List of usage examples for org.bouncycastle.openssl PEMParser PEMParser
public PEMParser(Reader reader)
From source file:org.eclipse.che.plugin.docker.client.DockerCertificates.java
License:Open Source License
private static PrivateKey getPrivateKey(Path clientKeyPath) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException { final PEMKeyPair clientKeyPair; try (Reader reader = Files.newBufferedReader(clientKeyPath, Charset.defaultCharset())) { clientKeyPair = (PEMKeyPair) new PEMParser(reader).readObject(); }//from w w w . j av a 2s.c om final PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(clientKeyPair.getPrivateKeyInfo().getEncoded()); final KeyFactory kf = KeyFactory.getInstance("RSA"); return kf.generatePrivate(spec); }
From source file:org.elasticsearch.xpack.core.ssl.CertificateGenerateToolTests.java
License:Open Source License
public void testGeneratingSignedCertificates() throws Exception { Path tempDir = initTempDir(); Path outputFile = tempDir.resolve("out.zip"); Path instanceFile = writeInstancesTo(tempDir.resolve("instances.yml")); Collection<CertificateInformation> certInfos = CertificateGenerateTool.parseFile(instanceFile); assertEquals(4, certInfos.size());//w w w .j a v a 2s . c om final int keysize = randomFrom(1024, 2048); final int days = randomIntBetween(1, 1024); KeyPair keyPair = CertGenUtils.generateKeyPair(keysize); X509Certificate caCert = CertGenUtils.generateCACertificate(new X500Principal("CN=test ca"), keyPair, days); final boolean generatedCa = randomBoolean(); final char[] keyPassword = randomBoolean() ? SecuritySettingsSourceField.TEST_PASSWORD.toCharArray() : null; final char[] pkcs12Password = randomBoolean() ? randomAlphaOfLengthBetween(1, 12).toCharArray() : null; assertFalse(Files.exists(outputFile)); CAInfo caInfo = new CAInfo(caCert, keyPair.getPrivate(), generatedCa, keyPassword); CertificateGenerateTool.generateAndWriteSignedCertificates(outputFile, certInfos, caInfo, keysize, days, pkcs12Password); assertTrue(Files.exists(outputFile)); Set<PosixFilePermission> perms = Files.getPosixFilePermissions(outputFile); assertTrue(perms.toString(), perms.contains(PosixFilePermission.OWNER_READ)); assertTrue(perms.toString(), perms.contains(PosixFilePermission.OWNER_WRITE)); assertEquals(perms.toString(), 2, perms.size()); FileSystem fileSystem = FileSystems.newFileSystem(new URI("jar:" + outputFile.toUri()), Collections.emptyMap()); Path zipRoot = fileSystem.getPath("/"); if (generatedCa) { assertTrue(Files.exists(zipRoot.resolve("ca"))); assertTrue(Files.exists(zipRoot.resolve("ca").resolve("ca.crt"))); assertTrue(Files.exists(zipRoot.resolve("ca").resolve("ca.key"))); // check the CA cert try (InputStream input = Files.newInputStream(zipRoot.resolve("ca").resolve("ca.crt"))) { X509Certificate parsedCaCert = readX509Certificate(input); assertThat(parsedCaCert.getSubjectX500Principal().getName(), containsString("test ca")); assertEquals(caCert, parsedCaCert); long daysBetween = ChronoUnit.DAYS.between(caCert.getNotBefore().toInstant(), caCert.getNotAfter().toInstant()); assertEquals(days, (int) daysBetween); } // check the CA key if (keyPassword != null) { try (Reader reader = Files.newBufferedReader(zipRoot.resolve("ca").resolve("ca.key"))) { PEMParser pemParser = new PEMParser(reader); Object parsed = pemParser.readObject(); assertThat(parsed, instanceOf(PEMEncryptedKeyPair.class)); char[] zeroChars = new char[keyPassword.length]; Arrays.fill(zeroChars, (char) 0); assertArrayEquals(zeroChars, keyPassword); } } PrivateKey privateKey = PemUtils.readPrivateKey(zipRoot.resolve("ca").resolve("ca.key"), () -> keyPassword != null ? SecuritySettingsSourceField.TEST_PASSWORD.toCharArray() : null); assertEquals(caInfo.privateKey, privateKey); } else { assertFalse(Files.exists(zipRoot.resolve("ca"))); } for (CertificateInformation certInfo : certInfos) { String filename = certInfo.name.filename; assertTrue(Files.exists(zipRoot.resolve(filename))); final Path cert = zipRoot.resolve(filename + "/" + filename + ".crt"); assertTrue(Files.exists(cert)); assertTrue(Files.exists(zipRoot.resolve(filename + "/" + filename + ".key"))); final Path p12 = zipRoot.resolve(filename + "/" + filename + ".p12"); try (InputStream input = Files.newInputStream(cert)) { X509Certificate certificate = readX509Certificate(input); assertEquals(certInfo.name.x500Principal.toString(), certificate.getSubjectX500Principal().getName()); final int sanCount = certInfo.ipAddresses.size() + certInfo.dnsNames.size() + certInfo.commonNames.size(); if (sanCount == 0) { assertNull(certificate.getSubjectAlternativeNames()); } else { X509CertificateHolder x509CertHolder = new X509CertificateHolder(certificate.getEncoded()); GeneralNames subjAltNames = GeneralNames.fromExtensions(x509CertHolder.getExtensions(), Extension.subjectAlternativeName); assertSubjAltNames(subjAltNames, certInfo); } if (pkcs12Password != null) { assertThat(p12, pathExists(p12)); try (InputStream in = Files.newInputStream(p12)) { final KeyStore ks = KeyStore.getInstance("PKCS12"); ks.load(in, pkcs12Password); final Certificate p12Certificate = ks.getCertificate(certInfo.name.originalName); assertThat("Certificate " + certInfo.name, p12Certificate, notNullValue()); assertThat(p12Certificate, equalTo(certificate)); final Key key = ks.getKey(certInfo.name.originalName, pkcs12Password); assertThat(key, notNullValue()); } } else { assertThat(p12, not(pathExists(p12))); } } } }
From source file:org.elasticsearch.xpack.core.ssl.CertificateGenerateToolTests.java
License:Open Source License
private PKCS10CertificationRequest readCertificateRequest(Path path) throws Exception { try (Reader reader = Files.newBufferedReader(path); PEMParser pemParser = new PEMParser(reader)) { Object object = pemParser.readObject(); assertThat(object, instanceOf(PKCS10CertificationRequest.class)); return (PKCS10CertificationRequest) object; }// w w w .j a va 2 s . c o m }
From source file:org.elasticsearch.xpack.core.ssl.CertificateToolTests.java
License:Open Source License
public void testGeneratingSignedPemCertificates() throws Exception { Path tempDir = initTempDir(); Path outputFile = tempDir.resolve("out.zip"); Path instanceFile = writeInstancesTo(tempDir.resolve("instances.yml")); Collection<CertificateInformation> certInfos = CertificateTool.parseFile(instanceFile); assertEquals(4, certInfos.size());//from w ww .j a v a 2 s . co m int keySize = randomFrom(1024, 2048); int days = randomIntBetween(1, 1024); KeyPair keyPair = CertGenUtils.generateKeyPair(keySize); X509Certificate caCert = CertGenUtils.generateCACertificate(new X500Principal("CN=test ca"), keyPair, days); final boolean generatedCa = randomBoolean(); final boolean keepCaKey = generatedCa && randomBoolean(); final String keyPassword = randomBoolean() ? SecuritySettingsSourceField.TEST_PASSWORD : null; assertFalse(Files.exists(outputFile)); CAInfo caInfo = new CAInfo(caCert, keyPair.getPrivate(), generatedCa, keyPassword == null ? null : keyPassword.toCharArray()); final GenerateCertificateCommand command = new GenerateCertificateCommand(); List<String> args = CollectionUtils.arrayAsArrayList("-keysize", String.valueOf(keySize), "-days", String.valueOf(days), "-pem"); if (keyPassword != null) { args.add("-pass"); args.add(keyPassword); } if (keepCaKey) { args.add("-keep-ca-key"); } final OptionSet options = command.getParser().parse(Strings.toStringArray(args)); command.generateAndWriteSignedCertificates(outputFile, true, options, certInfos, caInfo, null); assertTrue(Files.exists(outputFile)); Set<PosixFilePermission> perms = Files.getPosixFilePermissions(outputFile); assertTrue(perms.toString(), perms.contains(PosixFilePermission.OWNER_READ)); assertTrue(perms.toString(), perms.contains(PosixFilePermission.OWNER_WRITE)); assertEquals(perms.toString(), 