List of usage examples for org.bouncycastle.openssl.jcajce JcePEMEncryptorBuilder JcePEMEncryptorBuilder
public JcePEMEncryptorBuilder(String algorithm)
From source file:co.lqnt.lockbox.key.PrivateKey.java
License:Open Source License
/** * Get this key as a PEM formatted string. * * @param password A password to encrypt the PEM data with. * * @return The PEM formatted key./*from w w w. j a v a 2 s . c o m*/ */ public String toPem(final String password) { JcePEMEncryptorBuilder encryptorBuilder = new JcePEMEncryptorBuilder("DES-EDE3-CBC"); encryptorBuilder.setProvider(new BouncyCastleProvider()); return this.toPem(password, encryptorBuilder, new StringWriterFactory(), new PemWriterFactory()); }
From source file:com.aqnote.shared.cryptology.cert.io.PKCSTransformer.java
License:Open Source License
public static String getKeyFileString(PrivateKey privKey, char[] pwd) throws Exception { CircularByteBuffer cbb = new CircularByteBuffer(CircularByteBuffer.INFINITE_SIZE); PEMWriter pemWriter = new PEMWriter(new PrintWriter(cbb.getOutputStream())); cbb.getOutputStream().flush();// ww w. j a v a 2 s. c o m cbb.getOutputStream().close(); if (pwd != null) { JcePEMEncryptorBuilder encryptorBuilder = new JcePEMEncryptorBuilder(DES_EDE3_CBC); encryptorBuilder.setProvider(JCE_PROVIDER); encryptorBuilder.setSecureRandom(new SecureRandom()); pemWriter.writeObject(privKey, encryptorBuilder.build(pwd)); } else { pemWriter.writeObject(privKey); } pemWriter.flush(); pemWriter.close(); String keyFile = StreamUtil.stream2Bytes(cbb.getInputStream(), StandardCharsets.UTF_8); cbb.getInputStream().close(); cbb.clear(); return keyFile; }
From source file:com.aqnote.shared.cryptology.cert.io.PKCSWriter.java
License:Open Source License
private static void storePem(Object obj, OutputStream ostream, char[] pwd) throws Exception { if (obj == null || ostream == null) return;/* w w w .j a v a2s. c o m*/ PEMWriter pemWriter = new PEMWriter(new PrintWriter(ostream)); if (pwd == null) { pemWriter.writeObject(obj); } else { JcePEMEncryptorBuilder encryptorBuilder = new JcePEMEncryptorBuilder(DES_EDE3_CBC) .setProvider(JCE_PROVIDER).setSecureRandom(new SecureRandom()); pemWriter.writeObject(obj, encryptorBuilder.build(pwd)); } pemWriter.flush(); pemWriter.close(); }
From source file:com.aqnote.shared.cryptology.cert.io.PKCSWriter.java
License:Open Source License
private static void storePem(Object[] obj, OutputStream ostream, char[] pwd) throws Exception { if (obj == null || ostream == null) return;// w w w.java 2s .c o m PEMWriter pemWriter = new PEMWriter(new PrintWriter(ostream)); for (int i = 0; i < obj.length; i++) { if (obj[i] == null) continue; if (pwd == null) { pemWriter.writeObject(obj[i]); } else { JcePEMEncryptorBuilder encryptorBuilder = new JcePEMEncryptorBuilder(DES_EDE3_CBC) .setProvider(JCE_PROVIDER).setSecureRandom(new SecureRandom()); pemWriter.writeObject(obj, encryptorBuilder.build(pwd)); } } pemWriter.flush(); pemWriter.close(); }
From source file:com.gitblit.utils.X509Utils.java
License:Apache License
/** * Creates a new client certificate PKCS#12 and PEM store. Any existing * stores are destroyed./*w ww . j a v a 2 s . co m*/ * * @param clientMetadata a container for dynamic parameters needed for generation * @param caKeystoreFile * @param caKeystorePassword * @param targetFolder * @return */ public static X509Certificate newClientCertificate(X509Metadata clientMetadata, PrivateKey caPrivateKey, X509Certificate caCert, File targetFolder) { try { KeyPair pair = newKeyPair(); X500Name userDN = buildDistinguishedName(clientMetadata); X500Name issuerDN = new X500Name(PrincipalUtil.getIssuerX509Principal(caCert).getName()); // create a new certificate signed by the Gitblit CA certificate X509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(issuerDN, BigInteger.valueOf(System.currentTimeMillis()), clientMetadata.notBefore, clientMetadata.notAfter, userDN, pair.getPublic()); JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils(); certBuilder.addExtension(X509Extension.subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(pair.getPublic())); certBuilder.addExtension(X509Extension.basicConstraints, false, new