List of usage examples for org.bouncycastle.openssl PEMParser readObject
public Object readObject() throws IOException
From source file:org.renci.ahab.ndllib.transport.OrcaSMXMLRPCProxy.java
private KeyStore loadX509Data(FileInputStream certIS, FileInputStream keyIS, String keyAlias, String keyPassword) throws Exception { if (Security.getProvider("BC") == null) { Security.addProvider(new BouncyCastleProvider()); }/*ww w . java2 s.c om*/ /* AccessController.doPrivileged(new PrivilegedAction<Void>() { public Void run() { if (Security.getProvider("BC") == null) { Security.addProvider(new BouncyCastleProvider()); } System.out.println("Currently loaded security providers:"); for (Provider p: Security.getProviders()) { System.out.println("Provider " + p + " - " + p.getName()); } System.out.println("End of security provider list."); return null; } }); */ JcaPEMKeyConverter keyConverter = new JcaPEMKeyConverter().setProvider("BC"); JcaX509CertificateConverter certConverter = new JcaX509CertificateConverter().setProvider("BC"); Object object; PEMParser pemParser = new PEMParser(new BufferedReader(new InputStreamReader(keyIS, "UTF-8"))); PrivateKey privKey = null; while ((object = pemParser.readObject()) != null) { if (object instanceof PKCS8EncryptedPrivateKeyInfo) { InputDecryptorProvider decProv = new JceOpenSSLPKCS8DecryptorProviderBuilder() .build(keyPassword.toCharArray()); privKey = keyConverter .getPrivateKey(((PKCS8EncryptedPrivateKeyInfo) object).decryptPrivateKeyInfo(decProv)); break; } else if (object instanceof PEMEncryptedKeyPair) { PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder() .build(keyPassword.toCharArray()); privKey = keyConverter.getPrivateKey( (((PEMEncryptedKeyPair) object).decryptKeyPair(decProv)).getPrivateKeyInfo()); break; } else if (object instanceof PEMKeyPair) { privKey = keyConverter.getPrivateKey(((PEMKeyPair) object).getPrivateKeyInfo()); break; } } if (privKey == null) throw new Exception("Private key file did not contain a private key."); pemParser = new PEMParser(new BufferedReader(new InputStreamReader(certIS, "UTF-8"))); ArrayList<Certificate> certs = new ArrayList<Certificate>(); while ((object = pemParser.readObject()) != null) { if (object instanceof X509CertificateHolder) { certs.add(certConverter.getCertificate((X509CertificateHolder) object)); } } if (certs.isEmpty()) throw new Exception("Certificate file contained no certificates."); KeyStore ks = KeyStore.getInstance("jks"); ks.load(null); ks.setKeyEntry(keyAlias, privKey, keyPassword.toCharArray(), certs.toArray(new Certificate[certs.size()])); return ks; }
From source file:org.robotbrains.examples.mqtt.subscriber.SslCertificateSubscriberMqttExample.java
License:Apache License
/** * Create an SSL socket factory.//from www . j a va 2s . c om * * @param credentials * the security credentials * * @return the socket factory. * * @throws Exception * something bad happened */ public static SSLSocketFactory configureSSLSocketFactory(Properties credentials) throws Exception { Security.addProvider(new BouncyCastleProvider()); JcaX509CertificateConverter certificateConverter = new JcaX509CertificateConverter().setProvider("BC"); String caCrtFile = credentials.getProperty("mqtt.ca.crt"); // load CA certificate PEMParser reader = new PEMParser( new InputStreamReader(new ByteArrayInputStream(Files.readAllBytes(Paths.get(caCrtFile))))); X509Certificate caCert = certificateConverter.getCertificate((X509CertificateHolder) reader.readObject()); reader.close(); // load client certificate String crtFile = credentials.getProperty("mqtt.client.crt"); reader = new PEMParser( new InputStreamReader(new ByteArrayInputStream(Files.readAllBytes(Paths.get(crtFile))))); X509Certificate cert = certificateConverter.getCertificate((X509CertificateHolder) reader.readObject()); reader.close(); // load