use of org.bouncycastle.operator.OperatorCreationException in project neo4j by neo4j.
the class AbstractNeoServer method createKeyStore.
protected Optional<KeyStoreInformation> createKeyStore() {
if (httpsIsEnabled()) {
File privateKeyPath = config.get(ServerSettings.tls_key_file).getAbsoluteFile();
File certificatePath = config.get(ServerSettings.tls_certificate_file).getAbsoluteFile();
try {
// If neither file is specified
if (!certificatePath.exists() && !privateKeyPath.exists()) {
//noinspection deprecation
log.info("No SSL certificate found, generating a self-signed certificate..");
Certificates certFactory = new Certificates();
certFactory.createSelfSignedCertificate(certificatePath, privateKeyPath, httpListenAddress.getHostname());
}
// Make sure both files were there, or were generated
if (!certificatePath.exists()) {
throw new ServerStartupException(String.format("TLS private key found, but missing certificate at '%s'. Cannot start server " + "without certificate.", certificatePath));
}
if (!privateKeyPath.exists()) {
throw new ServerStartupException(String.format("TLS certificate found, but missing key at '%s'. Cannot start server without key.", privateKeyPath));
}
return Optional.of(new KeyStoreFactory().createKeyStore(privateKeyPath, certificatePath));
} catch (GeneralSecurityException e) {
throw new ServerStartupException("TLS certificate error occurred, unable to start server: " + e.getMessage(), e);
} catch (IOException | OperatorCreationException e) {
throw new ServerStartupException("IO problem while loading or creating TLS certificates: " + e.getMessage(), e);
}
} else {
return Optional.empty();
}
}
use of org.bouncycastle.operator.OperatorCreationException in project nhin-d by DirectProject.
the class CreateSignedPKCS7 method create.
/**
* Creates a pcks7 file from the certificate and key files.
* @param anchorDir :The Directory where the .der files are present.
* @param createFile : The .p7m File name.
* @param metaFile :One XML file as per required specification of TrustBundle metadata schema.
* @param p12certiFile : The .p12 file.
* @param passkey :Pass Key for the .p12 file if present or else it should be blank.
* @param destDir : The Destination folder where the output .p7m files will be created.
* * @return File : Returns the created SignedBundle as a .p7m file.
*/
public File create(String anchorDir, File createFile, File metaFile, boolean metaExists, File p12certiFile, String passKey) {
File pkcs7File = null;
FileOutputStream outStr = null;
InputStream inStr = null;
try {
// Create the unsigned Trust Bundle
CreateUnSignedPKCS7 unSignedPKCS7 = new CreateUnSignedPKCS7();
File unsigned = unSignedPKCS7.create(anchorDir, createFile, metaFile, metaExists);
byte[] unsignedByte = loadFileData(unsigned);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
CMSSignedData unsignedData = new CMSSignedData(unsignedByte);
// Create the certificate array
KeyStore ks = java.security.KeyStore.getInstance("PKCS12", "BC");
ks.load(new FileInputStream(p12certiFile), defaultPwd.toCharArray());
ArrayList<X509Certificate> certList = new ArrayList<X509Certificate>();
Enumeration<String> aliases = ks.aliases();
while (aliases.hasMoreElements()) {
String alias = (String) aliases.nextElement();
if (ks.getKey(alias, defaultPwd.toCharArray()) != null && ks.getKey(alias, defaultPwd.toCharArray()) instanceof PrivateKey) {
ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA256withRSA").setProvider("BC").build((PrivateKey) ks.getKey(alias, defaultPwd.toCharArray()));
X509CertificateHolder holder = new X509CertificateHolder(ks.getCertificate(alias).getEncoded());
certList.add((X509Certificate) ks.getCertificate(alias));
gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()).build(sha1Signer, holder));
}
}
Store certStores = new JcaCertStore(certList);
gen.addCertificates(certStores);
CMSSignedData sigData = gen.generate(new CMSProcessableByteArray(unsignedData.getEncoded()), true);
//SignedData encapInfo = SignedData.getInstance(sigData.getContentInfo().getContent());
pkcs7File = getPKCS7OutFile(createFile);
outStr = new FileOutputStream(pkcs7File);
outStr.write(sigData.getEncoded());
} catch (CMSException e) {
// e.printStackTrace(System.err);
return null;
} catch (IOException e) {
// e.printStackTrace(System.err);
return null;
} catch (KeyStoreException e) {
// e.printStackTrace(System.err);
return null;
} catch (NoSuchProviderException e) {
// e.printStackTrace(System.err);
return null;
} catch (NoSuchAlgorithmException e) {
// e.printStackTrace(System.err);
return null;
} catch (CertificateException e) {
// e.printStackTrace(System.err);
return null;
} catch (UnrecoverableKeyException e) {
// e.printStackTrace(System.err);
return null;
} catch (OperatorCreationException e) {
// e.printStackTrace(System.err);
return null;
} catch (Exception e) {
// e.printStackTrace(System.err);
return null;
} finally {
IOUtils.closeQuietly(outStr);
IOUtils.closeQuietly(inStr);
}
return pkcs7File;
}
use of org.bouncycastle.operator.OperatorCreationException in project nhin-d by DirectProject.
the class CreateUnSignedPKCS7 method create.
/**
* Creates a pcks7 file from the certificate and key files.
