Java Examples for org.bouncycastle.util.io.pem.PemReader
The following java examples will help you to understand the usage of org.bouncycastle.util.io.pem.PemReader. These source code samples are taken from different open source projects.
Example 1
| Project: crash-master File: KeyPairUtils.java View source code |
public static Object readKey(Reader reader) throws Exception {
try {
PEMParser pemParser = new PEMParser(reader);
try {
return pemParser.readObject();
} finally {
pemParser.close();
}
} catch (NoClassDefFoundError e) {
Class<?> pemReaderClass = Class.forName("org.bouncycastle.openssl.PEMReader");
PemReader r = (PemReader) pemReaderClass.getConstructor(Reader.class).newInstance(reader);
try {
return pemReaderClass.getMethod("readObject").invoke(r);
} finally {
r.close();
}
}
}Example 2
| Project: ilves-master File: CertificateConverter.java View source code |
@Override
public String convertToModel(String value, Class<? extends String> targetType, Locale locale) throws ConversionException {
if (value == null || value.length() == 0) {
return null;
} else {
try {
final StringReader stringReader = new StringReader(value);
final PemReader pemReader = new PemReader(stringReader);
final byte[] x509Data = pemReader.readPemObject().getContent();
final CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
final Certificate certificate = certificateFactory.generateCertificate(new ByteArrayInputStream(x509Data));
return Base64.encodeBase64String(certificate.getEncoded());
} catch (final Exception e) {
throw new ConversionException("Error parsing ASCII X509 certificate.", e);
}
}
}Example 3
| Project: java-jwt-master File: PemUtils.java View source code |
private static byte[] parsePEMFile(File pemFile) throws IOException {
if (!pemFile.isFile() || !pemFile.exists()) {
throw new FileNotFoundException(String.format("The file '%s' doesn't exist.", pemFile.getAbsolutePath()));
}
PemReader reader = new PemReader(new FileReader(pemFile));
PemObject pemObject = reader.readPemObject();
return pemObject.getContent();
}Example 4
| Project: gocd-master File: RegistrationJSONizer.java View source code |
public static Registration fromJson(String json) {
Map map = GSON.fromJson(json, Map.class);
if (map.isEmpty()) {
return Registration.createNullPrivateKeyEntry();
}
List<Certificate> chain = new ArrayList<>();
try {
PemReader reader = new PemReader(new StringReader((String) map.get("agentPrivateKey")));
KeyFactory kf = KeyFactory.getInstance("RSA");
PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(reader.readPemObject().getContent());
PrivateKey privateKey = kf.generatePrivate(spec);
String agentCertificate = (String) map.get("agentCertificate");
PemReader certReader = new PemReader(new StringReader(agentCertificate));
while (true) {
PemObject obj = certReader.readPemObject();
if (obj == null) {
break;
}
chain.add(CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(obj.getContent())));
}
return new Registration(privateKey, chain.toArray(new Certificate[chain.size()]));
} catch (IOExceptionNoSuchAlgorithmException | CertificateException | InvalidKeySpecException | e) {
throw bomb(e);
}
}Example 5
| Project: ivotingverification-master File: Crypto.java View source code |
private static RSAKeyParameters readKey(String pemstr) throws IOException {
PemReader reader = null;
PemObject pem;
try {
StringReader rr = new StringReader(pemstr);
reader = new PemReader(rr);
pem = reader.readPemObject();
} finally {
if (reader != null) {
reader.close();
}
}
ASN1InputStream stream = null;
ASN1Sequence seq;
try {
stream = new ASN1InputStream(pem.getContent());
seq = (ASN1Sequence) stream.readObject();
Enumeration enm = seq.getObjects();
enm.nextElement();
stream = new ASN1InputStream(((DERBitString) enm.nextElement()).getBytes());
seq = (ASN1Sequence) stream.readObject();
} finally {
if (stream != null) {
stream.close();
}
}
RSAPublicKeyStructure pks = new RSAPublicKeyStructure(seq);
return new RSAKeyParameters(false, pks.getModulus(), pks.getPublicExponent());
}Example 6
| Project: jqm-master File: JdbcCa.java View source code |
public static CertificateRequest initCa(DbConn cnx) {
// result field
CertificateRequest cr = new CertificateRequest();
// Get the alias of the private key to use
String caAlias = null;
caAlias = GlobalParameter.getParameter(cnx, "keyAlias", Constants.CA_DEFAULT_PRETTY_NAME);
// Create the CA if it does not already exist
PKI pki = null;
try {
pki = PKI.select_key(cnx, caAlias);
} catch (NoResultException e) {
cr = new CertificateRequest();
cr.generateCA(caAlias);
PKI.create(cnx, caAlias, cr.writePemPrivateToString(), cr.writePemPublicToString());
cnx.commit();
pki = PKI.select_key(cnx, caAlias);
}
try {
// Public (X509 certificate)
String pemCert = pki.getPemCert();
StringReader sr = new StringReader(pemCert);
PemReader pr = new PemReader(sr);
