public static SSLSocketFactory getSocketFactory(
String caCrtFile, String crtFile, String keyFile, String password) throws Exception {
char[] passwordCharArray = password == null ? new char[0] : password.toCharArray();
Security.addProvider(new BouncyCastleProvider());
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate caCert =
(X509Certificate)
cf.generateCertificate(
new ByteArrayInputStream(Files.readAllBytes(Paths.get(caCrtFile))));
X509Certificate cert =
(X509Certificate)
cf.generateCertificate(
new ByteArrayInputStream(Files.readAllBytes(Paths.get(crtFile))));
File privateKeyFile = new File(keyFile);
PEMParser pemParser = new PEMParser(new FileReader(privateKeyFile));
PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(passwordCharArray);
JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
Object object = pemParser.readObject();
KeyPair kp;
if (object instanceof PEMEncryptedKeyPair) {
kp = converter.getKeyPair(((PEMEncryptedKeyPair) object).decryptKeyPair(decProv));
} else {
kp = converter.getKeyPair((PEMKeyPair) object);
}
pemParser.close();
KeyStore caKeyStore = KeyStore.getInstance(KeyStore.getDefaultType());
caKeyStore.load(null, null);
caKeyStore.setCertificateEntry("ca-certificate", caCert);
TrustManagerFactory trustManagerFactory =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(caKeyStore);
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, null);
keyStore.setCertificateEntry("certificate", cert);
keyStore.setKeyEntry(
"private-key",
kp.getPrivate(),
passwordCharArray,
new java.security.cert.Certificate[] {cert});
KeyManagerFactory keyManagerFactory =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, passwordCharArray);
SSLContext context = SSLContext.getInstance("TLSv1");
context.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
return context.getSocketFactory();
}
public static <T> T parsePem(Class<T> clazz, Reader pemReader) throws IOException {
try (PEMParser pemParser = new PEMParser(pemReader)) {
Object object = pemParser.readObject();
if (!clazz.isInstance(object)) {
throw new IOException("Expected " + clazz);
}
return (T) object;
}
}
public static JcaPKCS10CertificationRequest parseCsr(String pemEncodedCsr) throws IOException {
try (PEMParser pemParser = new PEMParser(new StringReader(pemEncodedCsr))) {
Object o = pemParser.readObject();
if (!PKCS10CertificationRequest.class.isInstance(o)) {
throw new IOException(
"Expecting instance of " + PKCS10CertificationRequest.class + " but got " + o);
}
return new JcaPKCS10CertificationRequest((PKCS10CertificationRequest) o);
}
}
public static X509Certificate parseCertificate(String pemEncodedCertificate)
throws IOException, CertificateException {
try (PEMParser pemParser = new PEMParser(new StringReader(pemEncodedCertificate))) {
Object object = pemParser.readObject();
if (!X509CertificateHolder.class.isInstance(object)) {
throw new IOException("Expected " + X509CertificateHolder.class);
}
return new JcaX509CertificateConverter()
.setProvider(BouncyCastleProvider.PROVIDER_NAME)
.getCertificate((X509CertificateHolder) object);
}
}
/**
* Read a {@linkplain List list} of {@linkplain PEMEntry entries} from the input specified at
* construction.
*/
public PEMEntry<?> read()
throws IOException, CertificateException, CRLException, InvalidKeyException,
NoSuchAlgorithmException, InvalidKeySpecException {
Object object = parser.readObject();
while (object != null) {
if (object instanceof X509CertificateHolder) {
// X509 certificate
return (new PEMEntryX509Certificate(factory, (X509CertificateHolder) object));
} else if (object instanceof X509CRLHolder) {
// X509 CRL
return (new PEMEntryCRL(factory, (X509CRLHolder) object));
} else if (object instanceof PEMEncryptedKeyPair) {
// Encrypted private key
return (new PEMEntryEncryptedKeyPair(factory, (PEMEncryptedKeyPair) object));
} else if (object instanceof PEMKeyPair) {
// Non-encrypted private key
return (new PEMEntryKeyPair(factory, (PEMKeyPair) object));
} else if (object instanceof PrivateKeyInfo) {
// Private key (hopefully with public exponent)
return (new PEMEntryKeyPair(factory, (PrivateKeyInfo) object));
} else if (object instanceof SubjectPublicKeyInfo) {
// Public Key
return (new PEMEntryPublicKey(factory, (SubjectPublicKeyInfo) object));
} else {
// Huh? What's this? Warn and off to the next object!
logger.warning("Unrecognized PEM object " + object.getClass().getName() + ", skipping...");
object = parser.readObject();
continue;
}
}
return null;
}
protected KeyPair doLoadKey(String file) {
try (PEMParser r = new PEMParser(new InputStreamReader(new FileInputStream(file)))) {
Object o = r.readObject();
JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter();
pemConverter.setProvider("BC");
if (passwordFinder != null && o instanceof PEMEncryptedKeyPair) {
JcePEMDecryptorProviderBuilder decryptorBuilder = new JcePEMDecryptorProviderBuilder();
PEMDecryptorProvider pemDecryptor = decryptorBuilder.build(passwordFinder.getPassword());
o = pemConverter.getKeyPair(((PEMEncryptedKeyPair) o).decryptKeyPair(pemDecryptor));
}
if (o instanceof PEMKeyPair) {
o = pemConverter.getKeyPair((PEMKeyPair) o);
return (KeyPair) o;
} else if (o instanceof KeyPair) {
return (KeyPair) o;
}
} catch (Exception e) {
log.warn("Unable to read key " + file, e);
}
return null;
}
private Object readWithPemParser(String source) throws IOException {
PEMParser parser = new PEMParser(new FileReader(source));
return parser.readObject();
}
@Override
public void close() throws IOException {
parser.close();
}