List of usage examples for org.bouncycastle.util.io.pem PemReader readPemObject
public PemObject readPemObject() throws IOException
From source file:org.hyperledger.fabric.sdk.security.certgen.TLSCertificateKeyPair.java
License:Open Source License
/*** * Creates a TLSCertificateKeyPair out of the given {@link X509Certificate} and {@link KeyPair} * encoded in PEM and also in DER for the certificate * @param x509Cert the certificate to process * @param keyPair the key pair to process * @return a TLSCertificateKeyPair// www. ja va 2 s . com * @throws IOException upon failure */ static TLSCertificateKeyPair fromX509CertKeyPair(X509Certificate x509Cert, KeyPair keyPair) throws IOException { ByteArrayOutputStream baos = new ByteArrayOutputStream(); PrintWriter writer = new PrintWriter(baos); JcaPEMWriter w = new JcaPEMWriter(writer); w.writeObject(x509Cert); w.flush(); w.close(); byte[] pemBytes = baos.toByteArray(); InputStreamReader isr = new InputStreamReader(new ByteArrayInputStream(pemBytes)); PemReader pr = new PemReader(isr); PemObject pem = pr.readPemObject(); byte[] derBytes = pem.getContent(); baos = new ByteArrayOutputStream(); PrintWriter wr = new PrintWriter(baos); wr.println("-----BEGIN PRIVATE KEY-----"); wr.println(new String(Base64.encodeBase64(keyPair.getPrivate().getEncoded()))); wr.println("-----END PRIVATE KEY-----"); wr.flush(); wr.close(); byte[] keyBytes = baos.toByteArray(); return new TLSCertificateKeyPair(pemBytes, derBytes, keyBytes); }
From source file:org.hyperledger.fabric.sdk.security.CryptoPrimitives.java
License:Open Source License
public byte[] certificateToDER(String certricatePEM) { final PemReader pemReader = new PemReader(new StringReader(certricatePEM)); try {/*from w ww . j a v a 2s . c o m*/ final PemObject pemObject = pemReader.readPemObject(); return pemObject.getContent(); } catch (IOException e) { // best attempt } return null; }
From source file:org.loklak.api.aaa.PublicKeyRegistrationService.java
License:Open Source License
@Override public JSONObject serviceImpl(Query post, HttpServletResponse response, Authorization authorization, final JSONObjectWithDefault permissions) throws APIException { if (post.get("register", null) == null && !post.get("create", false) && !post.get("getParameters", false)) { throw new APIException(400, "Accepted parameters: 'register', 'create' or 'getParameters'"); }/* ww w . jav a2 s .c o m*/ JSONObject result = new JSONObject(); // return algorithm parameters and users for whom we are allowed to register a key if (post.get("getParameters", false)) { result.put("self", permissions.getBoolean("self", false)); result.put("users", permissions.getJSONObject("users")); result.put("userRoles", permissions.getJSONObject("userRoles")); JSONObject algorithms = new JSONObject(); JSONObject rsa = new JSONObject(); JSONArray keySizes = new JSONArray(); for (int i : allowedKeySizesRSA) { keySizes.put(i); } rsa.put("sizes", keySizes); rsa.put("defaultSize", defaultKeySizeRSA); algorithms.put("RSA", rsa); result.put("algorithms", algorithms); JSONArray formats = new JSONArray(); for (String format : allowedFormats) { formats.put(format); } result.put("formats", formats); return result; } // for which id? String id; if (post.get("id", null) != null) id = post.get("id", null); else id = authorization.getIdentity().getName(); // check if we are allowed register a key if (!id.equals(authorization.getIdentity().getName())) { // if we don't want to register the key for the current user // create Authentication to check if the user id is a registered user ClientCredential credential = new ClientCredential(ClientCredential.Type.passwd_login, id); Authentication authentication = new Authentication(credential, DAO.authentication); if (authentication.getIdentity() == null) { // check if identity is valid authentication.delete(); throw new APIException(400, "Bad request"); // do not leak if user exists or not } // check if the current user is allowed to create a key for the user in question boolean allowed = false; // check if the user in question is in 'users' if (permissions.getJSONObject("users", null).has(id) && permissions.getJSONObjectWithDefault("users", null).getBoolean(id, false)) { allowed = true; } else { // check if the user role of the user in question is in 'userRoles' Authorization auth = new Authorization(authentication.getIdentity(), DAO.authorization, DAO.userRoles); for (String key : permissions.getJSONObject("userRoles").keySet()) { if (key.equals(auth.getUserRole().getName()) && permissions.getJSONObject("userRoles").getBoolean(key)) { allowed = true; } } } if (!allowed) throw new APIException(400, "Bad request"); // do not leak if user exists or not } else { // if we want to register a key for this user, bad are not allowed to (for example anonymous users) if (!permissions.getBoolean("self", false)) throw new APIException(403, "You are not allowed to register a public key"); } // set algorithm. later, we maybe want to support other algorithms as well String algorithm = "RSA"; if (post.get("algorithm", null) != null) { algorithm = post.get("algorithm", null); } if (post.get("create", false)) { // create a new key pair on the server if (algorithm.equals("RSA")) { int keySize = 2048; if (post.get("key-size", null) != null) { int finalKeyLength = post.get("key-size", 0); if (!IntStream.of(allowedKeySizesRSA).anyMatch(x -> x == finalKeyLength)) { throw new APIException(400, "Invalid key size."); } keySize = finalKeyLength; } KeyPairGenerator keyGen; KeyPair keyPair; try { keyGen = KeyPairGenerator.getInstance(algorithm); keyGen.initialize(keySize); keyPair = keyGen.genKeyPair(); } catch (NoSuchAlgorithmException e) { throw new APIException(500, "Server error"); } registerKey(authorization.getIdentity(), keyPair.getPublic()); String pubkey_pem = null, privkey_pem = null; try { StringWriter writer = new StringWriter(); PemWriter pemWriter = new PemWriter(writer); pemWriter.writeObject(new PemObject("PUBLIC KEY", keyPair.getPublic().getEncoded())); pemWriter.flush(); pemWriter.close(); pubkey_pem = writer.toString(); } catch (IOException e) { } try { StringWriter writer = new StringWriter(); PemWriter pemWriter = new PemWriter(writer); pemWriter.writeObject(new PemObject("PRIVATE KEY", keyPair.getPrivate().getEncoded())); pemWriter.flush(); pemWriter.close(); privkey_pem = writer.toString(); } catch (IOException e) { } result.put("publickey_DER_BASE64", Base64.getEncoder().encodeToString(keyPair.getPublic().getEncoded())); result.put("privatekey_DER_BASE64", Base64.getEncoder().encodeToString(keyPair.getPrivate().getEncoded())); result.put("publickey_PEM", pubkey_pem); result.put("privatekey_PEM", privkey_pem); result.put("keyhash", IO.getKeyHash(keyPair.getPublic())); try { result.put("keyhash_urlsave", URLEncoder.encode(IO.getKeyHash(keyPair.getPublic()), "UTF-8")); } catch (UnsupportedEncodingException e) { } result.put("key-size", keySize); result.put("message", "Successfully created and registered key. Make sure to copy the private key, it won't be saved on the server"); return result; } throw new APIException(400, "Unsupported algorithm"); } else if (post.get("register", null) != null) { if (algorithm.equals("RSA")) { String type = post.get("type", null); if (type == null) type = "DER"; RSAPublicKey pub; String encodedKey; try { encodedKey = URLDecoder.decode(post.get("register", null), "UTF-8"); } catch (Throwable e) { throw new APIException(500, "Server error"); } Log.getLog().info("Key (" + type + "): " + encodedKey); if (type.equals("DER")) { try { X509EncodedKeySpec keySpec = new X509EncodedKeySpec(Base64.getDecoder().decode(encodedKey)); pub = (RSAPublicKey) KeyFactory.getInstance(algorithm).generatePublic(keySpec); } catch (Throwable e) { throw new APIException(400, "Public key not readable (DER)"); } } else if (type.equals("PEM")) { try { PemReader pemReader = new PemReader(new StringReader(encodedKey)); PemObject pem = pemReader.readPemObject(); X509EncodedKeySpec keySpec = new X509EncodedKeySpec(pem.getContent()); pub = (RSAPublicKey) KeyFactory.getInstance(algorithm).generatePublic(keySpec); } catch (Exception e) { throw new APIException(400, "Public