OF-749: Replacing deprecated PEMReader with PEMParser

git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@13970 b35dd754-fafc-0310-a699-88a17e54d16e

OF-749: Replacing deprecated PEMReader with PEMParser
git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@13970 b35dd754-fafc-0310-a699-88a17e54d16e
465a0df3 · Dele Olajide · dele · 1a6ace0f · 465a0df3
Commit 465a0df3 authored Feb 20, 2014 by Dele Olajide Committed by dele Feb 20, 2014
Hide whitespace changes
Inline Side-by-side

Showing with 25 additions and 1 deletion

CertificateManager.java src/java/org/jivesoftware/util/CertificateManager.java +25 -1

No files found.
--- a/src/java/org/jivesoftware/util/CertificateManager.java
+++ b/src/java/org/jivesoftware/util/CertificateManager.java
@@ -71,8 +71,13 @@ import org.bouncycastle.asn1.x509.X509Extensions;
 import org.bouncycastle.asn1.x509.X509Name;
 import org.bouncycastle.jce.PKCS10CertificationRequest;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.openssl.PEMReader;
+import org.bouncycastle.openssl.PEMParser;
+import org.bouncycastle.openssl.PEMDecryptorProvider;
+import org.bouncycastle.openssl.PEMEncryptedKeyPair;
 import org.bouncycastle.openssl.PasswordFinder;
+import org.bouncycastle.openssl.PEMKeyPair;
+import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
+import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
 import org.bouncycastle.x509.X509V3CertificateGenerator;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -576,6 +581,7 @@ public class CertificateManager {
            Log.warn("Certificate already exists for alias: " + alias);
            return false;
        }
+/*
        // Retrieve the private key of the stored certificate
        PasswordFinder passwordFinder = new PasswordFinder() {
            public char[] getPassword() {
@@ -585,6 +591,24 @@ public class CertificateManager {
        PEMReader pemReader = new PEMReader(new InputStreamReader(pkInputStream), passwordFinder);
        KeyPair kp = (KeyPair) pemReader.readObject();
        PrivateKey privKey = kp.getPrivate();
+*/
+
+        PEMParser pemParser = new PEMParser(new InputStreamReader(pkInputStream));
+		Object object = pemParser.readObject();
+		PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(passPhrase.toCharArray());
+		JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
+
+		KeyPair kp;
+
+		if (object instanceof PEMEncryptedKeyPair) {
+			Log.debug("Encrypted key - we will use provided password");
+			kp = converter.getKeyPair(((PEMEncryptedKeyPair) object).decryptKeyPair(decProv));
+		} else {
+			Log.debug("Unencrypted key - no password needed");
+			kp = converter.getKeyPair((PEMKeyPair) object);
+		}
+
+        PrivateKey privKey = kp.getPrivate();

        // Load certificates found in the PEM input stream
        List<X509Certificate> certs = new ArrayList<X509Certificate>();