org.bouncycastle.openssl.jcajce.JcaPKIXIdentityBuilder Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of bcpkix-jdk15to18 Show documentation
Show all versions of bcpkix-jdk15to18 Show documentation
The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.5 to JDK 1.8. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.
package org.bouncycastle.openssl.jcajce;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.pkix.jcajce.JcaPKIXIdentity;
/**
* Builder for a private/public identity object representing a "user"
*/
public class JcaPKIXIdentityBuilder
{
private JcaPEMKeyConverter keyConverter = new JcaPEMKeyConverter();
private JcaX509CertificateConverter certConverter = new JcaX509CertificateConverter();
public JcaPKIXIdentityBuilder()
{
}
public JcaPKIXIdentityBuilder setProvider(Provider provider)
{
this.keyConverter = keyConverter.setProvider(provider);
this.certConverter = certConverter.setProvider(provider);
return this;
}
public JcaPKIXIdentityBuilder setProvider(String providerName)
{
this.keyConverter = keyConverter.setProvider(providerName);
this.certConverter = certConverter.setProvider(providerName);
return this;
}
/**
* Build an identity from the passed in key and certificate file in PEM format.
*
* @param keyFile the PEM file containing the key
* @param certificateFile the PEM file containing the certificate
* @return an identity object.
* @throws IOException on a general parsing error.
* @throws CertificateException on a certificate parsing error.
*/
public JcaPKIXIdentity build(File keyFile, File certificateFile)
throws IOException, CertificateException
{
checkFile(keyFile);
checkFile(certificateFile);
FileInputStream keyStream = new FileInputStream(keyFile);
FileInputStream certificateStream = new FileInputStream(certificateFile);
JcaPKIXIdentity rv = build(keyStream, certificateStream);
keyStream.close();
certificateStream.close();
return rv;
}
/**
* Build an identity from the passed in key and certificate stream in PEM format.
*
* @param keyStream the PEM stream containing the key
* @param certificateStream the PEM stream containing the certificate
* @return an identity object.
* @throws IOException on a general parsing error.
* @throws CertificateException on a certificate parsing error.
*/
public JcaPKIXIdentity build(InputStream keyStream, InputStream certificateStream)
throws IOException, CertificateException
{
PEMParser keyParser = new PEMParser(new InputStreamReader(keyStream));
PrivateKey privKey;
Object keyObj = keyParser.readObject();
if (keyObj instanceof PEMKeyPair)
{
PEMKeyPair kp = (PEMKeyPair)keyObj;
privKey = keyConverter.getPrivateKey(kp.getPrivateKeyInfo());
}
else if (keyObj instanceof PrivateKeyInfo)
{
privKey = keyConverter.getPrivateKey((PrivateKeyInfo)keyObj);
}
else
{
throw new IOException("unrecognised private key file"); // TODO: handle encrypted private keys
}
PEMParser certParser = new PEMParser(new InputStreamReader(certificateStream));
List certs = new ArrayList();
Object certObj;
while ((certObj = certParser.readObject()) != null)
{
certs.add(certConverter.getCertificate((X509CertificateHolder)certObj));
}
return new JcaPKIXIdentity(privKey, (X509Certificate[])certs.toArray(new X509Certificate[certs.size()]));
}
private void checkFile(File file)
throws IOException
{
if (!file.canRead())
{
if (file.exists())
{
throw new IOException("Unable to open file " + file.getPath() + " for reading.");
}
throw new FileNotFoundException("Unable to open " + file.getPath() + ": it does not exist.");
}
}
}