List of usage examples for org.bouncycastle.openssl.jcajce JcaPEMKeyConverter JcaPEMKeyConverter
JcaPEMKeyConverter
From source file:org.commonjava.util.jhttpc.INTERNAL.util.BouncyCastleUtils.java
License:Apache License
public static KeyStore readKeyAndCertFromPem(String pemContent, String keyPass) throws NoSuchAlgorithmException, CertificateException, KeyStoreException, IOException, JHttpCException { Logger logger = LoggerFactory.getLogger(BouncyCastleUtils.class); final KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(null);//w w w . ja v a 2 s . com // final KeyManagerFactory kmfactory = KeyManagerFactory.getInstance( // KeyManagerFactory.getDefaultAlgorithm()); // // kmfactory.init(ks, keyPass.toCharArray()); // final CertificateFactory certFactory = CertificateFactory.getInstance( "X.509" ); // Pattern keyTypePattern = Pattern.compile( KEY_TYPE_PATTERN ); // Matcher matcher = keyTypePattern.matcher( pemContent ); // String keyType = "RSA"; // if ( matcher.find() ) // { // String type = matcher.group( 1 ); // if ( "ENCRYPTED".equals( type ) ) // { // keyType = "PKCS8"; // } // else // { // keyType = type; // } // } // // logger.trace( "Using key factory for type: {}", keyType ); // final KeyFactory keyFactory = KeyFactory.getInstance( keyType ); // final List<String> lines = SSLUtils.readLines( pemContent ); // // String currentHeader = null; // final StringBuilder current = new StringBuilder(); int certIdx = 0; BouncyCastleProvider bcProvider = new BouncyCastleProvider(); InputDecryptorProvider provider = new JcePKCSPBEInputDecryptorProviderBuilder().setProvider(bcProvider) .build(keyPass.toCharArray()); final List<Certificate> certs = new ArrayList<Certificate>(); PrivateKey key = null; PEMParser pemParser = new PEMParser(new StringReader(pemContent)); Object pemObj = null; while ((pemObj = pemParser.readObject()) != null) { logger.trace("Got PEM object: {}", pemObj); if (pemObj instanceof X509CertificateHolder) { X509CertificateHolder holder = (X509CertificateHolder) pemObj; X509Certificate certificate = new JcaX509CertificateConverter().setProvider(bcProvider) .getCertificate(holder); certs.add(certificate); Set<String> aliases = new HashSet<String>(); aliases.add("certificate" + certIdx); extractAliases(certificate, aliases); KeyStore.TrustedCertificateEntry ksEntry = new KeyStore.TrustedCertificateEntry(certificate); for (String alias : aliases) { ks.setEntry(alias, ksEntry, null); logger.trace("Storing trusted cert under alias: {}\n with DN: {}", alias, certificate.getSubjectDN().getName()); } certIdx++; } else if (pemObj instanceof PKCS8EncryptedPrivateKeyInfo) { PKCS8EncryptedPrivateKeyInfo keyInfo = (PKCS8EncryptedPrivateKeyInfo) pemObj; PrivateKeyInfo privateKeyInfo = null; try { privateKeyInfo = keyInfo.decryptPrivateKeyInfo(provider); } catch (PKCSException e) { throw new JHttpCException("Failed to decrypt key/certificate: %s", e, e.getMessage()); } key = new JcaPEMKeyConverter().getPrivateKey(privateKeyInfo); } else if (pemObj instanceof PEMEncryptedKeyPair) { PEMEncryptedKeyPair keyPair = (PEMEncryptedKeyPair) pemObj; PEMKeyPair decryptedKeyPair = keyPair .decryptKeyPair(new BcPEMDecryptorProvider(keyPass.toCharArray())); PrivateKeyInfo privateKeyInfo = decryptedKeyPair.getPrivateKeyInfo(); key = new JcaPEMKeyConverter().getPrivateKey(privateKeyInfo); } else { logger.trace("Got unrecognized PEM object: {} (class: {})", pemObj, (pemObj == null ? "NULL" : pemObj.getClass().getName())); } logger.trace("Got private key:\n{}\n", key); } if (key != null && !certs.isEmpty()) { logger.trace("Setting key entry: {}", key); ks.setKeyEntry(MonolithicKeyStrategy.KEY, key, keyPass.toCharArray(), certs.toArray(new Certificate[certs.size()])); } else { logger.warn("No private key found in PEM!"); } return ks; }
From source file:org.crsh.auth.FilePublicKeyProvider.java
License:Open Source License
public Iterable<KeyPair> loadKeys() { if (!SecurityUtils.isBouncyCastleRegistered()) { throw new IllegalStateException("BouncyCastle must be registered as a JCE provider"); }//from w ww. j av a 2s. c o m List<KeyPair> keys = new ArrayList<KeyPair>(); for (String file : files) { try { Object o = KeyPairUtils.readKey(new InputStreamReader(new FileInputStream(file))); if (o instanceof KeyPair) { keys.add(new KeyPair(((KeyPair) o).getPublic(), null)); } else if (o instanceof PublicKey) { keys.add(new KeyPair((PublicKey) o, null)); } else if (o instanceof PEMKeyPair) { PEMKeyPair keyPair = (PEMKeyPair) o; JcaPEMKeyConverter converter = new JcaPEMKeyConverter(); keys.add(new KeyPair(converter.getPublicKey(keyPair.getPublicKeyInfo()), null)); } } catch (Exception e) { LOG.info("Unable to read key {}: {}", file, e); } } return keys; }
From source file:org.crsh.ssh.term.URLKeyPairProvider.java
License:Open Source License
@Override public Iterable<java.security.KeyPair> loadKeys() { if (!SecurityUtils.isBouncyCastleRegistered()) { throw new IllegalStateException("BouncyCastle must be registered as a JCE provider"); }/*ww w . jav a2 s . c o m*/ List<KeyPair> keys = new ArrayList<KeyPair>(); if (key != null) { try { Object o = KeyPairUtils.readKey(new InputStreamReader(new ByteArrayInputStream(key.getContent()))); if (o instanceof KeyPair) { keys.add((KeyPair) o); } else if (o instanceof PEMKeyPair) { JcaPEMKeyConverter converter = new JcaPEMKeyConverter(); keys.add(converter.getKeyPair((PEMKeyPair) o)); } } catch (Exception e) { log.log(Level.INFO, "Unable to read key " + key + ": " + key, e); } } return keys; }
From source file:org.curioswitch.common.server.framework.crypto.KeyUtil.java
License:Open Source License
private static JcaPEMKeyConverter newConverter() { return new JcaPEMKeyConverter().setProvider("BC"); }
From source file:org.hyperledger.fabric.sdk.NetworkConfig.java
License:Open Source License
private static PrivateKey getPrivateKeyFromString(String data) throws IOException { final Reader pemReader = new StringReader(data); final PrivateKeyInfo pemPair; try (PEMParser pemParser = new PEMParser(pemReader)) { pemPair = (PrivateKeyInfo) pemParser.readObject(); }/* www . ja va2 s . co m*/ return new JcaPEMKeyConverter().getPrivateKey(pemPair); }
From source file:org.iotivity.cloud.accountserver.x509.cert.CSRParser.java
License:Open Source License
/** * Returns public key/*w w w . ja va2 s . c o m*/ */ public PublicKey getPublicKey() { PublicKey publicKey = null; try { publicKey = new JcaPEMKeyConverter().setProvider(SECURITY_PROVIDER) .getPublicKey(mCsr.getSubjectPublicKeyInfo()); } catch (PEMException e) { Log.e(e.getMessage()); } return publicKey; }
From source file:org.jclouds.docker.suppliers.SSLContextBuilder.java
License:Apache License
private static PrivateKey getKey(String privateKey) { PEMParser pemParser = new PEMParser(new StringReader(privateKey)); try {/*from ww w .j a v a 2s . co m*/ Object object = pemParser.readObject(); if (Security.getProvider("BC") == null) { Security.addProvider(new BouncyCastleProvider()); } JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC"); KeyPair keyPair = converter.getKeyPair((PEMKeyPair) object); return keyPair.getPrivate(); } catch (IOException ex) { throw new RuntimeException("Invalid private key", ex); } finally { Closeables2.closeQuietly(pemParser); } }
From source file:org.jclouds.docker.suppliers.SSLContextWithKeysSupplier.java
License:Apache License
private static PrivateKey getKey(String privateKey) { try {/* w w w. j a v a2 s . c o m*/ PEMParser pemParser = new PEMParser(new StringReader(privateKey)); Object object = pemParser.readObject(); if (Security.getProvider("BC") == null) { Security.addProvider(new BouncyCastleProvider()); } JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC"); KeyPair keyPair = converter.getKeyPair((PEMKeyPair) object); return keyPair.getPrivate(); } catch (IOException ex) { throw new RuntimeException("Invalid private key", ex); } }
From source file:org.jivesoftware.util.CertificateManager.java
