Search in sources :

Example 41 with OperatorCreationException

use of org.bouncycastle.operator.OperatorCreationException in project neo4j by neo4j.

the class AbstractNeoServer method createKeyStore.

protected Optional<KeyStoreInformation> createKeyStore() {
    if (httpsIsEnabled()) {
        File privateKeyPath = config.get(ServerSettings.tls_key_file).getAbsoluteFile();
        File certificatePath = config.get(ServerSettings.tls_certificate_file).getAbsoluteFile();
        try {
            // If neither file is specified
            if (!certificatePath.exists() && !privateKeyPath.exists()) {
                //noinspection deprecation
                log.info("No SSL certificate found, generating a self-signed certificate..");
                Certificates certFactory = new Certificates();
                certFactory.createSelfSignedCertificate(certificatePath, privateKeyPath, httpListenAddress.getHostname());
            }
            // Make sure both files were there, or were generated
            if (!certificatePath.exists()) {
                throw new ServerStartupException(String.format("TLS private key found, but missing certificate at '%s'. Cannot start server " + "without certificate.", certificatePath));
            }
            if (!privateKeyPath.exists()) {
                throw new ServerStartupException(String.format("TLS certificate found, but missing key at '%s'. Cannot start server without key.", privateKeyPath));
            }
            return Optional.of(new KeyStoreFactory().createKeyStore(privateKeyPath, certificatePath));
        } catch (GeneralSecurityException e) {
            throw new ServerStartupException("TLS certificate error occurred, unable to start server: " + e.getMessage(), e);
        } catch (IOException | OperatorCreationException e) {
            throw new ServerStartupException("IO problem while loading or creating TLS certificates: " + e.getMessage(), e);
        }
    } else {
        return Optional.empty();
    }
}
Also used : KeyStoreFactory(org.neo4j.bolt.security.ssl.KeyStoreFactory) GeneralSecurityException(java.security.GeneralSecurityException) Certificates(org.neo4j.bolt.security.ssl.Certificates) IOException(java.io.IOException) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) File(java.io.File)

Example 42 with OperatorCreationException

use of org.bouncycastle.operator.OperatorCreationException in project nhin-d by DirectProject.

the class CreateSignedPKCS7 method create.

