diff options
| author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-09-11 16:23:40 +0200 |
|---|---|---|
| committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-09-11 17:59:47 +0200 |
| commit | 95d98ba5a4eacc6b5eedaae1ad5a7817b999aace (patch) | |
| tree | eb7564f44137985e4e57dd25166583186a824ea3 | |
| parent | 51746e4d5c94d1cc84e9b865d64fc41321bb3bf4 (diff) | |
Support PEM serialization of EC private keys
| -rw-r--r-- | vespajlib/src/main/java/com/yahoo/security/KeyUtils.java | 14 | ||||
| -rw-r--r-- | vespajlib/src/test/java/com/yahoo/security/KeyUtilsTest.java | 12 |
2 files changed, 22 insertions, 4 deletions
diff --git a/vespajlib/src/main/java/com/yahoo/security/KeyUtils.java b/vespajlib/src/main/java/com/yahoo/security/KeyUtils.java index 1c3157d639f..11fb0f432e4 100644 --- a/vespajlib/src/main/java/com/yahoo/security/KeyUtils.java +++ b/vespajlib/src/main/java/com/yahoo/security/KeyUtils.java @@ -35,7 +35,6 @@ import static com.yahoo.security.KeyAlgorithm.RSA; /** * @author bjorncs */ -// TODO Support serialization of EC private keys public class KeyUtils { private KeyUtils() {} @@ -88,7 +87,7 @@ public class KeyUtils { } else if (pemObject instanceof PEMKeyPair) { PEMKeyPair pemKeypair = (PEMKeyPair) pemObject; PrivateKeyInfo keyInfo = pemKeypair.getPrivateKeyInfo(); - JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter(); + JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter().setProvider(BouncyCastleProviderHolder.getInstance()); return pemConverter.getPrivateKey(keyInfo); } throw new IllegalArgumentException("Unexpected type of PEM type: " + pemObject); @@ -101,8 +100,17 @@ public class KeyUtils { public static String toPem(PrivateKey privateKey) { try (StringWriter stringWriter = new StringWriter(); JcaPEMWriter pemWriter = new JcaPEMWriter(stringWriter)) { + String algorithm = privateKey.getAlgorithm(); // Note: Encoding using PKCS#1 as this is to be read by tools only supporting PKCS#1 - pemWriter.writeObject(new PemObject("RSA PRIVATE KEY", getPkcs1Bytes(privateKey))); + String type; + if (algorithm.equals(RSA.getAlgorithmName())) { + type = "RSA PRIVATE KEY"; + } else if (algorithm.equals(EC.getAlgorithmName())) { + type = "EC PRIVATE KEY"; + } else { + throw new IllegalArgumentException("Unexpected key algorithm: " + algorithm); + } + pemWriter.writeObject(new PemObject(type, getPkcs1Bytes(privateKey))); pemWriter.flush(); return stringWriter.toString(); } catch (IOException e) { diff --git a/vespajlib/src/test/java/com/yahoo/security/KeyUtilsTest.java b/vespajlib/src/test/java/com/yahoo/security/KeyUtilsTest.java index 825f4446d94..5e786654d7c 100644 --- a/vespajlib/src/test/java/com/yahoo/security/KeyUtilsTest.java +++ b/vespajlib/src/test/java/com/yahoo/security/KeyUtilsTest.java @@ -32,7 +32,7 @@ public class KeyUtilsTest { } @Test - public void can_serialize_deserialize_pem() { + public void can_serialize_and_deserialize_rsa_privatekey_using_pem_format() { KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.RSA); String pem = KeyUtils.toPem(keyPair.getPrivate()); assertThat(pem, containsString("BEGIN RSA PRIVATE KEY")); @@ -41,4 +41,14 @@ public class KeyUtilsTest { assertEquals(keyPair.getPrivate(), deserializedKey); } + @Test + public void can_serialize_and_deserialize_ec_privatekey_using_pem_format() { + KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.EC); + String pem = KeyUtils.toPem(keyPair.getPrivate()); + assertThat(pem, containsString("BEGIN EC PRIVATE KEY")); + assertThat(pem, containsString("END EC PRIVATE KEY")); + PrivateKey deserializedKey = KeyUtils.fromPemEncodedPrivateKey(pem); + assertEquals(keyPair.getPrivate(), deserializedKey); + } + }
\ No newline at end of file |