List of usage examples for org.bouncycastle.openssl.jcajce JcePEMDecryptorProviderBuilder build
public PEMDecryptorProvider build(final char[] password)
From source file:com.gitblit.transport.ssh.FileKeyPairProvider.java
License:Apache License
protected KeyPair doLoadKey(String file) { try {/* w w w. jav a 2 s. c o m*/ PEMParser r = new PEMParser(new InputStreamReader(new FileInputStream(file))); try { Object o = r.readObject(); JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter(); pemConverter.setProvider("BC"); if (passwordFinder != null && o instanceof PEMEncryptedKeyPair) { JcePEMDecryptorProviderBuilder decryptorBuilder = new JcePEMDecryptorProviderBuilder(); PEMDecryptorProvider pemDecryptor = decryptorBuilder.build(passwordFinder.getPassword()); o = pemConverter.getKeyPair(((PEMEncryptedKeyPair) o).decryptKeyPair(pemDecryptor)); } if (o instanceof PEMKeyPair) { o = pemConverter.getKeyPair((PEMKeyPair) o); return (KeyPair) o; } else if (o instanceof KeyPair) { return (KeyPair) o; } } finally { r.close(); } } catch (Exception e) { log.warn("Unable to read key " + file, e); } return null; }
From source file:com.github.ibole.infrastructure.security.jwt.auth0.Auth0Utils.java
License:Apache License
private PrivateKey decryptPrivateKey(JWTEncryptionPreferences preferences) throws TokenHandlingException { PrivateKey decryptedPrivateKey; try {/*from ww w .j a v a 2 s . com*/ PEMParser keyReader = new PEMParser(new StringReader(preferences.getPrivateKey())); Object keyPair = keyReader.readObject(); keyReader.close(); if (keyPair instanceof PEMEncryptedKeyPair) { JcePEMDecryptorProviderBuilder builder = new JcePEMDecryptorProviderBuilder(); PEMDecryptorProvider decryptionProvider = builder .build(preferences.getPrivateKeyPassword().toCharArray()); keyPair = ((PEMEncryptedKeyPair) keyPair).decryptKeyPair(decryptionProvider); } PrivateKeyInfo keyInfo = ((PEMKeyPair) keyPair).getPrivateKeyInfo(); decryptedPrivateKey = (new JcaPEMKeyConverter()).getPrivateKey(keyInfo); } catch (IOException e) { throw new TokenHandlingException("Error parsing private key for Box Developer Edition.", e); } return decryptedPrivateKey; }
From source file:de.carne.certmgr.store.provider.bouncycastle.BouncyCastleStoreProvider.java
License:Open Source License
private KeyPair keyFromPEMObject(Object pemObject, PasswordCallback password, String resource) throws IOException { PEMKeyPair keyPair = null;/*www . ja v a 2 s . c o m*/ if (pemObject instanceof PEMEncryptedKeyPair) { PEMEncryptedKeyPair encryptedKeyPair = (PEMEncryptedKeyPair) pemObject; JcePEMDecryptorProviderBuilder decryptorBuilder = new JcePEMDecryptorProviderBuilder(); String passwordInput = (password != null ? password.queryPassword(resource) : null); Exception invalidPasswordException = null; while (keyPair == null) { if (passwordInput == null) { throw new PasswordRequiredException("Password required for PEM object: '" + resource + "'", invalidPasswordException); } assert password != null; PEMDecryptorProvider decryptorProvider = decryptorBuilder.build(passwordInput.toCharArray()); try { keyPair = encryptedKeyPair.decryptKeyPair(decryptorProvider); } catch (EncryptionException e) { invalidPasswordException = e; passwordInput = password.requeryPassword(resource, e); } } } else { keyPair = (PEMKeyPair) pemObject; } JcaPEMKeyConverter keyConverter = new JcaPEMKeyConverter(); return keyConverter.getKeyPair(keyPair); }
From source file:org.apache.camel.component.ssh.FileKeyPairProvider.java
License:Apache License
public KeyPair[] loadKeys() { if (!SecurityUtils.isBouncyCastleRegistered()) { throw new IllegalStateException("BouncyCastle must be registered as a JCE provider"); }/*from ww w . j a v a2 s . c om*/ List<KeyPair> keys = new ArrayList<KeyPair>(); for (int i = 0; i < files.length; i++) { try { PEMParser r = new PEMParser(new InputStreamReader(new FileInputStream(files[i]))); try { Object o = r.readObject(); JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter(); pemConverter.setProvider("BC"); if (passwordFinder != null && o instanceof PEMEncryptedKeyPair) { JcePEMDecryptorProviderBuilder decryptorBuilder = new JcePEMDecryptorProviderBuilder(); PEMDecryptorProvider pemDecryptor = decryptorBuilder.build(passwordFinder.getPassword()); o = pemConverter.getKeyPair(((PEMEncryptedKeyPair) o).decryptKeyPair(pemDecryptor)); } if (o instanceof PEMKeyPair) { o = pemConverter.getKeyPair((PEMKeyPair) o); keys.add((KeyPair) o); } else if (o instanceof KeyPair) { keys.add((KeyPair) o); } } finally { r.close(); } } catch (Exception e) { log.warn("Unable to read key {}: {}", files[i], e); } } return keys.toArray(new KeyPair[keys.size()]); }
From source file:org.apache.camel.component.ssh.ResourceHelperKeyPairProvider.java
License:Apache License
@Override protected KeyPair[] loadKeys() { if (!SecurityUtils.isBouncyCastleRegistered()) { throw new IllegalStateException("BouncyCastle must be registered as a JCE provider"); }/* w w w . j a va 2 s . co m*/ final List<KeyPair> keys = new ArrayList<KeyPair>(this.resources.length); for (String resource : resources) { PEMParser r = null; InputStreamReader isr = null; InputStream is = null; try { is = ResourceHelper.resolveMandatoryResourceAsInputStream(classResolver, resource); isr = new InputStreamReader(is); r = new PEMParser(isr); Object o = r.readObject(); JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter(); pemConverter.setProvider("BC"); if (passwordFinder != null && o instanceof PEMEncryptedKeyPair) { JcePEMDecryptorProviderBuilder decryptorBuilder = new JcePEMDecryptorProviderBuilder(); PEMDecryptorProvider pemDecryptor = decryptorBuilder.build(passwordFinder.getPassword()); o = pemConverter.getKeyPair(((PEMEncryptedKeyPair) o).decryptKeyPair(pemDecryptor)); } if (o instanceof PEMKeyPair) { o = pemConverter.getKeyPair((PEMKeyPair) o); keys.add((KeyPair) o); } else if (o instanceof KeyPair) { keys.add((KeyPair) o); } } catch (Exception e) { log.warn("Unable to read key", e); } finally { IoUtils.closeQuietly(r, is, isr); } } return keys.toArray(new KeyPair[keys.size()]); }
From source file:org.apache.sshd.common.util.security.bouncycastle.BouncyCastleKeyPairResourceParser.java
License:Apache License
public static KeyPair loadKeyPair(String resourceKey, InputStream inputStream, FilePasswordProvider provider) throws IOException, GeneralSecurityException { try (PEMParser r = new PEMParser(new InputStreamReader(inputStream, StandardCharsets.UTF_8))) { Object o = r.readObject(); JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter(); pemConverter.setProvider(SecurityUtils.BOUNCY_CASTLE); if (o instanceof PEMEncryptedKeyPair) { ValidateUtils.checkNotNull(provider, "No password provider for resource=%s", resourceKey); String password = ValidateUtils.checkNotNullAndNotEmpty(provider.getPassword(resourceKey), "No password provided for resource=%s", resourceKey); JcePEMDecryptorProviderBuilder decryptorBuilder = new JcePEMDecryptorProviderBuilder(); PEMDecryptorProvider pemDecryptor = decryptorBuilder.build(password.toCharArray()); o = ((PEMEncryptedKeyPair) o).decryptKeyPair(pemDecryptor); }//w ww . j a v a2 s .c o m if (o instanceof PEMKeyPair) { return pemConverter.getKeyPair((PEMKeyPair) o); } else if (o instanceof KeyPair) { return (KeyPair) o; } else { throw new IOException("Failed to read " + resourceKey + " - unknown result object: " + o); } } }