cr.holder = new X509CertificateHolder(pr.readPemObject().getContent());
pr.close();
// Private key
String pemPrivate = pki.getPemPK();
sr = new StringReader(pemPrivate);
PEMParser pp = new PEMParser(sr);
PEMKeyPair caKeyPair = (PEMKeyPair) pp.readObject();
pp.close();
byte[] encodedPrivateKey = caKeyPair.getPrivateKeyInfo().getEncoded();
KeyFactory keyFactory = KeyFactory.getInstance(Constants.KEY_ALGORITHM);
PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec(encodedPrivateKey);
cr.privateKey = keyFactory.generatePrivate(privateKeySpec);
} catch (Exception e) {
throw new PkiException(e);
}
// Done
return cr;
}Example 7
| Project: keywhiz-master File: ExpirationExtractor.java View source code |
@Nullable
public static Instant expirationFromEncodedCertificateChain(byte[] content) {
PemReader reader = new PemReader(new InputStreamReader(new ByteArrayInputStream(content), UTF_8));
PemObject object;
try {
object = reader.readPemObject();
} catch (IOException e) {
throw Throwables.propagate(e);
}
Instant earliest = null;
while (object != null) {
if (object.getType().equals("CERTIFICATE")) {
Instant expiry = expirationFromRawCertificate(object.getContent());
if (earliest == null || expiry.isBefore(earliest)) {
earliest = expiry;
}
}
try {
object = reader.readPemObject();
} catch (IOException e) {
throw Throwables.propagate(e);
}
}
return earliest;
}Example 8
| Project: tor-research-framework-master File: TorServerSocket.java View source code |
public void loadKeys() {
try {
FileInputStream idCertIS = new FileInputStream(new File("keys/identity.crt"));
FileInputStream linkCertIS = new FileInputStream(new File("keys/link.crt"));
FileInputStream authCertIS = new FileInputStream(new File("keys/auth.crt"));
CertificateFactory cf = null;
cf = CertificateFactory.getInstance("X.509");
identityCert = (X509Certificate) cf.generateCertificate(idCertIS);
log.info("Our Identity Cert Digest: " + Hex.toHexString(TorCrypto.getSHA1().digest(TorCrypto.publicKeyToASN1((RSAPublicKey) identityCert.getPublicKey()))));
linkCert = (X509Certificate) cf.generateCertificate(linkCertIS);
log.info("Our Link Cert Digest: " + Hex.toHexString(TorCrypto.getSHA1().digest(TorCrypto.publicKeyToASN1((RSAPublicKey) linkCert.getPublicKey()))));
authCert = (X509Certificate) cf.generateCertificate(authCertIS);
log.info("Our Auth Cert Digest: " + Hex.toHexString(TorCrypto.getSHA1().digest(TorCrypto.publicKeyToASN1((RSAPublicKey) authCert.getPublicKey()))));
identityPubKey = (RSAPublicKey) identityCert.getPublicKey();
FileReader in = new FileReader("keys/identity.key");
identityPrivKey = RSAPrivateKey.getInstance(new PemReader(in).readPemObject().getContent());
} catch (CertificateExceptionIOException | e) {
log.error("Unable to load server public key");
System.exit(1);
}
}Example 9
| Project: VanillaVotifier-master File: AbstractConfig.java View source code |
protected void loadKeyPair() throws IOException, InvalidKeySpecException {
if (!publicKeyFile.exists() && !privateKeyFile.exists()) {
generateKeyPair();
saveKeyPair();
}
if (!publicKeyFile.exists()) {
throw new PublicKeyFileNotFoundException();
}
if (!privateKeyFile.exists()) {
throw new PrivateKeyFileNotFoundException();
}
PemReader publicKeyPemReader = new PemReader(new BufferedReader(new FileReader(publicKeyFile)));
PemReader privateKeyPemReader = new PemReader(new BufferedReader(new FileReader(privateKeyFile)));
PemObject publicPemObject = publicKeyPemReader.readPemObject();
if (publicPemObject == null) {
throw new InvalidPublicKeyFileException();
}
PemObject privatePemObject = privateKeyPemReader.readPemObject();
if (privatePemObject == null) {
throw new InvalidPrivateKeyFileException();
}
keyPair = new KeyPair(RsaUtils.bytesToPublicKey(publicPemObject.getContent()), RsaUtils.bytesToPrivateKey(privatePemObject.getContent()));
publicKeyPemReader.close();
privateKeyPemReader.close();
}Example 10
| Project: axelor-business-suite-master File: PayboxService.java View source code |
/** Chargement de la cle AU FORMAT pem
* Alors ajouter la dépendance dans le fichier pom.xml :
* <dependency>
* <groupId>org.bouncycastle</groupId>
* <artifactId>bcprov-jdk15on</artifactId>
* <version>1.47</version>
* </dependency>
*
* Ainsi que l'import : import org.bouncycastle.util.io.pem.PemReader;
*
* @param pubKeyFile
* @return
* @throws Exception
*/
private PublicKey getPubKey(String pubKeyPath) throws Exception {
PemReader reader = new PemReader(new FileReader(pubKeyPath));
byte[] pubKey = reader.readPemObject().getContent();
reader.close();
KeyFactory keyFactory = KeyFactory.getInstance(this.ENCRYPTION_ALGORITHM);
X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(pubKey);
return keyFactory.generatePublic(pubKeySpec);
}Example 11
| Project: bc-java-master File: TestCACertsFetch.java View source code |
/**
* Test Fetch CA certs without doing any SSL TLS verification.
* This is just a catch all to prove we can get some certificates back.
* Do not use this as an example of how to do it in the world, you need
* to make a conscious decision about accepting the certificates tended
* as part of the TLS handshake. See testFetchCaCertsWithBogusTrustAnchor()
*
* @throws Exception
*/
@Test
public void testFetchCaCerts() throws Exception {
ESTTestUtils.ensureProvider();
X509CertificateHolder[] theirCAs = null;
ESTServerUtils.ServerInstance serverInstance = null;
try {
serverInstance = startDefaultServer();
System.setProperty("org.bouncycastle.debug.est", "all");
// SSLSocketFactoryCreatorBuilder sfcb = new SSLSockuetFactoryCreatorBuilder();
ESTService est = new JsseESTServiceBuilder("localhost:8443/", JcaJceUtils.getTrustAllTrustManager()).build();
CACertsResponse caCertsResponse = est.getCACerts();
X509CertificateHolder[] caCerts = ESTService.storeToArray(caCertsResponse.getCertificateStore());
FileReader fr = new FileReader(ESTServerUtils.makeRelativeToServerHome("/estCA/cacert.crt"));
PemReader reader = new PemReader(fr);
X509CertificateHolder fromFile = new X509CertificateHolder(reader.readPemObject().getContent());
reader.close();
fr.close();
Assert.assertFalse("Must not be trusted.", caCertsResponse.isTrusted());
Assert.assertEquals("Returned ca certs should be 1", caCerts.length, 1);
Assert.assertEquals("CA cert did match expected.", fromFile, caCerts[0]);
} finally {
if (serverInstance != null) {
serverInstance.getServer().stop_server();
}
}
}Example 12
| Project: bergamot-master File: PEMUtil.java View source code |
public static PrivateKey loadKey(File file) throws IOException {
try {
// fecking Java, POS at times
try (PemReader pr = new PemReader(new FileReader(file))) {
PemObject obj = pr.readPemObject();
KeyFactory kf = KeyFactory.getInstance("RSA");
PrivateKey key = kf.generatePrivate(new PKCS8EncodedKeySpec(obj.getContent()));
return key;
}
} catch (Exception e) {
throw new IOException("Error loading key", e);
}
}Example 13
| Project: cloudstack-master File: CertServiceImpl.java View source code |
public PrivateKey parsePrivateKey(final String key) throws IOException {
Preconditions.checkArgument(!Strings.isNullOrEmpty(key));
try (final PemReader pemReader = new PemReader(new StringReader(key))) {
final PemObject pemObject = pemReader.readPemObject();
final byte[] content = pemObject.getContent();
final PKCS8EncodedKeySpec privKeySpec = new PKCS8EncodedKeySpec(content);
final KeyFactory factory = KeyFactory.getInstance("RSA", "BC");
return factory.generatePrivate(privKeySpec);
} catch (NoSuchAlgorithmExceptionNoSuchProviderException | e) {
throw new IOException("No encryption provider available.", e);
} catch (final InvalidKeySpecException e) {
throw new IOException("Invalid Key format.", e);
}
}Example 14
| Project: cnAndroidDocs-master File: Credentials.java View source code |
/**
* Convert objects from PEM format, which is used for
* CA_CERTIFICATE and USER_CERTIFICATE entries.
