Example 51 with JcaPEMKeyConverter
use of org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter in project Openfire by igniterealtime.
the class CertificateManager method parsePrivateKey.
/**
* Parses a PrivateKey instance from a PEM representation.
*
* When the provided key is encrypted, the provided pass phrase is applied.
*
* @param pemRepresentation a PEM representation of a private key (cannot be null or empty)
* @param passPhrase optional pass phrase (must be present if the private key is encrypted).
* @return a PrivateKey instance (never null)
* @throws IOException if there was a problem parsing the key
*/
public static PrivateKey parsePrivateKey(InputStream pemRepresentation, String passPhrase) throws IOException {
if (passPhrase == null) {
passPhrase = "";
}
try (//
Reader reader = new InputStreamReader(pemRepresentation);
PEMParser pemParser = new PEMParser(reader)) {
final Object object = pemParser.readObject();
final JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
final KeyPair kp;
if (object instanceof PEMEncryptedKeyPair) {
// Encrypted key - we will use provided password
final PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(passPhrase.toCharArray());
kp = converter.getKeyPair(((PEMEncryptedKeyPair) object).decryptKeyPair(decProv));
} else if (object instanceof PKCS8EncryptedPrivateKeyInfo) {
// Encrypted key - we will use provided password
try {
final PKCS8EncryptedPrivateKeyInfo encryptedInfo = (PKCS8EncryptedPrivateKeyInfo) object;
final InputDecryptorProvider provider = new JceOpenSSLPKCS8DecryptorProviderBuilder().build(passPhrase.toCharArray());
final PrivateKeyInfo privateKeyInfo = encryptedInfo.decryptPrivateKeyInfo(provider);
return converter.getPrivateKey(privateKeyInfo);
} catch (PKCSException | OperatorCreationException e) {
throw new IOException("Unable to decrypt private key.", e);
}
} else if (object instanceof PrivateKeyInfo) {
return converter.getPrivateKey((PrivateKeyInfo) object);
} else {
// Unencrypted key - no password needed
kp = converter.getKeyPair((PEMKeyPair) object);
}
return kp.getPrivate();
}
}
Also used :
JcaPEMKeyConverter(org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter)
JcePEMDecryptorProviderBuilder(org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder)
PKCS8EncryptedPrivateKeyInfo(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo)
InputDecryptorProvider(org.bouncycastle.operator.InputDecryptorProvider)
JceOpenSSLPKCS8DecryptorProviderBuilder(org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder)
PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo)
PKCS8EncryptedPrivateKeyInfo(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo)
Example 52 with JcaPEMKeyConverter
use of org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter in project gitblit by gitblit.
the class FileKeyPairProvider method doLoadKey.
protected KeyPair doLoadKey(String file) {
try {
PEMParser r = new PEMParser(new InputStreamReader(new FileInputStream(file)));
try {
Object o = r.readObject();
JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter();
pemConverter.setProvider("BC");
if (passwordFinder != null && o instanceof PEMEncryptedKeyPair) {
JcePEMDecryptorProviderBuilder decryptorBuilder = new JcePEMDecryptorProviderBuilder();
PEMDecryptorProvider pemDecryptor = decryptorBuilder.build(passwordFinder.getPassword());
o = pemConverter.getKeyPair(((PEMEncryptedKeyPair) o).decryptKeyPair(pemDecryptor));
}
if (o instanceof PEMKeyPair) {
o = pemConverter.getKeyPair((PEMKeyPair) o);
return (KeyPair) o;
} else if (o instanceof KeyPair) {
return (KeyPair) o;
}
} finally {
r.close();
}
} catch (Exception e) {
log.warn("Unable to read key " + file, e);
}
return null;
}
Also used :
PEMEncryptedKeyPair(org.bouncycastle.openssl.PEMEncryptedKeyPair)
KeyPair(java.security.KeyPair)
PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair)
PEMEncryptedKeyPair(org.bouncycastle.openssl.PEMEncryptedKeyPair)
PEMParser(org.bouncycastle.openssl.PEMParser)
InputStreamReader(java.io.InputStreamReader)
PEMDecryptorProvider(org.bouncycastle.openssl.PEMDecryptorProvider)
JcaPEMKeyConverter(org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter)
PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair)
JcePEMDecryptorProviderBuilder(org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder)
FileInputStream(java.io.FileInputStream)
NoSuchElementException(java.util.NoSuchElementException)
Example 53 with JcaPEMKeyConverter
use of org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter in project graylog2-server by Graylog2.
