List of usage examples for org.bouncycastle.openssl.jcajce JcaPEMKeyConverter JcaPEMKeyConverter
JcaPEMKeyConverter
From source file:org.apache.pulsar.client.impl.MessageCrypto.java
License:Apache License
private PublicKey loadPublicKey(byte[] keyBytes) throws Exception { Reader keyReader = new StringReader(new String(keyBytes)); PublicKey publicKey = null;//w w w .j a va2 s.c o m try (org.bouncycastle.openssl.PEMParser pemReader = new org.bouncycastle.openssl.PEMParser(keyReader)) { Object pemObj = pemReader.readObject(); JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter(); SubjectPublicKeyInfo keyInfo = null; X9ECParameters ecParam = null; if (pemObj instanceof ASN1ObjectIdentifier) { // make sure this is EC Parameter we're handling. In which case // we'll store it and read the next object which should be our // EC Public Key ASN1ObjectIdentifier ecOID = (ASN1ObjectIdentifier) pemObj; ecParam = ECNamedCurveTable.getByOID(ecOID); if (ecParam == null) { throw new PEMException("Unable to find EC Parameter for the given curve oid: " + ((ASN1ObjectIdentifier) pemObj).getId()); } pemObj = pemReader.readObject(); } else if (pemObj instanceof X9ECParameters) { ecParam = (X9ECParameters) pemObj; pemObj = pemReader.readObject(); } if (pemObj instanceof org.bouncycastle.cert.X509CertificateHolder) { keyInfo = ((org.bouncycastle.cert.X509CertificateHolder) pemObj).getSubjectPublicKeyInfo(); } else { keyInfo = (SubjectPublicKeyInfo) pemObj; } publicKey = pemConverter.getPublicKey(keyInfo); if (ecParam != null && ECDSA.equals(publicKey.getAlgorithm())) { ECParameterSpec ecSpec = new ECParameterSpec(ecParam.getCurve(), ecParam.getG(), ecParam.getN(), ecParam.getH(), ecParam.getSeed()); KeyFactory keyFactory = KeyFactory.getInstance(ECDSA, BouncyCastleProvider.PROVIDER_NAME); ECPublicKeySpec keySpec = new ECPublicKeySpec(((BCECPublicKey) publicKey).getQ(), ecSpec); publicKey = (PublicKey) keyFactory.generatePublic(keySpec); } } catch (IOException | NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException e) { throw new Exception(e); } return publicKey; }
From source file:org.apache.pulsar.client.impl.MessageCrypto.java
License:Apache License
private PrivateKey loadPrivateKey(byte[] keyBytes) throws Exception { Reader keyReader = new StringReader(new String(keyBytes)); PrivateKey privateKey = null; try (PEMParser pemReader = new PEMParser(keyReader)) { X9ECParameters ecParam = null;/*from w w w. j a va2s . c o m*/ Object pemObj = pemReader.readObject(); if (pemObj instanceof ASN1ObjectIdentifier) { // make sure this is EC Parameter we're handling. In which case // we'll store it and read the next object which should be our // EC Private Key ASN1ObjectIdentifier ecOID = (ASN1ObjectIdentifier) pemObj; ecParam = ECNamedCurveTable.getByOID(ecOID); if (ecParam == null) { throw new PEMException("Unable to find EC Parameter for the given curve oid: " + ecOID.getId()); } pemObj = pemReader.readObject(); } else if (pemObj instanceof X9ECParameters) { ecParam = (X9ECParameters) pemObj; pemObj = pemReader.readObject(); } if (pemObj instanceof PEMKeyPair) { PrivateKeyInfo pKeyInfo = ((PEMKeyPair) pemObj).getPrivateKeyInfo(); JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter(); privateKey = pemConverter.getPrivateKey(pKeyInfo); } // if our private key is EC type and we have parameters specified // then we need to set it accordingly if (ecParam != null && ECDSA.equals(privateKey.getAlgorithm())) { ECParameterSpec ecSpec = new ECParameterSpec(ecParam.getCurve(), ecParam.getG(), ecParam.getN(), ecParam.getH(), ecParam.getSeed()); KeyFactory keyFactory = KeyFactory.getInstance(ECDSA, BouncyCastleProvider.PROVIDER_NAME); ECPrivateKeySpec keySpec = new ECPrivateKeySpec(((BCECPrivateKey) privateKey).getS(), ecSpec); privateKey = (PrivateKey) keyFactory.generatePrivate(keySpec); } } catch (IOException e) { throw new Exception(e); } return privateKey; }