* @param certFile The X509 DER encoded certificate file.
* @param keyFile The PCKS8 DER encoded private key file.
* @param password Option password for the private key file. This is required if the private key file is encrypted. Should be null or empty
* if the private key file is not encrypted.
* @param createFile Optional file descriptor for the output file of the pkcs12 file. If this is null, the file name is based on the
* certificate file name.
* @return File descriptor of the created pcks7 file. Null if an error occurred.
*/
public File create(String anchorDir, File createFile, File metaFile, boolean metaExists) {
File pkcs7File = null;
FileOutputStream outStr = null;
InputStream inStr = null;
// load cert file
try {
File userDir = new File(anchorDir);
File[] files = userDir.listFiles();
X509Certificate[] certs = new X509Certificate[files.length];
ArrayList<X509Certificate> certList = new ArrayList<X509Certificate>();
int counter = 0;
for (File certFile : files) {
if (certFile.isFile() && !certFile.isHidden()) {
if (certFile.getName().endsWith(".der")) {
byte[] certData = loadFileData(certFile);
certs[counter] = getX509Certificate(certData);
certList.add(certs[counter]);
counter++;
}
}
}
if (counter == 0) {
error = "Trust Anchors are not available in specified folder!";
return null;
}
byte[] metaDataByte;
if (metaExists) {
metaDataByte = loadFileData(metaFile);
} else {
metaDataByte = "Absent".getBytes();
}
CMSTypedData msg = new CMSProcessableByteArray(metaDataByte);
Store certStores = new JcaCertStore(certList);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
//SignedData data = new SignedData(arg0, arg1, arg2, arg3, arg4)
gen.addCertificates(certStores);
CMSSignedData sigData = gen.generate(msg, metaExists);
//System.out.println("Inside Unsigned area: Create File:"+createFile);
pkcs7File = getPKCS7OutFile(createFile);
outStr = new FileOutputStream(pkcs7File);
outStr.write(sigData.getEncoded());
} catch (CMSException e) {
//e.printStackTrace(System.err);
return null;
} catch (IOException e) {
//e.printStackTrace(System.err);
return null;
} catch (KeyStoreException e) {
//e.printStackTrace(System.err);
return null;
} catch (NoSuchProviderException e) {
//e.printStackTrace(System.err);
return null;
} catch (NoSuchAlgorithmException e) {
//e.printStackTrace(System.err);
return null;
} catch (CertificateException e) {
//e.printStackTrace(System.err);
return null;
} catch (UnrecoverableKeyException e) {
//e.printStackTrace(System.err);
return null;
} catch (OperatorCreationException e) {
//e.printStackTrace(System.err);
return null;
} catch (Exception e) {
//e.printStackTrace(System.err);
return null;
} finally {
IOUtils.closeQuietly(outStr);
IOUtils.closeQuietly(inStr);
}
return pkcs7File;
}
use of org.bouncycastle.operator.OperatorCreationException in project robovm by robovm.
the class JcaContentVerifierProviderBuilder method build.
public ContentVerifierProvider build(final X509Certificate certificate) throws OperatorCreationException {
final X509CertificateHolder certHolder;
try {
certHolder = new JcaX509CertificateHolder(certificate);
} catch (CertificateEncodingException e) {
throw new OperatorCreationException("cannot process certificate: " + e.getMessage(), e);
}
return new ContentVerifierProvider() {
private SignatureOutputStream stream;
public boolean hasAssociatedCertificate() {
return true;
}
public X509CertificateHolder getAssociatedCertificate() {
return certHolder;
}
public ContentVerifier get(AlgorithmIdentifier algorithm) throws OperatorCreationException {
try {
Signature sig = helper.createSignature(algorithm);
sig.initVerify(certificate.getPublicKey());
stream = new SignatureOutputStream(sig);
} catch (GeneralSecurityException e) {
throw new OperatorCreationException("exception on setup: " + e, e);
}
Signature rawSig = createRawSig(algorithm, certificate.getPublicKey());
if (rawSig != null) {
return new RawSigVerifier(algorithm, stream, rawSig);
} else {
return new SigVerifier(algorithm, stream);
}
}
};
}
use of org.bouncycastle.operator.OperatorCreationException in project tika by apache.
the class Pkcs7Parser method parse.
public void parse(InputStream stream, ContentHandler handler, Metadata metadata, ParseContext context) throws IOException, SAXException, TikaException {
try {
DigestCalculatorProvider digestCalculatorProvider = new JcaDigestCalculatorProviderBuilder().setProvider("BC").build();
CMSSignedDataParser parser = new CMSSignedDataParser(digestCalculatorProvider, new CloseShieldInputStream(stream));
try {
CMSTypedStream content = parser.getSignedContent();
if (content == null) {
throw new TikaException("cannot parse detached pkcs7 signature (no signed data to parse)");
}
try (InputStream input = content.getContentStream()) {
Parser delegate = context.get(Parser.class, EmptyParser.INSTANCE);
delegate.parse(input, handler, metadata, context);
}
} finally {
parser.close();
}
} catch (OperatorCreationException e) {
throw new TikaException("Unable to create DigestCalculatorProvider", e);
} catch (CMSException e) {
throw new TikaException("Unable to parse pkcs7 signed data", e);
}
}
Aggregations