Example 1 with PasswordRequiredException
use of de.carne.certmgr.certs.PasswordRequiredException in project certmgr by hdecarne.
the class DERCertReaderWriter method tryDecodeKey.
@Nullable
private static KeyPair tryDecodeKey(ASN1Primitive asn1Object, String resource, PasswordCallback password) throws IOException {
PKCS8EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = null;
try {
encryptedPrivateKeyInfo = new PKCS8EncryptedPrivateKeyInfo(EncryptedPrivateKeyInfo.getInstance(asn1Object));
} catch (Exception e) {
Exceptions.ignore(e);
}
PrivateKeyInfo privateKeyInfo = null;
if (encryptedPrivateKeyInfo != null) {
Throwable passwordException = null;
while (privateKeyInfo == null) {
char[] passwordChars = password.queryPassword(resource);
if (passwordChars == null) {
throw new PasswordRequiredException(resource, passwordException);
}
InputDecryptorProvider inputDecryptorProvider = INPUT_DECRYPTOR_BUILDER.build(passwordChars);
try {
privateKeyInfo = encryptedPrivateKeyInfo.decryptPrivateKeyInfo(inputDecryptorProvider);
} catch (PKCSException e) {
passwordException = e;
}
}
}
try {
privateKeyInfo = PrivateKeyInfo.getInstance(asn1Object);
} catch (Exception e) {
Exceptions.ignore(e);
}
KeyPair key = null;
if (privateKeyInfo != null) {
PrivateKey privateKey;
try {
String algorithmId = privateKeyInfo.getPrivateKeyAlgorithm().getAlgorithm().getId();
KeyFactory keyFactory = JCA_JCE_HELPER.createKeyFactory(algorithmId);
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(privateKeyInfo.getEncoded());
privateKey = keyFactory.generatePrivate(keySpec);
} catch (GeneralSecurityException e) {
throw new CertProviderException(e);
}
key = KeyHelper.rebuildKeyPair(privateKey);
}
return key;
}
Also used :
KeyPair(java.security.KeyPair)
PrivateKey(java.security.PrivateKey)
GeneralSecurityException(java.security.GeneralSecurityException)
PKCS8EncryptedPrivateKeyInfo(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo)
PasswordRequiredException(de.carne.certmgr.certs.PasswordRequiredException)
PKCSException(org.bouncycastle.pkcs.PKCSException)
CertProviderException(de.carne.certmgr.certs.CertProviderException)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
CertProviderException(de.carne.certmgr.certs.CertProviderException)
GeneralSecurityException(java.security.GeneralSecurityException)
PKCSException(org.bouncycastle.pkcs.PKCSException)
IOException(java.io.IOException)
PasswordRequiredException(de.carne.certmgr.certs.PasswordRequiredException)
InputDecryptorProvider(org.bouncycastle.operator.InputDecryptorProvider)
PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec)
PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo)
PKCS8EncryptedPrivateKeyInfo(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo)
EncryptedPrivateKeyInfo(org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo)
KeyFactory(java.security.KeyFactory)
Nullable(de.carne.check.Nullable)
Example 2 with PasswordRequiredException
use of de.carne.certmgr.certs.PasswordRequiredException in project certmgr by hdecarne.
the class JKSCertReaderWriter method loadKeyStore.
private static KeyStore loadKeyStore(String keyStoreType, @Nullable InputStream inputStream, String resource, PasswordCallback password) throws GeneralSecurityException, IOException {
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
char[] passwordChars = null;
Throwable passwordException = null;
do {
try {
keyStore.load(inputStream, passwordChars);
passwordException = null;
} catch (IOException e) {
if (e.getCause() instanceof UnrecoverableKeyException) {
passwordException = e.getCause();
} else {
throw e;
}
}
if (passwordException != null) {
passwordChars = password.requeryPassword(resource, passwordException);
if (passwordChars == null) {
throw new PasswordRequiredException(resource, passwordException);
}
}
} while (passwordException != null);
return keyStore;
}
Also used :
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
IOException(java.io.IOException)
PasswordRequiredException(de.carne.certmgr.certs.PasswordRequiredException)
KeyStore(java.security.KeyStore)
PlatformKeyStore(de.carne.certmgr.certs.security.PlatformKeyStore)
Example 3 with PasswordRequiredException
use of de.carne.certmgr.certs.PasswordRequiredException in project certmgr by hdecarne.
the class PEMCertReaderWriter method convertKey.
private static KeyPair convertKey(PEMEncryptedKeyPair pemObject, String resource, PasswordCallback password) throws IOException {
PEMKeyPair pemKeyPair = null;
Throwable passwordException = null;
while (pemKeyPair == null) {
char[] passwordChars = (passwordException == null ? password.queryPassword(resource) : password.requeryPassword(resource, passwordException));
if (passwordChars == null) {
throw new PasswordRequiredException(resource, passwordException);
}
PEMDecryptorProvider pemDecryptorProvider = PEM_DECRYPTOR_PROVIDER_BUILDER.build(passwordChars);
try {
pemKeyPair = pemObject.decryptKeyPair(pemDecryptorProvider);
} catch (EncryptionException e) {
passwordException = e;
}
}
return convertKey(pemKeyPair);
}
Also used :
PEMDecryptorProvider(org.bouncycastle.openssl.PEMDecryptorProvider)
EncryptionException(org.bouncycastle.openssl.EncryptionException)
PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair)
PasswordRequiredException(de.carne.certmgr.certs.PasswordRequiredException)
Example 4 with PasswordRequiredException
use of de.carne.certmgr.certs.PasswordRequiredException in project certmgr by hdecarne.
the class PKCS12CertReaderWriter method writeEncryptedBinary.
@Override
public void writeEncryptedBinary(IOResource<OutputStream> out, CertObjectStore certObjects, PasswordCallback newPassword) throws IOException {
char[] passwordChars = newPassword.queryPassword(out.resource());
if (passwordChars == null) {
throw new PasswordRequiredException(out.resource());
}
try {
List<PKCS12SafeBagBuilder> safeBagBuilders = new ArrayList<>(certObjects.size());
for (CertObjectStore.Entry certObject : certObjects) {
switch(certObject.type()) {
case CRT:
safeBagBuilders.add(createCRTSafeBagBuilder(certObject.alias(), certObject.getCRT(), safeBagBuilders.isEmpty()));
break;
case KEY:
safeBagBuilders.add(createKeySafeBagBuilder(certObject.alias(), certObject.getKey(), passwordChars));
break;
case CSR:
break;
case CRL:
break;
}
}
PKCS12PfxPduBuilder pkcs12Builder = new PKCS12PfxPduBuilder();
for (PKCS12SafeBagBuilder safeBagBuilder : safeBagBuilders) {
pkcs12Builder.addData(safeBagBuilder.build());
}
PKCS12PfxPdu pkcs12 = pkcs12Builder.build(new BcPKCS12MacCalculatorBuilder(), passwordChars);
out.io().write(pkcs12.getEncoded());
} catch (GeneralSecurityException | PKCSException e) {
throw new CertProviderException(e);
}
}
Also used :
PKCS12SafeBagBuilder(org.bouncycastle.pkcs.PKCS12SafeBagBuilder)
JcaPKCS12SafeBagBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS12SafeBagBuilder)
GeneralSecurityException(java.security.GeneralSecurityException)
ArrayList(java.util.ArrayList)
PasswordRequiredException(de.carne.certmgr.certs.PasswordRequiredException)
PKCSException(org.bouncycastle.pkcs.PKCSException)
CertProviderException(de.carne.certmgr.certs.CertProviderException)
CertObjectStore(de.carne.certmgr.certs.CertObjectStore)
BcPKCS12MacCalculatorBuilder(org.bouncycastle.pkcs.bc.BcPKCS12MacCalculatorBuilder)
PKCS12PfxPdu(org.bouncycastle.pkcs.PKCS12PfxPdu)
PKCS12PfxPduBuilder(org.bouncycastle.pkcs.PKCS12PfxPduBuilder)
Example 5 with PasswordRequiredException
use of de.carne.certmgr.certs.PasswordRequiredException in project certmgr by hdecarne.
the class DERCertReaderWriter method encryptKey.
private static byte[] encryptKey(KeyPair key, String resource, PasswordCallback newPassword) throws IOException {
char[] passwordChars = newPassword.queryPassword(resource);
if (passwordChars == null) {
throw new PasswordRequiredException(resource);
}
byte[] encoded;
try {
PKCS8EncryptedPrivateKeyInfoBuilder encryptedPrivateKeyInfoBuilder = new PKCS8EncryptedPrivateKeyInfoBuilder(KeyHelper.encodePrivateKey(key.getPrivate()));
OutputEncryptor encryptor = OUTPUT_ENCRYPTOR_BUILDER.build(passwordChars);
encoded = encryptedPrivateKeyInfoBuilder.build(encryptor).getEncoded();
} catch (OperatorCreationException e) {
throw new CertProviderException(e);
}
return encoded;
}
Also used :
PKCS8EncryptedPrivateKeyInfoBuilder(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfoBuilder)
PasswordRequiredException(de.carne.certmgr.certs.PasswordRequiredException)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
CertProviderException(de.carne.certmgr.certs.CertProviderException)
OutputEncryptor(org.bouncycastle.operator.OutputEncryptor)
Aggregations
PasswordRequiredException (de.carne.certmgr.certs.PasswordRequiredException)7
CertProviderException (de.carne.certmgr.certs.CertProviderException)5
GeneralSecurityException (java.security.GeneralSecurityException)4
CertObjectStore (de.carne.certmgr.certs.CertObjectStore)3
PlatformKeyStore (de.carne.certmgr.certs.security.PlatformKeyStore)3
IOException (java.io.IOException)3
KeyStore (java.security.KeyStore)3
Nullable (de.carne.check.Nullable)2
PrivateKey (java.security.PrivateKey)2
X509Certificate (java.security.cert.X509Certificate)2
ArrayList (java.util.ArrayList)2
OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)2
PKCSException (org.bouncycastle.pkcs.PKCSException)2
Key (java.security.Key)1
KeyFactory (java.security.KeyFactory)1
KeyPair (java.security.KeyPair)1
UnrecoverableKeyException (java.security.UnrecoverableKeyException)1
Certificate (java.security.cert.Certificate)1
PKCS8EncodedKeySpec (java.security.spec.PKCS8EncodedKeySpec)1
EncryptedPrivateKeyInfo (org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo)1
