Example 6 with PemObject
use of org.bouncycastle.util.io.pem.PemObject in project neo4j by neo4j.
the class Certificates method loadCertificates.
public Certificate[] loadCertificates(File certFile) throws CertificateException, IOException {
CertificateFactory certFactory = CertificateFactory.getInstance(CERTIFICATE_TYPE);
Collection<Certificate> certificates = new LinkedList<>();
try (PemReader r = new PemReader(new FileReader(certFile))) {
for (PemObject pemObject = r.readPemObject(); pemObject != null; pemObject = r.readPemObject()) {
byte[] encodedCert = pemObject.getContent();
certificates.addAll(certFactory.generateCertificates(new ByteArrayInputStream(encodedCert)));
}
}
if (certificates.size() == 0) {
// Ok, failed to read as PEM file, try and read it as raw binary certificate
try (FileInputStream in = new FileInputStream(certFile)) {
certificates = (Collection<Certificate>) certFactory.generateCertificates(in);
}
}
return certificates.toArray(new Certificate[certificates.size()]);
}
Also used :
PemReader(org.bouncycastle.util.io.pem.PemReader)
PemObject(org.bouncycastle.util.io.pem.PemObject)
ByteArrayInputStream(java.io.ByteArrayInputStream)
FileReader(java.io.FileReader)
CertificateFactory(java.security.cert.CertificateFactory)
LinkedList(java.util.LinkedList)
FileInputStream(java.io.FileInputStream)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 7 with PemObject
use of org.bouncycastle.util.io.pem.PemObject in project neo4j by neo4j.
the class Certificates method writePem.
private void writePem(String type, byte[] encodedContent, File path) throws IOException {
path.getParentFile().mkdirs();
try (PemWriter writer = new PemWriter(new FileWriter(path))) {
writer.writeObject(new PemObject(type, encodedContent));
writer.flush();
}
path.setReadable(false, false);
path.setWritable(false, false);
path.setReadable(true);
path.setWritable(true);
}
Also used :
PemObject(org.bouncycastle.util.io.pem.PemObject)
PemWriter(org.bouncycastle.util.io.pem.PemWriter)
FileWriter(java.io.FileWriter)
Example 8 with PemObject
use of org.bouncycastle.util.io.pem.PemObject in project cloudstack by apache.
the class CertificateHelper method parseChain.
public static List<Certificate> parseChain(final String chain) throws IOException, CertificateException {
Preconditions.checkNotNull(chain);
final List<Certificate> certs = new ArrayList<Certificate>();
try (final PemReader pemReader = new PemReader(new StringReader(chain))) {
final PemObject pemObject = pemReader.readPemObject();
final CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
final ByteArrayInputStream bais = new ByteArrayInputStream(pemObject.getContent());
for (final Certificate cert : certificateFactory.generateCertificates(bais)) {
if (cert instanceof X509Certificate) {
certs.add(cert);
}
}
if (certs.isEmpty()) {
throw new IllegalStateException("Unable to decode certificate chain");
}
}
return certs;
}
Also used :
PemReader(org.bouncycastle.util.io.pem.PemReader)
PemObject(org.bouncycastle.util.io.pem.PemObject)
ByteArrayInputStream(java.io.ByteArrayInputStream)
ArrayList(java.util.ArrayList)
StringReader(java.io.StringReader)
CertificateFactory(java.security.cert.CertificateFactory)
X509Certificate(java.security.cert.X509Certificate)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 9 with PemObject
use of org.bouncycastle.util.io.pem.PemObject in project cloudstack by apache.
the class NetscalerResource method execute.
private synchronized Answer execute(final LoadBalancerConfigCommand cmd, final int numRetries) {
try {
if (_isSdx) {
return Answer.createUnsupportedCommandAnswer(cmd);
}
final LoadBalancerTO[] loadBalancers = cmd.getLoadBalancers();
if (loadBalancers == null) {
return new Answer(cmd);
}
for (final LoadBalancerTO loadBalancer : loadBalancers) {
final String srcIp = loadBalancer.getSrcIp();
final int srcPort = loadBalancer.getSrcPort();
final String lbProtocol = getNetScalerProtocol(loadBalancer);
final String lbAlgorithm = loadBalancer.getAlgorithm();
final String nsVirtualServerName = generateNSVirtualServerName(srcIp, srcPort);
final String nsMonitorName = generateNSMonitorName(srcIp, srcPort);
final LbSslCert sslCert = loadBalancer.getSslCert();
if (loadBalancer.isAutoScaleVmGroupTO()) {
applyAutoScaleConfig(loadBalancer);
// Continue to process all the rules.
