public static SSLSocketFactory getSocketFactory( String caCrtFile, String crtFile, String keyFile, String password) throws Exception { char[] passwordCharArray = password == null ? new char[0] : password.toCharArray(); Security.addProvider(new BouncyCastleProvider()); CertificateFactory cf = CertificateFactory.getInstance("X.509"); X509Certificate caCert = (X509Certificate) cf.generateCertificate( new ByteArrayInputStream(Files.readAllBytes(Paths.get(caCrtFile)))); X509Certificate cert = (X509Certificate) cf.generateCertificate( new ByteArrayInputStream(Files.readAllBytes(Paths.get(crtFile)))); File privateKeyFile = new File(keyFile); PEMParser pemParser = new PEMParser(new FileReader(privateKeyFile)); PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(passwordCharArray); JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC"); Object object = pemParser.readObject(); KeyPair kp; if (object instanceof PEMEncryptedKeyPair) { kp = converter.getKeyPair(((PEMEncryptedKeyPair) object).decryptKeyPair(decProv)); } else { kp = converter.getKeyPair((PEMKeyPair) object); } pemParser.close(); KeyStore caKeyStore = KeyStore.getInstance(KeyStore.getDefaultType()); caKeyStore.load(null, null); caKeyStore.setCertificateEntry("ca-certificate", caCert); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(caKeyStore); KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(null, null); keyStore.setCertificateEntry("certificate", cert); keyStore.setKeyEntry( "private-key", kp.getPrivate(), passwordCharArray, new java.security.cert.Certificate[] {cert}); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keyStore, passwordCharArray); SSLContext context = SSLContext.getInstance("TLSv1"); context.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); return context.getSocketFactory(); }
public static <T> T parsePem(Class<T> clazz, Reader pemReader) throws IOException { try (PEMParser pemParser = new PEMParser(pemReader)) { Object object = pemParser.readObject(); if (!clazz.isInstance(object)) { throw new IOException("Expected " + clazz); } return (T) object; } }
public static JcaPKCS10CertificationRequest parseCsr(String pemEncodedCsr) throws IOException { try (PEMParser pemParser = new PEMParser(new StringReader(pemEncodedCsr))) { Object o = pemParser.readObject(); if (!PKCS10CertificationRequest.class.isInstance(o)) { throw new IOException( "Expecting instance of " + PKCS10CertificationRequest.class + " but got " + o); } return new JcaPKCS10CertificationRequest((PKCS10CertificationRequest) o); } }
public static X509Certificate parseCertificate(String pemEncodedCertificate) throws IOException, CertificateException { try (PEMParser pemParser = new PEMParser(new StringReader(pemEncodedCertificate))) { Object object = pemParser.readObject(); if (!X509CertificateHolder.class.isInstance(object)) { throw new IOException("Expected " + X509CertificateHolder.class); } return new JcaX509CertificateConverter() .setProvider(BouncyCastleProvider.PROVIDER_NAME) .getCertificate((X509CertificateHolder) object); } }
/** * Read a {@linkplain List list} of {@linkplain PEMEntry entries} from the input specified at * construction. */ public PEMEntry<?> read() throws IOException, CertificateException, CRLException, InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException { Object object = parser.readObject(); while (object != null) { if (object instanceof X509CertificateHolder) { // X509 certificate return (new PEMEntryX509Certificate(factory, (X509CertificateHolder) object)); } else if (object instanceof X509CRLHolder) { // X509 CRL return (new PEMEntryCRL(factory, (X509CRLHolder) object)); } else if (object instanceof PEMEncryptedKeyPair) { // Encrypted private key return (new PEMEntryEncryptedKeyPair(factory, (PEMEncryptedKeyPair) object)); } else if (object instanceof PEMKeyPair) { // Non-encrypted private key return (new PEMEntryKeyPair(factory, (PEMKeyPair) object)); } else if (object instanceof PrivateKeyInfo) { // Private key (hopefully with public exponent) return (new PEMEntryKeyPair(factory, (PrivateKeyInfo) object)); } else if (object instanceof SubjectPublicKeyInfo) { // Public Key return (new PEMEntryPublicKey(factory, (SubjectPublicKeyInfo) object)); } else { // Huh? What's this? Warn and off to the next object! logger.warning("Unrecognized PEM object " + object.getClass().getName() + ", skipping..."); object = parser.readObject(); continue; } } return null; }
protected KeyPair doLoadKey(String file) { try (PEMParser r = new PEMParser(new InputStreamReader(new FileInputStream(file)))) { Object o = r.readObject(); JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter(); pemConverter.setProvider("BC"); if (passwordFinder != null && o instanceof PEMEncryptedKeyPair) { JcePEMDecryptorProviderBuilder decryptorBuilder = new JcePEMDecryptorProviderBuilder(); PEMDecryptorProvider pemDecryptor = decryptorBuilder.build(passwordFinder.getPassword()); o = pemConverter.getKeyPair(((PEMEncryptedKeyPair) o).decryptKeyPair(pemDecryptor)); } if (o instanceof PEMKeyPair) { o = pemConverter.getKeyPair((PEMKeyPair) o); return (KeyPair) o; } else if (o instanceof KeyPair) { return (KeyPair) o; } } catch (Exception e) { log.warn("Unable to read key " + file, e); } return null; }
private Object readWithPemParser(String source) throws IOException { PEMParser parser = new PEMParser(new FileReader(source)); return parser.readObject(); }
@Override public void close() throws IOException { parser.close(); }