Example 6 with CertProviderException
use of de.carne.certmgr.certs.CertProviderException in project certmgr by hdecarne.
the class DERCertReaderWriter method readBinary.
@Override
@Nullable
public CertObjectStore readBinary(IOResource<InputStream> in, PasswordCallback password) throws IOException {
LOG.debug("Trying to read DER objects from: ''{0}''...", in);
CertObjectStore certObjects = null;
try (ASN1InputStream derStream = new ASN1InputStream(in.io())) {
ASN1Primitive derObject;
while ((derObject = derStream.readObject()) != null) {
X509Certificate crt = tryDecodeCRT(derObject);
if (crt != null) {
if (certObjects == null) {
certObjects = new CertObjectStore();
}
certObjects.addCRT(crt);
continue;
}
KeyPair key = tryDecodeKey(derObject, in.resource(), password);
if (key != null) {
if (certObjects == null) {
certObjects = new CertObjectStore();
}
certObjects.addKey(key);
continue;
}
PKCS10CertificateRequest csr = tryDecodeCSR(derObject);
if (csr != null) {
if (certObjects == null) {
certObjects = new CertObjectStore();
}
certObjects.addCSR(csr);
continue;
}
X509CRL crl = tryDecodeCRL(derObject);
if (crl != null) {
if (certObjects == null) {
certObjects = new CertObjectStore();
}
certObjects.addCRL(crl);
continue;
}
LOG.warning(CertIOI18N.STR_DER_UNKNOWN_OBJECT, derObject.getClass().getName());
}
} catch (ClassCastException e) {
// the file is not a DER stream
throw new CertProviderException(e);
}
return certObjects;
}
Also used :
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
KeyPair(java.security.KeyPair)
X509CRL(java.security.cert.X509CRL)
PKCS10CertificateRequest(de.carne.certmgr.certs.x509.PKCS10CertificateRequest)
CertObjectStore(de.carne.certmgr.certs.CertObjectStore)
ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)
CertProviderException(de.carne.certmgr.certs.CertProviderException)
X509Certificate(java.security.cert.X509Certificate)
Nullable(de.carne.check.Nullable)
Example 7 with CertProviderException
use of de.carne.certmgr.certs.CertProviderException in project certmgr by hdecarne.
the class DERCertReaderWriter method encryptKey.
private static byte[] encryptKey(KeyPair key, String resource, PasswordCallback newPassword) throws IOException {
char[] passwordChars = newPassword.queryPassword(resource);
if (passwordChars == null) {
throw new PasswordRequiredException(resource);
}
byte[] encoded;
try {
PKCS8EncryptedPrivateKeyInfoBuilder encryptedPrivateKeyInfoBuilder = new PKCS8EncryptedPrivateKeyInfoBuilder(KeyHelper.encodePrivateKey(key.getPrivate()));
OutputEncryptor encryptor = OUTPUT_ENCRYPTOR_BUILDER.build(passwordChars);
encoded = encryptedPrivateKeyInfoBuilder.build(encryptor).getEncoded();
} catch (OperatorCreationException e) {
throw new CertProviderException(e);
}
return encoded;
}
Also used :
PKCS8EncryptedPrivateKeyInfoBuilder(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfoBuilder)
PasswordRequiredException(de.carne.certmgr.certs.PasswordRequiredException)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
CertProviderException(de.carne.certmgr.certs.CertProviderException)
OutputEncryptor(org.bouncycastle.operator.OutputEncryptor)
Example 8 with CertProviderException
use of de.carne.certmgr.certs.CertProviderException in project certmgr by hdecarne.
the class JKSCertReaderWriter method writeEncryptedBinary.
@Override
public void writeEncryptedBinary(IOResource<OutputStream> out, CertObjectStore certObjects, PasswordCallback newPassword) throws IOException {
char[] passwordChars = newPassword.queryPassword(out.resource());
if (passwordChars == null) {
throw new PasswordRequiredException(out.resource());
}
try {
KeyStore keyStore = KeyStore.getInstance(KEYSTORE_TYPE);
keyStore.load(null, null);
List<X509Certificate> crtChain = new ArrayList<>(certObjects.size());
for (CertObjectStore.Entry certObject : certObjects) {
if (certObject.type() == CertObjectType.CRT) {
keyStore.setCertificateEntry(certObject.alias(), certObject.getCRT());
crtChain.add(0, certObject.getCRT());
}
}
for (CertObjectStore.Entry certObject : certObjects) {
if (certObject.type() == CertObjectType.KEY) {
keyStore.setKeyEntry(certObject.alias(), certObject.getKey().getPrivate(), passwordChars, crtChain.toArray(new X509Certificate[crtChain.size()]));
crtChain.clear();
}
}
keyStore.store(out.io(), passwordChars);
} catch (GeneralSecurityException e) {
throw new CertProviderException(e);
}
}
Also used :
GeneralSecurityException(java.security.GeneralSecurityException)
ArrayList(java.util.ArrayList)
PasswordRequiredException(de.carne.certmgr.certs.PasswordRequiredException)
CertObjectStore(de.carne.certmgr.certs.CertObjectStore)
KeyStore(java.security.KeyStore)
PlatformKeyStore(de.carne.certmgr.certs.security.PlatformKeyStore)
CertProviderException(de.carne.certmgr.certs.CertProviderException)
X509Certificate(java.security.cert.X509Certificate)
Example 9 with CertProviderException
use of de.carne.certmgr.certs.CertProviderException in project certmgr by hdecarne.
the class JKSCertReaderWriter method readKeyStore.
@Nullable
private static CertObjectStore readKeyStore(String keyStoreType, @Nullable InputStream inputStream, String resource, PasswordCallback password) throws IOException {
KeyStore keyStore = null;
try {
keyStore = loadKeyStore(keyStoreType, inputStream, resource, password);
} catch (GeneralSecurityException e) {
throw new CertProviderException(e);
} catch (PasswordRequiredException e) {
throw e;
} catch (IOException e) {
LOG.info(e, "No KeyStore objects recognized in: ''{0}''", resource);
}
CertObjectStore certObjects = null;
if (keyStore != null) {
try {
certObjects = new CertObjectStore();
Enumeration<String> aliases = keyStore.aliases();
while (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
Certificate aliasCertificate = keyStore.getCertificate(alias);
if (aliasCertificate != null) {
if (aliasCertificate instanceof X509Certificate) {
certObjects.addCRT((X509Certificate) aliasCertificate);
} else {
LOG.warning("Ignoring certificate of key store entry ''{0}'' due to unsupported type ''{1}''", alias, aliasCertificate.getClass().getName());
}
}
Key aliasKey = getAliasKey(keyStore, alias, password);
if (aliasKey != null) {
if (aliasKey instanceof PrivateKey) {
try {
certObjects.addKey(KeyHelper.rebuildKeyPair((PrivateKey) aliasKey));
} catch (IOException e) {
LOG.warning(e, "Unable to rebuild key pair for private key ''{0}'' of type ''{1}''", alias, aliasKey.getClass().getName());
}
} else {
LOG.warning("Ignoring key of key store entry ''{0}'' due to unsupported type ''{1}''", alias, aliasKey.getClass().getName());
}
}
Certificate[] aliasChain = keyStore.getCertificateChain(alias);
if (aliasChain != null) {
for (Certificate aliasChainEntry : aliasChain) {
if (aliasChainEntry instanceof X509Certificate) {
certObjects.addCRT((X509Certificate) aliasChainEntry);
} else {
LOG.warning("Ignoring chain certificate of key store entry ''{0}'' due to unsupported type ''{1}''", alias, aliasChainEntry.getClass().getName());
}
}
}
}
} catch (GeneralSecurityException e) {
throw new CertProviderException(e);
}
}
return certObjects;
}
Also used :
PrivateKey(java.security.PrivateKey)
GeneralSecurityException(java.security.GeneralSecurityException)
PasswordRequiredException(de.carne.certmgr.certs.PasswordRequiredException)
IOException(java.io.IOException)
KeyStore(java.security.KeyStore)
PlatformKeyStore(de.carne.certmgr.certs.security.PlatformKeyStore)
CertProviderException(de.carne.certmgr.certs.CertProviderException)
X509Certificate(java.security.cert.X509Certificate)
CertObjectStore(de.carne.certmgr.certs.CertObjectStore)
Key(java.security.Key)
PrivateKey(java.security.PrivateKey)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Nullable(de.carne.check.Nullable)
Example 10 with CertProviderException
use of de.carne.certmgr.certs.CertProviderException in project certmgr by hdecarne.
the class PKCS12CertReaderWriter method convertPrivateKey.
private static PrivateKey convertPrivateKey(PrivateKeyInfo safeBagValue) throws IOException {
PrivateKey privateKey;
try {
KeyFactory keyFactory = KeyFactory.getInstance(safeBagValue.getPrivateKeyAlgorithm().getAlgorithm().getId(), BouncyCastleProvider.PROVIDER_NAME);
privateKey = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(safeBagValue.getEncoded()));
} catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException e) {
throw new CertProviderException(e);
}
return privateKey;
}
Also used :
PrivateKey(java.security.PrivateKey)
PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
NoSuchProviderException(java.security.NoSuchProviderException)
CertProviderException(de.carne.certmgr.certs.CertProviderException)
KeyFactory(java.security.KeyFactory)
Aggregations
CertProviderException (de.carne.certmgr.certs.CertProviderException)15
GeneralSecurityException (java.security.GeneralSecurityException)11
CertObjectStore (de.carne.certmgr.certs.CertObjectStore)5
PasswordRequiredException (de.carne.certmgr.certs.PasswordRequiredException)5
OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)5
X509Certificate (java.security.cert.X509Certificate)4
Nullable (de.carne.check.Nullable)3
KeyPair (java.security.KeyPair)3
PrivateKey (java.security.PrivateKey)3
ArrayList (java.util.ArrayList)3
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)3
ContentSigner (org.bouncycastle.operator.ContentSigner)3
JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)3
PKCSException (org.bouncycastle.pkcs.PKCSException)3
PlatformKeyStore (de.carne.certmgr.certs.security.PlatformKeyStore)2
IOException (java.io.IOException)2
InvalidKeyException (java.security.InvalidKeyException)2
KeyFactory (java.security.KeyFactory)2
KeyStore (java.security.KeyStore)2
SignatureException (java.security.SignatureException)2