continue;
}
boolean hasMonitor = false;
boolean deleteMonitor = false;
boolean destinationsToAdd = false;
boolean deleteCert = false;
for (final DestinationTO destination : loadBalancer.getDestinations()) {
if (!destination.isRevoked()) {
destinationsToAdd = true;
break;
}
}
if (!loadBalancer.isRevoked() && destinationsToAdd) {
// create a load balancing virtual server
addLBVirtualServer(nsVirtualServerName, srcIp, srcPort, lbAlgorithm, lbProtocol, loadBalancer.getStickinessPolicies(), null);
if (s_logger.isDebugEnabled()) {
s_logger.debug("Created load balancing virtual server " + nsVirtualServerName + " on the Netscaler device");
}
// create a new monitor
final HealthCheckPolicyTO[] healthCheckPolicies = loadBalancer.getHealthCheckPolicies();
if (healthCheckPolicies != null && healthCheckPolicies.length > 0 && healthCheckPolicies[0] != null) {
for (final HealthCheckPolicyTO healthCheckPolicyTO : healthCheckPolicies) {
if (!healthCheckPolicyTO.isRevoked()) {
addLBMonitor(nsMonitorName, lbProtocol, healthCheckPolicyTO);
hasMonitor = true;
} else {
deleteMonitor = true;
hasMonitor = false;
}
}
}
for (final DestinationTO destination : loadBalancer.getDestinations()) {
final String nsServerName = generateNSServerName(destination.getDestIp());
final String nsServiceName = generateNSServiceName(destination.getDestIp(), destination.getDestPort());
if (!destination.isRevoked()) {
// add a new server
if (!nsServerExists(nsServerName)) {
final com.citrix.netscaler.nitro.resource.config.basic.server nsServer = new com.citrix.netscaler.nitro.resource.config.basic.server();
nsServer.set_name(nsServerName);
nsServer.set_ipaddress(destination.getDestIp());
apiCallResult = com.citrix.netscaler.nitro.resource.config.basic.server.add(_netscalerService, nsServer);
if (apiCallResult.errorcode != 0 && apiCallResult.errorcode != NitroError.NS_RESOURCE_EXISTS) {
throw new ExecutionException("Failed to add server " + destination.getDestIp() + " due to" + apiCallResult.message);
}
}
// create a new service using the server added
if (!nsServiceExists(nsServiceName)) {
final com.citrix.netscaler.nitro.resource.config.basic.service newService = new com.citrix.netscaler.nitro.resource.config.basic.service();
newService.set_name(nsServiceName);
newService.set_port(destination.getDestPort());
newService.set_servername(nsServerName);
newService.set_state("ENABLED");
if (lbProtocol.equalsIgnoreCase(NetUtils.SSL_PROTO)) {
newService.set_servicetype(NetUtils.HTTP_PROTO);
} else {
newService.set_servicetype(lbProtocol);
}
apiCallResult = com.citrix.netscaler.nitro.resource.config.basic.service.add(_netscalerService, newService);
if (apiCallResult.errorcode != 0) {
throw new ExecutionException("Failed to create service " + nsServiceName + " using server " + nsServerName + " due to" + apiCallResult.message);
}
}
//bind service to load balancing virtual server
if (!nsServiceBindingExists(nsVirtualServerName, nsServiceName)) {
final com.citrix.netscaler.nitro.resource.config.lb.lbvserver_service_binding svcBinding = new com.citrix.netscaler.nitro.resource.config.lb.lbvserver_service_binding();
svcBinding.set_name(nsVirtualServerName);
svcBinding.set_servicename(nsServiceName);
apiCallResult = com.citrix.netscaler.nitro.resource.config.lb.lbvserver_service_binding.add(_netscalerService, svcBinding);
if (apiCallResult.errorcode != 0) {
throw new ExecutionException("Failed to bind service: " + nsServiceName + " to the lb virtual server: " + nsVirtualServerName + " on Netscaler device");
}
}
// service.
