use of de.carne.check.Nullable in project certmgr by hdecarne.
the class DERCertReaderWriter method readBinary.
@Override
@Nullable
public CertObjectStore readBinary(IOResource<InputStream> in, PasswordCallback password) throws IOException {
LOG.debug("Trying to read DER objects from: ''{0}''...", in);
CertObjectStore certObjects = null;
try (ASN1InputStream derStream = new ASN1InputStream(in.io())) {
ASN1Primitive derObject;
while ((derObject = derStream.readObject()) != null) {
X509Certificate crt = tryDecodeCRT(derObject);
if (crt != null) {
if (certObjects == null) {
certObjects = new CertObjectStore();
}
certObjects.addCRT(crt);
continue;
}
KeyPair key = tryDecodeKey(derObject, in.resource(), password);
if (key != null) {
if (certObjects == null) {
certObjects = new CertObjectStore();
}
certObjects.addKey(key);
continue;
}
PKCS10CertificateRequest csr = tryDecodeCSR(derObject);
if (csr != null) {
if (certObjects == null) {
certObjects = new CertObjectStore();
}
certObjects.addCSR(csr);
continue;
}
X509CRL crl = tryDecodeCRL(derObject);
if (crl != null) {
if (certObjects == null) {
certObjects = new CertObjectStore();
}
certObjects.addCRL(crl);
continue;
}
LOG.warning(CertIOI18N.STR_DER_UNKNOWN_OBJECT, derObject.getClass().getName());
}
} catch (ClassCastException e) {
// the file is not a DER stream
throw new CertProviderException(e);
}
return certObjects;
}
use of de.carne.check.Nullable in project certmgr by hdecarne.
the class JKSCertReaderWriter method getAliasKey.
@Nullable
private static Key getAliasKey(KeyStore keyStore, String alias, PasswordCallback password) throws GeneralSecurityException {
Key key = null;
Throwable passwordException = null;
do {
char[] passwordChars = (passwordException != null ? password.requeryPassword(alias, passwordException) : password.queryPassword(alias));
if (passwordChars == null) {
break;
}
try {
key = keyStore.getKey(alias, passwordChars);
} catch (UnrecoverableKeyException e) {
passwordException = e;
}
} while (key == null && passwordException != null);
return key;
}
use of de.carne.check.Nullable in project certmgr by hdecarne.
the class JKSCertReaderWriter method readKeyStore.
@Nullable
private static CertObjectStore readKeyStore(String keyStoreType, @Nullable InputStream inputStream, String resource, PasswordCallback password) throws IOException {
KeyStore keyStore = null;
try {
keyStore = loadKeyStore(keyStoreType, inputStream, resource, password);
} catch (GeneralSecurityException e) {
throw new CertProviderException(e);
} catch (PasswordRequiredException e) {
throw e;
} catch (IOException e) {
LOG.info(e, "No KeyStore objects recognized in: ''{0}''", resource);
}
CertObjectStore certObjects = null;
if (keyStore != null) {
try {
certObjects = new CertObjectStore();
Enumeration<String> aliases = keyStore.aliases();
while (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
Certificate aliasCertificate = keyStore.getCertificate(alias);
if (aliasCertificate != null) {
if (aliasCertificate instanceof X509Certificate) {
certObjects.addCRT((X509Certificate) aliasCertificate);
} else {
LOG.warning("Ignoring certificate of key store entry ''{0}'' due to unsupported type ''{1}''", alias, aliasCertificate.getClass().getName());
}
}
Key aliasKey = getAliasKey(keyStore, alias, password);
if (aliasKey != null) {
if (aliasKey instanceof PrivateKey) {
try {
certObjects.addKey(KeyHelper.rebuildKeyPair((PrivateKey) aliasKey));
} catch (IOException e) {
LOG.warning(e, "Unable to rebuild key pair for private key ''{0}'' of type ''{1}''", alias, aliasKey.getClass().getName());
}
} else {
LOG.warning("Ignoring key of key store entry ''{0}'' due to unsupported type ''{1}''", alias, aliasKey.getClass().getName());
}
}
Certificate[] aliasChain = keyStore.getCertificateChain(alias);
if (aliasChain != null) {
for (Certificate aliasChainEntry : aliasChain) {
if (aliasChainEntry instanceof X509Certificate) {
certObjects.addCRT((X509Certificate) aliasChainEntry);
} else {
LOG.warning("Ignoring chain certificate of key store entry ''{0}'' due to unsupported type ''{1}''", alias, aliasChainEntry.getClass().getName());
}
}
}
}
} catch (GeneralSecurityException e) {
throw new CertProviderException(e);
}
}
return certObjects;
}
use of de.carne.check.Nullable in project certmgr by hdecarne.
the class UserCertStore method matchKey.
@Nullable
private Entry matchKey(KeyPair key) throws IOException {
PublicKey publicKey = key.getPublic();
Entry matchingEntry = null;
for (Entry entry : this.storeEntries.values()) {
if (entry.hasPublicKey() && Arrays.equals(publicKey.getEncoded(), entry.getPublicKey().getEncoded())) {
matchingEntry = entry;
break;
}
if (entry.hasCRL() && X509CRLHelper.isCRLSignedBy(entry.getCRL(), publicKey)) {
matchingEntry = entry;
break;
}
}
return matchingEntry;
}
use of de.carne.check.Nullable in project certmgr by hdecarne.
the class CertReaders method readURL.
/**
* Read all available certificate objects from an {@link URL}.
* <p>
* All registered {@link CertReader}s are considered for reading certificate object until one recognizes the file
* data.
*
* @param url The URL to read from.
* @param password The callback to use for querying passwords (if needed).
* @return The read certificate objects, or {@code null} if no certificate data was recognized.
* @throws IOException if an I/O error occurs during reading/decoding.
*/
@Nullable
public static CertObjectStore readURL(URL url, PasswordCallback password) throws IOException {
Deque<CertReader> certReaders = new ArrayDeque<>();
Path file;
try {
String urlPath = url.getPath();
int fileNameIndex = urlPath.lastIndexOf('/');
String fileName = (fileNameIndex >= 0 ? urlPath.substring(fileNameIndex + 1) : urlPath);
file = Paths.get(fileName);
} catch (InvalidPathException e) {
throw new IOException(e.getLocalizedMessage(), e);
}
for (CertReader reader : REGISTERED.providers()) {
if (matchFileName(reader, file)) {
certReaders.addFirst(reader);
} else {
certReaders.addLast(reader);
}
}
CertObjectStore certObjects = null;
for (CertReader reader : certReaders) {
try (IOResource<InputStream> in = new IOResource<>(url.openStream(), file.toString())) {
certObjects = reader.readBinary(in, password);
} catch (IOException e) {
Exceptions.ignore(e);
}
if (certObjects != null) {
break;
}
}
return certObjects;
}
Aggregations