Java Code Examples for org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter#getPrivateKey()

The following examples show how to use org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter#getPrivateKey() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: SSLFactory.java    From ts-reaktive with MIT License 6 votes vote down vote up
/**
 * Reads a base64-format PEM key and returns a Java PrivateKey for it.
 * @param privateKey PEM-encoded private key
 */
public static PrivateKey readPrivateKey(String privateKey) {
    try (StringReader keyReader = new StringReader(privateKey);
         PEMParser pemReader = new PEMParser(keyReader)) {
        
        JcaPEMKeyConverter converter = new JcaPEMKeyConverter();
        Object keyPair = pemReader.readObject();
        if (keyPair instanceof PrivateKeyInfo) {
            return converter.getPrivateKey((PrivateKeyInfo) keyPair);
        } else {
            return converter.getPrivateKey(((PEMKeyPair) keyPair).getPrivateKeyInfo());
        }
    } catch (IOException x) {
        // Shouldn't occur, since we're only reading from strings
        throw new RuntimeException(x);            
    }
}
 
Example 2
Source File: BasicKeyStore.java    From env-keystore with MIT License 6 votes vote down vote up
protected static PrivateKey getPrivateKeyFromPEM(final Reader keyReader)
    throws IOException {
  final JcaPEMKeyConverter jcaPEMKeyConverter = new JcaPEMKeyConverter();

  final PEMParser pem = new PEMParser(keyReader);

  PrivateKey key;
  Object pemContent = pem.readObject();
  if (pemContent instanceof PEMKeyPair) {
    PEMKeyPair pemKeyPair = (PEMKeyPair) pemContent;
    KeyPair keyPair = jcaPEMKeyConverter.getKeyPair(pemKeyPair);
    key = keyPair.getPrivate();
  } else if (pemContent instanceof PrivateKeyInfo) {
    PrivateKeyInfo privateKeyInfo = (PrivateKeyInfo) pemContent;
    key = jcaPEMKeyConverter.getPrivateKey(privateKeyInfo);
  } else {
    throw new IllegalArgumentException("Unsupported private key format '" + pemContent.getClass().getSimpleName() + '"');
  }

  pem.close();
  return key;
}
 
Example 3
Source File: PrivateKeyConverter.java    From jlogstash-input-plugin with Apache License 2.0 6 votes vote down vote up
private PrivateKey loadKeyPair() throws IOException {
    PEMParser reader = new PEMParser(file);
    Object pemObject;

    JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
    //PEMDecryptorProvider decryptionProv = new JcePEMDecryptorProviderBuilder().build(passphrase);

    while((pemObject = reader.readObject()) != null) {
        logger.debug("PemObject type: " + pemObject.getClass().getName());

        if(pemObject instanceof PEMKeyPair) {
            logger.debug("it match");
            PrivateKeyInfo pki = ((PEMKeyPair) pemObject).getPrivateKeyInfo();
            logger.debug("content: " + pki.getEncoded("UTF-8"));
            return converter.getPrivateKey(pki);
        } else {
            logger.debug("Dont match");
        }
    }

    logger.debug("fsdfsfs");
    return null;
}
 
Example 4
Source File: DKIMSign.java    From james-project with Apache License 2.0 6 votes vote down vote up
private PrivateKey extractPrivateKey(InputStream rawKey, char[] passphrase) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
    Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());

    try (InputStreamReader pemReader = new InputStreamReader(rawKey)) {
        try (PEMParser pemParser = new PEMParser(pemReader)) {
            Object pemObject = pemParser.readObject();
            JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
            KeyPair keyPair;
            if (pemObject instanceof PrivateKeyInfo) {
                return converter.getPrivateKey((PrivateKeyInfo)pemObject);
            }
            if (pemObject instanceof PEMEncryptedKeyPair) {
                PEMEncryptedKeyPair pemEncryptedKeyPair = (PEMEncryptedKeyPair) pemObject;
                PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(passphrase);
                keyPair = converter.getKeyPair(pemEncryptedKeyPair.decryptKeyPair(decProv));
            } else {
                keyPair = converter.getKeyPair((PEMKeyPair) pemObject);
            }

