List of usage examples for org.bouncycastle.openssl PEMParser PEMParser
public PEMParser(Reader reader)
From source file:de.carne.certmgr.store.provider.bouncycastle.BouncyCastleStoreProvider.java
License:Open Source License
@Override public Collection<Object> tryDecodePEM(String pemData, PasswordCallback password, String resource) throws IOException { ArrayList<Object> decoded = null; try (StringReader reader = new StringReader(pemData); PEMParser pemParser = new PEMParser(reader)) { Object pemObject;//from w ww .ja v a 2 s . c o m try { pemObject = pemParser.readObject(); decoded = new ArrayList<>(); } catch (IOException e) { pemObject = null; } while (pemObject != null) { assert decoded != null; if (pemObject instanceof PEMKeyPair || pemObject instanceof PEMEncryptedKeyPair) { try { decoded.add(keyFromPEMObject(pemObject, password, resource)); } catch (PasswordRequiredException e) { LOG.info(null, "Skipping key object from ''{0}'' due to missing/invalid password", resource); } } else if (pemObject instanceof X509CertificateHolder) { decoded.add(crtFromPEMObject(pemObject)); } else if (pemObject instanceof PKCS10CertificationRequest) { decoded.add(csrFromPEMObject(pemObject)); } else if (pemObject instanceof X509CRLHolder) { decoded.add(crlFromPEMObject(pemObject)); } else { LOG.info(null, "Skipping unknown object type ''{1}'' from ''{0}''", resource, pemObject.getClass()); } pemObject = pemParser.readObject(); } } return decoded; }
From source file:de.carne.certmgr.store.provider.bouncycastle.BouncyCastleStoreProvider.java
License:Open Source License
private Object readPEMObject(Path pemFile) throws IOException { Object object;/* w ww . j av a2 s . co m*/ try (Reader fileReader = Files.newBufferedReader(pemFile, PEM_CHARSET); PEMParser parser = new PEMParser(fileReader)) { object = parser.readObject(); } return object; }
From source file:de.mendelson.util.security.KeyStoreUtil.java
/** * Tries to read a certificate from a byte array, may return null if reading * the data fails//from w ww .j av a 2s .c o m */ private List<X509Certificate> readCertificates(byte[] data, Provider provider) throws CertificateException { CertificateFactory factory; List<X509Certificate> certList = null; if (provider != null) { factory = CertificateFactory.getInstance("X.509", provider); } else { factory = CertificateFactory.getInstance("X.509"); } try { //try to read p7b files first - all other read methods will ignore certificates if there is stored more than one //cert in the p7b file Collection<? extends Certificate> tempCertList = factory .generateCertPath(new ByteArrayInputStream(data), "PKCS7").getCertificates(); if (tempCertList != null && !tempCertList.isEmpty()) { certList = new ArrayList<X509Certificate>(); for (Certificate cert : tempCertList) { certList.add((X509Certificate) cert); } } } catch (Exception e) { } try { if (certList == null) { factory = CertificateFactory.getInstance("X.509", provider); Collection<? extends Certificate> tempCertList = factory .generateCertificates(new ByteArrayInputStream(data)); if (tempCertList != null && !tempCertList.isEmpty()) { certList = new ArrayList<X509Certificate>(); for (Certificate cert : tempCertList) { certList.add((X509Certificate) cert); } } } } catch (Exception e) { } try { //still no success, perhaps PEM encoding? Start the PEM reader and see if it could read the cert if (certList == null) { PEMParser pemParser = new PEMParser(new InputStreamReader(new ByteArrayInputStream(data))); X509Certificate cert = (X509Certificate) pemParser.readObject(); if (cert != null) { certList = new ArrayList<X509Certificate>(); certList.add(cert); } } } catch (Exception e) { //ignore so far } return (certList); }
From source file:de.mendelson.util.security.KeyStoreUtil.java
/** * Reads a certificate from a stream and returns it * * @deprecated// w w w. ja v a 2s. co m */ public X509Certificate readCertificate(InputStream certStream, Provider provider) throws CertificateException { CertificateFactory factory; X509Certificate cert = null; try { if (provider != null) { factory = CertificateFactory.getInstance("X.509", provider); cert = (X509Certificate) factory.generateCertificate(certStream); } //Let the default provider parsing the certificate if (provider == null || cert == null) { factory = CertificateFactory.getInstance("X.509"); cert = (X509Certificate) factory.generateCertificate(certStream); } //still no success, perhaps PEM encoding? Start the PEM reader and see if it could read the cert if (cert == null) { PEMParser pemParser = new PEMParser(new InputStreamReader(certStream)); cert = (X509Certificate) pemParser.readObject(); } } catch (Exception e) { throw new CertificateException("Not a certificate or unsupported encoding: " + e.getMessage()); } if (cert != null) { return (cert); } else { throw new CertificateException("Not a certificate or unsupported encoding."); } }
