Examples with InputDecryptorProvider org.bouncycastle.operator.InputDecryptorProvider used on opensource projects

Example 11 with InputDecryptorProvider

use of org.bouncycastle.operator.InputDecryptorProvider in project Openfire by igniterealtime.

the class CertificateManager method parsePrivateKey.

/**
 * Parses a PrivateKey instance from a PEM representation.
 *
 * When the provided key is encrypted, the provided pass phrase is applied.
 *
 * @param pemRepresentation a PEM representation of a private key (cannot be null or empty)
 * @param passPhrase optional pass phrase (must be present if the private key is encrypted).
 * @return a PrivateKey instance (never null)
 * @throws IOException if there was a problem parsing the key
 */
public static PrivateKey parsePrivateKey(InputStream pemRepresentation, String passPhrase) throws IOException {
    if (passPhrase == null) {
        passPhrase = "";
    }
    try (// 
    Reader reader = new InputStreamReader(pemRepresentation);
        PEMParser pemParser = new PEMParser(reader)) {
        final Object object = pemParser.readObject();
        final JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
        final KeyPair kp;
        if (object instanceof PEMEncryptedKeyPair) {
            // Encrypted key - we will use provided password
            final PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(passPhrase.toCharArray());
            kp = converter.getKeyPair(((PEMEncryptedKeyPair) object).decryptKeyPair(decProv));
        } else if (object instanceof PKCS8EncryptedPrivateKeyInfo) {
            // Encrypted key - we will use provided password
            try {
                final PKCS8EncryptedPrivateKeyInfo encryptedInfo = (PKCS8EncryptedPrivateKeyInfo) object;
                final InputDecryptorProvider provider = new JceOpenSSLPKCS8DecryptorProviderBuilder().build(passPhrase.toCharArray());
                final PrivateKeyInfo privateKeyInfo = encryptedInfo.decryptPrivateKeyInfo(provider);
                return converter.getPrivateKey(privateKeyInfo);
            } catch (PKCSException | OperatorCreationException e) {
                throw new IOException("Unable to decrypt private key.", e);
            }
        } else if (object instanceof PrivateKeyInfo) {
            return converter.getPrivateKey((PrivateKeyInfo) object);
        } else {
            // Unencrypted key - no password needed
            kp = converter.getKeyPair((PEMKeyPair) object);
        }
        return kp.getPrivate();
    }
}

Example 12 with InputDecryptorProvider

use of org.bouncycastle.operator.InputDecryptorProvider in project graylog2-server by Graylog2.

the class KeyUtil method privateKeyFromFile.

/**
 * Obtain a private key from a PKS8 PEM file, which is optionally password-protected.
 * @param password password to decrypt the file - it may be null or empty in case of an unencrypted file
 * @param keyFile the key file
 * @return the corresponding private key
 */
public static PrivateKey privateKeyFromFile(String password, File keyFile) throws IOException, PKCSException, OperatorCreationException {
    PrivateKey privateKey;
    JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
    // Be sure to specify charset for reader - don't use plain FileReader
    Object object;
    try (InputStream inputStream = Files.newInputStream(keyFile.toPath());
        InputStreamReader fileReader = new InputStreamReader(inputStream, StandardCharsets.UTF_8);
        PEMParser pemParser = new PEMParser(fileReader)) {
        object = pemParser.readObject();
    }
    if (object instanceof PKCS8EncryptedPrivateKeyInfo) {
        PKCS8EncryptedPrivateKeyInfo pInfo = (PKCS8EncryptedPrivateKeyInfo) object;
        JceOpenSSLPKCS8DecryptorProviderBuilder providerBuilder = new JceOpenSSLPKCS8DecryptorProviderBuilder();
        InputDecryptorProvider provider = providerBuilder.build(Strings.nullToEmpty(password).toCharArray());
        PrivateKeyInfo info = pInfo.decryptPrivateKeyInfo(provider);
        privateKey = converter.getPrivateKey(info);
    } else if (object instanceof PrivateKeyInfo) {
        privateKey = converter.getPrivateKey((PrivateKeyInfo) object);
    } else if (object instanceof PEMKeyPair) {
        privateKey = converter.getPrivateKey(((PEMKeyPair) object).getPrivateKeyInfo());
    } else {
        throw new PKCSException("Encountered unexpected object type: " + object.getClass().getName());
    }
    return privateKey;
}

Example 13 with InputDecryptorProvider

use of org.bouncycastle.operator.InputDecryptorProvider in project graylog2-server by Graylog2.

the class PemKeyStore method generateKeySpec.

/**
 * Generates a key specification for an (encrypted) private key.
 *
 * @param password characters, if {@code null} or empty an unencrypted key is assumed
 * @param key      bytes of the DER encoded private key
 * @return a key specification
 * @throws IOException                        if parsing {@code key} fails
 * @throws PKCSException                if the decryption key based on {@code password} cannot be used to decrypt
 *                                            {@code key}
 * @throws OperatorCreationException    if the decryption algorithm parameters are somehow faulty
 */
protected static PKCS8EncodedKeySpec generateKeySpec(char[] password, byte[] key) throws IOException, PKCSException, OperatorCreationException {
    if (password == null || password.length == 0) {
        return new PKCS8EncodedKeySpec(key);
    }
    final PKCS8EncryptedPrivateKeyInfo privateKeyInfo = new PKCS8EncryptedPrivateKeyInfo(key);
    final InputDecryptorProvider decProv = new JceOpenSSLPKCS8DecryptorProviderBuilder().setProvider("BC").build(password);
    PrivateKeyInfo pkInfo = privateKeyInfo.decryptPrivateKeyInfo(decProv);
    PrivateKey privKey = new JcaPEMKeyConverter().setProvider("BC").getPrivateKey(pkInfo);
    return new PKCS8EncodedKeySpec(privKey.getEncoded());
}