Examples with X509CertParser org.bouncycastle.jce.provider.X509CertParser used on opensource projects

Search in sources :

Example 1 with X509CertParser

use of org.bouncycastle.jce.provider.X509CertParser in project cas by apereo.

the class WsFederationHelper method getEncryptionCredential.

private static Credential getEncryptionCredential(final WsFederationConfiguration config) {
    try {
        // This will need to contain the private keypair in PEM format
        LOGGER.debug("Locating encryption credential private key [{}]", config.getEncryptionPrivateKey());
        final BufferedReader br = new BufferedReader(new InputStreamReader(config.getEncryptionPrivateKey().getInputStream(), StandardCharsets.UTF_8));
        Security.addProvider(new BouncyCastleProvider());
        LOGGER.debug("Parsing credential private key");
        final PEMParser pemParser = new PEMParser(br);
        final Object privateKeyPemObject = pemParser.readObject();
        final JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider(new BouncyCastleProvider());
        final KeyPair kp;
        if (privateKeyPemObject instanceof PEMEncryptedKeyPair) {
            LOGGER.debug("Encryption private key is an encrypted keypair");
            final PEMEncryptedKeyPair ckp = (PEMEncryptedKeyPair) privateKeyPemObject;
            final PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(config.getEncryptionPrivateKeyPassword().toCharArray());
            LOGGER.debug("Attempting to decrypt the encrypted keypair based on the provided encryption private key password");
            kp = converter.getKeyPair(ckp.decryptKeyPair(decProv));
        } else {
            LOGGER.debug("Extracting a keypair from the private key");
            kp = converter.getKeyPair((PEMKeyPair) privateKeyPemObject);
        }
        final X509CertParser certParser = new X509CertParser();
        // This is the certificate shared with ADFS in DER format, i.e certificate.crt
        LOGGER.debug("Locating encryption certificate [{}]", config.getEncryptionCertificate());
        certParser.engineInit(config.getEncryptionCertificate().getInputStream());
        LOGGER.debug("Invoking certificate engine to parse the certificate [{}]", config.getEncryptionCertificate());
        final X509CertificateObject cert = (X509CertificateObject) certParser.engineRead();
        LOGGER.debug("Creating final credential based on the certificate [{}] and the private key", cert.getIssuerDN());
        return new BasicX509Credential(cert, kp.getPrivate());
    } catch (final Exception e) {
        throw Throwables.propagate(e);
    }
}
Also used : KeyPair(java.security.KeyPair) PEMEncryptedKeyPair(org.bouncycastle.openssl.PEMEncryptedKeyPair) PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair) InputStreamReader(java.io.InputStreamReader) PEMDecryptorProvider(org.bouncycastle.openssl.PEMDecryptorProvider) JcaPEMKeyConverter(org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter) JcePEMDecryptorProviderBuilder(org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder) SignatureException(org.opensaml.xmlsec.signature.support.SignatureException) SecurityException(org.opensaml.security.SecurityException) X509CertParser(org.bouncycastle.jce.provider.X509CertParser) PEMEncryptedKeyPair(org.bouncycastle.openssl.PEMEncryptedKeyPair) PEMParser(org.bouncycastle.openssl.PEMParser) X509CertificateObject(org.bouncycastle.jce.provider.X509CertificateObject) BasicX509Credential(org.opensaml.security.x509.BasicX509Credential) BufferedReader(java.io.BufferedReader) XMLObject(org.opensaml.core.xml.XMLObject) X509CertificateObject(org.bouncycastle.jce.provider.X509CertificateObject) PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)

Aggregations

BufferedReader (java.io.BufferedReader)1 InputStreamReader (java.io.InputStreamReader)1 KeyPair (java.security.KeyPair)1 BouncyCastleProvider (org.bouncycastle.jce.provider.BouncyCastleProvider)1 X509CertParser (org.bouncycastle.jce.provider.X509CertParser)1 X509CertificateObject (org.bouncycastle.jce.provider.X509CertificateObject)1 PEMDecryptorProvider (org.bouncycastle.openssl.PEMDecryptorProvider)1 PEMEncryptedKeyPair (org.bouncycastle.openssl.PEMEncryptedKeyPair)1 PEMKeyPair (org.bouncycastle.openssl.PEMKeyPair)1 PEMParser (org.bouncycastle.openssl.PEMParser)1 JcaPEMKeyConverter (org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter)1 JcePEMDecryptorProviderBuilder (org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder)1 XMLObject (org.opensaml.core.xml.XMLObject)1 SecurityException (org.opensaml.security.SecurityException)1 BasicX509Credential (org.opensaml.security.x509.BasicX509Credential)1 SignatureException (org.opensaml.xmlsec.signature.support.SignatureException)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial