List of usage examples for org.bouncycastle.openssl PasswordFinder PasswordFinder
PasswordFinder
From source file:brooklyn.util.crypto.SecureKeys.java
License:Apache License
public static KeyPair readPem(InputStream input, final String passphrase) { try {//from w w w.ja v a 2 s.co m Security.addProvider(new BouncyCastleProvider()); PEMReader pr = new PEMReader(new InputStreamReader(input), new PasswordFinder() { public char[] getPassword() { return passphrase != null ? passphrase.toCharArray() : new char[0]; } }); KeyPair result = (KeyPair) pr.readObject(); pr.close(); return result; } catch (Exception e) { throw Throwables.propagate(e); } }
From source file:com.alu.e3.gateway.config.certshuffle.KeyListener.java
License:Apache License
private void doKeyStoreUpdate(DataEntryEvent<String, Key> event) { final Key key = event.getValue(); Certificate cert = null;/*from ww w . j a v a2 s .c om*/ if (key.getActiveCertId() != null && key.getActiveCertId().length() > 0) { try { cert = dataManager.getCertById(key.getActiveCertId()); } catch (InvalidIDException e) { LOG.error("Certificate not found " + key.getActiveCertId(), e); throw new RuntimeException("Certificate not found " + key.getActiveCertId()); } } if (cert == null) { // A key has been uploaded without a certificate. Don't add it to the keystore. // This is a standard use-case. Don't error. return; } PrivateKey jkey = null; java.security.cert.Certificate jcert = null; try { PasswordFinder passwordFinder = null; if (key.getKeyPassphrase() != null) { passwordFinder = new PasswordFinder() { @Override public char[] getPassword() { return key.getKeyPassphrase().toCharArray(); } }; } PEMReader pemr = new PEMReader(new StringReader(key.getData()), passwordFinder); Object pemobj = pemr.readObject(); if (pemobj instanceof KeyPair) { jkey = ((KeyPair) pemobj).getPrivate(); } else if (pemobj instanceof PrivateKey) { jkey = (PrivateKey) pemobj; } else { LOG.error("The PEM object in Key " + key.getId() + " is not a Private Key"); throw new RuntimeException("The PEM object in Key " + key.getId() + " is not a Private Key"); } } catch (IOException e) { LOG.error("Failed to read Key " + key.getId() + " data.", e); throw new RuntimeException("Failed to read Key " + key.getId() + " data."); } try { PEMReader pemr = new PEMReader(new StringReader(cert.getData())); Object pemobj = pemr.readObject(); if (pemobj instanceof java.security.cert.Certificate) { jcert = (java.security.cert.Certificate) pemobj; } else { LOG.error("The PEM object in Certificate " + cert.getId() + " is not a Certificate"); throw new RuntimeException( "The PEM object in Certificate " + cert.getId() + " is not a Certificate"); } } catch (IOException e) { LOG.error("Failed to read Certificate " + cert.getId() + " data.", e); throw new RuntimeException("Failed to read Certificate " + cert.getId() + " data."); } synchronized (keyStoreService) { KeyStore ks = keyStoreService.loadKeyStore(); if (ks == null) { LOG.error("KeyStoreService did not give me my keystore!"); throw new RuntimeException("KeyStoreService did not give me my keystore!"); } try { if (ks.containsAlias(ALIAS)) { ks.deleteEntry(ALIAS); } ks.setKeyEntry(ALIAS, jkey, keyStoreKeyPassword.toCharArray(), (java.security.cert.Certificate[]) Arrays.asList(jcert).toArray()); keyStoreService.saveKeyStore(ks); } catch (KeyStoreException e) { LOG.error("Key not updated", e); throw new RuntimeException("Key not updated"); } } }
From source file:com.amazonaws.service.iot.mqttloadapp.SslUtil.java
License:Open Source License
public static SSLSocketFactory getSocketFactory(final String caCrtFile, final String crtFile, final String keyFile, final String password) throws Exception { Security.addProvider(new BouncyCastleProvider()); // load CA certificate PEMReader reader = new PEMReader( new InputStreamReader(new ByteArrayInputStream(getBytesFromFile(caCrtFile)))); X509Certificate caCert = (X509Certificate) reader.readObject(); reader.close();//from ww w. j ava 2 s .c o m // load client certificate reader = new PEMReader(new InputStreamReader(new ByteArrayInputStream(getBytesFromFile(crtFile)))); X509Certificate cert = (X509Certificate) reader.readObject(); reader.close(); // load client private key reader = new PEMReader(new InputStreamReader(new ByteArrayInputStream(getBytesFromFile(keyFile))), new PasswordFinder() { @Override public char[] getPassword() { return password.toCharArray(); } }); KeyPair key = (KeyPair) reader.readObject(); reader.close(); // CA certificate is used to authenticate server KeyStore caKs = KeyStore.getInstance(KeyStore.getDefaultType()); caKs.load(null, null); caKs.setCertificateEntry("ca-certificate", caCert); TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(caKs); // client key and certificates are sent to server so it can authenticate us KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(null, null); ks.setCertificateEntry("certificate", cert); ks.setKeyEntry("private-key", key.getPrivate(), password.toCharArray(), new java.security.cert.Certificate[] { cert }); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(ks, password.toCharArray()); // finally, create SSL socket factory SSLContext context = SSLContext.getInstance(System.getProperty("tlsversion", "TLSv1.2")); context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); return context.getSocketFactory(); }