*/
public static List<X509Certificate> convertFromPem(byte[] bytes) throws IOException, CertificateException {
ByteArrayInputStream bai = new ByteArrayInputStream(bytes);
Reader reader = new InputStreamReader(bai, Charsets.US_ASCII);
PemReader pr = new PemReader(reader);
CertificateFactory cf = CertificateFactory.getInstance("X509");
List<X509Certificate> result = new ArrayList<X509Certificate>();
PemObject o;
while ((o = pr.readPemObject()) != null) {
if (o.getType().equals("CERTIFICATE")) {
Certificate c = cf.generateCertificate(new ByteArrayInputStream(o.getContent()));
result.add((X509Certificate) c);
} else {
throw new IllegalArgumentException("Unknown type " + o.getType());
}
}
pr.close();
return result;
}Example 15
| Project: irma_future_id-master File: WriterTest.java View source code |
private void doWriteReadTest(PrivateKey akp, String provider, String algorithm) throws IOException {
StringWriter sw = new StringWriter();
PEMWriter pw = new PEMWriter(sw, provider);
pw.writeObject(akp, algorithm, testPassword, random);
pw.close();
String data = sw.toString();
PemReader pRaw = new PemReader(new StringReader(data));
PemObject pemObject = pRaw.readPemObject();
List headers = pemObject.getHeaders();
for (int i = 0; i != headers.size(); i++) {
PemHeader pemH = (PemHeader) headers.get(i);
if (pemH.getName().equals("DEK-Info")) {
String v = pemH.getValue();
for (int j = 0; j != v.length(); j++) {
if (v.charAt(j) >= 'a' && v.charAt(j) <= 'f') {
fail("lower case detected in DEK-Info: " + v);
}
}
}
}
PEMReader pr = new PEMReader(new StringReader(data), new Password(testPassword), provider);
Object o = pr.readObject();
if (o == null || !(o instanceof KeyPair)) {
fail("Didn't find OpenSSL key");
}
KeyPair kp = (KeyPair) o;
PrivateKey privKey = kp.getPrivate();
if (!akp.equals(privKey)) {
fail("Failed to read back test key encoded with: " + algorithm);
}
}Example 16
| Project: launchkey-java-master File: JCECryptoTest.java View source code |
@Before
public void setUp() throws Exception {
base64 = new Base64(0);
provider = new BouncyCastleProvider();
KeyFactory keyFactory = KeyFactory.getInstance("RSA", provider);
PemObject pem = new PemReader(new StringReader(PRIVATE_KEY)).readPemObject();
rsaPrivateKey = (RSAPrivateKey) keyFactory.generatePrivate(new PKCS8EncodedKeySpec(pem.getContent()));
pem = new PemReader(new StringReader(PUBLIC_KEY)).readPemObject();
rsaPublicKey = (RSAPublicKey) keyFactory.generatePublic(new X509EncodedKeySpec(pem.getContent()));
crypto = new JCECrypto(provider);
}Example 17
| Project: property-db-master File: Credentials.java View source code |
/**
* Convert objects from PEM format, which is used for
* CA_CERTIFICATE and USER_CERTIFICATE entries.
*/
public static List<X509Certificate> convertFromPem(byte[] bytes) throws IOException, CertificateException {
ByteArrayInputStream bai = new ByteArrayInputStream(bytes);
Reader reader = new InputStreamReader(bai, Charsets.US_ASCII);
PemReader pr = new PemReader(reader);
CertificateFactory cf = CertificateFactory.getInstance("X509");
List<X509Certificate> result = new ArrayList<X509Certificate>();
PemObject o;
while ((o = pr.readPemObject()) != null) {
if (o.getType().equals("CERTIFICATE")) {
Certificate c = cf.generateCertificate(new ByteArrayInputStream(o.getContent()));
result.add((X509Certificate) c);
} else {
throw new IllegalArgumentException("Unknown type " + o.getType());
}
}
pr.close();
return result;
}Example 18
| Project: android-sdk-sources-for-api-level-23-master File: Credentials.java View source code |
/**
* Convert objects from PEM format, which is used for
* CA_CERTIFICATE and USER_CERTIFICATE entries.
*/
public static List<X509Certificate> convertFromPem(byte[] bytes) throws IOException, CertificateException {
ByteArrayInputStream bai = new ByteArrayInputStream(bytes);
Reader reader = new InputStreamReader(bai, StandardCharsets.US_ASCII);
PemReader pr = new PemReader(reader);
CertificateFactory cf = CertificateFactory.getInstance("X509");
List<X509Certificate> result = new ArrayList<X509Certificate>();
PemObject o;
while ((o = pr.readPemObject()) != null) {
if (o.getType().equals("CERTIFICATE")) {
Certificate c = cf.generateCertificate(new ByteArrayInputStream(o.getContent()));
result.add((X509Certificate) c);
} else {
throw new IllegalArgumentException("Unknown type " + o.getType());
}
}
pr.close();
return result;
}Example 19
| Project: android_frameworks_base-master File: Credentials.java View source code |
/**
* Convert objects from PEM format, which is used for
* CA_CERTIFICATE and USER_CERTIFICATE entries.