From source file:org.apache.sshd.common.util.security.bouncycastle.BouncyCastleKeyPairResourceParser.java
License:Apache License
public static KeyPair loadKeyPair(String resourceKey, InputStream inputStream, FilePasswordProvider provider) throws IOException, GeneralSecurityException { try (PEMParser r = new PEMParser(new InputStreamReader(inputStream, StandardCharsets.UTF_8))) { Object o = r.readObject(); JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter(); pemConverter.setProvider(SecurityUtils.BOUNCY_CASTLE); if (o instanceof PEMEncryptedKeyPair) { ValidateUtils.checkNotNull(provider, "No password provider for resource=%s", resourceKey); String password = ValidateUtils.checkNotNullAndNotEmpty(provider.getPassword(resourceKey), "No password provided for resource=%s", resourceKey); JcePEMDecryptorProviderBuilder decryptorBuilder = new JcePEMDecryptorProviderBuilder(); PEMDecryptorProvider pemDecryptor = decryptorBuilder.build(password.toCharArray()); o = ((PEMEncryptedKeyPair) o).decryptKeyPair(pemDecryptor); }//from ww w. j av a 2 s. c o m if (o instanceof PEMKeyPair) { return pemConverter.getKeyPair((PEMKeyPair) o); } else if (o instanceof KeyPair) { return (KeyPair) o; } else { throw new IOException("Failed to read " + resourceKey + " - unknown result object: " + o); } } }
From source file:org.bitrepository.protocol.security.BasicSecurityManager.java
License:Open Source License
/** * Attempts to load the pillars private key and certificate from a PEM formatted file. * @param privateKeyFile, path to the file containing the components private key and certificate, may be null * @throws IOException if the file cannot be found or read. * @throws KeyStoreException if there is problems with adding the privateKeyEntry to keyStore * @throws CertificateException //from ww w.j a va 2 s .c o m */ private void loadPrivateKey(String privateKeyFile) throws IOException, KeyStoreException, CertificateException { PrivateKey privKey = null; X509Certificate privCert = null; if (!(new File(privateKeyFile)).isFile()) { log.info("Key file '" + privateKeyFile + "' with private key and certificate does not exist!"); return; } BufferedReader bufferedReader = new BufferedReader(new FileReader(privateKeyFile)); PEMParser pemParser = new PEMParser(bufferedReader); Object pemObj = pemParser.readObject(); while (pemObj != null) { if (pemObj instanceof X509Certificate) { log.debug("Certificate for PrivateKeyEntry found"); privCert = (X509Certificate) pemObj; } else if (pemObj instanceof PrivateKey) { log.debug("Key for PrivateKeyEntry found"); privKey = (PrivateKey) pemObj; } else if (pemObj instanceof X509CertificateHolder) { log.debug("X509CertificateHolder found"); privCert = new JcaX509CertificateConverter().setProvider("BC") .getCertificate((X509CertificateHolder) pemObj); } else if (pemObj instanceof PrivateKeyInfo) { log.debug("PrivateKeyInfo found"); PrivateKeyInfo pki = (PrivateKeyInfo) pemObj; JcaPEMKeyConverter converter = new JcaPEMKeyConverter(); privKey = converter.getPrivateKey(pki); } else { log.debug("Got something, that we don't (yet) recognize. Class: " + pemObj.getClass().getSimpleName()); } pemObj = pemParser.readObject(); } pemParser.close(); if (privKey == null || privCert == null) { log.info("No material to create private key entry found!"); } else { privCert.checkValidity(); privateKeyEntry = new PrivateKeyEntry(privKey, new Certificate[] { privCert }); keyStore.setEntry(SecurityModuleConstants.privateKeyAlias, privateKeyEntry, new KeyStore.PasswordProtection(defaultPassword.toCharArray())); } }
