use of org.gudy.bouncycastle.asn1.pkcs.PrivateKeyInfo in project graylog2-server by Graylog2.
the class KeyUtil method privateKeyFromFile.
/**
* Obtain a private key from a PKS8 PEM file, which is optionally password-protected.
* @param password password to decrypt the file - it may be null or empty in case of an unencrypted file
* @param keyFile the key file
* @return the corresponding private key
*/
public static PrivateKey privateKeyFromFile(String password, File keyFile) throws IOException, PKCSException, OperatorCreationException {
PrivateKey privateKey;
JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
// Be sure to specify charset for reader - don't use plain FileReader
Object object;
try (InputStream inputStream = Files.newInputStream(keyFile.toPath());
InputStreamReader fileReader = new InputStreamReader(inputStream, StandardCharsets.UTF_8);
PEMParser pemParser = new PEMParser(fileReader)) {
object = pemParser.readObject();
}
if (object instanceof PKCS8EncryptedPrivateKeyInfo) {
PKCS8EncryptedPrivateKeyInfo pInfo = (PKCS8EncryptedPrivateKeyInfo) object;
JceOpenSSLPKCS8DecryptorProviderBuilder providerBuilder = new JceOpenSSLPKCS8DecryptorProviderBuilder();
InputDecryptorProvider provider = providerBuilder.build(Strings.nullToEmpty(password).toCharArray());
PrivateKeyInfo info = pInfo.decryptPrivateKeyInfo(provider);
privateKey = converter.getPrivateKey(info);
} else if (object instanceof PrivateKeyInfo) {
privateKey = converter.getPrivateKey((PrivateKeyInfo) object);
} else if (object instanceof PEMKeyPair) {
privateKey = converter.getPrivateKey(((PEMKeyPair) object).getPrivateKeyInfo());
} else {
throw new PKCSException("Encountered unexpected object type: " + object.getClass().getName());
}
return privateKey;
}
use of org.gudy.bouncycastle.asn1.pkcs.PrivateKeyInfo in project graylog2-server by Graylog2.
the class PemKeyStore method generateKeySpec.
/**
* Generates a key specification for an (encrypted) private key.
*
* @param password characters, if {@code null} or empty an unencrypted key is assumed
* @param key bytes of the DER encoded private key
* @return a key specification
* @throws IOException if parsing {@code key} fails
* @throws PKCSException if the decryption key based on {@code password} cannot be used to decrypt
* {@code key}
* @throws OperatorCreationException if the decryption algorithm parameters are somehow faulty
*/
protected static PKCS8EncodedKeySpec generateKeySpec(char[] password, byte[] key) throws IOException, PKCSException, OperatorCreationException {
if (password == null || password.length == 0) {
return new PKCS8EncodedKeySpec(key);
}
final PKCS8EncryptedPrivateKeyInfo privateKeyInfo = new PKCS8EncryptedPrivateKeyInfo(key);
final InputDecryptorProvider decProv = new JceOpenSSLPKCS8DecryptorProviderBuilder().setProvider("BC").build(password);
PrivateKeyInfo pkInfo = privateKeyInfo.decryptPrivateKeyInfo(decProv);
PrivateKey privKey = new JcaPEMKeyConverter().setProvider("BC").getPrivateKey(pkInfo);
return new PKCS8EncodedKeySpec(privKey.getEncoded());
}
Aggregations