List of usage examples for org.bouncycastle.openssl PEMParser readObject
public Object readObject() throws IOException
From source file:ai.susi.SusiServer.java
License:Open Source License
private static void setupHttpServer(int httpPort, int httpsPort) throws Exception { QueuedThreadPool pool = new QueuedThreadPool(); pool.setMaxThreads(500);//from ww w.j a va 2 s. c o m SusiServer.server = new Server(pool); SusiServer.server.setStopAtShutdown(true); //http if (!httpsMode.equals(HttpsMode.ONLY)) { HttpConfiguration http_config = new HttpConfiguration(); if (httpsMode.equals(HttpsMode.REDIRECT)) { //redirect http_config.addCustomizer(new SecureRequestCustomizer()); http_config.setSecureScheme("https"); http_config.setSecurePort(httpsPort); } ServerConnector connector = new ServerConnector(SusiServer.server); connector.addConnectionFactory(new HttpConnectionFactory(http_config)); connector.setPort(httpPort); connector.setName("httpd:" + httpPort); connector.setIdleTimeout(20000); // timout in ms when no bytes send / received SusiServer.server.addConnector(connector); } //https //uncommented lines for http2 (jetty 9.3 / java 8) if (httpsMode.isGreaterOrEqualTo(HttpsMode.ON)) { Log.getLog().info("HTTPS activated"); String keySource = DAO.getConfig("https.keysource", "keystore"); KeyStore keyStore; String keystoreManagerPass; //check for key source. Can be a java keystore or in pem format (gets converted automatically) if ("keystore".equals(keySource)) { Log.getLog().info("Loading keystore from disk"); //use native keystore format File keystoreFile = new File(DAO.conf_dir, DAO.getConfig("keystore.name", "keystore.jks")); if (!keystoreFile.exists() || !keystoreFile.isFile() || !keystoreFile.canRead()) { throw new Exception("Could not find keystore"); } keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(new FileInputStream(keystoreFile.getAbsolutePath()), DAO.getConfig("keystore.password", "").toCharArray()); keystoreManagerPass = DAO.getConfig("keystore.password", ""); } else if ("key-cert".equals(keySource)) { Log.getLog().info("Importing keystore from key/cert files"); //use more common pem format as used by openssl //generate random password char[] chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789".toCharArray(); StringBuilder sb = new StringBuilder(); Random random = new Random(); for (int i = 0; i < 20; i++) { char c = chars[random.nextInt(chars.length)]; sb.append(c); } String password = keystoreManagerPass = sb.toString(); //get key and cert File keyFile = new File(DAO.getConfig("https.key", "")); if (!keyFile.exists() || !keyFile.isFile() || !keyFile.canRead()) { throw new Exception("Could not find key file"); } File certFile = new File(DAO.getConfig("https.cert", "")); if (!certFile.exists() || !certFile.isFile() || !certFile.canRead()) { throw new Exception("Could not find cert file"); } Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); byte[] keyBytes = Files.readAllBytes(keyFile.toPath()); byte[] certBytes = Files.readAllBytes(certFile.toPath()); PEMParser parser = new PEMParser(new InputStreamReader(new ByteArrayInputStream(certBytes))); X509Certificate cert = new JcaX509CertificateConverter().setProvider("BC") .getCertificate((X509CertificateHolder) parser.readObject()); parser = new PEMParser(new InputStreamReader(new ByteArrayInputStream(keyBytes))); PrivateKey key = new JcaPEMKeyConverter().setProvider("BC") .getPrivateKey((PrivateKeyInfo) parser.readObject()); keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(null, null); keyStore.setCertificateEntry(cert.getSubjectX500Principal().getName(), cert); keyStore.setKeyEntry("defaultKey", key, password.toCharArray(), new Certificate[] { cert }); Log.getLog().info("Successfully imported keystore from key/cert files"); } else { throw new Exception("Invalid option for https.keysource"); } HttpConfiguration https_config = new HttpConfiguration(); https_config.addCustomizer(new SecureRequestCustomizer()); HttpConnectionFactory http1 = new HttpConnectionFactory(https_config); //HTTP2ServerConnectionFactory http2 = new HTTP2ServerConnectionFactory(https_config); //NegotiatingServerConnectionFactory.checkProtocolNegotiationAvailable(); //ALPNServerConnectionFactory alpn = new ALPNServerConnectionFactory(); //alpn.setDefaultProtocol(http1.getProtocol()); SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setKeyStore(keyStore); sslContextFactory.setKeyManagerPassword(keystoreManagerPass); //sslContextFactory.setCipherComparator(HTTP2Cipher.COMPARATOR); //sslContextFactory.setUseCipherSuitesOrder(true); //SslConnectionFactory