if (hasMonitor) {
if (!isServiceBoundToMonitor(nsServiceName, nsMonitorName)) {
bindServiceToMonitor(nsServiceName, nsMonitorName);
}
} else {
// delete it.
if (nsMonitorExist(nsMonitorName)) {
// unbind the service from the monitor and
// delete the monitor
unBindServiceToMonitor(nsServiceName, nsMonitorName);
deleteMonitor = true;
}
}
if (sslCert != null && lbProtocol.equalsIgnoreCase(NetUtils.SSL_PROTO)) {
if (sslCert.isRevoked()) {
deleteCert = true;
} else {
// If there is a chain, that should go first to the NS
String previousCertKeyName = null;
if (sslCert.getChain() != null) {
final List<Certificate> chainList = CertificateHelper.parseChain(sslCert.getChain());
// go from ROOT to intermediate CAs
for (final Certificate intermediateCert : Lists.reverse(chainList)) {
final String fingerPrint = CertificateHelper.generateFingerPrint(intermediateCert);
final String intermediateCertKeyName = generateSslCertKeyName(fingerPrint);
final String intermediateCertFileName = intermediateCertKeyName + ".pem";
if (!SSL.isSslCertKeyPresent(_netscalerService, intermediateCertKeyName)) {
final PemObject pemObject = new PemObject(intermediateCert.getType(), intermediateCert.getEncoded());
final StringWriter textWriter = new StringWriter();
try (final PemWriter pemWriter = new PemWriter(textWriter)) {
pemWriter.writeObject(pemObject);
pemWriter.flush();
} catch (final IOException e) {
if (s_logger.isDebugEnabled()) {
s_logger.debug("couldn't write PEM to a string", e);
}
// else just close the certDataStream
}
SSL.uploadCert(_ip, _username, _password, intermediateCertFileName, textWriter.toString().getBytes());
SSL.createSslCertKey(_netscalerService, intermediateCertFileName, null, intermediateCertKeyName, null);
}
if (previousCertKeyName != null && !SSL.certLinkExists(_netscalerService, intermediateCertKeyName, previousCertKeyName)) {
SSL.linkCerts(_netscalerService, intermediateCertKeyName, previousCertKeyName);
}
previousCertKeyName = intermediateCertKeyName;
}
}
//netscaler uses ".pem" format for "bundle" files
final String certFilename = generateSslCertName(sslCert.getFingerprint()) + ".pem";
//netscaler uses ".pem" format for "bundle" files
final String keyFilename = generateSslKeyName(sslCert.getFingerprint()) + ".pem";
final String certKeyName = generateSslCertKeyName(sslCert.getFingerprint());
try (final ByteArrayOutputStream certDataStream = new ByteArrayOutputStream()) {
certDataStream.write(sslCert.getCert().getBytes());
if (!SSL.isSslCertKeyPresent(_netscalerService, certKeyName)) {
SSL.uploadCert(_ip, _username, _password, certFilename, certDataStream.toByteArray());
SSL.uploadKey(_ip, _username, _password, keyFilename, sslCert.getKey().getBytes());
SSL.createSslCertKey(_netscalerService, certFilename, keyFilename, certKeyName, sslCert.getPassword());
}
} catch (final IOException e) {
if (s_logger.isDebugEnabled()) {
s_logger.debug("couldn't open buffer for certificate", e);
}
// else just close the certDataStream
}
if (previousCertKeyName != null && !SSL.certLinkExists(_netscalerService, certKeyName, previousCertKeyName)) {
SSL.linkCerts(_netscalerService, certKeyName, previousCertKeyName);
}
SSL.bindCertKeyToVserver(_netscalerService, certKeyName, nsVirtualServerName);
}
}
if (s_logger.isDebugEnabled()) {
s_logger.debug("Successfully added LB destination: " + destination.getDestIp() + ":" + destination.getDestPort() + " to load balancer " + srcIp + ":" + srcPort);
}
} else {
// remove a destination from the deployed load balancing rule
final com.citrix.netscaler.nitro.resource.config.lb.lbvserver_service_binding[] serviceBindings = com.citrix.netscaler.nitro.resource.config.lb.lbvserver_service_binding.get(_netscalerService, nsVirtualServerName);
