Example 1 with Nullable
use of de.carne.check.Nullable in project certmgr by hdecarne.
the class DERCertReaderWriter method tryDecodeKey.
@Nullable
private static KeyPair tryDecodeKey(ASN1Primitive asn1Object, String resource, PasswordCallback password) throws IOException {
PKCS8EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = null;
try {
encryptedPrivateKeyInfo = new PKCS8EncryptedPrivateKeyInfo(EncryptedPrivateKeyInfo.getInstance(asn1Object));
} catch (Exception e) {
Exceptions.ignore(e);
}
PrivateKeyInfo privateKeyInfo = null;
if (encryptedPrivateKeyInfo != null) {
Throwable passwordException = null;
while (privateKeyInfo == null) {
char[] passwordChars = password.queryPassword(resource);
if (passwordChars == null) {
throw new PasswordRequiredException(resource, passwordException);
}
InputDecryptorProvider inputDecryptorProvider = INPUT_DECRYPTOR_BUILDER.build(passwordChars);
try {
privateKeyInfo = encryptedPrivateKeyInfo.decryptPrivateKeyInfo(inputDecryptorProvider);
} catch (PKCSException e) {
passwordException = e;
}
}
}
try {
privateKeyInfo = PrivateKeyInfo.getInstance(asn1Object);
} catch (Exception e) {
Exceptions.ignore(e);
}
KeyPair key = null;
if (privateKeyInfo != null) {
PrivateKey privateKey;
try {
String algorithmId = privateKeyInfo.getPrivateKeyAlgorithm().getAlgorithm().getId();
KeyFactory keyFactory = JCA_JCE_HELPER.createKeyFactory(algorithmId);
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(privateKeyInfo.getEncoded());
privateKey = keyFactory.generatePrivate(keySpec);
} catch (GeneralSecurityException e) {
throw new CertProviderException(e);
}
key = KeyHelper.rebuildKeyPair(privateKey);
}
return key;
}
Also used :
KeyPair(java.security.KeyPair)
PrivateKey(java.security.PrivateKey)
GeneralSecurityException(java.security.GeneralSecurityException)
PKCS8EncryptedPrivateKeyInfo(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo)
PasswordRequiredException(de.carne.certmgr.certs.PasswordRequiredException)
PKCSException(org.bouncycastle.pkcs.PKCSException)
CertProviderException(de.carne.certmgr.certs.CertProviderException)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
CertProviderException(de.carne.certmgr.certs.CertProviderException)
GeneralSecurityException(java.security.GeneralSecurityException)
PKCSException(org.bouncycastle.pkcs.PKCSException)
IOException(java.io.IOException)
PasswordRequiredException(de.carne.certmgr.certs.PasswordRequiredException)
InputDecryptorProvider(org.bouncycastle.operator.InputDecryptorProvider)
PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec)
PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo)
PKCS8EncryptedPrivateKeyInfo(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo)
EncryptedPrivateKeyInfo(org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo)
KeyFactory(java.security.KeyFactory)
Nullable(de.carne.check.Nullable)
Example 2 with Nullable
use of de.carne.check.Nullable in project certmgr by hdecarne.
the class PEMCertReaderWriter method readObjectsString.
/**
* Read all available certificate objects from a PEM encoded {@link Reader} resource.
*
* @param in The reader resource to read from.
* @param password The callback to use for querying passwords (if needed).
* @return The read certificate objects, or {@code null} if the input is not recognized.
* @throws IOException if an I/O error occurs while reading.
