List of usage examples for org.bouncycastle.openssl PEMParser readObject
public Object readObject() throws IOException
From source file:org.jivesoftware.util.CertificateManager.java
License:Open Source License
/** * Imports a new signed certificate and its private key into the keystore. The certificate input * stream may contain the signed certificate as well as its CA chain. * * @param keyStore key store where the certificate will be stored. * @param trustStore key store where ca certificates are stored. * @param keyPassword password of the keystore. * @param alias the alias of the the new signed certificate. * @param pkInputStream the stream containing the private key. * @param passPhrase is the password phrased used when creating the private key. * @param inputStream the stream containing the signed certificate. * @param trustCACerts true if certificates present in the truststore file will be used to verify the * identity of the entity signing the certificate. * @param validateRoot true if you want to verify that the root certificate in the chain can be trusted * based on the truststore.//from w w w . j a v a 2 s . c om * @return true if the certificate was successfully imported. * @throws Exception if no certificates were found in the inputStream. */ public static boolean installCert(KeyStore keyStore, KeyStore trustStore, String keyPassword, String alias, InputStream pkInputStream, final String passPhrase, InputStream inputStream, boolean trustCACerts, boolean validateRoot) throws Exception { // Check that there is a certificate for the specified alias X509Certificate certificate = (X509Certificate) keyStore.getCertificate(alias); if (certificate != null) { Log.warn("Certificate already exists for alias: " + alias); return false; } PEMParser pemParser = new PEMParser(new InputStreamReader(pkInputStream)); Object object = pemParser.readObject(); PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(passPhrase.toCharArray()); JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC"); KeyPair kp; if (object instanceof PEMEncryptedKeyPair) { Log.debug("Encrypted key - we will use provided password"); kp = converter.getKeyPair(((PEMEncryptedKeyPair) object).decryptKeyPair(decProv)); } else { Log.debug("Unencrypted key - no password needed"); kp = converter.getKeyPair((PEMKeyPair) object); } PrivateKey privKey = kp.getPrivate(); // Load certificates found in the PEM input stream List<X509Certificate> certs = new ArrayList<X509Certificate>(); for (Certificate cert : CertificateFactory.getInstance("X509").generateCertificates(inputStream)) { certs.add((X509Certificate) cert); } if (certs.isEmpty()) { throw new Exception("No certificates were found"); } List<X509Certificate> newCerts; if (certs.size() == 1) { // Reply has only one certificate newCerts = establishCertChain(keyStore, trustStore, certificate, certs.get(0), trustCACerts); } else { // Reply has a chain of certificates newCerts = validateReply(keyStore, trustStore, alias, certificate, certs, trustCACerts, validateRoot); } if (newCerts != null) { keyStore.setKeyEntry(alias, privKey, keyPassword.toCharArray(), newCerts.toArray(new X509Certificate[newCerts.size()])); // Notify listeners that a new certificate has been created (and signed) for (CertificateEventListener listener : listeners) { try { listener.certificateCreated(keyStore, alias, certs.get(0)); if (newCerts.size() > 1) { listener.certificateSigned(keyStore, alias, newCerts); } } catch (Exception e) { Log.error(e.getMessage(), e); } } return true; } else { return false; } }
From source file:org.loklak.LoklakInstallation.java
License:Open Source License
