Java tutorial
/* * ==================== * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. * * Copyright 2008-2009 Sun Microsystems, Inc. All rights reserved. * * The contents of this file are subject to the terms of the Common Development * and Distribution License("CDDL") (the "License"). You may not use this file * except in compliance with the License. * * You can obtain a copy of the License at * http://IdentityConnectors.dev.java.net/legal/license.txt * See the License for the specific language governing permissions and limitations * under the License. * * When distributing the Covered Code, include this CDDL Header Notice in each file * and include the License file at identityconnectors/legal/license.txt. * If applicable, add the following below this CDDL Header, with the fields * enclosed by brackets [] replaced by your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" * ==================== */ package org.identityconnectors.racf; import java.io.IOException; import java.io.StringReader; import java.security.KeyPair; import java.security.NoSuchProviderException; import java.security.PrivateKey; import java.security.Provider; import java.security.Security; import java.security.cert.X509Certificate; import org.bouncycastle.asn1.ASN1InputStream; import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.DERTaggedObject; import org.bouncycastle.asn1.DERUTF8String; import org.bouncycastle.cms.CMSEnvelopedData; import org.bouncycastle.cms.CMSException; import org.bouncycastle.cms.RecipientId; import org.bouncycastle.cms.RecipientInformation; import org.bouncycastle.cms.RecipientInformationStore; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.openssl.PEMReader; import org.identityconnectors.framework.common.exceptions.ConnectorException; public class BouncyCastlePEUtilities extends RACFPasswordEnvelopeUtilities { private BouncyCastleProvider _provider; private boolean _inited = false; public BouncyCastlePEUtilities(String certificateString, String privateKeyString) { super(certificateString, privateKeyString); init(); } private void init() { _provider = new BouncyCastleProvider(); Security.addProvider(_provider); _inited = true; } protected PrivateKey decodePrivateKey(String privateKeyString) { PEMReader reader = null; if (!_inited) init(); try { reader = new PEMReader(new StringReader(privateKeyString)); return ((KeyPair) reader.readObject()).getPrivate(); } catch (IOException e) { throw ConnectorException.wrap(e); } finally { try { reader.close(); } catch (Exception e) { } } } protected X509Certificate decodeX509Certificate(String certificateString) { PEMReader reader = null; if (!_inited) init(); try { reader = new PEMReader(new StringReader(certificateString)); return (X509Certificate) reader.readObject(); } catch (IOException e) { throw ConnectorException.wrap(e); } finally { try { reader.close(); } catch (Exception e) { } } } private RecipientId getRecipientId(X509Certificate certificate) throws IOException { RecipientId recId = new RecipientId(); recId.setSerialNumber(certificate.getSerialNumber()); recId.setIssuer(certificate.getIssuerX500Principal().getEncoded()); return recId; } protected byte[] decrypt(byte[] encrypted, X509Certificate certificate, PrivateKey key) { byte[] decrypted; try { CMSEnvelopedData enveloped = new CMSEnvelopedData(encrypted); RecipientInformationStore recipients = enveloped.getRecipientInfos(); RecipientInformation recipient = recipients.get(getRecipientId(getCertificate())); decrypted = recipient.getContent(getPrivateKey(), "BC"); } catch (NoSuchProviderException e) { throw ConnectorException.wrap(e); } catch (IOException e) { throw ConnectorException.wrap(e); } catch (CMSException e) { throw ConnectorException.wrap(e); } return decrypted; } public String getPassword(byte[] envelope) { ASN1InputStream aIn = null; try { aIn = new ASN1InputStream(envelope); Object o = null; DEROctetString oString = null; while ((o = aIn.readObject()) != null) { if (o instanceof DERSequence) { // identifier (1.2.840.113549.1.7.1) DERSequence seq = (DERSequence) o; if (seq.size() >= 2 && seq.getObjectAt(0) instanceof DERObjectIdentifier && "1.2.840.113549.1.7.1".equals(((DERObjectIdentifier) seq.getObjectAt(0)).getId())) { if (seq.getObjectAt(1) instanceof DERTaggedObject && ((DERTaggedObject) seq.getObjectAt(1)).getObject() instanceof DEROctetString) { oString = (DEROctetString) ((DERTaggedObject) seq.getObjectAt(1)).getObject(); break; } } } } aIn.close(); aIn = null; String pw = null; if (oString != null) { aIn = new ASN1InputStream(oString.getOctets()); DERSequence seq = (DERSequence) aIn.readObject(); if (seq.getObjectAt(2) instanceof DERUTF8String) { pw = ((DERUTF8String) seq.getObjectAt(2)).getString(); } aIn.close(); aIn = null; } return pw; } catch (IOException e) { try { if (aIn != null) aIn.close(); } catch (IOException e2) { } throw ConnectorException.wrap(e); } } protected Provider getProvider() { return _provider; } }