@Override public PrivateKey decodePemEncodedPrivateKey(Reader privateKeyReader, String password) { try (PEMParser pemParser = new PEMParser(privateKeyReader)) { Object keyPair = pemParser.readObject(); // retrieve the PrivateKeyInfo from the returned keyPair object. if the key is encrypted, it needs to be // decrypted using the specified password first. PrivateKeyInfo keyInfo; if (keyPair instanceof PEMEncryptedKeyPair) { if (password == null) { throw new ImportException("Unable to import private key. Key is encrypted, but no password was provided."); } PEMDecryptorProvider decryptor = new JcePEMDecryptorProviderBuilder().build(password.toCharArray()); PEMKeyPair decryptedKeyPair = ((PEMEncryptedKeyPair) keyPair).decryptKeyPair(decryptor); keyInfo = decryptedKeyPair.getPrivateKeyInfo(); } else { keyInfo = ((PEMKeyPair) keyPair).getPrivateKeyInfo(); } return new JcaPEMKeyConverter().getPrivateKey(keyInfo); } catch (IOException e) { throw new ImportException("Unable to read PEM-encoded PrivateKey", e); } }
public static <T> T parsePem(Class<T> clazz, Reader pemReader) throws IOException { try (PEMParser pemParser = new PEMParser(pemReader)) { Object object = pemParser.readObject(); if (!clazz.isInstance(object)) { throw new IOException("Expected " + clazz + " but got " + object.getClass()); } return (T) object; } }
/** * Return private key ("key.pem") from Reader */ @CheckForNull public static PrivateKey loadPrivateKey(final Reader reader) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException { try (PEMParser pemParser = new PEMParser(reader)) { Object readObject = pemParser.readObject(); while (readObject != null) { PrivateKeyInfo privateKeyInfo = getPrivateKeyInfoOrNull(readObject); if (privateKeyInfo != null) { return new JcaPEMKeyConverter().getPrivateKey(privateKeyInfo); } readObject = pemParser.readObject(); } } return null; }
private PrivateKey loadPrivateKey(String encodedPrivateKey, String passphrase) throws CertificateException { PEMParser pemParser = new PEMParser(new InputStreamReader(new ByteArrayInputStream(encodedPrivateKey.getBytes()))); JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC"); Object object = pemParser.readObject(); PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(passphrase.toCharArray()); KeyPair keyPair = converter.getKeyPair(((PEMEncryptedKeyPair) object).decryptKeyPair(decProv)); privateKey = keyPair.getPrivate(); } else if (object instanceof PEMKeyPair) { KeyPair keyPair = converter.getKeyPair((PEMKeyPair) object); privateKey = keyPair.getPrivate(); } else if (object instanceof PrivateKeyInfo) { PrivateKeyInfo privateKeyInfo = (PrivateKeyInfo) object; privateKey = converter.getPrivateKey(privateKeyInfo); } finally { try { pemParser.close(); } catch (IOException e) { throw new CertificateException("Failed to close key reader", e);
PEMParser pemParser = new PEMParser(reader)) { final Object object = pemParser.readObject(); final JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider( "BC" ); final PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build( passPhrase.toCharArray() ); kp = converter.getKeyPair( ( (PEMEncryptedKeyPair) object ).decryptKeyPair( decProv ) ); final InputDecryptorProvider provider = new JceOpenSSLPKCS8DecryptorProviderBuilder().build( passPhrase.toCharArray() ); final PrivateKeyInfo privateKeyInfo = encryptedInfo.decryptPrivateKeyInfo( provider ); return converter.getPrivateKey( privateKeyInfo ); return converter.getPrivateKey( (PrivateKeyInfo) object ); kp = converter.getKeyPair( (PEMKeyPair) object );
r = new PEMParser(resource.getReader()); final Object o = r.readObject(); final JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter(); pemConverter.setProvider(SecurityUtils.getSecurityProvider()); JcePEMDecryptorProviderBuilder decryptorBuilder = new JcePEMDecryptorProviderBuilder(); decryptorBuilder.setProvider(SecurityUtils.getSecurityProvider()); try { passphrase = pwdf == null ? null : pwdf.reqPassword(resource); kp = pemConverter.getKeyPair(encryptedKeyPair.decryptKeyPair(decryptorBuilder.build(passphrase))); } finally { PasswordUtils.blankOut(passphrase); kp = pemConverter.getKeyPair((PEMKeyPair) o); } else { log.debug("Expected PEMEncryptedKeyPair or PEMKeyPair, got: {}", o);
