Example 1 with DNSException
use of org.nhindirect.dns.DNSException in project nhin-d by DirectProject.
the class CertUtils method pkcs12ToStrippedPkcs12.
/**
* Takes a PKCS12 byte stream and returns a PKCS12 byte stream with the pass phrase protection and encryption removed.
* @param bytes The PKCS12 byte stream that will be stripped.
* @param passphrase The pass phrase of the PKCS12 byte stream. This is used to decrypt the PKCS12 stream.
* @return A PKCS12 byte stream representation of the original PKCS12 stream with the pass phrase protection and encryption removed.
*/
public static byte[] pkcs12ToStrippedPkcs12(byte[] bytes, String passphrase) throws DNSException {
if (bytes == null || bytes.length == 0)
throw new IllegalArgumentException("Pkcs byte stream cannot be null or empty.");
if (passphrase == null)
throw new IllegalArgumentException("Passphrase cannot be null.");
byte[] retVal = null;
final ByteArrayInputStream bais = new ByteArrayInputStream(bytes);
final ByteArrayOutputStream outStr = new ByteArrayOutputStream();
// lets try this a as a PKCS12 data stream first
try {
final KeyStore localKeyStore = KeyStore.getInstance("PKCS12", CryptoExtensions.getJCEProviderName());
localKeyStore.load(bais, passphrase.toCharArray());
final Enumeration<String> aliases = localKeyStore.aliases();
// we are really expecting only one alias
if (aliases.hasMoreElements()) {
final String alias = aliases.nextElement();
X509Certificate cert = (X509Certificate) localKeyStore.getCertificate(alias);
// check if there is private key
final Key key = localKeyStore.getKey(alias, "".toCharArray());
if (key != null && key instanceof PrivateKey) {
// now convert to a pcks12 format without the passphrase
final char[] emptyPass = "".toCharArray();
localKeyStore.setKeyEntry("privCert", key, emptyPass, new java.security.cert.Certificate[] { cert });
localKeyStore.store(outStr, emptyPass);
retVal = outStr.toByteArray();
}
}
} catch (Exception e) {
throw new DNSException("Failed to strip encryption for PKCS stream.");
} finally {
try {
bais.close();
} catch (Exception e) {
/* no-op */
}
try {
outStr.close();
} catch (Exception e) {
/* no-op */
}
}
return retVal;
}
Also used :
PrivateKey(java.security.PrivateKey)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
IOException(java.io.IOException)
DNSException(org.nhindirect.dns.DNSException)
ByteArrayInputStream(java.io.ByteArrayInputStream)
DNSException(org.nhindirect.dns.DNSException)
Key(java.security.Key)
PrivateKey(java.security.PrivateKey)
Example 2 with DNSException
use of org.nhindirect.dns.DNSException in project nhin-d by DirectProject.
the class CertUtils method x509CertificateToBytes.
/**
* Converts an X509Certificate to a byte stream representation. If the certificate contains a private key, the returned representation
* is a PKCS12 byte stream with no pass phrase protection or encryption.
* @param cert The certificate to convert.
* @return A byte stream representation of the certificate.
*/
public static byte[] x509CertificateToBytes(X509Certificate cert) throws DNSException {
if (cert instanceof X509CertificateEx) {
final ByteArrayOutputStream outStr = new ByteArrayOutputStream();
try {
// return as a pkcs12 file with no encryption
final KeyStore convertKeyStore = KeyStore.getInstance("PKCS12", CryptoExtensions.getJCEProviderName());
convertKeyStore.load(null, null);
final char[] emptyPass = "".toCharArray();
convertKeyStore.setKeyEntry("privCert", ((X509CertificateEx) cert).getPrivateKey(), emptyPass, new java.security.cert.Certificate[] { cert });
convertKeyStore.store(outStr, emptyPass);
return outStr.toByteArray();
}///CLOVER:OFF
catch (Exception e) {
throw new DNSException("Failed to convert certificate to a byte stream.");
} finally ///CLOVER:ON
{
try {
outStr.close();
} catch (Exception e) {
/* no-op */
}
}
} else {
try {
return cert.getEncoded();
}///CLOVER:OFF
catch (Exception e) {
throw new DNSException("Failed to convert certificate to a byte stream.");
}
///CLOVER:ON
}
}
Also used :
X509CertificateEx(org.nhindirect.stagent.cert.X509CertificateEx)
DNSException(org.nhindirect.dns.DNSException)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
KeyStore(java.security.KeyStore)
IOException(java.io.IOException)
DNSException(org.nhindirect.dns.DNSException)
Example 3 with DNSException
use of org.nhindirect.dns.DNSException in project nhin-d by DirectProject.
the class CertUtils method x509CertificateToBytes.
/**
* Converts an X509Certificate to a byte stream representation. If the certificate contains a private key, the returned representation
* is a PKCS12 byte stream with no pass phrase protection or encryption.
* @param cert The certificate to convert.
* @return A byte stream representation of the certificate.
