use of org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter in project vespa by vespa-engine.
the class PemKeyStore method setPrivateKey.
private synchronized void setPrivateKey(PrivateKeyInfo privateKey) throws PEMException {
JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider(bouncyCastleProvider);
this.privateKey = converter.getPrivateKey(privateKey);
}
use of org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter in project zm-mailbox by Zimbra.
the class MobileConfigFormatter method signConfig.
private byte[] signConfig(Domain domain, Server server, byte[] config) {
byte[] signedConfig = config;
String certStr = null;
String pvtKeyStr = null;
if (domain != null) {
certStr = domain.getSSLCertificate();
pvtKeyStr = domain.getSSLPrivateKey();
if (StringUtil.isNullOrEmpty(certStr) && server != null) {
certStr = server.getSSLCertificate();
pvtKeyStr = server.getSSLPrivateKey();
}
}
if (!StringUtil.isNullOrEmpty(certStr) && !StringUtil.isNullOrEmpty(pvtKeyStr)) {
try (InputStream targetStream = new ByteArrayInputStream(certStr.getBytes())) {
CertificateFactory certFactory = CertificateFactory.getInstance(SmimeConstants.PUB_CERT_TYPE);
X509Certificate cert = (X509Certificate) certFactory.generateCertificate(targetStream);
StringReader reader = new StringReader(pvtKeyStr);
PrivateKey privateKey = null;
try (PEMParser pp = new PEMParser(reader)) {
Object pemKP = pp.readObject();
JcaPEMKeyConverter converter = new JcaPEMKeyConverter();
PrivateKeyInfo pkInfo = null;
if (pemKP instanceof PrivateKeyInfo) {
pkInfo = (PrivateKeyInfo) pemKP;
} else {
pkInfo = ((PEMKeyPair) pemKP).getPrivateKeyInfo();
}
privateKey = converter.getPrivateKey(pkInfo);
}
signedConfig = DataSigner.signData(config, cert, privateKey);
} catch (IOException | CertificateException | OperatorCreationException | CMSException e) {
ZimbraLog.misc.debug("exception occurred during signing config", e);
}
} else {
ZimbraLog.misc.debug("SSLCertificate/SSLPrivateKey is not set, config will not be signed");
}
return signedConfig;
}
use of org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter in project cas by apereo.
the class WsFederationHelper method getEncryptionCredential.
/**
* Gets encryption credential.
* The encryption private key will need to contain the private keypair in PEM format.
* The encryption certificate is shared with ADFS in DER format, i.e certificate.crt.
*
* @param config the config
* @return the encryption credential
*/
@SneakyThrows
private static Credential getEncryptionCredential(final WsFederationConfiguration config) {
LOGGER.debug("Locating encryption credential private key [{}]", config.getEncryptionPrivateKey());
val br = new BufferedReader(new InputStreamReader(config.getEncryptionPrivateKey().getInputStream(), StandardCharsets.UTF_8));
Security.addProvider(new BouncyCastleProvider());
LOGGER.debug("Parsing credential private key");
try (val pemParser = new PEMParser(br)) {
val privateKeyPemObject = pemParser.readObject();
val converter = new JcaPEMKeyConverter().setProvider(new BouncyCastleProvider());
val kp = FunctionUtils.doIf(Predicates.instanceOf(PEMEncryptedKeyPair.class), Unchecked.supplier(() -> {
LOGGER.debug("Encryption private key is an encrypted keypair");
val ckp = (PEMEncryptedKeyPair) privateKeyPemObject;
val decProv = new JcePEMDecryptorProviderBuilder().build(config.getEncryptionPrivateKeyPassword().toCharArray());
LOGGER.debug("Attempting to decrypt the encrypted keypair based on the provided encryption private key password");
return converter.getKeyPair(ckp.decryptKeyPair(decProv));
}), Unchecked.supplier(() -> {
LOGGER.debug("Extracting a keypair from the private key");
return converter.getKeyPair((PEMKeyPair) privateKeyPemObject);
})).apply(privateKeyPemObject);
val certParser = new X509CertParser();
LOGGER.debug("Locating encryption certificate [{}]", config.getEncryptionCertificate());
certParser.engineInit(config.getEncryptionCertificate().getInputStream());
LOGGER.debug("Invoking certificate engine to parse the certificate [{}]", config.getEncryptionCertificate());
val cert = (X509CertificateObject) certParser.engineRead();
LOGGER.debug("Creating final credential based on the certificate [{}] and the private key", cert.getIssuerDN());
return new BasicX509Credential(cert, kp.getPrivate());
}
}
use of org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter in project meecrowave by apache.
the class LetsEncryptReloadLifecycle method loadOrCreateKeyPair.
private KeyPair loadOrCreateKeyPair(final int keySize, final File file) {
if (file.exists()) {
try (final PEMParser parser = new PEMParser(new FileReader(file))) {
return new JcaPEMKeyConverter().getKeyPair(PEMKeyPair.class.cast(parser.readObject()));
} catch (final IOException ex) {
throw new IllegalStateException("Can't read PEM file: " + file, ex);
}
} else {
try {
final KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
keyGen.initialize(keySize);
final KeyPair keyPair = keyGen.generateKeyPair();
try (final JcaPEMWriter writer = new JcaPEMWriter(new FileWriter(file))) {
writer.writeObject(keyPair);
} catch (final IOException ex) {
throw new IllegalStateException("Can't read PEM file: " + file, ex);
}
return keyPair;
} catch (final NoSuchAlgorithmException ex) {
throw new IllegalStateException(ex);
}
}
}
Aggregations