Example 6 with PasswordRequiredException
use of de.carne.certmgr.certs.PasswordRequiredException in project certmgr by hdecarne.
the class JKSCertReaderWriter method writeEncryptedBinary.
@Override
public void writeEncryptedBinary(IOResource<OutputStream> out, CertObjectStore certObjects, PasswordCallback newPassword) throws IOException {
char[] passwordChars = newPassword.queryPassword(out.resource());
if (passwordChars == null) {
throw new PasswordRequiredException(out.resource());
}
try {
KeyStore keyStore = KeyStore.getInstance(KEYSTORE_TYPE);
keyStore.load(null, null);
List<X509Certificate> crtChain = new ArrayList<>(certObjects.size());
for (CertObjectStore.Entry certObject : certObjects) {
if (certObject.type() == CertObjectType.CRT) {
keyStore.setCertificateEntry(certObject.alias(), certObject.getCRT());
crtChain.add(0, certObject.getCRT());
}
}
for (CertObjectStore.Entry certObject : certObjects) {
if (certObject.type() == CertObjectType.KEY) {
keyStore.setKeyEntry(certObject.alias(), certObject.getKey().getPrivate(), passwordChars, crtChain.toArray(new X509Certificate[crtChain.size()]));
crtChain.clear();
}
}
keyStore.store(out.io(), passwordChars);
} catch (GeneralSecurityException e) {
throw new CertProviderException(e);
}
}
Also used :
GeneralSecurityException(java.security.GeneralSecurityException)
ArrayList(java.util.ArrayList)
PasswordRequiredException(de.carne.certmgr.certs.PasswordRequiredException)
CertObjectStore(de.carne.certmgr.certs.CertObjectStore)
KeyStore(java.security.KeyStore)
PlatformKeyStore(de.carne.certmgr.certs.security.PlatformKeyStore)
CertProviderException(de.carne.certmgr.certs.CertProviderException)
X509Certificate(java.security.cert.X509Certificate)
Example 7 with PasswordRequiredException
use of de.carne.certmgr.certs.PasswordRequiredException in project certmgr by hdecarne.
the class JKSCertReaderWriter method readKeyStore.
@Nullable
private static CertObjectStore readKeyStore(String keyStoreType, @Nullable InputStream inputStream, String resource, PasswordCallback password) throws IOException {
KeyStore keyStore = null;
try {
keyStore = loadKeyStore(keyStoreType, inputStream, resource, password);
} catch (GeneralSecurityException e) {
throw new CertProviderException(e);
} catch (PasswordRequiredException e) {
throw e;
} catch (IOException e) {
LOG.info(e, "No KeyStore objects recognized in: ''{0}''", resource);
}
CertObjectStore certObjects = null;
if (keyStore != null) {
try {
certObjects = new CertObjectStore();
Enumeration<String> aliases = keyStore.aliases();
while (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
Certificate aliasCertificate = keyStore.getCertificate(alias);
if (aliasCertificate != null) {
if (aliasCertificate instanceof X509Certificate) {
certObjects.addCRT((X509Certificate) aliasCertificate);
} else {
LOG.warning("Ignoring certificate of key store entry ''{0}'' due to unsupported type ''{1}''", alias, aliasCertificate.getClass().getName());
}
}
Key aliasKey = getAliasKey(keyStore, alias, password);
if (aliasKey != null) {
if (aliasKey instanceof PrivateKey) {
try {
certObjects.addKey(KeyHelper.rebuildKeyPair((PrivateKey) aliasKey));
} catch (IOException e) {
LOG.warning(e, "Unable to rebuild key pair for private key ''{0}'' of type ''{1}''", alias, aliasKey.getClass().getName());
}
} else {
LOG.warning("Ignoring key of key store entry ''{0}'' due to unsupported type ''{1}''", alias, aliasKey.getClass().getName());
}
}
Certificate[] aliasChain = keyStore.getCertificateChain(alias);
if (aliasChain != null) {
for (Certificate aliasChainEntry : aliasChain) {
if (aliasChainEntry instanceof X509Certificate) {
certObjects.addCRT((X509Certificate) aliasChainEntry);
} else {
LOG.warning("Ignoring chain certificate of key store entry ''{0}'' due to unsupported type ''{1}''", alias, aliasChainEntry.getClass().getName());
}
}
}
}
} catch (GeneralSecurityException e) {
throw new CertProviderException(e);
}
}
return certObjects;
}
Also used :
PrivateKey(java.security.PrivateKey)
GeneralSecurityException(java.security.GeneralSecurityException)
PasswordRequiredException(de.carne.certmgr.certs.PasswordRequiredException)
IOException(java.io.IOException)
KeyStore(java.security.KeyStore)
PlatformKeyStore(de.carne.certmgr.certs.security.PlatformKeyStore)
CertProviderException(de.carne.certmgr.certs.CertProviderException)
X509Certificate(java.security.cert.X509Certificate)
CertObjectStore(de.carne.certmgr.certs.CertObjectStore)
Key(java.security.Key)
PrivateKey(java.security.PrivateKey)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Nullable(de.carne.check.Nullable)
Aggregations
PasswordRequiredException (de.carne.certmgr.certs.PasswordRequiredException)7
CertProviderException (de.carne.certmgr.certs.CertProviderException)5
GeneralSecurityException (java.security.GeneralSecurityException)4
CertObjectStore (de.carne.certmgr.certs.CertObjectStore)3
PlatformKeyStore (de.carne.certmgr.certs.security.PlatformKeyStore)3
IOException (java.io.IOException)3
KeyStore (java.security.KeyStore)3
Nullable (de.carne.check.Nullable)2
PrivateKey (java.security.PrivateKey)2
X509Certificate (java.security.cert.X509Certificate)2
ArrayList (java.util.ArrayList)2
OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)2
PKCSException (org.bouncycastle.pkcs.PKCSException)2
Key (java.security.Key)1
KeyFactory (java.security.KeyFactory)1
KeyPair (java.security.KeyPair)1
UnrecoverableKeyException (java.security.UnrecoverableKeyException)1
Certificate (java.security.cert.Certificate)1
PKCS8EncodedKeySpec (java.security.spec.PKCS8EncodedKeySpec)1
EncryptedPrivateKeyInfo (org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo)1