            KeyFactory keyFac = KeyFactory.getInstance("RSA");
            RSAPrivateCrtKeySpec privateKeySpec = keyFac.getKeySpec(keyPair.getPrivate(), RSAPrivateCrtKeySpec.class);

            return keyFac.generatePrivate(privateKeySpec);
        }
    }
}
 
Example 5
Source File: KafkaClientKeystores.java    From kafka-helmsman with MIT License 5 votes vote down vote up
/**
 * Create a keystore that serves the private key under the alias "client", where the key has the given certificate
 * and associated Certificate Authority (CA) chain.
 *
 * @param privateKey private key for the client.
 * @param certificate certificate verifying the private key, provided by the CA.
 * @param caChain chain of certificates for the CA back to the root
 * @return a keystore for the private key + chain of certificates
 */
public KeyStore createKeystore(InputStream privateKey, InputStream certificate,
                               InputStream caChain) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
  // initialize the keystore
  KeyStore ks = KeyStore.getInstance(JAVA_KEYSTORE);
  // need to load to initialize the keystore for use
  ks.load(null, password);

  // read the private key
  PEMParser parser = new PEMParser(new InputStreamReader(privateKey));
  Object key = parser.readObject();
  if (key instanceof PEMKeyPair) {
    key = ((PEMKeyPair) key).getPrivateKeyInfo();
  }
  // either it was a key pair, in which case we got the private key, or it already was an unencrypted PEM private
  // key, so we can use it directly. We don't understand anything else.
  if (!(key instanceof PrivateKeyInfo)) {
    throw new IllegalArgumentException("Expected an RSA/DSA/ECDSA or an unencrypted PEM type key, but got a " + key);
  }

  JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider(BOUNCY_CASTLE_TYPE);
  PrivateKey pk = converter.getPrivateKey((PrivateKeyInfo) key);

  // build the certificate chain for the key
  List<X509Certificate> chain = readCertificateChain(certFactory, certificate);
  chain.addAll(readCertificateChain(certFactory, caChain));

  ks.setKeyEntry(CLIENT_KEY_NAME, pk, password, chain.toArray(EMPTY_CERTS));
  return ks;
}
 
Example 6
Source File: EncryptionUtils.java    From snowflake-kafka-connector with Apache License 2.0 5 votes vote down vote up
public static PrivateKey parseEncryptedPrivateKey(String key, String passphrase)
{
  //remove header, footer, and line breaks
  key = key.replaceAll("-+[A-Za-z ]+-+", "");
  key = key.replaceAll("\\s", "");

  StringBuilder builder = new StringBuilder();
  builder.append("-----BEGIN ENCRYPTED PRIVATE KEY-----");
  for (int i = 0; i < key.length(); i++)
  {
    if (i % 64 == 0)
    {
      builder.append("\n");
    }
    builder.append(key.charAt(i));
  }
  builder.append("\n-----END ENCRYPTED PRIVATE KEY-----");
  key = builder.toString();
  Security.addProvider(new BouncyCastleFipsProvider());
  try
  {
    PEMParser pemParser = new PEMParser(new StringReader(key));
    PKCS8EncryptedPrivateKeyInfo encryptedPrivateKeyInfo =
      (PKCS8EncryptedPrivateKeyInfo) pemParser.readObject();
    pemParser.close();
    InputDecryptorProvider pkcs8Prov =
      new JceOpenSSLPKCS8DecryptorProviderBuilder().build(passphrase.toCharArray());
    JcaPEMKeyConverter converter =
      new JcaPEMKeyConverter().setProvider(BouncyCastleFipsProvider.PROVIDER_NAME);
    PrivateKeyInfo decryptedPrivateKeyInfo =
      encryptedPrivateKeyInfo.decryptPrivateKeyInfo(pkcs8Prov);
    return converter.getPrivateKey(decryptedPrivateKeyInfo);
  } catch (Exception e)
  {
    throw SnowflakeErrors.ERROR_0018.getException(e);
  }
}
 
Example 7
Source File: AadAuthenticationHelperTest.java    From azure-kusto-java with MIT License 5 votes vote down vote up
static KeyCert readPem(String path, String password)
        throws IOException, CertificateException, OperatorCreationException, PKCSException {

