List of usage examples for org.bouncycastle.openssl.jcajce JcaMiscPEMGenerator JcaMiscPEMGenerator
public JcaMiscPEMGenerator(Object o, PEMEncryptor encryptor) throws IOException
From source file:com.joyent.manta.client.MantaClientAuthenticationChangeIT.java
License:Open Source License
private static void swapKeyContentPasswordness(final AuthAwareConfigContext config, final String password) throws IOException, NoSuchProviderException, NoSuchAlgorithmException { Validate.isTrue(config.getMantaKeyPath() == null, "Key path should be null when toggling key content password"); Validate.notBlank(config.getPrivateKeyContent(), "Key content should not be null"); if (password == null) { Validate.notNull(config.getPassword(), "Password removal requested but no password attached"); // removing password throw new AssertionError("Not yet implemented"); }/*from w w w . j a v a 2s . co m*/ // adding password // make sure the KeyPair is loaded before we try to serialize it with the provided password Assert.assertNotNull(config.getKeyPair()); final String keyAlgo = config.getKeyPair().getPrivate().getAlgorithm(); // we can only reliably password-protect a keypair if libnss is disabled OR it's an RSA key, otherwise just skip if (ExternalSecurityProviderLoader.getPkcs11Provider() == null || keyAlgo.equals("RSA")) { try (final StringWriter contentWriter = new StringWriter(); final JcaPEMWriter pemWriter = new JcaPEMWriter(contentWriter)) { final JcaMiscPEMGenerator keySerializer = new JcaMiscPEMGenerator(config.getKeyPair().getPrivate(), new JcePEMEncryptorBuilder("AES-128-CBC").setProvider("BC").build(password.toCharArray())); pemWriter.writeObject(keySerializer); pemWriter.flush(); config.setPrivateKeyContent(contentWriter.getBuffer().toString()); } } else { throw new SkipException(String.format( "Unsupported parameters for attaching passphrase: libnss enabled %s, key algorithm: %s", ExternalSecurityProviderLoader.getPkcs11Provider() != null, keyAlgo)); } config.setPassword(password); }
From source file:com.joyent.manta.config.TestConfigContext.java
License:Open Source License
/** * Some test cases need a direct reference to a KeyPair along with it's associated config. Manually calling * KeyPairFactory with a half-baked config can get cumbersome, so let's build a ConfigContext which has * everything ready and supplies the relevant KeyPair. * * @return the generated keypair and a config which uses a serialized version of that keypair */// w ww . j a v a2 s . c o m public static ImmutablePair<KeyPair, BaseChainedConfigContext> generateKeyPairBackedConfig( final String passphrase) { final KeyPair keyPair; try { keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair(); } catch (final NoSuchAlgorithmException impossible) { throw new Error(impossible); // "RSA" is always provided } final Object keySerializer; if (passphrase != null) { try { keySerializer = new JcaMiscPEMGenerator(keyPair.getPrivate(), new JcePEMEncryptorBuilder("AES-128-CBC").build(passphrase.toCharArray())); } catch (IOException e) { throw new RuntimeException(e); } } else { keySerializer = keyPair.getPrivate(); } final String keyContent; try (final StringWriter content = new StringWriter(); final JcaPEMWriter writer = new JcaPEMWriter(content)) { writer.writeObject(keySerializer); writer.flush(); keyContent = content.toString(); } catch (IOException e) { throw new RuntimeException(e); } final BaseChainedConfigContext config = new ChainedConfigContext(DEFAULT_CONFIG) // we need to unset the key path in case one exists at ~/.ssh/id_rsa // see the static initializer in DefaultsConfigContext .setMantaKeyPath(null).setPrivateKeyContent(keyContent) .setMantaKeyId(KeyFingerprinter.md5Fingerprint(keyPair)); if (passphrase != null) { config.setPassword(passphrase); } return new ImmutablePair<>(keyPair, config); }