client private key JcaPEMKeyConverter keyConverter = new JcaPEMKeyConverter().setProvider("BC"); String keyFile = credentials.getProperty("mqtt.client.key"); reader = new PEMParser( new InputStreamReader(new ByteArrayInputStream(Files.readAllBytes(Paths.get(keyFile))))); KeyPair key = keyConverter.getKeyPair((PEMKeyPair) reader.readObject()); reader.close(); // CA certificate is used to authenticate server KeyStore caKs = KeyStore.getInstance(KeyStore.getDefaultType()); caKs.load(null, null); caKs.setCertificateEntry("ca-certificate", caCert); TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(caKs); // client key and certificates are sent to server so it can authenticate // us KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(null, null); ks.setCertificateEntry("certificate", cert); // This assumes that the client key is not password protected. We need a // password, but it could be anything. char[] password = "password".toCharArray(); ks.setKeyEntry("private-key", key.getPrivate(), password, new java.security.cert.Certificate[] { cert }); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(ks, password); // finally, create SSL socket factory SSLContext context = SSLContext.getInstance("TLS"); context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); return context.getSocketFactory(); }
From source file:org.sonatype.nexus.ssl.CertificateUtil.java
License:Open Source License
/** * Decodes a PEM formatted certificate.//w w w . jav a 2s.c o m * * @param pemFormattedCertificate text to be decoded as a PEM certificate. * @return the Certificate decoded from the input text. * @throws CertificateParsingException * thrown if the PEM formatted string cannot be parsed into a Certificate. */ public static Certificate decodePEMFormattedCertificate(final String pemFormattedCertificate) throws CertificateException { log.trace("Parsing PEM formatted certificate string:\n{}", pemFormattedCertificate); // make sure we have something to parse if (pemFormattedCertificate != null) { StringReader stringReader = new StringReader(pemFormattedCertificate); PEMParser pemReader = new PEMParser(stringReader); try { Object object = pemReader.readObject(); log.trace("Object found while paring PEM formatted string: {}", object); if (object instanceof X509CertificateHolder) { X509CertificateHolder holder = (X509CertificateHolder) object; JcaX509CertificateConverter converter = new JcaX509CertificateConverter(); return converter.getCertificate(holder); } } catch (IOException e) { throw new CertificateParsingException( "Failed to parse valid certificate from expected PEM formatted certificate:\n" + pemFormattedCertificate, e); } } // cert was not a valid object throw new CertificateParsingException( "Failed to parse valid certificate from expected PEM formatted certificate:\n" + pemFormattedCertificate); }
From source file:org.tdmx.client.crypto.certificate.CertificateIOUtils.java
License:Open Source License
public static PKIXCertificate[] pemToX509certs(String input) throws CryptoCertificateException { StringReader sr = new StringReader(input); PEMParser pp = new PEMParser(sr); List<PKIXCertificate> certList = new ArrayList<>(); Object o = null;/*from w w w. j a va 2s .com*/ try { while ((o = pp.readObject()) != null) { if (o instanceof X509CertificateHolder) { X509CertificateHolder ch = (X509CertificateHolder) o; PKIXCertificate c = decodeX509(ch.getEncoded()); certList.add(c); } } } catch (IOException e) { throw new CryptoCertificateException(CertificateResultCode.ERROR_IO, e); } finally { try { pp.close(); } catch (IOException e) { } } return certList.toArray(new PKIXCertificate[0]); }
From source file:org.tdmx.client.crypto.certificate.PrivateKeyIOUtils.java
License:Open Source License