    Security.addProvider(new BouncyCastleProvider());
    PEMParser pemParser = new PEMParser(new FileReader(new File(path)));
    PrivateKey privateKey = null;
    X509Certificate cert = null;
    Object object = pemParser.readObject();

    while (object != null) {
        JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
        if (object instanceof X509CertificateHolder) {
            cert = new JcaX509CertificateConverter().getCertificate((X509CertificateHolder) object);
        }
        if (object instanceof PKCS8EncryptedPrivateKeyInfo) {
            PKCS8EncryptedPrivateKeyInfo pinfo = (PKCS8EncryptedPrivateKeyInfo) object;
            InputDecryptorProvider provider = new JceOpenSSLPKCS8DecryptorProviderBuilder().build(password.toCharArray());
            PrivateKeyInfo info = pinfo.decryptPrivateKeyInfo(provider);
            privateKey = converter.getPrivateKey(info);
        }
        if (object instanceof PrivateKeyInfo) {
            privateKey = converter.getPrivateKey((PrivateKeyInfo) object);
        }
        object = pemParser.readObject();
    }

    KeyCert keycert = new KeyCert(null, null);
    keycert.setCertificate(cert);
    keycert.setKey(privateKey);
    pemParser.close();
    return keycert;
}
 
Example 8
Source File: AccessTokenRetrieverServiceImpl.java    From okta-sdk-java with Apache License 2.0 5 votes vote down vote up
/**
 * Get Private key from input PEM file.
 *
 * @param reader
 * @return {@link PrivateKey}
 * @throws IOException
 */
PrivateKey getPrivateKeyFromPEM(Reader reader) throws IOException {
    PrivateKey privateKey;

    try (PEMParser pemParser = new PEMParser(reader)) {
        JcaPEMKeyConverter jcaPEMKeyConverter = new JcaPEMKeyConverter();
        Object pemContent = pemParser.readObject();

        if (pemContent == null) {
            throw new IllegalArgumentException("Invalid Private Key PEM file");
        }

        if (pemContent instanceof PEMKeyPair) {
            PEMKeyPair pemKeyPair = (PEMKeyPair) pemContent;
            KeyPair keyPair = jcaPEMKeyConverter.getKeyPair(pemKeyPair);
            privateKey = keyPair.getPrivate();
        } else if (pemContent instanceof PrivateKeyInfo) {
            PrivateKeyInfo privateKeyInfo = (PrivateKeyInfo) pemContent;
            privateKey = jcaPEMKeyConverter.getPrivateKey(privateKeyInfo);
        } else {
            throw new IllegalArgumentException("Unsupported Private Key format '" +
                pemContent.getClass().getSimpleName() + '"');
        }
    }

    return privateKey;
}
 
Example 9
Source File: AzureKeyVaultClientAuthenticator.java    From ranger with Apache License 2.0 5 votes vote down vote up
private KeyCert readPem(String path, String password) throws IOException, CertificateException, OperatorCreationException, PKCSException {
	Security.addProvider(new BouncyCastleProvider());
	PEMParser pemParser = new PEMParser(new FileReader(new File(path)));
	PrivateKey privateKey = null;
	X509Certificate cert = null;
	Object object = pemParser.readObject();
	
	while (object != null) {
		JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
		if (object instanceof X509CertificateHolder) {
			cert = new JcaX509CertificateConverter().getCertificate((X509CertificateHolder) object);
		}
		if (object instanceof PKCS8EncryptedPrivateKeyInfo) {
			PKCS8EncryptedPrivateKeyInfo pinfo = (PKCS8EncryptedPrivateKeyInfo) object;
			InputDecryptorProvider provider = new JceOpenSSLPKCS8DecryptorProviderBuilder().build(password.toCharArray());
			PrivateKeyInfo info = pinfo.decryptPrivateKeyInfo(provider);
			privateKey = converter.getPrivateKey(info);
		} 
		if (object instanceof PrivateKeyInfo) {
			privateKey = converter.getPrivateKey((PrivateKeyInfo) object);
		}
		object = pemParser.readObject();
	}
	KeyCert keycert = new KeyCert();
	keycert.setCertificate(cert);
	keycert.setKey(privateKey);
	pemParser.close();
	return keycert;
}
 