the class KeyUtil method privateKeyFromFile.
/**
* Obtain a private key from a PKS8 PEM file, which is optionally password-protected.
* @param password password to decrypt the file - it may be null or empty in case of an unencrypted file
* @param keyFile the key file
* @return the corresponding private key
*/
public static PrivateKey privateKeyFromFile(String password, File keyFile) throws IOException, PKCSException, OperatorCreationException {
PrivateKey privateKey;
JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
// Be sure to specify charset for reader - don't use plain FileReader
Object object;
try (InputStream inputStream = Files.newInputStream(keyFile.toPath());
InputStreamReader fileReader = new InputStreamReader(inputStream, StandardCharsets.UTF_8);
PEMParser pemParser = new PEMParser(fileReader)) {
object = pemParser.readObject();
}
if (object instanceof PKCS8EncryptedPrivateKeyInfo) {
PKCS8EncryptedPrivateKeyInfo pInfo = (PKCS8EncryptedPrivateKeyInfo) object;
JceOpenSSLPKCS8DecryptorProviderBuilder providerBuilder = new JceOpenSSLPKCS8DecryptorProviderBuilder();
InputDecryptorProvider provider = providerBuilder.build(Strings.nullToEmpty(password).toCharArray());
PrivateKeyInfo info = pInfo.decryptPrivateKeyInfo(provider);
privateKey = converter.getPrivateKey(info);
} else if (object instanceof PrivateKeyInfo) {
privateKey = converter.getPrivateKey((PrivateKeyInfo) object);
} else if (object instanceof PEMKeyPair) {
privateKey = converter.getPrivateKey(((PEMKeyPair) object).getPrivateKeyInfo());
} else {
throw new PKCSException("Encountered unexpected object type: " + object.getClass().getName());
}
return privateKey;
}
Also used :
PemPrivateKey(io.netty.handler.ssl.PemPrivateKey)
PrivateKey(java.security.PrivateKey)
InputStreamReader(java.io.InputStreamReader)
PEMParser(org.bouncycastle.openssl.PEMParser)
InputDecryptorProvider(org.bouncycastle.operator.InputDecryptorProvider)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
JcaPEMKeyConverter(org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter)
PemObject(org.bouncycastle.util.io.pem.PemObject)
JceOpenSSLPKCS8DecryptorProviderBuilder(org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder)
PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair)
PKCS8EncryptedPrivateKeyInfo(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo)
PKCSException(org.bouncycastle.pkcs.PKCSException)
PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo)
PKCS8EncryptedPrivateKeyInfo(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo)
EncryptedPrivateKeyInfo(javax.crypto.EncryptedPrivateKeyInfo)
Example 54 with JcaPEMKeyConverter
use of org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter in project graylog2-server by Graylog2.
the class PemKeyStore method generateKeySpec.
/**
* Generates a key specification for an (encrypted) private key.