2, perms.size()); FileSystem fileSystem = FileSystems.newFileSystem(new URI("jar:" + outputFile.toUri()), Collections.emptyMap()); Path zipRoot = fileSystem.getPath("/"); if (generatedCa) { assertTrue(Files.exists(zipRoot.resolve("ca"))); assertTrue(Files.exists(zipRoot.resolve("ca").resolve("ca.crt"))); // check the CA cert try (InputStream input = Files.newInputStream(zipRoot.resolve("ca").resolve("ca.crt"))) { X509Certificate parsedCaCert = readX509Certificate(input); assertThat(parsedCaCert.getSubjectX500Principal().getName(), containsString("test ca")); assertEquals(caCert, parsedCaCert); long daysBetween = getDurationInDays(caCert); assertEquals(days, (int) daysBetween); } if (keepCaKey) { assertTrue(Files.exists(zipRoot.resolve("ca").resolve("ca.key"))); // check the CA key if (keyPassword != null) { try (Reader reader = Files.newBufferedReader(zipRoot.resolve("ca").resolve("ca.key"))) { PEMParser pemParser = new PEMParser(reader); Object parsed = pemParser.readObject(); assertThat(parsed, instanceOf(PEMEncryptedKeyPair.class)); char[] zeroChars = new char[caInfo.password.length]; Arrays.fill(zeroChars, (char) 0); assertArrayEquals(zeroChars, caInfo.password); } } PrivateKey privateKey = PemUtils.readPrivateKey(zipRoot.resolve("ca").resolve("ca.key"), () -> keyPassword != null ? keyPassword.toCharArray() : null); assertEquals(caInfo.certAndKey.key, privateKey); } } else { assertFalse(Files.exists(zipRoot.resolve("ca"))); } for (CertificateInformation certInfo : certInfos) { String filename = certInfo.name.filename; assertTrue(Files.exists(zipRoot.resolve(filename))); final Path cert = zipRoot.resolve(filename + "/" + filename + ".crt"); assertTrue(Files.exists(cert)); assertTrue(Files.exists(zipRoot.resolve(filename + "/" + filename + ".key"))); final Path p12 = zipRoot.resolve(filename + "/" + filename + ".p12"); try (InputStream input = Files.newInputStream(cert)) { X509Certificate certificate = readX509Certificate(input); assertEquals(certInfo.name.x500Principal.toString(), certificate.getSubjectX500Principal().getName()); final int sanCount = certInfo.ipAddresses.size() + certInfo.dnsNames.size() + certInfo.commonNames.size(); if (sanCount == 0) { assertNull(certificate.getSubjectAlternativeNames()); } else { X509CertificateHolder x509CertHolder = new X509CertificateHolder(certificate.getEncoded()); GeneralNames subjAltNames = GeneralNames.fromExtensions(x509CertHolder.getExtensions(), Extension.subjectAlternativeName); assertSubjAltNames(subjAltNames, certInfo); } assertThat(p12, Matchers.not(TestMatchers.pathExists(p12))); } } }
From source file:org.graylog.plugins.auth.tls.sso.CertificateTools.java
License:Open Source License
private static UserInfo getUserInfoFromHeader(String header) throws IOException, CertificateException { final String normalizedHeader = normalizePEM(header); log.debug("Header: {}", normalizedHeader); try (PEMParser certReader = new PEMParser(new StringReader(normalizedHeader))) { // Parse the certificate from header Object certObj = certReader.readObject(); if (!(certObj instanceof X509CertificateHolder)) { throw new CertificateException("Unable to parse trusted header"); }//from w w w . j a v a 2 s . co m X509CertificateHolder certificate = (X509CertificateHolder) certObj; // Inspect the certificate Map<String, String> certificateInformation = convertCertificateInformation(certificate); // Debug logging to assist in diagnostics for (Map.Entry<String, String> entry : certificateInformation.entrySet()) { log.debug("Parsed certificate information {} : {}", entry.getKey(), entry.getValue()); } // Handle VRK CA for Qualified Certificates - G2 // ... and everything that had compatible attributes, at least until more needs arise //if ("C=FI,O=Vaestorekisterikeskus CA,OU=Organisaatiovarmenteet,CN=VRK CA for Qualified Certificates - G2".equals(certificateInformation.getOrDefault("ISSUER", "unknown"))) { return new UserInfo(certificateInformation.getOrDefault("rfc822Name", "unknown@unknown"), certificateInformation.getOrDefault("rfc822Name", "unknown@unknown"), certificateInformation.getOrDefault("GIVENNAME", "unknown") + " " + certificateInformation.getOrDefault("SURNAME", "unknown")); //} // Probably no handler available for this certificate //log.warn("No handler for certificate issued by {}", certificateInformation.getOrDefault("ISSUER", "unknown")); } //return null; }