/**
	 * Creates a pcks7 file from the certificate and key files.
	 * @param anchorDir :The Directory where the .der files are present.
	 * @param createFile : The .p7m File name.
	 * @param metaFile :One XML file as per required specification of TrustBundle metadata schema. 
	 * @param p12certiFile : The .p12 file.
	 * @param passkey :Pass Key for the .p12 file if present or else it should be blank.
	 * @param destDir : The Destination folder where the output .p7m files will be created.
	 * 	 * @return File : Returns the created SignedBundle as a .p7m file.
	 */
public File create(String anchorDir, File createFile, File metaFile, boolean metaExists, File p12certiFile, String passKey) {
    File pkcs7File = null;
    FileOutputStream outStr = null;
    InputStream inStr = null;
    try {
        // Create the unsigned Trust Bundle
        CreateUnSignedPKCS7 unSignedPKCS7 = new CreateUnSignedPKCS7();
        File unsigned = unSignedPKCS7.create(anchorDir, createFile, metaFile, metaExists);
        byte[] unsignedByte = loadFileData(unsigned);
        CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
        CMSSignedData unsignedData = new CMSSignedData(unsignedByte);
        // Create the certificate array
        KeyStore ks = java.security.KeyStore.getInstance("PKCS12", "BC");
        ks.load(new FileInputStream(p12certiFile), defaultPwd.toCharArray());
        ArrayList<X509Certificate> certList = new ArrayList<X509Certificate>();
        Enumeration<String> aliases = ks.aliases();
        while (aliases.hasMoreElements()) {
            String alias = (String) aliases.nextElement();
            if (ks.getKey(alias, defaultPwd.toCharArray()) != null && ks.getKey(alias, defaultPwd.toCharArray()) instanceof PrivateKey) {
                ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA256withRSA").setProvider("BC").build((PrivateKey) ks.getKey(alias, defaultPwd.toCharArray()));
                X509CertificateHolder holder = new X509CertificateHolder(ks.getCertificate(alias).getEncoded());
                certList.add((X509Certificate) ks.getCertificate(alias));
                gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()).build(sha1Signer, holder));
            }
        }
        Store certStores = new JcaCertStore(certList);
        gen.addCertificates(certStores);
        CMSSignedData sigData = gen.generate(new CMSProcessableByteArray(unsignedData.getEncoded()), true);
        //SignedData encapInfo = SignedData.getInstance(sigData.getContentInfo().getContent());
        pkcs7File = getPKCS7OutFile(createFile);
        outStr = new FileOutputStream(pkcs7File);
        outStr.write(sigData.getEncoded());
    } catch (CMSException e) {
        // e.printStackTrace(System.err);
        return null;
    } catch (IOException e) {
        // e.printStackTrace(System.err);
        return null;
    } catch (KeyStoreException e) {
        // e.printStackTrace(System.err);
        return null;
    } catch (NoSuchProviderException e) {
        // e.printStackTrace(System.err);
        return null;
    } catch (NoSuchAlgorithmException e) {
        // e.printStackTrace(System.err);
        return null;
    } catch (CertificateException e) {
        // e.printStackTrace(System.err);
        return null;
    } catch (UnrecoverableKeyException e) {
        // e.printStackTrace(System.err);
        return null;
    } catch (OperatorCreationException e) {
        // e.printStackTrace(System.err);
        return null;
    } catch (Exception e) {
        // e.printStackTrace(System.err);
        return null;
    } finally {
        IOUtils.closeQuietly(outStr);
        IOUtils.closeQuietly(inStr);
    }
    return pkcs7File;
}
Also used : CMSSignedDataGenerator(org.bouncycastle.cms.CMSSignedDataGenerator) PrivateKey(java.security.PrivateKey) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ArrayList(java.util.ArrayList) Store(org.bouncycastle.util.Store) JcaCertStore(org.bouncycastle.cert.jcajce.JcaCertStore) KeyStore(java.security.KeyStore) JcaCertStore(org.bouncycastle.cert.jcajce.JcaCertStore) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) CMSProcessableByteArray(org.bouncycastle.cms.CMSProcessableByteArray) FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) ContentSigner(org.bouncycastle.operator.ContentSigner) IOException(java.io.IOException) KeyStoreException(java.security.KeyStoreException) CMSSignedData(org.bouncycastle.cms.CMSSignedData) KeyStore(java.security.KeyStore) FileInputStream(java.io.FileInputStream) X509Certificate(java.security.cert.X509Certificate) CMSException(org.bouncycastle.cms.CMSException) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) KeyStoreException(java.security.KeyStoreException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) NoSuchProviderException(java.security.NoSuchProviderException) JcaSignerInfoGeneratorBuilder(org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder) FileOutputStream(java.io.FileOutputStream) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) JcaDigestCalculatorProviderBuilder(org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder) NoSuchProviderException(java.security.NoSuchProviderException) File(java.io.File) CMSException(org.bouncycastle.cms.CMSException)

Example 43 with OperatorCreationException

use of org.bouncycastle.operator.OperatorCreationException in project nhin-d by DirectProject.

the class CreateUnSignedPKCS7 method create.