public static KeyPair pemToRSAPrivateKeyPair(String input) throws CryptoCertificateException { StringReader sr = new StringReader(input); PEMParser pp = new PEMParser(sr); Object o = null;//ww w.j a v a2s .c o m try { while ((o = pp.readObject()) != null) { if (o instanceof PEMKeyPair) { PEMKeyPair ch = (PEMKeyPair) o; byte[] pkbytes = ch.getPublicKeyInfo().getEncoded(ASN1Encoding.DER); KeyFactory kf = KeyFactory.getInstance(ALGORITHM); EncodedKeySpec eks = new X509EncodedKeySpec(pkbytes); PublicKey publicKey = kf.generatePublic(eks); byte[] privbytes = ch.getPrivateKeyInfo().getEncoded(ASN1Encoding.DER); EncodedKeySpec epks = new PKCS8EncodedKeySpec(privbytes); PrivateKey privateKey = kf.generatePrivate(epks); KeyPair kp = new KeyPair(publicKey, privateKey); return kp; } } } catch (IOException e) { throw new CryptoCertificateException(CertificateResultCode.ERROR_IO, e); } catch (NoSuchAlgorithmException e) { throw new CryptoCertificateException(CertificateResultCode.ERROR_MISSING_ALGORITHM, e); } catch (InvalidKeySpecException e) { throw new CryptoCertificateException(CertificateResultCode.ERROR_INVALID_KEY_SPEC, e); } finally { try { pp.close(); } catch (IOException e) { } } return null; }
From source file:org.tdmx.client.crypto.certificate.TrustStoreCertificateIOUtils.java
License:Open Source License
public static List<TrustStoreEntry> pemToTrustStoreEntries(String input) throws CryptoCertificateException { StringReader sr = new StringReader(input); PEMParser pp = new PEMParser(sr); List<TrustStoreEntry> certList = new ArrayList<>(); Object o = null;/*w ww . j a v a2 s. c om*/ try { while ((o = pp.readObject()) != null) { if (o instanceof X509CertificateHolder) { X509CertificateHolder ch = (X509CertificateHolder) o; PKIXCertificate c = CertificateIOUtils.decodeX509(ch.getEncoded()); certList.add(new TrustStoreEntry(c)); } } pp.close(); } catch (IOException e) { throw new CryptoCertificateException(CertificateResultCode.ERROR_IO, e); } BufferedReader br = new BufferedReader(new StringReader(input)); String strLine; try { while ((strLine = br.readLine()) != null) { if (strLine.startsWith(TrustStoreEntry.FRIENDLY_NAME)) { String restofLine = strLine.substring(TrustStoreEntry.FRIENDLY_NAME.length()); int separator = restofLine.indexOf(" "); if (separator != -1) { String fingerprint = restofLine.substring(0, separator); String text = restofLine.substring(separator + 1); for (TrustStoreEntry e : certList) { if (fingerprint.equals(e.getCertificate().getFingerprint())) { e.setFriendlyName(text); } } } } if (strLine.startsWith(TrustStoreEntry.COMMENT_LINE)) { String restofLine = strLine.substring(TrustStoreEntry.COMMENT_LINE.length()); int separator = restofLine.indexOf(" "); if (separator != -1) { String fingerprint = restofLine.substring(0, separator); String text = restofLine.substring(separator + 1); for (TrustStoreEntry e : certList) { if (fingerprint.equals(e.getCertificate().getFingerprint())) { e.addComment(text); } } } } } } catch (IOException e) { throw new CryptoCertificateException(CertificateResultCode.ERROR_IO, e); } return certList; }
From source file:org.thingsboard.gateway.extensions.mqtt.client.conf.credentials.CertPemClientCredentials.java
License:Apache License
private Object readPEMFile(String filePath) throws Exception { PEMParser reader = new PEMParser(new FileReader(filePath)); Object fileHolder = reader.readObject(); reader.close();// w w w.ja v a2s. co m return fileHolder; }
From source file:org.wso2.carbon.identity.certificateauthority.utils.CsrUtils.java
License:Open Source License
