Search in sources :

Example 6 with PrivateKeyInfo

use of com.github.zhenwei.core.asn1.pkcs.PrivateKeyInfo in project android_packages_apps_Settings by LineageOS.

the class CredentialStorage method isHardwareBackedKey.

private boolean isHardwareBackedKey(byte[] keyData) {
    try {
        ASN1InputStream bIn = new ASN1InputStream(new ByteArrayInputStream(keyData));
        PrivateKeyInfo pki = PrivateKeyInfo.getInstance(bIn.readObject());
        String algOid = pki.getAlgorithmId().getAlgorithm().getId();
        String algName = new AlgorithmId(new ObjectIdentifier(algOid)).getName();
        return KeyChain.isBoundKeyAlgorithm(algName);
    } catch (IOException e) {
        Log.e(TAG, "Failed to parse key data");
        return false;
    }
}
Also used : ASN1InputStream(com.android.org.bouncycastle.asn1.ASN1InputStream) ByteArrayInputStream(java.io.ByteArrayInputStream) AlgorithmId(sun.security.x509.AlgorithmId) IOException(java.io.IOException) PrivateKeyInfo(com.android.org.bouncycastle.asn1.pkcs.PrivateKeyInfo) ObjectIdentifier(sun.security.util.ObjectIdentifier)

Example 7 with PrivateKeyInfo

use of com.github.zhenwei.core.asn1.pkcs.PrivateKeyInfo in project athenz by yahoo.

the class Utils method createKeyStore.

/**
 * @param athensPublicKey the location on the public key file
 * @param athensPrivateKey the location of the private key file
 * @return a KeyStore with loaded key and certificate
 * @throws Exception KeyStore generation can throw Exception for many reasons
 */
public static KeyStore createKeyStore(final String athensPublicKey, final String athensPrivateKey) throws Exception {
    final CertificateFactory cf = CertificateFactory.getInstance("X.509");
    final JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter();
    X509Certificate certificate;
    PrivateKey privateKey = null;
    final InputStream publicCertStream;
    final InputStream privateKeyStream;
    try {
        if (Paths.get(athensPublicKey).isAbsolute() && Paths.get(athensPrivateKey).isAbsolute()) {
            // Can not cover this branch in unit test. Can not refer any files by absolute paths
            File certFile = new File(athensPublicKey);
            File keyFile = new File(athensPrivateKey);
            while (!certFile.exists() || !keyFile.exists()) {
                LOG.error("Missing Athenz public or private key files");
                Thread.sleep(1000);
            }
            publicCertStream = new FileInputStream(athensPublicKey);
            privateKeyStream = new FileInputStream(athensPrivateKey);
        } else {
            publicCertStream = Resources.getResource(athensPublicKey).openStream();
            privateKeyStream = Resources.getResource(athensPrivateKey).openStream();
        }
    } catch (IOException e) {
        throw new IllegalArgumentException(e);
    }
    try (PEMParser pemParser = new PEMParser(new InputStreamReader(privateKeyStream))) {
        Object key = pemParser.readObject();
        if (key instanceof PEMKeyPair) {
            PrivateKeyInfo pKeyInfo = ((PEMKeyPair) key).getPrivateKeyInfo();
            privateKey = pemConverter.getPrivateKey(pKeyInfo);
        } else if (key instanceof PrivateKeyInfo) {
            privateKey = pemConverter.getPrivateKey((PrivateKeyInfo) key);
        } else {
            throw new IllegalStateException("Unknown object type: " + key.getClass().getName());
        }
    } catch (IOException e) {
        throw new IllegalStateException("Unable to parse private key", e);
    }
    certificate = (X509Certificate) cf.generateCertificate(publicCertStream);
    KeyStore keyStore = KeyStore.getInstance("JKS");
    String alias = certificate.getSubjectX500Principal().getName();
    keyStore.load(null);
    keyStore.setKeyEntry(alias, privateKey, KEYSTORE_PASSWORD.toCharArray(), new X509Certificate[] { certificate });
    return keyStore;
}
Also used : PrivateKey(java.security.PrivateKey) InputStreamReader(java.io.InputStreamReader) FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) JcaPEMKeyConverter(org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter) IOException(java.io.IOException) CertificateFactory(java.security.cert.CertificateFactory) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) FileInputStream(java.io.FileInputStream) PEMParser(org.bouncycastle.openssl.PEMParser) PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair) File(java.io.File) PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo)

