List of usage examples for org.bouncycastle.util.io.pem PemObject PemObject
public PemObject(String type, byte[] content)
From source file:ai.susi.server.api.aaa.PublicKeyRegistrationService.java
License:Open Source License
@Override public JSONObject serviceImpl(Query post, HttpServletResponse response, Authorization authorization, final JsonObjectWithDefault permissions) throws APIException { if (post.get("register", null) == null && !post.get("create", false) && !post.get("getParameters", false)) { throw new APIException(400, "Accepted parameters: 'register', 'create' or 'getParameters'"); }//from ww w. j a v a 2 s.com JSONObject result = new JSONObject(); // return algorithm parameters and users for whom we are allowed to register a key if (post.get("getParameters", false)) { result.put("self", permissions.getBoolean("self", false)); result.put("users", permissions.getJSONObject("users")); result.put("userRoles", permissions.getJSONObject("userRoles")); JSONObject algorithms = new JSONObject(); JSONObject rsa = new JSONObject(); JSONArray keySizes = new JSONArray(); for (int i : allowedKeySizesRSA) { keySizes.put(i); } rsa.put("sizes", keySizes); rsa.put("defaultSize", defaultKeySizeRSA); algorithms.put("RSA", rsa); result.put("algorithms", algorithms); JSONArray formats = new JSONArray(); for (String format : allowedFormats) { formats.put(format); } result.put("formats", formats); return result; } // for which id? String id; if (post.get("id", null) != null) id = post.get("id", null); else id = authorization.getIdentity().getName(); // check if we are allowed register a key if (!id.equals(authorization.getIdentity().getName())) { // if we don't want to register the key for the current user // create Authentication to check if the user id is a registered user ClientCredential credential = new ClientCredential(ClientCredential.Type.passwd_login, id); Authentication authentication = new Authentication(credential, DAO.authentication); if (authentication.getIdentity() == null) { // check if identity is valid authentication.delete(); throw new APIException(400, "Bad request"); // do not leak if user exists or not } // check if the current user is allowed to create a key for the user in question boolean allowed = false; // check if the user in question is in 'users' if (permissions.getJSONObject("users", null).has(id) && permissions.getJSONObjectWithDefault("users", null).getBoolean(id, false)) { allowed = true; } else { // check if the user role of the user in question is in 'userRoles' Authorization auth = new Authorization(authentication.getIdentity(), DAO.authorization, DAO.userRoles); for (String key : permissions.getJSONObject("userRoles").keySet()) { if (key.equals(auth.getUserRole().getName()) && permissions.getJSONObject("userRoles").getBoolean(key)) { allowed = true; } } } if (!allowed) throw new APIException(400, "Bad request"); // do not leak if user exists or not } else { // if we want to register a key for this user, bad are not allowed to (for example anonymous users) if (!permissions.getBoolean("self", false)) throw new APIException(403, "You are not allowed to register a public key"); } // set algorithm. later, we maybe want to support other algorithms as well String algorithm = "RSA"; if (post.get("algorithm", null) != null) { algorithm = post.get("algorithm", null); } if (post.get("create", false)) { // create a new key pair on the server if (algorithm.equals("RSA")) { int keySize = 2048; if (post.get("key-size", null) != null) { int finalKeyLength = post.get("key-size", 0); if (!IntStream.of(allowedKeySizesRSA).anyMatch(x -> x == finalKeyLength)) { throw new APIException(400, "Invalid key size."); } keySize = finalKeyLength; } KeyPairGenerator keyGen; KeyPair keyPair; try { keyGen = KeyPairGenerator.getInstance(algorithm); keyGen.initialize(keySize); keyPair = keyGen.genKeyPair(); } catch (NoSuchAlgorithmException e) { throw new APIException(500, "Server error"); } registerKey(authorization.getIdentity(), keyPair.getPublic()); String pubkey_pem = null, privkey_pem = null; try { StringWriter writer = new StringWriter(); PemWriter pemWriter = new PemWriter(writer); pemWriter.writeObject(new PemObject("PUBLIC KEY", keyPair.getPublic().getEncoded())); pemWriter.flush(); pemWriter.close(); pubkey_pem = writer.toString(); } catch (IOException e) { } try { StringWriter writer = new StringWriter(); PemWriter pemWriter = new PemWriter(writer); pemWriter.writeObject(new PemObject("PRIVATE KEY", keyPair.getPrivate().getEncoded())); pemWriter.flush(); pemWriter.close(); privkey_pem = writer.toString(); } catch (IOException e) { } result.put("publickey_DER_BASE64", Base64.getEncoder().encodeToString(keyPair.getPublic().getEncoded())); result.put("privatekey_DER_BASE64", Base64.getEncoder().encodeToString(keyPair.getPrivate().getEncoded())); result.put("publickey_PEM", pubkey_pem); result.put("privatekey_PEM", privkey_pem); result.put("keyhash", IO.getKeyHash(keyPair.getPublic())); try { result.put("keyhash_urlsave", URLEncoder.encode(IO.getKeyHash(keyPair.getPublic()), "UTF-8")); } catch (UnsupportedEncodingException e) { } result.put("key-size", keySize); result.put("message", "Successfully created and registered key. Make sure to copy the private key, it won't be saved on the server"); return result; } throw new APIException(400, "Unsupported algorithm"); } else if (post.get("register", null) != null) { if (algorithm.equals("RSA")) { String type = post.get("type", null); if (type == null) type = "DER"; RSAPublicKey pub; String encodedKey; try { encodedKey = URLDecoder.decode(post.get("register", null), "UTF-8"); } catch (Throwable e) { throw new APIException(500, "Server error"); } Log.getLog().info("Key (" + type + "): " + encodedKey); if (type.equals("DER")) { try { X509EncodedKeySpec keySpec = new X509EncodedKeySpec(Base64.getDecoder().decode(encodedKey)); pub = (RSAPublicKey) KeyFactory.getInstance(algorithm).generatePublic(keySpec); } catch (Throwable e) { throw new APIException(400, "Public key not readable (DER)"); } } else if (type.equals("PEM")) { try { PemReader pemReader = new PemReader(new StringReader(encodedKey)); PemObject pem = pemReader.readPemObject(); X509EncodedKeySpec keySpec = new X509EncodedKeySpec(pem.getContent()); pub = (RSAPublicKey) KeyFactory.getInstance(algorithm).generatePublic(keySpec); } catch (Exception e) { throw new APIException(400, "Public key not readable (PEM)"); } } else { throw new APIException(400, "Invalid value for 'type'."); } // check key size (not really perfect yet) int keySize; int bitLength = pub.getModulus().bitLength(); if (bitLength <= 512) { keySize = 512; } else if (bitLength <= 1024) { keySize = 1024; } else if (bitLength <= 2048) { keySize = 2048; } else if (bitLength <= 4096) { keySize = 4096; } else { keySize = 8192; } if (!IntStream.of(allowedKeySizesRSA).anyMatch(x -> x == keySize)) { throw new APIException(400, "Invalid key length."); } registerKey(authorization.getIdentity(), pub); String pubkey_pem = null; try { StringWriter writer = new StringWriter(); PemWriter pemWriter = new PemWriter(writer); pemWriter.writeObject(new PemObject("PUBLIC KEY", pub.getEncoded())); pemWriter.flush(); pemWriter.close(); pubkey_pem = writer.toString(); } catch (IOException e) { } result.put("publickey_DER_BASE64", Base64.getEncoder().encodeToString(pub.getEncoded())); result.put("publickey_PEM", pubkey_pem); result.put("keyhash", IO.getKeyHash(pub)); try { result.put("keyhash_urlsave", URLEncoder.encode(IO.getKeyHash(pub), "UTF-8")); } catch (UnsupportedEncodingException e) { } result.put("message", "Successfully registered key."); return result; } throw new APIException(400, "Unsupported algorithm"); } throw new APIException(400, "Invalid parameter"); }
From source file:be.neutrinet.ispng.vpn.api.VPNClientCertificate.java
@Get public Representation getCertificate() { // TODO: decide if returning an entire list of certificates needs to be implemented if (!getRequestAttributes().containsKey("client")) { return clientError("MALFORMED_REQUEST", Status.CLIENT_ERROR_BAD_REQUEST); }//w w w . ja va 2s . com String clientId = getAttribute("client").toString(); try { List<Certificate> certs = Certificates.dao.queryForEq("client_id", clientId); if (getQueryValue("active") != null && Boolean.parseBoolean(getQueryValue("active"))) { certs = certs.stream().filter(Certificate::valid).collect(Collectors.toList()); } if (getQueryValue("raw") != null) { if (getRequestAttributes().containsKey("cert") && !getAttribute("cert").equals("all")) { String certId = getAttribute("cert").toString(); Certificate cert = certs.stream().filter(c -> c.id == Integer.parseInt(certId)).iterator() .next(); X509CertificateHolder c = null; if (cert.signedDate == null) { c = sign(cert); } else { c = cert.get(); } ByteArrayOutputStream baos = new ByteArrayOutputStream(); OutputStreamWriter osw = new OutputStreamWriter(baos); PemObject po = new PemObject("CERTIFICATE", c.getEncoded()); PEMWriter pw = new PEMWriter(osw); pw.writeObject(po); pw.close(); return new ByteArrayRepresentation(baos.toByteArray(), PEM_MIME); } else { return clientError("MAX_ONE_RAW_CERT", Status.CLIENT_ERROR_NOT_ACCEPTABLE); } } else { if (getRequestAttributes().containsKey("cert") && !getAttribute("cert").equals("all")) { String certId = getAttribute("cert").toString(); Certificate cert = certs.stream().filter(c -> c.id == Integer.parseInt(certId)).iterator() .next(); return new JacksonRepresentation(cert); } else { return new JacksonRepresentation(certs); } } } catch (Exception ex) { Logger.getLogger(VPNClientCertificate.class).error("Failed to get certificate", ex); } return DEFAULT_ERROR; }
From source file:bft.BFTNode.java
private byte[] getSerializedCertificate(X509CertificateHolder certificate) throws IOException { PemObject pemObj = (new PemObject("", certificate.getEncoded())); StringWriter strWriter = new StringWriter(); PemWriter writer = new PemWriter(strWriter); writer.writeObject(pemObj);//from w w w.j a v a 2 s . c o m writer.close(); strWriter.close(); return strWriter.toString().getBytes(); }
From source file:bft.TestSignatures.java
private static void parseCertificate(String filename) throws IOException { BufferedReader br = new BufferedReader(new FileReader(filename)); PEMParser pp = new PEMParser(br); X509CertificateHolder certificate = (X509CertificateHolder) pp.readObject(); PemObject pemObj = (new PemObject("", certificate.getEncoded())); StringWriter strWriter = new StringWriter(); PemWriter writer = new PemWriter(strWriter); writer.writeObject(pemObj);// w w w . j av a 2 s . c om writer.close(); strWriter.close(); TestSignatures.serializedCert = strWriter.toString().getBytes(); }
From source file:bft.TestSignaturesZMQ.java
private static void parseCertificate(String filename) throws IOException { BufferedReader br = new BufferedReader(new FileReader(filename)); PEMParser pp = new PEMParser(br); X509CertificateHolder certificate = (X509CertificateHolder) pp.readObject(); PemObject pemObj = (new PemObject("", certificate.getEncoded())); StringWriter strWriter = new StringWriter(); PemWriter writer = new PemWriter(strWriter); writer.writeObject(pemObj);/*from ww w .j av a 2 s . c om*/ writer.close(); strWriter.close(); TestSignaturesZMQ.serializedCert = strWriter.toString().getBytes(); }
From source file:com.eucalyptus.crypto.util.PEMFiles.java
License:Open Source License
public static byte[] getBytes(final String type, final byte[] bytes) { return getBytes(new PemObject(type, bytes)); }
From source file:com.thoughtworks.go.security.Registration.java
License:Apache License
private String serialize(String type, byte[] data) { PemObject obj = new PemObject(type, data); StringWriter out = new StringWriter(); PemWriter writer = new PemWriter(out); try {//from w w w . java2 s.c om writer.writeObject(obj); } catch (IOException e) { throw bomb(e); } finally { IOUtils.closeQuietly(writer); } return out.toString(); }
From source file:com.thoughtworks.go.security.RegistrationJSONizer.java
License:Apache License
private static String serialize(String type, byte[] data) { PemObject obj = new PemObject(type, data); StringWriter out = new StringWriter(); PemWriter writer = new PemWriter(out); try {/* w w w .j av a 2s . com*/ writer.writeObject(obj); } catch (IOException e) { throw bomb(e); } finally { IOUtils.closeQuietly(writer); } return out.toString(); }