BasicConstraints(false)); certBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(caCert.getPublicKey())); certBuilder.addExtension(X509Extension.keyUsage, true, new KeyUsage(KeyUsage.keyEncipherment | KeyUsage.digitalSignature)); if (!StringUtils.isEmpty(clientMetadata.emailAddress)) { GeneralNames subjectAltName = new GeneralNames( new GeneralName(GeneralName.rfc822Name, clientMetadata.emailAddress)); certBuilder.addExtension(X509Extension.subjectAlternativeName, false, subjectAltName); } ContentSigner signer = new JcaContentSignerBuilder(SIGNING_ALGORITHM).setProvider(BC) .build(caPrivateKey); X509Certificate userCert = new JcaX509CertificateConverter().setProvider(BC) .getCertificate(certBuilder.build(signer)); PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier) pair.getPrivate(); bagAttr.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, extUtils.createSubjectKeyIdentifier(pair.getPublic())); // confirm the validity of the user certificate userCert.checkValidity(); userCert.verify(caCert.getPublicKey()); userCert.getIssuerDN().equals(caCert.getSubjectDN()); // verify user certificate chain verifyChain(userCert, caCert); targetFolder.mkdirs(); // save certificate, stamped with unique name String date = new SimpleDateFormat("yyyyMMdd").format(new Date()); String id = date; File certFile = new File(targetFolder, id + ".cer"); int count = 0; while (certFile.exists()) { id = date + "_" + Character.toString((char) (0x61 + count)); certFile = new File(targetFolder, id + ".cer"); count++; } // save user private key, user certificate and CA certificate to a PKCS#12 store File p12File = new File(targetFolder, clientMetadata.commonName + ".p12"); if (p12File.exists()) { p12File.delete(); } KeyStore userStore = openKeyStore(p12File, clientMetadata.password); userStore.setKeyEntry( MessageFormat.format("Gitblit ({0}) {1} {2}", clientMetadata.serverHostname, clientMetadata.userDisplayname, id), pair.getPrivate(), null, new Certificate[] { userCert }); userStore.setCertificateEntry( MessageFormat.format("Gitblit ({0}) Certificate Authority", clientMetadata.serverHostname), caCert); saveKeyStore(p12File, userStore, clientMetadata.password); // save user private key, user certificate, and CA certificate to a PEM store File pemFile = new File(targetFolder, clientMetadata.commonName + ".pem"); if (pemFile.exists()) { pemFile.delete(); } JcePEMEncryptorBuilder builder = new JcePEMEncryptorBuilder("DES-EDE3-CBC"); builder.setSecureRandom(new SecureRandom()); PEMEncryptor pemEncryptor = builder.build(clientMetadata.password.toCharArray()); JcaPEMWriter pemWriter = new JcaPEMWriter(new FileWriter(pemFile)); pemWriter.writeObject(pair.getPrivate(), pemEncryptor); pemWriter.writeObject(userCert); pemWriter.writeObject(caCert); pemWriter.flush(); pemWriter.close(); // save certificate after successfully creating the key stores saveCertificate(userCert, certFile); // update serial number in metadata object clientMetadata.serialNumber = userCert.getSerialNumber().toString(); return userCert; } catch (Throwable t) { throw new RuntimeException("Failed to generate client certificate!", t); } }
From source file:com.joyent.manta.client.MantaClientAuthenticationChangeIT.java
License:Open Source License
private static void swapKeyContentPasswordness(final AuthAwareConfigContext config, final String password) throws IOException, NoSuchProviderException, NoSuchAlgorithmException { Validate.isTrue(config.getMantaKeyPath() == null, "Key path should be null when toggling key content password"); Validate.notBlank(config.getPrivateKeyContent(), "Key content should not be null"); if (password == null) { Validate.notNull(config.getPassword(), "Password removal requested but no password attached"); // removing password throw new AssertionError("Not yet implemented"); }//from ww w .j a v a2 s. c om // adding password // make sure