List of usage examples for org.bouncycastle.openssl.jcajce JcaPEMKeyConverter JcaPEMKeyConverter
JcaPEMKeyConverter
From source file:SampleStore.java
License:Open Source License
static PrivateKey getPrivateKeyFromBytes(byte[] data) throws IOException, NoSuchProviderException, NoSuchAlgorithmException, InvalidKeySpecException { final Reader pemReader = new StringReader(new String(data)); final PrivateKeyInfo pemPair; try (PEMParser pemParser = new PEMParser(pemReader)) { pemPair = (PrivateKeyInfo) pemParser.readObject(); }/* ww w . ja v a 2 s. c o m*/ PrivateKey privateKey = new JcaPEMKeyConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME) .getPrivateKey(pemPair); return privateKey; }
From source file:ai.susi.SusiServer.java
License:Open Source License
private static void setupHttpServer(int httpPort, int httpsPort) throws Exception { QueuedThreadPool pool = new QueuedThreadPool(); pool.setMaxThreads(500);//from w ww. ja va 2s . com SusiServer.server = new Server(pool); SusiServer.server.setStopAtShutdown(true); //http if (!httpsMode.equals(HttpsMode.ONLY)) { HttpConfiguration http_config = new HttpConfiguration(); if (httpsMode.equals(HttpsMode.REDIRECT)) { //redirect http_config.addCustomizer(new SecureRequestCustomizer()); http_config.setSecureScheme("https"); http_config.setSecurePort(httpsPort); } ServerConnector connector = new ServerConnector(SusiServer.server); connector.addConnectionFactory(new HttpConnectionFactory(http_config)); connector.setPort(httpPort); connector.setName("httpd:" + httpPort); connector.setIdleTimeout(20000); // timout in ms when no bytes send / received SusiServer.server.addConnector(connector); } //https //uncommented lines for http2 (jetty 9.3 / java 8) if (httpsMode.isGreaterOrEqualTo(HttpsMode.ON)) { Log.getLog().info("HTTPS activated"); String keySource = DAO.getConfig("https.keysource", "keystore"); KeyStore keyStore; String keystoreManagerPass; //check for key source. Can be a java keystore or in pem format (gets converted automatically) if ("keystore".equals(keySource)) { Log.getLog().info("Loading keystore from disk"); //use native keystore format File keystoreFile = new File(DAO.conf_dir, DAO.getConfig("keystore.name", "keystore.jks")); if (!keystoreFile.exists() || !keystoreFile.isFile() || !keystoreFile.canRead()) { throw new Exception("Could not find keystore"); } keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(new FileInputStream(keystoreFile.getAbsolutePath()), DAO.getConfig("keystore.password", "").toCharArray()); keystoreManagerPass = DAO.getConfig("keystore.password", ""); } else if ("key-cert".equals(keySource)) { Log.getLog().info("Importing keystore from key/cert files"); //use more common pem format as used by openssl //generate random password char[] chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789".toCharArray(); StringBuilder sb = new StringBuilder(); Random random = new Random(); for (int i = 0; i < 20; i++) { char c = chars[random.nextInt(chars.length)]; sb.append(c); } String password = keystoreManagerPass = sb.toString(); //get key and cert File keyFile = new File(DAO.getConfig("https.key", "")); if (!keyFile.exists() || !keyFile.isFile() || !keyFile.canRead()) { throw new Exception("Could not find key file"); } File certFile = new File(DAO.getConfig("https.cert", "")); if (!certFile.exists() || !certFile.isFile() || !certFile.canRead()) { throw new Exception("Could not find cert file"); } Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); byte[] keyBytes = Files.readAllBytes(keyFile.toPath()); byte[] certBytes = Files.readAllBytes(certFile.toPath()); PEMParser parser = new PEMParser(new InputStreamReader(new ByteArrayInputStream(certBytes))); X509Certificate cert = new JcaX509CertificateConverter().setProvider("BC") .getCertificate((X509CertificateHolder) parser.readObject()); parser = new PEMParser(new InputStreamReader(new ByteArrayInputStream(keyBytes))); PrivateKey key = new JcaPEMKeyConverter().setProvider("BC") .getPrivateKey((PrivateKeyInfo) parser.readObject()); keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(null, null); keyStore.setCertificateEntry(cert.getSubjectX500Principal().getName(), cert); keyStore.setKeyEntry("defaultKey", key, password.toCharArray(), new