From source file:de.mendelson.util.security.PEMKeys2Keystore.java
/** * @param pemReader Reader that accesses the RSA key in PEM format * @param keypass Passphrase for the keys stored in the PEM file * @param certificateStream Stream that accesses the certificate for the * keys/*from ww w .j a va 2s . c o m*/ * @param alias Alias to use in the new keystore * */ public void importKey(Reader pemReader, char[] keypass, InputStream certificateStream, String alias) throws Exception { this.keypass = keypass; PEMParser pemParser = new PEMParser(pemReader); Object readObject = pemParser.readObject(); PEMDecryptorProvider decryptorProvider = new JcePEMDecryptorProviderBuilder().build(keypass); JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC"); PrivateKey privateKey = null; if (readObject instanceof PEMEncryptedKeyPair) { //Encrypted key - use provided password KeyPair keyPair = converter .getKeyPair(((PEMEncryptedKeyPair) readObject).decryptKeyPair(decryptorProvider)); privateKey = keyPair.getPrivate(); } else if (readObject instanceof PrivateKeyInfo) { //PKCS#8 format, the object will be an instanceof PrivateKeyInfo privateKey = converter.getPrivateKey((PrivateKeyInfo) readObject); } else { //Unencrypted key - no password needed KeyPair keyPair = converter.getKeyPair((PEMKeyPair) readObject); privateKey = keyPair.getPrivate(); } X509Certificate cert = this.readCertificate(certificateStream); KeyStore store = this.keystore; if (store == null) { store = this.generateKeyStore(); } //PKCS12 keys dont have a password, anyway take the given keystore pass as key pass for JKS store.setKeyEntry(alias, privateKey, keypass, new X509Certificate[] { cert }); }
From source file:de.mendelson.util.security.PEMKeys2PKCS12.java
/** * @param pemReader Reader that accesses the RSA key in PEM format * @param keypass Passphrase for the keys stored in the PEM file * @param certificateStream Stream that accesses the certificate for the * keys/*from w w w . j av a2 s.co m*/ * @param alias Alias to use in the new keystore * */ public void importKey(Reader pemReader, char[] keypass, InputStream certificateStream, String alias) throws Exception { this.keypass = keypass; PEMParser pemParser = new PEMParser(pemReader); Object readObject = pemParser.readObject(); PEMDecryptorProvider decryptorProvider = new JcePEMDecryptorProviderBuilder().build(keypass); JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC"); PrivateKey privateKey = null; if (readObject instanceof PEMEncryptedKeyPair) { //Encrypted key - use provided password KeyPair keyPair = converter .getKeyPair(((PEMEncryptedKeyPair) readObject).decryptKeyPair(decryptorProvider)); privateKey = keyPair.getPrivate(); } else if (readObject instanceof PrivateKeyInfo) { //PKCS#8 format, the object will be an instanceof PrivateKeyInfo privateKey = converter.getPrivateKey((PrivateKeyInfo) readObject); } else { //Unencrypted key - no password needed KeyPair keyPair = converter.getKeyPair((PEMKeyPair) readObject); privateKey = keyPair.getPrivate(); } X509Certificate cert = this.readCertificate(certificateStream); KeyStore store = this.keystore; if (store == null) { store = this.generateKeyStore(); } //PKCS12 keys dont have a password store.setKeyEntry(alias, privateKey, "dummy".toCharArray(), new X509Certificate[] { cert }); }
From source file:de.petendi.commons.crypto.connector.BCConnector.java
License:Apache License
@Override public X509Certificate extractCertificate(Reader pemReader) throws CryptoException { try {/*from www . ja va2 s . c o m*/ PEMParser parser = new PEMParser(pemReader); Object object = parser.readObject(); pemReader.close(); parser.close(); if (object instanceof X509CertificateHolder) { X509CertificateHolder x509Holder = (X509CertificateHolder) object; return new JcaX509CertificateConverter().setProvider(getProviderName()).getCertificate(x509Holder); } else { throw new IllegalArgumentException("no certificate found in pem"); } } catch (IOException e) { throw new CryptoException(e); } catch (CertificateException e) { throw new CryptoException(e); } }
From source file:edu.nps.moves.mmowgli.CACManager.java
License:Open Source License
private static void parseCert(String cert, CACData data) { cert = cert.replace(' ', '\r'); cert = cert.replace("BEGIN\rCERTIFICATE", "BEGIN CERTIFICATE"); cert = cert.replace("END\rCERTIFICATE", "END CERTIFICATE"); PEMParser pr = new PEMParser(new StringReader(cert)); try {//www. ja va2 s .co m Object o = pr.readObject(); pr.close(); if (o instanceof X509CertificateHolder) { X509CertificateHolder x509 = (X509CertificateHolder) o; X500Name x500name = x509.getSubject(); RDN cnRdns[] = x500name.getRDNs(BCStyle.CN); String cn = IETFUtils.valueToString(cnRdns[0].getFirst().getValue()); parseCN(cn, data); GeneralNames gns = GeneralNames.fromExtensions(x509.getExtensions(), Extension.subjectAlternativeName); if (gns != null) { GeneralName[] subjectAltNames = gns.getNames(); for (GeneralName gn : subjectAltNames) { if (gn.getTagNo() == GeneralName.rfc822Name) { // check for email String s = DERIA5String.getInstance(gn.getName()).getString(); if (s.contains("@")) { data.userEmail = s; break; } } } } // Create the unique card identifier (issuer+serial) which when hashed goes into the database for quick login String uniqueCertId = x509.getIssuer().toString() + " " + x509.getSerialNumber().toString(); MessageDigest md = MessageDigest.getInstance("SHA-256"); md.update(uniqueCertId.getBytes("UTF-8")); // or UTF-16 byte[] digest = md.digest(); data.cacId = Hex.encodeHexString(digest); /* Alternatively, this will do a salted hash, but the output is not the same for the same input; better security * but the login performance would be bad since the user list has to be polled instead of indexed try { data.cacId = PasswordHash.createHash(uniqueCertId); } catch(Exception ex) { MSysOut.println(MmowgliConstants.SYSTEM_LOGS,"Program error, could not create CAC hash; auto-login disabled"); data.cacId = null; } System.out.println("data cacId: "+data.cacId); */ } } catch (IOException | NoSuchAlgorithmException ex) { MSysOut.println(MmowgliConstants.SYSTEM_LOGS, ex.getClass().getSimpleName() + ": Program error, could not parse CAC"); data.cacId = null; data.isCACPresent = false; } // Some informational stuff /* this gives same info as the x509 methods below RDN rdns[] = x500name.getRDNs(); for(RDN rdn : rdns) { AttributeTypeAndValue[] tandV = rdn.getTypesAndValues(); for(AttributeTypeAndValue tv : tandV) { System.out.println(tv.getType()); System.out.println(IETFUtils.valueToString(tv.getType())); System.out.println(tv.getValue()); System.out.println(IETFUtils.valueToString(tv.getValue())); } } */ /* System.out.println("X509 version: "+x509.getVersionNumber()); System.out.println("X509 Serial num: "+x509.getSerialNumber()); System.out.println("X509 Sig algo: "+x509.getSignatureAlgorithm().getAlgorithm().toASN1Primitive()); System.out.println("X509 Issuer: "+x509.getIssuer()); System.out.println("X509 Not before: "+x509.getNotBefore()); System.out.println("X509 Not after: "+x509.getNotAfter()); System.out.println("X509 Subject: "+x509.getSubject()); System.out.println("X509 Subject Public Key Info: "+x509.getSubjectPublicKeyInfo().getAlgorithm().getAlgorithm()); */ /* System.out.println("CriticalExtensionOIDs: "); Set<?> set = x509.getCriticalExtensionOIDs(); Iterator<?> itr = set.iterator(); while(itr.hasNext()) { ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)itr.next(); System.out.println(oid.toString()+" : "+x509.getExtension(oid).getParsedValue()); } System.out.println("NonCriticalExtensionOIDs: "); set = x509.getNonCriticalExtensionOIDs(); itr = set.iterator(); while(itr.hasNext()) { ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)itr.next(); System.out.println(oid.toString()+" : "+x509.getExtension(oid).getParsedValue()); } System.out.println("Other api: getExtensionOIDs"); List<?> lis = x509.getExtensionOIDs(); itr = lis.iterator(); while(itr.hasNext()) { ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)itr.next(); System.out.println(oid.toString()+" : "+x509.getExtension(oid).getParsedValue()); } System.out.println("From the extensions \"block\""); Extensions exts = x509.getExtensions(); ASN1ObjectIdentifier[] ids = exts.getExtensionOIDs(); for(ASN1ObjectIdentifier oid : ids) { org.bouncycastle.asn1.x509.Extension ext = exts.getExtension(oid); System.out.println(oid.toString()+": "+IETFUtils.valueToString(ext.getParsedValue())); } // */ }
From source file:edu.wisc.doit.tcrypt.AbstractPublicKeyDecrypter.java
License:Apache License
/** * Create an encrypter and decrypter using the specified {@link Reader}, note the * caller is responsible for closing the Reader. * /*from w w w . ja va 2 s.c o m*/ * @param privateKeyReader Reader to load the {@link KeyPair} from */ @SuppressWarnings("resource") public AbstractPublicKeyDecrypter(Reader privateKeyReader) throws IOException { this((PEMKeyPair) new PEMParser(privateKeyReader).readObject()); }
From source file:edu.wisc.doit.tcrypt.AbstractPublicKeyEncrypter.java
License:Apache License
/** * Create an encrypter specified {@link Reader}, note the * caller is responsible for closing the Reader. * /*from w w w . j a v a2s .c o m*/ * @param publicKeyReader Reader to load the {@link PublicKey} from */ @SuppressWarnings("resource") public AbstractPublicKeyEncrypter(Reader publicKeyReader) throws IOException { this((SubjectPublicKeyInfo) new PEMParser(publicKeyReader).readObject()); }