List of usage examples for org.bouncycastle.openssl PEMParser PEMParser
public PEMParser(Reader reader)
From source file:org.bitrepository.protocol.security.BasicSecurityManager.java
License:Open Source License
/** * Attempts to load the pillars private key and certificate from a PEM formatted file. * @param privateKeyFile, path to the file containing the components private key and certificate, may be null * @throws IOException if the file cannot be found or read. * @throws KeyStoreException if there is problems with adding the privateKeyEntry to keyStore * @throws CertificateException /*from w w w . j a va 2s . c o m*/ */ private void loadPrivateKey(String privateKeyFile) throws IOException, KeyStoreException, CertificateException { PrivateKey privKey = null; X509Certificate privCert = null; if (!(new File(privateKeyFile)).isFile()) { log.info("Key file '" + privateKeyFile + "' with private key and certificate does not exist!"); return; } BufferedReader bufferedReader = new BufferedReader(new FileReader(privateKeyFile)); PEMParser pemParser = new PEMParser(bufferedReader); Object pemObj = pemParser.readObject(); while (pemObj != null) { if (pemObj instanceof X509Certificate) { log.debug("Certificate for PrivateKeyEntry found"); privCert = (X509Certificate) pemObj; } else if (pemObj instanceof PrivateKey) { log.debug("Key for PrivateKeyEntry found"); privKey = (PrivateKey) pemObj; } else if (pemObj instanceof X509CertificateHolder) { log.debug("X509CertificateHolder found"); privCert = new JcaX509CertificateConverter().setProvider("BC") .getCertificate((X509CertificateHolder) pemObj); } else if (pemObj instanceof PrivateKeyInfo) { log.debug("PrivateKeyInfo found"); PrivateKeyInfo pki = (PrivateKeyInfo) pemObj; JcaPEMKeyConverter converter = new JcaPEMKeyConverter(); privKey = converter.getPrivateKey(pki); } else { log.debug("Got something, that we don't (yet) recognize. Class: " + pemObj.getClass().getSimpleName()); } pemObj = pemParser.readObject(); } pemParser.close(); if (privKey == null || privCert == null) { log.info("No material to create private key entry found!"); } else { privCert.checkValidity(); privateKeyEntry = new PrivateKeyEntry(privKey, new Certificate[] { privCert }); keyStore.setEntry(SecurityModuleConstants.privateKeyAlias, privateKeyEntry, new KeyStore.PasswordProtection(defaultPassword.toCharArray())); } }
From source file:org.candlepin.pki.PrivateKeyReaderTest.java
License:Open Source License
@Test public void testReadUnencryptedPKCS8() throws Exception { String keyFile = "keys/pkcs8-unencrypted.pem"; try (InputStream keyStream = cl.getResourceAsStream(keyFile); Reader expectedReader = new InputStreamReader(cl.getResourceAsStream(keyFile));) { PrivateKey actualKey = new PrivateKeyReader().read(keyStream, null); PrivateKeyInfo expected = (PrivateKeyInfo) new PEMParser(expectedReader).readObject(); PrivateKey expectedKey = new JcaPEMKeyConverter().setProvider(BC_PROVIDER).getPrivateKey(expected); assertEquals(actualKey, expectedKey); }/* w w w. j av a2s.c om*/ }
From source file:org.candlepin.pki.PrivateKeyReaderTest.java
License:Open Source License
/** * Currently fails due to a bug in OpenJDK: https://bugs.openjdk.java.net/browse/JDK-8076999 */// w w w. j a v a2 s .c o m @Test @Ignore public void testReadEncryptedPKCS8() throws Exception { String keyFile = "keys/pkcs8-aes256-encrypted.pem"; try (InputStream keyStream = cl.getResourceAsStream(keyFile); Reader expectedReader = new InputStreamReader(cl.getResourceAsStream(keyFile));) { PrivateKey actualKey = new PrivateKeyReader().read(keyStream, "password"); PKCS8EncryptedPrivateKeyInfo expected = (PKCS8EncryptedPrivateKeyInfo) new PEMParser(expectedReader) .readObject(); // the PBE in JcePKCSPBEInputDecryptorProviderBuilder stands for "password based encryption" InputDecryptorProvider provider = new JcePKCSPBEInputDecryptorProviderBuilder().setProvider(BC_PROVIDER) .build(PASSWORD); PrivateKeyInfo decryptedInfo = expected.decryptPrivateKeyInfo(provider); PrivateKey expectedKey = new JcaPEMKeyConverter().setProvider(BC_PROVIDER).getPrivateKey(decryptedInfo); assertEquals(actualKey, expectedKey); } }
