Examples with JcaMiscPEMGenerator org.bouncycastle.openssl.jcajce.JcaMiscPEMGenerator used on opensource projects

Search in sources :

Example 11 with JcaMiscPEMGenerator

use of org.bouncycastle.openssl.jcajce.JcaMiscPEMGenerator in project nifi by apache.

the class TlsToolkitStandalone method createNifiKeystoresAndTrustStores.

public void createNifiKeystoresAndTrustStores(StandaloneConfig standaloneConfig) throws GeneralSecurityException, IOException {
    File baseDir = standaloneConfig.getBaseDir();
    if (!baseDir.exists() && !baseDir.mkdirs()) {
        throw new IOException(baseDir + " doesn't exist and unable to create it.");
    }
    if (!baseDir.isDirectory()) {
        throw new IOException("Expected directory to output to");
    }
    String signingAlgorithm = standaloneConfig.getSigningAlgorithm();
    int days = standaloneConfig.getDays();
    String keyPairAlgorithm = standaloneConfig.getKeyPairAlgorithm();
    int keySize = standaloneConfig.getKeySize();
    File nifiCert = new File(baseDir, NIFI_CERT + ".pem");
    File nifiKey = new File(baseDir, NIFI_KEY + ".key");
    X509Certificate certificate;
    KeyPair caKeyPair;
    if (logger.isInfoEnabled()) {
        logger.info("Running standalone certificate generation with output directory " + baseDir);
    }
    if (nifiCert.exists()) {
        if (!nifiKey.exists()) {
            throw new IOException(nifiCert + " exists already, but " + nifiKey + " does not, we need both certificate and key to continue with an existing CA.");
        }
        try (FileReader pemEncodedCertificate = new FileReader(nifiCert)) {
            certificate = TlsHelper.parseCertificate(pemEncodedCertificate);
        }
        try (FileReader pemEncodedKeyPair = new FileReader(nifiKey)) {
            caKeyPair = TlsHelper.parseKeyPair(pemEncodedKeyPair);
        }
        certificate.verify(caKeyPair.getPublic());
        if (!caKeyPair.getPublic().equals(certificate.getPublicKey())) {
            throw new IOException("Expected " + nifiKey + " to correspond to CA certificate at " + nifiCert);
        }
        if (logger.isInfoEnabled()) {
            logger.info("Using existing CA certificate " + nifiCert + " and key " + nifiKey);
        }
    } else if (nifiKey.exists()) {
        throw new IOException(nifiKey + " exists already, but " + nifiCert + " does not, we need both certificate and key to continue with an existing CA.");
    } else {
        TlsCertificateAuthorityManager tlsCertificateAuthorityManager = new TlsCertificateAuthorityManager(standaloneConfig);
        KeyStore.PrivateKeyEntry privateKeyEntry = tlsCertificateAuthorityManager.getOrGenerateCertificateAuthority();
        certificate = (X509Certificate) privateKeyEntry.getCertificateChain()[0];
        caKeyPair = new KeyPair(certificate.getPublicKey(), privateKeyEntry.getPrivateKey());
        try (PemWriter pemWriter = new PemWriter(new OutputStreamWriter(outputStreamFactory.create(nifiCert)))) {
            pemWriter.writeObject(new JcaMiscPEMGenerator(certificate));
        }
        try (PemWriter pemWriter = new PemWriter(new OutputStreamWriter(outputStreamFactory.create(nifiKey)))) {
            pemWriter.writeObject(new JcaMiscPEMGenerator(caKeyPair));
        }
        if (logger.isInfoEnabled()) {
            logger.info("Generated new CA certificate " + nifiCert + " and key " + nifiKey);
        }
    }
    NiFiPropertiesWriterFactory niFiPropertiesWriterFactory = standaloneConfig.getNiFiPropertiesWriterFactory();
