List of usage examples for org.bouncycastle.openssl.jcajce JcaPEMKeyConverter JcaPEMKeyConverter
JcaPEMKeyConverter
From source file:net.jsign.PrivateKeyUtils.java
License:Apache License
private static PrivateKey readPrivateKeyPEM(File file, String password) throws IOException, GeneralSecurityException, OperatorCreationException, PKCSException { try (FileReader reader = new FileReader(file)) { PEMParser parser = new PEMParser(reader); Object object = parser.readObject(); if (object == null) { throw new IllegalArgumentException("No key found in " + file); }//from w w w.jav a 2 s . c o m BouncyCastleProvider provider = new BouncyCastleProvider(); JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider(provider); if (object instanceof PEMEncryptedKeyPair) { // PKCS1 encrypted key PEMDecryptorProvider decryptionProvider = new JcePEMDecryptorProviderBuilder().setProvider(provider) .build(password.toCharArray()); PEMKeyPair keypair = ((PEMEncryptedKeyPair) object).decryptKeyPair(decryptionProvider); return converter.getPrivateKey(keypair.getPrivateKeyInfo()); } else if (object instanceof PKCS8EncryptedPrivateKeyInfo) { // PKCS8 encrypted key InputDecryptorProvider decryptionProvider = new JceOpenSSLPKCS8DecryptorProviderBuilder() .setProvider(provider).build(password.toCharArray()); PrivateKeyInfo info = ((PKCS8EncryptedPrivateKeyInfo) object) .decryptPrivateKeyInfo(decryptionProvider); return converter.getPrivateKey(info); } else if (object instanceof PEMKeyPair) { // PKCS1 unencrypted key return converter.getKeyPair((PEMKeyPair) object).getPrivate(); } else if (object instanceof PrivateKeyInfo) { // PKCS8 unencrypted key return converter.getPrivateKey((PrivateKeyInfo) object); } else { throw new UnsupportedOperationException( "Unsupported PEM object: " + object.getClass().getSimpleName()); } } }
From source file:net.sf.portecle.crypto.KeyStoreUtil.java
License:Open Source License
/** * Load keystore entries from PEM reader into a new PKCS #12 keystore. The reader is not closed. * //from w w w.j a v a 2 s . c o m * @param reader reader to read entries from * @param pwFinder object to get passwords from on demand * @return new PKCS #12 keystore containing read entries, possibly empty * @throws CryptoException Problem encountered creating the keystore * @throws IOException An I/O error occurred */ public static KeyStore loadEntries(PEMParser reader, PasswordFinder pwFinder) throws CertificateException, CryptoException, IOException { LinkedHashSet<KeyPair> keyPairs = new LinkedHashSet<>(); LinkedHashSet<Certificate> certs = new LinkedHashSet<>(); KeyStore keyStore = createKeyStore(KeyStoreType.PKCS12); CertificateFactory cf = CertificateFactory.getInstance(X509CertUtil.X509_CERT_TYPE); JcaPEMKeyConverter keyConverter = new JcaPEMKeyConverter(); Object obj; while ((obj = reader.readObject()) != null) { if (obj instanceof PEMEncryptedKeyPair) { PEMDecryptorProvider decryptor = new JcePEMDecryptorProviderBuilder().build(pwFinder.getPassword()); obj = ((PEMEncryptedKeyPair) obj).decryptKeyPair(decryptor); } if (obj instanceof PEMKeyPair) { keyPairs.add(keyConverter.getKeyPair((PEMKeyPair) obj)); } else if (obj instanceof X509CertificateHolder) { ByteArrayInputStream bais = new ByteArrayInputStream(((X509CertificateHolder) obj).getEncoded()); certs.add(cf.generateCertificate(bais)); } } // Add key pairs for (KeyPair keyPair : keyPairs) { Certificate keyPairCert = null; for (Iterator<Certificate> it = certs.iterator(); it.hasNext();) { Certificate cert = it.next(); if (cert.getPublicKey().equals(keyPair.getPublic())) { keyPairCert = cert; it.remove(); break; } } if (keyPairCert != null) { String alias = "keypair"; if (keyPairCert instanceof X509Certificate) { alias = X509CertUtil.getCertificateAlias((X509Certificate) keyPairCert); } KeyStore.PrivateKeyEntry entry = new KeyStore.PrivateKeyEntry(keyPair.getPrivate(), new Certificate[] { keyPairCert }); KeyStore.PasswordProtection prot = new KeyStore.PasswordProtection(DUMMY_PASSWORD); try { alias = findUnusedAlias(keyStore, alias); keyStore.setEntry(alias, entry, prot); } catch (KeyStoreException e) { throw new CryptoException(e); } } } // Add remaining certificates as trusted certificate entries for (Certificate cert : certs) { String alias = "certificate"; if (cert instanceof X509Certificate) { alias = X509CertUtil.getCertificateAlias((X509Certificate) cert); } KeyStore.TrustedCertificateEntry entry = new KeyStore.TrustedCertificateEntry(cert); try { keyStore.setEntry(alias, entry, null); } catch (KeyStoreException e) { throw new CryptoException(e); } } return keyStore; }
