Example 6 with JcePEMDecryptorProviderBuilder
use of org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder in project camel by apache.
the class ResourceHelperKeyPairProvider method loadKeys.
@Override
public Iterable<KeyPair> loadKeys() {
if (!SecurityUtils.isBouncyCastleRegistered()) {
throw new IllegalStateException("BouncyCastle must be registered as a JCE provider");
}
final List<KeyPair> keys = new ArrayList<KeyPair>(this.resources.length);
for (String resource : resources) {
PEMParser r = null;
InputStreamReader isr = null;
InputStream is = null;
try {
is = ResourceHelper.resolveMandatoryResourceAsInputStream(classResolver, resource);
isr = new InputStreamReader(is);
r = new PEMParser(isr);
Object o = r.readObject();
JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter();
pemConverter.setProvider("BC");
if (passwordFinder != null && o instanceof PEMEncryptedKeyPair) {
JcePEMDecryptorProviderBuilder decryptorBuilder = new JcePEMDecryptorProviderBuilder();
PEMDecryptorProvider pemDecryptor = decryptorBuilder.build(passwordFinder.getPassword());
o = pemConverter.getKeyPair(((PEMEncryptedKeyPair) o).decryptKeyPair(pemDecryptor));
}
if (o instanceof PEMKeyPair) {
o = pemConverter.getKeyPair((PEMKeyPair) o);
keys.add((KeyPair) o);
} else if (o instanceof KeyPair) {
keys.add((KeyPair) o);
}
} catch (Exception e) {
log.warn("Unable to read key", e);
} finally {
IoUtils.closeQuietly(r, is, isr);
}
}
return keys;
}
Also used :
KeyPair(java.security.KeyPair)
PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair)
PEMEncryptedKeyPair(org.bouncycastle.openssl.PEMEncryptedKeyPair)
InputStreamReader(java.io.InputStreamReader)
InputStream(java.io.InputStream)
ArrayList(java.util.ArrayList)
PEMDecryptorProvider(org.bouncycastle.openssl.PEMDecryptorProvider)
JcaPEMKeyConverter(org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter)
JcePEMDecryptorProviderBuilder(org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder)
PEMEncryptedKeyPair(org.bouncycastle.openssl.PEMEncryptedKeyPair)
PEMParser(org.bouncycastle.openssl.PEMParser)
PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair)
Example 7 with JcePEMDecryptorProviderBuilder
use of org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder in project groovity by disney.
the class KeyPairValueHandler method doLoad.
@Override
protected Object doLoad(InputStream stream, String contentType, @SuppressWarnings("rawtypes") Class valueClass, @SuppressWarnings("rawtypes") Map config) throws Exception {
// look here http://stackoverflow.com/questions/15656644/get-keypair-from-pem-key-with-bouncycastle
PEMKeyPair keyPair;
Reader reader = new InputStreamReader(stream, getCharset(contentType));
PEMParser pemReader = new PEMParser(reader);
try {
Object o = pemReader.readObject();
if (o == null) {
return null;
}
if (o instanceof PEMEncryptedKeyPair) {
if (config != null && config.containsKey(PASSWORD)) {
String password = config.get(PASSWORD).toString();
PEMDecryptorProvider decryptionProv = new JcePEMDecryptorProviderBuilder().build(password.toCharArray());
keyPair = ((PEMEncryptedKeyPair) o).decryptKeyPair(decryptionProv);
} else {
throw new RuntimeException("Keypair requires password but none provided");
}
} else {
keyPair = ((PEMKeyPair) o);
}
} finally {
pemReader.close();
}
return new JcaPEMKeyConverter().getKeyPair(keyPair);
}
Also used :
PEMEncryptedKeyPair(org.bouncycastle.openssl.PEMEncryptedKeyPair)
InputStreamReader(java.io.InputStreamReader)
PEMParser(org.bouncycastle.openssl.PEMParser)
PEMDecryptorProvider(org.bouncycastle.openssl.PEMDecryptorProvider)
Reader(java.io.Reader)
InputStreamReader(java.io.InputStreamReader)
JcaPEMKeyConverter(org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter)
PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair)
JcePEMDecryptorProviderBuilder(org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder)
Example 8 with JcePEMDecryptorProviderBuilder
use of org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder in project candlepin by candlepin.
the class PrivateKeyReaderTest method testReadEncryptedPKCS1.