the KeyPair is loaded before we try to serialize it with the provided password Assert.assertNotNull(config.getKeyPair()); final String keyAlgo = config.getKeyPair().getPrivate().getAlgorithm(); // we can only reliably password-protect a keypair if libnss is disabled OR it's an RSA key, otherwise just skip if (ExternalSecurityProviderLoader.getPkcs11Provider() == null || keyAlgo.equals("RSA")) { try (final StringWriter contentWriter = new StringWriter(); final JcaPEMWriter pemWriter = new JcaPEMWriter(contentWriter)) { final JcaMiscPEMGenerator keySerializer = new JcaMiscPEMGenerator(config.getKeyPair().getPrivate(), new JcePEMEncryptorBuilder("AES-128-CBC").setProvider("BC").build(password.toCharArray())); pemWriter.writeObject(keySerializer); pemWriter.flush(); config.setPrivateKeyContent(contentWriter.getBuffer().toString()); } } else { throw new SkipException(String.format( "Unsupported parameters for attaching passphrase: libnss enabled %s, key algorithm: %s", ExternalSecurityProviderLoader.getPkcs11Provider() != null, keyAlgo)); } config.setPassword(password); }
From source file:com.joyent.manta.config.TestConfigContext.java
License:Open Source License
/** * Some test cases need a direct reference to a KeyPair along with it's associated config. Manually calling * KeyPairFactory with a half-baked config can get cumbersome, so let's build a ConfigContext which has * everything ready and supplies the relevant KeyPair. * * @return the generated keypair and a config which uses a serialized version of that keypair *//* w w w . j a v a 2 s . c om*/ public static ImmutablePair<KeyPair, BaseChainedConfigContext> generateKeyPairBackedConfig( final String passphrase) { final KeyPair keyPair; try { keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair(); } catch (final NoSuchAlgorithmException impossible) { throw new Error(impossible); // "RSA" is always provided } final Object keySerializer; if (passphrase != null) { try { keySerializer = new JcaMiscPEMGenerator(keyPair.getPrivate(), new JcePEMEncryptorBuilder("AES-128-CBC").build(passphrase.toCharArray())); } catch (IOException e) { throw new RuntimeException(e); } } else { keySerializer = keyPair.getPrivate(); } final String keyContent; try (final StringWriter content = new StringWriter(); final JcaPEMWriter writer = new JcaPEMWriter(content)) { writer.writeObject(keySerializer); writer.flush(); keyContent = content.toString(); } catch (IOException e) { throw new RuntimeException(e); } final BaseChainedConfigContext config = new ChainedConfigContext(DEFAULT_CONFIG) // we need to unset the key path in case one exists at ~/.ssh/id_rsa // see the static initializer in DefaultsConfigContext .setMantaKeyPath(null).setPrivateKeyContent(keyContent) .setMantaKeyId(KeyFingerprinter.md5Fingerprint(keyPair)); if (passphrase != null) { config.setPassword(passphrase); } return new ImmutablePair<>(keyPair, config); }
From source file:de.carne.certmgr.store.provider.bouncycastle.BouncyCastleStoreProvider.java
License:Open Source License
@Override public String encodePEM(X509Certificate[] crtChain, KeyPair key, PKCS10Object csr, X509CRL crl, PasswordCallback password, String resource) throws IOException, PasswordRequiredException { String encoded;//from www .ja va2 s. c o m try (StringWriter stringWriter = new StringWriter(); JcaPEMWriter pemWriter = new JcaPEMWriter(stringWriter)) { if (key != null) { if (password != null) { String passwordInput = password.queryPassword(resource); if (passwordInput == null) { throw new PasswordRequiredException("Password input cancelled while writing key file"); } JcePEMEncryptorBuilder encryptorBuilder = new JcePEMEncryptorBuilder(PEM_ENCRYPTOR_ALGORTIHM); pemWriter.writeObject(key, encryptorBuilder.build(passwordInput.toCharArray())); } else { pemWriter.writeObject(key); } } if (csr != null) { pemWriter.writeObject(csr.getObject()); } if (crl != null) { pemWriter.writeObject(crl); } if (crtChain != null) { for (X509Certificate crt : crtChain) { pemWriter.writeObject(crt); } } pemWriter.flush(); encoded = stringWriter.toString(); } return encoded; }