    boolean overwrite = standaloneConfig.isOverwrite();
    List<InstanceDefinition> instanceDefinitions = standaloneConfig.getInstanceDefinitions();
    if (instanceDefinitions.isEmpty() && logger.isInfoEnabled()) {
        logger.info("No " + TlsToolkitStandaloneCommandLine.HOSTNAMES_ARG + " specified, not generating any host certificates or configuration.");
    }
    for (InstanceDefinition instanceDefinition : instanceDefinitions) {
        String hostname = instanceDefinition.getHostname();
        File hostDir;
        int hostIdentifierNumber = instanceDefinition.getInstanceIdentifier().getNumber();
        if (hostIdentifierNumber == 1) {
            hostDir = new File(baseDir, hostname);
        } else {
            hostDir = new File(baseDir, hostname + "_" + hostIdentifierNumber);
        }
        TlsClientConfig tlsClientConfig = new TlsClientConfig(standaloneConfig);
        File keystore = new File(hostDir, "keystore." + tlsClientConfig.getKeyStoreType().toLowerCase());
        File truststore = new File(hostDir, "truststore." + tlsClientConfig.getTrustStoreType().toLowerCase());
        if (hostDir.exists()) {
            if (!hostDir.isDirectory()) {
                throw new IOException(hostDir + " exists but is not a directory.");
            } else if (overwrite) {
                if (logger.isInfoEnabled()) {
                    logger.info("Overwriting any existing ssl configuration in " + hostDir);
                }
                keystore.delete();
                if (keystore.exists()) {
                    throw new IOException("Keystore " + keystore + " already exists and couldn't be deleted.");
                }
                truststore.delete();
                if (truststore.exists()) {
                    throw new IOException("Truststore " + truststore + " already exists and couldn't be deleted.");
                }
            } else {
                throw new IOException(hostDir + " exists and overwrite is not set.");
            }
        } else if (!hostDir.mkdirs()) {
            throw new IOException("Unable to make directory: " + hostDir.getAbsolutePath());
        } else if (logger.isInfoEnabled()) {
            logger.info("Writing new ssl configuration to " + hostDir);
        }
        tlsClientConfig.setKeyStore(keystore.getAbsolutePath());
        tlsClientConfig.setKeyStorePassword(instanceDefinition.getKeyStorePassword());
        tlsClientConfig.setKeyPassword(instanceDefinition.getKeyPassword());
        tlsClientConfig.setTrustStore(truststore.getAbsolutePath());
        tlsClientConfig.setTrustStorePassword(instanceDefinition.getTrustStorePassword());
        TlsClientManager tlsClientManager = new TlsClientManager(tlsClientConfig);
        KeyPair keyPair = TlsHelper.generateKeyPair(keyPairAlgorithm, keySize);
        Extensions sanDnsExtensions = TlsHelper.createDomainAlternativeNamesExtensions(tlsClientConfig.getDomainAlternativeNames(), tlsClientConfig.calcDefaultDn(hostname));
        tlsClientManager.addPrivateKeyToKeyStore(keyPair, NIFI_KEY, CertificateUtils.generateIssuedCertificate(tlsClientConfig.calcDefaultDn(hostname), keyPair.getPublic(), sanDnsExtensions, certificate, caKeyPair, signingAlgorithm, days), certificate);
        tlsClientManager.setCertificateEntry(NIFI_CERT, certificate);
        tlsClientManager.addClientConfigurationWriter(new NifiPropertiesTlsClientConfigWriter(niFiPropertiesWriterFactory, new File(hostDir, "nifi.properties"), hostname, instanceDefinition.getNumber()));