private static void setupHttpServer(int httpPort, int httpsPort) throws Exception { QueuedThreadPool pool = new QueuedThreadPool(); pool.setMaxThreads(500);//from w ww. ja v a2 s . c o m LoklakInstallation.server = new Server(pool); LoklakInstallation.server.setStopAtShutdown(true); //http if (!httpsMode.equals(HttpsMode.ONLY)) { HttpConfiguration http_config = new HttpConfiguration(); if (httpsMode.equals(HttpsMode.REDIRECT)) { //redirect http_config.addCustomizer(new SecureRequestCustomizer()); http_config.setSecureScheme("https"); http_config.setSecurePort(httpsPort); } ServerConnector connector = new ServerConnector(LoklakInstallation.server); connector.addConnectionFactory(new HttpConnectionFactory(http_config)); connector.setPort(httpPort); connector.setName("httpd:" + httpPort); connector.setIdleTimeout(20000); // timout in ms when no bytes send / received LoklakInstallation.server.addConnector(connector); } //https //uncommented lines for http2 (jetty 9.3 / java 8) if (httpsMode.isGreaterOrEqualTo(HttpsMode.ON)) { Log.getLog().info("HTTPS activated"); String keySource = DAO.getConfig("https.keysource", "keystore"); KeyStore keyStore; String keystoreManagerPass; //check for key source. Can be a java keystore or in pem format (gets converted automatically) if ("keystore".equals(keySource)) { Log.getLog().info("Loading keystore from disk"); //use native keystore format File keystoreFile = new File(DAO.conf_dir, DAO.getConfig("keystore.name", "keystore.jks")); if (!keystoreFile.exists() || !keystoreFile.isFile() || !keystoreFile.canRead()) { throw new Exception("Could not find keystore"); } keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(new FileInputStream(keystoreFile.getAbsolutePath()), DAO.getConfig("keystore.password", "").toCharArray()); keystoreManagerPass = DAO.getConfig("keystore.password", ""); } else if ("key-cert".equals(keySource)) { Log.getLog().info("Importing keystore from key/cert files"); //use more common pem format as used by openssl //generate random password char[] chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789".toCharArray(); StringBuilder sb = new StringBuilder(); Random random = new Random(); for (int i = 0; i < 20; i++) { char c = chars[random.nextInt(chars.length)]; sb.append(c); } String password = keystoreManagerPass = sb.toString(); //get key and cert File keyFile = new File(DAO.getConfig("https.key", "")); if (!keyFile.exists() || !keyFile.isFile() || !keyFile.canRead()) { throw new Exception("Could not find key file"); } File certFile = new File(DAO.getConfig("https.cert", "")); if (!certFile.exists() || !certFile.isFile() || !certFile.canRead()) { throw new Exception("Could not find cert file"); } Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); byte[] keyBytes = Files.readAllBytes(keyFile.toPath()); byte[] certBytes = Files.readAllBytes(certFile.toPath()); PEMParser parser = new PEMParser(new InputStreamReader(new ByteArrayInputStream(certBytes))); X509Certificate cert = new JcaX509CertificateConverter().setProvider("BC") .getCertificate((X509CertificateHolder) parser.readObject()); parser = new PEMParser(new InputStreamReader(new ByteArrayInputStream(keyBytes))); PrivateKey key = new JcaPEMKeyConverter().setProvider("BC") .getPrivateKey((PrivateKeyInfo) parser.readObject()); keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(null, null); keyStore.setCertificateEntry(cert.getSubjectX500Principal().getName(), cert); keyStore.setKeyEntry("defaultKey", key, password.toCharArray(), new Certificate[] { cert }); Log.getLog().info("Successfully imported keystore from key/cert files"); } else { throw new Exception("Invalid option for https.keysource"); } HttpConfiguration https_config = new HttpConfiguration(); https_config.addCustomizer(new SecureRequestCustomizer()); HttpConnectionFactory http1 = new HttpConnectionFactory(https_config); //HTTP2ServerConnectionFactory http2 = new HTTP2ServerConnectionFactory(https_config); //NegotiatingServerConnectionFactory.checkProtocolNegotiationAvailable(); //ALPNServerConnectionFactory alpn = new ALPNServerConnectionFactory(); //alpn.setDefaultProtocol(http1.getProtocol()); SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setKeyStore(keyStore); sslContextFactory.setKeyManagerPassword(keystoreManagerPass); //sslContextFactory.setCipherComparator(HTTP2Cipher.COMPARATOR); //sslContextFactory.setUseCipherSuitesOrder(true); //SslConnectionFactory ssl = new SslConnectionFactory(sslContextFactory, alpn.getProtocol()); SslConnectionFactory ssl = new SslConnectionFactory(sslContextFactory, "http/1.1"); //ServerConnector sslConnector = new ServerConnector(LoklakServer.server, ssl, alpn, http2, http1); ServerConnector sslConnector = new ServerConnector(LoklakInstallation.server, ssl, http1); sslConnector.setPort(httpsPort); sslConnector.setName("httpd:" + httpsPort); sslConnector.setIdleTimeout(20000); // timout in ms when no bytes send / received LoklakInstallation.server.addConnector(sslConnector); } }
From source file:org.loklak.LoklakServer.java
License:Open Source License
private static void setupHttpServer(int httpPort, int httpsPort) throws Exception { QueuedThreadPool pool = new QueuedThreadPool(); pool.setMaxThreads(500);//from ww w . j a v a2 s. c o m LoklakServer.server = new Server(pool); LoklakServer.server.setStopAtShutdown(true); //http if (!httpsMode.equals(HttpsMode.ONLY)) { HttpConfiguration http_config = new HttpConfiguration(); if (httpsMode.equals(HttpsMode.REDIRECT)) { //redirect http_config.addCustomizer(new SecureRequestCustomizer()); http_config.setSecureScheme("https"); http_config.setSecurePort(httpsPort); } ServerConnector connector = new ServerConnector(LoklakServer.server); connector.addConnectionFactory(new HttpConnectionFactory(http_config)); connector.setPort(httpPort); connector.setName("httpd:" + httpPort); connector.setIdleTimeout(20000); // timout in ms when no bytes send / received LoklakServer.server.addConnector(connector); } //https //uncommented lines for http2 (jetty 9.3 / java 8) if (httpsMode.isGreaterOrEqualTo(HttpsMode.ON)) { Log.getLog().info("HTTPS activated"); String keySource = DAO.getConfig("https.keysource", "keystore"); KeyStore keyStore; String keystoreManagerPass; //check for key source. Can be a java keystore or in pem format (gets converted automatically) if ("keystore".equals(keySource)) { Log.getLog().info("Loading keystore from disk"); //use native keystore format File keystoreFile = new File(DAO.conf_dir, DAO.getConfig("keystore.name", "keystore.jks")); if (!keystoreFile.exists() || !keystoreFile.isFile() || !keystoreFile.canRead()) { throw new Exception("Could not find keystore"); } keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(new FileInputStream(keystoreFile.getAbsolutePath()), DAO.getConfig("keystore.password", "").toCharArray()); keystoreManagerPass = DAO.getConfig("keystore.password", ""); } else if ("key-cert".equals(keySource)) { Log.getLog().info("Importing keystore from key/cert files"); //use more common pem format as used by openssl //generate random password char[] chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789".toCharArray(); StringBuilder sb = new StringBuilder(); Random random = new Random(); for (int i = 0; i < 20; i++) { char c = chars[random.nextInt(chars.length)]; sb.append(c); } String password = keystoreManagerPass = sb.toString(); //get key and cert File keyFile = new File(DAO.getConfig("https.key", "")); if (!keyFile.exists() || !keyFile.isFile() || !keyFile.canRead()) { throw new Exception("Could not find key file"); } File certFile = new File(DAO.getConfig("https.cert", "")); if (!certFile.exists() || !certFile.isFile() || !certFile.canRead()) { throw new Exception("Could not find cert file"); } Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); byte[] keyBytes = Files.readAllBytes(keyFile.toPath()); byte[] certBytes = Files.readAllBytes(certFile.toPath()); PEMParser parser = new PEMParser(new InputStreamReader(new ByteArrayInputStream(certBytes))); X509Certificate cert = new JcaX509CertificateConverter().setProvider("BC") .getCertificate((X509CertificateHolder) parser.readObject()); parser = new PEMParser(new InputStreamReader(new