Search in sources :

Example 51 with PrivateKeyInfo

use of org.gudy.bouncycastle.asn1.pkcs.PrivateKeyInfo in project jruby-openssl by jruby.

the class PEMInputOutput method writeDSAPrivateKey.

public static void writeDSAPrivateKey(Writer _out, DSAPrivateKey obj, CipherSpec cipher, char[] passwd) throws IOException {
    BufferedWriter out = makeBuffered(_out);
    PrivateKeyInfo info = new PrivateKeyInfo((ASN1Sequence) new ASN1InputStream(getEncoded(obj)).readObject());
    ByteArrayOutputStream bOut = new ByteArrayOutputStream();
    ASN1OutputStream aOut = new ASN1OutputStream(bOut);
    DSAParameter p = DSAParameter.getInstance(info.getPrivateKeyAlgorithm().getParameters());
    ASN1EncodableVector v = new ASN1EncodableVector();
    v.add(new ASN1Integer(BigInteger.ZERO));
    v.add(new ASN1Integer(p.getP()));
    v.add(new ASN1Integer(p.getQ()));
    v.add(new ASN1Integer(p.getG()));
    BigInteger x = obj.getX();
    BigInteger y = p.getG().modPow(x, p.getP());
    v.add(new ASN1Integer(y));
    v.add(new ASN1Integer(x));
    aOut.writeObject(new DLSequence(v));
    if (cipher != null && passwd != null) {
        writePemEncrypted(out, PEM_STRING_DSA, bOut.buffer(), bOut.size(), cipher, passwd);
    } else {
        writePemPlain(out, PEM_STRING_DSA, bOut.buffer(), bOut.size());
    }
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) DLSequence(org.bouncycastle.asn1.DLSequence) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) BigInteger(java.math.BigInteger) ByteArrayOutputStream(org.jruby.ext.openssl.util.ByteArrayOutputStream) DSAParameter(org.bouncycastle.asn1.x509.DSAParameter) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) ASN1OutputStream(org.bouncycastle.asn1.ASN1OutputStream) EncryptedPrivateKeyInfo(org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo) PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo) BufferedWriter(java.io.BufferedWriter)

Example 52 with PrivateKeyInfo

use of org.gudy.bouncycastle.asn1.pkcs.PrivateKeyInfo in project credhub by cloudfoundry-incubator.

the class PrivateKeyReader method getPrivateKey.

public static PrivateKey getPrivateKey(String privateKeyPem) throws IOException, UnsupportedFormatException {
    PEMParser pemParser = new PEMParser(new StringReader(privateKeyPem));
    Object parsed = pemParser.readObject();
    pemParser.close();
    if (!(parsed instanceof PEMKeyPair)) {
        throw new UnsupportedFormatException("format of private key is not supported.");
    }
    PEMKeyPair pemKeyPair = (PEMKeyPair) parsed;
    PrivateKeyInfo privateKeyInfo = pemKeyPair.getPrivateKeyInfo();
    return new JcaPEMKeyConverter().getPrivateKey(privateKeyInfo);
}
Also used : PEMParser(org.bouncycastle.openssl.PEMParser) StringReader(java.io.StringReader) JcaPEMKeyConverter(org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter) PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair) PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo)

Example 53 with PrivateKeyInfo

use of org.gudy.bouncycastle.asn1.pkcs.PrivateKeyInfo in project midpoint by Evolveum.

the class RemoteModuleWebSecurityConfiguration method getPrivateKey.

