crypto-formats.com.unbound.common.crypto.PEM Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of unbound-java-provider Show documentation
Show all versions of unbound-java-provider Show documentation
This is a collection of JAVA libraries that implement Unbound cryptographic classes for JAVA provider, PKCS11 wrapper, cryptoki, and advapi
package com.unbound.common.crypto;
import com.unbound.common.Base64;
import com.unbound.common.STR;
import java.io.ByteArrayInputStream;
import java.security.interfaces.*;
import java.util.Scanner;
public class PEM
{
private Scanner reader;
private StringBuilder writer;
public static final int X509_CERTIFICATE = 1;
public static final int PUBLIC_KEY = 2;
public static final int RSA_PRIVATE_KEY = 3;
public static final int RSA_PUBLIC_KEY = 4;
public static final int PKCS8_ENCRYPTED_PRIVATE_KEY = 5;
public static final int PKCS8_PRIVATE_KEY = 6;
public static final int EC_PRIVATE_KEY = 7;
public static final int PKCS10_CERTIFICATE_REQUEST = 8;
private static final String PEM_STRING_X509_OLD = "X509 CERTIFICATE";
private static final String PEM_STRING_X509 = "CERTIFICATE";
private static final String PEM_STRING_X509_TRUSTED = "TRUSTED CERTIFICATE";
private static final String PEM_STRING_PUBLIC = "PUBLIC KEY";
private static final String PEM_STRING_RSA_PRIVATE_KEY = "RSA PRIVATE KEY";
private static final String PEM_STRING_RSA_PUBLIC_KEY = "RSA PUBLIC KEY";
private static final String PEM_STRING_ENCRYPTED_PRIVATE_KEY = "ENCRYPTED PRIVATE KEY";
private static final String PEM_STRING_PRIVATE_KEY = "PRIVATE KEY";
private static final String PEM_STRING_EC_PRIVATE_KEY = "EC PRIVATE KEY";
private static final String PEM_STRING_X509_REQ = "CERTIFICATE REQUEST";
private static String headerString(int code)
{
switch (code)
{
case X509_CERTIFICATE: return PEM_STRING_X509;
case PUBLIC_KEY: return PEM_STRING_PUBLIC;
case RSA_PRIVATE_KEY: return PEM_STRING_RSA_PRIVATE_KEY;
case RSA_PUBLIC_KEY: return PEM_STRING_RSA_PUBLIC_KEY;
case PKCS8_ENCRYPTED_PRIVATE_KEY: return PEM_STRING_ENCRYPTED_PRIVATE_KEY;
case PKCS8_PRIVATE_KEY: return PEM_STRING_PRIVATE_KEY;
case EC_PRIVATE_KEY: return PEM_STRING_EC_PRIVATE_KEY;
case PKCS10_CERTIFICATE_REQUEST: return PEM_STRING_X509_REQ;
}
return null;
}
private int headerCode(String header)
{
if (header.equals(PEM_STRING_X509_OLD) || header.equals(PEM_STRING_X509) || header.equals(PEM_STRING_X509_TRUSTED)) return X509_CERTIFICATE;
if (header.equals(PEM_STRING_PUBLIC)) return PUBLIC_KEY;
if (header.equals(PEM_STRING_RSA_PRIVATE_KEY)) return RSA_PRIVATE_KEY;
if (header.equals(PEM_STRING_RSA_PUBLIC_KEY)) return RSA_PUBLIC_KEY;
if (header.equals(PEM_STRING_ENCRYPTED_PRIVATE_KEY)) return PKCS8_ENCRYPTED_PRIVATE_KEY;
if (header.equals(PEM_STRING_PRIVATE_KEY)) return PKCS8_PRIVATE_KEY;
if (header.equals(PEM_STRING_EC_PRIVATE_KEY)) return EC_PRIVATE_KEY;
if (header.equals(PEM_STRING_X509_REQ)) return PKCS10_CERTIFICATE_REQUEST;
throw new IllegalArgumentException("PEM header parser error");
}
public PEM(byte[] in)
{
String s = STR.utf8(in);
reader = new Scanner(new ByteArrayInputStream(in));
}
public PEM()
{
writer = new StringBuilder();
}
public PEM append(int code, byte[] in)
{
String header = headerString(code);
writer.append("-----BEGIN "); writer.append(header); writer.append("-----\n");
writer.append(Base64.encode(in, true));
writer.append("-----END "); writer.append(header); writer.append("-----\n");
return this;
}
public static byte[] create(int code, byte[] in)
{
return new PEM().append(code, in).end();
}
byte[] end()
{
return STR.utf8(writer.toString());
}
public byte[] getNext()
{
StringBuilder sb = new StringBuilder();
for (;;)
{
String s = reader.nextLine().trim();
if (s.startsWith("-----END ") && s.endsWith("-----")) break;
sb.append(s);
}
return Base64.decode(sb.toString());
}
public int getNextHeader()
{
String header = "";
while (header.isEmpty()) header = reader.nextLine().trim();
if (header.startsWith("-----BEGIN ") && header.endsWith("-----"))
{
header = header.substring(11, header.length()-5);
return headerCode(header);
}
throw new IllegalArgumentException("PEM header parser error");
}
public static byte[] get(int code, byte[] in)
{
PEM pem = new PEM(in);
if (code!=pem.getNextHeader()) throw new IllegalArgumentException("PEM header parser error");
return pem.getNext();
}
public static ECPrivateKey importECPrivateKey(byte[] pem)
{
try
{
byte[] der = PEM.get(PEM.EC_PRIVATE_KEY, pem);
return PKCS1.importECPrivateKey(der);
}
catch (Exception e)
{
byte[] der = PEM.get(PEM.PKCS8_PRIVATE_KEY, pem);
return PKCS8.importECPrivateKey(der);
}
}
public static ECPublicKey importECPublicKey(byte[] pem)
{
byte[] der = PEM.get(PEM.PUBLIC_KEY, pem);
return X509.importECPublicKey(der);
}
public static byte[] exportECPublicKey(ECPublicKey ec)
{
byte[] der = X509.exportECPublicKey(ec);
return PEM.create(PEM.PUBLIC_KEY, der);
}
public static byte[] exportECPrivateKey(ECPrivateKey ec)
{
byte[] der = PKCS8.exportECPrivateKey(ec);
return PEM.create(PEM.PKCS8_PRIVATE_KEY, der);
}
public static byte[] exportRSAPrivateKey_PKCS1(RSAPrivateCrtKey rsa)
{
byte[] der = PKCS1.exportRSAPrivateKey(rsa);
return PEM.create(PEM.RSA_PRIVATE_KEY, der);
}
public static byte[] exportRSAPrivateKey_PKCS8(RSAPrivateKey rsa)
{
byte[] der = PKCS8.exportRSAPrivateKey(rsa);
return PEM.create(PEM.PKCS8_PRIVATE_KEY, der);
}
public static byte[] exportRSAPublicKey_PKCS1(RSAPublicKey rsa)
{
byte[] der = PKCS1.exportRSAPublicKey(rsa);
return PEM.create(PEM.RSA_PUBLIC_KEY, der);
}
public static byte[] exportRSAPublicKey_X509(RSAPublicKey rsa)
{
byte[] der = X509.exportRSAPublicKey(rsa);
return PEM.create(PEM.PUBLIC_KEY, der);
}
public static RSAPublicKey importRSAPublicKey(byte[] pem)
{
try
{
byte[] der = PEM.get(PEM.RSA_PUBLIC_KEY, pem);
return PKCS1.importRSAPublicKey(der);
}
catch (Exception e)
{
byte[] der = PEM.get(PEM.PUBLIC_KEY, pem);
return X509.importRSAPublicKey(der);
}
}
public static RSAPrivateKey importRSAPrivateKey(byte[] pem)
{
try
{
byte[] der = PEM.get(PEM.RSA_PRIVATE_KEY, pem);
return PKCS1.importRSAPrivateKey(der);
}
catch (Exception e)
{
byte[] der = PEM.get(PEM.PKCS8_PRIVATE_KEY, pem);
return PKCS8.importRSAPrivateKey(der);
}
}
}