License:Open Source License
/** * Imports a new signed certificate and its private key into the keystore. The certificate input * stream may contain the signed certificate as well as its CA chain. * * @param keyStore key store where the certificate will be stored. * @param trustStore key store where ca certificates are stored. * @param keyPassword password of the keystore. * @param alias the alias of the the new signed certificate. * @param pkInputStream the stream containing the private key. * @param passPhrase is the password phrased used when creating the private key. * @param inputStream the stream containing the signed certificate. * @param trustCACerts true if certificates present in the truststore file will be used to verify the * identity of the entity signing the certificate. * @param validateRoot true if you want to verify that the root certificate in the chain can be trusted * based on the truststore.//from www . j ava 2s . c o m * @return true if the certificate was successfully imported. * @throws Exception if no certificates were found in the inputStream. */ public static boolean installCert(KeyStore keyStore, KeyStore trustStore, String keyPassword, String alias, InputStream pkInputStream, final String passPhrase, InputStream inputStream, boolean trustCACerts, boolean validateRoot) throws Exception { // Check that there is a certificate for the specified alias X509Certificate certificate = (X509Certificate) keyStore.getCertificate(alias); if (certificate != null) { Log.warn("Certificate already exists for alias: " + alias); return false; } PEMParser pemParser = new PEMParser(new InputStreamReader(pkInputStream)); Object object = pemParser.readObject(); PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(passPhrase.toCharArray()); JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC"); KeyPair kp; if (object instanceof PEMEncryptedKeyPair) { Log.debug("Encrypted key - we will use provided password"); kp = converter.getKeyPair(((PEMEncryptedKeyPair) object).decryptKeyPair(decProv)); } else { Log.debug("Unencrypted key - no password needed"); kp = converter.getKeyPair((PEMKeyPair) object); } PrivateKey privKey = kp.getPrivate(); // Load certificates found in the PEM input stream List<X509Certificate> certs = new ArrayList<X509Certificate>(); for (Certificate cert : CertificateFactory.getInstance("X509").generateCertificates(inputStream)) { certs.add((X509Certificate) cert); } if (certs.isEmpty()) { throw new Exception("No certificates were found"); } List<X509Certificate> newCerts; if (certs.size() == 1) { // Reply has only one certificate newCerts = establishCertChain(keyStore, trustStore, certificate, certs.get(0), trustCACerts); } else { // Reply has a chain of certificates newCerts = validateReply(keyStore, trustStore, alias, certificate, certs, trustCACerts, validateRoot); } if (newCerts != null) { keyStore.setKeyEntry(alias, privKey, keyPassword.toCharArray(), newCerts.toArray(new X509Certificate[newCerts.size()])); // Notify listeners that a new certificate has been created (and signed) for (CertificateEventListener listener : listeners) { try { listener.certificateCreated(keyStore, alias, certs.get(0)); if (newCerts.size() > 1) { listener.certificateSigned(keyStore, alias, newCerts); } } catch (Exception e) { Log.error(e.getMessage(), e); } } return true; } else { return false; } }
From source file:org.kse.crypto.privatekey.OpenSslPvkUtilTest.java
License:Open Source License
@ParameterizedTest @MethodSource("privateKeys") public void checkCompatibilityWithBC(PrivateKey privateKey) throws Exception { String key = OpenSslPvkUtil.getPem(privateKey); try (PEMParser pemParser = new PEMParser(new StringReader(key))) { Object obj = pemParser.readObject(); assertThat(obj).isInstanceOf(PEMKeyPair.class); KeyPair keyPair = new JcaPEMKeyConverter().getKeyPair((PEMKeyPair) obj); assertThat(keyPair.getPrivate()).isEqualTo(privateKey); }/*from w w w. j av a2 s .c om*/ }