List of usage examples for org.bouncycastle.openssl.jcajce JcePEMDecryptorProviderBuilder JcePEMDecryptorProviderBuilder
JcePEMDecryptorProviderBuilder
From source file:co.lqnt.lockbox.key.KeyFactory.java
License:Open Source License
/** * Construct a new key factory./*from www . j a va2 s . c o m*/ */ public KeyFactory() { BouncyCastleProvider provider = new BouncyCastleProvider(); this.pemParserFactory = new PemParserFactory(); this.bcKeyParametersFactory = new BcKeyParametersFactory(); this.pemDecryptorProviderBuilder = new JcePEMDecryptorProviderBuilder(); this.pemDecryptorProviderBuilder.setProvider(provider); this.pkcs8DecryptorProviderBuilder = new JceOpenSSLPKCS8DecryptorProviderBuilder(); this.pkcs8DecryptorProviderBuilder.setProvider(provider); this.keyGenerator = new RSAKeyPairGenerator(); this.random = new SecureRandom(); }
From source file:com.amazonaws.services.iot.demo.danbo.rpi.SslUtil.java
License:Open Source License
public static SSLSocketFactory getSslSocketFactory(final String caCrtFile, final String crtFile, final String keyFile, final String password) throws InvalidPathException, IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException, KeyManagementException, Exception { Security.addProvider(new BouncyCastleProvider()); // load CA certificate PEMParser parser = new PEMParser( new InputStreamReader(new ByteArrayInputStream(Files.readAllBytes(Paths.get(caCrtFile))))); X509CertificateHolder caCert = (X509CertificateHolder) parser.readObject(); parser.close();// w w w. j a v a2s .co m // load client certificate parser = new PEMParser( new InputStreamReader(new ByteArrayInputStream(Files.readAllBytes(Paths.get(crtFile))))); X509CertificateHolder cert = (X509CertificateHolder) parser.readObject(); parser.close(); // load client private key parser = new PEMParser( new InputStreamReader(new ByteArrayInputStream(Files.readAllBytes(Paths.get(keyFile))))); Object obj = parser.readObject(); KeyPair key = null; JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC"); if (obj instanceof PEMEncryptedKeyPair) { PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(password.toCharArray()); converter = new JcaPEMKeyConverter().setProvider("BC"); key = converter.getKeyPair(((PEMEncryptedKeyPair) obj).decryptKeyPair(decProv)); } else { key = converter.getKeyPair((PEMKeyPair) obj); } parser.close(); JcaX509CertificateConverter certConverter = new JcaX509CertificateConverter(); certConverter.setProvider("BC"); // CA certificate is used to authenticate server KeyStore caKs = KeyStore.getInstance(KeyStore.getDefaultType()); caKs.load(null, null); caKs.setCertificateEntry("ca-certificate", certConverter.getCertificate(caCert)); TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(caKs); // Client key and certificates are sent to server so it can authenticate // us KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(null, null); ks.setCertificateEntry("certificate", certConverter.getCertificate(cert)); ks.setKeyEntry("private-key", key.getPrivate(), password.toCharArray(), new java.security.cert.Certificate[] { certConverter.getCertificate(cert) }); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(ks, password.toCharArray()); // Finally, create SSL socket factory SSLContext context = SSLContext.getInstance("TLSv1.2"); context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); return context.getSocketFactory(); }
From source file:com.aqnote.shared.cryptology.cert.io.PKCSReader.java
License:Open Source License