ByteArrayInputStream(keyBytes))); PrivateKey key = new JcaPEMKeyConverter().setProvider("BC") .getPrivateKey((PrivateKeyInfo) parser.readObject()); keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(null, null); keyStore.setCertificateEntry(cert.getSubjectX500Principal().getName(), cert); keyStore.setKeyEntry("defaultKey", key, password.toCharArray(), new Certificate[] { cert }); Log.getLog().info("Successfully imported keystore from key/cert files"); } else { throw new Exception("Invalid option for https.keysource"); } HttpConfiguration https_config = new HttpConfiguration(); https_config.addCustomizer(new SecureRequestCustomizer()); HttpConnectionFactory http1 = new HttpConnectionFactory(https_config); //HTTP2ServerConnectionFactory http2 = new HTTP2ServerConnectionFactory(https_config); //NegotiatingServerConnectionFactory.checkProtocolNegotiationAvailable(); //ALPNServerConnectionFactory alpn = new ALPNServerConnectionFactory(); //alpn.setDefaultProtocol(http1.getProtocol()); SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setKeyStore(keyStore); sslContextFactory.setKeyManagerPassword(keystoreManagerPass); //sslContextFactory.setCipherComparator(HTTP2Cipher.COMPARATOR); //sslContextFactory.setUseCipherSuitesOrder(true); //SslConnectionFactory ssl = new SslConnectionFactory(sslContextFactory, alpn.getProtocol()); SslConnectionFactory ssl = new SslConnectionFactory(sslContextFactory, "http/1.1"); //ServerConnector sslConnector = new ServerConnector(LoklakServer.server, ssl, alpn, http2, http1); ServerConnector sslConnector = new ServerConnector(LoklakServer.server, ssl, http1); sslConnector.setPort(httpsPort); sslConnector.setName("httpd:" + httpsPort); sslConnector.setIdleTimeout(20000); // timout in ms when no bytes send / received LoklakServer.server.addConnector(sslConnector); } }
From source file:org.loklak.SusiInstallation.java
License:Open Source License
private static void setupHttpServer(int httpPort, int httpsPort) throws Exception { QueuedThreadPool pool = new QueuedThreadPool(); pool.setMaxThreads(500);/*from w w w. j a v a 2s . co m*/ SusiInstallation.server = new Server(pool); SusiInstallation.server.setStopAtShutdown(true); //http if (!httpsMode.equals(HttpsMode.ONLY)) { HttpConfiguration http_config = new HttpConfiguration(); if (httpsMode.equals(HttpsMode.REDIRECT)) { //redirect http_config.addCustomizer(new SecureRequestCustomizer()); http_config.setSecureScheme("https"); http_config.setSecurePort(httpsPort); } ServerConnector connector = new ServerConnector(SusiInstallation.server); connector.addConnectionFactory(new HttpConnectionFactory(http_config)); connector.setPort(httpPort); connector.setName("httpd:" + httpPort); connector.setIdleTimeout(20000); // timout in ms when no bytes send / received SusiInstallation.server.addConnector(connector); } //https //uncommented lines for http2 (jetty 9.3 / java 8) if (httpsMode.isGreaterOrEqualTo(HttpsMode.ON)) { Log.getLog().info("HTTPS activated"); String keySource = DAO.getConfig("https.keysource", "keystore"); KeyStore keyStore; String keystoreManagerPass; //check for key source. Can be a java keystore or in pem format (gets converted automatically) if ("keystore".equals(keySource)) { Log.getLog().info("Loading keystore from disk"); //use native keystore format File keystoreFile = new File(DAO.conf_dir, DAO.getConfig("keystore.name", "keystore.jks")); if (!keystoreFile.exists() || !keystoreFile.isFile() || !keystoreFile.canRead()) { throw new Exception("Could not find keystore"); } keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(new FileInputStream(keystoreFile.getAbsolutePath()), DAO.getConfig("keystore.password", "").toCharArray()); keystoreManagerPass = DAO.getConfig("keystore.password", ""); } else if ("key-cert".equals(keySource)) { Log.getLog().info("Importing keystore from key/cert files"); //use more common pem format as used by openssl //generate random password char[] chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789".toCharArray(); StringBuilder sb = new StringBuilder(); Random random = new Random(); for (int i = 0; i < 20; i++) { char c = chars[random.nextInt(chars.length)]; sb.append(c); } String password = keystoreManagerPass = sb.toString(); //get key and cert File keyFile = new File(DAO.getConfig("https.key", "")); if (!keyFile.exists() || !keyFile.isFile() || !keyFile.canRead()) { throw new Exception("Could not find key file"); } File certFile = new File(DAO.getConfig("https.cert", "")); if (!certFile.exists() || !certFile.isFile() || !certFile.canRead()) { throw new Exception("Could not find cert file"); } Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); byte[] keyBytes = Files.readAllBytes(keyFile.toPath()); byte[] certBytes = Files.readAllBytes(certFile.toPath()); PEMParser parser = new PEMParser(new InputStreamReader(new ByteArrayInputStream(certBytes))); X509Certificate cert = new JcaX509CertificateConverter().setProvider("BC") .getCertificate((X509CertificateHolder) parser.readObject()); parser = new PEMParser(new InputStreamReader(new ByteArrayInputStream(keyBytes))); PrivateKey key = new JcaPEMKeyConverter().setProvider("BC") .getPrivateKey((PrivateKeyInfo) parser.readObject()); keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(null, null); keyStore.setCertificateEntry(cert.getSubjectX500Principal().getName(), cert); keyStore.setKeyEntry("defaultKey", key, password.toCharArray(), new Certificate[] { cert }); Log.getLog().info("Successfully imported keystore from key/cert files"); } else { throw new Exception("Invalid option for https.keysource"); } HttpConfiguration https_config = new HttpConfiguration(); https_config.addCustomizer(new SecureRequestCustomizer()); HttpConnectionFactory http1 = new HttpConnectionFactory(https_config); //HTTP2ServerConnectionFactory http2 = new HTTP2ServerConnectionFactory(https_config); //NegotiatingServerConnectionFactory.checkProtocolNegotiationAvailable(); //ALPNServerConnectionFactory alpn = new ALPNServerConnectionFactory(); //alpn.setDefaultProtocol(http1.getProtocol()); SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setKeyStore(keyStore); sslContextFactory.setKeyManagerPassword(keystoreManagerPass); //sslContextFactory.setCipherComparator(HTTP2Cipher.COMPARATOR); //sslContextFactory.setUseCipherSuitesOrder(true); //SslConnectionFactory ssl = new SslConnectionFactory(sslContextFactory, alpn.getProtocol()); SslConnectionFactory ssl = new SslConnectionFactory(sslContextFactory, "http/1.1"); ServerConnector sslConnector = new ServerConnector(SusiInstallation.server, ssl, http1); sslConnector.setPort(httpsPort); sslConnector.setName("httpd:" + httpsPort); sslConnector.setIdleTimeout(20000); // timout in ms when no bytes send / received SusiInstallation.server.addConnector(sslConnector); } }
From source file:org.metaeffekt.dcc.commons.pki.KeyUtils.java
License:Apache License
public static Certificate loadCertificate(String file) throws IOException, CertificateException { PEMParser parser = new PEMParser(new FileReader(file)); try {/* w w w.ja v a 2 s . c o m*/ X509CertificateHolder holder = (X509CertificateHolder) parser.readObject(); JcaX509CertificateConverter converter = new JcaX509CertificateConverter(); return converter.getCertificate(holder); } finally { IOUtils.closeQuietly(parser); } }
From source file:org.metaeffekt.dcc.commons.pki.KeyUtils.java
License:Apache License
public static PrivateKey loadKey(String file) throws IOException { PEMParser parser = new PEMParser(new FileReader(file)); try {//from w w w .ja v a 2 s . c o m PEMKeyPair pemObject = (PEMKeyPair) parser.readObject(); PrivateKeyInfo info = pemObject.getPrivateKeyInfo(); JcaPEMKeyConverter converter = new JcaPEMKeyConverter(); return converter.getPrivateKey(info); } finally { IOUtils.closeQuietly(parser); } }
From source file:org.metaeffekt.dcc.commons.pki.KeyUtils.java
License:Apache License
