List of usage examples for org.bouncycastle.openssl.jcajce JcePEMEncryptorBuilder build
public PEMEncryptor build(final char[] password)
From source file:co.lqnt.lockbox.key.PrivateKey.java
License:Open Source License
/** * Get this key as an encrypted PEM formatted string. * * @param password A password to encrypt the PEM data with. * @param encryptorBuilder The encryptor builder to use. * @param stringWriterFactory The string writer factory to use. * @param pemWriterFactory The PEM writer factory to use. * * @return The PEM formatted key./*from ww w . jav a 2 s . co m*/ */ public String toPem(final String password, final JcePEMEncryptorBuilder encryptorBuilder, final StringWriterFactoryInterface stringWriterFactory, final PemWriterFactoryInterface pemWriterFactory) { PEMEncryptor encryptor = null; if (null != password) { encryptor = encryptorBuilder.build(password.toCharArray()); } StringWriter stringWriter = stringWriterFactory.create(); PEMWriter pemWriter = pemWriterFactory.create(stringWriter); IOException error = null; try { if (null == encryptor) { pemWriter.writeObject(this.bcPrivateKeyInfo()); } else { pemWriter.writeObject(this.bcPrivateKeyInfo(), encryptor); } } catch (IOException e) { error = e; } try { pemWriter.close(); } catch (IOException e) { if (null == error) { error = e; } } try { stringWriter.close(); } catch (IOException e) { if (null == error) { error = e; } } if (null != error) { throw new RuntimeException(error); } return stringWriter.toString(); }
From source file:com.aqnote.shared.cryptology.cert.io.PKCSTransformer.java
License:Open Source License
public static String getKeyFileString(PrivateKey privKey, char[] pwd) throws Exception { CircularByteBuffer cbb = new CircularByteBuffer(CircularByteBuffer.INFINITE_SIZE); PEMWriter pemWriter = new PEMWriter(new PrintWriter(cbb.getOutputStream())); cbb.getOutputStream().flush();/*from w ww . j av a2 s . c om*/ cbb.getOutputStream().close(); if (pwd != null) { JcePEMEncryptorBuilder encryptorBuilder = new JcePEMEncryptorBuilder(DES_EDE3_CBC); encryptorBuilder.setProvider(JCE_PROVIDER); encryptorBuilder.setSecureRandom(new SecureRandom()); pemWriter.writeObject(privKey, encryptorBuilder.build(pwd)); } else { pemWriter.writeObject(privKey); } pemWriter.flush(); pemWriter.close(); String keyFile = StreamUtil.stream2Bytes(cbb.getInputStream(), StandardCharsets.UTF_8); cbb.getInputStream().close(); cbb.clear(); return keyFile; }
From source file:com.aqnote.shared.cryptology.cert.io.PKCSWriter.java
License:Open Source License
private static void storePem(Object obj, OutputStream ostream, char[] pwd) throws Exception { if (obj == null || ostream == null) return;//from w w w . j a va 2 s .c om PEMWriter pemWriter = new PEMWriter(new PrintWriter(ostream)); if (pwd == null) { pemWriter.writeObject(obj); } else { JcePEMEncryptorBuilder encryptorBuilder = new JcePEMEncryptorBuilder(DES_EDE3_CBC) .setProvider(JCE_PROVIDER).setSecureRandom(new SecureRandom()); pemWriter.writeObject(obj, encryptorBuilder.build(pwd)); } pemWriter.flush(); pemWriter.close(); }
From source file:com.aqnote.shared.cryptology.cert.io.PKCSWriter.java
License:Open Source License
private static void storePem(Object[] obj, OutputStream ostream, char[] pwd) throws Exception { if (obj == null || ostream == null) return;//from www .ja v a 2s . c o m PEMWriter pemWriter = new PEMWriter(new PrintWriter(ostream)); for (int i = 0; i < obj.length; i++) { if (obj[i] == null) continue; if (pwd == null) { pemWriter.writeObject(obj[i]); } else { JcePEMEncryptorBuilder encryptorBuilder = new JcePEMEncryptorBuilder(DES_EDE3_CBC) .setProvider(JCE_PROVIDER).setSecureRandom(new SecureRandom()); pemWriter.writeObject(obj, encryptorBuilder.build(pwd)); } } pemWriter.flush(); pemWriter.close(); }
From source file:com.gitblit.utils.X509Utils.java
License:Apache License
/** * Creates a new client certificate PKCS#12 and PEM store. Any existing * stores are destroyed.// ww w .j av a 2 s . co m * * @param clientMetadata a container for dynamic parameters needed for generation * @param caKeystoreFile * @param caKeystorePassword * @param targetFolder * @return */ public static X509Certificate newClientCertificate(X509Metadata clientMetadata, PrivateKey caPrivateKey, X509Certificate caCert, File targetFolder) { try { KeyPair pair = newKeyPair(); X500Name userDN = buildDistinguishedName(clientMetadata); X500Name issuerDN = new X500Name(PrincipalUtil.getIssuerX509Principal(caCert).getName()); // create a new certificate signed by the Gitblit CA certificate X509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(issuerDN, BigInteger.valueOf(System.currentTimeMillis()), clientMetadata.notBefore, clientMetadata.notAfter, userDN, pair.getPublic()); JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils(); certBuilder.addExtension(X509Extension.subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(pair.getPublic())); certBuilder.addExtension(X509Extension.basicConstraints, false, new BasicConstraints(false)); certBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(caCert.getPublicKey())); certBuilder.addExtension(X509Extension.keyUsage, true, new KeyUsage(KeyUsage.keyEncipherment | KeyUsage.digitalSignature)); if (!StringUtils.isEmpty(clientMetadata.emailAddress)) { GeneralNames subjectAltName = new GeneralNames( new GeneralName(GeneralName.rfc822Name, clientMetadata.emailAddress)); certBuilder.addExtension(X509Extension.subjectAlternativeName, false, subjectAltName); } ContentSigner signer = new JcaContentSignerBuilder(SIGNING_ALGORITHM).setProvider(BC) .build(caPrivateKey); X509Certificate userCert = new JcaX509CertificateConverter().setProvider(BC) .getCertificate(certBuilder.build(signer)); PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier) pair.getPrivate(); bagAttr.