-
Notifications
You must be signed in to change notification settings - Fork 6
/
pem.clj
56 lines (52 loc) · 2.31 KB
/
pem.clj
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
(ns axel-f.buddy.pem
"PEM reading implementation."
(:require [clojure.java.io :as io])
(:import org.bouncycastle.openssl.PEMParser
org.bouncycastle.openssl.PEMEncryptedKeyPair
org.bouncycastle.openssl.PEMKeyPair
org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder
org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter
org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder
org.bouncycastle.asn1.pkcs.PrivateKeyInfo
org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo
org.bouncycastle.cert.X509CertificateHolder
java.security.Security))
(when (nil? (Security/getProvider "BC"))
(Security/addProvider (org.bouncycastle.jce.provider.BouncyCastleProvider.)))
(defn- decryptor
[builder passphrase]
(when (nil? passphrase)
(throw (ex-info "Passphrase is mandatory with encrypted keys." {})))
(.build builder (.toCharArray passphrase)))
(defn read-privkey
[path-or-reader ^String passphrase]
(with-open [reader (io/reader path-or-reader)]
(let [parser (PEMParser. reader)
obj (.readObject parser)
converter (doto (JcaPEMKeyConverter.)
(.setProvider "BC"))]
(cond
(instance? PEMEncryptedKeyPair obj)
(->> (.decryptKeyPair obj (decryptor (JcePEMDecryptorProviderBuilder.) passphrase))
(.getKeyPair converter)
(.getPrivate))
(instance? PEMKeyPair obj)
(->> (.getKeyPair converter obj)
(.getPrivate))
(instance? PKCS8EncryptedPrivateKeyInfo obj)
(->> (.decryptPrivateKeyInfo obj (decryptor (JceOpenSSLPKCS8DecryptorProviderBuilder.) passphrase))
(.getPrivateKey converter))
(instance? PrivateKeyInfo obj)
(.getPrivateKey converter obj)
:else
(throw (ex-info "Unknown PEM object type" {:kind (class obj)}))))))
(defn read-pubkey
[path-or-reader]
(with-open [reader (io/reader path-or-reader)]
(let [parser (PEMParser. reader)
keyinfo (.readObject parser)
converter (doto (JcaPEMKeyConverter.)
(.setProvider "BC"))]
(if (instance? X509CertificateHolder keyinfo)
(.getPublicKey converter (.getSubjectPublicKeyInfo keyinfo))
(.getPublicKey converter keyinfo)))))