Certificate[] { cert }); Log.getLog().info("Successfully imported keystore from key/cert files"); } else { throw new Exception("Invalid option for https.keysource"); } HttpConfiguration https_config = new HttpConfiguration(); https_config.addCustomizer(new SecureRequestCustomizer()); HttpConnectionFactory http1 = new HttpConnectionFactory(https_config); //HTTP2ServerConnectionFactory http2 = new HTTP2ServerConnectionFactory(https_config); //NegotiatingServerConnectionFactory.checkProtocolNegotiationAvailable(); //ALPNServerConnectionFactory alpn = new ALPNServerConnectionFactory(); //alpn.setDefaultProtocol(http1.getProtocol()); SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setKeyStore(keyStore); sslContextFactory.setKeyManagerPassword(keystoreManagerPass); //sslContextFactory.setCipherComparator(HTTP2Cipher.COMPARATOR); //sslContextFactory.setUseCipherSuitesOrder(true); //SslConnectionFactory ssl = new SslConnectionFactory(sslContextFactory, alpn.getProtocol()); SslConnectionFactory ssl = new SslConnectionFactory(sslContextFactory, "http/1.1"); //ServerConnector sslConnector = new ServerConnector(LoklakServer.server, ssl, alpn, http2, http1); ServerConnector sslConnector = new ServerConnector(SusiServer.server, ssl, http1); sslConnector.setPort(httpsPort); sslConnector.setName("httpd:" + httpsPort); sslConnector.setIdleTimeout(20000); // timout in ms when no bytes send / received SusiServer.server.addConnector(sslConnector); } }
From source file:bft.BFTNode.java
private PrivateKey getPemPrivateKey(String filename) throws IOException { BufferedReader br = new BufferedReader(new FileReader(filename)); PEMParser pp = new PEMParser(br); Object obj = pp.readObject(); pp.close();/*www .ja v a2 s. c om*/ br.close(); if (obj instanceof PrivateKeyInfo) { PrivateKeyInfo keyInfo = (PrivateKeyInfo) obj; return (new JcaPEMKeyConverter().getPrivateKey(keyInfo)); } else { PEMKeyPair pemKeyPair = (PEMKeyPair) obj; KeyPair kp = new JcaPEMKeyConverter().getKeyPair(pemKeyPair); return kp.getPrivate(); } }
From source file:bft.TestSignatures.java
private static PrivateKey getPemPrivateKey(String filename) throws IOException { BufferedReader br = new BufferedReader(new FileReader(filename)); //Security.addProvider(new BouncyCastleProvider()); PEMParser pp = new PEMParser(br); PEMKeyPair pemKeyPair = (PEMKeyPair) pp.readObject(); KeyPair kp = new JcaPEMKeyConverter().getKeyPair(pemKeyPair); pp.close();/*from w w w . ja v a 2s.com*/ br.close(); return kp.getPrivate(); //samlResponse.sign(Signature.getInstance("SHA1withRSA").toString(), kp.getPrivate(), certs); }
From source file:ch.uzh.fabric.config.SampleStore.java
License:Open Source License
static PrivateKey getPrivateKeyFromBytes(byte[] data) throws IOException, NoSuchProviderException, NoSuchAlgorithmException, InvalidKeySpecException { final PEMParser pemParser = new PEMParser(new StringReader(new String(data))); PrivateKeyInfo pemPair = (PrivateKeyInfo) pemParser.readObject(); PrivateKey privateKey = new JcaPEMKeyConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME) .getPrivateKey(pemPair);/* w ww. j a va 2s. c om*/ return privateKey; }
From source file:co.lqnt.lockbox.key.PrivateKey.java
License:Open Source License
/** * Get the JCE private key./* w ww. j a va 2 s . com*/ * * @return The JCE private key. */ public java.security.PrivateKey jcePrivateKey() { JcaPEMKeyConverter keyConverter = new JcaPEMKeyConverter(); keyConverter.setProvider(new BouncyCastleProvider()); return this.jcePrivateKey(keyConverter); }
From source file:co.lqnt.lockbox.key.PublicKey.java
License:Open Source License
/** * Get the JCE public key./*from ww w. j a v a 2 s . c o m*/ * * @return The JCE public key. */ public java.security.PublicKey jcePublicKey() { JcaPEMKeyConverter keyConverter = new JcaPEMKeyConverter(); keyConverter.setProvider(new BouncyCastleProvider()); return this.jcePublicKey(keyConverter); }
From source file:com.amazonaws.services.iot.demo.danbo.rpi.SslUtil.java
License:Open Source License
