org.bouncycastle.openssl.jcajce.JcaPKIXIdentityBuilder Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of bcpkix-fips Show documentation
Show all versions of bcpkix-fips Show documentation
The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. The APIs are designed primarily to be used in conjunction with the BC FIPS provider. The APIs may also be used with other providers although if being used in a FIPS context it is the responsibility of the user to ensure that any other providers used are FIPS certified.
package org.bouncycastle.openssl.jcajce;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.pkix.jcajce.JcaPKIXIdentity;
/**
* Builder for a private/public identity object representing a "user"
*/
public class JcaPKIXIdentityBuilder
{
private JcaPEMKeyConverter keyConverter = new JcaPEMKeyConverter();
private JcaX509CertificateConverter certConverter = new JcaX509CertificateConverter();
public JcaPKIXIdentityBuilder()
{
}
public JcaPKIXIdentityBuilder setProvider(Provider provider)
{
this.keyConverter = keyConverter.setProvider(provider);
this.certConverter = certConverter.setProvider(provider);
return this;
}
public JcaPKIXIdentityBuilder setProvider(String providerName)
{
this.keyConverter = keyConverter.setProvider(providerName);
this.certConverter = certConverter.setProvider(providerName);
return this;
}
/**
* Build an identity from the passed in key and certificate file in PEM format.
*
* @param keyFile the PEM file containing the key
* @param certificateFile the PEM file containing the certificate
* @return an identity object.
* @throws IOException on a general parsing error.
* @throws CertificateException on a certificate parsing error.
*/
public JcaPKIXIdentity build(File keyFile, File certificateFile)
throws IOException, CertificateException
{
checkFile(keyFile);
checkFile(certificateFile);
FileInputStream keyStream = new FileInputStream(keyFile);
FileInputStream certificateStream = new FileInputStream(certificateFile);
JcaPKIXIdentity rv = build(keyStream, certificateStream);
keyStream.close();
certificateStream.close();
return rv;
}
/**
* Build an identity from the passed in key and certificate stream in PEM format.
*
* @param keyStream the PEM stream containing the key
* @param certificateStream the PEM stream containing the certificate
* @return an identity object.
* @throws IOException on a general parsing error.
* @throws CertificateException on a certificate parsing error.
*/
public JcaPKIXIdentity build(InputStream keyStream, InputStream certificateStream)
throws IOException, CertificateException
{
PEMParser keyParser = new PEMParser(new InputStreamReader(keyStream));
PrivateKey privKey;
Object keyObj = keyParser.readObject();
if (keyObj instanceof PEMKeyPair)
{
PEMKeyPair kp = (PEMKeyPair)keyObj;
privKey = keyConverter.getPrivateKey(kp.getPrivateKeyInfo());
}
else if (keyObj instanceof PrivateKeyInfo)
{
privKey = keyConverter.getPrivateKey((PrivateKeyInfo)keyObj);
}
else
{
throw new IOException("unrecognised private key file"); // TODO: handle encrypted private keys
}
PEMParser certParser = new PEMParser(new InputStreamReader(certificateStream));
List certs = new ArrayList();
Object certObj;
while ((certObj = certParser.readObject()) != null)
{
certs.add(certConverter.getCertificate((X509CertificateHolder)certObj));
}
return new JcaPKIXIdentity(privKey, (X509Certificate[])certs.toArray(new X509Certificate[certs.size()]));
}
private void checkFile(File file)
throws IOException
{
if (file.canRead())
{
if (file.exists())
{
throw new IOException("Unable to open file " + file.getPath() + " for reading.");
}
throw new FileNotFoundException("Unable to open " + file.getPath() + ": it does not exist.");
}
}
}
© 2015 - 2024 Weber Informatics LLC | Privacy Policy