance(csr.getSubject());
RDN[] rdns = subject.getRDNs(BCStyle.CN);
if (rdns == null || rdns.length == 0) {
return clientError("NO_CSR_CN", Status.CLIENT_ERROR_BAD_REQUEST);
}
String CN = IETFUtils.valueToString(rdns[0].getFirst().getValue());
if (CN == null || CN.isEmpty()) {
return clientError("INVALID_CSR_CN", Status.CLIENT_ERROR_BAD_REQUEST);
}
if (getQueryValue("rekey") != null && Boolean.parseBoolean(getQueryValue("rekey"))) {
if (!getRequestAttributes().containsKey("cert")) {
return clientError("MALFORMED_REQUEST", Status.CLIENT_ERROR_BAD_REQUEST);
}
Certificate old = Certificates.dao.queryForId(getAttribute("cert"));
if (old == null)
return clientError("MALFORMED_REQUEST", Status.CLIENT_ERROR_BAD_REQUEST);
old.revocationDate = new Date();
if (old.get() == null) {
// this can happen when the old certificate is no longer present on the system
// in which case the rekey has to go through
} else if (pkInfo.getPublicKeyData().getString().equals(old.get().getSubjectPublicKeyInfo().getPublicKeyData().getString())) {
return clientError("REKEY_USING_SAME_KEY", Status.CLIENT_ERROR_NOT_ACCEPTABLE);
}
Certificates.dao.update(old);
}
for (Certificate existingCert : Certificates.dao.queryForEq("client_id", client)) {
if (existingCert.revocationDate == null) {
// got existing cert which has not been signed yet while trying to store other one
// preemptive deletion
Certificates.dao.delete(existingCert);
continue;
}
if (existingCert.revocationDate.getTime() > System.currentTimeMillis()) {
return clientError("ANOTHER_CLIENT_CERT_ACTIVE", Status.CLIENT_ERROR_NOT_ACCEPTABLE);
}
}
// couple CN to client
client.commonName = CN;
Clients.dao.update(client);
String caStorePath = VPN.cfg.getProperty("ca.storeDir", "ca");
File dir = new File(caStorePath);
if (!dir.isDirectory()) {
dir.mkdirs();
}
Certificate cert = new Certificate();
cert.client = client;
Certificates.dao.create(cert);
FileWriter fw = new FileWriter(caStorePath + "/" + cert.id + ".csr");
JcaPEMWriter pw = new JcaPEMWriter(fw);
pw.writeObject(csr);
pw.flush();
if (getQueryValue("validityTerm") != null) {
sign(cert, Integer.parseInt(getQueryValue("validityTerm")));
}
return new JacksonRepresentation<>(cert);
} catch (Exception ex) {
Logger.getLogger(getClass()).error("Failed to validate CSR and/or sign CSR", ex);
}
return DEFAULT_ERROR;
}Example 8
| Project: org.parallelj-master File: URLKeyPairProvider.java View source code |
@Override
public Iterable<KeyPair> loadKeys() {
if (!SecurityUtils.isBouncyCastleRegistered()) {
throw new IllegalStateException("BouncyCastle must be registered as a JCE provider");
}
List<KeyPair> keys = new ArrayList<KeyPair>();
if (key != null) {
try {
URLConnection conn = this.key.openConnection();
byte[] content = IO.readAsBytes(conn.getInputStream());
PEMParser r = new PEMParser(new InputStreamReader(new ByteArrayInputStream(content)));
JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
try {
Object o = r.readObject();
if (o instanceof PEMKeyPair) {
KeyPair keypair = converter.getKeyPair((PEMKeyPair) o);
keys.add(keypair);
}
} finally {
r.close();
}
} catch (Exception e) {
ExtensionSshMessageKind.ISH0001.format(key, e);
}
}
return keys;
}Example 9
| Project: alien4cloud-master File: SSHUtil.java View source code |
private static KeyPair loadKeyPair(String pemFile) {
try {
Security.addProvider(new BouncyCastleProvider());
PEMParser pemParser = new PEMParser(new FileReader(pemFile));
JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
Object object = pemParser.readObject();
return converter.getKeyPair((PEMKeyPair) object);
} catch (Exception e) {
log.error("Could not load key pair", e);
throw new RuntimeException("Could not load key pair", e);
}
}Example 10
| Project: bc-java-master File: NewEnvelopedDataTest.java View source code |
public void testOpenSSLVectors() throws Exception {
byte[] expected = Strings.toByteArray("abcdefghijklmnopqrstuvwxyz0123456789\r\n");
PEMParser pemParser = new PEMParser(new InputStreamReader(getClass().getResourceAsStream("ecdh/ecc.key")));
// skip the curve definition
pemParser.readObject();
PEMKeyPair kp = (PEMKeyPair) pemParser.readObject();
KeyFactory keyFactory = KeyFactory.getInstance("EC", "BC");
ECPrivateKey ecKey = (ECPrivateKey) keyFactory.generatePrivate(new PKCS8EncodedKeySpec(kp.getPrivateKeyInfo().getEncoded()));
pemParser = new PEMParser(new InputStreamReader(getClass().getResourceAsStream("ecdh/ecc.crt")));
X509Certificate x509Certificate = new JcaX509CertificateConverter().setProvider("BC").getCertificate((X509CertificateHolder) pemParser.readObject());
processInput(ecKey, expected, "ecdh/encSess1.asc", new AlgorithmIdentifier(PKCSObjectIdentifiers.id_alg_CMS3DESwrap, DERNull.INSTANCE));
processInput(ecKey, expected, "ecdh/encSess2.asc", new AlgorithmIdentifier(PKCSObjectIdentifiers.id_alg_CMS3DESwrap, DERNull.INSTANCE));
processInput(ecKey, expected, "ecdh/encSess3.asc", new AlgorithmIdentifier(CMSAlgorithm.AES128_WRAP, DERNull.INSTANCE));
processInput(ecKey, expected, "ecdh/encSess4.asc", new AlgorithmIdentifier(CMSAlgorithm.AES128_WRAP, DERNull.INSTANCE));
processInput(ecKey, expected, "ecdh/encSess5.asc", new AlgorithmIdentifier(CMSAlgorithm.AES192_WRAP, DERNull.INSTANCE));
processInput(ecKey, expected, "ecdh/encSess6.asc", new AlgorithmIdentifier(CMSAlgorithm.AES192_WRAP, DERNull.INSTANCE));
processInput(ecKey, expected, "ecdh/encSess7.asc", new AlgorithmIdentifier(CMSAlgorithm.AES256_WRAP, DERNull.INSTANCE));
processInput(ecKey, expected, "ecdh/encSess8.asc", new AlgorithmIdentifier(CMSAlgorithm.AES256_WRAP, DERNull.INSTANCE));
processInput(ecKey, expected, "ecdh/encSessA.asc", new AlgorithmIdentifier(PKCSObjectIdentifiers.id_alg_CMS3DESwrap, DERNull.INSTANCE));
processInput(ecKey, expected, "ecdh/encSessB.asc", new AlgorithmIdentifier(PKCSObjectIdentifiers.id_alg_CMS3DESwrap, DERNull.INSTANCE));
processInput(ecKey, expected, "ecdh/encSessC.asc", new AlgorithmIdentifier(CMSAlgorithm.AES128_WRAP));
processInput(ecKey, expected, "ecdh/encSessD.asc", new AlgorithmIdentifier(CMSAlgorithm.AES128_WRAP));
processInput(ecKey, expected, "ecdh/encSessE.asc", new AlgorithmIdentifier(CMSAlgorithm.AES192_WRAP));
processInput(ecKey, expected, "ecdh/encSessF.asc", new AlgorithmIdentifier(CMSAlgorithm.AES192_WRAP));
processInput(ecKey, expected, "ecdh/encSessG.asc", new AlgorithmIdentifier(CMSAlgorithm.AES256_WRAP));
processInput(ecKey, expected, "ecdh/encSessH.asc", new AlgorithmIdentifier(CMSAlgorithm.AES256_WRAP));
}Example 11
| Project: cloudbreak-master File: PkiUtil.java View source code |
public static byte[] getPublicKeyDer(String privateKeyPem) {
try (PEMParser pemParser = new PEMParser(new StringReader(clarifyPemKey(privateKeyPem)))) {
PEMKeyPair pemKeyPair = (PEMKeyPair) pemParser.readObject();
return pemKeyPair.getPublicKeyInfo().getEncoded();
} catch (IOException e) {
throw new SecurityException(e);
}
}Example 12
| Project: jsign-master File: PrivateKeyUtils.java View source code |
private static PrivateKey readPrivateKeyPEM(File file, String password) throws IOException, GeneralSecurityException, OperatorCreationException, PKCSException {
try (FileReader reader = new FileReader(file)) {
PEMParser parser = new PEMParser(reader);
Object object = parser.readObject();
if (object == null) {
throw new IllegalArgumentException("No key found in " + file);
}
BouncyCastleProvider provider = new BouncyCastleProvider();
JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider(provider);
if (object instanceof PEMEncryptedKeyPair) {
// PKCS1 encrypted key
PEMDecryptorProvider decryptionProvider = new JcePEMDecryptorProviderBuilder().setProvider(provider).build(password.toCharArray());
PEMKeyPair keypair = ((PEMEncryptedKeyPair) object).decryptKeyPair(decryptionProvider);
return converter.getPrivateKey(keypair.getPrivateKeyInfo());
} else if (object instanceof PKCS8EncryptedPrivateKeyInfo) {