From source file:com.cloudbees.jenkins.plugins.sshagent.jna.JNRRemoteAgent.java
License:Open Source License
/** * {@inheritDoc}/*from w w w . ja v a2s . c o m*/ */ public void addIdentity(String privateKey, final String passphrase, String comment) throws IOException { if (!SecurityUtils.isBouncyCastleRegistered()) { SecurityUtils.setRegisterBouncyCastle(true); if (!SecurityUtils.isBouncyCastleRegistered()) { throw new IllegalStateException("BouncyCastle must be registered as a JCE provider"); } } try { PEMReader r = new PEMReader(new StringReader(privateKey), passphrase == null ? null : new PasswordFinder() { public char[] getPassword() { return passphrase.toCharArray(); } }); try { Object o = r.readObject(); if (o instanceof KeyPair) { agent.getAgent().addIdentity((KeyPair) o, comment); } } finally { r.close(); } } catch (Exception e) { listener.getLogger().println(Messages.SSHAgentBuildWrapper_UnableToReadKey(e.getMessage())); e.printStackTrace(listener.getLogger()); } }
From source file:com.cloudbees.jenkins.plugins.sshagent.mina.MinaRemoteAgent.java
License:Open Source License
/** * {@inheritDoc}// ww w . j av a 2s.com */ public void addIdentity(String privateKey, final String passphrase, String comment) throws IOException { if (!SecurityUtils.isBouncyCastleRegistered()) { SecurityUtils.setRegisterBouncyCastle(true); if (!SecurityUtils.isBouncyCastleRegistered()) { throw new IllegalStateException("BouncyCastle must be registered as a JCE provider"); } } try { PEMReader r = new PEMReader(new StringReader(privateKey), passphrase == null ? null : new PasswordFinder() { public char[] getPassword() { return passphrase.toCharArray(); } }); try { Object o = r.readObject(); if (o instanceof KeyPair) { agent.getAgent().addIdentity((KeyPair) o, comment); } } finally { r.close(); } } catch (Exception e) { e.printStackTrace(listener.error(Messages.SSHAgentBuildWrapper_UnableToReadKey(e.getMessage()))); } }
From source file:com.github.trask.sandbox.ec2.Ec2Service.java
License:Apache License
private void createKeyPair(String keyName, String privateKeyPath) throws FileNotFoundException, JSchException, IOException { if (!new File(privateKeyPath).exists()) { generateKey(privateKeyPath, keyName); }// w ww . j a v a2 s . co m Reader r = new BufferedReader(new StringReader(FileUtils.readFileToString(new File(privateKeyPath)))); PEMReader pem = new PEMReader(r, new PasswordFinder() { public char[] getPassword() { // this will get called if the private key is password protected // TODO deal with this here/elsewhere? throw new PasswordNotSupportedException(); } }); java.security.KeyPair pair = (java.security.KeyPair) pem.readObject(); String publicKey = StringUtils.newStringIso8859_1(Base64.encodeBase64(pair.getPublic().getEncoded())); deleteKeyPairIfExists(keyName); ImportKeyPairRequest request = new ImportKeyPairRequest(keyName, publicKey); ec2.importKeyPair(request); }
From source file:de.zib.gndms.kit.access.myproxyext.ExtMyProxy.java
License:Apache License
/** * Retrieves delegated credentials from the MyProxy server. * * @param credential //from w w w .j a va2 s .c om * The local GSI credentials to use for authentication. * Can be set to null if no local credentials. * @param params * The parameters for the get operation. * @return GSSCredential * The retrieved delegated credentials. * @exception MyProxyException * If an error occurred during the operation. */ public GSSCredential retrieve(GSSCredential credential, final GetParams params) throws MyProxyException { if (params == null) { throw new IllegalArgumentException("params == null"); } if (credential == null) { try { credential = getAnonymousCredential(); } catch (GSSException e) { throw new MyProxyException("Failed to create anonymous credentials", e); } } String msg = params.makeRequest(); Socket gsiSocket = null; OutputStream out = null; InputStream in = null; try { gsiSocket = getSocket(credential); if (credential.getName().isAnonymous()) { this.context.requestAnonymity(true); } out = gsiSocket.getOutputStream(); in = gsiSocket.getInputStream(); // send message out.write(msg.getBytes()); out.flush(); if (logger.isDebugEnabled()) { logger.debug("Req sent:" + params); } // may require authz handshake / without trustedroots handleReply(in, out, params.getAuthzCreds(), false); // start delegation - generate key pair KeyPair keyPair = CertUtil.generateKeyPair("RSA", DEFAULT_KEYBITS); BouncyCastleCertProcessingFactory