public static KeyPair readKeyPair(InputStream istream, final char[] pwd) { if (istream == null || pwd == null) return null; try {// w ww. ja v a 2 s .c o m Object object = readFile(istream); if (object instanceof PEMEncryptedKeyPair) { PEMDecryptorProvider provider = new JcePEMDecryptorProviderBuilder().build(pwd); return keyConverter.getKeyPair(((PEMEncryptedKeyPair) object).decryptKeyPair(provider)); } else if (object instanceof PEMKeyPair) { return keyConverter.getKeyPair((PEMKeyPair) object); } } catch (Throwable t) { logger.error(MSG(R.F, "readKeyPair", t.getMessage()), t); } return null; }
From source file:com.aqnote.shared.cryptology.cert.io.PKCSReader.java
License:Open Source License
public static PrivateKey readPrivateKey(InputStream istream, final char[] pwd) { if (istream == null || pwd == null) return null; try {//from w w w . j a va 2s . co m Object object = readFile(istream); if (object instanceof PKCS8EncryptedPrivateKeyInfo) { InputDecryptorProvider provider = new JceOpenSSLPKCS8DecryptorProviderBuilder().build(pwd); return keyConverter .getPrivateKey(((PKCS8EncryptedPrivateKeyInfo) object).decryptPrivateKeyInfo(provider)); } else if (object instanceof PrivateKeyInfo) { return keyConverter.getPrivateKey((PrivateKeyInfo) object); } else if (object instanceof PEMEncryptedKeyPair) { PEMDecryptorProvider provider = new JcePEMDecryptorProviderBuilder().build(pwd); return keyConverter.getKeyPair(((PEMEncryptedKeyPair) object).decryptKeyPair(provider)) .getPrivate(); } else if (object instanceof PEMKeyPair) { return keyConverter.getKeyPair((PEMKeyPair) object).getPrivate(); } } catch (Throwable t) { logger.error(MSG(R.F, "readPrivateKey", t.getMessage()), t); } return null; }
From source file:com.gitblit.transport.ssh.FileKeyPairProvider.java
License:Apache License
protected KeyPair doLoadKey(String file) { try {/*from ww w. j a v a2 s .co m*/ PEMParser r = new PEMParser(new InputStreamReader(new FileInputStream(file))); try { Object o = r.readObject(); JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter(); pemConverter.setProvider("BC"); if (passwordFinder != null && o instanceof PEMEncryptedKeyPair) { JcePEMDecryptorProviderBuilder decryptorBuilder = new JcePEMDecryptorProviderBuilder(); PEMDecryptorProvider pemDecryptor = decryptorBuilder.build(passwordFinder.getPassword()); o = pemConverter.getKeyPair(((PEMEncryptedKeyPair) o).decryptKeyPair(pemDecryptor)); } if (o instanceof PEMKeyPair) { o = pemConverter.getKeyPair((PEMKeyPair) o); return (KeyPair) o; } else if (o instanceof KeyPair) { return (KeyPair) o; } } finally { r.close(); } } catch (Exception e) { log.warn("Unable to read key " + file, e); } return null; }
From source file:com.github.ibole.infrastructure.security.jwt.auth0.Auth0Utils.java
License:Apache License
private PrivateKey decryptPrivateKey(JWTEncryptionPreferences preferences) throws TokenHandlingException { PrivateKey decryptedPrivateKey; try {/*w w w . j a v a 2s .c om*/ PEMParser keyReader = new PEMParser(new StringReader(preferences.getPrivateKey())); Object keyPair = keyReader.readObject(); keyReader.close(); if (keyPair instanceof PEMEncryptedKeyPair) { JcePEMDecryptorProviderBuilder builder = new JcePEMDecryptorProviderBuilder(); PEMDecryptorProvider decryptionProvider = builder .build(preferences.getPrivateKeyPassword().toCharArray()); keyPair = ((PEMEncryptedKeyPair) keyPair).decryptKeyPair(decryptionProvider); } PrivateKeyInfo keyInfo = ((PEMKeyPair) keyPair).getPrivateKeyInfo(); decryptedPrivateKey = (new JcaPEMKeyConverter()).getPrivateKey(keyInfo); } catch (IOException e) { throw new TokenHandlingException("Error parsing private key for Box Developer Edition.", e); } return decryptedPrivateKey; }
From source file:com.google.examples.JOSEToolBase.java
License:Apache License