// PKCS8 encrypted key
InputDecryptorProvider decryptionProvider = new JceOpenSSLPKCS8DecryptorProviderBuilder().setProvider(provider).build(password.toCharArray());
PrivateKeyInfo info = ((PKCS8EncryptedPrivateKeyInfo) object).decryptPrivateKeyInfo(decryptionProvider);
return converter.getPrivateKey(info);
} else if (object instanceof PEMKeyPair) {
// PKCS1 unencrypted key
return converter.getKeyPair((PEMKeyPair) object).getPrivate();
} else if (object instanceof PrivateKeyInfo) {
// PKCS8 unencrypted key
return converter.getPrivateKey((PrivateKeyInfo) object);
} else {
throw new UnsupportedOperationException("Unsupported PEM object: " + object.getClass().getSimpleName());
}
}
}Example 13
| Project: sshj-master File: PKCS8KeyFile.java View source code |
protected KeyPair readKeyPair() throws IOException {
KeyPair kp = null;
for (PEMParser r = null; ; ) {
// while the PasswordFinder tells us we should retry
try {
r = new PEMParser(resource.getReader());
final Object o = r.readObject();
final JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter();
pemConverter.setProvider("BC");
if (o instanceof PEMEncryptedKeyPair) {
final PEMEncryptedKeyPair encryptedKeyPair = (PEMEncryptedKeyPair) o;
JcePEMDecryptorProviderBuilder decryptorBuilder = new JcePEMDecryptorProviderBuilder();
decryptorBuilder.setProvider("BC");
try {
passphrase = pwdf == null ? null : pwdf.reqPassword(resource);
kp = pemConverter.getKeyPair(encryptedKeyPair.decryptKeyPair(decryptorBuilder.build(passphrase)));
} finally {
PasswordUtils.blankOut(passphrase);
}
} else if (o instanceof PEMKeyPair) {
kp = pemConverter.getKeyPair((PEMKeyPair) o);
} else {
log.debug("Expected PEMEncryptedKeyPair or PEMKeyPair, got: {}", o);
}
} catch (EncryptionException e) {
if (pwdf != null && pwdf.shouldRetry(resource))
continue;
else
throw e;
} finally {
IOUtils.closeQuietly(r);
}
break;
}
if (kp == null)
throw new IOException("Could not read key pair from: " + resource);
return kp;
}Example 14
| Project: stormpath-sdk-java-master File: ConfigJwkFactory.java View source code |
protected Function<Resource, Key> createResourceKeyFunction(Resource keyResource, boolean keyStringSpecified) {
if (!runtimeEnvironment.isClassAvailable("org.bouncycastle.openssl.PEMParser")) {
String msg = "The org.bouncycastle:bcpkix-jdk15on:1.56 artifact (or newer) must be in the " + "classpath to be able to parse the " + (keyStringSpecified ? "stormpath.zuul.account.header.jwt.key.value PEM-encoded value" : "stormpath.zuul.account.header.jwt.key.resource [" + keyResource + "].");
throw new IllegalStateException(msg);
}
//origin server == private key
return new PemResourceKeyResolver(true);
}Example 15
| Project: token-crypt-master File: KeyReadingAndWritingTest.java View source code |
@Test
public void testCreateWriteAndReadBackKey() throws Exception {
// Create ServiceKey
final KeyPair kp = this.keysKeeper.createServiceKey("example.com", 2048, "username");
assertNotNull(kp);
// Step 3: Read ServiceKey from filesystem
ServiceKey foundKey = keysKeeper.getServiceKey("example.com");
assertNotNull(foundKey);
// Compare original ServiceKey content with new ServiceKey read from filesystem
assertEquals("example.com", foundKey.getServiceName());
assertEquals("username", foundKey.getCreatedByNetId());
assertEquals(2048, foundKey.getKeyLength());
//Verify created in same minute
assertEquals(DateTime.now().minuteOfHour().roundFloorCopy(), foundKey.getDayCreated().minuteOfHour().roundFloorCopy());
assertNotNull(foundKey.getFileEncrypter());
assertNotNull(foundKey.getTokenEncrypter());
final File keyFile = foundKey.getKeyFile();
assertNotNull(keyFile);
@SuppressWarnings("resource") PEMParser pemParser = new PEMParser(new FileReader(keyFile));
Object object = pemParser.readObject();
JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
final PublicKey actualPublicKey = converter.getPublicKey((SubjectPublicKeyInfo) object);
assertArrayEquals(kp.getPublic().getEncoded(), actualPublicKey.getEncoded());
}Example 16
| Project: uaa-master File: KeyWithCert.java View source code |
public void loadCertificate(String certificate) throws CertificateException {
PEMParser pemParser;
pemParser = new PEMParser(new InputStreamReader(new ByteArrayInputStream(certificate.getBytes())));
try {
Object object = pemParser.readObject();
if (object instanceof X509CertificateHolder) {
cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate((X509CertificateHolder) object);
} else {
throw new CertificateException("Unsupported certificate type, not an X509CertificateHolder.");
}
} catch (IOException ex) {
throw new CertificateException("Failed to read certificate.", ex);
} finally {
try {
pemParser.close();
} catch (IOException e) {
throw new CertificateException("Failed to close certificate reader.", e);
}
}
if (cert == null) {
throw new CertificateException("Failed to read certificate. The security provider could not parse it.");
}
}Example 17
| Project: camel-master File: ResourceHelperKeyPairProvider.java View source code |
@Override
public Iterable<KeyPair> loadKeys() {
if (!SecurityUtils.isBouncyCastleRegistered()) {
throw new IllegalStateException("BouncyCastle must be registered as a JCE provider");
}
final List<KeyPair> keys = new ArrayList<KeyPair>(this.resources.length);
for (String resource : resources) {
PEMParser r = null;
InputStreamReader isr = null;
InputStream is = null;
try {
is = ResourceHelper.resolveMandatoryResourceAsInputStream(classResolver, resource);
isr = new InputStreamReader(is);
r = new PEMParser(isr);
Object o = r.readObject();
JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter();
pemConverter.setProvider("BC");
if (passwordFinder != null && o instanceof PEMEncryptedKeyPair) {
JcePEMDecryptorProviderBuilder decryptorBuilder = new JcePEMDecryptorProviderBuilder();
PEMDecryptorProvider pemDecryptor = decryptorBuilder.build(passwordFinder.getPassword());
o = pemConverter.getKeyPair(((PEMEncryptedKeyPair) o).decryptKeyPair(pemDecryptor));
}
if (o instanceof PEMKeyPair) {
o = pemConverter.getKeyPair((PEMKeyPair) o);
keys.add((KeyPair) o);
} else if (o instanceof KeyPair) {
keys.add((KeyPair) o);
}
} catch (Exception e) {
log.warn("Unable to read key", e);
} finally {
IoUtils.closeQuietly(r, is, isr);
}
}
return keys;
}Example 18
| Project: cattle-master File: SshKeyGen.java View source code |
public static KeyPair readKeyPair(String key) throws Exception {
PEMParser r = null;
try {
if (key.startsWith("---")) {
r = new PEMParser(new StringReader(key));
} else {
/*
* Backward compatibility with how the key was stored in data
* table
*/
ByteArrayInputStream bais = new ByteArrayInputStream(Base64.decodeBase64(key));
r = new PEMParser(new InputStreamReader(bais));
}
PEMKeyPair kp = (PEMKeyPair) r.readObject();
return CONVERTER.getKeyPair(kp);
} finally {
IOUtils.closeQuietly(r);
}
}Example 19
| Project: che-master File: DockerCertificates.java View source code |
private static PrivateKey getPrivateKey(Path clientKeyPath) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
final PEMKeyPair clientKeyPair;
try (Reader reader = Files.newBufferedReader(clientKeyPath, Charset.defaultCharset())) {
clientKeyPair = (PEMKeyPair) new PEMParser(reader).readObject();
}
final PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(clientKeyPair.getPrivateKeyInfo().getEncoded());
final KeyFactory kf = KeyFactory.getInstance("RSA");
return kf.generatePrivate(spec);
}Example 20
| Project: che-plugins-master File: DockerCertificates.java View source code |
private static PrivateKey getPrivateKey(Path clientKeyPath) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
final PEMKeyPair clientKeyPair;
try (Reader reader = Files.newBufferedReader(clientKeyPath, Charset.defaultCharset())) {
clientKeyPair = (PEMKeyPair) new PEMParser(reader).readObject();
}
final PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(clientKeyPair.getPrivateKeyInfo().getEncoded());
final KeyFactory kf = KeyFactory.getInstance("RSA");
return kf.generatePrivate(spec);
}Example 21
| Project: DevTools-master File: DockerCertificates.java View source code |
private static PrivateKey getPrivateKey(Path clientKeyPath) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
final PEMKeyPair clientKeyPair;
try (Reader reader = Files.newBufferedReader(clientKeyPath, Charset.defaultCharset())) {
clientKeyPair = (PEMKeyPair) new PEMParser(reader).readObject();
}
final PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(clientKeyPair.getPrivateKeyInfo().getEncoded());
final KeyFactory kf = KeyFactory.getInstance("RSA");
return kf.generatePrivate(spec);
}Example 22
| Project: docker-java-master File: CertificateUtils.java View source code |
/**
* "cert.pem" from reader
*/
public static List<Certificate> loadCertificates(final Reader reader) throws IOException, CertificateException {
try (PEMParser pemParser = new PEMParser(reader)) {
List<Certificate> certificates = new ArrayList<>();
JcaX509CertificateConverter certificateConverter = new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME);
Object certObj = pemParser.readObject();
if (certObj instanceof X509CertificateHolder) {
X509CertificateHolder certificateHolder = (X509CertificateHolder) certObj;
certificates.add(certificateConverter.getCertificate(certificateHolder));
}
return certificates;
}
}Example 23
| Project: gitblit-master File: FileKeyPairProvider.java View source code |
protected KeyPair doLoadKey(String file) {
try {
PEMParser r = new PEMParser(new InputStreamReader(new FileInputStream(file)));
try {
Object o = r.readObject();
JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter();
pemConverter.setProvider("BC");
if (passwordFinder != null && o instanceof PEMEncryptedKeyPair) {
JcePEMDecryptorProviderBuilder decryptorBuilder = new JcePEMDecryptorProviderBuilder();
PEMDecryptorProvider pemDecryptor = decryptorBuilder.build(passwordFinder.getPassword());
o = pemConverter.getKeyPair(((PEMEncryptedKeyPair) o).decryptKeyPair(pemDecryptor));
}
if (o instanceof PEMKeyPair) {
o = pemConverter.getKeyPair((PEMKeyPair) o);
return (KeyPair) o;
} else if (o instanceof KeyPair) {
return (KeyPair) o;
}
} finally {
r.close();
}
} catch (Exception e) {
log.warn("Unable to read key " + file, e);
}
return null;
}Example 24
| Project: jqm-master File: JdbcCa.java View source code |
public static CertificateRequest initCa(DbConn cnx) {
// result field
CertificateRequest cr = new CertificateRequest();
// Get the alias of the private key to use
String caAlias = null;
caAlias = GlobalParameter.getParameter(cnx, "keyAlias", Constants.CA_DEFAULT_PRETTY_NAME);
// Create the CA if it does not already exist
PKI pki = null;
try {
pki = PKI.select_key(cnx, caAlias);
} catch (NoResultException e) {
cr = new CertificateRequest();
cr.generateCA(caAlias);
PKI.create(cnx, caAlias, cr.writePemPrivateToString(), cr.writePemPublicToString());
cnx.commit();
pki = PKI.select_key(cnx, caAlias);
}
try {
// Public (X509 certificate)
String pemCert = pki.getPemCert();
StringReader sr = new StringReader(pemCert);
PemReader pr = new PemReader(sr);
cr.holder = new X509CertificateHolder(pr.readPemObject().getContent());
pr.close();
// Private key
String pemPrivate = pki.getPemPK();
sr = new StringReader(pemPrivate);
PEMParser pp = new PEMParser(sr);
PEMKeyPair caKeyPair = (PEMKeyPair) pp.readObject();
pp.close();
byte[] encodedPrivateKey = caKeyPair.getPrivateKeyInfo().getEncoded();
KeyFactory keyFactory = KeyFactory.getInstance(Constants.KEY_ALGORITHM);
PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec(encodedPrivateKey);
cr.privateKey = keyFactory.generatePrivate(privateKeySpec);
} catch (Exception e) {
throw new PkiException(e);
}
// Done
return cr;
}Example 25
| Project: mina-sshd-master File: BouncyCastleKeyPairResourceParser.java View source code |
public static KeyPair loadKeyPair(String resourceKey, InputStream inputStream, FilePasswordProvider provider) throws IOException, GeneralSecurityException {
try (PEMParser r = new PEMParser(new InputStreamReader(inputStream, StandardCharsets.UTF_8))) {
Object o = r.readObject();
SecurityProviderRegistrar registrar = SecurityUtils.getRegisteredProvider(SecurityUtils.BOUNCY_CASTLE);
if (registrar == null) {
throw new NoSuchProviderException(SecurityUtils.BOUNCY_CASTLE + " registrar not available");
}
JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter();
if (registrar.isNamedProviderUsed()) {
pemConverter.setProvider(registrar.getName());
} else {
pemConverter.setProvider(registrar.getSecurityProvider());
}
if (o instanceof PEMEncryptedKeyPair) {
ValidateUtils.checkNotNull(provider, "No password provider for resource=%s", resourceKey);
String password = ValidateUtils.checkNotNullAndNotEmpty(provider.getPassword(resourceKey), "No password provided for resource=%s", resourceKey);
JcePEMDecryptorProviderBuilder decryptorBuilder = new JcePEMDecryptorProviderBuilder();
PEMDecryptorProvider pemDecryptor = decryptorBuilder.build(password.toCharArray());
o = ((PEMEncryptedKeyPair) o).decryptKeyPair(pemDecryptor);
}
if (o instanceof PEMKeyPair) {
return pemConverter.getKeyPair((PEMKeyPair) o);
} else if (o instanceof KeyPair) {
return (KeyPair) o;
} else {
throw new IOException("Failed to read " + resourceKey + " - unknown result object: " + o);
}
}
}Example 26
| Project: service-proxy-master File: PEMSupport.java View source code |
public X509Certificate parseCertificate(String pemBlock) throws IOException {
PEMParser p2 = new PEMParser(new StringReader(cleanupPEM(pemBlock)));
Object o2 = p2.readObject();
if (o2 == null)
throw new InvalidParameterException("Could not read certificate. Expected the certificate to begin with '-----BEGIN CERTIFICATE-----'.");
if (!(o2 instanceof X509CertificateHolder))
throw new InvalidParameterException("Expected X509CertificateHolder, got " + o2.getClass().getName());
JcaX509CertificateConverter certconv = new JcaX509CertificateConverter().setProvider("BC");
try {
return certconv.getCertificate((X509CertificateHolder) o2);
} catch (CertificateException e) {
throw new IOException(e);
}
}Example 27
| Project: bergamot-master File: PEMUtil.java View source code |
public static Certificate loadCertificate(Reader reader) throws IOException {
try {
try (PEMParser pr = new PEMParser(reader)) {
X509CertificateHolder theCertHolder = (X509CertificateHolder) pr.readObject();
// extract the actual fucking certificate
X509Certificate theCert = new JcaX509CertificateConverter().getCertificate(theCertHolder);
return theCert;
}
} catch (Exception e) {
throw new IOException("Failed to parse PEM formatted certificate", e);
}
}Example 28
| Project: diqube-master File: TicketRsaKeyManager.java View source code |
@PostConstruct
public void initialize() {
List<RSAKeyParameters> allPublicKeys = new ArrayList<>();
publicValidationKeys = Collections.unmodifiableList(allPublicKeys);
provider.getPemFiles().whenComplete(( pemFiles, error) -> {
if (error != null)
throw new RuntimeException("Exception while identifying .pem files!", error);
if (pemFiles.isEmpty())
throw new RuntimeException("No .pem files configured that can be used to sign/validate tickets!");
for (int i = 0; i < pemFiles.size(); i++) {
String pemFileName = pemFiles.get(i).getLeft();
String pemPassword = pemFiles.get(i).getRight();
try (InputStream pemStream = pemFiles.get(i).getMiddle().get()) {
Reader pemReader = new InputStreamReader(pemStream);
try (PEMParser parser = new PEMParser(pemReader)) {
Object o = parser.readObject();
SubjectPublicKeyInfo publicKeyInfo = null;
PrivateKeyInfo privateKeyInfo = null;
if (o instanceof PEMEncryptedKeyPair) {
if (pemPassword == null)
throw new RuntimeException("PEM file '" + pemFileName + "' is password protected, but the password is not configured.");
