@Override public String encodeCertificateAsPem(Certificate certificate) { return bouncyCastle.encodeCertificateAsPem(certificate); }
@Override public CertificateAndKey createCARootCertificate(CertificateInfo certificateInfo, KeyPair keyPair, String messageDigest) { return bouncyCastle.createCARootCertificate(certificateInfo, keyPair, messageDigest); }
@Override public String encodeCertificateAsPem(Certificate certificate) { return encodeObjectAsPemString(certificate, null); }
X500Name serverCertificateSubject = createX500NameForCertificate(certificateInfo); ContentSigner signer = getCertificateSigner(caPrivateKey, signatureAlgorithm); serverCertificateSubject, serverKeyPair.getPublic()) .addExtension(Extension.subjectAlternativeName, false, getDomainNameSANsAsASN1Encodable(certificateInfo.getSubjectAlternativeNames())) .addExtension(Extension.subjectKeyIdentifier, false, createSubjectKeyIdentifier(serverKeyPair.getPublic())) .addExtension(Extension.basicConstraints, false, new BasicConstraints(false)) .build(signer); X509Certificate serverCertificate = convertToJcaCertificate(certificateHolder);
/** * Saves the generated certificate and private key as a file, using the specified password to protect the key store. * * @param keyStoreType the KeyStore type, such as PKCS12 or JKS * @param file file to export the root certificate and private key to * @param privateKeyAlias alias for the private key in the KeyStore * @param password password for the private key and the KeyStore */ public void saveRootCertificateAndKey(String keyStoreType, File file, String privateKeyAlias, String password) { CertificateAndKey certificateAndKey = generatedCertificateAndKey.get(); KeyStore keyStore = securityProviderTool.createRootCertificateKeyStore(keyStoreType, certificateAndKey, privateKeyAlias, password); securityProviderTool.saveKeyStore(file, keyStore, password); }
private CertificateAndKey loadCertificateAndKeyFiles() { if (certificateFile == null) { throw new IllegalArgumentException("PEM root certificate file cannot be null"); } if (privateKeyFile == null) { throw new IllegalArgumentException("PEM private key file cannot be null"); } if (privateKeyPassword == null) { log.warn("Attempting to load private key from file without password. Private keys should be password-protected."); } String pemEncodedCertificate = EncryptionUtil.readPemStringFromFile(certificateFile); X509Certificate certificate = securityProviderTool.decodePemEncodedCertificate(new StringReader(pemEncodedCertificate)); String pemEncodedPrivateKey = EncryptionUtil.readPemStringFromFile(privateKeyFile); PrivateKey privateKey = securityProviderTool.decodePemEncodedPrivateKey(new StringReader(pemEncodedPrivateKey), privateKeyPassword); return new CertificateAndKey(certificate, privateKey); } }
@Override public String encodePrivateKeyAsPem(PrivateKey privateKey, String passwordForPrivateKey, String encryptionAlgorithm) { return bouncyCastle.encodePrivateKeyAsPem(privateKey, passwordForPrivateKey, encryptionAlgorithm); }
@Override public CertificateAndKey createServerCertificate(CertificateInfo certificateInfo, X509Certificate caRootCertificate, PrivateKey caPrivateKey, KeyPair serverKeyPair, String messageDigest) { return bouncyCastle.createServerCertificate(certificateInfo, caRootCertificate, caPrivateKey, serverKeyPair, messageDigest); }
@Override public PrivateKey decodePemEncodedPrivateKey(Reader privateKeyReader, String password) { return bouncyCastle.decodePemEncodedPrivateKey(privateKeyReader, password); }
/** * Parses a single PEM-encoded X509 certificate into an {@link X509Certificate}. * * @param x509CertificateAsPem PEM-encoded X509 certificate * @return parsed Java X509Certificate */ public static X509Certificate readSingleX509Certificate(String x509CertificateAsPem) { return securityProviderTool.decodePemEncodedCertificate(new StringReader(x509CertificateAsPem)); }
