List of usage examples for org.bouncycastle.openssl.jcajce JcaPEMKeyConverter JcaPEMKeyConverter
JcaPEMKeyConverter
From source file:org.robotbrains.examples.mqtt.subscriber.SslCertificateSubscriberMqttExample.java
License:Apache License
/** * Create an SSL socket factory./*from w w w . j av a2 s . c o m*/ * * @param credentials * the security credentials * * @return the socket factory. * * @throws Exception * something bad happened */ public static SSLSocketFactory configureSSLSocketFactory(Properties credentials) throws Exception { Security.addProvider(new BouncyCastleProvider()); JcaX509CertificateConverter certificateConverter = new JcaX509CertificateConverter().setProvider("BC"); String caCrtFile = credentials.getProperty("mqtt.ca.crt"); // load CA certificate PEMParser reader = new PEMParser( new InputStreamReader(new ByteArrayInputStream(Files.readAllBytes(Paths.get(caCrtFile))))); X509Certificate caCert = certificateConverter.getCertificate((X509CertificateHolder) reader.readObject()); reader.close(); // load client certificate String crtFile = credentials.getProperty("mqtt.client.crt"); reader = new PEMParser( new InputStreamReader(new ByteArrayInputStream(Files.readAllBytes(Paths.get(crtFile))))); X509Certificate cert = certificateConverter.getCertificate((X509CertificateHolder) reader.readObject()); reader.close(); // load client private key JcaPEMKeyConverter keyConverter = new JcaPEMKeyConverter().setProvider("BC"); String keyFile = credentials.getProperty("mqtt.client.key"); reader = new PEMParser( new InputStreamReader(new ByteArrayInputStream(Files.readAllBytes(Paths.get(keyFile))))); KeyPair key = keyConverter.getKeyPair((PEMKeyPair) reader.readObject()); reader.close(); // CA certificate is used to authenticate server KeyStore caKs = KeyStore.getInstance(KeyStore.getDefaultType()); caKs.load(null, null); caKs.setCertificateEntry("ca-certificate", caCert); TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(caKs); // client key and certificates are sent to server so it can authenticate // us KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(null, null); ks.setCertificateEntry("certificate", cert); // This assumes that the client key is not password protected. We need a // password, but it could be anything. char[] password = "password".toCharArray(); ks.setKeyEntry("private-key", key.getPrivate(), password, new java.security.cert.Certificate[] { cert }); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(ks, password); // finally, create SSL socket factory SSLContext context = SSLContext.getInstance("TLS"); context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); return context.getSocketFactory(); }
From source file:org.shredzone.acme4j.util.KeyPairUtils.java
License:Apache License
/** * Reads a {@link KeyPair} from a PEM file. * * @param r//from w ww .jav a 2 s. c o m * {@link Reader} to read the PEM file from * @return {@link KeyPair} read */ public static KeyPair readKeyPair(Reader r) throws IOException { try (PEMParser parser = new PEMParser(r)) { PEMKeyPair keyPair = (PEMKeyPair) parser.readObject(); return new JcaPEMKeyConverter().getKeyPair(keyPair); } catch (PEMException ex) { throw new IOException("Invalid PEM file", ex); } }
From source file:org.thingsboard.gateway.extensions.mqtt.client.conf.credentials.CertPemClientCredentials.java
License:Apache License
private KeyManagerFactory createAndInitKeyManagerFactory() throws Exception { X509Certificate certHolder = certificateConverter.getCertificate((X509CertificateHolder) readPEMFile(cert)); Object keyObject = readPEMFile(privateKey); char[] passwordCharArray = "".toCharArray(); if (!StringUtils.isEmpty(password)) { passwordCharArray = password.toCharArray(); }//from w ww. jav a 2 s.c o m JcaPEMKeyConverter keyConverter = new JcaPEMKeyConverter().setProvider("BC"); KeyPair key; if (keyObject instanceof PEMEncryptedKeyPair) { PEMDecryptorProvider provider = new JcePEMDecryptorProviderBuilder().build(passwordCharArray); key = keyConverter.getKeyPair(((PEMEncryptedKeyPair) keyObject).decryptKeyPair(provider)); } else { key = keyConverter.getKeyPair((PEMKeyPair) keyObject); } KeyStore clientKeyStore = KeyStore.getInstance(KeyStore.getDefaultType()); clientKeyStore.load(null, null); clientKeyStore.setCertificateEntry("cert", certHolder); clientKeyStore.setKeyEntry("private-key", key.getPrivate(), passwordCharArray, new Certificate[] { certHolder }); KeyManagerFactory keyManagerFactory = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(clientKeyStore, passwordCharArray); return keyManagerFactory; }
