Search in sources :

Example 46 with JcaPEMKeyConverter

use of org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter in project vespa by vespa-engine.

the class PemKeyStore method setPrivateKey.

private synchronized void setPrivateKey(PrivateKeyInfo privateKey) throws PEMException {
    JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider(bouncyCastleProvider);
    this.privateKey = converter.getPrivateKey(privateKey);
}
Also used : JcaPEMKeyConverter(org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter)

Example 47 with JcaPEMKeyConverter

use of org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter in project zm-mailbox by Zimbra.

the class MobileConfigFormatter method signConfig.

private byte[] signConfig(Domain domain, Server server, byte[] config) {
    byte[] signedConfig = config;
    String certStr = null;
    String pvtKeyStr = null;
    if (domain != null) {
        certStr = domain.getSSLCertificate();
        pvtKeyStr = domain.getSSLPrivateKey();
        if (StringUtil.isNullOrEmpty(certStr) && server != null) {
            certStr = server.getSSLCertificate();
            pvtKeyStr = server.getSSLPrivateKey();
        }
    }
    if (!StringUtil.isNullOrEmpty(certStr) && !StringUtil.isNullOrEmpty(pvtKeyStr)) {
        try (InputStream targetStream = new ByteArrayInputStream(certStr.getBytes())) {
            CertificateFactory certFactory = CertificateFactory.getInstance(SmimeConstants.PUB_CERT_TYPE);
            X509Certificate cert = (X509Certificate) certFactory.generateCertificate(targetStream);
            StringReader reader = new StringReader(pvtKeyStr);
            PrivateKey privateKey = null;
            try (PEMParser pp = new PEMParser(reader)) {
                Object pemKP = pp.readObject();
                JcaPEMKeyConverter converter = new JcaPEMKeyConverter();
                PrivateKeyInfo pkInfo = null;
                if (pemKP instanceof PrivateKeyInfo) {
                    pkInfo = (PrivateKeyInfo) pemKP;
                } else {
                    pkInfo = ((PEMKeyPair) pemKP).getPrivateKeyInfo();
                }
                privateKey = converter.getPrivateKey(pkInfo);
            }
            signedConfig = DataSigner.signData(config, cert, privateKey);
        } catch (IOException | CertificateException | OperatorCreationException | CMSException e) {
            ZimbraLog.misc.debug("exception occurred during signing config", e);
        }
    } else {
        ZimbraLog.misc.debug("SSLCertificate/SSLPrivateKey is not set, config will not be signed");
    }
    return signedConfig;
}
Also used : PrivateKey(java.security.PrivateKey) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) JcaPEMKeyConverter(org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter) CertificateException(java.security.cert.CertificateException) IOException(java.io.IOException) CertificateFactory(java.security.cert.CertificateFactory) X509Certificate(java.security.cert.X509Certificate) PEMParser(org.bouncycastle.openssl.PEMParser) ByteArrayInputStream(java.io.ByteArrayInputStream) StringReader(java.io.StringReader) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo) CMSException(org.bouncycastle.cms.CMSException)

Example 48 with JcaPEMKeyConverter

use of org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter in project cas by apereo.

the class WsFederationHelper method getEncryptionCredential.

