List of usage examples for org.bouncycastle.openssl PasswordFinder getPassword
public char[] getPassword();
From source file:net.sf.portecle.crypto.KeyStoreUtil.java
License:Open Source License
/** * Load keystore entries from PEM reader into a new PKCS #12 keystore. The reader is not closed. * // w w w . j a v a2 s.com * @param reader reader to read entries from * @param pwFinder object to get passwords from on demand * @return new PKCS #12 keystore containing read entries, possibly empty * @throws CryptoException Problem encountered creating the keystore * @throws IOException An I/O error occurred */ public static KeyStore loadEntries(PEMParser reader, PasswordFinder pwFinder) throws CertificateException, CryptoException, IOException { LinkedHashSet<KeyPair> keyPairs = new LinkedHashSet<>(); LinkedHashSet<Certificate> certs = new LinkedHashSet<>(); KeyStore keyStore = createKeyStore(KeyStoreType.PKCS12); CertificateFactory cf = CertificateFactory.getInstance(X509CertUtil.X509_CERT_TYPE); JcaPEMKeyConverter keyConverter = new JcaPEMKeyConverter(); Object obj; while ((obj = reader.readObject()) != null) { if (obj instanceof PEMEncryptedKeyPair) { PEMDecryptorProvider decryptor = new JcePEMDecryptorProviderBuilder().build(pwFinder.getPassword()); obj = ((PEMEncryptedKeyPair) obj).decryptKeyPair(decryptor); } if (obj instanceof PEMKeyPair) { keyPairs.add(keyConverter.getKeyPair((PEMKeyPair) obj)); } else if (obj instanceof X509CertificateHolder) { ByteArrayInputStream bais = new ByteArrayInputStream(((X509CertificateHolder) obj).getEncoded()); certs.add(cf.generateCertificate(bais)); } } // Add key pairs for (KeyPair keyPair : keyPairs) { Certificate keyPairCert = null; for (Iterator<Certificate> it = certs.iterator(); it.hasNext();) { Certificate cert = it.next(); if (cert.getPublicKey().equals(keyPair.getPublic())) { keyPairCert = cert; it.remove(); break; } } if (keyPairCert != null) { String alias = "keypair"; if (keyPairCert instanceof X509Certificate) { alias = X509CertUtil.getCertificateAlias((X509Certificate) keyPairCert); } KeyStore.PrivateKeyEntry entry = new KeyStore.PrivateKeyEntry(keyPair.getPrivate(), new Certificate[] { keyPairCert }); KeyStore.PasswordProtection prot = new KeyStore.PasswordProtection(DUMMY_PASSWORD); try { alias = findUnusedAlias(keyStore, alias); keyStore.setEntry(alias, entry, prot); } catch (KeyStoreException e) { throw new CryptoException(e); } } } // Add remaining certificates as trusted certificate entries for (Certificate cert : certs) { String alias = "certificate"; if (cert instanceof X509Certificate) { alias = X509CertUtil.getCertificateAlias((X509Certificate) cert); } KeyStore.TrustedCertificateEntry entry = new KeyStore.TrustedCertificateEntry(cert); try { keyStore.setEntry(alias, entry, null); } catch (KeyStoreException e) { throw new CryptoException(e); } } return keyStore; }
From source file:org.italiangrid.voms.credential.impl.AbstractLoadCredentialsStrategy.java
License:Apache License
/** * Loads a PCKS12 X.509 credential and notifies the registered * {@link LoadCredentialsEventListener} of the load operation outcome. * // w w w .j ava2 s .c o m * @param pkcs12FilePath * the path to the pkcs12 credential * @param pf * a {@link PasswordFinder} used to resolve the private key password * @return the loaded {@link X509Credential}, or <code>null</code> if the * credential couldn't be loaded */ protected X509Credential loadPKCS12Credential(String pkcs12FilePath, PasswordFinder pf) { KeystoreCredential cred = null; listener.notifyCredentialLookup(pkcs12FilePath); if (fileExistsAndIsReadable(pkcs12FilePath)) { char[] keyPassword = pf.getPassword(); try { FilePermissionHelper.checkPKCS12Permissions(pkcs12FilePath); cred = new KeystoreCredential(pkcs12FilePath, keyPassword, keyPassword, null, "PKCS12"); listener.notifyLoadCredentialSuccess(pkcs12FilePath); } catch (Throwable t) { listener.notifyLoadCredentialFailure(t, pkcs12FilePath); } } else listener.notifyLoadCredentialFailure(new FileNotFoundException(pkcs12FilePath + " (cannot read file)"), pkcs12FilePath); return cred; }