public static SSLSocketFactory getSocketFactory(
String caCrtFile, String crtFile, String keyFile, String password) throws Exception {
char[] passwordCharArray = password == null ? new char[0] : password.toCharArray();
Security.addProvider(new BouncyCastleProvider());
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate caCert =
(X509Certificate)
cf.generateCertificate(
new ByteArrayInputStream(Files.readAllBytes(Paths.get(caCrtFile))));
X509Certificate cert =
(X509Certificate)
cf.generateCertificate(
new ByteArrayInputStream(Files.readAllBytes(Paths.get(crtFile))));
File privateKeyFile = new File(keyFile);
PEMParser pemParser = new PEMParser(new FileReader(privateKeyFile));
PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(passwordCharArray);
JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
Object object = pemParser.readObject();
KeyPair kp;
if (object instanceof PEMEncryptedKeyPair) {
kp = converter.getKeyPair(((PEMEncryptedKeyPair) object).decryptKeyPair(decProv));
} else {
kp = converter.getKeyPair((PEMKeyPair) object);
}
pemParser.close();
KeyStore caKeyStore = KeyStore.getInstance(KeyStore.getDefaultType());
caKeyStore.load(null, null);
caKeyStore.setCertificateEntry("ca-certificate", caCert);
TrustManagerFactory trustManagerFactory =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(caKeyStore);
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, null);
keyStore.setCertificateEntry("certificate", cert);
keyStore.setKeyEntry(
"private-key",
kp.getPrivate(),
passwordCharArray,
new java.security.cert.Certificate[] {cert});
KeyManagerFactory keyManagerFactory =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, passwordCharArray);
SSLContext context = SSLContext.getInstance("TLSv1");
context.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
return context.getSocketFactory();
}
protected KeyPair doLoadKey(String file) {
try (PEMParser r = new PEMParser(new InputStreamReader(new FileInputStream(file)))) {
Object o = r.readObject();
JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter();
pemConverter.setProvider("BC");
if (passwordFinder != null && o instanceof PEMEncryptedKeyPair) {
JcePEMDecryptorProviderBuilder decryptorBuilder = new JcePEMDecryptorProviderBuilder();
PEMDecryptorProvider pemDecryptor = decryptorBuilder.build(passwordFinder.getPassword());
o = pemConverter.getKeyPair(((PEMEncryptedKeyPair) o).decryptKeyPair(pemDecryptor));
}
if (o instanceof PEMKeyPair) {
o = pemConverter.getKeyPair((PEMKeyPair) o);
return (KeyPair) o;
} else if (o instanceof KeyPair) {
return (KeyPair) o;
}
} catch (Exception e) {
log.warn("Unable to read key " + file, e);
}
return null;
}
