List of usage examples for org.bouncycastle.openssl.jcajce JcaPEMKeyConverter getKeyPair
public KeyPair getKeyPair(PEMKeyPair keyPair) throws PEMException
From source file:org.jclouds.docker.suppliers.SSLContextBuilder.java
License:Apache License
private static PrivateKey getKey(String privateKey) { PEMParser pemParser = new PEMParser(new StringReader(privateKey)); try {/*w w w.j ava2 s. c o m*/ Object object = pemParser.readObject(); if (Security.getProvider("BC") == null) { Security.addProvider(new BouncyCastleProvider()); } JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC"); KeyPair keyPair = converter.getKeyPair((PEMKeyPair) object); return keyPair.getPrivate(); } catch (IOException ex) { throw new RuntimeException("Invalid private key", ex); } finally { Closeables2.closeQuietly(pemParser); } }
From source file:org.jclouds.docker.suppliers.SSLContextWithKeysSupplier.java
License:Apache License
private static PrivateKey getKey(String privateKey) { try {// ww w . j a v a2s .com PEMParser pemParser = new PEMParser(new StringReader(privateKey)); Object object = pemParser.readObject(); if (Security.getProvider("BC") == null) { Security.addProvider(new BouncyCastleProvider()); } JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC"); KeyPair keyPair = converter.getKeyPair((PEMKeyPair) object); return keyPair.getPrivate(); } catch (IOException ex) { throw new RuntimeException("Invalid private key", ex); } }
From source file:org.jivesoftware.util.CertificateManager.java
License:Open Source License
/** * Imports a new signed certificate and its private key into the keystore. The certificate input * stream may contain the signed certificate as well as its CA chain. * * @param keyStore key store where the certificate will be stored. * @param trustStore key store where ca certificates are stored. * @param keyPassword password of the keystore. * @param alias the alias of the the new signed certificate. * @param pkInputStream the stream containing the private key. * @param passPhrase is the password phrased used when creating the private key. * @param inputStream the stream containing the signed certificate. * @param trustCACerts true if certificates present in the truststore file will be used to verify the * identity of the entity signing the certificate. * @param validateRoot true if you want to verify that the root certificate in the chain can be trusted * based on the truststore./*from w w w. j ava 2 s. c o m*/ * @return true if the certificate was successfully imported. * @throws Exception if no certificates were found in the inputStream. */ public static boolean installCert(KeyStore keyStore, KeyStore trustStore, String keyPassword, String alias, InputStream pkInputStream, final String passPhrase, InputStream inputStream, boolean trustCACerts, boolean validateRoot) throws Exception { // Check that there is a certificate for the specified alias X509Certificate certificate = (X509Certificate) keyStore.getCertificate(alias); if (certificate != null) { Log.warn("Certificate already exists for alias: " + alias); return false; } PEMParser pemParser = new PEMParser(new InputStreamReader(pkInputStream)); Object object = pemParser.readObject(); PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(passPhrase.toCharArray()); JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC"); KeyPair kp; if (object instanceof PEMEncryptedKeyPair) { Log.debug("Encrypted key - we will use provided password"); kp = converter.getKeyPair(((PEMEncryptedKeyPair) object).decryptKeyPair(decProv)); } else { Log.debug("Unencrypted key - no password needed"); kp = converter.getKeyPair((PEMKeyPair) object); } PrivateKey privKey = kp.getPrivate(); // Load certificates found in the PEM input stream List<X509Certificate> certs = new ArrayList<X509Certificate>(); for (Certificate cert : CertificateFactory.getInstance("X509").generateCertificates(inputStream)) { certs.add((X509Certificate) cert); } if (certs.isEmpty()) { throw new Exception("No certificates were found"); } List<X509Certificate> newCerts; if (certs.size() == 1) { // Reply has only one certificate newCerts = establishCertChain(keyStore, trustStore, certificate, certs.get(0), trustCACerts); } else { // Reply has a chain of certificates newCerts = validateReply(keyStore, trustStore, alias, certificate, certs, trustCACerts, validateRoot); } if (newCerts != null) { keyStore.setKeyEntry(alias, privKey, keyPassword.toCharArray(), newCerts.toArray(new X509Certificate[newCerts.size()])); // Notify listeners that a new certificate has been created (and signed) for (CertificateEventListener listener : listeners) { try { listener.certificateCreated(keyStore, alias, certs.get(0)); if (newCerts.size() > 1) { listener.certificateSigned(keyStore, alias, newCerts); } } catch (Exception e) { Log.error(e.getMessage(), e); } } return true; } else { return false; } }
From source file:org.onosproject.netconf.ctl.impl.NetconfSessionMinaImpl.java
License:Apache License
@Deprecated private void startSession() throws IOException { final ConnectFuture connectFuture; connectFuture = client.connect(deviceInfo.name(), deviceInfo.ip().toString(), deviceInfo.port()) .verify(connectTimeout, TimeUnit.SECONDS); session = connectFuture.getSession(); //Using the device ssh key if possible if (deviceInfo.getKey() != null) { try (PEMParser pemParser = new PEMParser(new CharArrayReader(deviceInfo.getKey()))) { JcaPEMKeyConverter converter = new JcaPEMKeyConverter() .setProvider(BouncyCastleProvider.PROVIDER_NAME); try { KeyPair kp = converter.getKeyPair((PEMKeyPair) pemParser.readObject()); session.addPublicKeyIdentity(kp); } catch (IOException e) { throw new NetconfException("Failed to authenticate session with device " + deviceInfo + "check key to be a valid key", e); }//from w w w . j a va2 s. c om } } else { session.addPasswordIdentity(deviceInfo.password()); } session.auth().verify(connectTimeout, TimeUnit.SECONDS); Set<ClientSession.ClientSessionEvent> event = session .waitFor( ImmutableSet.of(ClientSession.ClientSessionEvent.WAIT_AUTH, ClientSession.ClientSessionEvent.CLOSED, ClientSession.ClientSessionEvent.AUTHED), 0); if (!event.contains(ClientSession.ClientSessionEvent.AUTHED)) { log.debug("Session closed {} {}", event, session.isClosed()); throw new NetconfException( "Failed to authenticate session with device " + deviceInfo + "check the user/pwd or key"); } openChannel(); }
From source file:org.pepstock.jem.node.security.Crypto.java
License:Open Source License
/** * Loads a private key from a file, using password and file passed ar argument * /*from ww w . j a v a 2s. com*/ * @param pemKeyFile is the pem file of the RSA private key of the user. * @param password the password of the private key if the private key is * protected by a password, null otherwise * @return the private Key read from pem file * @throws KeyException if any Exception occurs while extracting private key * @throws MessageException if any Exception occurs while extracting private key */ public static Key loadPrivateKeyFromFile(File pemKeyFile, String password) throws MessageException, KeyException { try { // checks if the provider is loaded. // if not, it adds BouncyCastle as provider if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) { Security.addProvider(new BouncyCastleProvider()); } // private key file in PEM format, from file PEMParser pemParser = new PEMParser( new InputStreamReader(new FileInputStream(pemKeyFile), CharSet.DEFAULT)); // reads the object and close the parser and input stream Object object = pemParser.readObject(); pemParser.close(); // creates a key converter by BouncyCastle JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME); // gets key pair instance KeyPair kp; // if is a PEM if (object instanceof PEMEncryptedKeyPair) { if (password == null) { throw new MessageException(NodeMessage.JEMC205E); } // uses the PEM decryptor using password PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(password.toCharArray()); kp = converter.getKeyPair(((PEMEncryptedKeyPair) object).decryptKeyPair(decProv)); } else { // if here, the key it's protected by password LogAppl.getInstance().emit(NodeMessage.JEMC199W); kp = converter.getKeyPair((PEMKeyPair) object); } return kp.getPrivate(); } catch (FileNotFoundException e) { throw new KeyException(e.getMessage(), e); } catch (PEMException e) { throw new KeyException(e.getMessage(), e); } catch (IOException e) { throw new KeyException(e.getMessage(), e); } }