From source file:org.thingsboard.rule.engine.mqtt.credentials.CertPemClientCredentials.java
License:Apache License
private KeyManagerFactory createAndInitKeyManagerFactory() throws Exception { X509Certificate certHolder = readCertFile(cert); Object keyObject = readPrivateKeyFile(privateKey); char[] passwordCharArray = "".toCharArray(); if (!StringUtils.isEmpty(password)) { passwordCharArray = password.toCharArray(); }/* w w w. j a va 2 s .co m*/ JcaPEMKeyConverter keyConverter = new JcaPEMKeyConverter().setProvider("BC"); PrivateKey privateKey; if (keyObject instanceof PEMEncryptedKeyPair) { PEMDecryptorProvider provider = new JcePEMDecryptorProviderBuilder().build(passwordCharArray); KeyPair key = keyConverter.getKeyPair(((PEMEncryptedKeyPair) keyObject).decryptKeyPair(provider)); privateKey = key.getPrivate(); } else if (keyObject instanceof PEMKeyPair) { KeyPair key = keyConverter.getKeyPair((PEMKeyPair) keyObject); privateKey = key.getPrivate(); } else if (keyObject instanceof PrivateKey) { privateKey = (PrivateKey) keyObject; } else { throw new RuntimeException("Unable to get private key from object: " + keyObject.getClass()); } KeyStore clientKeyStore = KeyStore.getInstance(KeyStore.getDefaultType()); clientKeyStore.load(null, null); clientKeyStore.setCertificateEntry("cert", certHolder); clientKeyStore.setKeyEntry("private-key", privateKey, passwordCharArray, new Certificate[] { certHolder }); KeyManagerFactory keyManagerFactory = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(clientKeyStore, passwordCharArray); return keyManagerFactory; }
From source file:pv181.jca.Globals.java
/** * Reads key from PEM file. Able to read both encrypted and plain keys. * @param s/*from w ww. ja va 2 s .co m*/ * @param password * @return * @throws IOException */ public static KeyPair readKeyFromPEM(InputStream s, String password) throws IOException { // This is PEM decryptor in a case where key is stored in ecnrypted form PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder() .build(password == null ? null : password.toCharArray()); // PEM key converter converts PEMKeyPair type to KeyPair JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider(PROVIDER); // Read the object itself from the PEM file Object obj = readPEM(s); if (obj instanceof PEMEncryptedKeyPair) { return converter.getKeyPair(((PEMEncryptedKeyPair) obj).decryptKeyPair(decProv)); } else { return converter.getKeyPair((PEMKeyPair) obj); } }
From source file:shiver.me.timbers.spring.security.keys.BouncyCastlePemKeyPairs.java
License:Apache License
@Override public KeyPair createPair(String secret) throws IOException { final PEMParser pemParser = new PEMParser( new InputStreamReader(new ByteArrayInputStream(secret.getBytes()))); return new JcaPEMKeyConverter().setProvider("BC").getKeyPair((PEMKeyPair) pemParser.readObject()); }
From source file:uk.co.develop4.security.utils.decoders.DecoderUtils.java
License:Apache License
private static KeyPair getKeyPairFromOpenSslPemFile(String fileName, String passphrase, String providerName) throws IOException { Reader fRd = null;// w ww .j a v a 2s. com PEMParser pemParser = null; KeyPair keypair = null; try { JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider(providerName); PEMDecryptorProvider pemProv = new JcePEMDecryptorProviderBuilder().setProvider(providerName) .build(passphrase.toCharArray()); InputDecryptorProvider pkcs8Prov = new JceOpenSSLPKCS8DecryptorProviderBuilder() .build(passphrase.toCharArray()); //res = this.getClass().getResourceAsStream(fileName); File file = DecoderUtils.isFile(fileName); FileReader fr = new FileReader(file); fRd = new BufferedReader(fr); pemParser = new PEMParser(fRd); Object obj = pemParser.readObject(); if (obj instanceof PEMEncryptedKeyPair) { keypair = converter.getKeyPair(((PEMEncryptedKeyPair) obj).decryptKeyPair(pemProv)); } else if (obj instanceof PKCS8EncryptedPrivateKeyInfo) { keypair = new KeyPair(null, converter .getPrivateKey(((PKCS8EncryptedPrivateKeyInfo) obj).decryptPrivateKeyInfo(pkcs8Prov))); } else if (obj instanceof SubjectPublicKeyInfo) { keypair = new KeyPair((PublicKey) converter.getPublicKey((SubjectPublicKeyInfo) obj), null); } else if (obj instanceof X509CertificateHolder) { SubjectPublicKeyInfo sub = (SubjectPublicKeyInfo) ((X509CertificateHolder) obj) .getSubjectPublicKeyInfo(); keypair = new KeyPair((PublicKey) converter.getPublicKey((SubjectPublicKeyInfo) sub), null); } else { keypair = converter.getKeyPair((PEMKeyPair) obj); } } catch (Exception ex) { ex.printStackTrace(); } finally { pemParser.close(); } return keypair; }