PEMDecryptorProvider decryptionProvider = new JcePEMDecryptorProviderBuilder().build(pemPassword.toCharArray());
PEMEncryptedKeyPair encryptedKeyPair = (PEMEncryptedKeyPair) o;
PEMKeyPair keyPair = encryptedKeyPair.decryptKeyPair(decryptionProvider);
publicKeyInfo = keyPair.getPublicKeyInfo();
privateKeyInfo = keyPair.getPrivateKeyInfo();
} else if (o instanceof PEMKeyPair) {
PEMKeyPair keyPair = (PEMKeyPair) o;
publicKeyInfo = keyPair.getPublicKeyInfo();
privateKeyInfo = keyPair.getPrivateKeyInfo();
} else if (o instanceof SubjectPublicKeyInfo)
publicKeyInfo = (SubjectPublicKeyInfo) o;
else
throw new RuntimeException("Could not identify content of pem file '" + pemFileName + "': " + o.toString());
if (publicKeyInfo == null)
throw new RuntimeException("Could not load '" + pemFileName + "' because it did not contain a public key.");
if (privateKeyInfo == null)
logger.info("Loading public key from '{}'.", pemFileName);
else if (!provider.filesWithPrivateKeyAreRequired())
throw new RuntimeException("File '" + pemFileName + "' contains a private key, but only public keys are " + "accepted. Please extract the public key from the current file and configure diqube to use " + "that new file.");
allPublicKeys.add((RSAKeyParameters) PublicKeyFactory.createKey(publicKeyInfo));
if (i == 0 && privateKeyInfo != null) {
logger.info("Loading private key from '{}' and will use that for signing tickets.", pemFileName);
privateSigningKey = (RSAPrivateCrtKeyParameters) PrivateKeyFactory.createKey(privateKeyInfo);
}
}
} catch (IOException e) {
throw new RuntimeException("Could not interact with '" + pemFileName + "'. Correct password?", e);
}
}
if (privateSigningKey == null && provider.filesWithPrivateKeyAreRequired())
throw new RuntimeException("A .pem file containing a private key for signing tickets is required. " + "Make sure that the first configured .pem file contains a private key.");
initialized = true;
});
}Example 29
| Project: docker-client-master File: DockerCertificates.java View source code |
private PrivateKey readPrivateKey(Path file) throws IOException, InvalidKeySpecException, NoSuchAlgorithmException, DockerCertificateException {
try (BufferedReader reader = Files.newBufferedReader(file, Charset.defaultCharset());
PEMParser pemParser = new PEMParser(reader)) {
final Object readObject = pemParser.readObject();
if (readObject instanceof PEMKeyPair) {
PEMKeyPair clientKeyPair = (PEMKeyPair) readObject;
return generatePrivateKey(clientKeyPair.getPrivateKeyInfo());
} else if (readObject instanceof PrivateKeyInfo) {
return generatePrivateKey((PrivateKeyInfo) readObject);
}
throw new DockerCertificateException("Can not generate private key from file: " + file.toString());
}
}Example 30
| Project: eucalyptus-master File: PEMFiles.java View source code |
public static X509Certificate getCert(final byte[] o) {
X509Certificate x509 = null;
ByteArrayInputStream pemByteIn = new ByteArrayInputStream(o);
try (PEMParser in = new PEMParser(new InputStreamReader(pemByteIn))) {
x509 = new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCertificate((X509CertificateHolder) in.readObject());
} catch (IOExceptionCertificateException | e) {
LOG.error(e, e);
}
return x509;
}Example 31
| Project: incubator-brooklyn-master File: SecureKeys.java View source code |
/** reads RSA or DSA / pem style private key files (viz {@link #toPem(KeyPair)}), extracting also the public key if possible
* @throws IllegalStateException on errors, in particular {@link PassphraseProblem} if that is the problem */
public static KeyPair readPem(InputStream input, final String passphrase) {
// TODO cache is only for fallback "reader" strategy (2015-01); delete when Parser confirmed working
byte[] cache = Streams.readFully(input);
input = new ByteArrayInputStream(cache);
try {
PEMParser pemParser = new PEMParser(new InputStreamReader(input));
Object object = pemParser.readObject();
pemParser.close();
JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
KeyPair kp = null;
if (object == null) {
throw new IllegalStateException("PEM parsing failed: missing or invalid data");
} else if (object instanceof PEMEncryptedKeyPair) {
if (passphrase == null)
throw new PassphraseProblem("passphrase required");
try {
PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(passphrase.toCharArray());
kp = converter.getKeyPair(((PEMEncryptedKeyPair) object).decryptKeyPair(decProv));
} catch (Exception e) {
Exceptions.propagateIfFatal(e);
throw new PassphraseProblem("wrong passphrase", e);
}
} else if (object instanceof PEMKeyPair) {
kp = converter.getKeyPair((PEMKeyPair) object);
} else if (object instanceof PrivateKeyInfo) {
PrivateKey privKey = converter.getPrivateKey((PrivateKeyInfo) object);
kp = new KeyPair(null, privKey);
} else {
throw new IllegalStateException("PEM parser support missing for: " + object);
}
return kp;
} catch (Exception e) {
Exceptions.propagateIfFatal(e);
input = new ByteArrayInputStream(cache);
try {
Security.addProvider(new BouncyCastleProvider());
@SuppressWarnings("deprecation") org.bouncycastle.openssl.PEMReader pr = new org.bouncycastle.openssl.PEMReader(new InputStreamReader(input), new PasswordFinder() {
public char[] getPassword() {
return passphrase != null ? passphrase.toCharArray() : new char[0];
}
});
@SuppressWarnings("deprecation") KeyPair result = (KeyPair) pr.readObject();
pr.close();
if (result == null)
throw Exceptions.propagate(e);
log.warn("PEMParser failed when deprecated PEMReader succeeded, with " + result + "; had: " + e);
return result;
} catch (Exception e2) {
Exceptions.propagateIfFatal(e2);
throw Exceptions.propagate(e);
}
}
}Example 32
| Project: jclouds-master File: SSLContextBuilder.java View source code |
private static PrivateKey getKey(String privateKey) {
PEMParser pemParser = new PEMParser(new StringReader(privateKey));
try {
Object object = pemParser.readObject();
if (Security.getProvider("BC") == null) {
Security.addProvider(new BouncyCastleProvider());
}
JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
KeyPair keyPair = converter.getKeyPair((PEMKeyPair) object);
return keyPair.getPrivate();
} catch (IOException ex) {
throw new RuntimeException("Invalid private key", ex);
} finally {
Closeables2.closeQuietly(pemParser);
}
}Example 33
| Project: netty-master File: OcspServerExample.java View source code |
private static X509Certificate[] parseCertificates(Reader reader) throws Exception {
JcaX509CertificateConverter converter = new JcaX509CertificateConverter().setProvider(new BouncyCastleProvider());
List<X509Certificate> dst = new ArrayList<X509Certificate>();
PEMParser parser = new PEMParser(reader);
try {
X509CertificateHolder holder = null;
while ((holder = (X509CertificateHolder) parser.readObject()) != null) {
X509Certificate certificate = converter.getCertificate(holder);
if (certificate == null) {
continue;
}
dst.add(certificate);
}
} finally {
parser.close();
}
return dst.toArray(new X509Certificate[0]);
}Example 34
| Project: nomulus-master File: TestSftpServer.java View source code |
@Nullable
private static KeyPair createKeyPair(String key) {
try (PEMParser pemParser = new PEMParser(new StringReader(key))) {
PEMKeyPair pemPair = (PEMKeyPair) pemParser.readObject();
KeyPair result = new JcaPEMKeyConverter().setProvider("BC").getKeyPair(pemPair);
logger.info("Read key pair " + result);
return result;
} catch (IOException e) {
logger.log(Level.SEVERE, "Couldn't read key pair from string(!)", e);
return null;
}
}Example 35
| Project: Repository-master File: CertificateUtil.java View source code |
/**
* Decodes a PEM formatted certificate.
*
* @param pemFormattedCertificate text to be decoded as a PEM certificate.
* @return the Certificate decoded from the input text.
* @throws CertificateParsingException
* thrown if the PEM formatted string cannot be parsed into a Certificate.