*/
public static List<X509Certificate> convertFromPem(byte[] bytes) throws IOException, CertificateException {
ByteArrayInputStream bai = new ByteArrayInputStream(bytes);
Reader reader = new InputStreamReader(bai, StandardCharsets.US_ASCII);
PemReader pr = new PemReader(reader);
try {
CertificateFactory cf = CertificateFactory.getInstance("X509");
List<X509Certificate> result = new ArrayList<X509Certificate>();
PemObject o;
while ((o = pr.readPemObject()) != null) {
if (o.getType().equals("CERTIFICATE")) {
Certificate c = cf.generateCertificate(new ByteArrayInputStream(o.getContent()));
result.add((X509Certificate) c);
} else {
throw new IllegalArgumentException("Unknown type " + o.getType());
}
}
return result;
} finally {
pr.close();
}
}Example 20
| Project: platform_frameworks_base-master File: Credentials.java View source code |
/**
* Convert objects from PEM format, which is used for
* CA_CERTIFICATE and USER_CERTIFICATE entries.
*/
public static List<X509Certificate> convertFromPem(byte[] bytes) throws IOException, CertificateException {
ByteArrayInputStream bai = new ByteArrayInputStream(bytes);
Reader reader = new InputStreamReader(bai, StandardCharsets.US_ASCII);
PemReader pr = new PemReader(reader);
try {
CertificateFactory cf = CertificateFactory.getInstance("X509");
List<X509Certificate> result = new ArrayList<X509Certificate>();
PemObject o;
while ((o = pr.readPemObject()) != null) {
if (o.getType().equals("CERTIFICATE")) {
Certificate c = cf.generateCertificate(new ByteArrayInputStream(o.getContent()));
result.add((X509Certificate) c);
} else {
throw new IllegalArgumentException("Unknown type " + o.getType());
}
}
return result;
} finally {
pr.close();
}
}Example 21
| Project: solarnetwork-node-master File: DefaultSetupServiceTest.java View source code |
@Test
public void handleRenewCertificateInstruction() throws Exception {
expect(settingDao.getSetting(KEY_PASSWORD, SetupSettings.SETUP_TYPE_KEY)).andReturn(TEST_CONF_VALUE).atLeastOnce();
replay(settingDao);
keystoreService.saveCACertificate(CA_CERT);
keystoreService.generateNodeSelfSignedCertificate(TEST_DN);
String csr = keystoreService.generateNodePKCS10CertificateRequestString();
X509Certificate originalCert;
PemReader pemReader = new PemReader(new StringReader(csr));
try {
PemObject pem = pemReader.readPemObject();
PKCS10CertificationRequest req = new PKCS10CertificationRequest(pem.getContent());
originalCert = PKITestUtils.sign(req, CA_CERT, CA_KEY_PAIR.getPrivate());
String signedPem = PKITestUtils.getPKCS7Encoding(new X509Certificate[] { originalCert });
keystoreService.saveNodeSignedCertificate(signedPem);
log.debug("Saved signed node certificate {}:\n{}", originalCert.getSerialNumber(), signedPem);
verify(settingDao);
assertNotNull(csr);
} finally {
pemReader.close();
}
// now let's renew!