if (serviceBindings != null) {
for (final com.citrix.netscaler.nitro.resource.config.lb.lbvserver_service_binding binding : serviceBindings) {
if (nsServiceName.equalsIgnoreCase(binding.get_servicename())) {
// delete the binding
apiCallResult = com.citrix.netscaler.nitro.resource.config.lb.lbvserver_service_binding.delete(_netscalerService, binding);
if (apiCallResult.errorcode != 0) {
throw new ExecutionException("Failed to delete the binding between the virtual server: " + nsVirtualServerName + " and service:" + nsServiceName + " due to" + apiCallResult.message);
}
// check if service is bound to any other virtual server
if (!isServiceBoundToVirtualServer(nsServiceName)) {
// no lb virtual servers are bound to this service so delete it
apiCallResult = com.citrix.netscaler.nitro.resource.config.basic.service.delete(_netscalerService, nsServiceName);
if (apiCallResult.errorcode != 0) {
throw new ExecutionException("Failed to delete service: " + nsServiceName + " due to " + apiCallResult.message);
}
}
// delete the server if there is no associated services
final server_service_binding[] services = server_service_binding.get(_netscalerService, nsServerName);
if (services == null || services.length == 0) {
apiCallResult = com.citrix.netscaler.nitro.resource.config.basic.server.delete(_netscalerService, nsServerName);
if (apiCallResult.errorcode != 0) {
throw new ExecutionException("Failed to remove server:" + nsServerName + " due to " + apiCallResult.message);
}
}
}
}
}
}
}
} else {
// delete the implemented load balancing rule and its destinations
final lbvserver lbserver = getVirtualServerIfExisits(nsVirtualServerName);
if (lbserver != null) {
//unbind the all services associated with this virtual server
final com.citrix.netscaler.nitro.resource.config.lb.lbvserver_service_binding[] serviceBindings = com.citrix.netscaler.nitro.resource.config.lb.lbvserver_service_binding.get(_netscalerService, nsVirtualServerName);
if (serviceBindings != null) {
for (final com.citrix.netscaler.nitro.resource.config.lb.lbvserver_service_binding binding : serviceBindings) {
final String serviceName = binding.get_servicename();
apiCallResult = com.citrix.netscaler.nitro.resource.config.lb.lbvserver_service_binding.delete(_netscalerService, binding);
if (apiCallResult.errorcode != 0) {
throw new ExecutionException("Failed to unbind service from the lb virtual server: " + nsVirtualServerName + " due to " + apiCallResult.message);
}
final com.citrix.netscaler.nitro.resource.config.basic.service svc = com.citrix.netscaler.nitro.resource.config.basic.service.get(_netscalerService, serviceName);
final String nsServerName = svc.get_servername();
// check if service is bound to any other virtual server
if (!isServiceBoundToVirtualServer(serviceName)) {
// no lb virtual servers are bound to this service so delete it
apiCallResult = com.citrix.netscaler.nitro.resource.config.basic.service.delete(_netscalerService, serviceName);
if (apiCallResult.errorcode != 0) {
throw new ExecutionException("Failed to delete service: " + serviceName + " due to " + apiCallResult.message);
}
}
//delete the server if no more services attached
final server_service_binding[] services = server_service_binding.get(_netscalerService, nsServerName);
if (services == null || services.length == 0) {
apiCallResult = com.citrix.netscaler.nitro.resource.config.basic.server.delete(_netscalerService, nsServerName);
if (apiCallResult.errorcode != 0) {
throw new ExecutionException("Failed to remove server:" + nsServerName + " due to " + apiCallResult.message);
}
}
}
}
removeLBVirtualServer(nsVirtualServerName);
deleteMonitor = true;