*/
public static Certificate decodePEMFormattedCertificate(final String pemFormattedCertificate) throws CertificateException {
log.trace("Parsing PEM formatted certificate string:\n{}", pemFormattedCertificate);
// make sure we have something to parse
if (pemFormattedCertificate != null) {
StringReader stringReader = new StringReader(pemFormattedCertificate);
PEMParser pemReader = new PEMParser(stringReader);
try {
Object object = pemReader.readObject();
log.trace("Object found while paring PEM formatted string: {}", object);
if (object instanceof X509CertificateHolder) {
X509CertificateHolder holder = (X509CertificateHolder) object;
JcaX509CertificateConverter converter = new JcaX509CertificateConverter();
return converter.getCertificate(holder);
}
} catch (IOException e) {
throw new CertificateParsingException("Failed to parse valid certificate from expected PEM formatted certificate:\n" + pemFormattedCertificate, e);
}
}
// cert was not a valid object
throw new CertificateParsingException("Failed to parse valid certificate from expected PEM formatted certificate:\n" + pemFormattedCertificate);
}Example 36
| Project: webofneeds-master File: TestSigningUtils.java View source code |
private void printCerificate(final KeyStoreService storeService, final String keyName, final String certUri) throws IOException, CertificateException {
System.out.println(keyName);
System.out.println(certUri);
X509Certificate cert = (X509Certificate) storeService.getCertificate(keyName);
StringWriter sw = new StringWriter();
PEMWriter writer = new PEMWriter(sw);
writer.writeObject(cert);
writer.close();
System.out.println(sw.toString());
PEMParser pemParser = new PEMParser(new StringReader(sw.toString()));
X509CertificateHolder certHolder = (X509CertificateHolder) pemParser.readObject();
X509Certificate certRead = new JcaX509CertificateConverter().setProvider("BC").getCertificate(certHolder);
System.out.println(certRead.toString());
}Example 37
| Project: irma_future_id-master File: ParserTest.java View source code |
public void performTest() throws Exception {
PEMParser pemRd = openPEMResource("test.pem");
Object o;
PEMKeyPair pemPair;
KeyPair pair;
while ((o = pemRd.readObject()) != null) {
if (o instanceof KeyPair) {
//pair = (KeyPair)o;
//System.out.println(pair.getPublic());
//System.out.println(pair.getPrivate());
} else {
//System.out.println(o.toString());
}
}
// test bogus lines before begin are ignored.
pemRd = openPEMResource("extratest.pem");
while ((o = pemRd.readObject()) != null) {
if (!(o instanceof X509CertificateHolder)) {
fail("wrong object found");
}
}
//
// pkcs 7 data
//
pemRd = openPEMResource("pkcs7.pem");
ContentInfo d = (ContentInfo) pemRd.readObject();
if (!d.getContentType().equals(CMSObjectIdentifiers.envelopedData)) {
fail("failed envelopedData check");
}
//
// ECKey
//
pemRd = openPEMResource("eckey.pem");
ASN1ObjectIdentifier ecOID = (ASN1ObjectIdentifier) pemRd.readObject();
X9ECParameters ecSpec = ECNamedCurveTable.getByOID(ecOID);
if (ecSpec == null) {
fail("ecSpec not found for named curve");
}
pemPair = (PEMKeyPair) pemRd.readObject();
pair = new JcaPEMKeyConverter().setProvider("BC").getKeyPair(pemPair);
Signature sgr = Signature.getInstance("ECDSA", "BC");
sgr.initSign(pair.getPrivate());
byte[] message = new byte[] { (byte) 'a', (byte) 'b', (byte) 'c' };
sgr.update(message);
byte[] sigBytes = sgr.sign();
sgr.initVerify(pair.getPublic());
sgr.update(message);
if (!sgr.verify(sigBytes)) {
fail("EC verification failed");
}
if (!pair.getPublic().getAlgorithm().equals("ECDSA")) {
fail("wrong algorithm name on public got: " + pair.getPublic().getAlgorithm());
}
if (!pair.getPrivate().getAlgorithm().equals("ECDSA")) {
fail("wrong algorithm name on private");
}
//
// ECKey -- explicit parameters
//
pemRd = openPEMResource("ecexpparam.pem");
ecSpec = (X9ECParameters) pemRd.readObject();
pemPair = (PEMKeyPair) pemRd.readObject();
pair = new JcaPEMKeyConverter().setProvider("BC").getKeyPair(pemPair);
sgr = Signature.getInstance("ECDSA", "BC");
sgr.initSign(pair.getPrivate());
message = new byte[] { (byte) 'a', (byte) 'b', (byte) 'c' };
sgr.update(message);
sigBytes = sgr.sign();
sgr.initVerify(pair.getPublic());
sgr.update(message);
if (!sgr.verify(sigBytes)) {
fail("EC verification failed");
}
if (!pair.getPublic().getAlgorithm().equals("ECDSA")) {
fail("wrong algorithm name on public got: " + pair.getPublic().getAlgorithm());
}
if (!pair.getPrivate().getAlgorithm().equals("ECDSA")) {
fail("wrong algorithm name on private");
}
//
// writer/parser test
//
KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC");
pair = kpGen.generateKeyPair();
keyPairTest("RSA", pair);
kpGen = KeyPairGenerator.getInstance("DSA", "BC");
kpGen.initialize(512, new SecureRandom());
pair = kpGen.generateKeyPair();
keyPairTest("DSA", pair);
//
// PKCS7
//
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
PEMWriter pWrt = new PEMWriter(new OutputStreamWriter(bOut));
pWrt.writeObject(d);
pWrt.close();
pemRd = new PEMParser(new InputStreamReader(new ByteArrayInputStream(bOut.toByteArray())));
d = (ContentInfo) pemRd.readObject();
if (!d.getContentType().equals(CMSObjectIdentifiers.envelopedData)) {
fail("failed envelopedData recode check");
}
// OpenSSL test cases (as embedded resources)
doOpenSslDsaTest("unencrypted");
doOpenSslRsaTest("unencrypted");
doOpenSslTests("aes128");
doOpenSslTests("aes192");
doOpenSslTests("aes256");
doOpenSslTests("blowfish");
doOpenSslTests("des1");
doOpenSslTests("des2");
doOpenSslTests("des3");
doOpenSslTests("rc2_128");
doOpenSslDsaTest("rc2_40_cbc");
doOpenSslRsaTest("rc2_40_cbc");
doOpenSslDsaTest("rc2_64_cbc");
doOpenSslRsaTest("rc2_64_cbc");
doDudPasswordTest("7fd98", 0, "corrupted stream - out of bounds length found");
doDudPasswordTest("ef677", 1, "corrupted stream - out of bounds length found");
doDudPasswordTest("800ce", 2, "unknown tag 26 encountered");
doDudPasswordTest("b6cd8", 3, "DEF length 81 object truncated by 56");
doDudPasswordTest("28ce09", 4, "DEF length 110 object truncated by 28");
doDudPasswordTest("2ac3b9", 5, "DER length more than 4 bytes: 11");
doDudPasswordTest("2cba96", 6, "DEF length 100 object truncated by 35");
doDudPasswordTest("2e3354", 7, "DEF length 42 object truncated by 9");
doDudPasswordTest("2f4142", 8, "DER length more than 4 bytes: 14");
doDudPasswordTest("2fe9bb", 9, "DER length more than 4 bytes: 65");
doDudPasswordTest("3ee7a8", 10, "DER length more than 4 bytes: 57");
doDudPasswordTest("41af75", 11, "unknown tag 16 encountered");
doDudPasswordTest("1704a5", 12, "corrupted stream detected");
doDudPasswordTest("1c5822", 13, "unknown object in getInstance: org.bouncycastle.asn1.DERUTF8String");
doDudPasswordTest("5a3d16", 14, "corrupted stream detected");
doDudPasswordTest("8d0c97", 15, "corrupted stream detected");
doDudPasswordTest("bc0daf", 16, "corrupted stream detected");
doDudPasswordTest("aaf9c4d", 17, "corrupted stream - out of bounds length found");
doNoPasswordTest();
// encrypted private key test
InputDecryptorProvider pkcs8Prov = new JceOpenSSLPKCS8DecryptorProviderBuilder().build("password".toCharArray());
pemRd = openPEMResource("enckey.pem");
PKCS8EncryptedPrivateKeyInfo encPrivKeyInfo = (PKCS8EncryptedPrivateKeyInfo) pemRd.readObject();
JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
RSAPrivateCrtKey privKey = (RSAPrivateCrtKey) converter.getPrivateKey(encPrivKeyInfo.decryptPrivateKeyInfo(pkcs8Prov));
if (!privKey.getPublicExponent().equals(new BigInteger("10001", 16))) {
fail("decryption of private key data check failed");
}
// general PKCS8 test
pemRd = openPEMResource("pkcs8test.pem");
Object privInfo;
while ((privInfo = pemRd.readObject()) != null) {
if (privInfo instanceof PrivateKeyInfo) {
privKey = (RSAPrivateCrtKey) converter.getPrivateKey(PrivateKeyInfo.getInstance(privInfo));
} else {
privKey = (RSAPrivateCrtKey) converter.getPrivateKey(((PKCS8EncryptedPrivateKeyInfo) privInfo).decryptPrivateKeyInfo(pkcs8Prov));
}
if (!privKey.getPublicExponent().equals(new BigInteger("10001", 16))) {
fail("decryption of private key data check failed");
}
}
}Example 38
| Project: nifi-master File: TlsHelperTest.java View source code |
public static X509Certificate loadCertificate(Reader reader) throws IOException, CertificateException {
try (PEMParser pemParser = new PEMParser(reader)) {
Object object = pemParser.readObject();
assertEquals(X509CertificateHolder.class, object.getClass());
return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCertificate((X509CertificateHolder) object);
}
}Example 39
| Project: AndroidHttpCapture-master File: BouncyCastleSecurityProviderTool.java View source code |
@Override
public PrivateKey decodePemEncodedPrivateKey(Reader privateKeyReader, String password) {
try {
PEMParser pemParser = new PEMParser(privateKeyReader);
Object keyPair = pemParser.readObject();
// retrieve the PrivateKeyInfo from the returned keyPair object. if the key is encrypted, it needs to be
// decrypted using the specified password first.