/**
	 * Creates a pcks7 file from the certificate and key files.
	 * @param certFile The X509 DER encoded certificate file.
	 * @param keyFile The PCKS8 DER encoded private key file.
	 * @param password Option password for the private key file.  This is required if the private key file is encrypted.  Should be null or empty
	 * if the private key file is not encrypted.
	 * @param createFile Optional file descriptor for the output file of the pkcs12 file.  If this is null, the file name is based on the 
	 * certificate file name.
	 * @return File descriptor of the created pcks7 file.  Null if an error occurred.  
	 */
public File create(String anchorDir, File createFile, File metaFile, boolean metaExists) {
    File pkcs7File = null;
    FileOutputStream outStr = null;
    InputStream inStr = null;
    // load cert file
    try {
        File userDir = new File(anchorDir);
        File[] files = userDir.listFiles();
        X509Certificate[] certs = new X509Certificate[files.length];
        ArrayList<X509Certificate> certList = new ArrayList<X509Certificate>();
        int counter = 0;
        for (File certFile : files) {
            if (certFile.isFile() && !certFile.isHidden()) {
                if (certFile.getName().endsWith(".der")) {
                    byte[] certData = loadFileData(certFile);
                    certs[counter] = getX509Certificate(certData);
                    certList.add(certs[counter]);
                    counter++;
                }
            }
        }
        if (counter == 0) {
            error = "Trust Anchors are not available in specified folder!";
            return null;
        }
        byte[] metaDataByte;
        if (metaExists) {
            metaDataByte = loadFileData(metaFile);
        } else {
            metaDataByte = "Absent".getBytes();
        }
        CMSTypedData msg = new CMSProcessableByteArray(metaDataByte);
        Store certStores = new JcaCertStore(certList);
        CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
        //SignedData data = new SignedData(arg0, arg1, arg2, arg3, arg4)
        gen.addCertificates(certStores);
        CMSSignedData sigData = gen.generate(msg, metaExists);
        //System.out.println("Inside Unsigned area: Create File:"+createFile);
        pkcs7File = getPKCS7OutFile(createFile);
        outStr = new FileOutputStream(pkcs7File);
        outStr.write(sigData.getEncoded());
    } catch (CMSException e) {
        //e.printStackTrace(System.err);
        return null;
    } catch (IOException e) {
        //e.printStackTrace(System.err);
        return null;
    } catch (KeyStoreException e) {
        //e.printStackTrace(System.err);
        return null;
    } catch (NoSuchProviderException e) {
        //e.printStackTrace(System.err);
        return null;
    } catch (NoSuchAlgorithmException e) {
        //e.printStackTrace(System.err);
        return null;
    } catch (CertificateException e) {
        //e.printStackTrace(System.err);
        return null;
    } catch (UnrecoverableKeyException e) {
        //e.printStackTrace(System.err);
        return null;
    } catch (OperatorCreationException e) {
        //e.printStackTrace(System.err);
        return null;
    } catch (Exception e) {
        //e.printStackTrace(System.err);
        return null;
    } finally {
        IOUtils.closeQuietly(outStr);
        IOUtils.closeQuietly(inStr);
    }
    return pkcs7File;
}
Also used : CMSSignedDataGenerator(org.bouncycastle.cms.CMSSignedDataGenerator) ArrayList(java.util.ArrayList) JcaCertStore(org.bouncycastle.cert.jcajce.JcaCertStore) Store(org.bouncycastle.util.Store) JcaCertStore(org.bouncycastle.cert.jcajce.JcaCertStore) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) CMSProcessableByteArray(org.bouncycastle.cms.CMSProcessableByteArray) CMSTypedData(org.bouncycastle.cms.CMSTypedData) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) IOException(java.io.IOException) KeyStoreException(java.security.KeyStoreException) CMSSignedData(org.bouncycastle.cms.CMSSignedData) X509Certificate(java.security.cert.X509Certificate) CMSException(org.bouncycastle.cms.CMSException) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) IOException(java.io.IOException) KeyStoreException(java.security.KeyStoreException) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) NoSuchProviderException(java.security.NoSuchProviderException) CertificateEncodingException(java.security.cert.CertificateEncodingException) FileOutputStream(java.io.FileOutputStream) NoSuchProviderException(java.security.NoSuchProviderException) File(java.io.File) CMSException(org.bouncycastle.cms.CMSException)

Example 44 with OperatorCreationException

use of org.bouncycastle.operator.OperatorCreationException in project robovm by robovm.

the class JcaContentVerifierProviderBuilder method build.