protected static PrivateKey getPrivateKey(AbstractSimpleKeyType key, Protector protector) throws EncryptionException, IOException, PKCSException, OperatorCreationException {
    if (key == null) {
        return null;
    }
    PrivateKey pkey = null;
    String stringPrivateKey = protector.decryptString(key.getPrivateKey());
    String stringPassphrase = protector.decryptString(key.getPassphrase());
    if (hasText(stringPrivateKey)) {
        Object obj;
        PEMParser parser = new PEMParser(new CharArrayReader(stringPrivateKey.toCharArray()));
        obj = parser.readObject();
        parser.close();
        JcaPEMKeyConverter converter = new JcaPEMKeyConverter();
        if (obj == null) {
            throw new EncryptionException("Unable to decode PEM key:" + key.getPrivateKey());
        } else if (obj instanceof PEMEncryptedKeyPair) {
            // Encrypted key - we will use provided password
            PEMEncryptedKeyPair ckp = (PEMEncryptedKeyPair) obj;
            char[] passarray = (ofNullable(stringPassphrase).orElse("")).toCharArray();
            PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(passarray);
            KeyPair kp = converter.getKeyPair(ckp.decryptKeyPair(decProv));
            pkey = kp.getPrivate();
        } else if (obj instanceof PEMKeyPair) {
            // Unencrypted key - no password needed
            PEMKeyPair ukp = (PEMKeyPair) obj;
            KeyPair kp = converter.getKeyPair(ukp);
            pkey = kp.getPrivate();
        } else if (obj instanceof PrivateKeyInfo) {
            // Encrypted key - we will use provided password
            PrivateKeyInfo pk = (PrivateKeyInfo) obj;
            pkey = converter.getPrivateKey(pk);
        } else if (obj instanceof PKCS8EncryptedPrivateKeyInfo) {
            // Encrypted key - we will use provided password
            PKCS8EncryptedPrivateKeyInfo cpk = (PKCS8EncryptedPrivateKeyInfo) obj;
            char[] passarray = (ofNullable(stringPassphrase).orElse("")).toCharArray();
            final InputDecryptorProvider provider = new JceOpenSSLPKCS8DecryptorProviderBuilder().build(passarray);
            pkey = converter.getPrivateKey(cpk.decryptPrivateKeyInfo(provider));
        } else {
            throw new EncryptionException("Unable get private key from " + obj);
        }
    }
    return pkey;
}
Also used : PEMEncryptedKeyPair(org.bouncycastle.openssl.PEMEncryptedKeyPair) PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair) PEMDecryptorProvider(org.bouncycastle.openssl.PEMDecryptorProvider) JcaPEMKeyConverter(org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter) JcePEMDecryptorProviderBuilder(org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder) PKCS8EncryptedPrivateKeyInfo(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo) PEMEncryptedKeyPair(org.bouncycastle.openssl.PEMEncryptedKeyPair) PEMParser(org.bouncycastle.openssl.PEMParser) InputDecryptorProvider(org.bouncycastle.operator.InputDecryptorProvider) EncryptionException(com.evolveum.midpoint.prism.crypto.EncryptionException) PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair) JceOpenSSLPKCS8DecryptorProviderBuilder(org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder) PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo) PKCS8EncryptedPrivateKeyInfo(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo)

Example 54 with PrivateKeyInfo

use of org.gudy.bouncycastle.asn1.pkcs.PrivateKeyInfo in project zeppelin by apache.

the class PEMImporter method createPrivateKey.

private static PrivateKey createPrivateKey(File privateKeyPem, String keyPassword) throws IOException, GeneralSecurityException, OperatorCreationException, PKCSException {
    // add provider only if it's not in the JVM
    if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
        Security.addProvider(new BouncyCastleProvider());
    }
    try (PEMParser parser = new PEMParser(Files.newBufferedReader(privateKeyPem.toPath()))) {
        Object privateKeyObject = parser.readObject();
        JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME);
        KeyPair kp;
        if (privateKeyObject instanceof PEMEncryptedKeyPair) {
            // Encrypted key - we will use provided password
            PEMEncryptedKeyPair ckp = (PEMEncryptedKeyPair) privateKeyObject;
            PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(keyPassword.toCharArray());
            kp = converter.getKeyPair(ckp.decryptKeyPair(decProv));
        } else if (privateKeyObject instanceof PEMKeyPair) {
            // Unencrypted key - no password needed
            PEMKeyPair ukp = (PEMKeyPair) privateKeyObject;
            kp = converter.getKeyPair(ukp);
        } else if (privateKeyObject instanceof PrivateKeyInfo) {
            PrivateKeyInfo pki = (PrivateKeyInfo) privateKeyObject;
            return converter.getPrivateKey(pki);
        } else if (privateKeyObject instanceof PKCS8EncryptedPrivateKeyInfo) {
            PKCS8EncryptedPrivateKeyInfo ckp = (PKCS8EncryptedPrivateKeyInfo) privateKeyObject;
            InputDecryptorProvider devProv = new JceOpenSSLPKCS8DecryptorProviderBuilder().build(keyPassword.toCharArray());
            return converter.getPrivateKey(ckp.decryptPrivateKeyInfo(devProv));
        } else {
            throw new GeneralSecurityException("Unsupported key type: " + privateKeyObject.getClass());
        }
        return kp.getPrivate();
    }
}
Also used : KeyPair(java.security.KeyPair) PEMEncryptedKeyPair(org.bouncycastle.openssl.PEMEncryptedKeyPair) PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair) GeneralSecurityException(java.security.GeneralSecurityException) PEMDecryptorProvider(org.bouncycastle.openssl.PEMDecryptorProvider) JcaPEMKeyConverter(org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter) JcePEMDecryptorProviderBuilder(org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder) PKCS8EncryptedPrivateKeyInfo(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo) PEMEncryptedKeyPair(org.bouncycastle.openssl.PEMEncryptedKeyPair) PEMParser(org.bouncycastle.openssl.PEMParser) InputDecryptorProvider(org.bouncycastle.operator.InputDecryptorProvider) PemObject(org.bouncycastle.util.io.pem.PemObject) PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair) JceOpenSSLPKCS8DecryptorProviderBuilder(org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder) PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo) PKCS8EncryptedPrivateKeyInfo(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)