public static SSLSocketFactory getSslSocketFactory(final String caCrtFile, final String crtFile, final String keyFile, final String password) throws InvalidPathException, IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException, KeyManagementException, Exception { Security.addProvider(new BouncyCastleProvider()); // load CA certificate PEMParser parser = new PEMParser( new InputStreamReader(new ByteArrayInputStream(Files.readAllBytes(Paths.get(caCrtFile))))); X509CertificateHolder caCert = (X509CertificateHolder) parser.readObject(); parser.close();/*from ww w. j a v a 2s . co m*/ // load client certificate parser = new PEMParser( new InputStreamReader(new ByteArrayInputStream(Files.readAllBytes(Paths.get(crtFile))))); X509CertificateHolder cert = (X509CertificateHolder) parser.readObject(); parser.close(); // load client private key parser = new PEMParser( new InputStreamReader(new ByteArrayInputStream(Files.readAllBytes(Paths.get(keyFile))))); Object obj = parser.readObject(); KeyPair key = null; JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC"); if (obj instanceof PEMEncryptedKeyPair) { PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(password.toCharArray()); converter = new JcaPEMKeyConverter().setProvider("BC"); key = converter.getKeyPair(((PEMEncryptedKeyPair) obj).decryptKeyPair(decProv)); } else { key = converter.getKeyPair((PEMKeyPair) obj); } parser.close(); JcaX509CertificateConverter certConverter = new JcaX509CertificateConverter(); certConverter.setProvider("BC"); // CA certificate is used to authenticate server KeyStore caKs = KeyStore.getInstance(KeyStore.getDefaultType()); caKs.load(null, null); caKs.setCertificateEntry("ca-certificate", certConverter.getCertificate(caCert)); TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(caKs); // Client key and certificates are sent to server so it can authenticate // us KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(null, null); ks.setCertificateEntry("certificate", certConverter.getCertificate(cert)); ks.setKeyEntry("private-key", key.getPrivate(), password.toCharArray(), new java.security.cert.Certificate[] { certConverter.getCertificate(cert) }); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(ks, password.toCharArray()); // Finally, create SSL socket factory SSLContext context = SSLContext.getInstance("TLSv1.2"); context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); return context.getSocketFactory(); }
From source file:com.facebook.delegatedrecovery.DelegatedRecoveryUtils.java
License:Open Source License
/** * Loads a private key on the P-256 curve from a PEM file of the type created * by openssl ecparam -name prime256v1 -genkey -noout -out filename * /* www. j a va 2s. co m*/ * @param filename The filename of the pem file * @return an EC key pair * @throws Exception If the file fails to read or parse. */ public static KeyPair keyPairFromPEMFile(final String filename) throws Exception { final Reader reader = new InputStreamReader(new FileInputStream(filename), StandardCharsets.UTF_8); final PEMParser pemParser = new PEMParser(reader); final KeyPair kp = new JcaPEMKeyConverter().getKeyPair((PEMKeyPair) pemParser.readObject()); pemParser.close(); return kp; }
From source file:com.facebook.delegatedrecovery.DelegatedRecoveryUtils.java
License:Open Source License
/** * As keyPairFromPEMFile but with a string instead of a file * /*from w w w.j a va2s. c om*/ * @param key The key from a PEM file as a string * @return an EC key pair * @throws Exception If the string failes to parse. */ public static KeyPair keyPairFromPEMString(final String key) throws Exception { final StringBuilder pem = new StringBuilder(300); pem.append(BEGIN_EC_PRIVATE_KEY + "\n"); for (int i = 0; i < key.length(); i++) { pem.append(key.charAt(i)); if ((i + 1) % 64 == 0) { pem.append("\n"); } } pem.append("\n" + END_EC_PRIVATE_KEY + "\n"); final StringReader reader = new StringReader(pem.toString()); final PEMParser pemParser = new PEMParser(reader); final KeyPair kp = new JcaPEMKeyConverter().getKeyPair((PEMKeyPair) pemParser.readObject()); pemParser.close(); return kp; }