public static PrivateKey decodePrivateKey(String privateKeyString, String password) throws KeyParseException { try {/*from w w w .j av a2 s . co m*/ JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC"); privateKeyString = reformIndents(privateKeyString); PEMParser pemParser = new PEMParser(new StringReader(privateKeyString)); Object object = pemParser.readObject(); if (object == null) { throw new KeyParseException("unable to read anything when decoding private key"); } KeyPair kp = null; //LOGGER.info(String.format("decodePrivateKey, %s", object.getClass().getName())); if (object instanceof PKCS8EncryptedPrivateKeyInfo) { // produced by "openssl genpkey" or the series of commands reqd to sign an ec key //LOGGER.info("decodePrivateKey, encrypted PrivateKeyInfo"); PKCS8EncryptedPrivateKeyInfo pkcs8EncryptedPrivateKeyInfo = (PKCS8EncryptedPrivateKeyInfo) object; JceOpenSSLPKCS8DecryptorProviderBuilder decryptorProviderBuilder = new JceOpenSSLPKCS8DecryptorProviderBuilder(); InputDecryptorProvider decryptorProvider = decryptorProviderBuilder.build(password.toCharArray()); PrivateKeyInfo privateKeyInfo = pkcs8EncryptedPrivateKeyInfo .decryptPrivateKeyInfo(decryptorProvider); return (PrivateKey) converter.getPrivateKey(privateKeyInfo); } if (object instanceof PrivateKeyInfo) { // produced by openssl genpkey without encryption return (PrivateKey) converter.getPrivateKey((PrivateKeyInfo) object); } if (object instanceof PEMEncryptedKeyPair) { // produced by "openssl genrsa" or "openssl ec -genkey" // LOGGER.info("decodePrivateKey, encrypted keypair"); PEMEncryptedKeyPair encryptedKeyPair = (PEMEncryptedKeyPair) object; PEMDecryptorProvider decryptorProvider = new JcePEMDecryptorProviderBuilder() .build(password.toCharArray()); kp = converter.getKeyPair(encryptedKeyPair.decryptKeyPair(decryptorProvider)); } else if (object instanceof PEMKeyPair) { //LOGGER.info("decodePrivateKey, un-encrypted keypair"); PEMKeyPair unencryptedKeyPair = (PEMKeyPair) object; kp = converter.getKeyPair(unencryptedKeyPair); } else { //LOGGER.error("decodePrivateKey, unknown object type {}", object.getClass().getName()); throw new KeyParseException("unknown object type when decoding private key"); } return (PrivateKey) kp.getPrivate(); } catch (KeyParseException exc0) { throw exc0; } catch (Exception exc1) { throw new KeyParseException("cannot instantiate private key", exc1); } }
From source file:com.hypersocket.certs.X509CertificateUtils.java
License:Open Source License
public static KeyPair loadKeyPairFromPEM(InputStream keyfile, char[] passphrase) throws InvalidPassphraseException, CertificateException, FileFormatException { PEMParser parser = new PEMParser(new InputStreamReader(keyfile)); JcaPEMKeyConverter converter = new JcaPEMKeyConverter(); try {// w ww . jav a 2 s.com Object privatekey = parser.readObject(); if (privatekey instanceof PEMEncryptedKeyPair) { try { privatekey = ((PEMEncryptedKeyPair) privatekey) .decryptKeyPair(new JcePEMDecryptorProviderBuilder().build(passphrase)); } catch (Exception e) { throw new InvalidPassphraseException(e); } } else if (privatekey instanceof PKCS8EncryptedPrivateKeyInfo) { try { privatekey = converter .getPrivateKey(((PKCS8EncryptedPrivateKeyInfo) privatekey).decryptPrivateKeyInfo( new JceOpenSSLPKCS8DecryptorProviderBuilder().build(passphrase))); } catch (Exception e) { throw new InvalidPassphraseException(e); } } if (privatekey instanceof PEMKeyPair) { return loadKeyPair((PEMKeyPair) privatekey); } else if (privatekey instanceof RSAPrivateCrtKey) { return loadKeyPair((RSAPrivateCrtKey) privatekey); } else if (privatekey instanceof PrivateKeyInfo) { PrivateKeyInfo i = (PrivateKeyInfo) privatekey; PrivateKey prv = converter.getPrivateKey(i); if (prv instanceof RSAPrivateCrtKey) { return loadKeyPair((RSAPrivateCrtKey) prv); } else { throw new FileFormatException("Unsupported private key type"); } } else { throw new FileFormatException( "The file doesn't seem to have any supported key types obj=" + privatekey); } } catch (IOException ex) { throw new CertificateException("Failed to read from key file", ex); } finally { try { parser.close(); } catch (IOException e) { } } }
