diff options
author | Bjørn Christian Seime <bjorn.christian@seime.no> | 2018-10-30 15:40:58 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-10-30 15:40:58 +0100 |
commit | ef0b462ee638974706820a422f5fa2692ebb62f4 (patch) | |
tree | 2ae318badd05783eaaa725a3996824da1d0e26ea | |
parent | af146b406da7911a0e035ea3bf184680b31bac9b (diff) | |
parent | 8f1729260599ce39546c5d3835d7a63ed051eeaf (diff) |
Merge pull request #7495 from vespa-engine/bjorncs/security-utils
Bjorncs/security utils
3 files changed, 46 insertions, 17 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/KeyUtils.java b/security-utils/src/main/java/com/yahoo/security/KeyUtils.java index 11fb0f432e4..0d45a62f193 100644 --- a/security-utils/src/main/java/com/yahoo/security/KeyUtils.java +++ b/security-utils/src/main/java/com/yahoo/security/KeyUtils.java @@ -28,6 +28,8 @@ import java.security.PublicKey; import java.security.interfaces.RSAPrivateCrtKey; import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.RSAPublicKeySpec; +import java.util.ArrayList; +import java.util.List; import static com.yahoo.security.KeyAlgorithm.EC; import static com.yahoo.security.KeyAlgorithm.RSA; @@ -79,18 +81,23 @@ public class KeyUtils { public static PrivateKey fromPemEncodedPrivateKey(String pem) { try (PEMParser parser = new PEMParser(new StringReader(pem))) { - Object pemObject = parser.readObject(); - if (pemObject instanceof PrivateKeyInfo) { - PrivateKeyInfo keyInfo = (PrivateKeyInfo) pemObject; - PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyInfo.getEncoded()); - return KeyFactory.getInstance(RSA.getAlgorithmName()).generatePrivate(keySpec); - } else if (pemObject instanceof PEMKeyPair) { - PEMKeyPair pemKeypair = (PEMKeyPair) pemObject; - PrivateKeyInfo keyInfo = pemKeypair.getPrivateKeyInfo(); - JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter().setProvider(BouncyCastleProviderHolder.getInstance()); - return pemConverter.getPrivateKey(keyInfo); + List<Object> unknownObjects = new ArrayList<>(); + Object pemObject; + while ((pemObject = parser.readObject()) != null) { + if (pemObject instanceof PrivateKeyInfo) { + PrivateKeyInfo keyInfo = (PrivateKeyInfo) pemObject; + PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyInfo.getEncoded()); + return KeyFactory.getInstance(RSA.getAlgorithmName()).generatePrivate(keySpec); + } else if (pemObject instanceof PEMKeyPair) { + PEMKeyPair pemKeypair = (PEMKeyPair) pemObject; + PrivateKeyInfo keyInfo = pemKeypair.getPrivateKeyInfo(); + JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter().setProvider(BouncyCastleProviderHolder.getInstance()); + return pemConverter.getPrivateKey(keyInfo); + } else { + unknownObjects.add(pemObject); + } } - throw new IllegalArgumentException("Unexpected type of PEM type: " + pemObject); + throw new IllegalArgumentException("Expected a private key, but found " + unknownObjects.toString()); } catch (IOException e) { throw new UncheckedIOException(e); } catch (GeneralSecurityException e) { diff --git a/security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityOptions.java b/security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityOptions.java index f0d1edd6889..67466179634 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityOptions.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityOptions.java @@ -48,17 +48,28 @@ public class TransportSecurityOptions { public static TransportSecurityOptions fromJsonFile(Path file) { try { - JsonNode root = mapper.readTree(file.toFile()); - JsonNode filesNode = getField(root, "files"); - String privateKeyFile = getField(filesNode, "private-key").asText(); - String certificatesFile = getField(filesNode, "certificates").asText(); - String caCertificatesFile = getField(filesNode, "ca-certificates").asText(); - return new TransportSecurityOptions(privateKeyFile, certificatesFile, caCertificatesFile); + return fromJsonNode(mapper.readTree(file.toFile())); } catch (IOException e) { throw new UncheckedIOException(e); } } + public static TransportSecurityOptions fromJson(String json) { + try { + return fromJsonNode(mapper.readTree(json)); + } catch (IOException e) { + throw new UncheckedIOException(e); + } + } + + private static TransportSecurityOptions fromJsonNode(JsonNode root) { + JsonNode filesNode = getField(root, "files"); + String privateKeyFile = getField(filesNode, "private-key").asText(); + String certificatesFile = getField(filesNode, "certificates").asText(); + String caCertificatesFile = getField(filesNode, "ca-certificates").asText(); + return new TransportSecurityOptions(privateKeyFile, certificatesFile, caCertificatesFile); + } + private static JsonNode getField(JsonNode root, String fieldName) { return Optional.ofNullable(root.get(fieldName)) .orElseThrow(() -> new IllegalArgumentException(String.format("'%s' field missing", fieldName))); diff --git a/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsTest.java b/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsTest.java index f311651cab0..84f71cf8fc2 100644 --- a/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsTest.java +++ b/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsTest.java @@ -3,6 +3,9 @@ package com.yahoo.security.tls; import org.junit.Test; +import java.io.IOException; +import java.nio.charset.StandardCharsets; +import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; @@ -22,4 +25,12 @@ public class TransportSecurityOptionsTest { assertEquals(expectedOptions, actualOptions); } + @Test + public void can_read_options_from_json() throws IOException { + String tlsJson = new String(Files.readAllBytes(TEST_CONFIG_FILE), StandardCharsets.UTF_8); + TransportSecurityOptions expectedOptions = new TransportSecurityOptions("myhost.key", "certs.pem", "my_cas.pem"); + TransportSecurityOptions actualOptions = TransportSecurityOptions.fromJson(tlsJson); + assertEquals(expectedOptions, actualOptions); + } + } |