From source file:org.candlepin.pki.PrivateKeyReaderTest.java
License:Open Source License
@Test public void testReadPKCS1() throws Exception { String keyFile = "keys/pkcs1-unencrypted.pem"; try (InputStream keyStream = cl.getResourceAsStream(keyFile); Reader expectedReader = new InputStreamReader(cl.getResourceAsStream(keyFile));) { PrivateKey actualKey = new PrivateKeyReader().read(keyStream, null); PEMKeyPair expected = (PEMKeyPair) new PEMParser(expectedReader).readObject(); PrivateKey expectedKey = new JcaPEMKeyConverter().setProvider(BC_PROVIDER).getKeyPair(expected) .getPrivate();/*from w w w . jav a 2s . com*/ assertEquals(actualKey, expectedKey); } }
From source file:org.candlepin.pki.PrivateKeyReaderTest.java
License:Open Source License
@Test public void testReadEncryptedPKCS1() throws Exception { String keyFile = "keys/pkcs1-aes256-encrypted.pem"; try (InputStream keyStream = cl.getResourceAsStream(keyFile); Reader expectedReader = new InputStreamReader(cl.getResourceAsStream(keyFile));) { PrivateKey actualKey = new PrivateKeyReader().read(keyStream, "password"); PEMEncryptedKeyPair expected = (PEMEncryptedKeyPair) new PEMParser(expectedReader).readObject(); PEMDecryptorProvider provider = new JcePEMDecryptorProviderBuilder().setProvider(BC_PROVIDER) .build(PASSWORD);/* w w w .j a v a 2s . com*/ PEMKeyPair decryptedInfo = expected.decryptKeyPair(provider); PrivateKey expectedKey = new JcaPEMKeyConverter().setProvider(BC_PROVIDER).getKeyPair(decryptedInfo) .getPrivate(); assertEquals(actualKey, expectedKey); } }
From source file:org.candlepin.test.CertificateReaderForTesting.java
License:Open Source License
@Override protected PrivateKey readPrivateKey(PrivateKeyReader reader) throws FileNotFoundException { InputStream keyStream = this.getClass().getClassLoader().getResourceAsStream("test-ca.key"); KeyPair keyPair = null;//from w w w. ja v a2 s. com try (PEMParser parser = new PEMParser(new InputStreamReader(keyStream));) { keyPair = new JcaPEMKeyConverter().setProvider(BC_PROVIDER) .getKeyPair((PEMKeyPair) parser.readObject()); } catch (IOException e) { Assert.fail("Could not load private key"); } return keyPair.getPrivate(); }
From source file:org.cloudfoundry.security.PrivateKeyFactory.java
License:Apache License
static PrivateKey generate(Path path) throws IOException { try (Reader in = Files.newBufferedReader(path, StandardCharsets.UTF_8)) { PEMParser parser = new PEMParser(in); Object keyPair = parser.readObject(); if (!(keyPair instanceof PEMKeyPair)) { throw new IllegalStateException( String.format("%s contains an artifact that is not a key pair: %s", path, keyPair)); }//w w w . ja v a2 s .c o m PrivateKeyInfo privateKeyInfo = ((PEMKeyPair) keyPair).getPrivateKeyInfo(); if (privateKeyInfo == null) { throw new IllegalStateException(String.format("%s does not contain a private key", path)); } return CONVERTER.getPrivateKey(privateKeyInfo); } }
From source file:org.cloudfoundry.security.X509CertificateFactory.java
License:Apache License