From source file:org.codice.ddf.security.certificate.keystore.editor.KeystoreEditor.java
License:Open Source License
private synchronized void addToStore(String alias, String keyPassword, String storePassword, String data, String type, String fileName, String path, String storepass, KeyStore store) throws KeystoreEditorException { OutputStream fos = null;/*from w w w . jav a2 s .com*/ try (InputStream inputStream = new ByteArrayInputStream(Base64.getDecoder().decode(data))) { if (StringUtils.isBlank(alias)) { throw new IllegalArgumentException("Alias cannot be null."); } Path storeFile = Paths.get(path); //check the two most common key/cert stores first (pkcs12 and jks) if (PKCS12_TYPE.equals(type) || StringUtils.endsWithIgnoreCase(fileName, ".p12")) { //priv key + cert chain KeyStore pkcs12Store = KeyStore.getInstance("PKCS12"); pkcs12Store.load(inputStream, storePassword.toCharArray()); Certificate[] chain = pkcs12Store.getCertificateChain(alias); Key key = pkcs12Store.getKey(alias, keyPassword.toCharArray()); if (key != null) { store.setKeyEntry(alias, key, keyPassword.toCharArray(), chain); fos = Files.newOutputStream(storeFile); store.store(fos, storepass.toCharArray()); } } else if (JKS_TYPE.equals(type) || StringUtils.endsWithIgnoreCase(fileName, ".jks")) { //java keystore file KeyStore jks = KeyStore.getInstance("jks"); jks.load(inputStream, storePassword.toCharArray()); Enumeration<String> aliases = jks.aliases(); //we are going to store all entries from the jks regardless of the passed in alias while (aliases.hasMoreElements()) { String jksAlias = aliases.nextElement(); if (jks.isKeyEntry(jksAlias)) { Key key = jks.getKey(jksAlias, keyPassword.toCharArray()); Certificate[] certificateChain = jks.getCertificateChain(jksAlias); store.setKeyEntry(jksAlias, key, keyPassword.toCharArray(), certificateChain); } else { Certificate certificate = jks.getCertificate(jksAlias); store.setCertificateEntry(jksAlias, certificate); } } fos = Files.newOutputStream(storeFile); store.store(fos, storepass.toCharArray()); //need to parse der separately from pem, der has the same mime type but is binary hence checking both } else if (DER_TYPE.equals(type) && StringUtils.endsWithIgnoreCase(fileName, ".der")) { ASN1InputStream asn1InputStream = new ASN1InputStream(inputStream); ASN1Primitive asn1Primitive = asn1InputStream.readObject(); X509CertificateHolder x509CertificateHolder = new X509CertificateHolder(asn1Primitive.getEncoded()); CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC"); Certificate certificate = certificateFactory .generateCertificate(new ByteArrayInputStream(x509CertificateHolder.getEncoded())); X500Name x500name = new JcaX509CertificateHolder((X509Certificate) certificate).getSubject(); RDN cn = x500name.getRDNs(BCStyle.CN)[0]; String cnStr = IETFUtils.valueToString(cn.getFirst().getValue()); if (!store.isCertificateEntry(cnStr) && !store.isKeyEntry(cnStr)) { store.setCertificateEntry(cnStr, certificate); } store.setCertificateEntry(alias, certificate); fos = Files.newOutputStream(storeFile); store.store(fos, storepass.toCharArray()); //if it isn't one of the stores we support, it might be a key or cert by itself } else if (isPemParsable(type, fileName)) { //This is the catch all case for PEM, P7B, etc. with common file extensions if the mime type isn't read correctly in the browser Reader reader = new BufferedReader(new