Examples with PemReader org.bouncycastle.util.io.pem.PemReader used on opensource projects

Example 26 with PemReader

use of org.bouncycastle.util.io.pem.PemReader in project cloudstack by apache.

the class CertUtils method pemToPublicKey.

public static PublicKey pemToPublicKey(final String pem) throws InvalidKeySpecException, IOException {
    final PemReader pr = new PemReader(new StringReader(pem));
    final PemObject pemObject = pr.readPemObject();
    final KeyFactory keyFactory = getKeyFactory();
    return keyFactory.generatePublic(new X509EncodedKeySpec(pemObject.getContent()));
}

Example 27 with PemReader

use of org.bouncycastle.util.io.pem.PemReader in project cloudstack by apache.

the class CertServiceImpl method parsePrivateKey.

public PrivateKey parsePrivateKey(final String key) throws IOException {
    Preconditions.checkArgument(StringUtils.isNotEmpty(key));
    try (final PemReader pemReader = new PemReader(new StringReader(key))) {
        final PemObject pemObject = pemReader.readPemObject();
        final byte[] content = pemObject.getContent();
        final PKCS8EncodedKeySpec privKeySpec = new PKCS8EncodedKeySpec(content);
        final KeyFactory factory = KeyFactory.getInstance("RSA", "BC");
        return factory.generatePrivate(privKeySpec);
    } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
        throw new IOException("No encryption provider available.", e);
    } catch (final InvalidKeySpecException e) {
        throw new IOException("Invalid Key format.", e);
    }
}

Example 28 with PemReader

use of org.bouncycastle.util.io.pem.PemReader in project cloudstack by apache.

the class CertServiceImpl method parseCertificate.

@Override
public Certificate parseCertificate(final String cert) {
    Preconditions.checkArgument(StringUtils.isNotEmpty(cert));
    final PemReader certPem = new PemReader(new StringReader(cert));
    try {
        return readCertificateFromPemObject(certPem.readPemObject());
    } catch (final CertificateException | IOException e) {
        throw new InvalidParameterValueException("Invalid Certificate format. Expected X509 certificate. Failed due to " + e.getMessage());
    } finally {
        IOUtils.closeQuietly(certPem);
    }
}

Example 29 with PemReader

use of org.bouncycastle.util.io.pem.PemReader in project neo4j by neo4j.

the class PkiUtils method loadCertificates.

public static X509Certificate[] loadCertificates(Path certFile) throws CertificateException, IOException {
    CertificateFactory certFactory = CertificateFactory.getInstance(CERTIFICATE_TYPE);
    Collection<X509Certificate> certificates = new LinkedList<>();
    try (PemReader r = new PemReader(Files.newBufferedReader(certFile))) {
        for (PemObject pemObject = r.readPemObject(); pemObject != null; pemObject = r.readPemObject()) {
            byte[] encodedCert = pemObject.getContent();
            Collection<X509Certificate> loadedCertificates = (Collection<X509Certificate>) certFactory.generateCertificates(new ByteArrayInputStream(encodedCert));
            certificates.addAll(loadedCertificates);
        }
        return certificates.toArray(new X509Certificate[0]);
    }
}

Example 30 with PemReader

use of org.bouncycastle.util.io.pem.PemReader in project cloudstack by apache.

the class RootCAProvider method generateCertificateUsingCsr.

private Certificate generateCertificateUsingCsr(final String csr, final List<String> names, final List<String> ips, final int validityDays) throws NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, CertificateException, SignatureException, IOException, OperatorCreationException {
    final List<String> dnsNames = new ArrayList<>();
    final List<String> ipAddresses = new ArrayList<>();
    if (names != null) {
        dnsNames.addAll(names);
    }
    if (ips != null) {
        ipAddresses.addAll(ips);
    }
    PemObject pemObject = null;
    try {
        final PemReader pemReader = new PemReader(new StringReader(csr));
        pemObject = pemReader.readPemObject();
    } catch (IOException e) {
        LOG.error("Failed to read provided CSR string as a PEM object", e);
    }
    if (pemObject == null) {
        throw new CloudRuntimeException("Unable to read/process CSR: " + csr);
    }
    final JcaPKCS10CertificationRequest request = new JcaPKCS10CertificationRequest(pemObject.getContent());
    final String subject = request.getSubject().toString();
    for (final Attribute attribute : request.getAttributes()) {
        if (attribute == null) {
            continue;
        }
        if (attribute.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) {
            final Extensions extensions = Extensions.getInstance(attribute.getAttrValues().getObjectAt(0));
            final GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName);
            if (gns != null && gns.getNames() != null && gns.getNames().length > 0) {
                for (final GeneralName name : gns.getNames()) {
                    if (name.getTagNo() == GeneralName.dNSName) {
                        dnsNames.add(name.getName().toString());
                    }
                    if (name.getTagNo() == GeneralName.iPAddress) {
                        final InetAddress address = InetAddress.getByAddress(DatatypeConverter.parseHexBinary(name.getName().toString().substring(1)));
                        ipAddresses.add(address.toString().replace("/", ""));
                    }
                }
            }
        }
    }
    final X509Certificate clientCertificate = CertUtils.generateV3Certificate(caCertificate, caKeyPair, request.getPublicKey(), subject, CAManager.CertSignatureAlgorithm.value(), validityDays, dnsNames, ipAddresses);
    return new Certificate(clientCertificate, null, Collections.singletonList(caCertificate));
}