Example 8 with PrivateKeyInfo

use of com.github.zhenwei.core.asn1.pkcs.PrivateKeyInfo in project neo4j by neo4j.

the class PkiUtils method loadPrivateKey.

public static PrivateKey loadPrivateKey(Path privateKeyFile, String passPhrase) throws IOException {
    if (passPhrase == null) {
        passPhrase = "";
    }
    try (PEMParser r = new PEMParser(Files.newBufferedReader(privateKeyFile))) {
        Object pemObject = r.readObject();
        final JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider(PROVIDER);
        if (// -----BEGIN RSA/DSA/EC PRIVATE KEY----- Proc-Type: 4,ENCRYPTED
        pemObject instanceof PEMEncryptedKeyPair) {
            final PEMEncryptedKeyPair ckp = (PEMEncryptedKeyPair) pemObject;
            final PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(passPhrase.toCharArray());
            return converter.getKeyPair(ckp.decryptKeyPair(decProv)).getPrivate();
        } else if (// -----BEGIN ENCRYPTED PRIVATE KEY-----
        pemObject instanceof PKCS8EncryptedPrivateKeyInfo) {
            try {
                final PKCS8EncryptedPrivateKeyInfo encryptedInfo = (PKCS8EncryptedPrivateKeyInfo) pemObject;
                final InputDecryptorProvider provider = new JceOpenSSLPKCS8DecryptorProviderBuilder().build(passPhrase.toCharArray());
                final PrivateKeyInfo privateKeyInfo = encryptedInfo.decryptPrivateKeyInfo(provider);
                return converter.getPrivateKey(privateKeyInfo);
            } catch (PKCSException | OperatorCreationException e) {
                throw new IOException("Unable to decrypt private key.", e);
            }
        } else if (// -----BEGIN PRIVATE KEY-----
        pemObject instanceof PrivateKeyInfo) {
            return converter.getPrivateKey((PrivateKeyInfo) pemObject);
        } else if (// -----BEGIN RSA/DSA/EC PRIVATE KEY-----
        pemObject instanceof PEMKeyPair) {
            return converter.getKeyPair((PEMKeyPair) pemObject).getPrivate();
        } else {
            throw new IOException("Unrecognized private key format.");
        }
    }
}
Also used : PEMEncryptedKeyPair(org.bouncycastle.openssl.PEMEncryptedKeyPair) PEMParser(org.bouncycastle.openssl.PEMParser) InputDecryptorProvider(org.bouncycastle.operator.InputDecryptorProvider) PEMDecryptorProvider(org.bouncycastle.openssl.PEMDecryptorProvider) JcaPEMKeyConverter(org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter) PemObject(org.bouncycastle.util.io.pem.PemObject) JceOpenSSLPKCS8DecryptorProviderBuilder(org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder) PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair) JcePEMDecryptorProviderBuilder(org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder) PKCS8EncryptedPrivateKeyInfo(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo) IOException(java.io.IOException) PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo) PKCS8EncryptedPrivateKeyInfo(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo)

Example 9 with PrivateKeyInfo

use of com.github.zhenwei.core.asn1.pkcs.PrivateKeyInfo in project gocd by gocd.

the class GoAgentServerClientBuilder method getPrivateKey.