deleteCert = true;
}
}
if (deleteMonitor) {
removeLBMonitor(nsMonitorName);
}
if (sslCert != null && deleteCert) {
//netscaler uses ".pem" format for "bundle" files
final String certFilename = generateSslCertName(sslCert.getFingerprint()) + ".pem";
//netscaler uses ".pem" format for "bundle" files
final String keyFilename = generateSslKeyName(sslCert.getFingerprint()) + ".pem";
final String certKeyName = generateSslCertKeyName(sslCert.getFingerprint());
// unbind before deleting
if (nsVirtualServerExists(nsVirtualServerName) && SSL.isSslCertKeyPresent(_netscalerService, certKeyName) && SSL.isBoundToVserver(_netscalerService, certKeyName, nsVirtualServerName)) {
SSL.unbindCertKeyFromVserver(_netscalerService, certKeyName, nsVirtualServerName);
}
if (SSL.isSslCertKeyPresent(_netscalerService, certKeyName)) {
SSL.deleteSslCertKey(_netscalerService, certKeyName);
SSL.deleteCertFile(_ip, _username, _password, certFilename);
SSL.deleteKeyFile(_ip, _username, _password, keyFilename);
}
if (sslCert.getChain() != null) {
final List<Certificate> chainList = CertificateHelper.parseChain(sslCert.getChain());
//go from intermediate CAs to ROOT
for (final Certificate intermediateCert : chainList) {
final String fingerPrint = CertificateHelper.generateFingerPrint(intermediateCert);
final String intermediateCertKeyName = generateSslCertKeyName(fingerPrint);
final String intermediateCertFileName = intermediateCertKeyName + ".pem";
if (SSL.isSslCertKeyPresent(_netscalerService, intermediateCertKeyName) && !SSL.isCaforCerts(_netscalerService, intermediateCertKeyName)) {
SSL.deleteSslCertKey(_netscalerService, intermediateCertKeyName);
SSL.deleteCertFile(_ip, _username, _password, intermediateCertFileName);
} else {
// if this cert has another certificate as a child then stop at this point because we need the whole chain
break;
}
}
}
}
}
if (s_logger.isInfoEnabled()) {
s_logger.info("Successfully executed resource LoadBalancerConfigCommand: " + _gson.toJson(cmd));
}
saveConfiguration();
return new Answer(cmd);
} catch (final ExecutionException e) {
s_logger.error("Failed to execute LoadBalancerConfigCommand due to ", e);
if (shouldRetry(numRetries)) {
return retry(cmd, numRetries);
} else {
return new Answer(cmd, e);
}
} catch (final Exception e) {
s_logger.error("Failed to execute LoadBalancerConfigCommand due to ", e);
if (shouldRetry(numRetries)) {
return retry(cmd, numRetries);
} else {
return new Answer(cmd, e);
}
}
}
Also used :
com.citrix.netscaler.nitro.resource.config.gslb.gslbvserver(com.citrix.netscaler.nitro.resource.config.gslb.gslbvserver)
com.citrix.netscaler.nitro.resource.config.lb.lbvserver(com.citrix.netscaler.nitro.resource.config.lb.lbvserver)
com.citrix.netscaler.nitro.resource.config.lb.lbvserver_service_binding(com.citrix.netscaler.nitro.resource.config.lb.lbvserver_service_binding)
com.citrix.netscaler.nitro.resource.config.basic.server_service_binding(com.citrix.netscaler.nitro.resource.config.basic.server_service_binding)
LoadBalancerTO(com.cloud.agent.api.to.LoadBalancerTO)
DestinationTO(com.cloud.agent.api.to.LoadBalancerTO.DestinationTO)
StringWriter(java.io.StringWriter)
ExecutionException(com.cloud.utils.exception.ExecutionException)
LbSslCert(com.cloud.network.lb.LoadBalancingRule.LbSslCert)
PemWriter(org.bouncycastle.util.io.pem.PemWriter)
IOException(java.io.IOException)
ByteArrayOutputStream(org.apache.commons.io.output.ByteArrayOutputStream)
ExecutionException(com.cloud.utils.exception.ExecutionException)
IOException(java.io.IOException)
ConfigurationException(javax.naming.ConfigurationException)
com.citrix.netscaler.nitro.resource.config.gslb.gslbvserver(com.citrix.netscaler.nitro.resource.config.gslb.gslbvserver)