Example 10
Source File: DefaultQCloudClient.java    From wakeup-qcloud-sdk with Apache License 2.0 4 votes vote down vote up
@Override
	public String getUserSig(String identifier, long expire)throws QCloudException {
		try {
			 	Security.addProvider(new BouncyCastleProvider());
		        Reader reader = new CharArrayReader(imConfig.getPrivateKey().toCharArray());
		        JcaPEMKeyConverter converter = new JcaPEMKeyConverter();
		        PEMParser parser = new PEMParser(reader);
		        Object obj = parser.readObject();
		        parser.close();
		    	PrivateKey privKeyStruct = converter.getPrivateKey((PrivateKeyInfo) obj);
				
				String jsonString = "{" 
				+ "\"TLS.account_type\":\"" + 0 +"\","
				+"\"TLS.identifier\":\"" + identifier +"\","
				+"\"TLS.appid_at_3rd\":\"" + 0 +"\","
			    +"\"TLS.sdk_appid\":\"" + imConfig.getSdkAppId() +"\","
				+"\"TLS.expire_after\":\"" + expire +"\""
//		        +"\"TLS.version\": \"201512300000\""
				+"}";
				
				String time = String.valueOf(System.currentTimeMillis()/1000);
				String SerialString = 
					"TLS.appid_at_3rd:" + 0 + "\n" +
					"TLS.account_type:" + 0 + "\n" +
					"TLS.identifier:" + identifier + "\n" + 
					"TLS.sdk_appid:" + imConfig.getSdkAppId() + "\n" + 
					"TLS.time:" + time + "\n" +
					"TLS.expire_after:" + expire +"\n";
				
				//Create Signature by SerialString
				Signature signature = Signature.getInstance("SHA256withECDSA", "BC");
				signature.initSign(privKeyStruct);
				signature.update(SerialString.getBytes(Charset.forName("UTF-8")));
				byte[] signatureBytes = signature.sign();
				
				String sigTLS = Base64.encodeBase64String(signatureBytes);
				
				//Add TlsSig to jsonString
			    JSONObject jsonObject= JSON.parseObject(jsonString);
			    jsonObject.put("TLS.sig", (Object)sigTLS);
			    jsonObject.put("TLS.time", (Object)time);
			    jsonString = jsonObject.toString();
			    
			    //compression
			    Deflater compresser = new Deflater();
			    compresser.setInput(jsonString.getBytes(Charset.forName("UTF-8")));

			    compresser.finish();
			    byte [] compressBytes = new byte [512];
			    int compressBytesLength = compresser.deflate(compressBytes);
			    compresser.end();
			    return new String(Base64Url.base64EncodeUrl(Arrays.copyOfRange(compressBytes,0,compressBytesLength)));
		}catch (Exception e) {
			throw new  QCloudException(e);
		}
	}
 
Example 11
Source File: Utils.java    From athenz with Apache License 2.0 4 votes vote down vote up
/**
 * Create a {@link KeyStore} from suppliers of {@link InputStream} for cert and key.
 *
 * @param athenzPublicCertInputStream      Supplier of the certificate input stream
 * @param athenzPublicCertLocationSupplier Supplier of the location of the certificate (for error logging)
 * @param athenzPrivateKeyInputStream      Supplier of the private key input stream
 * @param athenzPrivateKeyLocationSupplier Supplier of the location of the certificate (for error logging)
 * @return a KeyStore with loaded key and certificate
 * @throws IOException
 * @throws KeyRefresherException
 */
public static KeyStore createKeyStore(
        final Supplier<InputStream> athenzPublicCertInputStream,
        final Supplier<String> athenzPublicCertLocationSupplier,
        final Supplier<InputStream> athenzPrivateKeyInputStream,
        final Supplier<String> athenzPrivateKeyLocationSupplier) throws IOException, KeyRefresherException {
    List<? extends Certificate> certificates;
    PrivateKey privateKey;
    KeyStore keyStore = null;

    try (InputStream publicCertStream = athenzPublicCertInputStream.get();
         InputStream privateKeyStream = athenzPrivateKeyInputStream.get();
         PEMParser pemParser = new PEMParser(new InputStreamReader(privateKeyStream))) {

        final CertificateFactory cf = CertificateFactory.getInstance("X.509");
        final JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter();
        Object key = pemParser.readObject();

        if (key instanceof PEMKeyPair) {
            PrivateKeyInfo pKeyInfo = ((PEMKeyPair) key).getPrivateKeyInfo();
            privateKey = pemConverter.getPrivateKey(pKeyInfo);
        } else if (key instanceof PrivateKeyInfo) {
            privateKey = pemConverter.getPrivateKey((PrivateKeyInfo) key);
        } else {
            throw new KeyRefresherException("Unknown object type: " + key.getClass().getName());
        }

