Search in sources :

Example 6 with CertObjectStore

use of de.carne.certmgr.certs.CertObjectStore in project certmgr by hdecarne.

the class RemoteCertGenerator method generateCert.

@Override
public CertObjectStore generateCert(GenerateCertRequest request, PasswordCallback password) throws IOException {
    KeyPair key = KeyHelper.generateKey(request.keyPairAlgorithm(), request.keySize());
    SignatureAlgorithm signatureAlgorithm = requiredParameter(request.getSignatureAlgorithm(), "SignatureAlgorithm");
    PKCS10CertificateRequest csr = PKCS10CertificateRequest.generateCSR(request.dn(), key, request.getExtensions(), signatureAlgorithm);
    CertObjectStore certObjects = new CertObjectStore();
    certObjects.addKey(key);
    certObjects.addCSR(csr);
    return certObjects;
}
Also used : KeyPair(java.security.KeyPair) PKCS10CertificateRequest(de.carne.certmgr.certs.x509.PKCS10CertificateRequest) SignatureAlgorithm(de.carne.certmgr.certs.security.SignatureAlgorithm) CertObjectStore(de.carne.certmgr.certs.CertObjectStore)

Example 7 with CertObjectStore

use of de.carne.certmgr.certs.CertObjectStore in project certmgr by hdecarne.

the class LocalCertGenerator method generateCert.

@Override
public CertObjectStore generateCert(GenerateCertRequest request, PasswordCallback password) throws IOException {
    KeyPair key = KeyHelper.generateKey(request.keyPairAlgorithm(), request.keySize());
    Issuer issuer = requiredParameter(request.getIssuer(), "Issuer");
    BigInteger serial = BigInteger.ONE;
    X500Principal issuerDN = null;
    KeyPair issuerKey = null;
    X500Principal dn = request.dn();
    if (!this.selfSignedIssuer.equals(issuer)) {
        UserCertStoreEntry issuerEntry = Check.notNull(issuer.storeEntry());
        serial = getNextSerial(issuerEntry);
        issuerDN = issuerEntry.dn();
        issuerKey = issuerEntry.getKey(password);
    } else {
        issuerKey = key;
        issuerDN = dn;
    }
    Date notBefore = requiredParameter(request.getNotBefore(), "NotBefore");
    Date notAfter = requiredParameter(request.getNotAfter(), "NotAfter");
    SignatureAlgorithm signatureAlgorithm = requiredParameter(request.getSignatureAlgorithm(), "SignatureAlgorithm");
    X509Certificate crt = X509CertificateHelper.generateCRT(dn, key, serial, notBefore, notAfter, request.getExtensions(), issuerDN, issuerKey, signatureAlgorithm);
    CertObjectStore certObjects = new CertObjectStore();
    certObjects.addKey(key);
    certObjects.addCRT(crt);
    return certObjects;
}
Also used : KeyPair(java.security.KeyPair) BigInteger(java.math.BigInteger) X500Principal(javax.security.auth.x500.X500Principal) SignatureAlgorithm(de.carne.certmgr.certs.security.SignatureAlgorithm) CertObjectStore(de.carne.certmgr.certs.CertObjectStore) Date(java.util.Date) X509Certificate(java.security.cert.X509Certificate) UserCertStoreEntry(de.carne.certmgr.certs.UserCertStoreEntry)

Example 8 with CertObjectStore

use of de.carne.certmgr.certs.CertObjectStore in project certmgr by hdecarne.

the class CertReadersWritersTest method testReaderAndWriter.

private void testReaderAndWriter(CertReader reader, URL testResourceURL, Path testPath) throws IOException {
    System.out.println("Testing I/O provider: " + reader.providerName());
    CertWriter writer = CertWriters.REGISTERED.get(reader.providerName());
    System.out.println(reader.fileType());
    System.out.println(Arrays.toString(reader.fileExtensionPatterns()));
    if (writer != null) {
        System.out.println("isCharWriter: " + writer.isCharWriter());
        System.out.println("isEncryptionRequired: " + writer.isEncryptionRequired());
    }
    CertObjectStore readCertObjects1 = CertReaders.readURL(testResourceURL, Tests.password());
    Assert.assertNotNull(readCertObjects1);
    for (CertObjectStore.Entry entry : readCertObjects1) {
        switch(entry.type()) {
            case CRT:
                reader.fileExtension(entry.getCRT().getClass());
                break;
            case KEY:
                reader.fileExtension(entry.getKey().getClass());
                break;
            case CSR:
                reader.fileExtension(entry.getCSR().getClass());
                break;
            case CRL:
                reader.fileExtension(entry.getCRL().getClass());
                break;
        }
        reader.fileExtension(getClass());
    }
    CertObjectStore readCertObjects2;
    try (IOResource<InputStream> in = new IOResource<>(testResourceURL.openStream(), reader.providerName())) {
        readCertObjects2 = reader.readBinary(in, Tests.password());
        Assert.assertNotNull(readCertObjects2);
        Assert.assertEquals(readCertObjects1.size(), readCertObjects2.size());
    }
    if (writer != null) {
        if (!writer.isEncryptionRequired()) {
            try (IOResource<OutputStream> out = IOResource.newOutputStream(writer.providerName(), testPath)) {
                writer.writeBinary(out, readCertObjects2);
            }
            verifyWriterOutput(readCertObjects2, reader, testPath);
            if (writer.isCharWriter()) {
                try (IOResource<Writer> out = new IOResource<>(Files.newBufferedWriter(testPath), writer.providerName())) {
                    writer.writeString(out, readCertObjects2);
                }
                verifyWriterOutput(readCertObjects2, reader, testPath);
            }
        }
        try (IOResource<OutputStream> out = IOResource.newOutputStream(writer.providerName(), testPath)) {
            writer.writeEncryptedBinary(out, readCertObjects2, Tests.password());
        }
        if (writer.isCharWriter()) {
            try (IOResource<Writer> out = new IOResource<>(Files.newBufferedWriter(testPath), writer.providerName())) {
                writer.writeEncryptedString(out, readCertObjects2, Tests.password());
            }
            verifyWriterOutput(readCertObjects2, reader, testPath);
        }
        verifyWriterOutput(readCertObjects2, reader, testPath);
    }
    System.out.println();
}
Also used : IOResource(de.carne.certmgr.certs.io.IOResource) InputStream(java.io.InputStream) OutputStream(java.io.OutputStream) CertWriter(de.carne.certmgr.certs.spi.CertWriter) CertObjectStore(de.carne.certmgr.certs.CertObjectStore) CertWriter(de.carne.certmgr.certs.spi.CertWriter) Writer(java.io.Writer)

Example 9 with CertObjectStore

use of de.carne.certmgr.certs.CertObjectStore in project certmgr by hdecarne.

the class CertReadersWritersTest method verifyWriterOutput.

private static void verifyWriterOutput(CertObjectStore readCertObjects, CertReader reader, Path testPath) throws IOException {
    try (IOResource<InputStream> in = IOResource.newInputStream(testPath.toString(), testPath)) {
        CertObjectStore readCertObjects2 = reader.readBinary(in, Tests.password());
        Assert.assertNotNull(readCertObjects2);
        Assert.assertEquals(readCertObjects.size(), readCertObjects2.size());
    }
}
Also used : InputStream(java.io.InputStream) CertObjectStore(de.carne.certmgr.certs.CertObjectStore)

Example 10 with CertObjectStore

use of de.carne.certmgr.certs.CertObjectStore in project certmgr by hdecarne.

the class DERCertReaderWriter method readBinary.

@Override
@Nullable
public CertObjectStore readBinary(IOResource<InputStream> in, PasswordCallback password) throws IOException {
    LOG.debug("Trying to read DER objects from: ''{0}''...", in);
    CertObjectStore certObjects = null;
    try (ASN1InputStream derStream = new ASN1InputStream(in.io())) {
        ASN1Primitive derObject;
        while ((derObject = derStream.readObject()) != null) {
            X509Certificate crt = tryDecodeCRT(derObject);
            if (crt != null) {
                if (certObjects == null) {
                    certObjects = new CertObjectStore();
                }
                certObjects.addCRT(crt);
                continue;
            }
            KeyPair key = tryDecodeKey(derObject, in.resource(), password);
            if (key != null) {
                if (certObjects == null) {
                    certObjects = new CertObjectStore();
                }
                certObjects.addKey(key);
                continue;
            }
            PKCS10CertificateRequest csr = tryDecodeCSR(derObject);
            if (csr != null) {
                if (certObjects == null) {
                    certObjects = new CertObjectStore();
                }
                certObjects.addCSR(csr);
                continue;
            }
            X509CRL crl = tryDecodeCRL(derObject);
            if (crl != null) {
                if (certObjects == null) {
                    certObjects = new CertObjectStore();
                }
                certObjects.addCRL(crl);
                continue;
            }
            LOG.warning(CertIOI18N.STR_DER_UNKNOWN_OBJECT, derObject.getClass().getName());
        }
    } catch (ClassCastException e) {
        // the file is not a DER stream
        throw new CertProviderException(e);
    }
    return certObjects;
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) KeyPair(java.security.KeyPair) X509CRL(java.security.cert.X509CRL) PKCS10CertificateRequest(de.carne.certmgr.certs.x509.PKCS10CertificateRequest) CertObjectStore(de.carne.certmgr.certs.CertObjectStore) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive) CertProviderException(de.carne.certmgr.certs.CertProviderException) X509Certificate(java.security.cert.X509Certificate) Nullable(de.carne.check.Nullable)

Aggregations

CertObjectStore (de.carne.certmgr.certs.CertObjectStore)17 Nullable (de.carne.check.Nullable)7 IOException (java.io.IOException)6 CertProviderException (de.carne.certmgr.certs.CertProviderException)5 InputStream (java.io.InputStream)4 Path (java.nio.file.Path)4 GeneralSecurityException (java.security.GeneralSecurityException)4 X509Certificate (java.security.cert.X509Certificate)4 PasswordRequiredException (de.carne.certmgr.certs.PasswordRequiredException)3 KeyPair (java.security.KeyPair)3 ArrayList (java.util.ArrayList)3 PKCS12PfxPdu (org.bouncycastle.pkcs.PKCS12PfxPdu)3 UserCertStoreEntry (de.carne.certmgr.certs.UserCertStoreEntry)2 PlatformKeyStore (de.carne.certmgr.certs.security.PlatformKeyStore)2 SignatureAlgorithm (de.carne.certmgr.certs.security.SignatureAlgorithm)2 CertReader (de.carne.certmgr.certs.spi.CertReader)2 CertWriter (de.carne.certmgr.certs.spi.CertWriter)2 PKCS10CertificateRequest (de.carne.certmgr.certs.x509.PKCS10CertificateRequest)2 OutputStream (java.io.OutputStream)2 KeyStore (java.security.KeyStore)2