com.citrix.netscaler.nitro.resource.config.lb.lbvserver(com.citrix.netscaler.nitro.resource.config.lb.lbvserver)
MaintainAnswer(com.cloud.agent.api.MaintainAnswer)
GlobalLoadBalancerConfigAnswer(com.cloud.agent.api.routing.GlobalLoadBalancerConfigAnswer)
Answer(com.cloud.agent.api.Answer)
SetStaticNatRulesAnswer(com.cloud.agent.api.routing.SetStaticNatRulesAnswer)
HealthCheckLBConfigAnswer(com.cloud.agent.api.routing.HealthCheckLBConfigAnswer)
IpAssocAnswer(com.cloud.agent.api.routing.IpAssocAnswer)
ReadyAnswer(com.cloud.agent.api.ReadyAnswer)
ExternalNetworkResourceUsageAnswer(com.cloud.agent.api.ExternalNetworkResourceUsageAnswer)
PemObject(org.bouncycastle.util.io.pem.PemObject)
HealthCheckPolicyTO(com.cloud.agent.api.to.LoadBalancerTO.HealthCheckPolicyTO)
com.citrix.netscaler.nitro.resource.config.lb.lbvserver_service_binding(com.citrix.netscaler.nitro.resource.config.lb.lbvserver_service_binding)
com.citrix.netscaler.nitro.service.nitro_service(com.citrix.netscaler.nitro.service.nitro_service)
com.citrix.netscaler.nitro.resource.config.gslb.gslbservice(com.citrix.netscaler.nitro.resource.config.gslb.gslbservice)
com.citrix.netscaler.nitro.resource.config.ns.nsconfig(com.citrix.netscaler.nitro.resource.config.ns.nsconfig)
com.citrix.netscaler.nitro.resource.config.lb.lbvserver_service_binding(com.citrix.netscaler.nitro.resource.config.lb.lbvserver_service_binding)
Certificate(java.security.cert.Certificate)
Example 10 with PemObject
use of org.bouncycastle.util.io.pem.PemObject in project ddf by codice.
the class SimpleSignTest method setUp.
@Before
public void setUp() throws Exception {
encryptionService = mock(PasswordEncryptor.class);
systemCrypto = new SystemCrypto("encryption.properties", "signature.properties", encryptionService);
simpleSign = new SimpleSign(systemCrypto);
cannedResponse = Resources.toString(Resources.getResource(getClass(), "/SAMLResponse.xml"), Charsets.UTF_8);
//Normally you would have the cert in a string already but for this test we will have to pull it out of the jks file
Certificate cert = ((Merlin) systemCrypto.getSignatureCrypto()).getKeyStore().getCertificate("dsa");
StringWriter writer = new StringWriter();
PemWriter pemWriter = new PemWriter(writer);
pemWriter.writeObject(new PemObject("CERTIFICATE", cert.getEncoded()));
pemWriter.flush();
dsaCert = writer.toString().replace("-----BEGIN CERTIFICATE-----", "").replace("-----END CERTIFICATE-----", "");
}
Also used :
PemObject(org.bouncycastle.util.io.pem.PemObject)
StringWriter(java.io.StringWriter)
PemWriter(org.bouncycastle.util.io.pem.PemWriter)
PasswordEncryptor(org.apache.wss4j.common.crypto.PasswordEncryptor)
Certificate(java.security.cert.Certificate)
Before(org.junit.Before)
Aggregations
PemObject (org.bouncycastle.util.io.pem.PemObject)17
PemReader (org.bouncycastle.util.io.pem.PemReader)9
IOException (java.io.IOException)7
StringReader (java.io.StringReader)6
StringWriter (java.io.StringWriter)5
Certificate (java.security.cert.Certificate)5
PemWriter (org.bouncycastle.util.io.pem.PemWriter)5
ByteArrayInputStream (java.io.ByteArrayInputStream)4
PrivateKey (java.security.PrivateKey)4
PKCS8EncodedKeySpec (java.security.spec.PKCS8EncodedKeySpec)4
KeyFactory (java.security.KeyFactory)3
KeyPair (java.security.KeyPair)3
X509Certificate (java.security.cert.X509Certificate)3
RSAPrivateCrtKey (java.security.interfaces.RSAPrivateCrtKey)3
ArrayList (java.util.ArrayList)3
BigInteger (java.math.BigInteger)2
PublicKey (java.security.PublicKey)2
CertificateFactory (java.security.cert.CertificateFactory)2
DSAPrivateKey (java.security.interfaces.DSAPrivateKey)2
RSAPrivateKey (java.security.interfaces.RSAPrivateKey)2
