Search in sources :

Example 16 with Nullable

use of de.carne.check.Nullable in project certmgr by hdecarne.

the class DERCertReaderWriter method readBinary.

@Override
@Nullable
public CertObjectStore readBinary(IOResource<InputStream> in, PasswordCallback password) throws IOException {
    LOG.debug("Trying to read DER objects from: ''{0}''...", in);
    CertObjectStore certObjects = null;
    try (ASN1InputStream derStream = new ASN1InputStream(in.io())) {
        ASN1Primitive derObject;
        while ((derObject = derStream.readObject()) != null) {
            X509Certificate crt = tryDecodeCRT(derObject);
            if (crt != null) {
                if (certObjects == null) {
                    certObjects = new CertObjectStore();
                }
                certObjects.addCRT(crt);
                continue;
            }
            KeyPair key = tryDecodeKey(derObject, in.resource(), password);
            if (key != null) {
                if (certObjects == null) {
                    certObjects = new CertObjectStore();
                }
                certObjects.addKey(key);
                continue;
            }
            PKCS10CertificateRequest csr = tryDecodeCSR(derObject);
            if (csr != null) {
                if (certObjects == null) {
                    certObjects = new CertObjectStore();
                }
                certObjects.addCSR(csr);
                continue;
            }
            X509CRL crl = tryDecodeCRL(derObject);
            if (crl != null) {
                if (certObjects == null) {
                    certObjects = new CertObjectStore();
                }
                certObjects.addCRL(crl);
                continue;
            }
            LOG.warning(CertIOI18N.STR_DER_UNKNOWN_OBJECT, derObject.getClass().getName());
        }
    } catch (ClassCastException e) {
        // the file is not a DER stream
        throw new CertProviderException(e);
    }
    return certObjects;
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) KeyPair(java.security.KeyPair) X509CRL(java.security.cert.X509CRL) PKCS10CertificateRequest(de.carne.certmgr.certs.x509.PKCS10CertificateRequest) CertObjectStore(de.carne.certmgr.certs.CertObjectStore) ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive) CertProviderException(de.carne.certmgr.certs.CertProviderException) X509Certificate(java.security.cert.X509Certificate) Nullable(de.carne.check.Nullable)

Example 17 with Nullable

use of de.carne.check.Nullable in project certmgr by hdecarne.

the class JKSCertReaderWriter method getAliasKey.

@Nullable
private static Key getAliasKey(KeyStore keyStore, String alias, PasswordCallback password) throws GeneralSecurityException {
    Key key = null;
    Throwable passwordException = null;
    do {
        char[] passwordChars = (passwordException != null ? password.requeryPassword(alias, passwordException) : password.queryPassword(alias));
        if (passwordChars == null) {
            break;
        }
        try {
            key = keyStore.getKey(alias, passwordChars);
        } catch (UnrecoverableKeyException e) {
            passwordException = e;
        }
    } while (key == null && passwordException != null);
    return key;
}
Also used : UnrecoverableKeyException(java.security.UnrecoverableKeyException) Key(java.security.Key) PrivateKey(java.security.PrivateKey) Nullable(de.carne.check.Nullable)

Example 18 with Nullable

use of de.carne.check.Nullable in project certmgr by hdecarne.

the class JKSCertReaderWriter method readKeyStore.

@Nullable
private static CertObjectStore readKeyStore(String keyStoreType, @Nullable InputStream inputStream, String resource, PasswordCallback password) throws IOException {
    KeyStore keyStore = null;
    try {
        keyStore = loadKeyStore(keyStoreType, inputStream, resource, password);
    } catch (GeneralSecurityException e) {
        throw new CertProviderException(e);
    } catch (PasswordRequiredException e) {
        throw e;
    } catch (IOException e) {
        LOG.info(e, "No KeyStore objects recognized in: ''{0}''", resource);
    }
    CertObjectStore certObjects = null;
    if (keyStore != null) {
        try {
            certObjects = new CertObjectStore();
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String alias = aliases.nextElement();
                Certificate aliasCertificate = keyStore.getCertificate(alias);
                if (aliasCertificate != null) {
                    if (aliasCertificate instanceof X509Certificate) {
                        certObjects.addCRT((X509Certificate) aliasCertificate);
                    } else {
                        LOG.warning("Ignoring certificate of key store entry ''{0}'' due to unsupported type ''{1}''", alias, aliasCertificate.getClass().getName());
                    }
                }
                Key aliasKey = getAliasKey(keyStore, alias, password);
                if (aliasKey != null) {
                    if (aliasKey instanceof PrivateKey) {
                        try {
                            certObjects.addKey(KeyHelper.rebuildKeyPair((PrivateKey) aliasKey));
                        } catch (IOException e) {
                            LOG.warning(e, "Unable to rebuild key pair for private key ''{0}'' of type ''{1}''", alias, aliasKey.getClass().getName());
                        }
                    } else {
                        LOG.warning("Ignoring key of key store entry ''{0}'' due to unsupported type ''{1}''", alias, aliasKey.getClass().getName());
                    }
                }
                Certificate[] aliasChain = keyStore.getCertificateChain(alias);
                if (aliasChain != null) {
                    for (Certificate aliasChainEntry : aliasChain) {
                        if (aliasChainEntry instanceof X509Certificate) {
                            certObjects.addCRT((X509Certificate) aliasChainEntry);
                        } else {
                            LOG.warning("Ignoring chain certificate of key store entry ''{0}'' due to unsupported type ''{1}''", alias, aliasChainEntry.getClass().getName());
                        }
                    }
                }
            }
        } catch (GeneralSecurityException e) {
            throw new CertProviderException(e);
        }
    }
    return certObjects;
}
Also used : PrivateKey(java.security.PrivateKey) GeneralSecurityException(java.security.GeneralSecurityException) PasswordRequiredException(de.carne.certmgr.certs.PasswordRequiredException) IOException(java.io.IOException) KeyStore(java.security.KeyStore) PlatformKeyStore(de.carne.certmgr.certs.security.PlatformKeyStore) CertProviderException(de.carne.certmgr.certs.CertProviderException) X509Certificate(java.security.cert.X509Certificate) CertObjectStore(de.carne.certmgr.certs.CertObjectStore) Key(java.security.Key) PrivateKey(java.security.PrivateKey) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate) Nullable(de.carne.check.Nullable)