/**
 * Gets encryption credential.
 * The encryption private key will need to contain the private keypair in PEM format.
 * The encryption certificate is shared with ADFS in DER format, i.e certificate.crt.
 *
 * @param config the config
 * @return the encryption credential
 */
@SneakyThrows
private static Credential getEncryptionCredential(final WsFederationConfiguration config) {
    LOGGER.debug("Locating encryption credential private key [{}]", config.getEncryptionPrivateKey());
    val br = new BufferedReader(new InputStreamReader(config.getEncryptionPrivateKey().getInputStream(), StandardCharsets.UTF_8));
    Security.addProvider(new BouncyCastleProvider());
    LOGGER.debug("Parsing credential private key");
    try (val pemParser = new PEMParser(br)) {
        val privateKeyPemObject = pemParser.readObject();
        val converter = new JcaPEMKeyConverter().setProvider(new BouncyCastleProvider());
        val kp = FunctionUtils.doIf(Predicates.instanceOf(PEMEncryptedKeyPair.class), Unchecked.supplier(() -> {
            LOGGER.debug("Encryption private key is an encrypted keypair");
            val ckp = (PEMEncryptedKeyPair) privateKeyPemObject;
            val decProv = new JcePEMDecryptorProviderBuilder().build(config.getEncryptionPrivateKeyPassword().toCharArray());
            LOGGER.debug("Attempting to decrypt the encrypted keypair based on the provided encryption private key password");
            return converter.getKeyPair(ckp.decryptKeyPair(decProv));
        }), Unchecked.supplier(() -> {
            LOGGER.debug("Extracting a keypair from the private key");
            return converter.getKeyPair((PEMKeyPair) privateKeyPemObject);
        })).apply(privateKeyPemObject);
        val certParser = new X509CertParser();
        LOGGER.debug("Locating encryption certificate [{}]", config.getEncryptionCertificate());
        certParser.engineInit(config.getEncryptionCertificate().getInputStream());
        LOGGER.debug("Invoking certificate engine to parse the certificate [{}]", config.getEncryptionCertificate());
        val cert = (X509CertificateObject) certParser.engineRead();
        LOGGER.debug("Creating final credential based on the certificate [{}] and the private key", cert.getIssuerDN());
        return new BasicX509Credential(cert, kp.getPrivate());
    }
}
Also used : lombok.val(lombok.val) X509CertParser(org.bouncycastle.jce.provider.X509CertParser) PEMEncryptedKeyPair(org.bouncycastle.openssl.PEMEncryptedKeyPair) InputStreamReader(java.io.InputStreamReader) PEMParser(org.bouncycastle.openssl.PEMParser) X509CertificateObject(org.bouncycastle.jce.provider.X509CertificateObject) BasicX509Credential(org.opensaml.security.x509.BasicX509Credential) BufferedReader(java.io.BufferedReader) JcaPEMKeyConverter(org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter) JcePEMDecryptorProviderBuilder(org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider) SneakyThrows(lombok.SneakyThrows)

Example 49 with JcaPEMKeyConverter

use of org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter in project meecrowave by apache.

the class LetsEncryptReloadLifecycle method loadOrCreateKeyPair.

private KeyPair loadOrCreateKeyPair(final int keySize, final File file) {
    if (file.exists()) {
        try (final PEMParser parser = new PEMParser(new FileReader(file))) {
            return new JcaPEMKeyConverter().getKeyPair(PEMKeyPair.class.cast(parser.readObject()));
        } catch (final IOException ex) {
            throw new IllegalStateException("Can't read PEM file: " + file, ex);
        }
    } else {
        try {
            final KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
            keyGen.initialize(keySize);
            final KeyPair keyPair = keyGen.generateKeyPair();
            try (final JcaPEMWriter writer = new JcaPEMWriter(new FileWriter(file))) {
                writer.writeObject(keyPair);
            } catch (final IOException ex) {
                throw new IllegalStateException("Can't read PEM file: " + file, ex);
            }
            return keyPair;
        } catch (final NoSuchAlgorithmException ex) {
            throw new IllegalStateException(ex);
        }
    }
}
Also used : KeyPair(java.security.KeyPair) PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair) PEMParser(org.bouncycastle.openssl.PEMParser) FileWriter(java.io.FileWriter) JcaPEMKeyConverter(org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter) FileReader(java.io.FileReader) PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair) IOException(java.io.IOException) KeyPairGenerator(java.security.KeyPairGenerator) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) JcaPEMWriter(org.bouncycastle.openssl.jcajce.JcaPEMWriter)

Aggregations

JcaPEMKeyConverter (org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter)49 PEMParser (org.bouncycastle.openssl.PEMParser)42 PEMKeyPair (org.bouncycastle.openssl.PEMKeyPair)27 PrivateKeyInfo (org.bouncycastle.asn1.pkcs.PrivateKeyInfo)22 IOException (java.io.IOException)21 InputStreamReader (java.io.InputStreamReader)17 PrivateKey (java.security.PrivateKey)17 Reader (java.io.Reader)15 InputStream (java.io.InputStream)12 JcePEMDecryptorProviderBuilder (org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder)12 StringReader (java.io.StringReader)11 PEMEncryptedKeyPair (org.bouncycastle.openssl.PEMEncryptedKeyPair)11 PKCS8EncryptedPrivateKeyInfo (org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo)11 BouncyCastleProvider (org.bouncycastle.jce.provider.BouncyCastleProvider)9 PEMDecryptorProvider (org.bouncycastle.openssl.PEMDecryptorProvider)9 InputDecryptorProvider (org.bouncycastle.operator.InputDecryptorProvider)9 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)8 JceOpenSSLPKCS8DecryptorProviderBuilder (org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder)8 KeyPair (java.security.KeyPair)7 PemObject (org.bouncycastle.util.io.pem.PemObject)7