int myFunc(String privateKeyFileName, char [] password) { File privateKeyFile = new File(privateKeyFileName); // private key file in PEM format PEMParser pemParser = new PEMParser(new FileReader(privateKeyFile)); Object object = pemParser.readObject(); PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(password); JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC"); KeyPair kp; if (object instanceof PEMEncryptedKeyPair) { System.out.println("Encrypted key - we will use provided password"); kp = converter.getKeyPair(((PEMEncryptedKeyPair) object).decryptKeyPair(decProv)); } else { System.out.println("Unencrypted key - no password needed"); kp = converter.getKeyPair((PEMKeyPair) object); } }
try (PEMParser pemReader = new PEMParser(keyReader)) { X9ECParameters ecParam = null; Object pemObj = pemReader.readObject(); ecParam = ECNamedCurveTable.getByOID(ecOID); if (ecParam == null) { throw new PEMException("Unable to find EC Parameter for the given curve oid: " + ecOID.getId()); pemObj = pemReader.readObject(); pemObj = pemReader.readObject(); PrivateKeyInfo pKeyInfo = ((PEMKeyPair) pemObj).getPrivateKeyInfo(); JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter(); privateKey = pemConverter.getPrivateKey(pKeyInfo);
static PrivateKey loadPrivateKey(String keyPath) throws IOException, GeneralSecurityException { try (Reader reader = new FileReader(keyPath); PEMParser parser = new PEMParser(reader)) { Object readObject; while ((readObject = parser.readObject()) != null) { if (readObject instanceof PEMKeyPair) { PEMKeyPair keyPair = (PEMKeyPair) readObject; return generatePrivateKey(keyPair.getPrivateKeyInfo()); } else if (readObject instanceof PrivateKeyInfo) { return generatePrivateKey((PrivateKeyInfo) readObject); } } } throw new GeneralSecurityException("Cannot generate private key from file: " + keyPath); }
private X509Certificate loadCertificate(String encodedCertificate) throws CertificateException { PEMParser pemParser = new PEMParser(new InputStreamReader(new ByteArrayInputStream(encodedCertificate.getBytes()))); X509Certificate certificate; try { Object object = pemParser.readObject(); if (object instanceof X509CertificateHolder) { certificate = new JcaX509CertificateConverter().setProvider("BC").getCertificate((X509CertificateHolder) object); } else { throw new CertificateException("Unsupported certificate type, not an X509CertificateHolder."); } } catch (IOException ex) { throw new CertificateException("Failed to read certificate.", ex); } finally { try { pemParser.close(); } catch (IOException e) { throw new CertificateException("Failed to close certificate reader.", e); } } if (certificate == null) { throw new CertificateException("Failed to read certificate. The security provider could not parse it."); } return certificate; } }
private static X509Certificate initializeCertificate(String pemCertificate) throws IOException { PEMReader reader = new PEMReader(new InputStreamReader(new ByteArrayInputStream(pemCertificate.getBytes()))); return (X509Certificate) reader.readObject(); }
/** * Find a PrivateKeyInfo in the PEM object details. Returns null if the PEM object type is unknown. */ @CheckForNull private static PrivateKeyInfo getPrivateKeyInfoOrNull(Object pemObject) throws NoSuchAlgorithmException { PrivateKeyInfo privateKeyInfo = null; if (pemObject instanceof PEMKeyPair) { PEMKeyPair pemKeyPair = (PEMKeyPair) pemObject; privateKeyInfo = pemKeyPair.getPrivateKeyInfo(); } else if (pemObject instanceof PrivateKeyInfo) { privateKeyInfo = (PrivateKeyInfo) pemObject; } else if (pemObject instanceof ASN1ObjectIdentifier) { // no idea how it can be used final ASN1ObjectIdentifier asn1ObjectIdentifier = (ASN1ObjectIdentifier) pemObject; LOG.trace("Ignoring asn1ObjectIdentifier {}", asn1ObjectIdentifier); } else { LOG.warn("Unknown object '{}' from PEMParser", pemObject); } return privateKeyInfo; }
private void buildCRL(X509Certificate x509Certificate, String crlPath) throws Exception { X509v2CRLBuilder builder = new JcaX509v2CRLBuilder(x509Certificate.getIssuerX500Principal(), certStartTime); builder.addCRLEntry(x509Certificate.getSerialNumber(), certStartTime, CRLReason.cACompromise); builder.setNextUpdate(certEndTime); builder.addExtension(Extension.authorityKeyIdentifier, false, new JcaX509ExtensionUtils() .createAuthorityKeyIdentifier(rootCertificate)); builder.addExtension(Extension.cRLNumber, false, new CRLNumber(new BigInteger("1000"))); X509CRLHolder cRLHolder = builder.build(contentSigner); PemWriter pemWriter = new PemWriter(new FileWriter(crlPath)); pemWriter.writeObject(new MiscPEMGenerator(cRLHolder)); pemWriter.flush(); pemWriter.close(); }
