2 * Copyright (c) 2023 PANTHEON.tech, s.r.o. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 package org.opendaylight.netconf.keystore.legacy;
10 import java.io.ByteArrayInputStream;
11 import java.nio.charset.StandardCharsets;
12 import java.security.GeneralSecurityException;
13 import java.security.KeyFactory;
14 import java.security.PrivateKey;
15 import java.security.cert.CertificateFactory;
16 import java.security.cert.X509Certificate;
17 import java.security.spec.InvalidKeySpecException;
18 import java.security.spec.PKCS8EncodedKeySpec;
19 import java.util.Base64;
20 import org.eclipse.jdt.annotation.NonNull;
22 public final class SecurityHelper {
23 private CertificateFactory certFactory;
24 private KeyFactory dsaFactory;
25 private KeyFactory rsaFactory;
27 public @NonNull PrivateKey getJavaPrivateKey(final String base64PrivateKey) throws GeneralSecurityException {
28 final var keySpec = new PKCS8EncodedKeySpec(base64Decode(base64PrivateKey));
30 if (rsaFactory == null) {
31 rsaFactory = KeyFactory.getInstance("RSA");
34 return rsaFactory.generatePrivate(keySpec);
35 } catch (InvalidKeySpecException ignore) {
39 if (dsaFactory == null) {
40 dsaFactory = KeyFactory.getInstance("DSA");
42 return dsaFactory.generatePrivate(keySpec);
45 public @NonNull X509Certificate getCertificate(final String base64Certificate) throws GeneralSecurityException {
46 // TODO: https://stackoverflow.com/questions/43809909/is-certificatefactory-getinstancex-509-thread-safe
47 // indicates this is thread-safe in most cases, but can we get a better assurance?
48 if (certFactory == null) {
49 certFactory = CertificateFactory.getInstance("X.509");
51 return (X509Certificate) certFactory.generateCertificate(
52 new ByteArrayInputStream(base64Decode(base64Certificate)));
55 private static byte[] base64Decode(final String base64) {
56 return Base64.getMimeDecoder().decode(base64.getBytes(StandardCharsets.US_ASCII));