From source file:net.sf.sahi.ssl.SSLHelper.java
License:Apache License
private PrivateKey readPrivateKey(String privateKeyPath) throws IOException { PEMKeyPair keyPair = (PEMKeyPair) new PEMParser(new FileReader(privateKeyPath)).readObject(); return new JcaPEMKeyConverter().getKeyPair(keyPair).getPrivate(); }
From source file:org.apache.brooklyn.util.core.crypto.SecureKeys.java
License:Apache License
/** reads RSA or DSA / pem style private key files (viz {@link #toPem(KeyPair)}), extracting also the public key if possible * @throws IllegalStateException on errors, in particular {@link PassphraseProblem} if that is the problem */ public static KeyPair readPem(InputStream input, final String passphrase) { // TODO cache is only for fallback "reader" strategy (2015-01); delete when Parser confirmed working byte[] cache = Streams.readFully(input); input = new ByteArrayInputStream(cache); try {//from w ww.j a va 2 s . c o m PEMParser pemParser = new PEMParser(new InputStreamReader(input)); Object object = pemParser.readObject(); pemParser.close(); JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC"); KeyPair kp = null; if (object == null) { throw new IllegalStateException("PEM parsing failed: missing or invalid data"); } else if (object instanceof PEMEncryptedKeyPair) { if (passphrase == null) throw new PassphraseProblem("passphrase required"); try { PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder() .build(passphrase.toCharArray()); kp = converter.getKeyPair(((PEMEncryptedKeyPair) object).decryptKeyPair(decProv)); } catch (Exception e) { Exceptions.propagateIfFatal(e); throw new PassphraseProblem("wrong passphrase", e); } } else if (object instanceof PEMKeyPair) { kp = converter.getKeyPair((PEMKeyPair) object); } else if (object instanceof PrivateKeyInfo) { PrivateKey privKey = converter.getPrivateKey((PrivateKeyInfo) object); kp = new KeyPair(null, privKey); } else { throw new IllegalStateException("PEM parser support missing for: " + object); } return kp; } catch (Exception e) { Exceptions.propagateIfFatal(e); // older code relied on PEMReader, now deprecated // replaced with above based on http://stackoverflow.com/questions/14919048/bouncy-castle-pemreader-pemparser // passes the same tests (Jan 2015) but leaving the old code as a fallback for the time being input = new ByteArrayInputStream(cache); try { Security.addProvider(new BouncyCastleProvider()); @SuppressWarnings("deprecation") org.bouncycastle.openssl.PEMReader pr = new org.bouncycastle.openssl.PEMReader( new InputStreamReader(input), new PasswordFinder() { public char[] getPassword() { return passphrase != null ? passphrase.toCharArray() : new char[0]; } }); @SuppressWarnings("deprecation") KeyPair result = (KeyPair) pr.readObject(); pr.close(); if (result == null) throw Exceptions.propagate(e); log.warn("PEMParser failed when deprecated PEMReader succeeded, with " + result + "; had: " + e); return result; } catch (Exception e2) { Exceptions.propagateIfFatal(e2); throw Exceptions.propagate(e); } } }
From source file:org.apache.camel.component.ssh.FileKeyPairProvider.java
License:Apache License