        tlsClientManager.write(outputStreamFactory);
        if (logger.isInfoEnabled()) {
            logger.info("Successfully generated TLS configuration for " + hostname + " " + hostIdentifierNumber + " in " + hostDir);
        }
    }
    List<String> clientDns = standaloneConfig.getClientDns();
    if (standaloneConfig.getClientDns().isEmpty() && logger.isInfoEnabled()) {
        logger.info("No " + TlsToolkitStandaloneCommandLine.CLIENT_CERT_DN_ARG + " specified, not generating any client certificates.");
    }
    List<String> clientPasswords = standaloneConfig.getClientPasswords();
    for (int i = 0; i < clientDns.size(); i++) {
        String reorderedDn = CertificateUtils.reorderDn(clientDns.get(i));
        String clientDnFile = getClientDnFile(reorderedDn);
        File clientCertFile = new File(baseDir, clientDnFile + ".p12");
        if (clientCertFile.exists()) {
            if (overwrite) {
                if (logger.isInfoEnabled()) {
                    logger.info("Overwriting existing client cert " + clientCertFile);
                }
            } else {
                throw new IOException(clientCertFile + " exists and overwrite is not set.");
            }
        } else if (logger.isInfoEnabled()) {
            logger.info("Generating new client certificate " + clientCertFile);
        }
        KeyPair keyPair = TlsHelper.generateKeyPair(keyPairAlgorithm, keySize);
        X509Certificate clientCert = CertificateUtils.generateIssuedCertificate(reorderedDn, keyPair.getPublic(), null, certificate, caKeyPair, signingAlgorithm, days);
        KeyStore keyStore = KeyStoreUtils.getKeyStore(KeystoreType.PKCS12.toString());
        keyStore.load(null, null);
        keyStore.setKeyEntry(NIFI_KEY, keyPair.getPrivate(), null, new Certificate[] { clientCert, certificate });
        String password = TlsHelper.writeKeyStore(keyStore, outputStreamFactory, clientCertFile, clientPasswords.get(i), standaloneConfig.isClientPasswordsGenerated());
        try (FileWriter fileWriter = new FileWriter(new File(baseDir, clientDnFile + ".password"))) {
            fileWriter.write(password);
        }
        if (logger.isInfoEnabled()) {
            logger.info("Successfully generated client certificate " + clientCertFile);
        }
    }
    if (logger.isInfoEnabled()) {
        logger.info("tls-toolkit standalone completed successfully");
    }
}
Also used : InstanceDefinition(org.apache.nifi.toolkit.tls.configuration.InstanceDefinition) KeyPair(java.security.KeyPair) TlsClientManager(org.apache.nifi.toolkit.tls.manager.TlsClientManager) PemWriter(org.bouncycastle.util.io.pem.PemWriter) FileWriter(java.io.FileWriter) IOException(java.io.IOException) TlsCertificateAuthorityManager(org.apache.nifi.toolkit.tls.manager.TlsCertificateAuthorityManager) Extensions(org.bouncycastle.asn1.x509.Extensions) NiFiPropertiesWriterFactory(org.apache.nifi.toolkit.tls.properties.NiFiPropertiesWriterFactory) NifiPropertiesTlsClientConfigWriter(org.apache.nifi.toolkit.tls.manager.writer.NifiPropertiesTlsClientConfigWriter) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) JcaMiscPEMGenerator(org.bouncycastle.openssl.jcajce.JcaMiscPEMGenerator) TlsClientConfig(org.apache.nifi.toolkit.tls.configuration.TlsClientConfig) FileReader(java.io.FileReader) OutputStreamWriter(java.io.OutputStreamWriter) File(java.io.File)