From source file:com.yahoo.athenz.auth.util.Crypto.java
License:Apache License
public static String generateX509CSR(PrivateKey privateKey, PublicKey publicKey, String x500Principal, GeneralName[] sanArray) throws OperatorCreationException, IOException { // Create Distinguished Name X500Principal subject = new X500Principal(x500Principal); // Create ContentSigner JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder(Crypto.RSA_SHA256); ContentSigner signer = csBuilder.build(privateKey); // Create the CSR PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(subject, publicKey); // Add SubjectAlternativeNames (SAN) if specified if (sanArray != null) { ExtensionsGenerator extGen = new ExtensionsGenerator(); GeneralNames subjectAltNames = new GeneralNames(sanArray); extGen.addExtension(Extension.subjectAlternativeName, false, subjectAltNames); p10Builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate()); }/*from w w w .j a v a2 s.c om*/ PKCS10CertificationRequest csr = p10Builder.build(signer); // write to openssl PEM format PemObject pemObject = new PemObject("CERTIFICATE REQUEST", csr.getEncoded()); StringWriter strWriter; try (JcaPEMWriter pemWriter = new JcaPEMWriter(strWriter = new StringWriter())) { pemWriter.writeObject(pemObject); } return strWriter.toString(); }
From source file:craterdog.security.ClientCertificateSigner.java
License:Open Source License
/** * The main method for this application. It expects the following arguments: * <ol>/*from w ww. ja v a2s . co m*/ * <li>The name of the target environment (e.g. Sandbox, PreProd, Production, etc.).</li> * <li>The name of the client.</li> * <li>The path to the directory that contains the private certificate authorities and passwords.</li> * </ol> * * @param args The arguments that were passed into this program. */ static public void main(String[] args) { String environment = args[0]; String clientCertificatePrefix = args[1] + "-" + environment; String caKeyStorePrefix = args[2] + File.separator + environment + "-CA"; try (FileReader pwReader = new FileReader(caKeyStorePrefix + ".pw"); FileInputStream caInput = new FileInputStream(caKeyStorePrefix + ".p12"); PemReader csrReader = new PemReader(new FileReader(clientCertificatePrefix + ".csr")); PemWriter pemWriter = new PemWriter(new FileWriter(clientCertificatePrefix + ".pem"))) { logger.info("Loading the private certificate authority keys..."); int size = new Tag(16).toString().length(); char[] caPassword = new char[size]; pwReader.read(caPassword); RsaCertificateManager manager = new RsaCertificateManager(); KeyStore caKeyStore = manager.retrieveKeyStore(caInput, caPassword); PrivateKey caPrivateKey = manager.retrievePrivateKey(caKeyStore, CA_ALIAS, caPassword); X509Certificate caCertificate = manager.retrieveCertificate(caKeyStore, CA_ALIAS); logger.info("Reading in the certificate signing request..."); byte[] requestBytes = csrReader.readPemObject().getContent(); PKCS10CertificationRequest csr = new PKCS10CertificationRequest(requestBytes); logger.info("Generating and signing a new client certificate..."); long lifetime = 30L /*years*/ * 365L /*days*/ * 24L /*hours*/ * 60L /*minutes*/ * 60L /*seconds*/ * 1000L /*milliseconds*/; BigInteger serialNumber = new BigInteger(RandomUtils.generateRandomBytes(16)); X509Certificate clientCertificate = manager.signCertificateRequest(caPrivateKey, caCertificate, csr, serialNumber, lifetime); clientCertificate.verify(caCertificate.getPublicKey()); logger.info("Writing out the certificates to a file..."); pemWriter.writeObject(new PemObject("CERTIFICATE", clientCertificate.getEncoded())); pemWriter.writeObject(new PemObject("CERTIFICATE", caCertificate.getEncoded())); } catch (CertificateException | NoSuchAlgorithmException | InvalidKeyException | NoSuchProviderException | SignatureException | IOException e) { logger.info("An error occurred while attempting to generate the client certificate:", e); System.exit(1); } System.exit(0); }