@Test
public void testReadEncryptedPKCS1() throws Exception {
String keyFile = "keys/pkcs1-aes256-encrypted.pem";
try (InputStream keyStream = cl.getResourceAsStream(keyFile);
Reader expectedReader = new InputStreamReader(cl.getResourceAsStream(keyFile))) {
PrivateKey actualKey = new PrivateKeyReader().read(keyStream, "password");
PEMEncryptedKeyPair expected = (PEMEncryptedKeyPair) new PEMParser(expectedReader).readObject();
PEMDecryptorProvider provider = new JcePEMDecryptorProviderBuilder().setProvider(BC_PROVIDER).build(PASSWORD);
PEMKeyPair decryptedInfo = expected.decryptKeyPair(provider);
PrivateKey expectedKey = new JcaPEMKeyConverter().setProvider(BC_PROVIDER).getKeyPair(decryptedInfo).getPrivate();
assertEquals(actualKey, expectedKey);
}
}
Also used :
PEMEncryptedKeyPair(org.bouncycastle.openssl.PEMEncryptedKeyPair)
PrivateKey(java.security.PrivateKey)
InputStreamReader(java.io.InputStreamReader)
PEMParser(org.bouncycastle.openssl.PEMParser)
InputStream(java.io.InputStream)
PEMDecryptorProvider(org.bouncycastle.openssl.PEMDecryptorProvider)
Reader(java.io.Reader)
InputStreamReader(java.io.InputStreamReader)
JcaPEMKeyConverter(org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter)
PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair)
JcePEMDecryptorProviderBuilder(org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder)
Test(org.junit.Test)
Example 9 with JcePEMDecryptorProviderBuilder
use of org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder in project cas by apereo.
the class WsFederationHelper method getEncryptionCredential.
/**
* Gets encryption credential.
* The encryption private key will need to contain the private keypair in PEM format.
* The encryption certificate is shared with ADFS in DER format, i.e certificate.crt.
*
* @param config the config
* @return the encryption credential
*/
@SneakyThrows
private static Credential getEncryptionCredential(final WsFederationConfiguration config) {
LOGGER.debug("Locating encryption credential private key [{}]", config.getEncryptionPrivateKey());
val br = new BufferedReader(new InputStreamReader(config.getEncryptionPrivateKey().getInputStream(), StandardCharsets.UTF_8));
Security.addProvider(new BouncyCastleProvider());
LOGGER.debug("Parsing credential private key");
try (val pemParser = new PEMParser(br)) {
val privateKeyPemObject = pemParser.readObject();
val converter = new JcaPEMKeyConverter().setProvider(new BouncyCastleProvider());
val kp = FunctionUtils.doIf(Predicates.instanceOf(PEMEncryptedKeyPair.class), Unchecked.supplier(() -> {
LOGGER.debug("Encryption private key is an encrypted keypair");
val ckp = (PEMEncryptedKeyPair) privateKeyPemObject;
val decProv = new JcePEMDecryptorProviderBuilder().build(config.getEncryptionPrivateKeyPassword().toCharArray());
LOGGER.debug("Attempting to decrypt the encrypted keypair based on the provided encryption private key password");
return converter.getKeyPair(ckp.decryptKeyPair(decProv));
}), Unchecked.supplier(() -> {
LOGGER.debug("Extracting a keypair from the private key");
return converter.getKeyPair((PEMKeyPair) privateKeyPemObject);
})).apply(privateKeyPemObject);
val certParser = new X509CertParser();
LOGGER.debug("Locating encryption certificate [{}]", config.getEncryptionCertificate());
certParser.engineInit(config.getEncryptionCertificate().getInputStream());
LOGGER.debug("Invoking certificate engine to parse the certificate [{}]", config.getEncryptionCertificate());
val cert = (X509CertificateObject) certParser.engineRead();
LOGGER.debug("Creating final credential based on the certificate [{}] and the private key", cert.getIssuerDN());
return new BasicX509Credential(cert, kp.getPrivate());
}
}
Also used :
lombok.val(lombok.val)
X509CertParser(org.bouncycastle.jce.provider.X509CertParser)
PEMEncryptedKeyPair(org.bouncycastle.openssl.PEMEncryptedKeyPair)
InputStreamReader(java.io.InputStreamReader)
PEMParser(org.bouncycastle.openssl.PEMParser)
X509CertificateObject(org.bouncycastle.jce.provider.X509CertificateObject)
BasicX509Credential(org.opensaml.security.x509.BasicX509Credential)
BufferedReader(java.io.BufferedReader)
JcaPEMKeyConverter(org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter)
JcePEMDecryptorProviderBuilder(org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder)
BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)
SneakyThrows(lombok.SneakyThrows)
Example 10 with JcePEMDecryptorProviderBuilder
use of org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder in project box-java-sdk by box.
the class BoxDeveloperEditionAPIConnection method decryptPrivateKey.