static List<X509Certificate> generate(Path path) throws IOException, CertificateException { List<X509Certificate> certificates = new ArrayList<>(); try (Reader in = Files.newBufferedReader(path, StandardCharsets.UTF_8)) { PEMParser parser = new PEMParser(in); Object certificate;/*from w w w .j a v a 2 s .c om*/ while ((certificate = parser.readObject()) != null) { if (!(certificate instanceof X509CertificateHolder)) { throw new IllegalStateException(String .format("%s contains an artifact that is not a certificate: %s", path, certificate)); } certificates.add(CONVERTER.getCertificate((X509CertificateHolder) certificate)); } } return certificates; }
From source file:org.codice.ddf.security.certificate.keystore.editor.KeystoreEditor.java
License:Open Source License
private synchronized void addToStore(String alias, String keyPassword, String storePassword, String data, String type, String fileName, String path, String storepass, KeyStore store) throws KeystoreEditorException { OutputStream fos = null;//from www .ja va 2 s . co m try (InputStream inputStream = new ByteArrayInputStream(Base64.getDecoder().decode(data))) { if (StringUtils.isBlank(alias)) { throw new IllegalArgumentException("Alias cannot be null."); } Path storeFile = Paths.get(path); //check the two most common key/cert stores first (pkcs12 and jks) if (PKCS12_TYPE.equals(type) || StringUtils.endsWithIgnoreCase(fileName, ".p12")) { //priv key + cert chain KeyStore pkcs12Store = KeyStore.getInstance("PKCS12"); pkcs12Store.load(inputStream, storePassword.toCharArray()); Certificate[] chain = pkcs12Store.getCertificateChain(alias); Key key = pkcs12Store.getKey(alias, keyPassword.toCharArray()); if (key != null) { store.setKeyEntry(alias, key, keyPassword.toCharArray(), chain); fos = Files.newOutputStream(storeFile); store.store(fos, storepass.toCharArray()); } } else if (JKS_TYPE.equals(type) || StringUtils.endsWithIgnoreCase(fileName, ".jks")) { //java keystore file KeyStore jks = KeyStore.getInstance("jks"); jks.load(inputStream, storePassword.toCharArray()); Enumeration<String> aliases = jks.aliases(); //we are going to store all entries from the jks regardless of the passed in alias while (aliases.hasMoreElements()) { String jksAlias = aliases.nextElement(); if (jks.isKeyEntry(jksAlias)) { Key key = jks.getKey(jksAlias, keyPassword.toCharArray()); Certificate[] certificateChain = jks.getCertificateChain(jksAlias); store.setKeyEntry(jksAlias, key, keyPassword.toCharArray(), certificateChain); } else { Certificate certificate = jks.getCertificate(jksAlias); store.setCertificateEntry(jksAlias, certificate); } } fos = Files.newOutputStream(storeFile); store.store(fos, storepass.toCharArray()); //need to parse der separately from pem, der has the same mime type but is binary hence checking both } else if (DER_TYPE.equals(type) && StringUtils.endsWithIgnoreCase(fileName, ".der")) { ASN1InputStream asn1InputStream = new ASN1InputStream(inputStream); ASN1Primitive asn1Primitive = asn1InputStream.readObject(); X509CertificateHolder x509CertificateHolder = new X509CertificateHolder(asn1Primitive.getEncoded()); CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC"); Certificate certificate = certificateFactory .generateCertificate(new ByteArrayInputStream(x509CertificateHolder.getEncoded())); X500Name x500name = new JcaX509CertificateHolder((X509Certificate) certificate).getSubject(); RDN cn = x500name.getRDNs(BCStyle.CN)[0]; String cnStr = IETFUtils.valueToString(cn.getFirst().getValue()); if (!store.isCertificateEntry(cnStr) && !store.isKeyEntry(cnStr)) { store.setCertificateEntry(cnStr, certificate); } store.setCertificateEntry(alias, certificate); fos = Files.newOutputStream(storeFile); store.store(fos, storepass.toCharArray()); //if it isn't one of the stores we support, it might be a key or cert by itself } else if (isPemParsable(type, fileName)) { //This is the catch all case for PEM, P7B, etc. with common file extensions