        //noinspection unchecked
        certificates = (List<? extends Certificate>) cf.generateCertificates(publicCertStream);
        if (certificates.isEmpty()) {
            throw new KeyRefresherException("Certificate file contains empty certificate or an invalid certificate.");
        }
        //We are going to assume that the first one is the main certificate which will be used for the alias
        String alias = ((X509Certificate) certificates.get(0)).getSubjectX500Principal().getName();
        if (LOG.isDebugEnabled()) {
            LOG.debug("{} number of certificates found.  Using {} alias to create the keystore", certificates.size(), alias);
        }
        keyStore = KeyStore.getInstance(DEFAULT_KEYSTORE_TYPE);
        keyStore.load(null);
        keyStore.setKeyEntry(alias, privateKey, KEYSTORE_PASSWORD,
                certificates.toArray((Certificate[]) new X509Certificate[certificates.size()]));

    } catch (CertificateException | NoSuchAlgorithmException e) {
        String keyStoreFailMsg = "Unable to load " + athenzPublicCertLocationSupplier.get() + " as a KeyStore.  Please check the validity of the file.";
        throw new KeyRefresherException(keyStoreFailMsg, e);
    } catch (KeyStoreException ignored) {
        LOG.error("No Provider supports a KeyStoreSpi implementation for the specified type.", ignored);
    }

    return keyStore;
}
 
Example 12
Source File: CertificateManager.java    From Openfire with Apache License 2.0 4 votes vote down vote up
/**
 * Parses a PrivateKey instance from a PEM representation.
 *
 * When the provided key is encrypted, the provided pass phrase is applied.
 *
 * @param pemRepresentation a PEM representation of a private key (cannot be null or empty)
 * @param passPhrase optional pass phrase (must be present if the private key is encrypted).
 * @return a PrivateKey instance (never null)
 * @throws IOException if there was a problem parsing the key
 */
public static PrivateKey parsePrivateKey(InputStream pemRepresentation, String passPhrase) throws IOException {

    if ( passPhrase == null ) {
        passPhrase = "";
    }
    try (Reader reader = new InputStreamReader(pemRepresentation); //
            PEMParser pemParser = new PEMParser(reader)) {

        final Object object = pemParser.readObject();
        final JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider( "BC" );

        final KeyPair kp;

        if ( object instanceof PEMEncryptedKeyPair )
        {
            // Encrypted key - we will use provided password
            final PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build( passPhrase.toCharArray() );
            kp = converter.getKeyPair( ( (PEMEncryptedKeyPair) object ).decryptKeyPair( decProv ) );
        }
        else if ( object instanceof PKCS8EncryptedPrivateKeyInfo )
        {
            // Encrypted key - we will use provided password
            try
            {
                final PKCS8EncryptedPrivateKeyInfo encryptedInfo = (PKCS8EncryptedPrivateKeyInfo) object;
                final InputDecryptorProvider provider = new JceOpenSSLPKCS8DecryptorProviderBuilder().build( passPhrase.toCharArray() );
                final PrivateKeyInfo privateKeyInfo = encryptedInfo.decryptPrivateKeyInfo( provider );
                return converter.getPrivateKey( privateKeyInfo );
            }
            catch ( PKCSException | OperatorCreationException e )
            {
                throw new IOException( "Unable to decrypt private key.", e );
            }
        }
        else if ( object instanceof PrivateKeyInfo )
        {
            return converter.getPrivateKey( (PrivateKeyInfo) object );
        }
        else
        {
            // Unencrypted key - no password needed
            kp = converter.getKeyPair( (PEMKeyPair) object );
        }
        return kp.getPrivate();
    }
}