Example 1 with CertObjectStore
use of de.carne.certmgr.certs.CertObjectStore in project certmgr by hdecarne.
the class PEMCertReaderWriter method readObjectsString.
/**
* Read all available certificate objects from a PEM encoded {@link Reader} resource.
*
* @param in The reader resource to read from.
* @param password The callback to use for querying passwords (if needed).
* @return The read certificate objects, or {@code null} if the input is not recognized.
* @throws IOException if an I/O error occurs while reading.
*/
@Nullable
public static CertObjectStore readObjectsString(IOResource<Reader> in, PasswordCallback password) throws IOException {
LOG.debug("Trying to read PEM objects from: ''{0}''...", in);
CertObjectStore certObjects = null;
try (PEMParser parser = new PEMParser(in.io())) {
Object pemObject;
try {
pemObject = parser.readObject();
} catch (IOException e) {
LOG.info(e, "No PEM objects recognized in: ''{0}''", in);
pemObject = null;
}
while (pemObject != null) {
if (certObjects == null) {
certObjects = new CertObjectStore();
}
LOG.info("Decoding PEM object of type {0}", pemObject.getClass().getName());
if (pemObject instanceof X509CertificateHolder) {
certObjects.addCRT(convertCRT((X509CertificateHolder) pemObject));
} else if (pemObject instanceof PEMKeyPair) {
certObjects.addKey(convertKey((PEMKeyPair) pemObject));
} else if (pemObject instanceof PEMEncryptedKeyPair) {
certObjects.addKey(convertKey((PEMEncryptedKeyPair) pemObject, in.resource(), password));
} else if (pemObject instanceof PKCS10CertificationRequest) {
certObjects.addCSR(convertCSR((PKCS10CertificationRequest) pemObject));
} else if (pemObject instanceof X509CRLHolder) {
certObjects.addCRL(convertCRL((X509CRLHolder) pemObject));
} else {
LOG.warning("Ignoring unrecognized PEM object of type {0}", pemObject.getClass().getName());
}
pemObject = parser.readObject();
}
}
return certObjects;
}
Also used :
PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest)
PEMEncryptedKeyPair(org.bouncycastle.openssl.PEMEncryptedKeyPair)
PEMParser(org.bouncycastle.openssl.PEMParser)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
X509CRLHolder(org.bouncycastle.cert.X509CRLHolder)
PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair)
CertObjectStore(de.carne.certmgr.certs.CertObjectStore)
IOException(java.io.IOException)
Nullable(de.carne.check.Nullable)
Example 2 with CertObjectStore
use of de.carne.certmgr.certs.CertObjectStore in project certmgr by hdecarne.
the class PKCS12CertReaderWriter method writeEncryptedBinary.
@Override
public void writeEncryptedBinary(IOResource<OutputStream> out, CertObjectStore certObjects, PasswordCallback newPassword) throws IOException {
char[] passwordChars = newPassword.queryPassword(out.resource());
if (passwordChars == null) {
throw new PasswordRequiredException(out.resource());
}
try {
List<PKCS12SafeBagBuilder> safeBagBuilders = new ArrayList<>(certObjects.size());
for (CertObjectStore.Entry certObject : certObjects) {
switch(certObject.type()) {
case CRT:
safeBagBuilders.add(createCRTSafeBagBuilder(certObject.alias(), certObject.getCRT(), safeBagBuilders.isEmpty()));
break;
case KEY:
safeBagBuilders.add(createKeySafeBagBuilder(certObject.alias(), certObject.getKey(), passwordChars));
break;
case CSR:
break;
case CRL:
break;
}
}
PKCS12PfxPduBuilder pkcs12Builder = new PKCS12PfxPduBuilder();
for (PKCS12SafeBagBuilder safeBagBuilder : safeBagBuilders) {
pkcs12Builder.addData(safeBagBuilder.build());
}
PKCS12PfxPdu pkcs12 = pkcs12Builder.build(new BcPKCS12MacCalculatorBuilder(), passwordChars);
out.io().write(pkcs12.getEncoded());
} catch (GeneralSecurityException | PKCSException e) {
throw new CertProviderException(e);
}
}
Also used :
PKCS12SafeBagBuilder(org.bouncycastle.pkcs.PKCS12SafeBagBuilder)
JcaPKCS12SafeBagBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS12SafeBagBuilder)
GeneralSecurityException(java.security.GeneralSecurityException)
ArrayList(java.util.ArrayList)
PasswordRequiredException(de.carne.certmgr.certs.PasswordRequiredException)
PKCSException(org.bouncycastle.pkcs.PKCSException)
CertProviderException(de.carne.certmgr.certs.CertProviderException)
CertObjectStore(de.carne.certmgr.certs.CertObjectStore)
BcPKCS12MacCalculatorBuilder(org.bouncycastle.pkcs.bc.BcPKCS12MacCalculatorBuilder)
PKCS12PfxPdu(org.bouncycastle.pkcs.PKCS12PfxPdu)
PKCS12PfxPduBuilder(org.bouncycastle.pkcs.PKCS12PfxPduBuilder)
Example 3 with CertObjectStore
use of de.carne.certmgr.certs.CertObjectStore in project certmgr by hdecarne.
the class PKCS12CertReaderWriter method readBinary.
@Override
@Nullable
public CertObjectStore readBinary(IOResource<InputStream> in, PasswordCallback password) throws IOException {
LOG.debug("Trying to read PKCS#12 objects from: ''{0}''...", in);
CertObjectStore certObjects = null;
PKCS12PfxPdu pkcs12 = readPKCS12(in);
if (pkcs12 != null) {
certObjects = new CertObjectStore();
for (ContentInfo contentInfo : pkcs12.getContentInfos()) {
ASN1ObjectIdentifier contentType = contentInfo.getContentType();
PKCS12SafeBagFactory safeBagFactory;
if (contentType.equals(PKCSObjectIdentifiers.encryptedData)) {
safeBagFactory = getSafeBagFactory(contentInfo, in.resource(), password);
} else {
safeBagFactory = getSafeBagFactory(contentInfo);
}
for (PKCS12SafeBag safeBag : safeBagFactory.getSafeBags()) {
Object safeBagValue = safeBag.getBagValue();
if (safeBagValue instanceof X509CertificateHolder) {
certObjects.addCRT(convertCRT((X509CertificateHolder) safeBagValue));
} else if (safeBagValue instanceof PKCS8EncryptedPrivateKeyInfo) {
PrivateKey privateKey = convertPrivateKey((PKCS8EncryptedPrivateKeyInfo) safeBagValue, in.resource(), password);
try {
certObjects.addKey(KeyHelper.rebuildKeyPair(privateKey));
} catch (IOException e) {
LOG.warning(e, "Unable to rebuild key pair for private key of type ''{1}''", privateKey.getClass().getName());
}
} else if (safeBagValue instanceof PrivateKeyInfo) {
PrivateKey privateKey = convertPrivateKey((PrivateKeyInfo) safeBagValue);
try {
certObjects.addKey(KeyHelper.rebuildKeyPair(privateKey));
} catch (IOException e) {
LOG.warning(e, "Unable to rebuild key pair for private key of type ''{1}''", privateKey.getClass().getName());
}
} else {
LOG.warning(CertIOI18N.STR_PKCS12_UNKNOWN_OBJECT, safeBagValue.getClass().getName());
}
}
}
}
return certObjects;
}
Also used :
PrivateKey(java.security.PrivateKey)
PKCS12SafeBagFactory(org.bouncycastle.pkcs.PKCS12SafeBagFactory)
ContentInfo(org.bouncycastle.asn1.pkcs.ContentInfo)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
CertObjectStore(de.carne.certmgr.certs.CertObjectStore)
PKCS8EncryptedPrivateKeyInfo(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo)
IOException(java.io.IOException)
PKCS12SafeBag(org.bouncycastle.pkcs.PKCS12SafeBag)
PKCS12PfxPdu(org.bouncycastle.pkcs.PKCS12PfxPdu)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo)
PKCS8EncryptedPrivateKeyInfo(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo)
Nullable(de.carne.check.Nullable)
Example 4 with CertObjectStore
use of de.carne.certmgr.certs.CertObjectStore in project certmgr by hdecarne.
the class PKCS12CertReaderWriter method writeBinary.
