Example 11 with CertObjectStore
use of de.carne.certmgr.certs.CertObjectStore in project certmgr by hdecarne.
the class JKSCertReaderWriter method writeEncryptedBinary.
@Override
public void writeEncryptedBinary(IOResource<OutputStream> out, CertObjectStore certObjects, PasswordCallback newPassword) throws IOException {
char[] passwordChars = newPassword.queryPassword(out.resource());
if (passwordChars == null) {
throw new PasswordRequiredException(out.resource());
}
try {
KeyStore keyStore = KeyStore.getInstance(KEYSTORE_TYPE);
keyStore.load(null, null);
List<X509Certificate> crtChain = new ArrayList<>(certObjects.size());
for (CertObjectStore.Entry certObject : certObjects) {
if (certObject.type() == CertObjectType.CRT) {
keyStore.setCertificateEntry(certObject.alias(), certObject.getCRT());
crtChain.add(0, certObject.getCRT());
}
}
for (CertObjectStore.Entry certObject : certObjects) {
if (certObject.type() == CertObjectType.KEY) {
keyStore.setKeyEntry(certObject.alias(), certObject.getKey().getPrivate(), passwordChars, crtChain.toArray(new X509Certificate[crtChain.size()]));
crtChain.clear();
}
}
keyStore.store(out.io(), passwordChars);
} catch (GeneralSecurityException e) {
throw new CertProviderException(e);
}
}
Also used :
GeneralSecurityException(java.security.GeneralSecurityException)
ArrayList(java.util.ArrayList)
PasswordRequiredException(de.carne.certmgr.certs.PasswordRequiredException)
CertObjectStore(de.carne.certmgr.certs.CertObjectStore)
KeyStore(java.security.KeyStore)
PlatformKeyStore(de.carne.certmgr.certs.security.PlatformKeyStore)
CertProviderException(de.carne.certmgr.certs.CertProviderException)
X509Certificate(java.security.cert.X509Certificate)
Example 12 with CertObjectStore
use of de.carne.certmgr.certs.CertObjectStore in project certmgr by hdecarne.
the class JKSCertReaderWriter method readKeyStore.
@Nullable
private static CertObjectStore readKeyStore(String keyStoreType, @Nullable InputStream inputStream, String resource, PasswordCallback password) throws IOException {
KeyStore keyStore = null;
try {
keyStore = loadKeyStore(keyStoreType, inputStream, resource, password);
} catch (GeneralSecurityException e) {
throw new CertProviderException(e);
} catch (PasswordRequiredException e) {
throw e;
} catch (IOException e) {
LOG.info(e, "No KeyStore objects recognized in: ''{0}''", resource);
}
CertObjectStore certObjects = null;
if (keyStore != null) {
try {
certObjects = new CertObjectStore();
Enumeration<String> aliases = keyStore.aliases();
while (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
Certificate aliasCertificate = keyStore.getCertificate(alias);
if (aliasCertificate != null) {
if (aliasCertificate instanceof X509Certificate) {
certObjects.addCRT((X509Certificate) aliasCertificate);
} else {
LOG.warning("Ignoring certificate of key store entry ''{0}'' due to unsupported type ''{1}''", alias, aliasCertificate.getClass().getName());
}
}
Key aliasKey = getAliasKey(keyStore, alias, password);
if (aliasKey != null) {
if (aliasKey instanceof PrivateKey) {
try {
certObjects.addKey(KeyHelper.rebuildKeyPair((PrivateKey) aliasKey));
} catch (IOException e) {
LOG.warning(e, "Unable to rebuild key pair for private key ''{0}'' of type ''{1}''", alias, aliasKey.getClass().getName());
}
} else {
LOG.warning("Ignoring key of key store entry ''{0}'' due to unsupported type ''{1}''", alias, aliasKey.getClass().getName());
}
}
Certificate[] aliasChain = keyStore.getCertificateChain(alias);
if (aliasChain != null) {
for (Certificate aliasChainEntry : aliasChain) {
if (aliasChainEntry instanceof X509Certificate) {
certObjects.addCRT((X509Certificate) aliasChainEntry);
} else {
LOG.warning("Ignoring chain certificate of key store entry ''{0}'' due to unsupported type ''{1}''", alias, aliasChainEntry.getClass().getName());
}
}
}
}
} catch (GeneralSecurityException e) {
throw new CertProviderException(e);
}
}
return certObjects;
}
Also used :
PrivateKey(java.security.PrivateKey)
GeneralSecurityException(java.security.GeneralSecurityException)
PasswordRequiredException(de.carne.certmgr.certs.PasswordRequiredException)
IOException(java.io.IOException)
KeyStore(java.security.KeyStore)
PlatformKeyStore(de.carne.certmgr.certs.security.PlatformKeyStore)
CertProviderException(de.carne.certmgr.certs.CertProviderException)
X509Certificate(java.security.cert.X509Certificate)
CertObjectStore(de.carne.certmgr.certs.CertObjectStore)
Key(java.security.Key)
PrivateKey(java.security.PrivateKey)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Nullable(de.carne.check.Nullable)
Example 13 with CertObjectStore
use of de.carne.certmgr.certs.CertObjectStore in project certmgr by hdecarne.
the class PEMCertReaderWriter method readObjectString.
private static CertObjectStore.Entry readObjectString(IOResource<Reader> in, PasswordCallback password) throws IOException {
CertObjectStore certObjects = readObjectsString(in, password);
if (certObjects == null) {
throw new IOException("No objects read from '" + in.resource() + "'");
}
int certObjectsCount = certObjects.size();
if (certObjectsCount != 1) {
throw new IOException(certObjectsCount + " objects read from '" + in.resource() + "' (expected 1)");
}
return certObjects.iterator().next();
}
Also used :
CertObjectStore(de.carne.certmgr.certs.CertObjectStore)
IOException(java.io.IOException)
Example 14 with CertObjectStore
use of de.carne.certmgr.certs.CertObjectStore in project certmgr by hdecarne.
the class CertReaders method readURL.
/**
* Read all available certificate objects from an {@link URL}.
* <p>
* All registered {@link CertReader}s are considered for reading certificate object until one recognizes the file
* data.
*
* @param url The URL to read from.
* @param password The callback to use for querying passwords (if needed).
* @return The read certificate objects, or {@code null} if no certificate data was recognized.
* @throws IOException if an I/O error occurs during reading/decoding.
*/
@Nullable
public static CertObjectStore readURL(URL url, PasswordCallback password) throws IOException {
Deque<CertReader> certReaders = new ArrayDeque<>();
Path file;
try {
String urlPath = url.getPath();
int fileNameIndex = urlPath.lastIndexOf('/');
String fileName = (fileNameIndex >= 0 ? urlPath.substring(fileNameIndex + 1) : urlPath);
file = Paths.get(fileName);
} catch (InvalidPathException e) {
throw new IOException(e.getLocalizedMessage(), e);
}
for (CertReader reader : REGISTERED.providers()) {
if (matchFileName(reader, file)) {
certReaders.addFirst(reader);
} else {
certReaders.addLast(reader);
}
}
CertObjectStore certObjects = null;
for (CertReader reader : certReaders) {
try (IOResource<InputStream> in = new IOResource<>(url.openStream(), file.toString())) {
certObjects = reader.readBinary(in, password);
} catch (IOException e) {
Exceptions.ignore(e);
}
if (certObjects != null) {
break;
}
}
return certObjects;
}
Also used :
Path(java.nio.file.Path)
InputStream(java.io.InputStream)
IOException(java.io.IOException)
CertObjectStore(de.carne.certmgr.certs.CertObjectStore)
CertReader(de.carne.certmgr.certs.spi.CertReader)
ArrayDeque(java.util.ArrayDeque)
InvalidPathException(java.nio.file.InvalidPathException)
Nullable(de.carne.check.Nullable)
Example 15 with CertObjectStore
use of de.carne.certmgr.certs.CertObjectStore in project certmgr by hdecarne.
the class CertReaders method readFile.
/**
* Read all available certificate objects from a file.
* <p>
* All registered {@link CertReader}s are considered for reading certificate object until one recognizes the file
* data.
*
* @param file The file to read from.
* @param password The callback to use for querying passwords (if needed).
* @return The read certificate objects, or {@code null} if no certificate data was recognized.
* @throws IOException if an I/O error occurs during reading/decoding.
*/
@Nullable
public static CertObjectStore readFile(Path file, PasswordCallback password) throws IOException {
Deque<CertReader> certReaders = new ArrayDeque<>();
Path fileName = file.getFileName();
for (CertReader reader : REGISTERED.providers()) {
if (matchFileName(reader, fileName)) {
certReaders.addFirst(reader);
} else {
certReaders.addLast(reader);
}
}
CertObjectStore certObjects = null;
for (CertReader reader : certReaders) {
try (IOResource<InputStream> in = IOResource.newInputStream(file.toString(), file, StandardOpenOption.READ)) {
certObjects = reader.readBinary(in, password);
if (certObjects != null) {
break;
}
}
}
return certObjects;
}
Also used :
Path(java.nio.file.Path)
InputStream(java.io.InputStream)
CertObjectStore(de.carne.certmgr.certs.CertObjectStore)
CertReader(de.carne.certmgr.certs.spi.CertReader)
ArrayDeque(java.util.ArrayDeque)
Nullable(de.carne.check.Nullable)
Aggregations
CertObjectStore (de.carne.certmgr.certs.CertObjectStore)17
Nullable (de.carne.check.Nullable)7
IOException (java.io.IOException)6
CertProviderException (de.carne.certmgr.certs.CertProviderException)5
InputStream (java.io.InputStream)4
Path (java.nio.file.Path)4
GeneralSecurityException (java.security.GeneralSecurityException)4
X509Certificate (java.security.cert.X509Certificate)4
PasswordRequiredException (de.carne.certmgr.certs.PasswordRequiredException)3
KeyPair (java.security.KeyPair)3
ArrayList (java.util.ArrayList)3
PKCS12PfxPdu (org.bouncycastle.pkcs.PKCS12PfxPdu)3
UserCertStoreEntry (de.carne.certmgr.certs.UserCertStoreEntry)2
PlatformKeyStore (de.carne.certmgr.certs.security.PlatformKeyStore)2
SignatureAlgorithm (de.carne.certmgr.certs.security.SignatureAlgorithm)2
CertReader (de.carne.certmgr.certs.spi.CertReader)2
CertWriter (de.carne.certmgr.certs.spi.CertWriter)2
PKCS10CertificateRequest (de.carne.certmgr.certs.x509.PKCS10CertificateRequest)2
OutputStream (java.io.OutputStream)2
KeyStore (java.security.KeyStore)2
