Search in sources :

Example 1 with Nullable

use of de.carne.check.Nullable in project certmgr by hdecarne.

the class DERCertReaderWriter method tryDecodeKey.

@Nullable
private static KeyPair tryDecodeKey(ASN1Primitive asn1Object, String resource, PasswordCallback password) throws IOException {
    PKCS8EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = null;
    try {
        encryptedPrivateKeyInfo = new PKCS8EncryptedPrivateKeyInfo(EncryptedPrivateKeyInfo.getInstance(asn1Object));
    } catch (Exception e) {
        Exceptions.ignore(e);
    }
    PrivateKeyInfo privateKeyInfo = null;
    if (encryptedPrivateKeyInfo != null) {
        Throwable passwordException = null;
        while (privateKeyInfo == null) {
            char[] passwordChars = password.queryPassword(resource);
            if (passwordChars == null) {
                throw new PasswordRequiredException(resource, passwordException);
            }
            InputDecryptorProvider inputDecryptorProvider = INPUT_DECRYPTOR_BUILDER.build(passwordChars);
            try {
                privateKeyInfo = encryptedPrivateKeyInfo.decryptPrivateKeyInfo(inputDecryptorProvider);
            } catch (PKCSException e) {
                passwordException = e;
            }
        }
    }
    try {
        privateKeyInfo = PrivateKeyInfo.getInstance(asn1Object);
    } catch (Exception e) {
        Exceptions.ignore(e);
    }
    KeyPair key = null;
    if (privateKeyInfo != null) {
        PrivateKey privateKey;
        try {
            String algorithmId = privateKeyInfo.getPrivateKeyAlgorithm().getAlgorithm().getId();
            KeyFactory keyFactory = JCA_JCE_HELPER.createKeyFactory(algorithmId);
            PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(privateKeyInfo.getEncoded());
            privateKey = keyFactory.generatePrivate(keySpec);
        } catch (GeneralSecurityException e) {
            throw new CertProviderException(e);
        }
        key = KeyHelper.rebuildKeyPair(privateKey);
    }
    return key;
}
Also used : KeyPair(java.security.KeyPair) PrivateKey(java.security.PrivateKey) GeneralSecurityException(java.security.GeneralSecurityException) PKCS8EncryptedPrivateKeyInfo(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo) PasswordRequiredException(de.carne.certmgr.certs.PasswordRequiredException) PKCSException(org.bouncycastle.pkcs.PKCSException) CertProviderException(de.carne.certmgr.certs.CertProviderException) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) CertProviderException(de.carne.certmgr.certs.CertProviderException) GeneralSecurityException(java.security.GeneralSecurityException) PKCSException(org.bouncycastle.pkcs.PKCSException) IOException(java.io.IOException) PasswordRequiredException(de.carne.certmgr.certs.PasswordRequiredException) InputDecryptorProvider(org.bouncycastle.operator.InputDecryptorProvider) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo) PKCS8EncryptedPrivateKeyInfo(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo) EncryptedPrivateKeyInfo(org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo) KeyFactory(java.security.KeyFactory) Nullable(de.carne.check.Nullable)

Example 2 with Nullable

use of de.carne.check.Nullable in project certmgr by hdecarne.

the class PEMCertReaderWriter method readObjectsString.