Example 55 with PrivateKeyInfo

use of org.gudy.bouncycastle.asn1.pkcs.PrivateKeyInfo in project Openfire by igniterealtime.

the class CertificateManager method parsePrivateKey.

/**
 * Parses a PrivateKey instance from a PEM representation.
 *
 * When the provided key is encrypted, the provided pass phrase is applied.
 *
 * @param pemRepresentation a PEM representation of a private key (cannot be null or empty)
 * @param passPhrase optional pass phrase (must be present if the private key is encrypted).
 * @return a PrivateKey instance (never null)
 * @throws IOException if there was a problem parsing the key
 */
public static PrivateKey parsePrivateKey(InputStream pemRepresentation, String passPhrase) throws IOException {
    if (passPhrase == null) {
        passPhrase = "";
    }
    try (// 
    Reader reader = new InputStreamReader(pemRepresentation);
        PEMParser pemParser = new PEMParser(reader)) {
        final Object object = pemParser.readObject();
        final JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
        final KeyPair kp;
        if (object instanceof PEMEncryptedKeyPair) {
            // Encrypted key - we will use provided password
            final PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(passPhrase.toCharArray());
            kp = converter.getKeyPair(((PEMEncryptedKeyPair) object).decryptKeyPair(decProv));
        } else if (object instanceof PKCS8EncryptedPrivateKeyInfo) {
            // Encrypted key - we will use provided password
            try {
                final PKCS8EncryptedPrivateKeyInfo encryptedInfo = (PKCS8EncryptedPrivateKeyInfo) object;
                final InputDecryptorProvider provider = new JceOpenSSLPKCS8DecryptorProviderBuilder().build(passPhrase.toCharArray());
                final PrivateKeyInfo privateKeyInfo = encryptedInfo.decryptPrivateKeyInfo(provider);
                return converter.getPrivateKey(privateKeyInfo);
            } catch (PKCSException | OperatorCreationException e) {
                throw new IOException("Unable to decrypt private key.", e);
            }
        } else if (object instanceof PrivateKeyInfo) {
            return converter.getPrivateKey((PrivateKeyInfo) object);
        } else {
            // Unencrypted key - no password needed
            kp = converter.getKeyPair((PEMKeyPair) object);
        }
        return kp.getPrivate();
    }
}
Also used : JcaPEMKeyConverter(org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter) JcePEMDecryptorProviderBuilder(org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder) PKCS8EncryptedPrivateKeyInfo(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo) InputDecryptorProvider(org.bouncycastle.operator.InputDecryptorProvider) JceOpenSSLPKCS8DecryptorProviderBuilder(org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder) PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo) PKCS8EncryptedPrivateKeyInfo(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo)

Aggregations

PrivateKeyInfo (org.bouncycastle.asn1.pkcs.PrivateKeyInfo)46 IOException (java.io.IOException)30 JcaPEMKeyConverter (org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter)26 PEMParser (org.bouncycastle.openssl.PEMParser)23 PrivateKey (java.security.PrivateKey)21 PEMKeyPair (org.bouncycastle.openssl.PEMKeyPair)18 PKCS8EncryptedPrivateKeyInfo (org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo)18 ByteArrayInputStream (java.io.ByteArrayInputStream)13 InputDecryptorProvider (org.bouncycastle.operator.InputDecryptorProvider)13 JceOpenSSLPKCS8DecryptorProviderBuilder (org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder)11 PKCS8EncodedKeySpec (java.security.spec.PKCS8EncodedKeySpec)9 PemObject (org.bouncycastle.util.io.pem.PemObject)9 ASN1InputStream (com.android.org.bouncycastle.asn1.ASN1InputStream)8 PrivateKeyInfo (com.android.org.bouncycastle.asn1.pkcs.PrivateKeyInfo)8 StringReader (java.io.StringReader)8 JcePEMDecryptorProviderBuilder (org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder)8 ObjectIdentifier (sun.security.util.ObjectIdentifier)8 AlgorithmId (sun.security.x509.AlgorithmId)8 GeneralSecurityException (java.security.GeneralSecurityException)7 KeyPair (java.security.KeyPair)7