certFactory = BouncyCastleCertProcessingFactory.getDefault(); byte[] req = null; if (credential.getName().isAnonymous()) { req = certFactory.createCertificateRequest("CN=ignore", keyPair); } else { GlobusGSSCredentialImpl pkiCred = (GlobusGSSCredentialImpl) credential; req = certFactory.createCertificateRequest(pkiCred.getCertificateChain()[0], keyPair); } // send the request to server out.write(req); out.flush(); // read the number of certificates // int size = in.read(); // if (logger.isDebugEnabled()) { // logger.debug("Reading " + size + " certs"); // } // X509Certificate [] chain = new X509Certificate[size]; // ---------- CUSTOM PART START ---------- ArrayList<X509Certificate> chain = new ArrayList<X509Certificate>(1); PEMReader pemReader = new PEMReader(new InputStreamReader(in), new PasswordFinder() { @Override public char[] getPassword() { return params.getPassphrase().toCharArray(); } }); Object obj; while ((obj = pemReader.readObject()) != null) { if (obj instanceof X509Certificate) { X509Certificate cert = (X509Certificate) obj; chain.add(cert); } else if (obj instanceof KeyPair) { keyPair = (KeyPair) obj; } else logger.debug("unhandled token: " + obj.getClass().getName()); } // ---------- CUSTOM PART END ---------- // // for (int i=0;i<size;i++) { // chain[i] = certFactory.loadCertificate(in); // System.out.println("Received cert: " + chain[i].getSubjectDN()); // // DEBUG: display the cert names // if (logger.isDebugEnabled()) { // logger.debug("Received cert: " + chain[i].getSubjectDN()); // } // } // // // get the response // handleReply(in); // // make sure the private key belongs to the right public key // currently only works with RSA keys RSAPublicKey pkey = (RSAPublicKey) chain.get(0).getPublicKey(); RSAPrivateKey prkey = (RSAPrivateKey) keyPair.getPrivate(); if (!pkey.getModulus().equals(prkey.getModulus())) { throw new MyProxyException("Private/Public key mismatch!"); } GlobusCredential newCredential = null; newCredential = new GlobusCredential(keyPair.getPrivate(), chain.toArray(new X509Certificate[chain.size()])); return new GlobusGSSCredentialImpl(newCredential, GSSCredential.INITIATE_AND_ACCEPT); } catch (Exception e) { throw new MyProxyException("MyProxy get failed.", e); } finally { // close socket close(out, in, gsiSocket); } }
From source file:edu.vt.middleware.crypt.util.PemHelper.java
License:Open Source License
/** * Decodes the given private key from PEM format. * * @param pemKey PEM-encoded private key text to decode. * @param password Optional password that is used to decrypt private key * using DESEDE algorithm when specified. * * @return Private key./*w w w. ja va 2 s.co m*/ * * @throws IOException On decoding error. */ public static PrivateKey decodeKey(final String pemKey, final char[] password) throws IOException { PEMReader reader; if (password == null || password.length == 0) { reader = new PEMReader(new StringReader(pemKey)); } else { reader = new PEMReader(new StringReader(pemKey), new PasswordFinder() { public char[] getPassword() { return password; } }); } final KeyPair keyPair = (KeyPair) reader.readObject(); if (keyPair != null) { return keyPair.getPrivate(); } else { throw new IOException("Error decoding private key."); } }
From source file:hudson.plugins.ec2.EC2AxisPrivateKey.java
License:Open Source License
/** * Obtains the fingerprint of the key in the "ab:cd:ef:...:12" format. *//*w w w . ja v a2 s.c o m*/ public String getFingerprint() throws IOException { Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); @SuppressWarnings("deprecation") Reader r = new BufferedReader(new StringReader(privateKey.toString())); @SuppressWarnings("resource") PEMReader pem = new PEMReader(r, new PasswordFinder() { public char[] getPassword() { throw PRIVATE_KEY_WITH_PASSWORD; } }); try { KeyPair pair = (KeyPair) pem.readObject(); if (pair == null) return null; PrivateKey key = pair.getPrivate(); return digest(key); } catch (RuntimeException e) { if (e == PRIVATE_KEY_WITH_PASSWORD) throw new IOException("This private key is password protected, which isn't supported yet"); throw e; } }
From source file:hudson.plugins.ec2.EC2PrivateKey.java
License:Open Source License
/** * Obtains the fingerprint of the key in the "ab:cd:ef:...:12" format. *///from w ww . j a va2 s .c om public String getFingerprint() throws IOException { Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); Reader r = new BufferedReader(new StringReader(privateKey.toString())); PEMReader pem = new PEMReader(r, new PasswordFinder() { public char[] getPassword() { throw PRIVATE_KEY_WITH_PASSWORD; } }); try { KeyPair pair = (KeyPair) pem.readObject(); if (pair == null) return null; PrivateKey key = pair.getPrivate(); return digest(key); } catch (RuntimeException e) { if (e == PRIVATE_KEY_WITH_PASSWORD) throw new IOException("This private key is password protected, which isn't supported yet"); throw e; } }