From source file:org.candlepin.pki.PrivateKeyReaderTest.java
License:Open Source License
@Test public void testReadUnencryptedPKCS8() throws Exception { String keyFile = "keys/pkcs8-unencrypted.pem"; try (InputStream keyStream = cl.getResourceAsStream(keyFile); Reader expectedReader = new InputStreamReader(cl.getResourceAsStream(keyFile));) { PrivateKey actualKey = new PrivateKeyReader().read(keyStream, null); PrivateKeyInfo expected = (PrivateKeyInfo) new PEMParser(expectedReader).readObject(); PrivateKey expectedKey = new JcaPEMKeyConverter().setProvider(BC_PROVIDER).getPrivateKey(expected); assertEquals(actualKey, expectedKey); }/* w ww. j a v a2 s. c o m*/ }
From source file:org.candlepin.pki.PrivateKeyReaderTest.java
License:Open Source License
/** * Currently fails due to a bug in OpenJDK: https://bugs.openjdk.java.net/browse/JDK-8076999 *///w ww . j ava 2s .c om @Test @Ignore public void testReadEncryptedPKCS8() throws Exception { String keyFile = "keys/pkcs8-aes256-encrypted.pem"; try (InputStream keyStream = cl.getResourceAsStream(keyFile); Reader expectedReader = new InputStreamReader(cl.getResourceAsStream(keyFile));) { PrivateKey actualKey = new PrivateKeyReader().read(keyStream, "password"); PKCS8EncryptedPrivateKeyInfo expected = (PKCS8EncryptedPrivateKeyInfo) new PEMParser(expectedReader) .readObject(); // the PBE in JcePKCSPBEInputDecryptorProviderBuilder stands for "password based encryption" InputDecryptorProvider provider = new JcePKCSPBEInputDecryptorProviderBuilder().setProvider(BC_PROVIDER) .build(PASSWORD); PrivateKeyInfo decryptedInfo = expected.decryptPrivateKeyInfo(provider); PrivateKey expectedKey = new JcaPEMKeyConverter().setProvider(BC_PROVIDER).getPrivateKey(decryptedInfo); assertEquals(actualKey, expectedKey); } }
From source file:org.candlepin.pki.PrivateKeyReaderTest.java
License:Open Source License
@Test public void testReadPKCS1() throws Exception { String keyFile = "keys/pkcs1-unencrypted.pem"; try (InputStream keyStream = cl.getResourceAsStream(keyFile); Reader expectedReader = new InputStreamReader(cl.getResourceAsStream(keyFile));) { PrivateKey actualKey = new PrivateKeyReader().read(keyStream, null); PEMKeyPair expected = (PEMKeyPair) new PEMParser(expectedReader).readObject(); PrivateKey expectedKey = new JcaPEMKeyConverter().setProvider(BC_PROVIDER).getKeyPair(expected) .getPrivate();//from ww w . j a v a2 s .co m assertEquals(actualKey, expectedKey); } }
From source file:org.candlepin.pki.PrivateKeyReaderTest.java
License:Open Source License
@Test public void testReadEncryptedPKCS1() throws Exception { String keyFile = "keys/pkcs1-aes256-encrypted.pem"; try (InputStream keyStream = cl.getResourceAsStream(keyFile); Reader expectedReader = new InputStreamReader(cl.getResourceAsStream(keyFile));) { PrivateKey actualKey = new PrivateKeyReader().read(keyStream, "password"); PEMEncryptedKeyPair expected = (PEMEncryptedKeyPair) new PEMParser(expectedReader).readObject(); PEMDecryptorProvider provider = new JcePEMDecryptorProviderBuilder().setProvider(BC_PROVIDER) .build(PASSWORD);// w ww . j av a 2s . c om PEMKeyPair decryptedInfo = expected.decryptKeyPair(provider); PrivateKey expectedKey = new JcaPEMKeyConverter().setProvider(BC_PROVIDER).getKeyPair(decryptedInfo) .getPrivate(); assertEquals(actualKey, expectedKey); } }
From source file:org.candlepin.test.CertificateReaderForTesting.java
License:Open Source License