EasyMock.reset(settingDao);
expect(settingDao.getSetting(KEY_PASSWORD, SetupSettings.SETUP_TYPE_KEY)).andReturn(TEST_CONF_VALUE).atLeastOnce();
replay(settingDao);
KeyStore keyStore = loadKeyStore();
PrivateKey nodeKey = (PrivateKey) keyStore.getKey("node", TEST_CONF_VALUE.toCharArray());
JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder("SHA256WithRSA");
ContentSigner signer = signerBuilder.build(nodeKey);
PKCS10CertificationRequestBuilder builder = new PKCS10CertificationRequestBuilder(JcaX500NameUtil.getSubject(originalCert), SubjectPublicKeyInfo.getInstance(originalCert.getPublicKey().getEncoded()));
X509Certificate renewedCert = PKITestUtils.sign(builder.build(signer), CA_CERT, CA_KEY_PAIR.getPrivate());
String renewedSignedPem = PKITestUtils.getPKCS7Encoding(new X509Certificate[] { renewedCert });
BasicInstruction instr = new BasicInstruction(DefaultSetupService.INSTRUCTION_TOPIC_RENEW_CERTIFICATE, new Date(), "123", "456", new BasicInstructionStatus(456L, InstructionState.Received, new Date()));
for (int i = 0; i < renewedSignedPem.length(); i += 256) {
int end = i + (i + 256 < renewedSignedPem.length() ? 256 : renewedSignedPem.length() - i);
instr.addParameter(DefaultSetupService.INSTRUCTION_PARAM_CERTIFICATE, renewedSignedPem.substring(i, end));
}
InstructionState state = service.processInstruction(instr);
Assert.assertEquals(InstructionState.Completed, state);
X509Certificate nodeCert = keystoreService.getNodeCertificate();
Assert.assertEquals(renewedCert, nodeCert);
verify(settingDao);
}Example 22
| Project: loklak_server-master File: PublicKeyRegistrationService.java View source code |
@Override
public JSONObject serviceImpl(Query post, HttpServletResponse response, Authorization authorization, final JSONObjectWithDefault permissions) throws APIException {
if (post.get("register", null) == null && !post.get("create", false) && !post.get("getParameters", false)) {
throw new APIException(400, "Accepted parameters: 'register', 'create' or 'getParameters'");
}
JSONObject result = new JSONObject();
// return algorithm parameters and users for whom we are allowed to register a key
if (post.get("getParameters", false)) {
result.put("self", permissions.getBoolean("self", false));
result.put("users", permissions.getJSONObject("users"));
result.put("userRoles", permissions.getJSONObject("userRoles"));
JSONObject algorithms = new JSONObject();
JSONObject rsa = new JSONObject();
JSONArray keySizes = new JSONArray();
for (int i : allowedKeySizesRSA) {
keySizes.put(i);
}
rsa.put("sizes", keySizes);
rsa.put("defaultSize", defaultKeySizeRSA);
algorithms.put("RSA", rsa);
result.put("algorithms", algorithms);
JSONArray formats = new JSONArray();
for (String format : allowedFormats) {
formats.put(format);
}
result.put("formats", formats);
return result;
}
// for which id?
String id;
if (post.get("id", null) != null)
id = post.get("id", null);
else
id = authorization.getIdentity().getName();
// check if we are allowed register a key
if (// if we don't want to register the key for the current user
!id.equals(authorization.getIdentity().getName())) {
// create Authentication to check if the user id is a registered user
ClientCredential credential = new ClientCredential(ClientCredential.Type.passwd_login, id);
Authentication authentication = new Authentication(credential, DAO.authentication);
if (// check if identity is valid
authentication.getIdentity() == null) {
authentication.delete();
// do not leak if user exists or not
throw new APIException(400, "Bad request");
}
// check if the current user is allowed to create a key for the user in question
boolean allowed = false;
// check if the user in question is in 'users'
if (permissions.getJSONObject("users", null).has(id) && permissions.getJSONObjectWithDefault("users", null).getBoolean(id, false)) {
allowed = true;
} else // check if the user role of the user in question is in 'userRoles'
{
Authorization auth = new Authorization(authentication.getIdentity(), DAO.authorization, DAO.userRoles);
for (String key : permissions.getJSONObject("userRoles").keySet()) {
if (key.equals(auth.getUserRole().getName()) && permissions.getJSONObject("userRoles").getBoolean(key)) {
allowed = true;
}
}
}
// do not leak if user exists or not
if (!allowed)
throw new APIException(400, "Bad request");
} else // if we want to register a key for this user, bad are not allowed to (for example anonymous users)
{
if (!permissions.getBoolean("self", false))
throw new APIException(403, "You are not allowed to register a public key");
}
// set algorithm. later, we maybe want to support other algorithms as well
String algorithm = "RSA";
if (post.get("algorithm", null) != null) {
algorithm = post.get("algorithm", null);