public static JcaPKCS10CertificationRequest parseCsr(String pemEncodedCsr) throws IOException { try (PEMParser pemParser = new PEMParser(new StringReader(pemEncodedCsr))) { Object o = pemParser.readObject(); if (!PKCS10CertificationRequest.class.isInstance(o)) { throw new IOException("Expecting instance of " + PKCS10CertificationRequest.class + " but got " + o); } return new JcaPKCS10CertificationRequest((PKCS10CertificationRequest) o); } }
private PrivateKey readPrivateKey(final Path file) throws IOException, InvalidKeySpecException, DockerCertificateException { try (final BufferedReader reader = Files.newBufferedReader(file, Charset.defaultCharset()); final PEMParser pemParser = new PEMParser(reader)) { final Object readObject = pemParser.readObject(); if (readObject instanceof PEMKeyPair) { final PEMKeyPair clientKeyPair = (PEMKeyPair) readObject; return generatePrivateKey(clientKeyPair.getPrivateKeyInfo()); } else if (readObject instanceof PrivateKeyInfo) { return generatePrivateKey((PrivateKeyInfo) readObject); } throw new DockerCertificateException("Can not generate private key from file: " + file.toString()); } }
private static PrivateKey initializePrivateKey(String pemKey) throws IOException { PEMReader reader = new PEMReader(new InputStreamReader(new ByteArrayInputStream(pemKey.getBytes()))); return ((KeyPair) reader.readObject()).getPrivate(); }
/** * "ca.pem" from Reader */ public static KeyStore createTrustStore(final Reader certReader) throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException { try (PEMParser pemParser = new PEMParser(certReader)) { KeyStore trustStore = KeyStore.getInstance("JKS"); trustStore.load(null); int index = 1; Object pemCert; while ((pemCert = pemParser.readObject()) != null) { Certificate caCertificate = new JcaX509CertificateConverter() .setProvider(BouncyCastleProvider.PROVIDER_NAME) .getCertificate((X509CertificateHolder) pemCert); trustStore.setCertificateEntry("ca-" + index, caCertificate); index++; } return trustStore; } }
private static KeyStore initializeKeyStore(String caCertificatePem) throws CertificateException { try { PEMReader reader = new PEMReader(new InputStreamReader(new ByteArrayInputStream(caCertificatePem.getBytes()))); X509Certificate certificate = (X509Certificate) reader.readObject(); if (certificate == null) { throw new CertificateException("No certificate found in parsing!"); } KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(null); keyStore.setCertificateEntry("ca", certificate); return keyStore; } catch (IOException | KeyStoreException ex) { throw new CertificateException(ex); } catch (NoSuchAlgorithmException ex) { throw new AssertionError(ex); } }
/** * "cert.pem" from reader */ public static List<Certificate> loadCertificates(final Reader reader) throws IOException, CertificateException { try (PEMParser pemParser = new PEMParser(reader)) { List<Certificate> certificates = new ArrayList<>(); JcaX509CertificateConverter certificateConverter = new JcaX509CertificateConverter() .setProvider(BouncyCastleProvider.PROVIDER_NAME); Object certObj = pemParser.readObject(); if (certObj instanceof X509CertificateHolder) { X509CertificateHolder certificateHolder = (X509CertificateHolder) certObj; certificates.add(certificateConverter.getCertificate(certificateHolder)); } return certificates; } }
/** * Returns the parsed {@link KeyPair} from the provided {@link Reader}. The incoming format can be PKCS #8 or PKCS #1. * * @param pemKeyPairReader a reader with access to the serialized key pair * @return the key pair * @throws IOException if there is an error reading the key pair */ public static KeyPair parseKeyPairFromReader(Reader pemKeyPairReader) throws IOException { // Instantiate PEMParser from Reader try (PEMParser pemParser = new PEMParser(pemKeyPairReader)) { // Read the object (deserialize) Object parsedObject = pemParser.readObject(); // If this is an ASN.1 private key, it's in PKCS #8 format and wraps the actual RSA private key if (PrivateKeyInfo.class.isInstance(parsedObject)) { if (isVerbose()) { logger.info("Provided private key is in PKCS #8 format"); } PEMKeyPair keyPair = convertPrivateKeyFromPKCS8ToPKCS1((PrivateKeyInfo) parsedObject); return getKeyPair(keyPair); } else if (PEMKeyPair.class.isInstance(parsedObject)) { // Already in PKCS #1 format return getKeyPair((PEMKeyPair)parsedObject); } else { logger.warn("Expected one of %s or %s but got %s", PrivateKeyInfo.class, PEMKeyPair.class, parsedObject.getClass()); throw new IOException("Expected private key in PKCS #1 or PKCS #8 unencrypted format"); } } }