From source file:org.robotbrains.examples.mqtt.subscriber.SslCertificateSubscriberMqttExample.java
License:Apache License
/** * Create an SSL socket factory./*ww w.ja va 2 s .co m*/ * * @param credentials * the security credentials * * @return the socket factory. * * @throws Exception * something bad happened */ public static SSLSocketFactory configureSSLSocketFactory(Properties credentials) throws Exception { Security.addProvider(new BouncyCastleProvider()); JcaX509CertificateConverter certificateConverter = new JcaX509CertificateConverter().setProvider("BC"); String caCrtFile = credentials.getProperty("mqtt.ca.crt"); // load CA certificate PEMParser reader = new PEMParser( new InputStreamReader(new ByteArrayInputStream(Files.readAllBytes(Paths.get(caCrtFile))))); X509Certificate caCert = certificateConverter.getCertificate((X509CertificateHolder) reader.readObject()); reader.close(); // load client certificate String crtFile = credentials.getProperty("mqtt.client.crt"); reader = new PEMParser( new InputStreamReader(new ByteArrayInputStream(Files.readAllBytes(Paths.get(crtFile))))); X509Certificate cert = certificateConverter.getCertificate((X509CertificateHolder) reader.readObject()); reader.close(); // load client private key JcaPEMKeyConverter keyConverter = new JcaPEMKeyConverter().setProvider("BC"); String keyFile = credentials.getProperty("mqtt.client.key"); reader = new PEMParser( new InputStreamReader(new ByteArrayInputStream(Files.readAllBytes(Paths.get(keyFile))))); KeyPair key = keyConverter.getKeyPair((PEMKeyPair) reader.readObject()); reader.close(); // CA certificate is used to authenticate server KeyStore caKs = KeyStore.getInstance(KeyStore.getDefaultType()); caKs.load(null, null); caKs.setCertificateEntry("ca-certificate", caCert); TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(caKs); // client key and certificates are sent to server so it can authenticate // us KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(null, null); ks.setCertificateEntry("certificate", cert); // This assumes that the client key is not password protected. We need a // password, but it could be anything. char[] password = "password".toCharArray(); ks.setKeyEntry("private-key", key.getPrivate(), password, new java.security.cert.Certificate[] { cert }); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(ks, password); // finally, create SSL socket factory SSLContext context = SSLContext.getInstance("TLS"); context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); return context.getSocketFactory(); }
From source file:org.thingsboard.gateway.extensions.mqtt.client.conf.credentials.CertPemClientCredentials.java
License:Apache License
private KeyManagerFactory createAndInitKeyManagerFactory() throws Exception { X509Certificate certHolder = certificateConverter.getCertificate((X509CertificateHolder) readPEMFile(cert)); Object keyObject = readPEMFile(privateKey); char[] passwordCharArray = "".toCharArray(); if (!StringUtils.isEmpty(password)) { passwordCharArray = password.toCharArray(); }// www. j ava 2 s.c o m JcaPEMKeyConverter keyConverter = new JcaPEMKeyConverter().setProvider("BC"); KeyPair key; if (keyObject instanceof PEMEncryptedKeyPair) { PEMDecryptorProvider provider = new JcePEMDecryptorProviderBuilder().build(passwordCharArray); key = keyConverter.getKeyPair(((PEMEncryptedKeyPair) keyObject).decryptKeyPair(provider)); } else { key = keyConverter.getKeyPair((PEMKeyPair) keyObject); } KeyStore clientKeyStore = KeyStore.getInstance(KeyStore.getDefaultType()); clientKeyStore.load(null, null); clientKeyStore.setCertificateEntry("cert", certHolder); clientKeyStore.setKeyEntry("private-key", key.getPrivate(), passwordCharArray, new Certificate[] { certHolder }); KeyManagerFactory keyManagerFactory = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(clientKeyStore, passwordCharArray); return keyManagerFactory; }
From source file:org.thingsboard.rule.engine.mqtt.credentials.CertPemClientCredentials.java