ssl = new SslConnectionFactory(sslContextFactory, alpn.getProtocol()); SslConnectionFactory ssl = new SslConnectionFactory(sslContextFactory, "http/1.1"); //ServerConnector sslConnector = new ServerConnector(LoklakServer.server, ssl, alpn, http2, http1); ServerConnector sslConnector = new ServerConnector(SusiServer.server, ssl, http1); sslConnector.setPort(httpsPort); sslConnector.setName("httpd:" + httpsPort); sslConnector.setIdleTimeout(20000); // timout in ms when no bytes send / received SusiServer.server.addConnector(sslConnector); } }
From source file:be.neutrinet.ispng.vpn.api.VPNClientCertificate.java
@Put public Representation storeCSR(Representation csrstream) { if (!getRequestAttributes().containsKey("client")) { return clientError("MALFORMED_REQUEST", Status.CLIENT_ERROR_BAD_REQUEST); }/*from w ww . ja v a 2s .c om*/ StreamRepresentation sr = (StreamRepresentation) csrstream; // Do all kinds of security checks try { Client client = Clients.dao.queryForId(getAttribute("client").toString()); PEMParser parser = new PEMParser(sr.getReader()); PKCS10CertificationRequest csr = (PKCS10CertificationRequest) parser.readObject(); SubjectPublicKeyInfo pkInfo = csr.getSubjectPublicKeyInfo(); RSAKeyParameters rsa = (RSAKeyParameters) PublicKeyFactory.createKey(pkInfo); // This makes the NSA work harder on their quantum computer // Require 4096 bit key // http://stackoverflow.com/a/20622933 if (!(rsa.getModulus().bitLength() > 2048)) { ClientError err = new ClientError("ILLEGAL_KEY_SIZE"); return new JacksonRepresentation(err); } X500Name subject = X500Name.getInstance(csr.getSubject()); RDN[] rdns = subject.getRDNs(BCStyle.CN); if (rdns == null || rdns.length == 0) { return clientError("NO_CSR_CN", Status.CLIENT_ERROR_BAD_REQUEST); } String CN = IETFUtils.valueToString(rdns[0].getFirst().getValue()); if (CN == null || CN.isEmpty()) { return clientError("INVALID_CSR_CN", Status.CLIENT_ERROR_BAD_REQUEST); } if (getQueryValue("rekey") != null && Boolean.parseBoolean(getQueryValue("rekey"))) { if (!getRequestAttributes().containsKey("cert")) { return clientError("MALFORMED_REQUEST", Status.CLIENT_ERROR_BAD_REQUEST); } Certificate old = Certificates.dao.queryForId(getAttribute("cert")); if (old == null) return clientError("MALFORMED_REQUEST", Status.CLIENT_ERROR_BAD_REQUEST); old.revocationDate = new Date(); if (old.get() == null) { // this can happen when the old certificate is no longer present on the system // in which case the rekey has to go through } else if (pkInfo.getPublicKeyData().getString() .equals(old.get().getSubjectPublicKeyInfo().getPublicKeyData().getString())) { return clientError("REKEY_USING_SAME_KEY", Status.CLIENT_ERROR_NOT_ACCEPTABLE); } Certificates.dao.update(old); } for (Certificate existingCert : Certificates.dao.queryForEq("client_id", client)) { if (existingCert.revocationDate.getTime() > System.currentTimeMillis()) { return clientError("ANOTHER_CLIENT_CERT_ACTIVE", Status.CLIENT_ERROR_NOT_ACCEPTABLE); } } // couple CN to client client.commonName = CN; Clients.dao.update(client); String caStorePath = VPN.cfg.getProperty("ca.storeDir", "ca"); File dir = new File(caStorePath); if (!dir.isDirectory()) { dir.mkdirs(); } Certificate cert = new Certificate(); cert.client = client; Certificates.dao.create(cert); FileWriter fw = new FileWriter(caStorePath + "/" + cert.id + ".csr"); PEMWriter pw = new PEMWriter(fw); pw.writeObject(csr); pw.flush(); return new JacksonRepresentation<>(cert); } catch (Exception ex) { Logger.getLogger(getClass()).error("Failed to validate CSR and/or sign CSR", ex); } return DEFAULT_ERROR; }
From source file:bft.BFTNode.java
private PrivateKey getPemPrivateKey(String filename) throws IOException { BufferedReader br = new BufferedReader(new FileReader(filename)); PEMParser pp = new PEMParser(br); Object obj = pp.readObject(); pp.close();//ww w .ja v a 2 s. c o m br.close(); if (obj instanceof PrivateKeyInfo) { PrivateKeyInfo keyInfo = (PrivateKeyInfo) obj; return (new JcaPEMKeyConverter().getPrivateKey(keyInfo)); } else { PEMKeyPair pemKeyPair = (PEMKeyPair) obj; KeyPair kp = new JcaPEMKeyConverter().getKeyPair(pemKeyPair); return kp.getPrivate(); } }
From source file:bft.BFTNode.java