/**
 * Read all available certificate objects from a PEM encoded {@link Reader} resource.
 *
 * @param in The reader resource to read from.
 * @param password The callback to use for querying passwords (if needed).
 * @return The read certificate objects, or {@code null} if the input is not recognized.
 * @throws IOException if an I/O error occurs while reading.
 */
@Nullable
public static CertObjectStore readObjectsString(IOResource<Reader> in, PasswordCallback password) throws IOException {
    LOG.debug("Trying to read PEM objects from: ''{0}''...", in);
    CertObjectStore certObjects = null;
    try (PEMParser parser = new PEMParser(in.io())) {
        Object pemObject;
        try {
            pemObject = parser.readObject();
        } catch (IOException e) {
            LOG.info(e, "No PEM objects recognized in: ''{0}''", in);
            pemObject = null;
        }
        while (pemObject != null) {
            if (certObjects == null) {
                certObjects = new CertObjectStore();
            }
            LOG.info("Decoding PEM object of type {0}", pemObject.getClass().getName());
            if (pemObject instanceof X509CertificateHolder) {
                certObjects.addCRT(convertCRT((X509CertificateHolder) pemObject));
            } else if (pemObject instanceof PEMKeyPair) {
                certObjects.addKey(convertKey((PEMKeyPair) pemObject));
            } else if (pemObject instanceof PEMEncryptedKeyPair) {
                certObjects.addKey(convertKey((PEMEncryptedKeyPair) pemObject, in.resource(), password));
            } else if (pemObject instanceof PKCS10CertificationRequest) {
                certObjects.addCSR(convertCSR((PKCS10CertificationRequest) pemObject));
            } else if (pemObject instanceof X509CRLHolder) {
                certObjects.addCRL(convertCRL((X509CRLHolder) pemObject));
            } else {
                LOG.warning("Ignoring unrecognized PEM object of type {0}", pemObject.getClass().getName());
            }
            pemObject = parser.readObject();
        }
    }
    return certObjects;
}
Also used : PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest) PEMEncryptedKeyPair(org.bouncycastle.openssl.PEMEncryptedKeyPair) PEMParser(org.bouncycastle.openssl.PEMParser) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) X509CRLHolder(org.bouncycastle.cert.X509CRLHolder) PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair) CertObjectStore(de.carne.certmgr.certs.CertObjectStore) IOException(java.io.IOException) Nullable(de.carne.check.Nullable)

Example 3 with Nullable

use of de.carne.check.Nullable in project certmgr by hdecarne.

the class PKCS12CertReaderWriter method readBinary.

@Override
@Nullable
public CertObjectStore readBinary(IOResource<InputStream> in, PasswordCallback password) throws IOException {
    LOG.debug("Trying to read PKCS#12 objects from: ''{0}''...", in);
    CertObjectStore certObjects = null;
    PKCS12PfxPdu pkcs12 = readPKCS12(in);
    if (pkcs12 != null) {
        certObjects = new CertObjectStore();
        for (ContentInfo contentInfo : pkcs12.getContentInfos()) {
            ASN1ObjectIdentifier contentType = contentInfo.getContentType();
            PKCS12SafeBagFactory safeBagFactory;
            if (contentType.equals(PKCSObjectIdentifiers.encryptedData)) {
                safeBagFactory = getSafeBagFactory(contentInfo, in.resource(), password);
            } else {
                safeBagFactory = getSafeBagFactory(contentInfo);
            }
            for (PKCS12SafeBag safeBag : safeBagFactory.getSafeBags()) {
                Object safeBagValue = safeBag.getBagValue();
                if (safeBagValue instanceof X509CertificateHolder) {
                    certObjects.addCRT(convertCRT((X509CertificateHolder) safeBagValue));
                } else if (safeBagValue instanceof PKCS8EncryptedPrivateKeyInfo) {
                    PrivateKey privateKey = convertPrivateKey((PKCS8EncryptedPrivateKeyInfo) safeBagValue, in.resource(), password);
                    try {
                        certObjects.addKey(KeyHelper.rebuildKeyPair(privateKey));
                    } catch (IOException e) {
                        LOG.warning(e, "Unable to rebuild key pair for private key of type ''{1}''", privateKey.getClass().getName());
                    }
                } else if (safeBagValue instanceof PrivateKeyInfo) {
                    PrivateKey privateKey = convertPrivateKey((PrivateKeyInfo) safeBagValue);
                    try {
                        certObjects.addKey(KeyHelper.rebuildKeyPair(privateKey));
                    } catch (IOException e) {
                        LOG.warning(e, "Unable to rebuild key pair for private key of type ''{1}''", privateKey.getClass().getName());
                    }
                } else {
                    LOG.warning(CertIOI18N.STR_PKCS12_UNKNOWN_OBJECT, safeBagValue.getClass().getName());
                }
            }
        }
    }
    return certObjects;
}
Also used : PrivateKey(java.security.PrivateKey) PKCS12SafeBagFactory(org.bouncycastle.pkcs.PKCS12SafeBagFactory) ContentInfo(org.bouncycastle.asn1.pkcs.ContentInfo) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) CertObjectStore(de.carne.certmgr.certs.CertObjectStore) PKCS8EncryptedPrivateKeyInfo(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo) IOException(java.io.IOException) PKCS12SafeBag(org.bouncycastle.pkcs.PKCS12SafeBag) PKCS12PfxPdu(org.bouncycastle.pkcs.PKCS12PfxPdu) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo) PKCS8EncryptedPrivateKeyInfo(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo) Nullable(de.carne.check.Nullable)