*/
@Nullable
public static CertObjectStore readObjectsString(IOResource<Reader> in, PasswordCallback password) throws IOException {
LOG.debug("Trying to read PEM objects from: ''{0}''...", in);
CertObjectStore certObjects = null;
try (PEMParser parser = new PEMParser(in.io())) {
Object pemObject;
try {
pemObject = parser.readObject();
} catch (IOException e) {
LOG.info(e, "No PEM objects recognized in: ''{0}''", in);
pemObject = null;
}
while (pemObject != null) {
if (certObjects == null) {
certObjects = new CertObjectStore();
}
LOG.info("Decoding PEM object of type {0}", pemObject.getClass().getName());
if (pemObject instanceof X509CertificateHolder) {
certObjects.addCRT(convertCRT((X509CertificateHolder) pemObject));
} else if (pemObject instanceof PEMKeyPair) {
certObjects.addKey(convertKey((PEMKeyPair) pemObject));
} else if (pemObject instanceof PEMEncryptedKeyPair) {
certObjects.addKey(convertKey((PEMEncryptedKeyPair) pemObject, in.resource(), password));
} else if (pemObject instanceof PKCS10CertificationRequest) {
certObjects.addCSR(convertCSR((PKCS10CertificationRequest) pemObject));
} else if (pemObject instanceof X509CRLHolder) {
certObjects.addCRL(convertCRL((X509CRLHolder) pemObject));
} else {
LOG.warning("Ignoring unrecognized PEM object of type {0}", pemObject.getClass().getName());
}
pemObject = parser.readObject();
}
}
return certObjects;
}
Also used :
PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest)
PEMEncryptedKeyPair(org.bouncycastle.openssl.PEMEncryptedKeyPair)
PEMParser(org.bouncycastle.openssl.PEMParser)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
X509CRLHolder(org.bouncycastle.cert.X509CRLHolder)
PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair)
CertObjectStore(de.carne.certmgr.certs.CertObjectStore)
IOException(java.io.IOException)
Nullable(de.carne.check.Nullable)
Example 3 with Nullable
use of de.carne.check.Nullable in project certmgr by hdecarne.
the class PKCS12CertReaderWriter method readBinary.
@Override
@Nullable
public CertObjectStore readBinary(IOResource<InputStream> in, PasswordCallback password) throws IOException {
LOG.debug("Trying to read PKCS#12 objects from: ''{0}''...", in);
CertObjectStore certObjects = null;
PKCS12PfxPdu pkcs12 = readPKCS12(in);
if (pkcs12 != null) {
certObjects = new CertObjectStore();
for (ContentInfo contentInfo : pkcs12.getContentInfos()) {
ASN1ObjectIdentifier contentType = contentInfo.getContentType();
PKCS12SafeBagFactory safeBagFactory;
if (contentType.equals(PKCSObjectIdentifiers.encryptedData)) {
safeBagFactory = getSafeBagFactory(contentInfo, in.resource(), password);
} else {
safeBagFactory = getSafeBagFactory(contentInfo);
}
for (PKCS12SafeBag safeBag : safeBagFactory.getSafeBags()) {
Object safeBagValue = safeBag.getBagValue();
if (safeBagValue instanceof X509CertificateHolder) {
certObjects.addCRT(convertCRT((X509CertificateHolder) safeBagValue));
} else if (safeBagValue instanceof PKCS8EncryptedPrivateKeyInfo) {
PrivateKey privateKey = convertPrivateKey((PKCS8EncryptedPrivateKeyInfo) safeBagValue, in.resource(), password);
try {
certObjects.addKey(KeyHelper.rebuildKeyPair(privateKey));
} catch (IOException e) {
LOG.warning(e, "Unable to rebuild key pair for private key of type ''{1}''", privateKey.getClass().getName());
}
} else if (safeBagValue instanceof PrivateKeyInfo) {
PrivateKey privateKey = convertPrivateKey((PrivateKeyInfo) safeBagValue);
try {
certObjects.addKey(KeyHelper.rebuildKeyPair(privateKey));
} catch (IOException e) {
LOG.warning(e, "Unable to rebuild key pair for private key of type ''{1}''", privateKey.getClass().getName());
}
} else {
LOG.warning(CertIOI18N.STR_PKCS12_UNKNOWN_OBJECT, safeBagValue.getClass().getName());
}
}
}
}
return certObjects;
}
Also used :
PrivateKey(java.security.PrivateKey)
PKCS12SafeBagFactory(org.bouncycastle.pkcs.PKCS12SafeBagFactory)
ContentInfo(org.bouncycastle.asn1.pkcs.ContentInfo)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
CertObjectStore(de.carne.certmgr.certs.CertObjectStore)
PKCS8EncryptedPrivateKeyInfo(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo)
IOException(java.io.IOException)
PKCS12SafeBag(org.bouncycastle.pkcs.PKCS12SafeBag)
PKCS12PfxPdu(org.bouncycastle.pkcs.PKCS12PfxPdu)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo)
PKCS8EncryptedPrivateKeyInfo(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo)
Nullable(de.carne.check.Nullable)
Example 4 with Nullable
use of de.carne.check.Nullable in project certmgr by hdecarne.