@Override protected PrivateKey readPrivateKey(PrivateKeyReader reader) throws FileNotFoundException { InputStream keyStream = this.getClass().getClassLoader().getResourceAsStream("test-ca.key"); KeyPair keyPair = null;//www. j a v a2s . co m try (PEMParser parser = new PEMParser(new InputStreamReader(keyStream));) { keyPair = new JcaPEMKeyConverter().setProvider(BC_PROVIDER) .getKeyPair((PEMKeyPair) parser.readObject()); } catch (IOException e) { Assert.fail("Could not load private key"); } return keyPair.getPrivate(); }
From source file:org.codice.ddf.security.certificate.keystore.editor.KeystoreEditor.java
License:Open Source License
private synchronized void addToStore(String alias, String keyPassword, String storePassword, String data, String type, String fileName, String path, String storepass, KeyStore store) throws KeystoreEditorException { OutputStream fos = null;/* w w w. j a v a 2 s . c om*/ try (InputStream inputStream = new ByteArrayInputStream(Base64.getDecoder().decode(data))) { if (StringUtils.isBlank(alias)) { throw new IllegalArgumentException("Alias cannot be null."); } Path storeFile = Paths.get(path); //check the two most common key/cert stores first (pkcs12 and jks) if (PKCS12_TYPE.equals(type) || StringUtils.endsWithIgnoreCase(fileName, ".p12")) { //priv key + cert chain KeyStore pkcs12Store = KeyStore.getInstance("PKCS12"); pkcs12Store.load(inputStream, storePassword.toCharArray()); Certificate[] chain = pkcs12Store.getCertificateChain(alias); Key key = pkcs12Store.getKey(alias, keyPassword.toCharArray()); if (key != null) { store.setKeyEntry(alias, key, keyPassword.toCharArray(), chain); fos = Files.newOutputStream(storeFile); store.store(fos, storepass.toCharArray()); } } else if (JKS_TYPE.equals(type) || StringUtils.endsWithIgnoreCase(fileName, ".jks")) { //java keystore file KeyStore jks = KeyStore.getInstance("jks"); jks.load(inputStream, storePassword.toCharArray()); Enumeration<String> aliases = jks.aliases(); //we are going to store all entries from the jks regardless of the passed in alias while (aliases.hasMoreElements()) { String jksAlias = aliases.nextElement(); if (jks.isKeyEntry(jksAlias)) { Key key = jks.getKey(jksAlias, keyPassword.toCharArray()); Certificate[] certificateChain = jks.getCertificateChain(jksAlias); store.setKeyEntry(jksAlias, key, keyPassword.toCharArray(), certificateChain); } else { Certificate certificate = jks.getCertificate(jksAlias); store.setCertificateEntry(jksAlias, certificate); } } fos = Files.newOutputStream(storeFile); store.store(fos, storepass.toCharArray()); //need to parse der separately from pem, der has the same mime type but is binary hence checking both } else if (DER_TYPE.equals(type) && StringUtils.endsWithIgnoreCase(fileName, ".der")) { ASN1InputStream asn1InputStream = new ASN1InputStream(inputStream); ASN1Primitive asn1Primitive = asn1InputStream.readObject(); X509CertificateHolder x509CertificateHolder = new X509CertificateHolder(asn1Primitive.getEncoded()); CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC"); Certificate certificate = certificateFactory .generateCertificate(new ByteArrayInputStream(x509CertificateHolder.getEncoded())); X500Name x500name = new JcaX509CertificateHolder((X509Certificate) certificate).getSubject(); RDN cn = x500name.getRDNs(BCStyle.CN)[0]; String cnStr = IETFUtils.valueToString(cn.getFirst().getValue()); if (!store.isCertificateEntry(cnStr) && !store.isKeyEntry(cnStr)) { store.setCertificateEntry(cnStr, certificate); } store.setCertificateEntry(alias, certificate); fos = Files.newOutputStream(storeFile); store.store(fos, storepass.toCharArray()); //if it isn't one of the stores we support, it might be a key or cert by itself } else if (isPemParsable(type, fileName)) { //This is the catch all case for PEM, P7B, etc. with common file extensions if the mime type isn't read correctly