From source file:org.hyperledger.fabric.sdk.NetworkConfig.java
License:Open Source License
private static PrivateKey getPrivateKeyFromString(String data) throws IOException { final Reader pemReader = new StringReader(data); final PrivateKeyInfo pemPair; try (PEMParser pemParser = new PEMParser(pemReader)) { pemPair = (PrivateKeyInfo) pemParser.readObject(); }/*from w ww.j a v a 2 s . c o m*/ return new JcaPEMKeyConverter().getPrivateKey(pemPair); }
From source file:org.hyperledger.fabric.sdk.security.CryptoPrimitivesTest.java
License:Open Source License
@Before public void setUp() throws Exception { // TODO should do this in @BeforeClass. Need to find out how to get to // files from static junit method BufferedInputStream bis = new BufferedInputStream(this.getClass().getResourceAsStream("/ca.crt")); testCACert = cf.generateCertificate(bis); bis.close();/*from w ww . ja va2s.co m*/ crypto.addCACertificateToTrustStore(testCACert, "ca"); bis = new BufferedInputStream(this.getClass().getResourceAsStream("/keypair-signed.crt")); Certificate cert = cf.generateCertificate(bis); bis.close(); // TODO: get PEM file without dropping down to BouncyCastle ? PEMParser pem = new PEMParser(new FileReader(this.getClass().getResource("/keypair-signed.key").getFile())); PEMKeyPair bcKeyPair = (PEMKeyPair) pem.readObject(); PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(bcKeyPair.getPrivateKeyInfo().getEncoded()); PrivateKey key = kf.generatePrivate(keySpec); Certificate[] certificates = new Certificate[] { cert, testCACert }; crypto.getTrustStore().setKeyEntry("key", key, "123456".toCharArray(), certificates); pem.close(); }
From source file:org.hyperledger.fabric_ca.sdkintegration.HFCAClientIT.java
License:Apache License
TBSCertList.CRLEntry[] parseCRL(String crl) throws Exception { Base64.Decoder b64dec = Base64.getDecoder(); final byte[] decode = b64dec.decode(crl.getBytes(UTF_8)); PEMParser pem = new PEMParser(new StringReader(new String(decode))); X509CRLHolder holder = (X509CRLHolder) pem.readObject(); return holder.toASN1Structure().getRevokedCertificates(); }
From source file:org.jclouds.docker.suppliers.SSLContextBuilder.java
License:Apache License
private static PrivateKey getKey(String privateKey) { PEMParser pemParser = new PEMParser(new StringReader(privateKey)); try {//from w w w . j a va 2s . com Object object = pemParser.readObject(); if (Security.getProvider("BC") == null) { Security.addProvider(new BouncyCastleProvider()); } JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC"); KeyPair keyPair = converter.getKeyPair((PEMKeyPair) object); return keyPair.getPrivate(); } catch (IOException ex) { throw new RuntimeException("Invalid private key", ex); } finally { Closeables2.closeQuietly(pemParser); } }
From source file:org.jclouds.docker.suppliers.SSLContextWithKeysSupplier.java
License:Apache License
private static PrivateKey getKey(String privateKey) { try {//w w w . j av a2s . c o m PEMParser pemParser = new PEMParser(new StringReader(privateKey)); Object object = pemParser.readObject(); if (Security.getProvider("BC") == null) { Security.addProvider(new BouncyCastleProvider()); } JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC"); KeyPair keyPair = converter.getKeyPair((PEMKeyPair) object); return keyPair.getPrivate(); } catch (IOException ex) { throw new RuntimeException("Invalid private key", ex); } }