From source file:de.carne.certmgr.store.provider.bouncycastle.BouncyCastleStoreProvider.java
License:Open Source License
private void writePEMObject(Path pemFile, Object object, PasswordCallback password, String resource) throws PasswordRequiredException, IOException { String pemData;/*from w w w .j ava 2s . com*/ try (StringWriter stringWriter = new StringWriter(); JcaPEMWriter pemWriter = new JcaPEMWriter(stringWriter)) { if (password != null) { String passwordInput = password.queryPassword(resource); if (passwordInput == null) { throw new PasswordRequiredException("Password input cancelled while writing key file"); } JcePEMEncryptorBuilder encryptorBuilder = new JcePEMEncryptorBuilder(PEM_ENCRYPTOR_ALGORTIHM); pemWriter.writeObject(object, encryptorBuilder.build(passwordInput.toCharArray())); } else { pemWriter.writeObject(object); } pemWriter.flush(); pemData = stringWriter.toString(); } try (Writer fileWriter = Files.newBufferedWriter(pemFile, PEM_CHARSET, StandardOpenOption.WRITE, StandardOpenOption.CREATE, StandardOpenOption.TRUNCATE_EXISTING)) { fileWriter.write(pemData); } }
From source file:net.sf.portecle.FPortecle.java
License:Open Source License
/** * Export the private key and certificates of the keystore entry to a PEM encoded "OpenSSL" format bundle. * /* ww w .jav a2s . co m*/ * @param sEntryAlias Entry alias * @return True if the export is successful, false otherwise */ private boolean exportPrivKeyCertChainPEM(String sEntryAlias) { KeyStore keyStore = m_keyStoreWrap.getKeyStore(); // Get the entry's password (we may already know it from the wrapper) char[] cPassword = m_keyStoreWrap.getEntryPassword(sEntryAlias); if (cPassword == null) { cPassword = KeyStoreUtil.DUMMY_PASSWORD; if (m_keyStoreWrap.getKeyStoreType().isEntryPasswordSupported()) { DGetPassword dGetPassword = new DGetPassword(this, RB.getString("FPortecle.KeyEntryPassword.Title")); dGetPassword.setLocationRelativeTo(this); SwingHelper.showAndWait(dGetPassword); cPassword = dGetPassword.getPassword(); if (cPassword == null) { return false; } } } File fExportFile = null; try { // Get the private key and certificate chain from the entry Key privKey = keyStore.getKey(sEntryAlias, cPassword); Certificate[] certs = keyStore.getCertificateChain(sEntryAlias); // Get a new password to encrypt the private key with DGetNewPassword dGetNewPassword = new DGetNewPassword(this, RB.getString("FPortecle.PrivateKeyExportPassword.Title")); dGetNewPassword.setLocationRelativeTo(this); SwingHelper.showAndWait(dGetNewPassword); char[] password = dGetNewPassword.getPassword(); if (password == null) { return false; } String basename = null; if (certs.length > 0 && certs[0] instanceof X509Certificate) { basename = X509CertUtil.getCertificateAlias((X509Certificate) certs[0]); } if (basename == null || basename.isEmpty()) { basename = sEntryAlias; } // Let the user choose the PEM export file fExportFile = chooseExportPEMFile(basename); if (fExportFile == null) { return false; } if (!confirmOverwrite(fExportFile, getTitle())) { return false; } // Do the export try (JcaPEMWriter pw = new JcaPEMWriter(new FileWriter(fExportFile))) { if (password.length == 0) { pw.writeObject(privKey); } else { // TODO: make algorithm configurable/ask user? String algorithm = "DES-EDE3-CBC"; SecureRandom rand = SecureRandom.getInstance("SHA1PRNG"); PEMEncryptor encryptor = new JcePEMEncryptorBuilder(algorithm).setSecureRandom(rand) .build(password); pw.writeObject(privKey, encryptor); } for (Certificate cert : certs) { pw.writeObject(cert); } } m_lastDir.updateLastDir(fExportFile); return true; } catch (FileNotFoundException ex) { String sMessage = MessageFormat.format(RB.getString("FPortecle.NoWriteFile.message"), fExportFile.getName()); JOptionPane.showMessageDialog(this, sMessage, getTitle(), JOptionPane.WARNING_MESSAGE); return false; } catch (GeneralSecurityException | IOException ex) { DThrowable.showAndWait(this, null, ex); return false; } }