PrivateKeyInfo keyInfo;
if (keyPair instanceof PEMEncryptedKeyPair) {
if (password == null) {
throw new ImportException("Unable to import private key. Key is encrypted, but no password was provided.");
}
PEMDecryptorProvider decryptor = new JcePEMDecryptorProviderBuilder().build(password.toCharArray());
PEMKeyPair decryptedKeyPair = ((PEMEncryptedKeyPair) keyPair).decryptKeyPair(decryptor);
keyInfo = decryptedKeyPair.getPrivateKeyInfo();
} else {
keyInfo = ((PEMKeyPair) keyPair).getPrivateKeyInfo();
}
return new JcaPEMKeyConverter().getPrivateKey(keyInfo);
} catch (IOException e) {
throw new ImportException("Unable to read PEM-encoded PrivateKey", e);
}
}Example 40
| Project: denominator-master File: Denominator.java View source code |
@Override
public Object apply(Object input) {
if (input instanceof String && input.toString().contains("BEGIN RSA PRIVATE KEY")) {
try {
PEMKeyPair pemKeyPair = (PEMKeyPair) new PEMParser(new StringReader(input.toString())).readObject();
PrivateKeyInfo privateKeyInfo = pemKeyPair.getPrivateKeyInfo();
KeyFactory keyFact = KeyFactory.getInstance(privateKeyInfo.getPrivateKeyAlgorithm().getAlgorithm().getId(), new BouncyCastleProvider());
return keyFact.generatePrivate(new PKCS8EncodedKeySpec(privateKeyInfo.getEncoded()));
} catch (Exception ex) {
return input;
}
}
return input;
}Example 41
| Project: gcb-master File: GarenaEncrypt.java View source code |
public void initRSA() {
Main.println(3, "[GEncrypt] Initializing RSA Keys...");
BouncyCastleProvider bcp = new BouncyCastleProvider();
Security.addProvider(bcp);
Main.println(3, "[GEncrypt] Reading private key in PEM format...");
try {
PEMParser pemreader = new PEMParser(new FileReader("gkey.pem"));
rsaKey = (PEMKeyPair) pemreader.readObject();
pemreader.close();
} catch (IOException ioe) {
if (Main.DEBUG) {
ioe.printStackTrace();
}
Main.println(1, "[GEncrypt] Failed to read the Garena RSA key: " + ioe.getLocalizedMessage());
Main.println(1, "[GEncrypt] ... check to make sure that gkey.pem exists in the working directory and is readable by gcb");
Main.println(1, "[GEncrypt] ... enable gcb_debug for full exception output");
}
}Example 42
| Project: box-java-sdk-master File: BoxDeveloperEditionAPIConnection.java View source code |
private PrivateKey decryptPrivateKey() {
PrivateKey decryptedPrivateKey = null;
try {
PEMParser keyReader = new PEMParser(new StringReader(this.privateKey));
Object keyPair = keyReader.readObject();
keyReader.close();
if (keyPair instanceof PEMEncryptedKeyPair) {
JcePEMDecryptorProviderBuilder builder = new JcePEMDecryptorProviderBuilder();
PEMDecryptorProvider decryptionProvider = builder.build(this.privateKeyPassword.toCharArray());
keyPair = ((PEMEncryptedKeyPair) keyPair).decryptKeyPair(decryptionProvider);
PrivateKeyInfo keyInfo = ((PEMKeyPair) keyPair).getPrivateKeyInfo();
decryptedPrivateKey = (new JcaPEMKeyConverter()).getPrivateKey(keyInfo);
} else if (keyPair instanceof PKCS8EncryptedPrivateKeyInfo) {
InputDecryptorProvider pkcs8Prov = new JceOpenSSLPKCS8DecryptorProviderBuilder().setProvider("BC").build(this.privateKeyPassword.toCharArray());
PrivateKeyInfo keyInfo = ((PKCS8EncryptedPrivateKeyInfo) keyPair).decryptPrivateKeyInfo(pkcs8Prov);
decryptedPrivateKey = (new JcaPEMKeyConverter()).getPrivateKey(keyInfo);
} else {
PrivateKeyInfo keyInfo = ((PEMKeyPair) keyPair).getPrivateKeyInfo();
decryptedPrivateKey = (new JcaPEMKeyConverter()).getPrivateKey(keyInfo);
}
} catch (IOException e) {
throw new BoxAPIException("Error parsing private key for Box Developer Edition.", e);
} catch (OperatorCreationException e) {
throw new BoxAPIException("Error parsing PKCS#8 private key for Box Developer Edition.", e);
} catch (PKCSException e) {
throw new BoxAPIException("Error parsing PKCS private key for Box Developer Edition.", e);
}
return decryptedPrivateKey;
}Example 43
| Project: loklak_server-master File: LoklakServer.java View source code |
//initiate http server
private static void setupHttpServer(int httpPort, int httpsPort) throws Exception {
QueuedThreadPool pool = new QueuedThreadPool();
pool.setMaxThreads(500);
LoklakServer.server = new Server(pool);
LoklakServer.server.setStopAtShutdown(true);
//http
if (!httpsMode.equals(HttpsMode.ONLY)) {
HttpConfiguration http_config = new HttpConfiguration();
if (//redirect
httpsMode.equals(HttpsMode.REDIRECT)) {
http_config.addCustomizer(new SecureRequestCustomizer());
http_config.setSecureScheme("https");
http_config.setSecurePort(httpsPort);
}
ServerConnector connector = new ServerConnector(LoklakServer.server);
connector.addConnectionFactory(new HttpConnectionFactory(http_config));
connector.setPort(httpPort);
connector.setName("httpd:" + httpPort);
// timout in ms when no bytes send / received
connector.setIdleTimeout(20000);
LoklakServer.server.addConnector(connector);
}
//uncommented lines for http2 (jetty 9.3 / java 8)
if (httpsMode.isGreaterOrEqualTo(HttpsMode.ON)) {
Log.getLog().info("HTTPS activated");
String keySource = DAO.getConfig("https.keysource", "keystore");
KeyStore keyStore;
String keystoreManagerPass;
//check for key source. Can be a java keystore or in pem format (gets converted automatically)
if ("keystore".equals(keySource)) {
Log.getLog().info("Loading keystore from disk");
//use native keystore format
File keystoreFile = new File(DAO.conf_dir, DAO.getConfig("keystore.name", "keystore.jks"));
if (!keystoreFile.exists() || !keystoreFile.isFile() || !keystoreFile.canRead()) {
throw new Exception("Could not find keystore");
}
keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(new FileInputStream(keystoreFile.getAbsolutePath()), DAO.getConfig("keystore.password", "").toCharArray());
keystoreManagerPass = DAO.getConfig("keystore.password", "");
} else if ("key-cert".equals(keySource)) {
Log.getLog().info("Importing keystore from key/cert files");
//use more common pem format as used by openssl
//generate random password
char[] chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789".toCharArray();
StringBuilder sb = new StringBuilder();
Random random = new Random();
for (int i = 0; i < 20; i++) {
char c = chars[random.nextInt(chars.length)];
sb.append(c);
}
String password = keystoreManagerPass = sb.toString();
//get key and cert
File keyFile = new File(DAO.getConfig("https.key", ""));
if (!keyFile.exists() || !keyFile.isFile() || !keyFile.canRead()) {
throw new Exception("Could not find key file");
}
File certFile = new File(DAO.getConfig("https.cert", ""));
if (!certFile.exists() || !certFile.isFile() || !certFile.canRead()) {
throw new Exception("Could not find cert file");
}
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
byte[] keyBytes = Files.readAllBytes(keyFile.toPath());
byte[] certBytes = Files.readAllBytes(certFile.toPath());
PEMParser parser = new PEMParser(new InputStreamReader(new ByteArrayInputStream(certBytes)));
X509Certificate cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate((X509CertificateHolder) parser.readObject());
parser = new PEMParser(new InputStreamReader(new ByteArrayInputStream(keyBytes)));
PrivateKey key = new JcaPEMKeyConverter().setProvider("BC").getPrivateKey((PrivateKeyInfo) parser.readObject());
keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, null);
keyStore.setCertificateEntry(cert.getSubjectX500Principal().getName(), cert);
keyStore.setKeyEntry("defaultKey", key, password.toCharArray(), new Certificate[] { cert });
Log.getLog().info("Successfully imported keystore from key/cert files");
} else {
throw new Exception("Invalid option for https.keysource");
}
HttpConfiguration https_config = new HttpConfiguration();
https_config.addCustomizer(new SecureRequestCustomizer());
HttpConnectionFactory http1 = new HttpConnectionFactory(https_config);
//HTTP2ServerConnectionFactory http2 = new HTTP2ServerConnectionFactory(https_config);
//NegotiatingServerConnectionFactory.checkProtocolNegotiationAvailable();
//ALPNServerConnectionFactory alpn = new ALPNServerConnectionFactory();
//alpn.setDefaultProtocol(http1.getProtocol());
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStore(keyStore);
sslContextFactory.setKeyManagerPassword(keystoreManagerPass);
//sslContextFactory.setCipherComparator(HTTP2Cipher.COMPARATOR);
//sslContextFactory.setUseCipherSuitesOrder(true);
//SslConnectionFactory ssl = new SslConnectionFactory(sslContextFactory, alpn.getProtocol());
SslConnectionFactory ssl = new SslConnectionFactory(sslContextFactory, "http/1.1");
//ServerConnector sslConnector = new ServerConnector(LoklakServer.server, ssl, alpn, http2, http1);
ServerConnector sslConnector = new ServerConnector(LoklakServer.server, ssl, http1);
sslConnector.setPort(httpsPort);
sslConnector.setName("httpd:" + httpsPort);
// timout in ms when no bytes send / received
sslConnector.setIdleTimeout(20000);
LoklakServer.server.addConnector(sslConnector);
}
}Example 44
| Project: SAMLRaider-master File: CertificateTabController.java View source code |
/**
* Import a private RSA key in PEM format from a file and add it to the
* selected certificate.