Example 19 with Nullable

use of de.carne.check.Nullable in project certmgr by hdecarne.

the class UserCertStore method matchKey.

@Nullable
private Entry matchKey(KeyPair key) throws IOException {
    PublicKey publicKey = key.getPublic();
    Entry matchingEntry = null;
    for (Entry entry : this.storeEntries.values()) {
        if (entry.hasPublicKey() && Arrays.equals(publicKey.getEncoded(), entry.getPublicKey().getEncoded())) {
            matchingEntry = entry;
            break;
        }
        if (entry.hasCRL() && X509CRLHelper.isCRLSignedBy(entry.getCRL(), publicKey)) {
            matchingEntry = entry;
            break;
        }
    }
    return matchingEntry;
}
Also used : PublicKey(java.security.PublicKey) Nullable(de.carne.check.Nullable)

Example 20 with Nullable

use of de.carne.check.Nullable in project certmgr by hdecarne.

the class CertReaders method readURL.

/**
 * Read all available certificate objects from an {@link URL}.
 * <p>
 * All registered {@link CertReader}s are considered for reading certificate object until one recognizes the file
 * data.
 *
 * @param url The URL to read from.
 * @param password The callback to use for querying passwords (if needed).
 * @return The read certificate objects, or {@code null} if no certificate data was recognized.
 * @throws IOException if an I/O error occurs during reading/decoding.
 */
@Nullable
public static CertObjectStore readURL(URL url, PasswordCallback password) throws IOException {
    Deque<CertReader> certReaders = new ArrayDeque<>();
    Path file;
    try {
        String urlPath = url.getPath();
        int fileNameIndex = urlPath.lastIndexOf('/');
        String fileName = (fileNameIndex >= 0 ? urlPath.substring(fileNameIndex + 1) : urlPath);
        file = Paths.get(fileName);
    } catch (InvalidPathException e) {
        throw new IOException(e.getLocalizedMessage(), e);
    }
    for (CertReader reader : REGISTERED.providers()) {
        if (matchFileName(reader, file)) {
            certReaders.addFirst(reader);
        } else {
            certReaders.addLast(reader);
        }
    }
    CertObjectStore certObjects = null;
    for (CertReader reader : certReaders) {
        try (IOResource<InputStream> in = new IOResource<>(url.openStream(), file.toString())) {
            certObjects = reader.readBinary(in, password);
        } catch (IOException e) {
            Exceptions.ignore(e);
        }
        if (certObjects != null) {
            break;
        }
    }
    return certObjects;
}
Also used : Path(java.nio.file.Path) InputStream(java.io.InputStream) IOException(java.io.IOException) CertObjectStore(de.carne.certmgr.certs.CertObjectStore) CertReader(de.carne.certmgr.certs.spi.CertReader) ArrayDeque(java.util.ArrayDeque) InvalidPathException(java.nio.file.InvalidPathException) Nullable(de.carne.check.Nullable)

Aggregations

Nullable (de.carne.check.Nullable)24 IOException (java.io.IOException)9 CertObjectStore (de.carne.certmgr.certs.CertObjectStore)7 PrivateKey (java.security.PrivateKey)4 CertProviderException (de.carne.certmgr.certs.CertProviderException)3 InputStream (java.io.InputStream)3 Path (java.nio.file.Path)3 PublicKey (java.security.PublicKey)3 BackingStoreException (java.util.prefs.BackingStoreException)3 X500Principal (javax.security.auth.x500.X500Principal)3 PasswordRequiredException (de.carne.certmgr.certs.PasswordRequiredException)2 CertReader (de.carne.certmgr.certs.spi.CertReader)2 DefaultSet (de.carne.jfx.util.DefaultSet)2 GeneralSecurityException (java.security.GeneralSecurityException)2 Key (java.security.Key)2 KeyPair (java.security.KeyPair)2 Provider (java.security.Provider)2 Service (java.security.Provider.Service)2 X509Certificate (java.security.cert.X509Certificate)2 ArrayDeque (java.util.ArrayDeque)2