Handle X509CertificateHolder instances when parsing certificate PEM

author: Bjørn Christian Seime <bjorncs@oath.com> 2017-11-07 17:48:19 +0100
committer: Bjørn Christian Seime <bjorncs@oath.com> 2017-11-07 17:48:19 +0100
commit: 4694f5b06a9ee0fa2be6aac06d33e782a7785b46 (patch)
tree: 09170e4ec4704049f0e80c7b71482d2abe0a0fec /container-disc/src
parent: 10785b22ba9d85fd8dddfbe1b337c3a84191cab5 (diff)
1 files changed, 16 insertions, 3 deletions
diff --git a/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/CryptoUtils.java b/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/CryptoUtils.java
index 6ff7857df4a..388b40a1fe0 100644
--- a/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/CryptoUtils.java
+++ b/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/CryptoUtils.java
@@ -6,6 +6,9 @@ import org.bouncycastle.asn1.x509.Extension;
 import org.bouncycastle.asn1.x509.ExtensionsGenerator;
 import org.bouncycastle.asn1.x509.GeneralName;
 import org.bouncycastle.asn1.x509.GeneralNames;
+import org.bouncycastle.cert.X509CertificateHolder;
+import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.openssl.PEMParser;
 import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
 import org.bouncycastle.operator.OperatorCreationException;
@@ -23,6 +26,7 @@ import java.io.UncheckedIOException;
 import java.security.KeyPair;
 import java.security.KeyPairGenerator;
 import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
 
 /**
@@ -30,6 +34,8 @@ import java.security.cert.X509Certificate;
  */
 class CryptoUtils {
 
+    private static final BouncyCastleProvider bouncyCastleProvider = new BouncyCastleProvider();
+
     private CryptoUtils() {}
 
     static KeyPair createKeyPair() {
@@ -89,12 +95,19 @@ class CryptoUtils {
     static X509Certificate parseCertificate(String pemEncodedCertificate) {
         try (PEMParser parser = new PEMParser(new StringReader(pemEncodedCertificate))) {
             Object pemObject = parser.readObject();
-            if (!(pemObject instanceof X509Certificate)) {
-                throw new IllegalArgumentException("Expeceted X509Certificate instance, got " + pemObject);
+            if (pemObject instanceof X509Certificate) {
+                return (X509Certificate) pemObject;
+            }
+            if (pemObject instanceof X509CertificateHolder) {
+                return new JcaX509CertificateConverter()
+                        .setProvider(bouncyCastleProvider)
+                        .getCertificate((X509CertificateHolder) pemObject);
             }
-            return (X509Certificate) pemObject;
+            throw new IllegalArgumentException("Invalid type of PEM object: " + pemObject);
         } catch (IOException e) {
             throw new UncheckedIOException(e);
+        } catch (CertificateException e) {
+            throw new RuntimeException(e);
         }
     }
 }
author	Bjørn Christian Seime <bjorncs@oath.com>	2017-11-07 17:48:19 +0100
committer	Bjørn Christian Seime <bjorncs@oath.com>	2017-11-07 17:48:19 +0100
commit	4694f5b06a9ee0fa2be6aac06d33e782a7785b46 (patch)
tree	09170e4ec4704049f0e80c7b71482d2abe0a0fec /container-disc/src
parent	10785b22ba9d85fd8dddfbe1b337c3a84191cab5 (diff)