*
* @param certificate
* which the private key is for.
* @param filename
* of the private RSA key in PEM format
*/
public void importPrivateKey(BurpCertificate certificate, String filename) {
setStatus("Importing private key...");
BufferedReader br;
try {
br = new BufferedReader(new FileReader(filename));
PEMParser pp = new PEMParser(br);
PEMKeyPair pemKeyPair = (PEMKeyPair) pp.readObject();
KeyPair kp = new JcaPEMKeyConverter().getKeyPair(pemKeyPair);
pp.close();
setCertificateTree();
setStatus("Private Key imported.");
certificate.setPrivateKey(kp.getPrivate());
} catch (IOException e) {
setStatus("Error importing private key. (" + e.getMessage() + ")");
e.printStackTrace();
} catch (Exception e) {
setStatus("Error (" + e.getMessage() + ")");
}
}Example 45
| Project: canl-java-master File: ProxyGenerationTest.java View source code |
/**
* Tests whether deserialization from PEM loaded CSR works and whether a proxy generated from CSR has a
* different serial then the previous one. It is also tested if limited flag works on RFC proxies.
* @throws Exception
*/
@Test
public void testCSRDeserializationLoading() throws Exception {
X509Credential credential = new KeystoreCredential("src/test/resources/keystore-1.jks", CertificateUtilsTest.KS_P, CertificateUtilsTest.KS_P, "mykey", "JKS");
ProxyCertificateOptions param = new ProxyCertificateOptions(credential.getCertificateChain());
param.setLimited(true);
ProxyCertificate proxy1 = ProxyGenerator.generate(param, credential.getKey());
X509Certificate[] certs = proxy1.getCertificateChain();
ProxyCertificateOptions options = new ProxyCertificateOptions(certs);
options.setLimited(true);
ProxyCSR proxyCsr = ProxyCSRGenerator.generate(options);
PKCS10CertificationRequest req = proxyCsr.getCSR();
StringWriter stringWriter = new StringWriter();
JcaPEMWriter pemWriter = new JcaPEMWriter(stringWriter);
pemWriter.writeObject(req);
pemWriter.close();
String certRequest = stringWriter.toString();
PEMParser pemReader = new PEMParser(new StringReader(certRequest));
PKCS10CertificationRequest req2;
try {
req2 = (PKCS10CertificationRequest) pemReader.readObject();
} finally {
pemReader.close();
}
ProxyCSRInfo info2 = new ProxyCSRInfo(req2);
assertEquals(new ProxyPolicy(ProxyPolicy.LIMITED_PROXY_OID), info2.getPolicy());
assertEquals(ProxyType.RFC3820, info2.getProxyType());
ProxyRequestOptions proxy2Param = new ProxyRequestOptions(certs, req2);
X509Certificate[] proxy2 = ProxyGenerator.generate(proxy2Param, credential.getKey());
String[] avas = proxy2[0].getSubjectX500Principal().getName().split(",");
String[] cn1 = avas[0].split("=");
String[] cn2 = avas[1].split("=");
assertNotSame(cn1[1], cn2[1]);
}Example 46
| Project: ddf-master File: KeystoreEditor.java View source code |
private synchronized void addToStore(String alias, String keyPassword, String storePassword, String data, String type, String fileName, String path, String storepass, KeyStore store) throws KeystoreEditorException {
OutputStream fos = null;
try (InputStream inputStream = new ByteArrayInputStream(Base64.getDecoder().decode(data))) {
if (StringUtils.isBlank(alias)) {
throw new IllegalArgumentException("Alias cannot be null.");
}
Path storeFile = Paths.get(path);
//check the two most common key/cert stores first (pkcs12 and jks)
if (PKCS12_TYPE.equals(type) || StringUtils.endsWithIgnoreCase(fileName, ".p12")) {
//priv key + cert chain
KeyStore pkcs12Store = KeyStore.getInstance("PKCS12");
pkcs12Store.load(inputStream, storePassword.toCharArray());
Certificate[] chain = pkcs12Store.getCertificateChain(alias);
Key key = pkcs12Store.getKey(alias, keyPassword.toCharArray());
if (key != null) {
store.setKeyEntry(alias, key, keyPassword.toCharArray(), chain);
fos = Files.newOutputStream(storeFile);
store.store(fos, storepass.toCharArray());
}
} else if (JKS_TYPE.equals(type) || StringUtils.endsWithIgnoreCase(fileName, ".jks")) {
//java keystore file
KeyStore jks = KeyStore.getInstance("jks");
jks.load(inputStream, storePassword.toCharArray());
Enumeration<String> aliases = jks.aliases();
//we are going to store all entries from the jks regardless of the passed in alias
while (aliases.hasMoreElements()) {
String jksAlias = aliases.nextElement();
if (jks.isKeyEntry(jksAlias)) {
Key key = jks.getKey(jksAlias, keyPassword.toCharArray());
Certificate[] certificateChain = jks.getCertificateChain(jksAlias);
store.setKeyEntry(jksAlias, key, keyPassword.toCharArray(), certificateChain);
} else {
Certificate certificate = jks.getCertificate(jksAlias);
store.setCertificateEntry(jksAlias, certificate);
}
}
fos = Files.newOutputStream(storeFile);
store.store(fos, storepass.toCharArray());
//need to parse der separately from pem, der has the same mime type but is binary hence checking both
} else if (DER_TYPE.equals(type) && StringUtils.endsWithIgnoreCase(fileName, ".der")) {
ASN1InputStream asn1InputStream = new ASN1InputStream(inputStream);
ASN1Primitive asn1Primitive = asn1InputStream.readObject();
X509CertificateHolder x509CertificateHolder = new X509CertificateHolder(asn1Primitive.getEncoded());
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
Certificate certificate = certificateFactory.generateCertificate(new ByteArrayInputStream(x509CertificateHolder.getEncoded()));
X500Name x500name = new JcaX509CertificateHolder((X509Certificate) certificate).getSubject();
RDN cn = x500name.getRDNs(BCStyle.CN)[0];
String cnStr = IETFUtils.valueToString(cn.getFirst().getValue());
if (!store.isCertificateEntry(cnStr) && !store.isKeyEntry(cnStr)) {
store.setCertificateEntry(cnStr, certificate);
}
store.setCertificateEntry(alias, certificate);
fos = Files.newOutputStream(storeFile);
store.store(fos, storepass.toCharArray());
//if it isn't one of the stores we support, it might be a key or cert by itself
} else if (isPemParsable(type, fileName)) {
//This is the catch all case for PEM, P7B, etc. with common file extensions if the mime type isn't read correctly in the browser
Reader reader = new BufferedReader(new InputStreamReader(inputStream, StandardCharsets.UTF_8));
PEMParser pemParser = new PEMParser(reader);
Object object;
boolean setEntry = false;
while ((object = pemParser.readObject()) != null) {
if (object instanceof PEMEncryptedKeyPair || object instanceof PEMKeyPair) {
PEMKeyPair pemKeyPair;
if (object instanceof PEMEncryptedKeyPair) {
PEMEncryptedKeyPair pemEncryptedKeyPairKeyPair = (PEMEncryptedKeyPair) object;
JcePEMDecryptorProviderBuilder jcePEMDecryptorProviderBuilder = new JcePEMDecryptorProviderBuilder();
pemKeyPair = pemEncryptedKeyPairKeyPair.decryptKeyPair(jcePEMDecryptorProviderBuilder.build(keyPassword.toCharArray()));
} else {
pemKeyPair = (PEMKeyPair) object;
}
KeyPair keyPair = new JcaPEMKeyConverter().setProvider("BC").getKeyPair(pemKeyPair);
PrivateKey privateKey = keyPair.getPrivate();
Certificate[] chain = store.getCertificateChain(alias);
if (chain == null) {
chain = buildCertChain(alias, store);
}
