List of usage examples for org.bouncycastle.util.io.pem PemReader readPemObject
public PemObject readPemObject() throws IOException
From source file:net.solarnetwork.node.setup.test.DefaultSetupServiceTest.java
License:Open Source License
@Test public void handleRenewCertificateInstruction() throws Exception { SetupIdentityInfo info = new SetupIdentityInfo(1L, TEST_CONF_VALUE, "localhost", 80, false, TEST_PW_VALUE); expect(setupIdentityDao.getSetupIdentityInfo()).andReturn(info).atLeastOnce(); replayAll();/*from w w w. j a va 2 s . c om*/ keystoreService.saveCACertificate(CA_CERT); keystoreService.generateNodeSelfSignedCertificate(TEST_DN); String csr = keystoreService.generateNodePKCS10CertificateRequestString(); X509Certificate originalCert; PemReader pemReader = new PemReader(new StringReader(csr)); try { PemObject pem = pemReader.readPemObject(); PKCS10CertificationRequest req = new PKCS10CertificationRequest(pem.getContent()); originalCert = PKITestUtils.sign(req, CA_CERT, CA_KEY_PAIR.getPrivate()); String signedPem = PKITestUtils.getPKCS7Encoding(new X509Certificate[] { originalCert }); keystoreService.saveNodeSignedCertificate(signedPem); log.debug("Saved signed node certificate {}:\n{}", originalCert.getSerialNumber(), signedPem); assertThat("Generated CSR", csr, notNullValue()); } finally { pemReader.close(); } // now let's renew! KeyStore keyStore = loadKeyStore(); PrivateKey nodeKey = (PrivateKey) keyStore.getKey("node", TEST_PW_VALUE.toCharArray()); JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder("SHA256WithRSA"); ContentSigner signer = signerBuilder.build(nodeKey); PKCS10CertificationRequestBuilder builder = new PKCS10CertificationRequestBuilder( JcaX500NameUtil.getSubject(originalCert), SubjectPublicKeyInfo.getInstance(originalCert.getPublicKey().getEncoded())); X509Certificate renewedCert = PKITestUtils.sign(builder.build(signer), CA_CERT, CA_KEY_PAIR.getPrivate()); String renewedSignedPem = PKITestUtils.getPKCS7Encoding(new X509Certificate[] { renewedCert }); BasicInstruction instr = new BasicInstruction(DefaultSetupService.INSTRUCTION_TOPIC_RENEW_CERTIFICATE, new Date(), "123", "456", new BasicInstructionStatus(456L, InstructionState.Received, new Date())); for (int i = 0; i < renewedSignedPem.length(); i += 256) { int end = i + (i + 256 < renewedSignedPem.length() ? 256 : renewedSignedPem.length() - i); instr.addParameter(DefaultSetupService.INSTRUCTION_PARAM_CERTIFICATE, renewedSignedPem.substring(i, end)); } InstructionState state = service.processInstruction(instr); assertThat("Instruction state", state, equalTo(InstructionState.Completed)); X509Certificate nodeCert = keystoreService.getNodeCertificate(); assertThat("Node cert is now renewed cert", nodeCert, equalTo(renewedCert)); }
From source file:net.solarnetwork.node.setup.test.DefaultSetupServiceTest.java
License:Open Source License
@Test public void renewNetworkCertificate() throws Exception { SetupIdentityInfo info = new SetupIdentityInfo(1L, TEST_CONF_VALUE, TEST_SOLARIN_HOST, getHttpServerPort(), false, TEST_PW_VALUE);/* ww w. j a va 2 s.com*/ expect(setupIdentityDao.getSetupIdentityInfo()).andReturn(info).atLeastOnce(); replayAll(); keystoreService.saveCACertificate(CA_CERT); keystoreService.generateNodeSelfSignedCertificate(TEST_DN); String csr = keystoreService.generateNodePKCS10CertificateRequestString(); X509Certificate originalCert; PemReader pemReader = new PemReader(new StringReader(csr)); try { PemObject pem = pemReader.readPemObject(); PKCS10CertificationRequest req = new PKCS10CertificationRequest(pem.getContent()); originalCert = PKITestUtils.sign(req, CA_CERT, CA_KEY_PAIR.getPrivate()); String signedPem = PKITestUtils.getPKCS7Encoding(new X509Certificate[] { originalCert }); keystoreService.saveNodeSignedCertificate(signedPem); log.debug("Saved signed node certificate {}:\n{}", originalCert.getSerialNumber(), signedPem); assertThat("Generated CSR", csr, notNullValue()); } finally { pemReader.close(); } // now let's renew! AbstractTestHandler handler = new AbstractTestHandler() { @Override protected boolean handleInternal(String target, HttpServletRequest request, HttpServletResponse response, int dispatch) throws Exception { assertEquals("POST", request.getMethod()); assertEquals("/solarin/api/v1/sec/cert/renew", target); String password = request.getParameter("password"); assertEquals("foobar", password); String keystoreData = request.getParameter("keystore"); assertNotNull(keystoreData); byte[] data = Base64.decodeBase64(keystoreData); KeyStore keyStore = KeyStore.getInstance("pkcs12"); keyStore.load(new ByteArrayInputStream(data), password.toCharArray()); Certificate cert = keyStore.getCertificate("node"); assertNotNull(cert); assertTrue(cert instanceof X509Certificate); X509Certificate nodeCert = (X509Certificate) cert; assertEquals(new X500Principal(TEST_DN), nodeCert.getSubjectX500Principal()); assertEquals(CA_CERT.getSubjectX500Principal(), nodeCert.getIssuerX500Principal()); response.setContentType("application/json"); PrintWriter out = response.getWriter(); out.write("{\"success\":true}"); out.flush(); response.flushBuffer(); return true; } }; httpServer.addHandler(handler); service.renewNetworkCertificate("foobar"); }
From source file:net.solarnetwork.pki.bc.BCCertificateService.java
License:Open Source License
@Override public X509Certificate signCertificate(String csrPEM, X509Certificate caCert, PrivateKey privateKey) throws CertificateException { if (!csrPEM.matches("(?is)^\\s*-----BEGIN.*")) { // let's throw in the guards csrPEM = "-----BEGIN CERTIFICATE REQUEST-----\n" + csrPEM + "\n-----END CERTIFICATE REQUEST-----\n"; }//w w w. ja va 2 s. co m PemReader reader = null; try { reader = new PemReader(new StringReader(csrPEM)); PemObject pemObj = reader.readPemObject(); log.debug("Parsed PEM type {}", pemObj.getType()); PKCS10CertificationRequest csr = new PKCS10CertificationRequest(pemObj.getContent()); Date now = new Date(); Date expire = new Date(now.getTime() + (1000L * 60L * 60L * 24L * certificateExpireDays)); X509v3CertificateBuilder builder = new X509v3CertificateBuilder(JcaX500NameUtil.getIssuer(caCert), new BigInteger(String.valueOf(counter.incrementAndGet())), now, expire, csr.getSubject(), csr.getSubjectPublicKeyInfo()); JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder(signatureAlgorithm); ContentSigner signer; DefaultDigestAlgorithmIdentifierFinder digestAlgFinder = new DefaultDigestAlgorithmIdentifierFinder(); try { DigestCalculatorProvider digestCalcProvider = new JcaDigestCalculatorProviderBuilder() .setProvider(new BouncyCastleProvider()).build(); JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils( digestCalcProvider.get(digestAlgFinder.find("SHA-256"))); builder.addExtension(X509Extension.basicConstraints, false, new BasicConstraints(false)); builder.addExtension(X509Extension.subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(csr.getSubjectPublicKeyInfo())); builder.addExtension(X509Extension.authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(caCert)); signer = signerBuilder.build(privateKey); } catch (OperatorException e) { log.error("Error signing CSR {}", csr.getSubject(), e); throw new CertificateException("Error signing CSR" + csr.getSubject() + ": " + e.getMessage()); } catch (CertificateEncodingException e) { log.error("Error signing CSR {}", csr.getSubject().toString(), e); throw new CertificateException("Error signing CSR" + csr.getSubject() + ": " + e.getMessage()); } X509CertificateHolder holder = builder.build(signer); JcaX509CertificateConverter converter = new JcaX509CertificateConverter(); try { return converter.getCertificate(holder); } catch (java.security.cert.CertificateException e) { throw new CertificateException("Error creating certificate", e); } } catch (IOException e) { throw new CertificateException("Error signing CSR", e); } finally { if (reader != null) { try { reader.close(); } catch (IOException e2) { log.warn("IOException closing PemReader", e2); } } } }
From source file:net.solarnetwork.pki.bc.BCCertificateService.java
License:Open Source License
@Override public X509Certificate[] parsePKCS7CertificateChainString(String pem) throws CertificateException { if (!pem.matches("(?is)^\\s*-----BEGIN.