private PrivateKey decryptPrivateKey() {
PrivateKey decryptedPrivateKey;
try {
PEMParser keyReader = new PEMParser(new StringReader(this.privateKey));
Object keyPair = keyReader.readObject();
keyReader.close();
if (keyPair instanceof PrivateKeyInfo) {
PrivateKeyInfo keyInfo = (PrivateKeyInfo) keyPair;
decryptedPrivateKey = (new JcaPEMKeyConverter()).getPrivateKey(keyInfo);
} else if (keyPair instanceof PEMEncryptedKeyPair) {
JcePEMDecryptorProviderBuilder builder = new JcePEMDecryptorProviderBuilder();
PEMDecryptorProvider decryptionProvider = builder.build(this.privateKeyPassword.toCharArray());
keyPair = ((PEMEncryptedKeyPair) keyPair).decryptKeyPair(decryptionProvider);
PrivateKeyInfo keyInfo = ((PEMKeyPair) keyPair).getPrivateKeyInfo();
decryptedPrivateKey = (new JcaPEMKeyConverter()).getPrivateKey(keyInfo);
} else if (keyPair instanceof PKCS8EncryptedPrivateKeyInfo) {
InputDecryptorProvider pkcs8Prov = new JceOpenSSLPKCS8DecryptorProviderBuilder().setProvider("BC").build(this.privateKeyPassword.toCharArray());
PrivateKeyInfo keyInfo = ((PKCS8EncryptedPrivateKeyInfo) keyPair).decryptPrivateKeyInfo(pkcs8Prov);
decryptedPrivateKey = (new JcaPEMKeyConverter()).getPrivateKey(keyInfo);
} else {
PrivateKeyInfo keyInfo = ((PEMKeyPair) keyPair).getPrivateKeyInfo();
decryptedPrivateKey = (new JcaPEMKeyConverter()).getPrivateKey(keyInfo);
}
} catch (IOException e) {
throw new BoxAPIException("Error parsing private key for Box Developer Edition.", e);
} catch (OperatorCreationException e) {
throw new BoxAPIException("Error parsing PKCS#8 private key for Box Developer Edition.", e);
} catch (PKCSException e) {
throw new BoxAPIException("Error parsing PKCS private key for Box Developer Edition.", e);
}
return decryptedPrivateKey;
}
Also used :
PrivateKey(java.security.PrivateKey)
PEMDecryptorProvider(org.bouncycastle.openssl.PEMDecryptorProvider)
JcaPEMKeyConverter(org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter)
JcePEMDecryptorProviderBuilder(org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder)
PKCS8EncryptedPrivateKeyInfo(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo)
IOException(java.io.IOException)
PKCSException(org.bouncycastle.pkcs.PKCSException)
PEMEncryptedKeyPair(org.bouncycastle.openssl.PEMEncryptedKeyPair)
PEMParser(org.bouncycastle.openssl.PEMParser)
InputDecryptorProvider(org.bouncycastle.operator.InputDecryptorProvider)
StringReader(java.io.StringReader)
JsonObject(com.eclipsesource.json.JsonObject)
JceOpenSSLPKCS8DecryptorProviderBuilder(org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder)
PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo)
PKCS8EncryptedPrivateKeyInfo(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo)
Aggregations
JcaPEMKeyConverter (org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter)14
JcePEMDecryptorProviderBuilder (org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder)14
PEMEncryptedKeyPair (org.bouncycastle.openssl.PEMEncryptedKeyPair)13
PEMParser (org.bouncycastle.openssl.PEMParser)13
PEMKeyPair (org.bouncycastle.openssl.PEMKeyPair)12
PEMDecryptorProvider (org.bouncycastle.openssl.PEMDecryptorProvider)11
PrivateKeyInfo (org.bouncycastle.asn1.pkcs.PrivateKeyInfo)8
InputStreamReader (java.io.InputStreamReader)7
PKCS8EncryptedPrivateKeyInfo (org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo)7
JceOpenSSLPKCS8DecryptorProviderBuilder (org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder)6
InputDecryptorProvider (org.bouncycastle.operator.InputDecryptorProvider)6
KeyPair (java.security.KeyPair)5
PrivateKey (java.security.PrivateKey)5
BouncyCastleProvider (org.bouncycastle.jce.provider.BouncyCastleProvider)4
BufferedReader (java.io.BufferedReader)3
IOException (java.io.IOException)3
InputStream (java.io.InputStream)3
Reader (java.io.Reader)3
GeneralSecurityException (java.security.GeneralSecurityException)3
FileInputStream (java.io.FileInputStream)2