/** * convert a base 64 encoded csr request into a PKCS10CertificateRequest class (bouncy-castle class) * * @param encodedCsr Base 64 encoded csr request * @return PKCS10CertificationRequest constructed from the encoded string *//*w w w . j a va2 s . c o m*/ public static PKCS10CertificationRequest getCRfromEncodedCsr(String encodedCsr) throws IOException { PEMParser pemParser = new PEMParser( new InputStreamReader(new ByteArrayInputStream(encodedCsr.getBytes()), "8859_1")); return (PKCS10CertificationRequest) pemParser.readObject(); }
From source file:org.xdi.oxauth.crypto.cert.CertificateParser.java
License:MIT License
public static X509Certificate parsePem(String pemEncodedCert) throws CertificateException { StringReader sr = new StringReader(pemEncodedCert); PEMParser pemReader = new PEMParser(sr); try {/*from ww w .ja va2 s . co m*/ X509CertificateHolder certificateHolder = ((X509CertificateHolder) pemReader.readObject()); if (certificateHolder == null) { return null; } X509Certificate cert = new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME) .getCertificate(certificateHolder); return cert; } catch (IOException ex) { throw new CertificateException(ex); } finally { IOUtils.closeQuietly(pemReader); } }
From source file:org.xdi.oxauth.model.util.JwtUtil.java
License:MIT License
public static PublicKey getPublicKey(String jwksUri, String jwks, SignatureAlgorithm signatureAlgorithm, String keyId) {//from w w w.ja v a 2 s. co m log.debug("Retrieving JWK..."); JSONObject jsonKeyValue = getJsonKey(jwksUri, jwks, keyId); if (jsonKeyValue == null) { return null; } org.xdi.oxauth.model.crypto.PublicKey publicKey = null; try { String resultKeyId = jsonKeyValue.getString(KEY_ID); if (signatureAlgorithm == null) { signatureAlgorithm = SignatureAlgorithm.fromString(jsonKeyValue.getString(ALGORITHM)); if (signatureAlgorithm == null) { log.error(String.format("Failed to determine key '%s' signature algorithm", resultKeyId)); return null; } } JSONObject jsonPublicKey = jsonKeyValue; if (jsonKeyValue.has(PUBLIC_KEY)) { // Use internal jwks.json format jsonPublicKey = jsonKeyValue.getJSONObject(PUBLIC_KEY); } if (signatureAlgorithm == SignatureAlgorithm.RS256 || signatureAlgorithm == SignatureAlgorithm.RS384 || signatureAlgorithm == SignatureAlgorithm.RS512) { //String alg = jsonKeyValue.getString(ALGORITHM); //String use = jsonKeyValue.getString(KEY_USE); String exp = jsonPublicKey.getString(EXPONENT); String mod = jsonPublicKey.getString(MODULUS); BigInteger publicExponent = new BigInteger(1, Base64Util.base64urldecode(exp)); BigInteger modulus = new BigInteger(1, Base64Util.base64urldecode(mod)); publicKey = new RSAPublicKey(modulus, publicExponent); } else if (signatureAlgorithm == SignatureAlgorithm.ES256 || signatureAlgorithm == SignatureAlgorithm.ES384 || signatureAlgorithm == SignatureAlgorithm.ES512) { //String alg = jsonKeyValue.getString(ALGORITHM); //String use = jsonKeyValue.getString(KEY_USE); //String crv = jsonKeyValue.getString(CURVE); String xx = jsonPublicKey.getString(X); String yy = jsonPublicKey.getString(Y); BigInteger x = new BigInteger(1, Base64Util.base64urldecode(xx)); BigInteger y = new BigInteger(1, Base64Util.base64urldecode(yy)); publicKey = new ECDSAPublicKey(signatureAlgorithm, x, y); } if (publicKey != null && jsonKeyValue.has(CERTIFICATE_CHAIN)) { final String BEGIN = "-----BEGIN CERTIFICATE-----"; final String END = "-----END CERTIFICATE-----"; JSONArray certChain = jsonKeyValue.getJSONArray(CERTIFICATE_CHAIN); String certificateString = BEGIN + "\n" + certChain.getString(0) + "\n" + END; StringReader sr = new StringReader(certificateString); PEMParser pemReader = new PEMParser(sr); X509Certificate cert = (X509CertificateObject) pemReader.readObject(); Certificate certificate = new Certificate(signatureAlgorithm, cert); publicKey.setCertificate(certificate); } if (publicKey != null) { publicKey.setKeyId(resultKeyId); publicKey.setSignatureAlgorithm(signatureAlgorithm); } } catch (Exception ex) { log.error(ex.getMessage(), ex); } return publicKey; }