public ContentVerifierProvider build(final X509Certificate certificate) throws OperatorCreationException {
    final X509CertificateHolder certHolder;
    try {
        certHolder = new JcaX509CertificateHolder(certificate);
    } catch (CertificateEncodingException e) {
        throw new OperatorCreationException("cannot process certificate: " + e.getMessage(), e);
    }
    return new ContentVerifierProvider() {

        private SignatureOutputStream stream;

        public boolean hasAssociatedCertificate() {
            return true;
        }

        public X509CertificateHolder getAssociatedCertificate() {
            return certHolder;
        }

        public ContentVerifier get(AlgorithmIdentifier algorithm) throws OperatorCreationException {
            try {
                Signature sig = helper.createSignature(algorithm);
                sig.initVerify(certificate.getPublicKey());
                stream = new SignatureOutputStream(sig);
            } catch (GeneralSecurityException e) {
                throw new OperatorCreationException("exception on setup: " + e, e);
            }
            Signature rawSig = createRawSig(algorithm, certificate.getPublicKey());
            if (rawSig != null) {
                return new RawSigVerifier(algorithm, stream, rawSig);
            } else {
                return new SigVerifier(algorithm, stream);
            }
        }
    };
}
Also used : X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder) Signature(java.security.Signature) GeneralSecurityException(java.security.GeneralSecurityException) CertificateEncodingException(java.security.cert.CertificateEncodingException) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder) ContentVerifierProvider(org.bouncycastle.operator.ContentVerifierProvider) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)

Example 45 with OperatorCreationException

use of org.bouncycastle.operator.OperatorCreationException in project tika by apache.

the class Pkcs7Parser method parse.

public void parse(InputStream stream, ContentHandler handler, Metadata metadata, ParseContext context) throws IOException, SAXException, TikaException {
    try {
        DigestCalculatorProvider digestCalculatorProvider = new JcaDigestCalculatorProviderBuilder().setProvider("BC").build();
        CMSSignedDataParser parser = new CMSSignedDataParser(digestCalculatorProvider, new CloseShieldInputStream(stream));
        try {
            CMSTypedStream content = parser.getSignedContent();
            if (content == null) {
                throw new TikaException("cannot parse detached pkcs7 signature (no signed data to parse)");
            }
            try (InputStream input = content.getContentStream()) {
                Parser delegate = context.get(Parser.class, EmptyParser.INSTANCE);
                delegate.parse(input, handler, metadata, context);
            }
        } finally {
            parser.close();
        }
    } catch (OperatorCreationException e) {
        throw new TikaException("Unable to create DigestCalculatorProvider", e);
    } catch (CMSException e) {
        throw new TikaException("Unable to parse pkcs7 signed data", e);
    }
}
Also used : CMSSignedDataParser(org.bouncycastle.cms.CMSSignedDataParser) TikaException(org.apache.tika.exception.TikaException) DigestCalculatorProvider(org.bouncycastle.operator.DigestCalculatorProvider) CloseShieldInputStream(org.apache.commons.io.input.CloseShieldInputStream) InputStream(java.io.InputStream) JcaDigestCalculatorProviderBuilder(org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) CloseShieldInputStream(org.apache.commons.io.input.CloseShieldInputStream) CMSTypedStream(org.bouncycastle.cms.CMSTypedStream) Parser(org.apache.tika.parser.Parser) AbstractParser(org.apache.tika.parser.AbstractParser) CMSSignedDataParser(org.bouncycastle.cms.CMSSignedDataParser) EmptyParser(org.apache.tika.parser.EmptyParser) CMSException(org.bouncycastle.cms.CMSException)

Aggregations

OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)88 IOException (java.io.IOException)51 ContentSigner (org.bouncycastle.operator.ContentSigner)38 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)36 CertificateException (java.security.cert.CertificateException)33 X509Certificate (java.security.cert.X509Certificate)31 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)23 Date (java.util.Date)22 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)19 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)19 CMSException (org.bouncycastle.cms.CMSException)17 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)15 X500Name (org.bouncycastle.asn1.x500.X500Name)15 X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)15 GeneralName (org.bouncycastle.asn1.x509.GeneralName)14 NoSuchProviderException (java.security.NoSuchProviderException)12 CMSSignedData (org.bouncycastle.cms.CMSSignedData)12 GeneralSecurityException (java.security.GeneralSecurityException)11 InvalidKeyException (java.security.InvalidKeyException)11 CertificateEncodingException (java.security.cert.CertificateEncodingException)10