use of de.carne.check.Nullable in project certmgr by hdecarne.
the class DERCertReaderWriter method tryDecodeKey.
@Nullable
private static KeyPair tryDecodeKey(ASN1Primitive asn1Object, String resource, PasswordCallback password) throws IOException {
PKCS8EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = null;
try {
encryptedPrivateKeyInfo = new PKCS8EncryptedPrivateKeyInfo(EncryptedPrivateKeyInfo.getInstance(asn1Object));
} catch (Exception e) {
Exceptions.ignore(e);
}
PrivateKeyInfo privateKeyInfo = null;
if (encryptedPrivateKeyInfo != null) {
Throwable passwordException = null;
while (privateKeyInfo == null) {
char[] passwordChars = password.queryPassword(resource);
if (passwordChars == null) {
throw new PasswordRequiredException(resource, passwordException);
}
InputDecryptorProvider inputDecryptorProvider = INPUT_DECRYPTOR_BUILDER.build(passwordChars);
try {
privateKeyInfo = encryptedPrivateKeyInfo.decryptPrivateKeyInfo(inputDecryptorProvider);
} catch (PKCSException e) {
passwordException = e;
}
}
}
try {
privateKeyInfo = PrivateKeyInfo.getInstance(asn1Object);
} catch (Exception e) {
Exceptions.ignore(e);
}
KeyPair key = null;
if (privateKeyInfo != null) {
PrivateKey privateKey;
try {
String algorithmId = privateKeyInfo.getPrivateKeyAlgorithm().getAlgorithm().getId();
KeyFactory keyFactory = JCA_JCE_HELPER.createKeyFactory(algorithmId);
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(privateKeyInfo.getEncoded());
privateKey = keyFactory.generatePrivate(keySpec);
} catch (GeneralSecurityException e) {
throw new CertProviderException(e);
}
key = KeyHelper.rebuildKeyPair(privateKey);
}
return key;
}
use of de.carne.check.Nullable in project certmgr by hdecarne.
the class PEMCertReaderWriter method readObjectsString.
/**
* Read all available certificate objects from a PEM encoded {@link Reader} resource.
*
* @param in The reader resource to read from.
* @param password The callback to use for querying passwords (if needed).
* @return The read certificate objects, or {@code null} if the input is not recognized.
* @throws IOException if an I/O error occurs while reading.
*/
@Nullable
public static CertObjectStore readObjectsString(IOResource<Reader> in, PasswordCallback password) throws IOException {
LOG.debug("Trying to read PEM objects from: ''{0}''...", in);
CertObjectStore certObjects = null;
try (PEMParser parser = new PEMParser(in.io())) {
Object pemObject;
try {
pemObject = parser.readObject();
} catch (IOException e) {
LOG.info(e, "No PEM objects recognized in: ''{0}''", in);
pemObject = null;
}
while (pemObject != null) {
if (certObjects == null) {
certObjects = new CertObjectStore();
}
LOG.info("Decoding PEM object of type {0}", pemObject.getClass().getName());
if (pemObject instanceof X509CertificateHolder) {
certObjects.addCRT(convertCRT((X509CertificateHolder) pemObject));
} else if (pemObject instanceof PEMKeyPair) {
certObjects.addKey(convertKey((PEMKeyPair) pemObject));
} else if (pemObject instanceof PEMEncryptedKeyPair) {
certObjects.addKey(convertKey((PEMEncryptedKeyPair) pemObject, in.resource(), password));
} else if (pemObject instanceof PKCS10CertificationRequest) {
certObjects.addCSR(convertCSR((PKCS10CertificationRequest) pemObject));
} else if (pemObject instanceof X509CRLHolder) {
certObjects.addCRL(convertCRL((X509CRLHolder) pemObject));
} else {
LOG.warning("Ignoring unrecognized PEM object of type {0}", pemObject.getClass().getName());
}
pemObject = parser.readObject();
}
}
return certObjects;
}
use of de.carne.check.Nullable in project certmgr by hdecarne.
the class PKCS12CertReaderWriter method readBinary.