}
if (// create a new key pair on the server
post.get("create", false)) {
if (algorithm.equals("RSA")) {
int keySize = 2048;
if (post.get("key-size", null) != null) {
int finalKeyLength = post.get("key-size", 0);
if (!IntStream.of(allowedKeySizesRSA).anyMatch( x -> x == finalKeyLength)) {
throw new APIException(400, "Invalid key size.");
}
keySize = finalKeyLength;
}
KeyPairGenerator keyGen;
KeyPair keyPair;
try {
keyGen = KeyPairGenerator.getInstance(algorithm);
keyGen.initialize(keySize);
keyPair = keyGen.genKeyPair();
} catch (NoSuchAlgorithmException e) {
throw new APIException(500, "Server error");
}
registerKey(authorization.getIdentity(), keyPair.getPublic());
String pubkey_pem = null, privkey_pem = null;
try {
StringWriter writer = new StringWriter();
PemWriter pemWriter = new PemWriter(writer);
pemWriter.writeObject(new PemObject("PUBLIC KEY", keyPair.getPublic().getEncoded()));
pemWriter.flush();
pemWriter.close();
pubkey_pem = writer.toString();
} catch (IOException e) {
}
try {
StringWriter writer = new StringWriter();
PemWriter pemWriter = new PemWriter(writer);
pemWriter.writeObject(new PemObject("PRIVATE KEY", keyPair.getPrivate().getEncoded()));
pemWriter.flush();
pemWriter.close();
privkey_pem = writer.toString();
} catch (IOException e) {
}
result.put("publickey_DER_BASE64", Base64.getEncoder().encodeToString(keyPair.getPublic().getEncoded()));
result.put("privatekey_DER_BASE64", Base64.getEncoder().encodeToString(keyPair.getPrivate().getEncoded()));
result.put("publickey_PEM", pubkey_pem);
result.put("privatekey_PEM", privkey_pem);
result.put("keyhash", IO.getKeyHash(keyPair.getPublic()));
try {
result.put("keyhash_urlsave", URLEncoder.encode(IO.getKeyHash(keyPair.getPublic()), "UTF-8"));
} catch (UnsupportedEncodingException e) {
}
result.put("key-size", keySize);
result.put("message", "Successfully created and registered key. Make sure to copy the private key, it won't be saved on the server");
return result;
}
throw new APIException(400, "Unsupported algorithm");
} else if (post.get("register", null) != null) {
if (algorithm.equals("RSA")) {
String type = post.get("type", null);
if (type == null)
type = "DER";
RSAPublicKey pub;
String encodedKey;
try {
encodedKey = URLDecoder.decode(post.get("register", null), "UTF-8");
} catch (Throwable e) {
throw new APIException(500, "Server error");
}
Log.getLog().info("Key (" + type + "): " + encodedKey);
if (type.equals("DER")) {
try {
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(Base64.getDecoder().decode(encodedKey));
pub = (RSAPublicKey) KeyFactory.getInstance(algorithm).generatePublic(keySpec);
} catch (Throwable e) {
throw new APIException(400, "Public key not readable (DER)");
}
} else if (type.equals("PEM")) {
try {
PemReader pemReader = new PemReader(new StringReader(encodedKey));
PemObject pem = pemReader.readPemObject();
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(pem.getContent());
pub = (RSAPublicKey) KeyFactory.getInstance(algorithm).generatePublic(keySpec);
} catch (Exception e) {
throw new APIException(400, "Public key not readable (PEM)");
}
} else {
throw new APIException(400, "Invalid value for 'type'.");
}
// check key size (not really perfect yet)
int keySize;
int bitLength = pub.getModulus().bitLength();
if (bitLength <= 512) {
keySize = 512;
} else if (bitLength <= 1024) {
keySize = 1024;
} else if (bitLength <= 2048) {
keySize = 2048;
} else if (bitLength <= 4096) {
keySize = 4096;
} else {
keySize = 8192;
}
if (!IntStream.of(allowedKeySizesRSA).anyMatch( x -> x == keySize)) {
throw new APIException(400, "Invalid key length.");
}
registerKey(authorization.getIdentity(), pub);
String pubkey_pem = null;
try {
StringWriter writer = new StringWriter();
PemWriter pemWriter = new PemWriter(writer);
pemWriter.writeObject(new PemObject("PUBLIC KEY", pub.getEncoded()));
pemWriter.flush();
pemWriter.close();
pubkey_pem = writer.toString();
} catch (IOException e) {
}
result.put("publickey_DER_BASE64", Base64.getEncoder().encodeToString(pub.getEncoded()));
result.put("publickey_PEM", pubkey_pem);
result.put("keyhash", IO.getKeyHash(pub));
try {
result.put("keyhash_urlsave", URLEncoder.encode(IO.getKeyHash(pub), "UTF-8"));
} catch (UnsupportedEncodingException e) {
}
result.put("message", "Successfully registered key.");
return result;
}
throw new APIException(400, "Unsupported algorithm");
}
throw new APIException(400, "Invalid parameter");
}Example 23
| Project: solarnetwork-common-master File: BCCertificateService.java View source code |
@Override
public X509Certificate signCertificate(String csrPEM, X509Certificate caCert, PrivateKey privateKey) throws CertificateException {
if (!csrPEM.matches("(?is)^\\s*-----BEGIN.*")) {