private PrivateKey getPrivateKey() throws IOException {
    PrivateKey privateKey;
    try (PEMParser reader = new PEMParser(new FileReader(this.sslPrivateKey, StandardCharsets.UTF_8))) {
        Object pemObject = reader.readObject();
        JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider(new BouncyCastleProvider());
        if (pemObject instanceof PEMEncryptedKeyPair) {
            PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(passphrase());
            KeyPair keyPair = converter.getKeyPair(((PEMEncryptedKeyPair) pemObject).decryptKeyPair(decProv));
            privateKey = keyPair.getPrivate();
        } else if (pemObject instanceof PEMKeyPair) {
            KeyPair keyPair = converter.getKeyPair((PEMKeyPair) pemObject);
            privateKey = keyPair.getPrivate();
        } else if (pemObject instanceof PrivateKeyInfo) {
            PrivateKeyInfo privateKeyInfo = (PrivateKeyInfo) pemObject;
            privateKey = converter.getPrivateKey(privateKeyInfo);
        } else {
            throw new RuntimeException("Unable to parse key of type " + pemObject.getClass());
        }
        return privateKey;
    }
}
Also used : PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair) PEMEncryptedKeyPair(org.bouncycastle.openssl.PEMEncryptedKeyPair) PEMDecryptorProvider(org.bouncycastle.openssl.PEMDecryptorProvider) JcaPEMKeyConverter(org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter) JcePEMDecryptorProviderBuilder(org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder) PEMEncryptedKeyPair(org.bouncycastle.openssl.PEMEncryptedKeyPair) PEMParser(org.bouncycastle.openssl.PEMParser) FileReader(java.io.FileReader) PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair) PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)

Example 10 with PrivateKeyInfo

use of com.github.zhenwei.core.asn1.pkcs.PrivateKeyInfo in project cas by apereo.

the class PrivateKeyFactoryBean method readPemPrivateKey.

private PrivateKey readPemPrivateKey() {
    LOGGER.trace("Attempting to read as PEM [{}]", this.location);
    try (val in = new InputStreamReader(this.location.getInputStream(), StandardCharsets.UTF_8);
        val br = new BufferedReader(in);
        val pp = new PEMParser(br)) {
        val object = pp.readObject();
        if (object instanceof PrivateKeyInfo) {
            return new JcaPEMKeyConverter().getPrivateKey((PrivateKeyInfo) object);
        }
        if (object instanceof PEMKeyPair) {
            val pemKeyPair = (PEMKeyPair) object;
            val kp = new JcaPEMKeyConverter().getKeyPair(pemKeyPair);
            return kp.getPrivate();
        }
    } catch (final Exception e) {
        LOGGER.debug("Unable to read key", e);
    }
    return null;
}
Also used : lombok.val(lombok.val) InputStreamReader(java.io.InputStreamReader) PEMParser(org.bouncycastle.openssl.PEMParser) BufferedReader(java.io.BufferedReader) JcaPEMKeyConverter(org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter) PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair) PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo)

Aggregations

PrivateKeyInfo (org.bouncycastle.asn1.pkcs.PrivateKeyInfo)100 IOException (java.io.IOException)69 JcaPEMKeyConverter (org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter)53 PEMParser (org.bouncycastle.openssl.PEMParser)49 PrivateKey (java.security.PrivateKey)37 PEMKeyPair (org.bouncycastle.openssl.PEMKeyPair)35 PKCS8EncryptedPrivateKeyInfo (org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo)33 PrivateKeyInfo (com.github.zhenwei.core.asn1.pkcs.PrivateKeyInfo)25 PKCS8EncodedKeySpec (java.security.spec.PKCS8EncodedKeySpec)25 InputDecryptorProvider (org.bouncycastle.operator.InputDecryptorProvider)25 JceOpenSSLPKCS8DecryptorProviderBuilder (org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder)20 AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)18 BigInteger (java.math.BigInteger)17 ByteArrayInputStream (java.io.ByteArrayInputStream)16 InvalidKeySpecException (java.security.spec.InvalidKeySpecException)16 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)16 KeyPair (java.security.KeyPair)15 PEMEncryptedKeyPair (org.bouncycastle.openssl.PEMEncryptedKeyPair)15 ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)14 InputStreamReader (java.io.InputStreamReader)14