@Override
@Nullable
public CertObjectStore readBinary(IOResource<InputStream> in, PasswordCallback password) throws IOException {
LOG.debug("Trying to read PKCS#12 objects from: ''{0}''...", in);
CertObjectStore certObjects = null;
PKCS12PfxPdu pkcs12 = readPKCS12(in);
if (pkcs12 != null) {
certObjects = new CertObjectStore();
for (ContentInfo contentInfo : pkcs12.getContentInfos()) {
ASN1ObjectIdentifier contentType = contentInfo.getContentType();
PKCS12SafeBagFactory safeBagFactory;
if (contentType.equals(PKCSObjectIdentifiers.encryptedData)) {
safeBagFactory = getSafeBagFactory(contentInfo, in.resource(), password);
} else {
safeBagFactory = getSafeBagFactory(contentInfo);
}
for (PKCS12SafeBag safeBag : safeBagFactory.getSafeBags()) {
Object safeBagValue = safeBag.getBagValue();
if (safeBagValue instanceof X509CertificateHolder) {
certObjects.addCRT(convertCRT((X509CertificateHolder) safeBagValue));
} else if (safeBagValue instanceof PKCS8EncryptedPrivateKeyInfo) {
PrivateKey privateKey = convertPrivateKey((PKCS8EncryptedPrivateKeyInfo) safeBagValue, in.resource(), password);
try {
certObjects.addKey(KeyHelper.rebuildKeyPair(privateKey));
} catch (IOException e) {
LOG.warning(e, "Unable to rebuild key pair for private key of type ''{1}''", privateKey.getClass().getName());
}
} else if (safeBagValue instanceof PrivateKeyInfo) {
PrivateKey privateKey = convertPrivateKey((PrivateKeyInfo) safeBagValue);
try {
certObjects.addKey(KeyHelper.rebuildKeyPair(privateKey));
} catch (IOException e) {
LOG.warning(e, "Unable to rebuild key pair for private key of type ''{1}''", privateKey.getClass().getName());
}
} else {
LOG.warning(CertIOI18N.STR_PKCS12_UNKNOWN_OBJECT, safeBagValue.getClass().getName());
}
}
}
}
return certObjects;
}
use of de.carne.check.Nullable in project certmgr by hdecarne.
the class UserCertStore method matchX509Certificate.
@Nullable
private Entry matchX509Certificate(X509Certificate crt) throws IOException {
X500Principal crtDN = crt.getSubjectX500Principal();
PublicKey crtPublicKey = crt.getPublicKey();
Entry matchingEntry = null;
for (Entry entry : this.storeEntries.values()) {
if (crtDN.equals(entry.dn())) {
if (entry.hasPublicKey() && Arrays.equals(crtPublicKey.getEncoded(), entry.getPublicKey().getEncoded())) {
matchingEntry = entry;
break;
}
if (entry.hasCRL() && X509CRLHelper.isCRLSignedBy(entry.getCRL(), crtPublicKey)) {
matchingEntry = entry;
break;
}
}
}
return matchingEntry;
}
use of de.carne.check.Nullable in project certmgr by hdecarne.
the class UserCertStore method matchX509CRL.
@Nullable
private Entry matchX509CRL(X509CRL crl) throws IOException {
X500Principal crlDN = crl.getIssuerX500Principal();
Entry matchingEntry = null;
for (Entry entry : this.storeEntries.values()) {
if (crlDN.equals(entry.dn())) {
if (entry.hasPublicKey() && X509CRLHelper.isCRLSignedBy(crl, entry.getPublicKey())) {
matchingEntry = entry;
break;
}
try {
if (entry.hasCRL() && Arrays.equals(entry.getCRL().getEncoded(), crl.getEncoded())) {
matchingEntry = entry;
break;
}
} catch (CRLException e) {
throw new CertProviderException(e);
}
}
}
return matchingEntry;
}
Aggregations