public KeyPair[] loadKeys() { if (!SecurityUtils.isBouncyCastleRegistered()) { throw new IllegalStateException("BouncyCastle must be registered as a JCE provider"); }//from w ww .java 2 s . c om List<KeyPair> keys = new ArrayList<KeyPair>(); for (int i = 0; i < files.length; i++) { try { PEMParser r = new PEMParser(new InputStreamReader(new FileInputStream(files[i]))); try { Object o = r.readObject(); JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter(); pemConverter.setProvider("BC"); if (passwordFinder != null && o instanceof PEMEncryptedKeyPair) { JcePEMDecryptorProviderBuilder decryptorBuilder = new JcePEMDecryptorProviderBuilder(); PEMDecryptorProvider pemDecryptor = decryptorBuilder.build(passwordFinder.getPassword()); o = pemConverter.getKeyPair(((PEMEncryptedKeyPair) o).decryptKeyPair(pemDecryptor)); } if (o instanceof PEMKeyPair) { o = pemConverter.getKeyPair((PEMKeyPair) o); keys.add((KeyPair) o); } else if (o instanceof KeyPair) { keys.add((KeyPair) o); } } finally { r.close(); } } catch (Exception e) { log.warn("Unable to read key {}: {}", files[i], e); } } return keys.toArray(new KeyPair[keys.size()]); }
From source file:org.apache.camel.component.ssh.ResourceHelperKeyPairProvider.java
License:Apache License
@Override protected KeyPair[] loadKeys() { if (!SecurityUtils.isBouncyCastleRegistered()) { throw new IllegalStateException("BouncyCastle must be registered as a JCE provider"); }//from w ww. j av a2s.c o m final List<KeyPair> keys = new ArrayList<KeyPair>(this.resources.length); for (String resource : resources) { PEMParser r = null; InputStreamReader isr = null; InputStream is = null; try { is = ResourceHelper.resolveMandatoryResourceAsInputStream(classResolver, resource); isr = new InputStreamReader(is); r = new PEMParser(isr); Object o = r.readObject(); JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter(); pemConverter.setProvider("BC"); if (passwordFinder != null && o instanceof PEMEncryptedKeyPair) { JcePEMDecryptorProviderBuilder decryptorBuilder = new JcePEMDecryptorProviderBuilder(); PEMDecryptorProvider pemDecryptor = decryptorBuilder.build(passwordFinder.getPassword()); o = pemConverter.getKeyPair(((PEMEncryptedKeyPair) o).decryptKeyPair(pemDecryptor)); } if (o instanceof PEMKeyPair) { o = pemConverter.getKeyPair((PEMKeyPair) o); keys.add((KeyPair) o); } else if (o instanceof KeyPair) { keys.add((KeyPair) o); } } catch (Exception e) { log.warn("Unable to read key", e); } finally { IoUtils.closeQuietly(r, is, isr); } } return keys.toArray(new KeyPair[keys.size()]); }
From source file:org.apache.james.jmap.crypto.PublicKeyReader.java
License:Apache License
private Optional<PublicKey> publicKeyFrom(PEMParser reader) { try {/*from w w w .j av a 2s . c o m*/ Object readPEM = reader.readObject(); if (readPEM instanceof SubjectPublicKeyInfo) { return Optional.of(new JcaPEMKeyConverter().getPublicKey((SubjectPublicKeyInfo) readPEM)); } return Optional.empty(); } catch (IOException e) { LOGGER.warn("Error when reading the PEM file", e); return Optional.empty(); } }
From source file:org.apache.james.jwt.PublicKeyReader.java
License:Apache License
private Optional<PublicKey> publicKeyFrom(PEMParser reader) { try {//from w ww . j a v a 2 s .c o m Object readPEM = reader.readObject(); if (readPEM instanceof SubjectPublicKeyInfo) { return Optional.of(new JcaPEMKeyConverter().getPublicKey((SubjectPublicKeyInfo) readPEM)); } LOGGER.warn("Key is not an instance of SubjectPublicKeyInfo but of " + readPEM); return Optional.empty(); } catch (IOException e) { LOGGER.warn("Error when reading the PEM file", e); return Optional.empty(); } }
From source file:org.apache.nifi.toolkit.tls.util.TlsHelper.java
License:Apache License
public static KeyPair parseKeyPair(Reader pemEncodedKeyPair) throws IOException { return new JcaPEMKeyConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME) .getKeyPair(parsePem(PEMKeyPair.class, pemEncodedKeyPair)); }
From source file:org.apache.nifi.toolkit.tls.util.TlsHelperTest.java
License:Apache License
public static KeyPair loadKeyPair(Reader reader) throws IOException { try (PEMParser pemParser = new PEMParser(reader)) { Object object = pemParser.readObject(); assertEquals(PEMKeyPair.class, object.getClass()); return new JcaPEMKeyConverter().getKeyPair((PEMKeyPair) object); }// w w w . j av a2s. co m }