store.setKeyEntry(alias, privateKey, keyPassword.toCharArray(), chain);
setEntry = true;
} else if (object instanceof X509CertificateHolder) {
X509CertificateHolder x509CertificateHolder = (X509CertificateHolder) object;
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
Certificate certificate = certificateFactory.generateCertificate(new ByteArrayInputStream(x509CertificateHolder.getEncoded()));
X500Name x500name = new JcaX509CertificateHolder((X509Certificate) certificate).getSubject();
RDN cn = x500name.getRDNs(BCStyle.CN)[0];
String cnStr = IETFUtils.valueToString(cn.getFirst().getValue());
if (!store.isCertificateEntry(cnStr) && !store.isKeyEntry(cnStr)) {
store.setCertificateEntry(cnStr, certificate);
}
store.setCertificateEntry(alias, certificate);
setEntry = true;
} else if (object instanceof ContentInfo) {
ContentInfo contentInfo = (ContentInfo) object;
if (contentInfo.getContentType().equals(CMSObjectIdentifiers.envelopedData)) {
CMSEnvelopedData cmsEnvelopedData = new CMSEnvelopedData(contentInfo);
OriginatorInfo originatorInfo = cmsEnvelopedData.getOriginatorInfo().toASN1Structure();
ASN1Set certificates = originatorInfo.getCertificates();
setEntry = importASN1CertificatesToStore(store, setEntry, certificates);
} else if (contentInfo.getContentType().equals(CMSObjectIdentifiers.signedData)) {
SignedData signedData = SignedData.getInstance(contentInfo.getContent());
ASN1Set certificates = signedData.getCertificates();
setEntry = importASN1CertificatesToStore(store, setEntry, certificates);
}
} else if (object instanceof PKCS8EncryptedPrivateKeyInfo) {
PKCS8EncryptedPrivateKeyInfo pkcs8EncryptedPrivateKeyInfo = (PKCS8EncryptedPrivateKeyInfo) object;
Certificate[] chain = store.getCertificateChain(alias);
if (chain == null) {
chain = buildCertChain(alias, store);
}
try {
store.setKeyEntry(alias, pkcs8EncryptedPrivateKeyInfo.getEncoded(), chain);
setEntry = true;
} catch (KeyStoreException keyEx) {
try {
PKCS8Key pkcs8Key = new PKCS8Key(pkcs8EncryptedPrivateKeyInfo.getEncoded(), keyPassword.toCharArray());
store.setKeyEntry(alias, pkcs8Key.getPrivateKey(), keyPassword.toCharArray(), chain);
setEntry = true;
} catch (GeneralSecurityException e) {
LOGGER.info("Unable to add PKCS8 key to keystore with secondary method. Throwing original exception.", e);
throw keyEx;
}
}
}
}
if (setEntry) {
fos = Files.newOutputStream(storeFile);
store.store(fos, storepass.toCharArray());
}
}
} catch (Exception e) {
LOGGER.info("Unable to add entry {} to store", alias, e);
throw new KeystoreEditorException("Unable to add entry " + alias + " to store", e);
} finally {
if (fos != null) {
try {
fos.close();
} catch (IOException ignore) {
}
}
}
init();
}Example 47
| Project: Openfire-master File: CertificateManager.java View source code |
/**
* Parses a PrivateKey instance from a PEM representation.
*
* When the provided key is encrypted, the provided pass phrase is applied.
*
* @param pemRepresentation a PEM representation of a private key (cannot be null or empty)
* @param passPhrase optional pass phrase (must be present if the private key is encrypted).
* @return a PrivateKey instance (never null)
*/
public static PrivateKey parsePrivateKey(InputStream pemRepresentation, String passPhrase) throws IOException {
if (passPhrase == null) {
passPhrase = "";
}
try (//
Reader reader = new InputStreamReader(pemRepresentation);
PEMParser pemParser = new PEMParser(reader)) {
final Object object = pemParser.readObject();
final JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
final KeyPair kp;
if (object instanceof PEMEncryptedKeyPair) {
// Encrypted key - we will use provided password
final PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(passPhrase.toCharArray());
kp = converter.getKeyPair(((PEMEncryptedKeyPair) object).decryptKeyPair(decProv));
} else if (object instanceof PKCS8EncryptedPrivateKeyInfo) {
// Encrypted key - we will use provided password
try {
final PKCS8EncryptedPrivateKeyInfo encryptedInfo = (PKCS8EncryptedPrivateKeyInfo) object;
final InputDecryptorProvider provider = new JceOpenSSLPKCS8DecryptorProviderBuilder().build(passPhrase.toCharArray());
final PrivateKeyInfo privateKeyInfo = encryptedInfo.decryptPrivateKeyInfo(provider);
return converter.getPrivateKey(privateKeyInfo);
} catch (PKCSExceptionOperatorCreationException | e) {
throw new IOException("Unable to decrypt private key.", e);
}
} else if (object instanceof PrivateKeyInfo) {
return converter.getPrivateKey((PrivateKeyInfo) object);
} else {
// Unencrypted key - no password needed
kp = converter.getKeyPair((PEMKeyPair) object);
}
return kp.getPrivate();
}
}Example 48
| Project: artifactory_ssh_proxy-master File: PEMHostKeyProvider.java View source code |
protected KeyPair doReadKeyPair(InputStream is) throws Exception {
try (PEMParser r = new PEMParser(new InputStreamReader(is))) {
return jcaHelper.getKeyPair((PEMKeyPair) r.readObject());
}
}Example 49
| Project: acme-client-master File: X509Utils.java View source code |
public static KeyPair loadPEMKeyPair(InputStream privateKeyInputStream) throws IOException {
try (PEMParser pemParser = new PEMParser(new InputStreamReader(privateKeyInputStream))) {
PEMKeyPair keyPair = (PEMKeyPair) pemParser.readObject();
return new JcaPEMKeyConverter().getKeyPair(keyPair);
}
}Example 50
| Project: thingsboard-gateway-master File: CertPemClientCredentials.java View source code |
private Object readPEMFile(String filePath) throws Exception {
PEMParser reader = new PEMParser(new FileReader(filePath));
Object fileHolder = reader.readObject();
reader.close();
return fileHolder;
}Example 51
| Project: jruby-openssl-master File: PEMUtils.java View source code |
static PEMKeyPair readInternal(final Reader reader, final char[] password) throws IOException {
Object keyPair = new PEMParser(reader).readObject();
if (keyPair instanceof PEMEncryptedKeyPair) {
return ((PEMEncryptedKeyPair) keyPair).decryptKeyPair(new PEMDecryptorImpl(password));
}
return (PEMKeyPair) keyPair;
}Example 52
| Project: Sahi-master File: SSLHelper.java View source code |
private PrivateKey readPrivateKey(String privateKeyPath) throws IOException {
PEMKeyPair keyPair = (PEMKeyPair) new PEMParser(new FileReader(privateKeyPath)).readObject();
return new JcaPEMKeyConverter().getKeyPair(keyPair).getPrivate();
}Example 53
| Project: dcache-master File: DelegationShell.java View source code |
private PKCS10CertificationRequest fromPEM(String data) throws IOException {
PEMParser reader = new PEMParser(new StringReader(data));
return (PKCS10CertificationRequest) reader.readObject();
}Example 54
| Project: digidoc4j-master File: CertificatesForTests.java View source code |
public static PrivateKey parsePrivateKey(Reader privateKey) {
try (PEMParser pemParser = new PEMParser(privateKey)) {
PEMKeyPair keyPair = (PEMKeyPair) pemParser.readObject();
return new JcaPEMKeyConverter().getKeyPair(keyPair).getPrivate();
} catch (IOException e) {
throw new RuntimeException(e);
}
}