*/
public static byte[] x509CertificateToBytes(X509Certificate cert) throws DNSException {
if (cert instanceof X509CertificateEx) {
final ByteArrayOutputStream outStr = new ByteArrayOutputStream();
try {
// return as a pkcs12 file with no encryption
final KeyStore convertKeyStore = KeyStore.getInstance("PKCS12", CryptoExtensions.getJCEProviderName());
convertKeyStore.load(null, null);
final char[] emptyPass = "".toCharArray();
convertKeyStore.setKeyEntry("privCert", ((X509CertificateEx) cert).getPrivateKey(), emptyPass, new java.security.cert.Certificate[] { cert });
convertKeyStore.store(outStr, emptyPass);
return outStr.toByteArray();
}///CLOVER:OFF
catch (Exception e) {
throw new DNSException("Failed to convert certificate to a byte stream.");
} finally ///CLOVER:ON
{
try {
outStr.close();
} catch (Exception e) {
/* no-op */
}
}
} else {
try {
return cert.getEncoded();
}///CLOVER:OFF
catch (Exception e) {
throw new DNSException("Failed to convert certificate to a byte stream.");
}
///CLOVER:ON
}
}
Also used :
X509CertificateEx(org.nhindirect.stagent.cert.X509CertificateEx)
DNSException(org.nhindirect.dns.DNSException)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
KeyStore(java.security.KeyStore)
IOException(java.io.IOException)
DNSException(org.nhindirect.dns.DNSException)
Example 4 with DNSException
use of org.nhindirect.dns.DNSException in project nhin-d by DirectProject.
the class CertRecordPrinter method getColumnValue.
@SuppressWarnings("unused")
@Override
protected String getColumnValue(ReportColumn column, org.nhind.config.Certificate retCert) {
String tpOrURL = null;
boolean isURL = false;
X509Certificate cert = null;
try {
cert = CertUtils.toX509Certificate(retCert.getData());
tpOrURL = Thumbprint.toThumbprint(cert).toString();
} catch (DNSException e) {
// probably not an X509 CERT... might be a URL
}
if (tpOrURL == null) {
try {
tpOrURL = new String(retCert.getData());
URL url = new URL(tpOrURL);
isURL = true;
} catch (Exception e) {
// invalid URL
return "";
}
}
try {
if (column.header.equals(CERT_NAME_COL))
return retCert.getOwner();
else if (column.header.equals(RECORD_TYPE_COL))
return (isURL) ? "IPKIX" : "PKIX";
else if (column.header.equals(TP_NAME_COL))
return isURL ? tpOrURL : Thumbprint.toThumbprint(cert).toString();
else if (column.header.equals(EXPIRES_COL))
return isURL ? "" : dateFormatter.format(cert.getNotAfter());
else if (column.header.equals(PRIVATE_IND_COL))
return retCert.isPrivateKey() ? "Y" : "N";
else
return super.getColumnValue(column, retCert);
} catch (Exception e) {
return "ERROR: " + e.getMessage();
}
}
Also used :
DNSException(org.nhindirect.dns.DNSException)
X509Certificate(java.security.cert.X509Certificate)
URL(java.net.URL)
DNSException(org.nhindirect.dns.DNSException)
Example 5 with DNSException
use of org.nhindirect.dns.DNSException in project nhin-d by DirectProject.
the class CertUtils method toX509Certificate.
/**
* Converts a byte stream to an X509Certificate. The byte stream can either be an encoded X509Certificate or a PKCS12 byte stream.
* <p>
* If the stream is a PKCS12 representation, then the pass phrase is used to decrypt the stream. In addition the resulting X509Certificate
* implementation will contain the private key.
* @param data The byte stream representation to convert.
* @param passPhrase If the byte stream is a PKCS12 representation, then the then the pass phrase is used to decrypt the stream. Can be
* null if the stream is an encoded X509Certificate and not a PKCS12 byte stream.
* @return An X509Certificate representation of the byte stream.
*/
public static X509Certificate toX509Certificate(byte[] data, String passPhrase) throws DNSException {
if (data == null || data.length == 0)
throw new IllegalArgumentException("Byte stream cannot be null or empty.");
// do not use a null pass phrase
if (passPhrase == null)
passPhrase = "";
X509Certificate retVal = null;
ByteArrayInputStream bais = new ByteArrayInputStream(data);
try {
// lets try this a as a PKCS12 data stream first
try {
KeyStore localKeyStore = KeyStore.getInstance("PKCS12", CryptoExtensions.getJCEProviderName());
localKeyStore.load(bais, passPhrase.toCharArray());
Enumeration<String> aliases = localKeyStore.aliases();
// we are really expecting only one alias
if (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
X509Certificate cert = (X509Certificate) localKeyStore.getCertificate(alias);
// check if there is private key
Key key = localKeyStore.getKey(alias, passPhrase.toCharArray());
if (key != null && key instanceof PrivateKey) {
retVal = X509CertificateEx.fromX509Certificate(cert, (PrivateKey) key);
}
}
} catch (Exception e) {
// must not be a PKCS12 stream, try next step
}
if (retVal == null) {
//try X509 certificate factory next
bais.reset();
bais = new ByteArrayInputStream(data);
retVal = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(bais);
}
} catch (Exception e) {
throw new DNSException("Failed to convert byte stream to a certificate.");
} finally {
try {
bais.close();
} catch (IOException ex) {
}
}
return retVal;
}
Also used :
PrivateKey(java.security.PrivateKey)
ByteArrayInputStream(java.io.ByteArrayInputStream)
DNSException(org.nhindirect.dns.DNSException)
IOException(java.io.IOException)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
Key(java.security.Key)
PrivateKey(java.security.PrivateKey)
IOException(java.io.IOException)
DNSException(org.nhindirect.dns.DNSException)
Aggregations
DNSException (org.nhindirect.dns.DNSException)8
IOException (java.io.IOException)6
KeyStore (java.security.KeyStore)6
X509Certificate (java.security.cert.X509Certificate)5
ByteArrayInputStream (java.io.ByteArrayInputStream)4
ByteArrayOutputStream (java.io.ByteArrayOutputStream)4
Key (java.security.Key)4
PrivateKey (java.security.PrivateKey)4
X509CertificateEx (org.nhindirect.stagent.cert.X509CertificateEx)2
BufferedReader (java.io.BufferedReader)1
InputStreamReader (java.io.InputStreamReader)1
URL (java.net.URL)1
DNSServerSettings (org.nhindirect.dns.DNSServerSettings)1