if the mime type isn't read correctly in the browser Reader reader = new BufferedReader(new InputStreamReader(inputStream, StandardCharsets.UTF_8)); PEMParser pemParser = new PEMParser(reader); Object object; boolean setEntry = false; while ((object = pemParser.readObject()) != null) { if (object instanceof PEMEncryptedKeyPair || object instanceof PEMKeyPair) { PEMKeyPair pemKeyPair; if (object instanceof PEMEncryptedKeyPair) { PEMEncryptedKeyPair pemEncryptedKeyPairKeyPair = (PEMEncryptedKeyPair) object; JcePEMDecryptorProviderBuilder jcePEMDecryptorProviderBuilder = new JcePEMDecryptorProviderBuilder(); pemKeyPair = pemEncryptedKeyPairKeyPair.decryptKeyPair( jcePEMDecryptorProviderBuilder.build(keyPassword.toCharArray())); } else { pemKeyPair = (PEMKeyPair) object; } KeyPair keyPair = new JcaPEMKeyConverter().setProvider("BC").getKeyPair(pemKeyPair); PrivateKey privateKey = keyPair.getPrivate(); Certificate[] chain = store.getCertificateChain(alias); if (chain == null) { chain = buildCertChain(alias, store); } store.setKeyEntry(alias, privateKey, keyPassword.toCharArray(), chain); setEntry = true; } else if (object instanceof X509CertificateHolder) { X509CertificateHolder x509CertificateHolder = (X509CertificateHolder) object; CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC"); Certificate certificate = certificateFactory .generateCertificate(new ByteArrayInputStream(x509CertificateHolder.getEncoded())); X500Name x500name = new JcaX509CertificateHolder((X509Certificate) certificate) .getSubject(); RDN cn = x500name.getRDNs(BCStyle.CN)[0]; String cnStr = IETFUtils.valueToString(cn.getFirst().getValue()); if (!store.isCertificateEntry(cnStr) && !store.isKeyEntry(cnStr)) { store.setCertificateEntry(cnStr, certificate); } store.setCertificateEntry(alias, certificate); setEntry = true; } else if (object instanceof ContentInfo) { ContentInfo contentInfo = (ContentInfo) object; if (contentInfo.getContentType().equals(CMSObjectIdentifiers.envelopedData)) { CMSEnvelopedData cmsEnvelopedData = new CMSEnvelopedData(contentInfo); OriginatorInfo originatorInfo = cmsEnvelopedData.getOriginatorInfo().toASN1Structure(); ASN1Set certificates = originatorInfo.getCertificates(); setEntry = importASN1CertificatesToStore(store, setEntry, certificates); } else if (contentInfo.getContentType().equals(CMSObjectIdentifiers.signedData)) { SignedData signedData = SignedData.getInstance(contentInfo.getContent()); ASN1Set certificates = signedData.getCertificates(); setEntry = importASN1CertificatesToStore(store, setEntry, certificates); } } else if (object instanceof PKCS8EncryptedPrivateKeyInfo) { PKCS8EncryptedPrivateKeyInfo pkcs8EncryptedPrivateKeyInfo = (PKCS8EncryptedPrivateKeyInfo) object; Certificate[] chain = store.getCertificateChain(alias); if (chain == null) { chain = buildCertChain(alias, store); } try { store.setKeyEntry(alias, pkcs8EncryptedPrivateKeyInfo.getEncoded(), chain); setEntry = true; } catch (KeyStoreException keyEx) { try { PKCS8Key pkcs8Key = new PKCS8Key(pkcs8EncryptedPrivateKeyInfo.getEncoded(), keyPassword.toCharArray()); store.setKeyEntry(alias, pkcs8Key.getPrivateKey(), keyPassword.toCharArray(), chain); setEntry = true; } catch (GeneralSecurityException e) { LOGGER.info( "Unable to add PKCS8 key to keystore with secondary method. Throwing original exception.", e); throw keyEx; } } } } if (setEntry) { fos = Files.newOutputStream(storeFile); store.store(fos, storepass.toCharArray()); } } } catch (Exception e) { LOGGER.info("Unable to add entry {} to store", alias, e); throw new KeystoreEditorException("Unable to add entry " + alias + " to store", e); } finally { if (fos != null) { try { fos.close(); } catch (IOException ignore) { } } } init(); }
