Search in sources :

Example 56 with PrivateKeyInfo

use of org.gudy.bouncycastle.asn1.pkcs.PrivateKeyInfo in project graylog2-server by Graylog2.

the class KeyUtil method privateKeyFromFile.

/**
 * Obtain a private key from a PKS8 PEM file, which is optionally password-protected.
 * @param password password to decrypt the file - it may be null or empty in case of an unencrypted file
 * @param keyFile the key file
 * @return the corresponding private key
 */
public static PrivateKey privateKeyFromFile(String password, File keyFile) throws IOException, PKCSException, OperatorCreationException {
    PrivateKey privateKey;
    JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
    // Be sure to specify charset for reader - don't use plain FileReader
    Object object;
    try (InputStream inputStream = Files.newInputStream(keyFile.toPath());
        InputStreamReader fileReader = new InputStreamReader(inputStream, StandardCharsets.UTF_8);
        PEMParser pemParser = new PEMParser(fileReader)) {
        object = pemParser.readObject();
    }
    if (object instanceof PKCS8EncryptedPrivateKeyInfo) {
        PKCS8EncryptedPrivateKeyInfo pInfo = (PKCS8EncryptedPrivateKeyInfo) object;
        JceOpenSSLPKCS8DecryptorProviderBuilder providerBuilder = new JceOpenSSLPKCS8DecryptorProviderBuilder();
        InputDecryptorProvider provider = providerBuilder.build(Strings.nullToEmpty(password).toCharArray());
        PrivateKeyInfo info = pInfo.decryptPrivateKeyInfo(provider);
        privateKey = converter.getPrivateKey(info);
    } else if (object instanceof PrivateKeyInfo) {
        privateKey = converter.getPrivateKey((PrivateKeyInfo) object);
    } else if (object instanceof PEMKeyPair) {
        privateKey = converter.getPrivateKey(((PEMKeyPair) object).getPrivateKeyInfo());
    } else {
        throw new PKCSException("Encountered unexpected object type: " + object.getClass().getName());
    }
    return privateKey;
}
Also used : PemPrivateKey(io.netty.handler.ssl.PemPrivateKey) PrivateKey(java.security.PrivateKey) InputStreamReader(java.io.InputStreamReader) PEMParser(org.bouncycastle.openssl.PEMParser) InputDecryptorProvider(org.bouncycastle.operator.InputDecryptorProvider) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) JcaPEMKeyConverter(org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter) PemObject(org.bouncycastle.util.io.pem.PemObject) JceOpenSSLPKCS8DecryptorProviderBuilder(org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder) PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair) PKCS8EncryptedPrivateKeyInfo(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo) PKCSException(org.bouncycastle.pkcs.PKCSException) PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo) PKCS8EncryptedPrivateKeyInfo(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo) EncryptedPrivateKeyInfo(javax.crypto.EncryptedPrivateKeyInfo)

Example 57 with PrivateKeyInfo

use of org.gudy.bouncycastle.asn1.pkcs.PrivateKeyInfo in project graylog2-server by Graylog2.

the class PemKeyStore method generateKeySpec.

/**
 * Generates a key specification for an (encrypted) private key.
 *
 * @param password characters, if {@code null} or empty an unencrypted key is assumed
 * @param key      bytes of the DER encoded private key
 * @return a key specification
 * @throws IOException                        if parsing {@code key} fails
 * @throws PKCSException                if the decryption key based on {@code password} cannot be used to decrypt
 *                                            {@code key}
 * @throws OperatorCreationException    if the decryption algorithm parameters are somehow faulty
 */
protected static PKCS8EncodedKeySpec generateKeySpec(char[] password, byte[] key) throws IOException, PKCSException, OperatorCreationException {
    if (password == null || password.length == 0) {
        return new PKCS8EncodedKeySpec(key);
    }
    final PKCS8EncryptedPrivateKeyInfo privateKeyInfo = new PKCS8EncryptedPrivateKeyInfo(key);
    final InputDecryptorProvider decProv = new JceOpenSSLPKCS8DecryptorProviderBuilder().setProvider("BC").build(password);
    PrivateKeyInfo pkInfo = privateKeyInfo.decryptPrivateKeyInfo(decProv);
    PrivateKey privKey = new JcaPEMKeyConverter().setProvider("BC").getPrivateKey(pkInfo);
    return new PKCS8EncodedKeySpec(privKey.getEncoded());
}
Also used : PrivateKey(java.security.PrivateKey) InputDecryptorProvider(org.bouncycastle.operator.InputDecryptorProvider) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) JcaPEMKeyConverter(org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter) JceOpenSSLPKCS8DecryptorProviderBuilder(org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder) PKCS8EncryptedPrivateKeyInfo(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo) PKCS8EncryptedPrivateKeyInfo(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo) PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo)

Aggregations

PrivateKeyInfo (org.bouncycastle.asn1.pkcs.PrivateKeyInfo)46 IOException (java.io.IOException)30 JcaPEMKeyConverter (org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter)26 PEMParser (org.bouncycastle.openssl.PEMParser)23 PrivateKey (java.security.PrivateKey)21 PEMKeyPair (org.bouncycastle.openssl.PEMKeyPair)18 PKCS8EncryptedPrivateKeyInfo (org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo)18 ByteArrayInputStream (java.io.ByteArrayInputStream)13 InputDecryptorProvider (org.bouncycastle.operator.InputDecryptorProvider)13 JceOpenSSLPKCS8DecryptorProviderBuilder (org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder)11 PKCS8EncodedKeySpec (java.security.spec.PKCS8EncodedKeySpec)9 PemObject (org.bouncycastle.util.io.pem.PemObject)9 ASN1InputStream (com.android.org.bouncycastle.asn1.ASN1InputStream)8 PrivateKeyInfo (com.android.org.bouncycastle.asn1.pkcs.PrivateKeyInfo)8 StringReader (java.io.StringReader)8 JcePEMDecryptorProviderBuilder (org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder)8 ObjectIdentifier (sun.security.util.ObjectIdentifier)8 AlgorithmId (sun.security.x509.AlgorithmId)8 GeneralSecurityException (java.security.GeneralSecurityException)7 KeyPair (java.security.KeyPair)7