// let's throw in the guards
csrPEM = "-----BEGIN CERTIFICATE REQUEST-----\n" + csrPEM + "\n-----END CERTIFICATE REQUEST-----\n";
}
PemReader reader = null;
try {
reader = new PemReader(new StringReader(csrPEM));
PemObject pemObj = reader.readPemObject();
log.debug("Parsed PEM type {}", pemObj.getType());
PKCS10CertificationRequest csr = new PKCS10CertificationRequest(pemObj.getContent());
Date now = new Date();
Date expire = new Date(now.getTime() + (1000L * 60L * 60L * 24L * certificateExpireDays));
X509v3CertificateBuilder builder = new X509v3CertificateBuilder(JcaX500NameUtil.getIssuer(caCert), new BigInteger(String.valueOf(counter.incrementAndGet())), now, expire, csr.getSubject(), csr.getSubjectPublicKeyInfo());
JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder(signatureAlgorithm);
ContentSigner signer;
DefaultDigestAlgorithmIdentifierFinder digestAlgFinder = new DefaultDigestAlgorithmIdentifierFinder();
try {
DigestCalculatorProvider digestCalcProvider = new JcaDigestCalculatorProviderBuilder().setProvider(new BouncyCastleProvider()).build();
JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils(digestCalcProvider.get(digestAlgFinder.find("SHA-256")));
builder.addExtension(X509Extension.basicConstraints, false, new BasicConstraints(false));
builder.addExtension(X509Extension.subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(csr.getSubjectPublicKeyInfo()));
builder.addExtension(X509Extension.authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(caCert));
signer = signerBuilder.build(privateKey);
} catch (OperatorException e) {
log.error("Error signing CSR {}", csr.getSubject(), e);
throw new CertificateException("Error signing CSR" + csr.getSubject() + ": " + e.getMessage());
} catch (CertificateEncodingException e) {
log.error("Error signing CSR {}", csr.getSubject().toString(), e);
throw new CertificateException("Error signing CSR" + csr.getSubject() + ": " + e.getMessage());
}
X509CertificateHolder holder = builder.build(signer);
JcaX509CertificateConverter converter = new JcaX509CertificateConverter();
try {
return converter.getCertificate(holder);
} catch (java.security.cert.CertificateException e) {
throw new CertificateException("Error creating certificate", e);
}
} catch (IOException e) {
throw new CertificateException("Error signing CSR", e);
} finally {
if (reader != null) {
try {
reader.close();
} catch (IOException e2) {
log.warn("IOException closing PemReader", e2);
}
}
}
}Example 24
| Project: cloud-master File: CsrParser.java View source code |
private PKCS10CertificationRequest parsePemFormat(String data) throws IOException {
PemReader reader = new PemReader(new StringReader(data));
PemObject pemObject = reader.readPemObject();
reader.close();
PKCS10CertificationRequest csr = new PKCS10CertificationRequest(pemObject.getContent());
return csr;
}Example 25
| Project: dasein-cloud-core-master File: X509Store.java View source code |
private Object readPemObject(String pemString) throws IOException {
StringReader strReader = new StringReader(pemString);
PemReader pemReader = new PemReader(strReader);
try {
return pemReader.readPemObject();
} finally {
strReader.close();
pemReader.close();
}
}Example 26
| Project: usc-master File: DtlsUtils.java View source code |
static PemObject loadPemResource(String resource) throws IOException {
// InputStream s = TlsTestUtils.class.getResourceAsStream(resource);
InputStream s = new FileInputStream(resource);
PemReader p = new PemReader(new InputStreamReader(s));
PemObject o = p.readPemObject();
p.close();
return o;
}Example 27
| Project: mediaserver-master File: TlsUtils.java View source code |
static PemObject loadPemResource(String resource) throws IOException {
InputStream s = new FileInputStream(resource);
try (PemReader p = new PemReader(new InputStreamReader(s))) {
PemObject o = p.readPemObject();
return o;
}
}Example 28
| Project: mqtt-spy-master File: SecureSocketUtils.java View source code |
/**
* Loads a PEM file from the specified location.
*
* @param file Location of the file to load
*
* @return Content of the PEM file
*
* @throws IOException Thrown when cannot read the file
*/
public static byte[] loadPemFile(final String file) throws IOException {
final PemReader pemReader = new PemReader(new FileReader(file));
final byte[] content = pemReader.readPemObject().getContent();
pemReader.close();
return content;
}Example 29
| Project: occupy-pub-master File: CertificationAuthority.java View source code |
protected X509CertificateHolder readCertificate() throws IOException, CertificateException {
try (PemReader reader = new PemReader(Files.newBufferedReader(pemPath))) {
PemObject pem = reader.readPemObject();
return new X509CertificateHolder(pem.getContent());
}
}