*
* @param password characters, if {@code null} or empty an unencrypted key is assumed
* @param key bytes of the DER encoded private key
* @return a key specification
* @throws IOException if parsing {@code key} fails
* @throws PKCSException if the decryption key based on {@code password} cannot be used to decrypt
* {@code key}
* @throws OperatorCreationException if the decryption algorithm parameters are somehow faulty
*/
protected static PKCS8EncodedKeySpec generateKeySpec(char[] password, byte[] key) throws IOException, PKCSException, OperatorCreationException {
if (password == null || password.length == 0) {
return new PKCS8EncodedKeySpec(key);
}
final PKCS8EncryptedPrivateKeyInfo privateKeyInfo = new PKCS8EncryptedPrivateKeyInfo(key);
final InputDecryptorProvider decProv = new JceOpenSSLPKCS8DecryptorProviderBuilder().setProvider("BC").build(password);
PrivateKeyInfo pkInfo = privateKeyInfo.decryptPrivateKeyInfo(decProv);
PrivateKey privKey = new JcaPEMKeyConverter().setProvider("BC").getPrivateKey(pkInfo);
return new PKCS8EncodedKeySpec(privKey.getEncoded());
}
Also used :
PrivateKey(java.security.PrivateKey)
InputDecryptorProvider(org.bouncycastle.operator.InputDecryptorProvider)
PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec)
JcaPEMKeyConverter(org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter)
JceOpenSSLPKCS8DecryptorProviderBuilder(org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder)
PKCS8EncryptedPrivateKeyInfo(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo)
PKCS8EncryptedPrivateKeyInfo(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo)
PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo)
Example 55 with JcaPEMKeyConverter
use of org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter in project keycloak by keycloak.
the class AssertionUtilTest method extractPrivateKey.
private PrivateKey extractPrivateKey() throws IOException {
StringBuilder sb = new StringBuilder();
try (Scanner sc = new Scanner(getEncryptedIdTestFileInputStream())) {
while (sc.hasNextLine()) {
if (sc.nextLine().contains("BEGIN RSA PRIVATE KEY")) {
sb.append("-----BEGIN RSA PRIVATE KEY-----").append("\n");
while (sc.hasNextLine()) {
String line = sc.nextLine();
if (line.contains("END RSA PRIVATE KEY")) {
sb.append("-----END RSA PRIVATE KEY-----");
break;
}
sb.append(line).append("\n");
}
}
}
}
assertNotEquals("PEM certificate not found in test data", 0, sb.length());
PEMParser pp = new PEMParser(new StringReader(sb.toString()));
PEMKeyPair pemKeyPair = (PEMKeyPair) pp.readObject();
KeyPair kp = new JcaPEMKeyConverter().getKeyPair(pemKeyPair);
pp.close();
return kp.getPrivate();
}
Also used :
Scanner(java.util.Scanner)
KeyPair(java.security.KeyPair)
PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair)
PEMParser(org.bouncycastle.openssl.PEMParser)
StringReader(java.io.StringReader)
JcaPEMKeyConverter(org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter)
PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair)
Aggregations
JcaPEMKeyConverter (org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter)55
PEMParser (org.bouncycastle.openssl.PEMParser)48
PEMKeyPair (org.bouncycastle.openssl.PEMKeyPair)31
PrivateKeyInfo (org.bouncycastle.asn1.pkcs.PrivateKeyInfo)26
IOException (java.io.IOException)20
InputStreamReader (java.io.InputStreamReader)19
PrivateKey (java.security.PrivateKey)19
Reader (java.io.Reader)15
JcePEMDecryptorProviderBuilder (org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder)14
PKCS8EncryptedPrivateKeyInfo (org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo)14
StringReader (java.io.StringReader)13
PEMEncryptedKeyPair (org.bouncycastle.openssl.PEMEncryptedKeyPair)13
InputStream (java.io.InputStream)12
InputDecryptorProvider (org.bouncycastle.operator.InputDecryptorProvider)12
PEMDecryptorProvider (org.bouncycastle.openssl.PEMDecryptorProvider)11
JceOpenSSLPKCS8DecryptorProviderBuilder (org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder)11
BouncyCastleProvider (org.bouncycastle.jce.provider.BouncyCastleProvider)10
KeyPair (java.security.KeyPair)9
PemObject (org.bouncycastle.util.io.pem.PemObject)7
ByteArrayInputStream (java.io.ByteArrayInputStream)6