the class UserCertStore method matchX509Certificate.
@Nullable
private Entry matchX509Certificate(X509Certificate crt) throws IOException {
X500Principal crtDN = crt.getSubjectX500Principal();
PublicKey crtPublicKey = crt.getPublicKey();
Entry matchingEntry = null;
for (Entry entry : this.storeEntries.values()) {
if (crtDN.equals(entry.dn())) {
if (entry.hasPublicKey() && Arrays.equals(crtPublicKey.getEncoded(), entry.getPublicKey().getEncoded())) {
matchingEntry = entry;
break;
}
if (entry.hasCRL() && X509CRLHelper.isCRLSignedBy(entry.getCRL(), crtPublicKey)) {
matchingEntry = entry;
break;
}
}
}
return matchingEntry;
}
Also used :
PublicKey(java.security.PublicKey)
X500Principal(javax.security.auth.x500.X500Principal)
Nullable(de.carne.check.Nullable)
Example 5 with Nullable
use of de.carne.check.Nullable in project certmgr by hdecarne.
the class UserCertStore method matchX509CRL.
@Nullable
private Entry matchX509CRL(X509CRL crl) throws IOException {
X500Principal crlDN = crl.getIssuerX500Principal();
Entry matchingEntry = null;
for (Entry entry : this.storeEntries.values()) {
if (crlDN.equals(entry.dn())) {
if (entry.hasPublicKey() && X509CRLHelper.isCRLSignedBy(crl, entry.getPublicKey())) {
matchingEntry = entry;
break;
}
try {
if (entry.hasCRL() && Arrays.equals(entry.getCRL().getEncoded(), crl.getEncoded())) {
matchingEntry = entry;
break;
}
} catch (CRLException e) {
throw new CertProviderException(e);
}
}
}
return matchingEntry;
}
Also used :
X500Principal(javax.security.auth.x500.X500Principal)
CRLException(java.security.cert.CRLException)
Nullable(de.carne.check.Nullable)
Aggregations
Nullable (de.carne.check.Nullable)24
IOException (java.io.IOException)9
CertObjectStore (de.carne.certmgr.certs.CertObjectStore)7
PrivateKey (java.security.PrivateKey)4
CertProviderException (de.carne.certmgr.certs.CertProviderException)3
InputStream (java.io.InputStream)3
Path (java.nio.file.Path)3
PublicKey (java.security.PublicKey)3
BackingStoreException (java.util.prefs.BackingStoreException)3
X500Principal (javax.security.auth.x500.X500Principal)3
PasswordRequiredException (de.carne.certmgr.certs.PasswordRequiredException)2
CertReader (de.carne.certmgr.certs.spi.CertReader)2
DefaultSet (de.carne.jfx.util.DefaultSet)2
GeneralSecurityException (java.security.GeneralSecurityException)2
Key (java.security.Key)2
KeyPair (java.security.KeyPair)2
Provider (java.security.Provider)2
Service (java.security.Provider.Service)2
X509Certificate (java.security.cert.X509Certificate)2
ArrayDeque (java.util.ArrayDeque)2