key not readable (PEM)"); } } else { throw new APIException(400, "Invalid value for 'type'."); } // check key size (not really perfect yet) int keySize; int bitLength = pub.getModulus().bitLength(); if (bitLength <= 512) { keySize = 512; } else if (bitLength <= 1024) { keySize = 1024; } else if (bitLength <= 2048) { keySize = 2048; } else if (bitLength <= 4096) { keySize = 4096; } else { keySize = 8192; } if (!IntStream.of(allowedKeySizesRSA).anyMatch(x -> x == keySize)) { throw new APIException(400, "Invalid key length."); } registerKey(authorization.getIdentity(), pub); String pubkey_pem = null; try { StringWriter writer = new StringWriter(); PemWriter pemWriter = new PemWriter(writer); pemWriter.writeObject(new PemObject("PUBLIC KEY", pub.getEncoded())); pemWriter.flush(); pemWriter.close(); pubkey_pem = writer.toString(); } catch (IOException e) { } result.put("publickey_DER_BASE64", Base64.getEncoder().encodeToString(pub.getEncoded())); result.put("publickey_PEM", pubkey_pem); result.put("keyhash", IO.getKeyHash(pub)); try { result.put("keyhash_urlsave", URLEncoder.encode(IO.getKeyHash(pub), "UTF-8")); } catch (UnsupportedEncodingException e) { } result.put("message", "Successfully registered key."); return result; } throw new APIException(400, "Unsupported algorithm"); } throw new APIException(400, "Invalid parameter"); }
From source file:org.opencps.pki.PdfSignerTest.java
License:Open Source License
public void testSign() throws IOException, OperatorCreationException, PKCSException, GeneralSecurityException, DocumentException {// w ww.j av a2 s . co m signer.setSignatureGraphic(signImagePath); byte[] hash = signer.computeHash(); assertTrue(hash.length > 0); PemReader pemReader = new PemReader(new InputStreamReader(new FileInputStream(keyPath))); PemObject pemObject = pemReader.readPemObject(); PKCS8EncodedKeySpec privKeySpec = new PKCS8EncodedKeySpec(pemObject.getContent()); KeyFactory factory = KeyFactory.getInstance("RSA", "BC"); PrivateKey privateKey = factory.generatePrivate(privKeySpec); pemReader.close(); PrivateKeySignature signature = new PrivateKeySignature(privateKey, signer.getHashAlgorithm().toString(), "BC"); byte[] extSignature = signature.sign(hash); assertTrue(signer.sign(extSignature)); }
From source file:org.opencps.pki.PdfVerifierTest.java
License:Open Source License
protected void setUp() throws IOException, OperatorCreationException, PKCSException, GeneralSecurityException { cf = CertificateFactory.getInstance("X.509"); cert = (X509Certificate) cf.generateCertificate(new FileInputStream(new File(certPath))); signer = new PdfSigner(pdfPath, cert); verifier = new PdfVerifier(); signer.setSignatureGraphic(signImagePath); signer.setHashAlgorithm(HashAlgorithm.SHA1); byte[] hash = signer.computeHash(); Security.addProvider(new BouncyCastleProvider()); PemReader pemReader = new PemReader(new InputStreamReader(new FileInputStream(keyPath))); PemObject pemObject = pemReader.readPemObject(); PKCS8EncodedKeySpec privKeySpec = new PKCS8EncodedKeySpec(pemObject.getContent()); KeyFactory factory = KeyFactory.getInstance("RSA", "BC"); PrivateKey privateKey = factory.generatePrivate(privKeySpec); pemReader.close();/* www.j a v a 2s . c o m*/ PrivateKeySignature signature = new PrivateKeySignature(privateKey, signer.getHashAlgorithm().toString(), "BC"); byte[] extSignature = signature.sign(hash); signer.sign(extSignature); }
From source file:org.opencps.pki.Pkcs7GenerateSignatureContainerTest.java
License:Open Source License