Example 12 with JcaMiscPEMGenerator

use of org.bouncycastle.openssl.jcajce.JcaMiscPEMGenerator in project groovity by disney.

the class CertificateValueHandler method doStore.

@Override
protected void doStore(OutputStream stream, String contentType, Object value, @SuppressWarnings("rawtypes") Map config) throws Exception {
    Writer writer = new OutputStreamWriter(stream, getCharset(contentType));
    PemWriter pemWriter = new PemWriter(writer);
    pemWriter.writeObject(new JcaMiscPEMGenerator(value));
    pemWriter.close();
}
Also used : JcaMiscPEMGenerator(org.bouncycastle.openssl.jcajce.JcaMiscPEMGenerator) PemWriter(org.bouncycastle.util.io.pem.PemWriter) OutputStreamWriter(java.io.OutputStreamWriter) PemWriter(org.bouncycastle.util.io.pem.PemWriter) Writer(java.io.Writer) OutputStreamWriter(java.io.OutputStreamWriter)

Example 13 with JcaMiscPEMGenerator

use of org.bouncycastle.openssl.jcajce.JcaMiscPEMGenerator in project dcos-commons by mesosphere.

the class PEMUtils method toPEM.

public static String toPEM(X509Certificate certificate) throws IOException {
    StringWriter stringWriter = new StringWriter();
    PemWriter pemWriter = new PemWriter(stringWriter);
    try {
        pemWriter.writeObject(new JcaMiscPEMGenerator(certificate));
        pemWriter.flush();
    } finally {
        pemWriter.close();
    }
    return stringWriter.toString();
}
Also used : JcaMiscPEMGenerator(org.bouncycastle.openssl.jcajce.JcaMiscPEMGenerator) StringWriter(java.io.StringWriter) PemWriter(org.bouncycastle.util.io.pem.PemWriter)

Example 14 with JcaMiscPEMGenerator

use of org.bouncycastle.openssl.jcajce.JcaMiscPEMGenerator in project zaproxy by zaproxy.

the class ExtensionDynSSL method writeRootPubCaCertificateToFile.

/**
 * Writes the Root CA public certificate to the specified file in pem format, suitable for
 * importing into browsers
 *
 * @param path the path the Root CA certificate will be written to
 * @throws IOException
 * @throws KeyStoreException
 * @since 2.8.0
 */
public void writeRootPubCaCertificateToFile(Path path) throws IOException, KeyStoreException {
    KeyStore ks = this.getParams().getRootca();
    if (ks != null) {
        final Certificate cert = ks.getCertificate(org.parosproxy.paros.security.SslCertificateService.ZAPROXY_JKS_ALIAS);
        try (final Writer w = Files.newBufferedWriter(path, StandardCharsets.US_ASCII);
            final PemWriter pw = new PemWriter(w)) {
            pw.writeObject(new JcaMiscPEMGenerator(cert));
            pw.flush();
        }
    }
}
Also used : JcaMiscPEMGenerator(org.bouncycastle.openssl.jcajce.JcaMiscPEMGenerator) PemWriter(org.bouncycastle.util.io.pem.PemWriter) KeyStore(java.security.KeyStore) PemWriter(org.bouncycastle.util.io.pem.PemWriter) Writer(java.io.Writer) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 15 with JcaMiscPEMGenerator

use of org.bouncycastle.openssl.jcajce.JcaMiscPEMGenerator in project spring-cloud-gcp by spring-cloud.

the class RSAKeyGeneratorUtils method getPublicKeyCertificate.

/**
 * @return A PEM encoded string for the public key of the certificate.
 * @throws CertificateEncodingException if certificate can't be encoded.
 */
public String getPublicKeyCertificate() throws CertificateEncodingException {
    StringWriter sw = new StringWriter();
    try (PemWriter pw = new PemWriter(sw)) {
        PemObjectGenerator gen = new JcaMiscPEMGenerator(this.certificate);
        pw.writeObject(gen);
    } catch (IOException e) {
        throw new RuntimeException(e);
    }
    return sw.toString();
}
Also used : JcaMiscPEMGenerator(org.bouncycastle.openssl.jcajce.JcaMiscPEMGenerator) PemObjectGenerator(org.bouncycastle.util.io.pem.PemObjectGenerator) StringWriter(java.io.StringWriter) PemWriter(org.bouncycastle.util.io.pem.PemWriter) IOException(java.io.IOException)

Aggregations

JcaMiscPEMGenerator (org.bouncycastle.openssl.jcajce.JcaMiscPEMGenerator)15 PemWriter (org.bouncycastle.util.io.pem.PemWriter)15 OutputStreamWriter (java.io.OutputStreamWriter)7 StringWriter (java.io.StringWriter)5 Writer (java.io.Writer)5 KeyStore (java.security.KeyStore)5 Certificate (java.security.cert.Certificate)5 IOException (java.io.IOException)3 X509Certificate (java.security.cert.X509Certificate)3 File (java.io.File)2 TlsClientConfig (org.apache.nifi.toolkit.tls.configuration.TlsClientConfig)2 PemObjectGenerator (org.bouncycastle.util.io.pem.PemObjectGenerator)2 ByteArrayOutputStream (java.io.ByteArrayOutputStream)1 FileReader (java.io.FileReader)1 FileWriter (java.io.FileWriter)1 InputStream (java.io.InputStream)1 OutputStream (java.io.OutputStream)1 Key (java.security.Key)1 KeyPair (java.security.KeyPair)1 PrivateKey (java.security.PrivateKey)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial