Commit 465a0df3 authored by Dele Olajide's avatar Dele Olajide Committed by dele

OF-749: Replacing deprecated PEMReader with PEMParser

git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@13970 b35dd754-fafc-0310-a699-88a17e54d16e
parent 1a6ace0f
...@@ -71,8 +71,13 @@ import org.bouncycastle.asn1.x509.X509Extensions; ...@@ -71,8 +71,13 @@ import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.asn1.x509.X509Name; import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.jce.PKCS10CertificationRequest; import org.bouncycastle.jce.PKCS10CertificationRequest;
import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMReader; import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.PEMDecryptorProvider;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PasswordFinder; import org.bouncycastle.openssl.PasswordFinder;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.bouncycastle.x509.X509V3CertificateGenerator; import org.bouncycastle.x509.X509V3CertificateGenerator;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
...@@ -576,6 +581,7 @@ public class CertificateManager { ...@@ -576,6 +581,7 @@ public class CertificateManager {
Log.warn("Certificate already exists for alias: " + alias); Log.warn("Certificate already exists for alias: " + alias);
return false; return false;
} }
/*
// Retrieve the private key of the stored certificate // Retrieve the private key of the stored certificate
PasswordFinder passwordFinder = new PasswordFinder() { PasswordFinder passwordFinder = new PasswordFinder() {
public char[] getPassword() { public char[] getPassword() {
...@@ -585,6 +591,24 @@ public class CertificateManager { ...@@ -585,6 +591,24 @@ public class CertificateManager {
PEMReader pemReader = new PEMReader(new InputStreamReader(pkInputStream), passwordFinder); PEMReader pemReader = new PEMReader(new InputStreamReader(pkInputStream), passwordFinder);
KeyPair kp = (KeyPair) pemReader.readObject(); KeyPair kp = (KeyPair) pemReader.readObject();
PrivateKey privKey = kp.getPrivate(); PrivateKey privKey = kp.getPrivate();
*/
PEMParser pemParser = new PEMParser(new InputStreamReader(pkInputStream));
Object object = pemParser.readObject();
PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(passPhrase.toCharArray());
JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
KeyPair kp;
if (object instanceof PEMEncryptedKeyPair) {
Log.debug("Encrypted key - we will use provided password");
kp = converter.getKeyPair(((PEMEncryptedKeyPair) object).decryptKeyPair(decProv));
} else {
Log.debug("Unencrypted key - no password needed");
kp = converter.getKeyPair((PEMKeyPair) object);
}
PrivateKey privKey = kp.getPrivate();
// Load certificates found in the PEM input stream // Load certificates found in the PEM input stream
List<X509Certificate> certs = new ArrayList<X509Certificate>(); List<X509Certificate> certs = new ArrayList<X509Certificate>();
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment