All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.github.dockerjava.core.util.CertificateUtils Maven / Gradle / Ivy

package com.github.dockerjava.core.util;

import java.io.BufferedReader;
import java.io.File;
import java.io.FileReader;
import java.io.IOException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.List;

import org.apache.commons.io.IOUtils;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;

public class CertificateUtils {
    private CertificateUtils() {
        // utility class
    }

    public static boolean verifyCertificatesExist(String dockerCertPath) {
        String[] files = {"ca.pem", "cert.pem", "key.pem"};
        boolean result = true;
        for (String file : files) {
            File path = new File(dockerCertPath, file);
            result &= path.exists();
        }

        return result;
    }

    public static KeyStore createKeyStore(final String dockerCertPath) throws NoSuchAlgorithmException,
            InvalidKeySpecException, IOException, CertificateException, KeyStoreException {
        KeyPair keyPair = loadPrivateKey(dockerCertPath);
        List privateCertificates = loadCertificates(dockerCertPath);

        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null);

        keyStore.setKeyEntry("docker", keyPair.getPrivate(), "docker".toCharArray(),
                privateCertificates.toArray(new Certificate[privateCertificates.size()]));
        return keyStore;
    }

    public static KeyStore createTrustStore(final String dockerCertPath) throws IOException, CertificateException,
            KeyStoreException, NoSuchAlgorithmException {
        File caPath = new File(dockerCertPath, "ca.pem");
        BufferedReader reader = new BufferedReader(new FileReader(caPath));
        PEMParser pemParser = null;

        try {
            pemParser = new PEMParser(reader);
            X509CertificateHolder certificateHolder = (X509CertificateHolder) pemParser.readObject();
            Certificate caCertificate = new JcaX509CertificateConverter().setProvider("BC").getCertificate(
                    certificateHolder);

            KeyStore trustStore = KeyStore.getInstance("JKS");
            trustStore.load(null);
            trustStore.setCertificateEntry("ca", caCertificate);
            return trustStore;

        } finally {
            if (pemParser != null) {
                IOUtils.closeQuietly(pemParser);
            }

            if (reader != null) {
                IOUtils.closeQuietly(reader);
            }
        }

    }

    private static List loadCertificates(final String dockerCertPath) throws IOException,
            CertificateException {
        File certificate = new File(dockerCertPath, "cert.pem");
        BufferedReader reader = new BufferedReader(new FileReader(certificate));
        PEMParser pemParser = null;

        try {
            List certificates = new ArrayList<>();
            pemParser = new PEMParser(reader);
            JcaX509CertificateConverter certificateConverter = new JcaX509CertificateConverter().setProvider("BC");
            Object certObj = pemParser.readObject();

            while (certObj != null) {
                X509CertificateHolder certificateHolder = (X509CertificateHolder) certObj;
                certificates.add(certificateConverter.getCertificate(certificateHolder));

                certObj = pemParser.readObject();
            }

            return certificates;
        } finally {
            if (pemParser != null) {
                IOUtils.closeQuietly(pemParser);
            }

            if (reader != null) {
                IOUtils.closeQuietly(reader);
            }
        }

    }

    private static KeyPair loadPrivateKey(final String dockerCertPath) throws IOException, NoSuchAlgorithmException,
            InvalidKeySpecException {
        File certificate = new File(dockerCertPath, "key.pem");
        BufferedReader reader = new BufferedReader(new FileReader(certificate));

        PEMParser pemParser = null;

        try {
            pemParser = new PEMParser(reader);

            PEMKeyPair pemKeyPair = (PEMKeyPair) pemParser.readObject();

            byte[] pemPrivateKeyEncoded = pemKeyPair.getPrivateKeyInfo().getEncoded();
            byte[] pemPublicKeyEncoded = pemKeyPair.getPublicKeyInfo().getEncoded();

            KeyFactory factory = KeyFactory.getInstance("RSA");

            X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(pemPublicKeyEncoded);
            PublicKey publicKey = factory.generatePublic(publicKeySpec);

            PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec(pemPrivateKeyEncoded);
            PrivateKey privateKey = factory.generatePrivate(privateKeySpec);

            return new KeyPair(publicKey, privateKey);

        } finally {
            if (pemParser != null) {
                IOUtils.closeQuietly(pemParser);
            }

            if (reader != null) {
                IOUtils.closeQuietly(reader);
            }
        }

    }

}




© 2015 - 2025 Weber Informatics LLC | Privacy Policy