in the browser Reader reader = new BufferedReader(new InputStreamReader(inputStream, StandardCharsets.UTF_8)); PEMParser pemParser = new PEMParser(reader); Object object; boolean setEntry = false; while ((object = pemParser.readObject()) != null) { if (object instanceof PEMEncryptedKeyPair || object instanceof PEMKeyPair) { PEMKeyPair pemKeyPair; if (object instanceof PEMEncryptedKeyPair) { PEMEncryptedKeyPair pemEncryptedKeyPairKeyPair = (PEMEncryptedKeyPair) object; JcePEMDecryptorProviderBuilder jcePEMDecryptorProviderBuilder = new JcePEMDecryptorProviderBuilder(); pemKeyPair = pemEncryptedKeyPairKeyPair.decryptKeyPair( jcePEMDecryptorProviderBuilder.build(keyPassword.toCharArray())); } else { pemKeyPair = (PEMKeyPair) object; } KeyPair keyPair = new JcaPEMKeyConverter().setProvider("BC").getKeyPair(pemKeyPair); PrivateKey privateKey = keyPair.getPrivate(); Certificate[] chain = store.getCertificateChain(alias); if (chain == null) { chain = buildCertChain(alias, store); } store.setKeyEntry(alias, privateKey, keyPassword.toCharArray(), chain); setEntry = true; } else if (object instanceof X509CertificateHolder) { X509CertificateHolder x509CertificateHolder = (X509CertificateHolder) object; CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC"); Certificate certificate = certificateFactory .generateCertificate(new ByteArrayInputStream(x509CertificateHolder.getEncoded())); X500Name x500name = new JcaX509CertificateHolder((X509Certificate) certificate) .getSubject(); RDN cn = x500name.getRDNs(BCStyle.CN)[0]; String cnStr = IETFUtils.valueToString(cn.getFirst().getValue()); if (!store.isCertificateEntry(cnStr) && !store.isKeyEntry(cnStr)) { store.setCertificateEntry(cnStr, certificate); } store.setCertificateEntry(alias, certificate); setEntry = true; } else if (object instanceof ContentInfo) { ContentInfo contentInfo = (ContentInfo) object; if (contentInfo.getContentType().equals(CMSObjectIdentifiers.envelopedData)) { CMSEnvelopedData cmsEnvelopedData = new CMSEnvelopedData(contentInfo); OriginatorInfo originatorInfo = cmsEnvelopedData.getOriginatorInfo().toASN1Structure(); ASN1Set certificates = originatorInfo.getCertificates(); setEntry = importASN1CertificatesToStore(store, setEntry, certificates); } else if (contentInfo.getContentType().equals(CMSObjectIdentifiers.signedData)) { SignedData signedData = SignedData.getInstance(contentInfo.getContent()); ASN1Set certificates = signedData.getCertificates(); setEntry = importASN1CertificatesToStore(store, setEntry, certificates); } } else if (object instanceof PKCS8EncryptedPrivateKeyInfo) { PKCS8EncryptedPrivateKeyInfo pkcs8EncryptedPrivateKeyInfo = (PKCS8EncryptedPrivateKeyInfo) object; Certificate[] chain = store.getCertificateChain(alias); if (chain == null) { chain = buildCertChain(alias, store); } try { store.setKeyEntry(alias, pkcs8EncryptedPrivateKeyInfo.getEncoded(), chain); setEntry = true; } catch (KeyStoreException keyEx) { try { PKCS8Key pkcs8Key = new PKCS8Key(pkcs8EncryptedPrivateKeyInfo.getEncoded(), keyPassword.toCharArray()); store.setKeyEntry(alias, pkcs8Key.getPrivateKey(), keyPassword.toCharArray(), chain); setEntry = true; } catch (GeneralSecurityException e) { LOGGER.info( "Unable to add PKCS8 key to keystore with secondary method. Throwing original exception.", e); throw keyEx; } } } } if (setEntry) { fos = Files.newOutputStream(storeFile); store.store(fos, storepass.toCharArray()); } } } catch (Exception e) { LOGGER.info("Unable to add entry {} to store", alias, e); throw new KeystoreEditorException("Unable to add entry " + alias + " to store", e); } finally { if (fos != null) { try { fos.close(); } catch (IOException ignore) { } } } init(); }