InputStreamReader(inputStream, StandardCharsets.UTF_8)); PEMParser pemParser = new PEMParser(reader); Object object; boolean setEntry = false; while ((object = pemParser.readObject()) != null) { if (object instanceof PEMEncryptedKeyPair || object instanceof PEMKeyPair) { PEMKeyPair pemKeyPair; if (object instanceof PEMEncryptedKeyPair) { PEMEncryptedKeyPair pemEncryptedKeyPairKeyPair = (PEMEncryptedKeyPair) object; JcePEMDecryptorProviderBuilder jcePEMDecryptorProviderBuilder = new JcePEMDecryptorProviderBuilder(); pemKeyPair = pemEncryptedKeyPairKeyPair.decryptKeyPair( jcePEMDecryptorProviderBuilder.build(keyPassword.toCharArray())); } else { pemKeyPair = (PEMKeyPair) object; } KeyPair keyPair = new JcaPEMKeyConverter().setProvider("BC").getKeyPair(pemKeyPair); PrivateKey privateKey = keyPair.getPrivate(); Certificate[] chain = store.getCertificateChain(alias); if (chain == null) { chain = buildCertChain(alias, store); } store.setKeyEntry(alias, privateKey, keyPassword.toCharArray(), chain); setEntry = true; } else if (object instanceof X509CertificateHolder) { X509CertificateHolder x509CertificateHolder = (X509CertificateHolder) object; CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC"); Certificate certificate = certificateFactory .generateCertificate(new ByteArrayInputStream(x509CertificateHolder.getEncoded())); X500Name x500name = new JcaX509CertificateHolder((X509Certificate) certificate) .getSubject(); RDN cn = x500name.getRDNs(BCStyle.CN)[0]; String cnStr = IETFUtils.valueToString(cn.getFirst().getValue()); if (!store.isCertificateEntry(cnStr) && !store.isKeyEntry(cnStr)) { store.setCertificateEntry(cnStr, certificate); } store.setCertificateEntry(alias, certificate); setEntry = true; } else if (object instanceof ContentInfo) { ContentInfo contentInfo = (ContentInfo) object; if (contentInfo.getContentType().equals(CMSObjectIdentifiers.envelopedData)) { CMSEnvelopedData cmsEnvelopedData = new CMSEnvelopedData(contentInfo); OriginatorInfo originatorInfo = cmsEnvelopedData.getOriginatorInfo().toASN1Structure(); ASN1Set certificates = originatorInfo.getCertificates(); setEntry = importASN1CertificatesToStore(store, setEntry, certificates); } else if (contentInfo.getContentType().equals(CMSObjectIdentifiers.signedData)) { SignedData signedData = SignedData.getInstance(contentInfo.getContent()); ASN1Set certificates = signedData.getCertificates(); setEntry = importASN1CertificatesToStore(store, setEntry, certificates); } } else if (object instanceof PKCS8EncryptedPrivateKeyInfo) { PKCS8EncryptedPrivateKeyInfo pkcs8EncryptedPrivateKeyInfo = (PKCS8EncryptedPrivateKeyInfo) object; Certificate[] chain = store.getCertificateChain(alias); if (chain == null) { chain = buildCertChain(alias, store); } try { store.setKeyEntry(alias, pkcs8EncryptedPrivateKeyInfo.getEncoded(), chain); setEntry = true; } catch (KeyStoreException keyEx) { try { PKCS8Key pkcs8Key = new PKCS8Key(pkcs8EncryptedPrivateKeyInfo.getEncoded(), keyPassword.toCharArray()); store.setKeyEntry(alias, pkcs8Key.getPrivateKey(), keyPassword.toCharArray(), chain); setEntry = true; } catch (GeneralSecurityException e) { LOGGER.info( "Unable to add PKCS8 key to keystore with secondary method. Throwing original exception.", e); throw keyEx; } } } } if (setEntry) { fos = Files.newOutputStream(storeFile); store.store(fos, storepass.toCharArray()); } } } catch (Exception e) { LOGGER.info("Unable to add entry {} to store", alias, e); throw new KeystoreEditorException("Unable to add entry " + alias + " to store", e); } finally { if (fos != null) { try { fos.close(); } catch (IOException ignore) { } } } init(); }