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, extUtils.createSubjectKeyIdentifier(pair.getPublic())); // confirm the validity of the user certificate userCert.checkValidity(); userCert.verify(caCert.getPublicKey()); userCert.getIssuerDN().equals(caCert.getSubjectDN()); // verify user certificate chain verifyChain(userCert, caCert); targetFolder.mkdirs(); // save certificate, stamped with unique name String date = new SimpleDateFormat("yyyyMMdd").format(new Date()); String id = date; File certFile = new File(targetFolder, id + ".cer"); int count = 0; while (certFile.exists()) { id = date + "_" + Character.toString((char) (0x61 + count)); certFile = new File(targetFolder, id + ".cer"); count++; } // save user private key, user certificate and CA certificate to a PKCS#12 store File p12File = new File(targetFolder, clientMetadata.commonName + ".p12"); if (p12File.exists()) { p12File.delete(); } KeyStore userStore = openKeyStore(p12File, clientMetadata.password); userStore.setKeyEntry( MessageFormat.format("Gitblit ({0}) {1} {2}", clientMetadata.serverHostname, clientMetadata.userDisplayname, id), pair.getPrivate(), null, new Certificate[] { userCert }); userStore.setCertificateEntry( MessageFormat.format("Gitblit ({0}) Certificate Authority", clientMetadata.serverHostname), caCert); saveKeyStore(p12File, userStore, clientMetadata.password); // save user private key, user certificate, and CA certificate to a PEM store File pemFile = new File(targetFolder, clientMetadata.commonName + ".pem"); if (pemFile.exists()) { pemFile.delete(); } JcePEMEncryptorBuilder builder = new JcePEMEncryptorBuilder("DES-EDE3-CBC"); builder.setSecureRandom(new SecureRandom()); PEMEncryptor pemEncryptor = builder.build(clientMetadata.password.toCharArray()); JcaPEMWriter pemWriter = new JcaPEMWriter(new FileWriter(pemFile)); pemWriter.writeObject(pair.getPrivate(), pemEncryptor); pemWriter.writeObject(userCert); pemWriter.writeObject(caCert); pemWriter.flush(); pemWriter.close(); // save certificate after successfully creating the key stores saveCertificate(userCert, certFile); // update serial number in metadata object clientMetadata.serialNumber = userCert.getSerialNumber().toString(); return userCert; } catch (Throwable t) { throw new RuntimeException("Failed to generate client certificate!", t); } }
From source file:de.carne.certmgr.store.provider.bouncycastle.BouncyCastleStoreProvider.java
License:Open Source License
@Override public String encodePEM(X509Certificate[] crtChain, KeyPair key, PKCS10Object csr, X509CRL crl, PasswordCallback password, String resource) throws IOException, PasswordRequiredException { String encoded;/*from w ww. j a va2 s . c o m*/ try (StringWriter stringWriter = new StringWriter(); JcaPEMWriter pemWriter = new JcaPEMWriter(stringWriter)) { if (key != null) { if (password != null) { String passwordInput = password.queryPassword(resource); if (passwordInput == null) { throw new PasswordRequiredException("Password input cancelled while writing key file"); } JcePEMEncryptorBuilder encryptorBuilder = new JcePEMEncryptorBuilder(PEM_ENCRYPTOR_ALGORTIHM); pemWriter.writeObject(key, encryptorBuilder.build(passwordInput.toCharArray())); } else { pemWriter.writeObject(key); } } if (csr != null) { pemWriter.writeObject(csr.getObject()); } if (crl != null) { pemWriter.writeObject(crl); } if (crtChain != null) { for (X509Certificate crt : crtChain) { pemWriter.writeObject(crt); } } pemWriter.flush(); encoded = stringWriter.toString(); } return encoded; }
From source file:de.carne.certmgr.store.provider.bouncycastle.BouncyCastleStoreProvider.java
License:Open Source License
private void writePEMObject(Path pemFile, Object object, PasswordCallback password, String resource) throws PasswordRequiredException, IOException { String pemData;/* ww w . j a v a 2 s . c o m*/ try (StringWriter stringWriter = new StringWriter(); JcaPEMWriter pemWriter = new JcaPEMWriter(stringWriter)) { if (password != null) { String passwordInput = password.queryPassword(resource); if (passwordInput == null) { throw new PasswordRequiredException("Password input cancelled while writing key file"); } JcePEMEncryptorBuilder encryptorBuilder = new JcePEMEncryptorBuilder(PEM_ENCRYPTOR_ALGORTIHM); pemWriter.writeObject(object, encryptorBuilder.build(passwordInput.toCharArray())); } else { pemWriter.writeObject(object); } pemWriter.flush(); pemData = stringWriter.toString(); } try (Writer fileWriter = Files.newBufferedWriter(pemFile, PEM_CHARSET, StandardOpenOption.WRITE, StandardOpenOption.CREATE, StandardOpenOption.TRUNCATE_EXISTING)) { fileWriter.write(pemData); } }