public static PublicKey loadPublicKey(String file) throws IOException { PEMParser parser = new PEMParser(new FileReader(file)); try {//from w ww . jav a 2s . c om SubjectPublicKeyInfo pemObject = (SubjectPublicKeyInfo) parser.readObject(); JcaPEMKeyConverter converter = new JcaPEMKeyConverter(); return converter.getPublicKey(pemObject); } finally { IOUtils.closeQuietly(parser); } }
From source file:org.metaeffekt.dcc.commons.pki.KeyUtils.java
License:Apache License
public static PublicKey loadPublicKeyFromKeyPair(String file) throws IOException { PEMParser parser = new PEMParser(new FileReader(file)); try {//from ww w . ja va 2 s . c o m PEMKeyPair pemObject = (PEMKeyPair) parser.readObject(); SubjectPublicKeyInfo info = pemObject.getPublicKeyInfo(); JcaPEMKeyConverter converter = new JcaPEMKeyConverter(); return converter.getPublicKey(info); } finally { IOUtils.closeQuietly(parser); } }
From source file:org.opendaylight.snbi.southplugin.CertificateMgmt.java
License:Open Source License
public static X509Certificate getSavedCertificate(String provider, String fileName) { X509Certificate cert = null;/*from ww w. ja v a 2 s . c om*/ logger.info("Retrieving certificate " + fileName); FileReader fileReader; try { fileReader = new FileReader(fileName); } catch (FileNotFoundException e) { e.printStackTrace(); return null; } PEMParser pemParser = new PEMParser(fileReader); Object privatekey; try { privatekey = pemParser.readObject(); } catch (IOException e) { e.printStackTrace(); return null; } finally { try { pemParser.close(); } catch (IOException e) { e.printStackTrace(); } } if (privatekey == null) return null; X509CertificateHolder certHolder = (X509CertificateHolder) privatekey; try { return new JcaX509CertificateConverter().setProvider(provider).getCertificate(certHolder); } catch (CertificateException e) { e.printStackTrace(); } return cert; }
From source file:org.pepstock.jem.node.security.Crypto.java
License:Open Source License
/** * Loads a private key from a file, using password and file passed ar argument * /*from w w w . j av a 2 s .c om*/ * @param pemKeyFile is the pem file of the RSA private key of the user. * @param password the password of the private key if the private key is * protected by a password, null otherwise * @return the private Key read from pem file * @throws KeyException if any Exception occurs while extracting private key * @throws MessageException if any Exception occurs while extracting private key */ public static Key loadPrivateKeyFromFile(File pemKeyFile, String password) throws MessageException, KeyException { try { // checks if the provider is loaded. // if not, it adds BouncyCastle as provider if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) { Security.addProvider(new BouncyCastleProvider()); } // private key file in PEM format, from file PEMParser pemParser = new PEMParser( new InputStreamReader(new FileInputStream(pemKeyFile), CharSet.DEFAULT)); // reads the object and close the parser and input stream Object object = pemParser.readObject(); pemParser.close(); // creates a key converter by BouncyCastle JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME); // gets key pair instance KeyPair kp; // if is a PEM if (object instanceof PEMEncryptedKeyPair) { if (password == null) { throw new MessageException(NodeMessage.JEMC205E); } // uses the PEM decryptor using password PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(password.toCharArray()); kp = converter.getKeyPair(((PEMEncryptedKeyPair) object).decryptKeyPair(decProv)); } else { // if here, the key it's protected by password LogAppl.getInstance().emit(NodeMessage.JEMC199W); kp = converter.getKeyPair((PEMKeyPair) object); } return kp.getPrivate(); } catch (FileNotFoundException e) { throw new KeyException(e.getMessage(), e); } catch (PEMException e) { throw new KeyException(e.getMessage(), e); } catch (IOException e) { throw new KeyException(e.getMessage(), e); } }