Example 6 with JcaPKCS8Generator
use of org.bouncycastle.openssl.jcajce.JcaPKCS8Generator in project graylog2-server by Graylog2.
the class KeyUtil method generatePKCS8FromPrivateKey.
/**
* Build a password-encrypted PKCS8 private key and write it to a PEM file in the temp directory.
* Caller is responsible for ensuring that the temp directory is writable. The file will be deleted
* when the VM exits.
* @param tmpDir path to directory in which to create the
* @param password to protect the key
* @param key encrypt this key
* @return PEM file
* @throws GeneralSecurityException
*/
public static File generatePKCS8FromPrivateKey(Path tmpDir, char[] password, PrivateKey key) throws GeneralSecurityException {
try {
JceOpenSSLPKCS8EncryptorBuilder encryptorBuilder = new JceOpenSSLPKCS8EncryptorBuilder(PKCS8Generator.AES_256_CBC).setRandom(new SecureRandom()).setPasssword(password);
OutputEncryptor encryptor = encryptorBuilder.build();
// construct object to create the PKCS8 object from the private key and encryptor
PemObject pemObj = new JcaPKCS8Generator(key, encryptor).generate();
StringWriter stringWriter = new StringWriter();
try (JcaPEMWriter pemWriter = new JcaPEMWriter(stringWriter)) {
pemWriter.writeObject(pemObj);
}
// write PKCS8 to file
String pkcs8Key = stringWriter.toString();
File tmpFile = Files.createTempFile(tmpDir, "pkcs8", ".key").toFile();
try (FileOutputStream fos = new FileOutputStream(tmpFile)) {
fos.write(pkcs8Key.getBytes(StandardCharsets.UTF_8));
tmpFile.deleteOnExit();
}
return tmpFile;
} catch (IOException | OperatorCreationException e) {
throw new GeneralSecurityException(e);
}
}
Also used :
JceOpenSSLPKCS8EncryptorBuilder(org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8EncryptorBuilder)
GeneralSecurityException(java.security.GeneralSecurityException)
SecureRandom(java.security.SecureRandom)
IOException(java.io.IOException)
PemObject(org.bouncycastle.util.io.pem.PemObject)
StringWriter(java.io.StringWriter)
JcaPKCS8Generator(org.bouncycastle.openssl.jcajce.JcaPKCS8Generator)
FileOutputStream(java.io.FileOutputStream)
JcaPEMWriter(org.bouncycastle.openssl.jcajce.JcaPEMWriter)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
File(java.io.File)
OutputEncryptor(org.bouncycastle.operator.OutputEncryptor)
Aggregations
JcaPKCS8Generator (org.bouncycastle.openssl.jcajce.JcaPKCS8Generator)6
IOException (java.io.IOException)5
StringWriter (java.io.StringWriter)5
JcaPEMWriter (org.bouncycastle.openssl.jcajce.JcaPEMWriter)5
PemObject (org.bouncycastle.util.io.pem.PemObject)4
ByteArrayInputStream (java.io.ByteArrayInputStream)3
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3
SecureRandom (java.security.SecureRandom)3
PemGenerationException (org.bouncycastle.util.io.pem.PemGenerationException)3
JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)2
ObjectMetaBuilder (io.fabric8.kubernetes.api.model.ObjectMetaBuilder)2
Secret (io.fabric8.kubernetes.api.model.Secret)2
SecretBuilder (io.fabric8.kubernetes.api.model.SecretBuilder)2
DefaultKubernetesClient (io.fabric8.kubernetes.client.DefaultKubernetesClient)2
KubernetesClient (io.fabric8.kubernetes.client.KubernetesClient)2
ByteArrayOutputStream (java.io.ByteArrayOutputStream)2
File (java.io.File)2
UncheckedIOException (java.io.UncheckedIOException)2
GeneralSecurityException (java.security.GeneralSecurityException)2
KeyPair (java.security.KeyPair)2