Example 4 with Nullable

use of de.carne.check.Nullable in project certmgr by hdecarne.

the class UserCertStore method matchX509Certificate.

@Nullable
private Entry matchX509Certificate(X509Certificate crt) throws IOException {
    X500Principal crtDN = crt.getSubjectX500Principal();
    PublicKey crtPublicKey = crt.getPublicKey();
    Entry matchingEntry = null;
    for (Entry entry : this.storeEntries.values()) {
        if (crtDN.equals(entry.dn())) {
            if (entry.hasPublicKey() && Arrays.equals(crtPublicKey.getEncoded(), entry.getPublicKey().getEncoded())) {
                matchingEntry = entry;
                break;
            }
            if (entry.hasCRL() && X509CRLHelper.isCRLSignedBy(entry.getCRL(), crtPublicKey)) {
                matchingEntry = entry;
                break;
            }
        }
    }
    return matchingEntry;
}
Also used : PublicKey(java.security.PublicKey) X500Principal(javax.security.auth.x500.X500Principal) Nullable(de.carne.check.Nullable)

Example 5 with Nullable

use of de.carne.check.Nullable in project certmgr by hdecarne.

the class UserCertStore method matchX509CRL.

@Nullable
private Entry matchX509CRL(X509CRL crl) throws IOException {
    X500Principal crlDN = crl.getIssuerX500Principal();
    Entry matchingEntry = null;
    for (Entry entry : this.storeEntries.values()) {
        if (crlDN.equals(entry.dn())) {
            if (entry.hasPublicKey() && X509CRLHelper.isCRLSignedBy(crl, entry.getPublicKey())) {
                matchingEntry = entry;
                break;
            }
            try {
                if (entry.hasCRL() && Arrays.equals(entry.getCRL().getEncoded(), crl.getEncoded())) {
                    matchingEntry = entry;
                    break;
                }
            } catch (CRLException e) {
                throw new CertProviderException(e);
            }
        }
    }
    return matchingEntry;
}
Also used : X500Principal(javax.security.auth.x500.X500Principal) CRLException(java.security.cert.CRLException) Nullable(de.carne.check.Nullable)

Aggregations

Nullable (de.carne.check.Nullable)24 IOException (java.io.IOException)9 CertObjectStore (de.carne.certmgr.certs.CertObjectStore)7 PrivateKey (java.security.PrivateKey)4 CertProviderException (de.carne.certmgr.certs.CertProviderException)3 InputStream (java.io.InputStream)3 Path (java.nio.file.Path)3 PublicKey (java.security.PublicKey)3 BackingStoreException (java.util.prefs.BackingStoreException)3 X500Principal (javax.security.auth.x500.X500Principal)3 PasswordRequiredException (de.carne.certmgr.certs.PasswordRequiredException)2 CertReader (de.carne.certmgr.certs.spi.CertReader)2 DefaultSet (de.carne.jfx.util.DefaultSet)2 GeneralSecurityException (java.security.GeneralSecurityException)2 Key (java.security.Key)2 KeyPair (java.security.KeyPair)2 Provider (java.security.Provider)2 Service (java.security.Provider.Service)2 X509Certificate (java.security.cert.X509Certificate)2 ArrayDeque (java.util.ArrayDeque)2