*")) { // let's throw in the guards pem = "-----BEGIN CERTIFICATE CHAIN-----\n" + pem + "\n-----END CERTIFICATE CHAIN-----\n"; }/*from ww w. j a v a 2s . com*/ PemReader reader = new PemReader(new StringReader(pem)); List<X509Certificate> results = new ArrayList<X509Certificate>(3); try { CertificateFactory cf = CertificateFactory.getInstance("X.509"); PemObject pemObj = reader.readPemObject(); log.debug("Parsed PEM type {}", pemObj.getType()); Collection<? extends Certificate> certs = cf .generateCertificates(new ByteArrayInputStream(pemObj.getContent())); // OK barf, generateCertificates() and even CertPath doesn't return the chain in order // (see http://bugs.sun.com/view_bug.do?bug_id=6238093; but we can't use the Sun-specific // workaround listed there). So let's try to order them ourselves Map<X500Principal, X509Certificate> map = new LinkedHashMap<X500Principal, X509Certificate>(); for (Certificate c : certs) { X509Certificate x509 = (X509Certificate) c; if (x509.getIssuerDN().equals(x509.getSubjectDN())) { // root CA results.add(x509); } else { map.put(x509.getSubjectX500Principal(), x509); } } if (results.size() == 0) { // no root, just add everything to list results.addAll(map.values()); } else { orderCertificateChain(map, results); } } catch (IOException e) { throw new CertificateException("Error reading certificate", e); } catch (java.security.cert.CertificateException e) { throw new CertificateException("Error loading CertificateFactory", e); } finally { try { reader.close(); } catch (IOException e) { // ignore me } } return results.toArray(new X509Certificate[results.size()]); }
From source file:org.apache.cloudstack.ca.provider.RootCAProvider.java
License:Apache License
private Certificate generateCertificateUsingCsr(final String csr, final List<String> domainNames, final List<String> ipAddresses, final int validityDays) throws NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, CertificateException, SignatureException, IOException, OperatorCreationException { PemObject pemObject = null;/* ww w . j a v a 2 s . c o m*/ try { final PemReader pemReader = new PemReader(new StringReader(csr)); pemObject = pemReader.readPemObject(); } catch (IOException e) { LOG.error("Failed to read provided CSR string as a PEM object", e); } if (pemObject == null) { throw new CloudRuntimeException("Unable to read/process CSR: " + csr); } final PKCS10CertificationRequest request = new PKCS10CertificationRequest(pemObject.getContent()); final String subject = request.getCertificationRequestInfo().getSubject().toString(); final X509Certificate clientCertificate = CertUtils.generateV3Certificate(caCertificate, caKeyPair, request.getPublicKey(), subject, CAManager.CertSignatureAlgorithm.value(), validityDays, domainNames, ipAddresses); return new Certificate(clientCertificate, null, Collections.singletonList(caCertificate)); }
From source file:org.apache.cloudstack.network.ssl.CertServiceImpl.java
License:Apache License
public Certificate parseCertificate(final String cert) { Preconditions.checkArgument(!Strings.isNullOrEmpty(cert)); final PemReader certPem = new PemReader(new StringReader(cert)); try {/*from w w w . j a v a 2 s. co m*/ return readCertificateFromPemObject(certPem.readPemObject()); } catch (final CertificateException | IOException e) { throw new InvalidParameterValueException( "Invalid Certificate format. Expected X509 certificate. Failed due to " + e.getMessage()); } finally { IOUtils.closeQuietly(certPem); } }
From source file:org.apache.cloudstack.utils.security.CertUtils.java
License:Apache License
public static PrivateKey pemToPrivateKey(final String pem) throws InvalidKeySpecException, IOException { final PemReader pr = new PemReader(new StringReader(pem)); final PemObject pemObject = pr.readPemObject(); final KeyFactory keyFactory = getKeyFactory(); return keyFactory.generatePrivate(new PKCS8EncodedKeySpec(pemObject.getContent())); }
From source file:org.apache.cloudstack.utils.security.CertUtils.java
License:Apache License
public static PublicKey pemToPublicKey(final String pem) throws InvalidKeySpecException, IOException { final PemReader pr = new PemReader(new StringReader(pem)); final PemObject pemObject = pr.readPemObject(); final KeyFactory keyFactory = getKeyFactory(); return keyFactory.generatePublic(new X509EncodedKeySpec(pemObject.getContent())); }
From source file:org.dasein.cloud.azure.AzureX509.java
License:Apache License
private Object readPemObject(String pemString) throws IOException { StringReader strReader = new StringReader(pemString); PemReader pemReader = new PemReader(strReader); try {/*from w w w . ja va 2 s.c o m*/ return pemReader.readPemObject(); } finally { strReader.close(); pemReader.close(); } }
From source file:org.hyperledger.fabric.sdk.identity.IdemixIdentitiesTest.java
License:Open Source License
private static byte[] convertPemToDer(String pem) throws IOException { PemReader pemReader = new PemReader(new StringReader(pem)); return pemReader.readPemObject().getContent(); }