From source file:org.commonjava.util.jhttpc.INTERNAL.util.BouncyCastleUtils.java
License:Apache License
public static KeyStore readKeyAndCertFromPem(String pemContent, String keyPass) throws NoSuchAlgorithmException, CertificateException, KeyStoreException, IOException, JHttpCException { Logger logger = LoggerFactory.getLogger(BouncyCastleUtils.class); final KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(null);/*from www .j av a 2 s. c o m*/ // final KeyManagerFactory kmfactory = KeyManagerFactory.getInstance( // KeyManagerFactory.getDefaultAlgorithm()); // // kmfactory.init(ks, keyPass.toCharArray()); // final CertificateFactory certFactory = CertificateFactory.getInstance( "X.509" ); // Pattern keyTypePattern = Pattern.compile( KEY_TYPE_PATTERN ); // Matcher matcher = keyTypePattern.matcher( pemContent ); // String keyType = "RSA"; // if ( matcher.find() ) // { // String type = matcher.group( 1 ); // if ( "ENCRYPTED".equals( type ) ) // { // keyType = "PKCS8"; // } // else // { // keyType = type; // } // } // // logger.trace( "Using key factory for type: {}", keyType ); // final KeyFactory keyFactory = KeyFactory.getInstance( keyType ); // final List<String> lines = SSLUtils.readLines( pemContent ); // // String currentHeader = null; // final StringBuilder current = new StringBuilder(); int certIdx = 0; BouncyCastleProvider bcProvider = new BouncyCastleProvider(); InputDecryptorProvider provider = new JcePKCSPBEInputDecryptorProviderBuilder().setProvider(bcProvider) .build(keyPass.toCharArray()); final List<Certificate> certs = new ArrayList<Certificate>(); PrivateKey key = null; PEMParser pemParser = new PEMParser(new StringReader(pemContent)); Object pemObj = null; while ((pemObj = pemParser.readObject()) != null) { logger.trace("Got PEM object: {}", pemObj); if (pemObj instanceof X509CertificateHolder) { X509CertificateHolder holder = (X509CertificateHolder) pemObj; X509Certificate certificate = new JcaX509CertificateConverter().setProvider(bcProvider) .getCertificate(holder); certs.add(certificate); Set<String> aliases = new HashSet<String>(); aliases.add("certificate" + certIdx); extractAliases(certificate, aliases); KeyStore.TrustedCertificateEntry ksEntry = new KeyStore.TrustedCertificateEntry(certificate); for (String alias : aliases) { ks.setEntry(alias, ksEntry, null); logger.trace("Storing trusted cert under alias: {}\n with DN: {}", alias, certificate.getSubjectDN().getName()); } certIdx++; } else if (pemObj instanceof PKCS8EncryptedPrivateKeyInfo) { PKCS8EncryptedPrivateKeyInfo keyInfo = (PKCS8EncryptedPrivateKeyInfo) pemObj; PrivateKeyInfo privateKeyInfo = null; try { privateKeyInfo = keyInfo.decryptPrivateKeyInfo(provider); } catch (PKCSException e) { throw new JHttpCException("Failed to decrypt key/certificate: %s", e, e.getMessage()); } key = new JcaPEMKeyConverter().getPrivateKey(privateKeyInfo); } else if (pemObj instanceof PEMEncryptedKeyPair) { PEMEncryptedKeyPair keyPair = (PEMEncryptedKeyPair) pemObj; PEMKeyPair decryptedKeyPair = keyPair .decryptKeyPair(new BcPEMDecryptorProvider(keyPass.toCharArray())); PrivateKeyInfo privateKeyInfo = decryptedKeyPair.getPrivateKeyInfo(); key = new JcaPEMKeyConverter().getPrivateKey(privateKeyInfo); } else { logger.trace("Got unrecognized PEM object: {} (class: {})", pemObj, (pemObj == null ? "NULL" : pemObj.getClass().getName())); } logger.trace("Got private key:\n{}\n", key); } if (key != null && !certs.isEmpty()) { logger.trace("Setting key entry: {}", key); ks.setKeyEntry(MonolithicKeyStrategy.KEY, key, keyPass.toCharArray(), certs.toArray(new Certificate[certs.size()])); } else { logger.warn("No private key found in PEM!"); } return ks; }