From source file:com.jcs_java_sdk.Utils.java
License:Open Source License
public static PrivateKey readPrivateKey(String privateKeyPath, String keyPassword) throws IOException { FileReader fileReader = new FileReader(privateKeyPath); PEMParser keyReader = new PEMParser(fileReader); JcaPEMKeyConverter converter = new JcaPEMKeyConverter(); PEMDecryptorProvider decryptionProv = new JcePEMDecryptorProviderBuilder().build(keyPassword.toCharArray()); Object keyPair = keyReader.readObject(); PrivateKeyInfo keyInfo;/*from w w w .j a v a2 s .com*/ if (keyPair instanceof PEMEncryptedKeyPair) { PEMKeyPair decryptedKeyPair = ((PEMEncryptedKeyPair) keyPair).decryptKeyPair(decryptionProv); keyInfo = decryptedKeyPair.getPrivateKeyInfo(); } else { keyInfo = ((PEMKeyPair) keyPair).getPrivateKeyInfo(); } keyReader.close(); return converter.getPrivateKey(keyInfo); }
From source file:com.joyent.http.signature.KeyPairLoader.java
License:Open Source License
/** * Read KeyPair from an input stream, optionally using password and desired Security Provider. Most implementations * should continue calling the one and two-argument methods * * @param is private key content as a stream * @param password password associated with key * @param provider security provider to use when loading the key * @return public/private keypair object * @throws IOException If unable to read the private key from the string *//*from w w w . j a v a 2s . c o m*/ public static KeyPair getKeyPair(final InputStream is, final char[] password, final DesiredSecurityProvider provider) throws IOException { final Object pemObject; try (InputStreamReader isr = new InputStreamReader(is, StandardCharsets.US_ASCII); BufferedReader br = new BufferedReader(isr); PEMParser pemParser = new PEMParser(br)) { pemObject = pemParser.readObject(); } final PEMKeyPair pemKeyPair; if (pemObject instanceof PEMEncryptedKeyPair) { if (password == null) { throw new KeyLoadException("Loaded key is encrypted but no password was supplied."); } final PEMDecryptorProvider decryptorProvider = new JcePEMDecryptorProviderBuilder().build(password); final PEMEncryptedKeyPair encryptedPemObject = ((PEMEncryptedKeyPair) pemObject); pemKeyPair = encryptedPemObject.decryptKeyPair(decryptorProvider); } else if (pemObject instanceof PEMKeyPair) { if (password != null) { throw new KeyLoadException("Loaded key is not encrypted but a password was supplied."); } pemKeyPair = (PEMKeyPair) pemObject; } else if (pemObject == null) { throw new KeyLoadException("Failed to load PEM object, please verify the input is a private key"); } else { throw new KeyLoadException("Unexpected PEM object loaded: " + pemObject.getClass().getCanonicalName()); } // throw if the user has specifically requested NSS and it is unavailable if (provider != null && provider.equals(DesiredSecurityProvider.NSS) && CONVERTER_PKCS11_NSS == null) { throw new KeyLoadException(PROVIDER_PKCS11_NSS + " provider requested but unavailable. " + "Is java.security configured correctly?"); } // Attempt to load with NSS if it is available and requested (or no provider was specified) final boolean attemptPKCS11NSS = provider == null || provider.equals(DesiredSecurityProvider.NSS); if (CONVERTER_PKCS11_NSS != null && attemptPKCS11NSS) { return CONVERTER_PKCS11_NSS.getKeyPair(pemKeyPair); } return CONVERTER_BOUNCY_CASTLE.getKeyPair(pemKeyPair); }