@Override
public void writeBinary(IOResource<OutputStream> out, CertObjectStore certObjects) throws IOException, UnsupportedOperationException {
try {
List<PKCS12SafeBagBuilder> safeBagBuilders = new ArrayList<>(certObjects.size());
for (CertObjectStore.Entry certObject : certObjects) {
switch(certObject.type()) {
case CRT:
safeBagBuilders.add(createCRTSafeBagBuilder(certObject.alias(), certObject.getCRT(), safeBagBuilders.isEmpty()));
break;
case KEY:
safeBagBuilders.add(createKeySafeBagBuilder(certObject.alias(), certObject.getKey()));
break;
case CSR:
break;
case CRL:
break;
}
}
PKCS12PfxPduBuilder pkcs12Builder = new PKCS12PfxPduBuilder();
for (PKCS12SafeBagBuilder safeBagBuilder : safeBagBuilders) {
pkcs12Builder.addData(safeBagBuilder.build());
}
PKCS12PfxPdu pkcs12 = pkcs12Builder.build(null, null);
out.io().write(pkcs12.getEncoded());
} catch (GeneralSecurityException | PKCSException e) {
throw new CertProviderException(e);
}
}
Also used :
PKCS12SafeBagBuilder(org.bouncycastle.pkcs.PKCS12SafeBagBuilder)
JcaPKCS12SafeBagBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS12SafeBagBuilder)
GeneralSecurityException(java.security.GeneralSecurityException)
ArrayList(java.util.ArrayList)
CertObjectStore(de.carne.certmgr.certs.CertObjectStore)
PKCS12PfxPdu(org.bouncycastle.pkcs.PKCS12PfxPdu)
PKCSException(org.bouncycastle.pkcs.PKCSException)
CertProviderException(de.carne.certmgr.certs.CertProviderException)
PKCS12PfxPduBuilder(org.bouncycastle.pkcs.PKCS12PfxPduBuilder)
Example 5 with CertObjectStore
use of de.carne.certmgr.certs.CertObjectStore in project certmgr by hdecarne.
the class CertExportController method getExportObjectList.
CertObjectStore getExportObjectList(boolean exportCert, boolean exportChain, boolean exportChainRoot, boolean exportKey, boolean exportCSR, boolean exportCRL) throws IOException {
CertObjectStore exportObjects = new CertObjectStore();
UserCertStoreEntry exportEntry = this.exportEntryParam.get();
String exportEntryAlias = exportEntry.id().getAlias();
if (exportKey) {
exportObjects.addKey(exportEntryAlias, exportEntry.getKey(PasswordDialog.enterPassword(this)));
}
if (exportCert) {
exportObjects.addCRT(exportEntryAlias, exportEntry.getCRT());
if (exportChain && !exportEntry.isSelfSigned()) {
UserCertStoreEntry issuer = exportEntry.issuer();
while (!issuer.isSelfSigned()) {
if (issuer.hasCRT()) {
exportObjects.addCRT(issuer.id().getAlias(), issuer.getCRT());
}
issuer = issuer.issuer();
}
if (exportChainRoot && issuer.hasCRT()) {
exportObjects.addCRT(issuer.id().getAlias(), issuer.getCRT());
}
}
}
if (exportCSR) {
exportObjects.addCSR(exportEntryAlias, exportEntry.getCSR());
}
if (exportCRL) {
exportObjects.addCRL(exportEntryAlias, exportEntry.getCRL());
}
return exportObjects;
}
Also used :
CertObjectStore(de.carne.certmgr.certs.CertObjectStore)
UserCertStoreEntry(de.carne.certmgr.certs.UserCertStoreEntry)
Aggregations
CertObjectStore (de.carne.certmgr.certs.CertObjectStore)17
Nullable (de.carne.check.Nullable)7
IOException (java.io.IOException)6
CertProviderException (de.carne.certmgr.certs.CertProviderException)5
InputStream (java.io.InputStream)4
Path (java.nio.file.Path)4
GeneralSecurityException (java.security.GeneralSecurityException)4
X509Certificate (java.security.cert.X509Certificate)4
PasswordRequiredException (de.carne.certmgr.certs.PasswordRequiredException)3
KeyPair (java.security.KeyPair)3
ArrayList (java.util.ArrayList)3
PKCS12PfxPdu (org.bouncycastle.pkcs.PKCS12PfxPdu)3
UserCertStoreEntry (de.carne.certmgr.certs.UserCertStoreEntry)2
PlatformKeyStore (de.carne.certmgr.certs.security.PlatformKeyStore)2
SignatureAlgorithm (de.carne.certmgr.certs.security.SignatureAlgorithm)2
CertReader (de.carne.certmgr.certs.spi.CertReader)2
CertWriter (de.carne.certmgr.certs.spi.CertWriter)2
PKCS10CertificateRequest (de.carne.certmgr.certs.x509.PKCS10CertificateRequest)2
OutputStream (java.io.OutputStream)2
KeyStore (java.security.KeyStore)2