private X509CertificateHolder getCertificate(String filename) throws IOException { BufferedReader br = new BufferedReader(new FileReader(filename)); PEMParser pp = new PEMParser(br); X509CertificateHolder ret = (X509CertificateHolder) pp.readObject(); br.close();/*from w w w.j a v a 2s. co m*/ pp.close(); return ret; }
From source file:bft.TestSignatures.java
private static void parseCertificate(String filename) throws IOException { BufferedReader br = new BufferedReader(new FileReader(filename)); PEMParser pp = new PEMParser(br); X509CertificateHolder certificate = (X509CertificateHolder) pp.readObject(); PemObject pemObj = (new PemObject("", certificate.getEncoded())); StringWriter strWriter = new StringWriter(); PemWriter writer = new PemWriter(strWriter); writer.writeObject(pemObj);//from www . j a v a2 s . c o m writer.close(); strWriter.close(); TestSignatures.serializedCert = strWriter.toString().getBytes(); }
From source file:bft.TestSignatures.java
private static PrivateKey getPemPrivateKey(String filename) throws IOException { BufferedReader br = new BufferedReader(new FileReader(filename)); //Security.addProvider(new BouncyCastleProvider()); PEMParser pp = new PEMParser(br); PEMKeyPair pemKeyPair = (PEMKeyPair) pp.readObject(); KeyPair kp = new JcaPEMKeyConverter().getKeyPair(pemKeyPair); pp.close();/*from w w w. j a va2 s . com*/ br.close(); return kp.getPrivate(); //samlResponse.sign(Signature.getInstance("SHA1withRSA").toString(), kp.getPrivate(), certs); }
From source file:bft.TestSignaturesZMQ.java
private static void parseCertificate(String filename) throws IOException { BufferedReader br = new BufferedReader(new FileReader(filename)); PEMParser pp = new PEMParser(br); X509CertificateHolder certificate = (X509CertificateHolder) pp.readObject(); PemObject pemObj = (new PemObject("", certificate.getEncoded())); StringWriter strWriter = new StringWriter(); PemWriter writer = new PemWriter(strWriter); writer.writeObject(pemObj);/*from w w w . j av a 2s .c o m*/ writer.close(); strWriter.close(); TestSignaturesZMQ.serializedCert = strWriter.toString().getBytes(); }
From source file:cf.monteux.silvertunnel.netlib.layer.tor.util.Encryption.java
License:Open Source License
/** * makes RSA private key from PEM string. * * @param s PEM string that contains the key * @return//from w ww . ja v a 2 s . c om * @see JCERSAPublicKey */ public static RSAKeyPair extractRSAKeyPair(final String s) { RSAKeyPair rsaKeyPair; try { // parse final PEMParser parser = new PEMParser(new StringReader(s)); final Object o = parser.readObject(); parser.close(); // check types if (!(o instanceof PEMKeyPair)) { throw new IOException("Encryption.extractRSAKeyPair: no private key found in string '" + s + "'"); } final PEMKeyPair keyPair = (PEMKeyPair) o; if (keyPair.getPrivateKeyInfo() == null) { throw new IOException( "Encryption.extractRSAKeyPair: no private key found in key pair of string '" + s + "'"); } if (keyPair.getPublicKeyInfo() == null) { throw new IOException( "Encryption.extractRSAKeyPair: no public key found in key pair of string '" + s + "'"); } // convert keys and pack them together into a key pair final RSAPrivateCrtKey privateKey = new TempJCERSAPrivateCrtKey(keyPair.getPrivateKeyInfo()); logger.debug("JCEPrivateKey={}", privateKey); final RSAPublicKey publicKey = new TempJCERSAPublicKey(keyPair.getPublicKeyInfo()); rsaKeyPair = new RSAKeyPair(publicKey, privateKey); } catch (final Exception e) { logger.warn("Encryption.extractPrivateRSAKey: Caught exception:" + e.getMessage()); rsaKeyPair = null; } return rsaKeyPair; }
From source file:ch.uzh.fabric.config.SampleStore.java
License:Open Source License
static PrivateKey getPrivateKeyFromBytes(byte[] data) throws IOException, NoSuchProviderException, NoSuchAlgorithmException, InvalidKeySpecException { final PEMParser pemParser = new PEMParser(new StringReader(new String(data))); PrivateKeyInfo pemPair = (PrivateKeyInfo) pemParser.readObject(); PrivateKey privateKey = new JcaPEMKeyConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME) .getPrivateKey(pemPair);/*from w w w . j a v a2 s . c om*/ return privateKey; }
From source file:cn.org.once.cstack.utils.KeyStoreUtils.java
License:Apache License
@SuppressWarnings({ "resource", "unchecked" })
private static <T> T loadPEM(String keyPath) throws IOException {
PEMParser parser = new PEMParser(new BufferedReader(new FileReader(keyPath)));
return (T) parser.readObject();
}