public static SSLSocketFactory getSocketFactory(
      String caCrtFile, String crtFile, String keyFile, String password) throws Exception {

    char[] passwordCharArray = password == null ? new char[0] : password.toCharArray();

    Security.addProvider(new BouncyCastleProvider());
    CertificateFactory cf = CertificateFactory.getInstance("X.509");

    X509Certificate caCert =
        (X509Certificate)
            cf.generateCertificate(
                new ByteArrayInputStream(Files.readAllBytes(Paths.get(caCrtFile))));

    X509Certificate cert =
        (X509Certificate)
            cf.generateCertificate(
                new ByteArrayInputStream(Files.readAllBytes(Paths.get(crtFile))));

    File privateKeyFile = new File(keyFile);
    PEMParser pemParser = new PEMParser(new FileReader(privateKeyFile));
    PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(passwordCharArray);
    JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");

    Object object = pemParser.readObject();
    KeyPair kp;

    if (object instanceof PEMEncryptedKeyPair) {
      kp = converter.getKeyPair(((PEMEncryptedKeyPair) object).decryptKeyPair(decProv));
    } else {
      kp = converter.getKeyPair((PEMKeyPair) object);
    }

    pemParser.close();

    KeyStore caKeyStore = KeyStore.getInstance(KeyStore.getDefaultType());
    caKeyStore.load(null, null);
    caKeyStore.setCertificateEntry("ca-certificate", caCert);
    TrustManagerFactory trustManagerFactory =
        TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    trustManagerFactory.init(caKeyStore);

    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
    keyStore.load(null, null);
    keyStore.setCertificateEntry("certificate", cert);
    keyStore.setKeyEntry(
        "private-key",
        kp.getPrivate(),
        passwordCharArray,
        new java.security.cert.Certificate[] {cert});
    KeyManagerFactory keyManagerFactory =
        KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    keyManagerFactory.init(keyStore, passwordCharArray);

    SSLContext context = SSLContext.getInstance("TLSv1");
    context.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);

    return context.getSocketFactory();
  }
예제 #2
0
 public static <T> T parsePem(Class<T> clazz, Reader pemReader) throws IOException {
   try (PEMParser pemParser = new PEMParser(pemReader)) {
     Object object = pemParser.readObject();
     if (!clazz.isInstance(object)) {
       throw new IOException("Expected " + clazz);
     }
     return (T) object;
   }
 }
예제 #3
0
 public static JcaPKCS10CertificationRequest parseCsr(String pemEncodedCsr) throws IOException {
   try (PEMParser pemParser = new PEMParser(new StringReader(pemEncodedCsr))) {
     Object o = pemParser.readObject();
     if (!PKCS10CertificationRequest.class.isInstance(o)) {
       throw new IOException(
           "Expecting instance of " + PKCS10CertificationRequest.class + " but got " + o);
     }
     return new JcaPKCS10CertificationRequest((PKCS10CertificationRequest) o);
   }
 }
예제 #4
0
파일: TlsHelper.java 프로젝트: yofayed/nifi
 public static X509Certificate parseCertificate(String pemEncodedCertificate)
     throws IOException, CertificateException {
   try (PEMParser pemParser = new PEMParser(new StringReader(pemEncodedCertificate))) {
     Object object = pemParser.readObject();
     if (!X509CertificateHolder.class.isInstance(object)) {
       throw new IOException("Expected " + X509CertificateHolder.class);
     }
     return new JcaX509CertificateConverter()
         .setProvider(BouncyCastleProvider.PROVIDER_NAME)
         .getCertificate((X509CertificateHolder) object);
   }
 }
예제 #5
0
  /**
   * Read a {@linkplain List list} of {@linkplain PEMEntry entries} from the input specified at
   * construction.
   */
  public PEMEntry<?> read()
      throws IOException, CertificateException, CRLException, InvalidKeyException,
          NoSuchAlgorithmException, InvalidKeySpecException {

    Object object = parser.readObject();
    while (object != null) {

      if (object instanceof X509CertificateHolder) {
        // X509 certificate
        return (new PEMEntryX509Certificate(factory, (X509CertificateHolder) object));

      } else if (object instanceof X509CRLHolder) {
        // X509 CRL
        return (new PEMEntryCRL(factory, (X509CRLHolder) object));

      } else if (object instanceof PEMEncryptedKeyPair) {
        // Encrypted private key
        return (new PEMEntryEncryptedKeyPair(factory, (PEMEncryptedKeyPair) object));

      } else if (object instanceof PEMKeyPair) {
        // Non-encrypted private key
        return (new PEMEntryKeyPair(factory, (PEMKeyPair) object));

      } else if (object instanceof PrivateKeyInfo) {
        // Private key (hopefully with public exponent)
        return (new PEMEntryKeyPair(factory, (PrivateKeyInfo) object));

      } else if (object instanceof SubjectPublicKeyInfo) {
        // Public Key
        return (new PEMEntryPublicKey(factory, (SubjectPublicKeyInfo) object));

      } else {
        // Huh? What's this? Warn and off to the next object!
        logger.warning("Unrecognized PEM object " + object.getClass().getName() + ", skipping...");
        object = parser.readObject();
        continue;
      }
    }

    return null;
  }
예제 #6
0
  protected KeyPair doLoadKey(String file) {
    try (PEMParser r = new PEMParser(new InputStreamReader(new FileInputStream(file)))) {
      Object o = r.readObject();
      JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter();
      pemConverter.setProvider("BC");
      if (passwordFinder != null && o instanceof PEMEncryptedKeyPair) {
        JcePEMDecryptorProviderBuilder decryptorBuilder = new JcePEMDecryptorProviderBuilder();
        PEMDecryptorProvider pemDecryptor = decryptorBuilder.build(passwordFinder.getPassword());
        o = pemConverter.getKeyPair(((PEMEncryptedKeyPair) o).decryptKeyPair(pemDecryptor));
      }

      if (o instanceof PEMKeyPair) {
        o = pemConverter.getKeyPair((PEMKeyPair) o);
        return (KeyPair) o;
      } else if (o instanceof KeyPair) {
        return (KeyPair) o;
      }
    } catch (Exception e) {
      log.warn("Unable to read key " + file, e);
    }
    return null;
  }
예제 #7
0
 private Object readWithPemParser(String source) throws IOException {
   PEMParser parser = new PEMParser(new FileReader(source));
   return parser.readObject();
 }
예제 #8
0
 @Override
 public void close() throws IOException {
   parser.close();
 }