public void testSignatureContainer() throws GeneralSecurityException, IOException { CertificateFactory cf = CertificateFactory.getInstance("X.509"); X509Certificate cert = (X509Certificate) cf.generateCertificate(new FileInputStream(new File(certPath))); PdfSigner signer = new PdfSigner(pdfPath, cert); PemReader pemReader = new PemReader(new InputStreamReader(new FileInputStream(keyPath))); PemObject pemObject = pemReader.readPemObject(); PKCS8EncodedKeySpec privKeySpec = new PKCS8EncodedKeySpec(pemObject.getContent()); KeyFactory factory = KeyFactory.getInstance("RSA", "BC"); PrivateKey privateKey = factory.generatePrivate(privKeySpec); pemReader.close();/*from w ww. j a v a 2s . c om*/ PrivateKeySignature signature = new PrivateKeySignature(privateKey, signer.getHashAlgorithm().toString(), "BC"); byte[] extSignature = signature.sign(signer.computeHash()); PdfReader reader = new PdfReader(signer.getTempFilePath()); AcroFields af = reader.getAcroFields(); PdfDictionary v = af.getSignatureDictionary(signer.getSignatureFieldName()); PdfArray b = v.getAsArray(PdfName.BYTERANGE); long[] gaps = b.asLongArray(); RandomAccessSource readerSource = reader.getSafeFile().createSourceView(); @SuppressWarnings("resource") InputStream rg = new RASInputStream(new RandomAccessSourceFactory().createRanged(readerSource, gaps)); ExternalSignatureContainer container = new Pkcs7GenerateSignatureContainer(signer, extSignature); assertTrue(container.sign(rg).length > 0); }
From source file:org.opencps.pki.Pkcs7GenerateSignatureContainerTest.java
License:Open Source License
public void testSignatureContainerWithInvalidSignature() throws IOException, SignatureException, GeneralSecurityException { CertificateFactory cf = CertificateFactory.getInstance("X.509"); X509Certificate cert = (X509Certificate) cf.generateCertificate(new FileInputStream(new File(certPath))); PdfSigner signer = new PdfSigner(pdfPath, cert); PemReader pemReader = new PemReader(new InputStreamReader(new FileInputStream(keyPath))); PemObject pemObject = pemReader.readPemObject(); PKCS8EncodedKeySpec privKeySpec = new PKCS8EncodedKeySpec(pemObject.getContent()); KeyFactory factory = KeyFactory.getInstance("RSA", "BC"); PrivateKey privateKey = factory.generatePrivate(privKeySpec); pemReader.close();// www. j a v a 2 s . c o m PrivateKeySignature signature = new PrivateKeySignature(privateKey, signer.getHashAlgorithm().toString(), "BC"); byte[] extSignature = signature.sign(signer.computeHash()); ExternalSignatureContainer container = new Pkcs7GenerateSignatureContainer(signer, extSignature); try { container.sign(mock(InputStream.class)); fail("Missing exception"); } catch (Exception ex) { assertEquals("Signature is not correct", ex.getMessage()); } }
From source file:org.opendaylight.capwap.dtls.DtlsUtils.java
License:Open Source License
static PemObject loadPemResource(String resource) throws IOException { // InputStream s = TlsTestUtils.class.getResourceAsStream(resource); InputStream s = new FileInputStream(resource); PemReader p = new PemReader(new InputStreamReader(s)); PemObject o = p.readPemObject(); p.close();/*w w w . j a v a 2 s .c o m*/ return o; }
From source file:org.soulwing.credo.service.pem.bc.BcPemObjectBuilderTest.java
License:Apache License
@Test public void testConfigureAndBuild() throws Exception { byte[] content = { 0, 1, 2, 3 }; BcPemObjectBuilder builder = new BcPemObjectBuilder(); builder.setType("SOME TYPE"); builder.setHeader("Some-Header", "Some-Value"); builder.append(content);//from w w w . j ava2s. c o m PemObjectWrapper wrapper = builder.build(); StringReader reader = new StringReader(wrapper.getEncoded()); PemReader pemReader = new PemReader(reader); PemObject obj = pemReader.readPemObject(); assertThat(pemReader.readPemObject(), is(nullValue())); pemReader.close(); assertThat(obj.getHeaders().size(), is(equalTo(1))); PemHeader header = (PemHeader) obj.getHeaders().get(0); assertThat(header.getName(), is(equalTo("Some-Header"))); assertThat(header.getValue(), is(equalTo("Some-Value"))); assertThat(obj.getContent(), is(equalTo(content))); }
From source file:org.soulwing.credo.service.pem.bc.BcPemObjectWrapperTest.java
License:Apache License
@Test public void testWriteContent() throws Exception { StringWriter writer = new StringWriter(); wrapper.writeContent(writer);//from ww w . j a v a 2 s . c o m PemReader reader = new PemReader(new StringReader(writer.toString())); PemObject obj = reader.readPemObject(); assertThat(obj, is(not(nullValue()))); assertThat(reader.readPemObject(), is(nullValue())); reader.close(); assertThat(obj.getType(), is(equalTo(type))); assertThat(obj.getContent(), is(equalTo(content))); }