License:Apache License
private KeyManagerFactory createAndInitKeyManagerFactory() throws Exception { X509Certificate certHolder = readCertFile(cert); Object keyObject = readPrivateKeyFile(privateKey); char[] passwordCharArray = "".toCharArray(); if (!StringUtils.isEmpty(password)) { passwordCharArray = password.toCharArray(); }/*from w ww .ja va2s .co m*/ JcaPEMKeyConverter keyConverter = new JcaPEMKeyConverter().setProvider("BC"); PrivateKey privateKey; if (keyObject instanceof PEMEncryptedKeyPair) { PEMDecryptorProvider provider = new JcePEMDecryptorProviderBuilder().build(passwordCharArray); KeyPair key = keyConverter.getKeyPair(((PEMEncryptedKeyPair) keyObject).decryptKeyPair(provider)); privateKey = key.getPrivate(); } else if (keyObject instanceof PEMKeyPair) { KeyPair key = keyConverter.getKeyPair((PEMKeyPair) keyObject); privateKey = key.getPrivate(); } else if (keyObject instanceof PrivateKey) { privateKey = (PrivateKey) keyObject; } else { throw new RuntimeException("Unable to get private key from object: " + keyObject.getClass()); } KeyStore clientKeyStore = KeyStore.getInstance(KeyStore.getDefaultType()); clientKeyStore.load(null, null); clientKeyStore.setCertificateEntry("cert", certHolder); clientKeyStore.setKeyEntry("private-key", privateKey, passwordCharArray, new Certificate[] { certHolder }); KeyManagerFactory keyManagerFactory = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(clientKeyStore, passwordCharArray); return keyManagerFactory; }
From source file:pv181.jca.Globals.java
/** * Reads key from PEM file. Able to read both encrypted and plain keys. * @param s//from w w w .j av a 2 s. com * @param password * @return * @throws IOException */ public static KeyPair readKeyFromPEM(InputStream s, String password) throws IOException { // This is PEM decryptor in a case where key is stored in ecnrypted form PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder() .build(password == null ? null : password.toCharArray()); // PEM key converter converts PEMKeyPair type to KeyPair JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider(PROVIDER); // Read the object itself from the PEM file Object obj = readPEM(s); if (obj instanceof PEMEncryptedKeyPair) { return converter.getKeyPair(((PEMEncryptedKeyPair) obj).decryptKeyPair(decProv)); } else { return converter.getKeyPair((PEMKeyPair) obj); } }
From source file:uk.co.develop4.security.utils.decoders.DecoderUtils.java
License:Apache License
private static KeyPair getKeyPairFromOpenSslPemFile(String fileName, String passphrase, String providerName) throws IOException { Reader fRd = null;//from w w w . j av a 2 s . c om PEMParser pemParser = null; KeyPair keypair = null; try { JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider(providerName); PEMDecryptorProvider pemProv = new JcePEMDecryptorProviderBuilder().setProvider(providerName) .build(passphrase.toCharArray()); InputDecryptorProvider pkcs8Prov = new JceOpenSSLPKCS8DecryptorProviderBuilder() .build(passphrase.toCharArray()); //res = this.getClass().getResourceAsStream(fileName); File file = DecoderUtils.isFile(fileName); FileReader fr = new FileReader(file); fRd = new BufferedReader(fr); pemParser = new PEMParser(fRd); Object obj = pemParser.readObject(); if (obj instanceof PEMEncryptedKeyPair) { keypair = converter.getKeyPair(((PEMEncryptedKeyPair) obj).decryptKeyPair(pemProv)); } else if (obj instanceof PKCS8EncryptedPrivateKeyInfo) { keypair = new KeyPair(null, converter .getPrivateKey(((PKCS8EncryptedPrivateKeyInfo) obj).decryptPrivateKeyInfo(pkcs8Prov))); } else if (obj instanceof SubjectPublicKeyInfo) { keypair = new KeyPair((PublicKey) converter.getPublicKey((SubjectPublicKeyInfo) obj), null); } else if (obj instanceof X509CertificateHolder) { SubjectPublicKeyInfo sub = (SubjectPublicKeyInfo) ((X509CertificateHolder) obj) .getSubjectPublicKeyInfo(); keypair = new KeyPair((PublicKey) converter.getPublicKey((SubjectPublicKeyInfo) sub), null); } else { keypair = converter.getKeyPair((PEMKeyPair) obj); } } catch (Exception ex) { ex.printStackTrace(); } finally { pemParser.close(); } return keypair; }