List of usage examples for org.bouncycastle.openssl.bc BcPEMDecryptorProvider BcPEMDecryptorProvider
public BcPEMDecryptorProvider(char[] password)
From source file:org.commonjava.util.jhttpc.INTERNAL.util.BouncyCastleUtils.java
License:Apache License
public static KeyStore readKeyAndCertFromPem(String pemContent, String keyPass) throws NoSuchAlgorithmException, CertificateException, KeyStoreException, IOException, JHttpCException { Logger logger = LoggerFactory.getLogger(BouncyCastleUtils.class); final KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(null);/* www.j a v a2s . c o m*/ // final KeyManagerFactory kmfactory = KeyManagerFactory.getInstance( // KeyManagerFactory.getDefaultAlgorithm()); // // kmfactory.init(ks, keyPass.toCharArray()); // final CertificateFactory certFactory = CertificateFactory.getInstance( "X.509" ); // Pattern keyTypePattern = Pattern.compile( KEY_TYPE_PATTERN ); // Matcher matcher = keyTypePattern.matcher( pemContent ); // String keyType = "RSA"; // if ( matcher.find() ) // { // String type = matcher.group( 1 ); // if ( "ENCRYPTED".equals( type ) ) // { // keyType = "PKCS8"; // } // else // { // keyType = type; // } // } // // logger.trace( "Using key factory for type: {}", keyType ); // final KeyFactory keyFactory = KeyFactory.getInstance( keyType ); // final List<String> lines = SSLUtils.readLines( pemContent ); // // String currentHeader = null; // final StringBuilder current = new StringBuilder(); int certIdx = 0; BouncyCastleProvider bcProvider = new BouncyCastleProvider(); InputDecryptorProvider provider = new JcePKCSPBEInputDecryptorProviderBuilder().setProvider(bcProvider) .build(keyPass.toCharArray()); final List<Certificate> certs = new ArrayList<Certificate>(); PrivateKey key = null; PEMParser pemParser = new PEMParser(new StringReader(pemContent)); Object pemObj = null; while ((pemObj = pemParser.readObject()) != null) { logger.trace("Got PEM object: {}", pemObj); if (pemObj instanceof X509CertificateHolder) { X509CertificateHolder holder = (X509CertificateHolder) pemObj; X509Certificate certificate = new JcaX509CertificateConverter().setProvider(bcProvider) .getCertificate(holder); certs.add(certificate); Set<String> aliases = new HashSet<String>(); aliases.add("certificate" + certIdx); extractAliases(certificate, aliases); KeyStore.TrustedCertificateEntry ksEntry = new KeyStore.TrustedCertificateEntry(certificate); for (String alias : aliases) { ks.setEntry(alias, ksEntry, null); logger.trace("Storing trusted cert under alias: {}\n with DN: {}", alias, certificate.getSubjectDN().getName()); } certIdx++; } else if (pemObj instanceof PKCS8EncryptedPrivateKeyInfo) { PKCS8EncryptedPrivateKeyInfo keyInfo = (PKCS8EncryptedPrivateKeyInfo) pemObj; PrivateKeyInfo privateKeyInfo = null; try { privateKeyInfo = keyInfo.decryptPrivateKeyInfo(provider); } catch (PKCSException e) { throw new JHttpCException("Failed to decrypt key/certificate: %s", e, e.getMessage()); } key = new JcaPEMKeyConverter().getPrivateKey(privateKeyInfo); } else if (pemObj instanceof PEMEncryptedKeyPair) { PEMEncryptedKeyPair keyPair = (PEMEncryptedKeyPair) pemObj; PEMKeyPair decryptedKeyPair = keyPair .decryptKeyPair(new BcPEMDecryptorProvider(keyPass.toCharArray())); PrivateKeyInfo privateKeyInfo = decryptedKeyPair.getPrivateKeyInfo(); key = new JcaPEMKeyConverter().getPrivateKey(privateKeyInfo); } else { logger.trace("Got unrecognized PEM object: {} (class: {})", pemObj, (pemObj == null ? "NULL" : pemObj.getClass().getName())); } logger.trace("Got private key:\n{}\n", key); } if (key != null && !certs.isEmpty()) { logger.trace("Setting key entry: {}", key); ks.setKeyEntry(MonolithicKeyStrategy.KEY, key, keyPass.toCharArray(), certs.toArray(new Certificate[certs.size()])); } else { logger.warn("No private key found in PEM!"); } return ks; }