keyStore = securityProviderTool.loadKeyStore(keyStoreFile, keyStoreType, keyStorePassword); } else { Files.copy(keystoreAsStream, tempKeyStoreFile, StandardCopyOption.REPLACE_EXISTING); keyStore = securityProviderTool.loadKeyStore(tempKeyStoreFile.toFile(), keyStoreType, keyStorePassword); } catch (IOException e) { throw new CertificateSourceException("Unable to open KeyStore classpath resource: " + keyStoreClasspathResource, e);
X500Name issuer = createX500NameForCertificate(certificateInfo); ContentSigner selfSigner = getCertificateSigner(keyPair.getPrivate(), signatureAlgorithm); issuer, rootCertificatePublicKey) .addExtension(Extension.subjectKeyIdentifier, false, createSubjectKeyIdentifier(rootCertificatePublicKey)) .addExtension(Extension.basicConstraints, true, new BasicConstraints(true)) .addExtension(Extension.keyUsage, false, new KeyUsage( X509Certificate cert = convertToJcaCertificate(certificateHolder);
/** * Returns the generated private key as a PEM-encoded String, encrypted using the specified password and the * {@link #DEFAULT_PEM_ENCRYPTION_ALGORITHM}. * * @param privateKeyPassword password to use to encrypt the private key */ public String encodePrivateKeyAsPem(String privateKeyPassword) { return securityProviderTool.encodePrivateKeyAsPem(generatedCertificateAndKey.get().getPrivateKey(), privateKeyPassword, DEFAULT_PEM_ENCRYPTION_ALGORITHM); }
/** * Returns the generated root certificate as a PEM-encoded String. */ public String encodeRootCertificateAsPem() { return securityProviderTool.encodeCertificateAsPem(generatedCertificateAndKey.get().getCertificate()); }
/** * Generates a new CA root certificate and private key. * * @return new root certificate and private key */ private CertificateAndKey generateRootCertificate() { long generationStart = System.currentTimeMillis(); // create the public and private key pair that will be used to sign the generated certificate KeyPair caKeyPair = keyGenerator.generate(); // delegate the creation and signing of the X.509 certificate to the certificate tool CertificateAndKey certificateAndKey = securityProviderTool.createCARootCertificate( rootCertificateInfo, caKeyPair, messageDigest); long generationFinished = System.currentTimeMillis(); log.info("Generated CA root certificate and private key in {}ms. Key generator: {}. Signature algorithm: {}.", generationFinished - generationStart, keyGenerator, messageDigest); return certificateAndKey; }
@Override public String encodePrivateKeyAsPem(PrivateKey privateKey, String passwordForPrivateKey, String encryptionAlgorithm) { if (passwordForPrivateKey == null) { throw new IllegalArgumentException("You must specify a password when serializing a private key"); } PEMEncryptor encryptor = new JcePEMEncryptorBuilder(encryptionAlgorithm) .build(passwordForPrivateKey.toCharArray()); return encodeObjectAsPemString(privateKey, encryptor); }
CertificateAndKey impersonatedCertificateAndKey = securityProviderTool.createServerCertificate( certificateInfo, caRootCertificate,
/** * Saves the private key as PEM-encoded data to a file, using the specified password to encrypt the private key and * the {@link #DEFAULT_PEM_ENCRYPTION_ALGORITHM}. If the password is null, the private key will be stored unencrypted. * In general, private keys should not be stored unencrypted. * * @param file file to save the private key to * @param passwordForPrivateKey password to protect the private key */ public void savePrivateKeyAsPemFile(File file, String passwordForPrivateKey) { String pemEncodedPrivateKey = securityProviderTool.encodePrivateKeyAsPem(generatedCertificateAndKey.get().getPrivateKey(), passwordForPrivateKey, DEFAULT_PEM_ENCRYPTION_ALGORITHM); EncryptionUtil.writePemStringToFile(file, pemEncodedPrivateKey); }
/** * Saves the root certificate as PEM-encoded data to the specified file. */ public void saveRootCertificateAsPemFile(File file) { String pemEncodedCertificate = securityProviderTool.encodeCertificateAsPem(generatedCertificateAndKey.get().getCertificate()); EncryptionUtil.writePemStringToFile(file, pemEncodedCertificate); }
@Override public String encodePrivateKeyAsPem(PrivateKey privateKey, String passwordForPrivateKey, String encryptionAlgorithm) { return bouncyCastle.encodePrivateKeyAsPem(privateKey, passwordForPrivateKey, encryptionAlgorithm); }